FAILED: patch "[PATCH] NFS: Fix a race when updating an existing write" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 76d2e3890fb169168c73f2e4f8375c7cc24a765e
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082225-cling-drainer-d884@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 76d2e3890fb169168c73f2e4f8375c7cc24a765e Mon Sep 17 00:00:00 2001
From: Trond Myklebust <trond.myklebust(a)hammerspace.com>
Date: Sat, 16 Aug 2025 07:25:20 -0700
Subject: [PATCH] NFS: Fix a race when updating an existing write
After nfs_lock_and_join_requests() tests for whether the request is
still attached to the mapping, nothing prevents a call to
nfs_inode_remove_request() from succeeding until we actually lock the
page group.
The reason is that whoever called nfs_inode_remove_request() doesn't
necessarily have a lock on the page group head.
So in order to avoid races, let's take the page group lock earlier in
nfs_lock_and_join_requests(), and hold it across the removal of the
request in nfs_inode_remove_request().
Reported-by: Jeff Layton <jlayton(a)kernel.org>
Tested-by: Joe Quanaim <jdq(a)meta.com>
Tested-by: Andrew Steffen <aksteffen(a)meta.com>
Reviewed-by: Jeff Layton <jlayton(a)kernel.org>
Fixes: bd37d6fce184 ("NFSv4: Convert nfs_lock_and_join_requests() to use nfs_page_find_head_request()")
Cc: stable(a)vger.kernel.org
Signed-off-by: Trond Myklebust <trond.myklebust(a)hammerspace.com>
diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c
index 11968dcb7243..6e69ce43a13f 100644
--- a/fs/nfs/pagelist.c
+++ b/fs/nfs/pagelist.c
@@ -253,13 +253,14 @@ nfs_page_group_unlock(struct nfs_page *req)
nfs_page_clear_headlock(req);
}
-/*
- * nfs_page_group_sync_on_bit_locked
+/**
+ * nfs_page_group_sync_on_bit_locked - Test if all requests have @bit set
+ * @req: request in page group
+ * @bit: PG_* bit that is used to sync page group
*
* must be called with page group lock held
*/
-static bool
-nfs_page_group_sync_on_bit_locked(struct nfs_page *req, unsigned int bit)
+bool nfs_page_group_sync_on_bit_locked(struct nfs_page *req, unsigned int bit)
{
struct nfs_page *head = req->wb_head;
struct nfs_page *tmp;
diff --git a/fs/nfs/write.c b/fs/nfs/write.c
index fa5c41d0989a..8b7c04737967 100644
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -153,20 +153,10 @@ nfs_page_set_inode_ref(struct nfs_page *req, struct inode *inode)
}
}
-static int
-nfs_cancel_remove_inode(struct nfs_page *req, struct inode *inode)
+static void nfs_cancel_remove_inode(struct nfs_page *req, struct inode *inode)
{
- int ret;
-
- if (!test_bit(PG_REMOVE, &req->wb_flags))
- return 0;
- ret = nfs_page_group_lock(req);
- if (ret)
- return ret;
if (test_and_clear_bit(PG_REMOVE, &req->wb_flags))
nfs_page_set_inode_ref(req, inode);
- nfs_page_group_unlock(req);
- return 0;
}
/**
@@ -585,19 +575,18 @@ retry:
}
}
+ ret = nfs_page_group_lock(head);
+ if (ret < 0)
+ goto out_unlock;
+
/* Ensure that nobody removed the request before we locked it */
if (head != folio->private) {
+ nfs_page_group_unlock(head);
nfs_unlock_and_release_request(head);
goto retry;
}
- ret = nfs_cancel_remove_inode(head, inode);
- if (ret < 0)
- goto out_unlock;
-
- ret = nfs_page_group_lock(head);
- if (ret < 0)
- goto out_unlock;
+ nfs_cancel_remove_inode(head, inode);
/* lock each request in the page group */
for (subreq = head->wb_this_page;
@@ -786,7 +775,8 @@ static void nfs_inode_remove_request(struct nfs_page *req)
{
struct nfs_inode *nfsi = NFS_I(nfs_page_to_inode(req));
- if (nfs_page_group_sync_on_bit(req, PG_REMOVE)) {
+ nfs_page_group_lock(req);
+ if (nfs_page_group_sync_on_bit_locked(req, PG_REMOVE)) {
struct folio *folio = nfs_page_to_folio(req->wb_head);
struct address_space *mapping = folio->mapping;
@@ -798,6 +788,7 @@ static void nfs_inode_remove_request(struct nfs_page *req)
}
spin_unlock(&mapping->i_private_lock);
}
+ nfs_page_group_unlock(req);
if (test_and_clear_bit(PG_INODE_REF, &req->wb_flags)) {
atomic_long_dec(&nfsi->nrequests);
diff --git a/include/linux/nfs_page.h b/include/linux/nfs_page.h
index 169b4ae30ff4..9aed39abc94b 100644
--- a/include/linux/nfs_page.h
+++ b/include/linux/nfs_page.h
@@ -160,6 +160,7 @@ extern void nfs_join_page_group(struct nfs_page *head,
extern int nfs_page_group_lock(struct nfs_page *);
extern void nfs_page_group_unlock(struct nfs_page *);
extern bool nfs_page_group_sync_on_bit(struct nfs_page *, unsigned int);
+extern bool nfs_page_group_sync_on_bit_locked(struct nfs_page *, unsigned int);
extern int nfs_page_set_headlock(struct nfs_page *req);
extern void nfs_page_clear_headlock(struct nfs_page *req);
extern bool nfs_async_iocounter_wait(struct rpc_task *, struct nfs_lock_context *);
2 weeks, 1 day
- 2
- 3
[PATCH] drm/xe: Fix incorrect migration of backed-up object to VRAM
by Thomas Hellström
If an object is backed up to shmem it is incorrectly identified
as not having valid data by the move code. This means moving
to VRAM skips the -EMULTIHOP step and the bo is cleared. This
causes all sorts of weird behaviour on DGFX if an already evicted
object is targeted by the shrinker.
Fix this by using ttm_tt_is_swapped() to identify backed-up
objects.
Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/5996
Fixes: 00c8efc3180f ("drm/xe: Add a shrinker for xe bos")
Cc: Matthew Brost <matthew.brost(a)intel.com>
Cc: Matthew Auld <matthew.auld(a)intel.com>
Cc: <stable(a)vger.kernel.org> # v6.15+
Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com>
---
drivers/gpu/drm/xe/xe_bo.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/xe/xe_bo.c b/drivers/gpu/drm/xe/xe_bo.c
index 7d1ff642b02a..4faf15d5fa6d 100644
--- a/drivers/gpu/drm/xe/xe_bo.c
+++ b/drivers/gpu/drm/xe/xe_bo.c
@@ -823,8 +823,7 @@ static int xe_bo_move(struct ttm_buffer_object *ttm_bo, bool evict,
return ret;
}
- tt_has_data = ttm && (ttm_tt_is_populated(ttm) ||
- (ttm->page_flags & TTM_TT_FLAG_SWAPPED));
+ tt_has_data = ttm && (ttm_tt_is_populated(ttm) || ttm_tt_is_swapped(ttm));
move_lacks_source = !old_mem || (handle_system_ccs ? (!bo->ccs_cleared) :
(!mem_type_is_vram(old_mem_type) && !tt_has_data));
--
2.50.1
2 weeks, 1 day
- 2
- 2
Linux 6.16.4
by Greg Kroah-Hartman
I'm announcing the release of the 6.16.4 kernel.
All users of the 6.16 kernel series must upgrade.
The updated 6.16.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.16.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/devicetree/bindings/display/rockchip/rockchip-vop2.yaml | 56 +-
Documentation/devicetree/bindings/display/sprd/sprd,sharkl3-dpu.yaml | 2
Documentation/devicetree/bindings/display/sprd/sprd,sharkl3-dsi-host.yaml | 2
Documentation/devicetree/bindings/ufs/mediatek,ufs.yaml | 4
Documentation/networking/mptcp-sysctl.rst | 2
Makefile | 4
arch/arm/lib/crypto/poly1305-glue.c | 3
arch/arm64/boot/dts/apple/t8012-j132.dts | 1
arch/arm64/boot/dts/exynos/exynos7870-j6lte.dts | 2
arch/arm64/boot/dts/exynos/exynos7870-on7xelte.dts | 2
arch/arm64/boot/dts/exynos/exynos7870.dtsi | 1
arch/arm64/boot/dts/exynos/google/gs101.dtsi | 1
arch/arm64/boot/dts/rockchip/rk3576.dtsi | 7
arch/arm64/boot/dts/rockchip/rk3588-turing-rk1.dtsi | 11
arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts | 24
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1
arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 12
arch/arm64/boot/dts/ti/k3-am625-sk.dts | 24
arch/arm64/boot/dts/ti/k3-am62a7-sk.dts | 4
arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi | 24
arch/arm64/boot/dts/ti/k3-pinctrl.h | 15
arch/arm64/lib/crypto/poly1305-glue.c | 3
arch/loongarch/Makefile | 6
arch/loongarch/kernel/module-sections.c | 36 -
arch/loongarch/kvm/intc/eiointc.c | 32 -
arch/loongarch/kvm/intc/ipi.c | 8
arch/loongarch/kvm/intc/pch_pic.c | 10
arch/loongarch/kvm/vcpu.c | 8
arch/m68k/kernel/head.S | 31 -
arch/mips/lib/crypto/chacha-core.S | 20
arch/parisc/Makefile | 4
arch/parisc/include/asm/pgtable.h | 7
arch/parisc/include/asm/special_insns.h | 28 +
arch/parisc/include/asm/uaccess.h | 21
arch/parisc/kernel/cache.c | 6
arch/parisc/kernel/entry.S | 17
arch/parisc/kernel/syscall.S | 30 -
arch/parisc/lib/memcpy.c | 19
arch/parisc/mm/fault.c | 4
arch/s390/boot/vmem.c | 3
arch/s390/hypfs/hypfs_dbfs.c | 19
arch/x86/crypto/aegis128-aesni-glue.c | 40 +
arch/x86/include/asm/xen/hypercall.h | 5
arch/x86/kernel/cpu/amd.c | 8
arch/x86/kernel/cpu/hygon.c | 3
block/bfq-iosched.c | 13
block/blk-mq-debugfs.c | 1
block/blk-mq-sched.c | 223 +++++---
block/blk-mq-sched.h | 12
block/blk-mq.c | 29 -
block/blk-rq-qos.c | 8
block/blk-rq-qos.h | 48 +
block/blk-sysfs.c | 2
block/blk.h | 4
block/elevator.c | 38 +
block/elevator.h | 16
block/kyber-iosched.c | 11
block/mq-deadline.c | 14
crypto/deflate.c | 7
drivers/accel/habanalabs/gaudi2/gaudi2.c | 2
drivers/acpi/apei/einj-core.c | 12
drivers/acpi/pfr_update.c | 2
drivers/ata/Kconfig | 36 +
drivers/ata/libata-scsi.c | 49 -
drivers/base/power/runtime.c | 27 -
drivers/bluetooth/btmtk.c | 7
drivers/bus/mhi/host/boot.c | 8
drivers/bus/mhi/host/internal.h | 4
drivers/bus/mhi/host/main.c | 12
drivers/cdx/controller/cdx_rpmsg.c | 3
drivers/comedi/comedi_fops.c | 5
drivers/comedi/drivers.c | 23
drivers/comedi/drivers/pcl726.c | 3
drivers/cpufreq/armada-8k-cpufreq.c | 2
drivers/cpuidle/governors/menu.c | 29 -
drivers/crypto/caam/ctrl.c | 5
drivers/crypto/caam/intern.h | 1
drivers/crypto/ccp/sev-dev.c | 10
drivers/crypto/intel/qat/qat_common/adf_common_drv.h | 1
drivers/crypto/intel/qat/qat_common/adf_init.c | 1
drivers/crypto/intel/qat/qat_common/adf_isr.c | 5
drivers/crypto/intel/qat/qat_common/qat_algs.c | 12
drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h | 125 +++-
drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 35 -
drivers/fpga/zynq-fpga.c | 10
drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1
drivers/gpu/drm/amd/amdgpu/amdgpu_cper.c | 6
drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 3
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 6
drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 76 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7
drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 1
drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 1
drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 21
drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 5
drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 14
drivers/gpu/drm/amd/amdgpu/imu_v12_0.c | 13
drivers/gpu/drm/amd/amdgpu/mmhub_v3_0_1.c | 57 +-
drivers/gpu/drm/amd/amdgpu/mmhub_v3_3.c | 105 ++++
drivers/gpu/drm/amd/amdgpu/mmhub_v4_1_0.c | 34 -
drivers/gpu/drm/amd/amdgpu/psp_v14_0.c | 2
drivers/gpu/drm/amd/amdgpu/soc15.c | 2
drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 2
drivers/gpu/drm/amd/amdkfd/kfd_module.c | 2
drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 61 +-
drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 20
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 19
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 28 +
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2
drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 5
drivers/gpu/drm/amd/display/dc/bios/command_table.c | 2
drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 1
drivers/gpu/drm/amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 19
drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 -
drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 -
drivers/gpu/drm/amd/display/dc/core/dc.c | 34 -
drivers/gpu/drm/amd/display/dc/resource/dce60/dce60_resource.c | 34 -
drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3
drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 16
drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0.c | 11
drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 30 -
drivers/gpu/drm/display/drm_dp_helper.c | 2
drivers/gpu/drm/drm_format_helper.c | 108 +++-
drivers/gpu/drm/drm_format_internal.h | 8
drivers/gpu/drm/drm_panic_qr.rs | 22
drivers/gpu/drm/hisilicon/hibmc/dp/dp_link.c | 14
drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c | 22
drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.h | 1
drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_i2c.c | 5
drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_vdac.c | 11
drivers/gpu/drm/i915/display/intel_display_irq.c | 4
drivers/gpu/drm/i915/display/intel_tc.c | 93 ++-
drivers/gpu/drm/i915/gt/intel_workarounds.c | 20
drivers/gpu/drm/nouveau/nvif/vmm.c | 3
drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c | 4
drivers/gpu/drm/nova/file.rs | 3
drivers/gpu/drm/tests/drm_format_helper_test.c | 111 ----
drivers/gpu/drm/xe/Kconfig | 1
drivers/gpu/drm/xe/xe_migrate.c | 2
drivers/gpu/drm/xe/xe_pxp_submit.c | 2
drivers/gpu/drm/xe/xe_shrinker.c | 51 +
drivers/gpu/drm/xe/xe_vm.c | 48 -
drivers/gpu/drm/xe/xe_vm.h | 2
drivers/hwmon/gsc-hwmon.c | 4
drivers/i2c/busses/i2c-qcom-geni.c | 6
drivers/i2c/busses/i2c-rtl9300.c | 20
drivers/iio/accel/sca3300.c | 2
drivers/iio/adc/Kconfig | 2
drivers/iio/adc/ad7124.c | 14
drivers/iio/adc/ad7173.c | 137 ++++-
drivers/iio/adc/ad7380.c | 1
drivers/iio/adc/ad_sigma_delta.c | 4
drivers/iio/adc/rzg2l_adc.c | 33 -
drivers/iio/imu/bno055/bno055.c | 11
drivers/iio/imu/inv_icm42600/inv_icm42600.h | 8
drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 31 -
drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c | 22
drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h | 10
drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 6
drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 41 -
drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 12
drivers/iio/light/as73211.c | 2
drivers/iio/pressure/bmp280-core.c | 9
drivers/iio/proximity/isl29501.c | 16
drivers/iio/temperature/maxim_thermocouple.c | 26 -
drivers/infiniband/core/umem_odp.c | 4
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8
drivers/infiniband/hw/bnxt_re/main.c | 23
drivers/infiniband/hw/bnxt_re/qplib_fp.c | 30 -
drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2
drivers/infiniband/hw/bnxt_re/qplib_res.c | 2
drivers/infiniband/hw/erdma/erdma_verbs.c | 6
drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 6
drivers/infiniband/hw/hns/hns_roce_restrack.c | 9
drivers/infiniband/sw/rxe/rxe_net.c | 29 -
drivers/infiniband/sw/rxe/rxe_qp.c | 2
drivers/iommu/amd/init.c | 4
drivers/iommu/apple-dart.c | 1
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2
drivers/iommu/intel/iommu.c | 1
drivers/iommu/iommufd/selftest.c | 1
drivers/iommu/riscv/iommu.c | 3
drivers/iommu/virtio-iommu.c | 19
drivers/md/dm-crypt.c | 49 +
drivers/md/dm-raid.c | 42 -
drivers/md/dm.c | 17
drivers/md/md-bitmap.c | 8
drivers/md/md-cluster.c | 16
drivers/md/md.c | 110 ++--
drivers/md/md.h | 2
drivers/md/raid0.c | 6
drivers/md/raid1-10.c | 2
drivers/md/raid1.c | 10
drivers/md/raid10.c | 16
drivers/md/raid5-ppl.c | 6
drivers/md/raid5.c | 30 -
drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3
drivers/media/i2c/hi556.c | 26 -
drivers/media/i2c/mt9m114.c | 8
drivers/media/i2c/ov2659.c | 3
drivers/media/pci/intel/ipu6/ipu6-isys-csi2.c | 12
drivers/media/pci/intel/ivsc/mei_ace.c | 2
drivers/media/pci/intel/ivsc/mei_csi.c | 2
drivers/media/platform/qcom/camss/camss-csiphy-3ph-1-0.c | 3
drivers/media/platform/qcom/camss/camss.c | 20
drivers/media/platform/qcom/iris/iris_buffer.c | 20
drivers/media/platform/qcom/iris/iris_buffer.h | 3
drivers/media/platform/qcom/iris/iris_ctrls.c | 7
drivers/media/platform/qcom/iris/iris_hfi_gen1_command.c | 27 -
drivers/media/platform/qcom/iris/iris_hfi_gen1_defines.h | 1
drivers/media/platform/qcom/iris/iris_hfi_gen1_response.c | 20
drivers/media/platform/qcom/iris/iris_hfi_gen2_command.c | 4
drivers/media/platform/qcom/iris/iris_hfi_gen2_response.c | 11
drivers/media/platform/qcom/iris/iris_hfi_queue.c | 2
drivers/media/platform/qcom/iris/iris_instance.h | 2
drivers/media/platform/qcom/iris/iris_platform_common.h | 2
drivers/media/platform/qcom/iris/iris_platform_sm8250.c | 9
drivers/media/platform/qcom/iris/iris_state.c | 2
drivers/media/platform/qcom/iris/iris_state.h | 1
drivers/media/platform/qcom/iris/iris_vb2.c | 15
drivers/media/platform/qcom/iris/iris_vdec.c | 9
drivers/media/platform/qcom/iris/iris_vidc.c | 33 +
drivers/media/platform/qcom/venus/core.c | 18
drivers/media/platform/qcom/venus/core.h | 2
drivers/media/platform/qcom/venus/hfi_venus.c | 5
drivers/media/platform/qcom/venus/vdec.c | 5
drivers/media/platform/qcom/venus/venc.c | 5
drivers/media/platform/raspberrypi/pisp_be/Kconfig | 1
drivers/media/platform/raspberrypi/pisp_be/pisp_be.c | 5
drivers/media/platform/verisilicon/rockchip_vpu_hw.c | 9
drivers/media/test-drivers/vivid/vivid-ctrls.c | 3
drivers/media/test-drivers/vivid/vivid-vid-cap.c | 4
drivers/media/usb/gspca/vicam.c | 10
drivers/media/usb/usbtv/usbtv-video.c | 4
drivers/media/v4l2-core/v4l2-ctrls-core.c | 1
drivers/memstick/core/memstick.c | 1
drivers/memstick/host/rtsx_usb_ms.c | 1
drivers/mfd/mt6397-core.c | 12
drivers/mmc/host/sdhci-of-arasan.c | 33 +
drivers/mmc/host/sdhci-pci-gli.c | 37 -
drivers/mmc/host/sdhci_am654.c | 18
drivers/most/core.c | 2
drivers/mtd/nand/raw/fsmc_nand.c | 2
drivers/mtd/nand/raw/renesas-nand-controller.c | 6
drivers/mtd/nand/spi/core.c | 5
drivers/mtd/spi-nor/swp.c | 19
drivers/net/bonding/bond_3ad.c | 67 +-
drivers/net/bonding/bond_options.c | 1
drivers/net/dsa/microchip/ksz_common.c | 6
drivers/net/ethernet/airoha/airoha_ppe.c | 4
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2
drivers/net/ethernet/google/gve/gve_main.c | 2
drivers/net/ethernet/intel/igc/igc_main.c | 14
drivers/net/ethernet/intel/ixgbe/devlink/devlink.c | 1
drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4
drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c | 4
drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 2
drivers/net/ethernet/mellanox/mlx5/core/en/dcbnl.h | 1
drivers/net/ethernet/mellanox/mlx5/core/en/port_buffer.c | 18
drivers/net/ethernet/mellanox/mlx5/core/en/tc/ct_fs_hmfs.c | 2
drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 12
drivers/net/ethernet/mellanox/mlx5/core/esw/devlink_port.c | 4
drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h | 2
drivers/net/ethernet/mellanox/mlx5/core/port.c | 20
drivers/net/ethernet/mellanox/mlx5/core/steering/hws/bwc_complex.c | 41 +
drivers/net/ethernet/mellanox/mlx5/core/steering/hws/cmd.c | 1
drivers/net/ethernet/mellanox/mlx5/core/steering/hws/cmd.h | 1
drivers/net/ethernet/mellanox/mlx5/core/steering/hws/fs_hws.c | 1
drivers/net/ethernet/mellanox/mlx5/core/steering/hws/matcher.c | 5
drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws.h | 1
drivers/net/ethernet/mellanox/mlx5/core/steering/hws/send.c | 1
drivers/net/ethernet/mellanox/mlx5/core/steering/hws/table.c | 13
drivers/net/ethernet/mellanox/mlx5/core/steering/hws/table.h | 3
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2
drivers/net/ethernet/mellanox/mlxsw/trap.h | 1
drivers/net/ethernet/microchip/lan865x/lan865x.c | 21
drivers/net/ethernet/realtek/rtase/rtase.h | 2
drivers/net/ethernet/stmicro/stmmac/dwmac-thead.c | 9
drivers/net/ethernet/ti/icssg/icssg_prueth.c | 72 +-
drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 8
drivers/net/phy/mscc/mscc.h | 12
drivers/net/phy/mscc/mscc_main.c | 12
drivers/net/phy/mscc/mscc_ptp.c | 49 +
drivers/net/ppp/ppp_generic.c | 17
drivers/net/usb/asix_devices.c | 2
drivers/net/wireless/ath/ath11k/ce.c | 3
drivers/net/wireless/ath/ath11k/dp_rx.c | 3
drivers/net/wireless/ath/ath11k/hal.c | 33 +
drivers/net/wireless/ath/ath12k/ce.c | 3
drivers/net/wireless/ath/ath12k/hal.c | 38 +
drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2
drivers/pci/controller/dwc/pci-imx6.c | 12
drivers/pci/controller/dwc/pcie-designware.c | 8
drivers/pci/controller/pcie-rockchip-ep.c | 4
drivers/pci/controller/pcie-rockchip-host.c | 49 +
drivers/pci/controller/pcie-rockchip.h | 12
drivers/pci/endpoint/pci-ep-cfs.c | 1
drivers/pci/endpoint/pci-epf-core.c | 2
drivers/pci/pci.h | 32 -
drivers/pci/pcie/portdrv.c | 2
drivers/phy/qualcomm/phy-qcom-m31.c | 14
drivers/platform/chrome/cros_ec.c | 3
drivers/platform/x86/amd/hsmp/hsmp.c | 5
drivers/platform/x86/intel/uncore-frequency/uncore-frequency-tpmi.c | 5
drivers/pwm/pwm-imx-tpm.c | 9
drivers/pwm/pwm-mediatek.c | 71 +-
drivers/regulator/pca9450-regulator.c | 13
drivers/regulator/tps65219-regulator.c | 12
drivers/s390/char/sclp.c | 11
drivers/scsi/mpi3mr/mpi3mr.h | 6
drivers/scsi/mpi3mr/mpi3mr_fw.c | 17
drivers/scsi/mpi3mr/mpi3mr_os.c | 2
drivers/scsi/qla4xxx/ql4_os.c | 2
drivers/soc/qcom/mdt_loader.c | 43 +
drivers/soc/tegra/pmc.c | 51 +
drivers/spi/spi-fsl-lpspi.c | 8
drivers/spi/spi-qpic-snand.c | 22
drivers/staging/media/imx/imx-media-csc-scaler.c | 2
drivers/tty/serial/8250/8250_port.c | 3
drivers/tty/vt/defkeymap.c_shipped | 112 ++++
drivers/tty/vt/keyboard.c | 2
drivers/ufs/core/ufshcd.c | 10
drivers/ufs/host/ufs-exynos.c | 4
drivers/ufs/host/ufs-qcom.c | 42 -
drivers/ufs/host/ufshcd-pci.c | 42 +
drivers/usb/atm/cxacru.c | 106 +---
drivers/usb/core/hcd.c | 20
drivers/usb/core/quirks.c | 1
drivers/usb/dwc3/dwc3-imx8mp.c | 7
drivers/usb/dwc3/dwc3-meson-g12a.c | 3
drivers/usb/dwc3/dwc3-pci.c | 2
drivers/usb/dwc3/ep0.c | 20
drivers/usb/dwc3/gadget.c | 19
drivers/usb/gadget/udc/renesas_usb3.c | 1
drivers/usb/host/xhci-hub.c | 3
drivers/usb/host/xhci-mem.c | 22
drivers/usb/host/xhci-pci-renesas.c | 7
drivers/usb/host/xhci-ring.c | 9
drivers/usb/host/xhci.c | 23
drivers/usb/host/xhci.h | 3
drivers/usb/musb/omap2430.c | 14
drivers/usb/storage/realtek_cr.c | 2
drivers/usb/storage/unusual_devs.h | 29 +
drivers/usb/typec/tcpm/maxim_contaminant.c | 58 ++
drivers/usb/typec/tcpm/tcpci_maxim.h | 1
drivers/vhost/vsock.c | 6
drivers/video/console/vgacon.c | 2
fs/btrfs/ctree.c | 23
fs/btrfs/extent-tree.c | 2
fs/btrfs/extent_io.c | 94 +--
fs/btrfs/extent_io.h | 2
fs/btrfs/fiemap.c | 2
fs/btrfs/free-space-tree.c | 17
fs/btrfs/inode.c | 8
fs/btrfs/print-tree.c | 2
fs/btrfs/qgroup.c | 6
fs/btrfs/relocation.c | 4
fs/btrfs/subpage.c | 258 +++++-----
fs/btrfs/subpage.h | 45 +
fs/btrfs/super.c | 13
fs/btrfs/tree-log.c | 4
fs/btrfs/zoned.c | 70 ++
fs/buffer.c | 2
fs/debugfs/inode.c | 11
fs/erofs/Kconfig | 18
fs/ext4/fsmap.c | 23
fs/ext4/indirect.c | 4
fs/ext4/inode.c | 2
fs/ext4/orphan.c | 5
fs/ext4/super.c | 8
fs/f2fs/node.c | 10
fs/fhandle.c | 2
fs/internal.h | 3
fs/iomap/direct-io.c | 14
fs/jbd2/checkpoint.c | 1
fs/libfs.c | 27 -
fs/namespace.c | 69 +-
fs/netfs/read_collect.c | 4
fs/netfs/write_collect.c | 10
fs/netfs/write_issue.c | 4
fs/nfs/pagelist.c | 9
fs/nfs/write.c | 29 -
fs/overlayfs/copy_up.c | 2
fs/proc/task_mmu.c | 4
fs/smb/client/smb2ops.c | 2
fs/smb/server/connection.c | 3
fs/smb/server/connection.h | 7
fs/smb/server/oplock.c | 13
fs/smb/server/transport_rdma.c | 5
fs/smb/server/transport_rdma.h | 4
fs/smb/server/transport_tcp.c | 26 -
fs/splice.c | 3
fs/squashfs/super.c | 14
fs/xfs/libxfs/xfs_refcount.c | 4
fs/xfs/scrub/common.c | 3
fs/xfs/scrub/repair.c | 12
fs/xfs/scrub/scrub.c | 5
fs/xfs/xfs_attr_item.c | 5
fs/xfs/xfs_discard.c | 12
fs/xfs/xfs_fsmap.c | 4
fs/xfs/xfs_icache.c | 5
fs/xfs/xfs_inode.c | 7
fs/xfs/xfs_itable.c | 24
fs/xfs/xfs_iwalk.c | 11
fs/xfs/xfs_notify_failure.c | 6
fs/xfs/xfs_qm.c | 10
fs/xfs/xfs_rtalloc.c | 13
fs/xfs/xfs_trans.c | 56 +-
fs/xfs/xfs_trans.h | 3
fs/xfs/xfs_zone_alloc.c | 10
fs/xfs/xfs_zone_gc.c | 5
include/crypto/hash.h | 2
include/crypto/internal/acompress.h | 5
include/drm/drm_format_helper.h | 9
include/drm/intel/pciids.h | 1
include/linux/blkdev.h | 1
include/linux/compiler.h | 8
include/linux/iosys-map.h | 7
include/linux/iov_iter.h | 20
include/linux/kcov.h | 47 -
include/linux/mlx5/mlx5_ifc.h | 14
include/linux/netfs.h | 1
include/linux/nfs_page.h | 1
include/net/bluetooth/bluetooth.h | 4
include/net/bluetooth/hci.h | 1
include/net/bluetooth/hci_core.h | 54 +-
include/net/bond_3ad.h | 1
include/net/devlink.h | 6
include/net/sch_generic.h | 11
include/sound/cs35l56.h | 5
include/trace/events/btrfs.h | 2
include/uapi/linux/pfrut.h | 1
include/uapi/linux/raid/md_p.h | 2
io_uring/futex.c | 3
kernel/Kconfig.kexec | 1
kernel/cgroup/cpuset.c | 9
kernel/cgroup/rstat.c | 3
kernel/kexec_handover.c | 29 -
kernel/sched/ext.c | 4
kernel/signal.c | 6
kernel/trace/ftrace.c | 19
kernel/trace/trace.c | 34 -
kernel/trace/trace.h | 10
mm/damon/core.c | 15
mm/damon/paddr.c | 4
mm/debug_vm_pgtable.c | 9
mm/filemap.c | 3
mm/kasan/kasan_test_c.c | 2
mm/memory-failure.c | 8
mm/mremap.c | 41 -
net/bluetooth/hci_conn.c | 17
net/bluetooth/hci_core.c | 27 -
net/bluetooth/hci_event.c | 15
net/bluetooth/hci_sync.c | 33 -
net/bluetooth/iso.c | 20
net/bluetooth/mgmt.c | 13
net/bridge/br_multicast.c | 16
net/bridge/br_private.h | 2
net/core/dev.c | 12
net/devlink/port.c | 2
net/hsr/hsr_slave.c | 8
net/ipv4/netfilter/nf_reject_ipv4.c | 6
net/ipv6/netfilter/nf_reject_ipv6.c | 5
net/ipv6/seg6_hmac.c | 6
net/mptcp/options.c | 6
net/mptcp/pm.c | 18
net/mptcp/pm_kernel.c | 1
net/sched/sch_cake.c | 14
net/sched/sch_codel.c | 12
net/sched/sch_fq.c | 12
net/sched/sch_fq_codel.c | 12
net/sched/sch_fq_pie.c | 12
net/sched/sch_hhf.c | 12
net/sched/sch_htb.c | 2
net/sched/sch_pie.c | 12
net/smc/af_smc.c | 3
net/tls/tls_sw.c | 7
net/vmw_vsock/virtio_transport.c | 12
rust/kernel/alloc/allocator.rs | 30 -
rust/kernel/alloc/allocator_test.rs | 11
rust/kernel/drm/device.rs | 32 -
rust/kernel/faux.rs | 2
security/apparmor/lsm.c | 4
sound/core/timer.c | 4
sound/pci/hda/patch_realtek.c | 2
sound/pci/hda/tas2781_hda_i2c.c | 2
sound/soc/codecs/cs35l56-sdw.c | 69 --
sound/soc/codecs/cs35l56-shared.c | 29 +
sound/soc/codecs/cs35l56.c | 2
sound/soc/codecs/cs35l56.h | 3
sound/soc/sof/amd/acp-loader.c | 6
sound/usb/stream.c | 2
sound/usb/validate.c | 2
tools/objtool/arch/loongarch/special.c | 23
tools/testing/selftests/net/mptcp/mptcp_connect.c | 5
tools/testing/selftests/net/mptcp/mptcp_inq.c | 5
tools/testing/selftests/net/mptcp/mptcp_sockopt.c | 5
tools/testing/selftests/net/mptcp/pm_netlink.sh | 1
498 files changed, 4865 insertions(+), 2704 deletions(-)
Adrian Huang (Lenovo) (1):
signal: Fix memory leak for PIDFD_SELF* sentinels
Adrian Hunter (1):
scsi: ufs: ufs-pci: Fix default runtime and system PM levels
Akhilesh Patil (1):
RDMA/core: Free pfn_list with appropriate kvfree call
Al Viro (1):
use uniform permission checks for all mount propagation changes
Alan Huang (1):
xfs: Remove unused label in xfs_dax_notify_dev_failure
Aleksa Sarai (1):
open_tree_attr: do not allow id-mapping changes without OPEN_TREE_CLONE
Alex Deucher (7):
drm/amdgpu/discovery: fix fw based ip discovery
drm/amdgpu: add missing vram lost check for LEGACY RESET
drm/amdgpu: track whether a queue is a kernel queue in amdgpu_mqd_prop
drm/amdgpu: update mmhub 3.0.1 client id mappings
drm/amdgpu: update mmhub 3.3 client id mappings
drm/amdgpu: update mmhub 4.1.0 client id mappings
drm/amdgpu/swm14: Update power limit logic
Alex Guo (1):
i2c: rtl9300: Fix out-of-bounds bug in rtl9300_i2c_smbus_xfer
Alex Vesker (1):
net/mlx5: HWS, Fix table creation UID
Alexander Sverdlin (1):
arm64: dts: ti: k3-pinctrl: Enable Schmitt Trigger by default
Alexander Wilhelm (1):
bus: mhi: host: Fix endianness of BHI vector table
Alexei Lazar (1):
net/mlx5e: Query FW for buffer ownership
Amber Lin (1):
drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
Amit Sunil Dhamne (2):
usb: typec: maxim_contaminant: disable low power mode when reading comparator values
usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean
Anantha Prabhu (1):
RDMA/bnxt_re: Fix to initialize the PBL array
Andrea Righi (1):
sched/ext: Fix invalid task state transitions on class switch
Andreas Dilger (1):
ext4: check fast symlink for ea_inode correctly
André Draszik (1):
scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
Andy Shevchenko (1):
iio: imu: inv_icm42600: Convert to uXX and sXX integer types
Archana Patni (1):
scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers
Armen Ratner (1):
net/mlx5e: Preserve shared buffer capacity during headroom updates
Ashish Kalra (1):
crypto: ccp - Fix SNP panic notifier unregistration
Baihan Li (5):
drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed
drm/hisilicon/hibmc: fix irq_request()'s irq name variable is local
drm/hisilicon/hibmc: fix the hibmc loaded failed bug
drm/hisilicon/hibmc: fix rare monitors cannot display problem
drm/hisilicon/hibmc: fix dp and vga cannot show together
Bao D. Nguyen (1):
scsi: ufs: ufs-qcom: Update esi_vec_mask for HW major version >= 6
Baokun Li (2):
ext4: preserve SB_I_VERSION on remount
jbd2: prevent softlockup in jbd2_log_do_checkpoint()
Bart Van Assche (2):
scsi: ufs: core: Fix IRQ lock inversion for the SCSI host lock
scsi: ufs: core: Remove WARN_ON_ONCE() call from ufshcd_uic_cmd_compl()
Bharat Bhushan (3):
crypto: octeontx2 - Fix address alignment issue on ucode loading
crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2
crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0
Bibo Mao (4):
LoongArch: KVM: Make function kvm_own_lbt() robust
LoongArch: KVM: Fix stack protector issue in send_ipi_data()
LoongArch: KVM: Add address alignment check in pch_pic register access
LoongArch: KVM: Use standard bitops API with eiointc
Bingbu Cao (1):
media: hi556: correct the test pattern configuration
Bjorn Andersson (1):
soc: qcom: mdt_loader: Ensure we don't read past the ELF header
Bo Liu (OpenAnolis) (1):
erofs: fix build error with CONFIG_EROFS_FS_ZIP_ACCEL=y
Boshi Yu (2):
RDMA/erdma: Fix ignored return value of init_kernel_qp
RDMA/erdma: Fix unset QPN of GSI QP
Bryan O'Donoghue (2):
media: qcom: camss: csiphy-3ph: Fix inadvertent dropping of SDM660/SDM670 phy init
media: qcom: camss: Remove extraneous -supply postfix on supply names
Chao Yu (1):
f2fs: fix to avoid out-of-boundary access in dnode page
Charalampos Mitrodimas (1):
debugfs: fix mount options not being applied
Chen Yu (1):
ACPI: pfr_update: Fix the driver update version check
Chenyuan Yang (1):
drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()
Chi Zhiling (1):
readahead: fix return value of page_cache_next_miss() when no hole is found
Christian Brauner (1):
libfs: massage path_from_stashed() to allow custom stashing behavior
Christoph Hellwig (5):
xfs: decouple xfs_trans_alloc_empty from xfs_trans_alloc
xfs: return the allocated transaction from xfs_trans_alloc_empty
xfs: improve the comments in xfs_select_zone_nowait
xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags
xfs: fix frozen file system assert in xfs_trans_alloc
Christoph Manszewski (1):
drm/xe: Fix vm_bind_ioctl double free bug
Christoph Paasch (1):
mptcp: drop skb if MPTCP skb extension allocation fails
Claudiu Beznea (2):
iio: adc: rzg2l_adc: Set driver data before enabling runtime PM
iio: adc: rzg2l: Cleanup suspend/resume path
Cristian Ciocaltea (3):
arm64: dts: rockchip: Add HDMI PHY PLL clock source to VOP2 on rk3576
arm64: dts: rockchip: Enable HDMI PHY clk provider on rk3576
dt-bindings: display: vop2: Add optional PLL clock property for rk3576
D. Wythe (1):
net/smc: fix UAF on smcsk after smc_listen_out()
Damien Le Moal (7):
ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig
dm: dm-crypt: Do not partially accept write BIOs with zoned targets
dm: Check for forbidden splitting of zone write operations
ata: libata-scsi: Fix ata_to_sense_error() status handling
ata: libata-scsi: Return aborted command when missing sense and result TF
PCI: endpoint: Fix configfs group list head handling
PCI: endpoint: Fix configfs group removal on driver teardown
Dan Carpenter (6):
cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table()
media: gspca: Add bounds checking to firmware parser
soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()
scsi: qla4xxx: Prevent a potential error pointer dereference
ALSA: usb-audio: Fix size validation in convert_chmap_v3()
regulator: tps65219: regulator: tps65219: Fix error codes in probe()
Daniel Jurgens (1):
net/mlx5: Base ECVF devlink port attrs from 0
Danilo Krummrich (4):
rust: alloc: replace aligned_size() with Kmalloc::aligned_layout()
rust: drm: ensure kmalloc() compatible Layout
rust: drm: remove pin annotations from drm::Device
rust: drm: don't pass the address of drm::Device to drm_dev_put()
David Hildenbrand (1):
mm/mremap: fix WARN with uffd that has remap events disabled
David Howells (2):
netfs: Fix unbuffered write error handling
cifs: Fix oops due to uninitialised variable
David Lechner (13):
iio: adc: ad7173: fix num_slots
iio: imu: bno055: fix OOB access of hw_xlate array
iio: adc: ad_sigma_delta: change to buffer predisable
iio: adc: ad7173: fix channels index for syscalib_mode
iio: adc: ad7173: fix calibration channel
iio: adc: ad7173: fix setting ODR in probe
iio: adc: ad7380: fix missing max_conversion_rate_hz on adaq4381-4
iio: accel: sca3300: fix uninitialized iio scan data
iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read()
iio: adc: ad7124: fix channel lookup in syscalib functions
iio: adc: ad7173: prevent scan if too many setups requested
iio: proximity: isl29501: fix buffered read on big-endian systems
iio: imu: inv_icm42600: use = { } instead of memset()
David Sterba (1):
btrfs: move transaction aborts to the error site in add_block_group_free_space()
David Yat Sin (1):
drm/amdkfd: Fix checkpoint-restore on multi-xcc
Dewei Meng (1):
ALSA: timer: fix ida_free call while not allocated
Dikshita Agarwal (16):
media: iris: Avoid updating frame size to firmware during reconfig
media: iris: Drop port check for session property response
media: iris: Fix buffer preparation failure during resolution change
media: iris: Fix missing function pointer initialization
media: iris: Fix NULL pointer dereference
media: iris: Fix typo in depth variable
media: iris: Prevent HFI queue writes when core is in deinit state
media: iris: Remove deprecated property setting to firmware
media: iris: Remove error check for non-zero v4l2 controls
media: iris: Send V4L2_BUF_FLAG_ERROR for capture buffers with 0 filled length
media: iris: Skip destroying internal buffer if not dequeued
media: iris: Skip flush on first sequence change
media: iris: Track flush responses to prevent premature completion
media: iris: Update CAPTURE format info based on OUTPUT format
media: iris: Verify internal buffer release on close
media: iris: Remove unnecessary re-initialization of flush completion
Dmitry Torokhov (1):
mfd: mt6397: Do not use generic name for keypad sub-devices
Dominique Martinet (1):
iov_iter: iterate_folioq: fix handling of offset >= folio size
Edward Adam Davis (1):
comedi: pcl726: Prevent invalid irq number
Emanuele Ghidoli (1):
arm64: dts: ti: k3-am62-verdin: Enable pull-ups on I2C buses
Eric Biggers (7):
lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap
lib/crypto: arm/poly1305: Fix register corruption in no-SIMD contexts
lib/crypto: arm64/poly1305: Fix register corruption in no-SIMD contexts
crypto: x86/aegis - Fix sleeping when disallowed on PREEMPT_RT
crypto: x86/aegis - Add missing error checks
ipv6: sr: Fix MAC comparison to be constant-time
crypto: acomp - Fix CFI failure due to type punning
Evgeniy Harchenko (1):
ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6
Fanhua Li (1):
drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor().
Filipe Manana (5):
btrfs: always abort transaction on failure to add block group to free space tree
btrfs: abort transaction on unexpected eb generation at btrfs_copy_root()
btrfs: reorganize logic at free_extent_buffer() for better readability
btrfs: add comment for optimization in free_extent_buffer()
btrfs: use refcount_t type for the extent buffer reference counter
Finn Thain (1):
m68k: Fix lost column on framebuffer debug console
Florian Westphal (1):
netfilter: nf_reject: don't leak dst refcount for loopback packets
Frank Min (1):
drm/amdgpu: add kicker fws loading for gfx12/smu14/psp14
Gabor Juhos (3):
mtd: spinand: propagate spinand_wait() errors from spinand_write_page()
spi: spi-qpic-snand: use correct CW_PER_PAGE value for OOB write
spi: spi-qpic-snand: fix calculating of ECC OOB regions' properties
Gang Ba (1):
drm/amdgpu: Avoid extra evict-restore process.
Geert Uytterhoeven (1):
erofs: Do not select tristate symbols from bool symbols
Geliang Tang (2):
mptcp: remove duplicate sk_reset_timer call
mptcp: disable add_addr retransmission when timeout is 0
Geraldo Nascimento (2):
PCI: rockchip: Use standard PCIe definitions
PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining
Giovanni Cabiddu (2):
crypto: qat - lower priority for skcipher and aead algorithms
crypto: qat - flush misc workqueue during device shutdown
Greg Kroah-Hartman (1):
Linux 6.16.4
Gui-Dong Han (1):
media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
Hangbin Liu (2):
bonding: update LACP activity flag after setting lacp_active
bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU
Hans Verkuil (1):
media: vivid: fix wrong pixel_array control size
Hans de Goede (1):
media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls
Haoxiang Li (1):
media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init()
Hariprasad Kelam (1):
Octeontx2-af: Skip overlap check for SPI field
Harshal Gohel (1):
i2c: rtl9300: Fix multi-byte I2C write
Heikki Krogerus (1):
usb: dwc3: pci: add support for the Intel Wildcat Lake
Heiko Carstens (1):
s390/mm: Do not map lowcore with identity mapping
Helge Deller (2):
Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()"
apparmor: Fix 8-byte alignment for initial dfa blob streams
Herbert Xu (1):
crypto: hash - Increase HASH_MAX_DESCSIZE for hmac(sha3-224-s390)
Herton R. Krzesinski (1):
mm/debug_vm_pgtable: clear page table entries at destroy_args()
Hong Guan (1):
arm64: dts: ti: k3-am62a7-sk: fix pinmux for main_uart1
Horatiu Vultur (1):
phy: mscc: Fix timestamping for vsc8584
Ian Abbott (2):
comedi: Make insn_rw_emulate_bits() do insn->n samples
comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()
Ido Schimmel (1):
mlxsw: spectrum: Forward packets with an IPv4 link-local source IP
Igor Pylypiv (1):
ata: libata-scsi: Fix CDL control
Imre Deak (6):
drm/i915/lnl+/tc: Fix handling of an enabled/disconnected dp-alt sink
drm/i915/icl+/tc: Cache the max lane count value
drm/i915/lnl+/tc: Fix max lane count HW readout
drm/i915/lnl+/tc: Use the cached max lane count value
drm/i915/icl+/tc: Convert AUX powered WARN to a debug message
drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS
JP Kobryn (1):
cgroup: avoid null de-ref in css_rstat_exit()
Jacopo Mondi (1):
media: pisp_be: Fix pm_runtime underrun in probe
Jakub Acs (1):
net, hsr: reject HSR frame if skb can't hold tag
Jakub Kicinski (1):
tls: fix handling of zero-length records on the rx_list
Jakub Ramaseuski (1):
net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM
Jan Beulich (1):
compiler: remove __ADDRESSABLE_ASM{_STR,}() again
Jan Kara (1):
iomap: Fix broken data integrity guarantees for O_SYNC writes
Jani Nikula (1):
drm/i915: silence rpm wakeref asserts on GEN11_GU_MISC_IIR access
Jann Horn (1):
kasan/test: fix protection against compiler elision
Jason Gunthorpe (1):
iommu: Remove ops.pgsize_bitmap from drivers that don't use it
Jason Xing (1):
ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc
Jean-Baptiste Maneyrol (1):
iio: imu: inv_icm42600: change invalid data error to -EBUSY
Jedrzej Jagielski (2):
devlink: let driver opt out of automatic phys_port_name generation
ixgbe: prevent from unwanted interface name changes
Jens Axboe (1):
io_uring/futex: ensure io_futex_wait() cleans up properly on failure
Jialin Wang (1):
proc: proc_maps_open allow proc_mem_open to return NULL
Jiande Lu (1):
Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown
Jiayi Li (1):
memstick: Fix deadlock by moving removing flag earlier
Jinjiang Tu (1):
mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn
Jiwei Sun (1):
PCI: Fix link speed calculation on retrain failure
Jocelyn Falempe (1):
drm/panic: Add a u64 divide by 10 for arm32
Johan Hovold (10):
usb: gadget: udc: renesas_usb3: fix device leak at unbind
usb: musb: omap2430: fix device leak at unbind
usb: dwc3: meson-g12a: fix device leaks at unbind
usb: dwc3: imx8mp: fix device leak at unbind
wifi: ath12k: fix dest ring-buffer corruption
wifi: ath12k: fix source ring-buffer corruption
wifi: ath12k: fix dest ring-buffer corruption when ring is full
wifi: ath11k: fix dest ring-buffer corruption
wifi: ath11k: fix source ring-buffer corruption
wifi: ath11k: fix dest ring-buffer corruption when ring is full
John David Anglin (8):
parisc: Check region is readable by user in raw_copy_from_user()
parisc: Define and use set_pte_at()
parisc: Drop WARN_ON_ONCE() from flush_cache_vmap
parisc: Rename pte_needs_flush() to pte_needs_cache_flush() in cache.c
parisc: Revise __get_user() to probe user read access
parisc: Revise gateway LWS calls to probe user read access
parisc: Try to fixup kernel exception in bad_area_nosemaphore path of do_page_fault()
parisc: Update comments in make_insert_tlb
John Ernberg (1):
crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP
Jon Hunter (1):
soc/tegra: pmc: Ensure power-domains are in a known state
Jonathan Cameron (1):
iio: light: as73211: Ensure buffer holes are zeroed
Jordan Rhee (1):
gve: prevent ethtool ops after shutdown
Jorge Ramirez-Ortiz (2):
media: venus: hfi: explicitly release IRQ during teardown
media: venus: protect against spurious interrupts during probe
José Expósito (2):
drm/tests: Fix endian warning
drm/tests: Fix drm_test_fb_xrgb8888_to_xrgb2101010() on big-endian
Judith Mendez (3):
arm64: dts: ti: k3-am62-main: Remove eMMC High Speed DDR support
arm64: dts: ti: k3-am62*: Move eMMC pinmux to top level board file
mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1
Julian Sun (1):
block: restore default wbt enablement
Junxian Huang (1):
RDMA/hns: Fix dip entries leak on devices newer than hip09
Justin Lai (1):
rtase: Fix Rx descriptor CRC error bit definition
Kalesh AP (1):
RDMA/bnxt_re: Fix a possible memory leak in the driver
Kanglong Wang (1):
LoongArch: Optimize module load time by optimizing PLT/GOT counting
Kashyap Desai (2):
RDMA/bnxt_re: Fix to do SRQ armena by default
RDMA/bnxt_re: Fix to remove workload check in SRQ limit path
Kathiravan Thirumoorthy (2):
phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence
i2c: qcom-geni: fix I2C frequency table to achieve accurate bus rates
Kaustabh Chakraborty (3):
arm64: dts: exynos7870-j6lte: reduce memory ranges to base amount
arm64: dts: exynos7870: add quirk to disable USB2 LPM in gadget mode
arm64: dts: exynos7870-on7xelte: reduce memory ranges to base amount
Kees Cook (1):
iommu/amd: Avoid stack buffer overflow from kernel cmdline
Konrad Dybcio (1):
media: venus: Fix MSM8998 frequency table
Krzysztof Kozlowski (2):
dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints
dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints
Kuen-Han Tsai (1):
usb: dwc3: Ignore late xferNotReady event to prevent halt timeout
Kyoji Ogasawara (3):
btrfs: fix incorrect log message for nobarrier mount option
btrfs: restore mount option info messages during mount
btrfs: fix printing of mount info messages for NODATACOW/NODATASUM
Laurentiu Mihalcea (1):
pwm: imx-tpm: Reset counter if CMOD is 0
Lauri Tirkkonen (1):
drm/amd/display: fix initial backlight brightness calculation
Leo Martins (1):
btrfs: fix subpage deadlock in try_release_subpage_extent_buffer()
Li Nan (1):
md: rename recovery_cp to resync_offset
Liao Yuanhong (1):
ext4: use kmalloc_array() for array space allocation
Lijo Lazar (2):
drm/amdgpu: Update external revid for GC v9.5.0
drm/amdgpu: Update supported modes for GC v9.5.0
Liu01 Tong (1):
drm/amdgpu: fix task hang from failed job submission during process kill
Lorenzo Bianconi (1):
net: airoha: ppe: Do not invalid PPE entries in case of SW hash collision
Ludwig Disterhof (1):
media: usbtv: Lock resolution while streaming
Luiz Augusto von Dentz (4):
Bluetooth: hci_sync: Fix scan state after PA Sync has been established
Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings
Bluetooth: hci_core: Fix using ll_privacy_capable for current settings
Bluetooth: hci_core: Fix not accounting for BIS/CIS/PA links separately
Lukas Wunner (1):
PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge
MD Danish Anwar (1):
net: ti: icssg-prueth: Fix HSR and switch offload Enablement during firwmare reload.
Macpaul Lin (1):
scsi: dt-bindings: mediatek,ufs: Add ufs-disable-mcq flag for UFS host
Mael GUERIN (1):
USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera
Marek Szyprowski (1):
zynq_fpga: use sgtable-based scatterlist wrappers
Marek Vasut (1):
usb: renesas-xhci: Fix External ROM access timeouts
Mario Limonciello (5):
drm/amd: Restore cached power limit during resume
drm/amd/display: Pass up errors for reset GPU that fails to init HW
drm/amd/display: Revert "drm/amd/display: Fix AMDGPU_MAX_BL_LEVEL value"
drm/amd/display: Avoid a NULL pointer dereference
drm/amd: Restore cached manual clock settings during resume
Masami Hiramatsu (Google) (1):
tracing: fprobe-event: Sanitize wildcard for fprobe event name
Mathis Foerst (1):
media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval
Matthieu Baerts (NGI0) (4):
mptcp: pm: kernel: flush: do not reset ADD_ADDR limit
selftests: mptcp: pm: check flush doesn't reset limits
selftests: mptcp: connect: fix C23 extension warning
selftests: mptcp: sockopt: fix C23 extension warning
Matti Vaittinen (1):
iio: adc: bd79124: Add GPIOLIB dependency
Miao Li (1):
usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive
Miaoqian Lin (1):
most: core: Drop device reference after usage in get_channel()
Michael Chan (1):
bnxt_en: Fix lockdep warning during rmmod
Michael Walle (1):
mtd: spi-nor: Fix spi_nor_try_unlock_all()
Michel Dänzer (1):
drm/amd/display: Add primary plane to commits for correct VRR handling
Miguel Ojeda (3):
rust: faux: fix C header link
drm: nova-drm: fix 32-bit arm build
rust: alloc: fix `rusttest` by providing `Cmalloc::aligned_layout` too
Ming Lei (1):
blk-mq: fix lockdep warning in __blk_mq_update_nr_hw_queues
Minhong He (1):
ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add
Muhammad Usama Anjum (1):
ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context
Myrrh Periwinkle (2):
vt: keyboard: Don't process Unicode characters in K_OFF mode
vt: defkeymap: Map keycodes above 127 to K_HOLE
Namjae Jeon (1):
ksmbd: extend the connection limiting mechanism to support IPv6
Naohiro Aota (3):
btrfs: zoned: fix write time activation failure for metadata block group
btrfs: subpage: keep TOWRITE tag until folio is cleaned
btrfs: zoned: fix data relocation block group reservation
Nathan Chancellor (3):
usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init()
wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table()
drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram()
NeilBrown (1):
ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp()
Nick Chan (1):
arm64: dts: apple: t8012-j132: Include touchbar framebuffer node
Nicolas Dufresne (1):
media: verisilicon: Fix AV1 decoder clock frequency
Nicolin Chen (1):
iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement
Niklas Cassel (1):
PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up
Niklas Neronin (1):
usb: xhci: fix host not responding after suspend and resume
Nilay Shroff (6):
block: move elevator queue allocation logic into blk_mq_init_sched
block: fix lockdep warning caused by lock dependency in elv_iosched_store
block: fix potential deadlock while running nr_hw_queue update
block: decrement block_rq_qos static key in rq_qos_del()
block: skip q->rq_qos check in rq_qos_done_bio()
block: avoid cpu_hotplug_lock depedency on freeze_lock
Nitin Gote (1):
iosys-map: Fix undefined behavior in iosys_map_clear()
Nitin Rawat (1):
scsi: ufs: ufs-qcom: Fix ESI null pointer dereference
Ojaswin Mujoo (2):
ext4: fix fsmap end of range reporting with bigalloc
ext4: fix reserved gdt blocks handling in fsmap
Oren Sidi (1):
net/mlx5: Add IFC bits and enums for buf_ownership
Parthiban Veerasooran (2):
microchip: lan865x: fix missing netif_start_queue() call on device open
microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1
Pasha Tatashin (3):
kho: init new_physxa->phys_bits to fix lockdep
kho: mm: don't allow deferred struct page with KHO
kho: warn if KHO is disabled due to an error
Pauli Virtanen (1):
Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established
Peng Fan (1):
regulator: pca9450: Use devm_register_sys_off_handler
Peter Griffin (1):
arm64: dts: exynos: gs101: ufs: add dma-coherent property
Peter Oberparleiter (3):
s390/sclp: Fix SCCB present check
s390/hypfs: Avoid unnecessary ioctl registration in debugfs
s390/hypfs: Enable limited access during lockdown
Peter Shkenev (1):
drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities
Phillip Lougher (1):
squashfs: fix memory leak in squashfs_fill_super
Piotr Piórkowski (2):
drm/xe: Assign ioctl xe file handler to vm in xe_vm_create
drm/xe: Move ASID allocation and user PT BO tracking into xe_vm_create
Pu Lehui (1):
tracing: Limit access to parser->buffer when trace_get_user failed
Qianfeng Rong (1):
drm/nouveau/gsp: fix mismatched alloc/free for kvmalloc()
Qingfang Deng (2):
net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path
ppp: fix race conditions in ppp_fill_forward_path
Qu Wenruo (2):
btrfs: add comments on the extra btrfs specific subpage bitmaps
btrfs: rename btrfs_subpage structure
Rafael J. Wysocki (2):
PM: runtime: Take active children into account in pm_runtime_get_if_in_use()
cpuidle: governors: menu: Avoid selecting states with too much latency
Randy Dunlap (1):
parisc: Makefile: explain that 64BIT requires both 32-bit and 64-bit compilers
Ranjan Kumar (3):
scsi: mpi3mr: Fix race between config read submit and interrupt completion
scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers
scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems
Ricardo Ribalda (2):
media: venus: vdec: Clamp param smaller than 1fps and bigger than 240.
media: venus: venc: Clamp param smaller than 1fps and bigger than 240
Richard Fitzgerald (1):
ASoC: cs35l56: Handle new algorithms IDs for CS35L63
Richard Zhu (4):
PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features
PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features
PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset
PCI: imx6: Delay link start until configfs 'start' written
Robin Murphy (1):
iommu/virtio: Make instance lookup robust
Sai Krishna Potthuri (1):
mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up
Sakari Ailus (2):
media: ipu6: isys: Use correct pads for xlate_streams()
media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free()
Salah Triki (1):
iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe()
Sam Edwards (1):
arm64: dts: rockchip: Remove workaround that prevented Turing RK1 GPU power regulator control
Sang-Heon Jeon (2):
mm/damon/core: fix commit_ops_filters by using correct nth function
mm/damon/core: fix damos_commit_filter not changing allow
Sebastian Andrzej Siewior (1):
kcov, usb: Don't disable interrupts in kcov_remote_start_usb_softirq()
Sebastian Brzezinka (1):
drm/i915/gt: Relocate compression repacking WA for JSL/EHL
Selvarasu Ganesan (1):
usb: dwc3: Remove WARN_ON for device endpoint command timeouts
SeongJae Park (1):
mm/damon/ops-common: ignore migration request to invalid nodes
Sergey Shtylyov (1):
Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync()
Simon Richter (1):
Mark xe driver as BROKEN if kernel page size is not 4kB
Siyang Liu (1):
drm/amd/display: fix a Null pointer dereference vulnerability
Song Gao (1):
LoongArch: KVM: Use kvm_get_vcpu_by_id() instead of kvm_get_vcpu()
Srinivas Pandruvada (1):
platform/x86/intel-uncore-freq: Check write blocked for ELC
Stefan Binding (2):
ASoC: cs35l56: Update Firmware Addresses for CS35L63 for production silicon
ASoC: cs35l56: Remove SoundWire Clock Divider workaround for CS35L63
Stefan Metzmacher (1):
smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()
Stefan Wahren (1):
spi: spi-fsl-lpspi: Clamp too high speed_hz
Steven Rostedt (2):
ftrace: Also allocate and copy hash for reading of filter files
tracing: Remove unneeded goto out logic
Suma Hegde (1):
platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL
Suraj Gupta (1):
net: xilinx: axienet: Fix RX skb ring management in DMAengine mode
Sven Eckelmann (2):
i2c: rtl9300: Increase timeout for transfer polling
i2c: rtl9300: Add missing count byte for SMBus Block Ops
Takashi Iwai (2):
ALSA: hda: tas2781: Fix wrong reference of tasdevice_priv
ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation
Theodore Ts'o (1):
ext4: don't try to clear the orphan_present feature block device is r/o
Thomas Bertschinger (1):
fhandle: do_handle_open() should get FD with user flags
Thomas Fourier (2):
mtd: rawnand: fsmc: Add missing check after DMA map
mtd: rawnand: renesas: Add missing check after DMA map
Thomas Hellström (1):
drm/xe: Defer buffer object shrinker write-backs and GPU waits
Thomas Weißschuh (1):
kbuild: userprogs: use correct linker when mixing clang and GNU ld
Thomas Zimmermann (1):
drm/tests: Do not use drm_fb_blit() in format-helper tests
Thorsten Blum (3):
accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc()
cdx: Fix off-by-one error in cdx_rpmsg_probe()
usb: storage: realtek_cr: Use correct byte order for bcs->Residue
Tianxiang Peng (1):
x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper
Tiezhu Yang (2):
objtool/LoongArch: Get table size correctly if LTO is enabled
LoongArch: Pass annotate-tablejump option if LTO is enabled
Tim Harvey (1):
hwmon: (gsc-hwmon) fix fan pwm setpoint show functions
Timur Kristóf (9):
drm/amd/display: Fix DCE 6.0 and 6.4 PLL programming.
drm/amd/display: Don't overwrite dce60_clk_mgr
drm/amd/display: Don't overclock DCE 6 by 15%
drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3
drm/amd/display: Fix DP audio DTO1 clock source on DCE 6.
drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs
drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs
drm/amd/display: Adjust DCE 8-10 clock, don't overclock by 15%
drm/amd/display: Don't print errors for nonexistent connectors
Tom Chung (1):
drm/amd/display: Fix Xorg desktop unresponsive on Replay panel
Tristram Ha (1):
net: dsa: microchip: Fix KSZ9477 HSR port setup issue
Trond Myklebust (1):
NFS: Fix a race when updating an existing write
Tzung-Bi Shih (1):
platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister()
Uwe Kleine-König (3):
pwm: mediatek: Handle hardware enable and clock enable separately
pwm: mediatek: Fix duty and period setting
ACPI: APEI: EINJ: Fix resource leak by remove callback in .exit.text
ValdikSS (1):
igc: fix disabling L1.2 PCI-E link substate on I226 on init
Vedang Nagar (1):
media: venus: Add a check for packet size after reading from shared memory
Victor Shih (3):
mmc: sdhci-pci-gli: Add a new function to simplify the code
mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER
mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency
Vlad Dogaru (1):
net/mlx5: CT: Use the correct counter offset
Vladimir Zapolskiy (1):
media: qcom: camss: cleanup media device allocated resource on error path
Vodapalli, Ravi Kumar (1):
drm/xe/bmg: Add one additional PCI ID
Waiman Long (2):
cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key
cgroup/cpuset: Fix a partition error with CPU hotplug
Wang Liang (1):
net: bridge: fix soft lockup in br_multicast_query_expired()
Weitao Wang (1):
usb: xhci: Fix slot_id resource race conflict
Will Deacon (2):
vsock/virtio: Validate length in packet header before skb_put()
vhost/vsock: Avoid allocating arbitrarily-sized SKBs
William Liu (3):
net/sched: Fix backlog accounting in qdisc_dequeue_internal
net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate
Xaver Hugl (1):
amdgpu/amdgpu_discovery: increase timeout limit for IFWI init
XianLiang Huang (1):
iommu/riscv: prevent NULL deref in iova_to_phys
Xu Yang (1):
usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test
Xu Yilun (1):
fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable()
Yang Li (2):
Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF
Bluetooth: Add PA_LINK to distinguish BIG sync and PA sync connections
Yang Wang (1):
drm/amd/amdgpu: fix missing lock for cper.ring->rptr/wptr access
Yao Zi (1):
net: stmmac: thead: Enable TX clock before MAC initialization
Yazen Ghannam (1):
x86/CPU/AMD: Ignore invalid reset reason value
Ye Bin (1):
fs/buffer: fix use-after-free when call bh_read() helper
Yevgeny Kliteynik (2):
net/mlx5: HWS, fix bad parameter in CQ creation
net/mlx5: HWS, fix complex rules rehash error flow
Youssef Samir (1):
bus: mhi: host: Detect events pointing to unexpected TREs
YuanShang (1):
drm/amdgpu: Retain job->vm in amdgpu_job_prepare_job
Yuichiro Tsuji (1):
net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization
Yunhui Cui (1):
serial: 8250: fix panic due to PSLVERR
Yuntao Wang (1):
fs: fix incorrect lflags value in the move_mount syscall
Zenm Chen (1):
USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles
Zhang Shurong (1):
media: ov2659: Fix memory leaks in ov2659_probe()
Zhang Yi (1):
ext4: fix hole length calculation overflow in non-extent inodes
Zheng Qixing (2):
md: add helper rdev_needs_recovery()
md: fix sync_action incorrect display during resync
Zhu Yanjun (1):
RDMA/rxe: Flush delayed SKBs while releasing RXE resources
Ziyan Xu (1):
ksmbd: fix refcount leak causing resource not released
wenglianfa (1):
RDMA/hns: Fix querying wrong SCC context for DIP algorithm
2 weeks, 1 day
- 1
- 1
Linux 6.12.44
by Greg Kroah-Hartman
I'm announcing the release of the 6.12.44 kernel.
All users of the 6.12 kernel series must upgrade.
The updated 6.12.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/devicetree/bindings/display/sprd/sprd,sharkl3-dpu.yaml | 2
Documentation/devicetree/bindings/display/sprd/sprd,sharkl3-dsi-host.yaml | 2
Documentation/devicetree/bindings/ufs/mediatek,ufs.yaml | 4
Documentation/networking/mptcp-sysctl.rst | 2
Makefile | 4
arch/arm64/boot/dts/exynos/google/gs101.dtsi | 1
arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts | 36 +
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1
arch/arm64/boot/dts/ti/k3-am62-phycore-som.dtsi | 1
arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 12
arch/arm64/boot/dts/ti/k3-am625-beagleplay.dts | 2
arch/arm64/boot/dts/ti/k3-am625-sk.dts | 24
arch/arm64/boot/dts/ti/k3-am62a-phycore-som.dtsi | 1
arch/arm64/boot/dts/ti/k3-am62a7-sk.dts | 7
arch/arm64/boot/dts/ti/k3-am62p5-sk.dts | 2
arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi | 24
arch/arm64/boot/dts/ti/k3-am642-evm.dts | 1
arch/arm64/boot/dts/ti/k3-am654-base-board.dts | 1
arch/arm64/boot/dts/ti/k3-am6548-iot2050-advanced-common.dtsi | 1
arch/arm64/boot/dts/ti/k3-am69-sk.dts | 1
arch/arm64/boot/dts/ti/k3-pinctrl.h | 15
arch/loongarch/kernel/module-sections.c | 36 -
arch/loongarch/kvm/vcpu.c | 8
arch/m68k/kernel/head.S | 31
arch/mips/crypto/chacha-core.S | 20
arch/parisc/Makefile | 4
arch/parisc/include/asm/pgtable.h | 7
arch/parisc/include/asm/special_insns.h | 28
arch/parisc/include/asm/uaccess.h | 21
arch/parisc/kernel/cache.c | 6
arch/parisc/kernel/entry.S | 17
arch/parisc/kernel/syscall.S | 30
arch/parisc/lib/memcpy.c | 19
arch/parisc/mm/fault.c | 4
arch/powerpc/boot/Makefile | 1
arch/s390/boot/vmem.c | 3
arch/s390/hypfs/hypfs_dbfs.c | 19
arch/x86/coco/sev/shared.c | 3
arch/x86/include/asm/xen/hypercall.h | 5
arch/x86/kernel/cpu/hygon.c | 3
arch/x86/kvm/mmu/mmu.c | 10
drivers/accel/habanalabs/gaudi2/gaudi2.c | 2
drivers/acpi/pfr_update.c | 2
drivers/ata/Kconfig | 36 -
drivers/ata/libata-scsi.c | 58 -
drivers/base/power/runtime.c | 27
drivers/bluetooth/btmtk.c | 7
drivers/bus/mhi/host/boot.c | 8
drivers/bus/mhi/host/internal.h | 4
drivers/bus/mhi/host/main.c | 12
drivers/cdx/controller/cdx_rpmsg.c | 3
drivers/comedi/comedi_fops.c | 5
drivers/comedi/drivers.c | 23
drivers/comedi/drivers/pcl726.c | 3
drivers/cpufreq/armada-8k-cpufreq.c | 2
drivers/cpuidle/governors/menu.c | 101 --
drivers/crypto/caam/ctrl.c | 5
drivers/crypto/caam/intern.h | 1
drivers/crypto/intel/qat/qat_common/adf_common_drv.h | 1
drivers/crypto/intel/qat/qat_common/adf_init.c | 1
drivers/crypto/intel/qat/qat_common/adf_isr.c | 5
drivers/crypto/intel/qat/qat_common/qat_algs.c | 12
drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h | 125 ++-
drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 35
drivers/fpga/zynq-fpga.c | 10
drivers/gpu/drm/Kconfig | 5
drivers/gpu/drm/Makefile | 1
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5
drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 76 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6
drivers/gpu/drm/amd/amdgpu/imu_v12_0.c | 2
drivers/gpu/drm/amd/amdgpu/mmhub_v3_0_1.c | 57 -
drivers/gpu/drm/amd/amdgpu/mmhub_v4_1_0.c | 34
drivers/gpu/drm/amd/amdgpu/soc15.c | 2
drivers/gpu/drm/amd/amdkfd/kfd_module.c | 2
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 28
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2
drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 5
drivers/gpu/drm/amd/display/dc/bios/command_table.c | 2
drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 1
drivers/gpu/drm/amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 2
drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 -
drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31
drivers/gpu/drm/amd/display/dc/core/dc.c | 34
drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3
drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6
drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 30
drivers/gpu/drm/display/drm_dp_helper.c | 2
drivers/gpu/drm/drm_draw.c | 155 ++++
drivers/gpu/drm/drm_draw_internal.h | 56 +
drivers/gpu/drm/drm_format_helper.c | 234 ++++--
drivers/gpu/drm/drm_format_internal.h | 127 +++
drivers/gpu/drm/drm_panic.c | 269 -------
drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c | 4
drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.h | 17
drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_i2c.c | 46 -
drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_vdac.c | 29
drivers/gpu/drm/i915/display/intel_tc.c | 58 +
drivers/gpu/drm/nouveau/nvif/vmm.c | 3
drivers/gpu/drm/tests/drm_format_helper_test.c | 176 ++--
drivers/gpu/drm/xe/Kconfig | 1
drivers/hwmon/gsc-hwmon.c | 4
drivers/iio/adc/ad7173.c | 3
drivers/iio/adc/ad_sigma_delta.c | 4
drivers/iio/imu/bno055/bno055.c | 11
drivers/iio/imu/inv_icm42600/inv_icm42600.h | 8
drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 33
drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c | 22
drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h | 10
drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 6
drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 43 -
drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 12
drivers/iio/light/adjd_s311.c | 2
drivers/iio/light/as73211.c | 4
drivers/iio/light/bh1745.c | 2
drivers/iio/light/isl29125.c | 2
drivers/iio/light/ltr501.c | 2
drivers/iio/light/max44000.c | 2
drivers/iio/light/rohm-bu27034.c | 2
drivers/iio/light/rpr0521.c | 2
drivers/iio/light/st_uvis25.h | 2
drivers/iio/light/tcs3414.c | 2
drivers/iio/light/tcs3472.c | 2
drivers/iio/pressure/bmp280-core.c | 9
drivers/iio/proximity/isl29501.c | 16
drivers/iio/temperature/maxim_thermocouple.c | 26
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8
drivers/infiniband/hw/bnxt_re/main.c | 23
drivers/infiniband/hw/bnxt_re/qplib_fp.c | 30
drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2
drivers/infiniband/hw/bnxt_re/qplib_res.c | 2
drivers/infiniband/hw/erdma/erdma_verbs.c | 4
drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 6
drivers/infiniband/hw/hns/hns_roce_restrack.c | 9
drivers/infiniband/sw/rxe/rxe_net.c | 29
drivers/infiniband/sw/rxe/rxe_qp.c | 2
drivers/iommu/amd/init.c | 4
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2
drivers/md/dm-crypt.c | 49 +
drivers/md/dm.c | 17
drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3
drivers/media/i2c/hi556.c | 26
drivers/media/i2c/mt9m114.c | 8
drivers/media/i2c/ov2659.c | 3
drivers/media/pci/intel/ipu6/ipu6-isys-csi2.c | 12
drivers/media/pci/intel/ivsc/mei_ace.c | 2
drivers/media/pci/intel/ivsc/mei_csi.c | 2
drivers/media/platform/qcom/camss/camss.c | 4
drivers/media/platform/qcom/venus/core.c | 18
drivers/media/platform/qcom/venus/core.h | 2
drivers/media/platform/qcom/venus/hfi_venus.c | 5
drivers/media/platform/qcom/venus/vdec.c | 5
drivers/media/platform/qcom/venus/venc.c | 5
drivers/media/platform/raspberrypi/pisp_be/Kconfig | 1
drivers/media/platform/raspberrypi/pisp_be/pisp_be.c | 5
drivers/media/platform/verisilicon/rockchip_vpu_hw.c | 9
drivers/media/test-drivers/vivid/vivid-ctrls.c | 3
drivers/media/test-drivers/vivid/vivid-vid-cap.c | 4
drivers/media/usb/gspca/vicam.c | 10
drivers/media/usb/usbtv/usbtv-video.c | 4
drivers/media/v4l2-core/v4l2-ctrls-core.c | 1
drivers/memstick/core/memstick.c | 1
drivers/memstick/host/rtsx_usb_ms.c | 1
drivers/mmc/host/sdhci-pci-gli.c | 37 -
drivers/mmc/host/sdhci_am654.c | 18
drivers/most/core.c | 2
drivers/mtd/nand/raw/fsmc_nand.c | 2
drivers/mtd/nand/raw/renesas-nand-controller.c | 6
drivers/mtd/nand/spi/core.c | 5
drivers/mtd/spi-nor/swp.c | 19
drivers/net/bonding/bond_3ad.c | 67 +
drivers/net/bonding/bond_options.c | 1
drivers/net/can/ti_hecc.c | 2
drivers/net/dsa/microchip/ksz_common.c | 6
drivers/net/ethernet/google/gve/gve_main.c | 2
drivers/net/ethernet/intel/igc/igc_main.c | 14
drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4
drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c | 4
drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 2
drivers/net/ethernet/mellanox/mlx5/core/en/dcbnl.h | 1
drivers/net/ethernet/mellanox/mlx5/core/en/port_buffer.c | 18
drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 12
drivers/net/ethernet/mellanox/mlx5/core/esw/devlink_port.c | 4
drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h | 87 ++
drivers/net/ethernet/mellanox/mlx5/core/port.c | 40 -
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2
drivers/net/ethernet/mellanox/mlxsw/trap.h | 1
drivers/net/ethernet/microchip/lan865x/lan865x.c | 21
drivers/net/ethernet/realtek/rtase/rtase.h | 2
drivers/net/ethernet/ti/icssg/icssg_prueth.c | 72 +-
drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 8
drivers/net/phy/mscc/mscc.h | 12
drivers/net/phy/mscc/mscc_main.c | 12
drivers/net/phy/mscc/mscc_ptp.c | 49 +
drivers/net/ppp/ppp_generic.c | 17
drivers/net/usb/asix_devices.c | 2
drivers/net/wireless/ath/ath11k/ce.c | 3
drivers/net/wireless/ath/ath11k/dp_rx.c | 3
drivers/net/wireless/ath/ath11k/hal.c | 33
drivers/net/wireless/ath/ath12k/ce.c | 3
drivers/net/wireless/ath/ath12k/hal.c | 38 -
drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2
drivers/pci/controller/dwc/pci-imx6.c | 32
drivers/pci/controller/pcie-rockchip-host.c | 49 -
drivers/pci/controller/pcie-rockchip.h | 11
drivers/pci/endpoint/pci-ep-cfs.c | 1
drivers/pci/endpoint/pci-epf-core.c | 2
drivers/pci/pcie/portdrv.c | 2
drivers/phy/qualcomm/phy-qcom-m31.c | 14
drivers/platform/chrome/cros_ec.c | 3
drivers/platform/x86/intel/uncore-frequency/uncore-frequency-tpmi.c | 5
drivers/pwm/pwm-imx-tpm.c | 9
drivers/pwm/pwm-mediatek.c | 71 +
drivers/s390/char/sclp.c | 11
drivers/scsi/mpi3mr/mpi3mr.h | 6
drivers/scsi/mpi3mr/mpi3mr_fw.c | 17
drivers/scsi/mpi3mr/mpi3mr_os.c | 2
drivers/scsi/qla4xxx/ql4_os.c | 2
drivers/scsi/scsi_lib.c | 3
drivers/soc/qcom/mdt_loader.c | 43 +
drivers/soc/tegra/pmc.c | 51 -
drivers/spi/spi-fsl-lpspi.c | 8
drivers/staging/media/imx/imx-media-csc-scaler.c | 2
drivers/tty/serial/8250/8250_port.c | 3
drivers/tty/vt/defkeymap.c_shipped | 112 +++
drivers/tty/vt/keyboard.c | 2
drivers/ufs/host/ufs-exynos.c | 4
drivers/ufs/host/ufshcd-pci.c | 42 +
drivers/usb/atm/cxacru.c | 106 +-
drivers/usb/core/hcd.c | 20
drivers/usb/core/quirks.c | 1
drivers/usb/dwc3/dwc3-imx8mp.c | 7
drivers/usb/dwc3/dwc3-meson-g12a.c | 3
drivers/usb/dwc3/dwc3-pci.c | 2
drivers/usb/dwc3/ep0.c | 20
drivers/usb/dwc3/gadget.c | 19
drivers/usb/gadget/udc/renesas_usb3.c | 1
drivers/usb/host/xhci-hub.c | 3
drivers/usb/host/xhci-mem.c | 22
drivers/usb/host/xhci-pci-renesas.c | 7
drivers/usb/host/xhci-ring.c | 9
drivers/usb/host/xhci.c | 21
drivers/usb/host/xhci.h | 3
drivers/usb/musb/omap2430.c | 14
drivers/usb/storage/realtek_cr.c | 2
drivers/usb/storage/unusual_devs.h | 29
drivers/usb/typec/class.c | 7
drivers/usb/typec/tcpm/fusb302.c | 32
drivers/usb/typec/tcpm/maxim_contaminant.c | 58 +
drivers/usb/typec/tcpm/qcom/qcom_pmic_typec_pdphy.c | 3
drivers/usb/typec/tcpm/qcom/qcom_pmic_typec_pdphy_stub.c | 3
drivers/usb/typec/tcpm/qcom/qcom_pmic_typec_port.c | 4
drivers/usb/typec/tcpm/tcpci_maxim.h | 1
drivers/usb/typec/tcpm/tcpm.c | 7
drivers/vhost/vsock.c | 6
drivers/video/console/vgacon.c | 2
fs/btrfs/block-group.c | 59 -
fs/btrfs/ctree.c | 9
fs/btrfs/free-space-tree.c | 17
fs/btrfs/qgroup.c | 38 -
fs/btrfs/send.c | 359 +++++-----
fs/btrfs/subpage.c | 19
fs/btrfs/super.c | 13
fs/btrfs/transaction.c | 1
fs/btrfs/zoned.c | 13
fs/buffer.c | 2
fs/debugfs/inode.c | 11
fs/ext4/fsmap.c | 23
fs/ext4/indirect.c | 4
fs/ext4/inode.c | 2
fs/ext4/orphan.c | 5
fs/ext4/super.c | 8
fs/f2fs/node.c | 10
fs/file.c | 75 --
fs/jbd2/checkpoint.c | 1
fs/namespace.c | 34
fs/netfs/write_collect.c | 10
fs/netfs/write_issue.c | 4
fs/nfs/pagelist.c | 9
fs/nfs/write.c | 29
fs/overlayfs/copy_up.c | 2
fs/smb/client/smb2ops.c | 2
fs/smb/server/connection.c | 3
fs/smb/server/connection.h | 7
fs/smb/server/oplock.c | 13
fs/smb/server/transport_rdma.c | 5
fs/smb/server/transport_rdma.h | 4
fs/smb/server/transport_tcp.c | 26
fs/splice.c | 3
fs/squashfs/super.c | 14
fs/xfs/xfs_itable.c | 6
include/drm/drm_format_helper.h | 12
include/linux/call_once.h | 47 -
include/linux/compiler.h | 8
include/linux/iosys-map.h | 7
include/linux/iov_iter.h | 20
include/linux/kcov.h | 47 -
include/linux/mlx5/mlx5_ifc.h | 14
include/linux/mlx5/port.h | 85 --
include/linux/netfs.h | 1
include/linux/nfs_page.h | 1
include/net/bond_3ad.h | 1
include/uapi/linux/pfrut.h | 1
io_uring/futex.c | 3
io_uring/net.c | 27
kernel/cgroup/cpuset.c | 9
kernel/sched/ext.c | 18
kernel/trace/ftrace.c | 19
kernel/trace/trace.c | 34
kernel/trace/trace.h | 10
mm/damon/paddr.c | 4
mm/debug_vm_pgtable.c | 9
mm/filemap.c | 3
mm/memory-failure.c | 8
net/bluetooth/hci_conn.c | 3
net/bluetooth/hci_event.c | 8
net/bluetooth/hci_sync.c | 19
net/bridge/br_multicast.c | 16
net/bridge/br_private.h | 2
net/core/dev.c | 12
net/hsr/hsr_slave.c | 8
net/ipv4/netfilter/nf_reject_ipv4.c | 6
net/ipv6/netfilter/nf_reject_ipv6.c | 5
net/ipv6/seg6_hmac.c | 6
net/mptcp/options.c | 6
net/mptcp/pm_netlink.c | 19
net/sched/sch_cake.c | 14
net/sched/sch_htb.c | 2
net/smc/af_smc.c | 3
net/tls/tls_sw.c | 7
net/vmw_vsock/virtio_transport.c | 12
rust/kernel/alloc/allocator.rs | 30
rust/kernel/alloc/allocator_test.rs | 11
security/apparmor/lsm.c | 4
sound/core/timer.c | 4
sound/pci/hda/patch_realtek.c | 2
sound/soc/sof/amd/acp-loader.c | 6
sound/usb/stream.c | 2
sound/usb/validate.c | 2
tools/testing/selftests/net/mptcp/pm_netlink.sh | 1
341 files changed, 3787 insertions(+), 2216 deletions(-)
Adrian Hunter (1):
scsi: ufs: ufs-pci: Fix default runtime and system PM levels
Al Viro (2):
use uniform permission checks for all mount propagation changes
alloc_fdtable(): change calling conventions.
Alex Deucher (4):
drm/amdgpu/discovery: fix fw based ip discovery
drm/amdgpu: update mmhub 3.0.1 client id mappings
drm/amdgpu: update mmhub 4.1.0 client id mappings
drm/amdgpu/swm14: Update power limit logic
Alexander Sverdlin (1):
arm64: dts: ti: k3-pinctrl: Enable Schmitt Trigger by default
Alexander Wilhelm (1):
bus: mhi: host: Fix endianness of BHI vector table
Alexei Lazar (1):
net/mlx5e: Query FW for buffer ownership
Amber Lin (1):
drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
Amit Sunil Dhamne (2):
usb: typec: maxim_contaminant: disable low power mode when reading comparator values
usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean
Anantha Prabhu (1):
RDMA/bnxt_re: Fix to initialize the PBL array
Andrea Righi (2):
sched/ext: Fix invalid task state transitions on class switch
sched_ext: initialize built-in idle state before ops.init()
Andreas Dilger (1):
ext4: check fast symlink for ea_inode correctly
André Draszik (1):
scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
Andy Shevchenko (1):
iio: imu: inv_icm42600: Convert to uXX and sXX integer types
Archana Patni (1):
scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers
Armen Ratner (1):
net/mlx5e: Preserve shared buffer capacity during headroom updates
Baihan Li (3):
drm/hisilicon/hibmc: refactored struct hibmc_drm_private
drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed
drm/hisilicon/hibmc: fix the hibmc loaded failed bug
Baokun Li (2):
jbd2: prevent softlockup in jbd2_log_do_checkpoint()
ext4: preserve SB_I_VERSION on remount
Bharat Bhushan (3):
crypto: octeontx2 - Fix address alignment issue on ucode loading
crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2
crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0
Bibo Mao (1):
LoongArch: KVM: Make function kvm_own_lbt() robust
Bingbu Cao (1):
media: hi556: correct the test pattern configuration
Bjorn Andersson (1):
soc: qcom: mdt_loader: Ensure we don't read past the ELF header
Boris Burkov (2):
btrfs: explicitly ref count block_group on new_bgs list
btrfs: codify pattern for adding block_group to bg_list
Boshi Yu (1):
RDMA/erdma: Fix ignored return value of init_kernel_qp
Chao Yu (1):
f2fs: fix to avoid out-of-boundary access in dnode page
Charalampos Mitrodimas (1):
debugfs: fix mount options not being applied
Chen Yu (1):
ACPI: pfr_update: Fix the driver update version check
Chenyuan Yang (1):
drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()
Chi Zhiling (1):
readahead: fix return value of page_cache_next_miss() when no hole is found
Christian Loehle (1):
cpuidle: menu: Remove iowait influence
Christoph Hellwig (1):
xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags
Christoph Paasch (1):
mptcp: drop skb if MPTCP skb extension allocation fails
D. Wythe (1):
net/smc: fix UAF on smcsk after smc_listen_out()
Damien Le Moal (7):
ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig
dm: dm-crypt: Do not partially accept write BIOs with zoned targets
dm: Check for forbidden splitting of zone write operations
ata: libata-scsi: Fix ata_to_sense_error() status handling
PCI: endpoint: Fix configfs group list head handling
PCI: endpoint: Fix configfs group removal on driver teardown
ata: libata-scsi: Return aborted command when missing sense and result TF
Dan Carpenter (5):
cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table()
media: gspca: Add bounds checking to firmware parser
soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()
scsi: qla4xxx: Prevent a potential error pointer dereference
ALSA: usb-audio: Fix size validation in convert_chmap_v3()
Daniel Jurgens (1):
net/mlx5: Base ECVF devlink port attrs from 0
Danilo Krummrich (1):
rust: alloc: replace aligned_size() with Kmalloc::aligned_layout()
David Howells (2):
netfs: Fix unbuffered write error handling
cifs: Fix oops due to uninitialised variable
David Lechner (6):
iio: imu: bno055: fix OOB access of hw_xlate array
iio: adc: ad_sigma_delta: change to buffer predisable
iio: adc: ad7173: fix setting ODR in probe
iio: proximity: isl29501: fix buffered read on big-endian systems
iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read()
iio: imu: inv_icm42600: use = { } instead of memset()
David Sterba (2):
btrfs: qgroup: drop unused parameter fs_info from __del_qgroup_rb()
btrfs: move transaction aborts to the error site in add_block_group_free_space()
Dewei Meng (1):
ALSA: timer: fix ida_free call while not allocated
Dominique Martinet (1):
iov_iter: iterate_folioq: fix handling of offset >= folio size
Edward Adam Davis (1):
comedi: pcl726: Prevent invalid irq number
Emanuele Ghidoli (1):
arm64: dts: ti: k3-am62-verdin: Enable pull-ups on I2C buses
Eric Biggers (2):
lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap
ipv6: sr: Fix MAC comparison to be constant-time
Evgeniy Harchenko (1):
ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6
Fanhua Li (1):
drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor().
Filipe Manana (10):
btrfs: qgroup: fix race between quota disable and quota rescan ioctl
btrfs: always abort transaction on failure to add block group to free space tree
btrfs: abort transaction on unexpected eb generation at btrfs_copy_root()
btrfs: send: factor out common logic when sending xattrs
btrfs: send: only use boolean variables at process_recorded_refs()
btrfs: send: add and use helper to rename current inode when processing refs
btrfs: send: keep the current inode's path cached
btrfs: send: avoid path allocation for the current inode when issuing commands
btrfs: send: use fallocate for hole punching with send stream v2
btrfs: send: make fs_path_len() inline and constify its argument
Finn Thain (1):
m68k: Fix lost column on framebuffer debug console
Florian Westphal (1):
netfilter: nf_reject: don't leak dst refcount for loopback packets
Frank Li (1):
PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support
Gabor Juhos (1):
mtd: spinand: propagate spinand_wait() errors from spinand_write_page()
Gang Ba (1):
drm/amdgpu: Avoid extra evict-restore process.
Geliang Tang (2):
mptcp: remove duplicate sk_reset_timer call
mptcp: disable add_addr retransmission when timeout is 0
Geraldo Nascimento (2):
PCI: rockchip: Use standard PCIe definitions
PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining
Giovanni Cabiddu (2):
crypto: qat - lower priority for skcipher and aead algorithms
crypto: qat - flush misc workqueue during device shutdown
Greg Kroah-Hartman (2):
Revert "can: ti_hecc: fix -Woverflow compiler warning"
Linux 6.12.44
Gui-Dong Han (1):
media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
Hangbin Liu (2):
bonding: update LACP activity flag after setting lacp_active
bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU
Hans Verkuil (1):
media: vivid: fix wrong pixel_array control size
Hans de Goede (1):
media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls
Haoxiang Li (1):
media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init()
Hariprasad Kelam (1):
Octeontx2-af: Skip overlap check for SPI field
Heikki Krogerus (1):
usb: dwc3: pci: add support for the Intel Wildcat Lake
Heiko Carstens (1):
s390/mm: Do not map lowcore with identity mapping
Helge Deller (2):
Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()"
apparmor: Fix 8-byte alignment for initial dfa blob streams
Herton R. Krzesinski (1):
mm/debug_vm_pgtable: clear page table entries at destroy_args()
Hong Guan (1):
arm64: dts: ti: k3-am62a7-sk: fix pinmux for main_uart1
Horatiu Vultur (1):
phy: mscc: Fix timestamping for vsc8584
Ian Abbott (2):
comedi: Make insn_rw_emulate_bits() do insn->n samples
comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()
Ido Schimmel (1):
mlxsw: spectrum: Forward packets with an IPv4 link-local source IP
Igor Pylypiv (1):
ata: libata-scsi: Fix CDL control
Imre Deak (3):
drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS
drm/i915/icl+/tc: Convert AUX powered WARN to a debug message
drm/i915/icl+/tc: Cache the max lane count value
Jacopo Mondi (1):
media: pisp_be: Fix pm_runtime underrun in probe
Jakub Acs (1):
net, hsr: reject HSR frame if skb can't hold tag
Jakub Kicinski (1):
tls: fix handling of zero-length records on the rx_list
Jakub Ramaseuski (1):
net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM
Jan Beulich (1):
compiler: remove __ADDRESSABLE_ASM{_STR,}() again
Jason Xing (1):
ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc
Jean-Baptiste Maneyrol (1):
iio: imu: inv_icm42600: change invalid data error to -EBUSY
Jens Axboe (2):
io_uring/net: commit partial buffers on retry
io_uring/futex: ensure io_futex_wait() cleans up properly on failure
Jiande Lu (1):
Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown
Jiayi Li (1):
memstick: Fix deadlock by moving removing flag earlier
Jinjiang Tu (1):
mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn
Jocelyn Falempe (1):
drm/panic: Move drawing functions to drm_draw
Johan Hovold (10):
usb: gadget: udc: renesas_usb3: fix device leak at unbind
usb: musb: omap2430: fix device leak at unbind
usb: dwc3: meson-g12a: fix device leaks at unbind
usb: dwc3: imx8mp: fix device leak at unbind
wifi: ath12k: fix dest ring-buffer corruption
wifi: ath12k: fix source ring-buffer corruption
wifi: ath12k: fix dest ring-buffer corruption when ring is full
wifi: ath11k: fix dest ring-buffer corruption
wifi: ath11k: fix source ring-buffer corruption
wifi: ath11k: fix dest ring-buffer corruption when ring is full
John David Anglin (8):
parisc: Check region is readable by user in raw_copy_from_user()
parisc: Define and use set_pte_at()
parisc: Drop WARN_ON_ONCE() from flush_cache_vmap
parisc: Rename pte_needs_flush() to pte_needs_cache_flush() in cache.c
parisc: Revise __get_user() to probe user read access
parisc: Revise gateway LWS calls to probe user read access
parisc: Try to fixup kernel exception in bad_area_nosemaphore path of do_page_fault()
parisc: Update comments in make_insert_tlb
John Ernberg (1):
crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP
Jon Hunter (1):
soc/tegra: pmc: Ensure power-domains are in a known state
Jonathan Cameron (3):
iio: light: Use aligned_s64 instead of open coding alignment.
iio: light: as73211: Ensure buffer holes are zeroed
iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64
Jordan Rhee (1):
gve: prevent ethtool ops after shutdown
Jorge Ramirez-Ortiz (2):
media: venus: hfi: explicitly release IRQ during teardown
media: venus: protect against spurious interrupts during probe
José Expósito (2):
drm/tests: Fix endian warning
drm/tests: Fix drm_test_fb_xrgb8888_to_xrgb2101010() on big-endian
Judith Mendez (6):
arm64: dts: ti: k3-am62-main: Remove eMMC High Speed DDR support
arm64: dts: ti: k3-am6*: Add boot phase flag to support MMC boot
arm64: dts: ti: k3-am62*: Add non-removable flag for eMMC
arm64: dts: ti: k3-am6*: Remove disable-wp for eMMC
arm64: dts: ti: k3-am62*: Move eMMC pinmux to top level board file
mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1
Junxian Huang (1):
RDMA/hns: Fix dip entries leak on devices newer than hip09
Justin Lai (1):
rtase: Fix Rx descriptor CRC error bit definition
Kalesh AP (1):
RDMA/bnxt_re: Fix a possible memory leak in the driver
Kanglong Wang (1):
LoongArch: Optimize module load time by optimizing PLT/GOT counting
Kashyap Desai (2):
RDMA/bnxt_re: Fix to do SRQ armena by default
RDMA/bnxt_re: Fix to remove workload check in SRQ limit path
Kathiravan Thirumoorthy (1):
phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence
Kees Cook (1):
iommu/amd: Avoid stack buffer overflow from kernel cmdline
Keith Busch (1):
kvm: retry nx_huge_page_recovery_thread creation
Kerem Karabay (1):
drm/format-helper: Add conversion from XRGB8888 to BGR888
Konrad Dybcio (1):
media: venus: Fix MSM8998 frequency table
Krzysztof Kozlowski (3):
dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints
dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints
USB: typec: Use str_enable_disable-like helpers
Kuen-Han Tsai (1):
usb: dwc3: Ignore late xferNotReady event to prevent halt timeout
Kyoji Ogasawara (3):
btrfs: fix incorrect log message for nobarrier mount option
btrfs: restore mount option info messages during mount
btrfs: fix printing of mount info messages for NODATACOW/NODATASUM
Laurentiu Mihalcea (1):
pwm: imx-tpm: Reset counter if CMOD is 0
Liao Yuanhong (1):
ext4: use kmalloc_array() for array space allocation
Lijo Lazar (1):
drm/amdgpu: Update external revid for GC v9.5.0
Ludwig Disterhof (1):
media: usbtv: Lock resolution while streaming
Luiz Augusto von Dentz (1):
Bluetooth: hci_sync: Fix scan state after PA Sync has been established
Lukas Wunner (1):
PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge
MD Danish Anwar (1):
net: ti: icssg-prueth: Fix HSR and switch offload Enablement during firwmare reload.
Macpaul Lin (1):
scsi: dt-bindings: mediatek,ufs: Add ufs-disable-mcq flag for UFS host
Mael GUERIN (1):
USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera
Marek Szyprowski (1):
zynq_fpga: use sgtable-based scatterlist wrappers
Marek Vasut (1):
usb: renesas-xhci: Fix External ROM access timeouts
Mario Limonciello (2):
drm/amd: Restore cached power limit during resume
drm/amd/display: Avoid a NULL pointer dereference
Masami Hiramatsu (Google) (1):
tracing: fprobe-event: Sanitize wildcard for fprobe event name
Mathis Foerst (1):
media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval
Matthieu Baerts (NGI0) (2):
mptcp: pm: kernel: flush: do not reset ADD_ADDR limit
selftests: mptcp: pm: check flush doesn't reset limits
Miao Li (1):
usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive
Miaoqian Lin (1):
most: core: Drop device reference after usage in get_channel()
Michael Walle (1):
mtd: spi-nor: Fix spi_nor_try_unlock_all()
Michal Suchanek (1):
powerpc/boot: Fix build with gcc 15
Michel Dänzer (1):
drm/amd/display: Add primary plane to commits for correct VRR handling
Miguel Ojeda (1):
rust: alloc: fix `rusttest` by providing `Cmalloc::aligned_layout` too
Mike Christie (1):
scsi: core: Fix command pass through retry regression
Minhong He (1):
ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add
Muhammad Usama Anjum (1):
ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context
Myrrh Periwinkle (2):
vt: keyboard: Don't process Unicode characters in K_OFF mode
vt: defkeymap: Map keycodes above 127 to K_HOLE
Namjae Jeon (1):
ksmbd: extend the connection limiting mechanism to support IPv6
Naohiro Aota (3):
btrfs: zoned: fix write time activation failure for metadata block group
btrfs: zoned: requeue to unused block group list if zone finish failed
btrfs: subpage: keep TOWRITE tag until folio is cleaned
Nathan Chancellor (3):
usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init()
wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table()
drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram()
NeilBrown (1):
ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp()
Nicolas Dufresne (1):
media: verisilicon: Fix AV1 decoder clock frequency
Nicolin Chen (1):
iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement
Nitin Gote (1):
iosys-map: Fix undefined behavior in iosys_map_clear()
Ojaswin Mujoo (2):
ext4: fix fsmap end of range reporting with bigalloc
ext4: fix reserved gdt blocks handling in fsmap
Oren Sidi (1):
net/mlx5: Add IFC bits and enums for buf_ownership
Parthiban Veerasooran (2):
microchip: lan865x: fix missing netif_start_queue() call on device open
microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1
Pauli Virtanen (1):
Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established
Peter Griffin (1):
arm64: dts: exynos: gs101: ufs: add dma-coherent property
Peter Oberparleiter (3):
s390/sclp: Fix SCCB present check
s390/hypfs: Avoid unnecessary ioctl registration in debugfs
s390/hypfs: Enable limited access during lockdown
Peter Shkenev (1):
drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities
Phillip Lougher (1):
squashfs: fix memory leak in squashfs_fill_super
Pu Lehui (1):
tracing: Limit access to parser->buffer when trace_get_user failed
Qingfang Deng (2):
net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path
ppp: fix race conditions in ppp_fill_forward_path
Rafael J. Wysocki (2):
PM: runtime: Take active children into account in pm_runtime_get_if_in_use()
cpuidle: governors: menu: Avoid selecting states with too much latency
Randy Dunlap (1):
parisc: Makefile: explain that 64BIT requires both 32-bit and 64-bit compilers
Ranjan Kumar (3):
scsi: mpi3mr: Fix race between config read submit and interrupt completion
scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers
scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems
Ricardo Ribalda (2):
media: venus: vdec: Clamp param smaller than 1fps and bigger than 240.
media: venus: venc: Clamp param smaller than 1fps and bigger than 240
Richard Zhu (4):
PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features
PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset
PCI: imx6: Delay link start until configfs 'start' written
PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features
Sakari Ailus (2):
media: ipu6: isys: Use correct pads for xlate_streams()
media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free()
Salah Triki (1):
iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe()
Sebastian Andrzej Siewior (1):
kcov, usb: Don't disable interrupts in kcov_remote_start_usb_softirq()
Sebastian Reichel (1):
usb: typec: fusb302: cache PD RX state
Selvarasu Ganesan (1):
usb: dwc3: Remove WARN_ON for device endpoint command timeouts
SeongJae Park (1):
mm/damon/ops-common: ignore migration request to invalid nodes
Sergey Shtylyov (1):
Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync()
Shahar Shitrit (1):
net/mlx5: Relocate function declarations from port.h to mlx5_core.h
Simon Richter (1):
Mark xe driver as BROKEN if kernel page size is not 4kB
Siyang Liu (1):
drm/amd/display: fix a Null pointer dereference vulnerability
Srinivas Pandruvada (1):
platform/x86/intel-uncore-freq: Check write blocked for ELC
Stefan Metzmacher (1):
smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()
Stefan Wahren (1):
spi: spi-fsl-lpspi: Clamp too high speed_hz
Steven Rostedt (2):
ftrace: Also allocate and copy hash for reading of filter files
tracing: Remove unneeded goto out logic
Suraj Gupta (1):
net: xilinx: axienet: Fix RX skb ring management in DMAengine mode
Takashi Iwai (1):
ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation
Theodore Ts'o (1):
ext4: don't try to clear the orphan_present feature block device is r/o
Thomas Fourier (2):
mtd: rawnand: fsmc: Add missing check after DMA map
mtd: rawnand: renesas: Add missing check after DMA map
Thomas Weißschuh (1):
kbuild: userprogs: use correct linker when mixing clang and GNU ld
Thomas Zimmermann (3):
drm/format-helper: Move helpers for pixel conversion to header file
drm/format-helper: Add generic conversion to 32-bit formats
drm/tests: Do not use drm_fb_blit() in format-helper tests
Thorsten Blum (3):
accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc()
cdx: Fix off-by-one error in cdx_rpmsg_probe()
usb: storage: realtek_cr: Use correct byte order for bcs->Residue
Tianxiang Peng (1):
x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper
Tim Harvey (1):
hwmon: (gsc-hwmon) fix fan pwm setpoint show functions
Timur Kristóf (7):
drm/amd/display: Don't overwrite dce60_clk_mgr
drm/amd/display: Don't overclock DCE 6 by 15%
drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3
drm/amd/display: Fix DP audio DTO1 clock source on DCE 6.
drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs
drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs
drm/amd/display: Don't print errors for nonexistent connectors
Tom Chung (1):
drm/amd/display: Fix Xorg desktop unresponsive on Replay panel
Tom Lendacky (1):
x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero
Tristram Ha (1):
net: dsa: microchip: Fix KSZ9477 HSR port setup issue
Trond Myklebust (1):
NFS: Fix a race when updating an existing write
Tzung-Bi Shih (1):
platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister()
Uwe Kleine-König (2):
pwm: mediatek: Handle hardware enable and clock enable separately
pwm: mediatek: Fix duty and period setting
ValdikSS (1):
igc: fix disabling L1.2 PCI-E link substate on I226 on init
Vedang Nagar (1):
media: venus: Add a check for packet size after reading from shared memory
Victor Shih (3):
mmc: sdhci-pci-gli: Add a new function to simplify the code
mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER
mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency
Vladimir Zapolskiy (1):
media: qcom: camss: cleanup media device allocated resource on error path
Waiman Long (2):
cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key
cgroup/cpuset: Fix a partition error with CPU hotplug
Wang Liang (1):
net: bridge: fix soft lockup in br_multicast_query_expired()
Weitao Wang (1):
usb: xhci: Fix slot_id resource race conflict
Will Deacon (2):
vsock/virtio: Validate length in packet header before skb_put()
vhost/vsock: Avoid allocating arbitrarily-sized SKBs
William Liu (2):
net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate
Xaver Hugl (1):
amdgpu/amdgpu_discovery: increase timeout limit for IFWI init
Xu Yang (1):
usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test
Xu Yilun (1):
fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable()
Yang Li (1):
Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF
Ye Bin (1):
fs/buffer: fix use-after-free when call bh_read() helper
Youssef Samir (1):
bus: mhi: host: Detect events pointing to unexpected TREs
Yuichiro Tsuji (1):
net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization
Yunhui Cui (1):
serial: 8250: fix panic due to PSLVERR
Zenm Chen (1):
USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles
Zhang Shurong (1):
media: ov2659: Fix memory leaks in ov2659_probe()
Zhang Yi (1):
ext4: fix hole length calculation overflow in non-extent inodes
Zhu Yanjun (1):
RDMA/rxe: Flush delayed SKBs while releasing RXE resources
Ziyan Xu (1):
ksmbd: fix refcount leak causing resource not released
wenglianfa (1):
RDMA/hns: Fix querying wrong SCC context for DIP algorithm
2 weeks, 1 day
- 1
- 1
Linux 6.6.103
by Greg Kroah-Hartman
I'm announcing the release of the 6.6.103 kernel.
All users of the 6.6 kernel series must upgrade.
The updated 6.6.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/devicetree/bindings/display/sprd/sprd,sharkl3-dpu.yaml | 2
Documentation/devicetree/bindings/display/sprd/sprd,sharkl3-dsi-host.yaml | 2
Documentation/filesystems/fscrypt.rst | 37 -
Documentation/firmware-guide/acpi/i2c-muxes.rst | 8
Documentation/networking/bonding.rst | 12
Documentation/networking/mptcp-sysctl.rst | 2
Documentation/power/runtime_pm.rst | 5
Makefile | 4
arch/arm/include/asm/topology.h | 1
arch/arm/mach-rockchip/platsmp.c | 15
arch/arm/mach-tegra/reset.c | 2
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1
arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 12
arch/arm64/boot/dts/ti/k3-am62a7-sk.dts | 4
arch/arm64/boot/dts/ti/k3-pinctrl.h | 15
arch/arm64/include/asm/acpi.h | 2
arch/arm64/include/asm/topology.h | 1
arch/arm64/kernel/fpsimd.c | 4
arch/arm64/kernel/topology.c | 26
arch/arm64/kernel/traps.c | 1
arch/arm64/mm/fault.c | 1
arch/arm64/mm/ptdump_debugfs.c | 3
arch/loongarch/kernel/module-sections.c | 36 -
arch/loongarch/net/bpf_jit.c | 21
arch/m68k/kernel/head.S | 31
arch/mips/crypto/chacha-core.S | 20
arch/mips/include/asm/vpe.h | 8
arch/mips/kernel/process.c | 16
arch/mips/lantiq/falcon/sysctrl.c | 23
arch/parisc/Makefile | 6
arch/parisc/include/asm/pgtable.h | 7
arch/parisc/include/asm/special_insns.h | 28
arch/parisc/include/asm/uaccess.h | 21
arch/parisc/kernel/cache.c | 6
arch/parisc/kernel/entry.S | 17
arch/parisc/kernel/syscall.S | 30
arch/parisc/lib/memcpy.c | 19
arch/parisc/mm/fault.c | 4
arch/powerpc/boot/Makefile | 1
arch/powerpc/include/asm/floppy.h | 5
arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6
arch/riscv/include/asm/topology.h | 1
arch/s390/hypfs/hypfs_dbfs.c | 19
arch/s390/include/asm/timex.h | 13
arch/s390/kernel/time.c | 2
arch/s390/mm/dump_pagetables.c | 2
arch/s390/mm/pgalloc.c | 5
arch/um/include/asm/thread_info.h | 4
arch/um/kernel/process.c | 20
arch/x86/include/asm/kvm-x86-ops.h | 2
arch/x86/include/asm/kvm_host.h | 22
arch/x86/include/asm/msr-index.h | 1
arch/x86/include/asm/xen/hypercall.h | 5
arch/x86/kernel/cpu/bugs.c | 5
arch/x86/kernel/cpu/hygon.c | 3
arch/x86/kvm/hyperv.c | 3
arch/x86/kvm/lapic.c | 19
arch/x86/kvm/lapic.h | 1
arch/x86/kvm/svm/svm.c | 42 -
arch/x86/kvm/svm/vmenter.S | 9
arch/x86/kvm/trace.h | 9
arch/x86/kvm/vmx/nested.c | 26
arch/x86/kvm/vmx/pmu_intel.c | 8
arch/x86/kvm/vmx/vmx.c | 164 ++--
arch/x86/kvm/vmx/vmx.h | 31
arch/x86/kvm/x86.c | 46 -
block/blk-core.c | 26
block/blk-settings.c | 2
crypto/jitterentropy-kcapi.c | 9
drivers/acpi/acpi_processor.c | 2
drivers/acpi/apei/ghes.c | 13
drivers/acpi/pfr_update.c | 2
drivers/acpi/prmt.c | 26
drivers/acpi/processor_perflib.c | 11
drivers/ata/Kconfig | 35
drivers/ata/libata-sata.c | 5
drivers/ata/libata-scsi.c | 58 -
drivers/base/arch_topology.c | 69 +
drivers/base/power/runtime.c | 59 +
drivers/block/drbd/drbd_receiver.c | 6
drivers/block/loop.c | 38 -
drivers/block/sunvdc.c | 4
drivers/bus/mhi/host/boot.c | 8
drivers/bus/mhi/host/internal.h | 4
drivers/bus/mhi/host/main.c | 12
drivers/cdx/controller/cdx_rpmsg.c | 3
drivers/char/ipmi/ipmi_msghandler.c | 8
drivers/char/ipmi/ipmi_watchdog.c | 59 +
drivers/char/misc.c | 4
drivers/clk/qcom/gcc-ipq5018.c | 2
drivers/clk/tegra/clk-periph.c | 4
drivers/comedi/comedi_fops.c | 36 -
drivers/comedi/comedi_internal.h | 1
drivers/comedi/drivers.c | 36 -
drivers/comedi/drivers/pcl726.c | 3
drivers/cpufreq/armada-8k-cpufreq.c | 2
drivers/cpufreq/cppc_cpufreq.c | 2
drivers/cpufreq/cpufreq.c | 12
drivers/cpuidle/governors/menu.c | 96 --
drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8
drivers/crypto/intel/qat/qat_common/adf_common_drv.h | 1
drivers/crypto/intel/qat/qat_common/adf_init.c | 1
drivers/crypto/intel/qat/qat_common/adf_isr.c | 5
drivers/crypto/intel/qat/qat_common/qat_algs.c | 12
drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16
drivers/devfreq/governor_userspace.c | 6
drivers/dma/stm32-dma.c | 2
drivers/edac/synopsys_edac.c | 97 +-
drivers/firmware/tegra/Kconfig | 5
drivers/fpga/zynq-fpga.c | 10
drivers/gpio/gpio-mlxbf2.c | 2
drivers/gpio/gpio-mlxbf3.c | 54 -
drivers/gpio/gpio-tps65912.c | 7
drivers/gpio/gpio-virtio.c | 9
drivers/gpio/gpio-wcd934x.c | 7
drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4
drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6
drivers/gpu/drm/amd/amdgpu/mmhub_v3_0_1.c | 57 -
drivers/gpu/drm/amd/amdkfd/kfd_module.c | 2
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 6
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 9
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 6
drivers/gpu/drm/amd/display/dc/bios/command_table.c | 2
drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 1
drivers/gpu/drm/amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 2
drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 -
drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11
drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3
drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3
drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6
drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 -
drivers/gpu/drm/display/drm_dp_helper.c | 2
drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c | 4
drivers/gpu/drm/i915/intel_runtime_pm.c | 5
drivers/gpu/drm/msm/msm_gem.c | 3
drivers/gpu/drm/msm/msm_gem.h | 6
drivers/gpu/drm/nouveau/nvif/vmm.c | 3
drivers/gpu/drm/renesas/rcar-du/rzg2l_mipi_dsi.c | 3
drivers/gpu/drm/ttm/ttm_pool.c | 8
drivers/gpu/drm/ttm/ttm_resource.c | 3
drivers/hid/hid-apple.c | 13
drivers/hid/hid-magicmouse.c | 56 +
drivers/hwmon/emc2305.c | 10
drivers/hwmon/gsc-hwmon.c | 4
drivers/i2c/i2c-core-acpi.c | 1
drivers/i3c/internals.h | 1
drivers/i3c/master.c | 4
drivers/idle/intel_idle.c | 2
drivers/iio/adc/ad7768-1.c | 23
drivers/iio/adc/ad_sigma_delta.c | 6
drivers/iio/imu/bno055/bno055.c | 11
drivers/iio/imu/inv_icm42600/inv_icm42600.h | 8
drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 33
drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c | 22
drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h | 10
drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 6
drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 43 -
drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 12
drivers/iio/light/as73211.c | 2
drivers/iio/pressure/bmp280-core.c | 9
drivers/iio/proximity/isl29501.c | 16
drivers/iio/temperature/maxim_thermocouple.c | 26
drivers/infiniband/core/nldev.c | 22
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8
drivers/infiniband/hw/bnxt_re/qplib_fp.c | 30
drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2
drivers/infiniband/hw/bnxt_re/qplib_res.c | 2
drivers/infiniband/hw/erdma/erdma_verbs.c | 4
drivers/infiniband/hw/hfi1/affinity.c | 44 -
drivers/infiniband/sw/siw/siw_qp_tx.c | 5
drivers/iommu/amd/init.c | 4
drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1
drivers/iommu/iommufd/io_pagetable.c | 48 -
drivers/leds/flash/leds-qcom-flash.c | 178 ++++
drivers/leds/leds-lp50xx.c | 11
drivers/leds/trigger/ledtrig-netdev.c | 16
drivers/md/dm-ps-historical-service-time.c | 4
drivers/md/dm-ps-queue-length.c | 4
drivers/md/dm-ps-round-robin.c | 4
drivers/md/dm-ps-service-time.c | 4
drivers/md/dm-table.c | 10
drivers/md/dm-zoned-target.c | 2
drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3
drivers/media/dvb-frontends/dib7000p.c | 8
drivers/media/i2c/ccs/ccs-core.c | 2
drivers/media/i2c/hi556.c | 26
drivers/media/i2c/ov2659.c | 3
drivers/media/i2c/tc358743.c | 86 +-
drivers/media/pci/intel/ivsc/mei_ace.c | 2
drivers/media/pci/intel/ivsc/mei_csi.c | 2
drivers/media/platform/qcom/camss/camss.c | 4
drivers/media/platform/qcom/venus/core.c | 8
drivers/media/platform/qcom/venus/core.h | 2
drivers/media/platform/qcom/venus/hfi_msgs.c | 83 +-
drivers/media/platform/qcom/venus/hfi_venus.c | 5
drivers/media/platform/qcom/venus/vdec.c | 5
drivers/media/platform/qcom/venus/venc.c | 5
drivers/media/platform/verisilicon/rockchip_vpu_hw.c | 9
drivers/media/test-drivers/vivid/vivid-ctrls.c | 3
drivers/media/test-drivers/vivid/vivid-vid-cap.c | 4
drivers/media/usb/gspca/vicam.c | 10
drivers/media/usb/hdpvr/hdpvr-i2c.c | 6
drivers/media/usb/usbtv/usbtv-video.c | 4
drivers/media/usb/uvc/uvc_driver.c | 3
drivers/media/usb/uvc/uvc_video.c | 21
drivers/media/v4l2-core/v4l2-common.c | 8
drivers/media/v4l2-core/v4l2-ctrls-core.c | 1
drivers/memstick/core/memstick.c | 1
drivers/memstick/host/rtsx_usb_ms.c | 1
drivers/mfd/axp20x.c | 3
drivers/misc/cardreader/rtsx_usb.c | 16
drivers/misc/mei/bus.c | 6
drivers/mmc/host/rtsx_usb_sdmmc.c | 4
drivers/mmc/host/sdhci-msm.c | 14
drivers/mmc/host/sdhci-pci-gli.c | 35
drivers/most/core.c | 2
drivers/mtd/nand/raw/fsmc_nand.c | 2
drivers/mtd/nand/raw/renesas-nand-controller.c | 6
drivers/mtd/nand/spi/core.c | 5
drivers/mtd/spi-nor/swp.c | 19
drivers/net/bonding/bond_3ad.c | 224 +++++-
drivers/net/bonding/bond_main.c | 1
drivers/net/bonding/bond_netlink.c | 16
drivers/net/bonding/bond_options.c | 29
drivers/net/dsa/b53/b53_common.c | 65 +
drivers/net/dsa/b53/b53_regs.h | 2
drivers/net/ethernet/agere/et131x.c | 36 +
drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2
drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 +
drivers/net/ethernet/atheros/ag71xx.c | 9
drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4
drivers/net/ethernet/emulex/benet/be_main.c | 8
drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2
drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4
drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14
drivers/net/ethernet/freescale/fec_main.c | 34
drivers/net/ethernet/freescale/gianfar_ethtool.c | 4
drivers/net/ethernet/google/gve/gve_adminq.c | 1
drivers/net/ethernet/google/gve/gve_main.c | 2
drivers/net/ethernet/intel/igc/igc_main.c | 14
drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4
drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c | 4
drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 2
drivers/net/ethernet/mediatek/mtk_wed.c | 1
drivers/net/ethernet/mellanox/mlx5/core/en/port_buffer.c | 18
drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2
drivers/net/ethernet/mellanox/mlx5/core/esw/devlink_port.c | 4
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2
drivers/net/ethernet/mellanox/mlxsw/trap.h | 1
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 7
drivers/net/ethernet/ti/icssg/icss_iep.c | 26
drivers/net/hyperv/hyperv_net.h | 3
drivers/net/hyperv/netvsc_drv.c | 29
drivers/net/ipa/ipa_smp2p.c | 2
drivers/net/phy/micrel.c | 12
drivers/net/phy/mscc/mscc.h | 12
drivers/net/phy/mscc/mscc_main.c | 12
drivers/net/phy/mscc/mscc_ptp.c | 49 +
drivers/net/phy/smsc.c | 1
drivers/net/ppp/ppp_generic.c | 17
drivers/net/thunderbolt/main.c | 21
drivers/net/usb/asix_devices.c | 1
drivers/net/usb/cdc_ncm.c | 20
drivers/net/wireless/ath/ath11k/ce.c | 3
drivers/net/wireless/ath/ath11k/dp_rx.c | 3
drivers/net/wireless/ath/ath11k/hal.c | 33
drivers/net/wireless/ath/ath12k/ce.c | 3
drivers/net/wireless/ath/ath12k/dp.c | 3
drivers/net/wireless/ath/ath12k/hal.c | 38 -
drivers/net/wireless/ath/ath12k/hw.c | 2
drivers/net/wireless/ath/ath12k/wmi.c | 5
drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2
drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5
drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7
drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2
drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 25
drivers/net/wireless/realtek/rtlwifi/pci.c | 23
drivers/net/wireless/realtek/rtw89/core.c | 3
drivers/net/wireless/realtek/rtw89/fw.c | 9
drivers/net/wireless/realtek/rtw89/fw.h | 2
drivers/net/wireless/realtek/rtw89/mac.c | 19
drivers/net/wireless/realtek/rtw89/reg.h | 1
drivers/net/xen-netfront.c | 5
drivers/nvme/host/pci.c | 24
drivers/pci/controller/dwc/pci-imx6.c | 7
drivers/pci/controller/pcie-rockchip-host.c | 49 -
drivers/pci/controller/pcie-rockchip.h | 11
drivers/pci/endpoint/pci-ep-cfs.c | 1
drivers/pci/endpoint/pci-epf-core.c | 2
drivers/pci/pci-acpi.c | 4
drivers/pci/pci.c | 10
drivers/pci/probe.c | 2
drivers/perf/cxl_pmu.c | 2
drivers/phy/qualcomm/phy-qcom-m31.c | 14
drivers/phy/rockchip/phy-rockchip-pcie.c | 3
drivers/pinctrl/stm32/pinctrl-stm32.c | 1
drivers/platform/chrome/cros_ec.c | 3
drivers/platform/chrome/cros_ec_typec.c | 4
drivers/platform/x86/amd/pmc/pmc-quirks.c | 9
drivers/platform/x86/thinkpad_acpi.c | 4
drivers/pmdomain/imx/imx8m-blk-ctrl.c | 10
drivers/power/supply/qcom_battmgr.c | 2
drivers/pps/clients/pps-gpio.c | 5
drivers/ptp/ptp_clock.c | 2
drivers/ptp/ptp_private.h | 5
drivers/ptp/ptp_vclock.c | 7
drivers/pwm/pwm-imx-tpm.c | 9
drivers/pwm/pwm-mediatek.c | 71 +
drivers/remoteproc/imx_rproc.c | 4
drivers/reset/Kconfig | 10
drivers/rtc/rtc-ds1307.c | 15
drivers/s390/char/sclp.c | 11
drivers/scsi/aacraid/comminit.c | 3
drivers/scsi/bfa/bfad_im.c | 1
drivers/scsi/libiscsi.c | 3
drivers/scsi/lpfc/lpfc_debugfs.c | 1
drivers/scsi/lpfc/lpfc_scsi.c | 4
drivers/scsi/mpi3mr/mpi3mr.h | 6
drivers/scsi/mpi3mr/mpi3mr_fw.c | 17
drivers/scsi/mpi3mr/mpi3mr_os.c | 22
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19
drivers/scsi/qla4xxx/ql4_os.c | 2
drivers/scsi/scsi_scan.c | 2
drivers/scsi/scsi_transport_sas.c | 60 +
drivers/soc/qcom/mdt_loader.c | 53 +
drivers/soc/qcom/rpmh-rsc.c | 2
drivers/soc/tegra/pmc.c | 51 -
drivers/soundwire/amd_manager.c | 6
drivers/soundwire/bus.c | 6
drivers/spi/spi-fsl-lpspi.c | 8
drivers/staging/media/imx/imx-media-csc-scaler.c | 2
drivers/target/target_core_fabric_lib.c | 63 +
drivers/target/target_core_internal.h | 4
drivers/target/target_core_pr.c | 18
drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 -
drivers/thermal/thermal_sysfs.c | 9
drivers/thunderbolt/domain.c | 2
drivers/tty/serial/8250/8250_port.c | 3
drivers/tty/vt/defkeymap.c_shipped | 112 +++
drivers/tty/vt/keyboard.c | 2
drivers/ufs/core/ufshcd-priv.h | 2
drivers/ufs/host/ufs-exynos.c | 4
drivers/ufs/host/ufshcd-pci.c | 42 +
drivers/usb/atm/cxacru.c | 106 +-
drivers/usb/class/cdc-acm.c | 11
drivers/usb/core/config.c | 10
drivers/usb/core/hcd.c | 8
drivers/usb/core/quirks.c | 1
drivers/usb/core/urb.c | 2
drivers/usb/dwc3/dwc3-imx8mp.c | 6
drivers/usb/dwc3/dwc3-meson-g12a.c | 3
drivers/usb/dwc3/dwc3-pci.c | 2
drivers/usb/dwc3/ep0.c | 20
drivers/usb/dwc3/gadget.c | 19
drivers/usb/gadget/udc/renesas_usb3.c | 1
drivers/usb/host/xhci-hub.c | 3
drivers/usb/host/xhci-mem.c | 24
drivers/usb/host/xhci-pci-renesas.c | 7
drivers/usb/host/xhci-ring.c | 19
drivers/usb/host/xhci.c | 27
drivers/usb/host/xhci.h | 3
drivers/usb/musb/omap2430.c | 14
drivers/usb/storage/realtek_cr.c | 2
drivers/usb/storage/unusual_devs.h | 29
drivers/usb/typec/mux/intel_pmc_mux.c | 2
drivers/usb/typec/tcpm/fusb302.c | 8
drivers/usb/typec/tcpm/maxim_contaminant.c | 54 +
drivers/usb/typec/tcpm/tcpci_maxim.h | 1
drivers/usb/typec/ucsi/psy.c | 2
drivers/usb/typec/ucsi/ucsi.c | 1
drivers/usb/typec/ucsi/ucsi.h | 7
drivers/vfio/pci/mlx5/cmd.c | 4
drivers/vfio/vfio_iommu_type1.c | 7
drivers/vhost/vhost.c | 3
drivers/vhost/vsock.c | 6
drivers/video/console/vgacon.c | 2
drivers/video/fbdev/core/fbcon.c | 9
drivers/video/fbdev/core/fbmem.c | 3
drivers/virt/coco/efi_secret/efi_secret.c | 10
drivers/watchdog/dw_wdt.c | 2
drivers/watchdog/iTCO_wdt.c | 6
drivers/watchdog/sbsa_gwdt.c | 50 +
fs/btrfs/backref.c | 6
fs/btrfs/block-group.c | 61 +
fs/btrfs/block-group.h | 11
fs/btrfs/block-rsv.c | 2
fs/btrfs/block-rsv.h | 2
fs/btrfs/btrfs_inode.h | 3
fs/btrfs/ctree.c | 24
fs/btrfs/ctree.h | 6
fs/btrfs/delayed-inode.c | 12
fs/btrfs/discard.c | 4
fs/btrfs/extent-tree.c | 33
fs/btrfs/file-item.c | 4
fs/btrfs/file-item.h | 2
fs/btrfs/free-space-tree.c | 17
fs/btrfs/inode-item.c | 10
fs/btrfs/inode-item.h | 4
fs/btrfs/inode.c | 26
fs/btrfs/qgroup.c | 31
fs/btrfs/relocation.c | 19
fs/btrfs/send.c | 359 +++++-----
fs/btrfs/space-info.c | 17
fs/btrfs/space-info.h | 6
fs/btrfs/tree-log.c | 72 +-
fs/btrfs/tree-mod-log.c | 14
fs/btrfs/tree-mod-log.h | 6
fs/btrfs/zoned.c | 20
fs/btrfs/zoned.h | 4
fs/buffer.c | 2
fs/crypto/fscrypt_private.h | 16
fs/crypto/hkdf.c | 2
fs/crypto/keysetup.c | 3
fs/crypto/keysetup_v1.c | 3
fs/eventpoll.c | 60 +
fs/exfat/dir.c | 12
fs/exfat/fatent.c | 10
fs/exfat/namei.c | 5
fs/exfat/super.c | 32
fs/ext2/inode.c | 12
fs/ext4/fsmap.c | 23
fs/ext4/indirect.c | 4
fs/ext4/inline.c | 19
fs/ext4/inode.c | 2
fs/ext4/mballoc.c | 67 -
fs/ext4/orphan.c | 5
fs/ext4/super.c | 8
fs/f2fs/file.c | 24
fs/f2fs/node.c | 10
fs/file.c | 90 +-
fs/gfs2/meta_io.c | 2
fs/hfs/bfind.c | 3
fs/hfs/bnode.c | 93 ++
fs/hfs/btree.c | 57 +
fs/hfs/extent.c | 2
fs/hfs/hfs_fs.h | 1
fs/hfsplus/bnode.c | 92 ++
fs/hfsplus/unicode.c | 7
fs/hfsplus/xattr.c | 6
fs/hugetlbfs/inode.c | 2
fs/jbd2/checkpoint.c | 1
fs/jfs/file.c | 3
fs/jfs/inode.c | 2
fs/jfs/jfs_dmap.c | 6
fs/libfs.c | 4
fs/namespace.c | 34
fs/nfs/blocklayout/blocklayout.c | 4
fs/nfs/blocklayout/dev.c | 5
fs/nfs/blocklayout/extent_tree.c | 20
fs/nfs/client.c | 44 +
fs/nfs/internal.h | 2
fs/nfs/nfs4client.c | 20
fs/nfs/nfs4proc.c | 2
fs/nfs/pnfs.c | 11
fs/nfsd/nfs4state.c | 34
fs/ntfs3/dir.c | 3
fs/ntfs3/inode.c | 31
fs/orangefs/orangefs-debugfs.c | 2
fs/smb/client/cifssmb.c | 10
fs/smb/client/connect.c | 10
fs/smb/client/sess.c | 9
fs/smb/client/smb2ops.c | 11
fs/smb/client/smbdirect.c | 24
fs/smb/server/connection.c | 3
fs/smb/server/connection.h | 7
fs/smb/server/oplock.c | 13
fs/smb/server/smb2pdu.c | 16
fs/smb/server/transport_rdma.c | 5
fs/smb/server/transport_rdma.h | 4
fs/smb/server/transport_tcp.c | 26
fs/squashfs/super.c | 14
fs/tracefs/inode.c | 11
fs/udf/super.c | 13
fs/xfs/xfs_itable.c | 6
include/linux/arch_topology.h | 8
include/linux/blk_types.h | 6
include/linux/compiler.h | 8
include/linux/cpufreq.h | 1
include/linux/energy_model.h | 6
include/linux/fs.h | 4
include/linux/hypervisor.h | 3
include/linux/if_vlan.h | 21
include/linux/iosys-map.h | 7
include/linux/memfd.h | 14
include/linux/mm.h | 82 +-
include/linux/pci.h | 10
include/linux/pm_runtime.h | 18
include/linux/sched/topology.h | 8
include/linux/skbuff.h | 8
include/linux/usb/cdc_ncm.h | 1
include/linux/virtio_vsock.h | 7
include/net/bond_3ad.h | 3
include/net/bond_options.h | 1
include/net/bonding.h | 23
include/net/cfg80211.h | 2
include/net/mac80211.h | 2
include/net/neighbour.h | 1
include/net/net_namespace.h | 16
include/net/sock.h | 1
include/trace/events/btrfs.h | 6
include/trace/events/thp.h | 2
include/uapi/linux/if_link.h | 1
include/uapi/linux/in6.h | 4
include/uapi/linux/io_uring.h | 2
include/uapi/linux/pfrut.h | 1
io_uring/net.c | 19
kernel/bpf/verifier.c | 3
kernel/cgroup/cpuset.c | 2
kernel/fork.c | 2
kernel/module/main.c | 10
kernel/power/console.c | 7
kernel/rcu/tree.c | 2
kernel/rcu/tree.h | 14
kernel/rcu/tree_plugin.h | 44 -
kernel/sched/cpufreq_schedutil.c | 30
kernel/sched/fair.c | 19
kernel/trace/ftrace.c | 19
kernel/trace/trace.c | 33
kernel/trace/trace.h | 10
mm/debug_vm_pgtable.c | 9
mm/filemap.c | 2
mm/kmemleak.c | 10
mm/madvise.c | 2
mm/memfd.c | 2
mm/memory-failure.c | 8
mm/mmap.c | 12
mm/ptdump.c | 2
mm/shmem.c | 2
net/bluetooth/hci_conn.c | 3
net/bluetooth/hci_event.c | 8
net/bluetooth/hci_sock.c | 2
net/bridge/br_multicast.c | 16
net/bridge/br_private.h | 2
net/core/dev.c | 12
net/core/neighbour.c | 12
net/core/net_namespace.c | 8
net/core/sock.c | 27
net/hsr/hsr_slave.c | 8
net/ipv4/netfilter/nf_reject_ipv4.c | 6
net/ipv4/route.c | 1
net/ipv4/udp_offload.c | 2
net/ipv6/addrconf.c | 7
net/ipv6/mcast.c | 11
net/ipv6/netfilter/nf_reject_ipv6.c | 5
net/ipv6/seg6_hmac.c | 6
net/mac80211/cfg.c | 12
net/mac80211/chan.c | 1
net/mac80211/mlme.c | 9
net/mac80211/rx.c | 12
net/mctp/af_mctp.c | 26
net/mptcp/options.c | 6
net/mptcp/pm_netlink.c | 19
net/mptcp/subflow.c | 5
net/ncsi/internal.h | 2
net/ncsi/ncsi-rsp.c | 1
net/netfilter/nf_conntrack_netlink.c | 24
net/netlink/af_netlink.c | 12
net/rds/tcp.c | 8
net/sched/sch_cake.c | 14
net/sched/sch_ets.c | 36 -
net/sched/sch_htb.c | 2
net/sctp/input.c | 2
net/smc/af_smc.c | 8
net/sunrpc/svcsock.c | 5
net/sunrpc/xprtsock.c | 8
net/tls/tls.h | 2
net/tls/tls_strp.c | 11
net/tls/tls_sw.c | 10
net/vmw_vsock/virtio_transport.c | 14
net/wireless/mlme.c | 3
net/xfrm/xfrm_state.c | 72 +-
scripts/kconfig/gconf.c | 8
scripts/kconfig/lxdialog/inputbox.c | 6
scripts/kconfig/lxdialog/menubox.c | 2
scripts/kconfig/nconf.c | 2
scripts/kconfig/nconf.gui.c | 1
security/apparmor/file.c | 6
security/apparmor/include/lib.h | 6
security/inode.c | 2
sound/core/pcm_native.c | 19
sound/hda/hdac_device.c | 2
sound/pci/hda/hda_codec.c | 42 -
sound/pci/hda/patch_ca0132.c | 2
sound/pci/hda/patch_realtek.c | 4
sound/pci/intel8x0.c | 2
sound/soc/codecs/hdac_hdmi.c | 10
sound/soc/codecs/rt5640.c | 5
sound/soc/fsl/fsl_sai.c | 20
sound/soc/intel/avs/core.c | 3
sound/soc/qcom/lpass-platform.c | 27
sound/soc/soc-core.c | 3
sound/soc/soc-dapm.c | 4
sound/usb/mixer_quirks.c | 14
sound/usb/stream.c | 25
sound/usb/validate.c | 14
tools/bpf/bpftool/main.c | 6
tools/include/nolibc/std.h | 4
tools/include/nolibc/types.h | 4
tools/include/uapi/linux/if_link.h | 1
tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 4
tools/scripts/Makefile.include | 4
tools/testing/ktest/ktest.pl | 5
tools/testing/selftests/arm64/fp/sve-ptrace.c | 3
tools/testing/selftests/bpf/prog_tests/user_ringbuf.c | 10
tools/testing/selftests/bpf/progs/verifier_unpriv.c | 2
tools/testing/selftests/ftrace/test.d/ftrace/func-filter-glob.tc | 2
tools/testing/selftests/futex/include/futextest.h | 11
tools/testing/selftests/memfd/memfd_test.c | 43 +
tools/testing/selftests/net/mptcp/pm_netlink.sh | 1
612 files changed, 6026 insertions(+), 2723 deletions(-)
Aahil Awatramani (1):
bonding: Add independent control state machine
Aakash Kumar S (1):
xfrm: Duplicate SPI Handling
Aaron Kling (1):
ARM: tegra: Use I/O memcpy to write to IRAM
Aaron Plattner (1):
watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition
Abel Vesa (1):
power: supply: qcom_battmgr: Add lithium-polymer entry
Aditya Garg (2):
HID: magicmouse: avoid setting up battery timer when not needed
HID: apple: avoid setting up battery timer for devices without battery
Adrian Hunter (1):
scsi: ufs: ufs-pci: Fix default runtime and system PM levels
Al Viro (5):
better lockdep annotations for simple_recursive_removal()
fix locking in efi_secret_unlink()
securityfs: don't pin dentries twice, once is enough...
use uniform permission checks for all mount propagation changes
alloc_fdtable(): change calling conventions.
Alex Deucher (1):
drm/amdgpu: update mmhub 3.0.1 client id mappings
Alex Guo (2):
media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()
media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
Alexander Kochetkov (1):
ARM: rockchip: fix kernel hang during smp initialization
Alexander Sverdlin (1):
arm64: dts: ti: k3-pinctrl: Enable Schmitt Trigger by default
Alexander Wilhelm (1):
bus: mhi: host: Fix endianness of BHI vector table
Alexey Klimov (1):
iommu/arm-smmu-qcom: Add SM6115 MDSS compatible
Alok Tiwari (6):
net: ti: icss-iep: Fix incorrect type for return value in extts_enable()
ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4
be2net: Use correct byte order and format string for TCP seq and ack_seq
net: thunderx: Fix format-truncation warning in bgx_acpi_match_id()
perf/cxlpmu: Remove unintended newline from IRQ name format string
gve: Return error for unknown admin queue command
Amber Lin (1):
drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
Amelie Delaunay (1):
dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs
Amir Mohammad Jahangirzad (1):
fs/orangefs: use snprintf() instead of sprintf()
Amit Sunil Dhamne (2):
usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean
usb: typec: maxim_contaminant: disable low power mode when reading comparator values
Anantha Prabhu (1):
RDMA/bnxt_re: Fix to initialize the PBL array
Andreas Dilger (1):
ext4: check fast symlink for ea_inode correctly
Andrew Price (1):
gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops
André Draszik (1):
scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
Andy Shevchenko (2):
Documentation: ACPI: Fix parent device references
iio: imu: inv_icm42600: Convert to uXX and sXX integer types
Anshuman Khandual (1):
mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()
Anthoine Bourgeois (1):
xen/netfront: Fix TX response spurious interrupts
Archana Patni (1):
scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers
Armen Ratner (1):
net/mlx5e: Preserve shared buffer capacity during headroom updates
Arnaud Lecomte (1):
jfs: upper bound check of tree index in dbAllocAG
Arnd Bergmann (1):
RDMA/core: reduce stack using in nldev_stat_get_doit()
Artem Sadovnikov (1):
vfio/mlx5: fix possible overflow in tracking max message size
Avraham Stern (1):
wifi: iwlwifi: mvm: fix scan request validation
Baihan Li (1):
drm/hisilicon/hibmc: fix the hibmc loaded failed bug
Baokun Li (4):
ext4: fix zombie groups in average fragment size lists
ext4: fix largest free orders lists corruption on mb_optimize_scan switch
jbd2: prevent softlockup in jbd2_log_do_checkpoint()
ext4: preserve SB_I_VERSION on remount
Bartosz Golaszewski (2):
gpio: wcd934x: check the return value of regmap_update_bits()
gpio: tps65912: check the return value of regmap_update_bits()
Benjamin Marzinski (1):
dm-table: fix checking for rq stackable devices
Benson Leung (1):
usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default
Bharat Bhushan (1):
crypto: octeontx2 - add timeout for load_fvc completion poll
Biju Das (1):
net: phy: micrel: Add ksz9131_resume()
Bingbu Cao (1):
media: hi556: correct the test pattern configuration
Bitterblue Smith (3):
wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB
wifi: rtw89: Fix rtw89_mac_power_switch() for USB
wifi: rtw89: Disable deep power saving for USB/SDIO
Bjorn Andersson (2):
soc: qcom: mdt_loader: Actually use the e_phoff
soc: qcom: mdt_loader: Ensure we don't read past the ELF header
Bjorn Helgaas (1):
mmc: sdhci-pci-gli: Use PCI AER definitions, not hard-coded values
Boris Burkov (1):
btrfs: fix ssd_spread overallocation
Boshi Yu (1):
RDMA/erdma: Fix ignored return value of init_kernel_qp
Breno Leitao (5):
ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
arm64: Mark kernel as tainted on SAE and SError panic
ptp: Use ratelimite for freerun error message
ipmi: Use dev_warn_ratelimited() for incorrect message warnings
mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock
Buday Csaba (1):
net: phy: smsc: add proper reset flags for LAN8710A
Cezary Rojewski (1):
ASoC: Intel: avs: Fix uninitialized pointer error in probe()
Chao Gao (1):
KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID
Chao Yu (1):
f2fs: fix to avoid out-of-boundary access in dnode page
Charles Keepax (1):
soundwire: Move handle_nested_irq outside of sdw_dev_lock
Cheick Traore (1):
pinctrl: stm32: Manage irq affinity settings
Chen Yu (1):
ACPI: pfr_update: Fix the driver update version check
Chen-Yu Tsai (1):
mfd: axp20x: Set explicit ID for AXP313 regulator
Chenyuan Yang (1):
drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()
Chris Mason (1):
sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails
Christian Loehle (1):
cpuidle: menu: Remove iowait influence
Christoph Hellwig (2):
block: reject invalid operation in submit_bio_noacct
xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags
Christoph Paasch (1):
mptcp: drop skb if MPTCP skb extension allocation fails
Christophe Leroy (1):
ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop
Christopher Eby (1):
ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks
Corey Minyard (1):
ipmi: Fix strcpy source and destination the same
Cristian Ciocaltea (1):
ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
Cynthia Huang (1):
selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t
D. Wythe (1):
net/smc: fix UAF on smcsk after smc_listen_out()
Dai Ngo (1):
NFSD: detect mismatch of file handle and delegation stateid in OPEN op
Damien Le Moal (9):
ata: libata-sata: Disallow changing LPM state if not supported
scsi: mpt3sas: Correctly handle ATA device errors
scsi: mpi3mr: Correctly handle ATA device errors
ata: libata-scsi: Fix ata_to_sense_error() status handling
PCI: endpoint: Fix configfs group list head handling
PCI: endpoint: Fix configfs group removal on driver teardown
block: Make REQ_OP_ZONE_FINISH a write operation
ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig
ata: libata-scsi: Return aborted command when missing sense and result TF
Dan Carpenter (5):
cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table()
media: gspca: Add bounds checking to firmware parser
soc: qcom: mdt_loader: Fix error return values in mdt_header_valid()
scsi: qla4xxx: Prevent a potential error pointer dereference
ALSA: usb-audio: Fix size validation in convert_chmap_v3()
Daniel Golle (1):
Revert "leds: trigger: netdev: Configure LED blink interval for HW offload"
Daniel Jurgens (1):
net/mlx5: Base ECVF devlink port attrs from 0
Dave Stevenson (3):
media: tc358743: Check I2C succeeded during probe
media: tc358743: Return an appropriate colorspace from tc358743_set_fmt
media: tc358743: Increase FIFO trigger level to 374
David Bauer (1):
wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch
David Collins (1):
thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required
David Lechner (6):
iio: adc: ad_sigma_delta: don't overallocate scan buffer
iio: imu: bno055: fix OOB access of hw_xlate array
iio: adc: ad_sigma_delta: change to buffer predisable
iio: proximity: isl29501: fix buffered read on big-endian systems
iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read()
iio: imu: inv_icm42600: use = { } instead of memset()
David Sterba (3):
btrfs: move transaction aborts to the error site in add_block_group_free_space()
btrfs: open code timespec64 in struct btrfs_inode
btrfs: constify more pointer parameters
David Thompson (3):
gpio: mlxbf2: use platform_get_irq_optional()
Revert "gpio: mlxbf3: only get IRQ for device instance 0"
gpio: mlxbf3: use platform_get_irq_optional()
Davide Caratti (1):
net/sched: ets: use old 'nbands' while purging unused classes
Edward Adam Davis (2):
jfs: Regular file corruption check
comedi: pcl726: Prevent invalid irq number
Eliav Farber (1):
pps: clients: gpio: fix interrupt handling order in remove path
Emanuele Ghidoli (1):
arm64: dts: ti: k3-am62-verdin: Enable pull-ups on I2C buses
Emily Deng (1):
drm/ttm: Should to return the evict error
Eric Biggers (4):
thunderbolt: Fix copy+paste error in match_service_id()
lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap
ipv6: sr: Fix MAC comparison to be constant-time
fscrypt: Don't use problematic non-inline crypto engines
Eric Dumazet (2):
net: better track kernel sockets lifetime
net_sched: sch_ets: implement lockless ets_dump()
Eric Work (1):
net: atlantic: add set_power to fw_ops for atl2 to fix wol
Evgeniy Harchenko (1):
ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6
Fanhua Li (1):
drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor().
Fedor Pchelkin (1):
netlink: avoid infinite retry looping in netlink_unicast()
Fenglin Wu (1):
leds: flash: leds-qcom-flash: Limit LED current based on thermal condition
Filipe Manana (14):
btrfs: abort transaction during log replay if walk_log_tree() failed
btrfs: clear dirty status from extent buffer on error at insert_new_root()
btrfs: fix log tree replay failure due to file with 0 links and extents
btrfs: don't ignore inode missing when replaying log tree
btrfs: qgroup: fix race between quota disable and quota rescan ioctl
btrfs: always abort transaction on failure to add block group to free space tree
btrfs: abort transaction on unexpected eb generation at btrfs_copy_root()
btrfs: send: factor out common logic when sending xattrs
btrfs: send: only use boolean variables at process_recorded_refs()
btrfs: send: add and use helper to rename current inode when processing refs
btrfs: send: keep the current inode's path cached
btrfs: send: avoid path allocation for the current inode when issuing commands
btrfs: send: use fallocate for hole punching with send stream v2
btrfs: send: make fs_path_len() inline and constify its argument
Finn Thain (1):
m68k: Fix lost column on framebuffer debug console
Florian Larysch (1):
net: phy: micrel: fix KSZ8081/KSZ8091 cable test
Florian Westphal (2):
netfilter: ctnetlink: fix refcount leak on table dump
netfilter: nf_reject: don't leak dst refcount for loopback packets
Florin Leotescu (1):
hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state
Frederic Weisbecker (1):
rcu: Fix racy re-initialization of irq_work causing hangs
Gabor Juhos (1):
mtd: spinand: propagate spinand_wait() errors from spinand_write_page()
Gabriel Totev (1):
apparmor: shift ouid when mediating hard links in userns
Gal Pressman (2):
net: vlan: Make is_vlan_dev() a stub when VLAN is not configured
net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs
Gang Ba (1):
drm/amdgpu: Avoid extra evict-restore process.
Gautham R. Shenoy (1):
pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()
Geliang Tang (2):
mptcp: remove duplicate sk_reset_timer call
mptcp: disable add_addr retransmission when timeout is 0
George Moussalem (1):
clk: qcom: ipq5018: keep XO clock always on
Gerald Schaefer (1):
s390/mm: Remove possible false-positive warning in pte_free_defer()
Geraldo Nascimento (3):
phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal
PCI: rockchip: Use standard PCIe definitions
PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining
Giovanni Cabiddu (2):
crypto: qat - lower priority for skcipher and aead algorithms
crypto: qat - flush misc workqueue during device shutdown
Greg Kroah-Hartman (1):
Linux 6.6.103
Gui-Dong Han (1):
media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
Haiyang Zhang (1):
hv_netvsc: Fix panic during namespace deletion with VF
Hangbin Liu (2):
bonding: update LACP activity flag after setting lacp_active
bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU
Hans Verkuil (1):
media: vivid: fix wrong pixel_array control size
Hans de Goede (2):
mei: bus: Check for still connected devices in mei_cl_bus_dev_release()
media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls
Haoran Jiang (1):
LoongArch: BPF: Fix jump offset calculation in tailcall
Haoxiang Li (1):
media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init()
Harald Mommer (1):
gpio: virtio: Fix config space reading.
Hari Chandrakanthan (1):
wifi: mac80211: fix rx link assignment for non-MLO stations
Hari Kalavakunta (1):
net: ncsi: Fix buffer overflow in fetching version id
Hariprasad Kelam (1):
Octeontx2-af: Skip overlap check for SPI field
Heikki Krogerus (1):
usb: dwc3: pci: add support for the Intel Wildcat Lake
Heiner Kallweit (1):
dpaa_eth: don't use fixed_phy_change_carrier
Helge Deller (1):
Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()"
Herton R. Krzesinski (1):
mm/debug_vm_pgtable: clear page table entries at destroy_args()
Hiago De Franco (1):
remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU
Hong Guan (1):
arm64: dts: ti: k3-am62a7-sk: fix pinmux for main_uart1
Horatiu Vultur (1):
phy: mscc: Fix timestamping for vsc8584
Hsin-Te Yuan (1):
thermal: sysfs: Return ENODATA instead of EAGAIN for reads
Huacai Chen (1):
PCI: Extend isolated function probing to LoongArch
Ian Abbott (3):
comedi: fix race between polling and detaching
comedi: Make insn_rw_emulate_bits() do insn->n samples
comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()
Ido Schimmel (1):
mlxsw: spectrum: Forward packets with an IPv4 link-local source IP
Igor Pylypiv (1):
ata: libata-scsi: Fix CDL control
Ihor Solodrai (1):
bpf: Make reg_not_null() true for CONST_PTR_TO_MAP
Ilan Peer (1):
wifi: cfg80211: Fix interface type validation
Ilya Bakoulin (1):
drm/amd/display: Separate set_gsl from set_gsl_source_select
Imre Deak (1):
drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS
Isaac J. Manjarres (4):
mm: drop the assumption that VM_SHARED always implies writable
mm: update memfd seal write check to include F_SEAL_WRITE
mm: reinstate ability to map write-sealed memfd mappings read-only
selftests/memfd: add test for mapping write-sealed memfd read-only
Jack Xiao (1):
drm/amdgpu: fix incorrect vm flags to map bo
Jaegeuk Kim (1):
f2fs: check the generic conditions first
Jakub Acs (1):
net, hsr: reject HSR frame if skb can't hold tag
Jakub Kicinski (3):
tls: handle data disappearing from under the TLS ULP
uapi: in6: restore visibility of most IPv6 socket options
tls: fix handling of zero-length records on the rx_list
Jakub Ramaseuski (1):
net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM
Jan Beulich (1):
compiler: remove __ADDRESSABLE_ASM{_STR,}() again
Jan Kara (2):
loop: Avoid updating block size under exclusive owner
udf: Verify partition map count
Jann Horn (1):
eventpoll: Fix semi-unbounded recursion
Jason Gunthorpe (1):
iommufd: Prevent ALIGN() overflow
Jason Wang (1):
vhost: fail early when __vhost_add_used() fails
Jason Xing (1):
ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc
Jay Chen (1):
usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command
Jean-Baptiste Maneyrol (1):
iio: imu: inv_icm42600: change invalid data error to -EBUSY
Jeff Layton (1):
nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
Jens Axboe (1):
io_uring/net: commit partial buffers on retry
Jeongjun Park (1):
ptp: prevent possible ABBA deadlock in ptp_clock_freerun()
Jiasheng Jiang (1):
scsi: lpfc: Remove redundant assignment to avoid memory leak
Jiayi Li (2):
ACPI: processor: perflib: Fix initial _PPC limit application
memstick: Fix deadlock by moving removing flag earlier
Jinjiang Tu (1):
mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn
Joel Fernandes (1):
rcu: Fix rcu_read_unlock() deadloop due to IRQ work
Johan Adolfsson (1):
leds: leds-lp50xx: Handle reg to get correct multi_index
Johan Hovold (15):
net: gianfar: fix device leak when querying time stamp info
net: enetc: fix device and OF node leak at probe
net: mtk_eth_soc: fix device leak at probe
net: ti: icss-iep: fix device and OF node leaks at probe
net: dpaa: fix device leak when querying time stamp info
usb: gadget: udc: renesas_usb3: fix device leak at unbind
usb: musb: omap2430: fix device leak at unbind
usb: dwc3: meson-g12a: fix device leaks at unbind
wifi: ath12k: fix dest ring-buffer corruption
wifi: ath12k: fix source ring-buffer corruption
wifi: ath12k: fix dest ring-buffer corruption when ring is full
wifi: ath11k: fix dest ring-buffer corruption
wifi: ath11k: fix source ring-buffer corruption
wifi: ath11k: fix dest ring-buffer corruption when ring is full
usb: dwc3: imx8mp: fix device leak at unbind
Johannes Berg (2):
wifi: cfg80211: reject HTC bit for management frames
wifi: mac80211: don't complete management TX on SAE commit
Johannes Thumshirn (1):
btrfs: zoned: use filesystem size not disk size for reclaim decision
John David Anglin (8):
parisc: Check region is readable by user in raw_copy_from_user()
parisc: Define and use set_pte_at()
parisc: Drop WARN_ON_ONCE() from flush_cache_vmap
parisc: Rename pte_needs_flush() to pte_needs_cache_flush() in cache.c
parisc: Revise __get_user() to probe user read access
parisc: Revise gateway LWS calls to probe user read access
parisc: Try to fixup kernel exception in bad_area_nosemaphore path of do_page_fault()
parisc: Update comments in make_insert_tlb
John Garry (2):
scsi: aacraid: Stop using PCI_IRQ_AFFINITY
block: avoid possible overflow for chunk_sectors check in blk_stack_limits()
Jon Hunter (1):
soc/tegra: pmc: Ensure power-domains are in a known state
Jonas Rebmann (1):
net: fec: allow disable coalescing
Jonathan Cameron (2):
iio: light: as73211: Ensure buffer holes are zeroed
iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64
Jonathan Santos (1):
iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement
Jordan Rhee (1):
gve: prevent ethtool ops after shutdown
Jorge Marques (1):
i3c: master: Initialize ret in i3c_i2c_notifier_call()
Jorge Ramirez-Ortiz (2):
media: venus: hfi: explicitly release IRQ during teardown
media: venus: protect against spurious interrupts during probe
Judith Mendez (1):
arm64: dts: ti: k3-am62-main: Remove eMMC High Speed DDR support
Justin Tee (1):
scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
Kanglong Wang (1):
LoongArch: Optimize module load time by optimizing PLT/GOT counting
Karthikeyan Kathirvel (1):
wifi: ath12k: Decrement TID on RX peer frag setup error handling
Kashyap Desai (2):
RDMA/bnxt_re: Fix to do SRQ armena by default
RDMA/bnxt_re: Fix to remove workload check in SRQ limit path
Kathiravan Thirumoorthy (1):
phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence
Kees Cook (3):
arm64: Handle KCOV __init vs inline mismatches
platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches
iommu/amd: Avoid stack buffer overflow from kernel cmdline
Keith Busch (2):
nvme-pci: try function level reset on init failure
vfio/type1: conditional rescheduling while pinning
Krzysztof Hałasa (1):
imx8m-blk-ctrl: set ISI panic write hurry level
Krzysztof Kozlowski (3):
dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints
dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints
leds: flash: leds-qcom-flash: Fix registry access after re-bind
Kuen-Han Tsai (1):
usb: dwc3: Ignore late xferNotReady event to prevent halt timeout
Kuninori Morimoto (1):
ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed
Kuniyuki Iwashima (2):
ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc().
net: Add net_passive_inc() and net_passive_dec().
Lad Prabhakar (1):
drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range
Laurentiu Mihalcea (1):
pwm: imx-tpm: Reset counter if CMOD is 0
Len Brown (1):
intel_idle: Allow loading ACPI tables for any family
Leon Romanovsky (1):
net/mlx5e: Properly access RCU protected qdisc_sleeping variable
Liao Yuanhong (1):
ext4: use kmalloc_array() for array space allocation
Lifeng Zheng (2):
cpufreq: Exit governor when failed to start old governor
PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store()
Lizhi Xu (2):
fs/ntfs3: Add sanity check for file name
jfs: truncate good inode pages when hard link is 0
Lucy Thrun (1):
ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
Ludwig Disterhof (1):
media: usbtv: Lock resolution while streaming
Lukas Wunner (1):
PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
Ma Ke (1):
sunvdc: Balance device refcount in vdc_port_mpgroup_check
Mael GUERIN (1):
USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera
Manuel Andreas (1):
KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush
Marek Szyprowski (1):
zynq_fpga: use sgtable-based scatterlist wrappers
Marek Vasut (1):
usb: renesas-xhci: Fix External ROM access timeouts
Mario Limonciello (8):
platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list
usb: xhci: Avoid showing warnings for dying controller
usb: xhci: Avoid showing errors during surprise removal
drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual
drm/amd/display: Only finalize atomic_obj if it was initialized
drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported
drm/amd: Restore cached power limit during resume
drm/amd/display: Avoid a NULL pointer dereference
Mark Brown (2):
ASoC: hdac_hdmi: Rate limit logging on connection and disconnection
kselftest/arm64: Specify SVE data when testing VL set in sve-ptrace
Markus Theil (1):
crypto: jitter - fix intermediary handling
Masahiro Yamada (2):
kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed()
kconfig: gconf: fix potential memory leak in renderer_edited()
Masami Hiramatsu (Google) (2):
selftests: tracing: Use mutex_unlock for testing glob filter
tracing: fprobe-event: Sanitize wildcard for fprobe event name
Mateusz Guzik (1):
apparmor: use the condition in AA_BUG_FMT even with debug disabled
Matt Johnston (1):
net: mctp: Prevent duplicate binds
Matthieu Baerts (NGI0) (2):
mptcp: pm: kernel: flush: do not reset ADD_ADDR limit
selftests: mptcp: pm: check flush doesn't reset limits
Maulik Shah (1):
soc: qcom: rpmh-rsc: Add RSC version 4 support
Maurizio Lombardi (1):
scsi: target: core: Generate correct identifiers for PR OUT transport IDs
Maxim Levitsky (3):
KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter
KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs
KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest
Meagan Lloyd (2):
rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
Miao Li (1):
usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive
Miaoqian Lin (1):
most: core: Drop device reference after usage in get_channel()
Michael Walle (1):
mtd: spi-nor: Fix spi_nor_try_unlock_all()
Michal Suchanek (1):
powerpc/boot: Fix build with gcc 15
Michel Dänzer (1):
drm/amd/display: Add primary plane to commits for correct VRR handling
Mikhail Lobanov (1):
wifi: mac80211: check basic rates validity in sta_link_apply_parameters
Mikulas Patocka (1):
dm-mpath: don't print the "loaded" message if registering fails
Mina Almasry (1):
netmem: fix skb_frag_address_safe with unreadable skbs
Minhong He (1):
ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add
Miri Korenblit (1):
wifi: iwlwifi: mvm: set gtk id also in older FWs
Myrrh Periwinkle (3):
usb: typec: ucsi: Update power_supply on power role change
vt: keyboard: Don't process Unicode characters in K_OFF mode
vt: defkeymap: Map keycodes above 127 to K_HOLE
Namjae Jeon (1):
ksmbd: extend the connection limiting mechanism to support IPv6
Naohiro Aota (3):
btrfs: zoned: do not remove unwritten non-data block group
btrfs: zoned: do not select metadata BG as finish target
btrfs: zoned: fix write time activation failure for metadata block group
Nathan Chancellor (2):
usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init()
wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table()
NeilBrown (1):
smb/server: avoid deadlock when linking with ReplaceIfExists
Nicolas Dufresne (1):
media: verisilicon: Fix AV1 decoder clock frequency
Nicolas Escande (1):
neighbour: add support for NUD_PERMANENT proxy entries
Nicolin Chen (1):
iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range
Niklas Söderlund (1):
media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control
Nitin Gote (1):
iosys-map: Fix undefined behavior in iosys_map_clear()
Ojaswin Mujoo (2):
ext4: fix fsmap end of range reporting with bigalloc
ext4: fix reserved gdt blocks handling in fsmap
Oliver Neukum (3):
usb: core: usb_submit_urb: downgrade type check
net: usb: cdc-ncm: check for filtering capability
cdc-acm: fix race between initial clearing halt and open
Oscar Maes (1):
net: ipv4: fix incorrect MTU in broadcast routes
Pagadala Yesu Anjaneyulu (1):
wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect
Pali Rohár (1):
cifs: Fix calling CIFSFindFirst() for root path without msearch
Paul E. McKenney (1):
rcu: Protect ->defer_qs_iw_pending from data race
Pauli Virtanen (1):
Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established
Pavel Begunkov (1):
io_uring: don't use int for ABI
Pawan Gupta (1):
x86/bugs: Avoid warning when overriding return thunk
Pedro Falcato (1):
RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages
Pei Xiao (1):
clk: tegra: periph: Fix error handling and resolve unsigned compare warning
Peter Oberparleiter (3):
s390/sclp: Fix SCCB present check
s390/hypfs: Avoid unnecessary ioctl registration in debugfs
s390/hypfs: Enable limited access during lockdown
Peter Robinson (1):
reset: brcmstb: Enable reset drivers for ARCH_BCM2835
Peter Ujfalusi (1):
ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
Petr Pavlu (1):
module: Prevent silent truncation of module name in delete_module(2)
Phillip Lougher (1):
squashfs: fix memory leak in squashfs_fill_super
Prashant Malani (1):
cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag
Pu Lehui (1):
tracing: Limit access to parser->buffer when trace_get_user failed
Purva Yeshi (1):
md: dm-zoned-target: Initialize return variable r to avoid uninitialized use
Qingfang Deng (2):
net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path
ppp: fix race conditions in ppp_fill_forward_path
Qu Wenruo (2):
btrfs: do not allow relocation of partially dropped subvolumes
btrfs: populate otime when logging an inode item
Rafael J. Wysocki (5):
ACPI: processor: perflib: Move problematic pr->performance check
cpuidle: governors: menu: Avoid using invalid recent intervals data
PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit()
PM: runtime: Take active children into account in pm_runtime_get_if_in_use()
cpuidle: governors: menu: Avoid selecting states with too much latency
Raj Kumar Bhagat (1):
wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0
Ramya Gnanasekar (1):
wifi: mac80211: update radar_required in channel context after channel switch
Rand Deeb (1):
wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()
Randy Dunlap (2):
parisc: Makefile: fix a typo in palo.conf
parisc: Makefile: explain that 64BIT requires both 32-bit and 64-bit compilers
Ranjan Kumar (4):
scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
scsi: mpi3mr: Fix race between config read submit and interrupt completion
scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers
scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems
Ricardo Ribalda (3):
media: uvcvideo: Do not mark valid metadata as invalid
media: venus: vdec: Clamp param smaller than 1fps and bigger than 240.
media: venus: venc: Clamp param smaller than 1fps and bigger than 240
Richard Zhu (2):
PCI: imx6: Delay link start until configfs 'start' written
PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features
Ricky Wu (1):
misc: rtsx: usb: Ensure mmc child device is active when card is present
Rob Clark (1):
drm/msm: use trylock for debugfs
Rong Zhang (1):
fs/ntfs3: correctly create symlink for relative path
Sabrina Dubroca (1):
udp: also consider secpath when evaluating ipsec use for checksumming
Sakari Ailus (2):
media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free()
PM: runtime: Simplify pm_runtime_get_if_active() usage
Salah Triki (1):
iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe()
Sarah Newman (1):
drbd: add missing kref_get in handle_write_conflicts
Sarika Sharma (2):
wifi: ath12k: Correct tid cleanup when tid setup fails
wifi: ath12k: Add memset and update default rate value in wmi tx completion
Sarthak Garg (1):
mmc: sdhci-msm: Ensure SD card power isn't ON when card removed
Sasha Levin (1):
fs: Prevent file descriptor table allocations exceeding INT_MAX
Sean Christopherson (15):
KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow
KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
KVM: x86: Snapshot the host's DEBUGCTL in common x86
KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs
KVM: x86: Plumb "force_immediate_exit" into kvm_entry() tracepoint
KVM: VMX: Re-enter guest in fastpath for "spurious" preemption timer exits
KVM: VMX: Handle forced exit due to preemption timer in fastpath
KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers
KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2
KVM: x86: Fully defer to vendor code to decide how to force immediate exit
KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap
KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag
KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported
KVM: VMX: Extract checking of guest's DEBUGCTL into helper
KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer
Sebastian Ott (1):
ACPI: processor: fix acpi_object initialization
Sebastian Reichel (2):
watchdog: dw_wdt: Fix default timeout
usb: typec: fusb302: cache PD RX state
Selvarasu Ganesan (1):
usb: dwc3: Remove WARN_ON for device endpoint command timeouts
Sergey Bashirov (4):
pNFS: Fix stripe mapping in block/scsi layout
pNFS: Fix disk addr range check in block/scsi layout
pNFS: Handle RPC size limit for layoutcommits
pNFS: Fix uninited ptr deref in block/scsi layout
Sergey Shtylyov (1):
Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync()
Shankari Anand (1):
kconfig: nconf: Ensure null termination where strncpy is used
Shannon Nelson (1):
ionic: clean dbpage in de-init
Shengjiu Wang (1):
ASoC: fsl_sai: replace regmap_write with regmap_update_bits
Shiji Yang (2):
MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free}
MIPS: lantiq: falcon: sysctrl: fix request memory check logic
Showrya M N (1):
scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
Shuai Xue (1):
ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered
Shubhrajyoti Datta (1):
EDAC/synopsys: Clear the ECC counters on init
Shyam Prasad N (1):
cifs: reset iface weights when we cannot find a candidate
Sravan Kumar Gundu (1):
fbdev: Fix vmalloc out-of-bounds write in fast_imageblit
Srinivas Kandagatla (1):
ASoC: qcom: use drvdata instead of component to keep id
Stanislaw Gruszka (1):
wifi: iwlegacy: Check rate_idx range after addition
Stefan Metzmacher (3):
smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection()
smb: client: don't wait for info->send_pending == 0 on error
smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()
Stefan Wahren (1):
spi: spi-fsl-lpspi: Clamp too high speed_hz
Steve French (1):
smb3: fix for slab out of bounds on mount to ksmbd
Steven Rostedt (5):
tracefs: Add d_delete to remove negative dentries
powerpc/thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64
ktest.pl: Prevent recursion of default variable options
ftrace: Also allocate and copy hash for reading of filter files
tracing: Remove unneeded goto out logic
Su Hui (1):
usb: xhci: print xhci->xhc_state when queue_command failed
Suchit Karunakaran (1):
kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c
Sven Schnelle (2):
s390/time: Use monotonic clock in get_cycles()
s390/stp: Remove udelay from stp_sync_clock()
Takashi Iwai (5):
ALSA: usb-audio: Validate UAC3 power domain descriptors, too
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
ALSA: hda: Handle the jack polling always via a work
ALSA: hda: Disable jack polling at shutdown
ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation
Tetsuo Handa (1):
hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
Theodore Ts'o (2):
ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
ext4: don't try to clear the orphan_present feature block device is r/o
Thierry Reding (1):
firmware: tegra: Fix IVC dependency problems
Thomas Fourier (8):
et131x: Add missing check after DMA map
net: ag71xx: Add missing check after DMA map
(powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer
wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`.
powerpc: floppy: Add missing checks after DMA map
wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc()
mtd: rawnand: fsmc: Add missing check after DMA map
mtd: rawnand: renesas: Add missing check after DMA map
Thomas Weißschuh (5):
tools/nolibc: define time_t in terms of __kernel_old_time_t
tools/build: Fix s390(x) cross-compilation with clang
um: Re-evaluate thread flags repeatedly
MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
kbuild: userprogs: use correct linker when mixing clang and GNU ld
Thorsten Blum (2):
cdx: Fix off-by-one error in cdx_rpmsg_probe()
usb: storage: realtek_cr: Use correct byte order for bcs->Residue
Tianxiang Peng (1):
x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper
Tim Harvey (1):
hwmon: (gsc-hwmon) fix fan pwm setpoint show functions
Timur Kristóf (6):
drm/amd/display: Don't overwrite dce60_clk_mgr
drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3
drm/amd/display: Fix DP audio DTO1 clock source on DCE 6.
drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs
drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs
drm/amd/display: Don't overclock DCE 6 by 15%
Tomasz Michalec (2):
usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present
platform/chrome: cros_ec_typec: Defer probe on missing EC parent
Trond Myklebust (1):
NFS: Fix the setting of capabilities when automounting a new filesystem
Tvrtko Ursulin (1):
drm/ttm: Respect the shrinker core free target
Tzung-Bi Shih (1):
platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister()
Ulf Hansson (1):
mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()
Uwe Kleine-König (2):
pwm: mediatek: Handle hardware enable and clock enable separately
pwm: mediatek: Fix duty and period setting
ValdikSS (1):
igc: fix disabling L1.2 PCI-E link substate on I226 on init
Vasiliy Kovalev (1):
ALSA: hda/realtek: Fix headset mic on HONOR BRB-X
Vedang Nagar (2):
media: venus: Fix OOB read due to missing payload bound check
media: venus: Add a check for packet size after reading from shared memory
Viacheslav Dubeyko (5):
hfs: fix general protection fault in hfs_find_init()
hfs: fix slab-out-of-bounds in hfs_bnode_read()
hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
hfs: fix not erasing deleted b-tree node issue
Victor Shih (3):
mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency
mmc: sdhci-pci-gli: Add a new function to simplify the code
mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER
Vijendar Mukunda (1):
soundwire: amd: serialize amd manager resume sequence during pm_prepare
Vincent Guittot (8):
sched/topology: Add a new arch_scale_freq_ref() method
cpufreq: Use the fixed and coherent frequency for scaling capacity
cpufreq/schedutil: Use a fixed reference frequency
energy_model: Use a fixed reference frequency
cpufreq/cppc: Set the frequency used for computing the capacity
arm64/amu: Use capacity_ref_freq() to set AMU ratio
topology: Set capacity_freq_ref in all cases
sched/fair: Fix frequency selection for non-invariant case
Vladimir Zapolskiy (1):
media: qcom: camss: cleanup media device allocated resource on error path
Waiman Long (2):
mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup()
cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key
Wang Liang (1):
net: bridge: fix soft lockup in br_multicast_query_expired()
Wang Zhaolong (2):
smb: client: remove redundant lstrp update in negotiate protocol
smb: client: fix netns refcount leak after net_passive changes
Wayne Lin (1):
drm/amd/display: Avoid trying AUX transactions on disconnected ports
Wei Gao (1):
ext2: Handle fiemap on empty files to prevent EINVAL
Weitao Wang (1):
usb: xhci: Fix slot_id resource race conflict
Wen Chen (1):
drm/amd/display: Fix 'failed to blank crtc!'
Will Deacon (4):
vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page
vsock/virtio: Validate length in packet header before skb_put()
vhost/vsock: Avoid allocating arbitrarily-sized SKBs
KVM: arm64: Fix kernel BUG() due to bad backport of FPSIMD/SVE/SME fix
William Liu (2):
net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate
Willy Tarreau (1):
tools/nolibc: fix spelling of FD_SETBITMASK in FD_* macros
Wolfram Sang (3):
media: usb: hdpvr: disable zero-length read messages
i3c: add missing include to internal header
i3c: don't fail if GETHDRCAP is unsupported
Xin Long (1):
sctp: linearize cloned gso packets in sctp_rcv
Xinxin Wan (1):
ASoC: codecs: rt5640: Retry DEVICE_ID verification
Xinyu Liu (1):
usb: core: config: Prevent OOB read in SS endpoint companion parsing
Xu Yang (2):
net: usb: asix_devices: add phy_mask for ax88772 mdio bus
usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test
Xu Yilun (1):
fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable()
Yann E. MORIN (1):
kconfig: lxdialog: fix 'space' to (de)select options
Ye Bin (1):
fs/buffer: fix use-after-free when call bh_read() helper
Yonghong Song (1):
selftests/bpf: Fix a user_ringbuf failure with arm64 64KB page size
Yongzhen Zhang (1):
fbdev: fix potential buffer overflow in do_register_framebuffer()
Youngjun Lee (1):
media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
Youssef Samir (1):
bus: mhi: host: Detect events pointing to unexpected TREs
Yuan Chen (1):
bpftool: Fix JSON writer resource leak in version command
Yuezhang Mo (1):
exfat: add cluster chain loop check for dir
Yuichiro Tsuji (1):
net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization
Yunhui Cui (1):
serial: 8250: fix panic due to PSLVERR
Yury Norov [NVIDIA] (1):
RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
Zenm Chen (1):
USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles
Zhang Shurong (1):
media: ov2659: Fix memory leaks in ov2659_probe()
Zhang Yi (1):
ext4: fix hole length calculation overflow in non-extent inodes
Zhiqi Song (1):
crypto: hisilicon/hpre - fix dma unmap sequence
Zhu Qiyu (1):
ACPI: PRM: Reduce unnecessary printing to avoid user confusion
Zijun Hu (2):
char: misc: Fix improper and inaccurate error code returned by misc_init()
Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie()
Ziyan Fu (1):
watchdog: iTCO_wdt: Report error if timeout configuration fails
Ziyan Xu (1):
ksmbd: fix refcount leak causing resource not released
chenchangcheng (1):
media: uvcvideo: Fix bandwidth issue for Alcor camera
fangzhong.zhou (1):
i2c: Force DLL0945 touchpad i2c freq to 100khz
jackysliu (1):
scsi: bfa: Double-free fix
tuhaowen (1):
PM: sleep: console: Fix the black screen issue
zhangjianrong (2):
net: thunderbolt: Enable end-to-end flow control also in transmit
net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths()
Álvaro Fernández Rojas (5):
net: dsa: b53: fix b53_imp_vlan_setup for BCM5325
net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325
net: dsa: b53: prevent DIS_LEARNING access on BCM5325
net: dsa: b53: prevent SWITCH_CTRL access on BCM5325
net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325
2 weeks, 1 day
- 1
- 1
Linux 6.1.149
by Greg Kroah-Hartman
I'm announcing the release of the 6.1.149 kernel.
All users of the 6.1 kernel series must upgrade.
The updated 6.1.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/devicetree/bindings/display/sprd/sprd,sharkl3-dpu.yaml | 2
Documentation/devicetree/bindings/display/sprd/sprd,sharkl3-dsi-host.yaml | 2
Documentation/firmware-guide/acpi/i2c-muxes.rst | 8
Documentation/networking/bonding.rst | 12
Documentation/networking/mptcp-sysctl.rst | 2
Makefile | 4
arch/arm/Makefile | 2
arch/arm/mach-rockchip/platsmp.c | 15
arch/arm/mach-tegra/reset.c | 2
arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1
arch/arm64/include/asm/acpi.h | 2
arch/arm64/kernel/cpufeature.c | 1
arch/arm64/kernel/entry.S | 6
arch/arm64/kernel/fpsimd.c | 4
arch/arm64/kernel/traps.c | 1
arch/arm64/mm/fault.c | 1
arch/arm64/mm/ptdump_debugfs.c | 3
arch/loongarch/net/bpf_jit.c | 21
arch/m68k/kernel/head.S | 31 -
arch/mips/crypto/chacha-core.S | 20
arch/mips/include/asm/vpe.h | 8
arch/mips/kernel/process.c | 16
arch/mips/lantiq/falcon/sysctrl.c | 23 -
arch/parisc/Makefile | 6
arch/parisc/include/asm/special_insns.h | 28 +
arch/parisc/include/asm/uaccess.h | 21
arch/parisc/kernel/entry.S | 17
arch/parisc/kernel/syscall.S | 30 -
arch/parisc/lib/memcpy.c | 19
arch/parisc/mm/fault.c | 4
arch/powerpc/include/asm/floppy.h | 5
arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6
arch/s390/hypfs/hypfs_dbfs.c | 19
arch/s390/include/asm/timex.h | 13
arch/s390/kernel/time.c | 2
arch/s390/mm/dump_pagetables.c | 2
arch/um/include/asm/thread_info.h | 4
arch/um/kernel/process.c | 20
arch/x86/events/intel/core.c | 2
arch/x86/include/asm/kvm-x86-ops.h | 2
arch/x86/include/asm/kvm_host.h | 24 -
arch/x86/include/asm/msr-index.h | 1
arch/x86/include/asm/reboot.h | 5
arch/x86/include/asm/virtext.h | 10
arch/x86/include/asm/xen/hypercall.h | 5
arch/x86/kernel/cpu/bugs.c | 5
arch/x86/kernel/cpu/hygon.c | 3
arch/x86/kernel/cpu/mce/amd.c | 13
arch/x86/kernel/reboot.c | 43 +
arch/x86/kvm/hyperv.c | 10
arch/x86/kvm/lapic.c | 61 ++
arch/x86/kvm/lapic.h | 1
arch/x86/kvm/svm/svm.c | 49 +-
arch/x86/kvm/svm/vmenter.S | 9
arch/x86/kvm/trace.h | 9
arch/x86/kvm/vmx/nested.c | 26 -
arch/x86/kvm/vmx/pmu_intel.c | 8
arch/x86/kvm/vmx/vmx.c | 183 +++++---
arch/x86/kvm/vmx/vmx.h | 31 +
arch/x86/kvm/x86.c | 65 +-
arch/x86/kvm/x86.h | 12
block/blk-core.c | 26 -
block/blk-settings.c | 2
drivers/acpi/acpi_processor.c | 2
drivers/acpi/apei/ghes.c | 2
drivers/acpi/pfr_update.c | 2
drivers/acpi/prmt.c | 26 +
drivers/acpi/processor_perflib.c | 11
drivers/ata/Kconfig | 35 +
drivers/ata/libata-sata.c | 5
drivers/ata/libata-scsi.c | 20
drivers/base/power/runtime.c | 5
drivers/block/drbd/drbd_receiver.c | 6
drivers/block/sunvdc.c | 4
drivers/bus/mhi/host/boot.c | 8
drivers/bus/mhi/host/internal.h | 4
drivers/bus/mhi/host/main.c | 12
drivers/char/ipmi/ipmi_msghandler.c | 8
drivers/char/ipmi/ipmi_watchdog.c | 59 +-
drivers/comedi/comedi_fops.c | 36 +
drivers/comedi/comedi_internal.h | 1
drivers/comedi/drivers.c | 36 -
drivers/comedi/drivers/pcl726.c | 3
drivers/cpufreq/armada-8k-cpufreq.c | 2
drivers/cpufreq/cppc_cpufreq.c | 2
drivers/cpufreq/cpufreq.c | 8
drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8
drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16
drivers/crypto/qat/qat_4xxx/adf_4xxx_hw_data.c | 13
drivers/crypto/qat/qat_common/adf_accel_devices.h | 1
drivers/crypto/qat/qat_common/adf_gen4_hw_data.h | 6
drivers/crypto/qat/qat_common/adf_init.c | 3
drivers/devfreq/governor_userspace.c | 6
drivers/dma/stm32-dma.c | 2
drivers/edac/synopsys_edac.c | 97 ++--
drivers/fpga/zynq-fpga.c | 10
drivers/gpio/gpio-mlxbf2.c | 2
drivers/gpio/gpio-tps65912.c | 7
drivers/gpio/gpio-virtio.c | 9
drivers/gpio/gpio-wcd934x.c | 7
drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4
drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6
drivers/gpu/drm/amd/amdgpu/mmhub_v3_0_1.c | 57 +-
drivers/gpu/drm/amd/amdkfd/kfd_module.c | 2
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 6
drivers/gpu/drm/amd/display/dc/bios/command_table.c | 2
drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 1
drivers/gpu/drm/amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 2
drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 +
drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 -
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11
drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3
drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6
drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 -
drivers/gpu/drm/display/drm_dp_helper.c | 2
drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c | 4
drivers/gpu/drm/msm/msm_gem.c | 3
drivers/gpu/drm/msm/msm_gem.h | 6
drivers/gpu/drm/scheduler/sched_entity.c | 21
drivers/gpu/drm/ttm/ttm_pool.c | 8
drivers/gpu/drm/ttm/ttm_resource.c | 3
drivers/hid/hid-apple.c | 13
drivers/hid/hid-magicmouse.c | 56 +-
drivers/hwmon/emc2305.c | 10
drivers/hwmon/gsc-hwmon.c | 4
drivers/i2c/i2c-core-acpi.c | 1
drivers/i3c/internals.h | 1
drivers/i3c/master.c | 4
drivers/iio/adc/ad7768-1.c | 23 -
drivers/iio/adc/ad_sigma_delta.c | 6
drivers/iio/imu/bno055/bno055.c | 11
drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 6
drivers/iio/light/as73211.c | 2
drivers/iio/light/hid-sensor-prox.c | 8
drivers/iio/pressure/bmp280-core.c | 9
drivers/iio/proximity/isl29501.c | 16
drivers/iio/temperature/maxim_thermocouple.c | 26 -
drivers/infiniband/core/nldev.c | 22
drivers/infiniband/hw/bnxt_re/qplib_res.c | 2
drivers/infiniband/hw/erdma/erdma_verbs.c | 4
drivers/infiniband/hw/hfi1/affinity.c | 44 +
drivers/iommu/amd/init.c | 4
drivers/leds/leds-lp50xx.c | 11
drivers/md/dm-ps-historical-service-time.c | 4
drivers/md/dm-ps-queue-length.c | 4
drivers/md/dm-ps-round-robin.c | 4
drivers/md/dm-ps-service-time.c | 4
drivers/md/dm-table.c | 10
drivers/md/dm-zoned-target.c | 2
drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3
drivers/media/dvb-frontends/dib7000p.c | 8
drivers/media/i2c/hi556.c | 26 -
drivers/media/i2c/ov2659.c | 3
drivers/media/i2c/tc358743.c | 86 ++-
drivers/media/platform/qcom/camss/camss.c | 4
drivers/media/platform/qcom/venus/core.c | 8
drivers/media/platform/qcom/venus/core.h | 2
drivers/media/platform/qcom/venus/helpers.c | 2
drivers/media/platform/qcom/venus/hfi_helper.h | 61 ++
drivers/media/platform/qcom/venus/hfi_msgs.c | 85 ++-
drivers/media/platform/qcom/venus/hfi_venus.c | 5
drivers/media/platform/qcom/venus/vdec.c | 13
drivers/media/platform/qcom/venus/vdec_ctrls.c | 2
drivers/media/platform/qcom/venus/venc.c | 9
drivers/media/platform/qcom/venus/venc_ctrls.c | 2
drivers/media/test-drivers/vivid/vivid-ctrls.c | 3
drivers/media/test-drivers/vivid/vivid-vid-cap.c | 4
drivers/media/usb/gspca/vicam.c | 10
drivers/media/usb/hdpvr/hdpvr-i2c.c | 6
drivers/media/usb/usbtv/usbtv-video.c | 4
drivers/media/usb/uvc/uvc_driver.c | 3
drivers/media/usb/uvc/uvc_video.c | 21
drivers/media/v4l2-core/v4l2-common.c | 8
drivers/media/v4l2-core/v4l2-ctrls-core.c | 1
drivers/memstick/core/memstick.c | 1
drivers/memstick/host/rtsx_usb_ms.c | 1
drivers/misc/cardreader/rtsx_usb.c | 16
drivers/misc/mei/bus.c | 6
drivers/mmc/host/rtsx_usb_sdmmc.c | 4
drivers/mmc/host/sdhci-msm.c | 14
drivers/mmc/host/sdhci-pci-gli.c | 33 -
drivers/most/core.c | 2
drivers/mtd/nand/raw/fsmc_nand.c | 2
drivers/mtd/nand/raw/renesas-nand-controller.c | 6
drivers/mtd/nand/spi/core.c | 5
drivers/mtd/spi-nor/swp.c | 19
drivers/net/bonding/bond_3ad.c | 224 ++++++++--
drivers/net/bonding/bond_main.c | 1
drivers/net/bonding/bond_netlink.c | 16
drivers/net/bonding/bond_options.c | 29 +
drivers/net/dsa/b53/b53_common.c | 65 ++
drivers/net/dsa/b53/b53_regs.h | 2
drivers/net/dummy.c | 1
drivers/net/ethernet/agere/et131x.c | 36 +
drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2
drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 +
drivers/net/ethernet/atheros/ag71xx.c | 9
drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4
drivers/net/ethernet/emulex/benet/be_main.c | 8
drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2
drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4
drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14
drivers/net/ethernet/freescale/fec_main.c | 34 -
drivers/net/ethernet/freescale/gianfar_ethtool.c | 4
drivers/net/ethernet/google/gve/gve_adminq.c | 1
drivers/net/ethernet/google/gve/gve_main.c | 2
drivers/net/ethernet/intel/igc/igc_main.c | 14
drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4
drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 2
drivers/net/ethernet/mediatek/mtk_wed.c | 1
drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2
drivers/net/ethernet/mellanox/mlxsw/trap.h | 1
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 7
drivers/net/geneve.c | 1
drivers/net/hyperv/hyperv_net.h | 3
drivers/net/hyperv/netvsc_drv.c | 29 +
drivers/net/loopback.c | 1
drivers/net/phy/micrel.c | 2
drivers/net/phy/mscc/mscc.h | 12
drivers/net/phy/mscc/mscc_main.c | 12
drivers/net/phy/mscc/mscc_ptp.c | 49 +-
drivers/net/phy/smsc.c | 1
drivers/net/ppp/ppp_generic.c | 17
drivers/net/thunderbolt.c | 21
drivers/net/usb/asix_devices.c | 1
drivers/net/usb/cdc_ncm.c | 20
drivers/net/veth.c | 1
drivers/net/vxlan/vxlan_core.c | 1
drivers/net/wireless/ath/ath11k/ce.c | 3
drivers/net/wireless/ath/ath11k/dp_rx.c | 3
drivers/net/wireless/ath/ath11k/hal.c | 33 +
drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2
drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5
drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7
drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2
drivers/net/wireless/realtek/rtlwifi/pci.c | 23 -
drivers/net/wireless/realtek/rtw89/core.c | 3
drivers/net/wireless/realtek/rtw89/fw.c | 9
drivers/net/wireless/realtek/rtw89/fw.h | 2
drivers/net/wireless/realtek/rtw89/mac.c | 19
drivers/net/wireless/realtek/rtw89/reg.h | 1
drivers/net/xen-netfront.c | 5
drivers/pci/controller/pcie-rockchip-host.c | 49 +-
drivers/pci/controller/pcie-rockchip.h | 11
drivers/pci/endpoint/pci-ep-cfs.c | 1
drivers/pci/endpoint/pci-epf-core.c | 2
drivers/pci/pci-acpi.c | 4
drivers/pci/pci.c | 8
drivers/pci/probe.c | 2
drivers/pinctrl/stm32/pinctrl-stm32.c | 1
drivers/platform/chrome/cros_ec.c | 19
drivers/platform/chrome/cros_ec_typec.c | 4
drivers/platform/x86/thinkpad_acpi.c | 4
drivers/pps/clients/pps-gpio.c | 5
drivers/ptp/ptp_clock.c | 2
drivers/pwm/pwm-imx-tpm.c | 9
drivers/pwm/pwm-mediatek.c | 71 +--
drivers/remoteproc/imx_rproc.c | 4
drivers/reset/Kconfig | 10
drivers/rtc/rtc-ds1307.c | 15
drivers/s390/char/sclp.c | 11
drivers/scsi/aacraid/comminit.c | 3
drivers/scsi/bfa/bfad_im.c | 1
drivers/scsi/libiscsi.c | 3
drivers/scsi/lpfc/lpfc_debugfs.c | 1
drivers/scsi/lpfc/lpfc_scsi.c | 4
drivers/scsi/mpi3mr/mpi3mr.h | 6
drivers/scsi/mpi3mr/mpi3mr_fw.c | 17
drivers/scsi/mpi3mr/mpi3mr_os.c | 22
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19
drivers/scsi/qla4xxx/ql4_os.c | 2
drivers/scsi/scsi_scan.c | 2
drivers/scsi/scsi_transport_sas.c | 60 ++
drivers/soc/qcom/mdt_loader.c | 68 ++-
drivers/soc/tegra/pmc.c | 51 +-
drivers/staging/media/imx/imx-media-csc-scaler.c | 2
drivers/target/target_core_fabric_lib.c | 63 ++
drivers/target/target_core_internal.h | 4
drivers/target/target_core_pr.c | 18
drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 +
drivers/thermal/thermal_sysfs.c | 9
drivers/thunderbolt/domain.c | 2
drivers/tty/serial/8250/8250_port.c | 3
drivers/tty/vt/defkeymap.c_shipped | 112 +++++
drivers/tty/vt/keyboard.c | 2
drivers/ufs/host/ufs-exynos.c | 4
drivers/ufs/host/ufshcd-pci.c | 42 +
drivers/usb/atm/cxacru.c | 106 ++--
drivers/usb/class/cdc-acm.c | 11
drivers/usb/core/config.c | 10
drivers/usb/core/hcd.c | 8
drivers/usb/core/quirks.c | 1
drivers/usb/core/urb.c | 2
drivers/usb/dwc3/dwc3-imx8mp.c | 6
drivers/usb/dwc3/dwc3-meson-g12a.c | 3
drivers/usb/dwc3/ep0.c | 20
drivers/usb/dwc3/gadget.c | 19
drivers/usb/gadget/udc/renesas_usb3.c | 1
drivers/usb/host/xhci-mem.c | 2
drivers/usb/host/xhci-pci-renesas.c | 7
drivers/usb/host/xhci-ring.c | 10
drivers/usb/host/xhci.c | 6
drivers/usb/musb/omap2430.c | 20
drivers/usb/storage/realtek_cr.c | 2
drivers/usb/storage/unusual_devs.h | 29 +
drivers/usb/typec/mux/intel_pmc_mux.c | 2
drivers/usb/typec/tcpm/fusb302.c | 8
drivers/usb/typec/ucsi/psy.c | 2
drivers/usb/typec/ucsi/ucsi.c | 1
drivers/usb/typec/ucsi/ucsi.h | 7
drivers/vfio/pci/mlx5/cmd.c | 4
drivers/vfio/vfio_iommu_type1.c | 7
drivers/vhost/vhost.c | 3
drivers/vhost/vsock.c | 6
drivers/video/console/vgacon.c | 2
drivers/video/fbdev/core/fbcon.c | 9
drivers/video/fbdev/core/fbmem.c | 3
drivers/virt/coco/efi_secret/efi_secret.c | 10
drivers/watchdog/dw_wdt.c | 2
drivers/watchdog/iTCO_wdt.c | 6
drivers/watchdog/sbsa_gwdt.c | 50 ++
fs/btrfs/block-group.c | 27 +
fs/btrfs/ctree.c | 9
fs/btrfs/ordered-data.c | 12
fs/btrfs/qgroup.c | 31 +
fs/btrfs/relocation.c | 19
fs/btrfs/send.c | 39 +
fs/btrfs/tree-log.c | 60 +-
fs/btrfs/zoned.c | 3
fs/buffer.c | 2
fs/crypto/fscrypt_private.h | 17
fs/crypto/hkdf.c | 2
fs/crypto/keysetup.c | 3
fs/crypto/keysetup_v1.c | 3
fs/eventpoll.c | 60 ++
fs/ext2/inode.c | 12
fs/ext4/fsmap.c | 23 -
fs/ext4/indirect.c | 4
fs/ext4/inline.c | 19
fs/ext4/inode.c | 2
fs/ext4/mballoc.c | 67 +-
fs/ext4/orphan.c | 5
fs/ext4/super.c | 8
fs/f2fs/data.c | 2
fs/f2fs/f2fs.h | 1
fs/f2fs/inode.c | 7
fs/f2fs/node.c | 10
fs/file.c | 90 +---
fs/hfs/bnode.c | 93 ++++
fs/hfsplus/bnode.c | 92 ++++
fs/hfsplus/unicode.c | 7
fs/hfsplus/xattr.c | 6
fs/hugetlbfs/inode.c | 2
fs/jbd2/checkpoint.c | 1
fs/jfs/file.c | 3
fs/jfs/inode.c | 2
fs/jfs/jfs_dmap.c | 6
fs/libfs.c | 4
fs/namespace.c | 34 -
fs/nfs/blocklayout/blocklayout.c | 4
fs/nfs/blocklayout/dev.c | 5
fs/nfs/blocklayout/extent_tree.c | 20
fs/nfs/client.c | 44 +
fs/nfs/internal.h | 2
fs/nfs/nfs4client.c | 20
fs/nfs/nfs4proc.c | 2
fs/nfs/pnfs.c | 11
fs/nfsd/nfs4state.c | 34 +
fs/ntfs3/dir.c | 3
fs/ntfs3/inode.c | 31 -
fs/orangefs/orangefs-debugfs.c | 2
fs/smb/client/cifssmb.c | 10
fs/smb/client/connect.c | 1
fs/smb/client/sess.c | 9
fs/smb/client/smb2ops.c | 11
fs/smb/server/connection.c | 3
fs/smb/server/connection.h | 7
fs/smb/server/smb2pdu.c | 16
fs/smb/server/transport_rdma.c | 5
fs/smb/server/transport_rdma.h | 4
fs/smb/server/transport_tcp.c | 26 +
fs/squashfs/super.c | 14
fs/udf/super.c | 13
fs/xfs/xfs_itable.c | 6
include/linux/blk_types.h | 6
include/linux/compiler.h | 8
include/linux/fs.h | 4
include/linux/hypervisor.h | 3
include/linux/if_vlan.h | 6
include/linux/iosys-map.h | 7
include/linux/memfd.h | 14
include/linux/mm.h | 82 ++-
include/linux/pci.h | 10
include/linux/platform_data/cros_ec_proto.h | 4
include/linux/skbuff.h | 8
include/linux/usb/cdc_ncm.h | 1
include/linux/virtio_vsock.h | 7
include/net/bond_3ad.h | 3
include/net/bond_options.h | 1
include/net/bonding.h | 23 +
include/net/cfg80211.h | 2
include/net/mac80211.h | 2
include/net/neighbour.h | 1
include/sound/soc-dai.h | 13
include/uapi/linux/if_link.h | 1
include/uapi/linux/in6.h | 4
include/uapi/linux/io_uring.h | 2
include/uapi/linux/pfrut.h | 1
kernel/cgroup/cpuset.c | 2
kernel/fork.c | 2
kernel/module/main.c | 10
kernel/power/console.c | 7
kernel/rcu/tree_plugin.h | 3
kernel/sched/fair.c | 19
kernel/trace/ftrace.c | 19
kernel/trace/trace.c | 33 -
kernel/trace/trace.h | 8
mm/debug_vm_pgtable.c | 9
mm/filemap.c | 2
mm/kmemleak.c | 10
mm/madvise.c | 2
mm/memfd.c | 2
mm/memory-failure.c | 8
mm/mmap.c | 12
mm/ptdump.c | 2
mm/shmem.c | 2
net/bluetooth/hci_conn.c | 3
net/bluetooth/hci_sync.c | 43 +
net/bridge/br_multicast.c | 16
net/bridge/br_private.h | 2
net/core/dev.c | 12
net/core/neighbour.c | 12
net/hsr/hsr_slave.c | 8
net/ipv4/ip_tunnel.c | 1
net/ipv4/netfilter/nf_reject_ipv4.c | 6
net/ipv4/route.c | 1
net/ipv4/udp_offload.c | 2
net/ipv6/addrconf.c | 7
net/ipv6/ip6_gre.c | 2
net/ipv6/ip6_tunnel.c | 1
net/ipv6/ip6_vti.c | 1
net/ipv6/mcast.c | 11
net/ipv6/netfilter/nf_reject_ipv6.c | 5
net/ipv6/seg6_hmac.c | 6
net/ipv6/sit.c | 1
net/mac80211/cfg.c | 12
net/mac80211/chan.c | 1
net/mac80211/mlme.c | 9
net/mac80211/sta_info.c | 5
net/mctp/af_mctp.c | 26 +
net/mptcp/options.c | 9
net/mptcp/pm.c | 8
net/mptcp/pm_netlink.c | 19
net/mptcp/protocol.c | 55 ++
net/mptcp/protocol.h | 27 -
net/mptcp/subflow.c | 30 -
net/ncsi/internal.h | 2
net/ncsi/ncsi-rsp.c | 1
net/netfilter/nf_conntrack_netlink.c | 24 -
net/netlink/af_netlink.c | 2
net/sched/sch_cake.c | 14
net/sched/sch_ets.c | 36 -
net/sched/sch_htb.c | 2
net/tls/tls_sw.c | 16
net/vmw_vsock/virtio_transport.c | 14
net/wireless/mlme.c | 3
scripts/kconfig/gconf.c | 8
scripts/kconfig/lxdialog/inputbox.c | 6
scripts/kconfig/lxdialog/menubox.c | 2
scripts/kconfig/nconf.c | 2
scripts/kconfig/nconf.gui.c | 1
security/apparmor/include/lib.h | 6
security/inode.c | 2
sound/core/pcm_native.c | 19
sound/pci/hda/hda_codec.c | 42 -
sound/pci/hda/patch_ca0132.c | 2
sound/pci/hda/patch_realtek.c | 4
sound/pci/intel8x0.c | 2
sound/soc/codecs/hdac_hdmi.c | 10
sound/soc/codecs/rt5640.c | 5
sound/soc/fsl/fsl_asrc.c | 16
sound/soc/fsl/fsl_aud2htx.c | 10
sound/soc/fsl/fsl_easrc.c | 16
sound/soc/fsl/fsl_esai.c | 20
sound/soc/fsl/fsl_micfil.c | 14
sound/soc/fsl/fsl_sai.c | 44 -
sound/soc/fsl/fsl_spdif.c | 17
sound/soc/fsl/fsl_ssi.c | 3
sound/soc/fsl/fsl_xcvr.c | 16
sound/soc/generic/audio-graph-card.c | 2
sound/soc/intel/avs/core.c | 3
sound/soc/soc-core.c | 28 +
sound/soc/soc-dai.c | 43 +
sound/soc/soc-dapm.c | 4
sound/usb/mixer_quirks.c | 14
sound/usb/stream.c | 25 -
sound/usb/validate.c | 14
tools/include/nolibc/std.h | 4
tools/include/nolibc/types.h | 4
tools/include/uapi/linux/if_link.h | 1
tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 4
tools/scripts/Makefile.include | 4
tools/testing/ktest/ktest.pl | 5
tools/testing/selftests/arm64/fp/sve-ptrace.c | 3
tools/testing/selftests/bpf/prog_tests/user_ringbuf.c | 10
tools/testing/selftests/ftrace/test.d/ftrace/func-filter-glob.tc | 2
tools/testing/selftests/futex/include/futextest.h | 11
tools/testing/selftests/memfd/memfd_test.c | 43 +
tools/testing/selftests/net/mptcp/pm_netlink.sh | 1
511 files changed, 4940 insertions(+), 1988 deletions(-)
Aahil Awatramani (1):
bonding: Add independent control state machine
Aaron Kling (1):
ARM: tegra: Use I/O memcpy to write to IRAM
Aaron Plattner (1):
watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition
Ada Couprie Diaz (1):
arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()
Aditya Garg (2):
HID: magicmouse: avoid setting up battery timer when not needed
HID: apple: avoid setting up battery timer for devices without battery
Adrian Hunter (1):
scsi: ufs: ufs-pci: Fix default runtime and system PM levels
Al Viro (5):
better lockdep annotations for simple_recursive_removal()
fix locking in efi_secret_unlink()
securityfs: don't pin dentries twice, once is enough...
use uniform permission checks for all mount propagation changes
alloc_fdtable(): change calling conventions.
Alex Deucher (1):
drm/amdgpu: update mmhub 3.0.1 client id mappings
Alex Guo (2):
media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()
media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
Alexander Kochetkov (1):
ARM: rockchip: fix kernel hang during smp initialization
Alexander Wilhelm (1):
bus: mhi: host: Fix endianness of BHI vector table
Alok Tiwari (4):
ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4
be2net: Use correct byte order and format string for TCP seq and ack_seq
net: thunderx: Fix format-truncation warning in bgx_acpi_match_id()
gve: Return error for unknown admin queue command
Amber Lin (1):
drm/amdkfd: Destroy KFD debugfs after destroy KFD wq
Amelie Delaunay (1):
dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs
Amir Mohammad Jahangirzad (1):
fs/orangefs: use snprintf() instead of sprintf()
Anantha Prabhu (1):
RDMA/bnxt_re: Fix to initialize the PBL array
Andreas Dilger (1):
ext4: check fast symlink for ea_inode correctly
André Draszik (1):
scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
Andy Shevchenko (1):
Documentation: ACPI: Fix parent device references
Anshuman Khandual (1):
mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()
Anthoine Bourgeois (1):
xen/netfront: Fix TX response spurious interrupts
Archana Patni (1):
scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers
Arnaud Lecomte (1):
jfs: upper bound check of tree index in dbAllocAG
Arnd Bergmann (1):
RDMA/core: reduce stack using in nldev_stat_get_doit()
Artem Sadovnikov (1):
vfio/mlx5: fix possible overflow in tracking max message size
Avraham Stern (1):
wifi: iwlwifi: mvm: fix scan request validation
Baihan Li (1):
drm/hisilicon/hibmc: fix the hibmc loaded failed bug
Baokun Li (4):
ext4: fix zombie groups in average fragment size lists
ext4: fix largest free orders lists corruption on mb_optimize_scan switch
jbd2: prevent softlockup in jbd2_log_do_checkpoint()
ext4: preserve SB_I_VERSION on remount
Bartosz Golaszewski (2):
gpio: wcd934x: check the return value of regmap_update_bits()
gpio: tps65912: check the return value of regmap_update_bits()
Benjamin Berg (1):
wifi: mac80211: avoid lockdep checking when removing deflink
Benjamin Marzinski (1):
dm-table: fix checking for rq stackable devices
Benson Leung (1):
usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default
Bharat Bhushan (1):
crypto: octeontx2 - add timeout for load_fvc completion poll
Bingbu Cao (1):
media: hi556: correct the test pattern configuration
Bitterblue Smith (3):
wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB
wifi: rtw89: Fix rtw89_mac_power_switch() for USB
wifi: rtw89: Disable deep power saving for USB/SDIO
Bjorn Andersson (1):
soc: qcom: mdt_loader: Ensure we don't read past the ELF header
Bjorn Helgaas (1):
mmc: sdhci-pci-gli: Use PCI AER definitions, not hard-coded values
Boshi Yu (1):
RDMA/erdma: Fix ignored return value of init_kernel_qp
Breno Leitao (5):
ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
arm64: Mark kernel as tainted on SAE and SError panic
ptp: Use ratelimite for freerun error message
ipmi: Use dev_warn_ratelimited() for incorrect message warnings
mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock
Buday Csaba (1):
net: phy: smsc: add proper reset flags for LAN8710A
Cezary Rojewski (1):
ASoC: Intel: avs: Fix uninitialized pointer error in probe()
Chao Gao (2):
KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID
KVM: VMX: Flush shadow VMCS on emergency reboot
Chao Yu (3):
f2fs: fix to do sanity check on ino and xnid
f2fs: fix to call clear_page_private_reference in .{release,invalid}_folio
f2fs: fix to avoid out-of-boundary access in dnode page
Cheick Traore (1):
pinctrl: stm32: Manage irq affinity settings
Chen Yu (1):
ACPI: pfr_update: Fix the driver update version check
Chen-Yu Tsai (1):
platform/chrome: cros_ec: Use per-device lockdep key
Chenyuan Yang (1):
drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()
Chris Mason (1):
sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails
Christoph Hellwig (2):
block: reject invalid operation in submit_bio_noacct
xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags
Christoph Paasch (1):
mptcp: drop skb if MPTCP skb extension allocation fails
Christophe Leroy (1):
ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop
Christopher Eby (1):
ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks
Corey Minyard (1):
ipmi: Fix strcpy source and destination the same
Cristian Ciocaltea (1):
ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
Cynthia Huang (1):
selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t
Dai Ngo (1):
NFSD: detect mismatch of file handle and delegation stateid in OPEN op
Damien Le Moal (8):
ata: libata-sata: Disallow changing LPM state if not supported
scsi: mpt3sas: Correctly handle ATA device errors
scsi: mpi3mr: Correctly handle ATA device errors
ata: libata-scsi: Fix ata_to_sense_error() status handling
PCI: endpoint: Fix configfs group list head handling
PCI: endpoint: Fix configfs group removal on driver teardown
block: Make REQ_OP_ZONE_FINISH a write operation
ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig
Dan Carpenter (4):
cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table()
media: gspca: Add bounds checking to firmware parser
scsi: qla4xxx: Prevent a potential error pointer dereference
ALSA: usb-audio: Fix size validation in convert_chmap_v3()
Dave Stevenson (3):
media: tc358743: Check I2C succeeded during probe
media: tc358743: Return an appropriate colorspace from tc358743_set_fmt
media: tc358743: Increase FIFO trigger level to 374
David Collins (1):
thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required
David Lechner (5):
iio: adc: ad_sigma_delta: don't overallocate scan buffer
iio: imu: bno055: fix OOB access of hw_xlate array
iio: adc: ad_sigma_delta: change to buffer predisable
iio: proximity: isl29501: fix buffered read on big-endian systems
iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read()
David Thompson (1):
gpio: mlxbf2: use platform_get_irq_optional()
Davide Caratti (1):
net/sched: ets: use old 'nbands' while purging unused classes
Edward Adam Davis (2):
jfs: Regular file corruption check
comedi: pcl726: Prevent invalid irq number
Eliav Farber (1):
pps: clients: gpio: fix interrupt handling order in remove path
Emily Deng (1):
drm/ttm: Should to return the evict error
Eric Biggers (4):
thunderbolt: Fix copy+paste error in match_service_id()
lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap
ipv6: sr: Fix MAC comparison to be constant-time
fscrypt: Don't use problematic non-inline crypto engines
Eric Dumazet (2):
net: add netdev_lockdep_set_classes() to virtual drivers
net_sched: sch_ets: implement lockless ets_dump()
Eric Work (1):
net: atlantic: add set_power to fw_ops for atl2 to fix wol
Evgeniy Harchenko (1):
ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6
Fedor Pchelkin (1):
netlink: avoid infinite retry looping in netlink_unicast()
Filipe Manana (6):
btrfs: abort transaction during log replay if walk_log_tree() failed
btrfs: fix log tree replay failure due to file with 0 links and extents
btrfs: fix qgroup reservation leak on failure to allocate ordered extent
btrfs: qgroup: fix race between quota disable and quota rescan ioctl
btrfs: abort transaction on unexpected eb generation at btrfs_copy_root()
btrfs: send: use fallocate for hole punching with send stream v2
Finn Thain (1):
m68k: Fix lost column on framebuffer debug console
Florian Larysch (1):
net: phy: micrel: fix KSZ8081/KSZ8091 cable test
Florian Westphal (2):
netfilter: ctnetlink: fix refcount leak on table dump
netfilter: nf_reject: don't leak dst refcount for loopback packets
Florin Leotescu (1):
hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state
Gabor Juhos (1):
mtd: spinand: propagate spinand_wait() errors from spinand_write_page()
Gal Pressman (1):
net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs
Gang Ba (1):
drm/amdgpu: Avoid extra evict-restore process.
Gautham R. Shenoy (1):
pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()
Geliang Tang (1):
mptcp: disable add_addr retransmission when timeout is 0
Geraldo Nascimento (2):
PCI: rockchip: Use standard PCIe definitions
PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining
Giovanni Cabiddu (1):
crypto: qat - fix ring to service map for QAT GEN4
Gokul krishna Krishnakumar (1):
soc: qcom: mdt_loader: Enhance split binary detection
Greg Kroah-Hartman (1):
Linux 6.1.149
Gui-Dong Han (1):
media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
Haiyang Zhang (1):
hv_netvsc: Fix panic during namespace deletion with VF
Hangbin Liu (2):
bonding: update LACP activity flag after setting lacp_active
bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU
Hans Verkuil (1):
media: vivid: fix wrong pixel_array control size
Hans de Goede (1):
mei: bus: Check for still connected devices in mei_cl_bus_dev_release()
Haoran Jiang (1):
LoongArch: BPF: Fix jump offset calculation in tailcall
Haoxiang Li (1):
media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init()
Harald Mommer (1):
gpio: virtio: Fix config space reading.
Hari Kalavakunta (1):
net: ncsi: Fix buffer overflow in fetching version id
Heiner Kallweit (1):
dpaa_eth: don't use fixed_phy_change_carrier
Helge Deller (1):
Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()"
Herton R. Krzesinski (1):
mm/debug_vm_pgtable: clear page table entries at destroy_args()
Hiago De Franco (1):
remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU
Horatiu Vultur (1):
phy: mscc: Fix timestamping for vsc8584
Hsin-Te Yuan (1):
thermal: sysfs: Return ENODATA instead of EAGAIN for reads
Huacai Chen (1):
PCI: Extend isolated function probing to LoongArch
Ian Abbott (3):
comedi: fix race between polling and detaching
comedi: Make insn_rw_emulate_bits() do insn->n samples
comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()
Ido Schimmel (1):
mlxsw: spectrum: Forward packets with an IPv4 link-local source IP
Ilan Peer (1):
wifi: cfg80211: Fix interface type validation
Ilya Bakoulin (1):
drm/amd/display: Separate set_gsl from set_gsl_source_select
Imre Deak (1):
drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS
Jack Xiao (1):
drm/amdgpu: fix incorrect vm flags to map bo
Jakub Acs (1):
net, hsr: reject HSR frame if skb can't hold tag
Jakub Kicinski (2):
uapi: in6: restore visibility of most IPv6 socket options
tls: fix handling of zero-length records on the rx_list
Jakub Ramaseuski (1):
net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM
Jan Beulich (1):
compiler: remove __ADDRESSABLE_ASM{_STR,}() again
Jan Kara (1):
udf: Verify partition map count
Jann Horn (1):
eventpoll: Fix semi-unbounded recursion
Jason Wang (1):
vhost: fail early when __vhost_add_used() fails
Jason Xing (1):
ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc
Jay Chen (1):
usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command
Jean-Baptiste Maneyrol (1):
iio: imu: inv_icm42600: change invalid data error to -EBUSY
Jeff Layton (1):
nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
Jiasheng Jiang (1):
scsi: lpfc: Remove redundant assignment to avoid memory leak
Jiayi Li (2):
ACPI: processor: perflib: Fix initial _PPC limit application
memstick: Fix deadlock by moving removing flag earlier
Jinjiang Tu (1):
mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn
Johan Adolfsson (1):
leds: leds-lp50xx: Handle reg to get correct multi_index
Johan Hovold (11):
net: gianfar: fix device leak when querying time stamp info
net: mtk_eth_soc: fix device leak at probe
net: dpaa: fix device leak when querying time stamp info
usb: gadget: udc: renesas_usb3: fix device leak at unbind
usb: dwc3: meson-g12a: fix device leaks at unbind
wifi: ath11k: fix dest ring-buffer corruption
wifi: ath11k: fix source ring-buffer corruption
wifi: ath11k: fix dest ring-buffer corruption when ring is full
net: enetc: fix device and OF node leak at probe
usb: musb: omap2430: fix device leak at unbind
usb: dwc3: imx8mp: fix device leak at unbind
Johannes Berg (2):
wifi: cfg80211: reject HTC bit for management frames
wifi: mac80211: don't complete management TX on SAE commit
Johannes Thumshirn (1):
btrfs: zoned: use filesystem size not disk size for reclaim decision
John David Anglin (5):
parisc: Check region is readable by user in raw_copy_from_user()
parisc: Revise __get_user() to probe user read access
parisc: Revise gateway LWS calls to probe user read access
parisc: Try to fixup kernel exception in bad_area_nosemaphore path of do_page_fault()
parisc: Update comments in make_insert_tlb
John Garry (2):
scsi: aacraid: Stop using PCI_IRQ_AFFINITY
block: avoid possible overflow for chunk_sectors check in blk_stack_limits()
Jon Hunter (1):
soc/tegra: pmc: Ensure power-domains are in a known state
Jonas Rebmann (1):
net: fec: allow disable coalescing
Jonathan Cameron (1):
iio: light: as73211: Ensure buffer holes are zeroed
Jonathan Santos (1):
iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement
Jordan Rhee (1):
gve: prevent ethtool ops after shutdown
Jorge Marques (1):
i3c: master: Initialize ret in i3c_i2c_notifier_call()
Jorge Ramirez-Ortiz (2):
media: venus: hfi: explicitly release IRQ during teardown
media: venus: protect against spurious interrupts during probe
Judith Mendez (1):
arm64: dts: ti: k3-am62-main: Remove eMMC High Speed DDR support
Justin Tee (1):
scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
Kan Liang (1):
perf/x86/intel: Fix crash in icl_update_topdown_event()
Kees Cook (3):
arm64: Handle KCOV __init vs inline mismatches
platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches
iommu/amd: Avoid stack buffer overflow from kernel cmdline
Keith Busch (1):
vfio/type1: conditional rescheduling while pinning
Konrad Dybcio (1):
media: venus: Introduce accessors for remapped hfi_buffer_reqs members
Krzysztof Kozlowski (2):
dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints
dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints
Kuen-Han Tsai (1):
usb: dwc3: Ignore late xferNotReady event to prevent halt timeout
Kuninori Morimoto (4):
ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed
ASoC: soc-dai.c: add missing flag check at snd_soc_pcm_dai_probe()
ASoC: soc-dai.h: merge DAI call back functions into ops
ASoC: fsl: merge DAI call back functions into ops
Kuniyuki Iwashima (1):
ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc().
Laurentiu Mihalcea (1):
pwm: imx-tpm: Reset counter if CMOD is 0
Leon Romanovsky (1):
net/mlx5e: Properly access RCU protected qdisc_sleeping variable
Liao Yuanhong (1):
ext4: use kmalloc_array() for array space allocation
Lifeng Zheng (2):
cpufreq: Exit governor when failed to start old governor
PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store()
Lin.Cao (1):
drm/sched: Remove optimization that causes hang when killing dependent jobs
Lizhi Xu (2):
fs/ntfs3: Add sanity check for file name
jfs: truncate good inode pages when hard link is 0
Lorenzo Stoakes (4):
mm: drop the assumption that VM_SHARED always implies writable
mm: update memfd seal write check to include F_SEAL_WRITE
mm: reinstate ability to map write-sealed memfd mappings read-only
selftests/memfd: add test for mapping write-sealed memfd read-only
Lucy Thrun (1):
ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
Ludwig Disterhof (1):
media: usbtv: Lock resolution while streaming
Lukas Wunner (1):
PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
Ma Ke (1):
sunvdc: Balance device refcount in vdc_port_mpgroup_check
Mael GUERIN (1):
USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera
Marek Szyprowski (1):
zynq_fpga: use sgtable-based scatterlist wrappers
Marek Vasut (1):
usb: renesas-xhci: Fix External ROM access timeouts
Mario Limonciello (6):
usb: xhci: Avoid showing warnings for dying controller
usb: xhci: Avoid showing errors during surprise removal
drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual
drm/amd/display: Only finalize atomic_obj if it was initialized
drm/amd: Restore cached power limit during resume
drm/amd/display: Avoid a NULL pointer dereference
Mark Brown (2):
ASoC: hdac_hdmi: Rate limit logging on connection and disconnection
kselftest/arm64: Specify SVE data when testing VL set in sve-ptrace
Masahiro Yamada (2):
kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed()
kconfig: gconf: fix potential memory leak in renderer_edited()
Masami Hiramatsu (Google) (1):
selftests: tracing: Use mutex_unlock for testing glob filter
Mateusz Guzik (1):
apparmor: use the condition in AA_BUG_FMT even with debug disabled
Matt Johnston (1):
net: mctp: Prevent duplicate binds
Matthieu Baerts (NGI0) (2):
mptcp: pm: kernel: flush: do not reset ADD_ADDR limit
selftests: mptcp: pm: check flush doesn't reset limits
Maurizio Lombardi (1):
scsi: target: core: Generate correct identifiers for PR OUT transport IDs
Maxim Levitsky (3):
KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter
KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs
KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest
Meagan Lloyd (2):
rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
Miao Li (1):
usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive
Miaoqian Lin (1):
most: core: Drop device reference after usage in get_channel()
Michael Walle (1):
mtd: spi-nor: Fix spi_nor_try_unlock_all()
Mikhail Lobanov (1):
wifi: mac80211: check basic rates validity in sta_link_apply_parameters
Mikulas Patocka (1):
dm-mpath: don't print the "loaded" message if registering fails
Mina Almasry (1):
netmem: fix skb_frag_address_safe with unreadable skbs
Minhong He (1):
ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add
Myrrh Periwinkle (3):
usb: typec: ucsi: Update power_supply on power role change
vt: keyboard: Don't process Unicode characters in K_OFF mode
vt: defkeymap: Map keycodes above 127 to K_HOLE
Namjae Jeon (1):
ksmbd: extend the connection limiting mechanism to support IPv6
Naohiro Aota (1):
btrfs: zoned: do not remove unwritten non-data block group
Nathan Chancellor (3):
usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init()
wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table()
ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS
NeilBrown (1):
smb/server: avoid deadlock when linking with ReplaceIfExists
Nianyao Tang (1):
arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 register
Nicolas Escande (1):
neighbour: add support for NUD_PERMANENT proxy entries
Niklas Söderlund (1):
media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control
Nitin Gote (1):
iosys-map: Fix undefined behavior in iosys_map_clear()
Ojaswin Mujoo (2):
ext4: fix fsmap end of range reporting with bigalloc
ext4: fix reserved gdt blocks handling in fsmap
Oliver Neukum (3):
usb: core: usb_submit_urb: downgrade type check
net: usb: cdc-ncm: check for filtering capability
cdc-acm: fix race between initial clearing halt and open
Oscar Maes (1):
net: ipv4: fix incorrect MTU in broadcast routes
Pagadala Yesu Anjaneyulu (1):
wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect
Pali Rohár (1):
cifs: Fix calling CIFSFindFirst() for root path without msearch
Paolo Abeni (3):
mptcp: make fallback action and fallback decision atomic
mptcp: plug races between subflow fail and subflow creation
mptcp: reset fallback status gracefully at disconnect() time
Paul E. McKenney (1):
rcu: Protect ->defer_qs_iw_pending from data race
Pavel Begunkov (1):
io_uring: don't use int for ABI
Pawan Gupta (1):
x86/bugs: Avoid warning when overriding return thunk
Peter Oberparleiter (3):
s390/sclp: Fix SCCB present check
s390/hypfs: Avoid unnecessary ioctl registration in debugfs
s390/hypfs: Enable limited access during lockdown
Peter Robinson (1):
reset: brcmstb: Enable reset drivers for ARCH_BCM2835
Peter Ujfalusi (1):
ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
Petr Pavlu (1):
module: Prevent silent truncation of module name in delete_module(2)
Phillip Lougher (1):
squashfs: fix memory leak in squashfs_fill_super
Prashant Malani (1):
cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag
Pu Lehui (1):
tracing: Limit access to parser->buffer when trace_get_user failed
Purva Yeshi (1):
md: dm-zoned-target: Initialize return variable r to avoid uninitialized use
Qingfang Deng (2):
net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path
ppp: fix race conditions in ppp_fill_forward_path
Qu Wenruo (2):
btrfs: do not allow relocation of partially dropped subvolumes
btrfs: populate otime when logging an inode item
Rafael J. Wysocki (2):
ACPI: processor: perflib: Move problematic pr->performance check
PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit()
Ramya Gnanasekar (1):
wifi: mac80211: update radar_required in channel context after channel switch
Rand Deeb (1):
wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()
Randy Dunlap (2):
parisc: Makefile: fix a typo in palo.conf
parisc: Makefile: explain that 64BIT requires both 32-bit and 64-bit compilers
Ranjan Kumar (4):
scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
scsi: mpi3mr: Fix race between config read submit and interrupt completion
scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers
scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems
Ricardo Ribalda (3):
media: uvcvideo: Do not mark valid metadata as invalid
media: venus: vdec: Clamp param smaller than 1fps and bigger than 240.
media: venus: venc: Clamp param smaller than 1fps and bigger than 240
Ricky Wu (1):
misc: rtsx: usb: Ensure mmc child device is active when card is present
Rob Clark (1):
drm/msm: use trylock for debugfs
Rong Zhang (1):
fs/ntfs3: correctly create symlink for relative path
Sabrina Dubroca (2):
udp: also consider secpath when evaluating ipsec use for checksumming
tls: separate no-async decryption request handling from async
Sakari Ailus (1):
media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free()
Salah Triki (1):
iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe()
Sarah Newman (1):
drbd: add missing kref_get in handle_write_conflicts
Sarthak Garg (1):
mmc: sdhci-msm: Ensure SD card power isn't ON when card removed
Sasha Levin (1):
fs: Prevent file descriptor table allocations exceeding INT_MAX
Sean Christopherson (19):
KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow
KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC)
KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
KVM: x86: Snapshot the host's DEBUGCTL in common x86
KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs
KVM: x86/pmu: Gate all "unimplemented MSR" prints on report_ignored_msrs
KVM: x86: Plumb "force_immediate_exit" into kvm_entry() tracepoint
KVM: VMX: Re-enter guest in fastpath for "spurious" preemption timer exits
KVM: VMX: Handle forced exit due to preemption timer in fastpath
KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers
KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2
KVM: x86: Fully defer to vendor code to decide how to force immediate exit
KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap
KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag
KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported
KVM: VMX: Extract checking of guest's DEBUGCTL into helper
KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer
x86/reboot: Harden virtualization hooks for emergency reboot
x86/reboot: KVM: Handle VMXOFF in KVM's reboot callback
Sebastian Ott (1):
ACPI: processor: fix acpi_object initialization
Sebastian Reichel (2):
watchdog: dw_wdt: Fix default timeout
usb: typec: fusb302: cache PD RX state
Selvarasu Ganesan (1):
usb: dwc3: Remove WARN_ON for device endpoint command timeouts
Sergey Bashirov (4):
pNFS: Fix stripe mapping in block/scsi layout
pNFS: Fix disk addr range check in block/scsi layout
pNFS: Handle RPC size limit for layoutcommits
pNFS: Fix uninited ptr deref in block/scsi layout
Sergey Shtylyov (1):
Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync()
Shankari Anand (1):
kconfig: nconf: Ensure null termination where strncpy is used
Shannon Nelson (1):
ionic: clean dbpage in de-init
Shengjiu Wang (1):
ASoC: fsl_sai: replace regmap_write with regmap_update_bits
Shiji Yang (2):
MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free}
MIPS: lantiq: falcon: sysctrl: fix request memory check logic
Showrya M N (1):
scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
Shubhrajyoti Datta (1):
EDAC/synopsys: Clear the ECC counters on init
Shyam Prasad N (1):
cifs: reset iface weights when we cannot find a candidate
Sravan Kumar Gundu (1):
fbdev: Fix vmalloc out-of-bounds write in fast_imageblit
Stanislaw Gruszka (1):
wifi: iwlegacy: Check rate_idx range after addition
Stefan Metzmacher (1):
smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy()
Steve French (1):
smb3: fix for slab out of bounds on mount to ksmbd
Steven Rostedt (3):
ktest.pl: Prevent recursion of default variable options
ftrace: Also allocate and copy hash for reading of filter files
tracing: Remove unneeded goto out logic
Su Hui (1):
usb: xhci: print xhci->xhc_state when queue_command failed
Suchit Karunakaran (1):
kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c
Sumanth Gavini (1):
Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync
Sven Schnelle (2):
s390/time: Use monotonic clock in get_cycles()
s390/stp: Remove udelay from stp_sync_clock()
Takashi Iwai (5):
ALSA: usb-audio: Validate UAC3 power domain descriptors, too
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
ALSA: hda: Handle the jack polling always via a work
ALSA: hda: Disable jack polling at shutdown
ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation
Tetsuo Handa (1):
hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
Theodore Ts'o (2):
ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
ext4: don't try to clear the orphan_present feature block device is r/o
Thomas Fourier (8):
et131x: Add missing check after DMA map
net: ag71xx: Add missing check after DMA map
(powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer
wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`.
powerpc: floppy: Add missing checks after DMA map
wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc()
mtd: rawnand: fsmc: Add missing check after DMA map
mtd: rawnand: renesas: Add missing check after DMA map
Thomas Weißschuh (5):
tools/nolibc: define time_t in terms of __kernel_old_time_t
tools/build: Fix s390(x) cross-compilation with clang
um: Re-evaluate thread flags repeatedly
MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
kbuild: userprogs: use correct linker when mixing clang and GNU ld
Thorsten Blum (1):
usb: storage: realtek_cr: Use correct byte order for bcs->Residue
Tianxiang Peng (1):
x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper
Tim Harvey (1):
hwmon: (gsc-hwmon) fix fan pwm setpoint show functions
Timur Kristóf (6):
drm/amd/display: Don't overwrite dce60_clk_mgr
drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3
drm/amd/display: Fix DP audio DTO1 clock source on DCE 6.
drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs
drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs
drm/amd/display: Don't overclock DCE 6 by 15%
Tomasz Michalec (2):
usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present
platform/chrome: cros_ec_typec: Defer probe on missing EC parent
Trond Myklebust (1):
NFS: Fix the setting of capabilities when automounting a new filesystem
Tvrtko Ursulin (1):
drm/ttm: Respect the shrinker core free target
Tzung-Bi Shih (2):
platform/chrome: cros_ec: remove unneeded label and if-condition
platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister()
Ulf Hansson (1):
mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()
Uwe Kleine-König (3):
pwm: mediatek: Handle hardware enable and clock enable separately
pwm: mediatek: Fix duty and period setting
usb: musb: omap2430: Convert to platform remove callback returning void
ValdikSS (1):
igc: fix disabling L1.2 PCI-E link substate on I226 on init
Vasiliy Kovalev (1):
ALSA: hda/realtek: Fix headset mic on HONOR BRB-X
Vedang Nagar (2):
media: venus: Add a check for packet size after reading from shared memory
media: venus: Fix OOB read due to missing payload bound check
Viacheslav Dubeyko (4):
hfs: fix slab-out-of-bounds in hfs_bnode_read()
hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
hfs: fix not erasing deleted b-tree node issue
Victor Shih (3):
mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency
mmc: sdhci-pci-gli: Add a new function to simplify the code
mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER
Vladimir Zapolskiy (1):
media: qcom: camss: cleanup media device allocated resource on error path
Waiman Long (2):
mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup()
cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key
Wang Liang (1):
net: bridge: fix soft lockup in br_multicast_query_expired()
Wang Zhaolong (1):
smb: client: remove redundant lstrp update in negotiate protocol
Wei Gao (1):
ext2: Handle fiemap on empty files to prevent EINVAL
Wen Chen (1):
drm/amd/display: Fix 'failed to blank crtc!'
Will Deacon (4):
vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page
vsock/virtio: Validate length in packet header before skb_put()
vhost/vsock: Avoid allocating arbitrarily-sized SKBs
KVM: arm64: Fix kernel BUG() due to bad backport of FPSIMD/SVE/SME fix
William Liu (2):
net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate
Willy Tarreau (1):
tools/nolibc: fix spelling of FD_SETBITMASK in FD_* macros
Wolfram Sang (3):
media: usb: hdpvr: disable zero-length read messages
i3c: add missing include to internal header
i3c: don't fail if GETHDRCAP is unsupported
Xinxin Wan (1):
ASoC: codecs: rt5640: Retry DEVICE_ID verification
Xinyu Liu (1):
usb: core: config: Prevent OOB read in SS endpoint companion parsing
Xu Yang (2):
net: usb: asix_devices: add phy_mask for ax88772 mdio bus
usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test
Xu Yilun (1):
fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable()
Yann E. MORIN (1):
kconfig: lxdialog: fix 'space' to (de)select options
Yazen Ghannam (1):
x86/mce/amd: Add default names for MCA banks and blocks
Ye Bin (1):
fs/buffer: fix use-after-free when call bh_read() helper
Yonghong Song (1):
selftests/bpf: Fix a user_ringbuf failure with arm64 64KB page size
Yongzhen Zhang (1):
fbdev: fix potential buffer overflow in do_register_framebuffer()
Youngjun Lee (1):
media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
Youssef Samir (1):
bus: mhi: host: Detect events pointing to unexpected TREs
Yuichiro Tsuji (1):
net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization
Yunhui Cui (1):
serial: 8250: fix panic due to PSLVERR
Yury Norov [NVIDIA] (1):
RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
Zenm Chen (1):
USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles
Zhang Lixu (2):
iio: hid-sensor-prox: Restore lost scale assignments
iio: hid-sensor-prox: Fix incorrect OFFSET calculation
Zhang Shurong (1):
media: ov2659: Fix memory leaks in ov2659_probe()
Zhang Yi (1):
ext4: fix hole length calculation overflow in non-extent inodes
Zhiqi Song (1):
crypto: hisilicon/hpre - fix dma unmap sequence
Zhu Qiyu (1):
ACPI: PRM: Reduce unnecessary printing to avoid user confusion
Ziyan Fu (1):
watchdog: iTCO_wdt: Report error if timeout configuration fails
chenchangcheng (1):
media: uvcvideo: Fix bandwidth issue for Alcor camera
fangzhong.zhou (1):
i2c: Force DLL0945 touchpad i2c freq to 100khz
jackysliu (1):
scsi: bfa: Double-free fix
tuhaowen (1):
PM: sleep: console: Fix the black screen issue
zhangjianrong (2):
net: thunderbolt: Enable end-to-end flow control also in transmit
net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths()
Álvaro Fernández Rojas (5):
net: dsa: b53: fix b53_imp_vlan_setup for BCM5325
net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325
net: dsa: b53: prevent DIS_LEARNING access on BCM5325
net: dsa: b53: prevent SWITCH_CTRL access on BCM5325
net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325
2 weeks, 1 day
- 1
- 1
Linux 5.15.190
by Greg Kroah-Hartman
I'm announcing the release of the 5.15.190 kernel.
All users of the 5.15 kernel series must upgrade.
The updated 5.15.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/filesystems/f2fs.rst | 6
Documentation/firmware-guide/acpi/i2c-muxes.rst | 8
Documentation/memory-barriers.txt | 11
Documentation/networking/mptcp-sysctl.rst | 2
Makefile | 4
arch/alpha/include/asm/processor.h | 2
arch/alpha/kernel/process.c | 5
arch/arc/include/asm/processor.h | 2
arch/arc/kernel/stacktrace.c | 4
arch/arm/Makefile | 2
arch/arm/boot/dts/am335x-boneblack.dts | 2
arch/arm/boot/dts/imx6ul-kontron-n6x1x-s.dtsi | 1
arch/arm/boot/dts/vfxxx.dtsi | 2
arch/arm/include/asm/processor.h | 2
arch/arm/kernel/process.c | 4
arch/arm/mach-rockchip/platsmp.c | 15
arch/arm/mach-tegra/reset.c | 2
arch/arm64/boot/dts/freescale/imx8mm-beacon-som.dtsi | 2
arch/arm64/boot/dts/freescale/imx8mn-beacon-som.dtsi | 2
arch/arm64/include/asm/acpi.h | 2
arch/arm64/include/asm/processor.h | 2
arch/arm64/kernel/entry.S | 6
arch/arm64/kernel/fpsimd.c | 4
arch/arm64/kernel/process.c | 4
arch/arm64/kernel/traps.c | 1
arch/arm64/mm/fault.c | 1
arch/arm64/mm/ptdump_debugfs.c | 3
arch/csky/include/asm/processor.h | 2
arch/csky/kernel/stacktrace.c | 5
arch/h8300/include/asm/processor.h | 2
arch/h8300/kernel/process.c | 5
arch/hexagon/include/asm/processor.h | 2
arch/hexagon/kernel/process.c | 4
arch/ia64/include/asm/processor.h | 2
arch/ia64/kernel/process.c | 5
arch/m68k/Kconfig.debug | 2
arch/m68k/include/asm/processor.h | 2
arch/m68k/kernel/early_printk.c | 42 -
arch/m68k/kernel/head.S | 39 -
arch/m68k/kernel/process.c | 4
arch/microblaze/include/asm/processor.h | 2
arch/microblaze/kernel/process.c | 2
arch/mips/crypto/chacha-core.S | 20
arch/mips/include/asm/processor.h | 2
arch/mips/include/asm/vpe.h | 8
arch/mips/kernel/process.c | 24
arch/mips/mm/tlb-r4k.c | 56 +
arch/nds32/include/asm/processor.h | 2
arch/nds32/kernel/process.c | 7
arch/nios2/include/asm/processor.h | 2
arch/nios2/kernel/process.c | 5
arch/openrisc/include/asm/processor.h | 2
arch/openrisc/kernel/process.c | 2
arch/parisc/Makefile | 2
arch/parisc/include/asm/processor.h | 2
arch/parisc/kernel/process.c | 5
arch/powerpc/configs/ppc6xx_defconfig | 1
arch/powerpc/include/asm/processor.h | 2
arch/powerpc/kernel/eeh.c | 1
arch/powerpc/kernel/eeh_driver.c | 48 +
arch/powerpc/kernel/eeh_pe.c | 11
arch/powerpc/kernel/pci-hotplug.c | 3
arch/powerpc/kernel/process.c | 9
arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6
arch/riscv/include/asm/processor.h | 2
arch/riscv/kernel/stacktrace.c | 12
arch/s390/hypfs/hypfs_dbfs.c | 19
arch/s390/include/asm/processor.h | 2
arch/s390/include/asm/timex.h | 13
arch/s390/kernel/process.c | 4
arch/s390/kernel/time.c | 2
arch/s390/mm/dump_pagetables.c | 2
arch/sh/Makefile | 10
arch/sh/boot/compressed/Makefile | 4
arch/sh/boot/romimage/Makefile | 4
arch/sh/include/asm/processor_32.h | 2
arch/sh/kernel/process_32.c | 5
arch/sparc/include/asm/processor_32.h | 2
arch/sparc/include/asm/processor_64.h | 2
arch/sparc/kernel/process_32.c | 5
arch/sparc/kernel/process_64.c | 5
arch/um/drivers/rtc_user.c | 2
arch/um/include/asm/processor-generic.h | 2
arch/um/kernel/process.c | 5
arch/x86/include/asm/processor.h | 2
arch/x86/include/asm/xen/hypercall.h | 6
arch/x86/kernel/cpu/amd.c | 2
arch/x86/kernel/cpu/bugs.c | 5
arch/x86/kernel/cpu/hygon.c | 3
arch/x86/kernel/cpu/mce/amd.c | 13
arch/x86/kernel/process.c | 62 --
arch/x86/kvm/vmx/vmx.c | 5
arch/x86/mm/extable.c | 5
arch/xtensa/include/asm/processor.h | 2
arch/xtensa/kernel/process.c | 5
block/blk-settings.c | 2
drivers/acpi/acpi_processor.c | 2
drivers/acpi/apei/ghes.c | 2
drivers/acpi/prmt.c | 26
drivers/acpi/processor_idle.c | 4
drivers/acpi/processor_perflib.c | 11
drivers/ata/Kconfig | 35 -
drivers/ata/libata-sata.c | 5
drivers/ata/libata-scsi.c | 20
drivers/base/power/domain_governor.c | 18
drivers/base/power/runtime.c | 5
drivers/base/regmap/regmap.c | 2
drivers/block/drbd/drbd_receiver.c | 6
drivers/block/sunvdc.c | 4
drivers/bus/fsl-mc/fsl-mc-bus.c | 19
drivers/bus/mhi/host/boot.c | 8
drivers/bus/mhi/host/internal.h | 4
drivers/bus/mhi/host/main.c | 15
drivers/char/hw_random/mtk-rng.c | 4
drivers/char/ipmi/ipmi_msghandler.c | 8
drivers/char/ipmi/ipmi_watchdog.c | 59 +-
drivers/clk/clk-axi-clkgen.c | 2
drivers/clk/davinci/psc.c | 5
drivers/clk/sunxi-ng/ccu-sun8i-v3s.c | 3
drivers/clk/xilinx/xlnx_vcu.c | 4
drivers/comedi/comedi_fops.c | 66 +-
drivers/comedi/comedi_internal.h | 1
drivers/comedi/drivers.c | 43 -
drivers/comedi/drivers/aio_iiro_16.c | 3
drivers/comedi/drivers/comedi_test.c | 2
drivers/comedi/drivers/das16m1.c | 3
drivers/comedi/drivers/das6402.c | 3
drivers/comedi/drivers/pcl726.c | 3
drivers/comedi/drivers/pcl812.c | 3
drivers/cpufreq/armada-8k-cpufreq.c | 2
drivers/cpufreq/cppc_cpufreq.c | 2
drivers/cpufreq/cpufreq.c | 29
drivers/cpufreq/intel_pstate.c | 4
drivers/cpuidle/governors/menu.c | 21
drivers/crypto/ccp/ccp-debugfs.c | 3
drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8
drivers/crypto/img-hash.c | 2
drivers/crypto/inside-secure/safexcel_hash.c | 8
drivers/crypto/keembay/keembay-ocs-hcu-core.c | 8
drivers/crypto/marvell/cesa/cipher.c | 4
drivers/crypto/marvell/cesa/hash.c | 5
drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16
drivers/crypto/qat/qat_common/adf_transport_debug.c | 4
drivers/devfreq/devfreq.c | 10
drivers/devfreq/governor_userspace.c | 6
drivers/dma/mv_xor.c | 21
drivers/dma/nbpfaxi.c | 24
drivers/edac/synopsys_edac.c | 97 +--
drivers/fpga/zynq-fpga.c | 10
drivers/gpio/gpio-tps65912.c | 7
drivers/gpio/gpio-virtio.c | 9
drivers/gpio/gpio-wcd934x.c | 7
drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3
drivers/gpu/drm/amd/display/dc/bios/command_table.c | 2
drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 1
drivers/gpu/drm/amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 2
drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 -
drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 -
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11
drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3
drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu_helper.c | 2
drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6
drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 -
drivers/gpu/drm/drm_dp_helper.c | 2
drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c | 4
drivers/gpu/drm/msm/msm_gem.c | 3
drivers/gpu/drm/rockchip/rockchip_drm_fb.c | 9
drivers/gpu/drm/scheduler/sched_entity.c | 27
drivers/gpu/drm/ttm/ttm_pool.c | 8
drivers/gpu/drm/ttm/ttm_resource.c | 3
drivers/hid/hid-core.c | 19
drivers/hid/hid-magicmouse.c | 51 +
drivers/hwmon/corsair-cpro.c | 5
drivers/hwmon/gsc-hwmon.c | 4
drivers/i2c/busses/i2c-qup.c | 4
drivers/i2c/busses/i2c-stm32.c | 8
drivers/i2c/busses/i2c-stm32f7.c | 4
drivers/i2c/busses/i2c-virtio.c | 15
drivers/i2c/i2c-core-acpi.c | 1
drivers/i3c/internals.h | 1
drivers/i3c/master.c | 2
drivers/idle/intel_idle.c | 2
drivers/iio/adc/ad7768-1.c | 23
drivers/iio/adc/ad_sigma_delta.c | 4
drivers/iio/adc/max1363.c | 43 -
drivers/iio/adc/stm32-adc-core.c | 7
drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 6
drivers/iio/light/as73211.c | 2
drivers/iio/light/hid-sensor-prox.c | 8
drivers/iio/pressure/bmp280-core.c | 9
drivers/iio/proximity/isl29501.c | 16
drivers/infiniband/core/cache.c | 4
drivers/infiniband/core/nldev.c | 22
drivers/infiniband/hw/bnxt_re/qplib_res.c | 2
drivers/infiniband/hw/hfi1/affinity.c | 44 -
drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 15
drivers/infiniband/hw/mlx5/dm.c | 2
drivers/input/joystick/xpad.c | 2
drivers/input/keyboard/gpio_keys.c | 4
drivers/interconnect/qcom/sc7280.c | 1
drivers/iommu/amd/init.c | 4
drivers/leds/leds-lp50xx.c | 11
drivers/md/dm-ps-historical-service-time.c | 4
drivers/md/dm-ps-queue-length.c | 4
drivers/md/dm-ps-round-robin.c | 4
drivers/md/dm-ps-service-time.c | 4
drivers/md/dm-zoned-target.c | 2
drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3
drivers/media/dvb-frontends/dib7000p.c | 10
drivers/media/i2c/hi556.c | 26
drivers/media/i2c/ov2659.c | 3
drivers/media/i2c/tc358743.c | 86 +-
drivers/media/platform/qcom/camss/camss.c | 10
drivers/media/platform/qcom/venus/core.c | 21
drivers/media/platform/qcom/venus/core.h | 2
drivers/media/platform/qcom/venus/dbgfs.c | 9
drivers/media/platform/qcom/venus/dbgfs.h | 13
drivers/media/platform/qcom/venus/hfi_venus.c | 5
drivers/media/platform/qcom/venus/vdec.c | 5
drivers/media/platform/qcom/venus/venc.c | 5
drivers/media/usb/gspca/vicam.c | 10
drivers/media/usb/hdpvr/hdpvr-i2c.c | 6
drivers/media/usb/usbtv/usbtv-video.c | 4
drivers/media/usb/uvc/uvc_driver.c | 3
drivers/media/usb/uvc/uvc_video.c | 21
drivers/media/v4l2-core/v4l2-common.c | 8
drivers/media/v4l2-core/v4l2-ctrls-core.c | 9
drivers/memstick/core/memstick.c | 3
drivers/memstick/host/rtsx_usb_ms.c | 1
drivers/misc/cardreader/rtsx_usb.c | 16
drivers/mmc/host/bcm2835.c | 3
drivers/mmc/host/rtsx_usb_sdmmc.c | 4
drivers/mmc/host/sdhci-msm.c | 14
drivers/mmc/host/sdhci-pci-core.c | 3
drivers/mmc/host/sdhci-pci-gli.c | 4
drivers/mmc/host/sdhci_am654.c | 9
drivers/most/core.c | 2
drivers/mtd/ftl.c | 2
drivers/mtd/nand/raw/atmel/nand-controller.c | 2
drivers/mtd/nand/raw/atmel/pmecc.c | 6
drivers/mtd/nand/raw/fsmc_nand.c | 2
drivers/mtd/nand/raw/rockchip-nand-controller.c | 15
drivers/mtd/nand/spi/core.c | 5
drivers/net/bonding/bond_3ad.c | 25
drivers/net/bonding/bond_options.c | 1
drivers/net/can/kvaser_pciefd.c | 1
drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1
drivers/net/dsa/b53/b53_common.c | 65 +-
drivers/net/dsa/b53/b53_regs.h | 2
drivers/net/ethernet/agere/et131x.c | 36 +
drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2
drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 +
drivers/net/ethernet/atheros/ag71xx.c | 9
drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4
drivers/net/ethernet/emulex/benet/be_cmds.c | 2
drivers/net/ethernet/emulex/benet/be_main.c | 8
drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2
drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 15
drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c | 15
drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14
drivers/net/ethernet/freescale/fec_main.c | 34 -
drivers/net/ethernet/freescale/gianfar_ethtool.c | 4
drivers/net/ethernet/google/gve/gve_adminq.c | 1
drivers/net/ethernet/google/gve/gve_main.c | 67 +-
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 36 -
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 9
drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 6
drivers/net/ethernet/intel/e1000e/defines.h | 3
drivers/net/ethernet/intel/e1000e/ich8lan.c | 2
drivers/net/ethernet/intel/e1000e/nvm.c | 6
drivers/net/ethernet/intel/fm10k/fm10k.h | 3
drivers/net/ethernet/intel/i40e/i40e.h | 2
drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 3
drivers/net/ethernet/intel/i40e/i40e_main.c | 18
drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4
drivers/net/ethernet/intel/ice/ice_flex_pipe.c | 2
drivers/net/ethernet/intel/igc/igc_main.c | 14
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 3
drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4
drivers/net/ethernet/mellanox/mlx5/core/en.h | 24
drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2
drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 13
drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c | 4
drivers/net/ethernet/mellanox/mlx5/core/main.c | 3
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2
drivers/net/ethernet/mellanox/mlxsw/trap.h | 1
drivers/net/ethernet/xilinx/xilinx_emaclite.c | 2
drivers/net/hyperv/hyperv_net.h | 3
drivers/net/hyperv/netvsc_drv.c | 29
drivers/net/phy/dp83640.c | 6
drivers/net/phy/mscc/mscc.h | 12
drivers/net/phy/mscc/mscc_main.c | 12
drivers/net/phy/mscc/mscc_ptp.c | 50 +
drivers/net/phy/mscc/mscc_ptp.h | 1
drivers/net/phy/nxp-c45-tja11xx.c | 2
drivers/net/phy/smsc.c | 1
drivers/net/ppp/ppp_generic.c | 17
drivers/net/ppp/pptp.c | 18
drivers/net/thunderbolt.c | 8
drivers/net/usb/asix_devices.c | 1
drivers/net/usb/sierra_net.c | 4
drivers/net/usb/usbnet.c | 11
drivers/net/vrf.c | 2
drivers/net/wireless/ath/ath11k/hal.c | 25
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 8
drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2
drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5
drivers/net/wireless/intel/iwlwifi/dvm/main.c | 11
drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7
drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 4
drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2
drivers/net/wireless/marvell/mwl8k.c | 4
drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 3
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 2
drivers/net/wireless/realtek/rtlwifi/pci.c | 23
drivers/net/xen-netfront.c | 5
drivers/nvme/host/core.c | 4
drivers/pci/controller/pcie-rockchip-host.c | 2
drivers/pci/controller/vmd.c | 3
drivers/pci/endpoint/functions/pci-epf-vntb.c | 4
drivers/pci/endpoint/pci-ep-cfs.c | 1
drivers/pci/endpoint/pci-epf-core.c | 2
drivers/pci/hotplug/pnv_php.c | 233 +++++++
drivers/pci/pci-acpi.c | 4
drivers/pci/pci.c | 8
drivers/pci/probe.c | 2
drivers/phy/tegra/xusb-tegra186.c | 59 +-
drivers/pinctrl/mediatek/pinctrl-moore.c | 18
drivers/pinctrl/stm32/pinctrl-stm32.c | 1
drivers/pinctrl/sunxi/pinctrl-sunxi.c | 11
drivers/platform/chrome/cros_ec.c | 23
drivers/platform/chrome/cros_ec.h | 2
drivers/platform/chrome/cros_ec_i2c.c | 4
drivers/platform/chrome/cros_ec_lpc.c | 4
drivers/platform/chrome/cros_ec_spi.c | 4
drivers/platform/chrome/cros_ec_typec.c | 4
drivers/platform/x86/ideapad-laptop.c | 2
drivers/platform/x86/think-lmi.c | 27
drivers/platform/x86/thinkpad_acpi.c | 4
drivers/power/supply/cpcap-charger.c | 5
drivers/power/supply/max14577_charger.c | 4
drivers/powercap/intel_rapl_common.c | 23
drivers/pps/clients/pps-gpio.c | 5
drivers/pps/pps.c | 11
drivers/ptp/ptp_private.h | 5
drivers/ptp/ptp_vclock.c | 7
drivers/pwm/pwm-imx-tpm.c | 9
drivers/pwm/pwm-mediatek.c | 78 +-
drivers/regulator/core.c | 1
drivers/reset/Kconfig | 10
drivers/rtc/rtc-ds1307.c | 17
drivers/rtc/rtc-hym8563.c | 2
drivers/rtc/rtc-pcf85063.c | 2
drivers/rtc/rtc-pcf8563.c | 2
drivers/rtc/rtc-rv3028.c | 2
drivers/scsi/aacraid/comminit.c | 3
drivers/scsi/bfa/bfad_im.c | 1
drivers/scsi/ibmvscsi_tgt/libsrp.c | 6
drivers/scsi/isci/request.c | 2
drivers/scsi/libiscsi.c | 3
drivers/scsi/lpfc/lpfc_debugfs.c | 1
drivers/scsi/lpfc/lpfc_scsi.c | 4
drivers/scsi/mpi3mr/mpi3mr.h | 6
drivers/scsi/mpi3mr/mpi3mr_fw.c | 17
drivers/scsi/mpi3mr/mpi3mr_os.c | 2
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 22
drivers/scsi/mvsas/mv_sas.c | 4
drivers/scsi/qla4xxx/ql4_os.c | 2
drivers/scsi/scsi_scan.c | 2
drivers/scsi/scsi_transport_sas.c | 60 +-
drivers/scsi/ufs/ufs-exynos.c | 4
drivers/scsi/ufs/ufshcd-pci.c | 42 +
drivers/scsi/ufs/ufshcd.c | 10
drivers/soc/aspeed/aspeed-lpc-snoop.c | 13
drivers/soc/qcom/mdt_loader.c | 41 +
drivers/soc/tegra/pmc.c | 51 -
drivers/soundwire/stream.c | 2
drivers/staging/fbtft/fbtft-core.c | 1
drivers/staging/media/imx/imx-media-csc-scaler.c | 2
drivers/staging/nvec/nvec_power.c | 2
drivers/target/target_core_fabric_lib.c | 63 +-
drivers/target/target_core_internal.h | 4
drivers/target/target_core_pr.c | 18
drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 +
drivers/thermal/thermal_sysfs.c | 9
drivers/thunderbolt/domain.c | 2
drivers/thunderbolt/switch.c | 2
drivers/tty/serial/8250/8250_port.c | 3
drivers/tty/serial/pch_uart.c | 2
drivers/tty/vt/defkeymap.c_shipped | 112 +++
drivers/tty/vt/keyboard.c | 2
drivers/usb/atm/cxacru.c | 106 +--
drivers/usb/chipidea/ci.h | 18
drivers/usb/chipidea/udc.c | 10
drivers/usb/class/cdc-acm.c | 11
drivers/usb/core/config.c | 10
drivers/usb/core/hcd.c | 8
drivers/usb/core/hub.c | 60 +-
drivers/usb/core/hub.h | 1
drivers/usb/core/quirks.c | 1
drivers/usb/core/urb.c | 2
drivers/usb/dwc3/dwc3-imx8mp.c | 6
drivers/usb/dwc3/dwc3-meson-g12a.c | 3
drivers/usb/dwc3/dwc3-qcom.c | 7
drivers/usb/dwc3/ep0.c | 20
drivers/usb/dwc3/gadget.c | 19
drivers/usb/early/xhci-dbc.c | 4
drivers/usb/gadget/composite.c | 5
drivers/usb/gadget/configfs.c | 2
drivers/usb/gadget/udc/renesas_usb3.c | 1
drivers/usb/host/xhci-hub.c | 3
drivers/usb/host/xhci-mem.c | 24
drivers/usb/host/xhci-pci-renesas.c | 7
drivers/usb/host/xhci-ring.c | 19
drivers/usb/host/xhci.c | 24
drivers/usb/host/xhci.h | 3
drivers/usb/misc/apple-mfi-fastcharge.c | 24
drivers/usb/musb/musb_core.c | 62 +-
drivers/usb/musb/musb_core.h | 11
drivers/usb/musb/musb_debugfs.c | 6
drivers/usb/musb/musb_gadget.c | 30 -
drivers/usb/musb/musb_host.c | 6
drivers/usb/musb/musb_virthub.c | 18
drivers/usb/musb/omap2430.c | 16
drivers/usb/phy/phy-mxs-usb.c | 4
drivers/usb/serial/ftdi_sio.c | 2
drivers/usb/serial/ftdi_sio_ids.h | 3
drivers/usb/serial/option.c | 7
drivers/usb/storage/realtek_cr.c | 2
drivers/usb/storage/unusual_devs.h | 29
drivers/usb/typec/mux/intel_pmc_mux.c | 2
drivers/usb/typec/tcpm/fusb302.c | 8
drivers/usb/typec/tcpm/tcpm.c | 64 +-
drivers/usb/typec/ucsi/psy.c | 2
drivers/usb/typec/ucsi/ucsi.c | 1
drivers/usb/typec/ucsi/ucsi.h | 7
drivers/vhost/scsi.c | 4
drivers/vhost/vhost.c | 3
drivers/video/console/vgacon.c | 2
drivers/video/fbdev/core/fbcon.c | 9
drivers/video/fbdev/imxfb.c | 9
drivers/watchdog/dw_wdt.c | 2
drivers/watchdog/iTCO_wdt.c | 6
drivers/watchdog/sbsa_gwdt.c | 50 +
drivers/watchdog/ziirave_wdt.c | 3
drivers/xen/gntdev-common.h | 4
drivers/xen/gntdev.c | 71 +-
fs/btrfs/relocation.c | 19
fs/btrfs/tree-log.c | 53 +
fs/buffer.c | 2
fs/cifs/cifssmb.c | 10
fs/cifs/file.c | 10
fs/cifs/smb2ops.c | 7
fs/cifs/smbdirect.c | 14
fs/eventpoll.c | 60 +-
fs/ext2/inode.c | 12
fs/ext4/fsmap.c | 23
fs/ext4/indirect.c | 4
fs/ext4/inline.c | 19
fs/ext4/inode.c | 2
fs/ext4/mballoc.c | 33 -
fs/ext4/orphan.c | 5
fs/ext4/super.c | 2
fs/f2fs/extent_cache.c | 2
fs/f2fs/f2fs.h | 2
fs/f2fs/inode.c | 28
fs/f2fs/node.c | 10
fs/file.c | 90 +--
fs/hfs/bnode.c | 93 +++
fs/hfsplus/bnode.c | 92 +++
fs/hfsplus/extents.c | 3
fs/hfsplus/unicode.c | 7
fs/hfsplus/xattr.c | 6
fs/hugetlbfs/inode.c | 2
fs/isofs/inode.c | 9
fs/jbd2/checkpoint.c | 1
fs/jfs/file.c | 3
fs/jfs/inode.c | 2
fs/jfs/jfs_dmap.c | 10
fs/jfs/jfs_imap.c | 13
fs/ksmbd/smb2pdu.c | 16
fs/ksmbd/smb_common.c | 2
fs/ksmbd/transport_rdma.c | 97 +--
fs/libfs.c | 4
fs/namespace.c | 39 -
fs/nfs/blocklayout/blocklayout.c | 4
fs/nfs/blocklayout/dev.c | 5
fs/nfs/blocklayout/extent_tree.c | 20
fs/nfs/client.c | 44 +
fs/nfs/export.c | 11
fs/nfs/flexfilelayout/flexfilelayout.c | 26
fs/nfs/flexfilelayout/flexfilelayoutdev.c | 6
fs/nfs/internal.h | 10
fs/nfs/nfs4client.c | 15
fs/nfs/nfs4proc.c | 12
fs/nfs/pnfs.c | 11
fs/nfsd/nfs4state.c | 34 -
fs/nilfs2/inode.c | 9
fs/ntfs3/dir.c | 3
fs/ntfs3/file.c | 5
fs/ntfs3/inode.c | 31 -
fs/orangefs/orangefs-debugfs.c | 8
fs/squashfs/super.c | 14
fs/udf/super.c | 13
include/asm-generic/barrier.h | 33 +
include/linux/bitmap.h | 2
include/linux/blk_types.h | 8
include/linux/compiler.h | 8
include/linux/cpuset.h | 17
include/linux/fs.h | 4
include/linux/fs_context.h | 2
include/linux/if_vlan.h | 6
include/linux/memfd.h | 14
include/linux/mlx5/device.h | 1
include/linux/mm.h | 80 +-
include/linux/mmzone.h | 22
include/linux/moduleparam.h | 5
include/linux/pci.h | 10
include/linux/platform_data/cros_ec_proto.h | 4
include/linux/pps_kernel.h | 1
include/linux/sched.h | 1
include/linux/skbuff.h | 31 +
include/linux/usb/usbnet.h | 1
include/linux/xarray.h | 15
include/net/bond_3ad.h | 1
include/net/cfg80211.h | 2
include/net/mac80211.h | 2
include/net/tc_act/tc_ctinfo.h | 6
include/net/udp.h | 24
include/sound/soc-dai.h | 13
include/uapi/linux/in6.h | 4
include/uapi/linux/io_uring.h | 2
kernel/bpf/helpers.c | 11
kernel/cgroup/cpuset.c | 23
kernel/events/core.c | 20
kernel/fork.c | 2
kernel/power/console.c | 7
kernel/rcu/tree_plugin.h | 3
kernel/sched/core.c | 19
kernel/sched/deadline.c | 4
kernel/sched/loadavg.c | 2
kernel/sched/rt.c | 6
kernel/sched/sched.h | 2
kernel/trace/ftrace.c | 19
kernel/trace/preemptirq_delay_test.c | 13
kernel/trace/trace.c | 33 -
kernel/trace/trace.h | 8
kernel/trace/trace_events.c | 5
kernel/ucount.c | 2
lib/bitmap.c | 13
mm/debug_vm_pgtable.c | 9
mm/filemap.c | 2
mm/hmm.c | 2
mm/kmemleak.c | 10
mm/madvise.c | 2
mm/memfd.c | 2
mm/memory-failure.c | 8
mm/mmap.c | 10
mm/page_alloc.c | 13
mm/ptdump.c | 2
mm/shmem.c | 2
mm/vmalloc.c | 17
mm/zsmalloc.c | 3
net/8021q/vlan.c | 42 +
net/8021q/vlan.h | 1
net/appletalk/aarp.c | 24
net/bluetooth/l2cap_core.c | 26
net/bluetooth/l2cap_sock.c | 3
net/bluetooth/smp.c | 21
net/bluetooth/smp.h | 1
net/bridge/br_multicast.c | 16
net/bridge/br_private.h | 2
net/bridge/br_switchdev.c | 3
net/caif/cfctrl.c | 294 ++++------
net/core/filter.c | 3
net/core/netpoll.c | 7
net/core/skmsg.c | 57 +
net/hsr/hsr_slave.c | 8
net/ipv4/netfilter/nf_reject_ipv4.c | 6
net/ipv4/route.c | 1
net/ipv4/tcp_input.c | 3
net/ipv4/udp_offload.c | 2
net/ipv6/addrconf.c | 7
net/ipv6/ip6_offload.c | 4
net/ipv6/mcast.c | 13
net/ipv6/netfilter/nf_reject_ipv6.c | 5
net/ipv6/rpl_iptunnel.c | 8
net/ipv6/seg6_hmac.c | 6
net/mac80211/cfg.c | 13
net/mac80211/mlme.c | 9
net/mac80211/tx.c | 10
net/mctp/af_mctp.c | 26
net/mptcp/options.c | 7
net/mptcp/pm_netlink.c | 14
net/mptcp/protocol.c | 17
net/mptcp/protocol.h | 11
net/mptcp/subflow.c | 20
net/ncsi/internal.h | 2
net/ncsi/ncsi-rsp.c | 1
net/netfilter/nf_conntrack_netlink.c | 24
net/netfilter/nf_tables_api.c | 4
net/netfilter/xt_nfacct.c | 4
net/netlink/af_netlink.c | 2
net/packet/af_packet.c | 39 -
net/phonet/pep.c | 2
net/sched/act_ctinfo.c | 19
net/sched/sch_cake.c | 14
net/sched/sch_codel.c | 5
net/sched/sch_drr.c | 7
net/sched/sch_ets.c | 46 -
net/sched/sch_fq_codel.c | 6
net/sched/sch_hfsc.c | 8
net/sched/sch_htb.c | 19
net/sched/sch_netem.c | 40 +
net/sched/sch_qfq.c | 40 -
net/sctp/input.c | 2
net/tls/tls_sw.c | 13
net/vmw_vsock/af_vsock.c | 3
net/wireless/mlme.c | 3
samples/mei/mei-amt-version.c | 2
scripts/kconfig/gconf.c | 8
scripts/kconfig/lxdialog/inputbox.c | 6
scripts/kconfig/lxdialog/menubox.c | 2
scripts/kconfig/nconf.c | 2
scripts/kconfig/nconf.gui.c | 1
scripts/kconfig/qconf.cc | 2
security/apparmor/include/match.h | 3
security/apparmor/match.c | 1
security/inode.c | 2
sound/core/pcm_native.c | 19
sound/pci/hda/patch_ca0132.c | 7
sound/pci/hda/patch_hdmi.c | 19
sound/pci/hda/patch_realtek.c | 3
sound/pci/intel8x0.c | 2
sound/soc/codecs/hdac_hdmi.c | 10
sound/soc/codecs/rt5640.c | 5
sound/soc/fsl/fsl_sai.c | 30 -
sound/soc/generic/audio-graph-card.c | 2
sound/soc/intel/boards/Kconfig | 2
sound/soc/soc-core.c | 28
sound/soc/soc-dai.c | 59 +-
sound/soc/soc-dapm.c | 4
sound/soc/soc-ops.c | 26
sound/usb/mixer_quirks.c | 14
sound/usb/mixer_scarlett_gen2.c | 8
sound/usb/stream.c | 25
sound/usb/validate.c | 14
sound/x86/intel_hdmi_audio.c | 2
tools/bpf/bpftool/net.c | 15
tools/include/linux/sched/mm.h | 2
tools/include/nolibc/std.h | 4
tools/perf/builtin-sched.c | 12
tools/perf/tests/bp_account.c | 1
tools/perf/util/evsel.c | 11
tools/perf/util/evsel.h | 2
tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 4
tools/testing/ktest/ktest.pl | 5
tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 28
tools/testing/selftests/ftrace/test.d/ftrace/func-filter-glob.tc | 2
tools/testing/selftests/futex/include/futextest.h | 11
tools/testing/selftests/memfd/memfd_test.c | 43 +
tools/testing/selftests/net/mptcp/Makefile | 3
tools/testing/selftests/net/mptcp/mptcp_connect.c | 28
tools/testing/selftests/net/mptcp/mptcp_connect_checksum.sh | 5
tools/testing/selftests/net/mptcp/mptcp_connect_mmap.sh | 5
tools/testing/selftests/net/mptcp/mptcp_connect_sendfile.sh | 5
tools/testing/selftests/net/mptcp/mptcp_join.sh | 1
tools/testing/selftests/net/mptcp/pm_netlink.sh | 1
tools/testing/selftests/net/rtnetlink.sh | 6
tools/testing/selftests/net/udpgro.sh | 46 -
tools/testing/selftests/perf_events/.gitignore | 1
tools/testing/selftests/perf_events/Makefile | 2
tools/testing/selftests/perf_events/mmap.c | 236 ++++++++
tools/testing/selftests/syscall_user_dispatch/sud_test.c | 50 -
677 files changed, 6071 insertions(+), 2522 deletions(-)
Aaron Kling (1):
ARM: tegra: Use I/O memcpy to write to IRAM
Aaron Plattner (1):
watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition
Abdun Nihaal (2):
regmap: fix potential memory leak of regmap_bus
staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()
Abinash Singh (1):
f2fs: fix KMSAN uninit-value in extent_info usage
Ada Couprie Diaz (1):
arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()
Adam Ford (2):
arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed
arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed
Aditya Garg (1):
HID: magicmouse: avoid setting up battery timer when not needed
Adrian Hunter (1):
scsi: ufs: ufs-pci: Fix default runtime and system PM levels
Al Viro (5):
clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns
better lockdep annotations for simple_recursive_removal()
securityfs: don't pin dentries twice, once is enough...
use uniform permission checks for all mount propagation changes
alloc_fdtable(): change calling conventions.
Albin Törnqvist (1):
arm: dts: ti: omap: Fixup pinheader typo
Alessandro Carminati (1):
regulator: core: fix NULL dereference on unbind due to stale coupling data
Alex Guo (2):
media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()
media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
Alexander Gordeev (1):
mm/vmalloc: leave lazy MMU mode on PTE mapping error
Alexander Kochetkov (1):
ARM: rockchip: fix kernel hang during smp initialization
Alexander Wetzel (1):
wifi: mac80211: Don't call fq_flow_idx() for management frames
Alexander Wilhelm (1):
bus: mhi: host: Fix endianness of BHI vector table
Alok Tiwari (7):
thunderbolt: Fix bit masking in tb_dp_port_set_hops()
net: emaclite: Fix missing pointer increment in aligned_read()
staging: nvec: Fix incorrect null termination of battery manufacturer
ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4
be2net: Use correct byte order and format string for TCP seq and ack_seq
net: thunderx: Fix format-truncation warning in bgx_acpi_match_id()
gve: Return error for unknown admin queue command
Amir Mohammad Jahangirzad (1):
fs/orangefs: use snprintf() instead of sprintf()
Ammar Faizi (1):
net: usbnet: Fix the wrong netif_carrier_on() call
Anantha Prabhu (1):
RDMA/bnxt_re: Fix to initialize the PBL array
Andreas Dilger (1):
ext4: check fast symlink for ea_inode correctly
Andrew Jeffery (2):
soc: aspeed: lpc-snoop: Cleanup resources in stack-order
soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled
André Draszik (1):
scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
Andy Shevchenko (2):
mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery
Documentation: ACPI: Fix parent device references
Andy Yan (1):
drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed
Anna Schumaker (1):
NFS: Create an nfs4_server_set_init_caps() function
Annette Kobou (1):
ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface
Anshuman Khandual (1):
mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()
Anthoine Bourgeois (1):
xen/netfront: Fix TX response spurious interrupts
Archana Patni (1):
scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers
Arnaud Lecomte (1):
jfs: upper bound check of tree index in dbAllocAG
Arnd Bergmann (6):
ethernet: intel: fix building with large NR_CPUS
ASoC: Intel: fix SND_SOC_SOF dependencies
ASoC: ops: dynamically allocate struct snd_ctl_elem_value
caif: reduce stack size, again
kernel: trace: preemptirq_delay_test: use offstack cpu mask
RDMA/core: reduce stack using in nldev_stat_get_doit()
Arun Raghavan (1):
ASoC: fsl_sai: Force a software reset when starting in consumer mode
Aruna Ramakrishna (1):
sched: Change nr_uninterruptible type to unsigned long
Avraham Stern (1):
wifi: iwlwifi: mvm: fix scan request validation
Baihan Li (1):
drm/hisilicon/hibmc: fix the hibmc loaded failed bug
Balamanikandan Gunasundar (1):
mtd: rawnand: atmel: set pmecc data setup time
Baokun Li (2):
ext4: fix largest free orders lists corruption on mb_optimize_scan switch
jbd2: prevent softlockup in jbd2_log_do_checkpoint()
Bard Liao (1):
soundwire: stream: restore params when prepare ports fail
Bartosz Golaszewski (2):
gpio: wcd934x: check the return value of regmap_update_bits()
gpio: tps65912: check the return value of regmap_update_bits()
Ben Ben-Ishay (1):
net/mlx5e: Add support to klm_umr_wqe
Ben Hutchings (1):
sh: Do not use hyphen in exported variable name
Benjamin Coddington (1):
NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY
Benjamin Tissoires (3):
HID: core: ensure the allocated report buffer can contain the reserved report ID
HID: core: ensure __hid_request reserves the report ID as the first byte
HID: core: do not bypass hid_hw_raw_request
Benson Leung (1):
usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default
Bharat Bhushan (1):
crypto: octeontx2 - add timeout for load_fvc completion poll
Bingbu Cao (1):
media: hi556: correct the test pattern configuration
Bjorn Andersson (1):
soc: qcom: mdt_loader: Ensure we don't read past the ELF header
Brahmajit Das (1):
samples: mei: Fix building on musl libc
Breno Leitao (4):
ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
arm64: Mark kernel as tainted on SAE and SError panic
ipmi: Use dev_warn_ratelimited() for incorrect message warnings
mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock
Brian Masney (5):
rtc: ds1307: fix incorrect maximum clock rate handling
rtc: hym8563: fix incorrect maximum clock rate handling
rtc: pcf85063: fix incorrect maximum clock rate handling
rtc: pcf8563: fix incorrect maximum clock rate handling
rtc: rv3028: fix incorrect maximum clock rate handling
Buday Csaba (1):
net: phy: smsc: add proper reset flags for LAN8710A
Budimir Markovic (1):
vsock: Do not allow binding to VMADDR_PORT_ANY
Chao Gao (1):
KVM: VMX: Flush shadow VMCS on emergency reboot
Chao Yu (6):
f2fs: doc: fix wrong quota mount option description
f2fs: fix to avoid UAF in f2fs_sync_inode_meta()
f2fs: fix to avoid panic in f2fs_evict_inode
f2fs: fix to avoid out-of-boundary access in devs.path
f2fs: fix to do sanity check on ino and xnid
f2fs: fix to avoid out-of-boundary access in dnode page
Charalampos Mitrodimas (1):
usb: misc: apple-mfi-fastcharge: Make power supply names unique
Charles Han (2):
power: supply: cpcap-charger: Fix null check for power_supply_get_by_name
power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set
Cheick Traore (1):
pinctrl: stm32: Manage irq affinity settings
Chen Ni (1):
iio: adc: stm32-adc: Fix race in installing chained IRQ handler
Chen-Yu Tsai (1):
platform/chrome: cros_ec: Use per-device lockdep key
Chenyuan Yang (2):
fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()
Christoph Paasch (3):
net/mlx5: Correctly set gso_size when LRO is used
net/mlx5: Correctly set gso_segs when LRO is used
mptcp: drop skb if MPTCP skb extension allocation fails
Christophe Leroy (1):
ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop
Clément Le Goffic (1):
i2c: stm32: fix the device used for the DMA map
Cong Wang (6):
sch_htb: make htb_qlen_notify() idempotent
sch_hfsc: make hfsc_qlen_notify() idempotent
sch_qfq: make qfq_qlen_notify() idempotent
sch_drr: make drr_qlen_notify() idempotent
codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
sch_htb: make htb_deactivate() idempotent
Corey Minyard (1):
ipmi: Fix strcpy source and destination the same
Cristian Ciocaltea (1):
ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
Cynthia Huang (1):
selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t
Dai Ngo (1):
NFSD: detect mismatch of file handle and delegation stateid in OPEN op
Damien Le Moal (7):
ata: libata-sata: Disallow changing LPM state if not supported
scsi: mpt3sas: Correctly handle ATA device errors
ata: libata-scsi: Fix ata_to_sense_error() status handling
PCI: endpoint: Fix configfs group list head handling
PCI: endpoint: Fix configfs group removal on driver teardown
block: Make REQ_OP_ZONE_FINISH a write operation
ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig
Dan Carpenter (7):
dmaengine: nbpfaxi: Fix memory corruption in probe()
watchdog: ziirave_wdt: check record length in ziirave_firm_verify()
fs/orangefs: Allow 2 more characters in do_c_string()
cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table()
media: gspca: Add bounds checking to firmware parser
scsi: qla4xxx: Prevent a potential error pointer dereference
ALSA: usb-audio: Fix size validation in convert_chmap_v3()
Daniel Dadap (1):
ALSA: hda: Add missing NVIDIA HDA codec IDs
Daniil Dulov (1):
wifi: rtl818x: Kill URBs before clearing tx status queue
Dave Hansen (1):
x86/fpu: Delay instruction pointer fixup until after warning
Dave Stevenson (3):
media: tc358743: Check I2C succeeded during probe
media: tc358743: Return an appropriate colorspace from tc358743_set_fmt
media: tc358743: Increase FIFO trigger level to 374
David Collins (1):
thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required
David Lechner (2):
iio: proximity: isl29501: fix buffered read on big-endian systems
iio: adc: ad_sigma_delta: change to buffer predisable
Davide Caratti (2):
net/sched: sch_ets: properly init all active DRR list handles
net/sched: ets: use old 'nbands' while purging unused classes
Dawid Rezler (1):
ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx
Denis OSTERLAND-HEIM (1):
pps: fix poll support
Dennis Chen (1):
i40e: report VF tx_dropped with tx_errors instead of tx_discards
Dikshita Agarwal (1):
media: venus: Add support for SSR trigger using fault injection
Dmitry Antipov (1):
jfs: reject on-disk inodes of an unsupported type
Dmitry Vyukov (1):
selftests: Fix errno checking in syscall_user_dispatch test
Dong Chenchen (1):
net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime
Drew Hamilton (1):
usb: musb: fix gadget state on disconnect
Edson Juliano Drosdeck (1):
mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models
Edward Adam Davis (2):
jfs: Regular file corruption check
comedi: pcl726: Prevent invalid irq number
Eliav Farber (1):
pps: clients: gpio: fix interrupt handling order in remove path
Emily Deng (1):
drm/ttm: Should to return the evict error
Eric Biggers (3):
thunderbolt: Fix copy+paste error in match_service_id()
lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap
ipv6: sr: Fix MAC comparison to be constant-time
Eric Dumazet (5):
net_sched: act_ctinfo: use atomic64_t for three counters
pptp: ensure minimal skb length in pptp_xmit()
ipv6: reject malicious packets in ipv6_gso_segment()
pptp: fix pptp_xmit() error path
net_sched: sch_ets: implement lockless ets_dump()
Eric Work (1):
net: atlantic: add set_power to fw_ops for atl2 to fix wol
Evgeniy Harchenko (1):
ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6
Fabio Estevam (2):
iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[]
iio: adc: max1363: Reorder mode_list[] entries
Fabio Porcedda (1):
USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition
Fabrice Gasnier (1):
Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT
Fedor Pchelkin (3):
drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value
netfilter: nf_tables: adjust lockdep assertions handling
netlink: avoid infinite retry looping in netlink_unicast()
Feng Tang (1):
mm/page_alloc: detect allocation forbidden by cpuset and bail out early
Filipe Manana (1):
btrfs: fix log tree replay failure due to file with 0 links and extents
Finn Thain (2):
m68k: Don't unregister boot console needlessly
m68k: Fix lost column on framebuffer debug console
Florian Westphal (4):
netfilter: xt_nfacct: don't assume acct name is null-terminated
netfilter: ctnetlink: fix refcount leak on table dump
selftests: mptcp: make sendfile selftest work
netfilter: nf_reject: don't leak dst refcount for loopback packets
Gabor Juhos (1):
mtd: spinand: propagate spinand_wait() errors from spinand_write_page()
Gal Pressman (1):
net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs
Gautham R. Shenoy (1):
pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()
Geliang Tang (2):
mptcp: drop unused sk in mptcp_push_release
mptcp: disable add_addr retransmission when timeout is 0
Geoffrey D. Bennett (1):
ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx()
Giovanni Cabiddu (1):
crypto: qat - fix seq_file position update in adf_ring_next()
Gokul Sivakumar (1):
wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE
Greg Kroah-Hartman (2):
Revert "vmci: Prevent the dispatching of uninitialized payloads"
Linux 5.15.190
Gui-Dong Han (1):
media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
Haiyang Zhang (1):
hv_netvsc: Fix panic during namespace deletion with VF
Hangbin Liu (2):
selftests: udpgro: report error when receive failed
bonding: update LACP activity flag after setting lacp_active
Hans Zhang (1):
PCI: rockchip-host: Fix "Unexpected Completion" log message
Haoxiang Li (2):
media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init()
ice: Fix a null pointer dereference in ice_copy_and_init_pkg()
Harald Mommer (1):
gpio: virtio: Fix config space reading.
Hari Kalavakunta (1):
net: ncsi: Fix buffer overflow in fetching version id
Harry Yoo (1):
mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n
Heiner Kallweit (1):
dpaa_eth: don't use fixed_phy_change_carrier
Helge Deller (1):
Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()"
Henry Martin (1):
clk: davinci: Add NULL check in davinci_lpsc_clk_register()
Herbert Xu (1):
crypto: marvell/cesa - Fix engine load inaccuracy
Herton R. Krzesinski (1):
mm/debug_vm_pgtable: clear page table entries at destroy_args()
Horatiu Vultur (2):
phy: mscc: Fix parsing of unicast frames
phy: mscc: Fix timestamping for vsc8584
Hsin-Te Yuan (1):
thermal: sysfs: Return ENODATA instead of EAGAIN for reads
Ian Abbott (12):
comedi: pcl812: Fix bit shift out of bounds
comedi: aio_iiro_16: Fix bit shift out of bounds
comedi: das16m1: Fix bit shift out of bounds
comedi: das6402: Fix bit shift out of bounds
comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large
comedi: Fix some signed shift left operations
comedi: Fix use of uninitialized data in insn_rw_emulate_bits()
comedi: Fix initialization of data for instructions that write to subdevice
comedi: comedi_test: Fix possible deletion of uninitialized timers
comedi: fix race between polling and detaching
comedi: Make insn_rw_emulate_bits() do insn->n samples
comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()
Ido Schimmel (1):
mlxsw: spectrum: Forward packets with an IPv4 link-local source IP
Ilan Peer (1):
wifi: cfg80211: Fix interface type validation
Ilya Bakoulin (1):
drm/amd/display: Separate set_gsl from set_gsl_source_select
Imre Deak (1):
drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS
Ivan Stepchenko (1):
mtd: fix possible integer overflow in erase_xfer()
Jacek Kowalski (2):
e1000e: disregard NVM checksum on tgp when valid checksum bit is not set
e1000e: ignore uninitialized checksum word on tgp
Jack Xiao (1):
drm/amdgpu: fix incorrect vm flags to map bo
Jakub Acs (1):
net, hsr: reject HSR frame if skb can't hold tag
Jakub Kicinski (2):
netpoll: prevent hanging NAPI when netcons gets enabled
uapi: in6: restore visibility of most IPv6 socket options
James Cowgill (1):
media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check
Jan Beulich (1):
compiler: remove __ADDRESSABLE_ASM{_STR,}() again
Jan Kara (2):
isofs: Verify inode mode when loading from disk
udf: Verify partition map count
Jann Horn (1):
eventpoll: Fix semi-unbounded recursion
Jason Wang (1):
vhost: fail early when __vhost_add_used() fails
Jason Xing (1):
ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc
Jay Chen (1):
usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command
Jean-Baptiste Maneyrol (1):
iio: imu: inv_icm42600: change invalid data error to -EBUSY
Jeff Layton (1):
nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
Jeongjun Park (1):
ptp: prevent possible ABBA deadlock in ptp_clock_freerun()
Jerome Brunet (1):
PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails
Jian Shen (2):
net: hns3: fix concurrent setting vlan filter issue
net: hns3: fixed vf get max channels bug
Jiasheng Jiang (2):
iwlwifi: Add missing check for alloc_ordered_workqueue
scsi: lpfc: Remove redundant assignment to avoid memory leak
Jiaxun Yang (1):
MIPS: mm: tlb-r4k: Uniquify TLB entries on init
Jiayi Li (2):
ACPI: processor: perflib: Fix initial _PPC limit application
memstick: Fix deadlock by moving removing flag earlier
Jiayuan Chen (3):
bpf, sockmap: Fix panic when calling skb_linearize
bpf, sockmap: Fix psock incorrectly pointing to sk
bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls
Jimmy Assarsson (2):
can: kvaser_pciefd: Store device channel index
can: kvaser_usb: Assign netdev.dev_port based on device channel index
Jinjiang Tu (1):
mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn
Johan Adolfsson (1):
leds: leds-lp50xx: Handle reg to get correct multi_index
Johan Hovold (9):
net: gianfar: fix device leak when querying time stamp info
net: dpaa: fix device leak when querying time stamp info
usb: gadget: udc: renesas_usb3: fix device leak at unbind
usb: dwc3: meson-g12a: fix device leaks at unbind
wifi: ath11k: fix source ring-buffer corruption
net: enetc: fix device and OF node leak at probe
usb: musb: omap2430: fix device leak at unbind
usb: dwc3: imx8mp: fix device leak at unbind
wifi: ath11k: fix dest ring-buffer corruption when ring is full
Johan Korsnes (1):
arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX
Johannes Berg (2):
wifi: cfg80211: reject HTC bit for management frames
wifi: mac80211: don't complete management TX on SAE commit
John Ernberg (1):
net: usbnet: Avoid potential RCU stall on LINK_CHANGE event
John Garry (2):
scsi: aacraid: Stop using PCI_IRQ_AFFINITY
block: avoid possible overflow for chunk_sectors check in blk_stack_limits()
Jon Hunter (1):
soc/tegra: pmc: Ensure power-domains are in a known state
Jonas Rebmann (1):
net: fec: allow disable coalescing
Jonathan Cameron (1):
iio: light: as73211: Ensure buffer holes are zeroed
Jonathan Santos (1):
iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement
Jorge Ramirez-Ortiz (2):
media: venus: hfi: explicitly release IRQ during teardown
media: venus: protect against spurious interrupts during probe
Joseph Huang (1):
net: bridge: Do not offload IGMP/MLD messages
Judith Mendez (1):
mmc: sdhci_am654: Workaround for Errata i2312
Juergen Gross (1):
xen/gntdev: remove struct gntdev_copy_batch from stack
Junxian Huang (1):
RDMA/hns: Fix -Wframe-larger-than issue
Juri Lelli (1):
sched/deadline: Fix accounting after global limits change
Justin Tee (1):
scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
Kees Cook (4):
sched: Add wrapper for get_wchan() to keep task blocked
arm64: Handle KCOV __init vs inline mismatches
platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches
iommu/amd: Avoid stack buffer overflow from kernel cmdline
Kefeng Wang (1):
asm-generic: Add memory barrier dma_mb()
Kito Xu (veritas501) (1):
net: appletalk: Fix use-after-free in AARP proxy probe
Konstantin Komarov (1):
Revert "fs/ntfs3: Replace inode_trylock with inode_lock"
Krishna Kurapati (1):
usb: dwc3: qcom: Don't leave BCR asserted
Krzysztof Kozlowski (1):
ARM: dts: vfxxx: Correctly use two tuples for timer address
Kuen-Han Tsai (1):
usb: dwc3: Ignore late xferNotReady event to prevent halt timeout
Kuninori Morimoto (4):
ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask()
ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed
ASoC: soc-dai.c: add missing flag check at snd_soc_pcm_dai_probe()
ASoC: soc-dai.h: merge DAI call back functions into ops
Kuniyuki Iwashima (3):
rpl: Fix use-after-free in rpl_do_srh_inline().
Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()
ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc().
Kurt Borja (1):
platform/x86: think-lmi: Fix kobject cleanup
Laurentiu Mihalcea (1):
pwm: imx-tpm: Reset counter if CMOD is 0
Len Brown (1):
intel_idle: Allow loading ACPI tables for any family
Leo Yan (1):
perf tests bp_account: Fix leaked file descriptor
Leon Romanovsky (1):
net/mlx5e: Properly access RCU protected qdisc_sleeping variable
Li Zhong (1):
ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value
Liao Yuanhong (1):
ext4: use kmalloc_array() for array space allocation
Lifeng Zheng (5):
PM / devfreq: Check governor before using governor->name
cpufreq: Initialize cpufreq-based frequency-invariance later
cpufreq: Init policy->rwsem before it may be possibly used
cpufreq: Exit governor when failed to start old governor
PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store()
Lin.Cao (1):
drm/sched: Remove optimization that causes hang when killing dependent jobs
Lizhi Xu (3):
vmci: Prevent the dispatching of uninitialized payloads
fs/ntfs3: Add sanity check for file name
jfs: truncate good inode pages when hard link is 0
Lorenzo Stoakes (5):
selftests/perf_events: Add a mmap() correctness test
mm: drop the assumption that VM_SHARED always implies writable
mm: update memfd seal write check to include F_SEAL_WRITE
mm: reinstate ability to map write-sealed memfd mappings read-only
selftests/memfd: add test for mapping write-sealed memfd read-only
Lucas De Marchi (1):
usb: early: xhci-dbc: Fix early_ioremap leak
Lucy Thrun (1):
ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
Ludwig Disterhof (1):
media: usbtv: Lock resolution while streaming
Luiz Augusto von Dentz (3):
Bluetooth: SMP: If an unallowed command is received consider it a failure
Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout
Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU
Lukas Wunner (1):
PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
Ma Ke (4):
bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint()
dpaa2-eth: Fix device reference count leak in MAC endpoint handling
dpaa2-switch: Fix device reference count leak in MAC endpoint handling
sunvdc: Balance device refcount in vdc_port_mpgroup_check
Maciej W. Rozycki (1):
powerpc/eeh: Rely on dev->link_active_reporting
Mael GUERIN (1):
USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera
Manivannan Sadhasivam (1):
PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute
Maor Gottlieb (1):
RDMA/core: Rate limit GID cache warning messages
Marco Elver (1):
locking/barriers, kcsan: Support generic instrumentation
Marek Szyprowski (1):
zynq_fpga: use sgtable-based scatterlist wrappers
Marek Vasut (1):
usb: renesas-xhci: Fix External ROM access timeouts
Mario Limonciello (5):
usb: xhci: Avoid showing warnings for dying controller
usb: xhci: Avoid showing errors during surprise removal
drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual
drm/amd: Restore cached power limit during resume
drm/amd/display: Avoid a NULL pointer dereference
Marius Zachmann (1):
hwmon: (corsair-cpro) Validate the size of the received input buffer
Mark Brown (1):
ASoC: hdac_hdmi: Rate limit logging on connection and disconnection
Martin Kaistra (1):
wifi: rtl8xxxu: Fix RX skb size for aggregation disabled
Masahiro Yamada (3):
kconfig: qconf: fix ConfigList::updateListAllforAll()
kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed()
kconfig: gconf: fix potential memory leak in renderer_edited()
Masami Hiramatsu (Google) (1):
selftests: tracing: Use mutex_unlock for testing glob filter
Mat Martineau (1):
selftests: mptcp: Initialize variables to quiet gcc 12 warnings
Mathias Nyman (5):
usb: hub: fix detection of high tier USB3 devices behind suspended hubs
usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm
usb: hub: Fix flushing of delayed work used for post resume purposes
usb: hub: avoid warm port reset during USB3 disconnect
usb: hub: Don't try to recover devices lost during warm reset.
Matt Johnston (1):
net: mctp: Prevent duplicate binds
Matthew Wilcox (Oracle) (1):
XArray: Add calls to might_alloc()
Matthieu Baerts (1):
selftests: mptcp: add missing join check
Matthieu Baerts (NGI0) (4):
mptcp: pm: kernel: flush: do not reset ADD_ADDR limit
selftests: mptcp: connect: also cover alt modes
selftests: mptcp: connect: also cover checksum
selftests: mptcp: pm: check flush doesn't reset limits
Maulik Shah (1):
pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov
Maurizio Lombardi (1):
scsi: target: core: Generate correct identifiers for PR OUT transport IDs
Meagan Lloyd (2):
rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
Mengbiao Xiong (1):
crypto: ccp - Fix crash when rebind ccp device for ccp.ko
Miao Li (1):
usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive
Miaoqian Lin (1):
most: core: Drop device reference after usage in get_channel()
Michael Grzeschik (2):
usb: typec: tcpm: allow to use sink in accessory mode
usb: typec: tcpm: allow switching to mode accessory to mux properly
Michael Zhivich (1):
x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode()
Michal Schmidt (1):
benet: fix BUG when creating VFs
Mike Christie (1):
vhost-scsi: Fix log flooding with target does not exist errors
Mikhail Lobanov (1):
wifi: mac80211: check basic rates validity in sta_link_apply_parameters
Mikulas Patocka (1):
dm-mpath: don't print the "loaded" message if registering fails
Mina Almasry (1):
netmem: fix skb_frag_address_safe with unreadable skbs
Minhong He (1):
ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add
Myrrh Periwinkle (3):
usb: typec: ucsi: Update power_supply on power role change
vt: keyboard: Don't process Unicode characters in K_OFF mode
vt: defkeymap: Map keycodes above 127 to K_HOLE
Namhyung Kim (1):
perf sched: Fix memory leaks for evsel->priv in timehist
Nathan Chancellor (5):
phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept()
memstick: core: Zero initialize id_reg in h_memstick_read_dev_id()
usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init()
wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table()
ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS
NeilBrown (1):
smb/server: avoid deadlock when linking with ReplaceIfExists
Niklas Söderlund (1):
media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control
Nilton Perim Neto (1):
Input: xpad - set correct controller type for Acer NGR200
Nirmal Patel (1):
PCI: vmd: Assign VMD IRQ domain before enumeration
Nuno Sá (1):
clk: clk-axi-clkgen: fix fpfd_max frequency for zynq
Ojaswin Mujoo (2):
ext4: fix fsmap end of range reporting with bigalloc
ext4: fix reserved gdt blocks handling in fsmap
Olga Kornievskaia (1):
NFSv4.2: another fix for listxattr
Oliver Neukum (3):
usb: net: sierra: check for no status endpoint
usb: core: usb_submit_urb: downgrade type check
cdc-acm: fix race between initial clearing halt and open
Oscar Maes (1):
net: ipv4: fix incorrect MTU in broadcast routes
Ovidiu Panait (1):
hwrng: mtk - handle devm_pm_runtime_enable errors
Pagadala Yesu Anjaneyulu (1):
wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect
Pali Rohár (1):
cifs: Fix calling CIFSFindFirst() for root path without msearch
Paolo Abeni (4):
selftests: net: increase inter-packet timeout in udpgro.sh
mptcp: fix error mibs accounting
mptcp: introduce MAPPING_BAD_CSUM
mptcp: do not queue data on closed subflows
Paul Cercueil (1):
usb: musb: Add and use inline functions musb_{get,set}_state
Paul Chaignon (2):
bpf: Reject %p% format string in bprintf-like helpers
bpf: Check flow_dissector ctx accesses are aligned
Paul E. McKenney (1):
rcu: Protect ->defer_qs_iw_pending from data race
Paul Kocialkowski (1):
clk: sunxi-ng: v3s: Fix de clock definition
Pavel Begunkov (1):
io_uring: don't use int for ABI
Pawan Gupta (1):
x86/bugs: Avoid warning when overriding return thunk
Peter Oberparleiter (2):
s390/hypfs: Avoid unnecessary ioctl registration in debugfs
s390/hypfs: Enable limited access during lockdown
Peter Robinson (1):
reset: brcmstb: Enable reset drivers for ARCH_BCM2835
Peter Ujfalusi (1):
ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
Peter Zijlstra (2):
x86: Fix __get_wchan() for !STACKTRACE
x86: Pin task-stack in __get_wchan()
Petr Pavlu (1):
module: Restore the moduleparam prefix length check
Phillip Lougher (1):
squashfs: fix memory leak in squashfs_fill_super
Prashant Malani (1):
cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag
Praveen Kaligineedi (1):
gve: Fix stuck TX queue for DQ queue format
Pu Lehui (1):
tracing: Limit access to parser->buffer when trace_get_user failed
Purva Yeshi (1):
md: dm-zoned-target: Initialize return variable r to avoid uninitialized use
Qi Zheng (1):
x86: Fix get_wchan() to support the ORC unwinder
Qingfang Deng (1):
ppp: fix race conditions in ppp_fill_forward_path
Qu Wenruo (2):
btrfs: do not allow relocation of partially dropped subvolumes
btrfs: populate otime when logging an inode item
Quang Le (1):
net/packet: fix a race in packet_set_ring() and packet_notifier()
RD Babiera (1):
usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach
Rafael J. Wysocki (4):
cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode
ACPI: processor: perflib: Move problematic pr->performance check
cpuidle: governors: menu: Avoid using invalid recent intervals data
PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit()
Rand Deeb (1):
wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()
Randy Dunlap (1):
parisc: Makefile: fix a typo in palo.conf
Ranjan Kumar (4):
scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
scsi: mpi3mr: Fix race between config read submit and interrupt completion
scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers
scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems
Remi Pommarel (2):
wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key()
Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()"
Ricardo Ribalda (3):
media: uvcvideo: Do not mark valid metadata as invalid
media: venus: vdec: Clamp param smaller than 1fps and bigger than 240.
media: venus: venc: Clamp param smaller than 1fps and bigger than 240
Ricky Wu (1):
misc: rtsx: usb: Ensure mmc child device is active when card is present
Rob Clark (1):
drm/msm: use trylock for debugfs
Rohit Visavalia (1):
clk: xilinx: vcu: unregister pll_post only if registered correctly
Rong Zhang (2):
platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots
fs/ntfs3: correctly create symlink for relative path
RubenKelevra (1):
fs_context: fix parameter name in infofc() macro
Ryan Lee (1):
apparmor: ensure WB_HISTORY_SIZE value is a power of 2
Ryan Mann (NDI) (1):
USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI
Ryusuke Konishi (1):
nilfs2: reject invalid file types when reading inodes
Sabrina Dubroca (1):
udp: also consider secpath when evaluating ipsec use for checksumming
Sakari Ailus (1):
media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free()
Salah Triki (1):
iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe()
Sam Shih (1):
pinctrl: mediatek: moore: check if pin_desc is valid before use
Sarah Newman (1):
drbd: add missing kref_get in handle_write_conflicts
Sarthak Garg (1):
mmc: sdhci-msm: Ensure SD card power isn't ON when card removed
Sasha Levin (2):
fs: Prevent file descriptor table allocations exceeding INT_MAX
media: qcom: camss: cleanup media device allocated resource on error path
Sebastian Andrzej Siewior (1):
net: phy: Use netif_rx().
Sebastian Ott (1):
ACPI: processor: fix acpi_object initialization
Sebastian Reichel (2):
watchdog: dw_wdt: Fix default timeout
usb: typec: fusb302: cache PD RX state
Selvarasu Ganesan (1):
usb: dwc3: Remove WARN_ON for device endpoint command timeouts
Sergey Bashirov (4):
pNFS: Fix stripe mapping in block/scsi layout
pNFS: Fix disk addr range check in block/scsi layout
pNFS: Handle RPC size limit for layoutcommits
pNFS: Fix uninited ptr deref in block/scsi layout
Sergey Senozhatsky (1):
wifi: ath11k: clear initialized flag for deinit-ed srng lists
Seunghui Lee (1):
scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume
Shankari Anand (1):
kconfig: nconf: Ensure null termination where strncpy is used
Shengjiu Wang (1):
ASoC: fsl_sai: replace regmap_write with regmap_update_bits
Shiji Yang (1):
MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free}
Showrya M N (1):
scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
Shubhrajyoti Datta (1):
EDAC/synopsys: Clear the ECC counters on init
Slark Xiao (2):
USB: serial: option: add Foxconn T99W640
USB: serial: option: add Foxconn T99W709
Sravan Kumar Gundu (1):
fbdev: Fix vmalloc out-of-bounds write in fast_imageblit
Stanislav Fomichev (1):
vrf: Drop existing dst reference in vrf_ip6_input_dst
Stanislaw Gruszka (1):
wifi: iwlegacy: Check rate_idx range after addition
Stav Aviram (1):
net/mlx5: Check device memory pointer before usage
Stefan Metzmacher (5):
smb: server: remove separate empty_recvmsg_queue
smb: server: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already
smb: server: let recv_done() consistently call put_recvmsg/smb_direct_disconnect_rdma_connection
smb: server: let recv_done() avoid touching data_transfer after cleanup/move
smb: client: let recv_done() cleanup before notifying the callers.
Steven Rostedt (5):
tracing: Add down_write(trace_event_sem) when adding trace event
selftests/tracing: Fix false failure of subsystem event test
ktest.pl: Prevent recursion of default variable options
ftrace: Also allocate and copy hash for reading of filter files
tracing: Remove unneeded goto out logic
Su Hui (1):
usb: xhci: print xhci->xhc_state when queue_command failed
Suchit Karunakaran (1):
kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c
Sven Schnelle (2):
s390/time: Use monotonic clock in get_cycles()
s390/stp: Remove udelay from stp_sync_clock()
Takashi Iwai (4):
ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out()
ALSA: usb-audio: Validate UAC3 power domain descriptors, too
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation
Tao Xue (1):
usb: gadget : fix use-after-free in composite_dev_cleanup()
Tariq Toukan (1):
lib: bitmap: Introduce node-aware alloc API
Tetsuo Handa (1):
hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
Theodore Ts'o (2):
ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
ext4: don't try to clear the orphan_present feature block device is r/o
Thomas Fourier (19):
pch_uart: Fix dma_sync_sg_for_device() nents value
mmc: bcm2835: Fix dma_unmap_sg() nents value
mwl8k: Add missing check after DMA map
crypto: inside-secure - Fix `dma_unmap_sg()` nents value
scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value
scsi: mvsas: Fix dma_unmap_sg() nents value
scsi: isci: Fix dma_unmap_sg() nents value
crypto: keembay - Fix dma_unmap_sg() nents value
crypto: img-hash - Fix dma_unmap_sg() nents value
dmaengine: mv_xor: Fix missing check after DMA map and missing unmap
dmaengine: nbpfaxi: Add missing check after DMA map
mtd: rawnand: atmel: Fix dma_mapping_error() address
mtd: rawnand: rockchip: Add missing check after DMA map
et131x: Add missing check after DMA map
net: ag71xx: Add missing check after DMA map
(powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer
wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`.
wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc()
mtd: rawnand: fsmc: Add missing check after DMA map
Thomas Gleixner (3):
perf/core: Don't leak AUX buffer refcount on allocation failure
perf/core: Exit early on perf_mmap() fail
perf/core: Prevent VMA split of buffer mappings
Thomas Weißschuh (3):
tools/nolibc: define time_t in terms of __kernel_old_time_t
MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
kbuild: userprogs: use correct linker when mixing clang and GNU ld
Thorsten Blum (3):
ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe()
smb: server: Fix extension string in ksmbd_extract_shortname()
usb: storage: realtek_cr: Use correct byte order for bcs->Residue
Tianxiang Peng (1):
x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper
Tigran Mkrtchyan (1):
pNFS/flexfiles: don't attempt pnfs on fatal DS errors
Tim Harvey (1):
hwmon: (gsc-hwmon) fix fan pwm setpoint show functions
Timothy Pearson (5):
PCI: pnv_php: Clean up allocated IRQs on unplug
PCI: pnv_php: Work around switches with broken presence detection
powerpc/eeh: Export eeh_unfreeze_pe()
powerpc/eeh: Make EEH driver device hotplug safe
PCI: pnv_php: Fix surprise plug detection and recovery
Timur Kristóf (6):
drm/amd/display: Don't overwrite dce60_clk_mgr
drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3
drm/amd/display: Fix DP audio DTO1 clock source on DCE 6.
drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs
drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs
drm/amd/display: Don't overclock DCE 6 by 15%
Tiwei Bie (1):
um: rtc: Avoid shadowing err in uml_rtc_start()
Tomas Henzl (1):
scsi: mpt3sas: Fix a fw_event memory leak
Tomasz Michalec (2):
usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present
platform/chrome: cros_ec_typec: Defer probe on missing EC parent
Trond Myklebust (2):
NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
NFS: Fix the setting of capabilities when automounting a new filesystem
Tvrtko Ursulin (1):
drm/ttm: Respect the shrinker core free target
Tzung-Bi Shih (2):
platform/chrome: cros_ec: remove unneeded label and if-condition
platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister()
Ulf Hansson (1):
mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()
Uros Bizjak (1):
ucount: fix atomic_long_inc_below() argument type
Uwe Kleine-König (6):
usb: musb: omap2430: Convert to platform remove callback returning void
platform/chrome: cros_ec: Make cros_ec_unregister() return void
media: camss: Convert to platform remove callback returning void
pwm: mediatek: Implement .apply() callback
pwm: mediatek: Handle hardware enable and clock enable separately
pwm: mediatek: Fix duty and period setting
ValdikSS (1):
igc: fix disabling L1.2 PCI-E link substate on I226 on init
Vedang Nagar (1):
media: venus: Add a check for packet size after reading from shared memory
Viacheslav Dubeyko (4):
hfs: fix slab-out-of-bounds in hfs_bnode_read()
hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
hfs: fix not erasing deleted b-tree node issue
Victor Shih (1):
mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency
Viresh Kumar (1):
i2c: virtio: Avoid hang by using interruptible completion wait
Waiman Long (2):
mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup()
cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key
Wang Liang (2):
net: drop UFO packets in udp_rcv_segment()
net: bridge: fix soft lockup in br_multicast_query_expired()
Wang Zhaolong (2):
smb: client: fix use-after-free in cifs_oplock_break
smb: client: fix use-after-free in crypt_message when using async crypto
Wayne Chang (1):
phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode
Wei Gao (1):
ext2: Handle fiemap on empty files to prevent EINVAL
Weitao Wang (1):
usb: xhci: Fix slot_id resource race conflict
Wen Chen (1):
drm/amd/display: Fix 'failed to blank crtc!'
Will Deacon (1):
KVM: arm64: Fix kernel BUG() due to bad backport of FPSIMD/SVE/SME fix
William Liu (4):
net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree
net/sched: Restrict conditions for adding duplicating netems to qdisc tree
net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate
Wolfram Sang (3):
media: usb: hdpvr: disable zero-length read messages
i3c: add missing include to internal header
i3c: don't fail if GETHDRCAP is unsupported
Xiang Mei (2):
net/sched: sch_qfq: Fix race condition on qfq_aggregate
net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class
Xilin Wu (1):
interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node
Xin Long (1):
sctp: linearize cloned gso packets in sctp_rcv
Xinxin Wan (1):
ASoC: codecs: rt5640: Retry DEVICE_ID verification
Xinyu Liu (2):
usb: gadget: configfs: Fix OOB read on empty string write
usb: core: config: Prevent OOB read in SS endpoint companion parsing
Xiu Jianfeng (1):
wifi: iwlwifi: Fix memory leak in iwl_mvm_init()
Xiumei Mu (1):
selftests: rtnetlink.sh: remove esp4_offload after test
Xu Yang (4):
usb: chipidea: add USB PHY event
usb: phy: mxs: disconnect line when USB charger is attached
net: usb: asix_devices: add phy_mask for ax88772 mdio bus
usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test
Xu Yilun (1):
fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable()
Yajun Deng (1):
i40e: Add rx_missed_errors for buffer exhaustion
Yang Xiwen (1):
i2c: qup: jump out of the loop in case of timeout
Yangtao Li (1):
hfsplus: remove mutex_lock check in hfsplus_free_extents
Yann E. MORIN (1):
kconfig: lxdialog: fix 'space' to (de)select options
Yazen Ghannam (1):
x86/mce/amd: Add default names for MCA banks and blocks
Ye Bin (1):
fs/buffer: fix use-after-free when call bh_read() helper
Yonglong Liu (1):
net: hns3: disable interrupt when ptp init failed
Youngjun Lee (1):
media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
Youssef Samir (1):
bus: mhi: host: Detect events pointing to unexpected TREs
Yu Kuai (1):
nvme: fix misaccounting of nvme-mpath inflight I/O
Yuan Chen (2):
bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure
pinctrl: sunxi: Fix memory leak on krealloc failure
Yue Haibing (1):
ipv6: mcast: Delay put pmc->idev in mld_del_delrec()
Yuichiro Tsuji (1):
net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization
Yun Lu (2):
af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd()
af_packet: fix soft lockup issue caused by tpacket_snd()
Yunhui Cui (1):
serial: 8250: fix panic due to PSLVERR
Yury Norov [NVIDIA] (1):
RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
Zenm Chen (1):
USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles
Zhang Lixu (2):
iio: hid-sensor-prox: Restore lost scale assignments
iio: hid-sensor-prox: Fix incorrect OFFSET calculation
Zhang Rui (1):
powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed
Zhang Shurong (1):
media: ov2659: Fix memory leaks in ov2659_probe()
Zhang Yi (1):
ext4: fix hole length calculation overflow in non-extent inodes
Zheng Yu (1):
jfs: fix metapage reference count leak in dbAllocCtl
Zhiqi Song (1):
crypto: hisilicon/hpre - fix dma unmap sequence
Zhu Qiyu (1):
ACPI: PRM: Reduce unnecessary printing to avoid user confusion
Ziyan Fu (1):
watchdog: iTCO_wdt: Report error if timeout configuration fails
chenchangcheng (1):
media: uvcvideo: Fix bandwidth issue for Alcor camera
fangzhong.zhou (1):
i2c: Force DLL0945 touchpad i2c freq to 100khz
jackysliu (1):
scsi: bfa: Double-free fix
tuhaowen (1):
PM: sleep: console: Fix the black screen issue
xin.guo (1):
tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range
zhangjianrong (1):
net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths()
Álvaro Fernández Rojas (5):
net: dsa: b53: fix b53_imp_vlan_setup for BCM5325
net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325
net: dsa: b53: prevent DIS_LEARNING access on BCM5325
net: dsa: b53: prevent SWITCH_CTRL access on BCM5325
net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325
2 weeks, 1 day
- 1
- 1
Linux 5.10.241
by Greg Kroah-Hartman
I'm announcing the release of the 5.10.241 kernel.
All users of the 5.10 kernel series must upgrade.
The updated 5.10.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/filesystems/f2fs.rst | 6
Documentation/firmware-guide/acpi/i2c-muxes.rst | 8
Documentation/memory-barriers.txt | 11
Makefile | 4
arch/arm/Makefile | 2
arch/arm/boot/dts/imx6ul-kontron-n6x1x-s.dtsi | 1
arch/arm/boot/dts/vfxxx.dtsi | 2
arch/arm/mach-rockchip/platsmp.c | 15
arch/arm/mach-tegra/reset.c | 2
arch/arm64/boot/dts/freescale/imx8mm-beacon-som.dtsi | 2
arch/arm64/include/asm/acpi.h | 2
arch/arm64/mm/ptdump_debugfs.c | 3
arch/m68k/Kconfig.debug | 2
arch/m68k/kernel/early_printk.c | 42 -
arch/m68k/kernel/head.S | 39 -
arch/mips/crypto/chacha-core.S | 20
arch/mips/include/asm/vpe.h | 8
arch/mips/kernel/process.c | 16
arch/mips/mm/tlb-r4k.c | 56 +
arch/parisc/Makefile | 2
arch/powerpc/configs/ppc6xx_defconfig | 1
arch/powerpc/kernel/eeh.c | 1
arch/powerpc/kernel/eeh_driver.c | 48 +
arch/powerpc/kernel/eeh_pe.c | 11
arch/powerpc/kernel/pci-hotplug.c | 3
arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6
arch/s390/hypfs/hypfs_dbfs.c | 19
arch/s390/include/asm/timex.h | 13
arch/s390/kernel/time.c | 2
arch/s390/mm/dump_pagetables.c | 2
arch/sh/Makefile | 10
arch/sh/boot/compressed/Makefile | 4
arch/sh/boot/romimage/Makefile | 4
arch/x86/include/asm/xen/hypercall.h | 6
arch/x86/kernel/cpu/amd.c | 2
arch/x86/kernel/cpu/bugs.c | 5
arch/x86/kernel/cpu/mce/amd.c | 13
arch/x86/mm/extable.c | 5
block/bio.c | 2
block/blk-settings.c | 2
drivers/acpi/acpi_processor.c | 2
drivers/acpi/apei/ghes.c | 2
drivers/acpi/processor_idle.c | 4
drivers/acpi/processor_perflib.c | 11
drivers/ata/Kconfig | 35 -
drivers/ata/libata-sata.c | 5
drivers/ata/libata-scsi.c | 20
drivers/base/power/domain_governor.c | 18
drivers/base/power/runtime.c | 5
drivers/block/drbd/drbd_receiver.c | 6
drivers/block/sunvdc.c | 4
drivers/bus/mhi/host/boot.c | 8
drivers/bus/mhi/host/internal.h | 4
drivers/char/hw_random/mtk-rng.c | 4
drivers/char/ipmi/ipmi_msghandler.c | 8
drivers/char/ipmi/ipmi_watchdog.c | 59 +-
drivers/clk/davinci/psc.c | 5
drivers/clk/sunxi-ng/ccu-sun8i-v3s.c | 3
drivers/cpufreq/armada-8k-cpufreq.c | 2
drivers/cpufreq/cppc_cpufreq.c | 2
drivers/cpufreq/cpufreq.c | 29
drivers/cpuidle/governors/menu.c | 21
drivers/crypto/ccp/ccp-debugfs.c | 3
drivers/crypto/img-hash.c | 2
drivers/crypto/inside-secure/safexcel_hash.c | 8
drivers/crypto/marvell/cesa/cipher.c | 4
drivers/crypto/marvell/cesa/hash.c | 5
drivers/crypto/qat/qat_common/adf_transport_debug.c | 4
drivers/devfreq/governor_userspace.c | 6
drivers/dma-buf/dma-resv.c | 5
drivers/dma/mv_xor.c | 21
drivers/dma/nbpfaxi.c | 24
drivers/fpga/zynq-fpga.c | 10
drivers/gpio/gpio-rcar.c | 20
drivers/gpio/gpio-tps65912.c | 7
drivers/gpio/gpio-wcd934x.c | 7
drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1
drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 6
drivers/gpu/drm/amd/display/dc/bios/command_table.c | 2
drivers/gpu/drm/amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 2
drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 -
drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 -
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11
drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu_helper.c | 2
drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6
drivers/gpu/drm/drm_dp_helper.c | 2
drivers/gpu/drm/rockchip/rockchip_drm_fb.c | 9
drivers/gpu/drm/scheduler/sched_entity.c | 23
drivers/gpu/drm/ttm/ttm_resource.c | 3
drivers/hid/hid-core.c | 19
drivers/hwmon/corsair-cpro.c | 5
drivers/hwmon/gsc-hwmon.c | 4
drivers/i2c/busses/i2c-qup.c | 4
drivers/i2c/busses/i2c-stm32.c | 8
drivers/i2c/busses/i2c-stm32f7.c | 4
drivers/i2c/i2c-core-acpi.c | 1
drivers/i3c/internals.h | 1
drivers/i3c/master.c | 2
drivers/idle/intel_idle.c | 2
drivers/iio/adc/ad7768-1.c | 23
drivers/iio/adc/ad_sigma_delta.c | 4
drivers/iio/adc/max1363.c | 43 -
drivers/iio/adc/stm32-adc-core.c | 7
drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 6
drivers/iio/light/as73211.c | 2
drivers/iio/light/hid-sensor-prox.c | 3
drivers/iio/pressure/bmp280-core.c | 9
drivers/iio/proximity/isl29501.c | 16
drivers/infiniband/core/cache.c | 4
drivers/infiniband/core/nldev.c | 22
drivers/infiniband/hw/bnxt_re/qplib_res.c | 2
drivers/infiniband/hw/hfi1/affinity.c | 44 -
drivers/infiniband/sw/rxe/rxe_comp.c | 16
drivers/input/joystick/xpad.c | 2
drivers/iommu/amd/init.c | 4
drivers/leds/leds-lp50xx.c | 11
drivers/md/dm-core.h | 52 +
drivers/md/dm-historical-service-time.c | 4
drivers/md/dm-queue-length.c | 4
drivers/md/dm-round-robin.c | 4
drivers/md/dm-rq.c | 8
drivers/md/dm-service-time.c | 4
drivers/md/dm-zoned-target.c | 2
drivers/md/dm.c | 59 --
drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3
drivers/media/dvb-frontends/dib7000p.c | 8
drivers/media/i2c/hi556.c | 26
drivers/media/i2c/ov2659.c | 3
drivers/media/i2c/tc358743.c | 86 +-
drivers/media/platform/qcom/camss/camss.c | 4
drivers/media/platform/qcom/venus/core.c | 21
drivers/media/platform/qcom/venus/core.h | 2
drivers/media/platform/qcom/venus/dbgfs.c | 9
drivers/media/platform/qcom/venus/dbgfs.h | 13
drivers/media/platform/qcom/venus/hfi_venus.c | 14
drivers/media/platform/qcom/venus/vdec.c | 5
drivers/media/usb/gspca/vicam.c | 10
drivers/media/usb/hdpvr/hdpvr-i2c.c | 6
drivers/media/usb/usbtv/usbtv-video.c | 4
drivers/media/usb/uvc/uvc_driver.c | 3
drivers/media/usb/uvc/uvc_video.c | 21
drivers/media/v4l2-core/v4l2-ctrls.c | 37 +
drivers/memstick/core/memstick.c | 3
drivers/memstick/host/rtsx_usb_ms.c | 1
drivers/misc/cardreader/rtsx_usb.c | 16
drivers/mmc/host/bcm2835.c | 3
drivers/mmc/host/rtsx_usb_sdmmc.c | 4
drivers/mmc/host/sdhci-msm.c | 14
drivers/mmc/host/sdhci-pci-core.c | 3
drivers/mmc/host/sdhci-pci-gli.c | 4
drivers/mmc/host/sdhci_am654.c | 9
drivers/most/core.c | 2
drivers/mtd/ftl.c | 2
drivers/mtd/nand/raw/atmel/nand-controller.c | 2
drivers/mtd/nand/raw/atmel/pmecc.c | 6
drivers/mtd/nand/raw/fsmc_nand.c | 2
drivers/net/can/kvaser_pciefd.c | 1
drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1
drivers/net/dsa/b53/b53_common.c | 54 +
drivers/net/dsa/b53/b53_regs.h | 2
drivers/net/ethernet/agere/et131x.c | 36 +
drivers/net/ethernet/atheros/ag71xx.c | 9
drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4
drivers/net/ethernet/emulex/benet/be_cmds.c | 2
drivers/net/ethernet/emulex/benet/be_main.c | 8
drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 66 +-
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 13
drivers/net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 16
drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c | 95 +--
drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.h | 5
drivers/net/ethernet/freescale/fec_main.c | 34 -
drivers/net/ethernet/freescale/gianfar_ethtool.c | 4
drivers/net/ethernet/google/gve/gve_adminq.c | 1
drivers/net/ethernet/google/gve/gve_main.c | 67 +-
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 17
drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 3
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 33 -
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.c | 2
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 2
drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 49 -
drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25
drivers/net/ethernet/intel/e1000e/defines.h | 3
drivers/net/ethernet/intel/e1000e/ich8lan.c | 2
drivers/net/ethernet/intel/e1000e/nvm.c | 6
drivers/net/ethernet/intel/fm10k/fm10k.h | 3
drivers/net/ethernet/intel/i40e/i40e.h | 2
drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 3
drivers/net/ethernet/intel/i40e/i40e_main.c | 18
drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4
drivers/net/ethernet/intel/ice/ice_flex_pipe.c | 2
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 3
drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2
drivers/net/ethernet/mellanox/mlxsw/trap.h | 1
drivers/net/ethernet/xilinx/xilinx_emaclite.c | 2
drivers/net/hyperv/hyperv_net.h | 3
drivers/net/hyperv/netvsc_drv.c | 29
drivers/net/phy/mscc/mscc_ptp.c | 1
drivers/net/phy/mscc/mscc_ptp.h | 1
drivers/net/phy/smsc.c | 1
drivers/net/ppp/pptp.c | 18
drivers/net/usb/sierra_net.c | 4
drivers/net/usb/usbnet.c | 11
drivers/net/virtio_net.c | 38 +
drivers/net/vrf.c | 2
drivers/net/wireless/ath/ath11k/hal.c | 25
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 8
drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2
drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5
drivers/net/wireless/intel/iwlwifi/dvm/main.c | 11
drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7
drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 4
drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2
drivers/net/wireless/marvell/mwl8k.c | 4
drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 3
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 2
drivers/net/wireless/realtek/rtlwifi/pci.c | 23
drivers/net/xen-netfront.c | 5
drivers/pci/controller/pcie-rockchip-host.c | 2
drivers/pci/endpoint/pci-ep-cfs.c | 1
drivers/pci/endpoint/pci-epf-core.c | 2
drivers/pci/hotplug/pnv_php.c | 233 +++++++
drivers/pci/pci-acpi.c | 4
drivers/pci/pci.c | 8
drivers/pci/probe.c | 2
drivers/phy/tegra/xusb-tegra186.c | 59 +-
drivers/pinctrl/stm32/pinctrl-stm32.c | 1
drivers/pinctrl/sunxi/pinctrl-sunxi.c | 11
drivers/platform/chrome/cros_ec.c | 23
drivers/platform/chrome/cros_ec.h | 2
drivers/platform/chrome/cros_ec_i2c.c | 4
drivers/platform/chrome/cros_ec_lpc.c | 4
drivers/platform/chrome/cros_ec_spi.c | 4
drivers/platform/chrome/cros_ec_typec.c | 4
drivers/platform/x86/thinkpad_acpi.c | 4
drivers/power/supply/max14577_charger.c | 4
drivers/pps/pps.c | 11
drivers/ptp/ptp_clock.c | 13
drivers/pwm/pwm-imx-tpm.c | 9
drivers/pwm/pwm-mediatek.c | 78 +-
drivers/regulator/core.c | 1
drivers/reset/Kconfig | 10
drivers/rtc/rtc-ds1307.c | 17
drivers/rtc/rtc-hym8563.c | 2
drivers/rtc/rtc-pcf85063.c | 2
drivers/rtc/rtc-pcf8563.c | 2
drivers/rtc/rtc-rv3028.c | 2
drivers/scsi/aacraid/comminit.c | 3
drivers/scsi/bfa/bfad_im.c | 1
drivers/scsi/ibmvscsi_tgt/libsrp.c | 6
drivers/scsi/isci/request.c | 2
drivers/scsi/libiscsi.c | 3
drivers/scsi/lpfc/lpfc_debugfs.c | 1
drivers/scsi/lpfc/lpfc_scsi.c | 4
drivers/scsi/lpfc/lpfc_sli.c | 8
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19
drivers/scsi/mvsas/mv_sas.c | 4
drivers/scsi/pm8001/pm8001_init.c | 11
drivers/scsi/pm8001/pm8001_sas.h | 1
drivers/scsi/qla4xxx/ql4_os.c | 2
drivers/scsi/scsi_scan.c | 2
drivers/scsi/scsi_transport_sas.c | 60 +-
drivers/scsi/ufs/ufs-exynos.c | 4
drivers/scsi/ufs/ufshcd.c | 10
drivers/soc/aspeed/aspeed-lpc-snoop.c | 13
drivers/soc/qcom/mdt_loader.c | 41 +
drivers/soc/tegra/pmc.c | 51 -
drivers/soundwire/stream.c | 2
drivers/staging/comedi/comedi_fops.c | 61 +-
drivers/staging/comedi/comedi_internal.h | 1
drivers/staging/comedi/drivers.c | 30 -
drivers/staging/comedi/drivers/aio_iiro_16.c | 3
drivers/staging/comedi/drivers/comedi_test.c | 2
drivers/staging/comedi/drivers/das16m1.c | 3
drivers/staging/comedi/drivers/das6402.c | 3
drivers/staging/comedi/drivers/pcl812.c | 3
drivers/staging/fbtft/fbtft-core.c | 1
drivers/staging/media/imx/imx-media-csc-scaler.c | 2
drivers/staging/nvec/nvec_power.c | 2
drivers/thermal/thermal_sysfs.c | 9
drivers/thunderbolt/domain.c | 2
drivers/thunderbolt/switch.c | 2
drivers/tty/serial/8250/8250_port.c | 3
drivers/tty/serial/pch_uart.c | 2
drivers/tty/vt/defkeymap.c_shipped | 112 +++
drivers/tty/vt/keyboard.c | 2
drivers/uio/uio_hv_generic.c | 4
drivers/usb/atm/cxacru.c | 106 +--
drivers/usb/chipidea/ci.h | 18
drivers/usb/chipidea/udc.c | 10
drivers/usb/class/cdc-acm.c | 13
drivers/usb/core/config.c | 10
drivers/usb/core/hub.c | 60 +-
drivers/usb/core/hub.h | 1
drivers/usb/core/quirks.c | 1
drivers/usb/core/urb.c | 2
drivers/usb/dwc3/core.c | 10
drivers/usb/dwc3/dwc3-meson-g12a.c | 3
drivers/usb/dwc3/dwc3-qcom.c | 7
drivers/usb/dwc3/gadget.c | 14
drivers/usb/early/xhci-dbc.c | 4
drivers/usb/gadget/composite.c | 5
drivers/usb/gadget/configfs.c | 2
drivers/usb/gadget/udc/renesas_usb3.c | 1
drivers/usb/host/xhci-hub.c | 3
drivers/usb/host/xhci-mem.c | 24
drivers/usb/host/xhci-pci-renesas.c | 7
drivers/usb/host/xhci-plat.c | 3
drivers/usb/host/xhci-ring.c | 19
drivers/usb/host/xhci.c | 24
drivers/usb/host/xhci.h | 3
drivers/usb/musb/musb_core.c | 62 +-
drivers/usb/musb/musb_core.h | 11
drivers/usb/musb/musb_debugfs.c | 6
drivers/usb/musb/musb_gadget.c | 30 -
drivers/usb/musb/musb_host.c | 6
drivers/usb/musb/musb_virthub.c | 18
drivers/usb/musb/omap2430.c | 10
drivers/usb/phy/phy-mxs-usb.c | 4
drivers/usb/serial/ftdi_sio.c | 2
drivers/usb/serial/ftdi_sio_ids.h | 3
drivers/usb/serial/option.c | 7
drivers/usb/storage/realtek_cr.c | 2
drivers/usb/storage/unusual_devs.h | 29
drivers/usb/typec/mux/intel_pmc_mux.c | 2
drivers/usb/typec/tcpm/fusb302.c | 8
drivers/usb/typec/ucsi/psy.c | 2
drivers/usb/typec/ucsi/ucsi.c | 1
drivers/usb/typec/ucsi/ucsi.h | 7
drivers/vhost/scsi.c | 4
drivers/vhost/vhost.c | 3
drivers/video/console/vgacon.c | 2
drivers/video/fbdev/imxfb.c | 9
drivers/watchdog/dw_wdt.c | 2
drivers/watchdog/ziirave_wdt.c | 3
drivers/xen/gntdev-common.h | 4
drivers/xen/gntdev.c | 71 +-
fs/btrfs/ctree.h | 2
fs/btrfs/inode.c | 4
fs/btrfs/ioctl.c | 2
fs/btrfs/qgroup.c | 2
fs/btrfs/send.c | 4
fs/btrfs/transaction.c | 2
fs/btrfs/tree-log.c | 53 +
fs/buffer.c | 2
fs/cifs/cifssmb.c | 10
fs/cifs/smb2ops.c | 7
fs/cifs/smbdirect.c | 14
fs/ext4/fsmap.c | 23
fs/ext4/indirect.c | 4
fs/ext4/inline.c | 19
fs/ext4/inode.c | 2
fs/f2fs/f2fs.h | 2
fs/f2fs/inode.c | 28
fs/f2fs/node.c | 10
fs/file.c | 83 +-
fs/hfs/bnode.c | 93 +++
fs/hfsplus/bnode.c | 92 +++
fs/hfsplus/extents.c | 3
fs/hfsplus/unicode.c | 7
fs/hfsplus/xattr.c | 6
fs/hugetlbfs/inode.c | 2
fs/isofs/inode.c | 9
fs/jbd2/checkpoint.c | 1
fs/jfs/file.c | 3
fs/jfs/inode.c | 2
fs/jfs/jfs_dmap.c | 10
fs/libfs.c | 4
fs/namespace.c | 89 ++-
fs/nfs/blocklayout/blocklayout.c | 4
fs/nfs/blocklayout/dev.c | 5
fs/nfs/blocklayout/extent_tree.c | 20
fs/nfs/client.c | 46 +
fs/nfs/export.c | 11
fs/nfs/flexfilelayout/flexfilelayout.c | 32 -
fs/nfs/flexfilelayout/flexfilelayoutdev.c | 6
fs/nfs/inode.c | 6
fs/nfs/internal.h | 10
fs/nfs/nfs4client.c | 15
fs/nfs/nfs4proc.c | 46 -
fs/nfs/pnfs.c | 11
fs/nfsd/nfs4state.c | 34 -
fs/nilfs2/inode.c | 9
fs/orangefs/orangefs-debugfs.c | 8
fs/squashfs/super.c | 14
fs/udf/super.c | 13
include/asm-generic/barrier.h | 33 +
include/linux/blk_types.h | 8
include/linux/compiler.h | 8
include/linux/cpuset.h | 17
include/linux/fs.h | 4
include/linux/fs_context.h | 2
include/linux/if_vlan.h | 6
include/linux/memfd.h | 14
include/linux/minmax.h | 17
include/linux/mm.h | 80 +-
include/linux/mmzone.h | 22
include/linux/moduleparam.h | 5
include/linux/pci.h | 1
include/linux/platform_data/cros_ec_proto.h | 4
include/linux/pps_kernel.h | 1
include/linux/sched/mm.h | 16
include/linux/skbuff.h | 31 +
include/linux/usb/usbnet.h | 1
include/linux/xarray.h | 15
include/net/cfg80211.h | 2
include/net/tc_act/tc_ctinfo.h | 6
include/net/udp.h | 24
include/uapi/linux/in6.h | 4
include/uapi/linux/io_uring.h | 2
include/uapi/linux/mount.h | 3
kernel/cgroup/cpuset.c | 23
kernel/events/core.c | 20
kernel/fork.c | 2
kernel/power/console.c | 7
kernel/rcu/tree_plugin.h | 3
kernel/trace/ftrace.c | 19
kernel/trace/trace.c | 33 -
kernel/trace/trace.h | 8
kernel/trace/trace_events.c | 5
mm/filemap.c | 2
mm/hmm.c | 2
mm/kmemleak.c | 10
mm/madvise.c | 2
mm/memfd.c | 2
mm/mmap.c | 10
mm/page_alloc.c | 13
mm/ptdump.c | 2
mm/shmem.c | 2
mm/slab.h | 5
mm/slob.c | 6
mm/vmalloc.c | 16
mm/zsmalloc.c | 6
net/8021q/vlan.c | 42 +
net/8021q/vlan.h | 1
net/appletalk/aarp.c | 42 +
net/appletalk/ddp.c | 7
net/bluetooth/l2cap_core.c | 26
net/bluetooth/l2cap_sock.c | 3
net/bluetooth/smp.c | 21
net/bluetooth/smp.h | 1
net/bridge/netfilter/nft_reject_bridge.c | 60 --
net/caif/cfctrl.c | 294 ++++------
net/core/filter.c | 3
net/core/netpoll.c | 7
net/hsr/hsr_slave.c | 8
net/ipv4/netfilter/nf_reject_ipv4.c | 4
net/ipv4/route.c | 1
net/ipv4/tcp_input.c | 3
net/ipv4/udp_offload.c | 2
net/ipv6/ip6_offload.c | 4
net/ipv6/netfilter/nf_reject_ipv6.c | 4
net/ipv6/rpl_iptunnel.c | 8
net/ipv6/seg6_hmac.c | 3
net/mac80211/tx.c | 7
net/ncsi/internal.h | 2
net/ncsi/ncsi-rsp.c | 1
net/netfilter/nf_conntrack_netlink.c | 24
net/netfilter/nf_tables_api.c | 4
net/netfilter/nft_reject.c | 12
net/netfilter/nft_reject_inet.c | 68 --
net/netfilter/xt_nfacct.c | 4
net/netlink/af_netlink.c | 2
net/packet/af_packet.c | 39 -
net/phonet/pep.c | 2
net/sched/act_ctinfo.c | 19
net/sched/sch_cake.c | 14
net/sched/sch_codel.c | 5
net/sched/sch_drr.c | 7
net/sched/sch_ets.c | 46 -
net/sched/sch_fq_codel.c | 6
net/sched/sch_hfsc.c | 8
net/sched/sch_htb.c | 19
net/sched/sch_netem.c | 40 +
net/sched/sch_qfq.c | 40 -
net/sctp/input.c | 2
net/tls/tls_sw.c | 13
net/vmw_vsock/af_vsock.c | 3
net/wireless/mlme.c | 3
samples/mei/mei-amt-version.c | 2
scripts/kconfig/gconf.c | 8
scripts/kconfig/lxdialog/inputbox.c | 6
scripts/kconfig/lxdialog/menubox.c | 2
scripts/kconfig/nconf.c | 2
scripts/kconfig/nconf.gui.c | 1
scripts/kconfig/qconf.cc | 2
security/apparmor/include/match.h | 3
security/apparmor/match.c | 1
security/inode.c | 2
sound/core/pcm_native.c | 19
sound/pci/hda/patch_ca0132.c | 7
sound/pci/hda/patch_hdmi.c | 19
sound/pci/hda/patch_realtek.c | 3
sound/pci/intel8x0.c | 2
sound/soc/codecs/hdac_hdmi.c | 10
sound/soc/codecs/rt5640.c | 5
sound/soc/fsl/fsl_sai.c | 30 -
sound/soc/intel/boards/Kconfig | 2
sound/soc/soc-core.c | 3
sound/soc/soc-dai.c | 19
sound/soc/soc-dapm.c | 4
sound/soc/soc-ops.c | 26
sound/usb/mixer_quirks.c | 14
sound/usb/mixer_scarlett_gen2.c | 8
sound/usb/stream.c | 25
sound/usb/validate.c | 14
tools/bpf/bpftool/net.c | 15
tools/include/linux/sched/mm.h | 2
tools/perf/tests/bp_account.c | 1
tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 4
tools/testing/ktest/ktest.pl | 5
tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 28
tools/testing/selftests/ftrace/test.d/ftrace/func-filter-glob.tc | 2
tools/testing/selftests/futex/include/futextest.h | 11
tools/testing/selftests/memfd/memfd_test.c | 43 +
tools/testing/selftests/net/mptcp/Makefile | 3
tools/testing/selftests/net/mptcp/mptcp_connect_mmap.sh | 5
tools/testing/selftests/net/mptcp/pm_netlink.sh | 1
tools/testing/selftests/net/rtnetlink.sh | 6
523 files changed, 4755 insertions(+), 2125 deletions(-)
Aaron Kling (1):
ARM: tegra: Use I/O memcpy to write to IRAM
Abdun Nihaal (1):
staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()
Adam Ford (1):
arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed
Ajish Koshy (1):
scsi: pm80xx: Fix memory leak during rmmod
Al Viro (4):
better lockdep annotations for simple_recursive_removal()
securityfs: don't pin dentries twice, once is enough...
use uniform permission checks for all mount propagation changes
alloc_fdtable(): change calling conventions.
Alessandro Carminati (1):
regulator: core: fix NULL dereference on unbind due to stale coupling data
Alex Guo (2):
media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()
media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
Alexander Gordeev (1):
mm/vmalloc: leave lazy MMU mode on PTE mapping error
Alexander Kochetkov (1):
ARM: rockchip: fix kernel hang during smp initialization
Alexander Wilhelm (1):
bus: mhi: host: Fix endianness of BHI vector table
Alok Tiwari (7):
thunderbolt: Fix bit masking in tb_dp_port_set_hops()
net: emaclite: Fix missing pointer increment in aligned_read()
staging: nvec: Fix incorrect null termination of battery manufacturer
ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4
be2net: Use correct byte order and format string for TCP seq and ack_seq
net: thunderx: Fix format-truncation warning in bgx_acpi_match_id()
gve: Return error for unknown admin queue command
Amir Mohammad Jahangirzad (1):
fs/orangefs: use snprintf() instead of sprintf()
Ammar Faizi (1):
net: usbnet: Fix the wrong netif_carrier_on() call
Anantha Prabhu (1):
RDMA/bnxt_re: Fix to initialize the PBL array
Andreas Dilger (1):
ext4: check fast symlink for ea_inode correctly
Andrew Jeffery (2):
soc: aspeed: lpc-snoop: Cleanup resources in stack-order
soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled
Andrew Lunn (1):
net: appletalk: fix kerneldoc warnings
André Draszik (1):
scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
Andy Shevchenko (2):
mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery
Documentation: ACPI: Fix parent device references
Andy Yan (1):
drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed
Anna Schumaker (1):
NFS: Create an nfs4_server_set_init_caps() function
Annette Kobou (1):
ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface
Anshuman Khandual (1):
mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()
Anthoine Bourgeois (1):
xen/netfront: Fix TX response spurious interrupts
Arnaud Lecomte (1):
jfs: upper bound check of tree index in dbAllocAG
Arnd Bergmann (5):
ethernet: intel: fix building with large NR_CPUS
ASoC: Intel: fix SND_SOC_SOF dependencies
ASoC: ops: dynamically allocate struct snd_ctl_elem_value
caif: reduce stack size, again
RDMA/core: reduce stack using in nldev_stat_get_doit()
Arun Raghavan (1):
ASoC: fsl_sai: Force a software reset when starting in consumer mode
Avraham Stern (1):
wifi: iwlwifi: mvm: fix scan request validation
Balamanikandan Gunasundar (1):
mtd: rawnand: atmel: set pmecc data setup time
Baokun Li (1):
jbd2: prevent softlockup in jbd2_log_do_checkpoint()
Bard Liao (1):
soundwire: stream: restore params when prepare ports fail
Bartosz Golaszewski (2):
gpio: wcd934x: check the return value of regmap_update_bits()
gpio: tps65912: check the return value of regmap_update_bits()
Ben Hutchings (1):
sh: Do not use hyphen in exported variable name
Benjamin Coddington (1):
NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY
Benjamin Tissoires (3):
HID: core: ensure the allocated report buffer can contain the reserved report ID
HID: core: ensure __hid_request reserves the report ID as the first byte
HID: core: do not bypass hid_hw_raw_request
Benson Leung (1):
usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default
Bingbu Cao (1):
media: hi556: correct the test pattern configuration
Bjorn Andersson (1):
soc: qcom: mdt_loader: Ensure we don't read past the ELF header
Brahmajit Das (1):
samples: mei: Fix building on musl libc
Breno Leitao (3):
ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
ipmi: Use dev_warn_ratelimited() for incorrect message warnings
mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock
Brian Masney (5):
rtc: ds1307: fix incorrect maximum clock rate handling
rtc: hym8563: fix incorrect maximum clock rate handling
rtc: pcf85063: fix incorrect maximum clock rate handling
rtc: pcf8563: fix incorrect maximum clock rate handling
rtc: rv3028: fix incorrect maximum clock rate handling
Buday Csaba (1):
net: phy: smsc: add proper reset flags for LAN8710A
Budimir Markovic (1):
vsock: Do not allow binding to VMADDR_PORT_ANY
Bui Quang Minh (1):
virtio-net: ensure the received length does not exceed allocated size
Chao Yu (6):
f2fs: doc: fix wrong quota mount option description
f2fs: fix to avoid UAF in f2fs_sync_inode_meta()
f2fs: fix to avoid panic in f2fs_evict_inode
f2fs: fix to avoid out-of-boundary access in devs.path
f2fs: fix to do sanity check on ino and xnid
f2fs: fix to avoid out-of-boundary access in dnode page
Charles Han (1):
power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set
Cheick Traore (1):
pinctrl: stm32: Manage irq affinity settings
Chen Ni (1):
iio: adc: stm32-adc: Fix race in installing chained IRQ handler
Chen-Yu Tsai (1):
platform/chrome: cros_ec: Use per-device lockdep key
Chenyuan Yang (1):
fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
Christophe JAILLET (1):
uio_hv_generic: Fix another memory leak in error handling paths
Christophe Leroy (1):
ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop
Clément Le Goffic (1):
i2c: stm32: fix the device used for the DMA map
Cong Wang (6):
sch_htb: make htb_qlen_notify() idempotent
sch_drr: make drr_qlen_notify() idempotent
sch_hfsc: make hfsc_qlen_notify() idempotent
sch_qfq: make qfq_qlen_notify() idempotent
codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
sch_htb: make htb_deactivate() idempotent
Corey Minyard (1):
ipmi: Fix strcpy source and destination the same
Cristian Ciocaltea (1):
ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
Cynthia Huang (1):
selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t
Dai Ngo (1):
NFSD: detect mismatch of file handle and delegation stateid in OPEN op
Damien Le Moal (8):
ata: libata-sata: Disallow changing LPM state if not supported
scsi: mpt3sas: Correctly handle ATA device errors
ata: libata-scsi: Fix ata_to_sense_error() status handling
PCI: endpoint: Fix configfs group list head handling
PCI: endpoint: Fix configfs group removal on driver teardown
block: Make REQ_OP_ZONE_FINISH a write operation
ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig
dm: rearrange core declarations for extended use from dm-zone.c
Dan Carpenter (7):
dmaengine: nbpfaxi: Fix memory corruption in probe()
watchdog: ziirave_wdt: check record length in ziirave_firm_verify()
fs/orangefs: Allow 2 more characters in do_c_string()
cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table()
media: gspca: Add bounds checking to firmware parser
scsi: qla4xxx: Prevent a potential error pointer dereference
ALSA: usb-audio: Fix size validation in convert_chmap_v3()
Daniel Dadap (1):
ALSA: hda: Add missing NVIDIA HDA codec IDs
Daniel Vetter (1):
mm: extract might_alloc() debug check
Daniil Dulov (1):
wifi: rtl818x: Kill URBs before clearing tx status queue
Dave Hansen (1):
x86/fpu: Delay instruction pointer fixup until after warning
Dave Stevenson (3):
media: tc358743: Check I2C succeeded during probe
media: tc358743: Return an appropriate colorspace from tc358743_set_fmt
media: tc358743: Increase FIFO trigger level to 374
David Laight (1):
minmax: add umin(a, b) and umax(a, b)
David Lechner (2):
iio: proximity: isl29501: fix buffered read on big-endian systems
iio: adc: ad_sigma_delta: change to buffer predisable
Davide Caratti (2):
net/sched: sch_ets: properly init all active DRR list handles
net/sched: ets: use old 'nbands' while purging unused classes
Dawid Rezler (1):
ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx
Denis OSTERLAND-HEIM (1):
pps: fix poll support
Dennis Chen (1):
i40e: report VF tx_dropped with tx_errors instead of tx_discards
Dikshita Agarwal (1):
media: venus: Add support for SSR trigger using fault injection
Dong Chenchen (1):
net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime
Drew Hamilton (1):
usb: musb: fix gadget state on disconnect
Edson Juliano Drosdeck (1):
mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models
Edward Adam Davis (1):
jfs: Regular file corruption check
Emily Deng (1):
drm/ttm: Should to return the evict error
Eric Biggers (2):
thunderbolt: Fix copy+paste error in match_service_id()
lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap
Eric Dumazet (5):
net_sched: act_ctinfo: use atomic64_t for three counters
pptp: ensure minimal skb length in pptp_xmit()
ipv6: reject malicious packets in ipv6_gso_segment()
pptp: fix pptp_xmit() error path
net_sched: sch_ets: implement lockless ets_dump()
Evgeniy Harchenko (1):
ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6
Fabio Estevam (2):
iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[]
iio: adc: max1363: Reorder mode_list[] entries
Fabio Porcedda (1):
USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition
Fedor Pchelkin (3):
drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value
netfilter: nf_tables: adjust lockdep assertions handling
netlink: avoid infinite retry looping in netlink_unicast()
Feng Tang (1):
mm/page_alloc: detect allocation forbidden by cpuset and bail out early
Filipe Manana (2):
btrfs: fix log tree replay failure due to file with 0 links and extents
btrfs: fix deadlock when cloning inline extents and using qgroups
Finn Thain (2):
m68k: Don't unregister boot console needlessly
m68k: Fix lost column on framebuffer debug console
Florian Westphal (3):
netfilter: xt_nfacct: don't assume acct name is null-terminated
netfilter: ctnetlink: fix refcount leak on table dump
netfilter: nf_reject: don't leak dst refcount for loopback packets
Gal Pressman (1):
net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs
Gautham R. Shenoy (1):
pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()
Geoffrey D. Bennett (1):
ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx()
Giovanni Cabiddu (1):
crypto: qat - fix seq_file position update in adf_ring_next()
Gokul Sivakumar (1):
wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE
Greg Kroah-Hartman (2):
Revert "vmci: Prevent the dispatching of uninitialized payloads"
Linux 5.10.241
Guchun Chen (1):
drm/amdgpu: handle the case of pci_channel_io_frozen only in amdgpu_pci_resume
Gui-Dong Han (1):
media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
Haiyang Zhang (1):
hv_netvsc: Fix panic during namespace deletion with VF
Hans Verkuil (1):
media: v4l2-ctrls: always copy the controls on completion
Hans Zhang (1):
PCI: rockchip-host: Fix "Unexpected Completion" log message
Haoxiang Li (2):
media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init()
ice: Fix a null pointer dereference in ice_copy_and_init_pkg()
Hari Kalavakunta (1):
net: ncsi: Fix buffer overflow in fetching version id
Harry Yoo (1):
mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n
Helge Deller (1):
Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()"
Henry Martin (1):
clk: davinci: Add NULL check in davinci_lpsc_clk_register()
Herbert Xu (1):
crypto: marvell/cesa - Fix engine load inaccuracy
Hongyu Xie (1):
xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS
Horatiu Vultur (1):
phy: mscc: Fix parsing of unicast frames
Hsin-Te Yuan (1):
thermal: sysfs: Return ENODATA instead of EAGAIN for reads
Hyejeong Choi (1):
dma-buf: insert memory barrier before updating num_fences
Ian Abbott (10):
comedi: pcl812: Fix bit shift out of bounds
comedi: aio_iiro_16: Fix bit shift out of bounds
comedi: das16m1: Fix bit shift out of bounds
comedi: das6402: Fix bit shift out of bounds
comedi: Fix some signed shift left operations
comedi: Fix use of uninitialized data in insn_rw_emulate_bits()
comedi: Fix initialization of data for instructions that write to subdevice
comedi: comedi_test: Fix possible deletion of uninitialized timers
comedi: fix race between polling and detaching
comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large
Ido Schimmel (1):
mlxsw: spectrum: Forward packets with an IPv4 link-local source IP
Ilan Peer (1):
wifi: cfg80211: Fix interface type validation
Ilya Bakoulin (1):
drm/amd/display: Separate set_gsl from set_gsl_source_select
Imre Deak (1):
drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS
Ioana Ciornei (3):
dpaa2-mac: split up initializing the MAC object from connecting to it
dpaa2-mac: export MAC counters even when in TYPE_FIXED
dpaa2-eth: retry the probe when the MAC is not yet discovered on the bus
Ivan Stepchenko (1):
mtd: fix possible integer overflow in erase_xfer()
Jacek Kowalski (2):
e1000e: disregard NVM checksum on tgp when valid checksum bit is not set
e1000e: ignore uninitialized checksum word on tgp
Jack Xiao (1):
drm/amdgpu: fix incorrect vm flags to map bo
Jakub Acs (1):
net, hsr: reject HSR frame if skb can't hold tag
Jakub Kicinski (2):
netpoll: prevent hanging NAPI when netcons gets enabled
uapi: in6: restore visibility of most IPv6 socket options
James Smart (1):
scsi: lpfc: Fix link down processing to address NULL pointer dereference
Jan Beulich (1):
compiler: remove __ADDRESSABLE_ASM{_STR,}() again
Jan Kara (2):
isofs: Verify inode mode when loading from disk
udf: Verify partition map count
Jason Wang (1):
vhost: fail early when __vhost_add_used() fails
Jason Xing (1):
ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc
Jay Chen (1):
usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command
Jean-Baptiste Maneyrol (1):
iio: imu: inv_icm42600: change invalid data error to -EBUSY
Jeff Layton (1):
nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
Jian Shen (2):
net: hns3: refine the struct hane3_tc_info
net: hns3: fixed vf get max channels bug
Jiasheng Jiang (2):
iwlwifi: Add missing check for alloc_ordered_workqueue
scsi: lpfc: Remove redundant assignment to avoid memory leak
Jiaxun Yang (1):
MIPS: mm: tlb-r4k: Uniquify TLB entries on init
Jiayi Li (2):
ACPI: processor: perflib: Fix initial _PPC limit application
memstick: Fix deadlock by moving removing flag earlier
Jiayuan Chen (1):
bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls
Jimmy Assarsson (2):
can: kvaser_pciefd: Store device channel index
can: kvaser_usb: Assign netdev.dev_port based on device channel index
Johan Adolfsson (1):
leds: leds-lp50xx: Handle reg to get correct multi_index
Johan Hovold (8):
net: gianfar: fix device leak when querying time stamp info
net: dpaa: fix device leak when querying time stamp info
usb: gadget: udc: renesas_usb3: fix device leak at unbind
usb: dwc3: meson-g12a: fix device leaks at unbind
wifi: ath11k: fix source ring-buffer corruption
USB: cdc-acm: do not log successful probe on later errors
usb: musb: omap2430: fix device leak at unbind
wifi: ath11k: fix dest ring-buffer corruption when ring is full
Johan Korsnes (1):
arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX
Johannes Berg (1):
wifi: cfg80211: reject HTC bit for management frames
John Ernberg (1):
net: usbnet: Avoid potential RCU stall on LINK_CHANGE event
John Garry (2):
scsi: aacraid: Stop using PCI_IRQ_AFFINITY
block: avoid possible overflow for chunk_sectors check in blk_stack_limits()
Jon Hunter (1):
soc/tegra: pmc: Ensure power-domains are in a known state
Jonas Rebmann (1):
net: fec: allow disable coalescing
Jonathan Cameron (1):
iio: light: as73211: Ensure buffer holes are zeroed
Jonathan Santos (1):
iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement
Jorge Ramirez-Ortiz (2):
media: venus: hfi: explicitly release IRQ during teardown
media: venus: protect against spurious interrupts during probe
Jose M. Guisado Gomez (1):
netfilter: nft_reject: unify reject init and dump into nft_reject
Judith Mendez (1):
mmc: sdhci_am654: Workaround for Errata i2312
Juergen Gross (1):
xen/gntdev: remove struct gntdev_copy_batch from stack
Justin Tee (1):
scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
Kees Cook (3):
arm64: Handle KCOV __init vs inline mismatches
platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches
iommu/amd: Avoid stack buffer overflow from kernel cmdline
Kefeng Wang (1):
asm-generic: Add memory barrier dma_mb()
Kito Xu (veritas501) (1):
net: appletalk: Fix use-after-free in AARP proxy probe
Krishna Kurapati (1):
usb: dwc3: qcom: Don't leave BCR asserted
Krzysztof Kozlowski (1):
ARM: dts: vfxxx: Correctly use two tuples for timer address
Kuen-Han Tsai (1):
usb: dwc3: Ignore late xferNotReady event to prevent halt timeout
Kuninori Morimoto (3):
ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask()
ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed
ASoC: soc-dai.c: add missing flag check at snd_soc_pcm_dai_probe()
Kuniyuki Iwashima (2):
rpl: Fix use-after-free in rpl_do_srh_inline().
Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()
Laurentiu Mihalcea (1):
pwm: imx-tpm: Reset counter if CMOD is 0
Len Brown (1):
intel_idle: Allow loading ACPI tables for any family
Leo Yan (1):
perf tests bp_account: Fix leaked file descriptor
Leon Romanovsky (1):
RDMA/rxe: Return CQE error if invalid lkey was supplied
Li Zhong (1):
ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value
Lifeng Zheng (4):
cpufreq: Initialize cpufreq-based frequency-invariance later
cpufreq: Init policy->rwsem before it may be possibly used
cpufreq: Exit governor when failed to start old governor
PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store()
Lin.Cao (1):
drm/sched: Remove optimization that causes hang when killing dependent jobs
Lizhi Xu (2):
vmci: Prevent the dispatching of uninitialized payloads
jfs: truncate good inode pages when hard link is 0
Lorenzo Stoakes (4):
mm: drop the assumption that VM_SHARED always implies writable
mm: update memfd seal write check to include F_SEAL_WRITE
mm: reinstate ability to map write-sealed memfd mappings read-only
selftests/memfd: add test for mapping write-sealed memfd read-only
Lucas De Marchi (1):
usb: early: xhci-dbc: Fix early_ioremap leak
Lucy Thrun (1):
ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
Ludwig Disterhof (1):
media: usbtv: Lock resolution while streaming
Luiz Augusto von Dentz (3):
Bluetooth: SMP: If an unallowed command is received consider it a failure
Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout
Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU
Lukas Wunner (1):
PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
Ma Ke (2):
sunvdc: Balance device refcount in vdc_port_mpgroup_check
dpaa2-eth: Fix device reference count leak in MAC endpoint handling
Maciej W. Rozycki (1):
powerpc/eeh: Rely on dev->link_active_reporting
Mael GUERIN (1):
USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera
Maor Gottlieb (1):
RDMA/core: Rate limit GID cache warning messages
Marco Elver (1):
locking/barriers, kcsan: Support generic instrumentation
Marek Szyprowski (1):
zynq_fpga: use sgtable-based scatterlist wrappers
Marek Vasut (1):
usb: renesas-xhci: Fix External ROM access timeouts
Mario Limonciello (3):
usb: xhci: Avoid showing warnings for dying controller
usb: xhci: Avoid showing errors during surprise removal
drm/amd: Restore cached power limit during resume
Marius Zachmann (1):
hwmon: (corsair-cpro) Validate the size of the received input buffer
Mark Brown (1):
ASoC: hdac_hdmi: Rate limit logging on connection and disconnection
Martin Kaistra (1):
wifi: rtl8xxxu: Fix RX skb size for aggregation disabled
Masahiro Yamada (3):
kconfig: qconf: fix ConfigList::updateListAllforAll()
kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed()
kconfig: gconf: fix potential memory leak in renderer_edited()
Masami Hiramatsu (Google) (1):
selftests: tracing: Use mutex_unlock for testing glob filter
Mathias Nyman (5):
usb: hub: fix detection of high tier USB3 devices behind suspended hubs
usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm
usb: hub: Fix flushing of delayed work used for post resume purposes
usb: hub: avoid warm port reset during USB3 disconnect
usb: hub: Don't try to recover devices lost during warm reset.
Matthew Wilcox (Oracle) (1):
XArray: Add calls to might_alloc()
Matthieu Baerts (NGI0) (2):
selftests: mptcp: connect: also cover alt modes
selftests: mptcp: pm: check flush doesn't reset limits
Maulik Shah (1):
pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov
Mauro Carvalho Chehab (1):
media: venus: don't de-reference NULL pointers at IRQ time
Meagan Lloyd (2):
rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
Meng Li (1):
usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock
Mengbiao Xiong (1):
crypto: ccp - Fix crash when rebind ccp device for ccp.ko
Miao Li (1):
usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive
Miaohe Lin (1):
mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage()
Miaoqian Lin (1):
most: core: Drop device reference after usage in get_channel()
Michael Zhivich (1):
x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode()
Michal Schmidt (1):
benet: fix BUG when creating VFs
Mike Christie (1):
vhost-scsi: Fix log flooding with target does not exist errors
Mikulas Patocka (1):
dm-mpath: don't print the "loaded" message if registering fails
Mina Almasry (1):
netmem: fix skb_frag_address_safe with unreadable skbs
Ming Lei (2):
block: don't call rq_qos_ops->done_bio if the bio isn't tracked
dm rq: don't queue request to blk-mq during DM suspend
Minhong He (1):
ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add
Myrrh Periwinkle (3):
usb: typec: ucsi: Update power_supply on power role change
vt: keyboard: Don't process Unicode characters in K_OFF mode
vt: defkeymap: Map keycodes above 127 to K_HOLE
Nathan Chancellor (5):
phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept()
memstick: core: Zero initialize id_reg in h_memstick_read_dev_id()
usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init()
wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table()
ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS
Niklas Söderlund (1):
gpio: rcar: Use raw_spinlock to protect register access
Nilton Perim Neto (1):
Input: xpad - set correct controller type for Acer NGR200
Ojaswin Mujoo (2):
ext4: fix fsmap end of range reporting with bigalloc
ext4: fix reserved gdt blocks handling in fsmap
Olga Kornievskaia (1):
NFSv4.2: another fix for listxattr
Oliver Neukum (3):
usb: net: sierra: check for no status endpoint
usb: core: usb_submit_urb: downgrade type check
cdc-acm: fix race between initial clearing halt and open
Oscar Maes (1):
net: ipv4: fix incorrect MTU in broadcast routes
Ovidiu Panait (1):
hwrng: mtk - handle devm_pm_runtime_enable errors
Pablo Neira Ayuso (1):
netfilter: nft_reject_inet: allow to use reject from inet ingress
Pagadala Yesu Anjaneyulu (1):
wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect
Pali Rohár (1):
cifs: Fix calling CIFSFindFirst() for root path without msearch
Paul Cercueil (1):
usb: musb: Add and use inline functions musb_{get,set}_state
Paul Chaignon (1):
bpf: Check flow_dissector ctx accesses are aligned
Paul E. McKenney (1):
rcu: Protect ->defer_qs_iw_pending from data race
Paul Kocialkowski (1):
clk: sunxi-ng: v3s: Fix de clock definition
Pavel Begunkov (1):
io_uring: don't use int for ABI
Pavel Tikhomirov (1):
move_mount: allow to add a mount into an existing group
Pawan Gupta (1):
x86/bugs: Avoid warning when overriding return thunk
Peter Oberparleiter (2):
s390/hypfs: Avoid unnecessary ioctl registration in debugfs
s390/hypfs: Enable limited access during lockdown
Peter Robinson (1):
reset: brcmstb: Enable reset drivers for ARCH_BCM2835
Peter Ujfalusi (1):
ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
Petr Pavlu (1):
module: Restore the moduleparam prefix length check
Phillip Lougher (1):
squashfs: fix memory leak in squashfs_fill_super
Prashant Malani (1):
cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag
Praveen Kaligineedi (1):
gve: Fix stuck TX queue for DQ queue format
Pu Lehui (1):
tracing: Limit access to parser->buffer when trace_get_user failed
Purva Yeshi (1):
md: dm-zoned-target: Initialize return variable r to avoid uninitialized use
Qu Wenruo (1):
btrfs: populate otime when logging an inode item
Quang Le (1):
net/packet: fix a race in packet_set_ring() and packet_notifier()
Rafael J. Wysocki (3):
ACPI: processor: perflib: Move problematic pr->performance check
cpuidle: governors: menu: Avoid using invalid recent intervals data
PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit()
Rand Deeb (1):
wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()
Randy Dunlap (1):
parisc: Makefile: fix a typo in palo.conf
Ranjan Kumar (1):
scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
Remi Pommarel (2):
wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key()
Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()"
Ricardo Ribalda (2):
media: uvcvideo: Do not mark valid metadata as invalid
media: venus: vdec: Clamp param smaller than 1fps and bigger than 240.
Ricky Wu (1):
misc: rtsx: usb: Ensure mmc child device is active when card is present
RubenKelevra (1):
fs_context: fix parameter name in infofc() macro
Ryan Lee (1):
apparmor: ensure WB_HISTORY_SIZE value is a power of 2
Ryan Mann (NDI) (1):
USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI
Ryusuke Konishi (1):
nilfs2: reject invalid file types when reading inodes
Sabrina Dubroca (1):
udp: also consider secpath when evaluating ipsec use for checksumming
Sakari Ailus (1):
media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free()
Salah Triki (1):
iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe()
Sarah Newman (1):
drbd: add missing kref_get in handle_write_conflicts
Sarthak Garg (1):
mmc: sdhci-msm: Ensure SD card power isn't ON when card removed
Sasha Levin (1):
fs: Prevent file descriptor table allocations exceeding INT_MAX
Sebastian Ott (1):
ACPI: processor: fix acpi_object initialization
Sebastian Reichel (2):
watchdog: dw_wdt: Fix default timeout
usb: typec: fusb302: cache PD RX state
Sergey Bashirov (4):
pNFS: Fix stripe mapping in block/scsi layout
pNFS: Fix disk addr range check in block/scsi layout
pNFS: Handle RPC size limit for layoutcommits
pNFS: Fix uninited ptr deref in block/scsi layout
Sergey Senozhatsky (1):
wifi: ath11k: clear initialized flag for deinit-ed srng lists
Seunghui Lee (1):
scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume
Shankari Anand (1):
kconfig: nconf: Ensure null termination where strncpy is used
Shengjiu Wang (1):
ASoC: fsl_sai: replace regmap_write with regmap_update_bits
Shiji Yang (1):
MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free}
Showrya M N (1):
scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
Slark Xiao (2):
USB: serial: option: add Foxconn T99W640
USB: serial: option: add Foxconn T99W709
Stanislav Fomichev (1):
vrf: Drop existing dst reference in vrf_ip6_input_dst
Stanislaw Gruszka (1):
wifi: iwlegacy: Check rate_idx range after addition
Stefan Metzmacher (1):
smb: client: let recv_done() cleanup before notifying the callers.
Steven Rostedt (5):
selftests/tracing: Fix false failure of subsystem event test
ktest.pl: Prevent recursion of default variable options
ftrace: Also allocate and copy hash for reading of filter files
tracing: Add down_write(trace_event_sem) when adding trace event
tracing: Remove unneeded goto out logic
Su Hui (1):
usb: xhci: print xhci->xhc_state when queue_command failed
Suchit Karunakaran (1):
kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c
Sven Schnelle (2):
s390/time: Use monotonic clock in get_cycles()
s390/stp: Remove udelay from stp_sync_clock()
Takashi Iwai (4):
ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out()
ALSA: usb-audio: Validate UAC3 power domain descriptors, too
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation
Tao Xue (1):
usb: gadget : fix use-after-free in composite_dev_cleanup()
Tetsuo Handa (1):
hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
Theodore Ts'o (1):
ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
Thomas Fourier (17):
pch_uart: Fix dma_sync_sg_for_device() nents value
mmc: bcm2835: Fix dma_unmap_sg() nents value
mwl8k: Add missing check after DMA map
crypto: inside-secure - Fix `dma_unmap_sg()` nents value
scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value
scsi: mvsas: Fix dma_unmap_sg() nents value
scsi: isci: Fix dma_unmap_sg() nents value
crypto: img-hash - Fix dma_unmap_sg() nents value
dmaengine: mv_xor: Fix missing check after DMA map and missing unmap
dmaengine: nbpfaxi: Add missing check after DMA map
mtd: rawnand: atmel: Fix dma_mapping_error() address
et131x: Add missing check after DMA map
net: ag71xx: Add missing check after DMA map
(powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer
wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`.
wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc()
mtd: rawnand: fsmc: Add missing check after DMA map
Thomas Gleixner (3):
perf/core: Don't leak AUX buffer refcount on allocation failure
perf/core: Exit early on perf_mmap() fail
perf/core: Prevent VMA split of buffer mappings
Thomas Weißschuh (2):
MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
kbuild: userprogs: use correct linker when mixing clang and GNU ld
Thorsten Blum (1):
usb: storage: realtek_cr: Use correct byte order for bcs->Residue
Tigran Mkrtchyan (1):
pNFS/flexfiles: don't attempt pnfs on fatal DS errors
Tim Harvey (1):
hwmon: (gsc-hwmon) fix fan pwm setpoint show functions
Timothy Pearson (5):
PCI: pnv_php: Clean up allocated IRQs on unplug
PCI: pnv_php: Work around switches with broken presence detection
powerpc/eeh: Export eeh_unfreeze_pe()
powerpc/eeh: Make EEH driver device hotplug safe
PCI: pnv_php: Fix surprise plug detection and recovery
Timur Kristóf (5):
drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3
drm/amd/display: Fix DP audio DTO1 clock source on DCE 6.
drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs
drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs
drm/amd/display: Don't overclock DCE 6 by 15%
Tomasz Michalec (2):
usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present
platform/chrome: cros_ec_typec: Defer probe on missing EC parent
Trond Myklebust (5):
pNFS/flexfiles: Avoid spurious layout returns in ff_layout_choose_ds_for_read
NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
NFS: Don't set NFS_INO_REVAL_PAGECACHE in the inode cache validity
NFSv4: Fix nfs4_bitmap_copy_adjust()
NFS: Fix the setting of capabilities when automounting a new filesystem
Tzung-Bi Shih (2):
platform/chrome: cros_ec: remove unneeded label and if-condition
platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister()
Ulf Hansson (1):
mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()
Uwe Kleine-König (4):
platform/chrome: cros_ec: Make cros_ec_unregister() return void
pwm: mediatek: Implement .apply() callback
pwm: mediatek: Handle hardware enable and clock enable separately
pwm: mediatek: Fix duty and period setting
Vedang Nagar (1):
media: venus: Add a check for packet size after reading from shared memory
Viacheslav Dubeyko (4):
hfs: fix slab-out-of-bounds in hfs_bnode_read()
hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
hfs: fix not erasing deleted b-tree node issue
Victor Shih (1):
mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency
Vladimir Zapolskiy (1):
media: qcom: camss: cleanup media device allocated resource on error path
Waiman Long (2):
mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup()
cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key
Wang Liang (1):
net: drop UFO packets in udp_rcv_segment()
Wang Zhaolong (1):
smb: client: fix use-after-free in crypt_message when using async crypto
Wayne Chang (1):
phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode
Weitao Wang (1):
usb: xhci: Fix slot_id resource race conflict
Wen Chen (1):
drm/amd/display: Fix 'failed to blank crtc!'
Wesley Cheng (1):
usb: dwc3: Remove DWC3 locking during gadget suspend/resume
William Liu (4):
net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree
net/sched: Restrict conditions for adding duplicating netems to qdisc tree
net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate
Wolfram Sang (3):
media: usb: hdpvr: disable zero-length read messages
i3c: add missing include to internal header
i3c: don't fail if GETHDRCAP is unsupported
Xiang Mei (2):
net/sched: sch_qfq: Fix race condition on qfq_aggregate
net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class
Xin Long (1):
sctp: linearize cloned gso packets in sctp_rcv
Xinxin Wan (1):
ASoC: codecs: rt5640: Retry DEVICE_ID verification
Xinyu Liu (2):
usb: gadget: configfs: Fix OOB read on empty string write
usb: core: config: Prevent OOB read in SS endpoint companion parsing
Xiu Jianfeng (1):
wifi: iwlwifi: Fix memory leak in iwl_mvm_init()
Xiumei Mu (1):
selftests: rtnetlink.sh: remove esp4_offload after test
Xu Yang (2):
usb: chipidea: add USB PHY event
usb: phy: mxs: disconnect line when USB charger is attached
Xu Yilun (1):
fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable()
Yajun Deng (1):
i40e: Add rx_missed_errors for buffer exhaustion
Yang Xiwen (1):
i2c: qup: jump out of the loop in case of timeout
Yang Yingliang (1):
ptp: Fix possible memory leak in ptp_clock_register()
Yangtao Li (1):
hfsplus: remove mutex_lock check in hfsplus_free_extents
Yann E. MORIN (1):
kconfig: lxdialog: fix 'space' to (de)select options
Yazen Ghannam (1):
x86/mce/amd: Add default names for MCA banks and blocks
Ye Bin (1):
fs/buffer: fix use-after-free when call bh_read() helper
Youngjun Lee (1):
media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
Yuan Chen (2):
bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure
pinctrl: sunxi: Fix memory leak on krealloc failure
Yun Lu (2):
af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd()
af_packet: fix soft lockup issue caused by tpacket_snd()
Yunhui Cui (1):
serial: 8250: fix panic due to PSLVERR
Yury Norov [NVIDIA] (1):
RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
Zenm Chen (1):
USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles
Zhang Lixu (1):
iio: hid-sensor-prox: Fix incorrect OFFSET calculation
Zhang Shurong (1):
media: ov2659: Fix memory leaks in ov2659_probe()
Zhang Yi (1):
ext4: fix hole length calculation overflow in non-extent inodes
Zheng Yu (1):
jfs: fix metapage reference count leak in dbAllocCtl
chenchangcheng (1):
media: uvcvideo: Fix bandwidth issue for Alcor camera
fangzhong.zhou (1):
i2c: Force DLL0945 touchpad i2c freq to 100khz
jackysliu (1):
scsi: bfa: Double-free fix
tuhaowen (1):
PM: sleep: console: Fix the black screen issue
xin.guo (1):
tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range
Álvaro Fernández Rojas (4):
net: dsa: b53: fix b53_imp_vlan_setup for BCM5325
net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325
net: dsa: b53: prevent SWITCH_CTRL access on BCM5325
net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325
2 weeks, 1 day
- 1
- 1
Linux 5.4.297
by Greg Kroah-Hartman
I'm announcing the release of the 5.4.297 kernel.
All users of the 5.4 kernel series must upgrade.
The updated 5.4.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/firmware-guide/acpi/i2c-muxes.rst | 8
Makefile | 5
arch/arm/Makefile | 2
arch/arm/boot/dts/imx6ul-kontron-n6310-s.dts | 1
arch/arm/boot/dts/vfxxx.dtsi | 2
arch/arm/mach-rockchip/platsmp.c | 15
arch/arm/mach-tegra/reset.c | 2
arch/arm64/include/asm/acpi.h | 2
arch/m68k/Kconfig.debug | 2
arch/m68k/kernel/early_printk.c | 42 -
arch/m68k/kernel/head.S | 39 -
arch/mips/Makefile | 2
arch/mips/include/asm/vpe.h | 8
arch/mips/kernel/process.c | 16
arch/mips/mm/tlb-r4k.c | 56 +
arch/parisc/Makefile | 2
arch/powerpc/configs/ppc6xx_defconfig | 1
arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6
arch/s390/hypfs/hypfs_dbfs.c | 19
arch/s390/include/asm/timex.h | 13
arch/s390/kernel/time.c | 2
arch/x86/kernel/cpu/mce/amd.c | 13
arch/x86/mm/extable.c | 5
drivers/acpi/acpi_processor.c | 2
drivers/acpi/apei/ghes.c | 2
drivers/acpi/processor_idle.c | 4
drivers/acpi/processor_perflib.c | 11
drivers/ata/Kconfig | 35 -
drivers/ata/libata-scsi.c | 20
drivers/base/power/domain_governor.c | 18
drivers/base/power/runtime.c | 5
drivers/block/drbd/drbd_receiver.c | 6
drivers/block/sunvdc.c | 4
drivers/char/hw_random/mtk-rng.c | 4
drivers/char/ipmi/ipmi_msghandler.c | 8
drivers/char/ipmi/ipmi_watchdog.c | 59 +-
drivers/clk/davinci/psc.c | 5
drivers/clk/sunxi-ng/ccu-sun8i-v3s.c | 3
drivers/cpufreq/armada-8k-cpufreq.c | 2
drivers/cpufreq/cpufreq.c | 11
drivers/crypto/ccp/ccp-debugfs.c | 3
drivers/crypto/img-hash.c | 2
drivers/crypto/marvell/cipher.c | 4
drivers/crypto/marvell/hash.c | 5
drivers/crypto/qat/qat_common/adf_transport_debug.c | 4
drivers/dma/mv_xor.c | 21
drivers/dma/nbpfaxi.c | 24
drivers/fpga/zynq-fpga.c | 10
drivers/gpio/gpio-tps65912.c | 7
drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4
drivers/gpu/drm/amd/display/dc/bios/command_table.c | 2
drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 30 -
drivers/gpu/drm/amd/powerplay/hwmgr/smu_helper.c | 2
drivers/gpu/drm/drm_dp_helper.c | 2
drivers/gpu/drm/scheduler/sched_entity.c | 23
drivers/hid/hid-core.c | 19
drivers/i2c/busses/i2c-qup.c | 4
drivers/i2c/busses/i2c-stm32.c | 8
drivers/i2c/busses/i2c-stm32f7.c | 4
drivers/i3c/internals.h | 1
drivers/i3c/master.c | 2
drivers/iio/adc/max1363.c | 43 -
drivers/iio/adc/stm32-adc-core.c | 7
drivers/iio/light/hid-sensor-prox.c | 3
drivers/iio/proximity/isl29501.c | 16
drivers/infiniband/core/cache.c | 4
drivers/infiniband/hw/hfi1/affinity.c | 44 -
drivers/input/joystick/xpad.c | 2
drivers/media/dvb-frontends/dib7000p.c | 8
drivers/media/i2c/ov2659.c | 3
drivers/media/i2c/tc358743.c | 86 +-
drivers/media/platform/qcom/camss/camss.c | 4
drivers/media/platform/qcom/venus/core.c | 8
drivers/media/platform/qcom/venus/core.h | 2
drivers/media/platform/qcom/venus/hfi_venus.c | 5
drivers/media/platform/qcom/venus/vdec.c | 5
drivers/media/usb/gspca/vicam.c | 10
drivers/media/usb/hdpvr/hdpvr-i2c.c | 6
drivers/media/usb/rainshadow-cec/rainshadow-cec.c | 3
drivers/media/usb/usbtv/usbtv-video.c | 4
drivers/media/usb/uvc/uvc_driver.c | 3
drivers/media/usb/uvc/uvc_video.c | 21
drivers/media/v4l2-core/v4l2-ctrls.c | 37 +
drivers/memstick/core/memstick.c | 3
drivers/memstick/host/rtsx_usb_ms.c | 1
drivers/misc/cardreader/rtsx_usb.c | 16
drivers/mmc/host/bcm2835.c | 3
drivers/mmc/host/rtsx_usb_sdmmc.c | 4
drivers/mmc/host/sdhci-pci-core.c | 3
drivers/mmc/host/sdhci_am654.c | 9
drivers/mtd/ftl.c | 2
drivers/mtd/nand/raw/atmel/nand-controller.c | 2
drivers/mtd/nand/raw/atmel/pmecc.c | 6
drivers/mtd/nand/raw/fsmc_nand.c | 2
drivers/net/can/kvaser_pciefd.c | 1
drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1
drivers/net/dsa/b53/b53_common.c | 33 -
drivers/net/dsa/b53/b53_regs.h | 1
drivers/net/ethernet/agere/et131x.c | 36 +
drivers/net/ethernet/atheros/ag71xx.c | 9
drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4
drivers/net/ethernet/emulex/benet/be_cmds.c | 2
drivers/net/ethernet/emulex/benet/be_main.c | 8
drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4
drivers/net/ethernet/freescale/fec_main.c | 34 -
drivers/net/ethernet/freescale/gianfar_ethtool.c | 4
drivers/net/ethernet/intel/fm10k/fm10k.h | 3
drivers/net/ethernet/intel/i40e/i40e.h | 2
drivers/net/ethernet/intel/ice/ice_flex_pipe.c | 2
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 3
drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4
drivers/net/ethernet/xilinx/xilinx_emaclite.c | 2
drivers/net/phy/smsc.c | 1
drivers/net/ppp/pptp.c | 18
drivers/net/usb/sierra_net.c | 4
drivers/net/usb/usbnet.c | 11
drivers/net/virtio_net.c | 38 +
drivers/net/vrf.c | 2
drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 8
drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2
drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5
drivers/net/wireless/intel/iwlwifi/dvm/main.c | 11
drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7
drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 4
drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2
drivers/net/wireless/marvell/mwl8k.c | 4
drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 3
drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 2
drivers/net/wireless/realtek/rtlwifi/pci.c | 18
drivers/pci/controller/pcie-rockchip-host.c | 2
drivers/pci/endpoint/pci-ep-cfs.c | 1
drivers/pci/endpoint/pci-epf-core.c | 2
drivers/pci/hotplug/pnv_php.c | 90 ++-
drivers/pci/pci-acpi.c | 4
drivers/pci/pci.c | 8
drivers/pci/probe.c | 2
drivers/pinctrl/stm32/pinctrl-stm32.c | 1
drivers/pinctrl/sunxi/pinctrl-sunxi.c | 11
drivers/platform/x86/thinkpad_acpi.c | 4
drivers/power/supply/bq24190_charger.c | 60 --
drivers/power/supply/max14577_charger.c | 4
drivers/pps/pps.c | 11
drivers/pwm/pwm-imx-tpm.c | 9
drivers/pwm/pwm-mediatek.c | 78 +-
drivers/regulator/core.c | 1
drivers/rtc/rtc-ds1307.c | 17
drivers/rtc/rtc-hym8563.c | 2
drivers/rtc/rtc-pcf8563.c | 2
drivers/scsi/aacraid/comminit.c | 3
drivers/scsi/bfa/bfad_im.c | 1
drivers/scsi/ibmvscsi_tgt/libsrp.c | 6
drivers/scsi/isci/request.c | 2
drivers/scsi/libiscsi.c | 3
drivers/scsi/lpfc/lpfc_debugfs.c | 1
drivers/scsi/lpfc/lpfc_scsi.c | 4
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19
drivers/scsi/mvsas/mv_sas.c | 4
drivers/scsi/qla4xxx/ql4_os.c | 2
drivers/scsi/scsi_scan.c | 2
drivers/scsi/scsi_transport_sas.c | 60 +-
drivers/soc/aspeed/aspeed-lpc-snoop.c | 13
drivers/soc/qcom/mdt_loader.c | 41 +
drivers/soc/tegra/pmc.c | 51 -
drivers/soundwire/stream.c | 2
drivers/staging/comedi/comedi_compat32.c | 3
drivers/staging/comedi/comedi_fops.c | 58 +
drivers/staging/comedi/comedi_internal.h | 1
drivers/staging/comedi/drivers.c | 30 -
drivers/staging/comedi/drivers/aio_iiro_16.c | 3
drivers/staging/comedi/drivers/comedi_test.c | 2
drivers/staging/comedi/drivers/das16m1.c | 3
drivers/staging/comedi/drivers/das6402.c | 3
drivers/staging/comedi/drivers/pcl812.c | 3
drivers/staging/fbtft/fbtft-core.c | 1
drivers/staging/media/imx/imx-media-csc-scaler.c | 2
drivers/staging/nvec/nvec_power.c | 2
drivers/thermal/thermal_sysfs.c | 9
drivers/thunderbolt/domain.c | 2
drivers/tty/serial/8250/8250_port.c | 3
drivers/tty/serial/pch_uart.c | 2
drivers/tty/vt/defkeymap.c_shipped | 112 +++
drivers/tty/vt/keyboard.c | 2
drivers/usb/atm/cxacru.c | 106 +--
drivers/usb/chipidea/ci.h | 18
drivers/usb/chipidea/udc.c | 89 +--
drivers/usb/class/cdc-acm.c | 13
drivers/usb/core/hub.c | 67 ++
drivers/usb/core/quirks.c | 1
drivers/usb/core/urb.c | 2
drivers/usb/dwc3/dwc3-meson-g12a.c | 3
drivers/usb/dwc3/dwc3-qcom.c | 8
drivers/usb/dwc3/gadget.c | 9
drivers/usb/early/xhci-dbc.c | 4
drivers/usb/gadget/composite.c | 5
drivers/usb/gadget/configfs.c | 2
drivers/usb/gadget/udc/renesas_usb3.c | 1
drivers/usb/host/xhci-hub.c | 3
drivers/usb/host/xhci-mem.c | 24
drivers/usb/host/xhci-plat.c | 3
drivers/usb/host/xhci-ring.c | 19
drivers/usb/host/xhci.c | 24
drivers/usb/host/xhci.h | 3
drivers/usb/musb/musb_gadget.c | 2
drivers/usb/musb/omap2430.c | 10
drivers/usb/phy/phy-mxs-usb.c | 4
drivers/usb/serial/ftdi_sio.c | 2
drivers/usb/serial/ftdi_sio_ids.h | 3
drivers/usb/serial/option.c | 7
drivers/usb/storage/realtek_cr.c | 2
drivers/usb/storage/unusual_devs.h | 29
drivers/usb/typec/tcpm/fusb302.c | 8
drivers/vhost/vhost.c | 3
drivers/video/console/vgacon.c | 2
drivers/video/fbdev/imxfb.c | 9
drivers/watchdog/dw_wdt.c | 2
drivers/watchdog/ziirave_wdt.c | 3
fs/btrfs/tree-log.c | 53 +
fs/buffer.c | 2
fs/cifs/cifsglob.h | 1
fs/cifs/cifssmb.c | 10
fs/cifs/smbdirect.c | 14
fs/cifs/transport.c | 34 -
fs/ext4/fsmap.c | 23
fs/ext4/inline.c | 19
fs/ext4/inode.c | 2
fs/f2fs/f2fs.h | 2
fs/f2fs/inode.c | 28
fs/f2fs/node.c | 10
fs/file.c | 81 +-
fs/hfs/bnode.c | 93 +++
fs/hfsplus/bnode.c | 92 +++
fs/hfsplus/extents.c | 3
fs/hfsplus/unicode.c | 7
fs/hfsplus/xattr.c | 6
fs/hugetlbfs/inode.c | 2
fs/isofs/inode.c | 9
fs/jbd2/checkpoint.c | 1
fs/jfs/file.c | 3
fs/jfs/inode.c | 2
fs/jfs/jfs_dmap.c | 10
fs/namespace.c | 89 ++-
fs/nfs/blocklayout/blocklayout.c | 4
fs/nfs/blocklayout/dev.c | 5
fs/nfs/blocklayout/extent_tree.c | 20
fs/nfs/client.c | 44 +
fs/nfs/direct.c | 13
fs/nfs/export.c | 11
fs/nfs/inode.c | 6
fs/nfs/internal.h | 1
fs/nfs/nfs4client.c | 13
fs/nfs/nfs4proc.c | 35 -
fs/nfs/pnfs.c | 11
fs/nfs/write.c | 11
fs/nfsd/nfs4state.c | 34 -
fs/nilfs2/inode.c | 9
fs/orangefs/orangefs-debugfs.c | 8
fs/squashfs/super.c | 14
fs/udf/super.c | 13
include/linux/fs.h | 4
include/linux/if_vlan.h | 6
include/linux/mm.h | 26
include/linux/moduleparam.h | 5
include/linux/nfs_fs.h | 2
include/linux/pci.h | 1
include/linux/pps_kernel.h | 1
include/linux/skbuff.h | 31 +
include/linux/usb/chipidea.h | 1
include/linux/usb/usbnet.h | 1
include/net/act_api.h | 25
include/net/cfg80211.h | 2
include/net/sch_generic.h | 13
include/net/udp.h | 24
include/uapi/linux/in6.h | 4
include/uapi/linux/io_uring.h | 2
include/uapi/linux/mount.h | 3
kernel/events/core.c | 20
kernel/fork.c | 2
kernel/power/console.c | 7
kernel/rcu/tree_plugin.h | 3
kernel/trace/ftrace.c | 19
kernel/trace/trace_events.c | 5
mm/filemap.c | 2
mm/hmm.c | 2
mm/kmemleak.c | 120 ++--
mm/madvise.c | 2
mm/mmap.c | 26
mm/shmem.c | 2
mm/zsmalloc.c | 6
net/8021q/vlan.c | 42 +
net/8021q/vlan.h | 1
net/appletalk/aarp.c | 42 +
net/appletalk/ddp.c | 7
net/bluetooth/hci_sysfs.c | 15
net/bluetooth/l2cap_core.c | 26
net/bluetooth/l2cap_sock.c | 3
net/bluetooth/smp.c | 21
net/bluetooth/smp.h | 1
net/caif/cfctrl.c | 294 ++++------
net/core/filter.c | 3
net/core/netpoll.c | 7
net/ipv4/route.c | 1
net/ipv4/tcp_input.c | 3
net/ipv4/udp_offload.c | 2
net/ipv6/ip6_offload.c | 4
net/ipv6/seg6_hmac.c | 3
net/mac80211/tx.c | 1
net/ncsi/internal.h | 2
net/ncsi/ncsi-rsp.c | 1
net/netfilter/nf_conntrack_netlink.c | 24
net/netfilter/nf_tables_api.c | 4
net/netfilter/xt_nfacct.c | 4
net/netlink/af_netlink.c | 2
net/packet/af_packet.c | 39 -
net/phonet/pep.c | 2
net/sched/act_api.c | 14
net/sched/act_csum.c | 4
net/sched/act_ct.c | 10
net/sched/act_gact.c | 14
net/sched/act_mirred.c | 55 +
net/sched/act_police.c | 5
net/sched/act_tunnel_key.c | 2
net/sched/act_vlan.c | 9
net/sched/sch_cake.c | 14
net/sched/sch_codel.c | 5
net/sched/sch_drr.c | 7
net/sched/sch_fq_codel.c | 6
net/sched/sch_hfsc.c | 8
net/sched/sch_htb.c | 6
net/sched/sch_netem.c | 40 +
net/sched/sch_qfq.c | 40 -
net/sched/sch_sfq.c | 114 ++-
net/sctp/input.c | 2
net/tls/tls_sw.c | 13
net/vmw_vsock/af_vsock.c | 3
net/wireless/mlme.c | 3
samples/mei/mei-amt-version.c | 2
scripts/Kbuild.include | 8
scripts/kconfig/gconf.c | 8
scripts/kconfig/lxdialog/inputbox.c | 6
scripts/kconfig/lxdialog/menubox.c | 2
scripts/kconfig/nconf.c | 2
scripts/kconfig/nconf.gui.c | 1
security/inode.c | 2
sound/pci/hda/patch_ca0132.c | 2
sound/pci/hda/patch_hdmi.c | 19
sound/pci/intel8x0.c | 2
sound/soc/codecs/hdac_hdmi.c | 10
sound/soc/codecs/rt5640.c | 5
sound/soc/fsl/fsl_sai.c | 14
sound/soc/intel/boards/Kconfig | 2
sound/soc/soc-dapm.c | 4
sound/soc/soc-ops.c | 26
sound/usb/mixer_quirks.c | 14
sound/usb/mixer_scarlett_gen2.c | 9
sound/usb/stream.c | 25
sound/usb/validate.c | 14
tools/bpf/bpftool/net.c | 15
tools/perf/tests/bp_account.c | 1
tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 4
tools/testing/ktest/ktest.pl | 5
tools/testing/selftests/ftrace/test.d/ftrace/func-filter-glob.tc | 2
tools/testing/selftests/futex/include/futextest.h | 11
tools/testing/selftests/net/forwarding/tc_actions.sh | 72 ++
tools/testing/selftests/net/rtnetlink.sh | 6
365 files changed, 3516 insertions(+), 1487 deletions(-)
Aaron Kling (1):
ARM: tegra: Use I/O memcpy to write to IRAM
Abdun Nihaal (1):
staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()
Al Viro (3):
securityfs: don't pin dentries twice, once is enough...
use uniform permission checks for all mount propagation changes
alloc_fdtable(): change calling conventions.
Alessandro Carminati (1):
regulator: core: fix NULL dereference on unbind due to stale coupling data
Alex Guo (2):
media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()
media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
Alexander Kochetkov (1):
ARM: rockchip: fix kernel hang during smp initialization
Alok Tiwari (5):
net: emaclite: Fix missing pointer increment in aligned_read()
staging: nvec: Fix incorrect null termination of battery manufacturer
ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4
be2net: Use correct byte order and format string for TCP seq and ack_seq
net: thunderx: Fix format-truncation warning in bgx_acpi_match_id()
Amir Mohammad Jahangirzad (1):
fs/orangefs: use snprintf() instead of sprintf()
Ammar Faizi (1):
net: usbnet: Fix the wrong netif_carrier_on() call
Andreas Dilger (1):
ext4: check fast symlink for ea_inode correctly
Andrew Jeffery (2):
soc: aspeed: lpc-snoop: Cleanup resources in stack-order
soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled
Andrew Lunn (1):
net: appletalk: fix kerneldoc warnings
Andy Shevchenko (2):
Documentation: ACPI: Fix parent device references
mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery
Annette Kobou (1):
ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface
Arnaud Lecomte (1):
jfs: upper bound check of tree index in dbAllocAG
Arnd Bergmann (4):
ethernet: intel: fix building with large NR_CPUS
ASoC: Intel: fix SND_SOC_SOF dependencies
ASoC: ops: dynamically allocate struct snd_ctl_elem_value
caif: reduce stack size, again
Arun Raghavan (1):
ASoC: fsl_sai: Force a software reset when starting in consumer mode
Avraham Stern (1):
wifi: iwlwifi: mvm: fix scan request validation
Balamanikandan Gunasundar (1):
mtd: rawnand: atmel: set pmecc data setup time
Baokun Li (1):
jbd2: prevent softlockup in jbd2_log_do_checkpoint()
Bard Liao (1):
soundwire: stream: restore params when prepare ports fail
Bartosz Golaszewski (1):
gpio: tps65912: check the return value of regmap_update_bits()
Benjamin Tissoires (3):
HID: core: ensure the allocated report buffer can contain the reserved report ID
HID: core: ensure __hid_request reserves the report ID as the first byte
HID: core: do not bypass hid_hw_raw_request
Bjorn Andersson (1):
soc: qcom: mdt_loader: Ensure we don't read past the ELF header
Brahmajit Das (1):
samples: mei: Fix building on musl libc
Breno Leitao (3):
ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
ipmi: Use dev_warn_ratelimited() for incorrect message warnings
mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock
Brian Masney (3):
rtc: ds1307: fix incorrect maximum clock rate handling
rtc: hym8563: fix incorrect maximum clock rate handling
rtc: pcf8563: fix incorrect maximum clock rate handling
Buday Csaba (1):
net: phy: smsc: add proper reset flags for LAN8710A
Budimir Markovic (1):
vsock: Do not allow binding to VMADDR_PORT_ANY
Bui Quang Minh (1):
virtio-net: ensure the received length does not exceed allocated size
Chao Yu (5):
f2fs: fix to avoid UAF in f2fs_sync_inode_meta()
f2fs: fix to avoid panic in f2fs_evict_inode
f2fs: fix to avoid out-of-boundary access in devs.path
f2fs: fix to do sanity check on ino and xnid
f2fs: fix to avoid out-of-boundary access in dnode page
Charles Han (1):
power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set
Cheick Traore (1):
pinctrl: stm32: Manage irq affinity settings
Chen Ni (1):
iio: adc: stm32-adc: Fix race in installing chained IRQ handler
Chenyuan Yang (1):
fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
Clément Le Goffic (1):
i2c: stm32: fix the device used for the DMA map
Cong Wang (4):
sch_drr: make drr_qlen_notify() idempotent
sch_hfsc: make hfsc_qlen_notify() idempotent
sch_qfq: make qfq_qlen_notify() idempotent
codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
Corey Minyard (1):
ipmi: Fix strcpy source and destination the same
Cristian Ciocaltea (1):
ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
Cynthia Huang (1):
selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t
Dai Ngo (1):
NFSD: detect mismatch of file handle and delegation stateid in OPEN op
Damien Le Moal (5):
scsi: mpt3sas: Correctly handle ATA device errors
ata: libata-scsi: Fix ata_to_sense_error() status handling
PCI: endpoint: Fix configfs group list head handling
PCI: endpoint: Fix configfs group removal on driver teardown
ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig
Dan Carpenter (7):
dmaengine: nbpfaxi: Fix memory corruption in probe()
watchdog: ziirave_wdt: check record length in ziirave_firm_verify()
fs/orangefs: Allow 2 more characters in do_c_string()
cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table()
media: gspca: Add bounds checking to firmware parser
scsi: qla4xxx: Prevent a potential error pointer dereference
ALSA: usb-audio: Fix size validation in convert_chmap_v3()
Daniel Dadap (1):
ALSA: hda: Add missing NVIDIA HDA codec IDs
Daniil Dulov (1):
wifi: rtl818x: Kill URBs before clearing tx status queue
Dave Hansen (1):
x86/fpu: Delay instruction pointer fixup until after warning
Dave Stevenson (3):
media: tc358743: Check I2C succeeded during probe
media: tc358743: Return an appropriate colorspace from tc358743_set_fmt
media: tc358743: Increase FIFO trigger level to 374
David Lechner (1):
iio: proximity: isl29501: fix buffered read on big-endian systems
Davide Caratti (2):
net/sched: act_mirred: better wording on protection against excessive stack growth
act_mirred: use the backlog for nested calls to mirred ingress
Denis OSTERLAND-HEIM (1):
pps: fix poll support
Dinghao Liu (1):
power: supply: bq24190_charger: Fix runtime PM imbalance on error
Dmitry Antipov (1):
Bluetooth: fix use-after-free in device_for_each_child()
Dong Chenchen (1):
net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime
Drew Hamilton (1):
usb: musb: fix gadget state on disconnect
Edson Juliano Drosdeck (1):
mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models
Edward Adam Davis (1):
jfs: Regular file corruption check
Eric Biggers (1):
thunderbolt: Fix copy+paste error in match_service_id()
Eric Dumazet (6):
net_sched: sch_sfq: annotate data-races around q->perturb_period
net_sched: sch_sfq: handle bigger packets
net_sched: sch_sfq: reject invalid perturb period
pptp: ensure minimal skb length in pptp_xmit()
ipv6: reject malicious packets in ipv6_gso_segment()
pptp: fix pptp_xmit() error path
Fabio Estevam (2):
iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[]
iio: adc: max1363: Reorder mode_list[] entries
Fabio Porcedda (1):
USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition
Fedor Pchelkin (3):
drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value
netfilter: nf_tables: adjust lockdep assertions handling
netlink: avoid infinite retry looping in netlink_unicast()
Filipe Manana (1):
btrfs: fix log tree replay failure due to file with 0 links and extents
Finn Thain (2):
m68k: Don't unregister boot console needlessly
m68k: Fix lost column on framebuffer debug console
Florian Westphal (2):
netfilter: xt_nfacct: don't assume acct name is null-terminated
netfilter: ctnetlink: fix refcount leak on table dump
Frederic Barrat (2):
pci/hotplug/pnv-php: Improve error msg on power state change failure
pci/hotplug/pnv-php: Wrap warnings in macro
Gal Pressman (1):
net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs
Gautham R. Shenoy (1):
pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()
Geoffrey D. Bennett (1):
ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx()
Giovanni Cabiddu (1):
crypto: qat - fix seq_file position update in adf_ring_next()
Gokul Sivakumar (1):
wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE
Greg Kroah-Hartman (2):
Revert "vmci: Prevent the dispatching of uninitialized payloads"
Linux 5.4.297
Gui-Dong Han (1):
media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
Hans Verkuil (1):
media: v4l2-ctrls: always copy the controls on completion
Hans Zhang (1):
PCI: rockchip-host: Fix "Unexpected Completion" log message
Haoxiang Li (2):
media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init()
ice: Fix a null pointer dereference in ice_copy_and_init_pkg()
Hari Kalavakunta (1):
net: ncsi: Fix buffer overflow in fetching version id
Harry Yoo (1):
mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n
He Zhe (1):
mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t
Helge Deller (1):
Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()"
Henry Martin (1):
clk: davinci: Add NULL check in davinci_lpsc_clk_register()
Herbert Xu (1):
crypto: marvell/cesa - Fix engine load inaccuracy
Hongyu Xie (1):
xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS
Hsin-Te Yuan (1):
thermal: sysfs: Return ENODATA instead of EAGAIN for reads
Ian Abbott (10):
comedi: pcl812: Fix bit shift out of bounds
comedi: aio_iiro_16: Fix bit shift out of bounds
comedi: das16m1: Fix bit shift out of bounds
comedi: das6402: Fix bit shift out of bounds
comedi: Fix some signed shift left operations
comedi: Fix use of uninitialized data in insn_rw_emulate_bits()
comedi: comedi_test: Fix possible deletion of uninitialized timers
comedi: fix race between polling and detaching
comedi: Fix initialization of data for instructions that write to subdevice
comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large
Ilan Peer (1):
wifi: cfg80211: Fix interface type validation
Imre Deak (1):
drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS
Ivan Stepchenko (1):
mtd: fix possible integer overflow in erase_xfer()
Jack Xiao (1):
drm/amdgpu: fix incorrect vm flags to map bo
Jakub Kicinski (2):
netpoll: prevent hanging NAPI when netcons gets enabled
uapi: in6: restore visibility of most IPv6 socket options
Jan Kara (2):
isofs: Verify inode mode when loading from disk
udf: Verify partition map count
Jason Wang (1):
vhost: fail early when __vhost_add_used() fails
Jason Xing (1):
ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc
Jay Chen (1):
usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command
Jeff Layton (1):
nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
Jiasheng Jiang (2):
iwlwifi: Add missing check for alloc_ordered_workqueue
scsi: lpfc: Remove redundant assignment to avoid memory leak
Jiaxun Yang (1):
MIPS: mm: tlb-r4k: Uniquify TLB entries on init
Jiayi Li (2):
ACPI: processor: perflib: Fix initial _PPC limit application
memstick: Fix deadlock by moving removing flag earlier
Jiayuan Chen (1):
bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls
Jimmy Assarsson (2):
can: kvaser_pciefd: Store device channel index
can: kvaser_usb: Assign netdev.dev_port based on device channel index
Jiri Pirko (1):
selftests: forwarding: tc_actions.sh: add matchall mirror test
Johan Hovold (6):
net: gianfar: fix device leak when querying time stamp info
net: dpaa: fix device leak when querying time stamp info
usb: gadget: udc: renesas_usb3: fix device leak at unbind
usb: dwc3: meson-g12a: fix device leaks at unbind
USB: cdc-acm: do not log successful probe on later errors
usb: musb: omap2430: fix device leak at unbind
Johan Korsnes (1):
arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX
Johannes Berg (1):
wifi: cfg80211: reject HTC bit for management frames
John Ernberg (1):
net: usbnet: Avoid potential RCU stall on LINK_CHANGE event
John Garry (1):
scsi: aacraid: Stop using PCI_IRQ_AFFINITY
Jon Hunter (1):
soc/tegra: pmc: Ensure power-domains are in a known state
Jonas Rebmann (1):
net: fec: allow disable coalescing
Jorge Ramirez-Ortiz (2):
media: venus: protect against spurious interrupts during probe
media: venus: hfi: explicitly release IRQ during teardown
Josef Bacik (1):
nfs: fix UAF in direct writes
Judith Mendez (1):
mmc: sdhci_am654: Workaround for Errata i2312
Jun Li (1):
usb: chipidea: udc: protect usb interrupt enable
Justin Tee (1):
scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
Kees Cook (2):
arm64: Handle KCOV __init vs inline mismatches
platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches
Kito Xu (veritas501) (1):
net: appletalk: Fix use-after-free in AARP proxy probe
Krishna Kurapati (1):
usb: dwc3: qcom: Don't leave BCR asserted
Krzysztof Kozlowski (1):
ARM: dts: vfxxx: Correctly use two tuples for timer address
Kuen-Han Tsai (1):
usb: dwc3: Ignore late xferNotReady event to prevent halt timeout
Kuninori Morimoto (1):
ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed
Kuniyuki Iwashima (1):
Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()
Laurentiu Mihalcea (1):
pwm: imx-tpm: Reset counter if CMOD is 0
Leo Yan (1):
perf tests bp_account: Fix leaked file descriptor
Li Zhong (1):
ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value
Lifeng Zheng (2):
cpufreq: Init policy->rwsem before it may be possibly used
cpufreq: Exit governor when failed to start old governor
Lin.Cao (1):
drm/sched: Remove optimization that causes hang when killing dependent jobs
Lizhi Xu (2):
vmci: Prevent the dispatching of uninitialized payloads
jfs: truncate good inode pages when hard link is 0
Lorenzo Stoakes (3):
mm: drop the assumption that VM_SHARED always implies writable
mm: update memfd seal write check to include F_SEAL_WRITE
mm: perform the mapping_map_writable() check after call_mmap()
Lucas De Marchi (1):
usb: early: xhci-dbc: Fix early_ioremap leak
Lucy Thrun (1):
ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
Ludwig Disterhof (1):
media: usbtv: Lock resolution while streaming
Luiz Augusto von Dentz (3):
Bluetooth: SMP: If an unallowed command is received consider it a failure
Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout
Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU
Lukas Wunner (1):
PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
Ma Ke (1):
sunvdc: Balance device refcount in vdc_port_mpgroup_check
Mael GUERIN (1):
USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera
Maor Gottlieb (1):
RDMA/core: Rate limit GID cache warning messages
Marek Szyprowski (1):
zynq_fpga: use sgtable-based scatterlist wrappers
Mario Limonciello (2):
usb: xhci: Avoid showing warnings for dying controller
usb: xhci: Avoid showing errors during surprise removal
Mark Brown (1):
ASoC: hdac_hdmi: Rate limit logging on connection and disconnection
Martin Kaistra (1):
wifi: rtl8xxxu: Fix RX skb size for aggregation disabled
Masahiro Yamada (3):
kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed()
kconfig: gconf: fix potential memory leak in renderer_edited()
kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS
Masami Hiramatsu (Google) (1):
selftests: tracing: Use mutex_unlock for testing glob filter
Mathias Nyman (4):
usb: hub: fix detection of high tier USB3 devices behind suspended hubs
usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm
usb: hub: avoid warm port reset during USB3 disconnect
usb: hub: Don't try to recover devices lost during warm reset.
Maulik Shah (1):
pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov
Meagan Lloyd (2):
rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
Mengbiao Xiong (1):
crypto: ccp - Fix crash when rebind ccp device for ccp.ko
Miao Li (1):
usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive
Miaohe Lin (1):
mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage()
Michal Schmidt (1):
benet: fix BUG when creating VFs
Mina Almasry (1):
netmem: fix skb_frag_address_safe with unreadable skbs
Minghao Chi (1):
power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync
Minhong He (1):
ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add
Myrrh Periwinkle (2):
vt: keyboard: Don't process Unicode characters in K_OFF mode
vt: defkeymap: Map keycodes above 127 to K_HOLE
Nathan Chancellor (8):
phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept()
memstick: core: Zero initialize id_reg in h_memstick_read_dev_id()
usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init()
wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table()
ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS
mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation
kbuild: Add CLANG_FLAGS to as-instr
kbuild: Add KBUILD_CPPFLAGS to as-option invocation
Nick Desaulniers (1):
kbuild: Update assembler calls to use proper flags and language target
Nilton Perim Neto (1):
Input: xpad - set correct controller type for Acer NGR200
Octavian Purdila (3):
net_sched: sch_sfq: don't allow 1 packet limit
net_sched: sch_sfq: use a temporary work area for validating configuration
net_sched: sch_sfq: move the limit validation
Ojaswin Mujoo (2):
ext4: fix fsmap end of range reporting with bigalloc
ext4: fix reserved gdt blocks handling in fsmap
Oliver Neukum (3):
usb: net: sierra: check for no status endpoint
usb: core: usb_submit_urb: downgrade type check
cdc-acm: fix race between initial clearing halt and open
Oscar Maes (1):
net: ipv4: fix incorrect MTU in broadcast routes
Ovidiu Panait (1):
hwrng: mtk - handle devm_pm_runtime_enable errors
Pagadala Yesu Anjaneyulu (1):
wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect
Pali Rohár (1):
cifs: Fix calling CIFSFindFirst() for root path without msearch
Paul Chaignon (1):
bpf: Check flow_dissector ctx accesses are aligned
Paul E. McKenney (1):
rcu: Protect ->defer_qs_iw_pending from data race
Paul Kocialkowski (1):
clk: sunxi-ng: v3s: Fix de clock definition
Pavel Begunkov (1):
io_uring: don't use int for ABI
Pavel Tikhomirov (1):
move_mount: allow to add a mount into an existing group
Peter Chen (3):
usb: chipidea: udc: add new API ci_hdrc_gadget_connect
usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use
usb: chipidea: udc: fix sleeping function called from invalid context
Peter Oberparleiter (2):
s390/hypfs: Avoid unnecessary ioctl registration in debugfs
s390/hypfs: Enable limited access during lockdown
Petr Pavlu (1):
module: Restore the moduleparam prefix length check
Phillip Lougher (1):
squashfs: fix memory leak in squashfs_fill_super
Qu Wenruo (1):
btrfs: populate otime when logging an inode item
Quang Le (1):
net/packet: fix a race in packet_set_ring() and packet_notifier()
Rafael J. Wysocki (2):
ACPI: processor: perflib: Move problematic pr->performance check
PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit()
Rand Deeb (1):
wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()
Randy Dunlap (1):
parisc: Makefile: fix a typo in palo.conf
Ranjan Kumar (1):
scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
Remi Pommarel (1):
Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()"
Ricardo Ribalda (2):
media: uvcvideo: Do not mark valid metadata as invalid
media: venus: vdec: Clamp param smaller than 1fps and bigger than 240.
Ricky Wu (1):
misc: rtsx: usb: Ensure mmc child device is active when card is present
Ryan Mann (NDI) (1):
USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI
Ryusuke Konishi (1):
nilfs2: reject invalid file types when reading inodes
Sabrina Dubroca (1):
udp: also consider secpath when evaluating ipsec use for checksumming
Sakari Ailus (1):
media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free()
Sarah Newman (1):
drbd: add missing kref_get in handle_write_conflicts
Sasha Levin (1):
fs: Prevent file descriptor table allocations exceeding INT_MAX
Sebastian Ott (1):
ACPI: processor: fix acpi_object initialization
Sebastian Reichel (2):
watchdog: dw_wdt: Fix default timeout
usb: typec: fusb302: cache PD RX state
Sergey Bashirov (4):
pNFS: Fix stripe mapping in block/scsi layout
pNFS: Fix disk addr range check in block/scsi layout
pNFS: Handle RPC size limit for layoutcommits
pNFS: Fix uninited ptr deref in block/scsi layout
Shankari Anand (1):
kconfig: nconf: Ensure null termination where strncpy is used
Shiji Yang (1):
MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free}
Showrya M N (1):
scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
Slark Xiao (2):
USB: serial: option: add Foxconn T99W640
USB: serial: option: add Foxconn T99W709
Stanislav Fomichev (1):
vrf: Drop existing dst reference in vrf_ip6_input_dst
Stanislaw Gruszka (1):
wifi: iwlegacy: Check rate_idx range after addition
Stefan Metzmacher (1):
smb: client: let recv_done() cleanup before notifying the callers.
Steven Rostedt (3):
ktest.pl: Prevent recursion of default variable options
ftrace: Also allocate and copy hash for reading of filter files
tracing: Add down_write(trace_event_sem) when adding trace event
Su Hui (1):
usb: xhci: print xhci->xhc_state when queue_command failed
Suchit Karunakaran (1):
kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c
Sven Schnelle (2):
s390/time: Use monotonic clock in get_cycles()
s390/stp: Remove udelay from stp_sync_clock()
Takashi Iwai (3):
ALSA: usb-audio: Validate UAC3 power domain descriptors, too
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation
Tao Xue (1):
usb: gadget : fix use-after-free in composite_dev_cleanup()
Tetsuo Handa (1):
hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
Theodore Ts'o (1):
ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
Thomas Fourier (15):
pch_uart: Fix dma_sync_sg_for_device() nents value
mmc: bcm2835: Fix dma_unmap_sg() nents value
mwl8k: Add missing check after DMA map
scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value
scsi: mvsas: Fix dma_unmap_sg() nents value
scsi: isci: Fix dma_unmap_sg() nents value
crypto: img-hash - Fix dma_unmap_sg() nents value
dmaengine: mv_xor: Fix missing check after DMA map and missing unmap
dmaengine: nbpfaxi: Add missing check after DMA map
mtd: rawnand: atmel: Fix dma_mapping_error() address
et131x: Add missing check after DMA map
net: ag71xx: Add missing check after DMA map
(powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer
wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`.
mtd: rawnand: fsmc: Add missing check after DMA map
Thomas Gleixner (3):
perf/core: Don't leak AUX buffer refcount on allocation failure
perf/core: Exit early on perf_mmap() fail
perf/core: Prevent VMA split of buffer mappings
Thomas Weißschuh (1):
MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
Thorsten Blum (1):
usb: storage: realtek_cr: Use correct byte order for bcs->Residue
Timothy Pearson (1):
PCI: pnv_php: Work around switches with broken presence detection
Timur Kristóf (2):
drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3
drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs
Trond Myklebust (5):
NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
NFSv4: Fix nfs4_bitmap_copy_adjust()
NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode()
NFS: Fix the setting of capabilities when automounting a new filesystem
NFS: Fix up commit deadlocks
Ulf Hansson (1):
mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()
Uwe Kleine-König (3):
pwm: mediatek: Implement .apply() callback
pwm: mediatek: Handle hardware enable and clock enable separately
pwm: mediatek: Fix duty and period setting
Vedang Nagar (1):
media: venus: Add a check for packet size after reading from shared memory
Viacheslav Dubeyko (4):
hfs: fix slab-out-of-bounds in hfs_bnode_read()
hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
hfs: fix not erasing deleted b-tree node issue
Vlad Buslov (4):
net: sched: extract common action counters update code into function
net: sched: extract bstats update code into function
net: sched: extract qstats update code into functions
net: sched: don't expose action qstats to skb_tc_reinsert()
Vladimir Zapolskiy (1):
media: qcom: camss: cleanup media device allocated resource on error path
Waiman Long (1):
mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup()
Wang Liang (1):
net: drop UFO packets in udp_rcv_segment()
Weitao Wang (1):
usb: xhci: Fix slot_id resource race conflict
William Liu (4):
net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree
net/sched: Restrict conditions for adding duplicating netems to qdisc tree
net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate
Wolfram Sang (3):
media: usb: hdpvr: disable zero-length read messages
i3c: add missing include to internal header
i3c: don't fail if GETHDRCAP is unsupported
Xiang Mei (2):
net/sched: sch_qfq: Fix race condition on qfq_aggregate
net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class
Xin Long (1):
sctp: linearize cloned gso packets in sctp_rcv
Xinxin Wan (1):
ASoC: codecs: rt5640: Retry DEVICE_ID verification
Xinyu Liu (1):
usb: gadget: configfs: Fix OOB read on empty string write
Xiu Jianfeng (1):
wifi: iwlwifi: Fix memory leak in iwl_mvm_init()
Xiumei Mu (1):
selftests: rtnetlink.sh: remove esp4_offload after test
Xu Yang (2):
usb: chipidea: add USB PHY event
usb: phy: mxs: disconnect line when USB charger is attached
Xu Yilun (1):
fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable()
Yang Xiwen (1):
i2c: qup: jump out of the loop in case of timeout
Yangtao Li (1):
hfsplus: remove mutex_lock check in hfsplus_free_extents
Yann E. MORIN (1):
kconfig: lxdialog: fix 'space' to (de)select options
Yazen Ghannam (1):
x86/mce/amd: Add default names for MCA banks and blocks
Ye Bin (1):
fs/buffer: fix use-after-free when call bh_read() helper
Youngjun Lee (1):
media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
Yuan Chen (2):
bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure
pinctrl: sunxi: Fix memory leak on krealloc failure
Yun Lu (2):
af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd()
af_packet: fix soft lockup issue caused by tpacket_snd()
Yunhui Cui (1):
serial: 8250: fix panic due to PSLVERR
Yury Norov [NVIDIA] (1):
RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
Zenm Chen (1):
USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles
Zhang Lixu (1):
iio: hid-sensor-prox: Fix incorrect OFFSET calculation
Zhang Shurong (1):
media: ov2659: Fix memory leaks in ov2659_probe()
Zhang Xiaoxu (1):
cifs: Fix UAF in cifs_demultiplex_thread()
Zheng Wang (1):
power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition
Zheng Yu (1):
jfs: fix metapage reference count leak in dbAllocCtl
chenchangcheng (1):
media: uvcvideo: Fix bandwidth issue for Alcor camera
jackysliu (1):
scsi: bfa: Double-free fix
tuhaowen (1):
PM: sleep: console: Fix the black screen issue
wenxu (1):
net/sched: act_mirred: refactor the handle of xmit
xin.guo (1):
tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range
Álvaro Fernández Rojas (3):
net: dsa: b53: fix b53_imp_vlan_setup for BCM5325
net: dsa: b53: prevent SWITCH_CTRL access on BCM5325
net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325
2 weeks, 1 day
- 1
- 1
[PATCH v2] mm/mremap: fix regression in vrm->new_addr check
by Carlos Llamas
Commit 3215eaceca87 ("mm/mremap: refactor initial parameter sanity
checks") moved the sanity check for vrm->new_addr from mremap_to() to
check_mremap_params().
However, this caused a regression as vrm->new_addr is now checked even
when MREMAP_FIXED and MREMAP_DONTUNMAP flags are not specified. In this
case, vrm->new_addr can be garbage and create unexpected failures.
Fix this by moving the new_addr check after the vrm_implies_new_addr()
guard. This ensures that the new_addr is only checked when the user has
specified one explicitly.
Cc: stable(a)vger.kernel.org
Fixes: 3215eaceca87 ("mm/mremap: refactor initial parameter sanity checks")
Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com>
Signed-off-by: Carlos Llamas <cmllamas(a)google.com>
---
v2:
- split out vrm->new_len into individual checks
- cc stable, collect tags
v1:
https://lore.kernel.org/all/20250828032653.521314-1-cmllamas@google.com/
mm/mremap.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/mm/mremap.c b/mm/mremap.c
index e618a706aff5..35de0a7b910e 100644
--- a/mm/mremap.c
+++ b/mm/mremap.c
@@ -1774,15 +1774,18 @@ static unsigned long check_mremap_params(struct vma_remap_struct *vrm)
if (!vrm->new_len)
return -EINVAL;
- /* Is the new length or address silly? */
- if (vrm->new_len > TASK_SIZE ||
- vrm->new_addr > TASK_SIZE - vrm->new_len)
+ /* Is the new length silly? */
+ if (vrm->new_len > TASK_SIZE)
return -EINVAL;
/* Remainder of checks are for cases with specific new_addr. */
if (!vrm_implies_new_addr(vrm))
return 0;
+ /* Is the new address silly? */
+ if (vrm->new_addr > TASK_SIZE - vrm->new_len)
+ return -EINVAL;
+
/* The new address must be page-aligned. */
if (offset_in_page(vrm->new_addr))
return -EINVAL;
--
2.51.0.268.g9569e192d0-goog
2 weeks, 1 day
- 3
- 2
[PATCH 5.10 000/523] 5.10.241-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 5.10.241 release.
There are 523 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 28 Aug 2025 11:08:19 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.241-r…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.10.241-rc1
Florian Westphal <fw(a)strlen.de>
netfilter: nf_reject: don't leak dst refcount for loopback packets
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nft_reject_inet: allow to use reject from inet ingress
Jose M. Guisado Gomez <guigom(a)riseup.net>
netfilter: nft_reject: unify reject init and dump into nft_reject
Peter Oberparleiter <oberpar(a)linux.ibm.com>
s390/hypfs: Enable limited access during lockdown
Peter Oberparleiter <oberpar(a)linux.ibm.com>
s390/hypfs: Avoid unnecessary ioctl registration in debugfs
Takashi Iwai <tiwai(a)suse.de>
ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation
William Liu <will(a)willsroot.io>
net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate
William Liu <will(a)willsroot.io>
net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
Jason Xing <kernelxing(a)tencent.com>
ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc
Minhong He <heminhong(a)kylinos.cn>
ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add
Dan Carpenter <dan.carpenter(a)linaro.org>
ALSA: usb-audio: Fix size validation in convert_chmap_v3()
Ido Schimmel <idosch(a)nvidia.com>
mlxsw: spectrum: Forward packets with an IPv4 link-local source IP
Kees Cook <kees(a)kernel.org>
iommu/amd: Avoid stack buffer overflow from kernel cmdline
Dan Carpenter <dan.carpenter(a)linaro.org>
scsi: qla4xxx: Prevent a potential error pointer dereference
Anantha Prabhu <anantha.prabhu(a)broadcom.com>
RDMA/bnxt_re: Fix to initialize the PBL array
Waiman Long <longman(a)redhat.com>
cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key
Feng Tang <feng.tang(a)intel.com>
mm/page_alloc: detect allocation forbidden by cpuset and bail out early
Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
iio: light: as73211: Ensure buffer holes are zeroed
Pu Lehui <pulehui(a)huawei.com>
tracing: Limit access to parser->buffer when trace_get_user failed
Steven Rostedt <rostedt(a)goodmis.org>
tracing: Remove unneeded goto out logic
Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com>
iio: imu: inv_icm42600: change invalid data error to -EBUSY
Weitao Wang <WeitaoWang-oc(a)zhaoxin.com>
usb: xhci: Fix slot_id resource race conflict
Jan Beulich <jbeulich(a)suse.com>
compiler: remove __ADDRESSABLE_ASM{_STR,}() again
Ammar Faizi <ammarfaizi2(a)gnuweeb.org>
net: usbnet: Fix the wrong netif_carrier_on() call
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
selftests: mptcp: pm: check flush doesn't reset limits
Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se>
gpio: rcar: Use raw_spinlock to protect register access
Meng Li <Meng.Li(a)windriver.com>
usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock
Wesley Cheng <quic_wcheng(a)quicinc.com>
usb: dwc3: Remove DWC3 locking during gadget suspend/resume
Ming Lei <ming.lei(a)redhat.com>
dm rq: don't queue request to blk-mq during DM suspend
Damien Le Moal <damien.lemoal(a)wdc.com>
dm: rearrange core declarations for extended use from dm-zone.c
Christophe JAILLET <christophe.jaillet(a)wanadoo.fr>
uio_hv_generic: Fix another memory leak in error handling paths
Ricardo Ribalda <ribalda(a)chromium.org>
media: venus: vdec: Clamp param smaller than 1fps and bigger than 240.
Chao Yu <chao(a)kernel.org>
f2fs: fix to avoid out-of-boundary access in dnode page
Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org>
media: qcom: camss: cleanup media device allocated resource on error path
Imre Deak <imre.deak(a)intel.com>
drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS
Timur Kristóf <timur.kristof(a)gmail.com>
drm/amd/display: Don't overclock DCE 6 by 15%
Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com>
media: venus: protect against spurious interrupts during probe
Dikshita Agarwal <quic_dikshita(a)quicinc.com>
media: venus: Add support for SSR trigger using fault injection
Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com>
media: venus: hfi: explicitly release IRQ during teardown
Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org>
media: venus: don't de-reference NULL pointers at IRQ time
Sakari Ailus <sakari.ailus(a)linux.intel.com>
media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free()
Hans Verkuil <hverkuil-cisco(a)xs4all.nl>
media: v4l2-ctrls: always copy the controls on completion
Johan Hovold <johan+linaro(a)kernel.org>
wifi: ath11k: fix dest ring-buffer corruption when ring is full
Kefeng Wang <wangkefeng.wang(a)huawei.com>
asm-generic: Add memory barrier dma_mb()
Marco Elver <elver(a)google.com>
locking/barriers, kcsan: Support generic instrumentation
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: mediatek: Fix duty and period setting
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: mediatek: Handle hardware enable and clock enable separately
Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de>
pwm: mediatek: Implement .apply() callback
Tzung-Bi Shih <tzungbi(a)kernel.org>
platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister()
Tzung-Bi Shih <tzungbi(a)kernel.org>
platform/chrome: cros_ec: remove unneeded label and if-condition
Chen-Yu Tsai <wenst(a)chromium.org>
platform/chrome: cros_ec: Use per-device lockdep key
Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de>
platform/chrome: cros_ec: Make cros_ec_unregister() return void
Zhang Yi <yi.zhang(a)huawei.com>
ext4: fix hole length calculation overflow in non-extent inodes
David Laight <David.Laight(a)ACULAB.COM>
minmax: add umin(a, b) and umax(a, b)
Li Zhong <floridsleeves(a)gmail.com>
ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value
Qu Wenruo <wqu(a)suse.com>
btrfs: populate otime when logging an inode item
Johan Hovold <johan(a)kernel.org>
usb: musb: omap2430: fix device leak at unbind
Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com>
soc: qcom: mdt_loader: Ensure we don't read past the ELF header
David Lechner <dlechner(a)baylibre.com>
iio: adc: ad_sigma_delta: change to buffer predisable
André Draszik <andre.draszik(a)linaro.org>
scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
Damien Le Moal <dlemoal(a)kernel.org>
ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig
Anshuman Khandual <anshuman.khandual(a)arm.com>
mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()
Davide Caratti <dcaratti(a)redhat.com>
net/sched: ets: use old 'nbands' while purging unused classes
Eric Dumazet <edumazet(a)google.com>
net_sched: sch_ets: implement lockless ets_dump()
Davide Caratti <dcaratti(a)redhat.com>
net/sched: sch_ets: properly init all active DRR list handles
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFS: Fix the setting of capabilities when automounting a new filesystem
Anna Schumaker <Anna.Schumaker(a)Netapp.com>
NFS: Create an nfs4_server_set_init_caps() function
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFSv4: Fix nfs4_bitmap_copy_adjust()
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFS: Don't set NFS_INO_REVAL_PAGECACHE in the inode cache validity
Ajish Koshy <Ajish.Koshy(a)microchip.com>
scsi: pm80xx: Fix memory leak during rmmod
James Smart <jsmart2021(a)gmail.com>
scsi: lpfc: Fix link down processing to address NULL pointer dereference
Leon Romanovsky <leon(a)kernel.org>
RDMA/rxe: Return CQE error if invalid lkey was supplied
Guchun Chen <guchun.chen(a)amd.com>
drm/amdgpu: handle the case of pci_channel_io_frozen only in amdgpu_pci_resume
Hyejeong Choi <hjeong.choi(a)samsung.com>
dma-buf: insert memory barrier before updating num_fences
Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
selftests/memfd: add test for mapping write-sealed memfd read-only
Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
mm: reinstate ability to map write-sealed memfd mappings read-only
Lorenzo Stoakes <lstoakes(a)gmail.com>
mm: update memfd seal write check to include F_SEAL_WRITE
Lorenzo Stoakes <lstoakes(a)gmail.com>
mm: drop the assumption that VM_SHARED always implies writable
Ma Ke <make24(a)iscas.ac.cn>
dpaa2-eth: Fix device reference count leak in MAC endpoint handling
Ioana Ciornei <ioana.ciornei(a)nxp.com>
dpaa2-eth: retry the probe when the MAC is not yet discovered on the bus
Ioana Ciornei <ioana.ciornei(a)nxp.com>
dpaa2-mac: export MAC counters even when in TYPE_FIXED
Ioana Ciornei <ioana.ciornei(a)nxp.com>
dpaa2-mac: split up initializing the MAC object from connecting to it
Nathan Chancellor <nathan(a)kernel.org>
ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix deadlock when cloning inline extents and using qgroups
Ming Lei <ming.lei(a)redhat.com>
block: don't call rq_qos_ops->done_bio if the bio isn't tracked
Yang Yingliang <yangyingliang(a)huawei.com>
ptp: Fix possible memory leak in ptp_clock_register()
Ian Abbott <abbotti(a)mev.co.uk>
comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large
Oliver Neukum <oneukum(a)suse.com>
cdc-acm: fix race between initial clearing halt and open
Johan Hovold <johan(a)kernel.org>
USB: cdc-acm: do not log successful probe on later errors
Haiyang Zhang <haiyangz(a)microsoft.com>
hv_netvsc: Fix panic during namespace deletion with VF
Damien Le Moal <dlemoal(a)kernel.org>
block: Make REQ_OP_ZONE_FINISH a write operation
Lukas Wunner <lukas(a)wunner.de>
PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
Sebastian Reichel <sebastian.reichel(a)collabora.com>
usb: typec: fusb302: cache PD RX state
John Ernberg <john.ernberg(a)actia.se>
net: usbnet: Avoid potential RCU stall on LINK_CHANGE event
Geoffrey D. Bennett <g(a)b4.vu>
ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx()
Dave Hansen <dave.hansen(a)linux.intel.com>
x86/fpu: Delay instruction pointer fixup until after warning
Harry Yoo <harry.yoo(a)oracle.com>
mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n
Miaohe Lin <linmiaohe(a)huawei.com>
mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage()
Lin.Cao <lincao12(a)amd.com>
drm/sched: Remove optimization that causes hang when killing dependent jobs
Haoxiang Li <haoxiang_li2024(a)163.com>
ice: Fix a null pointer dereference in ice_copy_and_init_pkg()
Maulik Shah <maulik.shah(a)oss.qualcomm.com>
pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov
Steven Rostedt <rostedt(a)goodmis.org>
tracing: Add down_write(trace_event_sem) when adding trace event
Wang Zhaolong <wangzhaolong(a)huaweicloud.com>
smb: client: fix use-after-free in crypt_message when using async crypto
Mathias Nyman <mathias.nyman(a)linux.intel.com>
usb: hub: Don't try to recover devices lost during warm reset.
Mathias Nyman <mathias.nyman(a)linux.intel.com>
usb: hub: avoid warm port reset during USB3 disconnect
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Add default names for MCA banks and blocks
Zhang Lixu <lixu.zhang(a)intel.com>
iio: hid-sensor-prox: Fix incorrect OFFSET calculation
Chao Yu <chao(a)kernel.org>
f2fs: fix to do sanity check on ino and xnid
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
kbuild: userprogs: use correct linker when mixing clang and GNU ld
Kuen-Han Tsai <khtsai(a)google.com>
usb: dwc3: Ignore late xferNotReady event to prevent halt timeout
Zenm Chen <zenmchen(a)gmail.com>
USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles
Thorsten Blum <thorsten.blum(a)linux.dev>
usb: storage: realtek_cr: Use correct byte order for bcs->Residue
Mael GUERIN <mael.guerin(a)murena.io>
USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera
Marek Vasut <marek.vasut+renesas(a)mailbox.org>
usb: renesas-xhci: Fix External ROM access timeouts
Miao Li <limiao(a)kylinos.cn>
usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive
Miaoqian Lin <linmq006(a)gmail.com>
most: core: Drop device reference after usage in get_channel()
David Lechner <dlechner(a)baylibre.com>
iio: proximity: isl29501: fix buffered read on big-endian systems
Salah Triki <salah.triki(a)gmail.com>
iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe()
Steven Rostedt <rostedt(a)goodmis.org>
ftrace: Also allocate and copy hash for reading of filter files
Xu Yilun <yilun.xu(a)linux.intel.com>
fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable()
Al Viro <viro(a)zeniv.linux.org.uk>
use uniform permission checks for all mount propagation changes
Pavel Tikhomirov <ptikhomirov(a)virtuozzo.com>
move_mount: allow to add a mount into an existing group
Ye Bin <yebin10(a)huawei.com>
fs/buffer: fix use-after-free when call bh_read() helper
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
selftests: mptcp: connect: also cover alt modes
Timur Kristóf <timur.kristof(a)gmail.com>
drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs
Timur Kristóf <timur.kristof(a)gmail.com>
drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs
Timur Kristóf <timur.kristof(a)gmail.com>
drm/amd/display: Fix DP audio DTO1 clock source on DCE 6.
Timur Kristóf <timur.kristof(a)gmail.com>
drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3
Evgeniy Harchenko <evgeniyharchenko.dev(a)gmail.com>
ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6
Phillip Lougher <phillip(a)squashfs.org.uk>
squashfs: fix memory leak in squashfs_fill_super
Victor Shih <victor.shih(a)genesyslogic.com.tw>
mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency
Jiayi Li <lijiayi(a)kylinos.cn>
memstick: Fix deadlock by moving removing flag earlier
Cong Wang <xiyou.wangcong(a)gmail.com>
sch_htb: make htb_deactivate() idempotent
Cong Wang <xiyou.wangcong(a)gmail.com>
codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
Cong Wang <xiyou.wangcong(a)gmail.com>
sch_qfq: make qfq_qlen_notify() idempotent
Cong Wang <xiyou.wangcong(a)gmail.com>
sch_hfsc: make hfsc_qlen_notify() idempotent
Cong Wang <xiyou.wangcong(a)gmail.com>
sch_drr: make drr_qlen_notify() idempotent
Cong Wang <xiyou.wangcong(a)gmail.com>
sch_htb: make htb_qlen_notify() idempotent
Jakub Acs <acsjakub(a)amazon.de>
net, hsr: reject HSR frame if skb can't hold tag
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd: Restore cached power limit during resume
Vedang Nagar <quic_vnagar(a)quicinc.com>
media: venus: Add a check for packet size after reading from shared memory
Zhang Shurong <zhang_shurong(a)foxmail.com>
media: ov2659: Fix memory leaks in ov2659_probe()
Gui-Dong Han <hanguidong02(a)gmail.com>
media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
Ludwig Disterhof <ludwig(a)disterhof.eu>
media: usbtv: Lock resolution while streaming
Haoxiang Li <haoxiang_li2024(a)163.com>
media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init()
Bingbu Cao <bingbu.cao(a)intel.com>
media: hi556: correct the test pattern configuration
Dan Carpenter <dan.carpenter(a)linaro.org>
media: gspca: Add bounds checking to firmware parser
Jon Hunter <jonathanh(a)nvidia.com>
soc/tegra: pmc: Ensure power-domains are in a known state
Baokun Li <libaokun1(a)huawei.com>
jbd2: prevent softlockup in jbd2_log_do_checkpoint()
Damien Le Moal <dlemoal(a)kernel.org>
PCI: endpoint: Fix configfs group removal on driver teardown
Damien Le Moal <dlemoal(a)kernel.org>
PCI: endpoint: Fix configfs group list head handling
Thomas Fourier <fourier.thomas(a)gmail.com>
mtd: rawnand: fsmc: Add missing check after DMA map
Tim Harvey <tharvey(a)gateworks.com>
hwmon: (gsc-hwmon) fix fan pwm setpoint show functions
Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com>
pwm: imx-tpm: Reset counter if CMOD is 0
Johan Hovold <johan+linaro(a)kernel.org>
wifi: ath11k: fix source ring-buffer corruption
Nathan Chancellor <nathan(a)kernel.org>
wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table()
Marek Szyprowski <m.szyprowski(a)samsung.com>
zynq_fpga: use sgtable-based scatterlist wrappers
Damien Le Moal <dlemoal(a)kernel.org>
ata: libata-scsi: Fix ata_to_sense_error() status handling
Ojaswin Mujoo <ojaswin(a)linux.ibm.com>
ext4: fix reserved gdt blocks handling in fsmap
Ojaswin Mujoo <ojaswin(a)linux.ibm.com>
ext4: fix fsmap end of range reporting with bigalloc
Andreas Dilger <adilger(a)dilger.ca>
ext4: check fast symlink for ea_inode correctly
Helge Deller <deller(a)gmx.de>
Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()"
Eric Biggers <ebiggers(a)kernel.org>
lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap
Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz>
vt: defkeymap: Map keycodes above 127 to K_HOLE
Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz>
vt: keyboard: Don't process Unicode characters in K_OFF mode
Alexander Wilhelm <alexander.wilhelm(a)westermo.com>
bus: mhi: host: Fix endianness of BHI vector table
Johan Hovold <johan(a)kernel.org>
usb: dwc3: meson-g12a: fix device leaks at unbind
Johan Hovold <johan(a)kernel.org>
usb: gadget: udc: renesas_usb3: fix device leak at unbind
Nathan Chancellor <nathan(a)kernel.org>
usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init()
Finn Thain <fthain(a)linux-m68k.org>
m68k: Fix lost column on framebuffer debug console
Dan Carpenter <dan.carpenter(a)linaro.org>
cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table()
Yunhui Cui <cuiyunhui(a)bytedance.com>
serial: 8250: fix panic due to PSLVERR
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Do not mark valid metadata as invalid
Youngjun Lee <yjjuny.lee(a)samsung.com>
media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
Breno Leitao <leitao(a)debian.org>
mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock
Waiman Long <longman(a)redhat.com>
mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup()
Randy Dunlap <rdunlap(a)infradead.org>
parisc: Makefile: fix a typo in palo.conf
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix log tree replay failure due to file with 0 links and extents
Eric Biggers <ebiggers(a)kernel.org>
thunderbolt: Fix copy+paste error in match_service_id()
Ian Abbott <abbotti(a)mev.co.uk>
comedi: fix race between polling and detaching
Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz>
usb: typec: ucsi: Update power_supply on power role change
Ricky Wu <ricky_wu(a)realtek.com>
misc: rtsx: usb: Ensure mmc child device is active when card is present
Xinyu Liu <katieeliu(a)tencent.com>
usb: core: config: Prevent OOB read in SS endpoint companion parsing
Jack Xiao <Jack.Xiao(a)amd.com>
drm/amdgpu: fix incorrect vm flags to map bo
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_sai: replace regmap_write with regmap_update_bits
Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com>
ASoC: soc-dai.c: add missing flag check at snd_soc_pcm_dai_probe()
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
scsi: lpfc: Remove redundant assignment to avoid memory leak
Meagan Lloyd <meaganlloyd(a)linux.microsoft.com>
rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Fix uninited ptr deref in block/scsi layout
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Handle RPC size limit for layoutcommits
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Fix disk addr range check in block/scsi layout
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Fix stripe mapping in block/scsi layout
John Garry <john.g.garry(a)oracle.com>
block: avoid possible overflow for chunk_sectors check in blk_stack_limits()
Buday Csaba <buday.csaba(a)prolan.hu>
net: phy: smsc: add proper reset flags for LAN8710A
Corey Minyard <corey(a)minyard.net>
ipmi: Fix strcpy source and destination the same
Yann E. MORIN <yann.morin.1998(a)free.fr>
kconfig: lxdialog: fix 'space' to (de)select options
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: gconf: fix potential memory leak in renderer_edited()
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed()
Breno Leitao <leitao(a)debian.org>
ipmi: Use dev_warn_ratelimited() for incorrect message warnings
John Garry <john.g.garry(a)oracle.com>
scsi: aacraid: Stop using PCI_IRQ_AFFINITY
Ranjan Kumar <ranjan.kumar(a)broadcom.com>
scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
Shankari Anand <shankari.ak0208(a)gmail.com>
kconfig: nconf: Ensure null termination where strncpy is used
Suchit Karunakaran <suchitkarunakaran(a)gmail.com>
kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c
fangzhong.zhou <myth5(a)myth5.com>
i2c: Force DLL0945 touchpad i2c freq to 100khz
Mikulas Patocka <mpatocka(a)redhat.com>
dm-mpath: don't print the "loaded" message if registering fails
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i3c: don't fail if GETHDRCAP is unsupported
Meagan Lloyd <meaganlloyd(a)linux.microsoft.com>
rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i3c: add missing include to internal header
Purva Yeshi <purvayeshi550(a)gmail.com>
md: dm-zoned-target: Initialize return variable r to avoid uninitialized use
chenchangcheng <chenchangcheng(a)kylinos.cn>
media: uvcvideo: Fix bandwidth issue for Alcor camera
Alex Guo <alexguo1023(a)gmail.com>
media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
Alex Guo <alexguo1023(a)gmail.com>
media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
media: usb: hdpvr: disable zero-length read messages
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: tc358743: Increase FIFO trigger level to 374
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: tc358743: Return an appropriate colorspace from tc358743_set_fmt
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: tc358743: Check I2C succeeded during probe
Cheick Traore <cheick.traore(a)foss.st.com>
pinctrl: stm32: Manage irq affinity settings
Damien Le Moal <dlemoal(a)kernel.org>
scsi: mpt3sas: Correctly handle ATA device errors
Justin Tee <justin.tee(a)broadcom.com>
scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
Arnd Bergmann <arnd(a)arndb.de>
RDMA/core: reduce stack using in nldev_stat_get_doit()
Yury Norov [NVIDIA] <yury.norov(a)gmail.com>
RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
Johan Adolfsson <johan.adolfsson(a)axis.com>
leds: leds-lp50xx: Handle reg to get correct multi_index
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
Arnaud Lecomte <contact(a)arnaud-lcm.com>
jfs: upper bound check of tree index in dbAllocAG
Edward Adam Davis <eadavis(a)qq.com>
jfs: Regular file corruption check
Lizhi Xu <lizhi.xu(a)windriver.com>
jfs: truncate good inode pages when hard link is 0
jackysliu <1972843537(a)qq.com>
scsi: bfa: Double-free fix
Shiji Yang <yangshiji66(a)outlook.com>
MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free}
Sebastian Reichel <sebastian.reichel(a)collabora.com>
watchdog: dw_wdt: Fix default timeout
Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com>
fs/orangefs: use snprintf() instead of sprintf()
Showrya M N <showrya(a)chelsio.com>
scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
Theodore Ts'o <tytso(a)mit.edu>
ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
Pali Rohár <pali(a)kernel.org>
cifs: Fix calling CIFSFindFirst() for root path without msearch
Jason Wang <jasowang(a)redhat.com>
vhost: fail early when __vhost_add_used() fails
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325
Jakub Kicinski <kuba(a)kernel.org>
uapi: in6: restore visibility of most IPv6 socket options
Emily Deng <Emily.Deng(a)amd.com>
drm/ttm: Should to return the evict error
Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com>
net: ncsi: Fix buffer overflow in fetching version id
Thomas Fourier <fourier.thomas(a)gmail.com>
wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc()
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: prevent SWITCH_CTRL access on BCM5325
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: fix b53_imp_vlan_setup for BCM5325
Alok Tiwari <alok.a.tiwari(a)oracle.com>
gve: Return error for unknown admin queue command
Gal Pressman <gal(a)nvidia.com>
net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs
Stanislaw Gruszka <stf_xl(a)wp.pl>
wifi: iwlegacy: Check rate_idx range after addition
Mina Almasry <almasrymina(a)google.com>
netmem: fix skb_frag_address_safe with unreadable skbs
Thomas Fourier <fourier.thomas(a)gmail.com>
wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`.
Wen Chen <Wen.Chen3(a)amd.com>
drm/amd/display: Fix 'failed to blank crtc!'
Pagadala Yesu Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com>
wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect
Rand Deeb <rand.sec96(a)gmail.com>
wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()
Ilya Bakoulin <Ilya.Bakoulin(a)amd.com>
drm/amd/display: Separate set_gsl from set_gsl_source_select
Jonas Rebmann <jre(a)pengutronix.de>
net: fec: allow disable coalescing
Thomas Fourier <fourier.thomas(a)gmail.com>
(powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer
Sven Schnelle <svens(a)linux.ibm.com>
s390/stp: Remove udelay from stp_sync_clock()
Avraham Stern <avraham.stern(a)intel.com>
wifi: iwlwifi: mvm: fix scan request validation
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: thunderx: Fix format-truncation warning in bgx_acpi_match_id()
Oscar Maes <oscmaes92(a)gmail.com>
net: ipv4: fix incorrect MTU in broadcast routes
Ilan Peer <ilan.peer(a)intel.com>
wifi: cfg80211: Fix interface type validation
Paul E. McKenney <paulmck(a)kernel.org>
rcu: Protect ->defer_qs_iw_pending from data race
Thomas Fourier <fourier.thomas(a)gmail.com>
net: ag71xx: Add missing check after DMA map
Thomas Fourier <fourier.thomas(a)gmail.com>
et131x: Add missing check after DMA map
Alok Tiwari <alok.a.tiwari(a)oracle.com>
be2net: Use correct byte order and format string for TCP seq and ack_seq
Sven Schnelle <svens(a)linux.ibm.com>
s390/time: Use monotonic clock in get_cycles()
Johannes Berg <johannes.berg(a)intel.com>
wifi: cfg80211: reject HTC bit for management frames
Steven Rostedt <rostedt(a)goodmis.org>
ktest.pl: Prevent recursion of default variable options
Anthoine Bourgeois <anthoine.bourgeois(a)vates.tech>
xen/netfront: Fix TX response spurious interrupts
Xinxin Wan <xinxin.wan(a)intel.com>
ASoC: codecs: rt5640: Retry DEVICE_ID verification
Jonathan Santos <Jonathan.Santos(a)analog.com>
iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement
Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com>
ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
Christophe Leroy <christophe.leroy(a)csgroup.eu>
ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop
Lucy Thrun <lucy.thrun(a)digital-rabbithole.de>
ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
Tomasz Michalec <tmichalec(a)google.com>
platform/chrome: cros_ec_typec: Defer probe on missing EC parent
Kees Cook <kees(a)kernel.org>
platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches
Gautham R. Shenoy <gautham.shenoy(a)amd.com>
pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()
Oliver Neukum <oneukum(a)suse.com>
usb: core: usb_submit_urb: downgrade type check
Tomasz Michalec <tmichalec(a)google.com>
usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present
Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com>
ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
Alok Tiwari <alok.a.tiwari(a)oracle.com>
ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4
Mark Brown <broonie(a)kernel.org>
ASoC: hdac_hdmi: Rate limit logging on connection and disconnection
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/bugs: Avoid warning when overriding return thunk
Ulf Hansson <ulf.hansson(a)linaro.org>
mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()
Peter Robinson <pbrobinson(a)gmail.com>
reset: brcmstb: Enable reset drivers for ARCH_BCM2835
Breno Leitao <leitao(a)debian.org>
ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
Sarthak Garg <quic_sartgarg(a)quicinc.com>
mmc: sdhci-msm: Ensure SD card power isn't ON when card removed
Sebastian Ott <sebott(a)redhat.com>
ACPI: processor: fix acpi_object initialization
tuhaowen <tuhaowen(a)uniontech.com>
PM: sleep: console: Fix the black screen issue
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
thermal: sysfs: Return ENODATA instead of EAGAIN for reads
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit()
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
selftests: tracing: Use mutex_unlock for testing glob filter
Aaron Kling <webgeek1234(a)gmail.com>
ARM: tegra: Use I/O memcpy to write to IRAM
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
gpio: tps65912: check the return value of regmap_update_bits()
Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com>
ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed
Lifeng Zheng <zhenglifeng1(a)huawei.com>
PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store()
Alexander Kochetkov <al.kochet(a)gmail.com>
ARM: rockchip: fix kernel hang during smp initialization
Lifeng Zheng <zhenglifeng1(a)huawei.com>
cpufreq: Exit governor when failed to start old governor
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
gpio: wcd934x: check the return value of regmap_update_bits()
Mario Limonciello <mario.limonciello(a)amd.com>
usb: xhci: Avoid showing errors during surprise removal
Jay Chen <shawn2000100(a)gmail.com>
usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command
Mario Limonciello <mario.limonciello(a)amd.com>
usb: xhci: Avoid showing warnings for dying controller
Benson Leung <bleung(a)chromium.org>
usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default
Cynthia Huang <cynthia(a)andestech.com>
selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t
Prashant Malani <pmalani(a)google.com>
cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag
Su Hui <suhui(a)nfschina.com>
usb: xhci: print xhci->xhc_state when queue_command failed
Al Viro <viro(a)zeniv.linux.org.uk>
securityfs: don't pin dentries twice, once is enough...
Damien Le Moal <dlemoal(a)kernel.org>
ata: libata-sata: Disallow changing LPM state if not supported
Al Viro <viro(a)zeniv.linux.org.uk>
better lockdep annotations for simple_recursive_removal()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfs: fix not erasing deleted b-tree node issue
Sarah Newman <srn(a)prgmr.com>
drbd: add missing kref_get in handle_write_conflicts
Jan Kara <jack(a)suse.cz>
udf: Verify partition map count
Kees Cook <kees(a)kernel.org>
arm64: Handle KCOV __init vs inline mismatches
Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp>
hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfs: fix slab-out-of-bounds in hfs_bnode_read()
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpuidle: governors: menu: Avoid using invalid recent intervals data
Len Brown <len.brown(a)intel.com>
intel_idle: Allow loading ACPI tables for any family
Xin Long <lucien.xin(a)gmail.com>
sctp: linearize cloned gso packets in sctp_rcv
Florian Westphal <fw(a)strlen.de>
netfilter: ctnetlink: fix refcount leak on table dump
Sabrina Dubroca <sd(a)queasysnail.net>
udp: also consider secpath when evaluating ipsec use for checksumming
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
ACPI: processor: perflib: Move problematic pr->performance check
Jiayi Li <lijiayi(a)kylinos.cn>
ACPI: processor: perflib: Fix initial _PPC limit application
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
Documentation: ACPI: Fix parent device references
Sasha Levin <sashal(a)kernel.org>
fs: Prevent file descriptor table allocations exceeding INT_MAX
Ma Ke <make24(a)iscas.ac.cn>
sunvdc: Balance device refcount in vdc_port_mpgroup_check
Dai Ngo <dai.ngo(a)oracle.com>
NFSD: detect mismatch of file handle and delegation stateid in OPEN op
Jeff Layton <jlayton(a)kernel.org>
nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
Johan Hovold <johan(a)kernel.org>
net: dpaa: fix device leak when querying time stamp info
Johan Hovold <johan(a)kernel.org>
net: gianfar: fix device leak when querying time stamp info
Fedor Pchelkin <pchelkin(a)ispras.ru>
netlink: avoid infinite retry looping in netlink_unicast()
Takashi Iwai <tiwai(a)suse.de>
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
Takashi Iwai <tiwai(a)suse.de>
ALSA: usb-audio: Validate UAC3 power domain descriptors, too
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring: don't use int for ABI
Tao Xue <xuetao09(a)huawei.com>
usb: gadget : fix use-after-free in composite_dev_cleanup()
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery
Jiaxun Yang <jiaxun.yang(a)flygoat.com>
MIPS: mm: tlb-r4k: Uniquify TLB entries on init
Slark Xiao <slark_xiao(a)163.com>
USB: serial: option: add Foxconn T99W709
Budimir Markovic <markovicbudimir(a)gmail.com>
vsock: Do not allow binding to VMADDR_PORT_ANY
Quang Le <quanglex97(a)gmail.com>
net/packet: fix a race in packet_set_ring() and packet_notifier()
Thomas Gleixner <tglx(a)linutronix.de>
perf/core: Prevent VMA split of buffer mappings
Thomas Gleixner <tglx(a)linutronix.de>
perf/core: Exit early on perf_mmap() fail
Thomas Gleixner <tglx(a)linutronix.de>
perf/core: Don't leak AUX buffer refcount on allocation failure
Eric Dumazet <edumazet(a)google.com>
pptp: fix pptp_xmit() error path
Stefan Metzmacher <metze(a)samba.org>
smb: client: let recv_done() cleanup before notifying the callers.
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out()
Michal Schmidt <mschmidt(a)redhat.com>
benet: fix BUG when creating VFs
Wang Liang <wangliang74(a)huawei.com>
net: drop UFO packets in udp_rcv_segment()
Eric Dumazet <edumazet(a)google.com>
ipv6: reject malicious packets in ipv6_gso_segment()
Eric Dumazet <edumazet(a)google.com>
pptp: ensure minimal skb length in pptp_xmit()
Horatiu Vultur <horatiu.vultur(a)microchip.com>
phy: mscc: Fix parsing of unicast frames
Jakub Kicinski <kuba(a)kernel.org>
netpoll: prevent hanging NAPI when netcons gets enabled
Benjamin Coddington <bcodding(a)redhat.com>
NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY
Matthew Wilcox (Oracle) <willy(a)infradead.org>
XArray: Add calls to might_alloc()
Daniel Vetter <daniel.vetter(a)ffwll.ch>
mm: extract might_alloc() debug check
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: another fix for listxattr
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
Tigran Mkrtchyan <tigran.mkrtchyan(a)desy.de>
pNFS/flexfiles: don't attempt pnfs on fatal DS errors
Trond Myklebust <trond.myklebust(a)hammerspace.com>
pNFS/flexfiles: Avoid spurious layout returns in ff_layout_choose_ds_for_read
Timothy Pearson <tpearson(a)raptorengineering.com>
PCI: pnv_php: Fix surprise plug detection and recovery
Timothy Pearson <tpearson(a)raptorengineering.com>
powerpc/eeh: Make EEH driver device hotplug safe
Maciej W. Rozycki <macro(a)orcam.me.uk>
powerpc/eeh: Rely on dev->link_active_reporting
Timothy Pearson <tpearson(a)raptorengineering.com>
powerpc/eeh: Export eeh_unfreeze_pe()
Timothy Pearson <tpearson(a)raptorengineering.com>
PCI: pnv_php: Work around switches with broken presence detection
Timothy Pearson <tpearson(a)raptorengineering.com>
PCI: pnv_php: Clean up allocated IRQs on unplug
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: qconf: fix ConfigList::updateListAllforAll()
Seunghui Lee <sh043.lee(a)samsung.com>
scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume
Chao Yu <chao(a)kernel.org>
f2fs: fix to avoid out-of-boundary access in devs.path
Chao Yu <chao(a)kernel.org>
f2fs: fix to avoid panic in f2fs_evict_inode
Chao Yu <chao(a)kernel.org>
f2fs: fix to avoid UAF in f2fs_sync_inode_meta()
Chao Yu <chao(a)kernel.org>
f2fs: doc: fix wrong quota mount option description
Brian Masney <bmasney(a)redhat.com>
rtc: rv3028: fix incorrect maximum clock rate handling
Brian Masney <bmasney(a)redhat.com>
rtc: pcf8563: fix incorrect maximum clock rate handling
Brian Masney <bmasney(a)redhat.com>
rtc: pcf85063: fix incorrect maximum clock rate handling
Brian Masney <bmasney(a)redhat.com>
rtc: hym8563: fix incorrect maximum clock rate handling
Brian Masney <bmasney(a)redhat.com>
rtc: ds1307: fix incorrect maximum clock rate handling
Petr Pavlu <petr.pavlu(a)suse.com>
module: Restore the moduleparam prefix length check
Ryan Lee <ryan.lee(a)canonical.com>
apparmor: ensure WB_HISTORY_SIZE value is a power of 2
Paul Chaignon <paul.chaignon(a)gmail.com>
bpf: Check flow_dissector ctx accesses are aligned
Mike Christie <michael.christie(a)oracle.com>
vhost-scsi: Fix log flooding with target does not exist errors
Balamanikandan Gunasundar <balamanikandan.gunasundar(a)microchip.com>
mtd: rawnand: atmel: set pmecc data setup time
Thomas Fourier <fourier.thomas(a)gmail.com>
mtd: rawnand: atmel: Fix dma_mapping_error() address
Zheng Yu <zheng.yu(a)northwestern.edu>
jfs: fix metapage reference count leak in dbAllocCtl
Chenyuan Yang <chenyuan0y(a)gmail.com>
fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
Giovanni Cabiddu <giovanni.cabiddu(a)intel.com>
crypto: qat - fix seq_file position update in adf_ring_next()
Ben Hutchings <benh(a)debian.org>
sh: Do not use hyphen in exported variable name
Thomas Fourier <fourier.thomas(a)gmail.com>
dmaengine: nbpfaxi: Add missing check after DMA map
Thomas Fourier <fourier.thomas(a)gmail.com>
dmaengine: mv_xor: Fix missing check after DMA map and missing unmap
Dan Carpenter <dan.carpenter(a)linaro.org>
fs/orangefs: Allow 2 more characters in do_c_string()
Bard Liao <yung-chuan.liao(a)linux.intel.com>
soundwire: stream: restore params when prepare ports fail
Thomas Fourier <fourier.thomas(a)gmail.com>
crypto: img-hash - Fix dma_unmap_sg() nents value
Ovidiu Panait <ovidiu.panait.oss(a)gmail.com>
hwrng: mtk - handle devm_pm_runtime_enable errors
Dan Carpenter <dan.carpenter(a)linaro.org>
watchdog: ziirave_wdt: check record length in ziirave_firm_verify()
Thomas Fourier <fourier.thomas(a)gmail.com>
scsi: isci: Fix dma_unmap_sg() nents value
Thomas Fourier <fourier.thomas(a)gmail.com>
scsi: mvsas: Fix dma_unmap_sg() nents value
Thomas Fourier <fourier.thomas(a)gmail.com>
scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value
Paul Kocialkowski <paulk(a)sys-base.io>
clk: sunxi-ng: v3s: Fix de clock definition
Leo Yan <leo.yan(a)arm.com>
perf tests bp_account: Fix leaked file descriptor
Mengbiao Xiong <xisme1998(a)gmail.com>
crypto: ccp - Fix crash when rebind ccp device for ccp.ko
Thomas Fourier <fourier.thomas(a)gmail.com>
crypto: inside-secure - Fix `dma_unmap_sg()` nents value
Yuan Chen <chenyuan(a)kylinos.cn>
pinctrl: sunxi: Fix memory leak on krealloc failure
Charles Han <hanchunchao(a)inspur.com>
power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set
Henry Martin <bsdhenrymartin(a)gmail.com>
clk: davinci: Add NULL check in davinci_lpsc_clk_register()
Ivan Stepchenko <sid(a)itb.spb.ru>
mtd: fix possible integer overflow in erase_xfer()
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: marvell/cesa - Fix engine load inaccuracy
Hans Zhang <18255117159(a)163.com>
PCI: rockchip-host: Fix "Unexpected Completion" log message
Stanislav Fomichev <sdf(a)fomichev.me>
vrf: Drop existing dst reference in vrf_ip6_input_dst
Xiumei Mu <xmu(a)redhat.com>
selftests: rtnetlink.sh: remove esp4_offload after test
Florian Westphal <fw(a)strlen.de>
netfilter: xt_nfacct: don't assume acct name is null-terminated
Jimmy Assarsson <extja(a)kvaser.com>
can: kvaser_usb: Assign netdev.dev_port based on device channel index
Jimmy Assarsson <extja(a)kvaser.com>
can: kvaser_pciefd: Store device channel index
Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com>
wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE
Remi Pommarel <repk(a)triplefau.lt>
Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()"
Remi Pommarel <repk(a)triplefau.lt>
wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key()
Thomas Fourier <fourier.thomas(a)gmail.com>
mwl8k: Add missing check after DMA map
Martin Kaistra <martin.kaistra(a)linutronix.de>
wifi: rtl8xxxu: Fix RX skb size for aggregation disabled
Juergen Gross <jgross(a)suse.com>
xen/gntdev: remove struct gntdev_copy_batch from stack
Eric Dumazet <edumazet(a)google.com>
net_sched: act_ctinfo: use atomic64_t for three counters
William Liu <will(a)willsroot.io>
net/sched: Restrict conditions for adding duplicating netems to qdisc tree
Johan Korsnes <johan.korsnes(a)gmail.com>
arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX
Fedor Pchelkin <pchelkin(a)ispras.ru>
netfilter: nf_tables: adjust lockdep assertions handling
Fedor Pchelkin <pchelkin(a)ispras.ru>
drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value
Finn Thain <fthain(a)linux-m68k.org>
m68k: Don't unregister boot console needlessly
xin.guo <guoxin0309(a)gmail.com>
tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range
Sergey Senozhatsky <senozhatsky(a)chromium.org>
wifi: ath11k: clear initialized flag for deinit-ed srng lists
Jiasheng Jiang <jiasheng(a)iscas.ac.cn>
iwlwifi: Add missing check for alloc_ordered_workqueue
Xiu Jianfeng <xiujianfeng(a)huawei.com>
wifi: iwlwifi: Fix memory leak in iwl_mvm_init()
Daniil Dulov <d.dulov(a)aladdin.ru>
wifi: rtl818x: Kill URBs before clearing tx status queue
Arnd Bergmann <arnd(a)arndb.de>
caif: reduce stack size, again
Yuan Chen <chenyuan(a)kylinos.cn>
bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure
Jiayuan Chen <jiayuan.chen(a)linux.dev>
bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed
Steven Rostedt <rostedt(a)goodmis.org>
selftests/tracing: Fix false failure of subsystem event test
Alok Tiwari <alok.a.tiwari(a)oracle.com>
staging: nvec: Fix incorrect null termination of battery manufacturer
Brahmajit Das <listout(a)listout.xyz>
samples: mei: Fix building on musl libc
Lifeng Zheng <zhenglifeng1(a)huawei.com>
cpufreq: Init policy->rwsem before it may be possibly used
Lifeng Zheng <zhenglifeng1(a)huawei.com>
cpufreq: Initialize cpufreq-based frequency-invariance later
Adam Ford <aford173(a)gmail.com>
arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed
Annette Kobou <annette.kobou(a)kontron.de>
ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface
Lucas De Marchi <lucas.demarchi(a)intel.com>
usb: early: xhci-dbc: Fix early_ioremap leak
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Revert "vmci: Prevent the dispatching of uninitialized payloads"
Denis OSTERLAND-HEIM <denis.osterland(a)diehl.com>
pps: fix poll support
Lizhi Xu <lizhi.xu(a)windriver.com>
vmci: Prevent the dispatching of uninitialized payloads
Abdun Nihaal <abdun.nihaal(a)gmail.com>
staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
ARM: dts: vfxxx: Correctly use two tuples for timer address
Arnd Bergmann <arnd(a)arndb.de>
ASoC: ops: dynamically allocate struct snd_ctl_elem_value
Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com>
ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask()
Yangtao Li <frank.li(a)vivo.com>
hfsplus: remove mutex_lock check in hfsplus_free_extents
RubenKelevra <rubenkelevra(a)gmail.com>
fs_context: fix parameter name in infofc() macro
Arnd Bergmann <arnd(a)arndb.de>
ASoC: Intel: fix SND_SOC_SOF dependencies
Arnd Bergmann <arnd(a)arndb.de>
ethernet: intel: fix building with large NR_CPUS
Xu Yang <xu.yang_2(a)nxp.com>
usb: phy: mxs: disconnect line when USB charger is attached
Xu Yang <xu.yang_2(a)nxp.com>
usb: chipidea: add USB PHY event
Daniel Dadap <ddadap(a)nvidia.com>
ALSA: hda: Add missing NVIDIA HDA codec IDs
Ian Abbott <abbotti(a)mev.co.uk>
comedi: comedi_test: Fix possible deletion of uninitialized timers
Michael Zhivich <mzhivich(a)akamai.com>
x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode()
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: reject invalid file types when reading inodes
Praveen Kaligineedi <pkaligineedi(a)google.com>
gve: Fix stuck TX queue for DQ queue format
Jacek Kowalski <jacek(a)jacekk.info>
e1000e: ignore uninitialized checksum word on tgp
Jacek Kowalski <jacek(a)jacekk.info>
e1000e: disregard NVM checksum on tgp when valid checksum bit is not set
Dawid Rezler <dawidrezler.patches(a)gmail.com>
ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx
Yang Xiwen <forbidden405(a)outlook.com>
i2c: qup: jump out of the loop in case of timeout
Jian Shen <shenjian15(a)huawei.com>
net: hns3: fixed vf get max channels bug
Jian Shen <shenjian15(a)huawei.com>
net: hns3: refine the struct hane3_tc_info
Xiang Mei <xmei5(a)asu.edu>
net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class
Kito Xu (veritas501) <hxzene(a)gmail.com>
net: appletalk: Fix use-after-free in AARP proxy probe
Andrew Lunn <andrew(a)lunn.ch>
net: appletalk: fix kerneldoc warnings
Dennis Chen <dechen(a)redhat.com>
i40e: report VF tx_dropped with tx_errors instead of tx_discards
Yajun Deng <yajun.deng(a)linux.dev>
i40e: Add rx_missed_errors for buffer exhaustion
Maor Gottlieb <maorg(a)nvidia.com>
RDMA/core: Rate limit GID cache warning messages
Alessandro Carminati <acarmina(a)redhat.com>
regulator: core: fix NULL dereference on unbind due to stale coupling data
Hongyu Xie <xiehongyu1(a)kylinos.cn>
xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS
Bui Quang Minh <minhquangbui99(a)gmail.com>
virtio-net: ensure the received length does not exceed allocated size
Alexander Gordeev <agordeev(a)linux.ibm.com>
mm/vmalloc: leave lazy MMU mode on PTE mapping error
Arun Raghavan <arun(a)asymptotic.io>
ASoC: fsl_sai: Force a software reset when starting in consumer mode
Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com>
usb: dwc3: qcom: Don't leave BCR asserted
Drew Hamilton <drew.hamilton(a)zetier.com>
usb: musb: fix gadget state on disconnect
Paul Cercueil <paul(a)crapouillou.net>
usb: musb: Add and use inline functions musb_{get,set}_state
Mathias Nyman <mathias.nyman(a)linux.intel.com>
usb: hub: Fix flushing of delayed work used for post resume purposes
Mathias Nyman <mathias.nyman(a)linux.intel.com>
usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm
Mathias Nyman <mathias.nyman(a)linux.intel.com>
usb: hub: fix detection of high tier USB3 devices behind suspended hubs
William Liu <will(a)willsroot.io>
net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree
Dong Chenchen <dongchenchen2(a)huawei.com>
net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: SMP: If an unallowed command is received consider it a failure
Kuniyuki Iwashima <kuniyu(a)google.com>
Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()
Oliver Neukum <oneukum(a)suse.com>
usb: net: sierra: check for no status endpoint
Marius Zachmann <mail(a)mariuszachmann.de>
hwmon: (corsair-cpro) Validate the size of the received input buffer
Kuniyuki Iwashima <kuniyu(a)google.com>
rpl: Fix use-after-free in rpl_do_srh_inline().
Xiang Mei <xmei5(a)asu.edu>
net/sched: sch_qfq: Fix race condition on qfq_aggregate
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: emaclite: Fix missing pointer increment in aligned_read()
Ian Abbott <abbotti(a)mev.co.uk>
comedi: Fix initialization of data for instructions that write to subdevice
Ian Abbott <abbotti(a)mev.co.uk>
comedi: Fix use of uninitialized data in insn_rw_emulate_bits()
Ian Abbott <abbotti(a)mev.co.uk>
comedi: Fix some signed shift left operations
Ian Abbott <abbotti(a)mev.co.uk>
comedi: das6402: Fix bit shift out of bounds
Ian Abbott <abbotti(a)mev.co.uk>
comedi: das16m1: Fix bit shift out of bounds
Ian Abbott <abbotti(a)mev.co.uk>
comedi: aio_iiro_16: Fix bit shift out of bounds
Ian Abbott <abbotti(a)mev.co.uk>
comedi: pcl812: Fix bit shift out of bounds
Chen Ni <nichen(a)iscas.ac.cn>
iio: adc: stm32-adc: Fix race in installing chained IRQ handler
Fabio Estevam <festevam(a)denx.de>
iio: adc: max1363: Reorder mode_list[] entries
Fabio Estevam <festevam(a)denx.de>
iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[]
Andrew Jeffery <andrew(a)codeconstruct.com.au>
soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled
Andrew Jeffery <andrew(a)codeconstruct.com.au>
soc: aspeed: lpc-snoop: Cleanup resources in stack-order
Judith Mendez <jm(a)ti.com>
mmc: sdhci_am654: Workaround for Errata i2312
Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com>
mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models
Thomas Fourier <fourier.thomas(a)gmail.com>
mmc: bcm2835: Fix dma_unmap_sg() nents value
Nathan Chancellor <nathan(a)kernel.org>
memstick: core: Zero initialize id_reg in h_memstick_read_dev_id()
Jan Kara <jack(a)suse.cz>
isofs: Verify inode mode when loading from disk
Dan Carpenter <dan.carpenter(a)linaro.org>
dmaengine: nbpfaxi: Fix memory corruption in probe()
Yun Lu <luyun(a)kylinos.cn>
af_packet: fix soft lockup issue caused by tpacket_snd()
Yun Lu <luyun(a)kylinos.cn>
af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd()
Nathan Chancellor <nathan(a)kernel.org>
phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept()
Benjamin Tissoires <bentiss(a)kernel.org>
HID: core: do not bypass hid_hw_raw_request
Benjamin Tissoires <bentiss(a)kernel.org>
HID: core: ensure __hid_request reserves the report ID as the first byte
Benjamin Tissoires <bentiss(a)kernel.org>
HID: core: ensure the allocated report buffer can contain the reserved report ID
Thomas Fourier <fourier.thomas(a)gmail.com>
pch_uart: Fix dma_sync_sg_for_device() nents value
Nilton Perim Neto <niltonperimneto(a)gmail.com>
Input: xpad - set correct controller type for Acer NGR200
Alok Tiwari <alok.a.tiwari(a)oracle.com>
thunderbolt: Fix bit masking in tb_dp_port_set_hops()
Clément Le Goffic <clement.legoffic(a)foss.st.com>
i2c: stm32: fix the device used for the DMA map
Xinyu Liu <1171169449(a)qq.com>
usb: gadget: configfs: Fix OOB read on empty string write
Ryan Mann (NDI) <rmann(a)ndigital.com>
USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI
Slark Xiao <slark_xiao(a)163.com>
USB: serial: option: add Foxconn T99W640
Fabio Porcedda <fabio.porcedda(a)gmail.com>
USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition
Wayne Chang <waynec(a)nvidia.com>
phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode
-------------
Diffstat:
Documentation/filesystems/f2fs.rst | 6 +-
Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 +-
Documentation/memory-barriers.txt | 11 +-
Makefile | 6 +-
arch/arm/Makefile | 2 +-
arch/arm/boot/dts/imx6ul-kontron-n6x1x-s.dtsi | 1 -
arch/arm/boot/dts/vfxxx.dtsi | 2 +-
arch/arm/mach-rockchip/platsmp.c | 15 +-
arch/arm/mach-tegra/reset.c | 2 +-
.../boot/dts/freescale/imx8mm-beacon-som.dtsi | 2 +
arch/arm64/include/asm/acpi.h | 2 +-
arch/arm64/mm/ptdump_debugfs.c | 3 -
arch/m68k/Kconfig.debug | 2 +-
arch/m68k/kernel/early_printk.c | 42 +--
arch/m68k/kernel/head.S | 39 ++-
arch/mips/crypto/chacha-core.S | 20 +-
arch/mips/include/asm/vpe.h | 8 +
arch/mips/kernel/process.c | 16 +-
arch/mips/mm/tlb-r4k.c | 56 +++-
arch/parisc/Makefile | 2 +-
arch/powerpc/configs/ppc6xx_defconfig | 1 -
arch/powerpc/kernel/eeh.c | 1 +
arch/powerpc/kernel/eeh_driver.c | 48 ++--
arch/powerpc/kernel/eeh_pe.c | 11 +-
arch/powerpc/kernel/pci-hotplug.c | 3 +
arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 +-
arch/s390/hypfs/hypfs_dbfs.c | 19 +-
arch/s390/include/asm/timex.h | 13 +-
arch/s390/kernel/time.c | 2 +-
arch/s390/mm/dump_pagetables.c | 2 -
arch/sh/Makefile | 10 +-
arch/sh/boot/compressed/Makefile | 4 +-
arch/sh/boot/romimage/Makefile | 4 +-
arch/x86/include/asm/xen/hypercall.h | 6 +-
arch/x86/kernel/cpu/amd.c | 2 +
arch/x86/kernel/cpu/bugs.c | 5 +-
arch/x86/kernel/cpu/mce/amd.c | 13 +-
arch/x86/mm/extable.c | 5 +-
block/bio.c | 2 +-
block/blk-settings.c | 2 +-
drivers/acpi/acpi_processor.c | 2 +-
drivers/acpi/apei/ghes.c | 2 +
drivers/acpi/processor_idle.c | 4 +-
drivers/acpi/processor_perflib.c | 11 +
drivers/ata/Kconfig | 35 ++-
drivers/ata/libata-sata.c | 5 +
drivers/ata/libata-scsi.c | 20 +-
drivers/base/power/domain_governor.c | 18 +-
drivers/base/power/runtime.c | 5 +
drivers/block/drbd/drbd_receiver.c | 6 +-
drivers/block/sunvdc.c | 4 +-
drivers/bus/mhi/host/boot.c | 8 +-
drivers/bus/mhi/host/internal.h | 4 +-
drivers/char/hw_random/mtk-rng.c | 4 +-
drivers/char/ipmi/ipmi_msghandler.c | 8 +-
drivers/char/ipmi/ipmi_watchdog.c | 59 +++--
drivers/clk/davinci/psc.c | 5 +
drivers/clk/sunxi-ng/ccu-sun8i-v3s.c | 3 +-
drivers/cpufreq/armada-8k-cpufreq.c | 2 +-
drivers/cpufreq/cppc_cpufreq.c | 2 +-
drivers/cpufreq/cpufreq.c | 29 +-
drivers/cpuidle/governors/menu.c | 21 +-
drivers/crypto/ccp/ccp-debugfs.c | 3 +
drivers/crypto/img-hash.c | 2 +-
drivers/crypto/inside-secure/safexcel_hash.c | 8 +-
drivers/crypto/marvell/cesa/cipher.c | 4 +-
drivers/crypto/marvell/cesa/hash.c | 5 +-
.../crypto/qat/qat_common/adf_transport_debug.c | 4 +-
drivers/devfreq/governor_userspace.c | 6 +-
drivers/dma-buf/dma-resv.c | 5 +-
drivers/dma/mv_xor.c | 21 +-
drivers/dma/nbpfaxi.c | 24 +-
drivers/fpga/zynq-fpga.c | 10 +-
drivers/gpio/gpio-rcar.c | 20 +-
drivers/gpio/gpio-tps65912.c | 7 +-
drivers/gpio/gpio-wcd934x.c | 7 +-
drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 +
drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 6 +
.../gpu/drm/amd/display/dc/bios/command_table.c | 2 +-
.../amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 2 -
.../amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 +--
.../amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 +--
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 +-
.../gpu/drm/amd/pm/powerplay/hwmgr/smu_helper.c | 2 +-
drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 +
drivers/gpu/drm/drm_dp_helper.c | 2 +-
drivers/gpu/drm/rockchip/rockchip_drm_fb.c | 9 +-
drivers/gpu/drm/scheduler/sched_entity.c | 23 +-
drivers/gpu/drm/ttm/ttm_resource.c | 3 +
drivers/hid/hid-core.c | 21 +-
drivers/hwmon/corsair-cpro.c | 5 +
drivers/hwmon/gsc-hwmon.c | 4 +-
drivers/i2c/busses/i2c-qup.c | 4 +-
drivers/i2c/busses/i2c-stm32.c | 8 +-
drivers/i2c/busses/i2c-stm32f7.c | 4 +-
drivers/i2c/i2c-core-acpi.c | 1 +
drivers/i3c/internals.h | 1 +
drivers/i3c/master.c | 2 +-
drivers/idle/intel_idle.c | 2 +-
drivers/iio/adc/ad7768-1.c | 23 +-
drivers/iio/adc/ad_sigma_delta.c | 4 +-
drivers/iio/adc/max1363.c | 43 ++-
drivers/iio/adc/stm32-adc-core.c | 7 +-
drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 6 +-
drivers/iio/light/as73211.c | 2 +-
drivers/iio/light/hid-sensor-prox.c | 3 +-
drivers/iio/pressure/bmp280-core.c | 9 +-
drivers/iio/proximity/isl29501.c | 14 +-
drivers/infiniband/core/cache.c | 4 +-
drivers/infiniband/core/nldev.c | 22 +-
drivers/infiniband/hw/bnxt_re/qplib_res.c | 2 +
drivers/infiniband/hw/hfi1/affinity.c | 44 +--
drivers/infiniband/sw/rxe/rxe_comp.c | 16 +-
drivers/input/joystick/xpad.c | 2 +-
drivers/iommu/amd/init.c | 4 +-
drivers/leds/leds-lp50xx.c | 11 +-
drivers/md/dm-core.h | 52 ++++
drivers/md/dm-historical-service-time.c | 4 +-
drivers/md/dm-queue-length.c | 4 +-
drivers/md/dm-round-robin.c | 4 +-
drivers/md/dm-rq.c | 8 +
drivers/md/dm-service-time.c | 4 +-
drivers/md/dm-zoned-target.c | 2 +-
drivers/md/dm.c | 59 +----
drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3 +-
drivers/media/dvb-frontends/dib7000p.c | 8 +
drivers/media/i2c/hi556.c | 26 +-
drivers/media/i2c/ov2659.c | 3 +-
drivers/media/i2c/tc358743.c | 86 +++---
drivers/media/platform/qcom/camss/camss.c | 4 +-
drivers/media/platform/qcom/venus/core.c | 21 +-
drivers/media/platform/qcom/venus/core.h | 2 +
drivers/media/platform/qcom/venus/dbgfs.c | 9 +
drivers/media/platform/qcom/venus/dbgfs.h | 13 +
drivers/media/platform/qcom/venus/hfi_venus.c | 14 +-
drivers/media/platform/qcom/venus/vdec.c | 5 +-
drivers/media/usb/gspca/vicam.c | 10 +-
drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 +
drivers/media/usb/usbtv/usbtv-video.c | 4 +
drivers/media/usb/uvc/uvc_driver.c | 3 +
drivers/media/usb/uvc/uvc_video.c | 21 +-
drivers/media/v4l2-core/v4l2-ctrls.c | 37 ++-
drivers/memstick/core/memstick.c | 3 +-
drivers/memstick/host/rtsx_usb_ms.c | 1 +
drivers/misc/cardreader/rtsx_usb.c | 16 +-
drivers/mmc/host/bcm2835.c | 3 +-
drivers/mmc/host/rtsx_usb_sdmmc.c | 4 +-
drivers/mmc/host/sdhci-msm.c | 14 +
drivers/mmc/host/sdhci-pci-core.c | 3 +-
drivers/mmc/host/sdhci-pci-gli.c | 4 +-
drivers/mmc/host/sdhci_am654.c | 9 +-
drivers/most/core.c | 2 +-
drivers/mtd/ftl.c | 2 +-
drivers/mtd/nand/raw/atmel/nand-controller.c | 2 +-
drivers/mtd/nand/raw/atmel/pmecc.c | 6 +
drivers/mtd/nand/raw/fsmc_nand.c | 2 +
drivers/net/can/kvaser_pciefd.c | 1 +
drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 +
drivers/net/dsa/b53/b53_common.c | 52 ++--
drivers/net/dsa/b53/b53_regs.h | 2 +
drivers/net/ethernet/agere/et131x.c | 36 +++
drivers/net/ethernet/atheros/ag71xx.c | 9 +
drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +-
drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +-
drivers/net/ethernet/emulex/benet/be_main.c | 8 +-
drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 +-
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 66 +++--
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 13 +
.../net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 16 +-
drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c | 97 +++----
drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.h | 5 +
drivers/net/ethernet/freescale/fec_main.c | 34 ++-
drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 +-
drivers/net/ethernet/google/gve/gve_adminq.c | 1 +
drivers/net/ethernet/google/gve/gve_main.c | 67 ++---
drivers/net/ethernet/hisilicon/hns3/hnae3.h | 19 +-
drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 3 +-
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 33 ++-
.../ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.c | 2 +-
.../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 +-
.../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 2 +-
.../net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 49 ++--
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 +-
drivers/net/ethernet/intel/e1000e/defines.h | 3 +
drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 +
drivers/net/ethernet/intel/e1000e/nvm.c | 6 +
drivers/net/ethernet/intel/fm10k/fm10k.h | 3 +-
drivers/net/ethernet/intel/i40e/i40e.h | 2 +-
drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 3 +-
drivers/net/ethernet/intel/i40e/i40e_main.c | 18 +-
drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 +-
drivers/net/ethernet/intel/ice/ice_flex_pipe.c | 2 +
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 3 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4 +-
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2 +
drivers/net/ethernet/mellanox/mlxsw/trap.h | 1 +
drivers/net/ethernet/xilinx/xilinx_emaclite.c | 2 +-
drivers/net/hyperv/hyperv_net.h | 3 +
drivers/net/hyperv/netvsc_drv.c | 29 +-
drivers/net/phy/mscc/mscc_ptp.c | 1 +
drivers/net/phy/mscc/mscc_ptp.h | 1 +
drivers/net/phy/smsc.c | 1 +
drivers/net/ppp/pptp.c | 18 +-
drivers/net/usb/sierra_net.c | 4 +
drivers/net/usb/usbnet.c | 11 +-
drivers/net/virtio_net.c | 38 ++-
drivers/net/vrf.c | 2 +
drivers/net/wireless/ath/ath11k/hal.c | 25 +-
.../broadcom/brcm80211/brcmfmac/cfg80211.c | 8 +-
.../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 +-
drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 +-
drivers/net/wireless/intel/iwlwifi/dvm/main.c | 11 +-
drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 +-
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 +-
drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 4 +-
drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +-
drivers/net/wireless/marvell/mwl8k.c | 4 +
drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 3 +-
.../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 2 +-
drivers/net/wireless/realtek/rtlwifi/pci.c | 23 +-
drivers/net/xen-netfront.c | 5 -
drivers/pci/controller/pcie-rockchip-host.c | 2 +-
drivers/pci/endpoint/pci-ep-cfs.c | 1 +
drivers/pci/endpoint/pci-epf-core.c | 2 +-
drivers/pci/hotplug/pnv_php.c | 235 ++++++++++++++--
drivers/pci/pci-acpi.c | 4 +-
drivers/pci/pci.c | 8 +-
drivers/pci/probe.c | 2 +-
drivers/phy/tegra/xusb-tegra186.c | 61 +++--
drivers/pinctrl/stm32/pinctrl-stm32.c | 1 +
drivers/pinctrl/sunxi/pinctrl-sunxi.c | 11 +-
drivers/platform/chrome/cros_ec.c | 23 +-
drivers/platform/chrome/cros_ec.h | 2 +-
drivers/platform/chrome/cros_ec_i2c.c | 4 +-
drivers/platform/chrome/cros_ec_lpc.c | 4 +-
drivers/platform/chrome/cros_ec_spi.c | 4 +-
drivers/platform/chrome/cros_ec_typec.c | 4 +-
drivers/platform/x86/thinkpad_acpi.c | 4 +-
drivers/power/supply/max14577_charger.c | 4 +-
drivers/pps/pps.c | 11 +-
drivers/ptp/ptp_clock.c | 13 +-
drivers/pwm/pwm-imx-tpm.c | 9 +
drivers/pwm/pwm-mediatek.c | 78 ++++--
drivers/regulator/core.c | 1 +
drivers/reset/Kconfig | 10 +-
drivers/rtc/rtc-ds1307.c | 17 +-
drivers/rtc/rtc-hym8563.c | 2 +-
drivers/rtc/rtc-pcf85063.c | 2 +-
drivers/rtc/rtc-pcf8563.c | 2 +-
drivers/rtc/rtc-rv3028.c | 2 +-
drivers/scsi/aacraid/comminit.c | 3 +-
drivers/scsi/bfa/bfad_im.c | 1 +
drivers/scsi/ibmvscsi_tgt/libsrp.c | 6 +-
drivers/scsi/isci/request.c | 2 +-
drivers/scsi/libiscsi.c | 3 +-
drivers/scsi/lpfc/lpfc_debugfs.c | 1 -
drivers/scsi/lpfc/lpfc_scsi.c | 4 +
drivers/scsi/lpfc/lpfc_sli.c | 8 +-
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 ++
drivers/scsi/mvsas/mv_sas.c | 4 +-
drivers/scsi/pm8001/pm8001_init.c | 11 +
drivers/scsi/pm8001/pm8001_sas.h | 1 +
drivers/scsi/qla4xxx/ql4_os.c | 2 +
drivers/scsi/scsi_scan.c | 2 +-
drivers/scsi/scsi_transport_sas.c | 62 ++++-
drivers/scsi/ufs/ufs-exynos.c | 4 +-
drivers/scsi/ufs/ufshcd.c | 10 +-
drivers/soc/aspeed/aspeed-lpc-snoop.c | 13 +-
drivers/soc/qcom/mdt_loader.c | 41 +++
drivers/soc/tegra/pmc.c | 51 ++--
drivers/soundwire/stream.c | 2 +-
drivers/staging/comedi/comedi_fops.c | 63 ++++-
drivers/staging/comedi/comedi_internal.h | 1 +
drivers/staging/comedi/drivers.c | 30 ++-
drivers/staging/comedi/drivers/aio_iiro_16.c | 3 +-
drivers/staging/comedi/drivers/comedi_test.c | 2 +-
drivers/staging/comedi/drivers/das16m1.c | 3 +-
drivers/staging/comedi/drivers/das6402.c | 3 +-
drivers/staging/comedi/drivers/pcl812.c | 3 +-
drivers/staging/fbtft/fbtft-core.c | 1 +
drivers/staging/media/imx/imx-media-csc-scaler.c | 2 +-
drivers/staging/nvec/nvec_power.c | 2 +-
drivers/thermal/thermal_sysfs.c | 9 +-
drivers/thunderbolt/domain.c | 2 +-
drivers/thunderbolt/switch.c | 2 +-
drivers/tty/serial/8250/8250_port.c | 3 +-
drivers/tty/serial/pch_uart.c | 2 +-
drivers/tty/vt/defkeymap.c_shipped | 112 ++++++++
drivers/tty/vt/keyboard.c | 2 +-
drivers/uio/uio_hv_generic.c | 4 +-
drivers/usb/atm/cxacru.c | 172 ++++++------
drivers/usb/chipidea/ci.h | 18 +-
drivers/usb/chipidea/udc.c | 10 +
drivers/usb/class/cdc-acm.c | 13 +-
drivers/usb/core/config.c | 10 +-
drivers/usb/core/hub.c | 60 ++++-
drivers/usb/core/hub.h | 1 +
drivers/usb/core/quirks.c | 1 +
drivers/usb/core/urb.c | 2 +-
drivers/usb/dwc3/core.c | 10 -
drivers/usb/dwc3/dwc3-meson-g12a.c | 3 +
drivers/usb/dwc3/dwc3-qcom.c | 7 +-
drivers/usb/dwc3/gadget.c | 14 +
drivers/usb/early/xhci-dbc.c | 4 +
drivers/usb/gadget/composite.c | 5 +
drivers/usb/gadget/configfs.c | 2 +
drivers/usb/gadget/udc/renesas_usb3.c | 1 +
drivers/usb/host/xhci-hub.c | 3 +-
drivers/usb/host/xhci-mem.c | 24 +-
drivers/usb/host/xhci-pci-renesas.c | 7 +-
drivers/usb/host/xhci-plat.c | 3 +-
drivers/usb/host/xhci-ring.c | 19 +-
drivers/usb/host/xhci.c | 24 +-
drivers/usb/host/xhci.h | 3 +-
drivers/usb/musb/musb_core.c | 62 ++---
drivers/usb/musb/musb_core.h | 11 +
drivers/usb/musb/musb_debugfs.c | 6 +-
drivers/usb/musb/musb_gadget.c | 30 ++-
drivers/usb/musb/musb_host.c | 6 +-
drivers/usb/musb/musb_virthub.c | 18 +-
drivers/usb/musb/omap2430.c | 10 +-
drivers/usb/phy/phy-mxs-usb.c | 4 +-
drivers/usb/serial/ftdi_sio.c | 2 +
drivers/usb/serial/ftdi_sio_ids.h | 3 +
drivers/usb/serial/option.c | 7 +
drivers/usb/storage/realtek_cr.c | 2 +-
drivers/usb/storage/unusual_devs.h | 29 ++
drivers/usb/typec/mux/intel_pmc_mux.c | 2 +-
drivers/usb/typec/tcpm/fusb302.c | 8 +
drivers/usb/typec/ucsi/psy.c | 2 +-
drivers/usb/typec/ucsi/ucsi.c | 1 +
drivers/usb/typec/ucsi/ucsi.h | 7 +-
drivers/vhost/scsi.c | 4 +-
drivers/vhost/vhost.c | 3 +
drivers/video/console/vgacon.c | 2 +-
drivers/video/fbdev/imxfb.c | 9 +-
drivers/watchdog/dw_wdt.c | 2 +
drivers/watchdog/ziirave_wdt.c | 3 +
drivers/xen/gntdev-common.h | 4 +
drivers/xen/gntdev.c | 71 +++--
fs/btrfs/ctree.h | 2 +-
fs/btrfs/inode.c | 4 +-
fs/btrfs/ioctl.c | 2 +-
fs/btrfs/qgroup.c | 2 +-
fs/btrfs/send.c | 4 +-
fs/btrfs/transaction.c | 2 +-
fs/btrfs/tree-log.c | 53 ++--
fs/buffer.c | 2 +-
fs/cifs/cifssmb.c | 10 +
fs/cifs/smb2ops.c | 7 +-
fs/cifs/smbdirect.c | 14 +-
fs/ext4/fsmap.c | 23 +-
fs/ext4/indirect.c | 4 +-
fs/ext4/inline.c | 19 +-
fs/ext4/inode.c | 2 +-
fs/f2fs/f2fs.h | 2 +-
fs/f2fs/inode.c | 28 +-
fs/f2fs/node.c | 10 +
fs/file.c | 15 ++
fs/hfs/bnode.c | 93 +++++++
fs/hfsplus/bnode.c | 92 +++++++
fs/hfsplus/extents.c | 3 -
fs/hfsplus/unicode.c | 7 +
fs/hfsplus/xattr.c | 6 +-
fs/hugetlbfs/inode.c | 2 +-
fs/isofs/inode.c | 9 +-
fs/jbd2/checkpoint.c | 1 +
fs/jfs/file.c | 3 +
fs/jfs/inode.c | 2 +-
fs/jfs/jfs_dmap.c | 10 +-
fs/libfs.c | 4 +-
fs/namespace.c | 89 ++++++-
fs/nfs/blocklayout/blocklayout.c | 4 +-
fs/nfs/blocklayout/dev.c | 5 +-
fs/nfs/blocklayout/extent_tree.c | 20 +-
fs/nfs/client.c | 46 +++-
fs/nfs/export.c | 11 +-
fs/nfs/flexfilelayout/flexfilelayout.c | 32 +--
fs/nfs/flexfilelayout/flexfilelayoutdev.c | 6 +-
fs/nfs/inode.c | 6 +-
fs/nfs/internal.h | 10 +-
fs/nfs/nfs4client.c | 15 +-
fs/nfs/nfs4proc.c | 46 ++--
fs/nfs/pnfs.c | 11 +-
fs/nfsd/nfs4state.c | 34 ++-
fs/nilfs2/inode.c | 9 +-
fs/orangefs/orangefs-debugfs.c | 8 +-
fs/squashfs/super.c | 14 +-
fs/udf/super.c | 13 +-
include/asm-generic/barrier.h | 33 +++
include/linux/blk_types.h | 8 +-
include/linux/compiler.h | 8 -
include/linux/cpuset.h | 17 ++
include/linux/fs.h | 4 +-
include/linux/fs_context.h | 2 +-
include/linux/if_vlan.h | 6 +-
include/linux/memfd.h | 14 +
include/linux/minmax.h | 17 ++
include/linux/mm.h | 76 ++++--
include/linux/mmzone.h | 22 ++
include/linux/moduleparam.h | 5 +-
include/linux/pci.h | 1 +
include/linux/platform_data/cros_ec_proto.h | 4 +
include/linux/pps_kernel.h | 1 +
include/linux/sched/mm.h | 16 ++
include/linux/skbuff.h | 31 ++-
include/linux/usb/usbnet.h | 1 +
include/linux/xarray.h | 15 ++
include/net/cfg80211.h | 2 +-
include/net/tc_act/tc_ctinfo.h | 6 +-
include/net/udp.h | 24 +-
include/uapi/linux/in6.h | 4 +-
include/uapi/linux/io_uring.h | 2 +-
include/uapi/linux/mount.h | 3 +-
kernel/cgroup/cpuset.c | 23 ++
kernel/events/core.c | 20 +-
kernel/fork.c | 2 +-
kernel/power/console.c | 7 +-
kernel/rcu/tree_plugin.h | 3 +
kernel/trace/ftrace.c | 19 +-
kernel/trace/trace.c | 33 ++-
kernel/trace/trace.h | 8 +-
kernel/trace/trace_events.c | 5 +
mm/filemap.c | 2 +-
mm/hmm.c | 2 +-
mm/kmemleak.c | 10 +-
mm/madvise.c | 2 +-
mm/memfd.c | 2 +-
mm/mmap.c | 10 +-
mm/page_alloc.c | 13 +
mm/ptdump.c | 2 +
mm/shmem.c | 2 +-
mm/slab.h | 5 +-
mm/slob.c | 6 +-
mm/vmalloc.c | 16 +-
mm/zsmalloc.c | 6 +-
net/8021q/vlan.c | 42 ++-
net/8021q/vlan.h | 1 +
net/appletalk/aarp.c | 42 ++-
net/appletalk/ddp.c | 7 +-
net/bluetooth/l2cap_core.c | 26 +-
net/bluetooth/l2cap_sock.c | 3 +
net/bluetooth/smp.c | 21 +-
net/bluetooth/smp.h | 1 +
net/bridge/netfilter/nft_reject_bridge.c | 60 +----
net/caif/cfctrl.c | 294 ++++++++++-----------
net/core/filter.c | 3 +
net/core/netpoll.c | 7 +
net/hsr/hsr_slave.c | 8 +-
net/ipv4/netfilter/nf_reject_ipv4.c | 4 +-
net/ipv4/route.c | 1 -
net/ipv4/tcp_input.c | 3 +-
net/ipv4/udp_offload.c | 2 +-
net/ipv6/ip6_offload.c | 4 +-
net/ipv6/netfilter/nf_reject_ipv6.c | 4 +-
net/ipv6/rpl_iptunnel.c | 8 +-
net/ipv6/seg6_hmac.c | 3 +
net/mac80211/tx.c | 7 +
net/ncsi/internal.h | 2 +-
net/ncsi/ncsi-rsp.c | 1 +
net/netfilter/nf_conntrack_netlink.c | 24 +-
net/netfilter/nf_tables_api.c | 4 +-
net/netfilter/nft_reject.c | 12 +-
net/netfilter/nft_reject_inet.c | 68 +----
net/netfilter/xt_nfacct.c | 4 +-
net/netlink/af_netlink.c | 2 +-
net/packet/af_packet.c | 39 ++-
net/phonet/pep.c | 2 +-
net/sched/act_ctinfo.c | 19 +-
net/sched/sch_cake.c | 14 +-
net/sched/sch_codel.c | 5 +-
net/sched/sch_drr.c | 7 +-
net/sched/sch_ets.c | 46 ++--
net/sched/sch_fq_codel.c | 6 +-
net/sched/sch_hfsc.c | 8 +-
net/sched/sch_htb.c | 19 +-
net/sched/sch_netem.c | 40 +++
net/sched/sch_qfq.c | 40 ++-
net/sctp/input.c | 2 +-
net/tls/tls_sw.c | 13 +
net/vmw_vsock/af_vsock.c | 3 +-
net/wireless/mlme.c | 3 +-
samples/mei/mei-amt-version.c | 2 +-
scripts/kconfig/gconf.c | 8 +-
scripts/kconfig/lxdialog/inputbox.c | 6 +-
scripts/kconfig/lxdialog/menubox.c | 2 +-
scripts/kconfig/nconf.c | 2 +
scripts/kconfig/nconf.gui.c | 1 +
scripts/kconfig/qconf.cc | 2 +-
security/apparmor/include/match.h | 3 +-
security/apparmor/match.c | 1 +
security/inode.c | 2 -
sound/core/pcm_native.c | 19 +-
sound/pci/hda/patch_ca0132.c | 7 +-
sound/pci/hda/patch_hdmi.c | 19 ++
sound/pci/hda/patch_realtek.c | 3 +
sound/pci/intel8x0.c | 2 +-
sound/soc/codecs/hdac_hdmi.c | 10 +-
sound/soc/codecs/rt5640.c | 5 +
sound/soc/fsl/fsl_sai.c | 30 ++-
sound/soc/intel/boards/Kconfig | 2 +-
sound/soc/soc-core.c | 3 +
sound/soc/soc-dai.c | 19 +-
sound/soc/soc-dapm.c | 4 +
sound/soc/soc-ops.c | 28 +-
sound/usb/mixer_quirks.c | 14 +-
sound/usb/mixer_scarlett_gen2.c | 8 +
sound/usb/stream.c | 25 +-
sound/usb/validate.c | 14 +-
tools/bpf/bpftool/net.c | 15 +-
tools/include/linux/sched/mm.h | 2 +
tools/perf/tests/bp_account.c | 1 +
.../cpupower/utils/idle_monitor/mperf_monitor.c | 4 +-
tools/testing/ktest/ktest.pl | 5 +-
.../ftrace/test.d/event/subsystem-enable.tc | 28 +-
.../ftrace/test.d/ftrace/func-filter-glob.tc | 2 +-
tools/testing/selftests/futex/include/futextest.h | 11 +
tools/testing/selftests/memfd/memfd_test.c | 43 +++
tools/testing/selftests/net/mptcp/Makefile | 3 +-
.../selftests/net/mptcp/mptcp_connect_mmap.sh | 5 +
tools/testing/selftests/net/mptcp/pm_netlink.sh | 1 +
tools/testing/selftests/net/rtnetlink.sh | 6 +
523 files changed, 4765 insertions(+), 2123 deletions(-)
2 weeks, 1 day
- 7
- 530
[PATCH] Revert "virtio_pci: Support surprise removal of virtio pci device"
by Parav Pandit
This reverts commit 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device").
Virtio drivers and PCI devices have never fully supported true
surprise (aka hot unplug) removal. Drivers historically continued
processing and waiting for pending I/O and even continued synchronous
device reset during surprise removal. Devices have also continued
completing I/Os, doing DMA and allowing device reset after surprise
removal to support such drivers.
Supporting it correctly would require a new device capability and
driver negotiation in the virtio specification to safely stop
I/O and free queue memory. Failure to do so either breaks all the
existing drivers with call trace listed in the commit or crashes the
host on continuing the DMA. Hence, until such specification and devices
are invented, restore the previous behavior of treating surprise
removal as graceful removal to avoid regressions and maintain system
stability same as before the
commit 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device").
As explained above, previous analysis of solving this only in driver
was incomplete and non-reliable at [1] and at [2]; Hence reverting commit
43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device")
is still the best stand to restore failures of virtio net and
block devices.
[1] https://lore.kernel.org/virtualization/CY8PR12MB719506CC5613EB100BC6C638DCB…
[2] https://lore.kernel.org/virtualization/20250602024358.57114-1-parav@nvidia.…
Fixes: 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device")
Cc: stable(a)vger.kernel.org
Reported-by: lirongqing(a)baidu.com
Closes: https://lore.kernel.org/virtualization/c45dd68698cd47238c55fb73ca9b4741@bai…
Signed-off-by: Parav Pandit <parav(a)nvidia.com>
---
drivers/virtio/virtio_pci_common.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/drivers/virtio/virtio_pci_common.c b/drivers/virtio/virtio_pci_common.c
index d6d79af44569..dba5eb2eaff9 100644
--- a/drivers/virtio/virtio_pci_common.c
+++ b/drivers/virtio/virtio_pci_common.c
@@ -747,13 +747,6 @@ static void virtio_pci_remove(struct pci_dev *pci_dev)
struct virtio_pci_device *vp_dev = pci_get_drvdata(pci_dev);
struct device *dev = get_device(&vp_dev->vdev.dev);
- /*
- * Device is marked broken on surprise removal so that virtio upper
- * layers can abort any ongoing operation.
- */
- if (!pci_device_is_present(pci_dev))
- virtio_break_device(&vp_dev->vdev);
-
pci_disable_sriov(pci_dev);
unregister_virtio_device(&vp_dev->vdev);
--
2.26.2
2 weeks, 1 day
- 3
- 17
Ref:-""Breakthrough Funding for Innovative Ideas"
by Mr. William Man Fu Hung
Dear Entrepreneur,
"Global Support for Project & Business Development"
Need funds for your project or business plan? Our investors are ready to help and support you. Our network of professional investors offers soft loans to support project owners worldwide. Contact us to explore funding opportunities."
"Businesses and entrepreneurs seeking strategic partnerships and investment opportunities can benefit from our expertise. We consider collaborations in various sectors, including:
1. Business development
2. Project financing
3. Growth and expansion
4. Real estate investments
5. Strategic contracts
Note: IF YOU BRING A PROJECT OWNER TO US, YOU WILL RECEIVE A REFERER COMMISION. KINDLY DISCUSS PARTNERSHIP WITH US TODAY. info(a)firstcapitalsinvestors.com or firstcapitalsinvestors(a)gmail.com
We finance all kinds of viable projects ranging from personal projects to multi mega capital project. Organizational projects, . Government projects and community development are part of our services to humanity. We have support project such as real estate projects, Oil and Gas Projects, Health and medications, Engineering, Construction, Agriculture, Aviation, Retail sales business. All viable projects and businesses are welcome. Our investors are ready to support you.
Best Regards
Mr. William Man Fu Hung
First Capital Loans and Finance
www.firstcapitalsinvestors.com
info(a)firstcapitalsinvestors.com
2 weeks, 1 day
- 1
- 0
[PATCH] perf lzma: Fix return value in lzma_is_compressed()
by Miaoqian Lin
lzma_is_compressed() returns -1 on error but is declared as bool.
And -1 gets converted to true, which could be misleading.
Return false instead to match the declared type.
Fixes: 4b57fd44b61b ("perf tools: Add lzma_is_compressed function")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com>
---
tools/perf/util/lzma.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/util/lzma.c b/tools/perf/util/lzma.c
index bbcd2ffcf4bd..c355757ed391 100644
--- a/tools/perf/util/lzma.c
+++ b/tools/perf/util/lzma.c
@@ -120,7 +120,7 @@ bool lzma_is_compressed(const char *input)
ssize_t rc;
if (fd < 0)
- return -1;
+ return false;
rc = read(fd, buf, sizeof(buf));
close(fd);
--
2.39.5 (Apple Git-154)
2 weeks, 2 days
- 1
- 0
[PATCH] perf tools: Fix bool return value in gzip_is_compressed()
by Miaoqian Lin
gzip_is_compressed() returns -1 on error but is declared as bool.
And -1 gets converted to true, which could be misleading.
Return false instead to match the declared type.
Fixes: 88c74dc76a30 ("perf tools: Add gzip_is_compressed function")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com>
---
tools/perf/util/zlib.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/perf/util/zlib.c b/tools/perf/util/zlib.c
index 78d2297c1b67..1f7c06523059 100644
--- a/tools/perf/util/zlib.c
+++ b/tools/perf/util/zlib.c
@@ -88,7 +88,7 @@ bool gzip_is_compressed(const char *input)
ssize_t rc;
if (fd < 0)
- return -1;
+ return false;
rc = read(fd, buf, sizeof(buf));
close(fd);
--
2.39.5 (Apple Git-154)
2 weeks, 2 days
- 1
- 0
RE: [PATCH] Revert "virtio_pci: Support surprise removal of virtio pci device"
by Li,Rongqing
> This reverts commit 43bb40c5b926 ("virtio_pci: Support surprise removal of
> virtio pci device").
>
> Virtio drivers and PCI devices have never fully supported true surprise (aka hot
> unplug) removal. Drivers historically continued processing and waiting for
> pending I/O and even continued synchronous device reset during surprise
> removal. Devices have also continued completing I/Os, doing DMA and allowing
> device reset after surprise removal to support such drivers.
>
> Supporting it correctly would require a new device capability and driver
> negotiation in the virtio specification to safely stop I/O and free queue memory.
> Failure to do so either breaks all the existing drivers with call trace listed in the
> commit or crashes the host on continuing the DMA. Hence, until such
> specification and devices are invented, restore the previous behavior of treating
> surprise removal as graceful removal to avoid regressions and maintain system
> stability same as before the commit 43bb40c5b926 ("virtio_pci: Support surprise
> removal of virtio pci device").
>
> As explained above, previous analysis of solving this only in driver was
> incomplete and non-reliable at [1] and at [2]; Hence reverting commit
> 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device") is still
> the best stand to restore failures of virtio net and block devices.
>
> [1]
> https://lore.kernel.org/virtualization/CY8PR12MB719506CC5613EB100BC6C638
> DCBD2(a)CY8PR12MB7195.namprd12.prod.outlook.com/#t
> [2]
> https://lore.kernel.org/virtualization/20250602024358.57114-1-parav@nvidia.c
> om/
>
> Fixes: 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device")
> Cc: stable(a)vger.kernel.org
> Reported-by: lirongqing(a)baidu.com
> Closes:
> https://lore.kernel.org/virtualization/c45dd68698cd47238c55fb73ca9b4741@b
> aidu.com/
> Signed-off-by: Parav Pandit <parav(a)nvidia.com>
Tested-by: Li RongQing <lirongqing(a)baidu.com>
Thanks
-Li
> ---
> drivers/virtio/virtio_pci_common.c | 7 -------
> 1 file changed, 7 deletions(-)
>
> diff --git a/drivers/virtio/virtio_pci_common.c
> b/drivers/virtio/virtio_pci_common.c
> index d6d79af44569..dba5eb2eaff9 100644
> --- a/drivers/virtio/virtio_pci_common.c
> +++ b/drivers/virtio/virtio_pci_common.c
> @@ -747,13 +747,6 @@ static void virtio_pci_remove(struct pci_dev *pci_dev)
> struct virtio_pci_device *vp_dev = pci_get_drvdata(pci_dev);
> struct device *dev = get_device(&vp_dev->vdev.dev);
>
> - /*
> - * Device is marked broken on surprise removal so that virtio upper
> - * layers can abort any ongoing operation.
> - */
> - if (!pci_device_is_present(pci_dev))
> - virtio_break_device(&vp_dev->vdev);
> -
> pci_disable_sriov(pci_dev);
>
> unregister_virtio_device(&vp_dev->vdev);
> --
> 2.26.2
2 weeks, 2 days
- 3
- 14
[PATCH iwl-net v1 0/4] ixgbe/ixgbevf: fix PF/VF communication issues
by Jedrzej Jagielski
Within two-step API update let's provide 2 new MBX operations:
1) request PF's link state (speed & up/down) - as legacy approach became
obsolete for new E610 adapter and link state data can't be correctly
provided - increasing API to 1.6
2) ask PF about supported features - for some time there is quite a mess in
negotiating API versions caused by too loose approach in adding new
specific (not supported by all of the drivers capable of linking with
ixgbevf) feature and corresponding API versions. Now list of supported
features is provided by MBX operation - increasing API to 1.7
Jedrzej Jagielski (4):
ixgbevf: fix getting link speed data for E610 devices
ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation
ixgbevf: fix mailbox API compatibility by negotiating supported
features
ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd
drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 15 ++
.../net/ethernet/intel/ixgbe/ixgbe_sriov.c | 79 ++++++++
drivers/net/ethernet/intel/ixgbevf/defines.h | 1 +
drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 +
drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 7 +
.../net/ethernet/intel/ixgbevf/ixgbevf_main.c | 34 +++-
drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 +
drivers/net/ethernet/intel/ixgbevf/vf.c | 182 +++++++++++++++---
drivers/net/ethernet/intel/ixgbevf/vf.h | 1 +
9 files changed, 304 insertions(+), 33 deletions(-)
--
2.31.1
2 weeks, 2 days
- 2
- 5
[PATCH net v3 1/2] net: ipv4: fix regression in local-broadcast routes
by Oscar Maes
Commit 9e30ecf23b1b ("net: ipv4: fix incorrect MTU in broadcast routes")
introduced a regression where local-broadcast packets would have their
gateway set in __mkroute_output, which was caused by fi = NULL being
removed.
Fix this by resetting the fib_info for local-broadcast packets. This
preserves the intended changes for directed-broadcast packets.
Cc: stable(a)vger.kernel.org
Fixes: 9e30ecf23b1b ("net: ipv4: fix incorrect MTU in broadcast routes")
Reported-by: Brett A C Sheffield <bacs(a)librecast.net>
Closes: https://lore.kernel.org/regressions/20250822165231.4353-4-bacs@librecast.net
Signed-off-by: Oscar Maes <oscmaes92(a)gmail.com>
---
Link to discussion:
https://lore.kernel.org/netdev/20250822165231.4353-4-bacs@librecast.net/
Thanks to Brett Sheffield for finding the regression and writing
the initial fix!
net/ipv4/route.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index f639a2ae881a..baa43e5966b1 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2575,12 +2575,16 @@ static struct rtable *__mkroute_output(const struct fib_result *res,
!netif_is_l3_master(dev_out))
return ERR_PTR(-EINVAL);
- if (ipv4_is_lbcast(fl4->daddr))
+ if (ipv4_is_lbcast(fl4->daddr)) {
type = RTN_BROADCAST;
- else if (ipv4_is_multicast(fl4->daddr))
+
+ /* reset fi to prevent gateway resolution */
+ fi = NULL;
+ } else if (ipv4_is_multicast(fl4->daddr)) {
type = RTN_MULTICAST;
- else if (ipv4_is_zeronet(fl4->daddr))
+ } else if (ipv4_is_zeronet(fl4->daddr)) {
return ERR_PTR(-EINVAL);
+ }
if (dev_out->flags & IFF_LOOPBACK)
flags |= RTCF_LOCAL;
--
2.39.5
2 weeks, 2 days
- 6
- 6
[PATCH v1] usb: typec: tcpm: properly deliver cable vdms to altmode drivers
by RD Babiera
tcpm_handle_vdm_request delivers messages to the partner altmode or the
cable altmode depending on the SVDM response type, which is incorrect.
The partner or cable should be chosen based on the received message type
instead.
Also add this filter to ADEV_NOTIFY_USB_AND_QUEUE_VDM, which is used when
the Enter Mode command is responded to by a NAK on SOP or SOP' and when
the Exit Mode command is responded to by an ACK on SOP.
Fixes: 7e7877c55eb1 ("usb: typec: tcpm: add alt mode enter/exit/vdm support for sop'")
Cc: stable(a)vger.kernel.org
Signed-off-by: RD Babiera <rdbabiera(a)google.com>
Reviewed-by: Badhri Jagan Sridharan <badhri(a)google.com>
---
drivers/usb/typec/tcpm/tcpm.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c
index 1f6fdfaa34bf..b2a568a5bc9b 100644
--- a/drivers/usb/typec/tcpm/tcpm.c
+++ b/drivers/usb/typec/tcpm/tcpm.c
@@ -2426,17 +2426,21 @@ static void tcpm_handle_vdm_request(struct tcpm_port *port,
case ADEV_NONE:
break;
case ADEV_NOTIFY_USB_AND_QUEUE_VDM:
- WARN_ON(typec_altmode_notify(adev, TYPEC_STATE_USB, NULL));
- typec_altmode_vdm(adev, p[0], &p[1], cnt);
+ if (rx_sop_type == TCPC_TX_SOP_PRIME) {
+ typec_cable_altmode_vdm(adev, TYPEC_PLUG_SOP_P, p[0], &p[1], cnt);
+ } else {
+ WARN_ON(typec_altmode_notify(adev, TYPEC_STATE_USB, NULL));
+ typec_altmode_vdm(adev, p[0], &p[1], cnt);
+ }
break;
case ADEV_QUEUE_VDM:
- if (response_tx_sop_type == TCPC_TX_SOP_PRIME)
+ if (rx_sop_type == TCPC_TX_SOP_PRIME)
typec_cable_altmode_vdm(adev, TYPEC_PLUG_SOP_P, p[0], &p[1], cnt);
else
typec_altmode_vdm(adev, p[0], &p[1], cnt);
break;
case ADEV_QUEUE_VDM_SEND_EXIT_MODE_ON_FAIL:
- if (response_tx_sop_type == TCPC_TX_SOP_PRIME) {
+ if (rx_sop_type == TCPC_TX_SOP_PRIME) {
if (typec_cable_altmode_vdm(adev, TYPEC_PLUG_SOP_P,
p[0], &p[1], cnt)) {
int svdm_version = typec_get_cable_svdm_version(
base-commit: 956606bafb5fc6e5968aadcda86fc0037e1d7548
--
2.51.0.261.g7ce5a0a67e-goog
2 weeks, 2 days
- 2
- 1
[PATCH 5.15 000/644] 5.15.190-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 5.15.190 release.
There are 644 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Thu, 28 Aug 2025 11:08:21 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.190-r…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 5.15.190-rc1
Mikhail Lobanov <m.lobanov(a)rosa.ru>
wifi: mac80211: check basic rates validity in sta_link_apply_parameters
Florian Westphal <fw(a)strlen.de>
netfilter: nf_reject: don't leak dst refcount for loopback packets
Peter Oberparleiter <oberpar(a)linux.ibm.com>
s390/hypfs: Enable limited access during lockdown
Peter Oberparleiter <oberpar(a)linux.ibm.com>
s390/hypfs: Avoid unnecessary ioctl registration in debugfs
Takashi Iwai <tiwai(a)suse.de>
ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation
Hangbin Liu <liuhangbin(a)gmail.com>
bonding: update LACP activity flag after setting lacp_active
William Liu <will(a)willsroot.io>
net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate
William Liu <will(a)willsroot.io>
net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit
ValdikSS <iam(a)valdikss.org.ru>
igc: fix disabling L1.2 PCI-E link substate on I226 on init
Jason Xing <kernelxing(a)tencent.com>
ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc
Yuichiro Tsuji <yuichtsu(a)amazon.com>
net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization
Horatiu Vultur <horatiu.vultur(a)microchip.com>
phy: mscc: Fix timestamping for vsc8584
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
net: phy: Use netif_rx().
Qingfang Deng <dqfext(a)gmail.com>
ppp: fix race conditions in ppp_fill_forward_path
Minhong He <heminhong(a)kylinos.cn>
ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add
Chenyuan Yang <chenyuan0y(a)gmail.com>
drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session()
Dan Carpenter <dan.carpenter(a)linaro.org>
ALSA: usb-audio: Fix size validation in convert_chmap_v3()
Baihan Li <libaihan(a)huawei.com>
drm/hisilicon/hibmc: fix the hibmc loaded failed bug
Ido Schimmel <idosch(a)nvidia.com>
mlxsw: spectrum: Forward packets with an IPv4 link-local source IP
Kees Cook <kees(a)kernel.org>
iommu/amd: Avoid stack buffer overflow from kernel cmdline
Dan Carpenter <dan.carpenter(a)linaro.org>
scsi: qla4xxx: Prevent a potential error pointer dereference
Wang Liang <wangliang74(a)huawei.com>
net: bridge: fix soft lockup in br_multicast_query_expired()
Anantha Prabhu <anantha.prabhu(a)broadcom.com>
RDMA/bnxt_re: Fix to initialize the PBL array
Waiman Long <longman(a)redhat.com>
cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key
Feng Tang <feng.tang(a)intel.com>
mm/page_alloc: detect allocation forbidden by cpuset and bail out early
Tianxiang Peng <txpeng(a)tencent.com>
x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper
Jinjiang Tu <tujinjiang(a)huawei.com>
mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn
Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
iio: light: as73211: Ensure buffer holes are zeroed
Pu Lehui <pulehui(a)huawei.com>
tracing: Limit access to parser->buffer when trace_get_user failed
Steven Rostedt <rostedt(a)goodmis.org>
tracing: Remove unneeded goto out logic
Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com>
iio: imu: inv_icm42600: change invalid data error to -EBUSY
Weitao Wang <WeitaoWang-oc(a)zhaoxin.com>
usb: xhci: Fix slot_id resource race conflict
Jan Beulich <jbeulich(a)suse.com>
compiler: remove __ADDRESSABLE_ASM{_STR,}() again
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
selftests: mptcp: pm: check flush doesn't reset limits
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: mediatek: Fix duty and period setting
Uwe Kleine-König <u.kleine-koenig(a)baylibre.com>
pwm: mediatek: Handle hardware enable and clock enable separately
Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de>
pwm: mediatek: Implement .apply() callback
Ranjan Kumar <ranjan.kumar(a)broadcom.com>
scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems
Ranjan Kumar <ranjan.kumar(a)broadcom.com>
scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers
André Draszik <andre.draszik(a)linaro.org>
scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
David Lechner <dlechner(a)baylibre.com>
iio: adc: ad_sigma_delta: change to buffer predisable
Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com>
soc: qcom: mdt_loader: Ensure we don't read past the ELF header
Johan Hovold <johan+linaro(a)kernel.org>
wifi: ath11k: fix dest ring-buffer corruption when ring is full
Kefeng Wang <wangkefeng.wang(a)huawei.com>
asm-generic: Add memory barrier dma_mb()
Marco Elver <elver(a)google.com>
locking/barriers, kcsan: Support generic instrumentation
Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com>
media: venus: protect against spurious interrupts during probe
Dikshita Agarwal <quic_dikshita(a)quicinc.com>
media: venus: Add support for SSR trigger using fault injection
Sasha Levin <sashal(a)kernel.org>
media: qcom: camss: cleanup media device allocated resource on error path
Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de>
media: camss: Convert to platform remove callback returning void
Chao Yu <chao(a)kernel.org>
f2fs: fix to avoid out-of-boundary access in dnode page
Imre Deak <imre.deak(a)intel.com>
drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS
Geliang Tang <tanggeliang(a)kylinos.cn>
mptcp: disable add_addr retransmission when timeout is 0
Timur Kristóf <timur.kristof(a)gmail.com>
drm/amd/display: Don't overclock DCE 6 by 15%
Selvarasu Ganesan <selvarasu.g(a)samsung.com>
usb: dwc3: Remove WARN_ON for device endpoint command timeouts
Kuen-Han Tsai <khtsai(a)google.com>
usb: dwc3: Ignore late xferNotReady event to prevent halt timeout
Zenm Chen <zenmchen(a)gmail.com>
USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles
Thorsten Blum <thorsten.blum(a)linux.dev>
usb: storage: realtek_cr: Use correct byte order for bcs->Residue
Mael GUERIN <mael.guerin(a)murena.io>
USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera
Marek Vasut <marek.vasut+renesas(a)mailbox.org>
usb: renesas-xhci: Fix External ROM access timeouts
Xu Yang <xu.yang_2(a)nxp.com>
usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test
Ian Abbott <abbotti(a)mev.co.uk>
comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl()
Edward Adam Davis <eadavis(a)qq.com>
comedi: pcl726: Prevent invalid irq number
Ian Abbott <abbotti(a)mev.co.uk>
comedi: Make insn_rw_emulate_bits() do insn->n samples
Miao Li <limiao(a)kylinos.cn>
usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive
Miaoqian Lin <linmq006(a)gmail.com>
most: core: Drop device reference after usage in get_channel()
David Lechner <dlechner(a)baylibre.com>
iio: proximity: isl29501: fix buffered read on big-endian systems
Salah Triki <salah.triki(a)gmail.com>
iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe()
Steven Rostedt <rostedt(a)goodmis.org>
ftrace: Also allocate and copy hash for reading of filter files
Xu Yilun <yilun.xu(a)linux.intel.com>
fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable()
Al Viro <viro(a)zeniv.linux.org.uk>
use uniform permission checks for all mount propagation changes
Ye Bin <yebin10(a)huawei.com>
fs/buffer: fix use-after-free when call bh_read() helper
Timur Kristóf <timur.kristof(a)gmail.com>
drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs
Timur Kristóf <timur.kristof(a)gmail.com>
drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs
Timur Kristóf <timur.kristof(a)gmail.com>
drm/amd/display: Fix DP audio DTO1 clock source on DCE 6.
Timur Kristóf <timur.kristof(a)gmail.com>
drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd/display: Avoid a NULL pointer dereference
Evgeniy Harchenko <evgeniyharchenko.dev(a)gmail.com>
ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6
Herton R. Krzesinski <herton(a)redhat.com>
mm/debug_vm_pgtable: clear page table entries at destroy_args()
Phillip Lougher <phillip(a)squashfs.org.uk>
squashfs: fix memory leak in squashfs_fill_super
Victor Shih <victor.shih(a)genesyslogic.com.tw>
mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency
Jiayi Li <lijiayi(a)kylinos.cn>
memstick: Fix deadlock by moving removing flag earlier
Will Deacon <will(a)kernel.org>
KVM: arm64: Fix kernel BUG() due to bad backport of FPSIMD/SVE/SME fix
Adrian Hunter <adrian.hunter(a)intel.com>
scsi: ufs: ufs-pci: Fix default runtime and system PM levels
Archana Patni <archana.patni(a)intel.com>
scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers
Paolo Abeni <pabeni(a)redhat.com>
mptcp: do not queue data on closed subflows
Geliang Tang <geliang.tang(a)suse.com>
mptcp: drop unused sk in mptcp_push_release
Mat Martineau <mathew.j.martineau(a)linux.intel.com>
selftests: mptcp: Initialize variables to quiet gcc 12 warnings
Paolo Abeni <pabeni(a)redhat.com>
mptcp: introduce MAPPING_BAD_CSUM
Paolo Abeni <pabeni(a)redhat.com>
mptcp: fix error mibs accounting
Matthieu Baerts <matthieu.baerts(a)tessares.net>
selftests: mptcp: add missing join check
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
selftests: mptcp: connect: also cover checksum
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
selftests: mptcp: connect: also cover alt modes
Florian Westphal <fw(a)strlen.de>
selftests: mptcp: make sendfile selftest work
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
kbuild: userprogs: use correct linker when mixing clang and GNU ld
Li Zhong <floridsleeves(a)gmail.com>
ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value
Nirmal Patel <nirmal.patel(a)linux.intel.com>
PCI: vmd: Assign VMD IRQ domain before enumeration
Cong Wang <xiyou.wangcong(a)gmail.com>
sch_htb: make htb_deactivate() idempotent
Cong Wang <xiyou.wangcong(a)gmail.com>
codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
Cong Wang <xiyou.wangcong(a)gmail.com>
sch_drr: make drr_qlen_notify() idempotent
Qu Wenruo <wqu(a)suse.com>
btrfs: populate otime when logging an inode item
Chao Gao <chao.gao(a)intel.com>
KVM: VMX: Flush shadow VMCS on emergency reboot
Davide Caratti <dcaratti(a)redhat.com>
net/sched: ets: use old 'nbands' while purging unused classes
Eric Dumazet <edumazet(a)google.com>
net_sched: sch_ets: implement lockless ets_dump()
Davide Caratti <dcaratti(a)redhat.com>
net/sched: sch_ets: properly init all active DRR list handles
Tzung-Bi Shih <tzungbi(a)kernel.org>
platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister()
Tzung-Bi Shih <tzungbi(a)kernel.org>
platform/chrome: cros_ec: remove unneeded label and if-condition
Chen-Yu Tsai <wenst(a)chromium.org>
platform/chrome: cros_ec: Use per-device lockdep key
Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de>
platform/chrome: cros_ec: Make cros_ec_unregister() return void
Johan Hovold <johan(a)kernel.org>
usb: dwc3: imx8mp: fix device leak at unbind
Youssef Samir <quic_yabdulra(a)quicinc.com>
bus: mhi: host: Detect events pointing to unexpected TREs
Damien Le Moal <dlemoal(a)kernel.org>
ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig
Johan Hovold <johan(a)kernel.org>
usb: musb: omap2430: fix device leak at unbind
Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de>
usb: musb: omap2430: Convert to platform remove callback returning void
Anshuman Khandual <anshuman.khandual(a)arm.com>
mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFS: Fix the setting of capabilities when automounting a new filesystem
Anna Schumaker <Anna.Schumaker(a)Netapp.com>
NFS: Create an nfs4_server_set_init_caps() function
Johan Hovold <johan(a)kernel.org>
net: enetc: fix device and OF node leak at probe
Damien Le Moal <dlemoal(a)kernel.org>
block: Make REQ_OP_ZONE_FINISH a write operation
Lukas Wunner <lukas(a)wunner.de>
PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
Sebastian Reichel <sebastian.reichel(a)collabora.com>
usb: typec: fusb302: cache PD RX state
Haiyang Zhang <haiyangz(a)microsoft.com>
hv_netvsc: Fix panic during namespace deletion with VF
Thorsten Blum <thorsten.blum(a)linux.dev>
smb: server: Fix extension string in ksmbd_extract_shortname()
Geoffrey D. Bennett <g(a)b4.vu>
ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx()
Dave Hansen <dave.hansen(a)linux.intel.com>
x86/fpu: Delay instruction pointer fixup until after warning
Wang Zhaolong <wangzhaolong(a)huaweicloud.com>
smb: client: fix use-after-free in crypt_message when using async crypto
Mathias Nyman <mathias.nyman(a)linux.intel.com>
usb: hub: Don't try to recover devices lost during warm reset.
Mathias Nyman <mathias.nyman(a)linux.intel.com>
usb: hub: avoid warm port reset during USB3 disconnect
Yazen Ghannam <yazen.ghannam(a)amd.com>
x86/mce/amd: Add default names for MCA banks and blocks
Zhang Lixu <lixu.zhang(a)intel.com>
iio: hid-sensor-prox: Fix incorrect OFFSET calculation
Zhang Lixu <lixu.zhang(a)intel.com>
iio: hid-sensor-prox: Restore lost scale assignments
Chao Yu <chao(a)kernel.org>
f2fs: fix to do sanity check on ino and xnid
Nathan Chancellor <nathan(a)kernel.org>
ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS
Ada Couprie Diaz <ada.coupriediaz(a)arm.com>
arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack()
Lin.Cao <lincao12(a)amd.com>
drm/sched: Remove optimization that causes hang when killing dependent jobs
Haoxiang Li <haoxiang_li2024(a)163.com>
ice: Fix a null pointer dereference in ice_copy_and_init_pkg()
Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
selftests/memfd: add test for mapping write-sealed memfd read-only
Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
mm: reinstate ability to map write-sealed memfd mappings read-only
Lorenzo Stoakes <lstoakes(a)gmail.com>
mm: update memfd seal write check to include F_SEAL_WRITE
Lorenzo Stoakes <lstoakes(a)gmail.com>
mm: drop the assumption that VM_SHARED always implies writable
Cong Wang <xiyou.wangcong(a)gmail.com>
sch_qfq: make qfq_qlen_notify() idempotent
Cong Wang <xiyou.wangcong(a)gmail.com>
sch_hfsc: make hfsc_qlen_notify() idempotent
Cong Wang <xiyou.wangcong(a)gmail.com>
sch_htb: make htb_qlen_notify() idempotent
Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
mptcp: pm: kernel: flush: do not reset ADD_ADDR limit
Christoph Paasch <cpaasch(a)openai.com>
mptcp: drop skb if MPTCP skb extension allocation fails
Eric Biggers <ebiggers(a)kernel.org>
ipv6: sr: Fix MAC comparison to be constant-time
Jakub Acs <acsjakub(a)amazon.de>
net, hsr: reject HSR frame if skb can't hold tag
Timur Kristóf <timur.kristof(a)gmail.com>
drm/amd/display: Don't overwrite dce60_clk_mgr
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd: Restore cached power limit during resume
Ricardo Ribalda <ribalda(a)chromium.org>
media: venus: venc: Clamp param smaller than 1fps and bigger than 240
Ricardo Ribalda <ribalda(a)chromium.org>
media: venus: vdec: Clamp param smaller than 1fps and bigger than 240.
Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com>
media: venus: hfi: explicitly release IRQ during teardown
Vedang Nagar <quic_vnagar(a)quicinc.com>
media: venus: Add a check for packet size after reading from shared memory
Zhang Shurong <zhang_shurong(a)foxmail.com>
media: ov2659: Fix memory leaks in ov2659_probe()
Gui-Dong Han <hanguidong02(a)gmail.com>
media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
Ludwig Disterhof <ludwig(a)disterhof.eu>
media: usbtv: Lock resolution while streaming
Sakari Ailus <sakari.ailus(a)linux.intel.com>
media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free()
Haoxiang Li <haoxiang_li2024(a)163.com>
media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init()
Bingbu Cao <bingbu.cao(a)intel.com>
media: hi556: correct the test pattern configuration
Dan Carpenter <dan.carpenter(a)linaro.org>
media: gspca: Add bounds checking to firmware parser
Jon Hunter <jonathanh(a)nvidia.com>
soc/tegra: pmc: Ensure power-domains are in a known state
Baokun Li <libaokun1(a)huawei.com>
jbd2: prevent softlockup in jbd2_log_do_checkpoint()
Damien Le Moal <dlemoal(a)kernel.org>
PCI: endpoint: Fix configfs group removal on driver teardown
Damien Le Moal <dlemoal(a)kernel.org>
PCI: endpoint: Fix configfs group list head handling
Thomas Fourier <fourier.thomas(a)gmail.com>
mtd: rawnand: fsmc: Add missing check after DMA map
Gabor Juhos <j4g8y7(a)gmail.com>
mtd: spinand: propagate spinand_wait() errors from spinand_write_page()
Tim Harvey <tharvey(a)gateworks.com>
hwmon: (gsc-hwmon) fix fan pwm setpoint show functions
Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com>
pwm: imx-tpm: Reset counter if CMOD is 0
Johan Hovold <johan+linaro(a)kernel.org>
wifi: ath11k: fix source ring-buffer corruption
Nathan Chancellor <nathan(a)kernel.org>
wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table()
Marek Szyprowski <m.szyprowski(a)samsung.com>
zynq_fpga: use sgtable-based scatterlist wrappers
Damien Le Moal <dlemoal(a)kernel.org>
ata: libata-scsi: Fix ata_to_sense_error() status handling
Ranjan Kumar <ranjan.kumar(a)broadcom.com>
scsi: mpi3mr: Fix race between config read submit and interrupt completion
Zhang Yi <yi.zhang(a)huawei.com>
ext4: fix hole length calculation overflow in non-extent inodes
Liao Yuanhong <liaoyuanhong(a)vivo.com>
ext4: use kmalloc_array() for array space allocation
Theodore Ts'o <tytso(a)mit.edu>
ext4: don't try to clear the orphan_present feature block device is r/o
Ojaswin Mujoo <ojaswin(a)linux.ibm.com>
ext4: fix reserved gdt blocks handling in fsmap
Ojaswin Mujoo <ojaswin(a)linux.ibm.com>
ext4: fix fsmap end of range reporting with bigalloc
Andreas Dilger <adilger(a)dilger.ca>
ext4: check fast symlink for ea_inode correctly
Helge Deller <deller(a)gmx.de>
Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()"
Eric Biggers <ebiggers(a)kernel.org>
lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap
Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz>
vt: defkeymap: Map keycodes above 127 to K_HOLE
Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz>
vt: keyboard: Don't process Unicode characters in K_OFF mode
Alexander Wilhelm <alexander.wilhelm(a)westermo.com>
bus: mhi: host: Fix endianness of BHI vector table
Johan Hovold <johan(a)kernel.org>
usb: dwc3: meson-g12a: fix device leaks at unbind
Johan Hovold <johan(a)kernel.org>
usb: gadget: udc: renesas_usb3: fix device leak at unbind
Nathan Chancellor <nathan(a)kernel.org>
usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init()
Finn Thain <fthain(a)linux-m68k.org>
m68k: Fix lost column on framebuffer debug console
Dan Carpenter <dan.carpenter(a)linaro.org>
cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table()
Yunhui Cui <cuiyunhui(a)bytedance.com>
serial: 8250: fix panic due to PSLVERR
Aditya Garg <gargaditya08(a)live.com>
HID: magicmouse: avoid setting up battery timer when not needed
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Do not mark valid metadata as invalid
Youngjun Lee <yjjuny.lee(a)samsung.com>
media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
Breno Leitao <leitao(a)debian.org>
mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock
Waiman Long <longman(a)redhat.com>
mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup()
Randy Dunlap <rdunlap(a)infradead.org>
parisc: Makefile: fix a typo in palo.conf
Sravan Kumar Gundu <sravankumarlpu(a)gmail.com>
fbdev: Fix vmalloc out-of-bounds write in fast_imageblit
Qu Wenruo <wqu(a)suse.com>
btrfs: do not allow relocation of partially dropped subvolumes
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix log tree replay failure due to file with 0 links and extents
Oliver Neukum <oneukum(a)suse.com>
cdc-acm: fix race between initial clearing halt and open
Eric Biggers <ebiggers(a)kernel.org>
thunderbolt: Fix copy+paste error in match_service_id()
Ian Abbott <abbotti(a)mev.co.uk>
comedi: fix race between polling and detaching
Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz>
usb: typec: ucsi: Update power_supply on power role change
Ricky Wu <ricky_wu(a)realtek.com>
misc: rtsx: usb: Ensure mmc child device is active when card is present
Xinyu Liu <katieeliu(a)tencent.com>
usb: core: config: Prevent OOB read in SS endpoint companion parsing
Baokun Li <libaokun1(a)huawei.com>
ext4: fix largest free orders lists corruption on mb_optimize_scan switch
Jack Xiao <Jack.Xiao(a)amd.com>
drm/amdgpu: fix incorrect vm flags to map bo
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_sai: replace regmap_write with regmap_update_bits
Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com>
ASoC: soc-dai.h: merge DAI call back functions into ops
Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com>
ASoC: soc-dai.c: add missing flag check at snd_soc_pcm_dai_probe()
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
scsi: lpfc: Remove redundant assignment to avoid memory leak
Meagan Lloyd <meaganlloyd(a)linux.microsoft.com>
rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Fix uninited ptr deref in block/scsi layout
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Handle RPC size limit for layoutcommits
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Fix disk addr range check in block/scsi layout
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Fix stripe mapping in block/scsi layout
John Garry <john.g.garry(a)oracle.com>
block: avoid possible overflow for chunk_sectors check in blk_stack_limits()
Buday Csaba <buday.csaba(a)prolan.hu>
net: phy: smsc: add proper reset flags for LAN8710A
Corey Minyard <corey(a)minyard.net>
ipmi: Fix strcpy source and destination the same
Yann E. MORIN <yann.morin.1998(a)free.fr>
kconfig: lxdialog: fix 'space' to (de)select options
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: gconf: fix potential memory leak in renderer_edited()
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed()
Breno Leitao <leitao(a)debian.org>
ipmi: Use dev_warn_ratelimited() for incorrect message warnings
John Garry <john.g.garry(a)oracle.com>
scsi: aacraid: Stop using PCI_IRQ_AFFINITY
Maurizio Lombardi <mlombard(a)redhat.com>
scsi: target: core: Generate correct identifiers for PR OUT transport IDs
Ranjan Kumar <ranjan.kumar(a)broadcom.com>
scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
Shankari Anand <shankari.ak0208(a)gmail.com>
kconfig: nconf: Ensure null termination where strncpy is used
Suchit Karunakaran <suchitkarunakaran(a)gmail.com>
kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c
fangzhong.zhou <myth5(a)myth5.com>
i2c: Force DLL0945 touchpad i2c freq to 100khz
Mikulas Patocka <mpatocka(a)redhat.com>
dm-mpath: don't print the "loaded" message if registering fails
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i3c: don't fail if GETHDRCAP is unsupported
Meagan Lloyd <meaganlloyd(a)linux.microsoft.com>
rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i3c: add missing include to internal header
Purva Yeshi <purvayeshi550(a)gmail.com>
md: dm-zoned-target: Initialize return variable r to avoid uninitialized use
Bharat Bhushan <bbhushan2(a)marvell.com>
crypto: octeontx2 - add timeout for load_fvc completion poll
chenchangcheng <chenchangcheng(a)kylinos.cn>
media: uvcvideo: Fix bandwidth issue for Alcor camera
Alex Guo <alexguo1023(a)gmail.com>
media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
Alex Guo <alexguo1023(a)gmail.com>
media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
media: usb: hdpvr: disable zero-length read messages
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: tc358743: Increase FIFO trigger level to 374
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: tc358743: Return an appropriate colorspace from tc358743_set_fmt
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: tc358743: Check I2C succeeded during probe
Cheick Traore <cheick.traore(a)foss.st.com>
pinctrl: stm32: Manage irq affinity settings
Damien Le Moal <dlemoal(a)kernel.org>
scsi: mpt3sas: Correctly handle ATA device errors
Justin Tee <justin.tee(a)broadcom.com>
scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
Arnd Bergmann <arnd(a)arndb.de>
RDMA/core: reduce stack using in nldev_stat_get_doit()
Yury Norov [NVIDIA] <yury.norov(a)gmail.com>
RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
Johan Adolfsson <johan.adolfsson(a)axis.com>
leds: leds-lp50xx: Handle reg to get correct multi_index
Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se>
media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
Arnaud Lecomte <contact(a)arnaud-lcm.com>
jfs: upper bound check of tree index in dbAllocAG
Edward Adam Davis <eadavis(a)qq.com>
jfs: Regular file corruption check
Lizhi Xu <lizhi.xu(a)windriver.com>
jfs: truncate good inode pages when hard link is 0
jackysliu <1972843537(a)qq.com>
scsi: bfa: Double-free fix
Ziyan Fu <fuzy5(a)lenovo.com>
watchdog: iTCO_wdt: Report error if timeout configuration fails
Shiji Yang <yangshiji66(a)outlook.com>
MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free}
Sebastian Reichel <sebastian.reichel(a)collabora.com>
watchdog: dw_wdt: Fix default timeout
Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com>
fs/orangefs: use snprintf() instead of sprintf()
Showrya M N <showrya(a)chelsio.com>
scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
Theodore Ts'o <tytso(a)mit.edu>
ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
Zhiqi Song <songzhiqi1(a)huawei.com>
crypto: hisilicon/hpre - fix dma unmap sequence
Pali Rohár <pali(a)kernel.org>
cifs: Fix calling CIFSFindFirst() for root path without msearch
Aaron Plattner <aplattner(a)nvidia.com>
watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition
Jason Wang <jasowang(a)redhat.com>
vhost: fail early when __vhost_add_used() fails
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325
Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com>
drm/ttm: Respect the shrinker core free target
Jakub Kicinski <kuba(a)kernel.org>
uapi: in6: restore visibility of most IPv6 socket options
Emily Deng <Emily.Deng(a)amd.com>
drm/ttm: Should to return the evict error
Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com>
net: ncsi: Fix buffer overflow in fetching version id
Thomas Fourier <fourier.thomas(a)gmail.com>
wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc()
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: prevent SWITCH_CTRL access on BCM5325
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: prevent DIS_LEARNING access on BCM5325
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: fix b53_imp_vlan_setup for BCM5325
Alok Tiwari <alok.a.tiwari(a)oracle.com>
gve: Return error for unknown admin queue command
Gal Pressman <gal(a)nvidia.com>
net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual
Heiner Kallweit <hkallweit1(a)gmail.com>
dpaa_eth: don't use fixed_phy_change_carrier
Stanislaw Gruszka <stf_xl(a)wp.pl>
wifi: iwlegacy: Check rate_idx range after addition
Mina Almasry <almasrymina(a)google.com>
netmem: fix skb_frag_address_safe with unreadable skbs
Thomas Fourier <fourier.thomas(a)gmail.com>
wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`.
Wen Chen <Wen.Chen3(a)amd.com>
drm/amd/display: Fix 'failed to blank crtc!'
Pagadala Yesu Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com>
wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect
Rand Deeb <rand.sec96(a)gmail.com>
wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()
Ilya Bakoulin <Ilya.Bakoulin(a)amd.com>
drm/amd/display: Separate set_gsl from set_gsl_source_select
Jonas Rebmann <jre(a)pengutronix.de>
net: fec: allow disable coalescing
Eric Work <work.eric(a)gmail.com>
net: atlantic: add set_power to fw_ops for atl2 to fix wol
zhangjianrong <zhangjianrong5(a)huawei.com>
net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths()
Rob Clark <robdclark(a)chromium.org>
drm/msm: use trylock for debugfs
Kuniyuki Iwashima <kuniyu(a)google.com>
ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc().
Thomas Fourier <fourier.thomas(a)gmail.com>
(powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't complete management TX on SAE commit
Sven Schnelle <svens(a)linux.ibm.com>
s390/stp: Remove udelay from stp_sync_clock()
Avraham Stern <avraham.stern(a)intel.com>
wifi: iwlwifi: mvm: fix scan request validation
Juri Lelli <juri.lelli(a)redhat.com>
sched/deadline: Fix accounting after global limits change
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: thunderx: Fix format-truncation warning in bgx_acpi_match_id()
Oscar Maes <oscmaes92(a)gmail.com>
net: ipv4: fix incorrect MTU in broadcast routes
Ilan Peer <ilan.peer(a)intel.com>
wifi: cfg80211: Fix interface type validation
Matt Johnston <matt(a)codeconstruct.com.au>
net: mctp: Prevent duplicate binds
Paul E. McKenney <paulmck(a)kernel.org>
rcu: Protect ->defer_qs_iw_pending from data race
Breno Leitao <leitao(a)debian.org>
arm64: Mark kernel as tainted on SAE and SError panic
Leon Romanovsky <leon(a)kernel.org>
net/mlx5e: Properly access RCU protected qdisc_sleeping variable
Thomas Fourier <fourier.thomas(a)gmail.com>
net: ag71xx: Add missing check after DMA map
Thomas Fourier <fourier.thomas(a)gmail.com>
et131x: Add missing check after DMA map
Alok Tiwari <alok.a.tiwari(a)oracle.com>
be2net: Use correct byte order and format string for TCP seq and ack_seq
Sven Schnelle <svens(a)linux.ibm.com>
s390/time: Use monotonic clock in get_cycles()
Johannes Berg <johannes.berg(a)intel.com>
wifi: cfg80211: reject HTC bit for management frames
Steven Rostedt <rostedt(a)goodmis.org>
ktest.pl: Prevent recursion of default variable options
Anthoine Bourgeois <anthoine.bourgeois(a)vates.tech>
xen/netfront: Fix TX response spurious interrupts
Xinxin Wan <xinxin.wan(a)intel.com>
ASoC: codecs: rt5640: Retry DEVICE_ID verification
Jonathan Santos <Jonathan.Santos(a)analog.com>
iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement
Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com>
ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
Christophe Leroy <christophe.leroy(a)csgroup.eu>
ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop
Lucy Thrun <lucy.thrun(a)digital-rabbithole.de>
ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
Tomasz Michalec <tmichalec(a)google.com>
platform/chrome: cros_ec_typec: Defer probe on missing EC parent
Kees Cook <kees(a)kernel.org>
platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches
Gautham R. Shenoy <gautham.shenoy(a)amd.com>
pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()
Oliver Neukum <oneukum(a)suse.com>
usb: core: usb_submit_urb: downgrade type check
Tomasz Michalec <tmichalec(a)google.com>
usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present
Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com>
ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
Alok Tiwari <alok.a.tiwari(a)oracle.com>
ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4
Mark Brown <broonie(a)kernel.org>
ASoC: hdac_hdmi: Rate limit logging on connection and disconnection
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/bugs: Avoid warning when overriding return thunk
Ulf Hansson <ulf.hansson(a)linaro.org>
mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()
Peter Robinson <pbrobinson(a)gmail.com>
reset: brcmstb: Enable reset drivers for ARCH_BCM2835
Eliav Farber <farbere(a)amazon.com>
pps: clients: gpio: fix interrupt handling order in remove path
Breno Leitao <leitao(a)debian.org>
ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
Sarthak Garg <quic_sartgarg(a)quicinc.com>
mmc: sdhci-msm: Ensure SD card power isn't ON when card removed
Sebastian Ott <sebott(a)redhat.com>
ACPI: processor: fix acpi_object initialization
tuhaowen <tuhaowen(a)uniontech.com>
PM: sleep: console: Fix the black screen issue
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
thermal: sysfs: Return ENODATA instead of EAGAIN for reads
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit()
Zhu Qiyu <qiyuzhu2(a)amd.com>
ACPI: PRM: Reduce unnecessary printing to avoid user confusion
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
selftests: tracing: Use mutex_unlock for testing glob filter
Aaron Kling <webgeek1234(a)gmail.com>
ARM: tegra: Use I/O memcpy to write to IRAM
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
gpio: tps65912: check the return value of regmap_update_bits()
Thomas Weißschuh <linux(a)weissschuh.net>
tools/nolibc: define time_t in terms of __kernel_old_time_t
David Collins <david.collins(a)oss.qualcomm.com>
thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required
Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com>
ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed
Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com>
EDAC/synopsys: Clear the ECC counters on init
Lifeng Zheng <zhenglifeng1(a)huawei.com>
PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store()
Alexander Kochetkov <al.kochet(a)gmail.com>
ARM: rockchip: fix kernel hang during smp initialization
Lifeng Zheng <zhenglifeng1(a)huawei.com>
cpufreq: Exit governor when failed to start old governor
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
gpio: wcd934x: check the return value of regmap_update_bits()
Mario Limonciello <mario.limonciello(a)amd.com>
usb: xhci: Avoid showing errors during surprise removal
Jay Chen <shawn2000100(a)gmail.com>
usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command
Mario Limonciello <mario.limonciello(a)amd.com>
usb: xhci: Avoid showing warnings for dying controller
Benson Leung <bleung(a)chromium.org>
usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default
Cynthia Huang <cynthia(a)andestech.com>
selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t
Prashant Malani <pmalani(a)google.com>
cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag
Su Hui <suhui(a)nfschina.com>
usb: xhci: print xhci->xhc_state when queue_command failed
Al Viro <viro(a)zeniv.linux.org.uk>
securityfs: don't pin dentries twice, once is enough...
Wei Gao <wegao(a)suse.com>
ext2: Handle fiemap on empty files to prevent EINVAL
Rong Zhang <ulin0208(a)gmail.com>
fs/ntfs3: correctly create symlink for relative path
Lizhi Xu <lizhi.xu(a)windriver.com>
fs/ntfs3: Add sanity check for file name
Damien Le Moal <dlemoal(a)kernel.org>
ata: libata-sata: Disallow changing LPM state if not supported
Al Viro <viro(a)zeniv.linux.org.uk>
better lockdep annotations for simple_recursive_removal()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfs: fix not erasing deleted b-tree node issue
Sarah Newman <srn(a)prgmr.com>
drbd: add missing kref_get in handle_write_conflicts
Jan Kara <jack(a)suse.cz>
udf: Verify partition map count
NeilBrown <neil(a)brown.name>
smb/server: avoid deadlock when linking with ReplaceIfExists
Kees Cook <kees(a)kernel.org>
arm64: Handle KCOV __init vs inline mismatches
Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp>
hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfs: fix slab-out-of-bounds in hfs_bnode_read()
Jeongjun Park <aha310510(a)gmail.com>
ptp: prevent possible ABBA deadlock in ptp_clock_freerun()
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpuidle: governors: menu: Avoid using invalid recent intervals data
Len Brown <len.brown(a)intel.com>
intel_idle: Allow loading ACPI tables for any family
Xin Long <lucien.xin(a)gmail.com>
sctp: linearize cloned gso packets in sctp_rcv
Florian Westphal <fw(a)strlen.de>
netfilter: ctnetlink: fix refcount leak on table dump
Sabrina Dubroca <sd(a)queasysnail.net>
udp: also consider secpath when evaluating ipsec use for checksumming
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
ACPI: processor: perflib: Move problematic pr->performance check
Jiayi Li <lijiayi(a)kylinos.cn>
ACPI: processor: perflib: Fix initial _PPC limit application
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
Documentation: ACPI: Fix parent device references
Jann Horn <jannh(a)google.com>
eventpoll: Fix semi-unbounded recursion
Sasha Levin <sashal(a)kernel.org>
fs: Prevent file descriptor table allocations exceeding INT_MAX
Ma Ke <make24(a)iscas.ac.cn>
sunvdc: Balance device refcount in vdc_port_mpgroup_check
Dai Ngo <dai.ngo(a)oracle.com>
NFSD: detect mismatch of file handle and delegation stateid in OPEN op
Jeff Layton <jlayton(a)kernel.org>
nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
Xu Yang <xu.yang_2(a)nxp.com>
net: usb: asix_devices: add phy_mask for ax88772 mdio bus
Johan Hovold <johan(a)kernel.org>
net: dpaa: fix device leak when querying time stamp info
Johan Hovold <johan(a)kernel.org>
net: gianfar: fix device leak when querying time stamp info
Fedor Pchelkin <pchelkin(a)ispras.ru>
netlink: avoid infinite retry looping in netlink_unicast()
Harald Mommer <harald.mommer(a)oss.qualcomm.com>
gpio: virtio: Fix config space reading.
Takashi Iwai <tiwai(a)suse.de>
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
Takashi Iwai <tiwai(a)suse.de>
ALSA: usb-audio: Validate UAC3 power domain descriptors, too
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring: don't use int for ABI
Tao Xue <xuetao09(a)huawei.com>
usb: gadget : fix use-after-free in composite_dev_cleanup()
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery
Jiaxun Yang <jiaxun.yang(a)flygoat.com>
MIPS: mm: tlb-r4k: Uniquify TLB entries on init
Thorsten Blum <thorsten.blum(a)linux.dev>
ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe()
Ammar Faizi <ammarfaizi2(a)gnuweeb.org>
net: usbnet: Fix the wrong netif_carrier_on() call
John Ernberg <john.ernberg(a)actia.se>
net: usbnet: Avoid potential RCU stall on LINK_CHANGE event
Slark Xiao <slark_xiao(a)163.com>
USB: serial: option: add Foxconn T99W709
Budimir Markovic <markovicbudimir(a)gmail.com>
vsock: Do not allow binding to VMADDR_PORT_ANY
Quang Le <quanglex97(a)gmail.com>
net/packet: fix a race in packet_set_ring() and packet_notifier()
Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
selftests/perf_events: Add a mmap() correctness test
Thomas Gleixner <tglx(a)linutronix.de>
perf/core: Prevent VMA split of buffer mappings
Thomas Gleixner <tglx(a)linutronix.de>
perf/core: Exit early on perf_mmap() fail
Thomas Gleixner <tglx(a)linutronix.de>
perf/core: Don't leak AUX buffer refcount on allocation failure
Eric Dumazet <edumazet(a)google.com>
pptp: fix pptp_xmit() error path
Stefan Metzmacher <metze(a)samba.org>
smb: client: let recv_done() cleanup before notifying the callers.
Stefan Metzmacher <metze(a)samba.org>
smb: server: let recv_done() avoid touching data_transfer after cleanup/move
Stefan Metzmacher <metze(a)samba.org>
smb: server: let recv_done() consistently call put_recvmsg/smb_direct_disconnect_rdma_connection
Stefan Metzmacher <metze(a)samba.org>
smb: server: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already
Stefan Metzmacher <metze(a)samba.org>
smb: server: remove separate empty_recvmsg_queue
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out()
Michal Schmidt <mschmidt(a)redhat.com>
benet: fix BUG when creating VFs
Wang Liang <wangliang74(a)huawei.com>
net: drop UFO packets in udp_rcv_segment()
Eric Dumazet <edumazet(a)google.com>
ipv6: reject malicious packets in ipv6_gso_segment()
Christoph Paasch <cpaasch(a)openai.com>
net/mlx5: Correctly set gso_segs when LRO is used
Eric Dumazet <edumazet(a)google.com>
pptp: ensure minimal skb length in pptp_xmit()
Horatiu Vultur <horatiu.vultur(a)microchip.com>
phy: mscc: Fix parsing of unicast frames
Jakub Kicinski <kuba(a)kernel.org>
netpoll: prevent hanging NAPI when netcons gets enabled
Benjamin Coddington <bcodding(a)redhat.com>
NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY
Matthew Wilcox (Oracle) <willy(a)infradead.org>
XArray: Add calls to might_alloc()
Olga Kornievskaia <okorniev(a)redhat.com>
NFSv4.2: another fix for listxattr
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
Tigran Mkrtchyan <tigran.mkrtchyan(a)desy.de>
pNFS/flexfiles: don't attempt pnfs on fatal DS errors
Timothy Pearson <tpearson(a)raptorengineering.com>
PCI: pnv_php: Fix surprise plug detection and recovery
Timothy Pearson <tpearson(a)raptorengineering.com>
powerpc/eeh: Make EEH driver device hotplug safe
Maciej W. Rozycki <macro(a)orcam.me.uk>
powerpc/eeh: Rely on dev->link_active_reporting
Timothy Pearson <tpearson(a)raptorengineering.com>
powerpc/eeh: Export eeh_unfreeze_pe()
Timothy Pearson <tpearson(a)raptorengineering.com>
PCI: pnv_php: Work around switches with broken presence detection
Timothy Pearson <tpearson(a)raptorengineering.com>
PCI: pnv_php: Clean up allocated IRQs on unplug
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: qconf: fix ConfigList::updateListAllforAll()
Seunghui Lee <sh043.lee(a)samsung.com>
scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume
Tomas Henzl <thenzl(a)redhat.com>
scsi: mpt3sas: Fix a fw_event memory leak
Chao Yu <chao(a)kernel.org>
f2fs: fix to avoid out-of-boundary access in devs.path
Chao Yu <chao(a)kernel.org>
f2fs: fix to avoid panic in f2fs_evict_inode
Chao Yu <chao(a)kernel.org>
f2fs: fix to avoid UAF in f2fs_sync_inode_meta()
Chao Yu <chao(a)kernel.org>
f2fs: doc: fix wrong quota mount option description
Abinash Singh <abinashlalotra(a)gmail.com>
f2fs: fix KMSAN uninit-value in extent_info usage
Brian Masney <bmasney(a)redhat.com>
rtc: rv3028: fix incorrect maximum clock rate handling
Brian Masney <bmasney(a)redhat.com>
rtc: pcf8563: fix incorrect maximum clock rate handling
Brian Masney <bmasney(a)redhat.com>
rtc: pcf85063: fix incorrect maximum clock rate handling
Brian Masney <bmasney(a)redhat.com>
rtc: hym8563: fix incorrect maximum clock rate handling
Brian Masney <bmasney(a)redhat.com>
rtc: ds1307: fix incorrect maximum clock rate handling
Uros Bizjak <ubizjak(a)gmail.com>
ucount: fix atomic_long_inc_below() argument type
Petr Pavlu <petr.pavlu(a)suse.com>
module: Restore the moduleparam prefix length check
Ryan Lee <ryan.lee(a)canonical.com>
apparmor: ensure WB_HISTORY_SIZE value is a power of 2
Paul Chaignon <paul.chaignon(a)gmail.com>
bpf: Check flow_dissector ctx accesses are aligned
Mike Christie <michael.christie(a)oracle.com>
vhost-scsi: Fix log flooding with target does not exist errors
Balamanikandan Gunasundar <balamanikandan.gunasundar(a)microchip.com>
mtd: rawnand: atmel: set pmecc data setup time
Thomas Fourier <fourier.thomas(a)gmail.com>
mtd: rawnand: rockchip: Add missing check after DMA map
Thomas Fourier <fourier.thomas(a)gmail.com>
mtd: rawnand: atmel: Fix dma_mapping_error() address
Zheng Yu <zheng.yu(a)northwestern.edu>
jfs: fix metapage reference count leak in dbAllocCtl
Chenyuan Yang <chenyuan0y(a)gmail.com>
fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref
Giovanni Cabiddu <giovanni.cabiddu(a)intel.com>
crypto: qat - fix seq_file position update in adf_ring_next()
Ben Hutchings <benh(a)debian.org>
sh: Do not use hyphen in exported variable name
Thomas Fourier <fourier.thomas(a)gmail.com>
dmaengine: nbpfaxi: Add missing check after DMA map
Thomas Fourier <fourier.thomas(a)gmail.com>
dmaengine: mv_xor: Fix missing check after DMA map and missing unmap
Dan Carpenter <dan.carpenter(a)linaro.org>
fs/orangefs: Allow 2 more characters in do_c_string()
Manivannan Sadhasivam <mani(a)kernel.org>
PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute
Bard Liao <yung-chuan.liao(a)linux.intel.com>
soundwire: stream: restore params when prepare ports fail
Thomas Fourier <fourier.thomas(a)gmail.com>
crypto: img-hash - Fix dma_unmap_sg() nents value
Thomas Fourier <fourier.thomas(a)gmail.com>
crypto: keembay - Fix dma_unmap_sg() nents value
Ovidiu Panait <ovidiu.panait.oss(a)gmail.com>
hwrng: mtk - handle devm_pm_runtime_enable errors
Dan Carpenter <dan.carpenter(a)linaro.org>
watchdog: ziirave_wdt: check record length in ziirave_firm_verify()
Thomas Fourier <fourier.thomas(a)gmail.com>
scsi: isci: Fix dma_unmap_sg() nents value
Thomas Fourier <fourier.thomas(a)gmail.com>
scsi: mvsas: Fix dma_unmap_sg() nents value
Thomas Fourier <fourier.thomas(a)gmail.com>
scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value
Paul Kocialkowski <paulk(a)sys-base.io>
clk: sunxi-ng: v3s: Fix de clock definition
Leo Yan <leo.yan(a)arm.com>
perf tests bp_account: Fix leaked file descriptor
Arnd Bergmann <arnd(a)arndb.de>
kernel: trace: preemptirq_delay_test: use offstack cpu mask
Junxian Huang <huangjunxian6(a)hisilicon.com>
RDMA/hns: Fix -Wframe-larger-than issue
Mengbiao Xiong <xisme1998(a)gmail.com>
crypto: ccp - Fix crash when rebind ccp device for ccp.ko
Thomas Fourier <fourier.thomas(a)gmail.com>
crypto: inside-secure - Fix `dma_unmap_sg()` nents value
Namhyung Kim <namhyung(a)kernel.org>
perf sched: Fix memory leaks for evsel->priv in timehist
Nuno Sá <nuno.sa(a)analog.com>
clk: clk-axi-clkgen: fix fpfd_max frequency for zynq
Yuan Chen <chenyuan(a)kylinos.cn>
pinctrl: sunxi: Fix memory leak on krealloc failure
Jerome Brunet <jbrunet(a)baylibre.com>
PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails
Charles Han <hanchunchao(a)inspur.com>
power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set
Charles Han <hanchunchao(a)inspur.com>
power: supply: cpcap-charger: Fix null check for power_supply_get_by_name
Rohit Visavalia <rohit.visavalia(a)amd.com>
clk: xilinx: vcu: unregister pll_post only if registered correctly
James Cowgill <james.cowgill(a)blaize.com>
media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check
Henry Martin <bsdhenrymartin(a)gmail.com>
clk: davinci: Add NULL check in davinci_lpsc_clk_register()
Ivan Stepchenko <sid(a)itb.spb.ru>
mtd: fix possible integer overflow in erase_xfer()
Herbert Xu <herbert(a)gondor.apana.org.au>
crypto: marvell/cesa - Fix engine load inaccuracy
Hans Zhang <18255117159(a)163.com>
PCI: rockchip-host: Fix "Unexpected Completion" log message
Stanislav Fomichev <sdf(a)fomichev.me>
vrf: Drop existing dst reference in vrf_ip6_input_dst
Xiumei Mu <xmu(a)redhat.com>
selftests: rtnetlink.sh: remove esp4_offload after test
Florian Westphal <fw(a)strlen.de>
netfilter: xt_nfacct: don't assume acct name is null-terminated
Jimmy Assarsson <extja(a)kvaser.com>
can: kvaser_usb: Assign netdev.dev_port based on device channel index
Jimmy Assarsson <extja(a)kvaser.com>
can: kvaser_pciefd: Store device channel index
Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com>
wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE
Remi Pommarel <repk(a)triplefau.lt>
Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()"
Remi Pommarel <repk(a)triplefau.lt>
wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key()
Alexander Wetzel <Alexander(a)wetzel-home.de>
wifi: mac80211: Don't call fq_flow_idx() for management frames
Thomas Fourier <fourier.thomas(a)gmail.com>
mwl8k: Add missing check after DMA map
Martin Kaistra <martin.kaistra(a)linutronix.de>
wifi: rtl8xxxu: Fix RX skb size for aggregation disabled
Juergen Gross <jgross(a)suse.com>
xen/gntdev: remove struct gntdev_copy_batch from stack
Eric Dumazet <edumazet(a)google.com>
net_sched: act_ctinfo: use atomic64_t for three counters
William Liu <will(a)willsroot.io>
net/sched: Restrict conditions for adding duplicating netems to qdisc tree
Tiwei Bie <tiwei.btw(a)antgroup.com>
um: rtc: Avoid shadowing err in uml_rtc_start()
Johan Korsnes <johan.korsnes(a)gmail.com>
arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX
Fedor Pchelkin <pchelkin(a)ispras.ru>
netfilter: nf_tables: adjust lockdep assertions handling
Fedor Pchelkin <pchelkin(a)ispras.ru>
drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value
Finn Thain <fthain(a)linux-m68k.org>
m68k: Don't unregister boot console needlessly
Stav Aviram <saviram(a)nvidia.com>
net/mlx5: Check device memory pointer before usage
xin.guo <guoxin0309(a)gmail.com>
tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range
Sergey Senozhatsky <senozhatsky(a)chromium.org>
wifi: ath11k: clear initialized flag for deinit-ed srng lists
Jiasheng Jiang <jiasheng(a)iscas.ac.cn>
iwlwifi: Add missing check for alloc_ordered_workqueue
Xiu Jianfeng <xiujianfeng(a)huawei.com>
wifi: iwlwifi: Fix memory leak in iwl_mvm_init()
Daniil Dulov <d.dulov(a)aladdin.ru>
wifi: rtl818x: Kill URBs before clearing tx status queue
Arnd Bergmann <arnd(a)arndb.de>
caif: reduce stack size, again
Yuan Chen <chenyuan(a)kylinos.cn>
bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure
Jiayuan Chen <jiayuan.chen(a)linux.dev>
bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls
Jiayuan Chen <jiayuan.chen(a)linux.dev>
bpf, sockmap: Fix psock incorrectly pointing to sk
Andy Yan <andy.yan(a)rock-chips.com>
drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed
Steven Rostedt <rostedt(a)goodmis.org>
selftests/tracing: Fix false failure of subsystem event test
Alok Tiwari <alok.a.tiwari(a)oracle.com>
staging: nvec: Fix incorrect null termination of battery manufacturer
Brahmajit Das <listout(a)listout.xyz>
samples: mei: Fix building on musl libc
Lifeng Zheng <zhenglifeng1(a)huawei.com>
cpufreq: Init policy->rwsem before it may be possibly used
Lifeng Zheng <zhenglifeng1(a)huawei.com>
cpufreq: Initialize cpufreq-based frequency-invariance later
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode
Lifeng Zheng <zhenglifeng1(a)huawei.com>
PM / devfreq: Check governor before using governor->name
Adam Ford <aford173(a)gmail.com>
arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed
Adam Ford <aford173(a)gmail.com>
arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed
Annette Kobou <annette.kobou(a)kontron.de>
ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface
Albin Törnqvist <albin.tornqvist(a)codiax.se>
arm: dts: ti: omap: Fixup pinheader typo
Lucas De Marchi <lucas.demarchi(a)intel.com>
usb: early: xhci-dbc: Fix early_ioremap leak
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Revert "vmci: Prevent the dispatching of uninitialized payloads"
Denis OSTERLAND-HEIM <denis.osterland(a)diehl.com>
pps: fix poll support
Lizhi Xu <lizhi.xu(a)windriver.com>
vmci: Prevent the dispatching of uninitialized payloads
Abdun Nihaal <abdun.nihaal(a)gmail.com>
staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()
Charalampos Mitrodimas <charmitro(a)posteo.net>
usb: misc: apple-mfi-fastcharge: Make power supply names unique
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
ARM: dts: vfxxx: Correctly use two tuples for timer address
Dmitry Vyukov <dvyukov(a)google.com>
selftests: Fix errno checking in syscall_user_dispatch test
Arnd Bergmann <arnd(a)arndb.de>
ASoC: ops: dynamically allocate struct snd_ctl_elem_value
Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com>
ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask()
Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com>
Revert "fs/ntfs3: Replace inode_trylock with inode_lock"
Yangtao Li <frank.li(a)vivo.com>
hfsplus: remove mutex_lock check in hfsplus_free_extents
RubenKelevra <rubenkelevra(a)gmail.com>
fs_context: fix parameter name in infofc() macro
Arnd Bergmann <arnd(a)arndb.de>
ASoC: Intel: fix SND_SOC_SOF dependencies
Arnd Bergmann <arnd(a)arndb.de>
ethernet: intel: fix building with large NR_CPUS
Xu Yang <xu.yang_2(a)nxp.com>
usb: phy: mxs: disconnect line when USB charger is attached
Xu Yang <xu.yang_2(a)nxp.com>
usb: chipidea: add USB PHY event
Daniel Dadap <ddadap(a)nvidia.com>
ALSA: hda: Add missing NVIDIA HDA codec IDs
Ian Abbott <abbotti(a)mev.co.uk>
comedi: comedi_test: Fix possible deletion of uninitialized timers
Dmitry Antipov <dmantipov(a)yandex.ru>
jfs: reject on-disk inodes of an unsupported type
Michael Zhivich <mzhivich(a)akamai.com>
x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode()
RD Babiera <rdbabiera(a)google.com>
usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach
Michael Grzeschik <m.grzeschik(a)pengutronix.de>
usb: typec: tcpm: allow switching to mode accessory to mux properly
Michael Grzeschik <m.grzeschik(a)pengutronix.de>
usb: typec: tcpm: allow to use sink in accessory mode
Harry Yoo <harry.yoo(a)oracle.com>
mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n
Ryusuke Konishi <konishi.ryusuke(a)gmail.com>
nilfs2: reject invalid file types when reading inodes
Praveen Kaligineedi <pkaligineedi(a)google.com>
gve: Fix stuck TX queue for DQ queue format
Jacek Kowalski <jacek(a)jacekk.info>
e1000e: ignore uninitialized checksum word on tgp
Jacek Kowalski <jacek(a)jacekk.info>
e1000e: disregard NVM checksum on tgp when valid checksum bit is not set
Ma Ke <make24(a)iscas.ac.cn>
dpaa2-switch: Fix device reference count leak in MAC endpoint handling
Ma Ke <make24(a)iscas.ac.cn>
dpaa2-eth: Fix device reference count leak in MAC endpoint handling
Dawid Rezler <dawidrezler.patches(a)gmail.com>
ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx
Ma Ke <make24(a)iscas.ac.cn>
bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint()
Viresh Kumar <viresh.kumar(a)linaro.org>
i2c: virtio: Avoid hang by using interruptible completion wait
Yang Xiwen <forbidden405(a)outlook.com>
i2c: qup: jump out of the loop in case of timeout
Rong Zhang <i(a)rong.moe>
platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots
Jian Shen <shenjian15(a)huawei.com>
net: hns3: fixed vf get max channels bug
Yonglong Liu <liuyonglong(a)huawei.com>
net: hns3: disable interrupt when ptp init failed
Jian Shen <shenjian15(a)huawei.com>
net: hns3: fix concurrent setting vlan filter issue
Xiang Mei <xmei5(a)asu.edu>
net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class
Kito Xu (veritas501) <hxzene(a)gmail.com>
net: appletalk: Fix use-after-free in AARP proxy probe
Dennis Chen <dechen(a)redhat.com>
i40e: report VF tx_dropped with tx_errors instead of tx_discards
Yajun Deng <yajun.deng(a)linux.dev>
i40e: Add rx_missed_errors for buffer exhaustion
Abdun Nihaal <abdun.nihaal(a)gmail.com>
regmap: fix potential memory leak of regmap_bus
Xilin Wu <sophon(a)radxa.com>
interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node
Maor Gottlieb <maorg(a)nvidia.com>
RDMA/core: Rate limit GID cache warning messages
Alessandro Carminati <acarmina(a)redhat.com>
regulator: core: fix NULL dereference on unbind due to stale coupling data
Fabrice Gasnier <fabrice.gasnier(a)foss.st.com>
Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT
Peter Zijlstra <peterz(a)infradead.org>
x86: Pin task-stack in __get_wchan()
Peter Zijlstra <peterz(a)infradead.org>
x86: Fix __get_wchan() for !STACKTRACE
Kees Cook <keescook(a)chromium.org>
sched: Add wrapper for get_wchan() to keep task blocked
Qi Zheng <zhengqi.arch(a)bytedance.com>
x86: Fix get_wchan() to support the ORC unwinder
Jiayuan Chen <jiayuan.chen(a)linux.dev>
bpf, sockmap: Fix panic when calling skb_linearize
Kurt Borja <kuurtb(a)gmail.com>
platform/x86: think-lmi: Fix kobject cleanup
Zhang Rui <rui.zhang(a)intel.com>
powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed
Alexander Gordeev <agordeev(a)linux.ibm.com>
mm/vmalloc: leave lazy MMU mode on PTE mapping error
Arun Raghavan <arun(a)asymptotic.io>
ASoC: fsl_sai: Force a software reset when starting in consumer mode
Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com>
usb: dwc3: qcom: Don't leave BCR asserted
Drew Hamilton <drew.hamilton(a)zetier.com>
usb: musb: fix gadget state on disconnect
Paul Cercueil <paul(a)crapouillou.net>
usb: musb: Add and use inline functions musb_{get,set}_state
Mathias Nyman <mathias.nyman(a)linux.intel.com>
usb: hub: Fix flushing of delayed work used for post resume purposes
Mathias Nyman <mathias.nyman(a)linux.intel.com>
usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm
Mathias Nyman <mathias.nyman(a)linux.intel.com>
usb: hub: fix detection of high tier USB3 devices behind suspended hubs
Al Viro <viro(a)zeniv.linux.org.uk>
clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns
Aruna Ramakrishna <aruna.ramakrishna(a)oracle.com>
sched: Change nr_uninterruptible type to unsigned long
William Liu <will(a)willsroot.io>
net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree
Joseph Huang <Joseph.Huang(a)garmin.com>
net: bridge: Do not offload IGMP/MLD messages
Dong Chenchen <dongchenchen2(a)huawei.com>
net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU
Yue Haibing <yuehaibing(a)huawei.com>
ipv6: mcast: Delay put pmc->idev in mld_del_delrec()
Christoph Paasch <cpaasch(a)openai.com>
net/mlx5: Correctly set gso_size when LRO is used
Ben Ben-Ishay <benishay(a)nvidia.com>
net/mlx5e: Add support to klm_umr_wqe
Tariq Toukan <tariqt(a)nvidia.com>
lib: bitmap: Introduce node-aware alloc API
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout
Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com>
Bluetooth: SMP: If an unallowed command is received consider it a failure
Kuniyuki Iwashima <kuniyu(a)google.com>
Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()
Oliver Neukum <oneukum(a)suse.com>
usb: net: sierra: check for no status endpoint
Marius Zachmann <mail(a)mariuszachmann.de>
hwmon: (corsair-cpro) Validate the size of the received input buffer
Paolo Abeni <pabeni(a)redhat.com>
selftests: net: increase inter-packet timeout in udpgro.sh
Hangbin Liu <liuhangbin(a)gmail.com>
selftests: udpgro: report error when receive failed
Yu Kuai <yukuai3(a)huawei.com>
nvme: fix misaccounting of nvme-mpath inflight I/O
Wang Zhaolong <wangzhaolong(a)huaweicloud.com>
smb: client: fix use-after-free in cifs_oplock_break
Sam Shih <sam.shih(a)mediatek.com>
pinctrl: mediatek: moore: check if pin_desc is valid before use
Kuniyuki Iwashima <kuniyu(a)google.com>
rpl: Fix use-after-free in rpl_do_srh_inline().
Xiang Mei <xmei5(a)asu.edu>
net/sched: sch_qfq: Fix race condition on qfq_aggregate
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: emaclite: Fix missing pointer increment in aligned_read()
Paul Chaignon <paul.chaignon(a)gmail.com>
bpf: Reject %p% format string in bprintf-like helpers
Ian Abbott <abbotti(a)mev.co.uk>
comedi: Fix initialization of data for instructions that write to subdevice
Ian Abbott <abbotti(a)mev.co.uk>
comedi: Fix use of uninitialized data in insn_rw_emulate_bits()
Ian Abbott <abbotti(a)mev.co.uk>
comedi: Fix some signed shift left operations
Ian Abbott <abbotti(a)mev.co.uk>
comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large
Ian Abbott <abbotti(a)mev.co.uk>
comedi: das6402: Fix bit shift out of bounds
Ian Abbott <abbotti(a)mev.co.uk>
comedi: das16m1: Fix bit shift out of bounds
Ian Abbott <abbotti(a)mev.co.uk>
comedi: aio_iiro_16: Fix bit shift out of bounds
Ian Abbott <abbotti(a)mev.co.uk>
comedi: pcl812: Fix bit shift out of bounds
Chen Ni <nichen(a)iscas.ac.cn>
iio: adc: stm32-adc: Fix race in installing chained IRQ handler
Fabio Estevam <festevam(a)denx.de>
iio: adc: max1363: Reorder mode_list[] entries
Fabio Estevam <festevam(a)denx.de>
iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[]
Andrew Jeffery <andrew(a)codeconstruct.com.au>
soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled
Andrew Jeffery <andrew(a)codeconstruct.com.au>
soc: aspeed: lpc-snoop: Cleanup resources in stack-order
Maulik Shah <maulik.shah(a)oss.qualcomm.com>
pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov
Judith Mendez <jm(a)ti.com>
mmc: sdhci_am654: Workaround for Errata i2312
Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com>
mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models
Thomas Fourier <fourier.thomas(a)gmail.com>
mmc: bcm2835: Fix dma_unmap_sg() nents value
Nathan Chancellor <nathan(a)kernel.org>
memstick: core: Zero initialize id_reg in h_memstick_read_dev_id()
Jan Kara <jack(a)suse.cz>
isofs: Verify inode mode when loading from disk
Dan Carpenter <dan.carpenter(a)linaro.org>
dmaengine: nbpfaxi: Fix memory corruption in probe()
Yun Lu <luyun(a)kylinos.cn>
af_packet: fix soft lockup issue caused by tpacket_snd()
Yun Lu <luyun(a)kylinos.cn>
af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd()
Nathan Chancellor <nathan(a)kernel.org>
phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept()
Steven Rostedt <rostedt(a)goodmis.org>
tracing: Add down_write(trace_event_sem) when adding trace event
Benjamin Tissoires <bentiss(a)kernel.org>
HID: core: do not bypass hid_hw_raw_request
Benjamin Tissoires <bentiss(a)kernel.org>
HID: core: ensure __hid_request reserves the report ID as the first byte
Benjamin Tissoires <bentiss(a)kernel.org>
HID: core: ensure the allocated report buffer can contain the reserved report ID
Thomas Fourier <fourier.thomas(a)gmail.com>
pch_uart: Fix dma_sync_sg_for_device() nents value
Nilton Perim Neto <niltonperimneto(a)gmail.com>
Input: xpad - set correct controller type for Acer NGR200
Alok Tiwari <alok.a.tiwari(a)oracle.com>
thunderbolt: Fix bit masking in tb_dp_port_set_hops()
Clément Le Goffic <clement.legoffic(a)foss.st.com>
i2c: stm32: fix the device used for the DMA map
Xinyu Liu <1171169449(a)qq.com>
usb: gadget: configfs: Fix OOB read on empty string write
Ryan Mann (NDI) <rmann(a)ndigital.com>
USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI
Slark Xiao <slark_xiao(a)163.com>
USB: serial: option: add Foxconn T99W640
Fabio Porcedda <fabio.porcedda(a)gmail.com>
USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition
Wayne Chang <waynec(a)nvidia.com>
phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode
-------------
Diffstat:
Documentation/filesystems/f2fs.rst | 6 +-
Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 +-
Documentation/memory-barriers.txt | 11 +-
Documentation/networking/mptcp-sysctl.rst | 2 +
Makefile | 6 +-
arch/alpha/include/asm/processor.h | 2 +-
arch/alpha/kernel/process.c | 5 +-
arch/arc/include/asm/processor.h | 2 +-
arch/arc/kernel/stacktrace.c | 4 +-
arch/arm/Makefile | 2 +-
arch/arm/boot/dts/am335x-boneblack.dts | 2 +-
arch/arm/boot/dts/imx6ul-kontron-n6x1x-s.dtsi | 1 -
arch/arm/boot/dts/vfxxx.dtsi | 2 +-
arch/arm/include/asm/processor.h | 2 +-
arch/arm/kernel/process.c | 4 +-
arch/arm/mach-rockchip/platsmp.c | 15 +-
arch/arm/mach-tegra/reset.c | 2 +-
.../boot/dts/freescale/imx8mm-beacon-som.dtsi | 2 +
.../boot/dts/freescale/imx8mn-beacon-som.dtsi | 2 +
arch/arm64/include/asm/acpi.h | 2 +-
arch/arm64/include/asm/processor.h | 2 +-
arch/arm64/kernel/entry.S | 6 +
arch/arm64/kernel/fpsimd.c | 4 +-
arch/arm64/kernel/process.c | 4 +-
arch/arm64/kernel/traps.c | 1 +
arch/arm64/mm/fault.c | 1 +
arch/arm64/mm/ptdump_debugfs.c | 3 -
arch/csky/include/asm/processor.h | 2 +-
arch/csky/kernel/stacktrace.c | 5 +-
arch/h8300/include/asm/processor.h | 2 +-
arch/h8300/kernel/process.c | 5 +-
arch/hexagon/include/asm/processor.h | 2 +-
arch/hexagon/kernel/process.c | 4 +-
arch/ia64/include/asm/processor.h | 2 +-
arch/ia64/kernel/process.c | 5 +-
arch/m68k/Kconfig.debug | 2 +-
arch/m68k/include/asm/processor.h | 2 +-
arch/m68k/kernel/early_printk.c | 42 +--
arch/m68k/kernel/head.S | 39 ++-
arch/m68k/kernel/process.c | 4 +-
arch/microblaze/include/asm/processor.h | 2 +-
arch/microblaze/kernel/process.c | 2 +-
arch/mips/crypto/chacha-core.S | 20 +-
arch/mips/include/asm/processor.h | 2 +-
arch/mips/include/asm/vpe.h | 8 +
arch/mips/kernel/process.c | 24 +-
arch/mips/mm/tlb-r4k.c | 56 +++-
arch/nds32/include/asm/processor.h | 2 +-
arch/nds32/kernel/process.c | 7 +-
arch/nios2/include/asm/processor.h | 2 +-
arch/nios2/kernel/process.c | 5 +-
arch/openrisc/include/asm/processor.h | 2 +-
arch/openrisc/kernel/process.c | 2 +-
arch/parisc/Makefile | 2 +-
arch/parisc/include/asm/processor.h | 2 +-
arch/parisc/kernel/process.c | 5 +-
arch/powerpc/configs/ppc6xx_defconfig | 1 -
arch/powerpc/include/asm/processor.h | 2 +-
arch/powerpc/kernel/eeh.c | 1 +
arch/powerpc/kernel/eeh_driver.c | 48 ++--
arch/powerpc/kernel/eeh_pe.c | 11 +-
arch/powerpc/kernel/pci-hotplug.c | 3 +
arch/powerpc/kernel/process.c | 9 +-
arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 +-
arch/riscv/include/asm/processor.h | 2 +-
arch/riscv/kernel/stacktrace.c | 12 +-
arch/s390/hypfs/hypfs_dbfs.c | 19 +-
arch/s390/include/asm/processor.h | 2 +-
arch/s390/include/asm/timex.h | 13 +-
arch/s390/kernel/process.c | 4 +-
arch/s390/kernel/time.c | 2 +-
arch/s390/mm/dump_pagetables.c | 2 -
arch/sh/Makefile | 10 +-
arch/sh/boot/compressed/Makefile | 4 +-
arch/sh/boot/romimage/Makefile | 4 +-
arch/sh/include/asm/processor_32.h | 2 +-
arch/sh/kernel/process_32.c | 5 +-
arch/sparc/include/asm/processor_32.h | 2 +-
arch/sparc/include/asm/processor_64.h | 2 +-
arch/sparc/kernel/process_32.c | 5 +-
arch/sparc/kernel/process_64.c | 5 +-
arch/um/drivers/rtc_user.c | 2 +-
arch/um/include/asm/processor-generic.h | 2 +-
arch/um/kernel/process.c | 5 +-
arch/x86/include/asm/processor.h | 2 +-
arch/x86/include/asm/xen/hypercall.h | 6 +-
arch/x86/kernel/cpu/amd.c | 2 +
arch/x86/kernel/cpu/bugs.c | 5 +-
arch/x86/kernel/cpu/hygon.c | 3 +
arch/x86/kernel/cpu/mce/amd.c | 13 +-
arch/x86/kernel/process.c | 62 ++---
arch/x86/kvm/vmx/vmx.c | 5 +-
arch/x86/mm/extable.c | 5 +-
arch/xtensa/include/asm/processor.h | 2 +-
arch/xtensa/kernel/process.c | 5 +-
block/blk-settings.c | 2 +-
drivers/acpi/acpi_processor.c | 2 +-
drivers/acpi/apei/ghes.c | 2 +
drivers/acpi/prmt.c | 26 +-
drivers/acpi/processor_idle.c | 4 +-
drivers/acpi/processor_perflib.c | 11 +
drivers/ata/Kconfig | 35 ++-
drivers/ata/libata-sata.c | 5 +
drivers/ata/libata-scsi.c | 20 +-
drivers/base/power/domain_governor.c | 18 +-
drivers/base/power/runtime.c | 5 +
drivers/base/regmap/regmap.c | 2 +
drivers/block/drbd/drbd_receiver.c | 6 +-
drivers/block/sunvdc.c | 4 +-
drivers/bus/fsl-mc/fsl-mc-bus.c | 19 +-
drivers/bus/mhi/host/boot.c | 8 +-
drivers/bus/mhi/host/internal.h | 4 +-
drivers/bus/mhi/host/main.c | 15 +-
drivers/char/hw_random/mtk-rng.c | 4 +-
drivers/char/ipmi/ipmi_msghandler.c | 8 +-
drivers/char/ipmi/ipmi_watchdog.c | 59 +++--
drivers/clk/clk-axi-clkgen.c | 2 +-
drivers/clk/davinci/psc.c | 5 +
drivers/clk/sunxi-ng/ccu-sun8i-v3s.c | 3 +-
drivers/clk/xilinx/xlnx_vcu.c | 4 +-
drivers/comedi/comedi_fops.c | 68 ++++-
drivers/comedi/comedi_internal.h | 1 +
drivers/comedi/drivers.c | 47 ++--
drivers/comedi/drivers/aio_iiro_16.c | 3 +-
drivers/comedi/drivers/comedi_test.c | 2 +-
drivers/comedi/drivers/das16m1.c | 3 +-
drivers/comedi/drivers/das6402.c | 3 +-
drivers/comedi/drivers/pcl726.c | 3 +-
drivers/comedi/drivers/pcl812.c | 3 +-
drivers/cpufreq/armada-8k-cpufreq.c | 2 +-
drivers/cpufreq/cppc_cpufreq.c | 2 +-
drivers/cpufreq/cpufreq.c | 29 +-
drivers/cpufreq/intel_pstate.c | 4 +-
drivers/cpuidle/governors/menu.c | 21 +-
drivers/crypto/ccp/ccp-debugfs.c | 3 +
drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 +-
drivers/crypto/img-hash.c | 2 +-
drivers/crypto/inside-secure/safexcel_hash.c | 8 +-
drivers/crypto/keembay/keembay-ocs-hcu-core.c | 8 +-
drivers/crypto/marvell/cesa/cipher.c | 4 +-
drivers/crypto/marvell/cesa/hash.c | 5 +-
.../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 +-
.../crypto/qat/qat_common/adf_transport_debug.c | 4 +-
drivers/devfreq/devfreq.c | 10 +-
drivers/devfreq/governor_userspace.c | 6 +-
drivers/dma/mv_xor.c | 21 +-
drivers/dma/nbpfaxi.c | 24 +-
drivers/edac/synopsys_edac.c | 93 +++----
drivers/fpga/zynq-fpga.c | 10 +-
drivers/gpio/gpio-tps65912.c | 7 +-
drivers/gpio/gpio-virtio.c | 9 +-
drivers/gpio/gpio-wcd934x.c | 7 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +
.../gpu/drm/amd/display/dc/bios/command_table.c | 2 +-
drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 1 -
.../amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 2 -
.../amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 +--
.../amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 +--
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 +-
.../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 +
.../gpu/drm/amd/pm/powerplay/hwmgr/smu_helper.c | 2 +-
drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 +
drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 ++-
drivers/gpu/drm/drm_dp_helper.c | 2 +-
drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c | 4 +-
drivers/gpu/drm/msm/msm_gem.c | 3 +-
drivers/gpu/drm/rockchip/rockchip_drm_fb.c | 9 +-
drivers/gpu/drm/scheduler/sched_entity.c | 27 +-
drivers/gpu/drm/ttm/ttm_pool.c | 8 +-
drivers/gpu/drm/ttm/ttm_resource.c | 3 +
drivers/hid/hid-core.c | 21 +-
drivers/hid/hid-magicmouse.c | 51 ++--
drivers/hwmon/corsair-cpro.c | 5 +
drivers/hwmon/gsc-hwmon.c | 4 +-
drivers/i2c/busses/i2c-qup.c | 4 +-
drivers/i2c/busses/i2c-stm32.c | 8 +-
drivers/i2c/busses/i2c-stm32f7.c | 4 +-
drivers/i2c/busses/i2c-virtio.c | 15 +-
drivers/i2c/i2c-core-acpi.c | 1 +
drivers/i3c/internals.h | 1 +
drivers/i3c/master.c | 2 +-
drivers/idle/intel_idle.c | 2 +-
drivers/iio/adc/ad7768-1.c | 23 +-
drivers/iio/adc/ad_sigma_delta.c | 4 +-
drivers/iio/adc/max1363.c | 43 ++-
drivers/iio/adc/stm32-adc-core.c | 7 +-
drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 6 +-
drivers/iio/light/as73211.c | 2 +-
drivers/iio/light/hid-sensor-prox.c | 8 +-
drivers/iio/pressure/bmp280-core.c | 9 +-
drivers/iio/proximity/isl29501.c | 14 +-
drivers/infiniband/core/cache.c | 4 +-
drivers/infiniband/core/nldev.c | 22 +-
drivers/infiniband/hw/bnxt_re/qplib_res.c | 2 +
drivers/infiniband/hw/hfi1/affinity.c | 44 +--
drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 15 +-
drivers/infiniband/hw/mlx5/dm.c | 2 +-
drivers/input/joystick/xpad.c | 2 +-
drivers/input/keyboard/gpio_keys.c | 4 +-
drivers/interconnect/qcom/sc7280.c | 1 +
drivers/iommu/amd/init.c | 4 +-
drivers/leds/leds-lp50xx.c | 11 +-
drivers/md/dm-ps-historical-service-time.c | 4 +-
drivers/md/dm-ps-queue-length.c | 4 +-
drivers/md/dm-ps-round-robin.c | 4 +-
drivers/md/dm-ps-service-time.c | 4 +-
drivers/md/dm-zoned-target.c | 2 +-
drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3 +-
drivers/media/dvb-frontends/dib7000p.c | 10 +
drivers/media/i2c/hi556.c | 26 +-
drivers/media/i2c/ov2659.c | 3 +-
drivers/media/i2c/tc358743.c | 86 +++---
drivers/media/platform/qcom/camss/camss.c | 10 +-
drivers/media/platform/qcom/venus/core.c | 21 +-
drivers/media/platform/qcom/venus/core.h | 2 +
drivers/media/platform/qcom/venus/dbgfs.c | 9 +
drivers/media/platform/qcom/venus/dbgfs.h | 13 +
drivers/media/platform/qcom/venus/hfi_venus.c | 5 +
drivers/media/platform/qcom/venus/vdec.c | 5 +-
drivers/media/platform/qcom/venus/venc.c | 5 +-
drivers/media/usb/gspca/vicam.c | 10 +-
drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 +
drivers/media/usb/usbtv/usbtv-video.c | 4 +
drivers/media/usb/uvc/uvc_driver.c | 3 +
drivers/media/usb/uvc/uvc_video.c | 21 +-
drivers/media/v4l2-core/v4l2-common.c | 8 +-
drivers/media/v4l2-core/v4l2-ctrls-core.c | 9 +-
drivers/memstick/core/memstick.c | 3 +-
drivers/memstick/host/rtsx_usb_ms.c | 1 +
drivers/misc/cardreader/rtsx_usb.c | 16 +-
drivers/mmc/host/bcm2835.c | 3 +-
drivers/mmc/host/rtsx_usb_sdmmc.c | 4 +-
drivers/mmc/host/sdhci-msm.c | 14 +
drivers/mmc/host/sdhci-pci-core.c | 3 +-
drivers/mmc/host/sdhci-pci-gli.c | 4 +-
drivers/mmc/host/sdhci_am654.c | 9 +-
drivers/most/core.c | 2 +-
drivers/mtd/ftl.c | 2 +-
drivers/mtd/nand/raw/atmel/nand-controller.c | 2 +-
drivers/mtd/nand/raw/atmel/pmecc.c | 6 +
drivers/mtd/nand/raw/fsmc_nand.c | 2 +
drivers/mtd/nand/raw/rockchip-nand-controller.c | 15 ++
drivers/mtd/nand/spi/core.c | 5 +-
drivers/net/bonding/bond_3ad.c | 25 ++
drivers/net/bonding/bond_options.c | 1 +
drivers/net/can/kvaser_pciefd.c | 1 +
drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 +
drivers/net/dsa/b53/b53_common.c | 63 +++--
drivers/net/dsa/b53/b53_regs.h | 2 +
drivers/net/ethernet/agere/et131x.c | 36 +++
drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2 +
.../aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 +++
drivers/net/ethernet/atheros/ag71xx.c | 9 +
drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +-
drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +-
drivers/net/ethernet/emulex/benet/be_main.c | 8 +-
drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 -
drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 +-
drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 15 +-
.../net/ethernet/freescale/dpaa2/dpaa2-switch.c | 15 +-
drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14 +-
drivers/net/ethernet/freescale/fec_main.c | 34 ++-
drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 +-
drivers/net/ethernet/google/gve/gve_adminq.c | 1 +
drivers/net/ethernet/google/gve/gve_main.c | 67 ++---
.../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 36 +--
.../net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 9 +-
.../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 6 +-
drivers/net/ethernet/intel/e1000e/defines.h | 3 +
drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 +
drivers/net/ethernet/intel/e1000e/nvm.c | 6 +
drivers/net/ethernet/intel/fm10k/fm10k.h | 3 +-
drivers/net/ethernet/intel/i40e/i40e.h | 2 +-
drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 3 +-
drivers/net/ethernet/intel/i40e/i40e_main.c | 18 +-
drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 +-
drivers/net/ethernet/intel/ice/ice_flex_pipe.c | 2 +
drivers/net/ethernet/intel/igc/igc_main.c | 14 +-
drivers/net/ethernet/intel/ixgbe/ixgbe.h | 3 +-
drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4 +-
drivers/net/ethernet/mellanox/mlx5/core/en.h | 24 +-
drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2 +-
drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 13 +-
drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c | 4 +-
drivers/net/ethernet/mellanox/mlx5/core/main.c | 3 -
drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2 +
drivers/net/ethernet/mellanox/mlxsw/trap.h | 1 +
drivers/net/ethernet/xilinx/xilinx_emaclite.c | 2 +-
drivers/net/hyperv/hyperv_net.h | 3 +
drivers/net/hyperv/netvsc_drv.c | 29 +-
drivers/net/phy/dp83640.c | 6 +-
drivers/net/phy/mscc/mscc.h | 12 +
drivers/net/phy/mscc/mscc_main.c | 12 +
drivers/net/phy/mscc/mscc_ptp.c | 50 +++-
drivers/net/phy/mscc/mscc_ptp.h | 1 +
drivers/net/phy/nxp-c45-tja11xx.c | 2 +-
drivers/net/phy/smsc.c | 1 +
drivers/net/ppp/ppp_generic.c | 17 +-
drivers/net/ppp/pptp.c | 18 +-
drivers/net/thunderbolt.c | 8 +-
drivers/net/usb/asix_devices.c | 1 +
drivers/net/usb/sierra_net.c | 4 +
drivers/net/usb/usbnet.c | 11 +-
drivers/net/vrf.c | 2 +
drivers/net/wireless/ath/ath11k/hal.c | 25 +-
.../broadcom/brcm80211/brcmfmac/cfg80211.c | 8 +-
.../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 +-
drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 +-
drivers/net/wireless/intel/iwlwifi/dvm/main.c | 11 +-
drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 +-
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 +-
drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 4 +-
drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +-
drivers/net/wireless/marvell/mwl8k.c | 4 +
drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 3 +-
.../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 2 +-
drivers/net/wireless/realtek/rtlwifi/pci.c | 23 +-
drivers/net/xen-netfront.c | 5 -
drivers/nvme/host/core.c | 4 +
drivers/pci/controller/pcie-rockchip-host.c | 2 +-
drivers/pci/controller/vmd.c | 3 +
drivers/pci/endpoint/functions/pci-epf-vntb.c | 4 +-
drivers/pci/endpoint/pci-ep-cfs.c | 1 +
drivers/pci/endpoint/pci-epf-core.c | 2 +-
drivers/pci/hotplug/pnv_php.c | 235 ++++++++++++++--
drivers/pci/pci-acpi.c | 4 +-
drivers/pci/pci.c | 8 +-
drivers/pci/probe.c | 2 +-
drivers/phy/tegra/xusb-tegra186.c | 61 +++--
drivers/pinctrl/mediatek/pinctrl-moore.c | 18 ++
drivers/pinctrl/stm32/pinctrl-stm32.c | 1 +
drivers/pinctrl/sunxi/pinctrl-sunxi.c | 11 +-
drivers/platform/chrome/cros_ec.c | 23 +-
drivers/platform/chrome/cros_ec.h | 2 +-
drivers/platform/chrome/cros_ec_i2c.c | 4 +-
drivers/platform/chrome/cros_ec_lpc.c | 4 +-
drivers/platform/chrome/cros_ec_spi.c | 4 +-
drivers/platform/chrome/cros_ec_typec.c | 4 +-
drivers/platform/x86/ideapad-laptop.c | 2 +-
drivers/platform/x86/think-lmi.c | 27 +-
drivers/platform/x86/thinkpad_acpi.c | 4 +-
drivers/power/supply/cpcap-charger.c | 5 +-
drivers/power/supply/max14577_charger.c | 4 +-
drivers/powercap/intel_rapl_common.c | 23 +-
drivers/pps/clients/pps-gpio.c | 5 +-
drivers/pps/pps.c | 11 +-
drivers/ptp/ptp_private.h | 5 +
drivers/ptp/ptp_vclock.c | 7 +
drivers/pwm/pwm-imx-tpm.c | 9 +
drivers/pwm/pwm-mediatek.c | 78 ++++--
drivers/regulator/core.c | 1 +
drivers/reset/Kconfig | 10 +-
drivers/rtc/rtc-ds1307.c | 17 +-
drivers/rtc/rtc-hym8563.c | 2 +-
drivers/rtc/rtc-pcf85063.c | 2 +-
drivers/rtc/rtc-pcf8563.c | 2 +-
drivers/rtc/rtc-rv3028.c | 2 +-
drivers/scsi/aacraid/comminit.c | 3 +-
drivers/scsi/bfa/bfad_im.c | 1 +
drivers/scsi/ibmvscsi_tgt/libsrp.c | 6 +-
drivers/scsi/isci/request.c | 2 +-
drivers/scsi/libiscsi.c | 3 +-
drivers/scsi/lpfc/lpfc_debugfs.c | 1 -
drivers/scsi/lpfc/lpfc_scsi.c | 4 +
drivers/scsi/mpi3mr/mpi3mr.h | 6 +-
drivers/scsi/mpi3mr/mpi3mr_fw.c | 17 +-
drivers/scsi/mpi3mr/mpi3mr_os.c | 2 +
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 22 +-
drivers/scsi/mvsas/mv_sas.c | 4 +-
drivers/scsi/qla4xxx/ql4_os.c | 2 +
drivers/scsi/scsi_scan.c | 2 +-
drivers/scsi/scsi_transport_sas.c | 62 ++++-
drivers/scsi/ufs/ufs-exynos.c | 4 +-
drivers/scsi/ufs/ufshcd-pci.c | 42 ++-
drivers/scsi/ufs/ufshcd.c | 10 +-
drivers/soc/aspeed/aspeed-lpc-snoop.c | 13 +-
drivers/soc/qcom/mdt_loader.c | 41 +++
drivers/soc/tegra/pmc.c | 51 ++--
drivers/soundwire/stream.c | 2 +-
drivers/staging/fbtft/fbtft-core.c | 1 +
drivers/staging/media/imx/imx-media-csc-scaler.c | 2 +-
drivers/staging/nvec/nvec_power.c | 2 +-
drivers/target/target_core_fabric_lib.c | 65 +++--
drivers/target/target_core_internal.h | 4 +-
drivers/target/target_core_pr.c | 18 +-
drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 ++-
drivers/thermal/thermal_sysfs.c | 9 +-
drivers/thunderbolt/domain.c | 2 +-
drivers/thunderbolt/switch.c | 2 +-
drivers/tty/serial/8250/8250_port.c | 3 +-
drivers/tty/serial/pch_uart.c | 2 +-
drivers/tty/vt/defkeymap.c_shipped | 112 ++++++++
drivers/tty/vt/keyboard.c | 2 +-
drivers/usb/atm/cxacru.c | 172 ++++++------
drivers/usb/chipidea/ci.h | 18 +-
drivers/usb/chipidea/udc.c | 10 +
drivers/usb/class/cdc-acm.c | 11 +-
drivers/usb/core/config.c | 10 +-
drivers/usb/core/hcd.c | 8 +-
drivers/usb/core/hub.c | 60 ++++-
drivers/usb/core/hub.h | 1 +
drivers/usb/core/quirks.c | 1 +
drivers/usb/core/urb.c | 2 +-
drivers/usb/dwc3/dwc3-imx8mp.c | 6 +-
drivers/usb/dwc3/dwc3-meson-g12a.c | 3 +
drivers/usb/dwc3/dwc3-qcom.c | 7 +-
drivers/usb/dwc3/ep0.c | 20 +-
drivers/usb/dwc3/gadget.c | 19 +-
drivers/usb/early/xhci-dbc.c | 4 +
drivers/usb/gadget/composite.c | 5 +
drivers/usb/gadget/configfs.c | 2 +
drivers/usb/gadget/udc/renesas_usb3.c | 1 +
drivers/usb/host/xhci-hub.c | 3 +-
drivers/usb/host/xhci-mem.c | 24 +-
drivers/usb/host/xhci-pci-renesas.c | 7 +-
drivers/usb/host/xhci-ring.c | 19 +-
drivers/usb/host/xhci.c | 24 +-
drivers/usb/host/xhci.h | 3 +-
drivers/usb/misc/apple-mfi-fastcharge.c | 24 +-
drivers/usb/musb/musb_core.c | 62 ++---
drivers/usb/musb/musb_core.h | 11 +
drivers/usb/musb/musb_debugfs.c | 6 +-
drivers/usb/musb/musb_gadget.c | 30 ++-
drivers/usb/musb/musb_host.c | 6 +-
drivers/usb/musb/musb_virthub.c | 18 +-
drivers/usb/musb/omap2430.c | 16 +-
drivers/usb/phy/phy-mxs-usb.c | 4 +-
drivers/usb/serial/ftdi_sio.c | 2 +
drivers/usb/serial/ftdi_sio_ids.h | 3 +
drivers/usb/serial/option.c | 7 +
drivers/usb/storage/realtek_cr.c | 2 +-
drivers/usb/storage/unusual_devs.h | 29 ++
drivers/usb/typec/mux/intel_pmc_mux.c | 2 +-
drivers/usb/typec/tcpm/fusb302.c | 8 +
drivers/usb/typec/tcpm/tcpm.c | 64 +++--
drivers/usb/typec/ucsi/psy.c | 2 +-
drivers/usb/typec/ucsi/ucsi.c | 1 +
drivers/usb/typec/ucsi/ucsi.h | 7 +-
drivers/vhost/scsi.c | 4 +-
drivers/vhost/vhost.c | 3 +
drivers/video/console/vgacon.c | 2 +-
drivers/video/fbdev/core/fbcon.c | 9 +-
drivers/video/fbdev/imxfb.c | 9 +-
drivers/watchdog/dw_wdt.c | 2 +
drivers/watchdog/iTCO_wdt.c | 6 +-
drivers/watchdog/sbsa_gwdt.c | 50 +++-
drivers/watchdog/ziirave_wdt.c | 3 +
drivers/xen/gntdev-common.h | 4 +
drivers/xen/gntdev.c | 71 +++--
fs/btrfs/relocation.c | 19 ++
fs/btrfs/tree-log.c | 53 ++--
fs/buffer.c | 2 +-
fs/cifs/cifssmb.c | 10 +
fs/cifs/file.c | 10 +-
fs/cifs/smb2ops.c | 7 +-
fs/cifs/smbdirect.c | 14 +-
fs/eventpoll.c | 60 ++++-
fs/ext2/inode.c | 12 +-
fs/ext4/fsmap.c | 23 +-
fs/ext4/indirect.c | 4 +-
fs/ext4/inline.c | 19 +-
fs/ext4/inode.c | 2 +-
fs/ext4/mballoc.c | 35 ++-
fs/ext4/orphan.c | 5 +-
fs/ext4/super.c | 2 +
fs/f2fs/extent_cache.c | 2 +-
fs/f2fs/f2fs.h | 2 +-
fs/f2fs/inode.c | 28 +-
fs/f2fs/node.c | 10 +
fs/file.c | 15 ++
fs/hfs/bnode.c | 93 +++++++
fs/hfsplus/bnode.c | 92 +++++++
fs/hfsplus/extents.c | 3 -
fs/hfsplus/unicode.c | 7 +
fs/hfsplus/xattr.c | 6 +-
fs/hugetlbfs/inode.c | 2 +-
fs/isofs/inode.c | 9 +-
fs/jbd2/checkpoint.c | 1 +
fs/jfs/file.c | 3 +
fs/jfs/inode.c | 2 +-
fs/jfs/jfs_dmap.c | 10 +-
fs/jfs/jfs_imap.c | 13 +-
fs/ksmbd/smb2pdu.c | 16 +-
fs/ksmbd/smb_common.c | 2 +-
fs/ksmbd/transport_rdma.c | 97 +++----
fs/libfs.c | 4 +-
fs/namespace.c | 39 ++-
fs/nfs/blocklayout/blocklayout.c | 4 +-
fs/nfs/blocklayout/dev.c | 5 +-
fs/nfs/blocklayout/extent_tree.c | 20 +-
fs/nfs/client.c | 44 ++-
fs/nfs/export.c | 11 +-
fs/nfs/flexfilelayout/flexfilelayout.c | 26 +-
fs/nfs/flexfilelayout/flexfilelayoutdev.c | 6 +-
fs/nfs/internal.h | 10 +-
fs/nfs/nfs4client.c | 15 +-
fs/nfs/nfs4proc.c | 12 +-
fs/nfs/pnfs.c | 11 +-
fs/nfsd/nfs4state.c | 34 ++-
fs/nilfs2/inode.c | 9 +-
fs/ntfs3/dir.c | 3 +
fs/ntfs3/file.c | 5 +-
fs/ntfs3/inode.c | 31 ++-
fs/orangefs/orangefs-debugfs.c | 8 +-
fs/squashfs/super.c | 14 +-
fs/udf/super.c | 13 +-
include/asm-generic/barrier.h | 33 +++
include/linux/bitmap.h | 2 +
include/linux/blk_types.h | 8 +-
include/linux/compiler.h | 8 -
include/linux/cpuset.h | 17 ++
include/linux/fs.h | 4 +-
include/linux/fs_context.h | 2 +-
include/linux/if_vlan.h | 6 +-
include/linux/memfd.h | 14 +
include/linux/mlx5/device.h | 1 +
include/linux/mm.h | 76 ++++--
include/linux/mmzone.h | 22 ++
include/linux/moduleparam.h | 5 +-
include/linux/pci.h | 10 +-
include/linux/platform_data/cros_ec_proto.h | 4 +
include/linux/pps_kernel.h | 1 +
include/linux/sched.h | 1 +
include/linux/skbuff.h | 31 ++-
include/linux/usb/usbnet.h | 1 +
include/linux/xarray.h | 15 ++
include/net/bond_3ad.h | 1 +
include/net/cfg80211.h | 2 +-
include/net/mac80211.h | 2 +
include/net/tc_act/tc_ctinfo.h | 6 +-
include/net/udp.h | 24 +-
include/sound/soc-dai.h | 13 +
include/uapi/linux/in6.h | 4 +-
include/uapi/linux/io_uring.h | 2 +-
kernel/bpf/helpers.c | 11 +-
kernel/cgroup/cpuset.c | 23 ++
kernel/events/core.c | 20 +-
kernel/fork.c | 2 +-
kernel/power/console.c | 7 +-
kernel/rcu/tree_plugin.h | 3 +
kernel/sched/core.c | 19 ++
kernel/sched/deadline.c | 4 +-
kernel/sched/loadavg.c | 2 +-
kernel/sched/rt.c | 6 +
kernel/sched/sched.h | 2 +-
kernel/trace/ftrace.c | 19 +-
kernel/trace/preemptirq_delay_test.c | 13 +-
kernel/trace/trace.c | 33 ++-
kernel/trace/trace.h | 8 +-
kernel/trace/trace_events.c | 5 +
kernel/ucount.c | 2 +-
lib/bitmap.c | 13 +
mm/debug_vm_pgtable.c | 9 +-
mm/filemap.c | 2 +-
mm/hmm.c | 2 +-
mm/kmemleak.c | 10 +-
mm/madvise.c | 2 +-
mm/memfd.c | 2 +-
mm/memory-failure.c | 8 +
mm/mmap.c | 10 +-
mm/page_alloc.c | 13 +
mm/ptdump.c | 2 +
mm/shmem.c | 2 +-
mm/vmalloc.c | 17 +-
mm/zsmalloc.c | 3 +
net/8021q/vlan.c | 42 ++-
net/8021q/vlan.h | 1 +
net/appletalk/aarp.c | 24 +-
net/bluetooth/l2cap_core.c | 26 +-
net/bluetooth/l2cap_sock.c | 3 +
net/bluetooth/smp.c | 21 +-
net/bluetooth/smp.h | 1 +
net/bridge/br_multicast.c | 16 ++
net/bridge/br_private.h | 2 +
net/bridge/br_switchdev.c | 3 +
net/caif/cfctrl.c | 294 ++++++++++-----------
net/core/filter.c | 3 +
net/core/netpoll.c | 7 +
net/core/skmsg.c | 57 ++--
net/hsr/hsr_slave.c | 8 +-
net/ipv4/netfilter/nf_reject_ipv4.c | 6 +-
net/ipv4/route.c | 1 -
net/ipv4/tcp_input.c | 3 +-
net/ipv4/udp_offload.c | 2 +-
net/ipv6/addrconf.c | 7 +-
net/ipv6/ip6_offload.c | 4 +-
net/ipv6/mcast.c | 13 +-
net/ipv6/netfilter/nf_reject_ipv6.c | 5 +-
net/ipv6/rpl_iptunnel.c | 8 +-
net/ipv6/seg6_hmac.c | 6 +-
net/mac80211/cfg.c | 13 +-
net/mac80211/mlme.c | 9 +-
net/mac80211/tx.c | 10 +-
net/mctp/af_mctp.c | 28 +-
net/mptcp/options.c | 7 +-
net/mptcp/pm_netlink.c | 14 +-
net/mptcp/protocol.c | 17 +-
net/mptcp/protocol.h | 11 +-
net/mptcp/subflow.c | 20 +-
net/ncsi/internal.h | 2 +-
net/ncsi/ncsi-rsp.c | 1 +
net/netfilter/nf_conntrack_netlink.c | 24 +-
net/netfilter/nf_tables_api.c | 4 +-
net/netfilter/xt_nfacct.c | 4 +-
net/netlink/af_netlink.c | 2 +-
net/packet/af_packet.c | 39 ++-
net/phonet/pep.c | 2 +-
net/sched/act_ctinfo.c | 19 +-
net/sched/sch_cake.c | 14 +-
net/sched/sch_codel.c | 5 +-
net/sched/sch_drr.c | 7 +-
net/sched/sch_ets.c | 46 ++--
net/sched/sch_fq_codel.c | 6 +-
net/sched/sch_hfsc.c | 8 +-
net/sched/sch_htb.c | 19 +-
net/sched/sch_netem.c | 40 +++
net/sched/sch_qfq.c | 40 ++-
net/sctp/input.c | 2 +-
net/tls/tls_sw.c | 13 +
net/vmw_vsock/af_vsock.c | 3 +-
net/wireless/mlme.c | 3 +-
samples/mei/mei-amt-version.c | 2 +-
scripts/kconfig/gconf.c | 8 +-
scripts/kconfig/lxdialog/inputbox.c | 6 +-
scripts/kconfig/lxdialog/menubox.c | 2 +-
scripts/kconfig/nconf.c | 2 +
scripts/kconfig/nconf.gui.c | 1 +
scripts/kconfig/qconf.cc | 2 +-
security/apparmor/include/match.h | 3 +-
security/apparmor/match.c | 1 +
security/inode.c | 2 -
sound/core/pcm_native.c | 19 +-
sound/pci/hda/patch_ca0132.c | 7 +-
sound/pci/hda/patch_hdmi.c | 19 ++
sound/pci/hda/patch_realtek.c | 3 +
sound/pci/intel8x0.c | 2 +-
sound/soc/codecs/hdac_hdmi.c | 10 +-
sound/soc/codecs/rt5640.c | 5 +
sound/soc/fsl/fsl_sai.c | 30 ++-
sound/soc/generic/audio-graph-card.c | 2 +-
sound/soc/intel/boards/Kconfig | 2 +-
sound/soc/soc-core.c | 28 ++
sound/soc/soc-dai.c | 59 +++--
sound/soc/soc-dapm.c | 4 +
sound/soc/soc-ops.c | 28 +-
sound/usb/mixer_quirks.c | 14 +-
sound/usb/mixer_scarlett_gen2.c | 8 +
sound/usb/stream.c | 25 +-
sound/usb/validate.c | 14 +-
sound/x86/intel_hdmi_audio.c | 2 +-
tools/bpf/bpftool/net.c | 15 +-
tools/include/linux/sched/mm.h | 2 +
tools/include/nolibc/std.h | 4 +-
tools/perf/builtin-sched.c | 12 +
tools/perf/tests/bp_account.c | 1 +
tools/perf/util/evsel.c | 11 +
tools/perf/util/evsel.h | 2 +
.../cpupower/utils/idle_monitor/mperf_monitor.c | 4 +-
tools/testing/ktest/ktest.pl | 5 +-
.../ftrace/test.d/event/subsystem-enable.tc | 28 +-
.../ftrace/test.d/ftrace/func-filter-glob.tc | 2 +-
tools/testing/selftests/futex/include/futextest.h | 11 +
tools/testing/selftests/memfd/memfd_test.c | 43 +++
tools/testing/selftests/net/mptcp/Makefile | 3 +-
tools/testing/selftests/net/mptcp/mptcp_connect.c | 28 +-
.../selftests/net/mptcp/mptcp_connect_checksum.sh | 5 +
.../selftests/net/mptcp/mptcp_connect_mmap.sh | 5 +
.../selftests/net/mptcp/mptcp_connect_sendfile.sh | 5 +
tools/testing/selftests/net/mptcp/mptcp_join.sh | 1 +
tools/testing/selftests/net/mptcp/pm_netlink.sh | 1 +
tools/testing/selftests/net/rtnetlink.sh | 6 +
tools/testing/selftests/net/udpgro.sh | 46 ++--
tools/testing/selftests/perf_events/.gitignore | 1 +
tools/testing/selftests/perf_events/Makefile | 2 +-
tools/testing/selftests/perf_events/mmap.c | 236 +++++++++++++++++
.../selftests/syscall_user_dispatch/sud_test.c | 50 ++--
677 files changed, 6081 insertions(+), 2515 deletions(-)
2 weeks, 2 days
- 7
- 650
[PATCH 5.4.y] wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()
by Alexander Wetzel
[ Upstream commit 2c5dee15239f3f3e31aa5c8808f18996c039e2c1 ]
Callers of wdev_chandef() must hold the wiphy mutex.
But the worker cfg80211_propagate_cac_done_wk() never takes the lock.
Which triggers the warning below with the mesh_peer_connected_dfs
test from hostapd and not (yet) released mac80211 code changes:
WARNING: CPU: 0 PID: 495 at net/wireless/chan.c:1552 wdev_chandef+0x60/0x165
Modules linked in:
CPU: 0 UID: 0 PID: 495 Comm: kworker/u4:2 Not tainted 6.14.0-rc5-wt-g03960e6f9d47 #33 13c287eeabfe1efea01c0bcc863723ab082e17cf
Workqueue: cfg80211 cfg80211_propagate_cac_done_wk
Stack:
00000000 00000001 ffffff00 6093267c
00000000 6002ec30 6d577c50 60037608
00000000 67e8d108 6063717b 00000000
Call Trace:
[<6002ec30>] ? _printk+0x0/0x98
[<6003c2b3>] show_stack+0x10e/0x11a
[<6002ec30>] ? _printk+0x0/0x98
[<60037608>] dump_stack_lvl+0x71/0xb8
[<6063717b>] ? wdev_chandef+0x60/0x165
[<6003766d>] dump_stack+0x1e/0x20
[<6005d1b7>] __warn+0x101/0x20f
[<6005d3a8>] warn_slowpath_fmt+0xe3/0x15d
[<600b0c5c>] ? mark_lock.part.0+0x0/0x4ec
[<60751191>] ? __this_cpu_preempt_check+0x0/0x16
[<600b11a2>] ? mark_held_locks+0x5a/0x6e
[<6005d2c5>] ? warn_slowpath_fmt+0x0/0x15d
[<60052e53>] ? unblock_signals+0x3a/0xe7
[<60052f2d>] ? um_set_signals+0x2d/0x43
[<60751191>] ? __this_cpu_preempt_check+0x0/0x16
[<607508b2>] ? lock_is_held_type+0x207/0x21f
[<6063717b>] wdev_chandef+0x60/0x165
[<605f89b4>] regulatory_propagate_dfs_state+0x247/0x43f
[<60052f00>] ? um_set_signals+0x0/0x43
[<605e6bfd>] cfg80211_propagate_cac_done_wk+0x3a/0x4a
[<6007e460>] process_scheduled_works+0x3bc/0x60e
[<6007d0ec>] ? move_linked_works+0x4d/0x81
[<6007d120>] ? assign_work+0x0/0xaa
[<6007f81f>] worker_thread+0x220/0x2dc
[<600786ef>] ? set_pf_worker+0x0/0x57
[<60087c96>] ? to_kthread+0x0/0x43
[<6008ab3c>] kthread+0x2d3/0x2e2
[<6007f5ff>] ? worker_thread+0x0/0x2dc
[<6006c05b>] ? calculate_sigpending+0x0/0x56
[<6003b37d>] new_thread_handler+0x4a/0x64
irq event stamp: 614611
hardirqs last enabled at (614621): [<00000000600bc96b>] __up_console_sem+0x82/0xaf
hardirqs last disabled at (614630): [<00000000600bc92c>] __up_console_sem+0x43/0xaf
softirqs last enabled at (614268): [<00000000606c55c6>] __ieee80211_wake_queue+0x933/0x985
softirqs last disabled at (614266): [<00000000606c52d6>] __ieee80211_wake_queue+0x643/0x985
Fixes: 26ec17a1dc5e ("cfg80211: Fix radar event during another phy CAC")
Signed-off-by: Alexander Wetzel <Alexander(a)wetzel-home.de>
Link: https://patch.msgid.link/20250717162547.94582-1-Alexander@wetzel-home.de
Signed-off-by: Johannes Berg <johannes.berg(a)intel.com>
Conflicts:
net/wireless/reg.c
Signed-off-by: lifangxu <lifangxu(a)kylinos.cn>
---
net/wireless/reg.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index 213655aa6e48..950bf146227e 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -3906,6 +3906,9 @@ EXPORT_SYMBOL(regulatory_pre_cac_allowed);
static void cfg80211_check_and_end_cac(struct cfg80211_registered_device *rdev)
{
struct wireless_dev *wdev;
+
+ wdev_lock(wdev);
+
/* If we finished CAC or received radar, we should end any
* CAC running on the same channels.
* the check !cfg80211_chandef_dfs_usable contain 2 options:
@@ -3920,6 +3923,7 @@ static void cfg80211_check_and_end_cac(struct cfg80211_registered_device *rdev)
!cfg80211_chandef_dfs_usable(&rdev->wiphy, &wdev->chandef))
rdev_end_cac(rdev, wdev->netdev);
}
+ wdev_unlock(wdev);
}
void regulatory_propagate_dfs_state(struct wiphy *wiphy,
--
2.43.0
2 weeks, 2 days
- 3
- 2
[merged mm-hotfixes-stable] mm-fix-possible-deadlock-in-kmemleak.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: mm: gix possible deadlock in kmemleak
has been removed from the -mm tree. Its filename was
mm-fix-possible-deadlock-in-kmemleak.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Gu Bowen <gubowen5(a)huawei.com>
Subject: mm: gix possible deadlock in kmemleak
Date: Fri, 22 Aug 2025 15:35:41 +0800
There are some AA deadlock issues in kmemleak, similar to the situation
reported by Breno [1]. The deadlock path is as follows:
mem_pool_alloc()
-> raw_spin_lock_irqsave(&kmemleak_lock, flags);
-> pr_warn()
-> netconsole subsystem
-> netpoll
-> __alloc_skb
-> __create_object
-> raw_spin_lock_irqsave(&kmemleak_lock, flags);
To solve this problem, switch to printk_safe mode before printing warning
message, this will redirect all printk()-s to a special per-CPU buffer,
which will be flushed later from a safe context (irq work), and this
deadlock problem can be avoided. The proper API to use should be
printk_deferred_enter()/printk_deferred_exit() [2]. Another way is to
place the warn print after kmemleak is released.
Link: https://lkml.kernel.org/r/20250822073541.1886469-1-gubowen5@huawei.com
Link: https://lore.kernel.org/all/20250731-kmemleak_lock-v1-1-728fd470198f@debian… [1]
Link: https://lore.kernel.org/all/5ca375cd-4a20-4807-b897-68b289626550@redhat.com/ [2]
Signed-off-by: Gu Bowen <gubowen5(a)huawei.com>
Reviewed-by: Waiman Long <longman(a)redhat.com>
Reviewed-by: Catalin Marinas <catalin.marinas(a)arm.com>
Reviewed-by: Breno Leitao <leitao(a)debian.org>
Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Cc: John Ogness <john.ogness(a)linutronix.de>
Cc: Lu Jialin <lujialin4(a)huawei.com>
Cc: Petr Mladek <pmladek(a)suse.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/kmemleak.c | 27 ++++++++++++++++++++-------
1 file changed, 20 insertions(+), 7 deletions(-)
--- a/mm/kmemleak.c~mm-fix-possible-deadlock-in-kmemleak
+++ a/mm/kmemleak.c
@@ -437,9 +437,15 @@ static struct kmemleak_object *__lookup_
else if (untagged_objp == untagged_ptr || alias)
return object;
else {
+ /*
+ * Printk deferring due to the kmemleak_lock held.
+ * This is done to avoid deadlock.
+ */
+ printk_deferred_enter();
kmemleak_warn("Found object by alias at 0x%08lx\n",
ptr);
dump_object_info(object);
+ printk_deferred_exit();
break;
}
}
@@ -736,6 +742,11 @@ static int __link_object(struct kmemleak
else if (untagged_objp + parent->size <= untagged_ptr)
link = &parent->rb_node.rb_right;
else {
+ /*
+ * Printk deferring due to the kmemleak_lock held.
+ * This is done to avoid deadlock.
+ */
+ printk_deferred_enter();
kmemleak_stop("Cannot insert 0x%lx into the object search tree (overlaps existing)\n",
ptr);
/*
@@ -743,6 +754,7 @@ static int __link_object(struct kmemleak
* be freed while the kmemleak_lock is held.
*/
dump_object_info(parent);
+ printk_deferred_exit();
return -EEXIST;
}
}
@@ -856,13 +868,8 @@ static void delete_object_part(unsigned
raw_spin_lock_irqsave(&kmemleak_lock, flags);
object = __find_and_remove_object(ptr, 1, objflags);
- if (!object) {
-#ifdef DEBUG
- kmemleak_warn("Partially freeing unknown object at 0x%08lx (size %zu)\n",
- ptr, size);
-#endif
+ if (!object)
goto unlock;
- }
/*
* Create one or two objects that may result from the memory block
@@ -882,8 +889,14 @@ static void delete_object_part(unsigned
unlock:
raw_spin_unlock_irqrestore(&kmemleak_lock, flags);
- if (object)
+ if (object) {
__delete_object(object);
+ } else {
+#ifdef DEBUG
+ kmemleak_warn("Partially freeing unknown object at 0x%08lx (size %zu)\n",
+ ptr, size);
+#endif
+ }
out:
if (object_l)
_
Patches currently in -mm which might be from gubowen5(a)huawei.com are
2 weeks, 2 days
- 1
- 0
[merged mm-hotfixes-stable] x86-mm-64-define-arch_page_table_sync_mask-and-arch_sync_kernel_mappings.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()
has been removed from the -mm tree. Its filename was
x86-mm-64-define-arch_page_table_sync_mask-and-arch_sync_kernel_mappings.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Harry Yoo <harry.yoo(a)oracle.com>
Subject: x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings()
Date: Mon, 18 Aug 2025 11:02:06 +0900
Define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to ensure
page tables are properly synchronized when calling p*d_populate_kernel().
For 5-level paging, synchronization is performed via
pgd_populate_kernel(). In 4-level paging, pgd_populate() is a no-op, so
synchronization is instead performed at the P4D level via
p4d_populate_kernel().
This fixes intermittent boot failures on systems using 4-level paging and
a large amount of persistent memory:
BUG: unable to handle page fault for address: ffffe70000000034
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 0 P4D 0
Oops: 0002 [#1] SMP NOPTI
RIP: 0010:__init_single_page+0x9/0x6d
Call Trace:
<TASK>
__init_zone_device_page+0x17/0x5d
memmap_init_zone_device+0x154/0x1bb
pagemap_range+0x2e0/0x40f
memremap_pages+0x10b/0x2f0
devm_memremap_pages+0x1e/0x60
dev_dax_probe+0xce/0x2ec [device_dax]
dax_bus_probe+0x6d/0xc9
[... snip ...]
</TASK>
It also fixes a crash in vmemmap_set_pmd() caused by accessing vmemmap
before sync_global_pgds() [1]:
BUG: unable to handle page fault for address: ffffeb3ff1200000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 0 P4D 0
Oops: Oops: 0002 [#1] PREEMPT SMP NOPTI
Tainted: [W]=WARN
RIP: 0010:vmemmap_set_pmd+0xff/0x230
<TASK>
vmemmap_populate_hugepages+0x176/0x180
vmemmap_populate+0x34/0x80
__populate_section_memmap+0x41/0x90
sparse_add_section+0x121/0x3e0
__add_pages+0xba/0x150
add_pages+0x1d/0x70
memremap_pages+0x3dc/0x810
devm_memremap_pages+0x1c/0x60
xe_devm_add+0x8b/0x100 [xe]
xe_tile_init_noalloc+0x6a/0x70 [xe]
xe_device_probe+0x48c/0x740 [xe]
[... snip ...]
Link: https://lkml.kernel.org/r/20250818020206.4517-4-harry.yoo@oracle.com
Fixes: 8d400913c231 ("x86/vmemmap: handle unpopulated sub-pmd ranges")
Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com>
Closes: https://lore.kernel.org/linux-mm/20250311114420.240341-1-gwan-gyeong.mun@in… [1]
Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com>
Acked-by: Kiryl Shutsemau <kas(a)kernel.org>
Reviewed-by: Mike Rapoport (Microsoft) <rppt(a)kernel.org>
Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Acked-by: David Hildenbrand <david(a)redhat.com>
Cc: Alexander Potapenko <glider(a)google.com>
Cc: Alistair Popple <apopple(a)nvidia.com>
Cc: Andrey Konovalov <andreyknvl(a)gmail.com>
Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com>
Cc: Andy Lutomirski <luto(a)kernel.org>
Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)linux.ibm.com>
Cc: Anshuman Khandual <anshuman.khandual(a)arm.com>
Cc: Ard Biesheuvel <ardb(a)kernel.org>
Cc: Arnd Bergmann <arnd(a)arndb.de>
Cc: bibo mao <maobibo(a)loongson.cn>
Cc: Borislav Betkov <bp(a)alien8.de>
Cc: Christoph Lameter (Ampere) <cl(a)gentwo.org>
Cc: Dennis Zhou <dennis(a)kernel.org>
Cc: Dev Jain <dev.jain(a)arm.com>
Cc: Dmitriy Vyukov <dvyukov(a)google.com>
Cc: Ingo Molnar <mingo(a)redhat.com>
Cc: Jane Chu <jane.chu(a)oracle.com>
Cc: Joao Martins <joao.m.martins(a)oracle.com>
Cc: Joerg Roedel <joro(a)8bytes.org>
Cc: John Hubbard <jhubbard(a)nvidia.com>
Cc: Kevin Brodsky <kevin.brodsky(a)arm.com>
Cc: Liam Howlett <liam.howlett(a)oracle.com>
Cc: Michal Hocko <mhocko(a)suse.com>
Cc: Oscar Salvador <osalvador(a)suse.de>
Cc: Peter Xu <peterx(a)redhat.com>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Cc: Qi Zheng <zhengqi.arch(a)bytedance.com>
Cc: Ryan Roberts <ryan.roberts(a)arm.com>
Cc: Suren Baghdasaryan <surenb(a)google.com>
Cc: Tejun Heo <tj(a)kernel.org>
Cc: Thomas Gleinxer <tglx(a)linutronix.de>
Cc: Thomas Huth <thuth(a)redhat.com>
Cc: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com>
Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com>
Cc: Vlastimil Babka <vbabka(a)suse.cz>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
arch/x86/include/asm/pgtable_64_types.h | 3 +++
arch/x86/mm/init_64.c | 18 ++++++++++++++++++
2 files changed, 21 insertions(+)
--- a/arch/x86/include/asm/pgtable_64_types.h~x86-mm-64-define-arch_page_table_sync_mask-and-arch_sync_kernel_mappings
+++ a/arch/x86/include/asm/pgtable_64_types.h
@@ -36,6 +36,9 @@ static inline bool pgtable_l5_enabled(vo
#define pgtable_l5_enabled() cpu_feature_enabled(X86_FEATURE_LA57)
#endif /* USE_EARLY_PGTABLE_L5 */
+#define ARCH_PAGE_TABLE_SYNC_MASK \
+ (pgtable_l5_enabled() ? PGTBL_PGD_MODIFIED : PGTBL_P4D_MODIFIED)
+
extern unsigned int pgdir_shift;
extern unsigned int ptrs_per_p4d;
--- a/arch/x86/mm/init_64.c~x86-mm-64-define-arch_page_table_sync_mask-and-arch_sync_kernel_mappings
+++ a/arch/x86/mm/init_64.c
@@ -224,6 +224,24 @@ static void sync_global_pgds(unsigned lo
}
/*
+ * Make kernel mappings visible in all page tables in the system.
+ * This is necessary except when the init task populates kernel mappings
+ * during the boot process. In that case, all processes originating from
+ * the init task copies the kernel mappings, so there is no issue.
+ * Otherwise, missing synchronization could lead to kernel crashes due
+ * to missing page table entries for certain kernel mappings.
+ *
+ * Synchronization is performed at the top level, which is the PGD in
+ * 5-level paging systems. But in 4-level paging systems, however,
+ * pgd_populate() is a no-op, so synchronization is done at the P4D level.
+ * sync_global_pgds() handles this difference between paging levels.
+ */
+void arch_sync_kernel_mappings(unsigned long start, unsigned long end)
+{
+ sync_global_pgds(start, end);
+}
+
+/*
* NOTE: This function is marked __ref because it calls __init function
* (alloc_bootmem_pages). It's safe to do it ONLY when after_bootmem == 0.
*/
_
Patches currently in -mm which might be from harry.yoo(a)oracle.com are
2 weeks, 2 days
- 1
- 0
[merged mm-hotfixes-stable] mm-introduce-and-use-pgdp4d_populate_kernel.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: mm: introduce and use {pgd,p4d}_populate_kernel()
has been removed from the -mm tree. Its filename was
mm-introduce-and-use-pgdp4d_populate_kernel.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Harry Yoo <harry.yoo(a)oracle.com>
Subject: mm: introduce and use {pgd,p4d}_populate_kernel()
Date: Mon, 18 Aug 2025 11:02:05 +0900
Introduce and use {pgd,p4d}_populate_kernel() in core MM code when
populating PGD and P4D entries for the kernel address space. These
helpers ensure proper synchronization of page tables when updating the
kernel portion of top-level page tables.
Until now, the kernel has relied on each architecture to handle
synchronization of top-level page tables in an ad-hoc manner. For
example, see commit 9b861528a801 ("x86-64, mem: Update all PGDs for direct
mapping and vmemmap mapping changes").
However, this approach has proven fragile for following reasons:
1) It is easy to forget to perform the necessary page table
synchronization when introducing new changes.
For instance, commit 4917f55b4ef9 ("mm/sparse-vmemmap: improve memory
savings for compound devmaps") overlooked the need to synchronize
page tables for the vmemmap area.
2) It is also easy to overlook that the vmemmap and direct mapping areas
must not be accessed before explicit page table synchronization.
For example, commit 8d400913c231 ("x86/vmemmap: handle unpopulated
sub-pmd ranges")) caused crashes by accessing the vmemmap area
before calling sync_global_pgds().
To address this, as suggested by Dave Hansen, introduce _kernel() variants
of the page table population helpers, which invoke architecture-specific
hooks to properly synchronize page tables. These are introduced in a new
header file, include/linux/pgalloc.h, so they can be called from common
code.
They reuse existing infrastructure for vmalloc and ioremap.
Synchronization requirements are determined by ARCH_PAGE_TABLE_SYNC_MASK,
and the actual synchronization is performed by
arch_sync_kernel_mappings().
This change currently targets only x86_64, so only PGD and P4D level
helpers are introduced. Currently, these helpers are no-ops since no
architecture sets PGTBL_{PGD,P4D}_MODIFIED in ARCH_PAGE_TABLE_SYNC_MASK.
In theory, PUD and PMD level helpers can be added later if needed by other
architectures. For now, 32-bit architectures (x86-32 and arm) only handle
PGTBL_PMD_MODIFIED, so p*d_populate_kernel() will never affect them unless
we introduce a PMD level helper.
[harry.yoo(a)oracle.com: fix KASAN build error due to p*d_populate_kernel()]
Link: https://lkml.kernel.org/r/20250822020727.202749-1-harry.yoo@oracle.com
Link: https://lkml.kernel.org/r/20250818020206.4517-3-harry.yoo@oracle.com
Fixes: 8d400913c231 ("x86/vmemmap: handle unpopulated sub-pmd ranges")
Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com>
Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com>
Acked-by: Kiryl Shutsemau <kas(a)kernel.org>
Reviewed-by: Mike Rapoport (Microsoft) <rppt(a)kernel.org>
Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Acked-by: David Hildenbrand <david(a)redhat.com>
Cc: Alexander Potapenko <glider(a)google.com>
Cc: Alistair Popple <apopple(a)nvidia.com>
Cc: Andrey Konovalov <andreyknvl(a)gmail.com>
Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com>
Cc: Andy Lutomirski <luto(a)kernel.org>
Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)linux.ibm.com>
Cc: Anshuman Khandual <anshuman.khandual(a)arm.com>
Cc: Ard Biesheuvel <ardb(a)kernel.org>
Cc: Arnd Bergmann <arnd(a)arndb.de>
Cc: bibo mao <maobibo(a)loongson.cn>
Cc: Borislav Betkov <bp(a)alien8.de>
Cc: Christoph Lameter (Ampere) <cl(a)gentwo.org>
Cc: Dennis Zhou <dennis(a)kernel.org>
Cc: Dev Jain <dev.jain(a)arm.com>
Cc: Dmitriy Vyukov <dvyukov(a)google.com>
Cc: Gwan-gyeong Mun <gwan-gyeong.mun(a)intel.com>
Cc: Ingo Molnar <mingo(a)redhat.com>
Cc: Jane Chu <jane.chu(a)oracle.com>
Cc: Joao Martins <joao.m.martins(a)oracle.com>
Cc: Joerg Roedel <joro(a)8bytes.org>
Cc: John Hubbard <jhubbard(a)nvidia.com>
Cc: Kevin Brodsky <kevin.brodsky(a)arm.com>
Cc: Liam Howlett <liam.howlett(a)oracle.com>
Cc: Michal Hocko <mhocko(a)suse.com>
Cc: Oscar Salvador <osalvador(a)suse.de>
Cc: Peter Xu <peterx(a)redhat.com>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Cc: Qi Zheng <zhengqi.arch(a)bytedance.com>
Cc: Ryan Roberts <ryan.roberts(a)arm.com>
Cc: Suren Baghdasaryan <surenb(a)google.com>
Cc: Tejun Heo <tj(a)kernel.org>
Cc: Thomas Gleinxer <tglx(a)linutronix.de>
Cc: Thomas Huth <thuth(a)redhat.com>
Cc: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com>
Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com>
Cc: Vlastimil Babka <vbabka(a)suse.cz>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
include/linux/pgalloc.h | 29 +++++++++++++++++++++++++++++
include/linux/pgtable.h | 13 +++++++------
mm/kasan/init.c | 12 ++++++------
mm/percpu.c | 6 +++---
mm/sparse-vmemmap.c | 6 +++---
5 files changed, 48 insertions(+), 18 deletions(-)
diff --git a/include/linux/pgalloc.h a/include/linux/pgalloc.h
new file mode 100644
--- /dev/null
+++ a/include/linux/pgalloc.h
@@ -0,0 +1,29 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _LINUX_PGALLOC_H
+#define _LINUX_PGALLOC_H
+
+#include <linux/pgtable.h>
+#include <asm/pgalloc.h>
+
+/*
+ * {pgd,p4d}_populate_kernel() are defined as macros to allow
+ * compile-time optimization based on the configured page table levels.
+ * Without this, linking may fail because callers (e.g., KASAN) may rely
+ * on calls to these functions being optimized away when passing symbols
+ * that exist only for certain page table levels.
+ */
+#define pgd_populate_kernel(addr, pgd, p4d) \
+ do { \
+ pgd_populate(&init_mm, pgd, p4d); \
+ if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_PGD_MODIFIED) \
+ arch_sync_kernel_mappings(addr, addr); \
+ } while (0)
+
+#define p4d_populate_kernel(addr, p4d, pud) \
+ do { \
+ p4d_populate(&init_mm, p4d, pud); \
+ if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_P4D_MODIFIED) \
+ arch_sync_kernel_mappings(addr, addr); \
+ } while (0)
+
+#endif /* _LINUX_PGALLOC_H */
--- a/include/linux/pgtable.h~mm-introduce-and-use-pgdp4d_populate_kernel
+++ a/include/linux/pgtable.h
@@ -1469,8 +1469,8 @@ static inline void modify_prot_commit_pt
/*
* Architectures can set this mask to a combination of PGTBL_P?D_MODIFIED values
- * and let generic vmalloc and ioremap code know when arch_sync_kernel_mappings()
- * needs to be called.
+ * and let generic vmalloc, ioremap and page table update code know when
+ * arch_sync_kernel_mappings() needs to be called.
*/
#ifndef ARCH_PAGE_TABLE_SYNC_MASK
#define ARCH_PAGE_TABLE_SYNC_MASK 0
@@ -1954,10 +1954,11 @@ static inline bool arch_has_pfn_modify_c
/*
* Page Table Modification bits for pgtbl_mod_mask.
*
- * These are used by the p?d_alloc_track*() set of functions an in the generic
- * vmalloc/ioremap code to track at which page-table levels entries have been
- * modified. Based on that the code can better decide when vmalloc and ioremap
- * mapping changes need to be synchronized to other page-tables in the system.
+ * These are used by the p?d_alloc_track*() and p*d_populate_kernel()
+ * functions in the generic vmalloc, ioremap and page table update code
+ * to track at which page-table levels entries have been modified.
+ * Based on that the code can better decide when page table changes need
+ * to be synchronized to other page-tables in the system.
*/
#define __PGTBL_PGD_MODIFIED 0
#define __PGTBL_P4D_MODIFIED 1
--- a/mm/kasan/init.c~mm-introduce-and-use-pgdp4d_populate_kernel
+++ a/mm/kasan/init.c
@@ -13,9 +13,9 @@
#include <linux/mm.h>
#include <linux/pfn.h>
#include <linux/slab.h>
+#include <linux/pgalloc.h>
#include <asm/page.h>
-#include <asm/pgalloc.h>
#include "kasan.h"
@@ -191,7 +191,7 @@ static int __ref zero_p4d_populate(pgd_t
pud_t *pud;
pmd_t *pmd;
- p4d_populate(&init_mm, p4d,
+ p4d_populate_kernel(addr, p4d,
lm_alias(kasan_early_shadow_pud));
pud = pud_offset(p4d, addr);
pud_populate(&init_mm, pud,
@@ -212,7 +212,7 @@ static int __ref zero_p4d_populate(pgd_t
} else {
p = early_alloc(PAGE_SIZE, NUMA_NO_NODE);
pud_init(p);
- p4d_populate(&init_mm, p4d, p);
+ p4d_populate_kernel(addr, p4d, p);
}
}
zero_pud_populate(p4d, addr, next);
@@ -251,10 +251,10 @@ int __ref kasan_populate_early_shadow(co
* puds,pmds, so pgd_populate(), pud_populate()
* is noops.
*/
- pgd_populate(&init_mm, pgd,
+ pgd_populate_kernel(addr, pgd,
lm_alias(kasan_early_shadow_p4d));
p4d = p4d_offset(pgd, addr);
- p4d_populate(&init_mm, p4d,
+ p4d_populate_kernel(addr, p4d,
lm_alias(kasan_early_shadow_pud));
pud = pud_offset(p4d, addr);
pud_populate(&init_mm, pud,
@@ -273,7 +273,7 @@ int __ref kasan_populate_early_shadow(co
if (!p)
return -ENOMEM;
} else {
- pgd_populate(&init_mm, pgd,
+ pgd_populate_kernel(addr, pgd,
early_alloc(PAGE_SIZE, NUMA_NO_NODE));
}
}
--- a/mm/percpu.c~mm-introduce-and-use-pgdp4d_populate_kernel
+++ a/mm/percpu.c
@@ -3108,7 +3108,7 @@ out_free:
#endif /* BUILD_EMBED_FIRST_CHUNK */
#ifdef BUILD_PAGE_FIRST_CHUNK
-#include <asm/pgalloc.h>
+#include <linux/pgalloc.h>
#ifndef P4D_TABLE_SIZE
#define P4D_TABLE_SIZE PAGE_SIZE
@@ -3134,13 +3134,13 @@ void __init __weak pcpu_populate_pte(uns
if (pgd_none(*pgd)) {
p4d = memblock_alloc_or_panic(P4D_TABLE_SIZE, P4D_TABLE_SIZE);
- pgd_populate(&init_mm, pgd, p4d);
+ pgd_populate_kernel(addr, pgd, p4d);
}
p4d = p4d_offset(pgd, addr);
if (p4d_none(*p4d)) {
pud = memblock_alloc_or_panic(PUD_TABLE_SIZE, PUD_TABLE_SIZE);
- p4d_populate(&init_mm, p4d, pud);
+ p4d_populate_kernel(addr, p4d, pud);
}
pud = pud_offset(p4d, addr);
--- a/mm/sparse-vmemmap.c~mm-introduce-and-use-pgdp4d_populate_kernel
+++ a/mm/sparse-vmemmap.c
@@ -27,9 +27,9 @@
#include <linux/spinlock.h>
#include <linux/vmalloc.h>
#include <linux/sched.h>
+#include <linux/pgalloc.h>
#include <asm/dma.h>
-#include <asm/pgalloc.h>
#include <asm/tlbflush.h>
#include "hugetlb_vmemmap.h"
@@ -229,7 +229,7 @@ p4d_t * __meminit vmemmap_p4d_populate(p
if (!p)
return NULL;
pud_init(p);
- p4d_populate(&init_mm, p4d, p);
+ p4d_populate_kernel(addr, p4d, p);
}
return p4d;
}
@@ -241,7 +241,7 @@ pgd_t * __meminit vmemmap_pgd_populate(u
void *p = vmemmap_alloc_block_zero(PAGE_SIZE, node);
if (!p)
return NULL;
- pgd_populate(&init_mm, pgd, p);
+ pgd_populate_kernel(addr, pgd, p);
}
return pgd;
}
_
Patches currently in -mm which might be from harry.yoo(a)oracle.com are
2 weeks, 2 days
- 1
- 0
[merged mm-hotfixes-stable] mm-move-page-table-sync-declarations-to-linux-pgtableh.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: mm: move page table sync declarations to linux/pgtable.h
has been removed from the -mm tree. Its filename was
mm-move-page-table-sync-declarations-to-linux-pgtableh.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Harry Yoo <harry.yoo(a)oracle.com>
Subject: mm: move page table sync declarations to linux/pgtable.h
Date: Mon, 18 Aug 2025 11:02:04 +0900
During our internal testing, we started observing intermittent boot
failures when the machine uses 4-level paging and has a large amount of
persistent memory:
BUG: unable to handle page fault for address: ffffe70000000034
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 0 P4D 0
Oops: 0002 [#1] SMP NOPTI
RIP: 0010:__init_single_page+0x9/0x6d
Call Trace:
<TASK>
__init_zone_device_page+0x17/0x5d
memmap_init_zone_device+0x154/0x1bb
pagemap_range+0x2e0/0x40f
memremap_pages+0x10b/0x2f0
devm_memremap_pages+0x1e/0x60
dev_dax_probe+0xce/0x2ec [device_dax]
dax_bus_probe+0x6d/0xc9
[... snip ...]
</TASK>
It turns out that the kernel panics while initializing vmemmap (struct
page array) when the vmemmap region spans two PGD entries, because the new
PGD entry is only installed in init_mm.pgd, but not in the page tables of
other tasks.
And looking at __populate_section_memmap():
if (vmemmap_can_optimize(altmap, pgmap))
// does not sync top level page tables
r = vmemmap_populate_compound_pages(pfn, start, end, nid, pgmap);
else
// sync top level page tables in x86
r = vmemmap_populate(start, end, nid, altmap);
In the normal path, vmemmap_populate() in arch/x86/mm/init_64.c
synchronizes the top level page table (See commit 9b861528a801 ("x86-64,
mem: Update all PGDs for direct mapping and vmemmap mapping changes")) so
that all tasks in the system can see the new vmemmap area.
However, when vmemmap_can_optimize() returns true, the optimized path
skips synchronization of top-level page tables. This is because
vmemmap_populate_compound_pages() is implemented in core MM code, which
does not handle synchronization of the top-level page tables. Instead,
the core MM has historically relied on each architecture to perform this
synchronization manually.
We're not the first party to encounter a crash caused by not-sync'd top
level page tables: earlier this year, Gwan-gyeong Mun attempted to address
the issue [1] [2] after hitting a kernel panic when x86 code accessed the
vmemmap area before the corresponding top-level entries were synced. At
that time, the issue was believed to be triggered only when struct page
was enlarged for debugging purposes, and the patch did not get further
updates.
It turns out that current approach of relying on each arch to handle the
page table sync manually is fragile because 1) it's easy to forget to sync
the top level page table, and 2) it's also easy to overlook that the
kernel should not access the vmemmap and direct mapping areas before the
sync.
# The solution: Make page table sync more code robust and harder to miss
To address this, Dave Hansen suggested [3] [4] introducing
{pgd,p4d}_populate_kernel() for updating kernel portion of the page tables
and allow each architecture to explicitly perform synchronization when
installing top-level entries. With this approach, we no longer need to
worry about missing the sync step, reducing the risk of future
regressions.
The new interface reuses existing ARCH_PAGE_TABLE_SYNC_MASK,
PGTBL_P*D_MODIFIED and arch_sync_kernel_mappings() facility used by
vmalloc and ioremap to synchronize page tables.
pgd_populate_kernel() looks like this:
static inline void pgd_populate_kernel(unsigned long addr, pgd_t *pgd,
p4d_t *p4d)
{
pgd_populate(&init_mm, pgd, p4d);
if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_PGD_MODIFIED)
arch_sync_kernel_mappings(addr, addr);
}
It is worth noting that vmalloc() and apply_to_range() carefully
synchronizes page tables by calling p*d_alloc_track() and
arch_sync_kernel_mappings(), and thus they are not affected by this patch
series.
This series was hugely inspired by Dave Hansen's suggestion and hence
added Suggested-by: Dave Hansen.
Cc stable because lack of this series opens the door to intermittent
boot failures.
This patch (of 3):
Move ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to
linux/pgtable.h so that they can be used outside of vmalloc and ioremap.
Link: https://lkml.kernel.org/r/20250818020206.4517-1-harry.yoo@oracle.com
Link: https://lkml.kernel.org/r/20250818020206.4517-2-harry.yoo@oracle.com
Link: https://lore.kernel.org/linux-mm/20250220064105.808339-1-gwan-gyeong.mun@in… [1]
Link: https://lore.kernel.org/linux-mm/20250311114420.240341-1-gwan-gyeong.mun@in… [2]
Link: https://lore.kernel.org/linux-mm/d1da214c-53d3-45ac-a8b6-51821c5416e4@intel… [3]
Link: https://lore.kernel.org/linux-mm/4d800744-7b88-41aa-9979-b245e8bf794b@intel… [4]
Fixes: 8d400913c231 ("x86/vmemmap: handle unpopulated sub-pmd ranges")
Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com>
Acked-by: Kiryl Shutsemau <kas(a)kernel.org>
Reviewed-by: Mike Rapoport (Microsoft) <rppt(a)kernel.org>
Reviewed-by: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com>
Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Acked-by: David Hildenbrand <david(a)redhat.com>
Cc: Alexander Potapenko <glider(a)google.com>
Cc: Alistair Popple <apopple(a)nvidia.com>
Cc: Andrey Konovalov <andreyknvl(a)gmail.com>
Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com>
Cc: Andy Lutomirski <luto(a)kernel.org>
Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)linux.ibm.com>
Cc: Anshuman Khandual <anshuman.khandual(a)arm.com>
Cc: Ard Biesheuvel <ardb(a)kernel.org>
Cc: Arnd Bergmann <arnd(a)arndb.de>
Cc: bibo mao <maobibo(a)loongson.cn>
Cc: Borislav Betkov <bp(a)alien8.de>
Cc: Christoph Lameter (Ampere) <cl(a)gentwo.org>
Cc: Dennis Zhou <dennis(a)kernel.org>
Cc: Dev Jain <dev.jain(a)arm.com>
Cc: Dmitriy Vyukov <dvyukov(a)google.com>
Cc: Gwan-gyeong Mun <gwan-gyeong.mun(a)intel.com>
Cc: Ingo Molnar <mingo(a)redhat.com>
Cc: Jane Chu <jane.chu(a)oracle.com>
Cc: Joao Martins <joao.m.martins(a)oracle.com>
Cc: Joerg Roedel <joro(a)8bytes.org>
Cc: John Hubbard <jhubbard(a)nvidia.com>
Cc: Kevin Brodsky <kevin.brodsky(a)arm.com>
Cc: Liam Howlett <liam.howlett(a)oracle.com>
Cc: Michal Hocko <mhocko(a)suse.com>
Cc: Oscar Salvador <osalvador(a)suse.de>
Cc: Peter Xu <peterx(a)redhat.com>
Cc: Peter Zijlstra <peterz(a)infradead.org>
Cc: Qi Zheng <zhengqi.arch(a)bytedance.com>
Cc: Ryan Roberts <ryan.roberts(a)arm.com>
Cc: Suren Baghdasaryan <surenb(a)google.com>
Cc: Tejun Heo <tj(a)kernel.org>
Cc: Thomas Gleinxer <tglx(a)linutronix.de>
Cc: Thomas Huth <thuth(a)redhat.com>
Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com>
Cc: Vlastimil Babka <vbabka(a)suse.cz>
Cc: Dave Hansen <dave.hansen(a)linux.intel.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
include/linux/pgtable.h | 16 ++++++++++++++++
include/linux/vmalloc.h | 16 ----------------
2 files changed, 16 insertions(+), 16 deletions(-)
--- a/include/linux/pgtable.h~mm-move-page-table-sync-declarations-to-linux-pgtableh
+++ a/include/linux/pgtable.h
@@ -1467,6 +1467,22 @@ static inline void modify_prot_commit_pt
}
#endif
+/*
+ * Architectures can set this mask to a combination of PGTBL_P?D_MODIFIED values
+ * and let generic vmalloc and ioremap code know when arch_sync_kernel_mappings()
+ * needs to be called.
+ */
+#ifndef ARCH_PAGE_TABLE_SYNC_MASK
+#define ARCH_PAGE_TABLE_SYNC_MASK 0
+#endif
+
+/*
+ * There is no default implementation for arch_sync_kernel_mappings(). It is
+ * relied upon the compiler to optimize calls out if ARCH_PAGE_TABLE_SYNC_MASK
+ * is 0.
+ */
+void arch_sync_kernel_mappings(unsigned long start, unsigned long end);
+
#endif /* CONFIG_MMU */
/*
--- a/include/linux/vmalloc.h~mm-move-page-table-sync-declarations-to-linux-pgtableh
+++ a/include/linux/vmalloc.h
@@ -220,22 +220,6 @@ int vmap_pages_range(unsigned long addr,
struct page **pages, unsigned int page_shift);
/*
- * Architectures can set this mask to a combination of PGTBL_P?D_MODIFIED values
- * and let generic vmalloc and ioremap code know when arch_sync_kernel_mappings()
- * needs to be called.
- */
-#ifndef ARCH_PAGE_TABLE_SYNC_MASK
-#define ARCH_PAGE_TABLE_SYNC_MASK 0
-#endif
-
-/*
- * There is no default implementation for arch_sync_kernel_mappings(). It is
- * relied upon the compiler to optimize calls out if ARCH_PAGE_TABLE_SYNC_MASK
- * is 0.
- */
-void arch_sync_kernel_mappings(unsigned long start, unsigned long end);
-
-/*
* Lowlevel-APIs (not for driver use!)
*/
_
Patches currently in -mm which might be from harry.yoo(a)oracle.com are
2 weeks, 2 days
- 1
- 0
[merged mm-hotfixes-stable] proc-fix-missing-pde_set_flags-for-net-proc-files.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: proc: fix missing pde_set_flags() for net proc files
has been removed from the -mm tree. Its filename was
proc-fix-missing-pde_set_flags-for-net-proc-files.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: wangzijie <wangzijie1(a)honor.com>
Subject: proc: fix missing pde_set_flags() for net proc files
Date: Mon, 18 Aug 2025 20:31:02 +0800
To avoid potential UAF issues during module removal races, we use
pde_set_flags() to save proc_ops flags in PDE itself before
proc_register(), and then use pde_has_proc_*() helpers instead of directly
dereferencing pde->proc_ops->*.
However, the pde_set_flags() call was missing when creating net related
proc files. This omission caused incorrect behavior which FMODE_LSEEK was
being cleared inappropriately in proc_reg_open() for net proc files. Lars
reported it in this link[1].
Fix this by ensuring pde_set_flags() is called when register proc entry,
and add NULL check for proc_ops in pde_set_flags().
[wangzijie1(a)honor.com: stash pde->proc_ops in a local const variable, per Christian]
Link: https://lkml.kernel.org/r/20250821105806.1453833-1-wangzijie1@honor.com
Link: https://lkml.kernel.org/r/20250818123102.959595-1-wangzijie1@honor.com
Link: https://lore.kernel.org/all/20250815195616.64497967@chagall.paradoxon.rec/ [1]
Fixes: ff7ec8dc1b64 ("proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al")
Signed-off-by: wangzijie <wangzijie1(a)honor.com>
Reported-by: Lars Wendler <polynomial-c(a)gmx.de>
Tested-by: Stefano Brivio <sbrivio(a)redhat.com>
Tested-by: Petr Van��k <pv(a)excello.cz>
Tested by: Lars Wendler <polynomial-c(a)gmx.de>
Cc: Alexei Starovoitov <ast(a)kernel.org>
Cc: Alexey Dobriyan <adobriyan(a)gmail.com>
Cc: Al Viro <viro(a)zeniv.linux.org.uk>
Cc: "Edgecombe, Rick P" <rick.p.edgecombe(a)intel.com>
Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Cc: Jiri Slaby <jirislaby(a)kernel.org>
Cc: Kirill A. Shutemov <k.shutemov(a)gmail.com>
Cc: wangzijie <wangzijie1(a)honor.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
fs/proc/generic.c | 38 +++++++++++++++++++++-----------------
1 file changed, 21 insertions(+), 17 deletions(-)
--- a/fs/proc/generic.c~proc-fix-missing-pde_set_flags-for-net-proc-files
+++ a/fs/proc/generic.c
@@ -367,6 +367,25 @@ static const struct inode_operations pro
.setattr = proc_notify_change,
};
+static void pde_set_flags(struct proc_dir_entry *pde)
+{
+ const struct proc_ops *proc_ops = pde->proc_ops;
+
+ if (!proc_ops)
+ return;
+
+ if (proc_ops->proc_flags & PROC_ENTRY_PERMANENT)
+ pde->flags |= PROC_ENTRY_PERMANENT;
+ if (proc_ops->proc_read_iter)
+ pde->flags |= PROC_ENTRY_proc_read_iter;
+#ifdef CONFIG_COMPAT
+ if (proc_ops->proc_compat_ioctl)
+ pde->flags |= PROC_ENTRY_proc_compat_ioctl;
+#endif
+ if (proc_ops->proc_lseek)
+ pde->flags |= PROC_ENTRY_proc_lseek;
+}
+
/* returns the registered entry, or frees dp and returns NULL on failure */
struct proc_dir_entry *proc_register(struct proc_dir_entry *dir,
struct proc_dir_entry *dp)
@@ -374,6 +393,8 @@ struct proc_dir_entry *proc_register(str
if (proc_alloc_inum(&dp->low_ino))
goto out_free_entry;
+ pde_set_flags(dp);
+
write_lock(&proc_subdir_lock);
dp->parent = dir;
if (pde_subdir_insert(dir, dp) == false) {
@@ -561,20 +582,6 @@ struct proc_dir_entry *proc_create_reg(c
return p;
}
-static void pde_set_flags(struct proc_dir_entry *pde)
-{
- if (pde->proc_ops->proc_flags & PROC_ENTRY_PERMANENT)
- pde->flags |= PROC_ENTRY_PERMANENT;
- if (pde->proc_ops->proc_read_iter)
- pde->flags |= PROC_ENTRY_proc_read_iter;
-#ifdef CONFIG_COMPAT
- if (pde->proc_ops->proc_compat_ioctl)
- pde->flags |= PROC_ENTRY_proc_compat_ioctl;
-#endif
- if (pde->proc_ops->proc_lseek)
- pde->flags |= PROC_ENTRY_proc_lseek;
-}
-
struct proc_dir_entry *proc_create_data(const char *name, umode_t mode,
struct proc_dir_entry *parent,
const struct proc_ops *proc_ops, void *data)
@@ -585,7 +592,6 @@ struct proc_dir_entry *proc_create_data(
if (!p)
return NULL;
p->proc_ops = proc_ops;
- pde_set_flags(p);
return proc_register(parent, p);
}
EXPORT_SYMBOL(proc_create_data);
@@ -636,7 +642,6 @@ struct proc_dir_entry *proc_create_seq_p
p->proc_ops = &proc_seq_ops;
p->seq_ops = ops;
p->state_size = state_size;
- pde_set_flags(p);
return proc_register(parent, p);
}
EXPORT_SYMBOL(proc_create_seq_private);
@@ -667,7 +672,6 @@ struct proc_dir_entry *proc_create_singl
return NULL;
p->proc_ops = &proc_single_ops;
p->single_show = show;
- pde_set_flags(p);
return proc_register(parent, p);
}
EXPORT_SYMBOL(proc_create_single_data);
_
Patches currently in -mm which might be from wangzijie1(a)honor.com are
2 weeks, 2 days
- 1
- 0
[merged mm-hotfixes-stable] mm-fix-accounting-of-memmap-pages.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: mm: fix accounting of memmap pages
has been removed from the -mm tree. Its filename was
mm-fix-accounting-of-memmap-pages.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Sumanth Korikkar <sumanthk(a)linux.ibm.com>
Subject: mm: fix accounting of memmap pages
Date: Thu, 7 Aug 2025 20:35:45 +0200
For !CONFIG_SPARSEMEM_VMEMMAP, memmap page accounting is currently done
upfront in sparse_buffer_init(). However, sparse_buffer_alloc() may
return NULL in failure scenario.
Also, memmap pages may be allocated either from the memblock allocator
during early boot or from the buddy allocator. When removed via
arch_remove_memory(), accounting of memmap pages must reflect the original
allocation source.
To ensure correctness:
* Account memmap pages after successful allocation in sparse_init_nid()
and section_activate().
* Account memmap pages in section_deactivate() based on allocation
source.
Link: https://lkml.kernel.org/r/20250807183545.1424509-1-sumanthk@linux.ibm.com
Fixes: 15995a352474 ("mm: report per-page metadata information")
Signed-off-by: Sumanth Korikkar <sumanthk(a)linux.ibm.com>
Suggested-by: David Hildenbrand <david(a)redhat.com>
Reviewed-by: Wei Yang <richard.weiyang(a)gmail.com>
Cc: Alexander Gordeev <agordeev(a)linux.ibm.com>
Cc: Gerald Schaefer <gerald.schaefer(a)linux.ibm.com>
Cc: Heiko Carstens <hca(a)linux.ibm.com>
Cc: Vasily Gorbik <gor(a)linux.ibm.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/sparse-vmemmap.c | 5 -----
mm/sparse.c | 15 +++++++++------
2 files changed, 9 insertions(+), 11 deletions(-)
--- a/mm/sparse.c~mm-fix-accounting-of-memmap-pages
+++ a/mm/sparse.c
@@ -454,9 +454,6 @@ static void __init sparse_buffer_init(un
*/
sparsemap_buf = memmap_alloc(size, section_map_size(), addr, nid, true);
sparsemap_buf_end = sparsemap_buf + size;
-#ifndef CONFIG_SPARSEMEM_VMEMMAP
- memmap_boot_pages_add(DIV_ROUND_UP(size, PAGE_SIZE));
-#endif
}
static void __init sparse_buffer_fini(void)
@@ -567,6 +564,8 @@ static void __init sparse_init_nid(int n
sparse_buffer_fini();
goto failed;
}
+ memmap_boot_pages_add(DIV_ROUND_UP(PAGES_PER_SECTION * sizeof(struct page),
+ PAGE_SIZE));
sparse_init_early_section(nid, map, pnum, 0);
}
}
@@ -680,7 +679,6 @@ static void depopulate_section_memmap(un
unsigned long start = (unsigned long) pfn_to_page(pfn);
unsigned long end = start + nr_pages * sizeof(struct page);
- memmap_pages_add(-1L * (DIV_ROUND_UP(end - start, PAGE_SIZE)));
vmemmap_free(start, end, altmap);
}
static void free_map_bootmem(struct page *memmap)
@@ -856,10 +854,14 @@ static void section_deactivate(unsigned
* The memmap of early sections is always fully populated. See
* section_activate() and pfn_valid() .
*/
- if (!section_is_early)
+ if (!section_is_early) {
+ memmap_pages_add(-1L * (DIV_ROUND_UP(nr_pages * sizeof(struct page), PAGE_SIZE)));
depopulate_section_memmap(pfn, nr_pages, altmap);
- else if (memmap)
+ } else if (memmap) {
+ memmap_boot_pages_add(-1L * (DIV_ROUND_UP(nr_pages * sizeof(struct page),
+ PAGE_SIZE)));
free_map_bootmem(memmap);
+ }
if (empty)
ms->section_mem_map = (unsigned long)NULL;
@@ -904,6 +906,7 @@ static struct page * __meminit section_a
section_deactivate(pfn, nr_pages, altmap);
return ERR_PTR(-ENOMEM);
}
+ memmap_pages_add(DIV_ROUND_UP(nr_pages * sizeof(struct page), PAGE_SIZE));
return memmap;
}
--- a/mm/sparse-vmemmap.c~mm-fix-accounting-of-memmap-pages
+++ a/mm/sparse-vmemmap.c
@@ -578,11 +578,6 @@ struct page * __meminit __populate_secti
if (r < 0)
return NULL;
- if (system_state == SYSTEM_BOOTING)
- memmap_boot_pages_add(DIV_ROUND_UP(end - start, PAGE_SIZE));
- else
- memmap_pages_add(DIV_ROUND_UP(end - start, PAGE_SIZE));
-
return pfn_to_page(pfn);
}
_
Patches currently in -mm which might be from sumanthk(a)linux.ibm.com are
2 weeks, 2 days
- 1
- 0
[merged mm-hotfixes-stable] mm-damon-core-prevent-unnecessary-overflow-in-damos_set_effective_quota.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: mm/damon/core: prevent unnecessary overflow in damos_set_effective_quota()
has been removed from the -mm tree. Its filename was
mm-damon-core-prevent-unnecessary-overflow-in-damos_set_effective_quota.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Quanmin Yan <yanquanmin1(a)huawei.com>
Subject: mm/damon/core: prevent unnecessary overflow in damos_set_effective_quota()
Date: Thu, 21 Aug 2025 20:55:55 +0800
On 32-bit systems, the throughput calculation in
damos_set_effective_quota() is prone to unnecessary multiplication
overflow. Using mult_frac() to fix it.
Andrew Paniakin also recently found and privately reported this issue, on
64 bit systems. This can also happen on 64-bit systems, once the charged
size exceeds ~17 TiB. On systems running for long time in production,
this issue can actually happen.
More specifically, when a DAMOS scheme having the time quota run for
longtime, throughput calculation can overflow and set esz too small. As a
result, speed of the scheme get unexpectedly slow.
Link: https://lkml.kernel.org/r/20250821125555.3020951-1-yanquanmin1@huawei.com
Fixes: 1cd243030059 ("mm/damon/schemes: implement time quota")
Signed-off-by: Quanmin Yan <yanquanmin1(a)huawei.com>
Reported-by: Andrew Paniakin <apanyaki(a)amazon.com>
Reviewed-by: SeongJae Park <sj(a)kernel.org>
Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com>
Cc: ze zuo <zuoze1(a)huawei.com>
Cc: <stable(a)vger.kernel.org> [5.16+]
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/damon/core.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/mm/damon/core.c~mm-damon-core-prevent-unnecessary-overflow-in-damos_set_effective_quota
+++ a/mm/damon/core.c
@@ -2073,8 +2073,8 @@ static void damos_set_effective_quota(st
if (quota->ms) {
if (quota->total_charged_ns)
- throughput = quota->total_charged_sz * 1000000 /
- quota->total_charged_ns;
+ throughput = mult_frac(quota->total_charged_sz, 1000000,
+ quota->total_charged_ns);
else
throughput = PAGE_SIZE * 1024;
esz = min(throughput * quota->ms, esz);
_
Patches currently in -mm which might be from yanquanmin1(a)huawei.com are
mm-damon-lru_sort-avoid-divide-by-zero-in-damon_lru_sort_apply_parameters.patch
mm-damon-reclaim-avoid-divide-by-zero-in-damon_reclaim_apply_parameters.patch
2 weeks, 2 days
- 1
- 0
[merged mm-hotfixes-stable] kasan-fix-gcc-mem-intrinsic-prefix-with-sw-tags.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: kasan: fix GCC mem-intrinsic prefix with sw tags
has been removed from the -mm tree. Its filename was
kasan-fix-gcc-mem-intrinsic-prefix-with-sw-tags.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Ada Couprie Diaz <ada.coupriediaz(a)arm.com>
Subject: kasan: fix GCC mem-intrinsic prefix with sw tags
Date: Thu, 21 Aug 2025 13:07:35 +0100
GCC doesn't support "hwasan-kernel-mem-intrinsic-prefix", only
"asan-kernel-mem-intrinsic-prefix"[0], while LLVM supports both. This is
already taken into account when checking
"CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX", but not in the KASAN Makefile
adding those parameters when "CONFIG_KASAN_SW_TAGS" is enabled.
Replace the version check with "CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX",
which already validates that mem-intrinsic prefix parameter can be used,
and choose the correct name depending on compiler.
GCC 13 and above trigger "CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX" which
prevents `mem{cpy,move,set}()` being redefined in "mm/kasan/shadow.c"
since commit 36be5cba99f6 ("kasan: treat meminstrinsic as builtins in
uninstrumented files"), as we expect the compiler to prefix those calls
with `__(hw)asan_` instead. But as the option passed to GCC has been
incorrect, the compiler has not been emitting those prefixes, effectively
never calling the instrumented versions of `mem{cpy,move,set}()` with
"CONFIG_KASAN_SW_TAGS" enabled.
If "CONFIG_FORTIFY_SOURCES" is enabled, this issue would be mitigated as
it redefines `mem{cpy,move,set}()` and properly aliases the
`__underlying_mem*()` that will be called to the instrumented versions.
Link: https://lkml.kernel.org/r/20250821120735.156244-1-ada.coupriediaz@arm.com
Link: https://gcc.gnu.org/onlinedocs/gcc-13.4.0/gcc/Optimize-Options.html [0]
Signed-off-by: Ada Couprie Diaz <ada.coupriediaz(a)arm.com>
Fixes: 36be5cba99f6 ("kasan: treat meminstrinsic as builtins in uninstrumented files")
Reviewed-by: Yeoreum Yun <yeoreum.yun(a)arm.com>
Cc: Alexander Potapenko <glider(a)google.com>
Cc: Andrey Konovalov <andreyknvl(a)gmail.com>
Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com>
Cc: Dmitriy Vyukov <dvyukov(a)google.com>
Cc: Marco Elver <elver(a)google.com>
Cc: Marc Rutland <mark.rutland(a)arm.com>
Cc: Michael Ellerman <mpe(a)ellerman.id.au>
Cc: Nathan Chancellor <nathan(a)kernel.org>
Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
scripts/Makefile.kasan | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
--- a/scripts/Makefile.kasan~kasan-fix-gcc-mem-intrinsic-prefix-with-sw-tags
+++ a/scripts/Makefile.kasan
@@ -86,10 +86,14 @@ kasan_params += hwasan-instrument-stack=
hwasan-use-short-granules=0 \
hwasan-inline-all-checks=0
-# Instrument memcpy/memset/memmove calls by using instrumented __hwasan_mem*().
-ifeq ($(call clang-min-version, 150000)$(call gcc-min-version, 130000),y)
- kasan_params += hwasan-kernel-mem-intrinsic-prefix=1
-endif
+# Instrument memcpy/memset/memmove calls by using instrumented __(hw)asan_mem*().
+ifdef CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX
+ ifdef CONFIG_CC_IS_GCC
+ kasan_params += asan-kernel-mem-intrinsic-prefix=1
+ else
+ kasan_params += hwasan-kernel-mem-intrinsic-prefix=1
+ endif
+endif # CONFIG_CC_HAS_KASAN_MEMINTRINSIC_PREFIX
endif # CONFIG_KASAN_SW_TAGS
_
Patches currently in -mm which might be from ada.coupriediaz(a)arm.com are
2 weeks, 2 days
- 1
- 0
[merged mm-hotfixes-stable] kunit-kasan_test-disable-fortify-string-checker-on-kasan_strings-test.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: kunit: kasan_test: disable fortify string checker on kasan_strings() test
has been removed from the -mm tree. Its filename was
kunit-kasan_test-disable-fortify-string-checker-on-kasan_strings-test.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Yeoreum Yun <yeoreum.yun(a)arm.com>
Subject: kunit: kasan_test: disable fortify string checker on kasan_strings() test
Date: Fri, 1 Aug 2025 13:02:36 +0100
Similar to commit 09c6304e38e4 ("kasan: test: fix compatibility with
FORTIFY_SOURCE") the kernel is panicing in kasan_string().
This is due to the `src` and `ptr` not being hidden from the optimizer
which would disable the runtime fortify string checker.
Call trace:
__fortify_panic+0x10/0x20 (P)
kasan_strings+0x980/0x9b0
kunit_try_run_case+0x68/0x190
kunit_generic_run_threadfn_adapter+0x34/0x68
kthread+0x1c4/0x228
ret_from_fork+0x10/0x20
Code: d503233f a9bf7bfd 910003fd 9424b243 (d4210000)
---[ end trace 0000000000000000 ]---
note: kunit_try_catch[128] exited with irqs disabled
note: kunit_try_catch[128] exited with preempt_count 1
# kasan_strings: try faulted: last
** replaying previous printk message **
# kasan_strings: try faulted: last line seen mm/kasan/kasan_test_c.c:1600
# kasan_strings: internal error occurred preventing test case from running: -4
Link: https://lkml.kernel.org/r/20250801120236.2962642-1-yeoreum.yun@arm.com
Fixes: 73228c7ecc5e ("KASAN: port KASAN Tests to KUnit")
Signed-off-by: Yeoreum Yun <yeoreum.yun(a)arm.com>
Cc: Alexander Potapenko <glider(a)google.com>
Cc: Andrey Konovalov <andreyknvl(a)gmail.com>
Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com>
Cc: Dmitriy Vyukov <dvyukov(a)google.com>
Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/kasan/kasan_test_c.c | 2 ++
1 file changed, 2 insertions(+)
--- a/mm/kasan/kasan_test_c.c~kunit-kasan_test-disable-fortify-string-checker-on-kasan_strings-test
+++ a/mm/kasan/kasan_test_c.c
@@ -1578,9 +1578,11 @@ static void kasan_strings(struct kunit *
ptr = kmalloc(size, GFP_KERNEL | __GFP_ZERO);
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, ptr);
+ OPTIMIZER_HIDE_VAR(ptr);
src = kmalloc(KASAN_GRANULE_SIZE, GFP_KERNEL | __GFP_ZERO);
strscpy(src, "f0cacc1a0000000", KASAN_GRANULE_SIZE);
+ OPTIMIZER_HIDE_VAR(src);
/*
* Make sure that strscpy() does not trigger KASAN if it overreads into
_
Patches currently in -mm which might be from yeoreum.yun(a)arm.com are
kasan-hw-tags-introduce-kasanwrite_only-option.patch
kasan-apply-write-only-mode-in-kasan-kunit-testcases.patch
2 weeks, 2 days
- 1
- 0
[merged mm-hotfixes-stable] mm-userfaultfd-fix-kmap_local-lifo-ordering-for-config_highpte.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE
has been removed from the -mm tree. Its filename was
mm-userfaultfd-fix-kmap_local-lifo-ordering-for-config_highpte.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Sasha Levin <sashal(a)kernel.org>
Subject: mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE
Date: Thu, 31 Jul 2025 10:44:31 -0400
With CONFIG_HIGHPTE on 32-bit ARM, move_pages_pte() maps PTE pages using
kmap_local_page(), which requires unmapping in Last-In-First-Out order.
The current code maps dst_pte first, then src_pte, but unmaps them in the
same order (dst_pte, src_pte), violating the LIFO requirement. This
causes the warning in kunmap_local_indexed():
WARNING: CPU: 0 PID: 604 at mm/highmem.c:622 kunmap_local_indexed+0x178/0x17c
addr \!= __fix_to_virt(FIX_KMAP_BEGIN + idx)
Fix this by reversing the unmap order to respect LIFO ordering.
This issue follows the same pattern as similar fixes:
- commit eca6828403b8 ("crypto: skcipher - fix mismatch between mapping and unmapping order")
- commit 8cf57c6df818 ("nilfs2: eliminate staggered calls to kunmap in nilfs_rename")
Both of which addressed the same fundamental requirement that kmap_local
operations must follow LIFO ordering.
Link: https://lkml.kernel.org/r/20250731144431.773923-1-sashal@kernel.org
Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI")
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
Acked-by: David Hildenbrand <david(a)redhat.com>
Reviewed-by: Suren Baghdasaryan <surenb(a)google.com>
Cc: Andrea Arcangeli <aarcange(a)redhat.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/userfaultfd.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
--- a/mm/userfaultfd.c~mm-userfaultfd-fix-kmap_local-lifo-ordering-for-config_highpte
+++ a/mm/userfaultfd.c
@@ -1453,10 +1453,15 @@ out:
folio_unlock(src_folio);
folio_put(src_folio);
}
- if (dst_pte)
- pte_unmap(dst_pte);
+ /*
+ * Unmap in reverse order (LIFO) to maintain proper kmap_local
+ * index ordering when CONFIG_HIGHPTE is enabled. We mapped dst_pte
+ * first, then src_pte, so we must unmap src_pte first, then dst_pte.
+ */
if (src_pte)
pte_unmap(src_pte);
+ if (dst_pte)
+ pte_unmap(dst_pte);
mmu_notifier_invalidate_range_end(&range);
if (si)
put_swap_device(si);
_
Patches currently in -mm which might be from sashal(a)kernel.org are
2 weeks, 2 days
- 1
- 0
[merged mm-hotfixes-stable] ocfs2-prevent-release-journal-inode-after-journal-shutdown.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: ocfs2: prevent release journal inode after journal shutdown
has been removed from the -mm tree. Its filename was
ocfs2-prevent-release-journal-inode-after-journal-shutdown.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Edward Adam Davis <eadavis(a)qq.com>
Subject: ocfs2: prevent release journal inode after journal shutdown
Date: Tue, 19 Aug 2025 21:41:02 +0800
Before calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already
been executed in ocfs2_dismount_volume(), so osb->journal must be NULL.
Therefore, the following calltrace will inevitably fail when it reaches
jbd2_journal_release_jbd_inode().
ocfs2_dismount_volume()->
ocfs2_delete_osb()->
ocfs2_free_slot_info()->
__ocfs2_free_slot_info()->
evict()->
ocfs2_evict_inode()->
ocfs2_clear_inode()->
jbd2_journal_release_jbd_inode(osb->journal->j_journal,
Adding osb->journal checks will prevent null-ptr-deref during the above
execution path.
Link: https://lkml.kernel.org/r/tencent_357489BEAEE4AED74CBD67D246DBD2C4C606@qq.c…
Fixes: da5e7c87827e ("ocfs2: cleanup journal init and shutdown")
Signed-off-by: Edward Adam Davis <eadavis(a)qq.com>
Reported-by: syzbot+47d8cb2f2cc1517e515a(a)syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=47d8cb2f2cc1517e515a
Tested-by: syzbot+47d8cb2f2cc1517e515a(a)syzkaller.appspotmail.com
Reviewed-by: Mark Tinguely <mark.tinguely(a)oracle.com>
Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com>
Cc: Mark Fasheh <mark(a)fasheh.com>
Cc: Joel Becker <jlbec(a)evilplan.org>
Cc: Junxiao Bi <junxiao.bi(a)oracle.com>
Cc: Changwei Ge <gechangwei(a)live.cn>
Cc: Jun Piao <piaojun(a)huawei.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
fs/ocfs2/inode.c | 3 +++
1 file changed, 3 insertions(+)
--- a/fs/ocfs2/inode.c~ocfs2-prevent-release-journal-inode-after-journal-shutdown
+++ a/fs/ocfs2/inode.c
@@ -1281,6 +1281,9 @@ static void ocfs2_clear_inode(struct ino
* the journal is flushed before journal shutdown. Thus it is safe to
* have inodes get cleaned up after journal shutdown.
*/
+ if (!osb->journal)
+ return;
+
jbd2_journal_release_jbd_inode(osb->journal->j_journal,
&oi->ip_jinode);
}
_
Patches currently in -mm which might be from eadavis(a)qq.com are
2 weeks, 2 days
- 1
- 0
[merged mm-hotfixes-stable] rust-mm-mark-vmanew-as-transparent.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: rust: mm: mark VmaNew as transparent
has been removed from the -mm tree. Its filename was
rust-mm-mark-vmanew-as-transparent.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Baptiste Lepers <baptiste.lepers(a)gmail.com>
Subject: rust: mm: mark VmaNew as transparent
Date: Tue, 12 Aug 2025 15:26:56 +0200
Unsafe code in VmaNew's methods assumes that the type has the same layout
as the inner `bindings::vm_area_struct`. This is not guaranteed by the
default struct representation in Rust, but requires specifying the
`transparent` representation.
Link: https://lkml.kernel.org/r/20250812132712.61007-1-baptiste.lepers@gmail.com
Fixes: dcb81aeab406 ("mm: rust: add VmaNew for f_ops->mmap()")
Signed-off-by: Baptiste Lepers <baptiste.lepers(a)gmail.com>
Reviewed-by: Alice Ryhl <aliceryhl(a)google.com>
Cc: Alex Gaynor <alex.gaynor(a)gmail.com>
Cc: Andreas Hindborg <a.hindborg(a)kernel.org>
Cc: Bj��rn Roy Baron <bjorn3_gh(a)protonmail.com>
Cc: Boqun Feng <boqun.feng(a)gmail.com>
Cc: Danilo Krummrich <dakr(a)kernel.org>
Cc: Gary Guo <gary(a)garyguo.net>
Cc: Jann Horn <jannh(a)google.com>
Cc: Liam Howlett <liam.howlett(a)oracle.com>
Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Cc: Miguel Ojeda <ojeda(a)kernel.org>
Cc: Trevor Gross <tmgross(a)umich.edu>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
rust/kernel/mm/virt.rs | 1 +
1 file changed, 1 insertion(+)
--- a/rust/kernel/mm/virt.rs~rust-mm-mark-vmanew-as-transparent
+++ a/rust/kernel/mm/virt.rs
@@ -209,6 +209,7 @@ impl VmaMixedMap {
///
/// For the duration of 'a, the referenced vma must be undergoing initialization in an
/// `f_ops->mmap()` hook.
+#[repr(transparent)]
pub struct VmaNew {
vma: VmaRef,
}
_
Patches currently in -mm which might be from baptiste.lepers(a)gmail.com are
2 weeks, 2 days
- 1
- 0
[merged mm-hotfixes-stable] of_numa-fix-uninitialized-memory-nodes-causing-kernel-panic.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: of_numa: fix uninitialized memory nodes causing kernel panic
has been removed from the -mm tree. Its filename was
of_numa-fix-uninitialized-memory-nodes-causing-kernel-panic.patch
This patch was dropped because it was merged into the mm-hotfixes-stable branch
of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
------------------------------------------------------
From: Yin Tirui <yintirui(a)huawei.com>
Subject: of_numa: fix uninitialized memory nodes causing kernel panic
Date: Tue, 19 Aug 2025 15:55:10 +0800
When there are memory-only nodes (nodes without CPUs), these nodes are not
properly initialized, causing kernel panic during boot.
of_numa_init
of_numa_parse_cpu_nodes
node_set(nid, numa_nodes_parsed);
of_numa_parse_memory_nodes
In of_numa_parse_cpu_nodes, numa_nodes_parsed gets updated only for nodes
containing CPUs. Memory-only nodes should have been updated in
of_numa_parse_memory_nodes, but they weren't.
Subsequently, when free_area_init() attempts to access NODE_DATA() for
these uninitialized memory nodes, the kernel panics due to NULL pointer
dereference.
This can be reproduced on ARM64 QEMU with 1 CPU and 2 memory nodes:
qemu-system-aarch64 \
-cpu host -nographic \
-m 4G -smp 1 \
-machine virt,accel=kvm,gic-version=3,iommu=smmuv3 \
-object memory-backend-ram,size=2G,id=mem0 \
-object memory-backend-ram,size=2G,id=mem1 \
-numa node,nodeid=0,memdev=mem0 \
-numa node,nodeid=1,memdev=mem1 \
-kernel $IMAGE \
-hda $DISK \
-append "console=ttyAMA0 root=/dev/vda rw earlycon"
[ 0.000000] Booting Linux on physical CPU 0x0000000000 [0x481fd010]
[ 0.000000] Linux version 6.17.0-rc1-00001-gabb4b3daf18c-dirty (yintirui@local) (gcc (GCC) 12.3.1, GNU ld (GNU Binutils) 2.41) #52 SMP PREEMPT Mon Aug 18 09:49:40 CST 2025
[ 0.000000] KASLR enabled
[ 0.000000] random: crng init done
[ 0.000000] Machine model: linux,dummy-virt
[ 0.000000] efi: UEFI not found.
[ 0.000000] earlycon: pl11 at MMIO 0x0000000009000000 (options '')
[ 0.000000] printk: legacy bootconsole [pl11] enabled
[ 0.000000] OF: reserved mem: Reserved memory: No reserved-memory node in the DT
[ 0.000000] NODE_DATA(0) allocated [mem 0xbfffd9c0-0xbfffffff]
[ 0.000000] node 1 must be removed before remove section 23
[ 0.000000] Zone ranges:
[ 0.000000] DMA [mem 0x0000000040000000-0x00000000ffffffff]
[ 0.000000] DMA32 empty
[ 0.000000] Normal [mem 0x0000000100000000-0x000000013fffffff]
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x0000000040000000-0x00000000bfffffff]
[ 0.000000] node 1: [mem 0x00000000c0000000-0x000000013fffffff]
[ 0.000000] Initmem setup node 0 [mem 0x0000000040000000-0x00000000bfffffff]
[ 0.000000] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0
[ 0.000000] Mem abort info:
[ 0.000000] ESR = 0x0000000096000004
[ 0.000000] EC = 0x25: DABT (current EL), IL = 32 bits
[ 0.000000] SET = 0, FnV = 0
[ 0.000000] EA = 0, S1PTW = 0
[ 0.000000] FSC = 0x04: level 0 translation fault
[ 0.000000] Data abort info:
[ 0.000000] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[ 0.000000] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 0.000000] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 0.000000] [00000000000000a0] user address but active_mm is swapper
[ 0.000000] Internal error: Oops: 0000000096000004 [#1] SMP
[ 0.000000] Modules linked in:
[ 0.000000] CPU: 0 UID: 0 PID: 0 Comm: swapper Not tainted 6.17.0-rc1-00001-g760c6dabf762-dirty #54 PREEMPT
[ 0.000000] Hardware name: linux,dummy-virt (DT)
[ 0.000000] pstate: 800000c5 (Nzcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 0.000000] pc : free_area_init+0x50c/0xf9c
[ 0.000000] lr : free_area_init+0x5c0/0xf9c
[ 0.000000] sp : ffffa02ca0f33c00
[ 0.000000] x29: ffffa02ca0f33cb0 x28: 0000000000000000 x27: 0000000000000000
[ 0.000000] x26: 4ec4ec4ec4ec4ec5 x25: 00000000000c0000 x24: 00000000000c0000
[ 0.000000] x23: 0000000000040000 x22: 0000000000000000 x21: ffffa02ca0f3b368
[ 0.000000] x20: ffffa02ca14c7b98 x19: 0000000000000000 x18: 0000000000000002
[ 0.000000] x17: 000000000000cacc x16: 0000000000000001 x15: 0000000000000001
[ 0.000000] x14: 0000000080000000 x13: 0000000000000018 x12: 0000000000000002
[ 0.000000] x11: ffffa02ca0fd4f00 x10: ffffa02ca14bab20 x9 : ffffa02ca14bab38
[ 0.000000] x8 : 00000000000c0000 x7 : 0000000000000001 x6 : 0000000000000002
[ 0.000000] x5 : 0000000140000000 x4 : ffffa02ca0f33c90 x3 : ffffa02ca0f33ca0
[ 0.000000] x2 : ffffa02ca0f33c98 x1 : 0000000080000000 x0 : 0000000000000001
[ 0.000000] Call trace:
[ 0.000000] free_area_init+0x50c/0xf9c (P)
[ 0.000000] bootmem_init+0x110/0x1dc
[ 0.000000] setup_arch+0x278/0x60c
[ 0.000000] start_kernel+0x70/0x748
[ 0.000000] __primary_switched+0x88/0x90
[ 0.000000] Code: d503201f b98093e0 52800016 f8607a93 (f9405260)
[ 0.000000] ---[ end trace 0000000000000000 ]---
[ 0.000000] Kernel panic - not syncing: Attempted to kill the idle task!
[ 0.000000] ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]---
Link: https://lkml.kernel.org/r/20250819075510.2079961-1-yintirui@huawei.com
Fixes: 767507654c22 ("arch_numa: switch over to numa_memblks")
Signed-off-by: Yin Tirui <yintirui(a)huawei.com>
Acked-by: David Hildenbrand <david(a)redhat.com>
Acked-by: Mike Rapoport (Microsoft) <rppt(a)kernel.org>
Reviewed-by: Kefeng Wang <wangkefeng.wang(a)huawei.com>
Cc: Chen Jun <chenjun102(a)huawei.com>
Cc: Dan Williams <dan.j.williams(a)intel.com>
Cc: Joanthan Cameron <Jonathan.Cameron(a)huawei.com>
Cc: Rob Herring <robh(a)kernel.org>
Cc: Saravana Kannan <saravanak(a)google.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
drivers/of/of_numa.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/drivers/of/of_numa.c~of_numa-fix-uninitialized-memory-nodes-causing-kernel-panic
+++ a/drivers/of/of_numa.c
@@ -59,8 +59,11 @@ static int __init of_numa_parse_memory_n
r = -EINVAL;
}
- for (i = 0; !r && !of_address_to_resource(np, i, &rsrc); i++)
+ for (i = 0; !r && !of_address_to_resource(np, i, &rsrc); i++) {
r = numa_add_memblk(nid, rsrc.start, rsrc.end + 1);
+ if (!r)
+ node_set(nid, numa_nodes_parsed);
+ }
if (!i || r) {
of_node_put(np);
_
Patches currently in -mm which might be from yintirui(a)huawei.com are
2 weeks, 2 days
- 1
- 0
[PATCH] scsi: lpfc: Fix buffer free/clear order in deferred receive path
by John Evans
Fix a use-after-free window by correcting the buffer release sequence in
the deferred receive path. The code freed the RQ buffer first and only
then cleared the context pointer under the lock. Concurrent paths
(e.g., ABTS and the repost path) also inspect and release the same
pointer under the lock, so the old order could lead to double-free/UAF.
Note that the repost path already uses the correct pattern: detach the
pointer under the lock, then free it after dropping the lock. The deferred
path should do the same.
Fixes: 472e146d1cf3 ("scsi: lpfc: Correct upcalling nvmet_fc transport during io done downcall")
Cc: stable(a)vger.kernel.org
Signed-off-by: John Evans <evans1210144(a)gmail.com>
---
drivers/scsi/lpfc/lpfc_nvmet.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/scsi/lpfc/lpfc_nvmet.c b/drivers/scsi/lpfc/lpfc_nvmet.c
index fba2e62027b7..766319543680 100644
--- a/drivers/scsi/lpfc/lpfc_nvmet.c
+++ b/drivers/scsi/lpfc/lpfc_nvmet.c
@@ -1264,10 +1264,15 @@ lpfc_nvmet_defer_rcv(struct nvmet_fc_target_port *tgtport,
atomic_inc(&tgtp->rcv_fcp_cmd_defer);
/* Free the nvmebuf since a new buffer already replaced it */
- nvmebuf->hrq->rqbp->rqb_free_buffer(phba, nvmebuf);
spin_lock_irqsave(&ctxp->ctxlock, iflag);
- ctxp->rqb_buffer = NULL;
- spin_unlock_irqrestore(&ctxp->ctxlock, iflag);
+ nvmebuf = ctxp->rqb_buffer;
+ if (nvmebuf) {
+ ctxp->rqb_buffer = NULL;
+ spin_unlock_irqrestore(&ctxp->ctxlock, iflag);
+ nvmebuf->hrq->rqbp->rqb_free_buffer(phba, nvmebuf);
+ } else {
+ spin_unlock_irqrestore(&ctxp->ctxlock, iflag);
+ }
}
/**
--
2.43.0
2 weeks, 2 days
- 2
- 4
[PATCH net-next] net: xilinx: axienet: Add error handling for RX metadata pointer retrieval
by Abin Joseph
Add proper error checking for dmaengine_desc_get_metadata_ptr() which
can return an error pointer and lead to potential crashes or undefined
behaviour if the pointer retrieval fails.
Properly handle the error by unmapping DMA buffer, freeing the skb and
returning early to prevent further processing with invalid data.
Fixes: 6a91b846af85 ("net: axienet: Introduce dmaengine support")
Signed-off-by: Abin Joseph <abin.joseph(a)amd.com>
---
drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
index 0d8a05fe541a..1729fd21d83b 100644
--- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
+++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c
@@ -1166,8 +1166,17 @@ static void axienet_dma_rx_cb(void *data, const struct dmaengine_result *result)
skb = skbuf_dma->skb;
app_metadata = dmaengine_desc_get_metadata_ptr(skbuf_dma->desc, &meta_len,
&meta_max_len);
- dma_unmap_single(lp->dev, skbuf_dma->dma_address, lp->max_frm_size,
- DMA_FROM_DEVICE);
+
+ dma_unmap_single(lp->dev, skbuf_dma->dma_address, lp->max_frm_size, DMA_FROM_DEVICE);
+
+ if (IS_ERR(app_metadata)) {
+ if (net_ratelimit())
+ netdev_err(lp->ndev, "Failed to get RX metadata pointer\n");
+ dev_kfree_skb_any(skb);
+ lp->ndev->stats.rx_dropped++;
+ goto rx_submit;
+ }
+
/* TODO: Derive app word index programmatically */
rx_len = (app_metadata[LEN_APP] & 0xFFFF);
skb_put(skb, rx_len);
@@ -1180,6 +1189,7 @@ static void axienet_dma_rx_cb(void *data, const struct dmaengine_result *result)
u64_stats_add(&lp->rx_bytes, rx_len);
u64_stats_update_end(&lp->rx_stat_sync);
+rx_submit:
for (i = 0; i < CIRC_SPACE(lp->rx_ring_head, lp->rx_ring_tail,
RX_BUF_NUM_DEFAULT); i++)
axienet_rx_submit_desc(lp->ndev);
--
2.34.1
2 weeks, 2 days
- 3
- 2
[PATCH v3 1/3] xen/events: Cleanup find_virq() return codes
by Jason Andryuk
rc is overwritten by the evtchn_status hypercall in each iteration, so
the return value will be whatever the last iteration is. This could
incorrectly return success even if the event channel was not found.
Change to an explicit -ENOENT for an un-found virq and return 0 on a
successful match.
Fixes: 62cc5fc7b2e0 ("xen/pv-on-hvm kexec: rebind virqs to existing eventchannel ports")
Cc: stable(a)vger.kernel.org
Signed-off-by: Jason Andryuk <jason.andryuk(a)amd.com>
Reviewed-by: Jan Beulich <jbeulich(a)suse.com>
Reviewed-by: Juergen Gross <jgross(a)suse.com>
---
v3:
Reduce rc's scope
Add R-b: Jan
Mention false success in commit message
Add Fixes
Cc: stable
Add R-b: Juergen
v2:
New
---
drivers/xen/events/events_base.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c
index 41309d38f78c..374231d84e4f 100644
--- a/drivers/xen/events/events_base.c
+++ b/drivers/xen/events/events_base.c
@@ -1318,10 +1318,11 @@ static int find_virq(unsigned int virq, unsigned int cpu, evtchn_port_t *evtchn)
{
struct evtchn_status status;
evtchn_port_t port;
- int rc = -ENOENT;
memset(&status, 0, sizeof(status));
for (port = 0; port < xen_evtchn_max_channels(); port++) {
+ int rc;
+
status.dom = DOMID_SELF;
status.port = port;
rc = HYPERVISOR_event_channel_op(EVTCHNOP_status, &status);
@@ -1331,10 +1332,10 @@ static int find_virq(unsigned int virq, unsigned int cpu, evtchn_port_t *evtchn)
continue;
if (status.u.virq == virq && status.vcpu == xen_vcpu_nr(cpu)) {
*evtchn = port;
- break;
+ return 0;
}
}
- return rc;
+ return -ENOENT;
}
/**
--
2.34.1
2 weeks, 2 days
- 1
- 0
+ mm-damon-reclaim-avoid-divide-by-zero-in-damon_reclaim_apply_parameters.patch added to mm-hotfixes-unstable branch
by Andrew Morton
The patch titled
Subject: mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters()
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
mm-damon-reclaim-avoid-divide-by-zero-in-damon_reclaim_apply_parameters.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Quanmin Yan <yanquanmin1(a)huawei.com>
Subject: mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters()
Date: Wed, 27 Aug 2025 19:58:58 +0800
When creating a new scheme of DAMON_RECLAIM, the calculation of
'min_age_region' uses 'aggr_interval' as the divisor, which may lead to
division-by-zero errors. Fix it by directly returning -EINVAL when such a
case occurs.
Link: https://lkml.kernel.org/r/20250827115858.1186261-3-yanquanmin1@huawei.com
Fixes: f5a79d7c0c87 ("mm/damon: introduce struct damos_access_pattern")
Signed-off-by: Quanmin Yan <yanquanmin1(a)huawei.com>
Reviewed-by: SeongJae Park <sj(a)kernel.org>
Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com>
Cc: ze zuo <zuoze1(a)huawei.com>
Cc: <stable(a)vger.kernel.org> [6.1+]
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/damon/reclaim.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/mm/damon/reclaim.c~mm-damon-reclaim-avoid-divide-by-zero-in-damon_reclaim_apply_parameters
+++ a/mm/damon/reclaim.c
@@ -194,6 +194,11 @@ static int damon_reclaim_apply_parameter
if (err)
return err;
+ if (!damon_reclaim_mon_attrs.aggr_interval) {
+ err = -EINVAL;
+ goto out;
+ }
+
err = damon_set_attrs(param_ctx, &damon_reclaim_mon_attrs);
if (err)
goto out;
_
Patches currently in -mm which might be from yanquanmin1(a)huawei.com are
mm-damon-core-prevent-unnecessary-overflow-in-damos_set_effective_quota.patch
mm-damon-lru_sort-avoid-divide-by-zero-in-damon_lru_sort_apply_parameters.patch
mm-damon-reclaim-avoid-divide-by-zero-in-damon_reclaim_apply_parameters.patch
2 weeks, 2 days
- 1
- 0
+ mm-damon-lru_sort-avoid-divide-by-zero-in-damon_lru_sort_apply_parameters.patch added to mm-hotfixes-unstable branch
by Andrew Morton
The patch titled
Subject: mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
mm-damon-lru_sort-avoid-divide-by-zero-in-damon_lru_sort_apply_parameters.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Quanmin Yan <yanquanmin1(a)huawei.com>
Subject: mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()
Date: Wed, 27 Aug 2025 19:58:57 +0800
Patch series "mm/damon: avoid divide-by-zero in DAMON module's parameters
application".
DAMON's RECLAIM and LRU_SORT modules perform no validation on
user-configured parameters during application, which may lead to
division-by-zero errors.
Avoid the divide-by-zero by adding validation checks when DAMON modules
attempt to apply the parameters.
This patch (of 2):
During the calculation of 'hot_thres' and 'cold_thres', either
'sample_interval' or 'aggr_interval' is used as the divisor, which may
lead to division-by-zero errors. Fix it by directly returning -EINVAL
when such a case occurs. Additionally, since 'aggr_interval' is already
required to be set no smaller than 'sample_interval' in damon_set_attrs(),
only the case where 'sample_interval' is zero needs to be checked.
Link: https://lkml.kernel.org/r/20250827115858.1186261-2-yanquanmin1@huawei.com
Fixes: 40e983cca927 ("mm/damon: introduce DAMON-based LRU-lists Sorting")
Signed-off-by: Quanmin Yan <yanquanmin1(a)huawei.com>
Reviewed-by: SeongJae Park <sj(a)kernel.org>
Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com>
Cc: ze zuo <zuoze1(a)huawei.com>
Cc: <stable(a)vger.kernel.org> [6.0+]
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/damon/lru_sort.c | 5 +++++
1 file changed, 5 insertions(+)
--- a/mm/damon/lru_sort.c~mm-damon-lru_sort-avoid-divide-by-zero-in-damon_lru_sort_apply_parameters
+++ a/mm/damon/lru_sort.c
@@ -198,6 +198,11 @@ static int damon_lru_sort_apply_paramete
if (err)
return err;
+ if (!damon_lru_sort_mon_attrs.sample_interval) {
+ err = -EINVAL;
+ goto out;
+ }
+
err = damon_set_attrs(ctx, &damon_lru_sort_mon_attrs);
if (err)
goto out;
_
Patches currently in -mm which might be from yanquanmin1(a)huawei.com are
mm-damon-core-prevent-unnecessary-overflow-in-damos_set_effective_quota.patch
mm-damon-lru_sort-avoid-divide-by-zero-in-damon_lru_sort_apply_parameters.patch
mm-damon-reclaim-avoid-divide-by-zero-in-damon_reclaim_apply_parameters.patch
2 weeks, 2 days
- 1
- 0
[PATCH 6.16 000/570] 6.16.2-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.16.2 release.
There are 570 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 20 Aug 2025 12:43:43 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.16.2-rc1…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.16.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.16.2-rc1
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring/zcrx: don't leak pages on account failure
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring/zcrx: fix null ifq on area destruction
Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com>
dm: split write BIOs on zone boundaries when zone append is not emulated
Thomas Gleixner <tglx(a)linutronix.de>
irqchip/mvebu-gicp: Use resource_size() for ioremap()
Frederic Weisbecker <frederic(a)kernel.org>
rcu: Fix racy re-initialization of irq_work causing hangs
Yu Kuai <yukuai3(a)huawei.com>
md: fix create on open mddev lifetime regression
Ivan Lipski <ivan.lipski(a)amd.com>
drm/amd/display: Allow DCN301 to clear update flags
Arnd Bergmann <arnd(a)arndb.de>
firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS
Jens Axboe <axboe(a)kernel.dk>
io_uring/rw: cast rw->flags assignment to rwf_t
Damien Le Moal <dlemoal(a)kernel.org>
ata: libata-sata: Add link_power_management_supported sysfs attribute
Maxim Levitsky <mlevitsk(a)redhat.com>
KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest
Maxim Levitsky <mlevitsk(a)redhat.com>
KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs
Maxim Levitsky <mlevitsk(a)redhat.com>
KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter
Sean Christopherson <seanjc(a)google.com>
KVM: VMX: Extract checking of guest's DEBUGCTL into helper
Pedro Falcato <pfalcato(a)suse.de>
RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages
Willy Tarreau <w(a)1wt.eu>
tools/nolibc: fix spelling of FD_SETBITMASK in FD_* macros
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
tracing: fprobe: Fix infinite recursion using preempt_*_notrace()
Benjamin Mugnier <benjamin.mugnier(a)foss.st.com>
media: i2c: vd55g1: Fix return code in vd55g1_enable_streams error path
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Turn on the camera if V4L2_EVENT_SUB_FL_SEND_INITIAL
Marek Szyprowski <m.szyprowski(a)samsung.com>
media: v4l2: Add support for NV12M tiled variants to v4l2_format_info()
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Do not mark valid metadata as invalid
Vedang Nagar <quic_vnagar(a)quicinc.com>
media: venus: Fix OOB read due to missing payload bound check
Youngjun Lee <yjjuny.lee(a)samsung.com>
media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
Breno Leitao <leitao(a)debian.org>
mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock
Waiman Long <longman(a)redhat.com>
mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup()
Kairui Song <kasong(a)tencent.com>
mm/shmem, swap: improve cached mTHP handling and fix potential hang
Anshuman Khandual <anshuman.khandual(a)arm.com>
mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()
David Hildenbrand <david(a)redhat.com>
mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud()
Vlastimil Babka <vbabka(a)suse.cz>
mm, slab: restore NUMA policy support for large kmalloc
Randy Dunlap <rdunlap(a)infradead.org>
parisc: Makefile: fix a typo in palo.conf
Hans de Goede <hansg(a)kernel.org>
i2c: core: Fix double-free of fwnode in i2c_unregister_device()
Haiyang Zhang <haiyangz(a)microsoft.com>
hv_netvsc: Fix panic during namespace deletion with VF
Davide Caratti <dcaratti(a)redhat.com>
net/sched: ets: use old 'nbands' while purging unused classes
Lizhi Xu <lizhi.xu(a)windriver.com>
ocfs2: reset folio to NULL when get folio fails
Randy Dunlap <rdunlap(a)infradead.org>
fbdev: nvidiafb: add depends on HAS_IOPORT
Sravan Kumar Gundu <sravankumarlpu(a)gmail.com>
fbdev: Fix vmalloc out-of-bounds write in fast_imageblit
Suren Baghdasaryan <surenb(a)google.com>
userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry
Andrey Albershteyn <aalbersh(a)redhat.com>
xfs: fix scrub trace with null pointer in quotacheck
Qu Wenruo <wqu(a)suse.com>
btrfs: do not allow relocation of partially dropped subvolumes
Boris Burkov <boris(a)bur.io>
btrfs: fix iteration bug in __qgroup_excl_accounting()
Qu Wenruo <wqu(a)suse.com>
btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents()
Naohiro Aota <naohiro.aota(a)wdc.com>
btrfs: zoned: do not select metadata BG as finish target
Filipe Manana <fdmanana(a)suse.com>
btrfs: error on missing block group when unaccounting log tree extent buffers
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix log tree replay failure due to file with 0 links and extents
Filipe Manana <fdmanana(a)suse.com>
btrfs: send: use fallocate for hole punching with send stream v2
Filipe Manana <fdmanana(a)suse.com>
btrfs: clear dirty status from extent buffer on error at insert_new_root()
Filipe Manana <fdmanana(a)suse.com>
btrfs: don't skip remaining extrefs if dir not found during log replay
Filipe Manana <fdmanana(a)suse.com>
btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled
Caleb Sander Mateos <csander(a)purestorage.com>
btrfs: don't skip accounting in early ENOTTY return in btrfs_uring_encoded_read()
Qu Wenruo <wqu(a)suse.com>
btrfs: populate otime when logging an inode item
Filipe Manana <fdmanana(a)suse.com>
btrfs: qgroup: fix race between quota disable and quota rescan ioctl
Boris Burkov <boris(a)bur.io>
btrfs: fix ssd_spread overallocation
Filipe Manana <fdmanana(a)suse.com>
btrfs: don't ignore inode missing when replaying log tree
Filipe Manana <fdmanana(a)suse.com>
btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations
Naohiro Aota <naohiro.aota(a)wdc.com>
btrfs: zoned: do not remove unwritten non-data block group
Naohiro Aota <naohiro.aota(a)wdc.com>
btrfs: zoned: requeue to unused block group list if zone finish failed
Johannes Thumshirn <johannes.thumshirn(a)wdc.com>
btrfs: zoned: reserve data_reloc block group on mount
Filipe Manana <fdmanana(a)suse.com>
btrfs: abort transaction during log replay if walk_log_tree() failed
Johannes Thumshirn <johannes.thumshirn(a)wdc.com>
btrfs: zoned: use filesystem size not disk size for reclaim decision
Oliver Neukum <oneukum(a)suse.com>
cdc-acm: fix race between initial clearing halt and open
Sebastian Reichel <sebastian.reichel(a)collabora.com>
usb: typec: fusb302: cache PD RX state
Eric Biggers <ebiggers(a)kernel.org>
thunderbolt: Fix copy+paste error in match_service_id()
Ian Abbott <abbotti(a)mev.co.uk>
comedi: fix race between polling and detaching
Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz>
usb: typec: ucsi: Update power_supply on power role change
Ricky Wu <ricky_wu(a)realtek.com>
misc: rtsx: usb: Ensure mmc child device is active when card is present
Xinyu Liu <katieeliu(a)tencent.com>
usb: core: config: Prevent OOB read in SS endpoint companion parsing
Zhang Yi <yi.zhang(a)huawei.com>
ext4: initialize superblock fields in the kballoc-test.c kunit tests
Baokun Li <libaokun1(a)huawei.com>
ext4: fix largest free orders lists corruption on mb_optimize_scan switch
Baokun Li <libaokun1(a)huawei.com>
ext4: fix zombie groups in average fragment size lists
Jason Gunthorpe <jgg(a)ziepe.ca>
iommufd: Prevent ALIGN() overflow
Nicolin Chen <nicolinc(a)nvidia.com>
iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range
Alexey Klimov <alexey.klimov(a)linaro.org>
iommu/arm-smmu-qcom: Add SM6115 MDSS compatible
Nicolin Chen <nicolinc(a)nvidia.com>
iommu/arm-smmu-v3: Revert vmaster in the error path
Lu Baolu <baolu.lu(a)linux.intel.com>
iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes
Shyam Prasad N <sprasad(a)microsoft.com>
cifs: reset iface weights when we cannot find a candidate
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
clk: qcom: dispcc-sm8750: Fix setting rate byte and pixel clocks
Christian Marangi <ansuelsmth(a)gmail.com>
clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src
Damien Le Moal <dlemoal(a)kernel.org>
dm: Always split write BIOs to zoned device limits
Damien Le Moal <dlemoal(a)kernel.org>
block: Introduce bio_needs_zone_write_plugging()
Bijan Tabatabai <bijantabatab(a)micron.com>
mm/damon/core: commit damos->target_nid
SeongJae Park <sj(a)kernel.org>
samples/damon/mtier: support boot time enable setup
SeongJae Park <sj(a)kernel.org>
samples/damon/wsse: fix boot time enable handling
Miguel Ojeda <ojeda(a)kernel.org>
rust: workaround `rustdoc` target modifiers bug
Miguel Ojeda <ojeda(a)kernel.org>
rust: kbuild: clean output before running `rustdoc`
Waiman Long <longman(a)redhat.com>
futex: Use user_write_access_begin/_end() in futex_put_value()
Tom Lendacky <thomas.lendacky(a)amd.com>
x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero
Fushuai Wang <wangfushuai(a)baidu.com>
x86/fpu: Fix NULL dereference in avx512_status()
Nikunj A Dadhania <nikunj(a)amd.com>
x86/sev: Improve handling of writes to intercepted TSC MSRs
Jack Xiao <Jack.Xiao(a)amd.com>
drm/amdgpu: fix incorrect vm flags to map bo
YiPeng Chai <YiPeng.Chai(a)amd.com>
drm/amdgpu: fix vram reservation issue
Karthik Poosa <karthik.poosa(a)intel.com>
drm/xe/hwmon: Add SW clamp for power limits writes
Matthew Auld <matthew.auld(a)intel.com>
drm/xe/migrate: prevent potential UAF
Matthew Auld <matthew.auld(a)intel.com>
drm/xe/migrate: don't overflow max copy size
Matthew Auld <matthew.auld(a)intel.com>
drm/xe/migrate: prevent infinite recursion
Jouni Högander <jouni.hogander(a)intel.com>
drm/i915/psr: Do not trigger Frame Change events from frontbuffer flush
Vinod Govindapillai <vinod.govindapillai(a)intel.com>
drm/i915/fbc: fix the implementation of wa_18038517565
David Howells <dhowells(a)redhat.com>
cifs: Fix collect_sample() to handle any iterator type
Zheng Qixing <zhengqixing(a)huawei.com>
block: fix kobject double initialization in add_disk
Caleb Sander Mateos <csander(a)purestorage.com>
ublk: check for unprivileged daemon on each I/O fetch
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_sai: replace regmap_write with regmap_update_bits
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
scsi: lpfc: Remove redundant assignment to avoid memory leak
Nitin Rawat <quic_nitirawa(a)quicinc.com>
scsi: ufs: core: Fix interrupt handling for MCQ Mode
Meagan Lloyd <meaganlloyd(a)linux.microsoft.com>
rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Fix uninited ptr deref in block/scsi layout
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Handle RPC size limit for layoutcommits
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Fix disk addr range check in block/scsi layout
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Fix stripe mapping in block/scsi layout
John Garry <john.g.garry(a)oracle.com>
block: avoid possible overflow for chunk_sectors check in blk_stack_limits()
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix uninitialized pointer error in probe()
Buday Csaba <buday.csaba(a)prolan.hu>
net: phy: smsc: add proper reset flags for LAN8710A
Mark Brown <broonie(a)kernel.org>
regmap: irq: Free the regmap-irq mutex
Peter Jakubek <peterjakubek(a)gmail.com>
ASoC: Intel: sof_sdw: Add quirk for Alienware Area 51 (2025) 0CCC SKU
Thomas Croft <thomasmcft(a)gmail.com>
ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table
Elad Nachman <enachman(a)marvell.com>
irqchip/mvebu-gicp: Clear pending interrupts on init
Yu Kuai <yukuai3(a)huawei.com>
lib/sbitmap: convert shallow_depth from one word to the whole sbitmap
Stefan Metzmacher <metze(a)samba.org>
smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection
Calvin Owens <calvin(a)wbinvd.org>
tools/power turbostat: Handle cap_get_proc() ENOSYS
Calvin Owens <calvin(a)wbinvd.org>
tools/power turbostat: Fix build with musl
Len Brown <len.brown(a)intel.com>
tools/power turbostat: Handle non-root legacy-uncore sysfs permissions
Corey Minyard <corey(a)minyard.net>
ipmi: Fix strcpy source and destination the same
Yann E. MORIN <yann.morin.1998(a)free.fr>
kconfig: lxdialog: fix 'space' to (de)select options
Masahiro Yamada <masahiroy(a)kernel.org>
kheaders: rebuild kheaders_data.tar.xz when a file is modified within a minute
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: gconf: fix potential memory leak in renderer_edited()
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed()
Breno Leitao <leitao(a)debian.org>
ipmi: Use dev_warn_ratelimited() for incorrect message warnings
Artem Sadovnikov <a.sadovnikov(a)ispras.ru>
vfio/mlx5: fix possible overflow in tracking max message size
John Garry <john.g.garry(a)oracle.com>
scsi: aacraid: Stop using PCI_IRQ_AFFINITY
Maurizio Lombardi <mlombard(a)redhat.com>
scsi: target: core: Generate correct identifiers for PR OUT transport IDs
Ranjan Kumar <ranjan.kumar(a)broadcom.com>
scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
Shankari Anand <shankari.ak0208(a)gmail.com>
kconfig: nconf: Ensure null termination where strncpy is used
Keith Busch <kbusch(a)kernel.org>
vfio/type1: conditional rescheduling while pinning
Suchit Karunakaran <suchitkarunakaran(a)gmail.com>
kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c
John Ogness <john.ogness(a)linutronix.de>
printk: nbcon: Allow reacquire during panic
Chao Yu <chao(a)kernel.org>
f2fs: handle nat.blkaddr corruption in f2fs_get_node_info()
Jaegeuk Kim <jaegeuk(a)kernel.org>
f2fs: check the generic conditions first
Yuezhang Mo <Yuezhang.Mo(a)sony.com>
exfat: add cluster chain loop check for dir
fangzhong.zhou <myth5(a)myth5.com>
i2c: Force DLL0945 touchpad i2c freq to 100khz
John Johansen <john.johansen(a)canonical.com>
apparmor: fix x_table_lookup when stacking is not the first entry
Mateusz Guzik <mjguzik(a)gmail.com>
apparmor: use the condition in AA_BUG_FMT even with debug disabled
Benjamin Marzinski <bmarzins(a)redhat.com>
dm-table: fix checking for rq stackable devices
Mikulas Patocka <mpatocka(a)redhat.com>
dm-mpath: don't print the "loaded" message if registering fails
Jorge Marques <jorge.marques(a)analog.com>
i3c: master: Initialize ret in i3c_i2c_notifier_call()
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i3c: don't fail if GETHDRCAP is unsupported
Gabriel Totev <gabriel.totev(a)zetier.com>
apparmor: shift ouid when mediating hard links in userns
Meagan Lloyd <meaganlloyd(a)linux.microsoft.com>
rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i3c: add missing include to internal header
Petr Pavlu <petr.pavlu(a)suse.com>
module: Prevent silent truncation of module name in delete_module(2)
Purva Yeshi <purvayeshi550(a)gmail.com>
md: dm-zoned-target: Initialize return variable r to avoid uninitialized use
Charles Keepax <ckeepax(a)opensource.cirrus.com>
soundwire: Move handle_nested_irq outside of sdw_dev_lock
Vijendar Mukunda <Vijendar.Mukunda(a)amd.com>
soundwire: amd: cancel pending slave status handling workqueue during remove sequence
Vijendar Mukunda <Vijendar.Mukunda(a)amd.com>
soundwire: amd: serialize amd manager resume sequence during pm_prepare
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
clk: renesas: rzg2l: Postpone updating priv->clks[]
Mario Limonciello <mario.limonciello(a)amd.com>
crypto: ccp - Add missing bootloader info reg for pspv6
Bharat Bhushan <bbhushan2(a)marvell.com>
crypto: octeontx2 - add timeout for load_fvc completion poll
chenchangcheng <chenchangcheng(a)kylinos.cn>
media: uvcvideo: Fix bandwidth issue for Alcor camera
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Set V4L2_CTRL_FLAG_DISABLED during queryctrl errors
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Add quirk for HP Webcam HD 2300
Alex Guo <alexguo1023(a)gmail.com>
media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
Alex Guo <alexguo1023(a)gmail.com>
media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
media: usb: hdpvr: disable zero-length read messages
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: tc358743: Increase FIFO trigger level to 374
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: tc358743: Return an appropriate colorspace from tc358743_set_fmt
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: tc358743: Check I2C succeeded during probe
Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com>
media: raspberrypi: cfe: Fix min_reqbufs_allocation
Cheick Traore <cheick.traore(a)foss.st.com>
pinctrl: stm32: Manage irq affinity settings
Wilfred Mallawa <wilfred.mallawa(a)wdc.com>
PCI: dw-rockchip: Delay link training after hot reset in EP mode
Damien Le Moal <dlemoal(a)kernel.org>
scsi: mpi3mr: Correctly handle ATA device errors
Francisco Gutierrez <frankramirez(a)google.com>
scsi: pm80xx: Free allocated tags after failure
Damien Le Moal <dlemoal(a)kernel.org>
scsi: mpt3sas: Correctly handle ATA device errors
Li Chen <chenl311(a)chinatelecom.cn>
HID: rate-limit hid_warn to prevent log flooding
Abel Vesa <abel.vesa(a)linaro.org>
power: supply: qcom_battmgr: Add lithium-polymer entry
John Ernberg <john.ernberg(a)actia.se>
crypto: caam - Support iMX8QXP and variants thereof
Justin Tee <justin.tee(a)broadcom.com>
scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
Justin Tee <justin.tee(a)broadcom.com>
scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk
Arnd Bergmann <arnd(a)arndb.de>
RDMA/core: reduce stack using in nldev_stat_get_doit()
Yury Norov [NVIDIA] <yury.norov(a)gmail.com>
RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
Amelie Delaunay <amelie.delaunay(a)foss.st.com>
dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs
Johan Adolfsson <johan.adolfsson(a)axis.com>
leds: leds-lp50xx: Handle reg to get correct multi_index
Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se>
media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control
Daniel Scally <dan.scally(a)ideasonboard.com>
media: ipu-bridge: Add _HID for OV5670
Benjamin Mugnier <benjamin.mugnier(a)foss.st.com>
media: i2c: vd55g1: Fix RATE macros not being expressed in bps
Benjamin Mugnier <benjamin.mugnier(a)foss.st.com>
media: i2c: vd55g1: Setup sensor external clock before patching
Michal Wilczynski <m.wilczynski(a)samsung.com>
clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED
Dikshita Agarwal <quic_dikshita(a)quicinc.com>
media: iris: Add handling for corrupt and drop frames
Shiji Yang <yangshiji66(a)outlook.com>
MIPS: lantiq: falcon: sysctrl: fix request memory check logic
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
Markus Theil <theil.markus(a)gmail.com>
crypto: jitter - fix intermediary handling
Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com>
RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM
Hans de Goede <hansg(a)kernel.org>
media: hi556: Fix reset GPIO timings
Arnaud Lecomte <contact(a)arnaud-lcm.com>
jfs: upper bound check of tree index in dbAllocAG
Edward Adam Davis <eadavis(a)qq.com>
jfs: Regular file corruption check
Lizhi Xu <lizhi.xu(a)windriver.com>
jfs: truncate good inode pages when hard link is 0
jackysliu <1972843537(a)qq.com>
scsi: bfa: Double-free fix
Zhang Yi <yi.zhang(a)huawei.com>
ext4: limit the maximum folio order
Ziyan Fu <fuzy5(a)lenovo.com>
watchdog: iTCO_wdt: Report error if timeout configuration fails
Shiji Yang <yangshiji66(a)outlook.com>
MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free}
George Moussalem <george.moussalem(a)outlook.com>
clk: qcom: ipq5018: keep XO clock always on
Florin Leotescu <florin.leotescu(a)nxp.com>
hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state
Sebastian Reichel <sebastian.reichel(a)collabora.com>
watchdog: dw_wdt: Fix default timeout
Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com>
fs/orangefs: use snprintf() instead of sprintf()
Showrya M N <showrya(a)chelsio.com>
scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
Valmantas Paliksa <walmis(a)gmail.com>
phy: rockchip-pcie: Enable all four lanes if required
Geraldo Nascimento <geraldogabriel(a)gmail.com>
phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal
Chen-Yu Tsai <wens(a)csie.org>
mfd: axp20x: Set explicit ID for AXP313 regulator
Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org>
sphinx: kernel_abi: fix performance regression with O=<dir>
Pei Xiao <xiaopei01(a)kylinos.cn>
clk: tegra: periph: Fix error handling and resolve unsigned compare warning
Theodore Ts'o <tytso(a)mit.edu>
ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
Zhiqi Song <songzhiqi1(a)huawei.com>
crypto: hisilicon/hpre - fix dma unmap sequence
Yongzhen Zhang <zhangyongzhen(a)kylinos.cn>
fbdev: fix potential buffer overflow in do_register_framebuffer()
Paulo Alcantara <pc(a)manguebit.org>
smb: client: fix session setup against servers that require SPN
Pali Rohár <pali(a)kernel.org>
cifs: Fix calling CIFSFindFirst() for root path without msearch
Aaron Plattner <aplattner(a)nvidia.com>
watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition
Roman Li <Roman.Li(a)amd.com>
drm/amd/display: Disable dsc_power_gate for dcn314 by default
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd/display: Only finalize atomic_obj if it was initialized
Jason Wang <jasowang(a)redhat.com>
vhost: fail early when __vhost_add_used() fails
Will Deacon <will(a)kernel.org>
vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325
Joel Fernandes <joelagnelf(a)nvidia.com>
rcu: Fix rcu_read_unlock() deadloop due to IRQ work
Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com>
drm/ttm: Respect the shrinker core free target
Wayne Lin <Wayne.Lin(a)amd.com>
drm/amd/display: Avoid trying AUX transactions on disconnected ports
Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com>
drm/amd/display: Update DMCUB loading sequence for DCN3.5
Yonghong Song <yonghong.song(a)linux.dev>
selftests/bpf: Fix a user_ringbuf failure with arm64 64KB page size
Yonghong Song <yonghong.song(a)linux.dev>
selftests/bpf: Fix ringbuf/ringbuf_write test failure with arm64 64KB page size
Ihor Solodrai <isolodrai(a)meta.com>
bpf: Make reg_not_null() true for CONST_PTR_TO_MAP
Kuan-Chung Chen <damon.chen(a)realtek.com>
wifi: rtw89: 8852c: increase beacon loss to 6 seconds
Jakub Kicinski <kuba(a)kernel.org>
uapi: in6: restore visibility of most IPv6 socket options
Emily Deng <Emily.Deng(a)amd.com>
drm/ttm: Should to return the evict error
Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com>
drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range
Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com>
net: ncsi: Fix buffer overflow in fetching version id
Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com>
drm/xe: Make dma-fences compliant with the safe access rules
Shannon Nelson <sln(a)onemain.com>
ionic: clean dbpage in de-init
Thomas Fourier <fourier.thomas(a)gmail.com>
wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc()
Chih-Kang Chang <gary.chang(a)realtek.com>
wifi: rtw89: scan abort when assign/unassign_vif
Breno Leitao <leitao(a)debian.org>
ptp: Use ratelimite for freerun error message
Yuan Chen <chenyuan(a)kylinos.cn>
bpftool: Fix JSON writer resource leak in version command
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: prevent SWITCH_CTRL access on BCM5325
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: prevent DIS_LEARNING access on BCM5325
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: fix b53_imp_vlan_setup for BCM5325
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: ensure BCM5325 PHYs are enabled
Alok Tiwari <alok.a.tiwari(a)oracle.com>
gve: Return error for unknown admin queue command
Gal Pressman <gal(a)nvidia.com>
net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs
Gal Pressman <gal(a)nvidia.com>
net: vlan: Make is_vlan_dev() a stub when VLAN is not configured
ganglxie <ganglxie(a)amd.com>
drm/amdgpu: clear pa and mca record counter when resetting eeprom
Lijo Lazar <lijo.lazar(a)amd.com>
drm/amdgpu: Suspend IH during mode-2 reset
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd/display: Stop storing failures into adev->dm.cached_state
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual
Lijo Lazar <lijo.lazar(a)amd.com>
drm/amd/pm: Use pointer type for typecheck()
Heiner Kallweit <hkallweit1(a)gmail.com>
dpaa_eth: don't use fixed_phy_change_carrier
Stanislaw Gruszka <stf_xl(a)wp.pl>
wifi: iwlegacy: Check rate_idx range after addition
Mark Rutland <mark.rutland(a)arm.com>
arm64: stacktrace: Check kretprobe_find_ret_addr() return value
Mina Almasry <almasrymina(a)google.com>
netmem: fix skb_frag_address_safe with unreadable skbs
Thomas Fourier <fourier.thomas(a)gmail.com>
powerpc: floppy: Add missing checks after DMA map
Karthikeyan Kathirvel <quic_kathirve(a)quicinc.com>
wifi: ath12k: Decrement TID on RX peer frag setup error handling
Raj Kumar Bhagat <quic_rajkbhag(a)quicinc.com>
wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0
Ching-Te Ku <ku920601(a)realtek.com>
wifi: rtw89: coex: Not to set slot duration to zero to avoid firmware issue
Thomas Fourier <fourier.thomas(a)gmail.com>
wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`.
Ramya Gnanasekar <ramya.gnanasekar(a)oss.qualcomm.com>
wifi: mac80211: update radar_required in channel context after channel switch
Alex Hung <alex.hung(a)amd.com>
drm/amd/display: Initialize mode_select to 0
Wen Chen <Wen.Chen3(a)amd.com>
drm/amd/display: Fix 'failed to blank crtc!'
Lijo Lazar <lijo.lazar(a)amd.com>
drm/amdgpu: Add more checks to PSP mailbox
Zqiang <qiang.zhang1211(a)gmail.com>
rcutorture: Fix rcutorture_one_extend_check() splat in RT kernels
Johannes Berg <johannes.berg(a)intel.com>
wifi: iwlwifi: pcie: reinit device properly during TOP reset
Pagadala Yesu Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com>
wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect
Johannes Berg <johannes.berg(a)intel.com>
wifi: iwlwifi: mld: fix last_mlo_scan_time type
Benjamin Berg <benjamin.berg(a)intel.com>
wifi: iwlwifi: mld: use the correct struct size for tracing
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: iwlwifi: mld: don't exit EMLSR when we shouldn't
Rand Deeb <rand.sec96(a)gmail.com>
wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()
Nathan Lynch <nathan.lynch(a)amd.com>
lib: packing: Include necessary headers
Daniel Braunwarth <daniel.braunwarth(a)kuka.com>
net: phy: realtek: add error handling to rtl8211f_get_wol
Hari Chandrakanthan <quic_haric(a)quicinc.com>
wifi: ath12k: Fix station association with MBSSID Non-TX BSS
Rameshkumar Sundaram <rameshkumar.sundaram(a)oss.qualcomm.com>
wifi: ath12k: Fix beacon reception for sta associated to Non-TX AP
Sarika Sharma <quic_sarishar(a)quicinc.com>
wifi: ath12k: Add memset and update default rate value in wmi tx completion
Jakub Kicinski <kuba(a)kernel.org>
eth: bnxt: take page size into account for page pool recycling rings
Andy Yan <andy.yan(a)rock-chips.com>
drm/panel: raydium-rm67200: Move initialization from enable() to prepare stage
Kang Yang <kang.yang(a)oss.qualcomm.com>
wifi: ath10k: shutdown driver when hardware is unreliable
Peichen Huang <PeiChen.Huang(a)amd.com>
drm/amd/display: add null check
Ilya Bakoulin <Ilya.Bakoulin(a)amd.com>
drm/amd/display: Separate set_gsl from set_gsl_source_select
Xiang Liu <xiang.liu(a)amd.com>
drm/amdgpu: Use correct severity for BP threshold exceed event
Jonas Rebmann <jre(a)pengutronix.de>
net: fec: allow disable coalescing
Wei Fang <wei.fang(a)nxp.com>
net: enetc: separate 64-bit counters from enetc_port_counters
RubenKelevra <rubenkelevra(a)gmail.com>
net: ieee8021q: fix insufficient table-size assertion
Li Chen <chenl311(a)chinatelecom.cn>
ACPI: Suppress misleading SPCR console message when SPCR table is absent
Eric Work <work.eric(a)gmail.com>
net: atlantic: add set_power to fw_ops for atl2 to fix wol
Lucien.Jheng <lucienzx159(a)gmail.com>
net: phy: air_en8811h: Introduce resume/suspend and clk_restore_context to ensure correct CKO settings after network interface reinitialization.
Aakash Kumar S <saakashkumar(a)marvell.com>
xfrm: Duplicate SPI Handling
zhangjianrong <zhangjianrong5(a)huawei.com>
net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths()
zhangjianrong <zhangjianrong5(a)huawei.com>
net: thunderbolt: Enable end-to-end flow control also in transmit
Matt Roper <matthew.d.roper(a)intel.com>
drm/xe/xe_query: Use separate iterator while filling GT list
Mark Brown <broonie(a)kernel.org>
kselftest/arm64: Specify SVE data when testing VL set in sve-ptrace
David Bauer <mail(a)david-bauer.net>
wifi: mt76: mt7915: mcu: increase eeprom command timeout
David Bauer <mail(a)david-bauer.net>
wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch
Bitterblue Smith <rtl8821cerfe2(a)gmail.com>
wifi: rtw89: Disable deep power saving for USB/SDIO
Bitterblue Smith <rtl8821cerfe2(a)gmail.com>
wifi: rtw89: Fix rtw89_mac_power_switch() for USB
Alessio Belle <alessio.belle(a)imgtec.com>
drm/imagination: Clear runtime PM errors while resetting the GPU
Robin Murphy <robin.murphy(a)arm.com>
perf/arm: Add missing .suppress_bind_attrs
Yuan Chen <chenyuan(a)kylinos.cn>
drm/msm: Add error handling for krealloc in metadata setup
Rob Clark <robin.clark(a)oss.qualcomm.com>
drm/msm: use trylock for debugfs
Rob Clark <robin.clark(a)oss.qualcomm.com>
drm/msm: Update register xml
Thierry Reding <treding(a)nvidia.com>
drm/fbdev-client: Skip DRM clients if modesetting is absent
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: fix vif link allocation
Lorenzo Bianconi <lorenzo(a)kernel.org>
wifi: mt76: mt7996: Fix mlink lookup in mt7996_tx_prepare_skb
Hari Chandrakanthan <quic_haric(a)quicinc.com>
wifi: mac80211: fix rx link assignment for non-MLO stations
Zqiang <qiang.zhang1211(a)gmail.com>
rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access
Kuniyuki Iwashima <kuniyu(a)google.com>
ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc().
Thomas Fourier <fourier.thomas(a)gmail.com>
(powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer
Heiko Carstens <hca(a)linux.ibm.com>
s390/early: Copy last breaking event address to pt_regs
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: mac80211: avoid weird state in error path
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't complete management TX on SAE commit
Chris Mason <clm(a)fb.com>
sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails
Nam Cao <namcao(a)linutronix.de>
rv: Add #undef TRACE_INCLUDE_FILE
Kamil Horák - 2N <kamilh(a)axis.com>
net: phy: bcm54811: PHY initialization
Sven Schnelle <svens(a)linux.ibm.com>
s390/stp: Remove udelay from stp_sync_clock()
Philipp Stanner <phasta(a)kernel.org>
drm/sched: Avoid memory leaks with cancel_job() callback
Philipp Stanner <phasta(a)kernel.org>
drm/sched/tests: Add unit test for cancel_job()
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: iwlwifi: handle non-overlapping API ranges
Avraham Stern <avraham.stern(a)intel.com>
wifi: iwlwifi: mvm: fix scan request validation
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
um: Re-evaluate thread flags repeatedly
Avraham Stern <avraham.stern(a)intel.com>
wifi: iwlwifi: mld: fix scan request validation
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: iwlwifi: mvm: set gtk id also in older FWs
Paul Chaignon <paul.chaignon(a)gmail.com>
bpf: Forget ranges when refining tnum after JSET
Juri Lelli <juri.lelli(a)redhat.com>
sched/deadline: Fix accounting after global limits change
Alok Tiwari <alok.a.tiwari(a)oracle.com>
perf/cxlpmu: Remove unintended newline from IRQ name format string
Biju Das <biju.das.jz(a)bp.renesas.com>
net: phy: micrel: Add ksz9131_resume()
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: thunderx: Fix format-truncation warning in bgx_acpi_match_id()
Oscar Maes <oscmaes92(a)gmail.com>
net: ipv4: fix incorrect MTU in broadcast routes
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't unreserve never reserved chanctx
Ilan Peer <ilan.peer(a)intel.com>
wifi: cfg80211: Fix interface type validation
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: mac80211: handle WLAN_HT_ACTION_NOTIFY_CHANWIDTH async
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't use TPE data from assoc response
Matt Johnston <matt(a)codeconstruct.com.au>
net: mctp: Prevent duplicate binds
Vincent Mailhol <mailhol.vincent(a)wanadoo.fr>
can: ti_hecc: fix -Woverflow compiler warning
Charlene Liu <Charlene.Liu(a)amd.com>
drm/amd/display: limit clear_update_flags to dcn32 and above
Paul E. McKenney <paulmck(a)kernel.org>
rcu: Protect ->defer_qs_iw_pending from data race
Umio Yasuno <coelacanth_dream(a)protonmail.com>
drm/amd/pm: fix null pointer access
Breno Leitao <leitao(a)debian.org>
arm64: Mark kernel as tainted on SAE and SError panic
Jack Ping CHNG <jchng(a)maxlinear.com>
net: pcs: xpcs: mask readl() return value to 16 bits
Leon Romanovsky <leon(a)kernel.org>
net/mlx5e: Properly access RCU protected qdisc_sleeping variable
Thomas Fourier <fourier.thomas(a)gmail.com>
net: ag71xx: Add missing check after DMA map
Thomas Fourier <fourier.thomas(a)gmail.com>
et131x: Add missing check after DMA map
Bitterblue Smith <rtl8821cerfe2(a)gmail.com>
wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB
Chin-Yen Lee <timlee(a)realtek.com>
wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode
Matteo Croce <teknoraver(a)meta.com>
libbpf: Fix warning in calloc() usage
Ahmed Zaki <ahmed.zaki(a)intel.com>
idpf: preserve coalescing settings across resets
Eduard Zingerman <eddyz87(a)gmail.com>
libbpf: Verify that arena map exists when adding arena relocations
Alok Tiwari <alok.a.tiwari(a)oracle.com>
be2net: Use correct byte order and format string for TCP seq and ack_seq
Sven Schnelle <svens(a)linux.ibm.com>
s390/time: Use monotonic clock in get_cycles()
Sven Schnelle <svens(a)linux.ibm.com>
s390/sclp: Use monotonic clock in sclp_sync_wait()
Johannes Berg <johannes.berg(a)intel.com>
wifi: cfg80211: reject HTC bit for management frames
Steven Rostedt <rostedt(a)goodmis.org>
ktest.pl: Prevent recursion of default variable options
Sarika Sharma <quic_sarishar(a)quicinc.com>
wifi: ath12k: Correct tid cleanup when tid setup fails
Oliver Neukum <oneukum(a)suse.com>
net: usb: cdc-ncm: check for filtering capability
Avraham Stern <avraham.stern(a)intel.com>
wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn
Avraham Stern <avraham.stern(a)intel.com>
wifi: iwlwifi: mld: avoid outdated reorder buffer head_sn
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: iwlwifi: mld: use spec link id and not FW link id
Anthoine Bourgeois <anthoine.bourgeois(a)vates.tech>
xen/netfront: Fix TX response spurious interrupts
Uwe Kleine-König <ukleinek(a)debian.org>
Bluetooth: btusb: Add support for variant of RTL8851BE (USB ID 13d3:3601)
Zijun Hu <zijun.hu(a)oss.qualcomm.com>
Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie()
Yang Li <yang.li(a)amlogic.com>
Bluetooth: hci_event: Add support for handling LE BIG Sync Lost event
En-Wei Wu <en-wei.wu(a)canonical.com>
Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925
Ben Hutchings <benh(a)debian.org>
bootconfig: Fix unaligned access when building footer
Nam Cao <namcao(a)linutronix.de>
verification/dot2k: Make a separate dot2k_templates/Kconfig_container
Steven Rostedt <rostedt(a)goodmis.org>
powerpc/thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
selftests: netfilter: Enable CONFIG_INET_SCTP_DIAG
Florian Westphal <fw(a)strlen.de>
netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps
Srinivas Kandagatla <srini(a)kernel.org>
ASoC: qcom: use drvdata instead of component to keep id
Xinxin Wan <xinxin.wan(a)intel.com>
ASoC: codecs: rt5640: Retry DEVICE_ID verification
Jonathan Santos <Jonathan.Santos(a)analog.com>
iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement
Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com>
ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
Christophe Leroy <christophe.leroy(a)csgroup.eu>
ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop
Lucy Thrun <lucy.thrun(a)digital-rabbithole.de>
ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
Tomasz Michalec <tmichalec(a)google.com>
platform/chrome: cros_ec_typec: Defer probe on missing EC parent
Kees Cook <kees(a)kernel.org>
platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches
Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com>
soc: qcom: mdt_loader: Actually use the e_phoff
Krzysztof Hałasa <khalasa(a)piap.pl>
imx8m-blk-ctrl: set ISI panic write hurry level
Gautham R. Shenoy <gautham.shenoy(a)amd.com>
pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()
Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com>
usb: dwc3: xilinx: add shutdown callback
Oliver Neukum <oneukum(a)suse.com>
usb: core: usb_submit_urb: downgrade type check
Tomasz Michalec <tmichalec(a)google.com>
usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present
Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com>
ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
Joseph Tilahun <jtilahun(a)astranis.com>
tty: serial: fix print format specifiers
Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com>
ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode
Markus Stockhausen <markus.stockhausen(a)gmx.de>
irqchip/mips-gic: Allow forced affinity
Alok Tiwari <alok.a.tiwari(a)oracle.com>
ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4
Mark Brown <broonie(a)kernel.org>
ASoC: hdac_hdmi: Rate limit logging on connection and disconnection
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/bugs: Avoid warning when overriding return thunk
George Gaidarov <gdgaidarov+lkml(a)gmail.com>
EDAC/ie31200: Enable support for Core i5-14600 and i7-14700
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda: Disable jack polling at shutdown
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda: Handle the jack polling always via a work
Gwendal Grignou <gwendal(a)chromium.org>
platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready
Haibo Chen <haibo.chen(a)nxp.com>
mmc: sdhci-esdhc-imx: Don't change pinctrl in suspend if wakeup source
Ulf Hansson <ulf.hansson(a)linaro.org>
mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()
Hans de Goede <hansg(a)kernel.org>
mei: bus: Check for still connected devices in mei_cl_bus_dev_release()
Zijun Hu <zijun.hu(a)oss.qualcomm.com>
char: misc: Fix improper and inaccurate error code returned by misc_init()
Gerd Hoffmann <kraxel(a)redhat.com>
x86/sev/vc: Fix EFI runtime instruction emulation
Charles Keepax <ckeepax(a)opensource.cirrus.com>
ASoC: SDCA: Add flag for unused IRQs
Peter Robinson <pbrobinson(a)gmail.com>
reset: brcmstb: Enable reset drivers for ARCH_BCM2835
Eliav Farber <farbere(a)amazon.com>
pps: clients: gpio: fix interrupt handling order in remove path
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
selftests: vDSO: vdso_test_getrandom: Always print TAP header
Biju Das <biju.das.jz(a)bp.renesas.com>
irqchip/renesas-rzv2h: Enable SKIP_SET_WAKE and MASK_ON_SUSPEND
Breno Leitao <leitao(a)debian.org>
ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
Sarthak Garg <quic_sartgarg(a)quicinc.com>
mmc: sdhci-msm: Ensure SD card power isn't ON when card removed
Sebastian Ott <sebott(a)redhat.com>
ACPI: processor: fix acpi_object initialization
tuhaowen <tuhaowen(a)uniontech.com>
PM: sleep: console: Fix the black screen issue
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
thermal: sysfs: Return ENODATA instead of EAGAIN for reads
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit()
GalaxySnail <me(a)glxys.nl>
ALSA: hda: add MODULE_FIRMWARE for cs35l41/cs35l56
Thierry Reding <treding(a)nvidia.com>
firmware: tegra: Fix IVC dependency problems
Peng Fan <peng.fan(a)nxp.com>
firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume
Zhu Qiyu <qiyuzhu2(a)amd.com>
ACPI: PRM: Reduce unnecessary printing to avoid user confusion
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
selftests: tracing: Use mutex_unlock for testing glob filter
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
tools/build: Fix s390(x) cross-compilation with clang
Aaron Kling <webgeek1234(a)gmail.com>
ARM: tegra: Use I/O memcpy to write to IRAM
Michael Walle <mwalle(a)kernel.org>
mfd: tps6594: Add TI TPS652G1 support
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
gpio: tps65912: check the return value of regmap_update_bits()
David Lechner <dlechner(a)baylibre.com>
iio: adc: ad_sigma_delta: don't overallocate scan buffer
Thomas Weißschuh <linux(a)weissschuh.net>
tools/nolibc: define time_t in terms of __kernel_old_time_t
David Collins <david.collins(a)oss.qualcomm.com>
thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required
Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com>
ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed
Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com>
EDAC/synopsys: Clear the ECC counters on init
Lifeng Zheng <zhenglifeng1(a)huawei.com>
PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store()
Alexander Kochetkov <al.kochet(a)gmail.com>
ARM: rockchip: fix kernel hang during smp initialization
Li RongQing <lirongqing(a)baidu.com>
cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode
Lifeng Zheng <zhenglifeng1(a)huawei.com>
cpufreq: Exit governor when failed to start old governor
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
gpio: wcd934x: check the return value of regmap_update_bits()
Guillaume La Roque <glaroque(a)baylibre.com>
pmdomain: ti: Select PM_GENERIC_DOMAINS
André Draszik <andre.draszik(a)linaro.org>
usb: typec: tcpm/tcpci_maxim: fix irq wake usage
Jameson Thies <jthies(a)google.com>
usb: typec: ucsi: Add poll_cci operation to cros_ec_ucsi
Binbin Zhou <zhoubinbin(a)loongson.cn>
gpio: loongson-64bit: Extend GPIO irq support
Tiffany Yang <ynaffit(a)google.com>
binder: Fix selftest page indexing
Hiago De Franco <hiago.franco(a)toradex.com>
remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU
Shuai Xue <xueshuai(a)linux.alibaba.com>
ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered
Maulik Shah <maulik.shah(a)oss.qualcomm.com>
soc: qcom: rpmh-rsc: Add RSC version 4 support
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
firmware: qcom: scm: initialize tzmem before marking SCM as available
Mario Limonciello <mario.limonciello(a)amd.com>
usb: xhci: Avoid showing errors during surprise removal
Jay Chen <shawn2000100(a)gmail.com>
usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command
Mario Limonciello <mario.limonciello(a)amd.com>
usb: xhci: Avoid showing warnings for dying controller
Vivek Pernamitta <quic_vpernami(a)quicinc.com>
bus: mhi: host: pci_generic: Disable runtime PM for QDU100
Daniele Palmas <dnlplm(a)gmail.com>
bus: mhi: host: pci_generic: Add Telit FN990B40 modem support
Benson Leung <bleung(a)chromium.org>
usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default
Cynthia Huang <cynthia(a)andestech.com>
selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t
Prashant Malani <pmalani(a)google.com>
cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag
Mario Limonciello <mario.limonciello(a)amd.com>
platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list
Moon Hee Lee <moonhee.lee.ca(a)gmail.com>
selftests/kexec: fix test_kexec_jump build
Dave Penkler <dpenkler(a)gmail.com>
staging: gpib: Add init response codes for new ni-usb-hs+
Su Hui <suhui(a)nfschina.com>
usb: xhci: print xhci->xhc_state when queue_command failed
Steven Rostedt <rostedt(a)goodmis.org>
tracefs: Add d_delete to remove negative dentries
Al Viro <viro(a)zeniv.linux.org.uk>
securityfs: don't pin dentries twice, once is enough...
Al Viro <viro(a)zeniv.linux.org.uk>
fix locking in efi_secret_unlink()
Wei Gao <wegao(a)suse.com>
ext2: Handle fiemap on empty files to prevent EINVAL
Al Viro <viro(a)zeniv.linux.org.uk>
landlock: opened file never has a negative dentry
Christian Brauner <brauner(a)kernel.org>
pidfs: raise SB_I_NODEV and SB_I_NOEXEC
Xiao Ni <xni(a)redhat.com>
md: Don't clear MD_CLOSING until mddev is freed
Rong Zhang <ulin0208(a)gmail.com>
fs/ntfs3: correctly create symlink for relative path
Lizhi Xu <lizhi.xu(a)windriver.com>
fs/ntfs3: Add sanity check for file name
Damien Le Moal <dlemoal(a)kernel.org>
ata: libata-sata: Disallow changing LPM state if not supported
Damien Le Moal <dlemoal(a)kernel.org>
ata: ahci: Disable DIPM if host lacks support
Damien Le Moal <dlemoal(a)kernel.org>
ata: ahci: Disallow LPM policy control if not supported
Al Viro <viro(a)zeniv.linux.org.uk>
better lockdep annotations for simple_recursive_removal()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfs: fix not erasing deleted b-tree node issue
Sarah Newman <srn(a)prgmr.com>
drbd: add missing kref_get in handle_write_conflicts
Jan Kara <jack(a)suse.cz>
udf: Verify partition map count
Jan Kara <jack(a)suse.cz>
loop: Avoid updating block size under exclusive owner
Xiao Ni <xni(a)redhat.com>
md: call del_gendisk in control path
Andrew Price <anprice(a)redhat.com>
gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops
Andrew Price <anprice(a)redhat.com>
gfs2: Validate i_depth for exhash directories
Maurizio Lombardi <mlombard(a)redhat.com>
nvme-tcp: log TLS handshake failures at error level
John Garry <john.g.garry(a)oracle.com>
md/raid10: set chunk_sectors limit
John Garry <john.g.garry(a)oracle.com>
dm-stripe: limit chunk_sectors to the stripe size
Keith Busch <kbusch(a)kernel.org>
nvme-pci: try function level reset on init failure
NeilBrown <neil(a)brown.name>
smb/server: avoid deadlock when linking with ReplaceIfExists
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix -ENOSPC mmap write failure on NOCOW files/extents
Yeoreum Yun <yeoreum.yun(a)arm.com>
firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall
Yeoreum Yun <yeoreum.yun(a)arm.com>
tpm: tpm_crb_ffa: try to probe tpm_crb_ffa when it's built-in
Jarkko Sakkinen <jarkko(a)kernel.org>
tpm: Check for completion after timeout
Kees Cook <kees(a)kernel.org>
arm64: Handle KCOV __init vs inline mismatches
Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp>
hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfs: fix slab-out-of-bounds in hfs_bnode_read()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfs: fix general protection fault in hfs_find_init()
Sven Stegemann <sven(a)stegemann.de>
net: kcm: Fix race condition in kcm_unattach()
David Wei <dw(a)davidwei.uk>
bnxt: fill data page pool with frags if PAGE_SIZE > BNXT_RX_PAGE_SIZE
Pablo Neira Ayuso <pablo(a)netfilter.org>
netfilter: nf_tables: reject duplicate device on updates
Frederic Weisbecker <frederic(a)kernel.org>
ipvs: Fix estimator kthreads preferred affinity
Jakub Kicinski <kuba(a)kernel.org>
tls: handle data disappearing from under the TLS ULP
Jeongjun Park <aha310510(a)gmail.com>
ptp: prevent possible ABBA deadlock in ptp_clock_freerun()
Yao Zi <ziyao(a)disroot.org>
riscv: dts: thead: Add APB clocks for TH1520 GMACs
Yao Zi <ziyao(a)disroot.org>
net: stmmac: thead: Get and enable APB clock on initialization
Buday Csaba <buday.csaba(a)prolan.hu>
net: mdiobus: release reset_gpio in mdiobus_unregister_device()
Clark Wang <xiaoning.wang(a)nxp.com>
net: phy: nxp-c45-tja11xx: fix the PHY ID mismatch issue when using C45
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpuidle: governors: menu: Avoid using invalid recent intervals data
Len Brown <len.brown(a)intel.com>
intel_idle: Allow loading ACPI tables for any family
Gao Xiang <xiang(a)kernel.org>
erofs: fix block count report when 48-bit layout is on
Stanislav Fomichev <sdf(a)fomichev.me>
hamradio: ignore ops-locked netdevs
Stanislav Fomichev <sdf(a)fomichev.me>
net: lapbether: ignore ops-locked netdevs
Xin Long <lucien.xin(a)gmail.com>
sctp: linearize cloned gso packets in sctp_rcv
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: ti: icss-iep: Fix incorrect type for return value in extts_enable()
Jakub Kicinski <kuba(a)kernel.org>
net: page_pool: allow enabling recycling late, fix false positive warning
MD Danish Anwar <danishanwar(a)ti.com>
net: ti: icssg-prueth: Fix emac link speed handling
Jijie Shao <shaojijie(a)huawei.com>
net: hibmcge: fix the np_link_fail error reporting issue
Jijie Shao <shaojijie(a)huawei.com>
net: hibmcge: fix the division by zero issue
Jijie Shao <shaojijie(a)huawei.com>
net: hibmcge: fix rtnl deadlock issue
Florian Westphal <fw(a)strlen.de>
netfilter: ctnetlink: remove refcounting in expectation dumpers
Florian Westphal <fw(a)strlen.de>
netfilter: ctnetlink: fix refcount leak on table dump
Sabrina Dubroca <sd(a)queasysnail.net>
udp: also consider secpath when evaluating ipsec use for checksumming
Sabrina Dubroca <sd(a)queasysnail.net>
xfrm: bring back device check in validate_xmit_xfrm
Sabrina Dubroca <sd(a)queasysnail.net>
xfrm: restore GSO for SW crypto
Sabrina Dubroca <sd(a)queasysnail.net>
xfrm: flush all states in xfrm_state_fini
Jinjiang Tu <tujinjiang(a)huawei.com>
mm/smaps: fix race between smaps_hugetlb_range and migration
Al Viro <viro(a)zeniv.linux.org.uk>
habanalabs: fix UAF in export_dmabuf()
Stefan Metzmacher <metze(a)samba.org>
smb: client: don't wait for info->send_pending == 0 on error
Stefan Metzmacher <metze(a)samba.org>
smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection()
Thomas Weißschuh <linux(a)weissschuh.net>
mfd: cros_ec: Separate charge-control probing from USB-PD
Li Zhijian <lizhijian(a)fujitsu.com>
mm/memory-tier: fix abstract distance calculation overflow
Damien Le Moal <dlemoal(a)kernel.org>
block: Make REQ_OP_ZONE_FINISH a write operation
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
ACPI: processor: perflib: Move problematic pr->performance check
Armin Wolf <W_Armin(a)gmx.de>
ACPI: EC: Relax sanity check of the ECDT ID string
Lukas Wunner <lukas(a)wunner.de>
PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
Jiayi Li <lijiayi(a)kylinos.cn>
ACPI: processor: perflib: Fix initial _PPC limit application
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
Documentation: ACPI: Fix parent device references
Sasha Levin <sashal(a)kernel.org>
fs: Prevent file descriptor table allocations exceeding INT_MAX
Eric Biggers <ebiggers(a)kernel.org>
lib/crypto: x86/poly1305: Fix performance regression on short messages
Eric Biggers <ebiggers(a)kernel.org>
lib/crypto: x86/poly1305: Fix register corruption in no-SIMD contexts
Eric Biggers <ebiggers(a)kernel.org>
fscrypt: Don't use problematic non-inline crypto engines
André Draszik <andre.draszik(a)linaro.org>
clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock
André Draszik <andre.draszik(a)linaro.org>
clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD
André Draszik <andre.draszik(a)linaro.org>
clk: samsung: exynos850: fix a comment
Ma Ke <make24(a)iscas.ac.cn>
sunvdc: Balance device refcount in vdc_port_mpgroup_check
Wentao Guan <guanwentao(a)uniontech.com>
LoongArch: vDSO: Remove -nostdlib complier flag
Yao Zi <ziyao(a)disroot.org>
LoongArch: Avoid in-place string operation on FDT content
Huacai Chen <chenhuacai(a)kernel.org>
LoongArch: Make relocate_new_kernel_size be a .quad value
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
LoongArch: Don't use %pK through printk() in unwinder
Haoran Jiang <jianghaoran(a)kylinos.cn>
LoongArch: BPF: Fix jump offset calculation in tailcall
Huacai Chen <chenhuacai(a)kernel.org>
PCI: Extend isolated function probing to LoongArch
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFS: Fix the setting of capabilities when automounting a new filesystem
Dai Ngo <dai.ngo(a)oracle.com>
NFSD: detect mismatch of file handle and delegation stateid in OPEN op
Jeff Layton <jlayton(a)kernel.org>
nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
Christian Brauner <brauner(a)kernel.org>
fhandle: raise FILEID_IS_DIR in handle_type
Fabio Porcedda <fabio.porcedda(a)gmail.com>
net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition
Xu Yang <xu.yang_2(a)nxp.com>
net: usb: asix_devices: add phy_mask for ax88772 mdio bus
Johan Hovold <johan(a)kernel.org>
net: dpaa: fix device leak when querying time stamp info
Johan Hovold <johan(a)kernel.org>
net: ti: icss-iep: fix device and OF node leaks at probe
Johan Hovold <johan(a)kernel.org>
net: mtk_eth_soc: fix device leak at probe
Johan Hovold <johan(a)kernel.org>
net: enetc: fix device and OF node leak at probe
Johan Hovold <johan(a)kernel.org>
net: gianfar: fix device leak when querying time stamp info
Heiner Kallweit <hkallweit1(a)gmail.com>
net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect
Florian Larysch <fl(a)n621.de>
net: phy: micrel: fix KSZ8081/KSZ8091 cable test
Fedor Pchelkin <pchelkin(a)ispras.ru>
netlink: avoid infinite retry looping in netlink_unicast()
Daniel Golle <daniel(a)makrotopia.org>
Revert "leds: trigger: netdev: Configure LED blink interval for HW offload"
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
leds: flash: leds-qcom-flash: Fix registry access after re-bind
David Thompson <davthompson(a)nvidia.com>
gpio: mlxbf3: use platform_get_irq_optional()
David Thompson <davthompson(a)nvidia.com>
Revert "gpio: mlxbf3: only get IRQ for device instance 0"
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
Revert "gpio: pxa: Make irq_chip immutable"
David Thompson <davthompson(a)nvidia.com>
gpio: mlxbf2: use platform_get_irq_optional()
Dongcheng Yan <dongcheng.yan(a)intel.com>
media: i2c: set lt6911uxe's reset_gpio to GPIOD_OUT_LOW
Siddharth Vadapalli <s-vadapalli(a)ti.com>
arm64: dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C
Harald Mommer <harald.mommer(a)oss.qualcomm.com>
gpio: virtio: Fix config space reading.
Wang Zhaolong <wangzhaolong(a)huaweicloud.com>
smb: client: remove redundant lstrp update in negotiate protocol
Steve French <stfrench(a)microsoft.com>
smb3: fix for slab out of bounds on mount to ksmbd
Christopher Eby <kreed(a)kreed.org>
ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks
Vasiliy Kovalev <kovalev(a)altlinux.org>
ALSA: hda/realtek: Fix headset mic on HONOR BRB-X
Takashi Iwai <tiwai(a)suse.de>
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
Takashi Iwai <tiwai(a)suse.de>
ALSA: usb-audio: Validate UAC3 power domain descriptors, too
Jens Axboe <axboe(a)kernel.dk>
io_uring/net: commit partial buffers on retry
Jens Axboe <axboe(a)kernel.dk>
io_uring/memmap: cast nr_pages to size_t before shifting
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring/zcrx: account area memory
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring: export io_[un]account_mem
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring: don't use int for ABI
-------------
Diffstat:
Documentation/filesystems/fscrypt.rst | 37 +-
Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 +-
Documentation/sphinx/kernel_abi.py | 6 +-
Makefile | 4 +-
arch/arm/mach-rockchip/platsmp.c | 15 +-
arch/arm/mach-tegra/reset.c | 2 +-
arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 2 +-
arch/arm64/include/asm/acpi.h | 2 +-
arch/arm64/kernel/acpi.c | 10 +-
arch/arm64/kernel/stacktrace.c | 2 +
arch/arm64/kernel/traps.c | 1 +
arch/arm64/mm/fault.c | 1 +
arch/arm64/mm/ptdump_debugfs.c | 3 -
arch/loongarch/kernel/env.c | 13 +-
arch/loongarch/kernel/relocate_kernel.S | 2 +-
arch/loongarch/kernel/unwind_orc.c | 2 +-
arch/loongarch/net/bpf_jit.c | 21 +-
arch/loongarch/vdso/Makefile | 2 +-
arch/mips/include/asm/vpe.h | 8 +
arch/mips/kernel/process.c | 16 +-
arch/mips/lantiq/falcon/sysctrl.c | 23 +-
arch/parisc/Makefile | 2 +-
arch/powerpc/include/asm/floppy.h | 5 +-
arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 +-
arch/riscv/boot/dts/thead/th1520.dtsi | 10 +-
arch/riscv/mm/ptdump.c | 3 -
arch/s390/include/asm/timex.h | 13 +-
arch/s390/kernel/early.c | 1 +
arch/s390/kernel/time.c | 2 +-
arch/s390/mm/dump_pagetables.c | 2 -
arch/um/include/asm/thread_info.h | 4 +
arch/um/kernel/process.c | 18 +-
arch/x86/boot/startup/sev-shared.c | 1 +
arch/x86/coco/sev/core.c | 2 +
arch/x86/coco/sev/vc-handle.c | 42 +-
arch/x86/include/asm/kvm_host.h | 7 +
arch/x86/kernel/cpu/bugs.c | 5 +-
arch/x86/kernel/fpu/xstate.c | 19 +-
arch/x86/kvm/vmx/main.c | 2 +
arch/x86/kvm/vmx/nested.c | 21 +-
arch/x86/kvm/vmx/pmu_intel.c | 8 +-
arch/x86/kvm/vmx/vmx.c | 41 +-
arch/x86/kvm/vmx/vmx.h | 26 +
arch/x86/kvm/x86.c | 14 +-
arch/x86/lib/crypto/poly1305_glue.c | 48 +-
block/bfq-iosched.c | 35 +-
block/bfq-iosched.h | 3 +-
block/blk-mq.c | 6 +-
block/blk-settings.c | 2 +-
block/blk-sysfs.c | 12 +-
block/blk-zoned.c | 20 +-
block/blk.h | 1 +
block/genhd.c | 2 +
block/kyber-iosched.c | 9 +-
block/mq-deadline.c | 16 +-
crypto/jitterentropy-kcapi.c | 9 +-
drivers/accel/habanalabs/common/memory.c | 23 +-
drivers/acpi/acpi_processor.c | 2 +-
drivers/acpi/apei/ghes.c | 13 +
drivers/acpi/ec.c | 10 +-
drivers/acpi/prmt.c | 26 +-
drivers/acpi/processor_perflib.c | 11 +
drivers/android/binder_alloc_selftest.c | 2 +-
drivers/ata/ahci.c | 12 +-
drivers/ata/ata_piix.c | 1 +
drivers/ata/libahci.c | 1 +
drivers/ata/libata-sata.c | 52 +-
drivers/base/power/runtime.c | 5 +
drivers/base/regmap/regmap-irq.c | 19 +-
drivers/block/drbd/drbd_receiver.c | 6 +-
drivers/block/loop.c | 38 +-
drivers/block/sunvdc.c | 4 +-
drivers/block/ublk_drv.c | 16 +-
drivers/bluetooth/btusb.c | 3 +
drivers/bus/mhi/host/pci_generic.c | 20 +-
drivers/char/ipmi/ipmi_msghandler.c | 8 +-
drivers/char/ipmi/ipmi_watchdog.c | 59 +-
drivers/char/misc.c | 4 +-
drivers/char/tpm/tpm-interface.c | 17 +-
drivers/char/tpm/tpm_crb_ffa.c | 19 +-
drivers/clk/qcom/dispcc-sm8750.c | 10 +-
drivers/clk/qcom/gcc-ipq5018.c | 2 +-
drivers/clk/qcom/gcc-ipq8074.c | 6 +-
drivers/clk/renesas/rzg2l-cpg.c | 8 +-
drivers/clk/samsung/clk-exynos850.c | 2 +-
drivers/clk/samsung/clk-gs101.c | 4 +-
drivers/clk/tegra/clk-periph.c | 4 +-
drivers/clk/thead/clk-th1520-ap.c | 5 +-
drivers/comedi/comedi_fops.c | 33 +-
drivers/comedi/comedi_internal.h | 1 +
drivers/comedi/drivers.c | 13 +-
drivers/cpufreq/cppc_cpufreq.c | 2 +-
drivers/cpufreq/cpufreq.c | 8 +-
drivers/cpufreq/intel_pstate.c | 2 +
drivers/cpuidle/governors/menu.c | 21 +-
drivers/crypto/caam/ctrl.c | 2 +-
drivers/crypto/ccp/sp-pci.c | 1 +
drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 +-
.../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 +-
drivers/devfreq/governor_userspace.c | 6 +-
drivers/dma/stm32/stm32-dma.c | 2 +-
drivers/edac/ie31200_edac.c | 4 +
drivers/edac/synopsys_edac.c | 93 +-
drivers/firmware/arm_ffa/driver.c | 2 +-
drivers/firmware/arm_scmi/scmi_power_control.c | 22 +-
drivers/firmware/qcom/qcom_scm.c | 53 +-
drivers/firmware/tegra/Kconfig | 5 +-
drivers/gpio/gpio-loongson-64bit.c | 6 +
drivers/gpio/gpio-mlxbf2.c | 2 +-
drivers/gpio/gpio-mlxbf3.c | 52 +-
drivers/gpio/gpio-pxa.c | 8 +-
drivers/gpio/gpio-tps65912.c | 7 +-
drivers/gpio/gpio-virtio.c | 9 +-
drivers/gpio/gpio-wcd934x.c | 7 +-
drivers/gpu/drm/amd/amdgpu/aldebaran.c | 33 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_cper.c | 6 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 4 +
drivers/gpu/drm/amd/amdgpu/amdgpu_psp.h | 11 +
drivers/gpu/drm/amd/amdgpu/amdgpu_ras_eeprom.c | 2 +
drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 3 +-
drivers/gpu/drm/amd/amdgpu/psp_v10_0.c | 4 +-
drivers/gpu/drm/amd/amdgpu/psp_v11_0.c | 31 +-
drivers/gpu/drm/amd/amdgpu/psp_v11_0_8.c | 25 +-
drivers/gpu/drm/amd/amdgpu/psp_v12_0.c | 18 +-
drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 25 +-
drivers/gpu/drm/amd/amdgpu/psp_v13_0_4.c | 25 +-
drivers/gpu/drm/amd/amdgpu/psp_v14_0.c | 25 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 28 +-
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 6 +-
drivers/gpu/drm/amd/display/dc/core/dc.c | 12 +-
.../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 11 +-
drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 +-
.../gpu/drm/amd/display/dc/mpc/dcn401/dcn401_mpc.c | 2 +-
.../display/dc/resource/dcn314/dcn314_resource.c | 1 +
drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c | 16 +-
drivers/gpu/drm/amd/pm/amdgpu_pm.c | 5 +
drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 +-
drivers/gpu/drm/amd/pm/swsmu/smu_cmn.h | 41 +-
drivers/gpu/drm/clients/drm_client_setup.c | 5 +
drivers/gpu/drm/i915/display/intel_fbc.c | 8 +-
drivers/gpu/drm/i915/display/intel_psr.c | 14 +-
drivers/gpu/drm/imagination/pvr_power.c | 59 +-
drivers/gpu/drm/msm/Makefile | 5 +
drivers/gpu/drm/msm/adreno/a6xx_catalog.c | 2 +-
drivers/gpu/drm/msm/adreno/a6xx_gpu.h | 4 +
drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 +-
drivers/gpu/drm/msm/adreno/a6xx_gpu_state.h | 2 +-
drivers/gpu/drm/msm/adreno/a6xx_preempt.c | 2 +-
.../gpu/drm/msm/adreno/adreno_gen7_9_0_snapshot.h | 4 +-
drivers/gpu/drm/msm/msm_drv.c | 9 +-
drivers/gpu/drm/msm/msm_gem.c | 3 +-
drivers/gpu/drm/msm/msm_gem.h | 6 +
drivers/gpu/drm/msm/registers/adreno/a6xx.xml | 3576 ++++----------------
.../drm/msm/registers/adreno/a6xx_descriptors.xml | 198 ++
.../gpu/drm/msm/registers/adreno/a6xx_enums.xml | 383 +++
.../drm/msm/registers/adreno/a6xx_perfcntrs.xml | 600 ++++
.../gpu/drm/msm/registers/adreno/a7xx_enums.xml | 223 ++
.../drm/msm/registers/adreno/a7xx_perfcntrs.xml | 1030 ++++++
.../gpu/drm/msm/registers/adreno/adreno_pm4.xml | 302 +-
drivers/gpu/drm/panel/panel-raydium-rm67200.c | 22 +-
drivers/gpu/drm/renesas/rz-du/rzg2l_mipi_dsi.c | 3 +
drivers/gpu/drm/scheduler/sched_main.c | 34 +-
drivers/gpu/drm/scheduler/tests/tests_basic.c | 42 +
drivers/gpu/drm/ttm/ttm_pool.c | 8 +-
drivers/gpu/drm/ttm/ttm_resource.c | 3 +
drivers/gpu/drm/xe/xe_guc_exec_queue_types.h | 2 +
drivers/gpu/drm/xe/xe_guc_submit.c | 7 +-
drivers/gpu/drm/xe/xe_hw_fence.c | 3 +
drivers/gpu/drm/xe/xe_hwmon.c | 29 +
drivers/gpu/drm/xe/xe_migrate.c | 42 +-
drivers/gpu/drm/xe/xe_query.c | 27 +-
drivers/hid/hid-core.c | 4 +-
drivers/hwmon/emc2305.c | 10 +-
drivers/i2c/i2c-core-acpi.c | 1 +
drivers/i2c/i2c-core-base.c | 8 +-
drivers/i3c/internals.h | 1 +
drivers/i3c/master.c | 4 +-
drivers/idle/intel_idle.c | 2 +-
drivers/iio/adc/ad7768-1.c | 23 +-
drivers/iio/adc/ad_sigma_delta.c | 2 +-
drivers/infiniband/core/nldev.c | 22 +-
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 +-
drivers/infiniband/hw/hfi1/affinity.c | 44 +-
drivers/infiniband/sw/siw/siw_qp_tx.c | 5 +-
drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 7 +-
drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 +
drivers/iommu/intel/iommu.c | 19 +-
drivers/iommu/intel/iommu.h | 3 +
drivers/iommu/iommufd/io_pagetable.c | 48 +-
drivers/irqchip/irq-mips-gic.c | 8 +-
drivers/irqchip/irq-mvebu-gicp.c | 10 +
drivers/irqchip/irq-renesas-rzv2h.c | 4 +-
drivers/leds/flash/leds-qcom-flash.c | 15 +-
drivers/leds/leds-lp50xx.c | 11 +-
drivers/leds/trigger/ledtrig-netdev.c | 16 +-
drivers/md/dm-ps-historical-service-time.c | 4 +-
drivers/md/dm-ps-queue-length.c | 4 +-
drivers/md/dm-ps-round-robin.c | 4 +-
drivers/md/dm-ps-service-time.c | 4 +-
drivers/md/dm-stripe.c | 1 +
drivers/md/dm-table.c | 10 +-
drivers/md/dm-zoned-target.c | 2 +-
drivers/md/dm.c | 37 +-
drivers/md/md.c | 51 +-
drivers/md/md.h | 26 +-
drivers/md/raid10.c | 1 +
drivers/media/dvb-frontends/dib7000p.c | 8 +
drivers/media/i2c/hi556.c | 7 +-
drivers/media/i2c/lt6911uxe.c | 2 +-
drivers/media/i2c/tc358743.c | 86 +-
drivers/media/i2c/vd55g1.c | 11 +-
drivers/media/pci/intel/ipu-bridge.c | 2 +
drivers/media/platform/qcom/iris/iris_buffer.c | 11 +-
.../platform/qcom/iris/iris_hfi_gen1_defines.h | 2 +
.../platform/qcom/iris/iris_hfi_gen1_response.c | 6 +
drivers/media/platform/qcom/venus/hfi_msgs.c | 83 +-
drivers/media/platform/raspberrypi/rp1-cfe/cfe.c | 4 +-
drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 +
drivers/media/usb/uvc/uvc_ctrl.c | 65 +-
drivers/media/usb/uvc/uvc_driver.c | 12 +
drivers/media/usb/uvc/uvc_video.c | 21 +-
drivers/media/usb/uvc/uvcvideo.h | 2 +
drivers/media/v4l2-core/v4l2-common.c | 14 +-
drivers/mfd/axp20x.c | 3 +-
drivers/mfd/cros_ec_dev.c | 10 +-
drivers/mfd/tps6594-core.c | 88 +-
drivers/mfd/tps6594-i2c.c | 10 +-
drivers/mfd/tps6594-spi.c | 10 +-
drivers/misc/cardreader/rtsx_usb.c | 16 +-
drivers/misc/mei/bus.c | 6 +
drivers/mmc/host/rtsx_usb_sdmmc.c | 4 +-
drivers/mmc/host/sdhci-esdhc-imx.c | 16 +-
drivers/mmc/host/sdhci-msm.c | 14 +
drivers/net/can/ti_hecc.c | 2 +-
drivers/net/dsa/b53/b53_common.c | 76 +-
drivers/net/dsa/b53/b53_regs.h | 7 +-
drivers/net/ethernet/agere/et131x.c | 36 +
drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2 +
.../aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 +
drivers/net/ethernet/atheros/ag71xx.c | 9 +
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 29 +-
drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +-
drivers/net/ethernet/emulex/benet/be_main.c | 8 +-
drivers/net/ethernet/faraday/ftgmac100.c | 7 +-
drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 -
drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 +-
.../net/ethernet/freescale/enetc/enetc_ethtool.c | 15 +-
drivers/net/ethernet/freescale/enetc/enetc_hw.h | 1 +
drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14 +-
drivers/net/ethernet/freescale/fec_main.c | 34 +-
drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 +-
drivers/net/ethernet/google/gve/gve_adminq.c | 1 +
drivers/net/ethernet/hisilicon/hibmcge/hbg_err.c | 14 +-
drivers/net/ethernet/hisilicon/hibmcge/hbg_hw.c | 15 +-
drivers/net/ethernet/hisilicon/hibmcge/hbg_txrx.h | 7 +-
drivers/net/ethernet/intel/idpf/idpf.h | 19 +
drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 36 +-
drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 +-
drivers/net/ethernet/intel/idpf/idpf_main.c | 1 +
drivers/net/ethernet/intel/idpf/idpf_txrx.c | 13 +-
drivers/net/ethernet/mediatek/mtk_wed.c | 1 -
drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2 +-
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 7 +-
drivers/net/ethernet/stmicro/stmmac/dwmac-thead.c | 14 +
drivers/net/ethernet/ti/icssg/icss_iep.c | 26 +-
drivers/net/ethernet/ti/icssg/icssg_prueth.c | 6 +
drivers/net/hamradio/bpqether.c | 2 +-
drivers/net/hyperv/hyperv_net.h | 3 +
drivers/net/hyperv/netvsc_drv.c | 29 +-
drivers/net/pcs/pcs-xpcs-plat.c | 4 +-
drivers/net/phy/air_en8811h.c | 45 +-
drivers/net/phy/broadcom.c | 25 +-
drivers/net/phy/mdio_bus.c | 1 +
drivers/net/phy/mdio_bus_provider.c | 3 -
drivers/net/phy/micrel.c | 12 +-
drivers/net/phy/nxp-c45-tja11xx.c | 23 +-
drivers/net/phy/realtek/realtek_main.c | 10 +-
drivers/net/phy/smsc.c | 1 +
drivers/net/thunderbolt/main.c | 21 +-
drivers/net/usb/asix_devices.c | 1 +
drivers/net/usb/cdc_ncm.c | 20 +-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/wan/lapbether.c | 2 +-
drivers/net/wireless/ath/ath10k/core.c | 48 +-
drivers/net/wireless/ath/ath10k/core.h | 11 +-
drivers/net/wireless/ath/ath10k/mac.c | 7 +-
drivers/net/wireless/ath/ath10k/wmi.c | 6 +
drivers/net/wireless/ath/ath12k/dp.c | 3 +-
drivers/net/wireless/ath/ath12k/hw.c | 2 +-
drivers/net/wireless/ath/ath12k/mac.c | 57 +-
drivers/net/wireless/ath/ath12k/wmi.c | 5 +
drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 +-
drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 +-
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 +-
drivers/net/wireless/intel/iwlwifi/iwl-drv.c | 8 +-
drivers/net/wireless/intel/iwlwifi/mld/agg.c | 5 +
drivers/net/wireless/intel/iwlwifi/mld/iface.h | 3 +
drivers/net/wireless/intel/iwlwifi/mld/link.c | 8 +-
drivers/net/wireless/intel/iwlwifi/mld/mac80211.c | 1 +
drivers/net/wireless/intel/iwlwifi/mld/mld.c | 2 +-
drivers/net/wireless/intel/iwlwifi/mld/mlo.c | 8 +-
drivers/net/wireless/intel/iwlwifi/mld/scan.c | 2 +-
drivers/net/wireless/intel/iwlwifi/mld/scan.h | 2 +-
drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 +
drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 5 +
drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +-
drivers/net/wireless/intel/iwlwifi/pcie/internal.h | 1 +
.../net/wireless/intel/iwlwifi/pcie/trans-gen2.c | 5 +
drivers/net/wireless/intel/iwlwifi/pcie/trans.c | 2 +-
drivers/net/wireless/mediatek/mt76/channel.c | 4 +-
drivers/net/wireless/mediatek/mt76/mt76.h | 5 +-
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 28 +-
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 4 +-
drivers/net/wireless/realtek/rtlwifi/pci.c | 23 +-
drivers/net/wireless/realtek/rtw89/chan.c | 6 +
drivers/net/wireless/realtek/rtw89/coex.c | 12 +-
drivers/net/wireless/realtek/rtw89/core.c | 3 +
drivers/net/wireless/realtek/rtw89/fw.c | 10 +-
drivers/net/wireless/realtek/rtw89/fw.h | 2 +
drivers/net/wireless/realtek/rtw89/mac.c | 19 +
drivers/net/wireless/realtek/rtw89/reg.h | 1 +
drivers/net/wireless/realtek/rtw89/wow.c | 5 +-
drivers/net/xen-netfront.c | 5 -
drivers/nvme/host/pci.c | 24 +-
drivers/nvme/host/tcp.c | 11 +-
drivers/pci/controller/dwc/pcie-dw-rockchip.c | 15 +-
drivers/pci/pci-acpi.c | 4 +-
drivers/pci/pci.c | 6 +-
drivers/pci/probe.c | 2 +-
drivers/perf/arm-cmn.c | 1 +
drivers/perf/arm-ni.c | 1 +
drivers/perf/cxl_pmu.c | 2 +-
drivers/phy/rockchip/phy-rockchip-pcie.c | 15 +-
drivers/pinctrl/stm32/pinctrl-stm32.c | 1 +
drivers/platform/chrome/cros_ec_sensorhub.c | 23 +-
drivers/platform/chrome/cros_ec_typec.c | 4 +-
drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 +
drivers/platform/x86/thinkpad_acpi.c | 4 +-
drivers/pmdomain/imx/imx8m-blk-ctrl.c | 10 +
drivers/pmdomain/ti/Kconfig | 2 +-
drivers/power/supply/qcom_battmgr.c | 2 +
drivers/pps/clients/pps-gpio.c | 5 +-
drivers/ptp/ptp_clock.c | 2 +-
drivers/ptp/ptp_private.h | 5 +
drivers/ptp/ptp_vclock.c | 7 +
drivers/remoteproc/imx_rproc.c | 4 +-
drivers/reset/Kconfig | 10 +-
drivers/rtc/rtc-ds1307.c | 15 +-
drivers/s390/char/sclp.c | 4 +-
drivers/scsi/aacraid/comminit.c | 3 +-
drivers/scsi/bfa/bfad_im.c | 1 +
drivers/scsi/libiscsi.c | 3 +-
drivers/scsi/lpfc/lpfc_debugfs.c | 1 -
drivers/scsi/lpfc/lpfc_hbadisc.c | 3 +-
drivers/scsi/lpfc/lpfc_scsi.c | 4 +
drivers/scsi/mpi3mr/mpi3mr_os.c | 20 +-
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 +
drivers/scsi/pm8001/pm80xx_hwi.c | 12 +-
drivers/scsi/scsi_scan.c | 2 +-
drivers/scsi/scsi_transport_sas.c | 62 +-
drivers/soc/qcom/mdt_loader.c | 10 +-
drivers/soc/qcom/rpmh-rsc.c | 2 +-
drivers/soundwire/amd_manager.c | 7 +-
drivers/soundwire/bus.c | 6 +-
drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 14 +-
drivers/target/target_core_fabric_lib.c | 65 +-
drivers/target/target_core_internal.h | 4 +-
drivers/target/target_core_pr.c | 18 +-
drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 +-
drivers/thermal/thermal_sysfs.c | 9 +-
drivers/thunderbolt/domain.c | 2 +-
drivers/tty/serial/serial_core.c | 44 +-
drivers/ufs/core/ufshcd.c | 9 +-
drivers/usb/class/cdc-acm.c | 11 +-
drivers/usb/core/config.c | 10 +-
drivers/usb/core/urb.c | 2 +-
drivers/usb/dwc3/dwc3-xilinx.c | 1 +
drivers/usb/host/xhci-mem.c | 2 +
drivers/usb/host/xhci-ring.c | 10 +-
drivers/usb/host/xhci.c | 6 +-
drivers/usb/typec/mux/intel_pmc_mux.c | 2 +-
drivers/usb/typec/tcpm/fusb302.c | 8 +
drivers/usb/typec/tcpm/tcpci_maxim_core.c | 46 +-
drivers/usb/typec/ucsi/cros_ec_ucsi.c | 1 +
drivers/usb/typec/ucsi/psy.c | 2 +-
drivers/usb/typec/ucsi/ucsi.c | 1 +
drivers/usb/typec/ucsi/ucsi.h | 7 +-
drivers/vfio/pci/mlx5/cmd.c | 4 +-
drivers/vfio/vfio_iommu_type1.c | 7 +
drivers/vhost/vhost.c | 3 +
drivers/video/fbdev/Kconfig | 2 +-
drivers/video/fbdev/core/fbcon.c | 9 +-
drivers/video/fbdev/core/fbmem.c | 3 +
drivers/virt/coco/efi_secret/efi_secret.c | 10 +-
drivers/watchdog/dw_wdt.c | 2 +
drivers/watchdog/iTCO_wdt.c | 6 +-
drivers/watchdog/sbsa_gwdt.c | 50 +-
fs/btrfs/block-group.c | 31 +-
fs/btrfs/ctree.c | 1 +
fs/btrfs/disk-io.c | 1 +
fs/btrfs/extent-tree.c | 33 +-
fs/btrfs/file.c | 59 +-
fs/btrfs/inode.c | 2 +-
fs/btrfs/ioctl.c | 3 +-
fs/btrfs/qgroup.c | 44 +-
fs/btrfs/relocation.c | 19 +
fs/btrfs/send.c | 33 +
fs/btrfs/transaction.c | 6 +-
fs/btrfs/tree-log.c | 107 +-
fs/btrfs/zoned.c | 66 +-
fs/btrfs/zoned.h | 3 +
fs/crypto/fscrypt_private.h | 17 +
fs/crypto/hkdf.c | 2 +-
fs/crypto/keysetup.c | 3 +-
fs/crypto/keysetup_v1.c | 3 +-
fs/erofs/super.c | 4 +-
fs/exfat/dir.c | 12 +
fs/exfat/fatent.c | 10 +
fs/exfat/namei.c | 5 +
fs/exfat/super.c | 32 +-
fs/ext2/inode.c | 12 +-
fs/ext4/ext4.h | 2 +-
fs/ext4/ialloc.c | 3 +-
fs/ext4/inline.c | 19 +-
fs/ext4/inode.c | 22 +-
fs/ext4/mballoc-test.c | 9 +
fs/ext4/mballoc.c | 69 +-
fs/f2fs/file.c | 24 +-
fs/f2fs/node.c | 29 +-
fs/fhandle.c | 2 +-
fs/file.c | 15 +
fs/gfs2/dir.c | 6 +-
fs/gfs2/glops.c | 6 +
fs/gfs2/meta_io.c | 2 +
fs/hfs/bfind.c | 3 +
fs/hfs/bnode.c | 93 +
fs/hfs/btree.c | 57 +-
fs/hfs/extent.c | 2 +-
fs/hfs/hfs_fs.h | 1 +
fs/hfsplus/bnode.c | 92 +
fs/hfsplus/unicode.c | 7 +
fs/hfsplus/xattr.c | 6 +-
fs/jfs/file.c | 3 +
fs/jfs/inode.c | 2 +-
fs/jfs/jfs_dmap.c | 6 +
fs/libfs.c | 4 +-
fs/nfs/blocklayout/blocklayout.c | 4 +-
fs/nfs/blocklayout/dev.c | 5 +-
fs/nfs/blocklayout/extent_tree.c | 20 +-
fs/nfs/client.c | 44 +-
fs/nfs/internal.h | 2 +-
fs/nfs/nfs4client.c | 20 +-
fs/nfs/nfs4proc.c | 2 +-
fs/nfs/pnfs.c | 11 +-
fs/nfsd/nfs4state.c | 34 +-
fs/ntfs3/dir.c | 3 +
fs/ntfs3/inode.c | 31 +-
fs/ocfs2/aops.c | 1 +
fs/orangefs/orangefs-debugfs.c | 2 +-
fs/pidfs.c | 2 +
fs/proc/task_mmu.c | 6 +-
fs/smb/client/cifsencrypt.c | 79 +-
fs/smb/client/cifssmb.c | 10 +
fs/smb/client/compress.c | 61 +-
fs/smb/client/connect.c | 1 -
fs/smb/client/sess.c | 9 +
fs/smb/client/smb2ops.c | 11 +-
fs/smb/client/smbdirect.c | 25 +-
fs/smb/server/smb2pdu.c | 16 +-
fs/tracefs/inode.c | 11 +
fs/udf/super.c | 13 +-
fs/xfs/scrub/trace.h | 2 +-
include/drm/gpu_scheduler.h | 18 +
include/linux/blk_types.h | 6 +-
include/linux/blkdev.h | 55 +
include/linux/hid.h | 2 +
include/linux/hypervisor.h | 3 +
include/linux/if_vlan.h | 21 +-
include/linux/libata.h | 1 +
include/linux/memory-tiers.h | 2 +-
include/linux/mfd/tps6594.h | 1 +
include/linux/packing.h | 6 +-
include/linux/pci.h | 6 +
include/linux/sbitmap.h | 6 +-
include/linux/skbuff.h | 8 +-
include/linux/usb/cdc_ncm.h | 1 +
include/linux/virtio_vsock.h | 7 +-
include/net/bluetooth/hci.h | 6 +
include/net/bluetooth/hci_core.h | 5 +-
include/net/cfg80211.h | 2 +-
include/net/ip_vs.h | 13 +
include/net/kcm.h | 1 -
include/net/mac80211.h | 4 +
include/net/page_pool/types.h | 2 +
include/sound/sdca_function.h | 2 +
include/trace/events/thp.h | 2 +
include/uapi/linux/in6.h | 4 +-
include/uapi/linux/io_uring.h | 2 +-
io_uring/memmap.c | 2 +-
io_uring/net.c | 27 +-
io_uring/rsrc.c | 4 +-
io_uring/rsrc.h | 2 +
io_uring/rw.c | 2 +-
io_uring/zcrx.c | 34 +-
io_uring/zcrx.h | 1 +
kernel/.gitignore | 2 +
kernel/Makefile | 47 +-
kernel/bpf/verifier.c | 7 +-
kernel/futex/futex.h | 6 +-
kernel/gen_kheaders.sh | 88 +-
kernel/kthread.c | 1 +
kernel/module/main.c | 10 +-
kernel/power/console.c | 7 +-
kernel/printk/nbcon.c | 63 +-
kernel/rcu/rcutorture.c | 9 +-
kernel/rcu/tree.c | 2 +
kernel/rcu/tree.h | 14 +-
kernel/rcu/tree_nocb.h | 5 +-
kernel/rcu/tree_plugin.h | 44 +-
kernel/sched/deadline.c | 4 +-
kernel/sched/fair.c | 19 +-
kernel/sched/rt.c | 6 +
kernel/trace/fprobe.c | 4 +-
kernel/trace/rv/rv_trace.h | 3 +-
lib/sbitmap.c | 56 +-
mm/damon/core.c | 1 +
mm/huge_memory.c | 7 +-
mm/kmemleak.c | 10 +-
mm/ptdump.c | 2 +
mm/shmem.c | 39 +-
mm/slub.c | 7 +-
mm/userfaultfd.c | 15 +-
net/bluetooth/hci_conn.c | 3 +-
net/bluetooth/hci_event.c | 39 +-
net/bluetooth/hci_sock.c | 2 +-
net/core/ieee8021q_helpers.c | 44 +-
net/core/page_pool.c | 29 +
net/ipv4/route.c | 1 -
net/ipv4/udp_offload.c | 2 +-
net/ipv6/addrconf.c | 7 +-
net/ipv6/mcast.c | 11 +-
net/ipv6/xfrm6_tunnel.c | 2 +-
net/kcm/kcmsock.c | 10 +-
net/mac80211/chan.c | 1 +
net/mac80211/ht.c | 40 +-
net/mac80211/ieee80211_i.h | 6 +
net/mac80211/iface.c | 29 +
net/mac80211/link.c | 9 +-
net/mac80211/mlme.c | 45 +-
net/mac80211/rx.c | 47 +-
net/mctp/af_mctp.c | 28 +-
net/ncsi/internal.h | 2 +-
net/ncsi/ncsi-rsp.c | 1 +
net/netfilter/ipvs/ip_vs_est.c | 3 +-
net/netfilter/nf_conntrack_netlink.c | 65 +-
net/netfilter/nf_tables_api.c | 30 +
net/netfilter/nft_set_pipapo.c | 9 +-
net/netlink/af_netlink.c | 2 +-
net/sched/sch_ets.c | 11 +-
net/sctp/input.c | 2 +-
net/tls/tls.h | 2 +-
net/tls/tls_strp.c | 11 +-
net/tls/tls_sw.c | 3 +-
net/vmw_vsock/virtio_transport.c | 2 +-
net/wireless/mlme.c | 3 +-
net/xfrm/xfrm_device.c | 12 +-
net/xfrm/xfrm_state.c | 76 +-
rust/Makefile | 16 +-
samples/damon/mtier.c | 10 +
samples/damon/wsse.c | 12 +-
scripts/kconfig/gconf.c | 8 +-
scripts/kconfig/lxdialog/inputbox.c | 6 +-
scripts/kconfig/lxdialog/menubox.c | 2 +-
scripts/kconfig/nconf.c | 2 +
scripts/kconfig/nconf.gui.c | 1 +
security/apparmor/domain.c | 52 +-
security/apparmor/file.c | 6 +-
security/apparmor/include/lib.h | 6 +-
security/inode.c | 2 -
security/landlock/syscalls.c | 1 -
sound/core/pcm_native.c | 19 +-
sound/pci/hda/cs35l41_hda.c | 2 +
sound/pci/hda/cs35l56_hda.c | 4 +
sound/pci/hda/hda_codec.c | 44 +-
sound/pci/hda/patch_ca0132.c | 2 +-
sound/pci/hda/patch_realtek.c | 3 +
sound/pci/intel8x0.c | 2 +-
sound/soc/codecs/hdac_hdmi.c | 10 +-
sound/soc/codecs/rt5640.c | 5 +
sound/soc/fsl/fsl_sai.c | 20 +-
sound/soc/intel/avs/core.c | 3 +-
sound/soc/intel/boards/sof_sdw.c | 8 +
sound/soc/qcom/lpass-platform.c | 27 +-
sound/soc/sdca/sdca_functions.c | 2 +
sound/soc/soc-core.c | 3 +
sound/soc/soc-dapm.c | 4 +
sound/soc/sof/topology.c | 15 +-
sound/usb/mixer_quirks.c | 14 +-
sound/usb/stream.c | 25 +-
sound/usb/validate.c | 12 +
tools/bootconfig/main.c | 24 +-
tools/bpf/bpftool/main.c | 6 +-
tools/include/nolibc/std.h | 4 +-
tools/include/nolibc/types.h | 4 +-
tools/lib/bpf/libbpf.c | 7 +-
.../cpupower/utils/idle_monitor/mperf_monitor.c | 4 +-
tools/power/x86/turbostat/turbostat.c | 14 +-
tools/scripts/Makefile.include | 4 +-
tools/testing/ktest/ktest.pl | 5 +-
tools/testing/selftests/arm64/fp/sve-ptrace.c | 3 +-
tools/testing/selftests/bpf/prog_tests/ringbuf.c | 4 +-
.../selftests/bpf/prog_tests/user_ringbuf.c | 10 +-
.../selftests/bpf/progs/test_ringbuf_write.c | 4 +-
.../testing/selftests/bpf/progs/verifier_unpriv.c | 2 +-
.../ftrace/test.d/ftrace/func-filter-glob.tc | 2 +-
tools/testing/selftests/futex/include/futextest.h | 11 +
tools/testing/selftests/kexec/Makefile | 2 +-
tools/testing/selftests/net/netfilter/config | 2 +-
tools/testing/selftests/vDSO/vdso_test_getrandom.c | 6 +-
tools/verification/dot2/dot2k.py | 3 +-
.../dot2/dot2k_templates/Kconfig_container | 5 +
622 files changed, 9008 insertions(+), 5340 deletions(-)
2 weeks, 2 days
- 13
- 585
[PATCH v3 3/3] PCI: Fix failure detection during resource resize
by Ilpo Järvinen
Since the commit 96336ec70264 ("PCI: Perform reset_resource() and build
fail list in sync") the failed list is always built and returned to let
the caller decide what to do with the failures. The caller may want to
retry resource fitting and assignment and before that can happen, the
resources should be restored to their original state (a reset
effectively clears the struct resource), which requires returning them
on the failed list so that the original state remains stored in the
associated struct pci_dev_resource.
Resource resizing is different from the ordinary resource fitting and
assignment in that it only considers part of the resources. This means
failures for other resource types are not relevant at all and should be
ignored. As resize doesn't unassign such unrelated resources, those
resource ending up into the failed list implies assignment of that
resource must have failed before resize too. The check in
pci_reassign_bridge_resources() to decide if the whole assignment is
successful, however, is based on list emptiness which will cause false
negatives when the failed list has resources with an unrelated type.
If the failed list is not empty, call pci_required_resource_failed()
and extend it to be able to filter on specific resource types too (if
provided).
Calling pci_required_resource_failed() at this point is slightly
problematic because the resource itself is reset when the failed list
is constructed in __assign_resources_sorted(). As a result,
pci_resource_is_optional() does not have access to the original
resource flags. This could be worked around by restoring and
re-reseting the resource around the call to pci_resource_is_optional(),
however, it shouldn't cause issue as resource resizing is meant for
64-bit prefetchable resources according to Christian König (see the
Link which unfortunately doesn't point directly to Christian's reply
because lore didn't store that email at all).
Fixes: 96336ec70264 ("PCI: Perform reset_resource() and build fail list in sync")
Link: https://lore.kernel.org/all/c5d1b5d8-8669-5572-75a7-0b480f581ac1@linux.inte…
Reported-by: D Scott Phillips <scott(a)os.amperecomputing.com>
Closes: https://lore.kernel.org/all/86plf0lgit.fsf@scott-ph-mail.amperecomputing.co…
Tested-by: D Scott Phillips <scott(a)os.amperecomputing.com>
Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com>
Reviewed-by: D Scott Phillips <scott(a)os.amperecomputing.com>
Cc: Christian König <christian.koenig(a)amd.com>
Cc: <stable(a)vger.kernel.org>
---
drivers/pci/setup-bus.c | 26 ++++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)
diff --git a/drivers/pci/setup-bus.c b/drivers/pci/setup-bus.c
index df5aec46c29d..def29506700e 100644
--- a/drivers/pci/setup-bus.c
+++ b/drivers/pci/setup-bus.c
@@ -28,6 +28,10 @@
#include <linux/acpi.h>
#include "pci.h"
+#define PCI_RES_TYPE_MASK \
+ (IORESOURCE_IO | IORESOURCE_MEM | IORESOURCE_PREFETCH |\
+ IORESOURCE_MEM_64)
+
unsigned int pci_flags;
EXPORT_SYMBOL_GPL(pci_flags);
@@ -384,13 +388,19 @@ static bool pci_need_to_release(unsigned long mask, struct resource *res)
}
/* Return: @true if assignment of a required resource failed. */
-static bool pci_required_resource_failed(struct list_head *fail_head)
+static bool pci_required_resource_failed(struct list_head *fail_head,
+ unsigned long type)
{
struct pci_dev_resource *fail_res;
+ type &= PCI_RES_TYPE_MASK;
+
list_for_each_entry(fail_res, fail_head, list) {
int idx = pci_resource_num(fail_res->dev, fail_res->res);
+ if (type && (fail_res->flags & PCI_RES_TYPE_MASK) != type)
+ continue;
+
if (!pci_resource_is_optional(fail_res->dev, idx))
return true;
}
@@ -504,7 +514,7 @@ static void __assign_resources_sorted(struct list_head *head,
}
/* Without realloc_head and only optional fails, nothing more to do. */
- if (!pci_required_resource_failed(&local_fail_head) &&
+ if (!pci_required_resource_failed(&local_fail_head, 0) &&
list_empty(realloc_head)) {
list_for_each_entry(save_res, &save_head, list) {
struct resource *res = save_res->res;
@@ -1708,10 +1718,6 @@ static void __pci_bridge_assign_resources(const struct pci_dev *bridge,
}
}
-#define PCI_RES_TYPE_MASK \
- (IORESOURCE_IO | IORESOURCE_MEM | IORESOURCE_PREFETCH |\
- IORESOURCE_MEM_64)
-
static void pci_bridge_release_resources(struct pci_bus *bus,
unsigned long type)
{
@@ -2450,8 +2456,12 @@ int pci_reassign_bridge_resources(struct pci_dev *bridge, unsigned long type)
free_list(&added);
if (!list_empty(&failed)) {
- ret = -ENOSPC;
- goto cleanup;
+ if (pci_required_resource_failed(&failed, type)) {
+ ret = -ENOSPC;
+ goto cleanup;
+ }
+ /* Only resources with unrelated types failed (again) */
+ free_list(&failed);
}
list_for_each_entry(dev_res, &saved, list) {
--
2.39.5
2 weeks, 2 days
- 2
- 3
[GIT PULL] virtio,vhost: fixes
by Michael S. Tsirkin
The following changes since commit 1b237f190eb3d36f52dffe07a40b5eb210280e00:
Linux 6.17-rc3 (2025-08-24 12:04:12 -0400)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost.git tags/for_linus
for you to fetch changes up to 45d8ef6322b8a828d3b1e2cfb8893e2ff882cb23:
virtio_net: adjust the execution order of function `virtnet_close` during freeze (2025-08-26 03:38:20 -0400)
----------------------------------------------------------------
virtio,vhost: fixes
More small fixes. Most notably this fixes a messed up ioctl #,
and a regression in shmem affecting drm users.
Signed-off-by: Michael S. Tsirkin <mst(a)redhat.com>
----------------------------------------------------------------
Igor Torrente (1):
Revert "virtio: reject shm region if length is zero"
Junnan Wu (1):
virtio_net: adjust the execution order of function `virtnet_close` during freeze
Liming Wu (1):
virtio_pci: Fix misleading comment for queue vector
Namhyung Kim (1):
vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER
Nikolay Kuratov (1):
vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put()
Ying Gao (1):
virtio_input: Improve freeze handling
drivers/net/virtio_net.c | 7 ++++---
drivers/vhost/net.c | 9 +++++++--
drivers/virtio/virtio_input.c | 4 ++++
drivers/virtio/virtio_pci_legacy_dev.c | 4 ++--
drivers/virtio/virtio_pci_modern_dev.c | 4 ++--
include/linux/virtio_config.h | 2 --
include/uapi/linux/vhost.h | 4 ++--
7 files changed, 21 insertions(+), 13 deletions(-)
2 weeks, 2 days
- 2
- 1
[PATCH] xfs: do not propagate ENODATA disk errors into xattr code
by Eric Sandeen
ENODATA (aka ENOATTR) has a very specific meaning in the xfs xattr code;
namely, that the requested attribute name could not be found.
However, a medium error from disk may also return ENODATA. At best,
this medium error may escape to userspace as "attribute not found"
when in fact it's an IO (disk) error.
At worst, we may oops in xfs_attr_leaf_get() when we do:
error = xfs_attr_leaf_hasname(args, &bp);
if (error == -ENOATTR) {
xfs_trans_brelse(args->trans, bp);
return error;
}
because an ENODATA/ENOATTR error from disk leaves us with a null bp,
and the xfs_trans_brelse will then null-deref it.
As discussed on the list, we really need to modify the lower level
IO functions to trap all disk errors and ensure that we don't let
unique errors like this leak up into higher xfs functions - many
like this should be remapped to EIO.
However, this patch directly addresses a reported bug in the xattr
code, and should be safe to backport to stable kernels. A larger-scope
patch to handle more unique errors at lower levels can follow later.
(Note, prior to 07120f1abdff we did not oops, but we did return the
wrong error code to userspace.)
Signed-off-by: Eric Sandeen <sandeen(a)redhat.com>
Fixes: 07120f1abdff ("xfs: Add xfs_has_attr and subroutines")
Cc: <stable(a)vger.kernel.org> # v5.9+
---
(I get it that sprinkling this around to 3 places might have an ick
factor but I think it's necessary to make a surgical strike on this bug
before we address the general problem.)
Thanks,
-Eric
diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c
index fddb55605e0c..9b54cfb0e13d 100644
--- a/fs/xfs/libxfs/xfs_attr_leaf.c
+++ b/fs/xfs/libxfs/xfs_attr_leaf.c
@@ -478,6 +478,12 @@ xfs_attr3_leaf_read(
err = xfs_da_read_buf(tp, dp, bno, 0, bpp, XFS_ATTR_FORK,
&xfs_attr3_leaf_buf_ops);
+ /*
+ * ENODATA from disk implies a disk medium failure; ENODATA for
+ * xattrs means attribute not found, so disambiguate that here.
+ */
+ if (err == -ENODATA)
+ err = -EIO;
if (err || !(*bpp))
return err;
diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c
index 4c44ce1c8a64..bff3dc226f81 100644
--- a/fs/xfs/libxfs/xfs_attr_remote.c
+++ b/fs/xfs/libxfs/xfs_attr_remote.c
@@ -435,6 +435,13 @@ xfs_attr_rmtval_get(
0, &bp, &xfs_attr3_rmt_buf_ops);
if (xfs_metadata_is_sick(error))
xfs_dirattr_mark_sick(args->dp, XFS_ATTR_FORK);
+ /*
+ * ENODATA from disk implies a disk medium failure;
+ * ENODATA for xattrs means attribute not found, so
+ * disambiguate that here.
+ */
+ if (error == -ENODATA)
+ error = -EIO;
if (error)
return error;
diff --git a/fs/xfs/libxfs/xfs_da_btree.c b/fs/xfs/libxfs/xfs_da_btree.c
index 17d9e6154f19..723a0643b838 100644
--- a/fs/xfs/libxfs/xfs_da_btree.c
+++ b/fs/xfs/libxfs/xfs_da_btree.c
@@ -2833,6 +2833,12 @@ xfs_da_read_buf(
&bp, ops);
if (xfs_metadata_is_sick(error))
xfs_dirattr_mark_sick(dp, whichfork);
+ /*
+ * ENODATA from disk implies a disk medium failure; ENODATA for
+ * xattrs means attribute not found, so disambiguate that here.
+ */
+ if (error == -ENODATA && whichfork == XFS_ATTR_FORK)
+ error = -EIO;
if (error)
goto out_free;
2 weeks, 2 days
- 4
- 6
[PATCH v2 3/3] xen/events: Update virq_to_irq on migration
by Jason Andryuk
VIRQs come in 3 flavors, per-VPU, per-domain, and global, and the VIRQs
are tracked in per-cpu virq_to_irq arrays.
Per-domain and global VIRQs must be bound on CPU 0, and
bind_virq_to_irq() sets the per_cpu virq_to_irq at registration time
Later, the interrupt can migrate, and info->cpu is updated. When
calling __unbind_from_irq(), the per-cpu virq_to_irq is cleared for a
different cpu. If bind_virq_to_irq() is called again with CPU 0, the
stale irq is returned. There won't be any irq_info for the irq, so
things break.
Make xen_rebind_evtchn_to_cpu() update the per_cpu virq_to_irq mappings
to keep them update to date with the current cpu. This ensures the
correct virq_to_irq is cleared in __unbind_from_irq().
Fixes: e46cdb66c8fc ("xen: event channels")
Cc: stable(a)vger.kernel.org
Signed-off-by: Jason Andryuk <jason.andryuk(a)amd.com>
---
V2:
Different approach changing virq_to_irq
---
drivers/xen/events/events_base.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c
index a85bc43f4344..4e9db7b92dde 100644
--- a/drivers/xen/events/events_base.c
+++ b/drivers/xen/events/events_base.c
@@ -1772,6 +1772,7 @@ static int xen_rebind_evtchn_to_cpu(struct irq_info *info, unsigned int tcpu)
{
struct evtchn_bind_vcpu bind_vcpu;
evtchn_port_t evtchn = info ? info->evtchn : 0;
+ int old_cpu = info ? info->cpu : tcpu;
if (!VALID_EVTCHN(evtchn))
return -1;
@@ -1795,8 +1796,18 @@ static int xen_rebind_evtchn_to_cpu(struct irq_info *info, unsigned int tcpu)
* it, but don't do the xenlinux-level rebind in that case.
*/
if (HYPERVISOR_event_channel_op(EVTCHNOP_bind_vcpu, &bind_vcpu) >= 0)
+ {
bind_evtchn_to_cpu(info, tcpu, false);
+ if (info->type == IRQT_VIRQ) {
+ int virq = info->u.virq;
+ int irq = per_cpu(virq_to_irq, old_cpu)[virq];
+
+ per_cpu(virq_to_irq, old_cpu)[virq] = -1;
+ per_cpu(virq_to_irq, tcpu)[virq] = irq;
+ }
+ }
+
do_unmask(info, EVT_MASK_REASON_TEMPORARY);
return 0;
--
2.50.1
2 weeks, 2 days
- 2
- 1
[PATCH v3 2/2] drm/amd/display: fix leak of probed modes
by Fedor Pchelkin
amdgpu_dm_connector_ddc_get_modes() reinitializes a connector's probed
modes list without cleaning it up. First time it is called during the
driver's initialization phase, then via drm_mode_getconnector() ioctl.
The leaks observed with Kmemleak are as following:
unreferenced object 0xffff88812f91b200 (size 128):
comm "(udev-worker)", pid 388, jiffies 4294695475
hex dump (first 32 bytes):
ac dd 07 00 80 02 70 0b 90 0b e0 0b 00 00 e0 01 ......p.........
0b 07 10 07 5c 07 00 00 0a 00 00 00 00 00 00 00 ....\...........
backtrace (crc 89db554f):
__kmalloc_cache_noprof+0x3a3/0x490
drm_mode_duplicate+0x8e/0x2b0
amdgpu_dm_create_common_mode+0x40/0x150 [amdgpu]
amdgpu_dm_connector_add_common_modes+0x336/0x488 [amdgpu]
amdgpu_dm_connector_get_modes+0x428/0x8a0 [amdgpu]
amdgpu_dm_initialize_drm_device+0x1389/0x17b4 [amdgpu]
amdgpu_dm_init.cold+0x157b/0x1a1e [amdgpu]
dm_hw_init+0x3f/0x110 [amdgpu]
amdgpu_device_ip_init+0xcf4/0x1180 [amdgpu]
amdgpu_device_init.cold+0xb84/0x1863 [amdgpu]
amdgpu_driver_load_kms+0x15/0x90 [amdgpu]
amdgpu_pci_probe+0x391/0xce0 [amdgpu]
local_pci_probe+0xd9/0x190
pci_call_probe+0x183/0x540
pci_device_probe+0x171/0x2c0
really_probe+0x1e1/0x890
Found by Linux Verification Center (linuxtesting.org).
Fixes: acc96ae0d127 ("drm/amd/display: set panel orientation before drm_dev_register")
Cc: stable(a)vger.kernel.org
Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru>
---
v3: drop INIT_LIST_HEAD and use drm_edid_connector_update() (Melissa Wen)
v2: use exported drm_mode_remove() (Mario Limonciello)
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
index a0ca3b2c6bd8..12685966186b 100644
--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
@@ -8230,10 +8230,14 @@ static void amdgpu_dm_connector_ddc_get_modes(struct drm_connector *connector,
{
struct amdgpu_dm_connector *amdgpu_dm_connector =
to_amdgpu_dm_connector(connector);
+ struct drm_display_mode *mode, *t;
if (drm_edid) {
/* empty probed_modes */
- INIT_LIST_HEAD(&connector->probed_modes);
+ list_for_each_entry_safe(mode, t, &connector->probed_modes, head)
+ drm_mode_remove(connector, mode);
+
+ drm_edid_connector_update(connector, drm_edid);
amdgpu_dm_connector->num_modes =
drm_edid_connector_add_modes(connector);
--
2.50.1
2 weeks, 2 days
- 1
- 0
FAILED: patch "[PATCH] NFS: Fix a race when updating an existing write" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 76d2e3890fb169168c73f2e4f8375c7cc24a765e
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082224-payment-unworthy-d165@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 76d2e3890fb169168c73f2e4f8375c7cc24a765e Mon Sep 17 00:00:00 2001
From: Trond Myklebust <trond.myklebust(a)hammerspace.com>
Date: Sat, 16 Aug 2025 07:25:20 -0700
Subject: [PATCH] NFS: Fix a race when updating an existing write
After nfs_lock_and_join_requests() tests for whether the request is
still attached to the mapping, nothing prevents a call to
nfs_inode_remove_request() from succeeding until we actually lock the
page group.
The reason is that whoever called nfs_inode_remove_request() doesn't
necessarily have a lock on the page group head.
So in order to avoid races, let's take the page group lock earlier in
nfs_lock_and_join_requests(), and hold it across the removal of the
request in nfs_inode_remove_request().
Reported-by: Jeff Layton <jlayton(a)kernel.org>
Tested-by: Joe Quanaim <jdq(a)meta.com>
Tested-by: Andrew Steffen <aksteffen(a)meta.com>
Reviewed-by: Jeff Layton <jlayton(a)kernel.org>
Fixes: bd37d6fce184 ("NFSv4: Convert nfs_lock_and_join_requests() to use nfs_page_find_head_request()")
Cc: stable(a)vger.kernel.org
Signed-off-by: Trond Myklebust <trond.myklebust(a)hammerspace.com>
diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c
index 11968dcb7243..6e69ce43a13f 100644
--- a/fs/nfs/pagelist.c
+++ b/fs/nfs/pagelist.c
@@ -253,13 +253,14 @@ nfs_page_group_unlock(struct nfs_page *req)
nfs_page_clear_headlock(req);
}
-/*
- * nfs_page_group_sync_on_bit_locked
+/**
+ * nfs_page_group_sync_on_bit_locked - Test if all requests have @bit set
+ * @req: request in page group
+ * @bit: PG_* bit that is used to sync page group
*
* must be called with page group lock held
*/
-static bool
-nfs_page_group_sync_on_bit_locked(struct nfs_page *req, unsigned int bit)
+bool nfs_page_group_sync_on_bit_locked(struct nfs_page *req, unsigned int bit)
{
struct nfs_page *head = req->wb_head;
struct nfs_page *tmp;
diff --git a/fs/nfs/write.c b/fs/nfs/write.c
index fa5c41d0989a..8b7c04737967 100644
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -153,20 +153,10 @@ nfs_page_set_inode_ref(struct nfs_page *req, struct inode *inode)
}
}
-static int
-nfs_cancel_remove_inode(struct nfs_page *req, struct inode *inode)
+static void nfs_cancel_remove_inode(struct nfs_page *req, struct inode *inode)
{
- int ret;
-
- if (!test_bit(PG_REMOVE, &req->wb_flags))
- return 0;
- ret = nfs_page_group_lock(req);
- if (ret)
- return ret;
if (test_and_clear_bit(PG_REMOVE, &req->wb_flags))
nfs_page_set_inode_ref(req, inode);
- nfs_page_group_unlock(req);
- return 0;
}
/**
@@ -585,19 +575,18 @@ retry:
}
}
+ ret = nfs_page_group_lock(head);
+ if (ret < 0)
+ goto out_unlock;
+
/* Ensure that nobody removed the request before we locked it */
if (head != folio->private) {
+ nfs_page_group_unlock(head);
nfs_unlock_and_release_request(head);
goto retry;
}
- ret = nfs_cancel_remove_inode(head, inode);
- if (ret < 0)
- goto out_unlock;
-
- ret = nfs_page_group_lock(head);
- if (ret < 0)
- goto out_unlock;
+ nfs_cancel_remove_inode(head, inode);
/* lock each request in the page group */
for (subreq = head->wb_this_page;
@@ -786,7 +775,8 @@ static void nfs_inode_remove_request(struct nfs_page *req)
{
struct nfs_inode *nfsi = NFS_I(nfs_page_to_inode(req));
- if (nfs_page_group_sync_on_bit(req, PG_REMOVE)) {
+ nfs_page_group_lock(req);
+ if (nfs_page_group_sync_on_bit_locked(req, PG_REMOVE)) {
struct folio *folio = nfs_page_to_folio(req->wb_head);
struct address_space *mapping = folio->mapping;
@@ -798,6 +788,7 @@ static void nfs_inode_remove_request(struct nfs_page *req)
}
spin_unlock(&mapping->i_private_lock);
}
+ nfs_page_group_unlock(req);
if (test_and_clear_bit(PG_INODE_REF, &req->wb_flags)) {
atomic_long_dec(&nfsi->nrequests);
diff --git a/include/linux/nfs_page.h b/include/linux/nfs_page.h
index 169b4ae30ff4..9aed39abc94b 100644
--- a/include/linux/nfs_page.h
+++ b/include/linux/nfs_page.h
@@ -160,6 +160,7 @@ extern void nfs_join_page_group(struct nfs_page *head,
extern int nfs_page_group_lock(struct nfs_page *);
extern void nfs_page_group_unlock(struct nfs_page *);
extern bool nfs_page_group_sync_on_bit(struct nfs_page *, unsigned int);
+extern bool nfs_page_group_sync_on_bit_locked(struct nfs_page *, unsigned int);
extern int nfs_page_set_headlock(struct nfs_page *req);
extern void nfs_page_clear_headlock(struct nfs_page *req);
extern bool nfs_async_iocounter_wait(struct rpc_task *, struct nfs_lock_context *);
2 weeks, 2 days
- 2
- 3
FAILED: patch "[PATCH] NFS: Fix a race when updating an existing write" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 76d2e3890fb169168c73f2e4f8375c7cc24a765e
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082224-submersed-commend-be4c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 76d2e3890fb169168c73f2e4f8375c7cc24a765e Mon Sep 17 00:00:00 2001
From: Trond Myklebust <trond.myklebust(a)hammerspace.com>
Date: Sat, 16 Aug 2025 07:25:20 -0700
Subject: [PATCH] NFS: Fix a race when updating an existing write
After nfs_lock_and_join_requests() tests for whether the request is
still attached to the mapping, nothing prevents a call to
nfs_inode_remove_request() from succeeding until we actually lock the
page group.
The reason is that whoever called nfs_inode_remove_request() doesn't
necessarily have a lock on the page group head.
So in order to avoid races, let's take the page group lock earlier in
nfs_lock_and_join_requests(), and hold it across the removal of the
request in nfs_inode_remove_request().
Reported-by: Jeff Layton <jlayton(a)kernel.org>
Tested-by: Joe Quanaim <jdq(a)meta.com>
Tested-by: Andrew Steffen <aksteffen(a)meta.com>
Reviewed-by: Jeff Layton <jlayton(a)kernel.org>
Fixes: bd37d6fce184 ("NFSv4: Convert nfs_lock_and_join_requests() to use nfs_page_find_head_request()")
Cc: stable(a)vger.kernel.org
Signed-off-by: Trond Myklebust <trond.myklebust(a)hammerspace.com>
diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c
index 11968dcb7243..6e69ce43a13f 100644
--- a/fs/nfs/pagelist.c
+++ b/fs/nfs/pagelist.c
@@ -253,13 +253,14 @@ nfs_page_group_unlock(struct nfs_page *req)
nfs_page_clear_headlock(req);
}
-/*
- * nfs_page_group_sync_on_bit_locked
+/**
+ * nfs_page_group_sync_on_bit_locked - Test if all requests have @bit set
+ * @req: request in page group
+ * @bit: PG_* bit that is used to sync page group
*
* must be called with page group lock held
*/
-static bool
-nfs_page_group_sync_on_bit_locked(struct nfs_page *req, unsigned int bit)
+bool nfs_page_group_sync_on_bit_locked(struct nfs_page *req, unsigned int bit)
{
struct nfs_page *head = req->wb_head;
struct nfs_page *tmp;
diff --git a/fs/nfs/write.c b/fs/nfs/write.c
index fa5c41d0989a..8b7c04737967 100644
--- a/fs/nfs/write.c
+++ b/fs/nfs/write.c
@@ -153,20 +153,10 @@ nfs_page_set_inode_ref(struct nfs_page *req, struct inode *inode)
}
}
-static int
-nfs_cancel_remove_inode(struct nfs_page *req, struct inode *inode)
+static void nfs_cancel_remove_inode(struct nfs_page *req, struct inode *inode)
{
- int ret;
-
- if (!test_bit(PG_REMOVE, &req->wb_flags))
- return 0;
- ret = nfs_page_group_lock(req);
- if (ret)
- return ret;
if (test_and_clear_bit(PG_REMOVE, &req->wb_flags))
nfs_page_set_inode_ref(req, inode);
- nfs_page_group_unlock(req);
- return 0;
}
/**
@@ -585,19 +575,18 @@ retry:
}
}
+ ret = nfs_page_group_lock(head);
+ if (ret < 0)
+ goto out_unlock;
+
/* Ensure that nobody removed the request before we locked it */
if (head != folio->private) {
+ nfs_page_group_unlock(head);
nfs_unlock_and_release_request(head);
goto retry;
}
- ret = nfs_cancel_remove_inode(head, inode);
- if (ret < 0)
- goto out_unlock;
-
- ret = nfs_page_group_lock(head);
- if (ret < 0)
- goto out_unlock;
+ nfs_cancel_remove_inode(head, inode);
/* lock each request in the page group */
for (subreq = head->wb_this_page;
@@ -786,7 +775,8 @@ static void nfs_inode_remove_request(struct nfs_page *req)
{
struct nfs_inode *nfsi = NFS_I(nfs_page_to_inode(req));
- if (nfs_page_group_sync_on_bit(req, PG_REMOVE)) {
+ nfs_page_group_lock(req);
+ if (nfs_page_group_sync_on_bit_locked(req, PG_REMOVE)) {
struct folio *folio = nfs_page_to_folio(req->wb_head);
struct address_space *mapping = folio->mapping;
@@ -798,6 +788,7 @@ static void nfs_inode_remove_request(struct nfs_page *req)
}
spin_unlock(&mapping->i_private_lock);
}
+ nfs_page_group_unlock(req);
if (test_and_clear_bit(PG_INODE_REF, &req->wb_flags)) {
atomic_long_dec(&nfsi->nrequests);
diff --git a/include/linux/nfs_page.h b/include/linux/nfs_page.h
index 169b4ae30ff4..9aed39abc94b 100644
--- a/include/linux/nfs_page.h
+++ b/include/linux/nfs_page.h
@@ -160,6 +160,7 @@ extern void nfs_join_page_group(struct nfs_page *head,
extern int nfs_page_group_lock(struct nfs_page *);
extern void nfs_page_group_unlock(struct nfs_page *);
extern bool nfs_page_group_sync_on_bit(struct nfs_page *, unsigned int);
+extern bool nfs_page_group_sync_on_bit_locked(struct nfs_page *, unsigned int);
extern int nfs_page_set_headlock(struct nfs_page *req);
extern void nfs_page_clear_headlock(struct nfs_page *req);
extern bool nfs_async_iocounter_wait(struct rpc_task *, struct nfs_lock_context *);
2 weeks, 2 days
- 2
- 3
[PATCH rtw v2 2/4] wifi: rtw89: fix tx_wait initialization race
by Fedor Pchelkin
Now that nullfunc skbs are recycled in a separate work item in the driver,
the following race during initialization and processing of those skbs
might lead to noticeable bugs:
Waiting thread Completing thread
rtw89_core_send_nullfunc()
rtw89_core_tx_write_link()
...
rtw89_pci_txwd_submit()
skb_data->wait = NULL
/* add skb to the queue */
skb_queue_tail(&txwd->queue, skb)
rtw89_pci_napi_poll()
...
rtw89_pci_release_txwd_skb()
/* get skb from the queue */
skb_unlink(skb, &txwd->queue)
rtw89_pci_tx_status()
rtw89_core_tx_wait_complete()
/* use incorrect skb_data->wait */
rtw89_core_tx_kick_off_and_wait()
/* assign skb_data->wait but too late */
The value of skb_data->wait indicates whether skb is passed on to the
core ieee80211 stack or released by the driver itself. So assure that by
the time skb is added to txwd queue and becomes visible to the completing
side, it has already allocated tx_wait-related data (in case it's needed).
Found by Linux Verification Center (linuxtesting.org).
Fixes: 1ae5ca615285 ("wifi: rtw89: add function to wait for completion of TX skbs")
Cc: stable(a)vger.kernel.org
Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru>
---
drivers/net/wireless/realtek/rtw89/core.c | 31 +++++++++++++----------
drivers/net/wireless/realtek/rtw89/pci.c | 2 --
2 files changed, 18 insertions(+), 15 deletions(-)
diff --git a/drivers/net/wireless/realtek/rtw89/core.c b/drivers/net/wireless/realtek/rtw89/core.c
index 48aa02d6abd4..28bbc898b95e 100644
--- a/drivers/net/wireless/realtek/rtw89/core.c
+++ b/drivers/net/wireless/realtek/rtw89/core.c
@@ -1106,21 +1106,12 @@ int rtw89_core_tx_kick_off_and_wait(struct rtw89_dev *rtwdev, struct sk_buff *sk
int qsel, unsigned int timeout)
{
struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb);
- struct rtw89_tx_wait_info *wait;
+ struct rtw89_tx_wait_info *wait = skb_data->wait;
unsigned long time_left;
int ret = 0;
lockdep_assert_wiphy(rtwdev->hw->wiphy);
- wait = kzalloc(sizeof(*wait), GFP_KERNEL);
- if (!wait) {
- rtw89_core_tx_kick_off(rtwdev, qsel);
- return 0;
- }
-
- init_completion(&wait->completion);
- skb_data->wait = wait;
-
rtw89_core_tx_kick_off(rtwdev, qsel);
time_left = wait_for_completion_timeout(&wait->completion,
msecs_to_jiffies(timeout));
@@ -1184,10 +1175,12 @@ int rtw89_h2c_tx(struct rtw89_dev *rtwdev,
static int rtw89_core_tx_write_link(struct rtw89_dev *rtwdev,
struct rtw89_vif_link *rtwvif_link,
struct rtw89_sta_link *rtwsta_link,
- struct sk_buff *skb, int *qsel, bool sw_mld)
+ struct sk_buff *skb, int *qsel, bool sw_mld,
+ struct rtw89_tx_wait_info *wait)
{
struct ieee80211_sta *sta = rtwsta_link_to_sta_safe(rtwsta_link);
struct ieee80211_vif *vif = rtwvif_link_to_vif(rtwvif_link);
+ struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb);
struct rtw89_vif *rtwvif = rtwvif_link->rtwvif;
struct rtw89_core_tx_request tx_req = {};
int ret;
@@ -1204,6 +1197,8 @@ static int rtw89_core_tx_write_link(struct rtw89_dev *rtwdev,
rtw89_core_tx_update_desc_info(rtwdev, &tx_req);
rtw89_core_tx_wake(rtwdev, &tx_req);
+ skb_data->wait = wait;
+
ret = rtw89_hci_tx_write(rtwdev, &tx_req);
if (ret) {
rtw89_err(rtwdev, "failed to transmit skb to HCI\n");
@@ -1240,7 +1235,8 @@ int rtw89_core_tx_write(struct rtw89_dev *rtwdev, struct ieee80211_vif *vif,
}
}
- return rtw89_core_tx_write_link(rtwdev, rtwvif_link, rtwsta_link, skb, qsel, false);
+ return rtw89_core_tx_write_link(rtwdev, rtwvif_link, rtwsta_link, skb, qsel, false,
+ NULL);
}
static __le32 rtw89_build_txwd_body0(struct rtw89_tx_desc_info *desc_info)
@@ -3438,6 +3434,7 @@ int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rt
struct ieee80211_vif *vif = rtwvif_link_to_vif(rtwvif_link);
int link_id = ieee80211_vif_is_mld(vif) ? rtwvif_link->link_id : -1;
struct rtw89_sta_link *rtwsta_link;
+ struct rtw89_tx_wait_info *wait;
struct ieee80211_sta *sta;
struct ieee80211_hdr *hdr;
struct rtw89_sta *rtwsta;
@@ -3447,6 +3444,12 @@ int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rt
if (vif->type != NL80211_IFTYPE_STATION || !vif->cfg.assoc)
return 0;
+ wait = kzalloc(sizeof(*wait), GFP_KERNEL);
+ if (!wait)
+ return -ENOMEM;
+
+ init_completion(&wait->completion);
+
rcu_read_lock();
sta = ieee80211_find_sta(vif, vif->cfg.ap_addr);
if (!sta) {
@@ -3471,7 +3474,8 @@ int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rt
goto out;
}
- ret = rtw89_core_tx_write_link(rtwdev, rtwvif_link, rtwsta_link, skb, &qsel, true);
+ ret = rtw89_core_tx_write_link(rtwdev, rtwvif_link, rtwsta_link, skb, &qsel, true,
+ wait);
if (ret) {
rtw89_warn(rtwdev, "nullfunc transmit failed: %d\n", ret);
dev_kfree_skb_any(skb);
@@ -3484,6 +3488,7 @@ int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rt
timeout);
out:
rcu_read_unlock();
+ kfree(wait);
return ret;
}
diff --git a/drivers/net/wireless/realtek/rtw89/pci.c b/drivers/net/wireless/realtek/rtw89/pci.c
index 6356c2c224c5..8ad505743a8e 100644
--- a/drivers/net/wireless/realtek/rtw89/pci.c
+++ b/drivers/net/wireless/realtek/rtw89/pci.c
@@ -1372,7 +1372,6 @@ static int rtw89_pci_txwd_submit(struct rtw89_dev *rtwdev,
struct pci_dev *pdev = rtwpci->pdev;
struct sk_buff *skb = tx_req->skb;
struct rtw89_pci_tx_data *tx_data = RTW89_PCI_TX_SKB_CB(skb);
- struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb);
bool en_wd_info = desc_info->en_wd_info;
u32 txwd_len;
u32 txwp_len;
@@ -1388,7 +1387,6 @@ static int rtw89_pci_txwd_submit(struct rtw89_dev *rtwdev,
}
tx_data->dma = dma;
- skb_data->wait = NULL;
txwp_len = sizeof(*txwp_info);
txwd_len = chip->txwd_body_size;
--
2.50.1
2 weeks, 3 days
- 1
- 0
[PATCH v4 1/4] x86/cpu/topology: Use initial APIC ID from XTOPOLOGY leaf on AMD/HYGON
by K Prateek Nayak
Prior to the topology parsing rewrite and the switchover to the new
parsing logic for AMD processors in commit c749ce393b8f ("x86/cpu: Use
common topology code for AMD"), the "initial_apicid" on these platforms
was:
- First initialized to the LocalApicId from CPUID leaf 0x1 EBX[31:24].
- Then overwritten by the ExtendedLocalApicId in CPUID leaf 0xb
EDX[31:0] on processors that supported topoext.
With the new parsing flow introduced in commit f7fb3b2dd92c ("x86/cpu:
Provide an AMD/HYGON specific topology parser"), parse_8000_001e() now
unconditionally overwrites the "initial_apicid" already parsed during
cpu_parse_topology_ext().
Although this has not been a problem on baremetal platforms, on
virtualized AMD guests that feature more than 255 cores, QEMU 0's out
the CPUID leaf 0x8000001e on CPUs with "CoreID" > 255 to prevent
collision of these IDs in EBX[7:0] which can only represent a maximum of
255 cores [1].
This results in the following FW_BUG being logged when booting a guest
with more than 255 cores:
[Firmware Bug]: CPU 512: APIC ID mismatch. CPUID: 0x0000 APIC: 0x0200
AMD64 Architecture Programmer's Manual Volume 2: System Programming Pub.
24593 Rev. 3.42 [2] Section 16.12 "x2APIC_ID" mentions the Extended
Enumeration leaf 0x8000001e (which was later superseded by the extended
leaf 0x80000026) provides the full x2APIC ID under all circumstances
unlike the one reported by CPUID leaf 0x8000001e EAX which depends on
the mode in which APIC is configured.
Rely on the APIC ID parsed during cpu_parse_topology_ext() from CPUID
leaf 0x80000026 or 0xb and only use the APIC ID from leaf 0x8000001e if
cpu_parse_topology_ext() failed (has_topoext is false).
On platforms that support the 0xb leaf (Zen2 or later, AMD guests on
QEMU) or the extended leaf 0x80000026 (Zen4 or later), the
"initial_apicid" is now set to the value parsed from EDX[31:0].
On older AMD/Hygon platforms that does not support the 0xb leaf but
supports the TOPOEXT extension (Fam 0x15, 0x16, 0x17[Zen1], and Hygon),
the current behavior is retained where "initial_apicid" is set using
the 0x8000001e leaf.
Cc: stable(a)vger.kernel.org
Link: https://github.com/qemu/qemu/commit/35ac5dfbcaa4b [1]
Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 [2]
Debugged-by: Naveen N Rao (AMD) <naveen(a)kernel.org>
Debugged-by: Sairaj Kodilkar <sarunkod(a)amd.com>
Fixes: c749ce393b8f ("x86/cpu: Use common topology code for AMD")
Suggested-by: Thomas Gleixner <tglx(a)linutronix.de>
Tested-by: Naveen N Rao (AMD) <naveen(a)kernel.org>
Signed-off-by: K Prateek Nayak <kprateek.nayak(a)amd.com>
---
Changelog v3..v4:
o Refreshed the diff based on Thomas' suggestion. The tags have been
retained since there are no functional changes - only comments around
the code has changed.
o Quoted relevant section of APM justifying the changes.
o Moved this patch up ahead.
o Cc'd stable.
---
arch/x86/kernel/cpu/topology_amd.c | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)
diff --git a/arch/x86/kernel/cpu/topology_amd.c b/arch/x86/kernel/cpu/topology_amd.c
index 843b1655ab45..827dd0dbb6e9 100644
--- a/arch/x86/kernel/cpu/topology_amd.c
+++ b/arch/x86/kernel/cpu/topology_amd.c
@@ -81,20 +81,25 @@ static bool parse_8000_001e(struct topo_scan *tscan, bool has_topoext)
cpuid_leaf(0x8000001e, &leaf);
- tscan->c->topo.initial_apicid = leaf.ext_apic_id;
-
/*
- * If leaf 0xb is available, then the domain shifts are set
- * already and nothing to do here. Only valid for family >= 0x17.
+ * If leaf 0xb/0x26 is available, then the APIC ID and the domain
+ * shifts are set already.
*/
- if (!has_topoext && tscan->c->x86 >= 0x17) {
+ if (!has_topoext) {
+ tscan->c->topo.initial_apicid = leaf.ext_apic_id;
+
/*
- * Leaf 0x80000008 set the CORE domain shift already.
- * Update the SMT domain, but do not propagate it.
+ * Leaf 0x8000008 sets the CORE domain shift but not the
+ * SMT domain shift. On CPUs with family >= 0x17, there
+ * might be hyperthreads.
*/
- unsigned int nthreads = leaf.core_nthreads + 1;
+ if (tscan->c->x86 >= 0x17) {
+ /* Update the SMT domain, but do not propagate it. */
+ unsigned int nthreads = leaf.core_nthreads + 1;
- topology_update_dom(tscan, TOPO_SMT_DOMAIN, get_count_order(nthreads), nthreads);
+ topology_update_dom(tscan, TOPO_SMT_DOMAIN,
+ get_count_order(nthreads), nthreads);
+ }
}
store_node(tscan, leaf.nnodes_per_socket + 1, leaf.node_id);
--
2.34.1
2 weeks, 3 days
- 2
- 2
[PATCH v11] Bluetooth: hci_qca: Fix SSR (SubSystem Restart) fail when BT_EN is pulled up by hw
by Shuai Zhang
When the host actively triggers SSR and collects coredump data,
the Bluetooth stack sends a reset command to the controller. However, due
to the inability to clear the QCA_SSR_TRIGGERED and QCA_IBS_DISABLED bits,
the reset command times out.
To address this, this patch clears the QCA_SSR_TRIGGERED and
QCA_IBS_DISABLED flags and adds a 50ms delay after SSR, but only when
HCI_QUIRK_NON_PERSISTENT_SETUP is not set. This ensures the controller
completes the SSR process when BT_EN is always high due to hardware.
For the purpose of HCI_QUIRK_NON_PERSISTENT_SETUP, please refer to
the comment in `include/net/bluetooth/hci.h`.
The HCI_QUIRK_NON_PERSISTENT_SETUP quirk is associated with BT_EN,
and its presence can be used to determine whether BT_EN is defined in DTS.
After SSR, host will not download the firmware, causing
controller to remain in the IBS_WAKE state. Host needs
to synchronize with the controller to maintain proper operation.
Multiple triggers of SSR only first generate coredump file,
due to memcoredump_flag no clear.
add clear coredump flag when ssr completed.
When the SSR duration exceeds 2 seconds, it triggers
host tx_idle_timeout, which sets host TX state to sleep. due to the
hardware pulling up bt_en, the firmware is not downloaded after the SSR.
As a result, the controller does not enter sleep mode. Consequently,
when the host sends a command afterward, it sends 0xFD to the controller,
but the controller does not respond, leading to a command timeout.
So reset tx_idle_timer after SSR to prevent host enter TX IBS_Sleep mode.
---
Changs since v10:
-- Update base patch to latest patch.
Changs since v8-v9:
-- Update base patch to latest patch.
-- add Cc stable(a)vger.kernel.org on signed-of.
Changes since v6-7:
- Merge the changes into a single patch.
- Update commit.
Changes since v1-5:
- Add an explanation for HCI_QUIRK_NON_PERSISTENT_SETUP.
- Add commments for msleep(50).
- Update format and commit.
Signed-off-by: Shuai Zhang <quic_shuaz(a)quicinc.com>
Cc: stable(a)vger.kernel.org
---
drivers/bluetooth/hci_qca.c | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
index 4cff4d9be..2d6560482 100644
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -1653,6 +1653,39 @@ static void qca_hw_error(struct hci_dev *hdev, u8 code)
skb_queue_purge(&qca->rx_memdump_q);
}
+ /*
+ * If the BT chip's bt_en pin is connected to a 3.3V power supply via
+ * hardware and always stays high, driver cannot control the bt_en pin.
+ * As a result, during SSR (SubSystem Restart), QCA_SSR_TRIGGERED and
+ * QCA_IBS_DISABLED flags cannot be cleared, which leads to a reset
+ * command timeout.
+ * Add an msleep delay to ensure controller completes the SSR process.
+ *
+ * Host will not download the firmware after SSR, controller to remain
+ * in the IBS_WAKE state, and the host needs to synchronize with it
+ *
+ * Since the bluetooth chip has been reset, clear the memdump state.
+ */
+ if (!hci_test_quirk(hu->hdev, HCI_QUIRK_NON_PERSISTENT_SETUP)) {
+ /*
+ * When the SSR (SubSystem Restart) duration exceeds 2 seconds,
+ * it triggers host tx_idle_delay, which sets host TX state
+ * to sleep. Reset tx_idle_timer after SSR to prevent
+ * host enter TX IBS_Sleep mode.
+ */
+ mod_timer(&qca->tx_idle_timer, jiffies +
+ msecs_to_jiffies(qca->tx_idle_delay));
+
+ /* Controller reset completion time is 50ms */
+ msleep(50);
+
+ clear_bit(QCA_SSR_TRIGGERED, &qca->flags);
+ clear_bit(QCA_IBS_DISABLED, &qca->flags);
+
+ qca->tx_ibs_state = HCI_IBS_TX_AWAKE;
+ qca->memdump_state = QCA_MEMDUMP_IDLE;
+ }
+
clear_bit(QCA_HW_ERROR_EVENT, &qca->flags);
}
--
2.34.1
2 weeks, 3 days
- 1
- 0
[PATCH v10] Bluetooth: hci_qca: Fix SSR (SubSystem Restart) fail when BT_EN is pulled up by hw
by Shuai Zhang
When the host actively triggers SSR and collects coredump data,
the Bluetooth stack sends a reset command to the controller. However, due
to the inability to clear the QCA_SSR_TRIGGERED and QCA_IBS_DISABLED bits,
the reset command times out.
To address this, this patch clears the QCA_SSR_TRIGGERED and
QCA_IBS_DISABLED flags and adds a 50ms delay after SSR, but only when
HCI_QUIRK_NON_PERSISTENT_SETUP is not set. This ensures the controller
completes the SSR process when BT_EN is always high due to hardware.
For the purpose of HCI_QUIRK_NON_PERSISTENT_SETUP, please refer to
the comment in `include/net/bluetooth/hci.h`.
The HCI_QUIRK_NON_PERSISTENT_SETUP quirk is associated with BT_EN,
and its presence can be used to determine whether BT_EN is defined in DTS.
After SSR, host will not download the firmware, causing
controller to remain in the IBS_WAKE state. Host needs
to synchronize with the controller to maintain proper operation.
Multiple triggers of SSR only first generate coredump file,
due to memcoredump_flag no clear.
add clear coredump flag when ssr completed.
When the SSR duration exceeds 2 seconds, it triggers
host tx_idle_timeout, which sets host TX state to sleep. due to the
hardware pulling up bt_en, the firmware is not downloaded after the SSR.
As a result, the controller does not enter sleep mode. Consequently,
when the host sends a command afterward, it sends 0xFD to the controller,
but the controller does not respond, leading to a command timeout.
So reset tx_idle_timer after SSR to prevent host enter TX IBS_Sleep mode.
---
Changs since v8-v9:
-- Update base patch to latest patch.
-- add Cc stable(a)vger.kernel.org on signed-of.
Changes since v6-7:
- Merge the changes into a single patch.
- Update commit.
Changes since v1-5:
- Add an explanation for HCI_QUIRK_NON_PERSISTENT_SETUP.
- Add commments for msleep(50).
- Update format and commit.
Signed-off-by: Shuai Zhang <quic_shuaz(a)quicinc.com>
Cc: stable(a)vger.kernel.org
---
drivers/bluetooth/hci_qca.c | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
index 4cff4d9be..97aaf4985 100644
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -1653,6 +1653,39 @@ static void qca_hw_error(struct hci_dev *hdev, u8 code)
skb_queue_purge(&qca->rx_memdump_q);
}
+ /*
+ * If the BT chip's bt_en pin is connected to a 3.3V power supply via
+ * hardware and always stays high, driver cannot control the bt_en pin.
+ * As a result, during SSR (SubSystem Restart), QCA_SSR_TRIGGERED and
+ * QCA_IBS_DISABLED flags cannot be cleared, which leads to a reset
+ * command timeout.
+ * Add an msleep delay to ensure controller completes the SSR process.
+ *
+ * Host will not download the firmware after SSR, controller to remain
+ * in the IBS_WAKE state, and the host needs to synchronize with it
+ *
+ * Since the bluetooth chip has been reset, clear the memdump state.
+ */
+ if (!test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks)) {
+ /*
+ * When the SSR (SubSystem Restart) duration exceeds 2 seconds,
+ * it triggers host tx_idle_delay, which sets host TX state
+ * to sleep. Reset tx_idle_timer after SSR to prevent
+ * host enter TX IBS_Sleep mode.
+ */
+ mod_timer(&qca->tx_idle_timer, jiffies +
+ msecs_to_jiffies(qca->tx_idle_delay));
+
+ /* Controller reset completion time is 50ms */
+ msleep(50);
+
+ clear_bit(QCA_SSR_TRIGGERED, &qca->flags);
+ clear_bit(QCA_IBS_DISABLED, &qca->flags);
+
+ qca->tx_ibs_state = HCI_IBS_TX_AWAKE;
+ qca->memdump_state = QCA_MEMDUMP_IDLE;
+ }
+
clear_bit(QCA_HW_ERROR_EVENT, &qca->flags);
}
--
2.34.1
2 weeks, 3 days
- 2
- 2
[PATCH v3] mm: slub: avoid wake up kswapd in set_track_prepare
by yangshiguang1011@163.com
From: yangshiguang <yangshiguang(a)xiaomi.com>
From: yangshiguang <yangshiguang(a)xiaomi.com>
set_track_prepare() can incur lock recursion.
The issue is that it is called from hrtimer_start_range_ns
holding the per_cpu(hrtimer_bases)[n].lock, but when enabled
CONFIG_DEBUG_OBJECTS_TIMERS, may wake up kswapd in set_track_prepare,
and try to hold the per_cpu(hrtimer_bases)[n].lock.
Avoid deadlock caused by implicitly waking up kswapd by
passing in allocation flags.
The oops looks something like:
BUG: spinlock recursion on CPU#3, swapper/3/0
lock: 0xffffff8a4bf29c80, .magic: dead4ead, .owner: swapper/3/0, .owner_cpu: 3
Hardware name: Qualcomm Technologies, Inc. Popsicle based on SM8850 (DT)
Call trace:
spin_bug+0x0
_raw_spin_lock_irqsave+0x80
hrtimer_try_to_cancel+0x94
task_contending+0x10c
enqueue_dl_entity+0x2a4
dl_server_start+0x74
enqueue_task_fair+0x568
enqueue_task+0xac
do_activate_task+0x14c
ttwu_do_activate+0xcc
try_to_wake_up+0x6c8
default_wake_function+0x20
autoremove_wake_function+0x1c
__wake_up+0xac
wakeup_kswapd+0x19c
wake_all_kswapds+0x78
__alloc_pages_slowpath+0x1ac
__alloc_pages_noprof+0x298
stack_depot_save_flags+0x6b0
stack_depot_save+0x14
set_track_prepare+0x5c
___slab_alloc+0xccc
__kmalloc_cache_noprof+0x470
__set_page_owner+0x2bc
post_alloc_hook[jt]+0x1b8
prep_new_page+0x28
get_page_from_freelist+0x1edc
__alloc_pages_noprof+0x13c
alloc_slab_page+0x244
allocate_slab+0x7c
___slab_alloc+0x8e8
kmem_cache_alloc_noprof+0x450
debug_objects_fill_pool+0x22c
debug_object_activate+0x40
enqueue_hrtimer[jt]+0xdc
hrtimer_start_range_ns+0x5f8
...
Signed-off-by: yangshiguang <yangshiguang(a)xiaomi.com>
Fixes: 5cf909c553e9 ("mm/slub: use stackdepot to save stack trace in objects")
Cc: stable(a)vger.kernel.org
---
v1 -> v2:
propagate gfp flags to set_track_prepare()
v2 -> v3:
Remove the gfp restriction in set_track_prepare()
[1]https://lore.kernel.org/all/20250801065121.876793-1-yangshiguang1011@163.…
[2]https://lore.kernel.org/all/20250814111641.380629-2-yangshiguang1011@163.…
---
mm/slub.c | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/mm/slub.c b/mm/slub.c
index 30003763d224..443411713e2f 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -962,19 +962,21 @@ static struct track *get_track(struct kmem_cache *s, void *object,
}
#ifdef CONFIG_STACKDEPOT
-static noinline depot_stack_handle_t set_track_prepare(void)
+static noinline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags)
{
depot_stack_handle_t handle;
unsigned long entries[TRACK_ADDRS_COUNT];
unsigned int nr_entries;
+ /* Preemption is disabled in ___slab_alloc() */
+ gfp_flags &= ~(__GFP_DIRECT_RECLAIM);
nr_entries = stack_trace_save(entries, ARRAY_SIZE(entries), 3);
- handle = stack_depot_save(entries, nr_entries, GFP_NOWAIT);
+ handle = stack_depot_save(entries, nr_entries, gfp_flags);
return handle;
}
#else
-static inline depot_stack_handle_t set_track_prepare(void)
+static inline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags)
{
return 0;
}
@@ -996,9 +998,9 @@ static void set_track_update(struct kmem_cache *s, void *object,
}
static __always_inline void set_track(struct kmem_cache *s, void *object,
- enum track_item alloc, unsigned long addr)
+ enum track_item alloc, unsigned long addr, gfp_t gfp_flags)
{
- depot_stack_handle_t handle = set_track_prepare();
+ depot_stack_handle_t handle = set_track_prepare(gfp_flags);
set_track_update(s, object, alloc, addr, handle);
}
@@ -1921,9 +1923,9 @@ static inline bool free_debug_processing(struct kmem_cache *s,
static inline void slab_pad_check(struct kmem_cache *s, struct slab *slab) {}
static inline int check_object(struct kmem_cache *s, struct slab *slab,
void *object, u8 val) { return 1; }
-static inline depot_stack_handle_t set_track_prepare(void) { return 0; }
+static inline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags) { return 0; }
static inline void set_track(struct kmem_cache *s, void *object,
- enum track_item alloc, unsigned long addr) {}
+ enum track_item alloc, unsigned long addr, gfp_t gfp_flags) {}
static inline void add_full(struct kmem_cache *s, struct kmem_cache_node *n,
struct slab *slab) {}
static inline void remove_full(struct kmem_cache *s, struct kmem_cache_node *n,
@@ -3878,7 +3880,7 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
* tracking info and return the object.
*/
if (s->flags & SLAB_STORE_USER)
- set_track(s, freelist, TRACK_ALLOC, addr);
+ set_track(s, freelist, TRACK_ALLOC, addr, gfpflags);
return freelist;
}
@@ -3910,7 +3912,7 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node,
goto new_objects;
if (s->flags & SLAB_STORE_USER)
- set_track(s, freelist, TRACK_ALLOC, addr);
+ set_track(s, freelist, TRACK_ALLOC, addr, gfpflags);
return freelist;
}
@@ -4422,7 +4424,7 @@ static noinline void free_to_partial_list(
depot_stack_handle_t handle = 0;
if (s->flags & SLAB_STORE_USER)
- handle = set_track_prepare();
+ handle = set_track_prepare(__GFP_NOWARN);
spin_lock_irqsave(&n->list_lock, flags);
--
2.43.0
2 weeks, 3 days
- 5
- 7
[tip: x86/urgent] x86/cpu/intel: Fix the constant_tsc model check for Pentium 4
by tip-bot2 for Suchit Karunakaran
The following commit has been merged into the x86/urgent branch of tip:
Commit-ID: 24963ae1b0b6596dc36e352c18593800056251d8
Gitweb: https://git.kernel.org/tip/24963ae1b0b6596dc36e352c18593800056251d8
Author: Suchit Karunakaran <suchitkarunakaran(a)gmail.com>
AuthorDate: Sat, 16 Aug 2025 12:21:26 +05:30
Committer: Dave Hansen <dave.hansen(a)linux.intel.com>
CommitterDate: Mon, 25 Aug 2025 08:23:37 -07:00
x86/cpu/intel: Fix the constant_tsc model check for Pentium 4
Pentium 4's which are INTEL_P4_PRESCOTT (model 0x03) and later have
a constant TSC. This was correctly captured until commit fadb6f569b10
("x86/cpu/intel: Limit the non-architectural constant_tsc model checks").
In that commit, an error was introduced while selecting the last P4
model (0x06) as the upper bound. Model 0x06 was transposed to
INTEL_P4_WILLAMETTE, which is just plain wrong. That was presumably a
simple typo, probably just copying and pasting the wrong P4 model.
Fix the constant TSC logic to cover all later P4 models. End at
INTEL_P4_CEDARMILL which accurately corresponds to the last P4 model.
Fixes: fadb6f569b10 ("x86/cpu/intel: Limit the non-architectural constant_tsc model checks")
Signed-off-by: Suchit Karunakaran <suchitkarunakaran(a)gmail.com>
Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com>
Reviewed-by: Sohil Mehta <sohil.mehta(a)intel.com>
Cc:stable@vger.kernel.org
Link: https://lore.kernel.org/all/20250816065126.5000-1-suchitkarunakaran%40gmail…
---
arch/x86/kernel/cpu/intel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 076eaa4..98ae4c3 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -262,7 +262,7 @@ static void early_init_intel(struct cpuinfo_x86 *c)
if (c->x86_power & (1 << 8)) {
set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC);
set_cpu_cap(c, X86_FEATURE_NONSTOP_TSC);
- } else if ((c->x86_vfm >= INTEL_P4_PRESCOTT && c->x86_vfm <= INTEL_P4_WILLAMETTE) ||
+ } else if ((c->x86_vfm >= INTEL_P4_PRESCOTT && c->x86_vfm <= INTEL_P4_CEDARMILL) ||
(c->x86_vfm >= INTEL_CORE_YONAH && c->x86_vfm <= INTEL_IVYBRIDGE)) {
set_cpu_cap(c, X86_FEATURE_CONSTANT_TSC);
}
2 weeks, 3 days
- 1
- 0
[PATCH V5 mm-hotfixes 2/3] mm: introduce and use {pgd,p4d}_populate_kernel()
by Harry Yoo
Introduce and use {pgd,p4d}_populate_kernel() in core MM code when
populating PGD and P4D entries for the kernel address space.
These helpers ensure proper synchronization of page tables when
updating the kernel portion of top-level page tables.
Until now, the kernel has relied on each architecture to handle
synchronization of top-level page tables in an ad-hoc manner.
For example, see commit 9b861528a801 ("x86-64, mem: Update all PGDs for
direct mapping and vmemmap mapping changes").
However, this approach has proven fragile for following reasons:
1) It is easy to forget to perform the necessary page table
synchronization when introducing new changes.
For instance, commit 4917f55b4ef9 ("mm/sparse-vmemmap: improve memory
savings for compound devmaps") overlooked the need to synchronize
page tables for the vmemmap area.
2) It is also easy to overlook that the vmemmap and direct mapping areas
must not be accessed before explicit page table synchronization.
For example, commit 8d400913c231 ("x86/vmemmap: handle unpopulated
sub-pmd ranges")) caused crashes by accessing the vmemmap area
before calling sync_global_pgds().
To address this, as suggested by Dave Hansen, introduce _kernel() variants
of the page table population helpers, which invoke architecture-specific
hooks to properly synchronize page tables. These are introduced in a new
header file, include/linux/pgalloc.h, so they can be called from common code.
They reuse existing infrastructure for vmalloc and ioremap.
Synchronization requirements are determined by ARCH_PAGE_TABLE_SYNC_MASK,
and the actual synchronization is performed by arch_sync_kernel_mappings().
This change currently targets only x86_64, so only PGD and P4D level
helpers are introduced. Currently, these helpers are no-ops since no
architecture sets PGTBL_{PGD,P4D}_MODIFIED in ARCH_PAGE_TABLE_SYNC_MASK.
In theory, PUD and PMD level helpers can be added later if needed by
other architectures. For now, 32-bit architectures (x86-32 and arm) only
handle PGTBL_PMD_MODIFIED, so p*d_populate_kernel() will never affect
them unless we introduce a PMD level helper.
Cc: <stable(a)vger.kernel.org>
Fixes: 8d400913c231 ("x86/vmemmap: handle unpopulated sub-pmd ranges")
Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com>
Acked-by: Kiryl Shutsemau <kas(a)kernel.org>
Reviewed-by: Mike Rapoport (Microsoft) <rppt(a)kernel.org>
Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com>
---
include/linux/pgalloc.h | 24 ++++++++++++++++++++++++
include/linux/pgtable.h | 13 +++++++------
mm/kasan/init.c | 12 ++++++------
mm/percpu.c | 6 +++---
mm/sparse-vmemmap.c | 6 +++---
5 files changed, 43 insertions(+), 18 deletions(-)
create mode 100644 include/linux/pgalloc.h
diff --git a/include/linux/pgalloc.h b/include/linux/pgalloc.h
new file mode 100644
index 000000000000..290ab864320f
--- /dev/null
+++ b/include/linux/pgalloc.h
@@ -0,0 +1,24 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _LINUX_PGALLOC_H
+#define _LINUX_PGALLOC_H
+
+#include <linux/pgtable.h>
+#include <asm/pgalloc.h>
+
+static inline void pgd_populate_kernel(unsigned long addr, pgd_t *pgd,
+ p4d_t *p4d)
+{
+ pgd_populate(&init_mm, pgd, p4d);
+ if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_PGD_MODIFIED)
+ arch_sync_kernel_mappings(addr, addr);
+}
+
+static inline void p4d_populate_kernel(unsigned long addr, p4d_t *p4d,
+ pud_t *pud)
+{
+ p4d_populate(&init_mm, p4d, pud);
+ if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_P4D_MODIFIED)
+ arch_sync_kernel_mappings(addr, addr);
+}
+
+#endif /* _LINUX_PGALLOC_H */
diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h
index ba699df6ef69..2b80fd456c8b 100644
--- a/include/linux/pgtable.h
+++ b/include/linux/pgtable.h
@@ -1469,8 +1469,8 @@ static inline void modify_prot_commit_ptes(struct vm_area_struct *vma, unsigned
/*
* Architectures can set this mask to a combination of PGTBL_P?D_MODIFIED values
- * and let generic vmalloc and ioremap code know when arch_sync_kernel_mappings()
- * needs to be called.
+ * and let generic vmalloc, ioremap and page table update code know when
+ * arch_sync_kernel_mappings() needs to be called.
*/
#ifndef ARCH_PAGE_TABLE_SYNC_MASK
#define ARCH_PAGE_TABLE_SYNC_MASK 0
@@ -1954,10 +1954,11 @@ static inline bool arch_has_pfn_modify_check(void)
/*
* Page Table Modification bits for pgtbl_mod_mask.
*
- * These are used by the p?d_alloc_track*() set of functions an in the generic
- * vmalloc/ioremap code to track at which page-table levels entries have been
- * modified. Based on that the code can better decide when vmalloc and ioremap
- * mapping changes need to be synchronized to other page-tables in the system.
+ * These are used by the p?d_alloc_track*() and p*d_populate_kernel()
+ * functions in the generic vmalloc, ioremap and page table update code
+ * to track at which page-table levels entries have been modified.
+ * Based on that the code can better decide when page table changes need
+ * to be synchronized to other page-tables in the system.
*/
#define __PGTBL_PGD_MODIFIED 0
#define __PGTBL_P4D_MODIFIED 1
diff --git a/mm/kasan/init.c b/mm/kasan/init.c
index ced6b29fcf76..8fce3370c84e 100644
--- a/mm/kasan/init.c
+++ b/mm/kasan/init.c
@@ -13,9 +13,9 @@
#include <linux/mm.h>
#include <linux/pfn.h>
#include <linux/slab.h>
+#include <linux/pgalloc.h>
#include <asm/page.h>
-#include <asm/pgalloc.h>
#include "kasan.h"
@@ -191,7 +191,7 @@ static int __ref zero_p4d_populate(pgd_t *pgd, unsigned long addr,
pud_t *pud;
pmd_t *pmd;
- p4d_populate(&init_mm, p4d,
+ p4d_populate_kernel(addr, p4d,
lm_alias(kasan_early_shadow_pud));
pud = pud_offset(p4d, addr);
pud_populate(&init_mm, pud,
@@ -212,7 +212,7 @@ static int __ref zero_p4d_populate(pgd_t *pgd, unsigned long addr,
} else {
p = early_alloc(PAGE_SIZE, NUMA_NO_NODE);
pud_init(p);
- p4d_populate(&init_mm, p4d, p);
+ p4d_populate_kernel(addr, p4d, p);
}
}
zero_pud_populate(p4d, addr, next);
@@ -251,10 +251,10 @@ int __ref kasan_populate_early_shadow(const void *shadow_start,
* puds,pmds, so pgd_populate(), pud_populate()
* is noops.
*/
- pgd_populate(&init_mm, pgd,
+ pgd_populate_kernel(addr, pgd,
lm_alias(kasan_early_shadow_p4d));
p4d = p4d_offset(pgd, addr);
- p4d_populate(&init_mm, p4d,
+ p4d_populate_kernel(addr, p4d,
lm_alias(kasan_early_shadow_pud));
pud = pud_offset(p4d, addr);
pud_populate(&init_mm, pud,
@@ -273,7 +273,7 @@ int __ref kasan_populate_early_shadow(const void *shadow_start,
if (!p)
return -ENOMEM;
} else {
- pgd_populate(&init_mm, pgd,
+ pgd_populate_kernel(addr, pgd,
early_alloc(PAGE_SIZE, NUMA_NO_NODE));
}
}
diff --git a/mm/percpu.c b/mm/percpu.c
index d9cbaee92b60..a56f35dcc417 100644
--- a/mm/percpu.c
+++ b/mm/percpu.c
@@ -3108,7 +3108,7 @@ int __init pcpu_embed_first_chunk(size_t reserved_size, size_t dyn_size,
#endif /* BUILD_EMBED_FIRST_CHUNK */
#ifdef BUILD_PAGE_FIRST_CHUNK
-#include <asm/pgalloc.h>
+#include <linux/pgalloc.h>
#ifndef P4D_TABLE_SIZE
#define P4D_TABLE_SIZE PAGE_SIZE
@@ -3134,13 +3134,13 @@ void __init __weak pcpu_populate_pte(unsigned long addr)
if (pgd_none(*pgd)) {
p4d = memblock_alloc_or_panic(P4D_TABLE_SIZE, P4D_TABLE_SIZE);
- pgd_populate(&init_mm, pgd, p4d);
+ pgd_populate_kernel(addr, pgd, p4d);
}
p4d = p4d_offset(pgd, addr);
if (p4d_none(*p4d)) {
pud = memblock_alloc_or_panic(PUD_TABLE_SIZE, PUD_TABLE_SIZE);
- p4d_populate(&init_mm, p4d, pud);
+ p4d_populate_kernel(addr, p4d, pud);
}
pud = pud_offset(p4d, addr);
diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c
index 41aa0493eb03..dbd8daccade2 100644
--- a/mm/sparse-vmemmap.c
+++ b/mm/sparse-vmemmap.c
@@ -27,9 +27,9 @@
#include <linux/spinlock.h>
#include <linux/vmalloc.h>
#include <linux/sched.h>
+#include <linux/pgalloc.h>
#include <asm/dma.h>
-#include <asm/pgalloc.h>
#include <asm/tlbflush.h>
#include "hugetlb_vmemmap.h"
@@ -229,7 +229,7 @@ p4d_t * __meminit vmemmap_p4d_populate(pgd_t *pgd, unsigned long addr, int node)
if (!p)
return NULL;
pud_init(p);
- p4d_populate(&init_mm, p4d, p);
+ p4d_populate_kernel(addr, p4d, p);
}
return p4d;
}
@@ -241,7 +241,7 @@ pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node)
void *p = vmemmap_alloc_block_zero(PAGE_SIZE, node);
if (!p)
return NULL;
- pgd_populate(&init_mm, pgd, p);
+ pgd_populate_kernel(addr, pgd, p);
}
return pgd;
}
--
2.43.0
2 weeks, 3 days
- 6
- 15
+ arm64-kexec-initialize-kexec_buf-struct-in-image_load.patch added to mm-hotfixes-unstable branch
by Andrew Morton
The patch titled
Subject: arm64: kexec: Initialize kexec_buf struct in image_load()
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
arm64-kexec-initialize-kexec_buf-struct-in-image_load.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Breno Leitao <leitao(a)debian.org>
Subject: arm64: kexec: Initialize kexec_buf struct in image_load()
Date: Tue, 26 Aug 2025 05:08:51 -0700
The kexec_buf structure was previously declared without initialization in
image_load(). This led to a UBSAN warning when the structure was expanded
and uninitialized fields were accessed [1].
Zero-initializing kexec_buf at declaration ensures all fields are cleanly
set, preventing future instances of uninitialized memory being used.
Fixes this UBSAN warning:
[ 32.362488] UBSAN: invalid-load in ./include/linux/kexec.h:210:10
[ 32.362649] load of value 252 is not a valid value for type '_Bool'
Andrew Morton suggested that this function is only called 3x a week[2],
thus, the memset() cost is inexpensive.
Link: https://lore.kernel.org/all/oninomspajhxp4omtdapxnckxydbk2nzmrix7rggmpukpnz… [1]
Link: https://lore.kernel.org/all/20250825180531.94bfb86a26a43127c0a1296f@linux-f… [2]
Link: https://lkml.kernel.org/r/20250826-akpm-v1-1-3c831f0e3799@debian.org
Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf randomly")
Signed-off-by: Breno Leitao <leitao(a)debian.org>
Suggested-by: Andrew Morton <akpm(a)linux-foundation.org>
Cc: Mark Rutland <mark.rutland(a)arm.com>
Cc: Baoquan He <bhe(a)redhat.com>
Cc: Coiby Xu <coxu(a)redhat.com>
Cc: "Daniel P. Berrange" <berrange(a)redhat.com>
Cc: Dave Hansen <dave.hansen(a)intel.com>
Cc: Dave Young <dyoung(a)redhat.com>
Cc: Kairui Song <ryncsn(a)gmail.com>
Cc: Liu Pingfan <kernelfans(a)gmail.com>
Cc: Milan Broz <gmazyland(a)gmail.com>
Cc: Ondrej Kozina <okozina(a)redhat.com>
Cc: Vitaly Kuznetsov <vkuznets(a)redhat.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
arch/arm64/kernel/kexec_image.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/arch/arm64/kernel/kexec_image.c~arm64-kexec-initialize-kexec_buf-struct-in-image_load
+++ a/arch/arm64/kernel/kexec_image.c
@@ -41,7 +41,7 @@ static void *image_load(struct kimage *i
struct arm64_image_header *h;
u64 flags, value;
bool be_image, be_kernel;
- struct kexec_buf kbuf;
+ struct kexec_buf kbuf = {};
unsigned long text_offset, kernel_segment_number;
struct kexec_segment *kernel_segment;
int ret;
_
Patches currently in -mm which might be from leitao(a)debian.org are
arm64-kexec-initialize-kexec_buf-struct-in-image_load.patch
2 weeks, 3 days
- 1
- 0
[to-be-updated] kexec-arm64-initialize-the-random-field-of-kbuf-to-zero-in-the-image-loader.patch removed from -mm tree
by Andrew Morton
The quilt patch titled
Subject: kexec/arm64: initialize the random field of kbuf to zero in the image loader
has been removed from the -mm tree. Its filename was
kexec-arm64-initialize-the-random-field-of-kbuf-to-zero-in-the-image-loader.patch
This patch was dropped because an updated version will be issued
------------------------------------------------------
From: Breno Leitao <leitao(a)debian.org>
Subject: kexec/arm64: initialize the random field of kbuf to zero in the image loader
Date: Thu Aug 21 04:11:21 2025 -0700
Add an explicit initialization for the random member of the kbuf structure
within the image_load function in arch/arm64/kernel/kexec_image.c.
Setting kbuf.random to zero ensures a deterministic and clean starting
state for the buffer used during kernel image loading, avoiding this UBSAN
issue later, when kbuf.random is read.
[ 32.362488] UBSAN: invalid-load in ./include/linux/kexec.h:210:10
[ 32.362649] load of value 252 is not a valid value for type '_Bool'
Link: https://lkml.kernel.org/r/oninomspajhxp4omtdapxnckxydbk2nzmrix7rggmpukpnzad…
Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf randomly")
Signed-off-by: Breno Leitao <leitao(a)debian.org>
Cc: Mark Rutland <mark.rutland(a)arm.com>
Cc: Baoquan He <bhe(a)redhat.com>
Cc: Coiby Xu <coxu(a)redhat.com>
Cc: "Daniel P. Berrange" <berrange(a)redhat.com>
Cc: Dave Hansen <dave.hansen(a)intel.com>
Cc: Dave Young <dyoung(a)redhat.com>
Cc: Kairui Song <ryncsn(a)gmail.com>
Cc: Liu Pingfan <kernelfans(a)gmail.com>
Cc: Milan Broz <gmazyland(a)gmail.com>
Cc: Ondrej Kozina <okozina(a)redhat.com>
Cc: Vitaly Kuznetsov <vkuznets(a)redhat.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
arch/arm64/kernel/kexec_image.c | 1 +
1 file changed, 1 insertion(+)
--- a/arch/arm64/kernel/kexec_image.c~kexec-arm64-initialize-the-random-field-of-kbuf-to-zero-in-the-image-loader
+++ a/arch/arm64/kernel/kexec_image.c
@@ -76,6 +76,7 @@ static void *image_load(struct kimage *i
kbuf.buf_min = 0;
kbuf.buf_max = ULONG_MAX;
kbuf.top_down = false;
+ kbuf.random = 0;
kbuf.buffer = kernel;
kbuf.bufsz = kernel_len;
_
Patches currently in -mm which might be from leitao(a)debian.org are
2 weeks, 3 days
- 1
- 0
[PATCH] net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions
by Fabio Porcedda
From: Fabio Porcedda <fabio.porcedda(a)gmail.com>
Add the following Telit Cinterion LE910C4-WWX new compositions:
0x1034: tty (AT) + tty (AT) + rmnet
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 8 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1bc7 ProdID=1034 Rev=00.00
S: Manufacturer=Telit
S: Product=LE910C4-WWX
S: SerialNumber=93f617e7
C: #Ifs= 3 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
0x1037: tty (diag) + tty (Telit custom) + tty (AT) + tty (AT) + rmnet
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 15 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1bc7 ProdID=1037 Rev=00.00
S: Manufacturer=Telit
S: Product=LE910C4-WWX
S: SerialNumber=93f617e7
C: #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=87(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
0x1038: tty (Telit custom) + tty (AT) + tty (AT) + rmnet
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 9 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1bc7 ProdID=1038 Rev=00.00
S: Manufacturer=Telit
S: Product=LE910C4-WWX
S: SerialNumber=93f617e7
C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=84(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=86(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
Cc: stable(a)vger.kernel.org
Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com>
---
drivers/net/usb/qmi_wwan.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/usb/qmi_wwan.c b/drivers/net/usb/qmi_wwan.c
index e56901bb6ebc..11352d85475a 100644
--- a/drivers/net/usb/qmi_wwan.c
+++ b/drivers/net/usb/qmi_wwan.c
@@ -1355,6 +1355,9 @@ static const struct usb_device_id products[] = {
{QMI_FIXED_INTF(0x2357, 0x0201, 4)}, /* TP-LINK HSUPA Modem MA180 */
{QMI_FIXED_INTF(0x2357, 0x9000, 4)}, /* TP-LINK MA260 */
{QMI_QUIRK_SET_DTR(0x1bc7, 0x1031, 3)}, /* Telit LE910C1-EUX */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1034, 2)}, /* Telit LE910C4-WWX */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1037, 4)}, /* Telit LE910C4-WWX */
+ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1038, 3)}, /* Telit LE910C4-WWX */
{QMI_QUIRK_SET_DTR(0x1bc7, 0x103a, 0)}, /* Telit LE910C4-WWX */
{QMI_QUIRK_SET_DTR(0x1bc7, 0x1040, 2)}, /* Telit LE922A */
{QMI_QUIRK_SET_DTR(0x1bc7, 0x1050, 2)}, /* Telit FN980 */
--
2.51.0
2 weeks, 3 days
- 2
- 1
[PATCH v5] mm: Fix possible deadlock in kmemleak
by Gu Bowen
There are some AA deadlock issues in kmemleak, similar to the situation
reported by Breno [1]. The deadlock path is as follows:
mem_pool_alloc()
-> raw_spin_lock_irqsave(&kmemleak_lock, flags);
-> pr_warn()
-> netconsole subsystem
-> netpoll
-> __alloc_skb
-> __create_object
-> raw_spin_lock_irqsave(&kmemleak_lock, flags);
To solve this problem, switch to printk_safe mode before printing warning
message, this will redirect all printk()-s to a special per-CPU buffer,
which will be flushed later from a safe context (irq work), and this
deadlock problem can be avoided. The proper API to use should be
printk_deferred_enter()/printk_deferred_exit() [2]. Another way is to
place the warn print after kmemleak is released.
[1]
https://lore.kernel.org/all/20250731-kmemleak_lock-v1-1-728fd470198f@debian…
[2]
https://lore.kernel.org/all/5ca375cd-4a20-4807-b897-68b289626550@redhat.com/
====================
Signed-off-by: Gu Bowen <gubowen5(a)huawei.com>
---
mm/kmemleak.c | 27 ++++++++++++++++++++-------
1 file changed, 20 insertions(+), 7 deletions(-)
diff --git a/mm/kmemleak.c b/mm/kmemleak.c
index 84265983f239..1ac56ceb29b6 100644
--- a/mm/kmemleak.c
+++ b/mm/kmemleak.c
@@ -437,9 +437,15 @@ static struct kmemleak_object *__lookup_object(unsigned long ptr, int alias,
else if (untagged_objp == untagged_ptr || alias)
return object;
else {
+ /*
+ * Printk deferring due to the kmemleak_lock held.
+ * This is done to avoid deadlock.
+ */
+ printk_deferred_enter();
kmemleak_warn("Found object by alias at 0x%08lx\n",
ptr);
dump_object_info(object);
+ printk_deferred_exit();
break;
}
}
@@ -736,6 +742,11 @@ static int __link_object(struct kmemleak_object *object, unsigned long ptr,
else if (untagged_objp + parent->size <= untagged_ptr)
link = &parent->rb_node.rb_right;
else {
+ /*
+ * Printk deferring due to the kmemleak_lock held.
+ * This is done to avoid deadlock.
+ */
+ printk_deferred_enter();
kmemleak_stop("Cannot insert 0x%lx into the object search tree (overlaps existing)\n",
ptr);
/*
@@ -743,6 +754,7 @@ static int __link_object(struct kmemleak_object *object, unsigned long ptr,
* be freed while the kmemleak_lock is held.
*/
dump_object_info(parent);
+ printk_deferred_exit();
return -EEXIST;
}
}
@@ -856,13 +868,8 @@ static void delete_object_part(unsigned long ptr, size_t size,
raw_spin_lock_irqsave(&kmemleak_lock, flags);
object = __find_and_remove_object(ptr, 1, objflags);
- if (!object) {
-#ifdef DEBUG
- kmemleak_warn("Partially freeing unknown object at 0x%08lx (size %zu)\n",
- ptr, size);
-#endif
+ if (!object)
goto unlock;
- }
/*
* Create one or two objects that may result from the memory block
@@ -882,8 +889,14 @@ static void delete_object_part(unsigned long ptr, size_t size,
unlock:
raw_spin_unlock_irqrestore(&kmemleak_lock, flags);
- if (object)
+ if (object) {
__delete_object(object);
+ } else {
+#ifdef DEBUG
+ kmemleak_warn("Partially freeing unknown object at 0x%08lx (size %zu)\n",
+ ptr, size);
+#endif
+ }
out:
if (object_l)
--
2.43.0
2 weeks, 3 days
- 5
- 4
[PATCH] btrfs: fix corruption reading compressed range when block size is smaller than page size
by Qu Wenruo
[BUG]
With 64K page size (aarch64 with 64K page size config) and 4K btrfs
block size, the following workload can easily lead to a corrupted read:
mkfs.btrfs -f -s 4k $dev > /dev/null
mount -o compress $dev $mnt
xfs_io -f -c "pwrite -S 0xff 0 64k" $mnt/base > /dev/null
echo "correct result:"
od -Ad -t x1 $mnt/base
xfs_io -f -c "reflink $mnt/base 32k 0 32k" \
-c "reflink $mnt/base 0 32k 32k" \
-c "pwrite -S 0xff 60k 4k" $mnt/new > /dev/null
echo "incorrect result:"
od -Ad -t x1 $mnt/new
umount $mnt
This shows the following result:
correct result:
0000000 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
*
0065536
incorrect result:
0000000 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
*
0032768 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*
0061440 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
*
0065536
Notice the zero in the range [32K, 60K), which is incorrect.
[CAUSE]
With extra trace printk, it shows the following events during od:
(some unrelated info removed like CPU and context)
od-3457 btrfs_do_readpage: enter r/i=5/258 folio=0(65536) prev_em_start=0000000000000000
The "r/i" is indicating the root and inode number. In our case the file
"new" is using ino 258 from fs tree (root 5).
Here notice the @prev_em_start pointer is NULL. This means the
btrfs_do_readpage() is called from btrfs_read_folio(), not from
btrfs_readahead().
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=0 got em start=0 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=4096 got em start=0 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=8192 got em start=0 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=12288 got em start=0 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=16384 got em start=0 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=20480 got em start=0 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=24576 got em start=0 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=28672 got em start=0 len=32768
These above 32K blocks will be read from the first half of the
compressed data extent.
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=32768 got em start=32768 len=32768
Note here there is no btrfs_submit_compressed_read() call. Which is
incorrect now.
Although both extent maps at 0 and 32K are pointing to the same compressed
data, their offsets are different thus can not be merged into the same
read.
So this means the compressed data read merge check is doing something
wrong.
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=36864 got em start=32768 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=40960 got em start=32768 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=45056 got em start=32768 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=49152 got em start=32768 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=53248 got em start=32768 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=57344 got em start=32768 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=61440 skip uptodate
od-3457 btrfs_submit_compressed_read: cb orig_bio: file off=0 len=61440
The function btrfs_submit_compressed_read() is only called at the end of
folio read. The compressed bio will only have an extent map of range [0,
32K), but the original bio passed in is for the whole 64K folio.
This will cause the decompression part to only fill the first 32K,
leaving the rest untouched (aka, filled with zero).
This incorrect compressed read merge leads to the above data corruption.
There were similar problems that happened in the past, commit 808f80b46790
("Btrfs: update fix for read corruption of compressed and shared
extents") is doing pretty much the same fix for readahead.
But that's back to 2015, where btrfs still only supports bs (block size)
== ps (page size) cases.
This means btrfs_do_readpage() only needs to handle a folio which
contains exactly one block.
Only btrfs_readahead() can lead to a read covering multiple blocks.
Thus only btrfs_readahead() passes a non-NULL @prev_em_start pointer.
With v5.15 kernel btrfs introduced bs < ps support. This breaks the above
assumption that a folio can only contain one block.
Now btrfs_read_folio() can also read multiple blocks in one go.
But btrfs_read_folio() doesn't pass a @prev_em_start pointer, thus the
existing bio force submission check will never be triggered.
In theory, this can also happen for btrfs with large folios, but since
large folio is still experimental, we don't need to bother it, thus only
bs < ps support is affected for now.
[FIX]
Instead of passing @prev_em_start to do the proper compressed extent
check, introduce one new member, btrfs_bio_ctrl::last_em_start, so that
the existing bio force submission logic will always be triggered.
CC: stable(a)vger.kernel.org # 5.15+
Reviewed-by: Filipe Manana <fdmanana(a)suse.com>
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
Signed-off-by: David Sterba <dsterba(a)suse.com>
---
Changelog:
v4:
- Minor grammar fixes
- Update the subject to reflect the bug better
This is the merged version inside for-next branch.
However for people who are not following our development branch but
still want to verify the incoming fstests test case, we need this fix
to be publicly avaiable. Newer minor changes will only be done inside
the development branch.
v3:
- Use a single btrfs_bio_ctrl::last_em_start
Since the existing prev_em_start is using U64_MAX as the initial value
to indicate no em hit yet, we can use the same logic, which saves
another 8 bytes from btrfs_bio_ctrl.
- Update the reproducer
Previously I failed to reproduce using a minimal workload.
As regular read from od/md5sum always trigger readahead thus not
hitting the @prev_em_start == NULL path.
Will send out a fstest case for it using the minimal reproducer.
But it will still need a 16K/64K page sized system to reproduce.
Fix the problem by doing an block aligned write into the folio, so
that the folio will be partially dirty and not go through the
readahead path.
- Update the analyze
This includes the trace events of the minimal reproducer, and
mentioning of previous similar fixes and why they do not work for
subpage cases.
- Update the CC tag
Since it's only affecting bs < ps cases (for non-experimental builds),
only need to fix kernels with subpage btrfs supports.
v2:
- Only save extent_map::start/len to save memory for btrfs_bio_ctrl
It's using on-stack memory which is very limited inside the kernel.
- Remove the commit message mentioning of clearing last saved em
Since we're using em::start/len, there is no need to clear them.
Either we hit the same em::start/len, meaning hitting the same extent
map, or we hit a different em, which will have a different start/len.
---
fs/btrfs/extent_io.c | 40 ++++++++++++++++++++++++++++++----------
1 file changed, 30 insertions(+), 10 deletions(-)
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index 426a6791a0b2..ca7174fa0240 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -131,6 +131,24 @@ struct btrfs_bio_ctrl {
*/
unsigned long submit_bitmap;
struct readahead_control *ractl;
+
+ /*
+ * The start offset of the last used extent map by a read operation.
+ *
+ * This is for proper compressed read merge.
+ * U64_MAX means we are starting the read and have made no progress yet.
+ *
+ * The current btrfs_bio_is_contig() only uses disk_bytenr as
+ * the condition to check if the read can be merged with previous
+ * bio, which is not correct. E.g. two file extents pointing to the
+ * same extent but with different offset.
+ *
+ * So here we need to do extra checks to only merge reads that are
+ * covered by the same extent map.
+ * Just extent_map::start will be enough, as they are unique
+ * inside the same inode.
+ */
+ u64 last_em_start;
};
/*
@@ -965,7 +983,7 @@ static void btrfs_readahead_expand(struct readahead_control *ractl,
* return 0 on success, otherwise return error
*/
static int btrfs_do_readpage(struct folio *folio, struct extent_map **em_cached,
- struct btrfs_bio_ctrl *bio_ctrl, u64 *prev_em_start)
+ struct btrfs_bio_ctrl *bio_ctrl)
{
struct inode *inode = folio->mapping->host;
struct btrfs_fs_info *fs_info = inode_to_fs_info(inode);
@@ -1076,12 +1094,11 @@ static int btrfs_do_readpage(struct folio *folio, struct extent_map **em_cached,
* non-optimal behavior (submitting 2 bios for the same extent).
*/
if (compress_type != BTRFS_COMPRESS_NONE &&
- prev_em_start && *prev_em_start != (u64)-1 &&
- *prev_em_start != em->start)
+ bio_ctrl->last_em_start != U64_MAX &&
+ bio_ctrl->last_em_start != em->start)
force_bio_submit = true;
- if (prev_em_start)
- *prev_em_start = em->start;
+ bio_ctrl->last_em_start = em->start;
em_gen = em->generation;
btrfs_free_extent_map(em);
@@ -1296,12 +1313,15 @@ int btrfs_read_folio(struct file *file, struct folio *folio)
const u64 start = folio_pos(folio);
const u64 end = start + folio_size(folio) - 1;
struct extent_state *cached_state = NULL;
- struct btrfs_bio_ctrl bio_ctrl = { .opf = REQ_OP_READ };
+ struct btrfs_bio_ctrl bio_ctrl = {
+ .opf = REQ_OP_READ,
+ .last_em_start = U64_MAX,
+ };
struct extent_map *em_cached = NULL;
int ret;
lock_extents_for_read(inode, start, end, &cached_state);
- ret = btrfs_do_readpage(folio, &em_cached, &bio_ctrl, NULL);
+ ret = btrfs_do_readpage(folio, &em_cached, &bio_ctrl);
btrfs_unlock_extent(&inode->io_tree, start, end, &cached_state);
btrfs_free_extent_map(em_cached);
@@ -2641,7 +2661,8 @@ void btrfs_readahead(struct readahead_control *rac)
{
struct btrfs_bio_ctrl bio_ctrl = {
.opf = REQ_OP_READ | REQ_RAHEAD,
- .ractl = rac
+ .ractl = rac,
+ .last_em_start = U64_MAX,
};
struct folio *folio;
struct btrfs_inode *inode = BTRFS_I(rac->mapping->host);
@@ -2649,12 +2670,11 @@ void btrfs_readahead(struct readahead_control *rac)
const u64 end = start + readahead_length(rac) - 1;
struct extent_state *cached_state = NULL;
struct extent_map *em_cached = NULL;
- u64 prev_em_start = (u64)-1;
lock_extents_for_read(inode, start, end, &cached_state);
while ((folio = readahead_folio(rac)) != NULL)
- btrfs_do_readpage(folio, &em_cached, &bio_ctrl, &prev_em_start);
+ btrfs_do_readpage(folio, &em_cached, &bio_ctrl);
btrfs_unlock_extent(&inode->io_tree, start, end, &cached_state);
--
2.50.1
2 weeks, 3 days
- 1
- 0
[PATCH wireless] wifi: mac80211: do not permit 40 MHz EHT operation on 5/6 GHz
by Miri Korenblit
From: Benjamin Berg <benjamin.berg(a)intel.com>
The EHT PHY requirements state that 80 MHz must be supported on the 5
and 6 GHz bands unless the STA is 20 MHz only. So if the channel width
is limited to 40 MHz on a band other than 2.4 GHz, then disable EHT and
downgrade to HE.
The primary case where this can happen is if the hardware disables
puncturing using IEEE80211_HW_DISALLOW_PUNCTURING.
Signed-off-by: Benjamin Berg <benjamin.berg(a)intel.com>
Cc: stable(a)vger.kernel.org
Reviewed-by: Johannes Berg <johannes.berg(a)intel.com>
Signed-off-by: Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
---
net/mac80211/mlme.c | 8 ++++++++
net/mac80211/tests/chan-mode.c | 30 +++++++++++++++++++++++++-----
2 files changed, 33 insertions(+), 5 deletions(-)
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 1008eb8e9b13..dd650a127a31 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1189,6 +1189,14 @@ ieee80211_determine_chan_mode(struct ieee80211_sub_if_data *sdata,
"required MCSes not supported, disabling EHT\n");
}
+ if (conn->mode >= IEEE80211_CONN_MODE_EHT &&
+ channel->band != NL80211_BAND_2GHZ &&
+ conn->bw_limit == IEEE80211_CONN_BW_LIMIT_40) {
+ conn->mode = IEEE80211_CONN_MODE_HE;
+ link_id_info(sdata, link_id,
+ "required bandwidth not supported, disabling EHT\n");
+ }
+
/* the mode can only decrease, so this must terminate */
if (ap_mode != conn->mode) {
kfree(elems);
diff --git a/net/mac80211/tests/chan-mode.c b/net/mac80211/tests/chan-mode.c
index 96c7b3ab2744..adc069065e73 100644
--- a/net/mac80211/tests/chan-mode.c
+++ b/net/mac80211/tests/chan-mode.c
@@ -2,7 +2,7 @@
/*
* KUnit tests for channel mode functions
*
- * Copyright (C) 2024 Intel Corporation
+ * Copyright (C) 2024-2025 Intel Corporation
*/
#include <net/cfg80211.h>
#include <kunit/test.h>
@@ -28,6 +28,10 @@ static const struct determine_chan_mode_case {
u8 vht_basic_mcs_1_4, vht_basic_mcs_5_8;
u8 he_basic_mcs_1_4, he_basic_mcs_5_8;
u8 eht_mcs7_min_nss;
+ u16 eht_disabled_subchannels;
+ u8 eht_bw;
+ enum ieee80211_conn_bw_limit conn_bw_limit;
+ enum ieee80211_conn_bw_limit expected_bw_limit;
int error;
} determine_chan_mode_cases[] = {
{
@@ -128,6 +132,14 @@ static const struct determine_chan_mode_case {
.conn_mode = IEEE80211_CONN_MODE_EHT,
.eht_mcs7_min_nss = 0x15,
.error = EINVAL,
+ }, {
+ .desc = "80 MHz EHT is downgraded to 40 MHz HE due to puncturing",
+ .conn_mode = IEEE80211_CONN_MODE_EHT,
+ .expected_mode = IEEE80211_CONN_MODE_HE,
+ .conn_bw_limit = IEEE80211_CONN_BW_LIMIT_80,
+ .expected_bw_limit = IEEE80211_CONN_BW_LIMIT_40,
+ .eht_disabled_subchannels = 0x08,
+ .eht_bw = IEEE80211_EHT_OPER_CHAN_WIDTH_80MHZ,
}
};
KUNIT_ARRAY_PARAM_DESC(determine_chan_mode, determine_chan_mode_cases, desc)
@@ -138,7 +150,7 @@ static void test_determine_chan_mode(struct kunit *test)
struct t_sdata *t_sdata = T_SDATA(test);
struct ieee80211_conn_settings conn = {
.mode = params->conn_mode,
- .bw_limit = IEEE80211_CONN_BW_LIMIT_20,
+ .bw_limit = params->conn_bw_limit,
};
struct cfg80211_bss cbss = {
.channel = &t_sdata->band_5ghz.channels[0],
@@ -191,14 +203,21 @@ static void test_determine_chan_mode(struct kunit *test)
0x7f, 0x01, 0x00, 0x88, 0x88, 0x88, 0x00, 0x00,
0x00,
/* EHT Operation */
- WLAN_EID_EXTENSION, 0x09, WLAN_EID_EXT_EHT_OPERATION,
- 0x01, params->eht_mcs7_min_nss ? params->eht_mcs7_min_nss : 0x11,
- 0x00, 0x00, 0x00, 0x00, 0x24, 0x00,
+ WLAN_EID_EXTENSION, 0x0b, WLAN_EID_EXT_EHT_OPERATION,
+ 0x03, params->eht_mcs7_min_nss ? params->eht_mcs7_min_nss : 0x11,
+ 0x00, 0x00, 0x00, params->eht_bw,
+ params->eht_bw == IEEE80211_EHT_OPER_CHAN_WIDTH_80MHZ ? 42 : 36,
+ 0x00,
+ u16_get_bits(params->eht_disabled_subchannels, 0xff),
+ u16_get_bits(params->eht_disabled_subchannels, 0xff00),
};
struct ieee80211_chan_req chanreq = {};
struct cfg80211_chan_def ap_chandef = {};
struct ieee802_11_elems *elems;
+ /* To force EHT downgrade to HE on punctured 80 MHz downgraded to 40 MHz */
+ set_bit(IEEE80211_HW_DISALLOW_PUNCTURING, t_sdata->local.hw.flags);
+
if (params->strict)
set_bit(IEEE80211_HW_STRICT, t_sdata->local.hw.flags);
else
@@ -237,6 +256,7 @@ static void test_determine_chan_mode(struct kunit *test)
} else {
KUNIT_ASSERT_NOT_ERR_OR_NULL(test, elems);
KUNIT_ASSERT_EQ(test, conn.mode, params->expected_mode);
+ KUNIT_ASSERT_EQ(test, conn.bw_limit, params->expected_bw_limit);
}
}
--
2.34.1
2 weeks, 3 days
- 3
- 2
[PATCH] arm64/boot: Zero-initialize idmap PGDs before use
by Sam Edwards
In early boot, Linux creates identity virtual->physical address mappings
so that it can enable the MMU before full memory management is ready.
To ensure some available physical memory to back these structures,
vmlinux.lds reserves some space (and defines marker symbols) in the
middle of the kernel image. However, because they are defined outside of
PROGBITS sections, they aren't pre-initialized -- at least as far as ELF
is concerned.
In the typical case, this isn't actually a problem: the boot image is
prepared with objcopy, which zero-fills the gaps, so these structures
are incidentally zero-initialized (an all-zeroes entry is considered
absent, so zero-initialization is appropriate).
However, that is just a happy accident: the `vmlinux` ELF output
authoritatively represents the state of memory at entry. If the ELF
says a region of memory isn't initialized, we must treat it as
uninitialized. Indeed, certain bootloaders (e.g. Broadcom CFE) ingest
the ELF directly -- sidestepping the objcopy-produced image entirely --
and therefore do not initialize the gaps. This results in the early boot
code crashing when it attempts to create identity mappings.
Therefore, add boot-time zero-initialization for the following:
- __pi_init_idmap_pg_dir..__pi_init_idmap_pg_end
- idmap_pg_dir
- reserved_pg_dir
- tramp_pg_dir # Already done, but this patch corrects the size
Note, swapper_pg_dir is already initialized (by copy from idmap_pg_dir)
before use, so this patch does not need to address it.
Cc: stable(a)vger.kernel.org
Signed-off-by: Sam Edwards <CFSworks(a)gmail.com>
---
arch/arm64/kernel/head.S | 12 ++++++++++++
arch/arm64/mm/mmu.c | 3 ++-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/arch/arm64/kernel/head.S b/arch/arm64/kernel/head.S
index ca04b338cb0d..0c3be11d0006 100644
--- a/arch/arm64/kernel/head.S
+++ b/arch/arm64/kernel/head.S
@@ -86,6 +86,18 @@ SYM_CODE_START(primary_entry)
bl record_mmu_state
bl preserve_boot_args
+ adrp x0, reserved_pg_dir
+ add x1, x0, #PAGE_SIZE
+0: str xzr, [x0], 8
+ cmp x0, x1
+ b.lo 0b
+
+ adrp x0, __pi_init_idmap_pg_dir
+ adrp x1, __pi_init_idmap_pg_end
+1: str xzr, [x0], 8
+ cmp x0, x1
+ b.lo 1b
+
adrp x1, early_init_stack
mov sp, x1
mov x29, xzr
diff --git a/arch/arm64/mm/mmu.c b/arch/arm64/mm/mmu.c
index 34e5d78af076..aaf823565a65 100644
--- a/arch/arm64/mm/mmu.c
+++ b/arch/arm64/mm/mmu.c
@@ -761,7 +761,7 @@ static int __init map_entry_trampoline(void)
pgprot_val(prot) &= ~PTE_NG;
/* Map only the text into the trampoline page table */
- memset(tramp_pg_dir, 0, PGD_SIZE);
+ memset(tramp_pg_dir, 0, PAGE_SIZE);
__create_pgd_mapping(tramp_pg_dir, pa_start, TRAMP_VALIAS,
entry_tramp_text_size(), prot,
pgd_pgtable_alloc_init_mm, NO_BLOCK_MAPPINGS);
@@ -806,6 +806,7 @@ static void __init create_idmap(void)
u64 end = __pa_symbol(__idmap_text_end);
u64 ptep = __pa_symbol(idmap_ptes);
+ memset(idmap_pg_dir, 0, PAGE_SIZE);
__pi_map_range(&ptep, start, end, start, PAGE_KERNEL_ROX,
IDMAP_ROOT_LEVEL, (pte_t *)idmap_pg_dir, false,
__phys_to_virt(ptep) - ptep);
--
2.49.1
2 weeks, 3 days
- 4
- 11
[PATCH net] ipv6: sr: fix destroy of seg6_hmac_info to prevent HMAC data leak
by Andrea Mayer
The seg6_hmac_info structure stores information related to SRv6 HMAC
configurations, including the secret key, HMAC ID, and hashing algorithm
used to authenticate and secure SRv6 packets.
When a seg6_hmac_info object is no longer needed, it is destroyed via
seg6_hmac_info_del(), which eventually calls seg6_hinfo_release(). This
function uses kfree_rcu() to safely deallocate memory after an RCU grace
period has elapsed.
The kfree_rcu() releases memory without sanitization (e.g., zeroing out
the memory). Consequently, sensitive information such as the HMAC secret
and its length may remain in freed memory, potentially leading to data
leaks.
To address this risk, we replaced kfree_rcu() with a custom RCU
callback, seg6_hinfo_free_callback_rcu(). Within this callback, we
explicitly sanitize the seg6_hmac_info object before deallocating it
safely using kfree_sensitive(). This approach ensures the memory is
securely freed and prevents potential HMAC info leaks.
Additionally, in the control path, we ensure proper cleanup of
seg6_hmac_info objects when seg6_hmac_info_add() fails: such objects are
freed using kfree_sensitive() instead of kfree().
Fixes: 4f4853dc1c9c ("ipv6: sr: implement API to control SR HMAC structure")
Fixes: bf355b8d2c30 ("ipv6: sr: add core files for SR HMAC support")
Cc: stable(a)vger.kernel.org
Signed-off-by: Andrea Mayer <andrea.mayer(a)uniroma2.it>
---
net/ipv6/seg6.c | 2 +-
net/ipv6/seg6_hmac.c | 10 +++++++++-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/net/ipv6/seg6.c b/net/ipv6/seg6.c
index 180da19c148c..88782bdab843 100644
--- a/net/ipv6/seg6.c
+++ b/net/ipv6/seg6.c
@@ -215,7 +215,7 @@ static int seg6_genl_sethmac(struct sk_buff *skb, struct genl_info *info)
err = seg6_hmac_info_add(net, hmackeyid, hinfo);
if (err)
- kfree(hinfo);
+ kfree_sensitive(hinfo);
out_unlock:
mutex_unlock(&sdata->lock);
diff --git a/net/ipv6/seg6_hmac.c b/net/ipv6/seg6_hmac.c
index fd58426f222b..19cdf3791ebf 100644
--- a/net/ipv6/seg6_hmac.c
+++ b/net/ipv6/seg6_hmac.c
@@ -57,9 +57,17 @@ static int seg6_hmac_cmpfn(struct rhashtable_compare_arg *arg, const void *obj)
return (hinfo->hmackeyid != *(__u32 *)arg->key);
}
+static void seg6_hinfo_free_callback_rcu(struct rcu_head *head)
+{
+ struct seg6_hmac_info *hinfo;
+
+ hinfo = container_of(head, struct seg6_hmac_info, rcu);
+ kfree_sensitive(hinfo);
+}
+
static inline void seg6_hinfo_release(struct seg6_hmac_info *hinfo)
{
- kfree_rcu(hinfo, rcu);
+ call_rcu(&hinfo->rcu, seg6_hinfo_free_callback_rcu);
}
static void seg6_free_hi(void *ptr, void *arg)
--
2.20.1
2 weeks, 3 days
- 3
- 3
[PATCH 6.15 000/515] 6.15.11-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.15.11 release.
There are 515 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 20 Aug 2025 12:43:43 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.11-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.15.11-rc1
Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com>
dm: split write BIOs on zone boundaries when zone append is not emulated
Frederic Weisbecker <frederic(a)kernel.org>
rcu: Fix racy re-initialization of irq_work causing hangs
Yu Kuai <yukuai3(a)huawei.com>
md: fix create on open mddev lifetime regression
Ivan Lipski <ivan.lipski(a)amd.com>
drm/amd/display: Allow DCN301 to clear update flags
Arnd Bergmann <arnd(a)arndb.de>
firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS
Jens Axboe <axboe(a)kernel.dk>
io_uring/rw: cast rw->flags assignment to rwf_t
Damien Le Moal <dlemoal(a)kernel.org>
ata: libata-sata: Add link_power_management_supported sysfs attribute
Baochen Qiang <quic_bqiang(a)quicinc.com>
wifi: ath12k: install pairwise key first
Aditya Garg <gargaditya08(a)live.com>
HID: magicmouse: avoid setting up battery timer when not needed
Sean Christopherson <seanjc(a)google.com>
KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap
Maxim Levitsky <mlevitsk(a)redhat.com>
KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs
Maxim Levitsky <mlevitsk(a)redhat.com>
KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter
Sean Christopherson <seanjc(a)google.com>
KVM: VMX: Extract checking of guest's DEBUGCTL into helper
Pedro Falcato <pfalcato(a)suse.de>
RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages
Willy Tarreau <w(a)1wt.eu>
tools/nolibc: fix spelling of FD_SETBITMASK in FD_* macros
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
tracing: fprobe: Fix infinite recursion using preempt_*_notrace()
Marek Szyprowski <m.szyprowski(a)samsung.com>
media: v4l2: Add support for NV12M tiled variants to v4l2_format_info()
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Do not mark valid metadata as invalid
Vedang Nagar <quic_vnagar(a)quicinc.com>
media: venus: Fix OOB read due to missing payload bound check
Youngjun Lee <yjjuny.lee(a)samsung.com>
media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
Breno Leitao <leitao(a)debian.org>
mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock
Waiman Long <longman(a)redhat.com>
mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup()
Kairui Song <kasong(a)tencent.com>
mm/shmem, swap: improve cached mTHP handling and fix potential hang
Anshuman Khandual <anshuman.khandual(a)arm.com>
mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()
David Hildenbrand <david(a)redhat.com>
mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud()
Vlastimil Babka <vbabka(a)suse.cz>
mm, slab: restore NUMA policy support for large kmalloc
Randy Dunlap <rdunlap(a)infradead.org>
parisc: Makefile: fix a typo in palo.conf
Haiyang Zhang <haiyangz(a)microsoft.com>
hv_netvsc: Fix panic during namespace deletion with VF
Davide Caratti <dcaratti(a)redhat.com>
net/sched: ets: use old 'nbands' while purging unused classes
Lizhi Xu <lizhi.xu(a)windriver.com>
ocfs2: reset folio to NULL when get folio fails
Randy Dunlap <rdunlap(a)infradead.org>
fbdev: nvidiafb: add depends on HAS_IOPORT
Sravan Kumar Gundu <sravankumarlpu(a)gmail.com>
fbdev: Fix vmalloc out-of-bounds write in fast_imageblit
Suren Baghdasaryan <surenb(a)google.com>
userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry
Andrey Albershteyn <aalbersh(a)redhat.com>
xfs: fix scrub trace with null pointer in quotacheck
Qu Wenruo <wqu(a)suse.com>
btrfs: do not allow relocation of partially dropped subvolumes
Boris Burkov <boris(a)bur.io>
btrfs: fix iteration bug in __qgroup_excl_accounting()
Qu Wenruo <wqu(a)suse.com>
btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents()
Naohiro Aota <naohiro.aota(a)wdc.com>
btrfs: zoned: do not select metadata BG as finish target
Filipe Manana <fdmanana(a)suse.com>
btrfs: error on missing block group when unaccounting log tree extent buffers
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix log tree replay failure due to file with 0 links and extents
Filipe Manana <fdmanana(a)suse.com>
btrfs: send: use fallocate for hole punching with send stream v2
Filipe Manana <fdmanana(a)suse.com>
btrfs: clear dirty status from extent buffer on error at insert_new_root()
Filipe Manana <fdmanana(a)suse.com>
btrfs: don't skip remaining extrefs if dir not found during log replay
Filipe Manana <fdmanana(a)suse.com>
btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled
Caleb Sander Mateos <csander(a)purestorage.com>
btrfs: don't skip accounting in early ENOTTY return in btrfs_uring_encoded_read()
Qu Wenruo <wqu(a)suse.com>
btrfs: populate otime when logging an inode item
Filipe Manana <fdmanana(a)suse.com>
btrfs: qgroup: fix race between quota disable and quota rescan ioctl
Boris Burkov <boris(a)bur.io>
btrfs: fix ssd_spread overallocation
Filipe Manana <fdmanana(a)suse.com>
btrfs: don't ignore inode missing when replaying log tree
Filipe Manana <fdmanana(a)suse.com>
btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations
Naohiro Aota <naohiro.aota(a)wdc.com>
btrfs: zoned: do not remove unwritten non-data block group
Naohiro Aota <naohiro.aota(a)wdc.com>
btrfs: zoned: requeue to unused block group list if zone finish failed
Filipe Manana <fdmanana(a)suse.com>
btrfs: abort transaction during log replay if walk_log_tree() failed
Johannes Thumshirn <johannes.thumshirn(a)wdc.com>
btrfs: zoned: use filesystem size not disk size for reclaim decision
Oliver Neukum <oneukum(a)suse.com>
cdc-acm: fix race between initial clearing halt and open
Sebastian Reichel <sebastian.reichel(a)collabora.com>
usb: typec: fusb302: cache PD RX state
Eric Biggers <ebiggers(a)kernel.org>
thunderbolt: Fix copy+paste error in match_service_id()
Ian Abbott <abbotti(a)mev.co.uk>
comedi: fix race between polling and detaching
Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz>
usb: typec: ucsi: Update power_supply on power role change
Ricky Wu <ricky_wu(a)realtek.com>
misc: rtsx: usb: Ensure mmc child device is active when card is present
Xinyu Liu <katieeliu(a)tencent.com>
usb: core: config: Prevent OOB read in SS endpoint companion parsing
Zhang Yi <yi.zhang(a)huawei.com>
ext4: initialize superblock fields in the kballoc-test.c kunit tests
Baokun Li <libaokun1(a)huawei.com>
ext4: fix largest free orders lists corruption on mb_optimize_scan switch
Baokun Li <libaokun1(a)huawei.com>
ext4: fix zombie groups in average fragment size lists
Jason Gunthorpe <jgg(a)ziepe.ca>
iommufd: Prevent ALIGN() overflow
Nicolin Chen <nicolinc(a)nvidia.com>
iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range
Alexey Klimov <alexey.klimov(a)linaro.org>
iommu/arm-smmu-qcom: Add SM6115 MDSS compatible
Lu Baolu <baolu.lu(a)linux.intel.com>
iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes
Shyam Prasad N <sprasad(a)microsoft.com>
cifs: reset iface weights when we cannot find a candidate
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
clk: qcom: dispcc-sm8750: Fix setting rate byte and pixel clocks
Christian Marangi <ansuelsmth(a)gmail.com>
clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src
Damien Le Moal <dlemoal(a)kernel.org>
dm: Always split write BIOs to zoned device limits
Damien Le Moal <dlemoal(a)kernel.org>
block: Introduce bio_needs_zone_write_plugging()
Bijan Tabatabai <bijantabatab(a)micron.com>
mm/damon/core: commit damos->target_nid
SeongJae Park <sj(a)kernel.org>
samples/damon/wsse: fix boot time enable handling
Miguel Ojeda <ojeda(a)kernel.org>
rust: workaround `rustdoc` target modifiers bug
Miguel Ojeda <ojeda(a)kernel.org>
rust: kbuild: clean output before running `rustdoc`
Jack Xiao <Jack.Xiao(a)amd.com>
drm/amdgpu: fix incorrect vm flags to map bo
YiPeng Chai <YiPeng.Chai(a)amd.com>
drm/amdgpu: fix vram reservation issue
Jouni Högander <jouni.hogander(a)intel.com>
drm/i915/psr: Do not trigger Frame Change events from frontbuffer flush
David Howells <dhowells(a)redhat.com>
cifs: Fix collect_sample() to handle any iterator type
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_sai: replace regmap_write with regmap_update_bits
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
scsi: lpfc: Remove redundant assignment to avoid memory leak
Meagan Lloyd <meaganlloyd(a)linux.microsoft.com>
rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Fix uninited ptr deref in block/scsi layout
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Handle RPC size limit for layoutcommits
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Fix disk addr range check in block/scsi layout
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Fix stripe mapping in block/scsi layout
John Garry <john.g.garry(a)oracle.com>
block: avoid possible overflow for chunk_sectors check in blk_stack_limits()
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix uninitialized pointer error in probe()
Buday Csaba <buday.csaba(a)prolan.hu>
net: phy: smsc: add proper reset flags for LAN8710A
Peter Jakubek <peterjakubek(a)gmail.com>
ASoC: Intel: sof_sdw: Add quirk for Alienware Area 51 (2025) 0CCC SKU
Thomas Croft <thomasmcft(a)gmail.com>
ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table
Yu Kuai <yukuai3(a)huawei.com>
lib/sbitmap: convert shallow_depth from one word to the whole sbitmap
Stefan Metzmacher <metze(a)samba.org>
smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection
Calvin Owens <calvin(a)wbinvd.org>
tools/power turbostat: Handle cap_get_proc() ENOSYS
Calvin Owens <calvin(a)wbinvd.org>
tools/power turbostat: Fix build with musl
Len Brown <len.brown(a)intel.com>
tools/power turbostat: Handle non-root legacy-uncore sysfs permissions
Corey Minyard <corey(a)minyard.net>
ipmi: Fix strcpy source and destination the same
Yann E. MORIN <yann.morin.1998(a)free.fr>
kconfig: lxdialog: fix 'space' to (de)select options
Masahiro Yamada <masahiroy(a)kernel.org>
kheaders: rebuild kheaders_data.tar.xz when a file is modified within a minute
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: gconf: fix potential memory leak in renderer_edited()
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed()
Breno Leitao <leitao(a)debian.org>
ipmi: Use dev_warn_ratelimited() for incorrect message warnings
Artem Sadovnikov <a.sadovnikov(a)ispras.ru>
vfio/mlx5: fix possible overflow in tracking max message size
John Garry <john.g.garry(a)oracle.com>
scsi: aacraid: Stop using PCI_IRQ_AFFINITY
Maurizio Lombardi <mlombard(a)redhat.com>
scsi: target: core: Generate correct identifiers for PR OUT transport IDs
Ranjan Kumar <ranjan.kumar(a)broadcom.com>
scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
Shankari Anand <shankari.ak0208(a)gmail.com>
kconfig: nconf: Ensure null termination where strncpy is used
Keith Busch <kbusch(a)kernel.org>
vfio/type1: conditional rescheduling while pinning
Suchit Karunakaran <suchitkarunakaran(a)gmail.com>
kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c
John Ogness <john.ogness(a)linutronix.de>
printk: nbcon: Allow reacquire during panic
Jaegeuk Kim <jaegeuk(a)kernel.org>
f2fs: check the generic conditions first
Yuezhang Mo <Yuezhang.Mo(a)sony.com>
exfat: add cluster chain loop check for dir
fangzhong.zhou <myth5(a)myth5.com>
i2c: Force DLL0945 touchpad i2c freq to 100khz
John Johansen <john.johansen(a)canonical.com>
apparmor: fix x_table_lookup when stacking is not the first entry
Mateusz Guzik <mjguzik(a)gmail.com>
apparmor: use the condition in AA_BUG_FMT even with debug disabled
Benjamin Marzinski <bmarzins(a)redhat.com>
dm-table: fix checking for rq stackable devices
Mikulas Patocka <mpatocka(a)redhat.com>
dm-mpath: don't print the "loaded" message if registering fails
Jorge Marques <jorge.marques(a)analog.com>
i3c: master: Initialize ret in i3c_i2c_notifier_call()
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i3c: don't fail if GETHDRCAP is unsupported
Gabriel Totev <gabriel.totev(a)zetier.com>
apparmor: shift ouid when mediating hard links in userns
Meagan Lloyd <meaganlloyd(a)linux.microsoft.com>
rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i3c: add missing include to internal header
Petr Pavlu <petr.pavlu(a)suse.com>
module: Prevent silent truncation of module name in delete_module(2)
Purva Yeshi <purvayeshi550(a)gmail.com>
md: dm-zoned-target: Initialize return variable r to avoid uninitialized use
Charles Keepax <ckeepax(a)opensource.cirrus.com>
soundwire: Move handle_nested_irq outside of sdw_dev_lock
Vijendar Mukunda <Vijendar.Mukunda(a)amd.com>
soundwire: amd: cancel pending slave status handling workqueue during remove sequence
Vijendar Mukunda <Vijendar.Mukunda(a)amd.com>
soundwire: amd: serialize amd manager resume sequence during pm_prepare
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
clk: renesas: rzg2l: Postpone updating priv->clks[]
Mario Limonciello <mario.limonciello(a)amd.com>
crypto: ccp - Add missing bootloader info reg for pspv6
Bharat Bhushan <bbhushan2(a)marvell.com>
crypto: octeontx2 - add timeout for load_fvc completion poll
chenchangcheng <chenchangcheng(a)kylinos.cn>
media: uvcvideo: Fix bandwidth issue for Alcor camera
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Set V4L2_CTRL_FLAG_DISABLED during queryctrl errors
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Add quirk for HP Webcam HD 2300
Alex Guo <alexguo1023(a)gmail.com>
media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
Alex Guo <alexguo1023(a)gmail.com>
media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
media: usb: hdpvr: disable zero-length read messages
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: tc358743: Increase FIFO trigger level to 374
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: tc358743: Return an appropriate colorspace from tc358743_set_fmt
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: tc358743: Check I2C succeeded during probe
Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com>
media: raspberrypi: cfe: Fix min_reqbufs_allocation
Cheick Traore <cheick.traore(a)foss.st.com>
pinctrl: stm32: Manage irq affinity settings
Damien Le Moal <dlemoal(a)kernel.org>
scsi: mpi3mr: Correctly handle ATA device errors
Francisco Gutierrez <frankramirez(a)google.com>
scsi: pm80xx: Free allocated tags after failure
Damien Le Moal <dlemoal(a)kernel.org>
scsi: mpt3sas: Correctly handle ATA device errors
Li Chen <chenl311(a)chinatelecom.cn>
HID: rate-limit hid_warn to prevent log flooding
Abel Vesa <abel.vesa(a)linaro.org>
power: supply: qcom_battmgr: Add lithium-polymer entry
Justin Tee <justin.tee(a)broadcom.com>
scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
Justin Tee <justin.tee(a)broadcom.com>
scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk
Arnd Bergmann <arnd(a)arndb.de>
RDMA/core: reduce stack using in nldev_stat_get_doit()
Yury Norov [NVIDIA] <yury.norov(a)gmail.com>
RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
Amelie Delaunay <amelie.delaunay(a)foss.st.com>
dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs
Johan Adolfsson <johan.adolfsson(a)axis.com>
leds: leds-lp50xx: Handle reg to get correct multi_index
Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se>
media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control
Daniel Scally <dan.scally(a)ideasonboard.com>
media: ipu-bridge: Add _HID for OV5670
Michal Wilczynski <m.wilczynski(a)samsung.com>
clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED
Dikshita Agarwal <quic_dikshita(a)quicinc.com>
media: iris: Add handling for corrupt and drop frames
Shiji Yang <yangshiji66(a)outlook.com>
MIPS: lantiq: falcon: sysctrl: fix request memory check logic
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
Markus Theil <theil.markus(a)gmail.com>
crypto: jitter - fix intermediary handling
Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com>
RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM
Hans de Goede <hdegoede(a)redhat.com>
media: hi556: Fix reset GPIO timings
Arnaud Lecomte <contact(a)arnaud-lcm.com>
jfs: upper bound check of tree index in dbAllocAG
Edward Adam Davis <eadavis(a)qq.com>
jfs: Regular file corruption check
Lizhi Xu <lizhi.xu(a)windriver.com>
jfs: truncate good inode pages when hard link is 0
jackysliu <1972843537(a)qq.com>
scsi: bfa: Double-free fix
Ziyan Fu <fuzy5(a)lenovo.com>
watchdog: iTCO_wdt: Report error if timeout configuration fails
Shiji Yang <yangshiji66(a)outlook.com>
MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free}
George Moussalem <george.moussalem(a)outlook.com>
clk: qcom: ipq5018: keep XO clock always on
Florin Leotescu <florin.leotescu(a)nxp.com>
hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state
Sebastian Reichel <sebastian.reichel(a)collabora.com>
watchdog: dw_wdt: Fix default timeout
Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com>
fs/orangefs: use snprintf() instead of sprintf()
Showrya M N <showrya(a)chelsio.com>
scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
Valmantas Paliksa <walmis(a)gmail.com>
phy: rockchip-pcie: Enable all four lanes if required
Geraldo Nascimento <geraldogabriel(a)gmail.com>
phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal
Chen-Yu Tsai <wens(a)csie.org>
mfd: axp20x: Set explicit ID for AXP313 regulator
Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org>
sphinx: kernel_abi: fix performance regression with O=<dir>
Pei Xiao <xiaopei01(a)kylinos.cn>
clk: tegra: periph: Fix error handling and resolve unsigned compare warning
Theodore Ts'o <tytso(a)mit.edu>
ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
Zhiqi Song <songzhiqi1(a)huawei.com>
crypto: hisilicon/hpre - fix dma unmap sequence
Yongzhen Zhang <zhangyongzhen(a)kylinos.cn>
fbdev: fix potential buffer overflow in do_register_framebuffer()
Paulo Alcantara <pc(a)manguebit.org>
smb: client: fix session setup against servers that require SPN
Pali Rohár <pali(a)kernel.org>
cifs: Fix calling CIFSFindFirst() for root path without msearch
Aaron Plattner <aplattner(a)nvidia.com>
watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition
Roman Li <Roman.Li(a)amd.com>
drm/amd/display: Disable dsc_power_gate for dcn314 by default
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd/display: Only finalize atomic_obj if it was initialized
Jason Wang <jasowang(a)redhat.com>
vhost: fail early when __vhost_add_used() fails
Will Deacon <will(a)kernel.org>
vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325
Joel Fernandes <joelagnelf(a)nvidia.com>
rcu: Fix rcu_read_unlock() deadloop due to IRQ work
Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com>
drm/ttm: Respect the shrinker core free target
Wayne Lin <Wayne.Lin(a)amd.com>
drm/amd/display: Avoid trying AUX transactions on disconnected ports
Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com>
drm/amd/display: Update DMCUB loading sequence for DCN3.5
Yonghong Song <yonghong.song(a)linux.dev>
selftests/bpf: Fix a user_ringbuf failure with arm64 64KB page size
Yonghong Song <yonghong.song(a)linux.dev>
selftests/bpf: Fix ringbuf/ringbuf_write test failure with arm64 64KB page size
Ihor Solodrai <isolodrai(a)meta.com>
bpf: Make reg_not_null() true for CONST_PTR_TO_MAP
Jakub Kicinski <kuba(a)kernel.org>
uapi: in6: restore visibility of most IPv6 socket options
Emily Deng <Emily.Deng(a)amd.com>
drm/ttm: Should to return the evict error
Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com>
drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range
Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com>
net: ncsi: Fix buffer overflow in fetching version id
Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com>
drm/xe: Make dma-fences compliant with the safe access rules
Shannon Nelson <shannon.nelson(a)amd.com>
ionic: clean dbpage in de-init
Thomas Fourier <fourier.thomas(a)gmail.com>
wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc()
Chih-Kang Chang <gary.chang(a)realtek.com>
wifi: rtw89: scan abort when assign/unassign_vif
Breno Leitao <leitao(a)debian.org>
ptp: Use ratelimite for freerun error message
Yuan Chen <chenyuan(a)kylinos.cn>
bpftool: Fix JSON writer resource leak in version command
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: prevent SWITCH_CTRL access on BCM5325
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: prevent DIS_LEARNING access on BCM5325
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: fix b53_imp_vlan_setup for BCM5325
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: ensure BCM5325 PHYs are enabled
Alok Tiwari <alok.a.tiwari(a)oracle.com>
gve: Return error for unknown admin queue command
Gal Pressman <gal(a)nvidia.com>
net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs
Gal Pressman <gal(a)nvidia.com>
net: vlan: Make is_vlan_dev() a stub when VLAN is not configured
ganglxie <ganglxie(a)amd.com>
drm/amdgpu: clear pa and mca record counter when resetting eeprom
Lijo Lazar <lijo.lazar(a)amd.com>
drm/amdgpu: Suspend IH during mode-2 reset
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd/display: Stop storing failures into adev->dm.cached_state
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual
Heiner Kallweit <hkallweit1(a)gmail.com>
dpaa_eth: don't use fixed_phy_change_carrier
Stanislaw Gruszka <stf_xl(a)wp.pl>
wifi: iwlegacy: Check rate_idx range after addition
Mark Rutland <mark.rutland(a)arm.com>
arm64: stacktrace: Check kretprobe_find_ret_addr() return value
Mina Almasry <almasrymina(a)google.com>
netmem: fix skb_frag_address_safe with unreadable skbs
Thomas Fourier <fourier.thomas(a)gmail.com>
powerpc: floppy: Add missing checks after DMA map
Karthikeyan Kathirvel <quic_kathirve(a)quicinc.com>
wifi: ath12k: Decrement TID on RX peer frag setup error handling
Raj Kumar Bhagat <quic_rajkbhag(a)quicinc.com>
wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0
Ching-Te Ku <ku920601(a)realtek.com>
wifi: rtw89: coex: Not to set slot duration to zero to avoid firmware issue
Thomas Fourier <fourier.thomas(a)gmail.com>
wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`.
Ramya Gnanasekar <ramya.gnanasekar(a)oss.qualcomm.com>
wifi: mac80211: update radar_required in channel context after channel switch
Alex Hung <alex.hung(a)amd.com>
drm/amd/display: Initialize mode_select to 0
Wen Chen <Wen.Chen3(a)amd.com>
drm/amd/display: Fix 'failed to blank crtc!'
Zqiang <qiang.zhang1211(a)gmail.com>
rcutorture: Fix rcutorture_one_extend_check() splat in RT kernels
Pagadala Yesu Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com>
wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect
Johannes Berg <johannes.berg(a)intel.com>
wifi: iwlwifi: mld: fix last_mlo_scan_time type
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: iwlwifi: mld: don't exit EMLSR when we shouldn't
Rand Deeb <rand.sec96(a)gmail.com>
wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()
Nathan Lynch <nathan.lynch(a)amd.com>
lib: packing: Include necessary headers
Hari Chandrakanthan <quic_haric(a)quicinc.com>
wifi: ath12k: Fix station association with MBSSID Non-TX BSS
Sarika Sharma <quic_sarishar(a)quicinc.com>
wifi: ath12k: Add memset and update default rate value in wmi tx completion
Andy Yan <andy.yan(a)rock-chips.com>
drm/panel: raydium-rm67200: Move initialization from enable() to prepare stage
Kang Yang <kang.yang(a)oss.qualcomm.com>
wifi: ath10k: shutdown driver when hardware is unreliable
Peichen Huang <PeiChen.Huang(a)amd.com>
drm/amd/display: add null check
Ilya Bakoulin <Ilya.Bakoulin(a)amd.com>
drm/amd/display: Separate set_gsl from set_gsl_source_select
Xiang Liu <xiang.liu(a)amd.com>
drm/amdgpu: Use correct severity for BP threshold exceed event
Jonas Rebmann <jre(a)pengutronix.de>
net: fec: allow disable coalescing
RubenKelevra <rubenkelevra(a)gmail.com>
net: ieee8021q: fix insufficient table-size assertion
Li Chen <chenl311(a)chinatelecom.cn>
ACPI: Suppress misleading SPCR console message when SPCR table is absent
Eric Work <work.eric(a)gmail.com>
net: atlantic: add set_power to fw_ops for atl2 to fix wol
Aakash Kumar S <saakashkumar(a)marvell.com>
xfrm: Duplicate SPI Handling
zhangjianrong <zhangjianrong5(a)huawei.com>
net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths()
zhangjianrong <zhangjianrong5(a)huawei.com>
net: thunderbolt: Enable end-to-end flow control also in transmit
Matt Roper <matthew.d.roper(a)intel.com>
drm/xe/xe_query: Use separate iterator while filling GT list
Mark Brown <broonie(a)kernel.org>
kselftest/arm64: Specify SVE data when testing VL set in sve-ptrace
David Bauer <mail(a)david-bauer.net>
wifi: mt76: mt7915: mcu: increase eeprom command timeout
David Bauer <mail(a)david-bauer.net>
wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch
Bitterblue Smith <rtl8821cerfe2(a)gmail.com>
wifi: rtw89: Disable deep power saving for USB/SDIO
Bitterblue Smith <rtl8821cerfe2(a)gmail.com>
wifi: rtw89: Fix rtw89_mac_power_switch() for USB
Alessio Belle <alessio.belle(a)imgtec.com>
drm/imagination: Clear runtime PM errors while resetting the GPU
Robin Murphy <robin.murphy(a)arm.com>
perf/arm: Add missing .suppress_bind_attrs
Yuan Chen <chenyuan(a)kylinos.cn>
drm/msm: Add error handling for krealloc in metadata setup
Rob Clark <robdclark(a)chromium.org>
drm/msm: use trylock for debugfs
Rob Clark <robin.clark(a)oss.qualcomm.com>
drm/msm: Update register xml
Thierry Reding <treding(a)nvidia.com>
drm/fbdev-client: Skip DRM clients if modesetting is absent
Felix Fietkau <nbd(a)nbd.name>
wifi: mt76: fix vif link allocation
Lorenzo Bianconi <lorenzo(a)kernel.org>
wifi: mt76: mt7996: Fix mlink lookup in mt7996_tx_prepare_skb
Hari Chandrakanthan <quic_haric(a)quicinc.com>
wifi: mac80211: fix rx link assignment for non-MLO stations
Zqiang <qiang.zhang1211(a)gmail.com>
rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access
Kuniyuki Iwashima <kuniyu(a)google.com>
ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc().
Thomas Fourier <fourier.thomas(a)gmail.com>
(powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer
Heiko Carstens <hca(a)linux.ibm.com>
s390/early: Copy last breaking event address to pt_regs
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: mac80211: avoid weird state in error path
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't complete management TX on SAE commit
Chris Mason <clm(a)fb.com>
sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails
Nam Cao <namcao(a)linutronix.de>
rv: Add #undef TRACE_INCLUDE_FILE
Kamil Horák - 2N <kamilh(a)axis.com>
net: phy: bcm54811: PHY initialization
Sven Schnelle <svens(a)linux.ibm.com>
s390/stp: Remove udelay from stp_sync_clock()
Philipp Stanner <phasta(a)kernel.org>
drm/sched: Avoid memory leaks with cancel_job() callback
Avraham Stern <avraham.stern(a)intel.com>
wifi: iwlwifi: mvm: fix scan request validation
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
um: Re-evaluate thread flags repeatedly
Avraham Stern <avraham.stern(a)intel.com>
wifi: iwlwifi: mld: fix scan request validation
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: iwlwifi: mvm: set gtk id also in older FWs
Paul Chaignon <paul.chaignon(a)gmail.com>
bpf: Forget ranges when refining tnum after JSET
Juri Lelli <juri.lelli(a)redhat.com>
sched/deadline: Fix accounting after global limits change
Alok Tiwari <alok.a.tiwari(a)oracle.com>
perf/cxlpmu: Remove unintended newline from IRQ name format string
Biju Das <biju.das.jz(a)bp.renesas.com>
net: phy: micrel: Add ksz9131_resume()
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: thunderx: Fix format-truncation warning in bgx_acpi_match_id()
Oscar Maes <oscmaes92(a)gmail.com>
net: ipv4: fix incorrect MTU in broadcast routes
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't unreserve never reserved chanctx
Ilan Peer <ilan.peer(a)intel.com>
wifi: cfg80211: Fix interface type validation
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: mac80211: handle WLAN_HT_ACTION_NOTIFY_CHANWIDTH async
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't use TPE data from assoc response
Matt Johnston <matt(a)codeconstruct.com.au>
net: mctp: Prevent duplicate binds
Vincent Mailhol <mailhol.vincent(a)wanadoo.fr>
can: ti_hecc: fix -Woverflow compiler warning
Charlene Liu <Charlene.Liu(a)amd.com>
drm/amd/display: limit clear_update_flags to dcn32 and above
Paul E. McKenney <paulmck(a)kernel.org>
rcu: Protect ->defer_qs_iw_pending from data race
Umio Yasuno <coelacanth_dream(a)protonmail.com>
drm/amd/pm: fix null pointer access
Breno Leitao <leitao(a)debian.org>
arm64: Mark kernel as tainted on SAE and SError panic
Jack Ping CHNG <jchng(a)maxlinear.com>
net: pcs: xpcs: mask readl() return value to 16 bits
Leon Romanovsky <leon(a)kernel.org>
net/mlx5e: Properly access RCU protected qdisc_sleeping variable
Thomas Fourier <fourier.thomas(a)gmail.com>
net: ag71xx: Add missing check after DMA map
Thomas Fourier <fourier.thomas(a)gmail.com>
et131x: Add missing check after DMA map
Bitterblue Smith <rtl8821cerfe2(a)gmail.com>
wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB
Chin-Yen Lee <timlee(a)realtek.com>
wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode
Matteo Croce <teknoraver(a)meta.com>
libbpf: Fix warning in calloc() usage
Ahmed Zaki <ahmed.zaki(a)intel.com>
idpf: preserve coalescing settings across resets
Eduard Zingerman <eddyz87(a)gmail.com>
libbpf: Verify that arena map exists when adding arena relocations
Alok Tiwari <alok.a.tiwari(a)oracle.com>
be2net: Use correct byte order and format string for TCP seq and ack_seq
Sven Schnelle <svens(a)linux.ibm.com>
s390/time: Use monotonic clock in get_cycles()
Sven Schnelle <svens(a)linux.ibm.com>
s390/sclp: Use monotonic clock in sclp_sync_wait()
Johannes Berg <johannes.berg(a)intel.com>
wifi: cfg80211: reject HTC bit for management frames
Steven Rostedt <rostedt(a)goodmis.org>
ktest.pl: Prevent recursion of default variable options
Sarika Sharma <quic_sarishar(a)quicinc.com>
wifi: ath12k: Correct tid cleanup when tid setup fails
Oliver Neukum <oneukum(a)suse.com>
net: usb: cdc-ncm: check for filtering capability
Avraham Stern <avraham.stern(a)intel.com>
wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn
Avraham Stern <avraham.stern(a)intel.com>
wifi: iwlwifi: mld: avoid outdated reorder buffer head_sn
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: iwlwifi: mld: use spec link id and not FW link id
Anthoine Bourgeois <anthoine.bourgeois(a)vates.tech>
xen/netfront: Fix TX response spurious interrupts
Uwe Kleine-König <ukleinek(a)debian.org>
Bluetooth: btusb: Add support for variant of RTL8851BE (USB ID 13d3:3601)
Zijun Hu <zijun.hu(a)oss.qualcomm.com>
Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie()
Yang Li <yang.li(a)amlogic.com>
Bluetooth: hci_event: Add support for handling LE BIG Sync Lost event
En-Wei Wu <en-wei.wu(a)canonical.com>
Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925
Ben Hutchings <benh(a)debian.org>
bootconfig: Fix unaligned access when building footer
Nam Cao <namcao(a)linutronix.de>
verification/dot2k: Make a separate dot2k_templates/Kconfig_container
Steven Rostedt <rostedt(a)goodmis.org>
powerpc/thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
selftests: netfilter: Enable CONFIG_INET_SCTP_DIAG
Florian Westphal <fw(a)strlen.de>
netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps
Srinivas Kandagatla <srini(a)kernel.org>
ASoC: qcom: use drvdata instead of component to keep id
Xinxin Wan <xinxin.wan(a)intel.com>
ASoC: codecs: rt5640: Retry DEVICE_ID verification
Jonathan Santos <Jonathan.Santos(a)analog.com>
iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement
Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com>
ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
Christophe Leroy <christophe.leroy(a)csgroup.eu>
ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop
Lucy Thrun <lucy.thrun(a)digital-rabbithole.de>
ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
Tomasz Michalec <tmichalec(a)google.com>
platform/chrome: cros_ec_typec: Defer probe on missing EC parent
Kees Cook <kees(a)kernel.org>
platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches
Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com>
soc: qcom: mdt_loader: Actually use the e_phoff
Krzysztof Hałasa <khalasa(a)piap.pl>
imx8m-blk-ctrl: set ISI panic write hurry level
Gautham R. Shenoy <gautham.shenoy(a)amd.com>
pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()
Radhey Shyam Pandey <radhey.shyam.pandey(a)amd.com>
usb: dwc3: xilinx: add shutdown callback
Oliver Neukum <oneukum(a)suse.com>
usb: core: usb_submit_urb: downgrade type check
Tomasz Michalec <tmichalec(a)google.com>
usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present
Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com>
ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
Joseph Tilahun <jtilahun(a)astranis.com>
tty: serial: fix print format specifiers
Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com>
ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode
Markus Stockhausen <markus.stockhausen(a)gmx.de>
irqchip/mips-gic: Allow forced affinity
Alok Tiwari <alok.a.tiwari(a)oracle.com>
ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4
Mark Brown <broonie(a)kernel.org>
ASoC: hdac_hdmi: Rate limit logging on connection and disconnection
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/bugs: Avoid warning when overriding return thunk
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda: Disable jack polling at shutdown
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda: Handle the jack polling always via a work
Gwendal Grignou <gwendal(a)chromium.org>
platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready
Ulf Hansson <ulf.hansson(a)linaro.org>
mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()
Hans de Goede <hansg(a)kernel.org>
mei: bus: Check for still connected devices in mei_cl_bus_dev_release()
Zijun Hu <zijun.hu(a)oss.qualcomm.com>
char: misc: Fix improper and inaccurate error code returned by misc_init()
Charles Keepax <ckeepax(a)opensource.cirrus.com>
ASoC: SDCA: Add flag for unused IRQs
Peter Robinson <pbrobinson(a)gmail.com>
reset: brcmstb: Enable reset drivers for ARCH_BCM2835
Eliav Farber <farbere(a)amazon.com>
pps: clients: gpio: fix interrupt handling order in remove path
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
selftests: vDSO: vdso_test_getrandom: Always print TAP header
Biju Das <biju.das.jz(a)bp.renesas.com>
irqchip/renesas-rzv2h: Enable SKIP_SET_WAKE and MASK_ON_SUSPEND
Breno Leitao <leitao(a)debian.org>
ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
Sarthak Garg <quic_sartgarg(a)quicinc.com>
mmc: sdhci-msm: Ensure SD card power isn't ON when card removed
Sebastian Ott <sebott(a)redhat.com>
ACPI: processor: fix acpi_object initialization
tuhaowen <tuhaowen(a)uniontech.com>
PM: sleep: console: Fix the black screen issue
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
thermal: sysfs: Return ENODATA instead of EAGAIN for reads
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit()
GalaxySnail <me(a)glxys.nl>
ALSA: hda: add MODULE_FIRMWARE for cs35l41/cs35l56
Thierry Reding <treding(a)nvidia.com>
firmware: tegra: Fix IVC dependency problems
Peng Fan <peng.fan(a)nxp.com>
firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume
Zhu Qiyu <qiyuzhu2(a)amd.com>
ACPI: PRM: Reduce unnecessary printing to avoid user confusion
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
selftests: tracing: Use mutex_unlock for testing glob filter
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
tools/build: Fix s390(x) cross-compilation with clang
Aaron Kling <webgeek1234(a)gmail.com>
ARM: tegra: Use I/O memcpy to write to IRAM
Michael Walle <mwalle(a)kernel.org>
mfd: tps6594: Add TI TPS652G1 support
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
gpio: tps65912: check the return value of regmap_update_bits()
David Lechner <dlechner(a)baylibre.com>
iio: adc: ad_sigma_delta: don't overallocate scan buffer
Thomas Weißschuh <linux(a)weissschuh.net>
tools/nolibc: define time_t in terms of __kernel_old_time_t
David Collins <david.collins(a)oss.qualcomm.com>
thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required
Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com>
ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed
Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com>
EDAC/synopsys: Clear the ECC counters on init
Lifeng Zheng <zhenglifeng1(a)huawei.com>
PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store()
Alexander Kochetkov <al.kochet(a)gmail.com>
ARM: rockchip: fix kernel hang during smp initialization
Li RongQing <lirongqing(a)baidu.com>
cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode
Lifeng Zheng <zhenglifeng1(a)huawei.com>
cpufreq: Exit governor when failed to start old governor
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
gpio: wcd934x: check the return value of regmap_update_bits()
Guillaume La Roque <glaroque(a)baylibre.com>
pmdomain: ti: Select PM_GENERIC_DOMAINS
André Draszik <andre.draszik(a)linaro.org>
usb: typec: tcpm/tcpci_maxim: fix irq wake usage
Jameson Thies <jthies(a)google.com>
usb: typec: ucsi: Add poll_cci operation to cros_ec_ucsi
Binbin Zhou <zhoubinbin(a)loongson.cn>
gpio: loongson-64bit: Extend GPIO irq support
Tiffany Yang <ynaffit(a)google.com>
binder: Fix selftest page indexing
Hiago De Franco <hiago.franco(a)toradex.com>
remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU
Shuai Xue <xueshuai(a)linux.alibaba.com>
ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered
Maulik Shah <maulik.shah(a)oss.qualcomm.com>
soc: qcom: rpmh-rsc: Add RSC version 4 support
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
firmware: qcom: scm: initialize tzmem before marking SCM as available
Mario Limonciello <mario.limonciello(a)amd.com>
usb: xhci: Avoid showing errors during surprise removal
Jay Chen <shawn2000100(a)gmail.com>
usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command
Mario Limonciello <mario.limonciello(a)amd.com>
usb: xhci: Avoid showing warnings for dying controller
Vivek Pernamitta <quic_vpernami(a)quicinc.com>
bus: mhi: host: pci_generic: Disable runtime PM for QDU100
Daniele Palmas <dnlplm(a)gmail.com>
bus: mhi: host: pci_generic: Add Telit FN990B40 modem support
Benson Leung <bleung(a)chromium.org>
usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default
Cynthia Huang <cynthia(a)andestech.com>
selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t
Prashant Malani <pmalani(a)google.com>
cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag
Mario Limonciello <mario.limonciello(a)amd.com>
platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list
Dave Penkler <dpenkler(a)gmail.com>
staging: gpib: Add init response codes for new ni-usb-hs+
Su Hui <suhui(a)nfschina.com>
usb: xhci: print xhci->xhc_state when queue_command failed
Steven Rostedt <rostedt(a)goodmis.org>
tracefs: Add d_delete to remove negative dentries
Al Viro <viro(a)zeniv.linux.org.uk>
securityfs: don't pin dentries twice, once is enough...
Al Viro <viro(a)zeniv.linux.org.uk>
fix locking in efi_secret_unlink()
Wei Gao <wegao(a)suse.com>
ext2: Handle fiemap on empty files to prevent EINVAL
Al Viro <viro(a)zeniv.linux.org.uk>
landlock: opened file never has a negative dentry
Christian Brauner <brauner(a)kernel.org>
pidfs: raise SB_I_NODEV and SB_I_NOEXEC
Xiao Ni <xni(a)redhat.com>
md: Don't clear MD_CLOSING until mddev is freed
Rong Zhang <ulin0208(a)gmail.com>
fs/ntfs3: correctly create symlink for relative path
Lizhi Xu <lizhi.xu(a)windriver.com>
fs/ntfs3: Add sanity check for file name
Damien Le Moal <dlemoal(a)kernel.org>
ata: libata-sata: Disallow changing LPM state if not supported
Damien Le Moal <dlemoal(a)kernel.org>
ata: ahci: Disable DIPM if host lacks support
Damien Le Moal <dlemoal(a)kernel.org>
ata: ahci: Disallow LPM policy control if not supported
Al Viro <viro(a)zeniv.linux.org.uk>
better lockdep annotations for simple_recursive_removal()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfs: fix not erasing deleted b-tree node issue
Sarah Newman <srn(a)prgmr.com>
drbd: add missing kref_get in handle_write_conflicts
Jan Kara <jack(a)suse.cz>
udf: Verify partition map count
Jan Kara <jack(a)suse.cz>
loop: Avoid updating block size under exclusive owner
Xiao Ni <xni(a)redhat.com>
md: call del_gendisk in control path
Andrew Price <anprice(a)redhat.com>
gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops
Andrew Price <anprice(a)redhat.com>
gfs2: Validate i_depth for exhash directories
Maurizio Lombardi <mlombard(a)redhat.com>
nvme-tcp: log TLS handshake failures at error level
John Garry <john.g.garry(a)oracle.com>
md/raid10: set chunk_sectors limit
John Garry <john.g.garry(a)oracle.com>
dm-stripe: limit chunk_sectors to the stripe size
Keith Busch <kbusch(a)kernel.org>
nvme-pci: try function level reset on init failure
NeilBrown <neil(a)brown.name>
smb/server: avoid deadlock when linking with ReplaceIfExists
Yeoreum Yun <yeoreum.yun(a)arm.com>
firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall
Yeoreum Yun <yeoreum.yun(a)arm.com>
tpm: tpm_crb_ffa: try to probe tpm_crb_ffa when it's built-in
Jarkko Sakkinen <jarkko(a)kernel.org>
tpm: Check for completion after timeout
Kees Cook <kees(a)kernel.org>
arm64: Handle KCOV __init vs inline mismatches
Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp>
hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfs: fix slab-out-of-bounds in hfs_bnode_read()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfs: fix general protection fault in hfs_find_init()
Sven Stegemann <sven(a)stegemann.de>
net: kcm: Fix race condition in kcm_unattach()
Frederic Weisbecker <frederic(a)kernel.org>
ipvs: Fix estimator kthreads preferred affinity
Jakub Kicinski <kuba(a)kernel.org>
tls: handle data disappearing from under the TLS ULP
Jeongjun Park <aha310510(a)gmail.com>
ptp: prevent possible ABBA deadlock in ptp_clock_freerun()
Yao Zi <ziyao(a)disroot.org>
riscv: dts: thead: Add APB clocks for TH1520 GMACs
Yao Zi <ziyao(a)disroot.org>
net: stmmac: thead: Get and enable APB clock on initialization
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpuidle: governors: menu: Avoid using invalid recent intervals data
Len Brown <len.brown(a)intel.com>
intel_idle: Allow loading ACPI tables for any family
Gao Xiang <xiang(a)kernel.org>
erofs: fix block count report when 48-bit layout is on
Stanislav Fomichev <sdf(a)fomichev.me>
hamradio: ignore ops-locked netdevs
Stanislav Fomichev <sdf(a)fomichev.me>
net: lapbether: ignore ops-locked netdevs
Xin Long <lucien.xin(a)gmail.com>
sctp: linearize cloned gso packets in sctp_rcv
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: ti: icss-iep: Fix incorrect type for return value in extts_enable()
Jakub Kicinski <kuba(a)kernel.org>
net: page_pool: allow enabling recycling late, fix false positive warning
MD Danish Anwar <danishanwar(a)ti.com>
net: ti: icssg-prueth: Fix emac link speed handling
Jijie Shao <shaojijie(a)huawei.com>
net: hibmcge: fix the np_link_fail error reporting issue
Jijie Shao <shaojijie(a)huawei.com>
net: hibmcge: fix the division by zero issue
Jijie Shao <shaojijie(a)huawei.com>
net: hibmcge: fix rtnl deadlock issue
Florian Westphal <fw(a)strlen.de>
netfilter: ctnetlink: fix refcount leak on table dump
Sabrina Dubroca <sd(a)queasysnail.net>
udp: also consider secpath when evaluating ipsec use for checksumming
Sabrina Dubroca <sd(a)queasysnail.net>
xfrm: restore GSO for SW crypto
Jinjiang Tu <tujinjiang(a)huawei.com>
mm/smaps: fix race between smaps_hugetlb_range and migration
Al Viro <viro(a)zeniv.linux.org.uk>
habanalabs: fix UAF in export_dmabuf()
Stefan Metzmacher <metze(a)samba.org>
smb: client: don't wait for info->send_pending == 0 on error
Stefan Metzmacher <metze(a)samba.org>
smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection()
Thomas Weißschuh <linux(a)weissschuh.net>
mfd: cros_ec: Separate charge-control probing from USB-PD
Li Zhijian <lizhijian(a)fujitsu.com>
mm/memory-tier: fix abstract distance calculation overflow
Damien Le Moal <dlemoal(a)kernel.org>
block: Make REQ_OP_ZONE_FINISH a write operation
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
ACPI: processor: perflib: Move problematic pr->performance check
Lukas Wunner <lukas(a)wunner.de>
PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
Jiayi Li <lijiayi(a)kylinos.cn>
ACPI: processor: perflib: Fix initial _PPC limit application
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
Documentation: ACPI: Fix parent device references
Jann Horn <jannh(a)google.com>
eventpoll: Fix semi-unbounded recursion
Sasha Levin <sashal(a)kernel.org>
fs: Prevent file descriptor table allocations exceeding INT_MAX
Eric Biggers <ebiggers(a)kernel.org>
fscrypt: Don't use problematic non-inline crypto engines
André Draszik <andre.draszik(a)linaro.org>
clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock
André Draszik <andre.draszik(a)linaro.org>
clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD
André Draszik <andre.draszik(a)linaro.org>
clk: samsung: exynos850: fix a comment
Ma Ke <make24(a)iscas.ac.cn>
sunvdc: Balance device refcount in vdc_port_mpgroup_check
Wentao Guan <guanwentao(a)uniontech.com>
LoongArch: vDSO: Remove -nostdlib complier flag
Yao Zi <ziyao(a)disroot.org>
LoongArch: Avoid in-place string operation on FDT content
Huacai Chen <chenhuacai(a)kernel.org>
LoongArch: Make relocate_new_kernel_size be a .quad value
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
LoongArch: Don't use %pK through printk() in unwinder
Haoran Jiang <jianghaoran(a)kylinos.cn>
LoongArch: BPF: Fix jump offset calculation in tailcall
Huacai Chen <chenhuacai(a)kernel.org>
PCI: Extend isolated function probing to LoongArch
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFS: Fix the setting of capabilities when automounting a new filesystem
Dai Ngo <dai.ngo(a)oracle.com>
NFSD: detect mismatch of file handle and delegation stateid in OPEN op
Jeff Layton <jlayton(a)kernel.org>
nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
Christian Brauner <brauner(a)kernel.org>
fhandle: raise FILEID_IS_DIR in handle_type
Fabio Porcedda <fabio.porcedda(a)gmail.com>
net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition
Xu Yang <xu.yang_2(a)nxp.com>
net: usb: asix_devices: add phy_mask for ax88772 mdio bus
Johan Hovold <johan(a)kernel.org>
net: dpaa: fix device leak when querying time stamp info
Johan Hovold <johan(a)kernel.org>
net: ti: icss-iep: fix device and OF node leaks at probe
Johan Hovold <johan(a)kernel.org>
net: mtk_eth_soc: fix device leak at probe
Johan Hovold <johan(a)kernel.org>
net: enetc: fix device and OF node leak at probe
Johan Hovold <johan(a)kernel.org>
net: gianfar: fix device leak when querying time stamp info
Heiner Kallweit <hkallweit1(a)gmail.com>
net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect
Florian Larysch <fl(a)n621.de>
net: phy: micrel: fix KSZ8081/KSZ8091 cable test
Fedor Pchelkin <pchelkin(a)ispras.ru>
netlink: avoid infinite retry looping in netlink_unicast()
Daniel Golle <daniel(a)makrotopia.org>
Revert "leds: trigger: netdev: Configure LED blink interval for HW offload"
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
leds: flash: leds-qcom-flash: Fix registry access after re-bind
David Thompson <davthompson(a)nvidia.com>
gpio: mlxbf3: use platform_get_irq_optional()
David Thompson <davthompson(a)nvidia.com>
Revert "gpio: mlxbf3: only get IRQ for device instance 0"
David Thompson <davthompson(a)nvidia.com>
gpio: mlxbf2: use platform_get_irq_optional()
Dongcheng Yan <dongcheng.yan(a)intel.com>
media: i2c: set lt6911uxe's reset_gpio to GPIOD_OUT_LOW
Siddharth Vadapalli <s-vadapalli(a)ti.com>
arm64: dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C
Harald Mommer <harald.mommer(a)oss.qualcomm.com>
gpio: virtio: Fix config space reading.
Wang Zhaolong <wangzhaolong(a)huaweicloud.com>
smb: client: remove redundant lstrp update in negotiate protocol
Steve French <stfrench(a)microsoft.com>
smb3: fix for slab out of bounds on mount to ksmbd
Christopher Eby <kreed(a)kreed.org>
ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks
Vasiliy Kovalev <kovalev(a)altlinux.org>
ALSA: hda/realtek: Fix headset mic on HONOR BRB-X
Takashi Iwai <tiwai(a)suse.de>
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
Takashi Iwai <tiwai(a)suse.de>
ALSA: usb-audio: Validate UAC3 power domain descriptors, too
Jens Axboe <axboe(a)kernel.dk>
io_uring/net: commit partial buffers on retry
Jens Axboe <axboe(a)kernel.dk>
io_uring/memmap: cast nr_pages to size_t before shifting
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring: export io_[un]account_mem
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring: don't use int for ABI
-------------
Diffstat:
Documentation/filesystems/fscrypt.rst | 37 +-
Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 +-
Documentation/sphinx/kernel_abi.py | 6 +-
Makefile | 4 +-
arch/arm/mach-rockchip/platsmp.c | 15 +-
arch/arm/mach-tegra/reset.c | 2 +-
arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 2 +-
arch/arm64/include/asm/acpi.h | 2 +-
arch/arm64/kernel/acpi.c | 10 +-
arch/arm64/kernel/stacktrace.c | 2 +
arch/arm64/kernel/traps.c | 1 +
arch/arm64/mm/fault.c | 1 +
arch/arm64/mm/ptdump_debugfs.c | 3 -
arch/loongarch/kernel/env.c | 13 +-
arch/loongarch/kernel/relocate_kernel.S | 2 +-
arch/loongarch/kernel/unwind_orc.c | 2 +-
arch/loongarch/net/bpf_jit.c | 21 +-
arch/loongarch/vdso/Makefile | 2 +-
arch/mips/include/asm/vpe.h | 8 +
arch/mips/kernel/process.c | 16 +-
arch/mips/lantiq/falcon/sysctrl.c | 23 +-
arch/parisc/Makefile | 2 +-
arch/powerpc/include/asm/floppy.h | 5 +-
arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 +-
arch/riscv/boot/dts/thead/th1520.dtsi | 10 +-
arch/riscv/mm/ptdump.c | 3 -
arch/s390/include/asm/timex.h | 13 +-
arch/s390/kernel/early.c | 1 +
arch/s390/kernel/time.c | 2 +-
arch/s390/mm/dump_pagetables.c | 2 -
arch/um/include/asm/thread_info.h | 4 +
arch/um/kernel/process.c | 18 +-
arch/x86/include/asm/kvm_host.h | 6 +-
arch/x86/kernel/cpu/bugs.c | 5 +-
arch/x86/kvm/svm/svm.c | 4 +-
arch/x86/kvm/vmx/nested.c | 18 +-
arch/x86/kvm/vmx/pmu_intel.c | 8 +-
arch/x86/kvm/vmx/vmx.c | 41 +-
arch/x86/kvm/vmx/vmx.h | 13 +
arch/x86/kvm/vmx/x86_ops.h | 2 +-
arch/x86/kvm/x86.c | 11 +-
block/bfq-iosched.c | 35 +-
block/bfq-iosched.h | 3 +-
block/blk-mq.c | 6 +-
block/blk-settings.c | 2 +-
block/blk-zoned.c | 20 +-
block/kyber-iosched.c | 9 +-
block/mq-deadline.c | 16 +-
crypto/jitterentropy-kcapi.c | 9 +-
drivers/accel/habanalabs/common/memory.c | 23 +-
drivers/acpi/acpi_processor.c | 2 +-
drivers/acpi/apei/ghes.c | 13 +
drivers/acpi/prmt.c | 26 +-
drivers/acpi/processor_perflib.c | 11 +
drivers/android/binder_alloc_selftest.c | 2 +-
drivers/ata/ahci.c | 12 +-
drivers/ata/ata_piix.c | 1 +
drivers/ata/libahci.c | 1 +
drivers/ata/libata-sata.c | 52 +-
drivers/base/power/runtime.c | 5 +
drivers/block/drbd/drbd_receiver.c | 6 +-
drivers/block/loop.c | 38 +-
drivers/block/sunvdc.c | 4 +-
drivers/bluetooth/btusb.c | 3 +
drivers/bus/mhi/host/pci_generic.c | 20 +-
drivers/char/ipmi/ipmi_msghandler.c | 8 +-
drivers/char/ipmi/ipmi_watchdog.c | 59 +-
drivers/char/misc.c | 4 +-
drivers/char/tpm/tpm-interface.c | 17 +-
drivers/char/tpm/tpm_crb_ffa.c | 19 +-
drivers/clk/qcom/dispcc-sm8750.c | 10 +-
drivers/clk/qcom/gcc-ipq5018.c | 2 +-
drivers/clk/qcom/gcc-ipq8074.c | 6 +-
drivers/clk/renesas/rzg2l-cpg.c | 8 +-
drivers/clk/samsung/clk-exynos850.c | 2 +-
drivers/clk/samsung/clk-gs101.c | 4 +-
drivers/clk/tegra/clk-periph.c | 4 +-
drivers/clk/thead/clk-th1520-ap.c | 5 +-
drivers/comedi/comedi_fops.c | 33 +-
drivers/comedi/comedi_internal.h | 1 +
drivers/comedi/drivers.c | 13 +-
drivers/cpufreq/cppc_cpufreq.c | 2 +-
drivers/cpufreq/cpufreq.c | 8 +-
drivers/cpufreq/intel_pstate.c | 2 +
drivers/cpuidle/governors/menu.c | 21 +-
drivers/crypto/ccp/sp-pci.c | 1 +
drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 +-
.../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 +-
drivers/devfreq/governor_userspace.c | 6 +-
drivers/dma/stm32/stm32-dma.c | 2 +-
drivers/edac/synopsys_edac.c | 93 +-
drivers/firmware/arm_ffa/driver.c | 2 +-
drivers/firmware/arm_scmi/scmi_power_control.c | 22 +-
drivers/firmware/qcom/qcom_scm.c | 53 +-
drivers/firmware/tegra/Kconfig | 5 +-
drivers/gpio/gpio-loongson-64bit.c | 6 +
drivers/gpio/gpio-mlxbf2.c | 2 +-
drivers/gpio/gpio-mlxbf3.c | 52 +-
drivers/gpio/gpio-tps65912.c | 7 +-
drivers/gpio/gpio-virtio.c | 9 +-
drivers/gpio/gpio-wcd934x.c | 7 +-
drivers/gpu/drm/amd/amdgpu/aldebaran.c | 33 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_cper.c | 6 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_ras_eeprom.c | 2 +
drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 3 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 28 +-
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 6 +-
drivers/gpu/drm/amd/display/dc/core/dc.c | 12 +-
.../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 11 +-
drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 +-
.../gpu/drm/amd/display/dc/mpc/dcn401/dcn401_mpc.c | 2 +-
.../display/dc/resource/dcn314/dcn314_resource.c | 1 +
drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c | 16 +-
drivers/gpu/drm/amd/pm/amdgpu_pm.c | 5 +
drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 +-
drivers/gpu/drm/clients/drm_client_setup.c | 5 +
drivers/gpu/drm/i915/display/intel_psr.c | 14 +-
drivers/gpu/drm/imagination/pvr_power.c | 59 +-
drivers/gpu/drm/msm/Makefile | 5 +
drivers/gpu/drm/msm/adreno/a6xx_catalog.c | 2 +-
drivers/gpu/drm/msm/adreno/a6xx_gpu.h | 4 +
drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 2 +-
drivers/gpu/drm/msm/adreno/a6xx_gpu_state.h | 2 +-
drivers/gpu/drm/msm/adreno/a6xx_preempt.c | 2 +-
.../gpu/drm/msm/adreno/adreno_gen7_9_0_snapshot.h | 4 +-
drivers/gpu/drm/msm/msm_drv.c | 9 +-
drivers/gpu/drm/msm/msm_gem.c | 3 +-
drivers/gpu/drm/msm/msm_gem.h | 6 +
drivers/gpu/drm/msm/registers/adreno/a6xx.xml | 3576 ++++----------------
.../drm/msm/registers/adreno/a6xx_descriptors.xml | 198 ++
.../gpu/drm/msm/registers/adreno/a6xx_enums.xml | 383 +++
.../drm/msm/registers/adreno/a6xx_perfcntrs.xml | 600 ++++
.../gpu/drm/msm/registers/adreno/a7xx_enums.xml | 223 ++
.../drm/msm/registers/adreno/a7xx_perfcntrs.xml | 1030 ++++++
.../gpu/drm/msm/registers/adreno/adreno_pm4.xml | 302 +-
drivers/gpu/drm/panel/panel-raydium-rm67200.c | 22 +-
drivers/gpu/drm/renesas/rz-du/rzg2l_mipi_dsi.c | 3 +
drivers/gpu/drm/scheduler/sched_main.c | 34 +-
drivers/gpu/drm/ttm/ttm_pool.c | 8 +-
drivers/gpu/drm/ttm/ttm_resource.c | 3 +
drivers/gpu/drm/xe/xe_guc_exec_queue_types.h | 2 +
drivers/gpu/drm/xe/xe_guc_submit.c | 7 +-
drivers/gpu/drm/xe/xe_hw_fence.c | 3 +
drivers/gpu/drm/xe/xe_query.c | 27 +-
drivers/hid/hid-core.c | 4 +-
drivers/hid/hid-magicmouse.c | 56 +-
drivers/hwmon/emc2305.c | 10 +-
drivers/i2c/i2c-core-acpi.c | 1 +
drivers/i3c/internals.h | 1 +
drivers/i3c/master.c | 4 +-
drivers/idle/intel_idle.c | 2 +-
drivers/iio/adc/ad7768-1.c | 23 +-
drivers/iio/adc/ad_sigma_delta.c | 2 +-
drivers/infiniband/core/nldev.c | 22 +-
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 +-
drivers/infiniband/hw/hfi1/affinity.c | 44 +-
drivers/infiniband/sw/siw/siw_qp_tx.c | 5 +-
drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 +
drivers/iommu/intel/iommu.c | 19 +-
drivers/iommu/intel/iommu.h | 3 +
drivers/iommu/iommufd/io_pagetable.c | 48 +-
drivers/irqchip/irq-mips-gic.c | 8 +-
drivers/irqchip/irq-renesas-rzv2h.c | 4 +-
drivers/leds/flash/leds-qcom-flash.c | 15 +-
drivers/leds/leds-lp50xx.c | 11 +-
drivers/leds/trigger/ledtrig-netdev.c | 16 +-
drivers/md/dm-ps-historical-service-time.c | 4 +-
drivers/md/dm-ps-queue-length.c | 4 +-
drivers/md/dm-ps-round-robin.c | 4 +-
drivers/md/dm-ps-service-time.c | 4 +-
drivers/md/dm-stripe.c | 1 +
drivers/md/dm-table.c | 10 +-
drivers/md/dm-zoned-target.c | 2 +-
drivers/md/dm.c | 37 +-
drivers/md/md.c | 51 +-
drivers/md/md.h | 26 +-
drivers/md/raid10.c | 1 +
drivers/media/dvb-frontends/dib7000p.c | 8 +
drivers/media/i2c/hi556.c | 7 +-
drivers/media/i2c/lt6911uxe.c | 2 +-
drivers/media/i2c/tc358743.c | 86 +-
drivers/media/pci/intel/ipu-bridge.c | 2 +
drivers/media/platform/qcom/iris/iris_buffer.c | 11 +-
.../platform/qcom/iris/iris_hfi_gen1_defines.h | 2 +
.../platform/qcom/iris/iris_hfi_gen1_response.c | 6 +
drivers/media/platform/qcom/venus/hfi_msgs.c | 83 +-
drivers/media/platform/raspberrypi/rp1-cfe/cfe.c | 4 +-
drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 +
drivers/media/usb/uvc/uvc_ctrl.c | 55 +-
drivers/media/usb/uvc/uvc_driver.c | 12 +
drivers/media/usb/uvc/uvc_video.c | 21 +-
drivers/media/usb/uvc/uvcvideo.h | 2 +
drivers/media/v4l2-core/v4l2-common.c | 14 +-
drivers/mfd/axp20x.c | 3 +-
drivers/mfd/cros_ec_dev.c | 10 +-
drivers/mfd/tps6594-core.c | 88 +-
drivers/mfd/tps6594-i2c.c | 10 +-
drivers/mfd/tps6594-spi.c | 10 +-
drivers/misc/cardreader/rtsx_usb.c | 16 +-
drivers/misc/mei/bus.c | 6 +
drivers/mmc/host/rtsx_usb_sdmmc.c | 4 +-
drivers/mmc/host/sdhci-msm.c | 14 +
drivers/net/can/ti_hecc.c | 2 +-
drivers/net/dsa/b53/b53_common.c | 76 +-
drivers/net/dsa/b53/b53_regs.h | 7 +-
drivers/net/ethernet/agere/et131x.c | 36 +
drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2 +
.../aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 +
drivers/net/ethernet/atheros/ag71xx.c | 9 +
drivers/net/ethernet/broadcom/bnxt/bnxt.c | 9 +-
drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +-
drivers/net/ethernet/emulex/benet/be_main.c | 8 +-
drivers/net/ethernet/faraday/ftgmac100.c | 7 +-
drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 -
drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 +-
drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14 +-
drivers/net/ethernet/freescale/fec_main.c | 34 +-
drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 +-
drivers/net/ethernet/google/gve/gve_adminq.c | 1 +
drivers/net/ethernet/hisilicon/hibmcge/hbg_err.c | 14 +-
drivers/net/ethernet/hisilicon/hibmcge/hbg_hw.c | 15 +-
drivers/net/ethernet/hisilicon/hibmcge/hbg_txrx.h | 7 +-
drivers/net/ethernet/intel/idpf/idpf.h | 19 +
drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 36 +-
drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 +-
drivers/net/ethernet/intel/idpf/idpf_main.c | 1 +
drivers/net/ethernet/intel/idpf/idpf_txrx.c | 13 +-
drivers/net/ethernet/mediatek/mtk_wed.c | 1 -
drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2 +-
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 7 +-
drivers/net/ethernet/stmicro/stmmac/dwmac-thead.c | 14 +
drivers/net/ethernet/ti/icssg/icss_iep.c | 26 +-
drivers/net/ethernet/ti/icssg/icssg_prueth.c | 6 +
drivers/net/hamradio/bpqether.c | 2 +-
drivers/net/hyperv/hyperv_net.h | 3 +
drivers/net/hyperv/netvsc_drv.c | 29 +-
drivers/net/pcs/pcs-xpcs-plat.c | 4 +-
drivers/net/phy/broadcom.c | 25 +-
drivers/net/phy/micrel.c | 12 +-
drivers/net/phy/smsc.c | 1 +
drivers/net/thunderbolt/main.c | 21 +-
drivers/net/usb/asix_devices.c | 1 +
drivers/net/usb/cdc_ncm.c | 20 +-
drivers/net/usb/qmi_wwan.c | 1 +
drivers/net/wan/lapbether.c | 2 +-
drivers/net/wireless/ath/ath10k/core.c | 48 +-
drivers/net/wireless/ath/ath10k/core.h | 11 +-
drivers/net/wireless/ath/ath10k/mac.c | 7 +-
drivers/net/wireless/ath/ath10k/wmi.c | 6 +
drivers/net/wireless/ath/ath12k/core.h | 4 +
drivers/net/wireless/ath/ath12k/dp.c | 3 +-
drivers/net/wireless/ath/ath12k/hw.c | 2 +-
drivers/net/wireless/ath/ath12k/mac.c | 79 +-
drivers/net/wireless/ath/ath12k/wmi.c | 5 +
drivers/net/wireless/ath/ath12k/wmi.h | 1 +
drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 +-
drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 +-
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 +-
drivers/net/wireless/intel/iwlwifi/mld/agg.c | 5 +
drivers/net/wireless/intel/iwlwifi/mld/iface.h | 3 +
drivers/net/wireless/intel/iwlwifi/mld/link.c | 8 +-
drivers/net/wireless/intel/iwlwifi/mld/mac80211.c | 1 +
drivers/net/wireless/intel/iwlwifi/mld/mlo.c | 8 +-
drivers/net/wireless/intel/iwlwifi/mld/scan.c | 2 +-
drivers/net/wireless/intel/iwlwifi/mld/scan.h | 2 +-
drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 +
drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 5 +
drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +-
drivers/net/wireless/mediatek/mt76/channel.c | 4 +-
drivers/net/wireless/mediatek/mt76/mt76.h | 5 +-
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 28 +-
drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 4 +-
drivers/net/wireless/realtek/rtlwifi/pci.c | 23 +-
drivers/net/wireless/realtek/rtw89/chan.c | 6 +
drivers/net/wireless/realtek/rtw89/coex.c | 12 +-
drivers/net/wireless/realtek/rtw89/core.c | 3 +
drivers/net/wireless/realtek/rtw89/fw.c | 9 +-
drivers/net/wireless/realtek/rtw89/fw.h | 2 +
drivers/net/wireless/realtek/rtw89/mac.c | 19 +
drivers/net/wireless/realtek/rtw89/reg.h | 1 +
drivers/net/wireless/realtek/rtw89/wow.c | 5 +-
drivers/net/xen-netfront.c | 5 -
drivers/nvme/host/pci.c | 24 +-
drivers/nvme/host/tcp.c | 11 +-
drivers/pci/pci-acpi.c | 4 +-
drivers/pci/pci.c | 6 +-
drivers/pci/probe.c | 2 +-
drivers/perf/arm-cmn.c | 1 +
drivers/perf/arm-ni.c | 1 +
drivers/perf/cxl_pmu.c | 2 +-
drivers/phy/rockchip/phy-rockchip-pcie.c | 15 +-
drivers/pinctrl/stm32/pinctrl-stm32.c | 1 +
drivers/platform/chrome/cros_ec_sensorhub.c | 23 +-
drivers/platform/chrome/cros_ec_typec.c | 4 +-
drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 +
drivers/platform/x86/thinkpad_acpi.c | 4 +-
drivers/pmdomain/imx/imx8m-blk-ctrl.c | 10 +
drivers/pmdomain/ti/Kconfig | 2 +-
drivers/power/supply/qcom_battmgr.c | 2 +
drivers/pps/clients/pps-gpio.c | 5 +-
drivers/ptp/ptp_clock.c | 2 +-
drivers/ptp/ptp_private.h | 5 +
drivers/ptp/ptp_vclock.c | 7 +
drivers/remoteproc/imx_rproc.c | 4 +-
drivers/reset/Kconfig | 10 +-
drivers/rtc/rtc-ds1307.c | 15 +-
drivers/s390/char/sclp.c | 4 +-
drivers/scsi/aacraid/comminit.c | 3 +-
drivers/scsi/bfa/bfad_im.c | 1 +
drivers/scsi/libiscsi.c | 3 +-
drivers/scsi/lpfc/lpfc_debugfs.c | 1 -
drivers/scsi/lpfc/lpfc_hbadisc.c | 3 +-
drivers/scsi/lpfc/lpfc_scsi.c | 4 +
drivers/scsi/mpi3mr/mpi3mr_os.c | 20 +-
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 +
drivers/scsi/pm8001/pm80xx_hwi.c | 12 +-
drivers/scsi/scsi_scan.c | 2 +-
drivers/scsi/scsi_transport_sas.c | 62 +-
drivers/soc/qcom/mdt_loader.c | 10 +-
drivers/soc/qcom/rpmh-rsc.c | 2 +-
drivers/soundwire/amd_manager.c | 7 +-
drivers/soundwire/bus.c | 6 +-
drivers/staging/gpib/ni_usb/ni_usb_gpib.c | 14 +-
drivers/target/target_core_fabric_lib.c | 65 +-
drivers/target/target_core_internal.h | 4 +-
drivers/target/target_core_pr.c | 18 +-
drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 +-
drivers/thermal/thermal_sysfs.c | 9 +-
drivers/thunderbolt/domain.c | 2 +-
drivers/tty/serial/serial_core.c | 44 +-
drivers/usb/class/cdc-acm.c | 11 +-
drivers/usb/core/config.c | 10 +-
drivers/usb/core/urb.c | 2 +-
drivers/usb/dwc3/dwc3-xilinx.c | 1 +
drivers/usb/host/xhci-mem.c | 2 +
drivers/usb/host/xhci-ring.c | 10 +-
drivers/usb/host/xhci.c | 6 +-
drivers/usb/typec/mux/intel_pmc_mux.c | 2 +-
drivers/usb/typec/tcpm/fusb302.c | 8 +
drivers/usb/typec/tcpm/tcpci_maxim_core.c | 46 +-
drivers/usb/typec/ucsi/cros_ec_ucsi.c | 1 +
drivers/usb/typec/ucsi/psy.c | 2 +-
drivers/usb/typec/ucsi/ucsi.c | 1 +
drivers/usb/typec/ucsi/ucsi.h | 7 +-
drivers/vfio/pci/mlx5/cmd.c | 4 +-
drivers/vfio/vfio_iommu_type1.c | 7 +
drivers/vhost/vhost.c | 3 +
drivers/video/fbdev/Kconfig | 2 +-
drivers/video/fbdev/core/fbcon.c | 9 +-
drivers/video/fbdev/core/fbmem.c | 3 +
drivers/virt/coco/efi_secret/efi_secret.c | 10 +-
drivers/watchdog/dw_wdt.c | 2 +
drivers/watchdog/iTCO_wdt.c | 6 +-
drivers/watchdog/sbsa_gwdt.c | 50 +-
fs/btrfs/block-group.c | 31 +-
fs/btrfs/ctree.c | 1 +
fs/btrfs/extent-tree.c | 33 +-
fs/btrfs/inode.c | 2 +-
fs/btrfs/ioctl.c | 3 +-
fs/btrfs/qgroup.c | 44 +-
fs/btrfs/relocation.c | 19 +
fs/btrfs/send.c | 33 +
fs/btrfs/transaction.c | 6 +-
fs/btrfs/tree-log.c | 107 +-
fs/btrfs/zoned.c | 5 +-
fs/crypto/fscrypt_private.h | 17 +
fs/crypto/hkdf.c | 2 +-
fs/crypto/keysetup.c | 3 +-
fs/crypto/keysetup_v1.c | 3 +-
fs/erofs/super.c | 4 +-
fs/eventpoll.c | 60 +-
fs/exfat/dir.c | 12 +
fs/exfat/fatent.c | 10 +
fs/exfat/namei.c | 5 +
fs/exfat/super.c | 32 +-
fs/ext2/inode.c | 12 +-
fs/ext4/inline.c | 19 +-
fs/ext4/mballoc-test.c | 9 +
fs/ext4/mballoc.c | 69 +-
fs/f2fs/file.c | 24 +-
fs/fhandle.c | 2 +-
fs/file.c | 15 +
fs/gfs2/dir.c | 6 +-
fs/gfs2/glops.c | 6 +
fs/gfs2/meta_io.c | 2 +
fs/hfs/bfind.c | 3 +
fs/hfs/bnode.c | 93 +
fs/hfs/btree.c | 57 +-
fs/hfs/extent.c | 2 +-
fs/hfs/hfs_fs.h | 1 +
fs/hfsplus/bnode.c | 92 +
fs/hfsplus/unicode.c | 7 +
fs/hfsplus/xattr.c | 6 +-
fs/jfs/file.c | 3 +
fs/jfs/inode.c | 2 +-
fs/jfs/jfs_dmap.c | 6 +
fs/libfs.c | 4 +-
fs/nfs/blocklayout/blocklayout.c | 4 +-
fs/nfs/blocklayout/dev.c | 5 +-
fs/nfs/blocklayout/extent_tree.c | 20 +-
fs/nfs/client.c | 44 +-
fs/nfs/internal.h | 2 +-
fs/nfs/nfs4client.c | 20 +-
fs/nfs/nfs4proc.c | 2 +-
fs/nfs/pnfs.c | 11 +-
fs/nfsd/nfs4state.c | 34 +-
fs/ntfs3/dir.c | 3 +
fs/ntfs3/inode.c | 31 +-
fs/ocfs2/aops.c | 1 +
fs/orangefs/orangefs-debugfs.c | 2 +-
fs/pidfs.c | 2 +
fs/proc/task_mmu.c | 6 +-
fs/smb/client/cifsencrypt.c | 79 +-
fs/smb/client/cifssmb.c | 10 +
fs/smb/client/compress.c | 61 +-
fs/smb/client/connect.c | 1 -
fs/smb/client/sess.c | 9 +
fs/smb/client/smb2ops.c | 11 +-
fs/smb/client/smbdirect.c | 25 +-
fs/smb/server/smb2pdu.c | 16 +-
fs/tracefs/inode.c | 11 +
fs/udf/super.c | 13 +-
fs/xfs/scrub/trace.h | 2 +-
include/drm/gpu_scheduler.h | 18 +
include/linux/blk_types.h | 6 +-
include/linux/blkdev.h | 55 +
include/linux/hid.h | 2 +
include/linux/hypervisor.h | 3 +
include/linux/if_vlan.h | 21 +-
include/linux/libata.h | 1 +
include/linux/memory-tiers.h | 2 +-
include/linux/mfd/tps6594.h | 1 +
include/linux/packing.h | 6 +-
include/linux/pci.h | 6 +
include/linux/sbitmap.h | 6 +-
include/linux/skbuff.h | 8 +-
include/linux/usb/cdc_ncm.h | 1 +
include/linux/virtio_vsock.h | 7 +-
include/net/bluetooth/hci.h | 6 +
include/net/bluetooth/hci_core.h | 5 +-
include/net/cfg80211.h | 2 +-
include/net/ip_vs.h | 13 +
include/net/kcm.h | 1 -
include/net/mac80211.h | 4 +
include/net/page_pool/types.h | 2 +
include/sound/sdca_function.h | 2 +
include/trace/events/thp.h | 2 +
include/uapi/linux/in6.h | 4 +-
include/uapi/linux/io_uring.h | 2 +-
io_uring/memmap.c | 2 +-
io_uring/net.c | 27 +-
io_uring/rsrc.c | 4 +-
io_uring/rsrc.h | 2 +
io_uring/rw.c | 2 +-
kernel/.gitignore | 2 +
kernel/Makefile | 47 +-
kernel/bpf/verifier.c | 7 +-
kernel/gen_kheaders.sh | 88 +-
kernel/kthread.c | 1 +
kernel/module/main.c | 10 +-
kernel/power/console.c | 7 +-
kernel/printk/nbcon.c | 63 +-
kernel/rcu/rcutorture.c | 9 +-
kernel/rcu/tree.c | 2 +
kernel/rcu/tree.h | 14 +-
kernel/rcu/tree_nocb.h | 5 +-
kernel/rcu/tree_plugin.h | 44 +-
kernel/sched/deadline.c | 4 +-
kernel/sched/fair.c | 19 +-
kernel/sched/rt.c | 6 +
kernel/trace/fprobe.c | 4 +-
kernel/trace/rv/rv_trace.h | 3 +-
lib/sbitmap.c | 56 +-
mm/damon/core.c | 1 +
mm/huge_memory.c | 7 +-
mm/kmemleak.c | 10 +-
mm/ptdump.c | 2 +
mm/shmem.c | 39 +-
mm/slub.c | 7 +-
mm/userfaultfd.c | 15 +-
net/bluetooth/hci_conn.c | 3 +-
net/bluetooth/hci_event.c | 39 +-
net/bluetooth/hci_sock.c | 2 +-
net/core/ieee8021q_helpers.c | 44 +-
net/core/page_pool.c | 29 +
net/ipv4/route.c | 1 -
net/ipv4/udp_offload.c | 2 +-
net/ipv6/addrconf.c | 7 +-
net/ipv6/mcast.c | 11 +-
net/kcm/kcmsock.c | 10 +-
net/mac80211/chan.c | 1 +
net/mac80211/ht.c | 40 +-
net/mac80211/ieee80211_i.h | 6 +
net/mac80211/iface.c | 29 +
net/mac80211/link.c | 9 +-
net/mac80211/mlme.c | 45 +-
net/mac80211/rx.c | 47 +-
net/mctp/af_mctp.c | 28 +-
net/ncsi/internal.h | 2 +-
net/ncsi/ncsi-rsp.c | 1 +
net/netfilter/ipvs/ip_vs_est.c | 3 +-
net/netfilter/nf_conntrack_netlink.c | 24 +-
net/netfilter/nft_set_pipapo.c | 9 +-
net/netlink/af_netlink.c | 2 +-
net/sched/sch_ets.c | 11 +-
net/sctp/input.c | 2 +-
net/tls/tls.h | 2 +-
net/tls/tls_strp.c | 11 +-
net/tls/tls_sw.c | 3 +-
net/vmw_vsock/virtio_transport.c | 2 +-
net/wireless/mlme.c | 3 +-
net/xfrm/xfrm_device.c | 9 +-
net/xfrm/xfrm_state.c | 74 +-
rust/Makefile | 16 +-
samples/damon/wsse.c | 12 +-
scripts/kconfig/gconf.c | 8 +-
scripts/kconfig/lxdialog/inputbox.c | 6 +-
scripts/kconfig/lxdialog/menubox.c | 2 +-
scripts/kconfig/nconf.c | 2 +
scripts/kconfig/nconf.gui.c | 1 +
security/apparmor/domain.c | 52 +-
security/apparmor/file.c | 6 +-
security/apparmor/include/lib.h | 6 +-
security/inode.c | 2 -
security/landlock/syscalls.c | 1 -
sound/core/pcm_native.c | 19 +-
sound/pci/hda/cs35l41_hda.c | 2 +
sound/pci/hda/cs35l56_hda.c | 4 +
sound/pci/hda/hda_codec.c | 44 +-
sound/pci/hda/patch_ca0132.c | 2 +-
sound/pci/hda/patch_realtek.c | 3 +
sound/pci/intel8x0.c | 2 +-
sound/soc/codecs/hdac_hdmi.c | 10 +-
sound/soc/codecs/rt5640.c | 5 +
sound/soc/fsl/fsl_sai.c | 20 +-
sound/soc/intel/avs/core.c | 3 +-
sound/soc/intel/boards/sof_sdw.c | 8 +
sound/soc/qcom/lpass-platform.c | 27 +-
sound/soc/sdca/sdca_functions.c | 2 +
sound/soc/soc-core.c | 3 +
sound/soc/soc-dapm.c | 4 +
sound/soc/sof/topology.c | 15 +-
sound/usb/mixer_quirks.c | 14 +-
sound/usb/stream.c | 25 +-
sound/usb/validate.c | 12 +
tools/bootconfig/main.c | 24 +-
tools/bpf/bpftool/main.c | 6 +-
tools/include/nolibc/std.h | 4 +-
tools/include/nolibc/types.h | 4 +-
tools/lib/bpf/libbpf.c | 7 +-
.../cpupower/utils/idle_monitor/mperf_monitor.c | 4 +-
tools/power/x86/turbostat/turbostat.c | 14 +-
tools/scripts/Makefile.include | 4 +-
tools/testing/ktest/ktest.pl | 5 +-
tools/testing/selftests/arm64/fp/sve-ptrace.c | 3 +-
tools/testing/selftests/bpf/prog_tests/ringbuf.c | 4 +-
.../selftests/bpf/prog_tests/user_ringbuf.c | 10 +-
.../selftests/bpf/progs/test_ringbuf_write.c | 4 +-
.../testing/selftests/bpf/progs/verifier_unpriv.c | 2 +-
.../ftrace/test.d/ftrace/func-filter-glob.tc | 2 +-
tools/testing/selftests/futex/include/futextest.h | 11 +
tools/testing/selftests/net/netfilter/config | 2 +-
tools/testing/selftests/vDSO/vdso_test_getrandom.c | 6 +-
tools/verification/dot2/dot2k.py | 3 +-
.../dot2/dot2k_templates/Kconfig_container | 5 +
566 files changed, 8326 insertions(+), 5099 deletions(-)
2 weeks, 3 days
- 9
- 529
[PATCH] drm/amdgpu: drop hw access in non-DC audio fini
by Alex Deucher
We already disable the audio pins in hw_fini so
there is no need to do it again in sw_fini.
Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/4481
Cc: stable(a)vger.kernel.org
Cc: oushixiong <oushixiong1025(a)163.com>
Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com>
---
drivers/gpu/drm/amd/amdgpu/dce_v10_0.c | 5 -----
drivers/gpu/drm/amd/amdgpu/dce_v11_0.c | 5 -----
drivers/gpu/drm/amd/amdgpu/dce_v6_0.c | 5 -----
drivers/gpu/drm/amd/amdgpu/dce_v8_0.c | 5 -----
4 files changed, 20 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/dce_v10_0.c b/drivers/gpu/drm/amd/amdgpu/dce_v10_0.c
index bf7c22f81cda3..ba73518f5cdf3 100644
--- a/drivers/gpu/drm/amd/amdgpu/dce_v10_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/dce_v10_0.c
@@ -1462,17 +1462,12 @@ static int dce_v10_0_audio_init(struct amdgpu_device *adev)
static void dce_v10_0_audio_fini(struct amdgpu_device *adev)
{
- int i;
-
if (!amdgpu_audio)
return;
if (!adev->mode_info.audio.enabled)
return;
- for (i = 0; i < adev->mode_info.audio.num_pins; i++)
- dce_v10_0_audio_enable(adev, &adev->mode_info.audio.pin[i], false);
-
adev->mode_info.audio.enabled = false;
}
diff --git a/drivers/gpu/drm/amd/amdgpu/dce_v11_0.c b/drivers/gpu/drm/amd/amdgpu/dce_v11_0.c
index 47e05783c4a0e..b01d88d078fa2 100644
--- a/drivers/gpu/drm/amd/amdgpu/dce_v11_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/dce_v11_0.c
@@ -1511,17 +1511,12 @@ static int dce_v11_0_audio_init(struct amdgpu_device *adev)
static void dce_v11_0_audio_fini(struct amdgpu_device *adev)
{
- int i;
-
if (!amdgpu_audio)
return;
if (!adev->mode_info.audio.enabled)
return;
- for (i = 0; i < adev->mode_info.audio.num_pins; i++)
- dce_v11_0_audio_enable(adev, &adev->mode_info.audio.pin[i], false);
-
adev->mode_info.audio.enabled = false;
}
diff --git a/drivers/gpu/drm/amd/amdgpu/dce_v6_0.c b/drivers/gpu/drm/amd/amdgpu/dce_v6_0.c
index 276c025c4c03d..81760a26f2ffc 100644
--- a/drivers/gpu/drm/amd/amdgpu/dce_v6_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/dce_v6_0.c
@@ -1451,17 +1451,12 @@ static int dce_v6_0_audio_init(struct amdgpu_device *adev)
static void dce_v6_0_audio_fini(struct amdgpu_device *adev)
{
- int i;
-
if (!amdgpu_audio)
return;
if (!adev->mode_info.audio.enabled)
return;
- for (i = 0; i < adev->mode_info.audio.num_pins; i++)
- dce_v6_0_audio_enable(adev, &adev->mode_info.audio.pin[i], false);
-
adev->mode_info.audio.enabled = false;
}
diff --git a/drivers/gpu/drm/amd/amdgpu/dce_v8_0.c b/drivers/gpu/drm/amd/amdgpu/dce_v8_0.c
index e62ccf9eb73de..19a265bd4d196 100644
--- a/drivers/gpu/drm/amd/amdgpu/dce_v8_0.c
+++ b/drivers/gpu/drm/amd/amdgpu/dce_v8_0.c
@@ -1443,17 +1443,12 @@ static int dce_v8_0_audio_init(struct amdgpu_device *adev)
static void dce_v8_0_audio_fini(struct amdgpu_device *adev)
{
- int i;
-
if (!amdgpu_audio)
return;
if (!adev->mode_info.audio.enabled)
return;
- for (i = 0; i < adev->mode_info.audio.num_pins; i++)
- dce_v8_0_audio_enable(adev, &adev->mode_info.audio.pin[i], false);
-
adev->mode_info.audio.enabled = false;
}
--
2.50.1
2 weeks, 3 days
- 2
- 3
[PATCH] mm/khugepaged: fix the address passed to notifier on testing young
by Wei Yang
Commit 8ee53820edfd ("thp: mmu_notifier_test_young") introduced
mmu_notifier_test_young(), but we should pass the address need to test.
In xxx_scan_pmd(), the actual iteration address is "_address" not
"address". We seem to misuse the variable on the very beginning.
Change it to the right one.
Fixes: 8ee53820edfd ("thp: mmu_notifier_test_young")
Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com>
Cc: David Hildenbrand <david(a)redhat.com>
Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com>
Cc: Zi Yan <ziy(a)nvidia.com>
Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com>
Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com>
Cc: Nico Pache <npache(a)redhat.com>
Cc: Ryan Roberts <ryan.roberts(a)arm.com>
Cc: Dev Jain <dev.jain(a)arm.com>
Cc: Barry Song <baohua(a)kernel.org>
CC: <stable(a)vger.kernel.org>
---
The original commit 8ee53820edfd is at 2011.
Then the code is moved to khugepaged.c in commit b46e756f5e470 ("thp:
extract khugepaged from mm/huge_memory.c") in 2022.
---
mm/khugepaged.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/khugepaged.c b/mm/khugepaged.c
index 24e18a7f8a93..b000942250d1 100644
--- a/mm/khugepaged.c
+++ b/mm/khugepaged.c
@@ -1418,7 +1418,7 @@ static int hpage_collapse_scan_pmd(struct mm_struct *mm,
if (cc->is_khugepaged &&
(pte_young(pteval) || folio_test_young(folio) ||
folio_test_referenced(folio) || mmu_notifier_test_young(vma->vm_mm,
- address)))
+ _address)))
referenced++;
}
if (!writable) {
--
2.34.1
2 weeks, 3 days
- 6
- 11
[PATCH v3] btrfs: do more strict compressed read merge check
by Qu Wenruo
[BUG]
With 64K page size (aarch64 with 64K page size config) and 4K btrfs
block size, the following workload can easily lead to a corrupted read:
mkfs.btrfs -f -s 4k $dev > /dev/null
mount -o compress=zstd $dev $mnt
xfs_io -f -c "pwrite -S 0xff 0 64k" -c sync $mnt/base > /dev/null
echo "correct result:"
od -Ax -x $mnt/base
xfs_io -f -c "reflink $mnt/base 32k 0 32k" \
-c "reflink $mnt/base 0 32k 32k" \
-c "pwrite -S 0xff 60k 4k" $mnt/new > /dev/null
echo "incorrect result:"
od -Ax -x $mnt/new
umount $mnt
This shows the following result:
correct result:
000000 ffff ffff ffff ffff ffff ffff ffff ffff
*
010000
incorrect result:
000000 ffff ffff ffff ffff ffff ffff ffff ffff
*
008000 0000 0000 0000 0000 0000 0000 0000 0000
*
00f000 ffff ffff ffff ffff ffff ffff ffff ffff
*
010000
Notice the zero in the range [0x8000, 0xf000), which is incorrect.
[CAUSE]
With extra trace printk, it shows the following events during od:
(some unrelated info removed like CPU and context)
od-3457 btrfs_do_readpage: enter r/i=5/258 folio=0(65536) prev_em_start=0000000000000000
The "r/i" is indicating the root and inode number. In our case the file
"new" is using ino 258 from fs tree (root 5).
Here notice the @prev_em_start pointer is NULL. This means the
btrfs_do_readpage() is called from btrfs_read_folio(), not from
btrfs_readahead().
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=0 got em start=0 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=4096 got em start=0 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=8192 got em start=0 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=12288 got em start=0 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=16384 got em start=0 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=20480 got em start=0 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=24576 got em start=0 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=28672 got em start=0 len=32768
These above 32K blocks will be read from the the first half of the
compressed data extent.
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=32768 got em start=32768 len=32768
Note here there is no btrfs_submit_compressed_read() call. Which is
incorrect now.
As both extent maps at 0 and 32K are pointing to the same compressed
data, their offset are different thus can not be merged into the same
read.
So this means the compressed data read merge check is doing something
wrong.
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=36864 got em start=32768 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=40960 got em start=32768 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=45056 got em start=32768 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=49152 got em start=32768 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=53248 got em start=32768 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=57344 got em start=32768 len=32768
od-3457 btrfs_do_readpage: r/i=5/258 folio=0(65536) cur=61440 skip uptodate
od-3457 btrfs_submit_compressed_read: cb orig_bio: file off=0 len=61440
The function btrfs_submit_compressed_read() is only called at the end of
folio read. The compressed bio will only have a extent map of range [0,
32K), but the original bio passed in are for the whole 64K folio.
This will cause the decompression part to only fill the first 32K,
leaving the rest untouched (aka, filled with zero).
This incorrect compressed read merge leads to the above data corruption.
There are similar problems happened in the past, commit 808f80b46790
("Btrfs: update fix for read corruption of compressed and shared
extents") is doing pretty much the same fix for readahead.
But that's back to 2015, where btrfs still only supports bs (block size)
== ps (page size) cases.
This means btrfs_do_readpage() only needs to handle a folio which
contains exactly one block.
Only btrfs_readahead() can lead to a read covering multiple blocks.
Thus only btrfs_readahead() passes a non-NULL @prev_em_start pointer.
With the v5.15 btrfs introduced bs < ps support. This breaks the above
assumption that a folio can only contain one block.
Now btrfs_read_folio() can also read multiple blocks in one go.
But btrfs_read_folio() doesn't pass a @prev_em_start pointer, thus the
existing bio force submission check will never be triggered.
In theory, this can also happen for btrfs with large folios, but since
large folio is still experimental, we don't need to bother it, thus only
bs < ps support is affected for now.
[FIX]
Instead of passing @prev_em_start to do the proper compressed extent
check, introduce one new member, btrfs_bio_ctrl::last_em_start, so that
the existing bio force submission logic will always be triggered.
CC: stable(a)vger.kernel.org #5.15+
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
---
Changelog:
v3:
- Use a single btrfs_bio_ctrl::last_em_start
Since the existing prev_em_start is using U64_MAX as the initial value
to indicate no em hit yet, we can use the same logic, which saves
another 8 bytes from btrfs_bio_ctrl.
- Update the reproducer
Previously I failed to reproduce using a minimal workload.
As regular read from od/md5sum always trigger readahead thus not
hitting the @prev_em_start == NULL path.
Will send out a fstest case for it using the minimal reproducer.
But it will still need a 16K/64K page sized system to reproduce.
Fix the problem by doing an block aligned write into the folio, so
that the folio will be partially dirty and not go through the
readahead path.
- Update the analyze
This includes the trace events of the minimal reproducer, and
mentioning of previous similar fixes and why they do not work for
subpage cases.
- Update the CC tag
Since it's only affecting bs < ps cases (for non-experimental builds),
only need to fix kernels with subpage btrfs supports.
v2:
- Only save extent_map::start/len to save memory for btrfs_bio_ctrl
It's using on-stack memory which is very limited inside the kernel.
- Remove the commit message mentioning of clearing last saved em
Since we're using em::start/len, there is no need to clear them.
Either we hit the same em::start/len, meaning hitting the same extent
map, or we hit a different em, which will have a different start/len.
---
fs/btrfs/extent_io.c | 40 ++++++++++++++++++++++++++++++----------
1 file changed, 30 insertions(+), 10 deletions(-)
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index 0c12fd64a1f3..b219dbaaedc8 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -131,6 +131,24 @@ struct btrfs_bio_ctrl {
*/
unsigned long submit_bitmap;
struct readahead_control *ractl;
+
+ /*
+ * The start file offset of the last hit extent map.
+ *
+ * This is for proper compressed read merge.
+ * U64_MAX means no extent map hit yet.
+ *
+ * The current btrfs_bio_is_contig() only uses disk_bytenr as
+ * the condition to check if the read can be merged with previous
+ * bio, which is not correct. E.g. two file extents pointing to the
+ * same extent but with different offset.
+ *
+ * So here we need to do extra check to only merge reads that are
+ * covered by the same extent map.
+ * Just extent_map::start will be enough, as they are unique
+ * inside the same inode.
+ */
+ u64 last_em_start;
};
/*
@@ -965,7 +983,7 @@ static void btrfs_readahead_expand(struct readahead_control *ractl,
* return 0 on success, otherwise return error
*/
static int btrfs_do_readpage(struct folio *folio, struct extent_map **em_cached,
- struct btrfs_bio_ctrl *bio_ctrl, u64 *prev_em_start)
+ struct btrfs_bio_ctrl *bio_ctrl)
{
struct inode *inode = folio->mapping->host;
struct btrfs_fs_info *fs_info = inode_to_fs_info(inode);
@@ -1076,12 +1094,11 @@ static int btrfs_do_readpage(struct folio *folio, struct extent_map **em_cached,
* non-optimal behavior (submitting 2 bios for the same extent).
*/
if (compress_type != BTRFS_COMPRESS_NONE &&
- prev_em_start && *prev_em_start != (u64)-1 &&
- *prev_em_start != em->start)
+ bio_ctrl->last_em_start != U64_MAX &&
+ bio_ctrl->last_em_start != em->start)
force_bio_submit = true;
- if (prev_em_start)
- *prev_em_start = em->start;
+ bio_ctrl->last_em_start = em->start;
em_gen = em->generation;
btrfs_free_extent_map(em);
@@ -1296,12 +1313,15 @@ int btrfs_read_folio(struct file *file, struct folio *folio)
const u64 start = folio_pos(folio);
const u64 end = start + folio_size(folio) - 1;
struct extent_state *cached_state = NULL;
- struct btrfs_bio_ctrl bio_ctrl = { .opf = REQ_OP_READ };
+ struct btrfs_bio_ctrl bio_ctrl = {
+ .opf = REQ_OP_READ,
+ .last_em_start = U64_MAX,
+ };
struct extent_map *em_cached = NULL;
int ret;
lock_extents_for_read(inode, start, end, &cached_state);
- ret = btrfs_do_readpage(folio, &em_cached, &bio_ctrl, NULL);
+ ret = btrfs_do_readpage(folio, &em_cached, &bio_ctrl);
btrfs_unlock_extent(&inode->io_tree, start, end, &cached_state);
btrfs_free_extent_map(em_cached);
@@ -2641,7 +2661,8 @@ void btrfs_readahead(struct readahead_control *rac)
{
struct btrfs_bio_ctrl bio_ctrl = {
.opf = REQ_OP_READ | REQ_RAHEAD,
- .ractl = rac
+ .ractl = rac,
+ .last_em_start = U64_MAX,
};
struct folio *folio;
struct btrfs_inode *inode = BTRFS_I(rac->mapping->host);
@@ -2649,12 +2670,11 @@ void btrfs_readahead(struct readahead_control *rac)
const u64 end = start + readahead_length(rac) - 1;
struct extent_state *cached_state = NULL;
struct extent_map *em_cached = NULL;
- u64 prev_em_start = (u64)-1;
lock_extents_for_read(inode, start, end, &cached_state);
while ((folio = readahead_folio(rac)) != NULL)
- btrfs_do_readpage(folio, &em_cached, &bio_ctrl, &prev_em_start);
+ btrfs_do_readpage(folio, &em_cached, &bio_ctrl);
btrfs_unlock_extent(&inode->io_tree, start, end, &cached_state);
--
2.50.1
2 weeks, 4 days
- 2
- 2
[PATCH V2] xfs: do not propagate ENODATA disk errors into xattr code
by Eric Sandeen
ENODATA (aka ENOATTR) has a very specific meaning in the xfs xattr code;
namely, that the requested attribute name could not be found.
However, a medium error from disk may also return ENODATA. At best,
this medium error may escape to userspace as "attribute not found"
when in fact it's an IO (disk) error.
At worst, we may oops in xfs_attr_leaf_get() when we do:
error = xfs_attr_leaf_hasname(args, &bp);
if (error == -ENOATTR) {
xfs_trans_brelse(args->trans, bp);
return error;
}
because an ENODATA/ENOATTR error from disk leaves us with a null bp,
and the xfs_trans_brelse will then null-deref it.
As discussed on the list, we really need to modify the lower level
IO functions to trap all disk errors and ensure that we don't let
unique errors like this leak up into higher xfs functions - many
like this should be remapped to EIO.
However, this patch directly addresses a reported bug in the xattr
code, and should be safe to backport to stable kernels. A larger-scope
patch to handle more unique errors at lower levels can follow later.
(Note, prior to 07120f1abdff we did not oops, but we did return the
wrong error code to userspace.)
Signed-off-by: Eric Sandeen <sandeen(a)redhat.com>
Fixes: 07120f1abdff ("xfs: Add xfs_has_attr and subroutines")
Cc: <stable(a)vger.kernel.org> # v5.9+
---
V2: Remove the extraneous trap point as pointed out by djwong, oops.
(I get it that sprinkling this around in 2 places might have an ick
factor but I think it's necessary to make a surgical strike on this bug
before we address the general problem.)
Thanks,
-Eric
diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c
index 4c44ce1c8a64..bff3dc226f81 100644
--- a/fs/xfs/libxfs/xfs_attr_remote.c
+++ b/fs/xfs/libxfs/xfs_attr_remote.c
@@ -435,6 +435,13 @@ xfs_attr_rmtval_get(
0, &bp, &xfs_attr3_rmt_buf_ops);
if (xfs_metadata_is_sick(error))
xfs_dirattr_mark_sick(args->dp, XFS_ATTR_FORK);
+ /*
+ * ENODATA from disk implies a disk medium failure;
+ * ENODATA for xattrs means attribute not found, so
+ * disambiguate that here.
+ */
+ if (error == -ENODATA)
+ error = -EIO;
if (error)
return error;
diff --git a/fs/xfs/libxfs/xfs_da_btree.c b/fs/xfs/libxfs/xfs_da_btree.c
index 17d9e6154f19..723a0643b838 100644
--- a/fs/xfs/libxfs/xfs_da_btree.c
+++ b/fs/xfs/libxfs/xfs_da_btree.c
@@ -2833,6 +2833,12 @@ xfs_da_read_buf(
&bp, ops);
if (xfs_metadata_is_sick(error))
xfs_dirattr_mark_sick(dp, whichfork);
+ /*
+ * ENODATA from disk implies a disk medium failure; ENODATA for
+ * xattrs means attribute not found, so disambiguate that here.
+ */
+ if (error == -ENODATA && whichfork == XFS_ATTR_FORK)
+ error = -EIO;
if (error)
goto out_free;
2 weeks, 4 days
- 3
- 2
[PATCH] USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions
by Fabio Porcedda
From: Fabio Porcedda <fabio.porcedda(a)gmail.com>
Add the following Telit Cinterion LE910C4-WWX new compositions:
0x1034: tty (AT) + tty (AT) + rmnet
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 8 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1bc7 ProdID=1034 Rev=00.00
S: Manufacturer=Telit
S: Product=LE910C4-WWX
S: SerialNumber=93f617e7
C: #Ifs= 3 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
0x1036: tty (AT) + tty (AT)
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 10 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1bc7 ProdID=1036 Rev=00.00
S: Manufacturer=Telit
S: Product=LE910C4-WWX
S: SerialNumber=93f617e7
C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
0x1037: tty (diag) + tty (Telit custom) + tty (AT) + tty (AT) + rmnet
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 15 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1bc7 ProdID=1037 Rev=00.00
S: Manufacturer=Telit
S: Product=LE910C4-WWX
S: SerialNumber=93f617e7
C: #Ifs= 5 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=87(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
0x1038: tty (Telit custom) + tty (AT) + tty (AT) + rmnet
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 9 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1bc7 ProdID=1038 Rev=00.00
S: Manufacturer=Telit
S: Product=LE910C4-WWX
S: SerialNumber=93f617e7
C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=84(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=86(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
0x103b: tty (diag) + tty (Telit custom) + tty (AT) + tty (AT)
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 10 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1bc7 ProdID=103b Rev=00.00
S: Manufacturer=Telit
S: Product=LE910C4-WWX
S: SerialNumber=93f617e7
C: #Ifs= 4 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=85(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
0x103c: tty (Telit custom) + tty (AT) + tty (AT)
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 11 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1bc7 ProdID=103c Rev=00.00
S: Manufacturer=Telit
S: Product=LE910C4-WWX
S: SerialNumber=93f617e7
C: #Ifs= 3 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=option
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=fe Prot=ff Driver=option
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=84(I) Atr=03(Int.) MxPS= 64 Ivl=2ms
E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
Cc: stable(a)vger.kernel.org
Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com>
---
drivers/usb/serial/option.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
index 1f4da8120111..fc869b7f803f 100644
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -1322,7 +1322,18 @@ static const struct usb_device_id option_ids[] = {
.driver_info = NCTRL(0) | RSVD(3) },
{ USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1033, 0xff), /* Telit LE910C1-EUX (ECM) */
.driver_info = NCTRL(0) },
+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1034, 0xff), /* Telit LE910C4-WWX (rmnet) */
+ .driver_info = RSVD(2) },
{ USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1035, 0xff) }, /* Telit LE910C4-WWX (ECM) */
+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1036, 0xff) }, /* Telit LE910C4-WWX */
+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1037, 0xff), /* Telit LE910C4-WWX (rmnet) */
+ .driver_info = NCTRL(0) | NCTRL(1) | RSVD(4) },
+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1038, 0xff), /* Telit LE910C4-WWX (rmnet) */
+ .driver_info = NCTRL(0) | RSVD(3) },
+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x103b, 0xff), /* Telit LE910C4-WWX */
+ .driver_info = NCTRL(0) | NCTRL(1) },
+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x103c, 0xff), /* Telit LE910C4-WWX */
+ .driver_info = NCTRL(0) },
{ USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE922_USBCFG0),
.driver_info = RSVD(0) | RSVD(1) | NCTRL(2) | RSVD(3) },
{ USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE922_USBCFG1),
--
2.51.0
2 weeks, 4 days
- 2
- 1
[PATCH] USB: serial: option: add Telit Cinterion FN990A w/audio compositions
by Fabio Porcedda
Add the following Telit Cinterion FN990A w/audio compositions:
0x1077: tty (diag) + adb + rmnet + audio + tty (AT/NMEA) + tty (AT) +
tty (AT) + tty (AT)
T: Bus=01 Lev=01 Prnt=01 Port=09 Cnt=01 Dev#= 8 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1bc7 ProdID=1077 Rev=05.04
S: Manufacturer=Telit Wireless Solutions
S: Product=FN990
S: SerialNumber=67e04c35
C: #Ifs=10 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none)
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=50 Driver=qmi_wwan
E: Ad=0f(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 3 Alt= 0 #EPs= 0 Cls=01(audio) Sub=01 Prot=20 Driver=snd-usb-audio
I: If#= 4 Alt= 1 #EPs= 1 Cls=01(audio) Sub=02 Prot=20 Driver=snd-usb-audio
E: Ad=03(O) Atr=0d(Isoc) MxPS= 68 Ivl=1ms
I: If#= 5 Alt= 1 #EPs= 1 Cls=01(audio) Sub=02 Prot=20 Driver=snd-usb-audio
E: Ad=84(I) Atr=0d(Isoc) MxPS= 68 Ivl=1ms
I: If#= 6 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 7 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=88(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 8 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8a(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 9 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8c(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
0x1078: tty (diag) + adb + MBIM + audio + tty (AT/NMEA) + tty (AT) +
tty (AT) + tty (AT)
T: Bus=01 Lev=01 Prnt=01 Port=09 Cnt=01 Dev#= 21 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=ef(misc ) Sub=02 Prot=01 MxPS=64 #Cfgs= 1
P: Vendor=1bc7 ProdID=1078 Rev=05.04
S: Manufacturer=Telit Wireless Solutions
S: Product=FN990
S: SerialNumber=67e04c35
C: #Ifs=11 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 1 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none)
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#=10 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8c(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 2 Alt= 0 #EPs= 1 Cls=02(commc) Sub=0e Prot=00 Driver=cdc_mbim
E: Ad=83(I) Atr=03(Int.) MxPS= 64 Ivl=32ms
I: If#= 3 Alt= 1 #EPs= 2 Cls=0a(data ) Sub=00 Prot=02 Driver=cdc_mbim
E: Ad=0f(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 4 Alt= 0 #EPs= 0 Cls=01(audio) Sub=01 Prot=20 Driver=snd-usb-audio
I: If#= 5 Alt= 0 #EPs= 0 Cls=01(audio) Sub=02 Prot=20 Driver=snd-usb-audio
I: If#= 6 Alt= 1 #EPs= 1 Cls=01(audio) Sub=02 Prot=20 Driver=snd-usb-audio
E: Ad=84(I) Atr=0d(Isoc) MxPS= 68 Ivl=1ms
I: If#= 7 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 8 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=88(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 9 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8a(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
0x1079: RNDIS + tty (diag) + adb + audio + tty (AT/NMEA) + tty (AT) +
tty (AT) + tty (AT)
T: Bus=01 Lev=01 Prnt=01 Port=09 Cnt=01 Dev#= 23 Spd=480 MxCh= 0
D: Ver= 2.10 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=1bc7 ProdID=1079 Rev=05.04
S: Manufacturer=Telit Wireless Solutions
S: Product=FN990
S: SerialNumber=67e04c35
C: #Ifs=11 Cfg#= 1 Atr=e0 MxPwr=500mA
I: If#= 0 Alt= 0 #EPs= 1 Cls=ef(misc ) Sub=04 Prot=01 Driver=rndis_host
E: Ad=81(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
I: If#= 1 Alt= 0 #EPs= 2 Cls=0a(data ) Sub=00 Prot=00 Driver=rndis_host
E: Ad=0f(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8e(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#=10 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=07(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8b(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8c(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 2 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=option
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none)
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=83(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I: If#= 4 Alt= 0 #EPs= 0 Cls=01(audio) Sub=01 Prot=20 Driver=snd-usb-audio
I: If#= 5 Alt= 0 #EPs= 0 Cls=01(audio) Sub=02 Prot=20 Driver=snd-usb-audio
I: If#= 6 Alt= 1 #EPs= 1 Cls=01(audio) Sub=02 Prot=20 Driver=snd-usb-audio
E: Ad=84(I) Atr=0d(Isoc) MxPS= 68 Ivl=1ms
I: If#= 7 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=60 Driver=option
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=85(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=86(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 8 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=87(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=88(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
I: If#= 9 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=40 Driver=option
E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=89(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=8a(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
Cc: stable(a)vger.kernel.org
Signed-off-by: Fabio Porcedda <fabio.porcedda(a)gmail.com>
---
drivers/usb/serial/option.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
index e5cd33093423..1f4da8120111 100644
--- a/drivers/usb/serial/option.c
+++ b/drivers/usb/serial/option.c
@@ -1369,6 +1369,12 @@ static const struct usb_device_id option_ids[] = {
.driver_info = NCTRL(0) | RSVD(1) },
{ USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1075, 0xff), /* Telit FN990A (PCIe) */
.driver_info = RSVD(0) },
+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1077, 0xff), /* Telit FN990A (rmnet + audio) */
+ .driver_info = NCTRL(0) | RSVD(1) | RSVD(2) },
+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1078, 0xff), /* Telit FN990A (MBIM + audio) */
+ .driver_info = NCTRL(0) | RSVD(1) },
+ { USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1079, 0xff), /* Telit FN990A (RNDIS + audio) */
+ .driver_info = NCTRL(2) | RSVD(3) },
{ USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1080, 0xff), /* Telit FE990A (rmnet) */
.driver_info = NCTRL(0) | RSVD(1) | RSVD(2) },
{ USB_DEVICE_INTERFACE_CLASS(TELIT_VENDOR_ID, 0x1081, 0xff), /* Telit FE990A (MBIM) */
--
2.50.1
2 weeks, 4 days
- 2
- 1
[PATCH v2] mm/hugetlb: add missing hugetlb_lock in __unmap_hugepage_range()
by Jeongjun Park
When restoring a reservation for an anonymous page, we need to check to
freeing a surplus. However, __unmap_hugepage_range() causes data race
because it reads h->surplus_huge_pages without the protection of
hugetlb_lock.
And adjust_reservation is a boolean variable that indicates whether
reservations for anonymous pages in each folio should be restored.
Therefore, it should be initialized to false for each round of the loop.
However, this variable is not initialized to false except when defining
the current adjust_reservation variable.
This means that once adjust_reservation is set to true even once within
the loop, reservations for anonymous pages will be restored
unconditionally in all subsequent rounds, regardless of the folio's state.
To fix this, we need to add the missing hugetlb_lock, unlock the
page_table_lock earlier so that we don't lock the hugetlb_lock inside the
page_table_lock lock, and initialize adjust_reservation to false on each
round within the loop.
Cc: <stable(a)vger.kernel.org>
Reported-by: syzbot+417aeb05fd190f3a6da9(a)syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=417aeb05fd190f3a6da9
Fixes: df7a6d1f6405 ("mm/hugetlb: restore the reservation if needed")
Signed-off-by: Jeongjun Park <aha310510(a)gmail.com>
---
v2: Fix issues with changing the page_table_lock unlock location and initializing adjust_reservation
- Link to v1: https://lore.kernel.org/all/20250822055857.1142454-1-aha310510@gmail.com/
---
mm/hugetlb.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
index 753f99b4c718..eed59cfb5d21 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -5851,7 +5851,7 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma,
spinlock_t *ptl;
struct hstate *h = hstate_vma(vma);
unsigned long sz = huge_page_size(h);
- bool adjust_reservation = false;
+ bool adjust_reservation;
unsigned long last_addr_mask;
bool force_flush = false;
@@ -5944,6 +5944,7 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma,
sz);
hugetlb_count_sub(pages_per_huge_page(h), mm);
hugetlb_remove_rmap(folio);
+ spin_unlock(ptl);
/*
* Restore the reservation for anonymous page, otherwise the
@@ -5951,14 +5952,16 @@ void __unmap_hugepage_range(struct mmu_gather *tlb, struct vm_area_struct *vma,
* If there we are freeing a surplus, do not set the restore
* reservation bit.
*/
+ adjust_reservation = false;
+
+ spin_lock_irq(&hugetlb_lock);
if (!h->surplus_huge_pages && __vma_private_lock(vma) &&
folio_test_anon(folio)) {
folio_set_hugetlb_restore_reserve(folio);
/* Reservation to be adjusted after the spin lock */
adjust_reservation = true;
}
-
- spin_unlock(ptl);
+ spin_unlock_irq(&hugetlb_lock);
/*
* Adjust the reservation for the region that will have the
--
2 weeks, 4 days
- 1
- 1
[PATCH 1/1] hung_task: fix warnings by enforcing alignment on lock structures
by Lance Yang
From: Lance Yang <lance.yang(a)linux.dev>
The blocker tracking mechanism assumes that lock pointers are at least
4-byte aligned to use their lower bits for type encoding.
However, as reported by Geert Uytterhoeven, some architectures like m68k
only guarantee 2-byte alignment of 32-bit values. This breaks the
assumption and causes two related WARN_ON_ONCE checks to trigger.
To fix this, enforce a minimum of 4-byte alignment on the core lock
structures supported by the blocker tracking mechanism. This ensures the
algorithm's alignment assumption now holds true on all architectures.
This patch adds __aligned(4) to the definitions of "struct mutex",
"struct semaphore", and "struct rw_semaphore", resolving the warnings.
Thanks to Geert for bisecting!
Reported-by: Geert Uytterhoeven <geert(a)linux-m68k.org>
Closes: https://lore.kernel.org/lkml/CAMuHMdW7Ab13DdGs2acMQcix5ObJK0O2dG_Fxzr8_g58R…
Fixes: e711faaafbe5 ("hung_task: replace blocker_mutex with encoded blocker")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Lance Yang <lance.yang(a)linux.dev>
---
include/linux/mutex_types.h | 2 +-
include/linux/rwsem.h | 2 +-
include/linux/semaphore.h | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/linux/mutex_types.h b/include/linux/mutex_types.h
index fdf7f515fde8..de798bfbc4c7 100644
--- a/include/linux/mutex_types.h
+++ b/include/linux/mutex_types.h
@@ -51,7 +51,7 @@ struct mutex {
#ifdef CONFIG_DEBUG_LOCK_ALLOC
struct lockdep_map dep_map;
#endif
-};
+} __aligned(4); /* For hung_task blocker tracking, which encodes type in LSBs */
#else /* !CONFIG_PREEMPT_RT */
/*
diff --git a/include/linux/rwsem.h b/include/linux/rwsem.h
index f1aaf676a874..f6ecf4a4710d 100644
--- a/include/linux/rwsem.h
+++ b/include/linux/rwsem.h
@@ -64,7 +64,7 @@ struct rw_semaphore {
#ifdef CONFIG_DEBUG_LOCK_ALLOC
struct lockdep_map dep_map;
#endif
-};
+} __aligned(4); /* For hung_task blocker tracking, which encodes type in LSBs */
#define RWSEM_UNLOCKED_VALUE 0UL
#define RWSEM_WRITER_LOCKED (1UL << 0)
diff --git a/include/linux/semaphore.h b/include/linux/semaphore.h
index 89706157e622..ac9b9c87bfb7 100644
--- a/include/linux/semaphore.h
+++ b/include/linux/semaphore.h
@@ -20,7 +20,7 @@ struct semaphore {
#ifdef CONFIG_DETECT_HUNG_TASK_BLOCKER
unsigned long last_holder;
#endif
-};
+} __aligned(4); /* For hung_task blocker tracking, which encodes type in LSBs */
#ifdef CONFIG_DETECT_HUNG_TASK_BLOCKER
#define __LAST_HOLDER_SEMAPHORE_INITIALIZER \
--
2.49.0
2 weeks, 4 days
- 4
- 9
[PATCH 1/1] hung_task: fix warnings caused by unaligned lock pointers
by Lance Yang
From: Lance Yang <lance.yang(a)linux.dev>
The blocker tracking mechanism assumes that lock pointers are at least
4-byte aligned to use their lower bits for type encoding.
However, as reported by Geert Uytterhoeven, some architectures like m68k
only guarantee 2-byte alignment of 32-bit values. This breaks the
assumption and causes two related WARN_ON_ONCE checks to trigger.
To fix this, the runtime checks are adjusted. The first WARN_ON_ONCE in
hung_task_set_blocker() is changed to a simple 'if' that returns silently
for unaligned pointers. The second, now-invalid WARN_ON_ONCE in
hung_task_clear_blocker() is then removed.
Thanks to Geert for bisecting!
Reported-by: Geert Uytterhoeven <geert(a)linux-m68k.org>
Closes: https://lore.kernel.org/lkml/CAMuHMdW7Ab13DdGs2acMQcix5ObJK0O2dG_Fxzr8_g58R…
Fixes: e711faaafbe5 ("hung_task: replace blocker_mutex with encoded blocker")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Lance Yang <lance.yang(a)linux.dev>
---
include/linux/hung_task.h | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/include/linux/hung_task.h b/include/linux/hung_task.h
index 34e615c76ca5..69640f266a69 100644
--- a/include/linux/hung_task.h
+++ b/include/linux/hung_task.h
@@ -20,6 +20,10 @@
* always zero. So we can use these bits to encode the specific blocking
* type.
*
+ * Note that on architectures like m68k with only 2-byte alignment, the
+ * blocker tracking mechanism gracefully does nothing for any lock that is
+ * not 4-byte aligned.
+ *
* Type encoding:
* 00 - Blocked on mutex (BLOCKER_TYPE_MUTEX)
* 01 - Blocked on semaphore (BLOCKER_TYPE_SEM)
@@ -45,7 +49,7 @@ static inline void hung_task_set_blocker(void *lock, unsigned long type)
* If the lock pointer matches the BLOCKER_TYPE_MASK, return
* without writing anything.
*/
- if (WARN_ON_ONCE(lock_ptr & BLOCKER_TYPE_MASK))
+ if (lock_ptr & BLOCKER_TYPE_MASK)
return;
WRITE_ONCE(current->blocker, lock_ptr | type);
@@ -53,8 +57,6 @@ static inline void hung_task_set_blocker(void *lock, unsigned long type)
static inline void hung_task_clear_blocker(void)
{
- WARN_ON_ONCE(!READ_ONCE(current->blocker));
-
WRITE_ONCE(current->blocker, 0UL);
}
--
2.49.0
2 weeks, 4 days
- 2
- 2
[PATCH v10 1/3] scsi: sd: Fix build warning in sd_revalidate_disk()
by Abinash Singh
A build warning was triggered due to excessive stack usage in
sd_revalidate_disk():
drivers/scsi/sd.c: In function ‘sd_revalidate_disk.isra’:
drivers/scsi/sd.c:3824:1: warning: the frame size of 1160 bytes is larger than 1024 bytes [-Wframe-larger-than=]
This is caused by a large local struct queue_limits (~400B) allocated
on the stack. Replacing it with a heap allocation using kmalloc()
significantly reduces frame usage. Kernel stack is limited (~8 KB),
and allocating large structs on the stack is discouraged.
As the function already performs heap allocations (e.g. for buffer),
this change fits well.
Fixes: 804e498e0496 ("sd: convert to the atomic queue limits API")
Cc: stable(a)vger.kernel.org
Reviewed-by: Bart Van Assche <bvanassche(a)acm.org>
Signed-off-by: Abinash Singh <abinashsinghlalotra(a)gmail.com>
---
drivers/scsi/sd.c | 50 ++++++++++++++++++++++++++---------------------
1 file changed, 28 insertions(+), 22 deletions(-)
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
index 5b8668accf8e..bf12e23f1212 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
@@ -3696,10 +3696,10 @@ static int sd_revalidate_disk(struct gendisk *disk)
struct scsi_disk *sdkp = scsi_disk(disk);
struct scsi_device *sdp = sdkp->device;
sector_t old_capacity = sdkp->capacity;
- struct queue_limits lim;
- unsigned char *buffer;
+ struct queue_limits *lim = NULL;
+ unsigned char *buffer = NULL;
unsigned int dev_max;
- int err;
+ int err = 0;
SCSI_LOG_HLQUEUE(3, sd_printk(KERN_INFO, sdkp,
"sd_revalidate_disk\n"));
@@ -3711,6 +3711,10 @@ static int sd_revalidate_disk(struct gendisk *disk)
if (!scsi_device_online(sdp))
goto out;
+ lim = kmalloc(sizeof(*lim), GFP_KERNEL);
+ if (!lim)
+ goto out;
+
buffer = kmalloc(SD_BUF_SIZE, GFP_KERNEL);
if (!buffer) {
sd_printk(KERN_WARNING, sdkp, "sd_revalidate_disk: Memory "
@@ -3720,14 +3724,14 @@ static int sd_revalidate_disk(struct gendisk *disk)
sd_spinup_disk(sdkp);
- lim = queue_limits_start_update(sdkp->disk->queue);
+ *lim = queue_limits_start_update(sdkp->disk->queue);
/*
* Without media there is no reason to ask; moreover, some devices
* react badly if we do.
*/
if (sdkp->media_present) {
- sd_read_capacity(sdkp, &lim, buffer);
+ sd_read_capacity(sdkp, lim, buffer);
/*
* Some USB/UAS devices return generic values for mode pages
* until the media has been accessed. Trigger a READ operation
@@ -3741,17 +3745,17 @@ static int sd_revalidate_disk(struct gendisk *disk)
* cause this to be updated correctly and any device which
* doesn't support it should be treated as rotational.
*/
- lim.features |= (BLK_FEAT_ROTATIONAL | BLK_FEAT_ADD_RANDOM);
+ lim->features |= (BLK_FEAT_ROTATIONAL | BLK_FEAT_ADD_RANDOM);
if (scsi_device_supports_vpd(sdp)) {
sd_read_block_provisioning(sdkp);
- sd_read_block_limits(sdkp, &lim);
+ sd_read_block_limits(sdkp, lim);
sd_read_block_limits_ext(sdkp);
- sd_read_block_characteristics(sdkp, &lim);
- sd_zbc_read_zones(sdkp, &lim, buffer);
+ sd_read_block_characteristics(sdkp, lim);
+ sd_zbc_read_zones(sdkp, lim, buffer);
}
- sd_config_discard(sdkp, &lim, sd_discard_mode(sdkp));
+ sd_config_discard(sdkp, lim, sd_discard_mode(sdkp));
sd_print_capacity(sdkp, old_capacity);
@@ -3761,47 +3765,46 @@ static int sd_revalidate_disk(struct gendisk *disk)
sd_read_app_tag_own(sdkp, buffer);
sd_read_write_same(sdkp, buffer);
sd_read_security(sdkp, buffer);
- sd_config_protection(sdkp, &lim);
+ sd_config_protection(sdkp, lim);
}
/*
* We now have all cache related info, determine how we deal
* with flush requests.
*/
- sd_set_flush_flag(sdkp, &lim);
+ sd_set_flush_flag(sdkp, lim);
/* Initial block count limit based on CDB TRANSFER LENGTH field size. */
dev_max = sdp->use_16_for_rw ? SD_MAX_XFER_BLOCKS : SD_DEF_XFER_BLOCKS;
/* Some devices report a maximum block count for READ/WRITE requests. */
dev_max = min_not_zero(dev_max, sdkp->max_xfer_blocks);
- lim.max_dev_sectors = logical_to_sectors(sdp, dev_max);
+ lim->max_dev_sectors = logical_to_sectors(sdp, dev_max);
if (sd_validate_min_xfer_size(sdkp))
- lim.io_min = logical_to_bytes(sdp, sdkp->min_xfer_blocks);
+ lim->io_min = logical_to_bytes(sdp, sdkp->min_xfer_blocks);
else
- lim.io_min = 0;
+ lim->io_min = 0;
/*
* Limit default to SCSI host optimal sector limit if set. There may be
* an impact on performance for when the size of a request exceeds this
* host limit.
*/
- lim.io_opt = sdp->host->opt_sectors << SECTOR_SHIFT;
+ lim->io_opt = sdp->host->opt_sectors << SECTOR_SHIFT;
if (sd_validate_opt_xfer_size(sdkp, dev_max)) {
- lim.io_opt = min_not_zero(lim.io_opt,
+ lim->io_opt = min_not_zero(lim->io_opt,
logical_to_bytes(sdp, sdkp->opt_xfer_blocks));
}
sdkp->first_scan = 0;
set_capacity_and_notify(disk, logical_to_sectors(sdp, sdkp->capacity));
- sd_config_write_same(sdkp, &lim);
- kfree(buffer);
+ sd_config_write_same(sdkp, lim);
- err = queue_limits_commit_update_frozen(sdkp->disk->queue, &lim);
+ err = queue_limits_commit_update_frozen(sdkp->disk->queue, lim);
if (err)
- return err;
+ goto out;
/*
* Query concurrent positioning ranges after
@@ -3820,7 +3823,10 @@ static int sd_revalidate_disk(struct gendisk *disk)
set_capacity_and_notify(disk, 0);
out:
- return 0;
+ kfree(buffer);
+ kfree(lim);
+
+ return err;
}
/**
--
2.43.0
2 weeks, 4 days
- 2
- 1
[PATCH net] net: mana: Remove redundant netdev_lock_ops_to_full() calls
by Saurabh Sengar
NET_SHAPER is always selected for MANA driver. When NET_SHAPER is enabled,
netdev_lock_ops_to_full() reduces effectively to only an assert for lock,
which is always held in the path when NET_SHAPER is enabled.
Remove the redundant netdev_lock_ops_to_full() call.
Fixes: d5c8f0e4e0cb ("net: mana: Fix potential deadlocks in mana napi ops")
Cc: stable(a)vger.kernel.org
Signed-off-by: Saurabh Sengar <ssengar(a)linux.microsoft.com>
---
drivers/net/ethernet/microsoft/mana/mana_en.c | 10 ----------
1 file changed, 10 deletions(-)
diff --git a/drivers/net/ethernet/microsoft/mana/mana_en.c b/drivers/net/ethernet/microsoft/mana/mana_en.c
index 550843e2164b..f0dbf4e82e0b 100644
--- a/drivers/net/ethernet/microsoft/mana/mana_en.c
+++ b/drivers/net/ethernet/microsoft/mana/mana_en.c
@@ -2100,10 +2100,8 @@ static void mana_destroy_txq(struct mana_port_context *apc)
napi = &apc->tx_qp[i].tx_cq.napi;
if (apc->tx_qp[i].txq.napi_initialized) {
napi_synchronize(napi);
- netdev_lock_ops_to_full(napi->dev);
napi_disable_locked(napi);
netif_napi_del_locked(napi);
- netdev_unlock_full_to_ops(napi->dev);
apc->tx_qp[i].txq.napi_initialized = false;
}
mana_destroy_wq_obj(apc, GDMA_SQ, apc->tx_qp[i].tx_object);
@@ -2256,10 +2254,8 @@ static int mana_create_txq(struct mana_port_context *apc,
mana_create_txq_debugfs(apc, i);
set_bit(NAPI_STATE_NO_BUSY_POLL, &cq->napi.state);
- netdev_lock_ops_to_full(net);
netif_napi_add_locked(net, &cq->napi, mana_poll);
napi_enable_locked(&cq->napi);
- netdev_unlock_full_to_ops(net);
txq->napi_initialized = true;
mana_gd_ring_cq(cq->gdma_cq, SET_ARM_BIT);
@@ -2295,10 +2291,8 @@ static void mana_destroy_rxq(struct mana_port_context *apc,
if (napi_initialized) {
napi_synchronize(napi);
- netdev_lock_ops_to_full(napi->dev);
napi_disable_locked(napi);
netif_napi_del_locked(napi);
- netdev_unlock_full_to_ops(napi->dev);
}
xdp_rxq_info_unreg(&rxq->xdp_rxq);
@@ -2549,18 +2543,14 @@ static struct mana_rxq *mana_create_rxq(struct mana_port_context *apc,
gc->cq_table[cq->gdma_id] = cq->gdma_cq;
- netdev_lock_ops_to_full(ndev);
netif_napi_add_weight_locked(ndev, &cq->napi, mana_poll, 1);
- netdev_unlock_full_to_ops(ndev);
WARN_ON(xdp_rxq_info_reg(&rxq->xdp_rxq, ndev, rxq_idx,
cq->napi.napi_id));
WARN_ON(xdp_rxq_info_reg_mem_model(&rxq->xdp_rxq, MEM_TYPE_PAGE_POOL,
rxq->page_pool));
- netdev_lock_ops_to_full(ndev);
napi_enable_locked(&cq->napi);
- netdev_unlock_full_to_ops(ndev);
mana_gd_ring_cq(cq->gdma_cq, SET_ARM_BIT);
out:
--
2.43.0
2 weeks, 4 days
- 3
- 2
[PATCH 5.15.y] wifi: mac80211: check basic rates validity in sta_link_apply_parameters
by Hanne-Lotta Mäenpää
From: Mikhail Lobanov <m.lobanov(a)rosa.ru>
[ Upstream commit 16ee3ea8faef8ff042acc15867a6c458c573de61 ]
When userspace sets supported rates for a new station via
NL80211_CMD_NEW_STATION, it might send a list that's empty
or contains only invalid values. Currently, we process these
values in sta_link_apply_parameters() without checking the result of
ieee80211_parse_bitrates(), which can lead to an empty rates bitmap.
A similar issue was addressed for NL80211_CMD_SET_BSS in commit
ce04abc3fcc6 ("wifi: mac80211: check basic rates validity").
This patch applies the same approach in sta_link_apply_parameters()
for NL80211_CMD_NEW_STATION, ensuring there is at least one valid
rate by inspecting the result of ieee80211_parse_bitrates().
Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
Fixes: b95eb7f0eee4 ("wifi: cfg80211/mac80211: separate link params from station params")
Signed-off-by: Mikhail Lobanov <m.lobanov(a)rosa.ru>
Link: https://patch.msgid.link/20250317103139.17625-1-m.lobanov@rosa.ru
Signed-off-by: Johannes Berg <johannes.berg(a)intel.com>
[ Summary of conflict resolutions:
- Function ieee80211_parse_bitrates() takes channel width as its
first parameter in mainline kernel version. In v5.15 the function
takes the whole chandef struct as its first parameter.
- The same function takes link station parameters as its last
parameter, and in v5.15 they are in a struct called sta,
instead of a struct called link_sta. ]
Signed-off-by: Hanne-Lotta Mäenpää <hannelotta(a)gmail.com>
---
net/mac80211/cfg.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 2b77cb290788..706ff67f4254 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1658,12 +1658,13 @@ static int sta_apply_parameters(struct ieee80211_local *local,
return ret;
}
- if (params->supported_rates && params->supported_rates_len) {
- ieee80211_parse_bitrates(&sdata->vif.bss_conf.chandef,
- sband, params->supported_rates,
- params->supported_rates_len,
- &sta->sta.supp_rates[sband->band]);
- }
+ if (params->supported_rates &&
+ params->supported_rates_len &&
+ !ieee80211_parse_bitrates(&sdata->vif.bss_conf.chandef,
+ sband, params->supported_rates,
+ params->supported_rates_len,
+ &sta->sta.supp_rates[sband->band]))
+ return -EINVAL;
if (params->ht_capa)
ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
--
2.50.0
2 weeks, 4 days
- 1
- 0
+ mm-damon-core-set-quota-charged_from-to-jiffies-at-first-charge-window.patch added to mm-hotfixes-unstable branch
by Andrew Morton
The patch titled
Subject: mm/damon/core: set quota->charged_from to jiffies at first charge window
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
mm-damon-core-set-quota-charged_from-to-jiffies-at-first-charge-window.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Sang-Heon Jeon <ekffu200098(a)gmail.com>
Subject: mm/damon/core: set quota->charged_from to jiffies at first charge window
Date: Fri, 22 Aug 2025 11:50:57 +0900
Kernel initializes the "jiffies" timer as 5 minutes below zero, as shown
in include/linux/jiffies.h
/*
* Have the 32 bit jiffies value wrap 5 minutes after boot
* so jiffies wrap bugs show up earlier.
*/
#define INITIAL_JIFFIES ((unsigned long)(unsigned int) (-300*HZ))
And jiffies comparison help functions cast unsigned value to signed to
cover wraparound
#define time_after_eq(a,b) \
(typecheck(unsigned long, a) && \
typecheck(unsigned long, b) && \
((long)((a) - (b)) >= 0))
When quota->charged_from is initialized to 0, time_after_eq() can
incorrectly return FALSE even after reset_interval has elapsed. This
occurs when (jiffies - reset_interval) produces a value with MSB=1, which
is interpreted as negative in signed arithmetic.
This issue primarily affects 32-bit systems because: On 64-bit systems:
MSB=1 values occur after ~292 million years from boot (assuming HZ=1000),
almost impossible.
On 32-bit systems: MSB=1 values occur during the first 5 minutes after
boot, and the second half of every jiffies wraparound cycle, starting from
day 25 (assuming HZ=1000)
When above unexpected FALSE return from time_after_eq() occurs, the
charging window will not reset. The user impact depends on esz value at
that time.
If esz is 0, scheme ignores configured quotas and runs without any limits.
If esz is not 0, scheme stops working once the quota is exhausted. It
remains until the charging window finally resets.
So, change quota->charged_from to jiffies at damos_adjust_quota() when it
is considered as the first charge window. By this change, we can avoid
unexpected FALSE return from time_after_eq()
Link: https://lkml.kernel.org/r/20250822025057.1740854-1-ekffu200098@gmail.com
Fixes: 2b8a248d5873 ("mm/damon/schemes: implement size quota for schemes application speed control") # 5.16
Signed-off-by: Sang-Heon Jeon <ekffu200098(a)gmail.com>
Reviewed-by: SeongJae Park <sj(a)kernel.org>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/damon/core.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/mm/damon/core.c~mm-damon-core-set-quota-charged_from-to-jiffies-at-first-charge-window
+++ a/mm/damon/core.c
@@ -2111,6 +2111,10 @@ static void damos_adjust_quota(struct da
if (!quota->ms && !quota->sz && list_empty("a->goals))
return;
+ /* First charge window */
+ if (!quota->total_charged_sz && !quota->charged_from)
+ quota->charged_from = jiffies;
+
/* New charge window starts */
if (time_after_eq(jiffies, quota->charged_from +
msecs_to_jiffies(quota->reset_interval))) {
_
Patches currently in -mm which might be from ekffu200098(a)gmail.com are
mm-damon-core-set-quota-charged_from-to-jiffies-at-first-charge-window.patch
mm-damon-update-expired-description-of-damos_action.patch
docs-mm-damon-design-fix-typo-s-sz_trtied-sz_tried.patch
selftests-damon-test-no-op-commit-broke-damon-status.patch
selftests-damon-test-no-op-commit-broke-damon-status-fix.patch
mm-damon-tests-core-kunit-add-damos_commit_filter-test.patch
2 weeks, 4 days
- 1
- 0
+ mm-hugetlb-add-missing-hugetlb_lock-in-__unmap_hugepage_range.patch added to mm-hotfixes-unstable branch
by Andrew Morton
The patch titled
Subject: mm/hugetlb: add missing hugetlb_lock in __unmap_hugepage_range()
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
mm-hugetlb-add-missing-hugetlb_lock-in-__unmap_hugepage_range.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Jeongjun Park <aha310510(a)gmail.com>
Subject: mm/hugetlb: add missing hugetlb_lock in __unmap_hugepage_range()
Date: Sun, 24 Aug 2025 03:21:15 +0900
When restoring a reservation for an anonymous page, we need to check to
freeing a surplus. However, __unmap_hugepage_range() causes data race
because it reads h->surplus_huge_pages without the protection of
hugetlb_lock.
And adjust_reservation is a boolean variable that indicates whether
reservations for anonymous pages in each folio should be restored.
Therefore, it should be initialized to false for each round of the loop.
However, this variable is not initialized to false except when defining
the current adjust_reservation variable.
This means that once adjust_reservation is set to true even once within
the loop, reservations for anonymous pages will be restored
unconditionally in all subsequent rounds, regardless of the folio's state.
To fix this, we need to add the missing hugetlb_lock, unlock the
page_table_lock earlier so that we don't lock the hugetlb_lock inside the
page_table_lock lock, and initialize adjust_reservation to false on each
round within the loop.
Link: https://lkml.kernel.org/r/20250823182115.1193563-1-aha310510@gmail.com
Fixes: df7a6d1f6405 ("mm/hugetlb: restore the reservation if needed")
Signed-off-by: Jeongjun Park <aha310510(a)gmail.com>
Reported-by: syzbot+417aeb05fd190f3a6da9(a)syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=417aeb05fd190f3a6da9
Cc: Breno Leitao <leitao(a)debian.org>
Cc: David Hildenbrand <david(a)redhat.com>
Cc: Muchun Song <muchun.song(a)linux.dev>
Cc: Oscar Salvador <osalvador(a)suse.de>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
mm/hugetlb.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
--- a/mm/hugetlb.c~mm-hugetlb-add-missing-hugetlb_lock-in-__unmap_hugepage_range
+++ a/mm/hugetlb.c
@@ -5851,7 +5851,7 @@ void __unmap_hugepage_range(struct mmu_g
spinlock_t *ptl;
struct hstate *h = hstate_vma(vma);
unsigned long sz = huge_page_size(h);
- bool adjust_reservation = false;
+ bool adjust_reservation;
unsigned long last_addr_mask;
bool force_flush = false;
@@ -5944,6 +5944,7 @@ void __unmap_hugepage_range(struct mmu_g
sz);
hugetlb_count_sub(pages_per_huge_page(h), mm);
hugetlb_remove_rmap(folio);
+ spin_unlock(ptl);
/*
* Restore the reservation for anonymous page, otherwise the
@@ -5951,14 +5952,16 @@ void __unmap_hugepage_range(struct mmu_g
* If there we are freeing a surplus, do not set the restore
* reservation bit.
*/
+ adjust_reservation = false;
+
+ spin_lock_irq(&hugetlb_lock);
if (!h->surplus_huge_pages && __vma_private_lock(vma) &&
folio_test_anon(folio)) {
folio_set_hugetlb_restore_reserve(folio);
/* Reservation to be adjusted after the spin lock */
adjust_reservation = true;
}
-
- spin_unlock(ptl);
+ spin_unlock_irq(&hugetlb_lock);
/*
* Adjust the reservation for the region that will have the
_
Patches currently in -mm which might be from aha310510(a)gmail.com are
mm-hugetlb-add-missing-hugetlb_lock-in-__unmap_hugepage_range.patch
2 weeks, 4 days
- 1
- 0
+ kexec-arm64-initialize-the-random-field-of-kbuf-to-zero-in-the-image-loader.patch added to mm-hotfixes-unstable branch
by Andrew Morton
The patch titled
Subject: kexec/arm64: initialize the random field of kbuf to zero in the image loader
has been added to the -mm mm-hotfixes-unstable branch. Its filename is
kexec-arm64-initialize-the-random-field-of-kbuf-to-zero-in-the-image-loader.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche…
This patch will later appear in the mm-hotfixes-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Breno Leitao <leitao(a)debian.org>
Subject: kexec/arm64: initialize the random field of kbuf to zero in the image loader
Date: Thu Aug 21 04:11:21 2025 -0700
Add an explicit initialization for the random member of the kbuf structure
within the image_load function in arch/arm64/kernel/kexec_image.c.
Setting kbuf.random to zero ensures a deterministic and clean starting
state for the buffer used during kernel image loading, avoiding this UBSAN
issue later, when kbuf.random is read.
[ 32.362488] UBSAN: invalid-load in ./include/linux/kexec.h:210:10
[ 32.362649] load of value 252 is not a valid value for type '_Bool'
Link: https://lkml.kernel.org/r/oninomspajhxp4omtdapxnckxydbk2nzmrix7rggmpukpnzad…
Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf randomly
Signed-off-by: Breno Leitao <leitao(a)debian.org>
Cc: Baoquan He <bhe(a)redhat.com>
Cc: Coiby Xu <coxu(a)redhat.com>
Cc: "Daniel P. Berrange" <berrange(a)redhat.com>
Cc: Dave Hansen <dave.hansen(a)intel.com>
Cc: Dave Young <dyoung(a)redhat.com>
Cc: Kairui Song <ryncsn(a)gmail.com>
Cc: Liu Pingfan <kernelfans(a)gmail.com>
Cc: Milan Broz <gmazyland(a)gmail.com>
Cc: Ondrej Kozina <okozina(a)redhat.com>
Cc: Vitaly Kuznetsov <vkuznets(a)redhat.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
---
arch/arm64/kernel/kexec_image.c | 1 +
1 file changed, 1 insertion(+)
--- a/arch/arm64/kernel/kexec_image.c~kexec-arm64-initialize-the-random-field-of-kbuf-to-zero-in-the-image-loader
+++ a/arch/arm64/kernel/kexec_image.c
@@ -76,6 +76,7 @@ static void *image_load(struct kimage *i
kbuf.buf_min = 0;
kbuf.buf_max = ULONG_MAX;
kbuf.top_down = false;
+ kbuf.random = 0;
kbuf.buffer = kernel;
kbuf.bufsz = kernel_len;
_
Patches currently in -mm which might be from leitao(a)debian.org are
kexec-arm64-initialize-the-random-field-of-kbuf-to-zero-in-the-image-loader.patch
2 weeks, 4 days
- 1
- 0
[PATCH] net/dccp: validate Reset/Close/CloseReq in DCCP_REQUESTING
by Yizhou Zhao
DCCP sockets in DCCP_REQUESTING state do not check the sequence number
or acknowledgment number for incoming Reset, CloseReq, and Close packets.
As a result, an attacker can send a spoofed Reset packet while the client
is in the requesting state. The client will accept the packet without
verification and immediately close the connection, causing a denial of
service (DoS) attack.
This patch moves the processing of Reset, Close, and CloseReq packets
into dccp_rcv_request_sent_state_process() and validates the ack number
before accepting them.
This fix should apply to stable versions *only* in Linux 5.x and 6.x.
Note that DCCP was removed in Linux 6.16, so this patch is only relevant
for older versions. We tested it on Ubuntu 24.04 LTS (Linux 6.8) and
it worked as expected.
Signed-off-by: Yizhou Zhao <zhaoyz24(a)mails.tsinghua.edu.cn>
Cc: stable(a)vger.kernel.org
Signed-off-by: Yizhou Zhao <zhaoyz24(a)mails.tsinghua.edu.cn>
---
net/dccp/input.c | 54 ++++++++++++++++++++++++++++--------------------
1 file changed, 32 insertions(+), 22 deletions(-)
diff --git a/net/dccp/input.c b/net/dccp/input.c
index 2cbb757a8..0b1ffb044 100644
--- a/net/dccp/input.c
+++ b/net/dccp/input.c
@@ -397,21 +397,22 @@ static int dccp_rcv_request_sent_state_process(struct sock *sk,
* / * Response processing continues in Step 10; Reset
* processing continues in Step 9 * /
*/
+ struct dccp_sock *dp = dccp_sk(sk);
+
+ if (!between48(DCCP_SKB_CB(skb)->dccpd_ack_seq,
+ dp->dccps_awl, dp->dccps_awh)) {
+ dccp_pr_debug("invalid ackno: S.AWL=%llu, "
+ "P.ackno=%llu, S.AWH=%llu\n",
+ (unsigned long long)dp->dccps_awl,
+ (unsigned long long)DCCP_SKB_CB(skb)->dccpd_ack_seq,
+ (unsigned long long)dp->dccps_awh);
+ goto out_invalid_packet;
+ }
+
if (dh->dccph_type == DCCP_PKT_RESPONSE) {
const struct inet_connection_sock *icsk = inet_csk(sk);
- struct dccp_sock *dp = dccp_sk(sk);
- long tstamp = dccp_timestamp();
-
- if (!between48(DCCP_SKB_CB(skb)->dccpd_ack_seq,
- dp->dccps_awl, dp->dccps_awh)) {
- dccp_pr_debug("invalid ackno: S.AWL=%llu, "
- "P.ackno=%llu, S.AWH=%llu\n",
- (unsigned long long)dp->dccps_awl,
- (unsigned long long)DCCP_SKB_CB(skb)->dccpd_ack_seq,
- (unsigned long long)dp->dccps_awh);
- goto out_invalid_packet;
- }
+ long tstamp = dccp_timestamp();
/*
* If option processing (Step 8) failed, return 1 here so that
* dccp_v4_do_rcv() sends a Reset. The Reset code depends on
@@ -496,6 +497,13 @@ static int dccp_rcv_request_sent_state_process(struct sock *sk,
}
dccp_send_ack(sk);
return -1;
+ } else if (dh->dccph_type == DCCP_PKT_RESET) {
+ dccp_rcv_reset(sk, skb);
+ return 0;
+ } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) {
+ return dccp_rcv_closereq(sk, skb);
+ } else if (dh->dccph_type == DCCP_PKT_CLOSE) {
+ return dccp_rcv_close(sk, skb);
}
out_invalid_packet:
@@ -658,17 +666,19 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
* Set TIMEWAIT timer
* Drop packet and return
*/
- if (dh->dccph_type == DCCP_PKT_RESET) {
- dccp_rcv_reset(sk, skb);
- return 0;
- } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) { /* Step 13 */
- if (dccp_rcv_closereq(sk, skb))
- return 0;
- goto discard;
- } else if (dh->dccph_type == DCCP_PKT_CLOSE) { /* Step 14 */
- if (dccp_rcv_close(sk, skb))
+ if (sk->sk_state != DCCP_REQUESTING) {
+ if (dh->dccph_type == DCCP_PKT_RESET) {
+ dccp_rcv_reset(sk, skb);
return 0;
- goto discard;
+ } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) { /* Step 13 */
+ if (dccp_rcv_closereq(sk, skb))
+ return 0;
+ goto discard;
+ } else if (dh->dccph_type == DCCP_PKT_CLOSE) { /* Step 14 */
+ if (dccp_rcv_close(sk, skb))
+ return 0;
+ goto discard;
+ }
}
switch (sk->sk_state) {
--
2.34.1
2 weeks, 4 days
- 1
- 0
[PATCH] net/dccp: validate Reset/Close/CloseReq in DCCP_REQUESTING
by Yizhou Zhao
DCCP sockets in DCCP_REQUESTING state do not check the sequence number
or acknowledgment number for incoming Reset, CloseReq, and Close packets.
As a result, an attacker can send a spoofed Reset packet while the client
is in the requesting state. The client will accept the packet without
verification and immediately close the connection, causing a denial of
service (DoS) attack.
This patch moves the processing of Reset, Close, and CloseReq packets
into dccp_rcv_request_sent_state_process() and validates the ack number
before accepting them.
This fix should apply to Linux 5.x and 6.x, including stable versions.
Note that DCCP was removed in Linux 6.16, so this patch is only relevant
for older versions. We tested it on Ubuntu 24.04 LTS (Linux 6.8) and
it worked as expected.
Signed-off-by: Yizhou Zhao <zhaoyz24(a)mails.tsinghua.edu.cn>
Cc: stable(a)vger.kernel.org
---
net/dccp/input.c | 54 ++++++++++++++++++++++++++++--------------------
1 file changed, 32 insertions(+), 22 deletions(-)
diff --git a/net/dccp/input.c b/net/dccp/input.c
index 2cbb757a8..0b1ffb044 100644
--- a/net/dccp/input.c
+++ b/net/dccp/input.c
@@ -397,21 +397,22 @@ static int dccp_rcv_request_sent_state_process(struct sock *sk,
* / * Response processing continues in Step 10; Reset
* processing continues in Step 9 * /
*/
+ struct dccp_sock *dp = dccp_sk(sk);
+
+ if (!between48(DCCP_SKB_CB(skb)->dccpd_ack_seq,
+ dp->dccps_awl, dp->dccps_awh)) {
+ dccp_pr_debug("invalid ackno: S.AWL=%llu, "
+ "P.ackno=%llu, S.AWH=%llu\n",
+ (unsigned long long)dp->dccps_awl,
+ (unsigned long long)DCCP_SKB_CB(skb)->dccpd_ack_seq,
+ (unsigned long long)dp->dccps_awh);
+ goto out_invalid_packet;
+ }
+
if (dh->dccph_type == DCCP_PKT_RESPONSE) {
const struct inet_connection_sock *icsk = inet_csk(sk);
- struct dccp_sock *dp = dccp_sk(sk);
- long tstamp = dccp_timestamp();
-
- if (!between48(DCCP_SKB_CB(skb)->dccpd_ack_seq,
- dp->dccps_awl, dp->dccps_awh)) {
- dccp_pr_debug("invalid ackno: S.AWL=%llu, "
- "P.ackno=%llu, S.AWH=%llu\n",
- (unsigned long long)dp->dccps_awl,
- (unsigned long long)DCCP_SKB_CB(skb)->dccpd_ack_seq,
- (unsigned long long)dp->dccps_awh);
- goto out_invalid_packet;
- }
+ long tstamp = dccp_timestamp();
/*
* If option processing (Step 8) failed, return 1 here so that
* dccp_v4_do_rcv() sends a Reset. The Reset code depends on
@@ -496,6 +497,13 @@ static int dccp_rcv_request_sent_state_process(struct sock *sk,
}
dccp_send_ack(sk);
return -1;
+ } else if (dh->dccph_type == DCCP_PKT_RESET) {
+ dccp_rcv_reset(sk, skb);
+ return 0;
+ } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) {
+ return dccp_rcv_closereq(sk, skb);
+ } else if (dh->dccph_type == DCCP_PKT_CLOSE) {
+ return dccp_rcv_close(sk, skb);
}
out_invalid_packet:
@@ -658,17 +666,19 @@ int dccp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
* Set TIMEWAIT timer
* Drop packet and return
*/
- if (dh->dccph_type == DCCP_PKT_RESET) {
- dccp_rcv_reset(sk, skb);
- return 0;
- } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) { /* Step 13 */
- if (dccp_rcv_closereq(sk, skb))
- return 0;
- goto discard;
- } else if (dh->dccph_type == DCCP_PKT_CLOSE) { /* Step 14 */
- if (dccp_rcv_close(sk, skb))
+ if (sk->sk_state != DCCP_REQUESTING) {
+ if (dh->dccph_type == DCCP_PKT_RESET) {
+ dccp_rcv_reset(sk, skb);
return 0;
- goto discard;
+ } else if (dh->dccph_type == DCCP_PKT_CLOSEREQ) { /* Step 13 */
+ if (dccp_rcv_closereq(sk, skb))
+ return 0;
+ goto discard;
+ } else if (dh->dccph_type == DCCP_PKT_CLOSE) { /* Step 14 */
+ if (dccp_rcv_close(sk, skb))
+ return 0;
+ goto discard;
+ }
}
switch (sk->sk_state) {
--
2.34.1
2 weeks, 4 days
- 2
- 1
[REGRESSION] IPv6 RA default router advertisement fails after kernel 6.12.42 updates
by 喵公子
Hi,
While testing Linux kernel 6.12.42 on OpenWrt, we observed a
regression in IPv6 Router Advertisement (RA) handling for the default
router.
Affected commits
The following commits appear related and may have introduced the issue:
ipv6: fix possible infinite loop in fib6_info_uses_dev():
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=…
ipv6: prevent infinite loop in rt6_nlmsg_size():
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=…
ipv6: annotate data-races around rt->fib6_nsiblings:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=…
Problem description:
In Linux kernel 6.12.42, IPv6 FIB multipath and concurrent access
handling was made stricter (READ_ONCE / WRITE_ONCE + RCU retry).
The RA “Automatic” mode relies on checking whether a local default route exists.
With the stricter FIB handling, this check can fail in multipath scenarios.
As a result, RA does not advertise a default route, and IPv6 clients
on LAN fail to receive the default gateway.
Steps to reproduce
Run OpenWrt with kernel 6.12.42 (or 6.12.43) on a router with br-lan bridge.
Configure IPv6 RA in Automatic default router mode.
Observe that no default route is advertised to clients (though
prefixes may still be delivered).
Expected behavior
Router Advertisement should continue to advertise the default route as
in kernel 6.12.41 and earlier.
Client IPv6 connectivity should not break.
Actual behavior
RA fails to advertise a default route in Automatic mode.
Clients do not install a default IPv6 route → connectivity fails.
Temporary workaround
Change RA default router mode from Automatic → Always / Use available
prefixes in OpenWrt.
This bypasses the dependency on local default route check and restores
correct RA behavior.
Additional notes
This appears to be an unintended side effect of the stricter FIB
handling changes introduced in 6.12.42. Please advise if this has
already been reported or if I should prepare a minimal reproducer
outside OpenWrt.
Thanks,
[GitHub: mgz0227]
2 weeks, 4 days
- 2
- 1
[PATCH v2] btrfs: do more strict compressed read merge check
by Qu Wenruo
[BUG]
When running test case generic/457, there is a chance to hit the
following error, with 64K page size and 4K btrfs block size, and
"compress=zstd" mount option:
FSTYP -- btrfs
PLATFORM -- Linux/aarch64 btrfs-aarch64 6.17.0-rc2-custom+ #129 SMP PREEMPT_DYNAMIC Wed Aug 20 18:52:51 ACST 2025
MKFS_OPTIONS -- -s 4k /dev/mapper/test-scratch1
MOUNT_OPTIONS -- -o compress=zstd /dev/mapper/test-scratch1 /mnt/scratch
generic/457 2s ... [failed, exit status 1]- output mismatch (see /home/adam/xfstests-dev/results//generic/457.out.bad)
--- tests/generic/457.out 2024-04-25 18:13:45.160550980 +0930
+++ /home/adam/xfstests-dev/results//generic/457.out.bad 2025-08-22 16:09:41.039352391 +0930
@@ -1,2 +1,3 @@
QA output created by 457
-Silence is golden
+testfile6 end md5sum mismatched
+(see /home/adam/xfstests-dev/results//generic/457.full for details)
...
(Run 'diff -u /home/adam/xfstests-dev/tests/generic/457.out /home/adam/xfstests-dev/results//generic/457.out.bad' to see the entire diff)
The root problem is, after certain fsx operations the file contents
change just after a mount cycle.
There is a much smaller reproducer based on that test case, which I
mainly used to debug the bug:
workload() {
mkfs.btrfs -f $dev > /dev/null
dmesg -C
trace-cmd clear
mount -o compress=zstd $dev $mnt
xfs_io -f -c "pwrite -S 0xff 0 256K" -c "sync" $mnt/base > /dev/null
cp --reflink=always -p -f $mnt/base $mnt/file
$fsx -N 4 -d -k -S 3746842 $mnt/file
if [ $? -ne 0 ]; then
echo "!!! FSX FAILURE !!!"
fail
fi
csum_before=$(_md5_checksum $mnt/file)
stop_trace
umount $mnt
mount $dev $mnt
csum_after=$(_md5_checksum $mnt/file)
umount $mnt
if [ "$csum_before" != "$csum_after" ]; then
echo "!!! CSUM MISMATCH !!!"
fail
fi
}
This seed value will cause 100% reproducible csum mismatch after a mount
cycle.
The seed value results only 2 real operations:
Seed set to 3746842
main: filesystem does not support fallocate mode FALLOC_FL_UNSHARE_RANGE, disabling!
main: filesystem does not support fallocate mode FALLOC_FL_COLLAPSE_RANGE, disabling!
main: filesystem does not support fallocate mode FALLOC_FL_INSERT_RANGE, disabling!
main: filesystem does not support exchange range, disabling!
main: filesystem does not support dontcache IO, disabling!
2 clone from 0x3b000 to 0x3f000, (0x4000 bytes) at 0x1f000
3 write 0x2975b thru 0x2ba20 (0x22c6 bytes) dontcache=0
All 4 operations completed A-OK!
[CAUSE]
With extra debug trace_printk(), the following sequence can explain the
root cause:
fsx-3900290 [002] ..... 161696.160966: btrfs_submit_compressed_read: r/i=5/258 file_off=131072 em start=126976 len=16384
The "r/i" is showing the root id and the ino number.
In this case, my minimal reproducer is indeed using inode 258 of
subvolume 5, and that's the inode with changing contents.
The above trace is from the function btrfs_submit_compressed_read(),
triggered by fsx to read the folio at file offset 128K.
Notice that the extent map, it's at offset 124K, with a length of 16K.
This means the extent map only covers the first 12K (3 blocks) of the
folio 128K.
fsx-3900290 [002] ..... 161696.160969: trace_dump_cb: btrfs_submit_compressed_read, r/i=5/258 file off start=131072 len=65536 bi_size=65536
This is the line I used to dump the basic info of a bbio, which shows the
bi_size is 64K, aka covering the whole 64K folio at file offset 128K.
But remember, the extent map only covers 3 blocks, definitely not enough
to cover the whole 64K folio at 128K file offset.
kworker/u19:1-3748349 [002] ..... 161696.161154: btrfs_decompress_buf2page: r/i=5/258 file_off=131072 copy_len=4096 content=ffff
kworker/u19:1-3748349 [002] ..... 161696.161155: btrfs_decompress_buf2page: r/i=5/258 file_off=135168 copy_len=4096 content=ffff
kworker/u19:1-3748349 [002] ..... 161696.161156: btrfs_decompress_buf2page: r/i=5/258 file_off=139264 copy_len=4096 content=ffff
kworker/u19:1-3748349 [002] ..... 161696.161157: btrfs_decompress_buf2page: r/i=5/258 file_off=143360 copy_len=4096 content=ffff
The above lines show that btrfs_decompress_buf2page() called by zstd
decompress code is copying the decompressed content into the filemap.
But notice that, the last line is already beyond the extent map range.
Furthermore, there are no more compressed content copy, as the
compressed bio only has the extent map to cover the first 3 blocks (the
4th block copy is already incorrect).
kworker/u19:1-3748349 [002] ..... 161696.161161: trace_dump_cb: r/i=5/258 file_pos=131072 content=ffff
kworker/u19:1-3748349 [002] ..... 161696.161161: trace_dump_cb: r/i=5/258 file_pos=135168 content=ffff
kworker/u19:1-3748349 [002] ..... 161696.161162: trace_dump_cb: r/i=5/258 file_pos=139264 content=ffff
kworker/u19:1-3748349 [002] ..... 161696.161162: trace_dump_cb: r/i=5/258 file_pos=143360 content=ffff
kworker/u19:1-3748349 [002] ..... 161696.161162: trace_dump_cb: r/i=5/258 file_pos=147456 content=0000
This is the extra dumpping of the compressed bio, after file offset
140K (143360), the content is all zero, which is incorrect.
The zero is there because we didn't copy anything into the folio.
The root cause of the corruption is, we are submitting a compressed read
for a whole folio, but the extent map we get only covers the first 3
blocks, meaning the compressed read path is merging reads that shouldn't
be merged.
The involved file extents are:
item 19 key (258 EXTENT_DATA 126976) itemoff 15143 itemsize 53
generation 9 type 1 (regular)
extent data disk byte 13635584 nr 4096
extent data offset 110592 nr 16384 ram 131072
extent compression 3 (zstd)
item 20 key (258 EXTENT_DATA 143360) itemoff 15090 itemsize 53
generation 9 type 1 (regular)
extent data disk byte 13635584 nr 4096
extent data offset 12288 nr 24576 ram 131072
extent compression 3 (zstd)
Note that, both extents at 124K and 140K are pointing to the same
compressed extent, but with different offset.
This means, we reads of range [124K, 140K) and [140K, 165K) should not
be merged.
But read merge check function, btrfs_bio_is_contig(), is only checking
the disk_bytenr of two compressed reads, as there are not enough info
like the involved extent maps to do more comprehensive checks, resulting
the incorrect compressed read.
Unfortunately this is a long existing bug, way before subpage block size
support.
But subpage block size support (and experimental large folio support)
makes it much easier to detect.
If block size equals page size, regular page read will only read one
block each time, thus no extent map sharing nor merge.
(This means for bs == ps cases, it's still possible to hit the bug with
readahead, just we don't have test coverage with content verification
for readahead)
[FIX]
Save the last hit compressed extent map start/len into btrfs_bio_ctrl,
and check if the current extent map is the same as the saved one.
Here we only save em::start/len to save memory for btrfs_bio_ctrl, as
it's using the stack memory, which is a very limited resource inside the
kernel.
Since the compressed extent maps are never merged, their start/len are
unique inside the same inode, thus just checking start/len will be
enough to make sure they are the same extent map.
If the extent maps do not match, force submitting the current bio, so
that the read will never be merged.
CC: stable(a)vger.kernel.org
Signed-off-by: Qu Wenruo <wqu(a)suse.com>
---
v2:
- Only save extent_map::start/len to save memory for btrfs_bio_ctrl
It's using on-stack memory which is very limited inside the kernel.
- Remove the commit message mentioning of clearing last saved em
Since we're using em::start/len, there is no need to clear them.
Either we hit the same em::start/len, meaning hitting the same extent
map, or we hit a different em, which will have a different start/len.
---
fs/btrfs/extent_io.c | 52 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)
diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c
index 0c12fd64a1f3..418e3bf40f94 100644
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -131,6 +131,22 @@ struct btrfs_bio_ctrl {
*/
unsigned long submit_bitmap;
struct readahead_control *ractl;
+
+ /*
+ * The start/len of the last hit compressed extent map.
+ *
+ * The current btrfs_bio_is_contig() only uses disk_bytenr as
+ * the condition to check if the read can be merged with previous
+ * bio, which is not correct. E.g. two file extents pointing to the
+ * same extent.
+ *
+ * So here we need to do extra check to merge reads that are
+ * covered by the same extent map.
+ * Just extent_map::start/len will be enough, as they are unique
+ * inside the same inode.
+ */
+ u64 last_compress_em_start;
+ u64 last_compress_em_len;
};
/*
@@ -957,6 +973,32 @@ static void btrfs_readahead_expand(struct readahead_control *ractl,
readahead_expand(ractl, ra_pos, em_end - ra_pos);
}
+static void save_compressed_em(struct btrfs_bio_ctrl *bio_ctrl,
+ const struct extent_map *em)
+{
+ if (btrfs_extent_map_compression(em) == BTRFS_COMPRESS_NONE)
+ return;
+ bio_ctrl->last_compress_em_start = em->start;
+ bio_ctrl->last_compress_em_len = em->len;
+}
+
+static bool is_same_compressed_em(struct btrfs_bio_ctrl *bio_ctrl,
+ const struct extent_map *em)
+{
+ /*
+ * Only if the em is completely the same as the previous one we can merge
+ * the current folio in the read bio.
+ *
+ * Here we only need to compare the em->start/len against saved
+ * last_compress_em_start/len, as start/len inside an inode are unique,
+ * and compressed extent maps are never merged.
+ */
+ if (em->start != bio_ctrl->last_compress_em_start ||
+ em->len != bio_ctrl->last_compress_em_len)
+ return false;
+ return true;
+}
+
/*
* basic readpage implementation. Locked extent state structs are inserted
* into the tree that are removed when the IO is done (by the end_io
@@ -1080,9 +1122,19 @@ static int btrfs_do_readpage(struct folio *folio, struct extent_map **em_cached,
*prev_em_start != em->start)
force_bio_submit = true;
+ /*
+ * We must ensure we only merge compressed read when the current
+ * extent map matches the previous one exactly.
+ */
+ if (compress_type != BTRFS_COMPRESS_NONE) {
+ if (!is_same_compressed_em(bio_ctrl, em))
+ force_bio_submit = true;
+ }
+
if (prev_em_start)
*prev_em_start = em->start;
+ save_compressed_em(bio_ctrl, em);
em_gen = em->generation;
btrfs_free_extent_map(em);
em = NULL;
--
2.50.1
2 weeks, 4 days
- 2
- 2
September Quote - RFQ
by Sales
Hi,
Please provide a quote for your products:
Include:
1.Pricing (per unit)
2.Delivery cost & timeline
3.Quote expiry date
Deadline: September
Thanks!
Kamal Prasad
Albinayah Trading
2 weeks, 4 days
- 1
- 0
Backport of Patch CVE-2025-21751 to kernel 6.12.43
by Subramaniam, Sujana
Dear Kernel Developers,
Hereby we attach patch backported from kernel 6.13 (as proposed by Greg k-h on the full disclosure mailing list) to 6.12 for CVE-2025-21751 vulnerability.
This patch was tested on metal and virtual machines and rolled out in production.
I hope patch is sufficient for cherry-pick. Please let us know if something has to be updated/modified.
Regards,
Sujana, Akendo
2 weeks, 4 days
- 3
- 2
[PATCH v3 1/3] drm/nouveau: fix error path in nvkm_gsp_fwsec_v2
by Timur Tabi
Function nvkm_gsp_fwsec_v2() sets 'ret' if the kmemdup() call fails, but
it never uses or returns 'ret' after that point. We always need to release
the firmware regardless, so do that and then check for error.
Fixes: 176fdcbddfd2 ("drm/nouveau/gsp/r535: add support for booting GSP-RM")
Cc: stable(a)vger.kernel.org # v6.7+
Signed-off-by: Timur Tabi <ttabi(a)nvidia.com>
---
drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c
index 52412965fac1..5b721bd9d799 100644
--- a/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c
+++ b/drivers/gpu/drm/nouveau/nvkm/subdev/gsp/fwsec.c
@@ -209,11 +209,12 @@ nvkm_gsp_fwsec_v2(struct nvkm_gsp *gsp, const char *name,
fw->boot_addr = bld->start_tag << 8;
fw->boot_size = bld->code_size;
fw->boot = kmemdup(bl->data + hdr->data_offset + bld->code_off, fw->boot_size, GFP_KERNEL);
- if (!fw->boot)
- ret = -ENOMEM;
nvkm_firmware_put(bl);
+ if (!fw->boot)
+ return -ENOMEM;
+
/* Patch in interface data. */
return nvkm_gsp_fwsec_patch(gsp, fw, desc->InterfaceOffset, init_cmd);
}
--
2.43.0
2 weeks, 4 days
- 2
- 1
FAILED: patch "[PATCH] tls: fix handling of zero-length records on the rx_list" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 62708b9452f8eb77513115b17c4f8d1a22ebf843
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082443-caliber-swung-4d8f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 62708b9452f8eb77513115b17c4f8d1a22ebf843 Mon Sep 17 00:00:00 2001
From: Jakub Kicinski <kuba(a)kernel.org>
Date: Tue, 19 Aug 2025 19:19:51 -0700
Subject: [PATCH] tls: fix handling of zero-length records on the rx_list
Each recvmsg() call must process either
- only contiguous DATA records (any number of them)
- one non-DATA record
If the next record has different type than what has already been
processed we break out of the main processing loop. If the record
has already been decrypted (which may be the case for TLS 1.3 where
we don't know type until decryption) we queue the pending record
to the rx_list. Next recvmsg() will pick it up from there.
Queuing the skb to rx_list after zero-copy decrypt is not possible,
since in that case we decrypted directly to the user space buffer,
and we don't have an skb to queue (darg.skb points to the ciphertext
skb for access to metadata like length).
Only data records are allowed zero-copy, and we break the processing
loop after each non-data record. So we should never zero-copy and
then find out that the record type has changed. The corner case
we missed is when the initial record comes from rx_list, and it's
zero length.
Reported-by: Muhammad Alifa Ramdhan <ramdhan(a)starlabs.sg>
Reported-by: Billy Jheng Bing-Jhong <billy(a)starlabs.sg>
Fixes: 84c61fe1a75b ("tls: rx: do not use the standard strparser")
Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net>
Link: https://patch.msgid.link/20250820021952.143068-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 51c98a007dda..bac65d0d4e3e 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1808,6 +1808,9 @@ int decrypt_skb(struct sock *sk, struct scatterlist *sgout)
return tls_decrypt_sg(sk, NULL, sgout, &darg);
}
+/* All records returned from a recvmsg() call must have the same type.
+ * 0 is not a valid content type. Use it as "no type reported, yet".
+ */
static int tls_record_content_type(struct msghdr *msg, struct tls_msg *tlm,
u8 *control)
{
@@ -2051,8 +2054,10 @@ int tls_sw_recvmsg(struct sock *sk,
if (err < 0)
goto end;
+ /* process_rx_list() will set @control if it processed any records */
copied = err;
- if (len <= copied || (copied && control != TLS_RECORD_TYPE_DATA) || rx_more)
+ if (len <= copied || rx_more ||
+ (control && control != TLS_RECORD_TYPE_DATA))
goto end;
target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
2 weeks, 4 days
- 3
- 2
[REGRESSION] fs: ERR_PTR dereference in expand_files() on v6.12.43
by Nathan Gao
Hi,
I noticed an ERR_PTR dereference issue in expand_files() on kernel 6.12.43
when allocating large file descriptor tables. The issue occurs when
alloc_fdtable() returns ERR_PTR(-EMFILE) for large nr input, but
expand_fdtable() is not properly checking these error returns. dup_fd()
seems also have the issue, missing proper ERR_PTR handling.
The ERR_PTR return was introduced by d4f9351243c1 ("fs: Prevent file
descriptor table allocations exceeding INT_MAX") which adds INT_MAX limit
check in alloc_fdtable().
I was able to trigger this with the unshare_test selftest:
[ 40.283906] BUG: unable to handle page fault for address: ffffffffffffffe8
...
[ 40.287436] RIP: 0010:expand_files+0x7e/0x1c0
...
[ 40.366211] Kernel panic - not syncing: Fatal exception
Looking at the upstream kernel, this can be addressed by Al Viro's
fdtable series [1], which added the ERR_PTR handling in this code path.
Perhaps backporting this series, especially 1d3b4be ("alloc_fdtable():
change calling conventions.") would help resolve the issue.
Thanks for all the work on stable tree.
Best,
Nathan Gao
[1] https://lore.kernel.org/all/20241007173912.GR4017910@ZenIV/
Signed-off-by: Nathan Gao <zcgao(a)amazon.com>
--
2.47.3
2 weeks, 4 days
- 2
- 1
[PATCH v2 4/4] openat2: don't trigger automounts with RESOLVE_NO_XDEV
by Askar Safin
openat2 had a bug: if we pass RESOLVE_NO_XDEV, then openat2
doesn't traverse through automounts, but may still trigger them.
(See the link for full bug report with reproducer.)
This commit fixes this bug.
Link: https://lore.kernel.org/linux-fsdevel/20250817075252.4137628-1-safinaskar@z…
Fixes: fddb5d430ad9fa91b49b1 ("open: introduce openat2(2) syscall")
Reviewed-by: Aleksa Sarai <cyphar(a)cyphar.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Askar Safin <safinaskar(a)zohomail.com>
---
fs/namei.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/fs/namei.c b/fs/namei.c
index c23e5a076ab3..bfa8232b94dc 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1449,6 +1449,10 @@ static int follow_automount(struct path *path, int *count, unsigned lookup_flags
dentry->d_inode)
return -EISDIR;
+ /* No need to trigger automounts if mountpoint crossing is disabled. */
+ if (lookup_flags & LOOKUP_NO_XDEV)
+ return -EXDEV;
+
if (count && (*count)++ >= MAXSYMLINKS)
return -ELOOP;
@@ -1472,6 +1476,10 @@ static int __traverse_mounts(struct path *path, unsigned flags, bool *jumped,
/* Allow the filesystem to manage the transit without i_rwsem
* being held. */
if (flags & DCACHE_MANAGE_TRANSIT) {
+ if (lookup_flags & LOOKUP_NO_XDEV) {
+ ret = -EXDEV;
+ break;
+ }
ret = path->dentry->d_op->d_manage(path, false);
flags = smp_load_acquire(&path->dentry->d_flags);
if (ret < 0)
--
2.47.2
2 weeks, 4 days
- 1
- 0
[PATCH V4 mm-hotfixes 2/3] mm: introduce and use {pgd,p4d}_populate_kernel()
by Harry Yoo
Introduce and use {pgd,p4d}_populate_kernel() in core MM code when
populating PGD and P4D entries for the kernel address space.
These helpers ensure proper synchronization of page tables when
updating the kernel portion of top-level page tables.
Until now, the kernel has relied on each architecture to handle
synchronization of top-level page tables in an ad-hoc manner.
For example, see commit 9b861528a801 ("x86-64, mem: Update all PGDs for
direct mapping and vmemmap mapping changes").
However, this approach has proven fragile for following reasons:
1) It is easy to forget to perform the necessary page table
synchronization when introducing new changes.
For instance, commit 4917f55b4ef9 ("mm/sparse-vmemmap: improve memory
savings for compound devmaps") overlooked the need to synchronize
page tables for the vmemmap area.
2) It is also easy to overlook that the vmemmap and direct mapping areas
must not be accessed before explicit page table synchronization.
For example, commit 8d400913c231 ("x86/vmemmap: handle unpopulated
sub-pmd ranges")) caused crashes by accessing the vmemmap area
before calling sync_global_pgds().
To address this, as suggested by Dave Hansen, introduce _kernel() variants
of the page table population helpers, which invoke architecture-specific
hooks to properly synchronize page tables. These are introduced in a new
header file, include/linux/pgalloc.h, so they can be called from common code.
They reuse existing infrastructure for vmalloc and ioremap.
Synchronization requirements are determined by ARCH_PAGE_TABLE_SYNC_MASK,
and the actual synchronization is performed by arch_sync_kernel_mappings().
This change currently targets only x86_64, so only PGD and P4D level
helpers are introduced. In theory, PUD and PMD level helpers can be added
later if needed by other architectures.
Currently this is a no-op, since no architecture sets
PGTBL_{PGD,P4D}_MODIFIED in ARCH_PAGE_TABLE_SYNC_MASK.
Cc: <stable(a)vger.kernel.org>
Fixes: 8d400913c231 ("x86/vmemmap: handle unpopulated sub-pmd ranges")
Suggested-by: Dave Hansen <dave.hansen(a)linux.intel.com>
Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com>
---
include/linux/pgalloc.h | 24 ++++++++++++++++++++++++
include/linux/pgtable.h | 4 ++--
mm/kasan/init.c | 12 ++++++------
mm/percpu.c | 6 +++---
mm/sparse-vmemmap.c | 6 +++---
5 files changed, 38 insertions(+), 14 deletions(-)
create mode 100644 include/linux/pgalloc.h
diff --git a/include/linux/pgalloc.h b/include/linux/pgalloc.h
new file mode 100644
index 000000000000..290ab864320f
--- /dev/null
+++ b/include/linux/pgalloc.h
@@ -0,0 +1,24 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#ifndef _LINUX_PGALLOC_H
+#define _LINUX_PGALLOC_H
+
+#include <linux/pgtable.h>
+#include <asm/pgalloc.h>
+
+static inline void pgd_populate_kernel(unsigned long addr, pgd_t *pgd,
+ p4d_t *p4d)
+{
+ pgd_populate(&init_mm, pgd, p4d);
+ if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_PGD_MODIFIED)
+ arch_sync_kernel_mappings(addr, addr);
+}
+
+static inline void p4d_populate_kernel(unsigned long addr, p4d_t *p4d,
+ pud_t *pud)
+{
+ p4d_populate(&init_mm, p4d, pud);
+ if (ARCH_PAGE_TABLE_SYNC_MASK & PGTBL_P4D_MODIFIED)
+ arch_sync_kernel_mappings(addr, addr);
+}
+
+#endif /* _LINUX_PGALLOC_H */
diff --git a/include/linux/pgtable.h b/include/linux/pgtable.h
index ba699df6ef69..0cf5c6c3e483 100644
--- a/include/linux/pgtable.h
+++ b/include/linux/pgtable.h
@@ -1469,8 +1469,8 @@ static inline void modify_prot_commit_ptes(struct vm_area_struct *vma, unsigned
/*
* Architectures can set this mask to a combination of PGTBL_P?D_MODIFIED values
- * and let generic vmalloc and ioremap code know when arch_sync_kernel_mappings()
- * needs to be called.
+ * and let generic vmalloc, ioremap and page table update code know when
+ * arch_sync_kernel_mappings() needs to be called.
*/
#ifndef ARCH_PAGE_TABLE_SYNC_MASK
#define ARCH_PAGE_TABLE_SYNC_MASK 0
diff --git a/mm/kasan/init.c b/mm/kasan/init.c
index ced6b29fcf76..8fce3370c84e 100644
--- a/mm/kasan/init.c
+++ b/mm/kasan/init.c
@@ -13,9 +13,9 @@
#include <linux/mm.h>
#include <linux/pfn.h>
#include <linux/slab.h>
+#include <linux/pgalloc.h>
#include <asm/page.h>
-#include <asm/pgalloc.h>
#include "kasan.h"
@@ -191,7 +191,7 @@ static int __ref zero_p4d_populate(pgd_t *pgd, unsigned long addr,
pud_t *pud;
pmd_t *pmd;
- p4d_populate(&init_mm, p4d,
+ p4d_populate_kernel(addr, p4d,
lm_alias(kasan_early_shadow_pud));
pud = pud_offset(p4d, addr);
pud_populate(&init_mm, pud,
@@ -212,7 +212,7 @@ static int __ref zero_p4d_populate(pgd_t *pgd, unsigned long addr,
} else {
p = early_alloc(PAGE_SIZE, NUMA_NO_NODE);
pud_init(p);
- p4d_populate(&init_mm, p4d, p);
+ p4d_populate_kernel(addr, p4d, p);
}
}
zero_pud_populate(p4d, addr, next);
@@ -251,10 +251,10 @@ int __ref kasan_populate_early_shadow(const void *shadow_start,
* puds,pmds, so pgd_populate(), pud_populate()
* is noops.
*/
- pgd_populate(&init_mm, pgd,
+ pgd_populate_kernel(addr, pgd,
lm_alias(kasan_early_shadow_p4d));
p4d = p4d_offset(pgd, addr);
- p4d_populate(&init_mm, p4d,
+ p4d_populate_kernel(addr, p4d,
lm_alias(kasan_early_shadow_pud));
pud = pud_offset(p4d, addr);
pud_populate(&init_mm, pud,
@@ -273,7 +273,7 @@ int __ref kasan_populate_early_shadow(const void *shadow_start,
if (!p)
return -ENOMEM;
} else {
- pgd_populate(&init_mm, pgd,
+ pgd_populate_kernel(addr, pgd,
early_alloc(PAGE_SIZE, NUMA_NO_NODE));
}
}
diff --git a/mm/percpu.c b/mm/percpu.c
index d9cbaee92b60..a56f35dcc417 100644
--- a/mm/percpu.c
+++ b/mm/percpu.c
@@ -3108,7 +3108,7 @@ int __init pcpu_embed_first_chunk(size_t reserved_size, size_t dyn_size,
#endif /* BUILD_EMBED_FIRST_CHUNK */
#ifdef BUILD_PAGE_FIRST_CHUNK
-#include <asm/pgalloc.h>
+#include <linux/pgalloc.h>
#ifndef P4D_TABLE_SIZE
#define P4D_TABLE_SIZE PAGE_SIZE
@@ -3134,13 +3134,13 @@ void __init __weak pcpu_populate_pte(unsigned long addr)
if (pgd_none(*pgd)) {
p4d = memblock_alloc_or_panic(P4D_TABLE_SIZE, P4D_TABLE_SIZE);
- pgd_populate(&init_mm, pgd, p4d);
+ pgd_populate_kernel(addr, pgd, p4d);
}
p4d = p4d_offset(pgd, addr);
if (p4d_none(*p4d)) {
pud = memblock_alloc_or_panic(PUD_TABLE_SIZE, PUD_TABLE_SIZE);
- p4d_populate(&init_mm, p4d, pud);
+ p4d_populate_kernel(addr, p4d, pud);
}
pud = pud_offset(p4d, addr);
diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c
index 41aa0493eb03..dbd8daccade2 100644
--- a/mm/sparse-vmemmap.c
+++ b/mm/sparse-vmemmap.c
@@ -27,9 +27,9 @@
#include <linux/spinlock.h>
#include <linux/vmalloc.h>
#include <linux/sched.h>
+#include <linux/pgalloc.h>
#include <asm/dma.h>
-#include <asm/pgalloc.h>
#include <asm/tlbflush.h>
#include "hugetlb_vmemmap.h"
@@ -229,7 +229,7 @@ p4d_t * __meminit vmemmap_p4d_populate(pgd_t *pgd, unsigned long addr, int node)
if (!p)
return NULL;
pud_init(p);
- p4d_populate(&init_mm, p4d, p);
+ p4d_populate_kernel(addr, p4d, p);
}
return p4d;
}
@@ -241,7 +241,7 @@ pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node)
void *p = vmemmap_alloc_block_zero(PAGE_SIZE, node);
if (!p)
return NULL;
- pgd_populate(&init_mm, pgd, p);
+ pgd_populate_kernel(addr, pgd, p);
}
return pgd;
}
--
2.43.0
2 weeks, 4 days
- 4
- 11
[PATCH v6] mm/slub: avoid accessing metadata when pointer is invalid in object_err()
by Li Qiong
object_err() reports details of an object for further debugging, such as
the freelist pointer, redzone, etc. However, if the pointer is invalid,
attempting to access object metadata can lead to a crash since it does
not point to a valid object.
In case the pointer is NULL or check_valid_pointer() returns false for
the pointer, only print the pointer value and skip accessing metadata.
Fixes: 81819f0fc828 ("SLUB core")
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Li Qiong <liqiong(a)nfschina.com>
---
v2:
- rephrase the commit message, add comment for object_err().
v3:
- check object pointer in object_err().
v4:
- restore changes in alloc_consistency_checks().
v5:
- rephrase message, fix code style.
v6:
- add checking 'object' if NULL.
---
mm/slub.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/mm/slub.c b/mm/slub.c
index 31e11ef256f9..972cf2bb2ee6 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -1104,7 +1104,12 @@ static void object_err(struct kmem_cache *s, struct slab *slab,
return;
slab_bug(s, reason);
- print_trailer(s, slab, object);
+ if (!object || !check_valid_pointer(s, slab, object)) {
+ print_slab_info(slab);
+ pr_err("Invalid pointer 0x%p\n", object);
+ } else {
+ print_trailer(s, slab, object);
+ }
add_taint(TAINT_BAD_PAGE, LOCKDEP_NOW_UNRELIABLE);
WARN_ON(1);
--
2.30.2
2 weeks, 4 days
- 5
- 6
[PATCH v2] serial: uartps: do not deassert RS485 RTS GPIO prematurely
by Martin Kaistra
After all bytes to be transmitted have been written to the FIFO
register, the hardware might still be busy actually sending them.
Thus, wait for the TX FIFO to be empty before starting the timer for the
RTS after send delay.
Cc: stable(a)vger.kernel.org
Fixes: fccc9d9233f9 ("tty: serial: uartps: Add rs485 support to uartps driver")
Signed-off-by: Martin Kaistra <martin.kaistra(a)linutronix.de>
---
Changes in v2:
- Add cc stable
- Add timeout
drivers/tty/serial/xilinx_uartps.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/tty/serial/xilinx_uartps.c b/drivers/tty/serial/xilinx_uartps.c
index fe457bf1e15bb..e1dd3843d563c 100644
--- a/drivers/tty/serial/xilinx_uartps.c
+++ b/drivers/tty/serial/xilinx_uartps.c
@@ -429,7 +429,7 @@ static void cdns_uart_handle_tx(void *dev_id)
struct uart_port *port = (struct uart_port *)dev_id;
struct cdns_uart *cdns_uart = port->private_data;
struct tty_port *tport = &port->state->port;
- unsigned int numbytes;
+ unsigned int numbytes, tmout;
unsigned char ch;
if (kfifo_is_empty(&tport->xmit_fifo) || uart_tx_stopped(port)) {
@@ -454,6 +454,13 @@ static void cdns_uart_handle_tx(void *dev_id)
if (cdns_uart->port->rs485.flags & SER_RS485_ENABLED &&
(kfifo_is_empty(&tport->xmit_fifo) || uart_tx_stopped(port))) {
+ /* Wait for the tx fifo to be actually empty */
+ for (tmout = 1000000; tmout; tmout--) {
+ if (cdns_uart_tx_empty(port) == TIOCSER_TEMT)
+ break;
+ udelay(1);
+ }
+
hrtimer_update_function(&cdns_uart->tx_timer, cdns_rs485_rx_callback);
hrtimer_start(&cdns_uart->tx_timer,
ns_to_ktime(cdns_calc_after_tx_delay(cdns_uart)), HRTIMER_MODE_REL);
--
2.39.5
2 weeks, 4 days
- 2
- 4
[PATCH] ACPI: tables: FPDT: Fix memory leak in acpi_init_fpdt()
by Zhen Ni
acpi_put_table() is only called when kobject_create_and_add() or
fpdt_process_subtable() fails, but not on the success path. This causes
a memory leak if initialization succeeds.
Ensure acpi_put_table() is called in all cases by adding a put_table
label and routing both success and failure paths through it. Drop the
err_subtable label since kobject_put() is only needed when
fpdt_process_subtable() fails.
Fixes: d1eb86e59be0 ("ACPI: tables: introduce support for FPDT table")
Cc: stable(a)vger.kernel.org
Signed-off-by: Zhen Ni <zhen.ni(a)easystack.cn>
---
drivers/acpi/acpi_fpdt.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/drivers/acpi/acpi_fpdt.c b/drivers/acpi/acpi_fpdt.c
index 271092f2700a..c8aea5bb187c 100644
--- a/drivers/acpi/acpi_fpdt.c
+++ b/drivers/acpi/acpi_fpdt.c
@@ -275,7 +275,7 @@ static int __init acpi_init_fpdt(void)
struct acpi_table_header *header;
struct fpdt_subtable_entry *subtable;
u32 offset = sizeof(*header);
- int result;
+ int result = 0;
status = acpi_get_table(ACPI_SIG_FPDT, 0, &header);
@@ -285,7 +285,7 @@ static int __init acpi_init_fpdt(void)
fpdt_kobj = kobject_create_and_add("fpdt", acpi_kobj);
if (!fpdt_kobj) {
result = -ENOMEM;
- goto err_nomem;
+ goto put_table;
}
while (offset < header->length) {
@@ -295,8 +295,10 @@ static int __init acpi_init_fpdt(void)
case SUBTABLE_S3PT:
result = fpdt_process_subtable(subtable->address,
subtable->type);
- if (result)
- goto err_subtable;
+ if (result) {
+ kobject_put(fpdt_kobj);
+ goto put_table;
+ }
break;
default:
/* Other types are reserved in ACPI 6.4 spec. */
@@ -304,11 +306,8 @@ static int __init acpi_init_fpdt(void)
}
offset += sizeof(*subtable);
}
- return 0;
-err_subtable:
- kobject_put(fpdt_kobj);
-err_nomem:
+put_table:
acpi_put_table(header);
return result;
}
--
2.20.1
2 weeks, 4 days
- 2
- 1
[PATCH 6.12 000/444] 6.12.43-rc1 review
by Greg Kroah-Hartman
This is the start of the stable review cycle for the 6.12.43 release.
There are 444 patches in this series, all will be posted as a response
to this one. If anyone has any issues with these being applied, please
let me know.
Responses should be made by Wed, 20 Aug 2025 12:43:43 +0000.
Anything received after that time might be too late.
The whole patch series can be found in one patch at:
https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.43-rc…
or in the git tree and branch at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y
and the diffstat can be found below.
thanks,
greg k-h
-------------
Pseudo-Shortlog of commits:
Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Linux 6.12.43-rc1
Lukas Wunner <lukas(a)wunner.de>
PCI: Honor Max Link Speed when determining supported speeds
Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com>
dm: split write BIOs on zone boundaries when zone append is not emulated
Frederic Weisbecker <frederic(a)kernel.org>
rcu: Fix racy re-initialization of irq_work causing hangs
Yu Kuai <yukuai3(a)huawei.com>
md: fix create on open mddev lifetime regression
Ivan Lipski <ivan.lipski(a)amd.com>
drm/amd/display: Allow DCN301 to clear update flags
Arnd Bergmann <arnd(a)arndb.de>
firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS
Jens Axboe <axboe(a)kernel.dk>
io_uring/rw: cast rw->flags assignment to rwf_t
Damien Le Moal <dlemoal(a)kernel.org>
ata: libata-sata: Add link_power_management_supported sysfs attribute
Miguel Ojeda <ojeda(a)kernel.org>
rust: workaround `rustdoc` target modifiers bug
Miguel Ojeda <ojeda(a)kernel.org>
rust: kbuild: clean output before running `rustdoc`
Siddharth Vadapalli <s-vadapalli(a)ti.com>
arm64: dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C
Hrushikesh Salunke <h-salunke(a)ti.com>
arm64: dts: ti: k3-j722s-evm: Fix USB2.0_MUX_SEL to select Type-C
Lukas Wunner <lukas(a)wunner.de>
PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org>
PCI: Allow PCI bridges to go to D3Hot on all non-x86
Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com>
PCI: Store all PCIe Supported Link Speeds
Wang Zhaolong <wangzhaolong(a)huaweicloud.com>
smb: client: fix netns refcount leak after net_passive changes
Eric Dumazet <edumazet(a)google.com>
net: better track kernel sockets lifetime
Kuniyuki Iwashima <kuniyu(a)amazon.com>
net: Add net_passive_inc() and net_passive_dec().
Thomas Weißschuh <linux(a)weissschuh.net>
mfd: cros_ec: Separate charge-control probing from USB-PD
Aditya Garg <gargaditya08(a)live.com>
HID: apple: avoid setting up battery timer for devices without battery
Naman Jain <namjain(a)linux.microsoft.com>
tools/hv: fcopy: Fix irregularities with size of ring buffer
Mikhail Lobanov <m.lobanov(a)rosa.ru>
wifi: mac80211: check basic rates validity in sta_link_apply_parameters
Aditya Garg <gargaditya08(a)live.com>
HID: magicmouse: avoid setting up battery timer when not needed
Pedro Falcato <pfalcato(a)suse.de>
RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages
Willy Tarreau <w(a)1wt.eu>
tools/nolibc: fix spelling of FD_SETBITMASK in FD_* macros
Marek Szyprowski <m.szyprowski(a)samsung.com>
media: v4l2: Add support for NV12M tiled variants to v4l2_format_info()
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Do not mark valid metadata as invalid
Vedang Nagar <quic_vnagar(a)quicinc.com>
media: venus: Fix OOB read due to missing payload bound check
Youngjun Lee <yjjuny.lee(a)samsung.com>
media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()
Breno Leitao <leitao(a)debian.org>
mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock
Waiman Long <longman(a)redhat.com>
mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup()
Anshuman Khandual <anshuman.khandual(a)arm.com>
mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()
Vlastimil Babka <vbabka(a)suse.cz>
mm, slab: restore NUMA policy support for large kmalloc
Randy Dunlap <rdunlap(a)infradead.org>
parisc: Makefile: fix a typo in palo.conf
Haiyang Zhang <haiyangz(a)microsoft.com>
hv_netvsc: Fix panic during namespace deletion with VF
Davide Caratti <dcaratti(a)redhat.com>
net/sched: ets: use old 'nbands' while purging unused classes
Sravan Kumar Gundu <sravankumarlpu(a)gmail.com>
fbdev: Fix vmalloc out-of-bounds write in fast_imageblit
Suren Baghdasaryan <surenb(a)google.com>
userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry
Andrey Albershteyn <aalbersh(a)redhat.com>
xfs: fix scrub trace with null pointer in quotacheck
Qu Wenruo <wqu(a)suse.com>
btrfs: do not allow relocation of partially dropped subvolumes
Boris Burkov <boris(a)bur.io>
btrfs: fix iteration bug in __qgroup_excl_accounting()
Naohiro Aota <naohiro.aota(a)wdc.com>
btrfs: zoned: do not select metadata BG as finish target
Filipe Manana <fdmanana(a)suse.com>
btrfs: error on missing block group when unaccounting log tree extent buffers
Filipe Manana <fdmanana(a)suse.com>
btrfs: fix log tree replay failure due to file with 0 links and extents
Filipe Manana <fdmanana(a)suse.com>
btrfs: clear dirty status from extent buffer on error at insert_new_root()
Filipe Manana <fdmanana(a)suse.com>
btrfs: don't skip remaining extrefs if dir not found during log replay
Filipe Manana <fdmanana(a)suse.com>
btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled
Qu Wenruo <wqu(a)suse.com>
btrfs: populate otime when logging an inode item
Boris Burkov <boris(a)bur.io>
btrfs: fix ssd_spread overallocation
Filipe Manana <fdmanana(a)suse.com>
btrfs: don't ignore inode missing when replaying log tree
Filipe Manana <fdmanana(a)suse.com>
btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations
Naohiro Aota <naohiro.aota(a)wdc.com>
btrfs: zoned: do not remove unwritten non-data block group
Filipe Manana <fdmanana(a)suse.com>
btrfs: abort transaction during log replay if walk_log_tree() failed
Johannes Thumshirn <johannes.thumshirn(a)wdc.com>
btrfs: zoned: use filesystem size not disk size for reclaim decision
Oliver Neukum <oneukum(a)suse.com>
cdc-acm: fix race between initial clearing halt and open
Eric Biggers <ebiggers(a)kernel.org>
thunderbolt: Fix copy+paste error in match_service_id()
Ian Abbott <abbotti(a)mev.co.uk>
comedi: fix race between polling and detaching
Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz>
usb: typec: ucsi: Update power_supply on power role change
Ricky Wu <ricky_wu(a)realtek.com>
misc: rtsx: usb: Ensure mmc child device is active when card is present
Xinyu Liu <katieeliu(a)tencent.com>
usb: core: config: Prevent OOB read in SS endpoint companion parsing
Zhang Yi <yi.zhang(a)huawei.com>
ext4: initialize superblock fields in the kballoc-test.c kunit tests
Baokun Li <libaokun1(a)huawei.com>
ext4: fix largest free orders lists corruption on mb_optimize_scan switch
Baokun Li <libaokun1(a)huawei.com>
ext4: fix zombie groups in average fragment size lists
Jason Gunthorpe <jgg(a)ziepe.ca>
iommufd: Prevent ALIGN() overflow
Nicolin Chen <nicolinc(a)nvidia.com>
iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range
Alexey Klimov <alexey.klimov(a)linaro.org>
iommu/arm-smmu-qcom: Add SM6115 MDSS compatible
Lu Baolu <baolu.lu(a)linux.intel.com>
iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes
Shyam Prasad N <sprasad(a)microsoft.com>
cifs: reset iface weights when we cannot find a candidate
Christian Marangi <ansuelsmth(a)gmail.com>
clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src
Damien Le Moal <dlemoal(a)kernel.org>
dm: Always split write BIOs to zoned device limits
Damien Le Moal <dlemoal(a)kernel.org>
block: Introduce bio_needs_zone_write_plugging()
Bijan Tabatabai <bijantabatab(a)micron.com>
mm/damon/core: commit damos->target_nid
Jack Xiao <Jack.Xiao(a)amd.com>
drm/amdgpu: fix incorrect vm flags to map bo
YiPeng Chai <YiPeng.Chai(a)amd.com>
drm/amdgpu: fix vram reservation issue
David Howells <dhowells(a)redhat.com>
cifs: Fix collect_sample() to handle any iterator type
Shengjiu Wang <shengjiu.wang(a)nxp.com>
ASoC: fsl_sai: replace regmap_write with regmap_update_bits
Jiasheng Jiang <jiashengjiangcool(a)gmail.com>
scsi: lpfc: Remove redundant assignment to avoid memory leak
Meagan Lloyd <meaganlloyd(a)linux.microsoft.com>
rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Fix uninited ptr deref in block/scsi layout
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Handle RPC size limit for layoutcommits
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Fix disk addr range check in block/scsi layout
Sergey Bashirov <sergeybashirov(a)gmail.com>
pNFS: Fix stripe mapping in block/scsi layout
John Garry <john.g.garry(a)oracle.com>
block: avoid possible overflow for chunk_sectors check in blk_stack_limits()
Cezary Rojewski <cezary.rojewski(a)intel.com>
ASoC: Intel: avs: Fix uninitialized pointer error in probe()
Buday Csaba <buday.csaba(a)prolan.hu>
net: phy: smsc: add proper reset flags for LAN8710A
Thomas Croft <thomasmcft(a)gmail.com>
ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table
Yu Kuai <yukuai3(a)huawei.com>
lib/sbitmap: convert shallow_depth from one word to the whole sbitmap
Stefan Metzmacher <metze(a)samba.org>
smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection
Calvin Owens <calvin(a)wbinvd.org>
tools/power turbostat: Handle cap_get_proc() ENOSYS
Calvin Owens <calvin(a)wbinvd.org>
tools/power turbostat: Fix build with musl
Len Brown <len.brown(a)intel.com>
tools/power turbostat: Handle non-root legacy-uncore sysfs permissions
Corey Minyard <corey(a)minyard.net>
ipmi: Fix strcpy source and destination the same
Yann E. MORIN <yann.morin.1998(a)free.fr>
kconfig: lxdialog: fix 'space' to (de)select options
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: gconf: fix potential memory leak in renderer_edited()
Masahiro Yamada <masahiroy(a)kernel.org>
kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed()
Breno Leitao <leitao(a)debian.org>
ipmi: Use dev_warn_ratelimited() for incorrect message warnings
Artem Sadovnikov <a.sadovnikov(a)ispras.ru>
vfio/mlx5: fix possible overflow in tracking max message size
John Garry <john.g.garry(a)oracle.com>
scsi: aacraid: Stop using PCI_IRQ_AFFINITY
Maurizio Lombardi <mlombard(a)redhat.com>
scsi: target: core: Generate correct identifiers for PR OUT transport IDs
Ranjan Kumar <ranjan.kumar(a)broadcom.com>
scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans
Shankari Anand <shankari.ak0208(a)gmail.com>
kconfig: nconf: Ensure null termination where strncpy is used
Keith Busch <kbusch(a)kernel.org>
vfio/type1: conditional rescheduling while pinning
Suchit Karunakaran <suchitkarunakaran(a)gmail.com>
kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c
John Ogness <john.ogness(a)linutronix.de>
printk: nbcon: Allow reacquire during panic
Jaegeuk Kim <jaegeuk(a)kernel.org>
f2fs: check the generic conditions first
Yuezhang Mo <Yuezhang.Mo(a)sony.com>
exfat: add cluster chain loop check for dir
fangzhong.zhou <myth5(a)myth5.com>
i2c: Force DLL0945 touchpad i2c freq to 100khz
John Johansen <john.johansen(a)canonical.com>
apparmor: fix x_table_lookup when stacking is not the first entry
Mateusz Guzik <mjguzik(a)gmail.com>
apparmor: use the condition in AA_BUG_FMT even with debug disabled
Benjamin Marzinski <bmarzins(a)redhat.com>
dm-table: fix checking for rq stackable devices
Mikulas Patocka <mpatocka(a)redhat.com>
dm-mpath: don't print the "loaded" message if registering fails
Jorge Marques <jorge.marques(a)analog.com>
i3c: master: Initialize ret in i3c_i2c_notifier_call()
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i3c: don't fail if GETHDRCAP is unsupported
Gabriel Totev <gabriel.totev(a)zetier.com>
apparmor: shift ouid when mediating hard links in userns
Meagan Lloyd <meaganlloyd(a)linux.microsoft.com>
rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
i3c: add missing include to internal header
Petr Pavlu <petr.pavlu(a)suse.com>
module: Prevent silent truncation of module name in delete_module(2)
Purva Yeshi <purvayeshi550(a)gmail.com>
md: dm-zoned-target: Initialize return variable r to avoid uninitialized use
Charles Keepax <ckeepax(a)opensource.cirrus.com>
soundwire: Move handle_nested_irq outside of sdw_dev_lock
Vijendar Mukunda <Vijendar.Mukunda(a)amd.com>
soundwire: amd: cancel pending slave status handling workqueue during remove sequence
Vijendar Mukunda <Vijendar.Mukunda(a)amd.com>
soundwire: amd: serialize amd manager resume sequence during pm_prepare
Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com>
clk: renesas: rzg2l: Postpone updating priv->clks[]
Mario Limonciello <mario.limonciello(a)amd.com>
crypto: ccp - Add missing bootloader info reg for pspv6
Bharat Bhushan <bbhushan2(a)marvell.com>
crypto: octeontx2 - add timeout for load_fvc completion poll
chenchangcheng <chenchangcheng(a)kylinos.cn>
media: uvcvideo: Fix bandwidth issue for Alcor camera
Ricardo Ribalda <ribalda(a)chromium.org>
media: uvcvideo: Add quirk for HP Webcam HD 2300
Alex Guo <alexguo1023(a)gmail.com>
media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar
Alex Guo <alexguo1023(a)gmail.com>
media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb()
Wolfram Sang <wsa+renesas(a)sang-engineering.com>
media: usb: hdpvr: disable zero-length read messages
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: tc358743: Increase FIFO trigger level to 374
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: tc358743: Return an appropriate colorspace from tc358743_set_fmt
Dave Stevenson <dave.stevenson(a)raspberrypi.com>
media: tc358743: Check I2C succeeded during probe
Cheick Traore <cheick.traore(a)foss.st.com>
pinctrl: stm32: Manage irq affinity settings
Damien Le Moal <dlemoal(a)kernel.org>
scsi: mpi3mr: Correctly handle ATA device errors
Damien Le Moal <dlemoal(a)kernel.org>
scsi: mpt3sas: Correctly handle ATA device errors
Abel Vesa <abel.vesa(a)linaro.org>
power: supply: qcom_battmgr: Add lithium-polymer entry
Justin Tee <justin.tee(a)broadcom.com>
scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
Justin Tee <justin.tee(a)broadcom.com>
scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk
Arnd Bergmann <arnd(a)arndb.de>
RDMA/core: reduce stack using in nldev_stat_get_doit()
Yury Norov [NVIDIA] <yury.norov(a)gmail.com>
RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
Amelie Delaunay <amelie.delaunay(a)foss.st.com>
dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs
Johan Adolfsson <johan.adolfsson(a)axis.com>
leds: leds-lp50xx: Handle reg to get correct multi_index
Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se>
media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control
Daniel Scally <dan.scally(a)ideasonboard.com>
media: ipu-bridge: Add _HID for OV5670
Michal Wilczynski <m.wilczynski(a)samsung.com>
clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED
Shiji Yang <yangshiji66(a)outlook.com>
MIPS: lantiq: falcon: sysctrl: fix request memory check logic
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
Markus Theil <theil.markus(a)gmail.com>
crypto: jitter - fix intermediary handling
Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com>
RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM
Hans de Goede <hdegoede(a)redhat.com>
media: hi556: Fix reset GPIO timings
Arnaud Lecomte <contact(a)arnaud-lcm.com>
jfs: upper bound check of tree index in dbAllocAG
Edward Adam Davis <eadavis(a)qq.com>
jfs: Regular file corruption check
Lizhi Xu <lizhi.xu(a)windriver.com>
jfs: truncate good inode pages when hard link is 0
jackysliu <1972843537(a)qq.com>
scsi: bfa: Double-free fix
Ziyan Fu <fuzy5(a)lenovo.com>
watchdog: iTCO_wdt: Report error if timeout configuration fails
Shiji Yang <yangshiji66(a)outlook.com>
MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free}
George Moussalem <george.moussalem(a)outlook.com>
clk: qcom: ipq5018: keep XO clock always on
Florin Leotescu <florin.leotescu(a)nxp.com>
hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state
Sebastian Reichel <sebastian.reichel(a)collabora.com>
watchdog: dw_wdt: Fix default timeout
Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com>
fs/orangefs: use snprintf() instead of sprintf()
Showrya M N <showrya(a)chelsio.com>
scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated
Geraldo Nascimento <geraldogabriel(a)gmail.com>
phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal
Chen-Yu Tsai <wens(a)csie.org>
mfd: axp20x: Set explicit ID for AXP313 regulator
Pei Xiao <xiaopei01(a)kylinos.cn>
clk: tegra: periph: Fix error handling and resolve unsigned compare warning
Theodore Ts'o <tytso(a)mit.edu>
ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
Zhiqi Song <songzhiqi1(a)huawei.com>
crypto: hisilicon/hpre - fix dma unmap sequence
Yongzhen Zhang <zhangyongzhen(a)kylinos.cn>
fbdev: fix potential buffer overflow in do_register_framebuffer()
Pali Rohár <pali(a)kernel.org>
cifs: Fix calling CIFSFindFirst() for root path without msearch
Aaron Plattner <aplattner(a)nvidia.com>
watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition
Roman Li <Roman.Li(a)amd.com>
drm/amd/display: Disable dsc_power_gate for dcn314 by default
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd/display: Only finalize atomic_obj if it was initialized
Jason Wang <jasowang(a)redhat.com>
vhost: fail early when __vhost_add_used() fails
Will Deacon <will(a)kernel.org>
vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325
Joel Fernandes <joelagnelf(a)nvidia.com>
rcu: Fix rcu_read_unlock() deadloop due to IRQ work
Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com>
drm/ttm: Respect the shrinker core free target
Wayne Lin <Wayne.Lin(a)amd.com>
drm/amd/display: Avoid trying AUX transactions on disconnected ports
Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com>
drm/amd/display: Update DMCUB loading sequence for DCN3.5
Yonghong Song <yonghong.song(a)linux.dev>
selftests/bpf: Fix a user_ringbuf failure with arm64 64KB page size
Yonghong Song <yonghong.song(a)linux.dev>
selftests/bpf: Fix ringbuf/ringbuf_write test failure with arm64 64KB page size
Ihor Solodrai <isolodrai(a)meta.com>
bpf: Make reg_not_null() true for CONST_PTR_TO_MAP
Jakub Kicinski <kuba(a)kernel.org>
uapi: in6: restore visibility of most IPv6 socket options
Emily Deng <Emily.Deng(a)amd.com>
drm/ttm: Should to return the evict error
Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com>
drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range
Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com>
net: ncsi: Fix buffer overflow in fetching version id
Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com>
drm/xe: Make dma-fences compliant with the safe access rules
Shannon Nelson <shannon.nelson(a)amd.com>
ionic: clean dbpage in de-init
Thomas Fourier <fourier.thomas(a)gmail.com>
wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc()
Chih-Kang Chang <gary.chang(a)realtek.com>
wifi: rtw89: scan abort when assign/unassign_vif
Breno Leitao <leitao(a)debian.org>
ptp: Use ratelimite for freerun error message
Yuan Chen <chenyuan(a)kylinos.cn>
bpftool: Fix JSON writer resource leak in version command
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: prevent SWITCH_CTRL access on BCM5325
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: prevent DIS_LEARNING access on BCM5325
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: fix b53_imp_vlan_setup for BCM5325
Álvaro Fernández Rojas <noltari(a)gmail.com>
net: dsa: b53: ensure BCM5325 PHYs are enabled
Alok Tiwari <alok.a.tiwari(a)oracle.com>
gve: Return error for unknown admin queue command
Gal Pressman <gal(a)nvidia.com>
net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs
Gal Pressman <gal(a)nvidia.com>
net: vlan: Make is_vlan_dev() a stub when VLAN is not configured
Mario Limonciello <mario.limonciello(a)amd.com>
drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual
Heiner Kallweit <hkallweit1(a)gmail.com>
dpaa_eth: don't use fixed_phy_change_carrier
Nicolas Escande <nico.escande(a)gmail.com>
neighbour: add support for NUD_PERMANENT proxy entries
Stanislaw Gruszka <stf_xl(a)wp.pl>
wifi: iwlegacy: Check rate_idx range after addition
Mark Rutland <mark.rutland(a)arm.com>
arm64: stacktrace: Check kretprobe_find_ret_addr() return value
Mina Almasry <almasrymina(a)google.com>
netmem: fix skb_frag_address_safe with unreadable skbs
Thomas Fourier <fourier.thomas(a)gmail.com>
powerpc: floppy: Add missing checks after DMA map
Karthikeyan Kathirvel <quic_kathirve(a)quicinc.com>
wifi: ath12k: Decrement TID on RX peer frag setup error handling
Raj Kumar Bhagat <quic_rajkbhag(a)quicinc.com>
wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0
Thomas Fourier <fourier.thomas(a)gmail.com>
wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`.
Ramya Gnanasekar <ramya.gnanasekar(a)oss.qualcomm.com>
wifi: mac80211: update radar_required in channel context after channel switch
Alex Hung <alex.hung(a)amd.com>
drm/amd/display: Initialize mode_select to 0
Wen Chen <Wen.Chen3(a)amd.com>
drm/amd/display: Fix 'failed to blank crtc!'
Pagadala Yesu Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com>
wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect
Rand Deeb <rand.sec96(a)gmail.com>
wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd()
Nathan Lynch <nathan.lynch(a)amd.com>
lib: packing: Include necessary headers
Hari Chandrakanthan <quic_haric(a)quicinc.com>
wifi: ath12k: Fix station association with MBSSID Non-TX BSS
Sarika Sharma <quic_sarishar(a)quicinc.com>
wifi: ath12k: Add memset and update default rate value in wmi tx completion
Kang Yang <kang.yang(a)oss.qualcomm.com>
wifi: ath10k: shutdown driver when hardware is unreliable
Ilya Bakoulin <Ilya.Bakoulin(a)amd.com>
drm/amd/display: Separate set_gsl from set_gsl_source_select
Jonas Rebmann <jre(a)pengutronix.de>
net: fec: allow disable coalescing
RubenKelevra <rubenkelevra(a)gmail.com>
net: ieee8021q: fix insufficient table-size assertion
Li Chen <chenl311(a)chinatelecom.cn>
ACPI: Suppress misleading SPCR console message when SPCR table is absent
Eric Work <work.eric(a)gmail.com>
net: atlantic: add set_power to fw_ops for atl2 to fix wol
Aakash Kumar S <saakashkumar(a)marvell.com>
xfrm: Duplicate SPI Handling
zhangjianrong <zhangjianrong5(a)huawei.com>
net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths()
zhangjianrong <zhangjianrong5(a)huawei.com>
net: thunderbolt: Enable end-to-end flow control also in transmit
Matt Roper <matthew.d.roper(a)intel.com>
drm/xe/xe_query: Use separate iterator while filling GT list
Mark Brown <broonie(a)kernel.org>
kselftest/arm64: Specify SVE data when testing VL set in sve-ptrace
David Bauer <mail(a)david-bauer.net>
wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch
Bitterblue Smith <rtl8821cerfe2(a)gmail.com>
wifi: rtw89: Fix rtw89_mac_power_switch() for USB
Alessio Belle <alessio.belle(a)imgtec.com>
drm/imagination: Clear runtime PM errors while resetting the GPU
Robin Murphy <robin.murphy(a)arm.com>
perf/arm: Add missing .suppress_bind_attrs
Yuan Chen <chenyuan(a)kylinos.cn>
drm/msm: Add error handling for krealloc in metadata setup
Rob Clark <robdclark(a)chromium.org>
drm/msm: use trylock for debugfs
Hari Chandrakanthan <quic_haric(a)quicinc.com>
wifi: mac80211: fix rx link assignment for non-MLO stations
Zqiang <qiang.zhang1211(a)gmail.com>
rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access
Kuniyuki Iwashima <kuniyu(a)google.com>
ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc().
Thomas Fourier <fourier.thomas(a)gmail.com>
(powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer
Heiko Carstens <hca(a)linux.ibm.com>
s390/early: Copy last breaking event address to pt_regs
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: mac80211: avoid weird state in error path
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't complete management TX on SAE commit
Chris Mason <clm(a)fb.com>
sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails
Kamil Horák - 2N <kamilh(a)axis.com>
net: phy: bcm54811: PHY initialization
Sven Schnelle <svens(a)linux.ibm.com>
s390/stp: Remove udelay from stp_sync_clock()
Avraham Stern <avraham.stern(a)intel.com>
wifi: iwlwifi: mvm: fix scan request validation
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
um: Re-evaluate thread flags repeatedly
Miri Korenblit <miriam.rachel.korenblit(a)intel.com>
wifi: iwlwifi: mvm: set gtk id also in older FWs
Paul Chaignon <paul.chaignon(a)gmail.com>
bpf: Forget ranges when refining tnum after JSET
Juri Lelli <juri.lelli(a)redhat.com>
sched/deadline: Fix accounting after global limits change
Alok Tiwari <alok.a.tiwari(a)oracle.com>
perf/cxlpmu: Remove unintended newline from IRQ name format string
Biju Das <biju.das.jz(a)bp.renesas.com>
net: phy: micrel: Add ksz9131_resume()
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: thunderx: Fix format-truncation warning in bgx_acpi_match_id()
Oscar Maes <oscmaes92(a)gmail.com>
net: ipv4: fix incorrect MTU in broadcast routes
Johannes Berg <johannes.berg(a)intel.com>
wifi: mac80211: don't unreserve never reserved chanctx
Ilan Peer <ilan.peer(a)intel.com>
wifi: cfg80211: Fix interface type validation
Matt Johnston <matt(a)codeconstruct.com.au>
net: mctp: Prevent duplicate binds
Vincent Mailhol <mailhol.vincent(a)wanadoo.fr>
can: ti_hecc: fix -Woverflow compiler warning
Charlene Liu <Charlene.Liu(a)amd.com>
drm/amd/display: limit clear_update_flags to dcn32 and above
Paul E. McKenney <paulmck(a)kernel.org>
rcu: Protect ->defer_qs_iw_pending from data race
Umio Yasuno <coelacanth_dream(a)protonmail.com>
drm/amd/pm: fix null pointer access
Breno Leitao <leitao(a)debian.org>
arm64: Mark kernel as tainted on SAE and SError panic
Jack Ping CHNG <jchng(a)maxlinear.com>
net: pcs: xpcs: mask readl() return value to 16 bits
Leon Romanovsky <leon(a)kernel.org>
net/mlx5e: Properly access RCU protected qdisc_sleeping variable
Thomas Fourier <fourier.thomas(a)gmail.com>
net: ag71xx: Add missing check after DMA map
Thomas Fourier <fourier.thomas(a)gmail.com>
et131x: Add missing check after DMA map
Bitterblue Smith <rtl8821cerfe2(a)gmail.com>
wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB
Chin-Yen Lee <timlee(a)realtek.com>
wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode
Ahmed Zaki <ahmed.zaki(a)intel.com>
idpf: preserve coalescing settings across resets
Eduard Zingerman <eddyz87(a)gmail.com>
libbpf: Verify that arena map exists when adding arena relocations
Alok Tiwari <alok.a.tiwari(a)oracle.com>
be2net: Use correct byte order and format string for TCP seq and ack_seq
Sven Schnelle <svens(a)linux.ibm.com>
s390/time: Use monotonic clock in get_cycles()
Johannes Berg <johannes.berg(a)intel.com>
wifi: cfg80211: reject HTC bit for management frames
Steven Rostedt <rostedt(a)goodmis.org>
ktest.pl: Prevent recursion of default variable options
Sarika Sharma <quic_sarishar(a)quicinc.com>
wifi: ath12k: Correct tid cleanup when tid setup fails
Oliver Neukum <oneukum(a)suse.com>
net: usb: cdc-ncm: check for filtering capability
Avraham Stern <avraham.stern(a)intel.com>
wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn
Anthoine Bourgeois <anthoine.bourgeois(a)vates.tech>
xen/netfront: Fix TX response spurious interrupts
Zijun Hu <zijun.hu(a)oss.qualcomm.com>
Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie()
En-Wei Wu <en-wei.wu(a)canonical.com>
Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925
Ben Hutchings <benh(a)debian.org>
bootconfig: Fix unaligned access when building footer
Steven Rostedt <rostedt(a)goodmis.org>
powerpc/thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64
Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
selftests: netfilter: Enable CONFIG_INET_SCTP_DIAG
Florian Westphal <fw(a)strlen.de>
netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps
Srinivas Kandagatla <srini(a)kernel.org>
ASoC: qcom: use drvdata instead of component to keep id
Xinxin Wan <xinxin.wan(a)intel.com>
ASoC: codecs: rt5640: Retry DEVICE_ID verification
Jonathan Santos <Jonathan.Santos(a)analog.com>
iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement
Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com>
ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
Christophe Leroy <christophe.leroy(a)csgroup.eu>
ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop
Lucy Thrun <lucy.thrun(a)digital-rabbithole.de>
ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
Tomasz Michalec <tmichalec(a)google.com>
platform/chrome: cros_ec_typec: Defer probe on missing EC parent
Kees Cook <kees(a)kernel.org>
platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches
Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com>
soc: qcom: mdt_loader: Actually use the e_phoff
Krzysztof Hałasa <khalasa(a)piap.pl>
imx8m-blk-ctrl: set ISI panic write hurry level
Gautham R. Shenoy <gautham.shenoy(a)amd.com>
pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()
Oliver Neukum <oneukum(a)suse.com>
usb: core: usb_submit_urb: downgrade type check
Tomasz Michalec <tmichalec(a)google.com>
usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present
Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com>
ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()
Joseph Tilahun <jtilahun(a)astranis.com>
tty: serial: fix print format specifiers
Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com>
ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode
Alok Tiwari <alok.a.tiwari(a)oracle.com>
ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4
Mark Brown <broonie(a)kernel.org>
ASoC: hdac_hdmi: Rate limit logging on connection and disconnection
Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com>
x86/bugs: Avoid warning when overriding return thunk
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda: Disable jack polling at shutdown
Takashi Iwai <tiwai(a)suse.de>
ALSA: hda: Handle the jack polling always via a work
Gwendal Grignou <gwendal(a)chromium.org>
platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready
Ulf Hansson <ulf.hansson(a)linaro.org>
mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode()
Hans de Goede <hansg(a)kernel.org>
mei: bus: Check for still connected devices in mei_cl_bus_dev_release()
Zijun Hu <zijun.hu(a)oss.qualcomm.com>
char: misc: Fix improper and inaccurate error code returned by misc_init()
Peter Robinson <pbrobinson(a)gmail.com>
reset: brcmstb: Enable reset drivers for ARCH_BCM2835
Eliav Farber <farbere(a)amazon.com>
pps: clients: gpio: fix interrupt handling order in remove path
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
selftests: vDSO: vdso_test_getrandom: Always print TAP header
Breno Leitao <leitao(a)debian.org>
ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
Sarthak Garg <quic_sartgarg(a)quicinc.com>
mmc: sdhci-msm: Ensure SD card power isn't ON when card removed
Sebastian Ott <sebott(a)redhat.com>
ACPI: processor: fix acpi_object initialization
tuhaowen <tuhaowen(a)uniontech.com>
PM: sleep: console: Fix the black screen issue
Hsin-Te Yuan <yuanhsinte(a)chromium.org>
thermal: sysfs: Return ENODATA instead of EAGAIN for reads
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit()
Thierry Reding <treding(a)nvidia.com>
firmware: tegra: Fix IVC dependency problems
Peng Fan <peng.fan(a)nxp.com>
firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume
Zhu Qiyu <qiyuzhu2(a)amd.com>
ACPI: PRM: Reduce unnecessary printing to avoid user confusion
Masami Hiramatsu (Google) <mhiramat(a)kernel.org>
selftests: tracing: Use mutex_unlock for testing glob filter
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
tools/build: Fix s390(x) cross-compilation with clang
Aaron Kling <webgeek1234(a)gmail.com>
ARM: tegra: Use I/O memcpy to write to IRAM
Michael Walle <mwalle(a)kernel.org>
mfd: tps6594: Add TI TPS652G1 support
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
gpio: tps65912: check the return value of regmap_update_bits()
David Lechner <dlechner(a)baylibre.com>
iio: adc: ad_sigma_delta: don't overallocate scan buffer
Thomas Weißschuh <linux(a)weissschuh.net>
tools/nolibc: define time_t in terms of __kernel_old_time_t
David Collins <david.collins(a)oss.qualcomm.com>
thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required
Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com>
ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed
Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com>
EDAC/synopsys: Clear the ECC counters on init
Lifeng Zheng <zhenglifeng1(a)huawei.com>
PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store()
Alexander Kochetkov <al.kochet(a)gmail.com>
ARM: rockchip: fix kernel hang during smp initialization
Li RongQing <lirongqing(a)baidu.com>
cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode
Lifeng Zheng <zhenglifeng1(a)huawei.com>
cpufreq: Exit governor when failed to start old governor
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
gpio: wcd934x: check the return value of regmap_update_bits()
Guillaume La Roque <glaroque(a)baylibre.com>
pmdomain: ti: Select PM_GENERIC_DOMAINS
André Draszik <andre.draszik(a)linaro.org>
usb: typec: tcpm/tcpci_maxim: fix irq wake usage
Hiago De Franco <hiago.franco(a)toradex.com>
remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU
Shuai Xue <xueshuai(a)linux.alibaba.com>
ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered
Maulik Shah <maulik.shah(a)oss.qualcomm.com>
soc: qcom: rpmh-rsc: Add RSC version 4 support
Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>
firmware: qcom: scm: initialize tzmem before marking SCM as available
Mario Limonciello <mario.limonciello(a)amd.com>
usb: xhci: Avoid showing errors during surprise removal
Jay Chen <shawn2000100(a)gmail.com>
usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command
Mario Limonciello <mario.limonciello(a)amd.com>
usb: xhci: Avoid showing warnings for dying controller
Benson Leung <bleung(a)chromium.org>
usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default
Cynthia Huang <cynthia(a)andestech.com>
selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t
Prashant Malani <pmalani(a)google.com>
cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag
Mario Limonciello <mario.limonciello(a)amd.com>
platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list
Su Hui <suhui(a)nfschina.com>
usb: xhci: print xhci->xhc_state when queue_command failed
Steven Rostedt <rostedt(a)goodmis.org>
tracefs: Add d_delete to remove negative dentries
Al Viro <viro(a)zeniv.linux.org.uk>
securityfs: don't pin dentries twice, once is enough...
Al Viro <viro(a)zeniv.linux.org.uk>
fix locking in efi_secret_unlink()
Wei Gao <wegao(a)suse.com>
ext2: Handle fiemap on empty files to prevent EINVAL
Christian Brauner <brauner(a)kernel.org>
pidfs: raise SB_I_NODEV and SB_I_NOEXEC
Xiao Ni <xni(a)redhat.com>
md: Don't clear MD_CLOSING until mddev is freed
Rong Zhang <ulin0208(a)gmail.com>
fs/ntfs3: correctly create symlink for relative path
Lizhi Xu <lizhi.xu(a)windriver.com>
fs/ntfs3: Add sanity check for file name
Damien Le Moal <dlemoal(a)kernel.org>
ata: libata-sata: Disallow changing LPM state if not supported
Damien Le Moal <dlemoal(a)kernel.org>
ata: ahci: Disable DIPM if host lacks support
Damien Le Moal <dlemoal(a)kernel.org>
ata: ahci: Disallow LPM policy control if not supported
Al Viro <viro(a)zeniv.linux.org.uk>
better lockdep annotations for simple_recursive_removal()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfs: fix not erasing deleted b-tree node issue
Sarah Newman <srn(a)prgmr.com>
drbd: add missing kref_get in handle_write_conflicts
Jan Kara <jack(a)suse.cz>
udf: Verify partition map count
Jan Kara <jack(a)suse.cz>
loop: Avoid updating block size under exclusive owner
Xiao Ni <xni(a)redhat.com>
md: call del_gendisk in control path
Andrew Price <anprice(a)redhat.com>
gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops
Andrew Price <anprice(a)redhat.com>
gfs2: Validate i_depth for exhash directories
Maurizio Lombardi <mlombard(a)redhat.com>
nvme-tcp: log TLS handshake failures at error level
John Garry <john.g.garry(a)oracle.com>
md/raid10: set chunk_sectors limit
John Garry <john.g.garry(a)oracle.com>
dm-stripe: limit chunk_sectors to the stripe size
Keith Busch <kbusch(a)kernel.org>
nvme-pci: try function level reset on init failure
NeilBrown <neil(a)brown.name>
smb/server: avoid deadlock when linking with ReplaceIfExists
Yeoreum Yun <yeoreum.yun(a)arm.com>
firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall
Kees Cook <kees(a)kernel.org>
arm64: Handle KCOV __init vs inline mismatches
Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp>
hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfs: fix slab-out-of-bounds in hfs_bnode_read()
Viacheslav Dubeyko <slava(a)dubeyko.com>
hfs: fix general protection fault in hfs_find_init()
Sven Stegemann <sven(a)stegemann.de>
net: kcm: Fix race condition in kcm_unattach()
Jakub Kicinski <kuba(a)kernel.org>
tls: handle data disappearing from under the TLS ULP
Jeongjun Park <aha310510(a)gmail.com>
ptp: prevent possible ABBA deadlock in ptp_clock_freerun()
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
cpuidle: governors: menu: Avoid using invalid recent intervals data
Len Brown <len.brown(a)intel.com>
intel_idle: Allow loading ACPI tables for any family
Xin Long <lucien.xin(a)gmail.com>
sctp: linearize cloned gso packets in sctp_rcv
Alok Tiwari <alok.a.tiwari(a)oracle.com>
net: ti: icss-iep: Fix incorrect type for return value in extts_enable()
MD Danish Anwar <danishanwar(a)ti.com>
net: ti: icssg-prueth: Fix emac link speed handling
Florian Westphal <fw(a)strlen.de>
netfilter: ctnetlink: fix refcount leak on table dump
Sabrina Dubroca <sd(a)queasysnail.net>
udp: also consider secpath when evaluating ipsec use for checksumming
Jinjiang Tu <tujinjiang(a)huawei.com>
mm/smaps: fix race between smaps_hugetlb_range and migration
Al Viro <viro(a)zeniv.linux.org.uk>
habanalabs: fix UAF in export_dmabuf()
Maxim Levitsky <mlevitsk(a)redhat.com>
KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest
Maxim Levitsky <mlevitsk(a)redhat.com>
KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs
Maxim Levitsky <mlevitsk(a)redhat.com>
KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter
Sean Christopherson <seanjc(a)google.com>
KVM: VMX: Extract checking of guest's DEBUGCTL into helper
Sean Christopherson <seanjc(a)google.com>
KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported
Sean Christopherson <seanjc(a)google.com>
KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag
Sean Christopherson <seanjc(a)google.com>
KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap
Stefan Metzmacher <metze(a)samba.org>
smb: client: don't wait for info->send_pending == 0 on error
Stefan Metzmacher <metze(a)samba.org>
smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection()
Li Zhijian <lizhijian(a)fujitsu.com>
mm/memory-tier: fix abstract distance calculation overflow
Damien Le Moal <dlemoal(a)kernel.org>
block: Make REQ_OP_ZONE_FINISH a write operation
Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
ACPI: processor: perflib: Move problematic pr->performance check
Jiayi Li <lijiayi(a)kylinos.cn>
ACPI: processor: perflib: Fix initial _PPC limit application
Andy Shevchenko <andriy.shevchenko(a)linux.intel.com>
Documentation: ACPI: Fix parent device references
Jann Horn <jannh(a)google.com>
eventpoll: Fix semi-unbounded recursion
Sasha Levin <sashal(a)kernel.org>
fs: Prevent file descriptor table allocations exceeding INT_MAX
Eric Biggers <ebiggers(a)kernel.org>
fscrypt: Don't use problematic non-inline crypto engines
André Draszik <andre.draszik(a)linaro.org>
clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock
André Draszik <andre.draszik(a)linaro.org>
clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD
André Draszik <andre.draszik(a)linaro.org>
clk: samsung: exynos850: fix a comment
Ma Ke <make24(a)iscas.ac.cn>
sunvdc: Balance device refcount in vdc_port_mpgroup_check
Yao Zi <ziyao(a)disroot.org>
LoongArch: Avoid in-place string operation on FDT content
Huacai Chen <chenhuacai(a)kernel.org>
LoongArch: Make relocate_new_kernel_size be a .quad value
Thomas Weißschuh <thomas.weissschuh(a)linutronix.de>
LoongArch: Don't use %pK through printk() in unwinder
Haoran Jiang <jianghaoran(a)kylinos.cn>
LoongArch: BPF: Fix jump offset calculation in tailcall
Huacai Chen <chenhuacai(a)kernel.org>
PCI: Extend isolated function probing to LoongArch
Trond Myklebust <trond.myklebust(a)hammerspace.com>
NFS: Fix the setting of capabilities when automounting a new filesystem
Dai Ngo <dai.ngo(a)oracle.com>
NFSD: detect mismatch of file handle and delegation stateid in OPEN op
Jeff Layton <jlayton(a)kernel.org>
nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()
Xu Yang <xu.yang_2(a)nxp.com>
net: usb: asix_devices: add phy_mask for ax88772 mdio bus
Johan Hovold <johan(a)kernel.org>
net: dpaa: fix device leak when querying time stamp info
Johan Hovold <johan(a)kernel.org>
net: ti: icss-iep: fix device and OF node leaks at probe
Johan Hovold <johan(a)kernel.org>
net: mtk_eth_soc: fix device leak at probe
Johan Hovold <johan(a)kernel.org>
net: enetc: fix device and OF node leak at probe
Johan Hovold <johan(a)kernel.org>
net: gianfar: fix device leak when querying time stamp info
Heiner Kallweit <hkallweit1(a)gmail.com>
net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect
Florian Larysch <fl(a)n621.de>
net: phy: micrel: fix KSZ8081/KSZ8091 cable test
Fedor Pchelkin <pchelkin(a)ispras.ru>
netlink: avoid infinite retry looping in netlink_unicast()
Daniel Golle <daniel(a)makrotopia.org>
Revert "leds: trigger: netdev: Configure LED blink interval for HW offload"
Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org>
leds: flash: leds-qcom-flash: Fix registry access after re-bind
David Thompson <davthompson(a)nvidia.com>
gpio: mlxbf3: use platform_get_irq_optional()
David Thompson <davthompson(a)nvidia.com>
Revert "gpio: mlxbf3: only get IRQ for device instance 0"
David Thompson <davthompson(a)nvidia.com>
gpio: mlxbf2: use platform_get_irq_optional()
Harald Mommer <harald.mommer(a)oss.qualcomm.com>
gpio: virtio: Fix config space reading.
Wang Zhaolong <wangzhaolong(a)huaweicloud.com>
smb: client: remove redundant lstrp update in negotiate protocol
Steve French <stfrench(a)microsoft.com>
smb3: fix for slab out of bounds on mount to ksmbd
Christopher Eby <kreed(a)kreed.org>
ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks
Vasiliy Kovalev <kovalev(a)altlinux.org>
ALSA: hda/realtek: Fix headset mic on HONOR BRB-X
Takashi Iwai <tiwai(a)suse.de>
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
Takashi Iwai <tiwai(a)suse.de>
ALSA: usb-audio: Validate UAC3 power domain descriptors, too
Pavel Begunkov <asml.silence(a)gmail.com>
io_uring: don't use int for ABI
-------------
Diffstat:
Documentation/filesystems/fscrypt.rst | 37 +++----
Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 +-
Makefile | 4 +-
arch/arm/mach-rockchip/platsmp.c | 15 +--
arch/arm/mach-tegra/reset.c | 2 +-
arch/arm64/boot/dts/ti/k3-j722s-evm.dts | 4 +-
arch/arm64/include/asm/acpi.h | 2 +-
arch/arm64/kernel/acpi.c | 10 +-
arch/arm64/kernel/stacktrace.c | 2 +
arch/arm64/kernel/traps.c | 1 +
arch/arm64/mm/fault.c | 1 +
arch/arm64/mm/ptdump_debugfs.c | 3 -
arch/loongarch/kernel/env.c | 13 ++-
arch/loongarch/kernel/relocate_kernel.S | 2 +-
arch/loongarch/kernel/unwind_orc.c | 2 +-
arch/loongarch/net/bpf_jit.c | 21 +---
arch/mips/include/asm/vpe.h | 8 ++
arch/mips/kernel/process.c | 16 +--
arch/mips/lantiq/falcon/sysctrl.c | 23 ++---
arch/parisc/Makefile | 2 +-
arch/powerpc/include/asm/floppy.h | 5 +-
arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 +-
arch/riscv/mm/ptdump.c | 3 -
arch/s390/include/asm/timex.h | 13 ++-
arch/s390/kernel/early.c | 1 +
arch/s390/kernel/time.c | 2 +-
arch/s390/mm/dump_pagetables.c | 2 -
arch/um/include/asm/thread_info.h | 4 +
arch/um/kernel/process.c | 18 ++--
arch/x86/include/asm/kvm-x86-ops.h | 1 -
arch/x86/include/asm/kvm_host.h | 15 ++-
arch/x86/include/asm/msr-index.h | 1 +
arch/x86/kernel/cpu/bugs.c | 5 +-
arch/x86/kvm/svm/svm.c | 14 +--
arch/x86/kvm/vmx/main.c | 3 +-
arch/x86/kvm/vmx/nested.c | 21 +++-
arch/x86/kvm/vmx/pmu_intel.c | 8 +-
arch/x86/kvm/vmx/vmx.c | 57 ++++++-----
arch/x86/kvm/vmx/vmx.h | 26 +++++
arch/x86/kvm/vmx/x86_ops.h | 2 +-
arch/x86/kvm/x86.c | 25 ++++-
block/bfq-iosched.c | 35 +++----
block/bfq-iosched.h | 3 +-
block/blk-mq.c | 6 +-
block/blk-settings.c | 2 +-
block/blk-zoned.c | 20 +---
block/kyber-iosched.c | 9 +-
block/mq-deadline.c | 16 +--
crypto/jitterentropy-kcapi.c | 9 +-
drivers/accel/habanalabs/common/memory.c | 23 ++---
drivers/acpi/acpi_processor.c | 2 +-
drivers/acpi/apei/ghes.c | 13 +++
drivers/acpi/prmt.c | 26 ++++-
drivers/acpi/processor_perflib.c | 11 +++
drivers/ata/ahci.c | 12 ++-
drivers/ata/ata_piix.c | 1 +
drivers/ata/libahci.c | 1 +
drivers/ata/libata-sata.c | 52 ++++++++--
drivers/base/power/runtime.c | 5 +
drivers/block/drbd/drbd_receiver.c | 6 +-
drivers/block/loop.c | 38 ++++++--
drivers/block/sunvdc.c | 4 +-
drivers/bluetooth/btusb.c | 2 +
drivers/char/ipmi/ipmi_msghandler.c | 8 +-
drivers/char/ipmi/ipmi_watchdog.c | 59 ++++++++----
drivers/char/misc.c | 4 +-
drivers/clk/qcom/gcc-ipq5018.c | 2 +-
drivers/clk/qcom/gcc-ipq8074.c | 6 +-
drivers/clk/renesas/rzg2l-cpg.c | 8 +-
drivers/clk/samsung/clk-exynos850.c | 2 +-
drivers/clk/samsung/clk-gs101.c | 4 +-
drivers/clk/tegra/clk-periph.c | 4 +-
drivers/clk/thead/clk-th1520-ap.c | 5 +-
drivers/comedi/comedi_fops.c | 33 +++++--
drivers/comedi/comedi_internal.h | 1 +
drivers/comedi/drivers.c | 13 ++-
drivers/cpufreq/cppc_cpufreq.c | 2 +-
drivers/cpufreq/cpufreq.c | 8 +-
drivers/cpufreq/intel_pstate.c | 2 +
drivers/cpuidle/governors/menu.c | 21 +++-
drivers/crypto/ccp/sp-pci.c | 1 +
drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 +-
.../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 ++-
drivers/devfreq/governor_userspace.c | 6 +-
drivers/dma/stm32/stm32-dma.c | 2 +-
drivers/edac/synopsys_edac.c | 93 +++++++++---------
drivers/firmware/arm_ffa/driver.c | 2 +-
drivers/firmware/arm_scmi/scmi_power_control.c | 22 ++++-
drivers/firmware/qcom/qcom_scm.c | 53 +++++-----
drivers/firmware/tegra/Kconfig | 5 +-
drivers/gpio/gpio-mlxbf2.c | 2 +-
drivers/gpio/gpio-mlxbf3.c | 52 ++++------
drivers/gpio/gpio-tps65912.c | 7 +-
drivers/gpio/gpio-virtio.c | 9 +-
drivers/gpio/gpio-wcd934x.c | 7 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 3 +-
drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 +-
.../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 6 +-
drivers/gpu/drm/amd/display/dc/core/dc.c | 6 +-
.../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 11 +--
drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 +-
.../gpu/drm/amd/display/dc/mpc/dcn401/dcn401_mpc.c | 2 +-
.../display/dc/resource/dcn314/dcn314_resource.c | 1 +
drivers/gpu/drm/amd/display/dmub/src/dmub_dcn35.c | 16 +--
drivers/gpu/drm/amd/pm/amdgpu_pm.c | 5 +
drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 +++----
drivers/gpu/drm/imagination/pvr_power.c | 59 +++++++++++-
drivers/gpu/drm/msm/msm_drv.c | 9 +-
drivers/gpu/drm/msm/msm_gem.c | 3 +-
drivers/gpu/drm/msm/msm_gem.h | 6 ++
drivers/gpu/drm/renesas/rz-du/rzg2l_mipi_dsi.c | 3 +
drivers/gpu/drm/ttm/ttm_pool.c | 8 +-
drivers/gpu/drm/ttm/ttm_resource.c | 3 +
drivers/gpu/drm/xe/xe_guc_exec_queue_types.h | 2 +
drivers/gpu/drm/xe/xe_guc_submit.c | 7 +-
drivers/gpu/drm/xe/xe_hw_fence.c | 3 +
drivers/gpu/drm/xe/xe_query.c | 27 +++---
drivers/hid/hid-apple.c | 17 ++--
drivers/hid/hid-magicmouse.c | 56 +++++++----
drivers/hwmon/emc2305.c | 10 +-
drivers/i2c/i2c-core-acpi.c | 1 +
drivers/i3c/internals.h | 1 +
drivers/i3c/master.c | 4 +-
drivers/idle/intel_idle.c | 2 +-
drivers/iio/adc/ad7768-1.c | 23 ++++-
drivers/iio/adc/ad_sigma_delta.c | 2 +-
drivers/infiniband/core/nldev.c | 22 +++--
drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 +-
drivers/infiniband/hw/hfi1/affinity.c | 44 +++++----
drivers/infiniband/sw/siw/siw_qp_tx.c | 5 +-
drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 +
drivers/iommu/intel/iommu.c | 19 +++-
drivers/iommu/intel/iommu.h | 3 +
drivers/iommu/iommufd/io_pagetable.c | 48 +++++----
drivers/leds/flash/leds-qcom-flash.c | 15 ++-
drivers/leds/leds-lp50xx.c | 11 ++-
drivers/leds/trigger/ledtrig-netdev.c | 16 +--
drivers/md/dm-ps-historical-service-time.c | 4 +-
drivers/md/dm-ps-queue-length.c | 4 +-
drivers/md/dm-ps-round-robin.c | 4 +-
drivers/md/dm-ps-service-time.c | 4 +-
drivers/md/dm-stripe.c | 1 +
drivers/md/dm-table.c | 10 +-
drivers/md/dm-zoned-target.c | 2 +-
drivers/md/dm.c | 37 ++++---
drivers/md/md.c | 51 ++++++----
drivers/md/md.h | 26 ++++-
drivers/md/raid10.c | 1 +
drivers/media/dvb-frontends/dib7000p.c | 8 ++
drivers/media/i2c/hi556.c | 7 +-
drivers/media/i2c/tc358743.c | 86 ++++++++++-------
drivers/media/pci/intel/ipu-bridge.c | 2 +
drivers/media/platform/qcom/venus/hfi_msgs.c | 83 +++++++++++-----
drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 ++
drivers/media/usb/uvc/uvc_driver.c | 12 +++
drivers/media/usb/uvc/uvc_video.c | 21 ++--
drivers/media/v4l2-core/v4l2-common.c | 14 ++-
drivers/mfd/axp20x.c | 3 +-
drivers/mfd/cros_ec_dev.c | 10 +-
drivers/mfd/tps6594-core.c | 88 +++++++++++++++--
drivers/mfd/tps6594-i2c.c | 10 +-
drivers/mfd/tps6594-spi.c | 10 +-
drivers/misc/cardreader/rtsx_usb.c | 16 +--
drivers/misc/mei/bus.c | 6 ++
drivers/mmc/host/rtsx_usb_sdmmc.c | 4 +-
drivers/mmc/host/sdhci-msm.c | 14 +++
drivers/net/can/ti_hecc.c | 2 +-
drivers/net/dsa/b53/b53_common.c | 76 ++++++++++++---
drivers/net/dsa/b53/b53_regs.h | 7 +-
drivers/net/ethernet/agere/et131x.c | 36 +++++++
drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2 +
.../aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 ++++++++
drivers/net/ethernet/atheros/ag71xx.c | 9 ++
drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +-
drivers/net/ethernet/emulex/benet/be_main.c | 8 +-
drivers/net/ethernet/faraday/ftgmac100.c | 7 +-
drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 -
drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 +-
drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14 ++-
drivers/net/ethernet/freescale/fec_main.c | 34 +++----
drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 +-
drivers/net/ethernet/google/gve/gve_adminq.c | 1 +
drivers/net/ethernet/intel/idpf/idpf.h | 19 ++++
drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 36 +++++--
drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 +++-
drivers/net/ethernet/intel/idpf/idpf_main.c | 1 +
drivers/net/ethernet/intel/idpf/idpf_txrx.c | 13 ++-
drivers/net/ethernet/mediatek/mtk_wed.c | 1 -
drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2 +-
drivers/net/ethernet/pensando/ionic/ionic_lif.c | 7 +-
drivers/net/ethernet/ti/icssg/icss_iep.c | 26 +++--
drivers/net/ethernet/ti/icssg/icssg_prueth.c | 6 ++
drivers/net/hyperv/hyperv_net.h | 3 +
drivers/net/hyperv/netvsc_drv.c | 29 +++++-
drivers/net/pcs/pcs-xpcs-plat.c | 4 +-
drivers/net/phy/broadcom.c | 25 ++++-
drivers/net/phy/micrel.c | 12 ++-
drivers/net/phy/smsc.c | 1 +
drivers/net/thunderbolt/main.c | 21 ++--
drivers/net/usb/asix_devices.c | 1 +
drivers/net/usb/cdc_ncm.c | 20 +++-
drivers/net/wireless/ath/ath10k/core.c | 48 ++++++++-
drivers/net/wireless/ath/ath10k/core.h | 11 ++-
drivers/net/wireless/ath/ath10k/mac.c | 7 +-
drivers/net/wireless/ath/ath10k/wmi.c | 6 ++
drivers/net/wireless/ath/ath12k/dp.c | 3 +-
drivers/net/wireless/ath/ath12k/hw.c | 2 +-
drivers/net/wireless/ath/ath12k/mac.c | 1 +
drivers/net/wireless/ath/ath12k/wmi.c | 5 +
drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 +-
drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 +-
drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 +-
drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 +
drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c | 5 +
drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +-
drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 25 +++--
drivers/net/wireless/realtek/rtlwifi/pci.c | 23 +++--
drivers/net/wireless/realtek/rtw89/chan.c | 6 ++
drivers/net/wireless/realtek/rtw89/fw.c | 9 +-
drivers/net/wireless/realtek/rtw89/fw.h | 2 +
drivers/net/wireless/realtek/rtw89/mac.c | 19 ++++
drivers/net/wireless/realtek/rtw89/reg.h | 1 +
drivers/net/wireless/realtek/rtw89/wow.c | 5 +-
drivers/net/xen-netfront.c | 5 -
drivers/nvme/host/pci.c | 24 ++++-
drivers/nvme/host/tcp.c | 11 ++-
drivers/pci/pci-acpi.c | 4 +-
drivers/pci/pci.c | 94 ++++++++++++------
drivers/pci/pci.h | 1 +
drivers/pci/probe.c | 5 +-
drivers/perf/arm-cmn.c | 1 +
drivers/perf/arm-ni.c | 1 +
drivers/perf/cxl_pmu.c | 2 +-
drivers/phy/rockchip/phy-rockchip-pcie.c | 3 +-
drivers/pinctrl/stm32/pinctrl-stm32.c | 1 +
drivers/platform/chrome/cros_ec_sensorhub.c | 23 ++++-
drivers/platform/chrome/cros_ec_typec.c | 4 +-
drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 ++
drivers/platform/x86/thinkpad_acpi.c | 4 +-
drivers/pmdomain/imx/imx8m-blk-ctrl.c | 10 ++
drivers/pmdomain/ti/Kconfig | 2 +-
drivers/power/supply/qcom_battmgr.c | 2 +
drivers/pps/clients/pps-gpio.c | 5 +-
drivers/ptp/ptp_clock.c | 2 +-
drivers/ptp/ptp_private.h | 5 +
drivers/ptp/ptp_vclock.c | 7 ++
drivers/remoteproc/imx_rproc.c | 4 +-
drivers/reset/Kconfig | 10 +-
drivers/rtc/rtc-ds1307.c | 15 ++-
drivers/scsi/aacraid/comminit.c | 3 +-
drivers/scsi/bfa/bfad_im.c | 1 +
drivers/scsi/libiscsi.c | 3 +-
drivers/scsi/lpfc/lpfc_debugfs.c | 1 -
drivers/scsi/lpfc/lpfc_hbadisc.c | 3 +-
drivers/scsi/lpfc/lpfc_scsi.c | 4 +
drivers/scsi/mpi3mr/mpi3mr_os.c | 20 +++-
drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 ++++
drivers/scsi/scsi_scan.c | 2 +-
drivers/scsi/scsi_transport_sas.c | 62 +++++++++---
drivers/soc/qcom/mdt_loader.c | 10 +-
drivers/soc/qcom/rpmh-rsc.c | 2 +-
drivers/soundwire/amd_manager.c | 7 +-
drivers/soundwire/bus.c | 6 +-
drivers/target/target_core_fabric_lib.c | 65 ++++++++++---
drivers/target/target_core_internal.h | 4 +-
drivers/target/target_core_pr.c | 18 ++--
drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 +++++++--
drivers/thermal/thermal_sysfs.c | 9 +-
drivers/thunderbolt/domain.c | 2 +-
drivers/tty/serial/serial_core.c | 44 ++++-----
drivers/usb/class/cdc-acm.c | 11 ++-
drivers/usb/core/config.c | 10 +-
drivers/usb/core/urb.c | 2 +-
drivers/usb/host/xhci-mem.c | 2 +
drivers/usb/host/xhci-ring.c | 10 +-
drivers/usb/host/xhci.c | 6 +-
drivers/usb/typec/mux/intel_pmc_mux.c | 2 +-
drivers/usb/typec/tcpm/tcpci_maxim_core.c | 46 ++++++---
drivers/usb/typec/ucsi/psy.c | 2 +-
drivers/usb/typec/ucsi/ucsi.c | 1 +
drivers/usb/typec/ucsi/ucsi.h | 7 +-
drivers/vfio/pci/mlx5/cmd.c | 4 +-
drivers/vfio/vfio_iommu_type1.c | 7 ++
drivers/vhost/vhost.c | 3 +
drivers/video/fbdev/core/fbcon.c | 9 +-
drivers/video/fbdev/core/fbmem.c | 3 +
drivers/virt/coco/efi_secret/efi_secret.c | 10 +-
drivers/watchdog/dw_wdt.c | 2 +
drivers/watchdog/iTCO_wdt.c | 6 +-
drivers/watchdog/sbsa_gwdt.c | 50 +++++++++-
fs/btrfs/block-group.c | 27 +++++-
fs/btrfs/ctree.c | 1 +
fs/btrfs/extent-tree.c | 33 ++++---
fs/btrfs/qgroup.c | 13 ++-
fs/btrfs/relocation.c | 19 ++++
fs/btrfs/transaction.c | 6 +-
fs/btrfs/tree-log.c | 107 ++++++++++++++-------
fs/btrfs/zoned.c | 5 +-
fs/crypto/fscrypt_private.h | 17 ++++
fs/crypto/hkdf.c | 2 +-
fs/crypto/keysetup.c | 3 +-
fs/crypto/keysetup_v1.c | 3 +-
fs/eventpoll.c | 60 +++++++++---
fs/exfat/dir.c | 12 +++
fs/exfat/fatent.c | 10 ++
fs/exfat/namei.c | 5 +
fs/exfat/super.c | 32 +++---
fs/ext2/inode.c | 12 ++-
fs/ext4/inline.c | 19 +++-
fs/ext4/mballoc-test.c | 9 ++
fs/ext4/mballoc.c | 69 ++++++-------
fs/f2fs/file.c | 24 ++---
fs/file.c | 15 +++
fs/gfs2/dir.c | 6 +-
fs/gfs2/glops.c | 6 ++
fs/gfs2/meta_io.c | 2 +
fs/hfs/bfind.c | 3 +
fs/hfs/bnode.c | 93 ++++++++++++++++++
fs/hfs/btree.c | 57 ++++++++---
fs/hfs/extent.c | 2 +-
fs/hfs/hfs_fs.h | 1 +
fs/hfsplus/bnode.c | 92 ++++++++++++++++++
fs/hfsplus/unicode.c | 7 ++
fs/hfsplus/xattr.c | 6 +-
fs/jfs/file.c | 3 +
fs/jfs/inode.c | 2 +-
fs/jfs/jfs_dmap.c | 6 ++
fs/libfs.c | 4 +-
fs/nfs/blocklayout/blocklayout.c | 4 +-
fs/nfs/blocklayout/dev.c | 5 +-
fs/nfs/blocklayout/extent_tree.c | 20 +++-
fs/nfs/client.c | 44 ++++++++-
fs/nfs/internal.h | 2 +-
fs/nfs/nfs4client.c | 20 +---
fs/nfs/nfs4proc.c | 2 +-
fs/nfs/pnfs.c | 11 ++-
fs/nfsd/nfs4state.c | 34 ++++++-
fs/ntfs3/dir.c | 3 +
fs/ntfs3/inode.c | 31 +++---
fs/orangefs/orangefs-debugfs.c | 2 +-
fs/pidfs.c | 2 +
fs/proc/task_mmu.c | 6 +-
fs/smb/client/cifssmb.c | 10 ++
fs/smb/client/compress.c | 61 +++---------
fs/smb/client/connect.c | 10 +-
fs/smb/client/sess.c | 9 ++
fs/smb/client/smb2ops.c | 11 ++-
fs/smb/client/smbdirect.c | 25 ++---
fs/smb/server/smb2pdu.c | 16 +--
fs/tracefs/inode.c | 11 +++
fs/udf/super.c | 13 ++-
fs/xfs/scrub/trace.h | 2 +-
include/linux/blk_types.h | 6 +-
include/linux/blkdev.h | 55 +++++++++++
include/linux/hypervisor.h | 3 +
include/linux/if_vlan.h | 21 ++--
include/linux/libata.h | 1 +
include/linux/memory-tiers.h | 2 +-
include/linux/mfd/tps6594.h | 1 +
include/linux/packing.h | 6 +-
include/linux/pci.h | 16 ++-
include/linux/sbitmap.h | 6 +-
include/linux/skbuff.h | 8 +-
include/linux/usb/cdc_ncm.h | 1 +
include/linux/virtio_vsock.h | 7 +-
include/net/cfg80211.h | 2 +-
include/net/kcm.h | 1 -
include/net/mac80211.h | 4 +
include/net/neighbour.h | 1 +
include/net/net_namespace.h | 16 +++
include/net/sock.h | 1 +
include/trace/events/thp.h | 2 +
include/uapi/linux/in6.h | 4 +-
include/uapi/linux/io_uring.h | 2 +-
include/uapi/linux/pci_regs.h | 1 +
io_uring/rw.c | 2 +-
kernel/bpf/verifier.c | 7 +-
kernel/module/main.c | 10 +-
kernel/power/console.c | 7 +-
kernel/printk/nbcon.c | 63 +++++++-----
kernel/rcu/tree.c | 2 +
kernel/rcu/tree.h | 14 ++-
kernel/rcu/tree_nocb.h | 5 +-
kernel/rcu/tree_plugin.h | 44 ++++++---
kernel/sched/deadline.c | 4 +-
kernel/sched/fair.c | 19 +++-
kernel/sched/rt.c | 6 ++
lib/sbitmap.c | 56 +++++------
mm/damon/core.c | 1 +
mm/kmemleak.c | 10 +-
mm/ptdump.c | 2 +
mm/slub.c | 7 +-
mm/userfaultfd.c | 15 +--
net/bluetooth/hci_sock.c | 2 +-
net/core/ieee8021q_helpers.c | 44 +++------
net/core/neighbour.c | 12 ++-
net/core/net_namespace.c | 8 +-
net/core/sock.c | 27 +++++-
net/ipv4/route.c | 1 -
net/ipv4/udp_offload.c | 2 +-
net/ipv6/addrconf.c | 7 +-
net/ipv6/mcast.c | 11 +--
net/kcm/kcmsock.c | 10 +-
net/mac80211/cfg.c | 12 +--
net/mac80211/chan.c | 1 +
net/mac80211/link.c | 9 +-
net/mac80211/mlme.c | 12 ++-
net/mac80211/rx.c | 12 ++-
net/mctp/af_mctp.c | 28 +++++-
net/mptcp/subflow.c | 5 +-
net/ncsi/internal.h | 2 +-
net/ncsi/ncsi-rsp.c | 1 +
net/netfilter/nf_conntrack_netlink.c | 24 ++---
net/netfilter/nft_set_pipapo.c | 9 +-
net/netlink/af_netlink.c | 12 +--
net/rds/tcp.c | 8 +-
net/sched/sch_ets.c | 11 ++-
net/sctp/input.c | 2 +-
net/smc/af_smc.c | 5 +-
net/sunrpc/svcsock.c | 5 +-
net/sunrpc/xprtsock.c | 8 +-
net/tls/tls.h | 2 +-
net/tls/tls_strp.c | 11 ++-
net/tls/tls_sw.c | 3 +-
net/vmw_vsock/virtio_transport.c | 2 +-
net/wireless/mlme.c | 3 +-
net/xfrm/xfrm_state.c | 74 ++++++++------
rust/Makefile | 13 ++-
scripts/kconfig/gconf.c | 8 +-
scripts/kconfig/lxdialog/inputbox.c | 6 +-
scripts/kconfig/lxdialog/menubox.c | 2 +-
scripts/kconfig/nconf.c | 2 +
scripts/kconfig/nconf.gui.c | 1 +
security/apparmor/domain.c | 52 +++++-----
security/apparmor/file.c | 6 +-
security/apparmor/include/lib.h | 6 +-
security/inode.c | 2 -
sound/core/pcm_native.c | 19 +++-
sound/pci/hda/hda_codec.c | 44 +++------
sound/pci/hda/patch_ca0132.c | 2 +-
sound/pci/hda/patch_realtek.c | 3 +
sound/pci/intel8x0.c | 2 +-
sound/soc/codecs/hdac_hdmi.c | 10 +-
sound/soc/codecs/rt5640.c | 5 +
sound/soc/fsl/fsl_sai.c | 20 ++--
sound/soc/intel/avs/core.c | 3 +-
sound/soc/qcom/lpass-platform.c | 27 ++++--
sound/soc/soc-core.c | 3 +
sound/soc/soc-dapm.c | 4 +
sound/soc/sof/topology.c | 15 ++-
sound/usb/mixer_quirks.c | 14 +--
sound/usb/stream.c | 25 ++++-
sound/usb/validate.c | 12 +++
tools/bootconfig/main.c | 24 ++---
tools/bpf/bpftool/main.c | 6 +-
tools/hv/hv_fcopy_uio_daemon.c | 91 ++++++++++++++++--
tools/include/nolibc/std.h | 4 +-
tools/include/nolibc/types.h | 4 +-
tools/lib/bpf/libbpf.c | 5 +
.../cpupower/utils/idle_monitor/mperf_monitor.c | 4 +-
tools/power/x86/turbostat/turbostat.c | 14 ++-
tools/scripts/Makefile.include | 4 +-
tools/testing/ktest/ktest.pl | 5 +-
tools/testing/selftests/arm64/fp/sve-ptrace.c | 3 +-
tools/testing/selftests/bpf/prog_tests/ringbuf.c | 4 +-
.../selftests/bpf/prog_tests/user_ringbuf.c | 10 +-
.../selftests/bpf/progs/test_ringbuf_write.c | 4 +-
.../testing/selftests/bpf/progs/verifier_unpriv.c | 2 +-
.../ftrace/test.d/ftrace/func-filter-glob.tc | 2 +-
tools/testing/selftests/futex/include/futextest.h | 11 +++
tools/testing/selftests/net/netfilter/config | 2 +-
tools/testing/selftests/vDSO/vdso_test_getrandom.c | 6 +-
473 files changed, 4331 insertions(+), 1862 deletions(-)
2 weeks, 4 days
- 14
- 459
[PATCH] firmware: exynos-acpm: fix PMIC returned errno
by Tudor Ambarus
ACPM PMIC command handlers returned a u8 value when they should
have returned either zero or negative error codes.
Translate the APM PMIC errno to linux errno.
Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org>
Closes: https://lore.kernel.org/linux-input/aElHlTApXj-W_o1r@stanley.mountain/
Fixes: a88927b534ba ("firmware: add Exynos ACPM protocol driver")
Cc: stable(a)vger.kernel.org
Signed-off-by: Tudor Ambarus <tudor.ambarus(a)linaro.org>
---
drivers/firmware/samsung/exynos-acpm-pmic.c | 36 +++++++++++++++++++++++++----
1 file changed, 31 insertions(+), 5 deletions(-)
diff --git a/drivers/firmware/samsung/exynos-acpm-pmic.c b/drivers/firmware/samsung/exynos-acpm-pmic.c
index 39b33a356ebd240506b6390163229a70a2d1fe68..a355ee194027c09431f275f0fd296f45652af536 100644
--- a/drivers/firmware/samsung/exynos-acpm-pmic.c
+++ b/drivers/firmware/samsung/exynos-acpm-pmic.c
@@ -5,6 +5,7 @@
* Copyright 2024 Linaro Ltd.
*/
#include <linux/bitfield.h>
+#include <linux/errno.h>
#include <linux/firmware/samsung/exynos-acpm-protocol.h>
#include <linux/ktime.h>
#include <linux/types.h>
@@ -33,6 +34,26 @@ enum exynos_acpm_pmic_func {
ACPM_PMIC_BULK_WRITE,
};
+enum acpm_pmic_error_codes {
+ ACPM_PMIC_SUCCESS = 0,
+ ACPM_PMIC_ERR_READ = 1,
+ ACPM_PMIC_ERR_WRITE = 2,
+ ACPM_PMIC_ERR_MAX
+};
+
+static int acpm_pmic_linux_errmap[ACPM_PMIC_ERR_MAX] = {
+ 0, /* ACPM_PMIC_SUCCESS */
+ -EACCES, /* Read register can't be accessed or issues to access it. */
+ -EACCES, /* Write register can't be accessed or issues to access it. */
+};
+
+static inline int acpm_pmic_to_linux_errno(int errno)
+{
+ if (errno >= ACPM_PMIC_SUCCESS && errno < ACPM_PMIC_ERR_MAX)
+ return acpm_pmic_linux_errmap[errno];
+ return -EIO;
+}
+
static inline u32 acpm_pmic_set_bulk(u32 data, unsigned int i)
{
return (data & ACPM_PMIC_BULK_MASK) << (ACPM_PMIC_BULK_SHIFT * i);
@@ -79,7 +100,8 @@ int acpm_pmic_read_reg(const struct acpm_handle *handle,
*buf = FIELD_GET(ACPM_PMIC_VALUE, xfer.rxd[1]);
- return FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]);
+ return acpm_pmic_to_linux_errno(FIELD_GET(ACPM_PMIC_RETURN,
+ xfer.rxd[1]));
}
static void acpm_pmic_init_bulk_read_cmd(u32 cmd[4], u8 type, u8 reg, u8 chan,
@@ -110,7 +132,8 @@ int acpm_pmic_bulk_read(const struct acpm_handle *handle,
if (ret)
return ret;
- ret = FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]);
+ ret = acpm_pmic_to_linux_errno(FIELD_GET(ACPM_PMIC_RETURN,
+ xfer.rxd[1]));
if (ret)
return ret;
@@ -150,7 +173,8 @@ int acpm_pmic_write_reg(const struct acpm_handle *handle,
if (ret)
return ret;
- return FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]);
+ return acpm_pmic_to_linux_errno(FIELD_GET(ACPM_PMIC_RETURN,
+ xfer.rxd[1]));
}
static void acpm_pmic_init_bulk_write_cmd(u32 cmd[4], u8 type, u8 reg, u8 chan,
@@ -190,7 +214,8 @@ int acpm_pmic_bulk_write(const struct acpm_handle *handle,
if (ret)
return ret;
- return FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]);
+ return acpm_pmic_to_linux_errno(FIELD_GET(ACPM_PMIC_RETURN,
+ xfer.rxd[1]));
}
static void acpm_pmic_init_update_cmd(u32 cmd[4], u8 type, u8 reg, u8 chan,
@@ -220,5 +245,6 @@ int acpm_pmic_update_reg(const struct acpm_handle *handle,
if (ret)
return ret;
- return FIELD_GET(ACPM_PMIC_RETURN, xfer.rxd[1]);
+ return acpm_pmic_to_linux_errno(FIELD_GET(ACPM_PMIC_RETURN,
+ xfer.rxd[1]));
}
---
base-commit: c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9
change-id: 20250820-acpm-pmix-fix-errno-92b3e6e17d1b
Best regards,
--
Tudor Ambarus <tudor.ambarus(a)linaro.org>
2 weeks, 4 days
- 2
- 2
[PATCH AUTOSEL 6.16-5.15] fs: writeback: fix use-after-free in __mark_inode_dirty()
by Sasha Levin
From: Jiufei Xue <jiufei.xue(a)samsung.com>
[ Upstream commit d02d2c98d25793902f65803ab853b592c7a96b29 ]
An use-after-free issue occurred when __mark_inode_dirty() get the
bdi_writeback that was in the progress of switching.
CPU: 1 PID: 562 Comm: systemd-random- Not tainted 6.6.56-gb4403bd46a8e #1
......
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : __mark_inode_dirty+0x124/0x418
lr : __mark_inode_dirty+0x118/0x418
sp : ffffffc08c9dbbc0
........
Call trace:
__mark_inode_dirty+0x124/0x418
generic_update_time+0x4c/0x60
file_modified+0xcc/0xd0
ext4_buffered_write_iter+0x58/0x124
ext4_file_write_iter+0x54/0x704
vfs_write+0x1c0/0x308
ksys_write+0x74/0x10c
__arm64_sys_write+0x1c/0x28
invoke_syscall+0x48/0x114
el0_svc_common.constprop.0+0xc0/0xe0
do_el0_svc+0x1c/0x28
el0_svc+0x40/0xe4
el0t_64_sync_handler+0x120/0x12c
el0t_64_sync+0x194/0x198
Root cause is:
systemd-random-seed kworker
----------------------------------------------------------------------
___mark_inode_dirty inode_switch_wbs_work_fn
spin_lock(&inode->i_lock);
inode_attach_wb
locked_inode_to_wb_and_lock_list
get inode->i_wb
spin_unlock(&inode->i_lock);
spin_lock(&wb->list_lock)
spin_lock(&inode->i_lock)
inode_io_list_move_locked
spin_unlock(&wb->list_lock)
spin_unlock(&inode->i_lock)
spin_lock(&old_wb->list_lock)
inode_do_switch_wbs
spin_lock(&inode->i_lock)
inode->i_wb = new_wb
spin_unlock(&inode->i_lock)
spin_unlock(&old_wb->list_lock)
wb_put_many(old_wb, nr_switched)
cgwb_release
old wb released
wb_wakeup_delayed() accesses wb,
then trigger the use-after-free
issue
Fix this race condition by holding inode spinlock until
wb_wakeup_delayed() finished.
Signed-off-by: Jiufei Xue <jiufei.xue(a)samsung.com>
Link: https://lore.kernel.org/20250728100715.3863241-1-jiufei.xue@samsung.com
Reviewed-by: Jan Kara <jack(a)suse.cz>
Signed-off-by: Christian Brauner <brauner(a)kernel.org>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
LLM Generated explanations, may be completely bogus:
Based on my thorough analysis of the commit and the kernel code, here's
my assessment:
**Backport Status: YES**
## Extensive Explanation:
This commit fixes a **critical use-after-free vulnerability** in the
writeback subsystem that should definitely be backported to stable
kernel trees. Here's why:
### 1. **Real Security Bug with Clear Impact**
The commit fixes a genuine use-after-free vulnerability that occurs in
`__mark_inode_dirty()`. The bug manifests as a kernel crash with a clear
call trace showing memory corruption. This is not a theoretical issue -
it has been observed in production (kernel 6.6.56).
### 2. **Race Condition Details**
The race condition occurs between two concurrent operations:
- **Thread A** (`__mark_inode_dirty`): Gets a reference to
`inode->i_wb`, releases the inode lock, then calls
`wb_wakeup_delayed(wb)`
- **Thread B** (`inode_switch_wbs_work_fn`): Switches the inode's
writeback context, releases the old wb via `wb_put_many()`, which can
trigger `cgwb_release` and free the wb structure
The vulnerability window exists because Thread A accesses the wb
structure (`wb_wakeup_delayed(wb)`) after releasing the inode lock but
before completing its operation, while Thread B can free that same wb
structure in parallel.
### 3. **Minimal and Contained Fix**
The fix is remarkably simple and surgical - it only reorders lock
releases:
```c
- spin_unlock(&wb->list_lock);
- spin_unlock(&inode->i_lock);
- trace_writeback_dirty_inode_enqueue(inode);
-
if (wakeup_bdi && (wb->bdi->capabilities & BDI_CAP_WRITEBACK))
wb_wakeup_delayed(wb);
+
+ spin_unlock(&wb->list_lock);
+ spin_unlock(&inode->i_lock);
+ trace_writeback_dirty_inode_enqueue(inode);
```
The fix ensures that `wb_wakeup_delayed()` is called while still holding
the locks, preventing the wb from being freed during the operation. This
is a classic lock ordering fix with minimal code change (just moving 3
lines).
### 4. **Critical Subsystem**
The writeback subsystem is fundamental to filesystem operations - it
handles dirty page writeback, inode management, and I/O scheduling. A
use-after-free here can lead to:
- System crashes/panics
- Data corruption
- Security vulnerabilities (potential for exploitation)
### 5. **Matches Stable Criteria**
This fix perfectly aligns with stable kernel rules:
- **Fixes a real bug**: Documented use-after-free with crash trace
- **Already upstream**: Has been reviewed by Jan Kara (filesystem
maintainer) and merged by Christian Brauner
- **Small change**: Only 6 lines moved, no new logic
- **No new features**: Pure bug fix
- **Low regression risk**: Simply extends existing lock protection
slightly
### 6. **Similar Historical Fixes**
The git history shows multiple similar use-after-free fixes in this
subsystem have been backported:
- `f87904c07551` - writeback: avoid use-after-free after removing device
- `8e00c4e9dd85` - writeback: fix use-after-free in
finish_writeback_work()
- `614a4e377314` - writeback, cgroup: fix premature wb_put()
### 7. **CONFIG_CGROUP_WRITEBACK Dependency**
While this bug primarily affects systems with `CONFIG_CGROUP_WRITEBACK`
enabled (used for cgroup-aware writeback), this is a common
configuration in modern distributions, especially those using cgroups v2
for container workloads.
### 8. **No Side Effects**
The change has no functional side effects beyond fixing the race:
- The trace event still fires at the same logical point
- The wb_wakeup_delayed() still executes under the same conditions
- Only the lock hold duration is slightly extended to cover the wb
access
This is a textbook example of a commit that should be backported to
stable kernels - it fixes a serious bug with minimal, well-understood
changes in a critical subsystem.
fs/fs-writeback.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/fs/fs-writeback.c b/fs/fs-writeback.c
index cc57367fb641..a07b8cf73ae2 100644
--- a/fs/fs-writeback.c
+++ b/fs/fs-writeback.c
@@ -2608,10 +2608,6 @@ void __mark_inode_dirty(struct inode *inode, int flags)
wakeup_bdi = inode_io_list_move_locked(inode, wb,
dirty_list);
- spin_unlock(&wb->list_lock);
- spin_unlock(&inode->i_lock);
- trace_writeback_dirty_inode_enqueue(inode);
-
/*
* If this is the first dirty inode for this bdi,
* we have to wake-up the corresponding bdi thread
@@ -2621,6 +2617,11 @@ void __mark_inode_dirty(struct inode *inode, int flags)
if (wakeup_bdi &&
(wb->bdi->capabilities & BDI_CAP_WRITEBACK))
wb_wakeup_delayed(wb);
+
+ spin_unlock(&wb->list_lock);
+ spin_unlock(&inode->i_lock);
+ trace_writeback_dirty_inode_enqueue(inode);
+
return;
}
}
--
2.50.1
2 weeks, 5 days
- 1
- 10
FAILED: patch "[PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x d8df126349dad855cdfedd6bbf315bad2e901c2f
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082517-crazily-renewed-62e6@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From d8df126349dad855cdfedd6bbf315bad2e901c2f Mon Sep 17 00:00:00 2001
From: Tianxiang Peng <txpeng(a)tencent.com>
Date: Mon, 23 Jun 2025 17:31:53 +0800
Subject: [PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init
helper
Since
923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot")
resctrl_cpu_detect() has been moved from common CPU initialization code to
the vendor-specific BSP init helper, while Hygon didn't put that call in their
code.
This triggers a division by zero fault during early booting stage on our
machines with X86_FEATURE_CQM* supported, where get_rdt_mon_resources() tries
to calculate mon_l3_config with uninitialized boot_cpu_data.x86_cache_occ_scale.
Add the missing resctrl_cpu_detect() in the Hygon BSP init helper.
[ bp: Massage commit message. ]
Fixes: 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot")
Signed-off-by: Tianxiang Peng <txpeng(a)tencent.com>
Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de>
Reviewed-by: Hui Li <caelli(a)tencent.com>
Cc: <stable(a)kernel.org>
Link: https://lore.kernel.org/20250623093153.3016937-1-txpeng@tencent.com
diff --git a/arch/x86/kernel/cpu/hygon.c b/arch/x86/kernel/cpu/hygon.c
index 2154f12766fb..1fda6c3a2b65 100644
--- a/arch/x86/kernel/cpu/hygon.c
+++ b/arch/x86/kernel/cpu/hygon.c
@@ -16,6 +16,7 @@
#include <asm/spec-ctrl.h>
#include <asm/delay.h>
#include <asm/msr.h>
+#include <asm/resctrl.h>
#include "cpu.h"
@@ -117,6 +118,8 @@ static void bsp_init_hygon(struct cpuinfo_x86 *c)
x86_amd_ls_cfg_ssbd_mask = 1ULL << 10;
}
}
+
+ resctrl_cpu_detect(c);
}
static void early_init_hygon(struct cpuinfo_x86 *c)
2 weeks, 5 days
- 2
- 1
[PATCH] EDAC: altera: Delete an inappropriate dma_free_coherent() call in altr_sdr_mc_err_inject_write()
by Salah Triki
`dma_free_coherent()` must only be called if the corresponding
`dma_alloc_coherent()` call has succeeded. Calling it when the allocation
fails leads to undefined behavior.
Add a check to ensure that the memory is only freed when the allocation
was successful.
Signed-off-by: Salah Triki <salah.triki(a)gmail.com>
Fixes: 71bcada88b0f3 ("edac: altera: Add Altera SDRAM EDAC support")
Cc: Markus Elfring <Markus.Elfring(a)web.de>
Cc: Dinh Nguyen <dinguyen(a)kernel.org>
Cc: Borislav Petkov <bp(a)alien8.de>
Cc: Tony Luck <tony.luck(a)intel.com>
Cc: James Morse <james.morse(a)arm.com>
Cc: Mauro Carvalho Chehab <mchehab(a)kernel.org>
Cc: Robert Richter <rric(a)kernel.org>
Cc: linux-edac(a)vger.kernel.org
Cc: linux-kernel(a)vger.kernel.org
Cc: stable(a)vger.kernel.org
---
drivers/edac/altera_edac.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/drivers/edac/altera_edac.c b/drivers/edac/altera_edac.c
index cae52c654a15..7685a8550d4b 100644
--- a/drivers/edac/altera_edac.c
+++ b/drivers/edac/altera_edac.c
@@ -128,7 +128,6 @@ static ssize_t altr_sdr_mc_err_inject_write(struct file *file,
ptemp = dma_alloc_coherent(mci->pdev, 16, &dma_handle, GFP_KERNEL);
if (!ptemp) {
- dma_free_coherent(mci->pdev, 16, ptemp, dma_handle);
edac_printk(KERN_ERR, EDAC_MC,
"Inject: Buffer Allocation error\n");
return -ENOMEM;
--
2.43.0
2 weeks, 5 days
- 4
- 3
FAILED: patch "[PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x d8df126349dad855cdfedd6bbf315bad2e901c2f
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082517-cramp-prissy-ebff@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From d8df126349dad855cdfedd6bbf315bad2e901c2f Mon Sep 17 00:00:00 2001
From: Tianxiang Peng <txpeng(a)tencent.com>
Date: Mon, 23 Jun 2025 17:31:53 +0800
Subject: [PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init
helper
Since
923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot")
resctrl_cpu_detect() has been moved from common CPU initialization code to
the vendor-specific BSP init helper, while Hygon didn't put that call in their
code.
This triggers a division by zero fault during early booting stage on our
machines with X86_FEATURE_CQM* supported, where get_rdt_mon_resources() tries
to calculate mon_l3_config with uninitialized boot_cpu_data.x86_cache_occ_scale.
Add the missing resctrl_cpu_detect() in the Hygon BSP init helper.
[ bp: Massage commit message. ]
Fixes: 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot")
Signed-off-by: Tianxiang Peng <txpeng(a)tencent.com>
Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de>
Reviewed-by: Hui Li <caelli(a)tencent.com>
Cc: <stable(a)kernel.org>
Link: https://lore.kernel.org/20250623093153.3016937-1-txpeng@tencent.com
diff --git a/arch/x86/kernel/cpu/hygon.c b/arch/x86/kernel/cpu/hygon.c
index 2154f12766fb..1fda6c3a2b65 100644
--- a/arch/x86/kernel/cpu/hygon.c
+++ b/arch/x86/kernel/cpu/hygon.c
@@ -16,6 +16,7 @@
#include <asm/spec-ctrl.h>
#include <asm/delay.h>
#include <asm/msr.h>
+#include <asm/resctrl.h>
#include "cpu.h"
@@ -117,6 +118,8 @@ static void bsp_init_hygon(struct cpuinfo_x86 *c)
x86_amd_ls_cfg_ssbd_mask = 1ULL << 10;
}
}
+
+ resctrl_cpu_detect(c);
}
static void early_init_hygon(struct cpuinfo_x86 *c)
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x d8df126349dad855cdfedd6bbf315bad2e901c2f
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082516-wikipedia-entitle-8772@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From d8df126349dad855cdfedd6bbf315bad2e901c2f Mon Sep 17 00:00:00 2001
From: Tianxiang Peng <txpeng(a)tencent.com>
Date: Mon, 23 Jun 2025 17:31:53 +0800
Subject: [PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init
helper
Since
923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot")
resctrl_cpu_detect() has been moved from common CPU initialization code to
the vendor-specific BSP init helper, while Hygon didn't put that call in their
code.
This triggers a division by zero fault during early booting stage on our
machines with X86_FEATURE_CQM* supported, where get_rdt_mon_resources() tries
to calculate mon_l3_config with uninitialized boot_cpu_data.x86_cache_occ_scale.
Add the missing resctrl_cpu_detect() in the Hygon BSP init helper.
[ bp: Massage commit message. ]
Fixes: 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot")
Signed-off-by: Tianxiang Peng <txpeng(a)tencent.com>
Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de>
Reviewed-by: Hui Li <caelli(a)tencent.com>
Cc: <stable(a)kernel.org>
Link: https://lore.kernel.org/20250623093153.3016937-1-txpeng@tencent.com
diff --git a/arch/x86/kernel/cpu/hygon.c b/arch/x86/kernel/cpu/hygon.c
index 2154f12766fb..1fda6c3a2b65 100644
--- a/arch/x86/kernel/cpu/hygon.c
+++ b/arch/x86/kernel/cpu/hygon.c
@@ -16,6 +16,7 @@
#include <asm/spec-ctrl.h>
#include <asm/delay.h>
#include <asm/msr.h>
+#include <asm/resctrl.h>
#include "cpu.h"
@@ -117,6 +118,8 @@ static void bsp_init_hygon(struct cpuinfo_x86 *c)
x86_amd_ls_cfg_ssbd_mask = 1ULL << 10;
}
}
+
+ resctrl_cpu_detect(c);
}
static void early_init_hygon(struct cpuinfo_x86 *c)
2 weeks, 5 days
- 2
- 1
[PATCH v9] Bluetooth: hci_qca: Fix SSR (SubSystem Restart) fail when BT_EN is pulled up by hw
by Shuai Zhang
When the host actively triggers SSR and collects coredump data,
the Bluetooth stack sends a reset command to the controller. However, due
to the inability to clear the QCA_SSR_TRIGGERED and QCA_IBS_DISABLED bits,
the reset command times out.
To address this, this patch clears the QCA_SSR_TRIGGERED and
QCA_IBS_DISABLED flags and adds a 50ms delay after SSR, but only when
HCI_QUIRK_NON_PERSISTENT_SETUP is not set. This ensures the controller
completes the SSR process when BT_EN is always high due to hardware.
For the purpose of HCI_QUIRK_NON_PERSISTENT_SETUP, please refer to
the comment in `include/net/bluetooth/hci.h`.
The HCI_QUIRK_NON_PERSISTENT_SETUP quirk is associated with BT_EN,
and its presence can be used to determine whether BT_EN is defined in DTS.
After SSR, host will not download the firmware, causing
controller to remain in the IBS_WAKE state. Host needs
to synchronize with the controller to maintain proper operation.
Multiple triggers of SSR only first generate coredump file,
due to memcoredump_flag no clear.
add clear coredump flag when ssr completed.
When the SSR duration exceeds 2 seconds, it triggers
host tx_idle_timeout, which sets host TX state to sleep. due to the
hardware pulling up bt_en, the firmware is not downloaded after the SSR.
As a result, the controller does not enter sleep mode. Consequently,
when the host sends a command afterward, it sends 0xFD to the controller,
but the controller does not respond, leading to a command timeout.
So reset tx_idle_timer after SSR to prevent host enter TX IBS_Sleep mode.
---
Changes since v6-7:
- Merge the changes into a single patch.
- Update commit.
Changes since v1-5:
- Add an explanation for HCI_QUIRK_NON_PERSISTENT_SETUP.
- Add commments for msleep(50).
- Update format and commit.
Signed-off-by: Shuai Zhang <quic_shuaz(a)quicinc.com>
---
drivers/bluetooth/hci_qca.c | 33 +++++++++++++++++++++++++++++++++
1 file changed, 33 insertions(+)
diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c
index 4cff4d9be..97aaf4985 100644
--- a/drivers/bluetooth/hci_qca.c
+++ b/drivers/bluetooth/hci_qca.c
@@ -1653,6 +1653,39 @@ static void qca_hw_error(struct hci_dev *hdev, u8 code)
skb_queue_purge(&qca->rx_memdump_q);
}
+ /*
+ * If the BT chip's bt_en pin is connected to a 3.3V power supply via
+ * hardware and always stays high, driver cannot control the bt_en pin.
+ * As a result, during SSR (SubSystem Restart), QCA_SSR_TRIGGERED and
+ * QCA_IBS_DISABLED flags cannot be cleared, which leads to a reset
+ * command timeout.
+ * Add an msleep delay to ensure controller completes the SSR process.
+ *
+ * Host will not download the firmware after SSR, controller to remain
+ * in the IBS_WAKE state, and the host needs to synchronize with it
+ *
+ * Since the bluetooth chip has been reset, clear the memdump state.
+ */
+ if (!test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks)) {
+ /*
+ * When the SSR (SubSystem Restart) duration exceeds 2 seconds,
+ * it triggers host tx_idle_delay, which sets host TX state
+ * to sleep. Reset tx_idle_timer after SSR to prevent
+ * host enter TX IBS_Sleep mode.
+ */
+ mod_timer(&qca->tx_idle_timer, jiffies +
+ msecs_to_jiffies(qca->tx_idle_delay));
+
+ /* Controller reset completion time is 50ms */
+ msleep(50);
+
+ clear_bit(QCA_SSR_TRIGGERED, &qca->flags);
+ clear_bit(QCA_IBS_DISABLED, &qca->flags);
+
+ qca->tx_ibs_state = HCI_IBS_TX_AWAKE;
+ qca->memdump_state = QCA_MEMDUMP_IDLE;
+ }
+
clear_bit(QCA_HW_ERROR_EVENT, &qca->flags);
}
--
2.34.1
2 weeks, 5 days
- 2
- 1
[PATCH] platform/x86/amd: hfi: Fix pcct_tbl leak in amd_hfi_metadata_parser()
by Zhen Ni
Fix a permanent ACPI table memory leak when amd_hfi_metadata_parser()
fails due to invalid PCCT table length or memory allocation errors.
Fixes: d4e95ea7a78e ("platform/x86: hfi: Parse CPU core ranking data from shared memory")
Cc: stable(a)vger.kernel.org
Signed-off-by: Zhen Ni <zhen.ni(a)easystack.cn>
---
drivers/platform/x86/amd/hfi/hfi.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/drivers/platform/x86/amd/hfi/hfi.c b/drivers/platform/x86/amd/hfi/hfi.c
index 4f56149b3774..a465ac6f607e 100644
--- a/drivers/platform/x86/amd/hfi/hfi.c
+++ b/drivers/platform/x86/amd/hfi/hfi.c
@@ -385,12 +385,16 @@ static int amd_hfi_metadata_parser(struct platform_device *pdev,
amd_hfi_data->pcct_entry = pcct_entry;
pcct_ext = (struct acpi_pcct_ext_pcc_slave *)pcct_entry;
- if (pcct_ext->length <= 0)
- return -EINVAL;
+ if (pcct_ext->length <= 0) {
+ ret = -EINVAL;
+ goto out;
+ }
amd_hfi_data->shmem = devm_kzalloc(amd_hfi_data->dev, pcct_ext->length, GFP_KERNEL);
- if (!amd_hfi_data->shmem)
- return -ENOMEM;
+ if (!amd_hfi_data->shmem) {
+ ret = -ENOMEM;
+ goto out;
+ }
pcc_chan->shmem_base_addr = pcct_ext->base_address;
pcc_chan->shmem_size = pcct_ext->length;
@@ -398,6 +402,8 @@ static int amd_hfi_metadata_parser(struct platform_device *pdev,
/* parse the shared memory info from the PCCT table */
ret = amd_hfi_fill_metadata(amd_hfi_data);
+out:
+ /* Don't leak any ACPI memory */
acpi_put_table(pcct_tbl);
return ret;
--
2.20.1
2 weeks, 5 days
- 3
- 2
[PATCH 1/3] ASoC: qcom: audioreach: fix potential null pointer dereference
by Srinivas Kandagatla
It is possible that the topology parsing function
audioreach_widget_load_module_common() could return NULL or an error
pointer. Add missing NULL check so that we do not dereference it.
Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org>
Cc: <Stable(a)vger.kernel.org>
Fixes: 36ad9bf1d93d ("ASoC: qdsp6: audioreach: add topology support")
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com>
---
sound/soc/qcom/qdsp6/topology.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sound/soc/qcom/qdsp6/topology.c b/sound/soc/qcom/qdsp6/topology.c
index ec51fabd98cb..c2226ed5164f 100644
--- a/sound/soc/qcom/qdsp6/topology.c
+++ b/sound/soc/qcom/qdsp6/topology.c
@@ -607,8 +607,8 @@ static int audioreach_widget_load_module_common(struct snd_soc_component *compon
return PTR_ERR(cont);
mod = audioreach_parse_common_tokens(apm, cont, &tplg_w->priv, w);
- if (IS_ERR(mod))
- return PTR_ERR(mod);
+ if (IS_ERR_OR_NULL(mod))
+ return mod ? PTR_ERR(mod) : -ENODEV;
mod->data = audioreach_get_module_priv_data(&tplg_w->priv);
--
2.50.0
2 weeks, 5 days
- 1
- 0
[PATCH] intel_idle: fix ACPI _CST matching for newer Xeon platforms
by Weilin Tong
From: Artem Bityutskiy <artem.bityutskiy(a)linux.intel.com>
ANBZ: #11599
commit 4c411cca33cf1c21946b710b2eb59aca9f646703 upstream.
Background
~~~~~~~~~~
The driver uses 'use_acpi = true' in C-state custom table for all Xeon
platforms. The meaning of this flag is as follows.
1. If a C-state from the custom table is defined in ACPI _CST (matched
by the mwait hint), then enable this C-state.
2. Otherwise, disable this C-state, unless the C-sate definition in the
custom table has the 'CPUIDLE_FLAG_ALWAYS_ENABLE' flag set, in which
case enabled it.
The goal is to honor BIOS C6 settings - If BIOS disables C6, disable it
by default in the OS too (but it can be enabled via sysfs).
This works well on Xeons that expose only one flavor of C6. This are all
Xeons except for the newest Granite Rapids (GNR) and Sierra Forest (SRF).
The problem
~~~~~~~~~~~
GNR and SRF have 2 flavors of C6: C6/C6P on GNR, C6S/C6SP on SRF. The
the "P" flavor allows for the package C6, while the "non-P" flavor
allows only for core/module C6.
As far as this patch is concerned, both GNR and SRF platforms are
handled the same way. Therefore, further discussion is focused on GNR,
but it applies to SRF as well.
On Intel Xeon platforms, BIOS exposes only 2 ACPI C-states: C1 and C2.
Well, depending on BIOS settings, C2 may be named as C3. But there still
will be only 2 states - C1 and C3. But this is a non-essential detail,
so further discussion is focused on the ACPI C1 and C2 case.
On pre-GNR/SRF Xeon platforms, ACPI C1 is mapped to C1 or C1E, and ACPI
C2 is mapped to C6. The 'use_acpi' flag works just fine:
* If ACPI C2 enabled, enable C6.
* Otherwise, disable C6.
However, on GNR there are 2 flavors of C6, so BIOS maps ACPI C2 to
either C6 or C6P, depending on the user settings. As a result, due to
the 'use_acpi' flag, 'intel_idle' disables least one of the C6 flavors.
BIOS | OS | Verdict
----------------------------------------------------|---------
ACPI C2 disabled | C6 disabled, C6P disabled | OK
ACPI C2 mapped to C6 | C6 enabled, C6P disabled | Not OK
ACPI C2 mapped to C6P | C6 disabled, C6P enabled | Not OK
The goal of 'use_acpi' is to honor BIOS ACPI C2 disabled case, which
works fine. But if ACPI C2 is enabled, the goal is to enable all flavors
of C6, not just one of the flavors. This was overlooked when enabling
GNR/SRF platforms.
In other words, before GNR/SRF, the ACPI C2 status was binary - enabled
or disabled. But it is not binary on GNR/SRF, however the goal is to
continue treat it as binary.
The fix
~~~~~~~
Notice, that current algorithm matches ACPI and custom table C-states
by the mwait hint. However, mwait hint consists of the 'state' and
'sub-state' parts, and all C6 flavors have the same state value of 0x20,
but different sub-state values.
Introduce new C-state table flag - CPUIDLE_FLAG_PARTIAL_HINT_MATCH and
add it to both C6 flavors of the GNR/SRF platforms.
When matching ACPI _CST and custom table C-states, match only the start
part if the C-state has CPUIDLE_FLAG_PARTIAL_HINT_MATCH, other wise
match both state and sub-state parts (as before).
With this fix, GNR C-states enabled/disabled status looks like this.
BIOS | OS
----------------------------------------------------
ACPI C2 disabled | C6 disabled, C6P disabled
ACPI C2 mapped to C6 | C6 enabled, C6P enabled
ACPI C2 mapped to C6P | C6 enabled, C6P enabled
Possible alternative
~~~~~~~~~~~~~~~~~~~~
The alternative would be to remove 'use_acpi' flag for GNR and SRF.
This would be a simpler solution, but it would violate the principle of
least surprise - users of Xeon platforms are used to the fact that
intel_idle honors C6 enabled/disabled flag. It is more consistent user
experience if GNR/SRF continue doing so.
How tested
~~~~~~~~~~
Tested on GNR and SRF platform with all the 3 BIOS configurations: ACPI
C2 disabled, mapped to C6/C6S, mapped to C6P/C6SP.
Tested on Ice lake Xeon and Sapphire Rapids Xeon platforms with ACPI C2
enabled and disabled, just to verify that the patch does not break older
Xeons.
Intel-SIG: Intel-SIG: commit 4c411cca33cf intel_idle: fix ACPI _CST matching for newer Xeon platforms.
Backport intel_idle GNR and SRF fix
Fixes: 92813fd5b156 ("intel_idle: add Sierra Forest SoC support")
Fixes: 370406bf5738 ("intel_idle: add Granite Rapids Xeon support")
Cc: 6.8+ <stable(a)vger.kernel.org> # 6.8+
Signed-off-by: Artem Bityutskiy <artem.bityutskiy(a)linux.intel.com>
Link: https://patch.msgid.link/20240913165143.4140073-1-dedekind1@gmail.com
[ rjw: Changelog edits ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
[ Yingbao Jia: amend commit log ]
Signed-off-by: Yingbao Jia <yingbao.jia(a)intel.com>
Reviewed-by: Artie Ding <artie.ding(a)linux.alibaba.com>
Link: https://gitee.com/anolis/cloud-kernel/pulls/4057
---
drivers/idle/intel_idle.c | 37 +++++++++++++++++++++++++++++--------
1 file changed, 29 insertions(+), 8 deletions(-)
diff --git a/drivers/idle/intel_idle.c b/drivers/idle/intel_idle.c
index 3f216160f19c..783545ff98af 100644
--- a/drivers/idle/intel_idle.c
+++ b/drivers/idle/intel_idle.c
@@ -120,6 +120,12 @@ static unsigned int mwait_substates __initdata;
*/
#define CPUIDLE_FLAG_INIT_XSTATE BIT(17)
+/*
+ * Ignore the sub-state when matching mwait hints between the ACPI _CST and
+ * custom tables.
+ */
+#define CPUIDLE_FLAG_PARTIAL_HINT_MATCH BIT(18)
+
/*
* MWAIT takes an 8-bit "hint" in EAX "suggesting"
* the C-state (top nibble) and sub-state (bottom nibble)
@@ -880,7 +886,8 @@ static struct cpuidle_state gnr_cstates[] __initdata = {
.name = "C6",
.desc = "MWAIT 0x20",
.flags = MWAIT2flg(0x20) | CPUIDLE_FLAG_TLB_FLUSHED |
- CPUIDLE_FLAG_INIT_XSTATE,
+ CPUIDLE_FLAG_INIT_XSTATE |
+ CPUIDLE_FLAG_PARTIAL_HINT_MATCH,
.exit_latency = 170,
.target_residency = 650,
.enter = &intel_idle,
@@ -889,7 +896,8 @@ static struct cpuidle_state gnr_cstates[] __initdata = {
.name = "C6P",
.desc = "MWAIT 0x21",
.flags = MWAIT2flg(0x21) | CPUIDLE_FLAG_TLB_FLUSHED |
- CPUIDLE_FLAG_INIT_XSTATE,
+ CPUIDLE_FLAG_INIT_XSTATE |
+ CPUIDLE_FLAG_PARTIAL_HINT_MATCH,
.exit_latency = 210,
.target_residency = 1000,
.enter = &intel_idle,
@@ -1162,7 +1170,8 @@ static struct cpuidle_state srf_cstates[] __initdata = {
{
.name = "C6S",
.desc = "MWAIT 0x22",
- .flags = MWAIT2flg(0x22) | CPUIDLE_FLAG_TLB_FLUSHED,
+ .flags = MWAIT2flg(0x22) | CPUIDLE_FLAG_TLB_FLUSHED |
+ CPUIDLE_FLAG_PARTIAL_HINT_MATCH,
.exit_latency = 270,
.target_residency = 700,
.enter = &intel_idle,
@@ -1170,7 +1179,8 @@ static struct cpuidle_state srf_cstates[] __initdata = {
{
.name = "C6SP",
.desc = "MWAIT 0x23",
- .flags = MWAIT2flg(0x23) | CPUIDLE_FLAG_TLB_FLUSHED,
+ .flags = MWAIT2flg(0x23) | CPUIDLE_FLAG_TLB_FLUSHED |
+ CPUIDLE_FLAG_PARTIAL_HINT_MATCH,
.exit_latency = 310,
.target_residency = 900,
.enter = &intel_idle,
@@ -1519,7 +1529,7 @@ static void __init intel_idle_init_cstates_acpi(struct cpuidle_driver *drv)
}
}
-static bool __init intel_idle_off_by_default(u32 mwait_hint)
+static bool __init intel_idle_off_by_default(unsigned int flags, u32 mwait_hint)
{
int cstate, limit;
@@ -1536,7 +1546,15 @@ static bool __init intel_idle_off_by_default(u32 mwait_hint)
* the interesting states are ACPI_CSTATE_FFH.
*/
for (cstate = 1; cstate < limit; cstate++) {
- if (acpi_state_table.states[cstate].address == mwait_hint)
+ u32 acpi_hint = acpi_state_table.states[cstate].address;
+ u32 table_hint = mwait_hint;
+
+ if (flags & CPUIDLE_FLAG_PARTIAL_HINT_MATCH) {
+ acpi_hint &= ~MWAIT_SUBSTATE_MASK;
+ table_hint &= ~MWAIT_SUBSTATE_MASK;
+ }
+
+ if (acpi_hint == table_hint)
return false;
}
return true;
@@ -1546,7 +1564,10 @@ static bool __init intel_idle_off_by_default(u32 mwait_hint)
static inline bool intel_idle_acpi_cst_extract(void) { return false; }
static inline void intel_idle_init_cstates_acpi(struct cpuidle_driver *drv) { }
-static inline bool intel_idle_off_by_default(u32 mwait_hint) { return false; }
+static inline bool intel_idle_off_by_default(unsigned int flags, u32 mwait_hint)
+{
+ return false;
+}
#endif /* !CONFIG_ACPI_PROCESSOR_CSTATE */
/**
@@ -1833,7 +1854,7 @@ static void __init intel_idle_init_cstates_icpu(struct cpuidle_driver *drv)
if ((disabled_states_mask & BIT(drv->state_count)) ||
((icpu->use_acpi || force_use_acpi) &&
- intel_idle_off_by_default(mwait_hint) &&
+ intel_idle_off_by_default(state->flags, mwait_hint) &&
!(state->flags & CPUIDLE_FLAG_ALWAYS_ENABLE)))
state->flags |= CPUIDLE_FLAG_OFF;
--
2.43.5
2 weeks, 5 days
- 1
- 0
FAILED: patch "[PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x d8df126349dad855cdfedd6bbf315bad2e901c2f
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082518-attest-grit-8063@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From d8df126349dad855cdfedd6bbf315bad2e901c2f Mon Sep 17 00:00:00 2001
From: Tianxiang Peng <txpeng(a)tencent.com>
Date: Mon, 23 Jun 2025 17:31:53 +0800
Subject: [PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init
helper
Since
923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot")
resctrl_cpu_detect() has been moved from common CPU initialization code to
the vendor-specific BSP init helper, while Hygon didn't put that call in their
code.
This triggers a division by zero fault during early booting stage on our
machines with X86_FEATURE_CQM* supported, where get_rdt_mon_resources() tries
to calculate mon_l3_config with uninitialized boot_cpu_data.x86_cache_occ_scale.
Add the missing resctrl_cpu_detect() in the Hygon BSP init helper.
[ bp: Massage commit message. ]
Fixes: 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot")
Signed-off-by: Tianxiang Peng <txpeng(a)tencent.com>
Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de>
Reviewed-by: Hui Li <caelli(a)tencent.com>
Cc: <stable(a)kernel.org>
Link: https://lore.kernel.org/20250623093153.3016937-1-txpeng@tencent.com
diff --git a/arch/x86/kernel/cpu/hygon.c b/arch/x86/kernel/cpu/hygon.c
index 2154f12766fb..1fda6c3a2b65 100644
--- a/arch/x86/kernel/cpu/hygon.c
+++ b/arch/x86/kernel/cpu/hygon.c
@@ -16,6 +16,7 @@
#include <asm/spec-ctrl.h>
#include <asm/delay.h>
#include <asm/msr.h>
+#include <asm/resctrl.h>
#include "cpu.h"
@@ -117,6 +118,8 @@ static void bsp_init_hygon(struct cpuinfo_x86 *c)
x86_amd_ls_cfg_ssbd_mask = 1ULL << 10;
}
}
+
+ resctrl_cpu_detect(c);
}
static void early_init_hygon(struct cpuinfo_x86 *c)
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x d8df126349dad855cdfedd6bbf315bad2e901c2f
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082516-casually-shaping-7c9a@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From d8df126349dad855cdfedd6bbf315bad2e901c2f Mon Sep 17 00:00:00 2001
From: Tianxiang Peng <txpeng(a)tencent.com>
Date: Mon, 23 Jun 2025 17:31:53 +0800
Subject: [PATCH] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init
helper
Since
923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot")
resctrl_cpu_detect() has been moved from common CPU initialization code to
the vendor-specific BSP init helper, while Hygon didn't put that call in their
code.
This triggers a division by zero fault during early booting stage on our
machines with X86_FEATURE_CQM* supported, where get_rdt_mon_resources() tries
to calculate mon_l3_config with uninitialized boot_cpu_data.x86_cache_occ_scale.
Add the missing resctrl_cpu_detect() in the Hygon BSP init helper.
[ bp: Massage commit message. ]
Fixes: 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot")
Signed-off-by: Tianxiang Peng <txpeng(a)tencent.com>
Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de>
Reviewed-by: Hui Li <caelli(a)tencent.com>
Cc: <stable(a)kernel.org>
Link: https://lore.kernel.org/20250623093153.3016937-1-txpeng@tencent.com
diff --git a/arch/x86/kernel/cpu/hygon.c b/arch/x86/kernel/cpu/hygon.c
index 2154f12766fb..1fda6c3a2b65 100644
--- a/arch/x86/kernel/cpu/hygon.c
+++ b/arch/x86/kernel/cpu/hygon.c
@@ -16,6 +16,7 @@
#include <asm/spec-ctrl.h>
#include <asm/delay.h>
#include <asm/msr.h>
+#include <asm/resctrl.h>
#include "cpu.h"
@@ -117,6 +118,8 @@ static void bsp_init_hygon(struct cpuinfo_x86 *c)
x86_amd_ls_cfg_ssbd_mask = 1ULL << 10;
}
}
+
+ resctrl_cpu_detect(c);
}
static void early_init_hygon(struct cpuinfo_x86 *c)
2 weeks, 5 days
- 2
- 1
[PATCH v2] wifi: mwifiex: use kcalloc to apply for chan_stats
by Qianfeng Rong
Use kcalloc to allocate 'adapter->chan_stats' memory (max 900 bytes)
instead of vmalloc for efficiency and zero-initialize it for security
per Dan Carpenter's suggestion.
Cc: stable(a)vger.kernel.org
Fixes: bf35443314ac ("mwifiex: channel statistics support for mwifiex")
Suggested-by: Dan Carpenter <dan.carpenter(a)linaro.org>
Signed-off-by: Qianfeng Rong <rongqianfeng(a)vivo.com>
---
v2: Change vmalloc_array/vfree to kcalloc/kfree.
---
drivers/net/wireless/marvell/mwifiex/cfg80211.c | 5 +++--
drivers/net/wireless/marvell/mwifiex/main.c | 4 ++--
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/marvell/mwifiex/cfg80211.c b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
index 3498743d5ec0..4c8c7a5fdf23 100644
--- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c
+++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c
@@ -4673,8 +4673,9 @@ int mwifiex_init_channel_scan_gap(struct mwifiex_adapter *adapter)
* additional active scan request for hidden SSIDs on passive channels.
*/
adapter->num_in_chan_stats = 2 * (n_channels_bg + n_channels_a);
- adapter->chan_stats = vmalloc(array_size(sizeof(*adapter->chan_stats),
- adapter->num_in_chan_stats));
+ adapter->chan_stats = kcalloc(adapter->num_in_chan_stats,
+ sizeof(*adapter->chan_stats),
+ GFP_KERNEL);
if (!adapter->chan_stats)
return -ENOMEM;
diff --git a/drivers/net/wireless/marvell/mwifiex/main.c b/drivers/net/wireless/marvell/mwifiex/main.c
index 7b50a88a18e5..1ec069bc8ea1 100644
--- a/drivers/net/wireless/marvell/mwifiex/main.c
+++ b/drivers/net/wireless/marvell/mwifiex/main.c
@@ -642,7 +642,7 @@ static int _mwifiex_fw_dpc(const struct firmware *firmware, void *context)
goto done;
err_add_intf:
- vfree(adapter->chan_stats);
+ kfree(adapter->chan_stats);
err_init_chan_scan:
wiphy_unregister(adapter->wiphy);
wiphy_free(adapter->wiphy);
@@ -1485,7 +1485,7 @@ static void mwifiex_uninit_sw(struct mwifiex_adapter *adapter)
wiphy_free(adapter->wiphy);
adapter->wiphy = NULL;
- vfree(adapter->chan_stats);
+ kfree(adapter->chan_stats);
mwifiex_free_cmd_buffers(adapter);
}
--
2.34.1
2 weeks, 5 days
- 4
- 5
[REGRESSION][STABLE] ext4: too many credits wanted / file system issue in v6.16.1
by Christian Heusel
Hello everyone,
the systemd CI has [recently noticed][0] an issue within the ext4 file
system after the Arch Linux kernel was upgraded to 6.16.1. The issue is
exclusive to the stable tree and does not occur on 6.16 and not on
6.17-rc2. I have also tested 6.16.2-rc1 and it still contains the bug.
I was able to bisect the issue between 6.16 and 6.16.1 to the following
commit:
b9c561f3f29c2 ("ext4: fix insufficient credits calculation in ext4_meta_trans_blocks()")
The issue can be reproduced by running the tests from
[TEST-58-REPART.sh][1] by running the [systemd integration tests][2].
But if there are any suggestions I can also test myself as the initial
setup for the integration tests is a bit involved.
It is not yet clear to me whether this has real-world impact besides the
test, but the systemd devs said that it's not a particularily demanding
workflow, so I guess it is expected to work and could cause issues on
other systems too.
Also does anybody have an idea which backport could be missing?
Cheers,
Chris
[0]: https://github.com/systemd/systemd/actions/runs/17053272497/job/48345703316…
[1]: https://github.com/systemd/systemd/blob/main/test/units/TEST-58-REPART.sh
[2]: https://github.com/systemd/systemd/blob/main/test/integration-tests/README.…
---
#regzbot introduced: b9c561f3f29c2
#regzbot title: [STABLE] ext4: too many credits wanted / file system issue in v6.16.1
#regzbot link: https://github.com/systemd/systemd/actions/runs/17053272497/job/48345703316…
---
git bisect start
# status: waiting for both good and bad commits
# good: [038d61fd642278bab63ee8ef722c50d10ab01e8f] Linux 6.16
git bisect good 038d61fd642278bab63ee8ef722c50d10ab01e8f
# status: waiting for bad commit, 1 good commit known
# bad: [3e0969c9a8c57ff3c6139c084673ebedfc1cf14f] Linux 6.16.1
git bisect bad 3e0969c9a8c57ff3c6139c084673ebedfc1cf14f
# good: [288f1562e3f6af6d9b461eba49e75c84afa1b92c] media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check
git bisect good 288f1562e3f6af6d9b461eba49e75c84afa1b92c
# bad: [f427460a1586c2e0865f9326b71ed6e5a0f404f2] f2fs: turn off one_time when forcibly set to foreground GC
git bisect bad f427460a1586c2e0865f9326b71ed6e5a0f404f2
# bad: [5f57327f41a5bbb85ea382bc389126dd7b8f2d7b] scsi: elx: efct: Fix dma_unmap_sg() nents value
git bisect bad 5f57327f41a5bbb85ea382bc389126dd7b8f2d7b
# good: [9143c604415328d5dcd4d37b8adab8417afcdd21] leds: pca955x: Avoid potential overflow when filling default_label (take 2)
git bisect good 9143c604415328d5dcd4d37b8adab8417afcdd21
# good: [9c4f20b7ac700e4b4377f85e36165a4f6ca85995] RDMA/hns: Fix accessing uninitialized resources
git bisect good 9c4f20b7ac700e4b4377f85e36165a4f6ca85995
# good: [0b21d1962bec2e660c22c4c4231430f97163dcf8] perf tests bp_account: Fix leaked file descriptor
git bisect good 0b21d1962bec2e660c22c4c4231430f97163dcf8
# good: [3dbe96d5481acd40d6090f174d2be8433d88716d] clk: thead: th1520-ap: Correctly refer the parent of osc_12m
git bisect good 3dbe96d5481acd40d6090f174d2be8433d88716d
# bad: [c6714f30ef88096a8da9fcafb6034dc4e9aa467d] clk: sunxi-ng: v3s: Fix de clock definition
git bisect bad c6714f30ef88096a8da9fcafb6034dc4e9aa467d
# bad: [b9c561f3f29c2d6e1c1d3ffc202910bef250b7d8] ext4: fix insufficient credits calculation in ext4_meta_trans_blocks()
git bisect bad b9c561f3f29c2d6e1c1d3ffc202910bef250b7d8
# first bad commit: [b9c561f3f29c2d6e1c1d3ffc202910bef250b7d8] ext4: fix insufficient credits calculation in ext4_meta_trans_blocks()
2 weeks, 5 days
- 3
- 3
[REGRESSION] stable-rc/linux-5.10.y: (build) ‘struct platform_driver’ has no member named ‘remove_new’; did you...
by KernelCI bot
Hello,
New build issue found on stable-rc/linux-5.10.y:
---
‘struct platform_driver’ has no member named ‘remove_new’; did you mean ‘remove’? in drivers/usb/musb/omap2430.o (drivers/usb/musb/omap2430.c) [logspec:kbuild,kbuild.compiler.error]
---
- dashboard: https://d.kernelci.org/i/maestro:67bf95f2502a816345830c2bfb96f4a8950ce208
- giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
- commit HEAD: 10b6e479487675365bd106d20fb7dbeec6fb4f60
Log excerpt:
=====================================================
drivers/usb/musb/omap2430.c:514:10: error: ‘struct platform_driver’ has no member named ‘remove_new’; did you mean ‘remove’?
514 | .remove_new = omap2430_remove,
| ^~~~~~~~~~
| remove
drivers/usb/musb/omap2430.c:514:27: error: initialization of ‘int (*)(struct platform_device *)’ from incompatible pointer type ‘void (*)(struct platform_device *)’ [-Werror=incompatible-pointer-types]
514 | .remove_new = omap2430_remove,
| ^~~~~~~~~~~~~~~
drivers/usb/musb/omap2430.c:514:27: note: (near initialization for ‘omap2430_driver.remove’)
cc1: some warnings being treated as errors
=====================================================
# Builds where the incident occurred:
## multi_v7_defconfig on (arm):
- compiler: gcc-12
- dashboard: https://d.kernelci.org/build/maestro:68aadff1233e484a3fad599c
#kernelci issue maestro:67bf95f2502a816345830c2bfb96f4a8950ce208
Reported-by: kernelci.org bot <bot(a)kernelci.org>
--
This is an experimental report format. Please send feedback in!
Talk to us at kernelci(a)lists.linux.dev
Made with love by the KernelCI team - https://kernelci.org
2 weeks, 5 days
- 2
- 1
Linux 6.16.3
by Greg Kroah-Hartman
I'm announcing the release of the 6.16.3 kernel.
All users of the 6.16 kernel series that use the ext4 filesystem should
upgrade.
The updated 6.16.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.16.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Makefile | 2
fs/ext4/ext4.h | 2
fs/ext4/extents.c | 6
fs/ext4/inline.c | 6
fs/ext4/inode.c | 323 +++++++++++++++++++++++++++-----------------
fs/ext4/move_extent.c | 3
fs/ext4/xattr.c | 2
include/trace/events/ext4.h | 47 +++++-
8 files changed, 250 insertions(+), 141 deletions(-)
Greg Kroah-Hartman (1):
Linux 6.16.3
Zhang Yi (9):
ext4: process folios writeback in bytes
ext4: move the calculation of wbc->nr_to_write to mpage_folio_done()
ext4: fix stale data if it bail out of the extents mapping loop
ext4: refactor the block allocation process of ext4_page_mkwrite()
ext4: restart handle if credits are insufficient during allocating blocks
ext4: enhance tracepoints during the folios writeback
ext4: correct the reserved credits for extent conversion
ext4: reserved credits for one extent during the folio writeback
ext4: replace ext4_writepage_trans_blocks()
2 weeks, 5 days
- 4
- 8
Re: Patch "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" has been added to the 5.4-stable tree
by Imre Deak
Hi Sasha, Greg and stable team,
please don't backport this patch and drop it from the queues for the
5.4, 5.10, 5.15, 6.1, 6.6, 6.12, 6.16 stable trees. It causes an issue
which is described at
https://lore.kernel.org/stable/aGaiASySvb3BVXlM@ideak-desk
I initially asked not to apply the patch to stable trees - and then it
was dropped as I requested - but as I understand now it still got
selected/queued automatically. Sorry for the trouble it caused, let me
know if there's a better way to avoid auto selecting such patches for
stable in the future (for one I can CC Sasha on such requests).
Thanks,
Imre
On Sun, Aug 24, 2025 at 10:49:17AM +0200, gregkh(a)linuxfoundation.org wrote:
>
> This is a note to let you know that I've just added the patch titled
>
> drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS
>
> to the 5.4-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
>
> The filename of the patch is:
> drm-dp-change-aux-dpcd-probe-address-from-dpcd_rev-to-lane0_1_status.patch
> and it can be found in the queue-5.4 subdirectory.
>
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable(a)vger.kernel.org> know about it.
>
>
> From stable+bounces-172609-greg=kroah.com(a)vger.kernel.org Sat Aug 23 16:46:09 2025
> From: Sasha Levin <sashal(a)kernel.org>
> Date: Sat, 23 Aug 2025 10:44:36 -0400
> Subject: drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS
> To: stable(a)vger.kernel.org
> Cc: "Imre Deak" <imre.deak(a)intel.com>, "Ville Syrjälä" <ville.syrjala(a)linux.intel.com>, "Jani Nikula" <jani.nikula(a)linux.intel.com>, "Jani Nikula" <jani.nikula(a)intel.com>, "Sasha Levin" <sashal(a)kernel.org>
> Message-ID: <20250823144436.2255063-1-sashal(a)kernel.org>
>
> From: Imre Deak <imre.deak(a)intel.com>
>
> [ Upstream commit a40c5d727b8111b5db424a1e43e14a1dcce1e77f ]
>
> Reading DPCD registers has side-effects in general. In particular
> accessing registers outside of the link training register range
> (0x102-0x106, 0x202-0x207, 0x200c-0x200f, 0x2216) is explicitly
> forbidden by the DP v2.1 Standard, see
>
> 3.6.5.1 DPTX AUX Transaction Handling Mandates
> 3.6.7.4 128b/132b DP Link Layer LTTPR Link Training Mandates
>
> Based on my tests, accessing the DPCD_REV register during the link
> training of an UHBR TBT DP tunnel sink leads to link training failures.
>
> Solve the above by using the DP_LANE0_1_STATUS (0x202) register for the
> DPCD register access quirk.
>
> Cc: <stable(a)vger.kernel.org>
> Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com>
> Cc: Jani Nikula <jani.nikula(a)linux.intel.com>
> Acked-by: Jani Nikula <jani.nikula(a)intel.com>
> Signed-off-by: Imre Deak <imre.deak(a)intel.com>
> Link: https://lore.kernel.org/r/20250605082850.65136-2-imre.deak@intel.com
> [ Call to drm_dp_dpcd_access() instead of drm_dp_dpcd_probe() ]
> Signed-off-by: Sasha Levin <sashal(a)kernel.org>
> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
> ---
> drivers/gpu/drm/drm_dp_helper.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> --- a/drivers/gpu/drm/drm_dp_helper.c
> +++ b/drivers/gpu/drm/drm_dp_helper.c
> @@ -280,7 +280,7 @@ ssize_t drm_dp_dpcd_read(struct drm_dp_a
> * We just have to do it before any DPCD access and hope that the
> * monitor doesn't power down exactly after the throw away read.
> */
> - ret = drm_dp_dpcd_access(aux, DP_AUX_NATIVE_READ, DP_DPCD_REV, buffer,
> + ret = drm_dp_dpcd_access(aux, DP_AUX_NATIVE_READ, DP_LANE0_1_STATUS, buffer,
> 1);
> if (ret != 1)
> goto out;
>
>
> Patches currently in stable-queue which might be from sashal(a)kernel.org are
>
> queue-5.4/bluetooth-smp-fix-using-hci_error_remote_user_term-o.patch
> queue-5.4/pinctrl-stm32-manage-irq-affinity-settings.patch
> queue-5.4/scsi-bfa-double-free-fix.patch
> queue-5.4/scsi-libiscsi-initialize-iscsi_conn-dd_data-only-if-.patch
> queue-5.4/f2fs-fix-to-avoid-out-of-boundary-access-in-devs.pat.patch
> queue-5.4/net-ncsi-fix-buffer-overflow-in-fetching-version-id.patch
> queue-5.4/tcp-fix-tcp_ofo_queue-to-avoid-including-too-much-du.patch
> queue-5.4/kbuild-add-clang_flags-to-as-instr.patch
> queue-5.4/watchdog-dw_wdt-fix-default-timeout.patch
> queue-5.4/dmaengine-mv_xor-fix-missing-check-after-dma-map-and.patch
> queue-5.4/usb-chipidea-udc-fix-sleeping-function-called-from-i.patch
> queue-5.4/net-sched-restrict-conditions-for-adding-duplicating.patch
> queue-5.4/drm-amdgpu-fix-incorrect-vm-flags-to-map-bo.patch
> queue-5.4/pwm-mediatek-fix-duty-and-period-setting.patch
> queue-5.4/ethernet-intel-fix-building-with-large-nr_cpus.patch
> queue-5.4/usb-chipidea-udc-add-new-api-ci_hdrc_gadget_connect.patch
> queue-5.4/hfsplus-remove-mutex_lock-check-in-hfsplus_free_exte.patch
> queue-5.4/mmc-rtsx_usb_sdmmc-fix-error-path-in-sd_set_power_mo.patch
> queue-5.4/net-thunderx-fix-format-truncation-warning-in-bgx_ac.patch
> queue-5.4/cifs-fix-calling-cifsfindfirst-for-root-path-without.patch
> queue-5.4/net-appletalk-fix-kerneldoc-warnings.patch
> queue-5.4/comedi-fail-comedi_insnlist-ioctl-if-n_insns-is-too-large.patch
> queue-5.4/media-usb-hdpvr-disable-zero-length-read-messages.patch
> queue-5.4/media-tc358743-return-an-appropriate-colorspace-from.patch
> queue-5.4/net-appletalk-fix-use-after-free-in-aarp-proxy-probe.patch
> queue-5.4/rtc-hym8563-fix-incorrect-maximum-clock-rate-handlin.patch
> queue-5.4/smb-client-let-recv_done-cleanup-before-notifying-th.patch
> queue-5.4/rtc-pcf8563-fix-incorrect-maximum-clock-rate-handlin.patch
> queue-5.4/pwm-mediatek-implement-.apply-callback.patch
> queue-5.4/net-phy-smsc-add-proper-reset-flags-for-lan8710a.patch
> queue-5.4/hfsplus-fix-slab-out-of-bounds-read-in-hfsplus_uni2a.patch
> queue-5.4/s390-stp-remove-udelay-from-stp_sync_clock.patch
> queue-5.4/bluetooth-fix-null-ptr-deref-in-l2cap_sock_resume_cb.patch
> queue-5.4/m68k-don-t-unregister-boot-console-needlessly.patch
> queue-5.4/net-ipv4-fix-incorrect-mtu-in-broadcast-routes.patch
> queue-5.4/cpufreq-cppc-mark-driver-with-need_update_limits-fla.patch
> queue-5.4/virtio-net-ensure-the-received-length-does-not-exceed-allocated-size.patch
> queue-5.4/netpoll-prevent-hanging-napi-when-netcons-gets-enabl.patch
> queue-5.4/fs-buffer-fix-use-after-free-when-call-bh_read-helpe.patch
> queue-5.4/media-dvb-frontends-dib7090p-fix-null-ptr-deref-in-d.patch
> queue-5.4/usb-hub-don-t-try-to-recover-devices-lost-during-warm-reset.patch
> queue-5.4/samples-mei-fix-building-on-musl-libc.patch
> queue-5.4/asoc-hdac_hdmi-rate-limit-logging-on-connection-and-.patch
> queue-5.4/staging-nvec-fix-incorrect-null-termination-of-batte.patch
> queue-5.4/media-dvb-frontends-w7090p-fix-null-ptr-deref-in-w70.patch
> queue-5.4/bluetooth-smp-if-an-unallowed-command-is-received-co.patch
> queue-5.4/usb-chipidea-add-usb-phy-event.patch
> queue-5.4/pnfs-fix-uninited-ptr-deref-in-block-scsi-layout.patch
> queue-5.4/net-vlan-replace-bug-with-warn_on_once-in-vlan_dev_-.patch
> queue-5.4/crypto-img-hash-fix-dma_unmap_sg-nents-value.patch
> queue-5.4/uapi-in6-restore-visibility-of-most-ipv6-socket-opti.patch
> queue-5.4/arm-dts-imx6ul-kontron-bl-common-fix-rts-polarity-fo.patch
> queue-5.4/hwrng-mtk-handle-devm_pm_runtime_enable-errors.patch
> queue-5.4/wifi-iwlwifi-fix-memory-leak-in-iwl_mvm_init.patch
> queue-5.4/mtd-fix-possible-integer-overflow-in-erase_xfer.patch
> queue-5.4/tracing-add-down_write-trace_event_sem-when-adding-trace-event.patch
> queue-5.4/drbd-add-missing-kref_get-in-handle_write_conflicts.patch
> queue-5.4/netfilter-xt_nfacct-don-t-assume-acct-name-is-null-t.patch
> queue-5.4/mips-include-kbuild_cppflags-in-checkflags-invocation.patch
> queue-5.4/wifi-iwlwifi-mvm-fix-scan-request-validation.patch
> queue-5.4/x86-mce-amd-add-default-names-for-mca-banks-and-blocks.patch
> queue-5.4/usb-xhci-avoid-showing-errors-during-surprise-remova.patch
> queue-5.4/wifi-iwlwifi-dvm-fix-potential-overflow-in-rs_fill_l.patch
> queue-5.4/benet-fix-bug-when-creating-vfs.patch
> queue-5.4/crypto-marvell-cesa-fix-engine-load-inaccuracy.patch
> queue-5.4/pci-hotplug-pnv-php-wrap-warnings-in-macro.patch
> queue-5.4/soundwire-stream-restore-params-when-prepare-ports-f.patch
> queue-5.4/move_mount-allow-to-add-a-mount-into-an-existing-gro.patch
> queue-5.4/ice-fix-a-null-pointer-dereference-in-ice_copy_and_init_pkg.patch
> queue-5.4/arm64-handle-kcov-__init-vs-inline-mismatches.patch
> queue-5.4/pci-pnv_php-work-around-switches-with-broken-presenc.patch
> queue-5.4/thermal-sysfs-return-enodata-instead-of-eagain-for-r.patch
> queue-5.4/kconfig-lxdialog-replace-strcpy-with-strncpy-in-inpu.patch
> queue-5.4/kconfig-lxdialog-fix-space-to-de-select-options.patch
> queue-5.4/hfs-fix-slab-out-of-bounds-in-hfs_bnode_read.patch
> queue-5.4/et131x-add-missing-check-after-dma-map.patch
> queue-5.4/asoc-codecs-rt5640-retry-device_id-verification.patch
> queue-5.4/comedi-comedi_test-fix-possible-deletion-of-uninitialized-timers.patch
> queue-5.4/usb-typec-fusb302-cache-pd-rx-state.patch
> queue-5.4/gpio-tps65912-check-the-return-value-of-regmap_updat.patch
> queue-5.4/pptp-fix-pptp_xmit-error-path.patch
> queue-5.4/rcu-protect-defer_qs_iw_pending-from-data-race.patch
> queue-5.4/mips-don-t-crash-in-stack_top-for-tasks-without-abi-.patch
> queue-5.4/net-drop-ufo-packets-in-udp_rcv_segment.patch
> queue-5.4/scsi-aacraid-stop-using-pci_irq_affinity.patch
> queue-5.4/usb-chipidea-introduce-ci_hdrc_controller_vbus_event.patch
> queue-5.4/serial-8250-fix-panic-due-to-pslverr.patch
> queue-5.4/power-supply-max14577-handle-null-pdata-when-config_.patch
> queue-5.4/kbuild-add-clang_flags-to-kbuild_cppflags.patch
> queue-5.4/mm-zsmalloc.c-convert-to-use-kmem_cache_zalloc-in-cache_alloc_zspage.patch
> queue-5.4/kconfig-gconf-fix-potential-memory-leak-in-renderer_.patch
> queue-5.4/pnfs-fix-stripe-mapping-in-block-scsi-layout.patch
> queue-5.4/fbdev-imxfb-check-fb_add_videomode-to-prevent-null-p.patch
> queue-5.4/net-fec-allow-disable-coalescing.patch
> queue-5.4/mtd-rawnand-atmel-fix-dma_mapping_error-address.patch
> queue-5.4/net-dsa-b53-fix-ip_multicast_ctrl-on-bcm5325.patch
> queue-5.4/pm-runtime-clear-power.needs_force_resume-in-pm_runt.patch
> queue-5.4/hfsplus-don-t-use-bug_on-in-hfsplus_create_attribute.patch
> queue-5.4/powerpc-512-fix-possible-dma_unmap_single-on-uniniti.patch
> queue-5.4/crypto-qat-fix-seq_file-position-update-in-adf_ring_.patch
> queue-5.4/media-uvcvideo-fix-bandwidth-issue-for-alcor-camera.patch
> queue-5.4/jfs-truncate-good-inode-pages-when-hard-link-is-0.patch
> queue-5.4/selftests-futex-define-sys_futex-on-32-bit-architect.patch
> queue-5.4/nfs-fix-up-handling-of-outstanding-layoutcommit-in-nfs_update_inode.patch
> queue-5.4/alsa-usb-audio-avoid-precedence-issues-in-mixer_quir.patch
> queue-5.4/ext4-do-not-bug-when-inline_data_fl-lacks-system.dat.patch
> queue-5.4/clk-sunxi-ng-v3s-fix-de-clock-definition.patch
> queue-5.4/usb-xhci-print-xhci-xhc_state-when-queue_command-fai.patch
> queue-5.4/be2net-use-correct-byte-order-and-format-string-for-.patch
> queue-5.4/net-sched-return-null-when-htb_lookup_leaf-encounter.patch
> queue-5.4/scsi-fix-sas_user_scan-to-handle-wildcard-and-multi-.patch
> queue-5.4/pnfs-handle-rpc-size-limit-for-layoutcommits.patch
> queue-5.4/mtd-rawnand-atmel-set-pmecc-data-setup-time.patch
> queue-5.4/pm-sleep-console-fix-the-black-screen-issue.patch
> queue-5.4/dmaengine-nbpfaxi-add-missing-check-after-dma-map.patch
> queue-5.4/vrf-drop-existing-dst-reference-in-vrf_ip6_input_dst.patch
> queue-5.4/wifi-rtl818x-kill-urbs-before-clearing-tx-status-que.patch
> queue-5.4/pinctrl-sunxi-fix-memory-leak-on-krealloc-failure.patch
> queue-5.4/ipmi-use-dev_warn_ratelimited-for-incorrect-message-.patch
> queue-5.4/can-kvaser_pciefd-store-device-channel-index.patch
> queue-5.4/nfs-fix-filehandle-bounds-checking-in-nfs_fh_to_dent.patch
> queue-5.4/usb-dwc3-qcom-don-t-leave-bcr-asserted.patch
> queue-5.4/udp-also-consider-secpath-when-evaluating-ipsec-use-.patch
> queue-5.4/net-usbnet-avoid-potential-rcu-stall-on-link_change-event.patch
> queue-5.4/drm-dp-change-aux-dpcd-probe-address-from-dpcd_rev-to-lane0_1_status.patch
> queue-5.4/alsa-hda-ca0132-fix-buffer-overflow-in-add_tuning_co.patch
> queue-5.4/selftests-tracing-use-mutex_unlock-for-testing-glob-.patch
> queue-5.4/clk-davinci-add-null-check-in-davinci_lpsc_clk_regis.patch
> queue-5.4/mm-kmemleak-turn-kmemleak_lock-and-object-lock-to-raw_spinlock_t.patch
> queue-5.4/wifi-rtlwifi-fix-possible-skb-memory-leak-in-_rtl_pc.patch
> queue-5.4/caif-reduce-stack-size-again.patch
> queue-5.4/bpf-check-flow_dissector-ctx-accesses-are-aligned.patch
> queue-5.4/usb-core-usb_submit_urb-downgrade-type-check.patch
> queue-5.4/wifi-iwlwifi-fw-fix-possible-memory-leak-in-iwl_fw_d.patch
> queue-5.4/wifi-cfg80211-reject-htc-bit-for-management-frames.patch
> queue-5.4/udf-verify-partition-map-count.patch
> queue-5.4/kbuild-update-assembler-calls-to-use-proper-flags-and-language-target.patch
> queue-5.4/usb-xhci-avoid-showing-warnings-for-dying-controller.patch
> queue-5.4/usb-hub-fix-detection-of-high-tier-usb3-devices-behind-suspended-hubs.patch
> queue-5.4/bpf-ktls-fix-data-corruption-when-using-bpf_msg_pop_.patch
> queue-5.4/iio-hid-sensor-prox-fix-incorrect-offset-calculation.patch
> queue-5.4/pptp-ensure-minimal-skb-length-in-pptp_xmit.patch
> queue-5.4/xhci-disable-stream-for-xhc-controller-with-xhci_broken_streams.patch
> queue-5.4/rtc-ds1307-handle-oscillator-stop-flag-osf-for-ds1341.patch
> queue-5.4/net-vlan-fix-vlan-0-refcount-imbalance-of-toggling-f.patch
> queue-5.4/media-v4l2-ctrls-always-copy-the-controls-on-completion.patch
> queue-5.4/media-tc358743-check-i2c-succeeded-during-probe.patch
> queue-5.4/i3c-add-missing-include-to-internal-header.patch
> queue-5.4/usb-chipidea-udc-protect-usb-interrupt-enable.patch
> queue-5.4/mm-kmemleak-avoid-deadlock-by-moving-pr_warn-outside-kmemleak_lock.patch
> queue-5.4/scsi-lpfc-remove-redundant-assignment-to-avoid-memor.patch
> queue-5.4/selftests-rtnetlink.sh-remove-esp4_offload-after-tes.patch
> queue-5.4/f2fs-fix-to-avoid-uaf-in-f2fs_sync_inode_meta.patch
> queue-5.4/usb-hub-avoid-warm-port-reset-during-usb3-disconnect.patch
> queue-5.4/nfsd-handle-get_client_locked-failure-in-nfsd4_setclientid_confirm.patch
> queue-5.4/cpufreq-exit-governor-when-failed-to-start-old-gover.patch
> queue-5.4/vmci-prevent-the-dispatching-of-uninitialized-payloa.patch
> queue-5.4/mips-vpe-mt-add-missing-prototypes-for-vpe_-alloc-st.patch
> queue-5.4/wifi-brcmfmac-fix-p2p-discovery-failure-in-p2p-peer-.patch
> queue-5.4/asoc-soc-dapm-set-bias_level-if-snd_soc_dapm_set_bia.patch
> queue-5.4/staging-fbtft-fix-potential-memory-leak-in-fbtft_fra.patch
> queue-5.4/usb-phy-mxs-disconnect-line-when-usb-charger-is-atta.patch
> queue-5.4/pci-acpi-fix-runtime-pm-ref-imbalance-on-hot-plug-capable-ports.patch
> queue-5.4/media-rainshadow-cec-fix-toctou-race-condition-in-rain_interrupt.patch
> queue-5.4/module-restore-the-moduleparam-prefix-length-check.patch
> queue-5.4/f2fs-fix-to-avoid-out-of-boundary-access-in-dnode-page.patch
> queue-5.4/usb-musb-omap2430-convert-to-platform-remove-callback-returning-void.patch
> queue-5.4/pci-rockchip-host-fix-unexpected-completion-log-mess.patch
> queue-5.4/usb-xhci-set-avg_trb_len-8-for-ep0-during-address-de.patch
> queue-5.4/usb-cdc-acm-do-not-log-successful-probe-on-later-errors.patch
> queue-5.4/hfsplus-fix-slab-out-of-bounds-in-hfsplus_bnode_read.patch
> queue-5.4/net-sched-sch_qfq-avoid-triggering-might_sleep-in-at.patch
> queue-5.4/acpi-apei-ghes-add-taint_machine_check-on-ghes-panic.patch
> queue-5.4/net-dsa-b53-prevent-switch_ctrl-access-on-bcm5325.patch
> queue-5.4/net-sched-sch_qfq-fix-race-condition-on-qfq_aggregat.patch
> queue-5.4/perf-tests-bp_account-fix-leaked-file-descriptor.patch
> queue-5.4/netfilter-nf_tables-adjust-lockdep-assertions-handli.patch
> queue-5.4/hfs-fix-not-erasing-deleted-b-tree-node-issue.patch
> queue-5.4/rtc-ds1307-remove-clear-of-oscillator-stop-flag-osf-.patch
> queue-5.4/can-kvaser_usb-assign-netdev.dev_port-based-on-devic.patch
> queue-5.4/arm-tegra-use-i-o-memcpy-to-write-to-iram.patch
> queue-5.4/scsi-ibmvscsi_tgt-fix-dma_unmap_sg-nents-value.patch
> queue-5.4/rdma-hfi1-fix-possible-divide-by-zero-in-find_hw_thr.patch
> queue-5.4/pwm-mediatek-handle-hardware-enable-and-clock-enable-separately.patch
> queue-5.4/jfs-upper-bound-check-of-tree-index-in-dballocag.patch
> queue-5.4/alsa-hda-add-missing-nvidia-hda-codec-ids.patch
> queue-5.4/bpftool-fix-memory-leak-in-dump_xx_nlmsg-on-realloc-.patch
> queue-5.4/x86-fpu-delay-instruction-pointer-fixup-until-after-warning.patch
> queue-5.4/usb-net-sierra-check-for-no-status-endpoint.patch
> queue-5.4/drm-sched-remove-optimization-that-causes-hang-when-killing-dependent-jobs.patch
> queue-5.4/revert-vmci-prevent-the-dispatching-of-uninitialized.patch
> queue-5.4/ata-fix-sata_mobile_lpm_policy-description-in-kconfig.patch
> queue-5.4/crypto-ccp-fix-crash-when-rebind-ccp-device-for-ccp..patch
> queue-5.4/netfilter-ctnetlink-fix-refcount-leak-on-table-dump.patch
> queue-5.4/fs-orangefs-allow-2-more-characters-in-do_c_string.patch
> queue-5.4/pci-hotplug-pnv-php-improve-error-msg-on-power-state.patch
> queue-5.4/btrfs-populate-otime-when-logging-an-inode-item.patch
> queue-5.4/drm-amd-pm-powerplay-hwmgr-smu_helper-fix-order-of-m.patch
> queue-5.4/bluetooth-l2cap-fix-attempting-to-adjust-outgoing-mt.patch
> queue-5.4/ktest.pl-prevent-recursion-of-default-variable-optio.patch
> queue-5.4/fs-orangefs-use-snprintf-instead-of-sprintf.patch
> queue-5.4/ipv6-reject-malicious-packets-in-ipv6_gso_segment.patch
> queue-5.4/nfsv4-fix-nfs4_bitmap_copy_adjust.patch
> queue-5.4/scsi-isci-fix-dma_unmap_sg-nents-value.patch
> queue-5.4/arch-powerpc-defconfig-drop-obsolete-config_net_cls_.patch
> queue-5.4/net-dsa-b53-fix-b53_imp_vlan_setup-for-bcm5325.patch
> queue-5.4/s390-time-use-monotonic-clock-in-get_cycles.patch
> queue-5.4/asoc-intel-fix-snd_soc_sof-dependencies.patch
> queue-5.4/f2fs-fix-to-do-sanity-check-on-ino-and-xnid.patch
> queue-5.4/arm-9448-1-use-an-absolute-path-to-unified.h-in-kbuild_aflags.patch
> queue-5.4/scsi-mvsas-fix-dma_unmap_sg-nents-value.patch
> queue-5.4/media-venus-vdec-clamp-param-smaller-than-1fps-and-bigger-than-240.patch
> queue-5.4/kbuild-add-kbuild_cppflags-to-as-option-invocation.patch
> queue-5.4/pnfs-fix-disk-addr-range-check-in-block-scsi-layout.patch
> queue-5.4/wifi-iwlegacy-check-rate_idx-range-after-addition.patch
> queue-5.4/jfs-regular-file-corruption-check.patch
> queue-5.4/usb-musb-fix-gadget-state-on-disconnect.patch
> queue-5.4/kconfig-gconf-avoid-hardcoding-model2-in-on_treeview.patch
> queue-5.4/pps-fix-poll-support.patch
> queue-5.4/media-venus-protect-against-spurious-interrupts-during-probe.patch
> queue-5.4/alsa-intel8x0-fix-incorrect-codec-index-usage-in-mix.patch
> queue-5.4/usb-early-xhci-dbc-fix-early_ioremap-leak.patch
> queue-5.4/net-emaclite-fix-missing-pointer-increment-in-aligne.patch
> queue-5.4/iwlwifi-add-missing-check-for-alloc_ordered_workqueu.patch
> queue-5.4/nfs-fix-the-setting-of-capabilities-when-automounting-a-new-filesystem.patch
> queue-5.4/mwl8k-add-missing-check-after-dma-map.patch
> queue-5.4/usb-musb-omap2430-fix-device-leak-at-unbind.patch
> queue-5.4/scsi-mpt3sas-correctly-handle-ata-device-errors.patch
> queue-5.4/f2fs-fix-to-avoid-panic-in-f2fs_evict_inode.patch
> queue-5.4/wifi-rtl8xxxu-fix-rx-skb-size-for-aggregation-disabl.patch
> queue-5.4/net-ag71xx-add-missing-check-after-dma-map.patch
> queue-5.4/pm-cpupower-fix-the-snapshot-order-of-tsc-mperf-cloc.patch
> queue-5.4/ipmi-fix-strcpy-source-and-destination-the-same.patch
> queue-5.4/wifi-cfg80211-fix-interface-type-validation.patch
> queue-5.4/kconfig-nconf-ensure-null-termination-where-strncpy-.patch
> queue-5.4/rdma-core-rate-limit-gid-cache-warning-messages.patch
> queue-5.4/regulator-core-fix-null-dereference-on-unbind-due-to.patch
> queue-5.4/alsa-scarlett2-add-retry-on-eproto-from-scarlett2_usb_tx.patch
> queue-5.4/cdc-acm-fix-race-between-initial-clearing-halt-and-open.patch
> queue-5.4/netmem-fix-skb_frag_address_safe-with-unreadable-skb.patch
> queue-5.4/vhost-fail-early-when-__vhost_add_used-fails.patch
> queue-5.4/i3c-don-t-fail-if-gethdrcap-is-unsupported.patch
> queue-5.4/media-tc358743-increase-fifo-trigger-level-to-374.patch
> queue-5.4/watchdog-ziirave_wdt-check-record-length-in-ziirave_.patch
> queue-5.4/pmdomain-governor-consider-cpu-latency-tolerance-from-pm_domain_cpu_gov.patch
> queue-5.4/fs-prevent-file-descriptor-table-allocations-exceeding-int_max.patch
> queue-5.4/arm-dts-vfxxx-correctly-use-two-tuples-for-timer-add.patch
> queue-5.4/rtc-ds1307-fix-incorrect-maximum-clock-rate-handling.patch
> queue-5.4/mm-zsmalloc-do-not-pass-__gfp_movable-if-config_compaction-n.patch
> queue-5.4/platform-x86-thinkpad_acpi-handle-kcov-__init-vs-inl.patch
> queue-5.4/scsi-lpfc-check-for-hdwq-null-ptr-when-cleaning-up-l.patch
> queue-5.4/media-venus-hfi-explicitly-release-irq-during-teardown.patch
> queue-5.4/reapply-wifi-mac80211-update-skb-s-control-block-key.patch
> queue-5.4/securityfs-don-t-pin-dentries-twice-once-is-enough.patch
> queue-5.4/soc-qcom-mdt_loader-ensure-we-don-t-read-past-the-elf-header.patch
> queue-5.4/acpi-processor-fix-acpi_object-initialization.patch
> queue-5.4/arm-rockchip-fix-kernel-hang-during-smp-initializati.patch
> queue-5.4/jfs-fix-metapage-reference-count-leak-in-dballocctl.patch
> queue-5.4/sctp-linearize-cloned-gso-packets-in-sctp_rcv.patch
> queue-5.4/media-qcom-camss-cleanup-media-device-allocated-resource-on-error-path.patch
> queue-5.4/comedi-fix-initialization-of-data-for-instructions-that-write-to-subdevice.patch
> queue-5.4/media-v4l2-ctrls-don-t-reset-handler-s-error-in-v4l2_ctrl_handler_free.patch
> queue-5.4/use-uniform-permission-checks-for-all-mount-propagat.patch
> queue-5.4/cpufreq-init-policy-rwsem-before-it-may-be-possibly-.patch
> queue-5.4/asoc-ops-dynamically-allocate-struct-snd_ctl_elem_va.patch
> queue-5.4/mm-hmm-move-pmd_to_hmm_pfn_flags-to-the-respective-ifdeffery.patch
2 weeks, 5 days
- 1
- 0
Re: Patch "zynq_fpga: use sgtable-based scatterlist wrappers" has been added to the 6.16-stable tree
by Xu Yilun
On Thu, Aug 21, 2025 at 03:20:18PM +0200, gregkh(a)linuxfoundation.org wrote:
>
> This is a note to let you know that I've just added the patch titled
>
> zynq_fpga: use sgtable-based scatterlist wrappers
>
> to the 6.16-stable tree which can be found at:
> http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
>
> The filename of the patch is:
> zynq_fpga-use-sgtable-based-scatterlist-wrappers.patch
> and it can be found in the queue-6.16 subdirectory.
>
> If you, or anyone else, feels it should not be added to the stable tree,
> please let <stable(a)vger.kernel.org> know about it.
Hi Greg:
This patch solves sgtable usage issue but causes AMD fpga driver fail,
https://lore.kernel.org/linux-fpga/202508041548.22955.pisa@fel.cvut.cz/
The fix patch should be applied together with this patch:
https://lore.kernel.org/linux-fpga/20250806070605.1920909-2-yilun.xu@linux.…
Thanks,
Yilun
>
>
> From 37e00703228ab44d0aacc32a97809a4f6f58df1b Mon Sep 17 00:00:00 2001
> From: Marek Szyprowski <m.szyprowski(a)samsung.com>
> Date: Mon, 16 Jun 2025 14:09:32 +0200
> Subject: zynq_fpga: use sgtable-based scatterlist wrappers
>
> From: Marek Szyprowski <m.szyprowski(a)samsung.com>
>
> commit 37e00703228ab44d0aacc32a97809a4f6f58df1b upstream.
>
> Use common wrappers operating directly on the struct sg_table objects to
> fix incorrect use of statterlists related calls. dma_unmap_sg() function
> has to be called with the number of elements originally passed to the
> dma_map_sg() function, not the one returned in sgtable's nents.
>
> CC: stable(a)vger.kernel.org
> Fixes: 425902f5c8e3 ("fpga zynq: Use the scatterlist interface")
> Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com>
> Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com>
> Reviewed-by: Xu Yilun <yilun.xu(a)intel.com>
> Link: https://lore.kernel.org/r/20250616120932.1090614-1-m.szyprowski@samsung.com
> Signed-off-by: Xu Yilun <yilun.xu(a)linux.intel.com>
> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
> ---
> drivers/fpga/zynq-fpga.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> --- a/drivers/fpga/zynq-fpga.c
> +++ b/drivers/fpga/zynq-fpga.c
> @@ -406,7 +406,7 @@ static int zynq_fpga_ops_write(struct fp
> }
>
> priv->dma_nelms =
> - dma_map_sg(mgr->dev.parent, sgt->sgl, sgt->nents, DMA_TO_DEVICE);
> + dma_map_sgtable(mgr->dev.parent, sgt, DMA_TO_DEVICE, 0);
> if (priv->dma_nelms == 0) {
> dev_err(&mgr->dev, "Unable to DMA map (TO_DEVICE)\n");
> return -ENOMEM;
> @@ -478,7 +478,7 @@ out_clk:
> clk_disable(priv->clk);
>
> out_free:
> - dma_unmap_sg(mgr->dev.parent, sgt->sgl, sgt->nents, DMA_TO_DEVICE);
> + dma_unmap_sgtable(mgr->dev.parent, sgt, DMA_TO_DEVICE, 0);
> return err;
> }
>
>
>
> Patches currently in stable-queue which might be from m.szyprowski(a)samsung.com are
>
> queue-6.16/zynq_fpga-use-sgtable-based-scatterlist-wrappers.patch
2 weeks, 5 days
- 2
- 3
[PATCH 6.16.y 1/2] devlink: let driver opt out of automatic phys_port_name generation
by Calvin Owens
From: Jedrzej Jagielski <jedrzej.jagielski(a)intel.com>
[ Upstream commit c5ec7f49b480db0dfc83f395755b1c2a7c979920 ]
Currently when adding devlink port, phys_port_name is automatically
generated within devlink port initialization flow. As a result adding
devlink port support to driver may result in forced changes of interface
names, which breaks already existing network configs.
This is an expected behavior but in some scenarios it would not be
preferable to provide such limitation for legacy driver not being able to
keep 'pre-devlink' interface name.
Add flag no_phys_port_name to devlink_port_attrs struct which indicates
if devlink should not alter name of interface.
Suggested-by: Jiri Pirko <jiri(a)resnulli.us>
Link: https://lore.kernel.org/all/nbwrfnjhvrcduqzjl4a2jafnvvud6qsbxlvxaxilnryglf4…
Signed-off-by: Jedrzej Jagielski <jedrzej.jagielski(a)intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com>
Cc: stable(a)vger.kernel.org # 6.16
Tested-By: Calvin Owens <calvin(a)wbinvd.org>
Signed-off-by: Calvin Owens <calvin(a)wbinvd.org>
---
include/net/devlink.h | 6 +++++-
net/devlink/port.c | 2 +-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/include/net/devlink.h b/include/net/devlink.h
index 0091f23a40f7..af3fd45155dd 100644
--- a/include/net/devlink.h
+++ b/include/net/devlink.h
@@ -78,6 +78,9 @@ struct devlink_port_pci_sf_attrs {
* @flavour: flavour of the port
* @split: indicates if this is split port
* @splittable: indicates if the port can be split.
+ * @no_phys_port_name: skip automatic phys_port_name generation; for
+ * compatibility only, newly added driver/port instance
+ * should never set this.
* @lanes: maximum number of lanes the port supports. 0 value is not passed to netlink.
* @switch_id: if the port is part of switch, this is buffer with ID, otherwise this is NULL
* @phys: physical port attributes
@@ -87,7 +90,8 @@ struct devlink_port_pci_sf_attrs {
*/
struct devlink_port_attrs {
u8 split:1,
- splittable:1;
+ splittable:1,
+ no_phys_port_name:1;
u32 lanes;
enum devlink_port_flavour flavour;
struct netdev_phys_item_id switch_id;
diff --git a/net/devlink/port.c b/net/devlink/port.c
index 939081a0e615..cb8d4df61619 100644
--- a/net/devlink/port.c
+++ b/net/devlink/port.c
@@ -1519,7 +1519,7 @@ static int __devlink_port_phys_port_name_get(struct devlink_port *devlink_port,
struct devlink_port_attrs *attrs = &devlink_port->attrs;
int n = 0;
- if (!devlink_port->attrs_set)
+ if (!devlink_port->attrs_set || devlink_port->attrs.no_phys_port_name)
return -EOPNOTSUPP;
switch (attrs->flavour) {
--
2.47.2
2 weeks, 5 days
- 1
- 1
FAILED: patch "[PATCH] usb: typec: maxim_contaminant: disable low power mode when" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x cabb6c5f4d9e7f49bdf8c0a13c74bd93ee35f45a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082341-salami-darkroom-6913@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From cabb6c5f4d9e7f49bdf8c0a13c74bd93ee35f45a Mon Sep 17 00:00:00 2001
From: Amit Sunil Dhamne <amitsd(a)google.com>
Date: Fri, 15 Aug 2025 11:31:51 -0700
Subject: [PATCH] usb: typec: maxim_contaminant: disable low power mode when
reading comparator values
Low power mode is enabled when reading CC resistance as part of
`max_contaminant_read_resistance_kohm()` and left in that state.
However, it's supposed to work with 1uA current source. To read CC
comparator values current source is changed to 80uA. This causes a storm
of CC interrupts as it (falsely) detects a potential contaminant. To
prevent this, disable low power mode current sourcing before reading
comparator values.
Fixes: 02b332a06397 ("usb: typec: maxim_contaminant: Implement check_contaminant callback")
Cc: stable <stable(a)kernel.org>
Signed-off-by: Amit Sunil Dhamne <amitsd(a)google.com>
Reviewed-by: Badhri Jagan Sridharan <badhri(a)google.com>
Rule: add
Link: https://lore.kernel.org/stable/20250814-fix-upstream-contaminant-v1-1-801ce…
Link: https://lore.kernel.org/r/20250815-fix-upstream-contaminant-v2-1-6c8d6c3ada…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/usb/typec/tcpm/maxim_contaminant.c b/drivers/usb/typec/tcpm/maxim_contaminant.c
index 0cdda06592fd..818cfe226ac7 100644
--- a/drivers/usb/typec/tcpm/maxim_contaminant.c
+++ b/drivers/usb/typec/tcpm/maxim_contaminant.c
@@ -188,6 +188,11 @@ static int max_contaminant_read_comparators(struct max_tcpci_chip *chip, u8 *ven
if (ret < 0)
return ret;
+ /* Disable low power mode */
+ ret = regmap_update_bits(regmap, TCPC_VENDOR_CC_CTRL2, CCLPMODESEL,
+ FIELD_PREP(CCLPMODESEL,
+ LOW_POWER_MODE_DISABLE));
+
/* Sleep to allow comparators settle */
usleep_range(5000, 6000);
ret = regmap_update_bits(regmap, TCPC_TCPC_CTRL, TCPC_TCPC_CTRL_ORIENTATION, PLUG_ORNT_CC1);
diff --git a/drivers/usb/typec/tcpm/tcpci_maxim.h b/drivers/usb/typec/tcpm/tcpci_maxim.h
index 76270d5c2838..b33540a42a95 100644
--- a/drivers/usb/typec/tcpm/tcpci_maxim.h
+++ b/drivers/usb/typec/tcpm/tcpci_maxim.h
@@ -21,6 +21,7 @@
#define CCOVPDIS BIT(6)
#define SBURPCTRL BIT(5)
#define CCLPMODESEL GENMASK(4, 3)
+#define LOW_POWER_MODE_DISABLE 0
#define ULTRA_LOW_POWER_MODE 1
#define CCRPCTRL GENMASK(2, 0)
#define UA_1_SRC 1
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] compiler: remove __ADDRESSABLE_ASM{_STR,}() again" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 8ea815399c3fcce1889bd951fec25b5b9a3979c1
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082220-surfboard-widget-ac5d@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8ea815399c3fcce1889bd951fec25b5b9a3979c1 Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich(a)suse.com>
Date: Mon, 14 Apr 2025 16:41:07 +0200
Subject: [PATCH] compiler: remove __ADDRESSABLE_ASM{_STR,}() again
__ADDRESSABLE_ASM_STR() is where the necessary stringification happens.
As long as "sym" doesn't contain any odd characters, no quoting is
required for its use with .quad / .long. In fact the quotation gets in
the way with gas 2.25; it's only from 2.26 onwards that quoted symbols
are half-way properly supported.
However, assembly being different from C anyway, drop
__ADDRESSABLE_ASM_STR() and its helper macro altogether. A simple
.global directive will suffice to get the symbol "declared", i.e. into
the symbol table. While there also stop open-coding STATIC_CALL_TRAMP()
and STATIC_CALL_KEY().
Fixes: 0ef8047b737d ("x86/static-call: provide a way to do very early static-call updates")
Signed-off-by: Jan Beulich <jbeulich(a)suse.com>
Acked-by: Josh Poimboeuf <jpoimboe(a)kernel.org>
Cc: stable(a)vger.kernel.org
Signed-off-by: Juergen Gross <jgross(a)suse.com>
Message-ID: <609d2c74-de13-4fae-ab1a-1ec44afb948d(a)suse.com>
diff --git a/arch/x86/include/asm/xen/hypercall.h b/arch/x86/include/asm/xen/hypercall.h
index 59a62c3780a2..a16d4631547c 100644
--- a/arch/x86/include/asm/xen/hypercall.h
+++ b/arch/x86/include/asm/xen/hypercall.h
@@ -94,12 +94,13 @@ DECLARE_STATIC_CALL(xen_hypercall, xen_hypercall_func);
#ifdef MODULE
#define __ADDRESSABLE_xen_hypercall
#else
-#define __ADDRESSABLE_xen_hypercall __ADDRESSABLE_ASM_STR(__SCK__xen_hypercall)
+#define __ADDRESSABLE_xen_hypercall \
+ __stringify(.global STATIC_CALL_KEY(xen_hypercall);)
#endif
#define __HYPERCALL \
__ADDRESSABLE_xen_hypercall \
- "call __SCT__xen_hypercall"
+ __stringify(call STATIC_CALL_TRAMP(xen_hypercall))
#define __HYPERCALL_ENTRY(x) "a" (x)
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 6f04a1d8c720..64ff73c533e5 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -288,14 +288,6 @@ static inline void *offset_to_ptr(const int *off)
#define __ADDRESSABLE(sym) \
___ADDRESSABLE(sym, __section(".discard.addressable"))
-#define __ADDRESSABLE_ASM(sym) \
- .pushsection .discard.addressable,"aw"; \
- .align ARCH_SEL(8,4); \
- ARCH_SEL(.quad, .long) __stringify(sym); \
- .popsection;
-
-#define __ADDRESSABLE_ASM_STR(sym) __stringify(__ADDRESSABLE_ASM(sym))
-
/*
* This returns a constant expression while determining if an argument is
* a constant expression, most importantly without evaluating the argument.
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] usb: xhci: Fix slot_id resource race conflict" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x 2eb03376151bb8585caa23ed2673583107bb5193
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082308-crafty-citable-521f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 2eb03376151bb8585caa23ed2673583107bb5193 Mon Sep 17 00:00:00 2001
From: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com>
Date: Tue, 19 Aug 2025 15:58:43 +0300
Subject: [PATCH] usb: xhci: Fix slot_id resource race conflict
xHC controller may immediately reuse a slot_id after it's disabled,
giving it to a new enumerating device before the xhci driver freed
all resources related to the disabled device.
In such a scenario, device-A with slot_id equal to 1 is disconnecting
while device-B is enumerating, device-B will fail to enumerate in the
follow sequence.
1.[device-A] send disable slot command
2.[device-B] send enable slot command
3.[device-A] disable slot command completed and wakeup waiting thread
4.[device-B] enable slot command completed with slot_id equal to 1 and
wakeup waiting thread
5.[device-B] driver checks that slot_id is still in use (by device-A) in
xhci_alloc_virt_device, and fail to enumerate due to this
conflict
6.[device-A] xhci->devs[slot_id] set to NULL in xhci_free_virt_device
To fix driver's slot_id resources conflict, clear xhci->devs[slot_id] and
xhci->dcbba->dev_context_ptrs[slot_id] pointers in the interrupt context
when disable slot command completes successfully. Simultaneously, adjust
function xhci_free_virt_device to accurately handle device release.
[minor smatch warning and commit message fix -Mathias]
Cc: stable(a)vger.kernel.org
Fixes: 7faac1953ed1 ("xhci: avoid race between disable slot command and host runtime suspend")
Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com>
Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com>
Link: https://lore.kernel.org/r/20250819125844.2042452-2-mathias.nyman@linux.inte…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c
index 92bb84f8132a..b3a59ce1b3f4 100644
--- a/drivers/usb/host/xhci-hub.c
+++ b/drivers/usb/host/xhci-hub.c
@@ -704,8 +704,7 @@ static int xhci_enter_test_mode(struct xhci_hcd *xhci,
if (!xhci->devs[i])
continue;
- retval = xhci_disable_slot(xhci, i);
- xhci_free_virt_device(xhci, i);
+ retval = xhci_disable_and_free_slot(xhci, i);
if (retval)
xhci_err(xhci, "Failed to disable slot %d, %d. Enter test mode anyway\n",
i, retval);
diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
index 07289333a1e8..81eaad87a3d9 100644
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -865,21 +865,20 @@ int xhci_alloc_tt_info(struct xhci_hcd *xhci,
* will be manipulated by the configure endpoint, allocate device, or update
* hub functions while this function is removing the TT entries from the list.
*/
-void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id)
+void xhci_free_virt_device(struct xhci_hcd *xhci, struct xhci_virt_device *dev,
+ int slot_id)
{
- struct xhci_virt_device *dev;
int i;
int old_active_eps = 0;
/* Slot ID 0 is reserved */
- if (slot_id == 0 || !xhci->devs[slot_id])
+ if (slot_id == 0 || !dev)
return;
- dev = xhci->devs[slot_id];
-
- xhci->dcbaa->dev_context_ptrs[slot_id] = 0;
- if (!dev)
- return;
+ /* If device ctx array still points to _this_ device, clear it */
+ if (dev->out_ctx &&
+ xhci->dcbaa->dev_context_ptrs[slot_id] == cpu_to_le64(dev->out_ctx->dma))
+ xhci->dcbaa->dev_context_ptrs[slot_id] = 0;
trace_xhci_free_virt_device(dev);
@@ -920,8 +919,9 @@ void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id)
dev->udev->slot_id = 0;
if (dev->rhub_port && dev->rhub_port->slot_id == slot_id)
dev->rhub_port->slot_id = 0;
- kfree(xhci->devs[slot_id]);
- xhci->devs[slot_id] = NULL;
+ if (xhci->devs[slot_id] == dev)
+ xhci->devs[slot_id] = NULL;
+ kfree(dev);
}
/*
@@ -962,7 +962,7 @@ static void xhci_free_virt_devices_depth_first(struct xhci_hcd *xhci, int slot_i
out:
/* we are now at a leaf device */
xhci_debugfs_remove_slot(xhci, slot_id);
- xhci_free_virt_device(xhci, slot_id);
+ xhci_free_virt_device(xhci, vdev, slot_id);
}
int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id,
diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
index ecd757d482c5..4f8f5aab109d 100644
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -1592,7 +1592,8 @@ static void xhci_handle_cmd_enable_slot(int slot_id, struct xhci_command *comman
command->slot_id = 0;
}
-static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id)
+static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id,
+ u32 cmd_comp_code)
{
struct xhci_virt_device *virt_dev;
struct xhci_slot_ctx *slot_ctx;
@@ -1607,6 +1608,10 @@ static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id)
if (xhci->quirks & XHCI_EP_LIMIT_QUIRK)
/* Delete default control endpoint resources */
xhci_free_device_endpoint_resources(xhci, virt_dev, true);
+ if (cmd_comp_code == COMP_SUCCESS) {
+ xhci->dcbaa->dev_context_ptrs[slot_id] = 0;
+ xhci->devs[slot_id] = NULL;
+ }
}
static void xhci_handle_cmd_config_ep(struct xhci_hcd *xhci, int slot_id)
@@ -1856,7 +1861,7 @@ static void handle_cmd_completion(struct xhci_hcd *xhci,
xhci_handle_cmd_enable_slot(slot_id, cmd, cmd_comp_code);
break;
case TRB_DISABLE_SLOT:
- xhci_handle_cmd_disable_slot(xhci, slot_id);
+ xhci_handle_cmd_disable_slot(xhci, slot_id, cmd_comp_code);
break;
case TRB_CONFIG_EP:
if (!cmd->completion)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 47151ca527bf..0e03691f03bf 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -3932,8 +3932,7 @@ static int xhci_discover_or_reset_device(struct usb_hcd *hcd,
* Obtaining a new device slot to inform the xHCI host that
* the USB device has been reset.
*/
- ret = xhci_disable_slot(xhci, udev->slot_id);
- xhci_free_virt_device(xhci, udev->slot_id);
+ ret = xhci_disable_and_free_slot(xhci, udev->slot_id);
if (!ret) {
ret = xhci_alloc_dev(hcd, udev);
if (ret == 1)
@@ -4090,7 +4089,7 @@ static void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev)
xhci_disable_slot(xhci, udev->slot_id);
spin_lock_irqsave(&xhci->lock, flags);
- xhci_free_virt_device(xhci, udev->slot_id);
+ xhci_free_virt_device(xhci, virt_dev, udev->slot_id);
spin_unlock_irqrestore(&xhci->lock, flags);
}
@@ -4139,6 +4138,16 @@ int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id)
return 0;
}
+int xhci_disable_and_free_slot(struct xhci_hcd *xhci, u32 slot_id)
+{
+ struct xhci_virt_device *vdev = xhci->devs[slot_id];
+ int ret;
+
+ ret = xhci_disable_slot(xhci, slot_id);
+ xhci_free_virt_device(xhci, vdev, slot_id);
+ return ret;
+}
+
/*
* Checks if we have enough host controller resources for the default control
* endpoint.
@@ -4245,8 +4254,7 @@ int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev)
return 1;
disable_slot:
- xhci_disable_slot(xhci, udev->slot_id);
- xhci_free_virt_device(xhci, udev->slot_id);
+ xhci_disable_and_free_slot(xhci, udev->slot_id);
return 0;
}
@@ -4382,8 +4390,7 @@ static int xhci_setup_device(struct usb_hcd *hcd, struct usb_device *udev,
dev_warn(&udev->dev, "Device not responding to setup %s.\n", act);
mutex_unlock(&xhci->mutex);
- ret = xhci_disable_slot(xhci, udev->slot_id);
- xhci_free_virt_device(xhci, udev->slot_id);
+ ret = xhci_disable_and_free_slot(xhci, udev->slot_id);
if (!ret) {
if (xhci_alloc_dev(hcd, udev) == 1)
xhci_setup_addressable_virt_dev(xhci, udev);
diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
index a20f4e7cd43a..85d5b964bf1e 100644
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -1791,7 +1791,7 @@ void xhci_dbg_trace(struct xhci_hcd *xhci, void (*trace)(struct va_format *),
/* xHCI memory management */
void xhci_mem_cleanup(struct xhci_hcd *xhci);
int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags);
-void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id);
+void xhci_free_virt_device(struct xhci_hcd *xhci, struct xhci_virt_device *dev, int slot_id);
int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id, struct usb_device *udev, gfp_t flags);
int xhci_setup_addressable_virt_dev(struct xhci_hcd *xhci, struct usb_device *udev);
void xhci_copy_ep0_dequeue_into_input_ctx(struct xhci_hcd *xhci,
@@ -1888,6 +1888,7 @@ void xhci_reset_bandwidth(struct usb_hcd *hcd, struct usb_device *udev);
int xhci_update_hub_device(struct usb_hcd *hcd, struct usb_device *hdev,
struct usb_tt *tt, gfp_t mem_flags);
int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id);
+int xhci_disable_and_free_slot(struct xhci_hcd *xhci, u32 slot_id);
int xhci_ext_cap_init(struct xhci_hcd *xhci);
int xhci_suspend(struct xhci_hcd *xhci, bool do_wakeup);
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] usb: typec: maxim_contaminant: re-enable cc toggle if cc is" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x a381c6d6f646226924809d0ad01a9465786da463
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082346-facedown-granddad-9758@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From a381c6d6f646226924809d0ad01a9465786da463 Mon Sep 17 00:00:00 2001
From: Amit Sunil Dhamne <amitsd(a)google.com>
Date: Fri, 15 Aug 2025 11:31:52 -0700
Subject: [PATCH] usb: typec: maxim_contaminant: re-enable cc toggle if cc is
open and port is clean
Presently in `max_contaminant_is_contaminant()` if there's no
contaminant detected previously, CC is open & stopped toggling and no
contaminant is currently present, TCPC.RC would be programmed to do DRP
toggling. However, it didn't actively look for a connection. This would
lead to Type-C not detect *any* new connections. Hence, in the above
situation, re-enable toggling & program TCPC to look for a new
connection.
Also, return early if TCPC was looking for connection as this indicates
TCPC has neither detected a potential connection nor a change in
contaminant state.
In addition, once dry detection is complete (port is dry), restart
toggling.
Fixes: 02b332a06397e ("usb: typec: maxim_contaminant: Implement check_contaminant callback")
Cc: stable <stable(a)kernel.org>
Signed-off-by: Amit Sunil Dhamne <amitsd(a)google.com>
Reviewed-by: Badhri Jagan Sridharan <badhri(a)google.com>
Link: https://lore.kernel.org/r/20250815-fix-upstream-contaminant-v2-2-6c8d6c3ada…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/usb/typec/tcpm/maxim_contaminant.c b/drivers/usb/typec/tcpm/maxim_contaminant.c
index 818cfe226ac7..af8da6dc60ae 100644
--- a/drivers/usb/typec/tcpm/maxim_contaminant.c
+++ b/drivers/usb/typec/tcpm/maxim_contaminant.c
@@ -329,6 +329,39 @@ static int max_contaminant_enable_dry_detection(struct max_tcpci_chip *chip)
return 0;
}
+static int max_contaminant_enable_toggling(struct max_tcpci_chip *chip)
+{
+ struct regmap *regmap = chip->data.regmap;
+ int ret;
+
+ /* Disable dry detection if enabled. */
+ ret = regmap_update_bits(regmap, TCPC_VENDOR_CC_CTRL2, CCLPMODESEL,
+ FIELD_PREP(CCLPMODESEL,
+ LOW_POWER_MODE_DISABLE));
+ if (ret)
+ return ret;
+
+ ret = regmap_update_bits(regmap, TCPC_VENDOR_CC_CTRL1, CCCONNDRY, 0);
+ if (ret)
+ return ret;
+
+ ret = max_tcpci_write8(chip, TCPC_ROLE_CTRL, TCPC_ROLE_CTRL_DRP |
+ FIELD_PREP(TCPC_ROLE_CTRL_CC1,
+ TCPC_ROLE_CTRL_CC_RD) |
+ FIELD_PREP(TCPC_ROLE_CTRL_CC2,
+ TCPC_ROLE_CTRL_CC_RD));
+ if (ret)
+ return ret;
+
+ ret = regmap_update_bits(regmap, TCPC_TCPC_CTRL,
+ TCPC_TCPC_CTRL_EN_LK4CONN_ALRT,
+ TCPC_TCPC_CTRL_EN_LK4CONN_ALRT);
+ if (ret)
+ return ret;
+
+ return max_tcpci_write8(chip, TCPC_COMMAND, TCPC_CMD_LOOK4CONNECTION);
+}
+
bool max_contaminant_is_contaminant(struct max_tcpci_chip *chip, bool disconnect_while_debounce,
bool *cc_handled)
{
@@ -345,6 +378,12 @@ bool max_contaminant_is_contaminant(struct max_tcpci_chip *chip, bool disconnect
if (ret < 0)
return false;
+ if (cc_status & TCPC_CC_STATUS_TOGGLING) {
+ if (chip->contaminant_state == DETECTED)
+ return true;
+ return false;
+ }
+
if (chip->contaminant_state == NOT_DETECTED || chip->contaminant_state == SINK) {
if (!disconnect_while_debounce)
msleep(100);
@@ -377,6 +416,12 @@ bool max_contaminant_is_contaminant(struct max_tcpci_chip *chip, bool disconnect
max_contaminant_enable_dry_detection(chip);
return true;
}
+
+ ret = max_contaminant_enable_toggling(chip);
+ if (ret)
+ dev_err(chip->dev,
+ "Failed to enable toggling, ret=%d",
+ ret);
}
} else if (chip->contaminant_state == DETECTED) {
if (!(cc_status & TCPC_CC_STATUS_TOGGLING)) {
@@ -384,6 +429,14 @@ bool max_contaminant_is_contaminant(struct max_tcpci_chip *chip, bool disconnect
if (chip->contaminant_state == DETECTED) {
max_contaminant_enable_dry_detection(chip);
return true;
+ } else {
+ ret = max_contaminant_enable_toggling(chip);
+ if (ret) {
+ dev_err(chip->dev,
+ "Failed to enable toggling, ret=%d",
+ ret);
+ return true;
+ }
}
}
}
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] usb: xhci: Fix slot_id resource race conflict" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 2eb03376151bb8585caa23ed2673583107bb5193
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082307-civic-sleeve-30a6@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 2eb03376151bb8585caa23ed2673583107bb5193 Mon Sep 17 00:00:00 2001
From: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com>
Date: Tue, 19 Aug 2025 15:58:43 +0300
Subject: [PATCH] usb: xhci: Fix slot_id resource race conflict
xHC controller may immediately reuse a slot_id after it's disabled,
giving it to a new enumerating device before the xhci driver freed
all resources related to the disabled device.
In such a scenario, device-A with slot_id equal to 1 is disconnecting
while device-B is enumerating, device-B will fail to enumerate in the
follow sequence.
1.[device-A] send disable slot command
2.[device-B] send enable slot command
3.[device-A] disable slot command completed and wakeup waiting thread
4.[device-B] enable slot command completed with slot_id equal to 1 and
wakeup waiting thread
5.[device-B] driver checks that slot_id is still in use (by device-A) in
xhci_alloc_virt_device, and fail to enumerate due to this
conflict
6.[device-A] xhci->devs[slot_id] set to NULL in xhci_free_virt_device
To fix driver's slot_id resources conflict, clear xhci->devs[slot_id] and
xhci->dcbba->dev_context_ptrs[slot_id] pointers in the interrupt context
when disable slot command completes successfully. Simultaneously, adjust
function xhci_free_virt_device to accurately handle device release.
[minor smatch warning and commit message fix -Mathias]
Cc: stable(a)vger.kernel.org
Fixes: 7faac1953ed1 ("xhci: avoid race between disable slot command and host runtime suspend")
Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com>
Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com>
Link: https://lore.kernel.org/r/20250819125844.2042452-2-mathias.nyman@linux.inte…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c
index 92bb84f8132a..b3a59ce1b3f4 100644
--- a/drivers/usb/host/xhci-hub.c
+++ b/drivers/usb/host/xhci-hub.c
@@ -704,8 +704,7 @@ static int xhci_enter_test_mode(struct xhci_hcd *xhci,
if (!xhci->devs[i])
continue;
- retval = xhci_disable_slot(xhci, i);
- xhci_free_virt_device(xhci, i);
+ retval = xhci_disable_and_free_slot(xhci, i);
if (retval)
xhci_err(xhci, "Failed to disable slot %d, %d. Enter test mode anyway\n",
i, retval);
diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
index 07289333a1e8..81eaad87a3d9 100644
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -865,21 +865,20 @@ int xhci_alloc_tt_info(struct xhci_hcd *xhci,
* will be manipulated by the configure endpoint, allocate device, or update
* hub functions while this function is removing the TT entries from the list.
*/
-void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id)
+void xhci_free_virt_device(struct xhci_hcd *xhci, struct xhci_virt_device *dev,
+ int slot_id)
{
- struct xhci_virt_device *dev;
int i;
int old_active_eps = 0;
/* Slot ID 0 is reserved */
- if (slot_id == 0 || !xhci->devs[slot_id])
+ if (slot_id == 0 || !dev)
return;
- dev = xhci->devs[slot_id];
-
- xhci->dcbaa->dev_context_ptrs[slot_id] = 0;
- if (!dev)
- return;
+ /* If device ctx array still points to _this_ device, clear it */
+ if (dev->out_ctx &&
+ xhci->dcbaa->dev_context_ptrs[slot_id] == cpu_to_le64(dev->out_ctx->dma))
+ xhci->dcbaa->dev_context_ptrs[slot_id] = 0;
trace_xhci_free_virt_device(dev);
@@ -920,8 +919,9 @@ void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id)
dev->udev->slot_id = 0;
if (dev->rhub_port && dev->rhub_port->slot_id == slot_id)
dev->rhub_port->slot_id = 0;
- kfree(xhci->devs[slot_id]);
- xhci->devs[slot_id] = NULL;
+ if (xhci->devs[slot_id] == dev)
+ xhci->devs[slot_id] = NULL;
+ kfree(dev);
}
/*
@@ -962,7 +962,7 @@ static void xhci_free_virt_devices_depth_first(struct xhci_hcd *xhci, int slot_i
out:
/* we are now at a leaf device */
xhci_debugfs_remove_slot(xhci, slot_id);
- xhci_free_virt_device(xhci, slot_id);
+ xhci_free_virt_device(xhci, vdev, slot_id);
}
int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id,
diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
index ecd757d482c5..4f8f5aab109d 100644
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -1592,7 +1592,8 @@ static void xhci_handle_cmd_enable_slot(int slot_id, struct xhci_command *comman
command->slot_id = 0;
}
-static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id)
+static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id,
+ u32 cmd_comp_code)
{
struct xhci_virt_device *virt_dev;
struct xhci_slot_ctx *slot_ctx;
@@ -1607,6 +1608,10 @@ static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id)
if (xhci->quirks & XHCI_EP_LIMIT_QUIRK)
/* Delete default control endpoint resources */
xhci_free_device_endpoint_resources(xhci, virt_dev, true);
+ if (cmd_comp_code == COMP_SUCCESS) {
+ xhci->dcbaa->dev_context_ptrs[slot_id] = 0;
+ xhci->devs[slot_id] = NULL;
+ }
}
static void xhci_handle_cmd_config_ep(struct xhci_hcd *xhci, int slot_id)
@@ -1856,7 +1861,7 @@ static void handle_cmd_completion(struct xhci_hcd *xhci,
xhci_handle_cmd_enable_slot(slot_id, cmd, cmd_comp_code);
break;
case TRB_DISABLE_SLOT:
- xhci_handle_cmd_disable_slot(xhci, slot_id);
+ xhci_handle_cmd_disable_slot(xhci, slot_id, cmd_comp_code);
break;
case TRB_CONFIG_EP:
if (!cmd->completion)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 47151ca527bf..0e03691f03bf 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -3932,8 +3932,7 @@ static int xhci_discover_or_reset_device(struct usb_hcd *hcd,
* Obtaining a new device slot to inform the xHCI host that
* the USB device has been reset.
*/
- ret = xhci_disable_slot(xhci, udev->slot_id);
- xhci_free_virt_device(xhci, udev->slot_id);
+ ret = xhci_disable_and_free_slot(xhci, udev->slot_id);
if (!ret) {
ret = xhci_alloc_dev(hcd, udev);
if (ret == 1)
@@ -4090,7 +4089,7 @@ static void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev)
xhci_disable_slot(xhci, udev->slot_id);
spin_lock_irqsave(&xhci->lock, flags);
- xhci_free_virt_device(xhci, udev->slot_id);
+ xhci_free_virt_device(xhci, virt_dev, udev->slot_id);
spin_unlock_irqrestore(&xhci->lock, flags);
}
@@ -4139,6 +4138,16 @@ int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id)
return 0;
}
+int xhci_disable_and_free_slot(struct xhci_hcd *xhci, u32 slot_id)
+{
+ struct xhci_virt_device *vdev = xhci->devs[slot_id];
+ int ret;
+
+ ret = xhci_disable_slot(xhci, slot_id);
+ xhci_free_virt_device(xhci, vdev, slot_id);
+ return ret;
+}
+
/*
* Checks if we have enough host controller resources for the default control
* endpoint.
@@ -4245,8 +4254,7 @@ int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev)
return 1;
disable_slot:
- xhci_disable_slot(xhci, udev->slot_id);
- xhci_free_virt_device(xhci, udev->slot_id);
+ xhci_disable_and_free_slot(xhci, udev->slot_id);
return 0;
}
@@ -4382,8 +4390,7 @@ static int xhci_setup_device(struct usb_hcd *hcd, struct usb_device *udev,
dev_warn(&udev->dev, "Device not responding to setup %s.\n", act);
mutex_unlock(&xhci->mutex);
- ret = xhci_disable_slot(xhci, udev->slot_id);
- xhci_free_virt_device(xhci, udev->slot_id);
+ ret = xhci_disable_and_free_slot(xhci, udev->slot_id);
if (!ret) {
if (xhci_alloc_dev(hcd, udev) == 1)
xhci_setup_addressable_virt_dev(xhci, udev);
diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
index a20f4e7cd43a..85d5b964bf1e 100644
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -1791,7 +1791,7 @@ void xhci_dbg_trace(struct xhci_hcd *xhci, void (*trace)(struct va_format *),
/* xHCI memory management */
void xhci_mem_cleanup(struct xhci_hcd *xhci);
int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags);
-void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id);
+void xhci_free_virt_device(struct xhci_hcd *xhci, struct xhci_virt_device *dev, int slot_id);
int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id, struct usb_device *udev, gfp_t flags);
int xhci_setup_addressable_virt_dev(struct xhci_hcd *xhci, struct usb_device *udev);
void xhci_copy_ep0_dequeue_into_input_ctx(struct xhci_hcd *xhci,
@@ -1888,6 +1888,7 @@ void xhci_reset_bandwidth(struct usb_hcd *hcd, struct usb_device *udev);
int xhci_update_hub_device(struct usb_hcd *hcd, struct usb_device *hdev,
struct usb_tt *tt, gfp_t mem_flags);
int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id);
+int xhci_disable_and_free_slot(struct xhci_hcd *xhci, u32 slot_id);
int xhci_ext_cap_init(struct xhci_hcd *xhci);
int xhci_suspend(struct xhci_hcd *xhci, bool do_wakeup);
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] compiler: remove __ADDRESSABLE_ASM{_STR,}() again" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 8ea815399c3fcce1889bd951fec25b5b9a3979c1
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082219-mobile-riding-ffd1@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8ea815399c3fcce1889bd951fec25b5b9a3979c1 Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich(a)suse.com>
Date: Mon, 14 Apr 2025 16:41:07 +0200
Subject: [PATCH] compiler: remove __ADDRESSABLE_ASM{_STR,}() again
__ADDRESSABLE_ASM_STR() is where the necessary stringification happens.
As long as "sym" doesn't contain any odd characters, no quoting is
required for its use with .quad / .long. In fact the quotation gets in
the way with gas 2.25; it's only from 2.26 onwards that quoted symbols
are half-way properly supported.
However, assembly being different from C anyway, drop
__ADDRESSABLE_ASM_STR() and its helper macro altogether. A simple
.global directive will suffice to get the symbol "declared", i.e. into
the symbol table. While there also stop open-coding STATIC_CALL_TRAMP()
and STATIC_CALL_KEY().
Fixes: 0ef8047b737d ("x86/static-call: provide a way to do very early static-call updates")
Signed-off-by: Jan Beulich <jbeulich(a)suse.com>
Acked-by: Josh Poimboeuf <jpoimboe(a)kernel.org>
Cc: stable(a)vger.kernel.org
Signed-off-by: Juergen Gross <jgross(a)suse.com>
Message-ID: <609d2c74-de13-4fae-ab1a-1ec44afb948d(a)suse.com>
diff --git a/arch/x86/include/asm/xen/hypercall.h b/arch/x86/include/asm/xen/hypercall.h
index 59a62c3780a2..a16d4631547c 100644
--- a/arch/x86/include/asm/xen/hypercall.h
+++ b/arch/x86/include/asm/xen/hypercall.h
@@ -94,12 +94,13 @@ DECLARE_STATIC_CALL(xen_hypercall, xen_hypercall_func);
#ifdef MODULE
#define __ADDRESSABLE_xen_hypercall
#else
-#define __ADDRESSABLE_xen_hypercall __ADDRESSABLE_ASM_STR(__SCK__xen_hypercall)
+#define __ADDRESSABLE_xen_hypercall \
+ __stringify(.global STATIC_CALL_KEY(xen_hypercall);)
#endif
#define __HYPERCALL \
__ADDRESSABLE_xen_hypercall \
- "call __SCT__xen_hypercall"
+ __stringify(call STATIC_CALL_TRAMP(xen_hypercall))
#define __HYPERCALL_ENTRY(x) "a" (x)
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 6f04a1d8c720..64ff73c533e5 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -288,14 +288,6 @@ static inline void *offset_to_ptr(const int *off)
#define __ADDRESSABLE(sym) \
___ADDRESSABLE(sym, __section(".discard.addressable"))
-#define __ADDRESSABLE_ASM(sym) \
- .pushsection .discard.addressable,"aw"; \
- .align ARCH_SEL(8,4); \
- ARCH_SEL(.quad, .long) __stringify(sym); \
- .popsection;
-
-#define __ADDRESSABLE_ASM_STR(sym) __stringify(__ADDRESSABLE_ASM(sym))
-
/*
* This returns a constant expression while determining if an argument is
* a constant expression, most importantly without evaluating the argument.
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] usb: xhci: Fix slot_id resource race conflict" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 2eb03376151bb8585caa23ed2673583107bb5193
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082306-rebalance-drainer-a7fd@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 2eb03376151bb8585caa23ed2673583107bb5193 Mon Sep 17 00:00:00 2001
From: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com>
Date: Tue, 19 Aug 2025 15:58:43 +0300
Subject: [PATCH] usb: xhci: Fix slot_id resource race conflict
xHC controller may immediately reuse a slot_id after it's disabled,
giving it to a new enumerating device before the xhci driver freed
all resources related to the disabled device.
In such a scenario, device-A with slot_id equal to 1 is disconnecting
while device-B is enumerating, device-B will fail to enumerate in the
follow sequence.
1.[device-A] send disable slot command
2.[device-B] send enable slot command
3.[device-A] disable slot command completed and wakeup waiting thread
4.[device-B] enable slot command completed with slot_id equal to 1 and
wakeup waiting thread
5.[device-B] driver checks that slot_id is still in use (by device-A) in
xhci_alloc_virt_device, and fail to enumerate due to this
conflict
6.[device-A] xhci->devs[slot_id] set to NULL in xhci_free_virt_device
To fix driver's slot_id resources conflict, clear xhci->devs[slot_id] and
xhci->dcbba->dev_context_ptrs[slot_id] pointers in the interrupt context
when disable slot command completes successfully. Simultaneously, adjust
function xhci_free_virt_device to accurately handle device release.
[minor smatch warning and commit message fix -Mathias]
Cc: stable(a)vger.kernel.org
Fixes: 7faac1953ed1 ("xhci: avoid race between disable slot command and host runtime suspend")
Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com>
Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com>
Link: https://lore.kernel.org/r/20250819125844.2042452-2-mathias.nyman@linux.inte…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c
index 92bb84f8132a..b3a59ce1b3f4 100644
--- a/drivers/usb/host/xhci-hub.c
+++ b/drivers/usb/host/xhci-hub.c
@@ -704,8 +704,7 @@ static int xhci_enter_test_mode(struct xhci_hcd *xhci,
if (!xhci->devs[i])
continue;
- retval = xhci_disable_slot(xhci, i);
- xhci_free_virt_device(xhci, i);
+ retval = xhci_disable_and_free_slot(xhci, i);
if (retval)
xhci_err(xhci, "Failed to disable slot %d, %d. Enter test mode anyway\n",
i, retval);
diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
index 07289333a1e8..81eaad87a3d9 100644
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -865,21 +865,20 @@ int xhci_alloc_tt_info(struct xhci_hcd *xhci,
* will be manipulated by the configure endpoint, allocate device, or update
* hub functions while this function is removing the TT entries from the list.
*/
-void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id)
+void xhci_free_virt_device(struct xhci_hcd *xhci, struct xhci_virt_device *dev,
+ int slot_id)
{
- struct xhci_virt_device *dev;
int i;
int old_active_eps = 0;
/* Slot ID 0 is reserved */
- if (slot_id == 0 || !xhci->devs[slot_id])
+ if (slot_id == 0 || !dev)
return;
- dev = xhci->devs[slot_id];
-
- xhci->dcbaa->dev_context_ptrs[slot_id] = 0;
- if (!dev)
- return;
+ /* If device ctx array still points to _this_ device, clear it */
+ if (dev->out_ctx &&
+ xhci->dcbaa->dev_context_ptrs[slot_id] == cpu_to_le64(dev->out_ctx->dma))
+ xhci->dcbaa->dev_context_ptrs[slot_id] = 0;
trace_xhci_free_virt_device(dev);
@@ -920,8 +919,9 @@ void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id)
dev->udev->slot_id = 0;
if (dev->rhub_port && dev->rhub_port->slot_id == slot_id)
dev->rhub_port->slot_id = 0;
- kfree(xhci->devs[slot_id]);
- xhci->devs[slot_id] = NULL;
+ if (xhci->devs[slot_id] == dev)
+ xhci->devs[slot_id] = NULL;
+ kfree(dev);
}
/*
@@ -962,7 +962,7 @@ static void xhci_free_virt_devices_depth_first(struct xhci_hcd *xhci, int slot_i
out:
/* we are now at a leaf device */
xhci_debugfs_remove_slot(xhci, slot_id);
- xhci_free_virt_device(xhci, slot_id);
+ xhci_free_virt_device(xhci, vdev, slot_id);
}
int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id,
diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
index ecd757d482c5..4f8f5aab109d 100644
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -1592,7 +1592,8 @@ static void xhci_handle_cmd_enable_slot(int slot_id, struct xhci_command *comman
command->slot_id = 0;
}
-static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id)
+static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id,
+ u32 cmd_comp_code)
{
struct xhci_virt_device *virt_dev;
struct xhci_slot_ctx *slot_ctx;
@@ -1607,6 +1608,10 @@ static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id)
if (xhci->quirks & XHCI_EP_LIMIT_QUIRK)
/* Delete default control endpoint resources */
xhci_free_device_endpoint_resources(xhci, virt_dev, true);
+ if (cmd_comp_code == COMP_SUCCESS) {
+ xhci->dcbaa->dev_context_ptrs[slot_id] = 0;
+ xhci->devs[slot_id] = NULL;
+ }
}
static void xhci_handle_cmd_config_ep(struct xhci_hcd *xhci, int slot_id)
@@ -1856,7 +1861,7 @@ static void handle_cmd_completion(struct xhci_hcd *xhci,
xhci_handle_cmd_enable_slot(slot_id, cmd, cmd_comp_code);
break;
case TRB_DISABLE_SLOT:
- xhci_handle_cmd_disable_slot(xhci, slot_id);
+ xhci_handle_cmd_disable_slot(xhci, slot_id, cmd_comp_code);
break;
case TRB_CONFIG_EP:
if (!cmd->completion)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 47151ca527bf..0e03691f03bf 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -3932,8 +3932,7 @@ static int xhci_discover_or_reset_device(struct usb_hcd *hcd,
* Obtaining a new device slot to inform the xHCI host that
* the USB device has been reset.
*/
- ret = xhci_disable_slot(xhci, udev->slot_id);
- xhci_free_virt_device(xhci, udev->slot_id);
+ ret = xhci_disable_and_free_slot(xhci, udev->slot_id);
if (!ret) {
ret = xhci_alloc_dev(hcd, udev);
if (ret == 1)
@@ -4090,7 +4089,7 @@ static void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev)
xhci_disable_slot(xhci, udev->slot_id);
spin_lock_irqsave(&xhci->lock, flags);
- xhci_free_virt_device(xhci, udev->slot_id);
+ xhci_free_virt_device(xhci, virt_dev, udev->slot_id);
spin_unlock_irqrestore(&xhci->lock, flags);
}
@@ -4139,6 +4138,16 @@ int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id)
return 0;
}
+int xhci_disable_and_free_slot(struct xhci_hcd *xhci, u32 slot_id)
+{
+ struct xhci_virt_device *vdev = xhci->devs[slot_id];
+ int ret;
+
+ ret = xhci_disable_slot(xhci, slot_id);
+ xhci_free_virt_device(xhci, vdev, slot_id);
+ return ret;
+}
+
/*
* Checks if we have enough host controller resources for the default control
* endpoint.
@@ -4245,8 +4254,7 @@ int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev)
return 1;
disable_slot:
- xhci_disable_slot(xhci, udev->slot_id);
- xhci_free_virt_device(xhci, udev->slot_id);
+ xhci_disable_and_free_slot(xhci, udev->slot_id);
return 0;
}
@@ -4382,8 +4390,7 @@ static int xhci_setup_device(struct usb_hcd *hcd, struct usb_device *udev,
dev_warn(&udev->dev, "Device not responding to setup %s.\n", act);
mutex_unlock(&xhci->mutex);
- ret = xhci_disable_slot(xhci, udev->slot_id);
- xhci_free_virt_device(xhci, udev->slot_id);
+ ret = xhci_disable_and_free_slot(xhci, udev->slot_id);
if (!ret) {
if (xhci_alloc_dev(hcd, udev) == 1)
xhci_setup_addressable_virt_dev(xhci, udev);
diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
index a20f4e7cd43a..85d5b964bf1e 100644
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -1791,7 +1791,7 @@ void xhci_dbg_trace(struct xhci_hcd *xhci, void (*trace)(struct va_format *),
/* xHCI memory management */
void xhci_mem_cleanup(struct xhci_hcd *xhci);
int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags);
-void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id);
+void xhci_free_virt_device(struct xhci_hcd *xhci, struct xhci_virt_device *dev, int slot_id);
int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id, struct usb_device *udev, gfp_t flags);
int xhci_setup_addressable_virt_dev(struct xhci_hcd *xhci, struct usb_device *udev);
void xhci_copy_ep0_dequeue_into_input_ctx(struct xhci_hcd *xhci,
@@ -1888,6 +1888,7 @@ void xhci_reset_bandwidth(struct usb_hcd *hcd, struct usb_device *udev);
int xhci_update_hub_device(struct usb_hcd *hcd, struct usb_device *hdev,
struct usb_tt *tt, gfp_t mem_flags);
int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id);
+int xhci_disable_and_free_slot(struct xhci_hcd *xhci, u32 slot_id);
int xhci_ext_cap_init(struct xhci_hcd *xhci);
int xhci_suspend(struct xhci_hcd *xhci, bool do_wakeup);
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082315-delirious-sandy-654a@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8 Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com>
Date: Fri, 8 Aug 2025 09:40:10 +0200
Subject: [PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY
Temperature sensor returns the temperature of the mechanical parts
of the chip. If both accel and gyro are off, the temperature sensor is
also automatically turned off and returns invalid data.
In this case, returning -EBUSY error code is better then -EINVAL and
indicates userspace that it needs to retry reading temperature in
another context.
Fixes: bc3eb0207fb5 ("iio: imu: inv_icm42600: add temperature sensor support")
Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com>
Cc: stable(a)vger.kernel.org
Reviewed-by: Andy Shevchenko <andy(a)kernel.org>
Reviewed-by: Sean Nyekjaer <sean(a)geanix.com>
Link: https://patch.msgid.link/20250808-inv-icm42600-change-temperature-error-cod…
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c
index 8b15afca498c..271a4788604a 100644
--- a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c
+++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c
@@ -32,8 +32,12 @@ static int inv_icm42600_temp_read(struct inv_icm42600_state *st, s16 *temp)
goto exit;
*temp = (s16)be16_to_cpup(raw);
+ /*
+ * Temperature data is invalid if both accel and gyro are off.
+ * Return -EBUSY in this case.
+ */
if (*temp == INV_ICM42600_DATA_INVALID)
- ret = -EINVAL;
+ ret = -EBUSY;
exit:
mutex_unlock(&st->lock);
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] usb: xhci: Fix slot_id resource race conflict" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 2eb03376151bb8585caa23ed2673583107bb5193
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082305-paddle-refute-2bd7@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 2eb03376151bb8585caa23ed2673583107bb5193 Mon Sep 17 00:00:00 2001
From: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com>
Date: Tue, 19 Aug 2025 15:58:43 +0300
Subject: [PATCH] usb: xhci: Fix slot_id resource race conflict
xHC controller may immediately reuse a slot_id after it's disabled,
giving it to a new enumerating device before the xhci driver freed
all resources related to the disabled device.
In such a scenario, device-A with slot_id equal to 1 is disconnecting
while device-B is enumerating, device-B will fail to enumerate in the
follow sequence.
1.[device-A] send disable slot command
2.[device-B] send enable slot command
3.[device-A] disable slot command completed and wakeup waiting thread
4.[device-B] enable slot command completed with slot_id equal to 1 and
wakeup waiting thread
5.[device-B] driver checks that slot_id is still in use (by device-A) in
xhci_alloc_virt_device, and fail to enumerate due to this
conflict
6.[device-A] xhci->devs[slot_id] set to NULL in xhci_free_virt_device
To fix driver's slot_id resources conflict, clear xhci->devs[slot_id] and
xhci->dcbba->dev_context_ptrs[slot_id] pointers in the interrupt context
when disable slot command completes successfully. Simultaneously, adjust
function xhci_free_virt_device to accurately handle device release.
[minor smatch warning and commit message fix -Mathias]
Cc: stable(a)vger.kernel.org
Fixes: 7faac1953ed1 ("xhci: avoid race between disable slot command and host runtime suspend")
Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com>
Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com>
Link: https://lore.kernel.org/r/20250819125844.2042452-2-mathias.nyman@linux.inte…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c
index 92bb84f8132a..b3a59ce1b3f4 100644
--- a/drivers/usb/host/xhci-hub.c
+++ b/drivers/usb/host/xhci-hub.c
@@ -704,8 +704,7 @@ static int xhci_enter_test_mode(struct xhci_hcd *xhci,
if (!xhci->devs[i])
continue;
- retval = xhci_disable_slot(xhci, i);
- xhci_free_virt_device(xhci, i);
+ retval = xhci_disable_and_free_slot(xhci, i);
if (retval)
xhci_err(xhci, "Failed to disable slot %d, %d. Enter test mode anyway\n",
i, retval);
diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
index 07289333a1e8..81eaad87a3d9 100644
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -865,21 +865,20 @@ int xhci_alloc_tt_info(struct xhci_hcd *xhci,
* will be manipulated by the configure endpoint, allocate device, or update
* hub functions while this function is removing the TT entries from the list.
*/
-void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id)
+void xhci_free_virt_device(struct xhci_hcd *xhci, struct xhci_virt_device *dev,
+ int slot_id)
{
- struct xhci_virt_device *dev;
int i;
int old_active_eps = 0;
/* Slot ID 0 is reserved */
- if (slot_id == 0 || !xhci->devs[slot_id])
+ if (slot_id == 0 || !dev)
return;
- dev = xhci->devs[slot_id];
-
- xhci->dcbaa->dev_context_ptrs[slot_id] = 0;
- if (!dev)
- return;
+ /* If device ctx array still points to _this_ device, clear it */
+ if (dev->out_ctx &&
+ xhci->dcbaa->dev_context_ptrs[slot_id] == cpu_to_le64(dev->out_ctx->dma))
+ xhci->dcbaa->dev_context_ptrs[slot_id] = 0;
trace_xhci_free_virt_device(dev);
@@ -920,8 +919,9 @@ void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id)
dev->udev->slot_id = 0;
if (dev->rhub_port && dev->rhub_port->slot_id == slot_id)
dev->rhub_port->slot_id = 0;
- kfree(xhci->devs[slot_id]);
- xhci->devs[slot_id] = NULL;
+ if (xhci->devs[slot_id] == dev)
+ xhci->devs[slot_id] = NULL;
+ kfree(dev);
}
/*
@@ -962,7 +962,7 @@ static void xhci_free_virt_devices_depth_first(struct xhci_hcd *xhci, int slot_i
out:
/* we are now at a leaf device */
xhci_debugfs_remove_slot(xhci, slot_id);
- xhci_free_virt_device(xhci, slot_id);
+ xhci_free_virt_device(xhci, vdev, slot_id);
}
int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id,
diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
index ecd757d482c5..4f8f5aab109d 100644
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -1592,7 +1592,8 @@ static void xhci_handle_cmd_enable_slot(int slot_id, struct xhci_command *comman
command->slot_id = 0;
}
-static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id)
+static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id,
+ u32 cmd_comp_code)
{
struct xhci_virt_device *virt_dev;
struct xhci_slot_ctx *slot_ctx;
@@ -1607,6 +1608,10 @@ static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id)
if (xhci->quirks & XHCI_EP_LIMIT_QUIRK)
/* Delete default control endpoint resources */
xhci_free_device_endpoint_resources(xhci, virt_dev, true);
+ if (cmd_comp_code == COMP_SUCCESS) {
+ xhci->dcbaa->dev_context_ptrs[slot_id] = 0;
+ xhci->devs[slot_id] = NULL;
+ }
}
static void xhci_handle_cmd_config_ep(struct xhci_hcd *xhci, int slot_id)
@@ -1856,7 +1861,7 @@ static void handle_cmd_completion(struct xhci_hcd *xhci,
xhci_handle_cmd_enable_slot(slot_id, cmd, cmd_comp_code);
break;
case TRB_DISABLE_SLOT:
- xhci_handle_cmd_disable_slot(xhci, slot_id);
+ xhci_handle_cmd_disable_slot(xhci, slot_id, cmd_comp_code);
break;
case TRB_CONFIG_EP:
if (!cmd->completion)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 47151ca527bf..0e03691f03bf 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -3932,8 +3932,7 @@ static int xhci_discover_or_reset_device(struct usb_hcd *hcd,
* Obtaining a new device slot to inform the xHCI host that
* the USB device has been reset.
*/
- ret = xhci_disable_slot(xhci, udev->slot_id);
- xhci_free_virt_device(xhci, udev->slot_id);
+ ret = xhci_disable_and_free_slot(xhci, udev->slot_id);
if (!ret) {
ret = xhci_alloc_dev(hcd, udev);
if (ret == 1)
@@ -4090,7 +4089,7 @@ static void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev)
xhci_disable_slot(xhci, udev->slot_id);
spin_lock_irqsave(&xhci->lock, flags);
- xhci_free_virt_device(xhci, udev->slot_id);
+ xhci_free_virt_device(xhci, virt_dev, udev->slot_id);
spin_unlock_irqrestore(&xhci->lock, flags);
}
@@ -4139,6 +4138,16 @@ int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id)
return 0;
}
+int xhci_disable_and_free_slot(struct xhci_hcd *xhci, u32 slot_id)
+{
+ struct xhci_virt_device *vdev = xhci->devs[slot_id];
+ int ret;
+
+ ret = xhci_disable_slot(xhci, slot_id);
+ xhci_free_virt_device(xhci, vdev, slot_id);
+ return ret;
+}
+
/*
* Checks if we have enough host controller resources for the default control
* endpoint.
@@ -4245,8 +4254,7 @@ int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev)
return 1;
disable_slot:
- xhci_disable_slot(xhci, udev->slot_id);
- xhci_free_virt_device(xhci, udev->slot_id);
+ xhci_disable_and_free_slot(xhci, udev->slot_id);
return 0;
}
@@ -4382,8 +4390,7 @@ static int xhci_setup_device(struct usb_hcd *hcd, struct usb_device *udev,
dev_warn(&udev->dev, "Device not responding to setup %s.\n", act);
mutex_unlock(&xhci->mutex);
- ret = xhci_disable_slot(xhci, udev->slot_id);
- xhci_free_virt_device(xhci, udev->slot_id);
+ ret = xhci_disable_and_free_slot(xhci, udev->slot_id);
if (!ret) {
if (xhci_alloc_dev(hcd, udev) == 1)
xhci_setup_addressable_virt_dev(xhci, udev);
diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
index a20f4e7cd43a..85d5b964bf1e 100644
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -1791,7 +1791,7 @@ void xhci_dbg_trace(struct xhci_hcd *xhci, void (*trace)(struct va_format *),
/* xHCI memory management */
void xhci_mem_cleanup(struct xhci_hcd *xhci);
int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags);
-void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id);
+void xhci_free_virt_device(struct xhci_hcd *xhci, struct xhci_virt_device *dev, int slot_id);
int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id, struct usb_device *udev, gfp_t flags);
int xhci_setup_addressable_virt_dev(struct xhci_hcd *xhci, struct usb_device *udev);
void xhci_copy_ep0_dequeue_into_input_ctx(struct xhci_hcd *xhci,
@@ -1888,6 +1888,7 @@ void xhci_reset_bandwidth(struct usb_hcd *hcd, struct usb_device *udev);
int xhci_update_hub_device(struct usb_hcd *hcd, struct usb_device *hdev,
struct usb_tt *tt, gfp_t mem_flags);
int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id);
+int xhci_disable_and_free_slot(struct xhci_hcd *xhci, u32 slot_id);
int xhci_ext_cap_init(struct xhci_hcd *xhci);
int xhci_suspend(struct xhci_hcd *xhci, bool do_wakeup);
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082315-repeater-prefix-b627@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8 Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com>
Date: Fri, 8 Aug 2025 09:40:10 +0200
Subject: [PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY
Temperature sensor returns the temperature of the mechanical parts
of the chip. If both accel and gyro are off, the temperature sensor is
also automatically turned off and returns invalid data.
In this case, returning -EBUSY error code is better then -EINVAL and
indicates userspace that it needs to retry reading temperature in
another context.
Fixes: bc3eb0207fb5 ("iio: imu: inv_icm42600: add temperature sensor support")
Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com>
Cc: stable(a)vger.kernel.org
Reviewed-by: Andy Shevchenko <andy(a)kernel.org>
Reviewed-by: Sean Nyekjaer <sean(a)geanix.com>
Link: https://patch.msgid.link/20250808-inv-icm42600-change-temperature-error-cod…
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c
index 8b15afca498c..271a4788604a 100644
--- a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c
+++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c
@@ -32,8 +32,12 @@ static int inv_icm42600_temp_read(struct inv_icm42600_state *st, s16 *temp)
goto exit;
*temp = (s16)be16_to_cpup(raw);
+ /*
+ * Temperature data is invalid if both accel and gyro are off.
+ * Return -EBUSY in this case.
+ */
if (*temp == INV_ICM42600_DATA_INVALID)
- ret = -EINVAL;
+ ret = -EBUSY;
exit:
mutex_unlock(&st->lock);
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082314-whoops-dandy-d7b1@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8 Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com>
Date: Fri, 8 Aug 2025 09:40:10 +0200
Subject: [PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY
Temperature sensor returns the temperature of the mechanical parts
of the chip. If both accel and gyro are off, the temperature sensor is
also automatically turned off and returns invalid data.
In this case, returning -EBUSY error code is better then -EINVAL and
indicates userspace that it needs to retry reading temperature in
another context.
Fixes: bc3eb0207fb5 ("iio: imu: inv_icm42600: add temperature sensor support")
Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com>
Cc: stable(a)vger.kernel.org
Reviewed-by: Andy Shevchenko <andy(a)kernel.org>
Reviewed-by: Sean Nyekjaer <sean(a)geanix.com>
Link: https://patch.msgid.link/20250808-inv-icm42600-change-temperature-error-cod…
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c
index 8b15afca498c..271a4788604a 100644
--- a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c
+++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c
@@ -32,8 +32,12 @@ static int inv_icm42600_temp_read(struct inv_icm42600_state *st, s16 *temp)
goto exit;
*temp = (s16)be16_to_cpup(raw);
+ /*
+ * Temperature data is invalid if both accel and gyro are off.
+ * Return -EBUSY in this case.
+ */
if (*temp == INV_ICM42600_DATA_INVALID)
- ret = -EINVAL;
+ ret = -EBUSY;
exit:
mutex_unlock(&st->lock);
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] tracing: Limit access to parser->buffer when trace_get_user" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 6a909ea83f226803ea0e718f6e88613df9234d58
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082332-jubilance-impotency-10c3@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 6a909ea83f226803ea0e718f6e88613df9234d58 Mon Sep 17 00:00:00 2001
From: Pu Lehui <pulehui(a)huawei.com>
Date: Wed, 13 Aug 2025 04:02:32 +0000
Subject: [PATCH] tracing: Limit access to parser->buffer when trace_get_user
failed
When the length of the string written to set_ftrace_filter exceeds
FTRACE_BUFF_MAX, the following KASAN alarm will be triggered:
BUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0
Read of size 1 at addr ffff0000d00bd5ba by task ash/165
CPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty
Hardware name: linux,dummy-virt (DT)
Call trace:
show_stack+0x34/0x50 (C)
dump_stack_lvl+0xa0/0x158
print_address_description.constprop.0+0x88/0x398
print_report+0xb0/0x280
kasan_report+0xa4/0xf0
__asan_report_load1_noabort+0x20/0x30
strsep+0x18c/0x1b0
ftrace_process_regex.isra.0+0x100/0x2d8
ftrace_regex_release+0x484/0x618
__fput+0x364/0xa58
____fput+0x28/0x40
task_work_run+0x154/0x278
do_notify_resume+0x1f0/0x220
el0_svc+0xec/0xf0
el0t_64_sync_handler+0xa0/0xe8
el0t_64_sync+0x1ac/0x1b0
The reason is that trace_get_user will fail when processing a string
longer than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0.
Then an OOB access will be triggered in ftrace_regex_release->
ftrace_process_regex->strsep->strpbrk. We can solve this problem by
limiting access to parser->buffer when trace_get_user failed.
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/20250813040232.1344527-1-pulehui@huaweicloud.com
Fixes: 8c9af478c06b ("ftrace: Handle commands when closing set_ftrace_filter file")
Signed-off-by: Pu Lehui <pulehui(a)huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org>
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 4283ed4e8f59..8d8935ed416d 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1816,7 +1816,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
@@ -1830,7 +1830,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
while (cnt && isspace(ch)) {
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
}
@@ -1848,12 +1848,14 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
while (cnt && !isspace(ch) && ch) {
if (parser->idx < parser->size - 1)
parser->buffer[parser->idx++] = ch;
- else
- return -EINVAL;
+ else {
+ ret = -EINVAL;
+ goto fail;
+ }
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
}
@@ -1868,11 +1870,15 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
/* Make sure the parsed string always terminates with '\0'. */
parser->buffer[parser->idx] = 0;
} else {
- return -EINVAL;
+ ret = -EINVAL;
+ goto fail;
}
*ppos += read;
return read;
+fail:
+ trace_parser_fail(parser);
+ return ret;
}
/* TODO add a seq_buf_to_buffer() */
diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
index 1dbf1d3cf2f1..be6654899cae 100644
--- a/kernel/trace/trace.h
+++ b/kernel/trace/trace.h
@@ -1292,6 +1292,7 @@ bool ftrace_event_is_function(struct trace_event_call *call);
*/
struct trace_parser {
bool cont;
+ bool fail;
char *buffer;
unsigned idx;
unsigned size;
@@ -1299,7 +1300,7 @@ struct trace_parser {
static inline bool trace_parser_loaded(struct trace_parser *parser)
{
- return (parser->idx != 0);
+ return !parser->fail && parser->idx != 0;
}
static inline bool trace_parser_cont(struct trace_parser *parser)
@@ -1313,6 +1314,11 @@ static inline void trace_parser_clear(struct trace_parser *parser)
parser->idx = 0;
}
+static inline void trace_parser_fail(struct trace_parser *parser)
+{
+ parser->fail = true;
+}
+
extern int trace_parser_get_init(struct trace_parser *parser, int size);
extern void trace_parser_put(struct trace_parser *parser);
extern int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
2 weeks, 5 days
- 2
- 2
FAILED: patch "[PATCH] tracing: Limit access to parser->buffer when trace_get_user" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 6a909ea83f226803ea0e718f6e88613df9234d58
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082331-pushing-surrender-b647@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 6a909ea83f226803ea0e718f6e88613df9234d58 Mon Sep 17 00:00:00 2001
From: Pu Lehui <pulehui(a)huawei.com>
Date: Wed, 13 Aug 2025 04:02:32 +0000
Subject: [PATCH] tracing: Limit access to parser->buffer when trace_get_user
failed
When the length of the string written to set_ftrace_filter exceeds
FTRACE_BUFF_MAX, the following KASAN alarm will be triggered:
BUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0
Read of size 1 at addr ffff0000d00bd5ba by task ash/165
CPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty
Hardware name: linux,dummy-virt (DT)
Call trace:
show_stack+0x34/0x50 (C)
dump_stack_lvl+0xa0/0x158
print_address_description.constprop.0+0x88/0x398
print_report+0xb0/0x280
kasan_report+0xa4/0xf0
__asan_report_load1_noabort+0x20/0x30
strsep+0x18c/0x1b0
ftrace_process_regex.isra.0+0x100/0x2d8
ftrace_regex_release+0x484/0x618
__fput+0x364/0xa58
____fput+0x28/0x40
task_work_run+0x154/0x278
do_notify_resume+0x1f0/0x220
el0_svc+0xec/0xf0
el0t_64_sync_handler+0xa0/0xe8
el0t_64_sync+0x1ac/0x1b0
The reason is that trace_get_user will fail when processing a string
longer than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0.
Then an OOB access will be triggered in ftrace_regex_release->
ftrace_process_regex->strsep->strpbrk. We can solve this problem by
limiting access to parser->buffer when trace_get_user failed.
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/20250813040232.1344527-1-pulehui@huaweicloud.com
Fixes: 8c9af478c06b ("ftrace: Handle commands when closing set_ftrace_filter file")
Signed-off-by: Pu Lehui <pulehui(a)huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org>
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 4283ed4e8f59..8d8935ed416d 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1816,7 +1816,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
@@ -1830,7 +1830,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
while (cnt && isspace(ch)) {
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
}
@@ -1848,12 +1848,14 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
while (cnt && !isspace(ch) && ch) {
if (parser->idx < parser->size - 1)
parser->buffer[parser->idx++] = ch;
- else
- return -EINVAL;
+ else {
+ ret = -EINVAL;
+ goto fail;
+ }
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
}
@@ -1868,11 +1870,15 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
/* Make sure the parsed string always terminates with '\0'. */
parser->buffer[parser->idx] = 0;
} else {
- return -EINVAL;
+ ret = -EINVAL;
+ goto fail;
}
*ppos += read;
return read;
+fail:
+ trace_parser_fail(parser);
+ return ret;
}
/* TODO add a seq_buf_to_buffer() */
diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
index 1dbf1d3cf2f1..be6654899cae 100644
--- a/kernel/trace/trace.h
+++ b/kernel/trace/trace.h
@@ -1292,6 +1292,7 @@ bool ftrace_event_is_function(struct trace_event_call *call);
*/
struct trace_parser {
bool cont;
+ bool fail;
char *buffer;
unsigned idx;
unsigned size;
@@ -1299,7 +1300,7 @@ struct trace_parser {
static inline bool trace_parser_loaded(struct trace_parser *parser)
{
- return (parser->idx != 0);
+ return !parser->fail && parser->idx != 0;
}
static inline bool trace_parser_cont(struct trace_parser *parser)
@@ -1313,6 +1314,11 @@ static inline void trace_parser_clear(struct trace_parser *parser)
parser->idx = 0;
}
+static inline void trace_parser_fail(struct trace_parser *parser)
+{
+ parser->fail = true;
+}
+
extern int trace_parser_get_init(struct trace_parser *parser, int size);
extern void trace_parser_put(struct trace_parser *parser);
extern int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
2 weeks, 5 days
- 2
- 2
FAILED: patch "[PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082314-steed-eldercare-ccf9@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8 Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com>
Date: Fri, 8 Aug 2025 09:40:10 +0200
Subject: [PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY
Temperature sensor returns the temperature of the mechanical parts
of the chip. If both accel and gyro are off, the temperature sensor is
also automatically turned off and returns invalid data.
In this case, returning -EBUSY error code is better then -EINVAL and
indicates userspace that it needs to retry reading temperature in
another context.
Fixes: bc3eb0207fb5 ("iio: imu: inv_icm42600: add temperature sensor support")
Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com>
Cc: stable(a)vger.kernel.org
Reviewed-by: Andy Shevchenko <andy(a)kernel.org>
Reviewed-by: Sean Nyekjaer <sean(a)geanix.com>
Link: https://patch.msgid.link/20250808-inv-icm42600-change-temperature-error-cod…
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c
index 8b15afca498c..271a4788604a 100644
--- a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c
+++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c
@@ -32,8 +32,12 @@ static int inv_icm42600_temp_read(struct inv_icm42600_state *st, s16 *temp)
goto exit;
*temp = (s16)be16_to_cpup(raw);
+ /*
+ * Temperature data is invalid if both accel and gyro are off.
+ * Return -EBUSY in this case.
+ */
if (*temp == INV_ICM42600_DATA_INVALID)
- ret = -EINVAL;
+ ret = -EBUSY;
exit:
mutex_unlock(&st->lock);
2 weeks, 5 days
- 2
- 4
FAILED: patch "[PATCH] tracing: Limit access to parser->buffer when trace_get_user" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 6a909ea83f226803ea0e718f6e88613df9234d58
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082331-axis-politely-d9d3@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 6a909ea83f226803ea0e718f6e88613df9234d58 Mon Sep 17 00:00:00 2001
From: Pu Lehui <pulehui(a)huawei.com>
Date: Wed, 13 Aug 2025 04:02:32 +0000
Subject: [PATCH] tracing: Limit access to parser->buffer when trace_get_user
failed
When the length of the string written to set_ftrace_filter exceeds
FTRACE_BUFF_MAX, the following KASAN alarm will be triggered:
BUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0
Read of size 1 at addr ffff0000d00bd5ba by task ash/165
CPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty
Hardware name: linux,dummy-virt (DT)
Call trace:
show_stack+0x34/0x50 (C)
dump_stack_lvl+0xa0/0x158
print_address_description.constprop.0+0x88/0x398
print_report+0xb0/0x280
kasan_report+0xa4/0xf0
__asan_report_load1_noabort+0x20/0x30
strsep+0x18c/0x1b0
ftrace_process_regex.isra.0+0x100/0x2d8
ftrace_regex_release+0x484/0x618
__fput+0x364/0xa58
____fput+0x28/0x40
task_work_run+0x154/0x278
do_notify_resume+0x1f0/0x220
el0_svc+0xec/0xf0
el0t_64_sync_handler+0xa0/0xe8
el0t_64_sync+0x1ac/0x1b0
The reason is that trace_get_user will fail when processing a string
longer than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0.
Then an OOB access will be triggered in ftrace_regex_release->
ftrace_process_regex->strsep->strpbrk. We can solve this problem by
limiting access to parser->buffer when trace_get_user failed.
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/20250813040232.1344527-1-pulehui@huaweicloud.com
Fixes: 8c9af478c06b ("ftrace: Handle commands when closing set_ftrace_filter file")
Signed-off-by: Pu Lehui <pulehui(a)huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org>
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 4283ed4e8f59..8d8935ed416d 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1816,7 +1816,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
@@ -1830,7 +1830,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
while (cnt && isspace(ch)) {
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
}
@@ -1848,12 +1848,14 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
while (cnt && !isspace(ch) && ch) {
if (parser->idx < parser->size - 1)
parser->buffer[parser->idx++] = ch;
- else
- return -EINVAL;
+ else {
+ ret = -EINVAL;
+ goto fail;
+ }
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
}
@@ -1868,11 +1870,15 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
/* Make sure the parsed string always terminates with '\0'. */
parser->buffer[parser->idx] = 0;
} else {
- return -EINVAL;
+ ret = -EINVAL;
+ goto fail;
}
*ppos += read;
return read;
+fail:
+ trace_parser_fail(parser);
+ return ret;
}
/* TODO add a seq_buf_to_buffer() */
diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
index 1dbf1d3cf2f1..be6654899cae 100644
--- a/kernel/trace/trace.h
+++ b/kernel/trace/trace.h
@@ -1292,6 +1292,7 @@ bool ftrace_event_is_function(struct trace_event_call *call);
*/
struct trace_parser {
bool cont;
+ bool fail;
char *buffer;
unsigned idx;
unsigned size;
@@ -1299,7 +1300,7 @@ struct trace_parser {
static inline bool trace_parser_loaded(struct trace_parser *parser)
{
- return (parser->idx != 0);
+ return !parser->fail && parser->idx != 0;
}
static inline bool trace_parser_cont(struct trace_parser *parser)
@@ -1313,6 +1314,11 @@ static inline void trace_parser_clear(struct trace_parser *parser)
parser->idx = 0;
}
+static inline void trace_parser_fail(struct trace_parser *parser)
+{
+ parser->fail = true;
+}
+
extern int trace_parser_get_init(struct trace_parser *parser, int size);
extern void trace_parser_put(struct trace_parser *parser);
extern int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
2 weeks, 5 days
- 2
- 2
FAILED: patch "[PATCH] tracing: Limit access to parser->buffer when trace_get_user" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 6a909ea83f226803ea0e718f6e88613df9234d58
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082330-grimace-stellar-77f2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 6a909ea83f226803ea0e718f6e88613df9234d58 Mon Sep 17 00:00:00 2001
From: Pu Lehui <pulehui(a)huawei.com>
Date: Wed, 13 Aug 2025 04:02:32 +0000
Subject: [PATCH] tracing: Limit access to parser->buffer when trace_get_user
failed
When the length of the string written to set_ftrace_filter exceeds
FTRACE_BUFF_MAX, the following KASAN alarm will be triggered:
BUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0
Read of size 1 at addr ffff0000d00bd5ba by task ash/165
CPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty
Hardware name: linux,dummy-virt (DT)
Call trace:
show_stack+0x34/0x50 (C)
dump_stack_lvl+0xa0/0x158
print_address_description.constprop.0+0x88/0x398
print_report+0xb0/0x280
kasan_report+0xa4/0xf0
__asan_report_load1_noabort+0x20/0x30
strsep+0x18c/0x1b0
ftrace_process_regex.isra.0+0x100/0x2d8
ftrace_regex_release+0x484/0x618
__fput+0x364/0xa58
____fput+0x28/0x40
task_work_run+0x154/0x278
do_notify_resume+0x1f0/0x220
el0_svc+0xec/0xf0
el0t_64_sync_handler+0xa0/0xe8
el0t_64_sync+0x1ac/0x1b0
The reason is that trace_get_user will fail when processing a string
longer than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0.
Then an OOB access will be triggered in ftrace_regex_release->
ftrace_process_regex->strsep->strpbrk. We can solve this problem by
limiting access to parser->buffer when trace_get_user failed.
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/20250813040232.1344527-1-pulehui@huaweicloud.com
Fixes: 8c9af478c06b ("ftrace: Handle commands when closing set_ftrace_filter file")
Signed-off-by: Pu Lehui <pulehui(a)huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org>
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 4283ed4e8f59..8d8935ed416d 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1816,7 +1816,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
@@ -1830,7 +1830,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
while (cnt && isspace(ch)) {
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
}
@@ -1848,12 +1848,14 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
while (cnt && !isspace(ch) && ch) {
if (parser->idx < parser->size - 1)
parser->buffer[parser->idx++] = ch;
- else
- return -EINVAL;
+ else {
+ ret = -EINVAL;
+ goto fail;
+ }
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
}
@@ -1868,11 +1870,15 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
/* Make sure the parsed string always terminates with '\0'. */
parser->buffer[parser->idx] = 0;
} else {
- return -EINVAL;
+ ret = -EINVAL;
+ goto fail;
}
*ppos += read;
return read;
+fail:
+ trace_parser_fail(parser);
+ return ret;
}
/* TODO add a seq_buf_to_buffer() */
diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
index 1dbf1d3cf2f1..be6654899cae 100644
--- a/kernel/trace/trace.h
+++ b/kernel/trace/trace.h
@@ -1292,6 +1292,7 @@ bool ftrace_event_is_function(struct trace_event_call *call);
*/
struct trace_parser {
bool cont;
+ bool fail;
char *buffer;
unsigned idx;
unsigned size;
@@ -1299,7 +1300,7 @@ struct trace_parser {
static inline bool trace_parser_loaded(struct trace_parser *parser)
{
- return (parser->idx != 0);
+ return !parser->fail && parser->idx != 0;
}
static inline bool trace_parser_cont(struct trace_parser *parser)
@@ -1313,6 +1314,11 @@ static inline void trace_parser_clear(struct trace_parser *parser)
parser->idx = 0;
}
+static inline void trace_parser_fail(struct trace_parser *parser)
+{
+ parser->fail = true;
+}
+
extern int trace_parser_get_init(struct trace_parser *parser, int size);
extern void trace_parser_put(struct trace_parser *parser);
extern int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
2 weeks, 5 days
- 2
- 2
FAILED: patch "[PATCH] iio: light: as73211: Ensure buffer holes are zeroed" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 433b99e922943efdfd62b9a8e3ad1604838181f2
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082318-value-headless-fcab@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 433b99e922943efdfd62b9a8e3ad1604838181f2 Mon Sep 17 00:00:00 2001
From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
Date: Sat, 2 Aug 2025 17:44:21 +0100
Subject: [PATCH] iio: light: as73211: Ensure buffer holes are zeroed
Given that the buffer is copied to a kfifo that ultimately user space
can read, ensure we zero it.
Fixes: 403e5586b52e ("iio: light: as73211: New driver")
Reviewed-by: Matti Vaittinen <mazziesaccount(a)gmail.com>
Reviewed-by: Andy Shevchenko <andy(a)kernel.org>
Link: https://patch.msgid.link/20250802164436.515988-2-jic23@kernel.org
Cc: <Stable(a)vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
diff --git a/drivers/iio/light/as73211.c b/drivers/iio/light/as73211.c
index 68f60dc3c79d..32719f584c47 100644
--- a/drivers/iio/light/as73211.c
+++ b/drivers/iio/light/as73211.c
@@ -639,7 +639,7 @@ static irqreturn_t as73211_trigger_handler(int irq __always_unused, void *p)
struct {
__le16 chan[4];
aligned_s64 ts;
- } scan;
+ } scan = { };
int data_result, ret;
mutex_lock(&data->mutex);
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082313-lubricant-traction-2a78@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8 Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com>
Date: Fri, 8 Aug 2025 09:40:10 +0200
Subject: [PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY
Temperature sensor returns the temperature of the mechanical parts
of the chip. If both accel and gyro are off, the temperature sensor is
also automatically turned off and returns invalid data.
In this case, returning -EBUSY error code is better then -EINVAL and
indicates userspace that it needs to retry reading temperature in
another context.
Fixes: bc3eb0207fb5 ("iio: imu: inv_icm42600: add temperature sensor support")
Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com>
Cc: stable(a)vger.kernel.org
Reviewed-by: Andy Shevchenko <andy(a)kernel.org>
Reviewed-by: Sean Nyekjaer <sean(a)geanix.com>
Link: https://patch.msgid.link/20250808-inv-icm42600-change-temperature-error-cod…
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c
index 8b15afca498c..271a4788604a 100644
--- a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c
+++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c
@@ -32,8 +32,12 @@ static int inv_icm42600_temp_read(struct inv_icm42600_state *st, s16 *temp)
goto exit;
*temp = (s16)be16_to_cpup(raw);
+ /*
+ * Temperature data is invalid if both accel and gyro are off.
+ * Return -EBUSY in this case.
+ */
if (*temp == INV_ICM42600_DATA_INVALID)
- ret = -EINVAL;
+ ret = -EBUSY;
exit:
mutex_unlock(&st->lock);
2 weeks, 5 days
- 2
- 4
FAILED: patch "[PATCH] iio: light: as73211: Ensure buffer holes are zeroed" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 433b99e922943efdfd62b9a8e3ad1604838181f2
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082317-bogged-placate-a67b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 433b99e922943efdfd62b9a8e3ad1604838181f2 Mon Sep 17 00:00:00 2001
From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
Date: Sat, 2 Aug 2025 17:44:21 +0100
Subject: [PATCH] iio: light: as73211: Ensure buffer holes are zeroed
Given that the buffer is copied to a kfifo that ultimately user space
can read, ensure we zero it.
Fixes: 403e5586b52e ("iio: light: as73211: New driver")
Reviewed-by: Matti Vaittinen <mazziesaccount(a)gmail.com>
Reviewed-by: Andy Shevchenko <andy(a)kernel.org>
Link: https://patch.msgid.link/20250802164436.515988-2-jic23@kernel.org
Cc: <Stable(a)vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
diff --git a/drivers/iio/light/as73211.c b/drivers/iio/light/as73211.c
index 68f60dc3c79d..32719f584c47 100644
--- a/drivers/iio/light/as73211.c
+++ b/drivers/iio/light/as73211.c
@@ -639,7 +639,7 @@ static irqreturn_t as73211_trigger_handler(int irq __always_unused, void *p)
struct {
__le16 chan[4];
aligned_s64 ts;
- } scan;
+ } scan = { };
int data_result, ret;
mutex_lock(&data->mutex);
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] iio: light: as73211: Ensure buffer holes are zeroed" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 433b99e922943efdfd62b9a8e3ad1604838181f2
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082317-tattling-pending-3706@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 433b99e922943efdfd62b9a8e3ad1604838181f2 Mon Sep 17 00:00:00 2001
From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
Date: Sat, 2 Aug 2025 17:44:21 +0100
Subject: [PATCH] iio: light: as73211: Ensure buffer holes are zeroed
Given that the buffer is copied to a kfifo that ultimately user space
can read, ensure we zero it.
Fixes: 403e5586b52e ("iio: light: as73211: New driver")
Reviewed-by: Matti Vaittinen <mazziesaccount(a)gmail.com>
Reviewed-by: Andy Shevchenko <andy(a)kernel.org>
Link: https://patch.msgid.link/20250802164436.515988-2-jic23@kernel.org
Cc: <Stable(a)vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
diff --git a/drivers/iio/light/as73211.c b/drivers/iio/light/as73211.c
index 68f60dc3c79d..32719f584c47 100644
--- a/drivers/iio/light/as73211.c
+++ b/drivers/iio/light/as73211.c
@@ -639,7 +639,7 @@ static irqreturn_t as73211_trigger_handler(int irq __always_unused, void *p)
struct {
__le16 chan[4];
aligned_s64 ts;
- } scan;
+ } scan = { };
int data_result, ret;
mutex_lock(&data->mutex);
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] iio: temperature: maxim_thermocouple: use DMA-safe buffer for" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x ae5bc07ec9f73a41734270ef3f800c5c8a7e0ad3
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082300-collapse-wireless-5bdc@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From ae5bc07ec9f73a41734270ef3f800c5c8a7e0ad3 Mon Sep 17 00:00:00 2001
From: David Lechner <dlechner(a)baylibre.com>
Date: Mon, 21 Jul 2025 18:04:04 -0500
Subject: [PATCH] iio: temperature: maxim_thermocouple: use DMA-safe buffer for
spi_read()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Replace using stack-allocated buffers with a DMA-safe buffer for use
with spi_read(). This allows the driver to be safely used with
DMA-enabled SPI controllers.
The buffer array is also converted to a struct with a union to make the
usage of the memory in the buffer more clear and ensure proper alignment.
Fixes: 1f25ca11d84a ("iio: temperature: add support for Maxim thermocouple chips")
Signed-off-by: David Lechner <dlechner(a)baylibre.com>
Reviewed-by: Nuno Sá <nuno.sa(a)analog.com>
Link: https://patch.msgid.link/20250721-iio-use-more-iio_declare_buffer_with_ts-3…
Cc: <Stable(a)vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
diff --git a/drivers/iio/temperature/maxim_thermocouple.c b/drivers/iio/temperature/maxim_thermocouple.c
index cae8e84821d7..205939680fd4 100644
--- a/drivers/iio/temperature/maxim_thermocouple.c
+++ b/drivers/iio/temperature/maxim_thermocouple.c
@@ -11,6 +11,7 @@
#include <linux/module.h>
#include <linux/err.h>
#include <linux/spi/spi.h>
+#include <linux/types.h>
#include <linux/iio/iio.h>
#include <linux/iio/sysfs.h>
#include <linux/iio/trigger.h>
@@ -121,8 +122,15 @@ struct maxim_thermocouple_data {
struct spi_device *spi;
const struct maxim_thermocouple_chip *chip;
char tc_type;
-
- u8 buffer[16] __aligned(IIO_DMA_MINALIGN);
+ /* Buffer for reading up to 2 hardware channels. */
+ struct {
+ union {
+ __be16 raw16;
+ __be32 raw32;
+ __be16 raw[2];
+ };
+ aligned_s64 timestamp;
+ } buffer __aligned(IIO_DMA_MINALIGN);
};
static int maxim_thermocouple_read(struct maxim_thermocouple_data *data,
@@ -130,18 +138,16 @@ static int maxim_thermocouple_read(struct maxim_thermocouple_data *data,
{
unsigned int storage_bytes = data->chip->read_size;
unsigned int shift = chan->scan_type.shift + (chan->address * 8);
- __be16 buf16;
- __be32 buf32;
int ret;
switch (storage_bytes) {
case 2:
- ret = spi_read(data->spi, (void *)&buf16, storage_bytes);
- *val = be16_to_cpu(buf16);
+ ret = spi_read(data->spi, &data->buffer.raw16, storage_bytes);
+ *val = be16_to_cpu(data->buffer.raw16);
break;
case 4:
- ret = spi_read(data->spi, (void *)&buf32, storage_bytes);
- *val = be32_to_cpu(buf32);
+ ret = spi_read(data->spi, &data->buffer.raw32, storage_bytes);
+ *val = be32_to_cpu(data->buffer.raw32);
break;
default:
ret = -EINVAL;
@@ -166,9 +172,9 @@ static irqreturn_t maxim_thermocouple_trigger_handler(int irq, void *private)
struct maxim_thermocouple_data *data = iio_priv(indio_dev);
int ret;
- ret = spi_read(data->spi, data->buffer, data->chip->read_size);
+ ret = spi_read(data->spi, data->buffer.raw, data->chip->read_size);
if (!ret) {
- iio_push_to_buffers_with_ts(indio_dev, data->buffer,
+ iio_push_to_buffers_with_ts(indio_dev, &data->buffer,
sizeof(data->buffer),
iio_get_time_ns(indio_dev));
}
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x 2e6053fea379806269c4f7f5e36b523c9c0fb35c
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082205-cinch-riverboat-7a85@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 2e6053fea379806269c4f7f5e36b523c9c0fb35c Mon Sep 17 00:00:00 2001
From: Jinjiang Tu <tujinjiang(a)huawei.com>
Date: Fri, 15 Aug 2025 15:32:09 +0800
Subject: [PATCH] mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn
When memory_failure() is called for a already hwpoisoned pfn,
kill_accessing_process() will be called to kill current task. However, if
the vma of the accessing vaddr is VM_PFNMAP, walk_page_range() will skip
the vma in walk_page_test() and return 0.
Before commit aaf99ac2ceb7 ("mm/hwpoison: do not send SIGBUS to processes
with recovered clean pages"), kill_accessing_process() will return EFAULT.
For x86, the current task will be killed in kill_me_maybe().
However, after this commit, kill_accessing_process() simplies return 0,
that means UCE is handled properly, but it doesn't actually. In such
case, the user task will trigger UCE infinitely.
To fix it, add .test_walk callback for hwpoison_walk_ops to scan all vmas.
Link: https://lkml.kernel.org/r/20250815073209.1984582-1-tujinjiang@huawei.com
Fixes: aaf99ac2ceb7 ("mm/hwpoison: do not send SIGBUS to processes with recovered clean pages")
Signed-off-by: Jinjiang Tu <tujinjiang(a)huawei.com>
Acked-by: David Hildenbrand <david(a)redhat.com>
Acked-by: Miaohe Lin <linmiaohe(a)huawei.com>
Reviewed-by: Jane Chu <jane.chu(a)oracle.com>
Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com>
Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com>
Cc: Oscar Salvador <osalvador(a)suse.de>
Cc: Shuai Xue <xueshuai(a)linux.alibaba.com>
Cc: Zi Yan <ziy(a)nvidia.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index e2e685b971bb..fc30ca4804bf 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -853,9 +853,17 @@ static int hwpoison_hugetlb_range(pte_t *ptep, unsigned long hmask,
#define hwpoison_hugetlb_range NULL
#endif
+static int hwpoison_test_walk(unsigned long start, unsigned long end,
+ struct mm_walk *walk)
+{
+ /* We also want to consider pages mapped into VM_PFNMAP. */
+ return 0;
+}
+
static const struct mm_walk_ops hwpoison_walk_ops = {
.pmd_entry = hwpoison_pte_range,
.hugetlb_entry = hwpoison_hugetlb_range,
+ .test_walk = hwpoison_test_walk,
.walk_lock = PGWALK_RDLOCK,
};
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] iio: light: as73211: Ensure buffer holes are zeroed" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 433b99e922943efdfd62b9a8e3ad1604838181f2
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082317-deprecate-tropics-e5fc@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 433b99e922943efdfd62b9a8e3ad1604838181f2 Mon Sep 17 00:00:00 2001
From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
Date: Sat, 2 Aug 2025 17:44:21 +0100
Subject: [PATCH] iio: light: as73211: Ensure buffer holes are zeroed
Given that the buffer is copied to a kfifo that ultimately user space
can read, ensure we zero it.
Fixes: 403e5586b52e ("iio: light: as73211: New driver")
Reviewed-by: Matti Vaittinen <mazziesaccount(a)gmail.com>
Reviewed-by: Andy Shevchenko <andy(a)kernel.org>
Link: https://patch.msgid.link/20250802164436.515988-2-jic23@kernel.org
Cc: <Stable(a)vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
diff --git a/drivers/iio/light/as73211.c b/drivers/iio/light/as73211.c
index 68f60dc3c79d..32719f584c47 100644
--- a/drivers/iio/light/as73211.c
+++ b/drivers/iio/light/as73211.c
@@ -639,7 +639,7 @@ static irqreturn_t as73211_trigger_handler(int irq __always_unused, void *p)
struct {
__le16 chan[4];
aligned_s64 ts;
- } scan;
+ } scan = { };
int data_result, ret;
mutex_lock(&data->mutex);
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] compiler: remove __ADDRESSABLE_ASM{_STR,}() again" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 8ea815399c3fcce1889bd951fec25b5b9a3979c1
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082218-headed-visitor-b1a2@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8ea815399c3fcce1889bd951fec25b5b9a3979c1 Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich(a)suse.com>
Date: Mon, 14 Apr 2025 16:41:07 +0200
Subject: [PATCH] compiler: remove __ADDRESSABLE_ASM{_STR,}() again
__ADDRESSABLE_ASM_STR() is where the necessary stringification happens.
As long as "sym" doesn't contain any odd characters, no quoting is
required for its use with .quad / .long. In fact the quotation gets in
the way with gas 2.25; it's only from 2.26 onwards that quoted symbols
are half-way properly supported.
However, assembly being different from C anyway, drop
__ADDRESSABLE_ASM_STR() and its helper macro altogether. A simple
.global directive will suffice to get the symbol "declared", i.e. into
the symbol table. While there also stop open-coding STATIC_CALL_TRAMP()
and STATIC_CALL_KEY().
Fixes: 0ef8047b737d ("x86/static-call: provide a way to do very early static-call updates")
Signed-off-by: Jan Beulich <jbeulich(a)suse.com>
Acked-by: Josh Poimboeuf <jpoimboe(a)kernel.org>
Cc: stable(a)vger.kernel.org
Signed-off-by: Juergen Gross <jgross(a)suse.com>
Message-ID: <609d2c74-de13-4fae-ab1a-1ec44afb948d(a)suse.com>
diff --git a/arch/x86/include/asm/xen/hypercall.h b/arch/x86/include/asm/xen/hypercall.h
index 59a62c3780a2..a16d4631547c 100644
--- a/arch/x86/include/asm/xen/hypercall.h
+++ b/arch/x86/include/asm/xen/hypercall.h
@@ -94,12 +94,13 @@ DECLARE_STATIC_CALL(xen_hypercall, xen_hypercall_func);
#ifdef MODULE
#define __ADDRESSABLE_xen_hypercall
#else
-#define __ADDRESSABLE_xen_hypercall __ADDRESSABLE_ASM_STR(__SCK__xen_hypercall)
+#define __ADDRESSABLE_xen_hypercall \
+ __stringify(.global STATIC_CALL_KEY(xen_hypercall);)
#endif
#define __HYPERCALL \
__ADDRESSABLE_xen_hypercall \
- "call __SCT__xen_hypercall"
+ __stringify(call STATIC_CALL_TRAMP(xen_hypercall))
#define __HYPERCALL_ENTRY(x) "a" (x)
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 6f04a1d8c720..64ff73c533e5 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -288,14 +288,6 @@ static inline void *offset_to_ptr(const int *off)
#define __ADDRESSABLE(sym) \
___ADDRESSABLE(sym, __section(".discard.addressable"))
-#define __ADDRESSABLE_ASM(sym) \
- .pushsection .discard.addressable,"aw"; \
- .align ARCH_SEL(8,4); \
- ARCH_SEL(.quad, .long) __stringify(sym); \
- .popsection;
-
-#define __ADDRESSABLE_ASM_STR(sym) __stringify(__ADDRESSABLE_ASM(sym))
-
/*
* This returns a constant expression while determining if an argument is
* a constant expression, most importantly without evaluating the argument.
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] iio: temperature: maxim_thermocouple: use DMA-safe buffer for" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x ae5bc07ec9f73a41734270ef3f800c5c8a7e0ad3
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082359-startup-accuracy-7abb@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From ae5bc07ec9f73a41734270ef3f800c5c8a7e0ad3 Mon Sep 17 00:00:00 2001
From: David Lechner <dlechner(a)baylibre.com>
Date: Mon, 21 Jul 2025 18:04:04 -0500
Subject: [PATCH] iio: temperature: maxim_thermocouple: use DMA-safe buffer for
spi_read()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Replace using stack-allocated buffers with a DMA-safe buffer for use
with spi_read(). This allows the driver to be safely used with
DMA-enabled SPI controllers.
The buffer array is also converted to a struct with a union to make the
usage of the memory in the buffer more clear and ensure proper alignment.
Fixes: 1f25ca11d84a ("iio: temperature: add support for Maxim thermocouple chips")
Signed-off-by: David Lechner <dlechner(a)baylibre.com>
Reviewed-by: Nuno Sá <nuno.sa(a)analog.com>
Link: https://patch.msgid.link/20250721-iio-use-more-iio_declare_buffer_with_ts-3…
Cc: <Stable(a)vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
diff --git a/drivers/iio/temperature/maxim_thermocouple.c b/drivers/iio/temperature/maxim_thermocouple.c
index cae8e84821d7..205939680fd4 100644
--- a/drivers/iio/temperature/maxim_thermocouple.c
+++ b/drivers/iio/temperature/maxim_thermocouple.c
@@ -11,6 +11,7 @@
#include <linux/module.h>
#include <linux/err.h>
#include <linux/spi/spi.h>
+#include <linux/types.h>
#include <linux/iio/iio.h>
#include <linux/iio/sysfs.h>
#include <linux/iio/trigger.h>
@@ -121,8 +122,15 @@ struct maxim_thermocouple_data {
struct spi_device *spi;
const struct maxim_thermocouple_chip *chip;
char tc_type;
-
- u8 buffer[16] __aligned(IIO_DMA_MINALIGN);
+ /* Buffer for reading up to 2 hardware channels. */
+ struct {
+ union {
+ __be16 raw16;
+ __be32 raw32;
+ __be16 raw[2];
+ };
+ aligned_s64 timestamp;
+ } buffer __aligned(IIO_DMA_MINALIGN);
};
static int maxim_thermocouple_read(struct maxim_thermocouple_data *data,
@@ -130,18 +138,16 @@ static int maxim_thermocouple_read(struct maxim_thermocouple_data *data,
{
unsigned int storage_bytes = data->chip->read_size;
unsigned int shift = chan->scan_type.shift + (chan->address * 8);
- __be16 buf16;
- __be32 buf32;
int ret;
switch (storage_bytes) {
case 2:
- ret = spi_read(data->spi, (void *)&buf16, storage_bytes);
- *val = be16_to_cpu(buf16);
+ ret = spi_read(data->spi, &data->buffer.raw16, storage_bytes);
+ *val = be16_to_cpu(data->buffer.raw16);
break;
case 4:
- ret = spi_read(data->spi, (void *)&buf32, storage_bytes);
- *val = be32_to_cpu(buf32);
+ ret = spi_read(data->spi, &data->buffer.raw32, storage_bytes);
+ *val = be32_to_cpu(data->buffer.raw32);
break;
default:
ret = -EINVAL;
@@ -166,9 +172,9 @@ static irqreturn_t maxim_thermocouple_trigger_handler(int irq, void *private)
struct maxim_thermocouple_data *data = iio_priv(indio_dev);
int ret;
- ret = spi_read(data->spi, data->buffer, data->chip->read_size);
+ ret = spi_read(data->spi, data->buffer.raw, data->chip->read_size);
if (!ret) {
- iio_push_to_buffers_with_ts(indio_dev, data->buffer,
+ iio_push_to_buffers_with_ts(indio_dev, &data->buffer,
sizeof(data->buffer),
iio_get_time_ns(indio_dev));
}
2 weeks, 5 days
- 2
- 1
FAILED: patch "[PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY" failed to apply to 6.16-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.16-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.16.y
git checkout FETCH_HEAD
git cherry-pick -x dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082313-case-filtrate-5d55@gregkh' --subject-prefix 'PATCH 6.16.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From dfdc31e7ccf3ac1d5ec01d5120c71e14745e3dd8 Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com>
Date: Fri, 8 Aug 2025 09:40:10 +0200
Subject: [PATCH] iio: imu: inv_icm42600: change invalid data error to -EBUSY
Temperature sensor returns the temperature of the mechanical parts
of the chip. If both accel and gyro are off, the temperature sensor is
also automatically turned off and returns invalid data.
In this case, returning -EBUSY error code is better then -EINVAL and
indicates userspace that it needs to retry reading temperature in
another context.
Fixes: bc3eb0207fb5 ("iio: imu: inv_icm42600: add temperature sensor support")
Signed-off-by: Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com>
Cc: stable(a)vger.kernel.org
Reviewed-by: Andy Shevchenko <andy(a)kernel.org>
Reviewed-by: Sean Nyekjaer <sean(a)geanix.com>
Link: https://patch.msgid.link/20250808-inv-icm42600-change-temperature-error-cod…
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c
index 8b15afca498c..271a4788604a 100644
--- a/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c
+++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c
@@ -32,8 +32,12 @@ static int inv_icm42600_temp_read(struct inv_icm42600_state *st, s16 *temp)
goto exit;
*temp = (s16)be16_to_cpup(raw);
+ /*
+ * Temperature data is invalid if both accel and gyro are off.
+ * Return -EBUSY in this case.
+ */
if (*temp == INV_ICM42600_DATA_INVALID)
- ret = -EINVAL;
+ ret = -EBUSY;
exit:
mutex_unlock(&st->lock);
2 weeks, 5 days
- 2
- 3
PPC GPU hangs patch
by Mario Limonciello
Hi,
Some GPU hangs are reported on PowerPC with some dGPUs. This patch is
reported [1] to improve them:
commit 0ef2803173f1 ("drm/amdgpu/vcn1: read back register after written")
The other VCN versions are already in 6.15.9, this one didn't come back
though AFAICT.
Can you take it back to remaining stable trees?
[1] https://gitlab.freedesktop.org/drm/amd/-/issues/3787
Thanks,
2 weeks, 6 days
- 2
- 2
[PATCH v6 03/12] i2c: rtl9300: remove broken SMBus Quick operation support
by Jonas Jelonek
Remove the SMBus Quick operation from this driver because it is not
natively supported by the hardware and is wrongly implemented in the
driver.
The I2C controllers in Realtek RTL9300 and RTL9310 are SMBus-compliant
but there doesn't seem to be native support for the SMBus Quick
operation. It is not explicitly mentioned in the documentation but
looking at the registers which configure an SMBus transaction, one can
see that the data length cannot be set to 0. This suggests that the
hardware doesn't allow any SMBus message without data bytes (except for
those it does on it's own, see SMBus Block Read).
The current implementation of SMBus Quick operation passes a length of
0 (which is actually invalid). Before the fix of a bug in a previous
commit, this led to a read operation of 16 bytes from any register (the
one of a former transaction or any other value.
This caused issues like soft-bricked SFP modules after a simple probe
with i2cdetect which uses Quick by default. Running this with SFP
modules whose EEPROM isn't write-protected, some of the initial bytes
are overwritten because a 16-byte write operation is executed instead of
a Quick Write. (This temporarily soft-bricked one of my DAC cables.)
Because SMBus Quick operation is obviously not supported on these
controllers (because a length of 0 cannot be set, even when no register
address is set), remove that instead of claiming there is support. There
also shouldn't be any kind of emulated 'Quick' which just does another
kind of operation in the background. Otherwise, specific issues occur
in case of a 'Quick' Write which actually writes unknown data to an
unknown register.
Fixes: c366be720235 ("i2c: Add driver for the RTL9300 I2C controller")
Cc: <stable(a)vger.kernel.org> # v6.13+
Signed-off-by: Jonas Jelonek <jelonek.jonas(a)gmail.com>
Tested-by: Sven Eckelmann <sven(a)narfation.org>
---
drivers/i2c/busses/i2c-rtl9300.c | 15 +++------------
1 file changed, 3 insertions(+), 12 deletions(-)
diff --git a/drivers/i2c/busses/i2c-rtl9300.c b/drivers/i2c/busses/i2c-rtl9300.c
index ebd4a85e1bde..9e6232075137 100644
--- a/drivers/i2c/busses/i2c-rtl9300.c
+++ b/drivers/i2c/busses/i2c-rtl9300.c
@@ -235,15 +235,6 @@ static int rtl9300_i2c_smbus_xfer(struct i2c_adapter *adap, u16 addr, unsigned s
}
switch (size) {
- case I2C_SMBUS_QUICK:
- ret = rtl9300_i2c_config_xfer(i2c, chan, addr, 0);
- if (ret)
- goto out_unlock;
- ret = rtl9300_i2c_reg_addr_set(i2c, 0, 0);
- if (ret)
- goto out_unlock;
- break;
-
case I2C_SMBUS_BYTE:
if (read_write == I2C_SMBUS_WRITE) {
ret = rtl9300_i2c_config_xfer(i2c, chan, addr, 0);
@@ -344,9 +335,9 @@ static int rtl9300_i2c_smbus_xfer(struct i2c_adapter *adap, u16 addr, unsigned s
static u32 rtl9300_i2c_func(struct i2c_adapter *a)
{
- return I2C_FUNC_SMBUS_QUICK | I2C_FUNC_SMBUS_BYTE |
- I2C_FUNC_SMBUS_BYTE_DATA | I2C_FUNC_SMBUS_WORD_DATA |
- I2C_FUNC_SMBUS_BLOCK_DATA | I2C_FUNC_SMBUS_I2C_BLOCK;
+ return I2C_FUNC_SMBUS_BYTE | I2C_FUNC_SMBUS_BYTE_DATA |
+ I2C_FUNC_SMBUS_WORD_DATA | I2C_FUNC_SMBUS_BLOCK_DATA |
+ I2C_FUNC_SMBUS_I2C_BLOCK;
}
static const struct i2c_algorithm rtl9300_i2c_algo = {
--
2.48.1
2 weeks, 6 days
- 1
- 0
[PATCH v6 02/12] i2c: rtl9300: ensure data length is within supported range
by Jonas Jelonek
Add an explicit check for the xfer length to 'rtl9300_i2c_config_xfer'
to ensure the data length isn't within the supported range. In
particular a data length of 0 is not supported by the hardware and
causes unintended or destructive behaviour.
This limitation becomes obvious when looking at the register
documentation [1]. 4 bits are reserved for DATA_WIDTH and the value
of these 4 bits is used as N + 1, allowing a data length range of
1 <= len <= 16.
Affected by this is the SMBus Quick Operation which works with a data
length of 0. Passing 0 as the length causes an underflow of the value
due to:
(len - 1) & 0xf
and effectively specifying a transfer length of 16 via the registers.
This causes a 16-byte write operation instead of a Quick Write. For
example, on SFP modules without write-protected EEPROM this soft-bricks
them by overwriting some initial bytes.
For completeness, also add a quirk for the zero length.
[1] https://svanheule.net/realtek/longan/register/i2c_mst1_ctrl2
Fixes: c366be720235 ("i2c: Add driver for the RTL9300 I2C controller")
Cc: <stable(a)vger.kernel.org> # v6.13+
Signed-off-by: Jonas Jelonek <jelonek.jonas(a)gmail.com>
Tested-by: Sven Eckelmann <sven(a)narfation.org>
---
drivers/i2c/busses/i2c-rtl9300.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/drivers/i2c/busses/i2c-rtl9300.c b/drivers/i2c/busses/i2c-rtl9300.c
index 19c367703eaf..ebd4a85e1bde 100644
--- a/drivers/i2c/busses/i2c-rtl9300.c
+++ b/drivers/i2c/busses/i2c-rtl9300.c
@@ -99,6 +99,9 @@ static int rtl9300_i2c_config_xfer(struct rtl9300_i2c *i2c, struct rtl9300_i2c_c
{
u32 val, mask;
+ if (len < 1 || len > 16)
+ return -EINVAL;
+
val = chan->bus_freq << RTL9300_I2C_MST_CTRL2_SCL_FREQ_OFS;
mask = RTL9300_I2C_MST_CTRL2_SCL_FREQ_MASK;
@@ -352,7 +355,7 @@ static const struct i2c_algorithm rtl9300_i2c_algo = {
};
static struct i2c_adapter_quirks rtl9300_i2c_quirks = {
- .flags = I2C_AQ_NO_CLK_STRETCH,
+ .flags = I2C_AQ_NO_CLK_STRETCH | I2C_AQ_NO_ZERO_LEN,
.max_read_len = 16,
.max_write_len = 16,
};
--
2.48.1
2 weeks, 6 days
- 1
- 0
[PATCH v6 01/12] i2c: rtl9300: fix channel number bound check
by Jonas Jelonek
Fix the current check for number of channels (child nodes in the device
tree). Before, this was:
if (device_get_child_node_count(dev) >= RTL9300_I2C_MUX_NCHAN)
RTL9300_I2C_MUX_NCHAN gives the maximum number of channels so checking
with '>=' isn't correct because it doesn't allow the last channel
number. Thus, fix it to:
if (device_get_child_node_count(dev) > RTL9300_I2C_MUX_NCHAN)
Issue occured on a TP-Link TL-ST1008F v2.0 device (8 SFP+ ports) and fix
is tested there.
Fixes: c366be720235 ("i2c: Add driver for the RTL9300 I2C controller")
Cc: <stable(a)vger.kernel.org> # v6.13+
Signed-off-by: Jonas Jelonek <jelonek.jonas(a)gmail.com>
Tested-by: Sven Eckelmann <sven(a)narfation.org>
---
drivers/i2c/busses/i2c-rtl9300.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/i2c/busses/i2c-rtl9300.c b/drivers/i2c/busses/i2c-rtl9300.c
index 4b215f9a24e6..19c367703eaf 100644
--- a/drivers/i2c/busses/i2c-rtl9300.c
+++ b/drivers/i2c/busses/i2c-rtl9300.c
@@ -382,7 +382,7 @@ static int rtl9300_i2c_probe(struct platform_device *pdev)
platform_set_drvdata(pdev, i2c);
- if (device_get_child_node_count(dev) >= RTL9300_I2C_MUX_NCHAN)
+ if (device_get_child_node_count(dev) > RTL9300_I2C_MUX_NCHAN)
return dev_err_probe(dev, -EINVAL, "Too many channels\n");
device_for_each_child_node(dev, child) {
--
2.48.1
2 weeks, 6 days
- 1
- 0
[REGRESSION] stable-rc/linux-5.4.y: (build) field designator 'remove_new' does not refer to any field in type ...
by KernelCI bot
Hello,
New build issue found on stable-rc/linux-5.4.y:
---
field designator 'remove_new' does not refer to any field in type 'struct platform_driver' in drivers/usb/musb/omap2430.o (drivers/usb/musb/omap2430.c) [logspec:kbuild,kbuild.compiler.error]
---
- dashboard: https://d.kernelci.org/i/maestro:1292a5a18d3398e6fbc86c391b6dd3bc3bf00f16
- giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
- commit HEAD: 6aaf3ebf041044bb47bc81d4166cc33c00ed75f5
Log excerpt:
=====================================================
drivers/usb/musb/omap2430.c:584:3: error: field designator 'remove_new' does not refer to any field in type 'struct platform_driver'
584 | .remove_new = omap2430_remove,
| ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
=====================================================
# Builds where the incident occurred:
## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm):
- compiler: clang-17
- dashboard: https://d.kernelci.org/build/maestro:68aadf6e233e484a3fad5913
## multi_v7_defconfig on (arm):
- compiler: clang-17
- dashboard: https://d.kernelci.org/build/maestro:68aadf6c233e484a3fad5910
#kernelci issue maestro:1292a5a18d3398e6fbc86c391b6dd3bc3bf00f16
Reported-by: kernelci.org bot <bot(a)kernelci.org>
--
This is an experimental report format. Please send feedback in!
Talk to us at kernelci(a)lists.linux.dev
Made with love by the KernelCI team - https://kernelci.org
2 weeks, 6 days
- 1
- 0
[REGRESSION] stable-rc/linux-5.10.y: (build) field designator 'remove_new' does not refer to any field in type ...
by KernelCI bot
Hello,
New build issue found on stable-rc/linux-5.10.y:
---
field designator 'remove_new' does not refer to any field in type 'struct platform_driver' in drivers/usb/musb/omap2430.o (drivers/usb/musb/omap2430.c) [logspec:kbuild,kbuild.compiler.error]
---
- dashboard: https://d.kernelci.org/i/maestro:44aed553dd8d8a3dca40a9719599b1909ecdc56c
- giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
- commit HEAD: 10b6e479487675365bd106d20fb7dbeec6fb4f60
Log excerpt:
=====================================================
drivers/usb/musb/omap2430.c:514:3: error: field designator 'remove_new' does not refer to any field in type 'struct platform_driver'
514 | .remove_new = omap2430_remove,
| ~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
=====================================================
# Builds where the incident occurred:
## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm):
- compiler: clang-17
- dashboard: https://d.kernelci.org/build/maestro:68aadfd8233e484a3fad5987
## multi_v7_defconfig on (arm):
- compiler: clang-17
- dashboard: https://d.kernelci.org/build/maestro:68aadfd5233e484a3fad5984
#kernelci issue maestro:44aed553dd8d8a3dca40a9719599b1909ecdc56c
Reported-by: kernelci.org bot <bot(a)kernelci.org>
--
This is an experimental report format. Please send feedback in!
Talk to us at kernelci(a)lists.linux.dev
Made with love by the KernelCI team - https://kernelci.org
2 weeks, 6 days
- 1
- 0
[REGRESSION] stable-rc/linux-5.4.y: (build) ‘struct platform_driver’ has no member named ‘remove_new’; did you...
by KernelCI bot
Hello,
New build issue found on stable-rc/linux-5.4.y:
---
‘struct platform_driver’ has no member named ‘remove_new’; did you mean ‘remove’? in drivers/usb/musb/omap2430.o (drivers/usb/musb/omap2430.c) [logspec:kbuild,kbuild.compiler.error]
---
- dashboard: https://d.kernelci.org/i/maestro:543018f88c601ef4b92585dc650f6478f6dbf5b1
- giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git
- commit HEAD: 6aaf3ebf041044bb47bc81d4166cc33c00ed75f5
Log excerpt:
=====================================================
drivers/usb/musb/omap2430.c:584:10: error: ‘struct platform_driver’ has no member named ‘remove_new’; did you mean ‘remove’?
584 | .remove_new = omap2430_remove,
| ^~~~~~~~~~
| remove
drivers/usb/musb/omap2430.c:584:27: error: initialization of ‘int (*)(struct platform_device *)’ from incompatible pointer type ‘void (*)(struct platform_device *)’ [-Werror=incompatible-pointer-types]
584 | .remove_new = omap2430_remove,
| ^~~~~~~~~~~~~~~
drivers/usb/musb/omap2430.c:584:27: note: (near initialization for ‘omap2430_driver.remove’)
cc1: some warnings being treated as errors
=====================================================
# Builds where the incident occurred:
## multi_v7_defconfig on (arm):
- compiler: gcc-12
- dashboard: https://d.kernelci.org/build/maestro:68aadf80233e484a3fad5928
#kernelci issue maestro:543018f88c601ef4b92585dc650f6478f6dbf5b1
Reported-by: kernelci.org bot <bot(a)kernelci.org>
--
This is an experimental report format. Please send feedback in!
Talk to us at kernelci(a)lists.linux.dev
Made with love by the KernelCI team - https://kernelci.org
2 weeks, 6 days
- 1
- 0
FAILED: patch "[PATCH] tls: fix handling of zero-length records on the rx_list" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x 62708b9452f8eb77513115b17c4f8d1a22ebf843
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082444-reload-culinary-df2b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 62708b9452f8eb77513115b17c4f8d1a22ebf843 Mon Sep 17 00:00:00 2001
From: Jakub Kicinski <kuba(a)kernel.org>
Date: Tue, 19 Aug 2025 19:19:51 -0700
Subject: [PATCH] tls: fix handling of zero-length records on the rx_list
Each recvmsg() call must process either
- only contiguous DATA records (any number of them)
- one non-DATA record
If the next record has different type than what has already been
processed we break out of the main processing loop. If the record
has already been decrypted (which may be the case for TLS 1.3 where
we don't know type until decryption) we queue the pending record
to the rx_list. Next recvmsg() will pick it up from there.
Queuing the skb to rx_list after zero-copy decrypt is not possible,
since in that case we decrypted directly to the user space buffer,
and we don't have an skb to queue (darg.skb points to the ciphertext
skb for access to metadata like length).
Only data records are allowed zero-copy, and we break the processing
loop after each non-data record. So we should never zero-copy and
then find out that the record type has changed. The corner case
we missed is when the initial record comes from rx_list, and it's
zero length.
Reported-by: Muhammad Alifa Ramdhan <ramdhan(a)starlabs.sg>
Reported-by: Billy Jheng Bing-Jhong <billy(a)starlabs.sg>
Fixes: 84c61fe1a75b ("tls: rx: do not use the standard strparser")
Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net>
Link: https://patch.msgid.link/20250820021952.143068-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 51c98a007dda..bac65d0d4e3e 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1808,6 +1808,9 @@ int decrypt_skb(struct sock *sk, struct scatterlist *sgout)
return tls_decrypt_sg(sk, NULL, sgout, &darg);
}
+/* All records returned from a recvmsg() call must have the same type.
+ * 0 is not a valid content type. Use it as "no type reported, yet".
+ */
static int tls_record_content_type(struct msghdr *msg, struct tls_msg *tlm,
u8 *control)
{
@@ -2051,8 +2054,10 @@ int tls_sw_recvmsg(struct sock *sk,
if (err < 0)
goto end;
+ /* process_rx_list() will set @control if it processed any records */
copied = err;
- if (len <= copied || (copied && control != TLS_RECORD_TYPE_DATA) || rx_more)
+ if (len <= copied || rx_more ||
+ (control && control != TLS_RECORD_TYPE_DATA))
goto end;
target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
2 weeks, 6 days
- 1
- 0
FAILED: patch "[PATCH] tls: fix handling of zero-length records on the rx_list" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 62708b9452f8eb77513115b17c4f8d1a22ebf843
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082443-overplant-target-cc18@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 62708b9452f8eb77513115b17c4f8d1a22ebf843 Mon Sep 17 00:00:00 2001
From: Jakub Kicinski <kuba(a)kernel.org>
Date: Tue, 19 Aug 2025 19:19:51 -0700
Subject: [PATCH] tls: fix handling of zero-length records on the rx_list
Each recvmsg() call must process either
- only contiguous DATA records (any number of them)
- one non-DATA record
If the next record has different type than what has already been
processed we break out of the main processing loop. If the record
has already been decrypted (which may be the case for TLS 1.3 where
we don't know type until decryption) we queue the pending record
to the rx_list. Next recvmsg() will pick it up from there.
Queuing the skb to rx_list after zero-copy decrypt is not possible,
since in that case we decrypted directly to the user space buffer,
and we don't have an skb to queue (darg.skb points to the ciphertext
skb for access to metadata like length).
Only data records are allowed zero-copy, and we break the processing
loop after each non-data record. So we should never zero-copy and
then find out that the record type has changed. The corner case
we missed is when the initial record comes from rx_list, and it's
zero length.
Reported-by: Muhammad Alifa Ramdhan <ramdhan(a)starlabs.sg>
Reported-by: Billy Jheng Bing-Jhong <billy(a)starlabs.sg>
Fixes: 84c61fe1a75b ("tls: rx: do not use the standard strparser")
Reviewed-by: Sabrina Dubroca <sd(a)queasysnail.net>
Link: https://patch.msgid.link/20250820021952.143068-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index 51c98a007dda..bac65d0d4e3e 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -1808,6 +1808,9 @@ int decrypt_skb(struct sock *sk, struct scatterlist *sgout)
return tls_decrypt_sg(sk, NULL, sgout, &darg);
}
+/* All records returned from a recvmsg() call must have the same type.
+ * 0 is not a valid content type. Use it as "no type reported, yet".
+ */
static int tls_record_content_type(struct msghdr *msg, struct tls_msg *tlm,
u8 *control)
{
@@ -2051,8 +2054,10 @@ int tls_sw_recvmsg(struct sock *sk,
if (err < 0)
goto end;
+ /* process_rx_list() will set @control if it processed any records */
copied = err;
- if (len <= copied || (copied && control != TLS_RECORD_TYPE_DATA) || rx_more)
+ if (len <= copied || rx_more ||
+ (control && control != TLS_RECORD_TYPE_DATA))
goto end;
target = sock_rcvlowat(sk, flags & MSG_WAITALL, len);
2 weeks, 6 days
- 1
- 0
Apply commit 5a821e2d69e2 ("powerpc/boot: Fix build with gcc 15") to stable kernels
by Christophe Leroy
Hi,
Could you please apply commit 5a821e2d69e2 ("powerpc/boot: Fix build
with gcc 15") to stable kernels, just like you did with commit
ee2ab467bddf ("x86/boot: Use '-std=gnu11' to fix build with GCC 15")
Ref: https://bugzilla.kernel.org/show_bug.cgi?id=220407
Thanks
Christophe
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] net: usbnet: Avoid potential RCU stall on LINK_CHANGE event" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x 0d9cfc9b8cb17dbc29a98792d36ec39a1cf1395f
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025081259-headset-swinger-4805@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 0d9cfc9b8cb17dbc29a98792d36ec39a1cf1395f Mon Sep 17 00:00:00 2001
From: John Ernberg <john.ernberg(a)actia.se>
Date: Wed, 23 Jul 2025 10:25:35 +0000
Subject: [PATCH] net: usbnet: Avoid potential RCU stall on LINK_CHANGE event
The Gemalto Cinterion PLS83-W modem (cdc_ether) is emitting confusing link
up and down events when the WWAN interface is activated on the modem-side.
Interrupt URBs will in consecutive polls grab:
* Link Connected
* Link Disconnected
* Link Connected
Where the last Connected is then a stable link state.
When the system is under load this may cause the unlink_urbs() work in
__handle_link_change() to not complete before the next usbnet_link_change()
call turns the carrier on again, allowing rx_submit() to queue new SKBs.
In that event the URB queue is filled faster than it can drain, ending up
in a RCU stall:
rcu: INFO: rcu_sched detected expedited stalls on CPUs/tasks: { 0-.... } 33108 jiffies s: 201 root: 0x1/.
rcu: blocking rcu_node structures (internal RCU debug):
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
Call trace:
arch_local_irq_enable+0x4/0x8
local_bh_enable+0x18/0x20
__netdev_alloc_skb+0x18c/0x1cc
rx_submit+0x68/0x1f8 [usbnet]
rx_alloc_submit+0x4c/0x74 [usbnet]
usbnet_bh+0x1d8/0x218 [usbnet]
usbnet_bh_tasklet+0x10/0x18 [usbnet]
tasklet_action_common+0xa8/0x110
tasklet_action+0x2c/0x34
handle_softirqs+0x2cc/0x3a0
__do_softirq+0x10/0x18
____do_softirq+0xc/0x14
call_on_irq_stack+0x24/0x34
do_softirq_own_stack+0x18/0x20
__irq_exit_rcu+0xa8/0xb8
irq_exit_rcu+0xc/0x30
el1_interrupt+0x34/0x48
el1h_64_irq_handler+0x14/0x1c
el1h_64_irq+0x68/0x6c
_raw_spin_unlock_irqrestore+0x38/0x48
xhci_urb_dequeue+0x1ac/0x45c [xhci_hcd]
unlink1+0xd4/0xdc [usbcore]
usb_hcd_unlink_urb+0x70/0xb0 [usbcore]
usb_unlink_urb+0x24/0x44 [usbcore]
unlink_urbs.constprop.0.isra.0+0x64/0xa8 [usbnet]
__handle_link_change+0x34/0x70 [usbnet]
usbnet_deferred_kevent+0x1c0/0x320 [usbnet]
process_scheduled_works+0x2d0/0x48c
worker_thread+0x150/0x1dc
kthread+0xd8/0xe8
ret_from_fork+0x10/0x20
Get around the problem by delaying the carrier on to the scheduled work.
This needs a new flag to keep track of the necessary action.
The carrier ok check cannot be removed as it remains required for the
LINK_RESET event flow.
Fixes: 4b49f58fff00 ("usbnet: handle link change")
Cc: stable(a)vger.kernel.org
Signed-off-by: John Ernberg <john.ernberg(a)actia.se>
Link: https://patch.msgid.link/20250723102526.1305339-1-john.ernberg@actia.se
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c
index c04e715a4c2a..bc1d8631ffe0 100644
--- a/drivers/net/usb/usbnet.c
+++ b/drivers/net/usb/usbnet.c
@@ -1122,6 +1122,9 @@ static void __handle_link_change(struct usbnet *dev)
* tx queue is stopped by netcore after link becomes off
*/
} else {
+ if (test_and_clear_bit(EVENT_LINK_CARRIER_ON, &dev->flags))
+ netif_carrier_on(dev->net);
+
/* submitting URBs for reading packets */
tasklet_schedule(&dev->bh);
}
@@ -2009,10 +2012,12 @@ EXPORT_SYMBOL(usbnet_manage_power);
void usbnet_link_change(struct usbnet *dev, bool link, bool need_reset)
{
/* update link after link is reseted */
- if (link && !need_reset)
- netif_carrier_on(dev->net);
- else
+ if (link && !need_reset) {
+ set_bit(EVENT_LINK_CARRIER_ON, &dev->flags);
+ } else {
+ clear_bit(EVENT_LINK_CARRIER_ON, &dev->flags);
netif_carrier_off(dev->net);
+ }
if (need_reset && link)
usbnet_defer_kevent(dev, EVENT_LINK_RESET);
diff --git a/include/linux/usb/usbnet.h b/include/linux/usb/usbnet.h
index 0b9f1e598e3a..4bc6bb01a0eb 100644
--- a/include/linux/usb/usbnet.h
+++ b/include/linux/usb/usbnet.h
@@ -76,6 +76,7 @@ struct usbnet {
# define EVENT_LINK_CHANGE 11
# define EVENT_SET_RX_MODE 12
# define EVENT_NO_IP_ALIGN 13
+# define EVENT_LINK_CARRIER_ON 14
/* This one is special, as it indicates that the device is going away
* there are cyclic dependencies between tasklet, timer and bh
* that must be broken
2 weeks, 6 days
- 4
- 3
[PATCH v5.10 RESEND 0/2] x86/irq: Plug vector setup race
by Jinjie Ruan
There is a vector setup race, which overwrites the interrupt
descriptor in the per CPU vector array resulting in a disfunctional device.
CPU0 CPU1
interrupt is raised in APIC IRR
but not handled
free_irq()
per_cpu(vector_irq, CPU1)[vector] = VECTOR_SHUTDOWN;
request_irq() common_interrupt()
d = this_cpu_read(vector_irq[vector]);
per_cpu(vector_irq, CPU1)[vector] = desc;
if (d == VECTOR_SHUTDOWN)
this_cpu_write(vector_irq[vector], VECTOR_UNUSED);
free_irq() cannot observe the pending vector in the CPU1 APIC as there is
no way to query the remote CPUs APIC IRR.
This requires that request_irq() uses the same vector/CPU as the one which
was freed, but this also can be triggered by a spurious interrupt.
Interestingly enough this problem managed to be hidden for more than a
decade.
Prevent this by reevaluating vector_irq under the vector lock, which is
held by the interrupt activation code when vector_irq is updated.
The first patch provides context for subsequent real bugfix patch.
Fixes: 9345005f4eed ("x86/irq: Fix do_IRQ() interrupt warning for cpu hotplug retriggered irqs")
Cc: stable(a)vger.kernel.org#5.10.x
Cc: gregkh(a)linuxfoundation.org
v1 -> RESEND
- Add upstream commit ID.
Jacob Pan (1):
x86/irq: Factor out handler invocation from common_interrupt()
Thomas Gleixner (1):
x86/irq: Plug vector setup race
arch/x86/kernel/irq.c | 70 ++++++++++++++++++++++++++++++++++---------
1 file changed, 56 insertions(+), 14 deletions(-)
--
2.34.1
2 weeks, 6 days
- 2
- 3
FAILED: patch "[PATCH] mptcp: remove duplicate sk_reset_timer call" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 5d13349472ac8abcbcb94407969aa0fdc2e1f1be
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082230-overlay-latitude-1a75@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 5d13349472ac8abcbcb94407969aa0fdc2e1f1be Mon Sep 17 00:00:00 2001
From: Geliang Tang <geliang(a)kernel.org>
Date: Fri, 15 Aug 2025 19:28:22 +0200
Subject: [PATCH] mptcp: remove duplicate sk_reset_timer call
sk_reset_timer() was called twice in mptcp_pm_alloc_anno_list.
Simplify the code by using a 'goto' statement to eliminate the
duplication.
Note that this is not a fix, but it will help backporting the following
patch. The same "Fixes" tag has been added for this reason.
Fixes: 93f323b9cccc ("mptcp: add a new sysctl add_addr_timeout")
Cc: stable(a)vger.kernel.org
Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Link: https://patch.msgid.link/20250815-net-mptcp-misc-fixes-6-17-rc2-v1-4-521fe9…
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c
index 420d416e2603..c5f6a53ce5f1 100644
--- a/net/mptcp/pm.c
+++ b/net/mptcp/pm.c
@@ -353,9 +353,7 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk,
if (WARN_ON_ONCE(mptcp_pm_is_kernel(msk)))
return false;
- sk_reset_timer(sk, &add_entry->add_timer,
- jiffies + mptcp_get_add_addr_timeout(net));
- return true;
+ goto reset_timer;
}
add_entry = kmalloc(sizeof(*add_entry), GFP_ATOMIC);
@@ -369,6 +367,7 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk,
add_entry->retrans_times = 0;
timer_setup(&add_entry->add_timer, mptcp_pm_add_timer, 0);
+reset_timer:
sk_reset_timer(sk, &add_entry->add_timer,
jiffies + mptcp_get_add_addr_timeout(net));
2 weeks, 6 days
- 4
- 6
[PATCH] ice/ptp: fix crosstimestamp reporting
by Markus Blöchl
From: Anton Nadezhdin <anton.nadezhdin(a)intel.com>
commit a5a441ae283d upstream.
Set use_nsecs=true as timestamp is reported in ns. Lack of this result
in smaller timestamp error window which cause error during phc2sys
execution on E825 NICs:
phc2sys[1768.256]: ioctl PTP_SYS_OFFSET_PRECISE: Invalid argument
This problem was introduced in the cited commit which omitted setting
use_nsecs to true when converting the ice driver to use
convert_base_to_cs().
Testing hints (ethX is PF netdev):
phc2sys -s ethX -c CLOCK_REALTIME -O 37 -m
phc2sys[1769.256]: CLOCK_REALTIME phc offset -5 s0 freq -0 delay 0
Fixes: d4bea547ebb57 ("ice/ptp: Remove convert_art_to_tsc()")
Signed-off-by: Anton Nadezhdin <anton.nadezhdin(a)intel.com>
Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov(a)intel.com>
Reviewed-by: Arkadiusz Kubalewski <arkadiusz.kubalewski(a)intel.com>
Tested-by: Rinitha S <sx.rinitha(a)intel.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com>
Signed-off-by: Markus Blöchl <markus(a)blochl.de>
---
Hi Greg,
please consider this backport for linux-6.12.y
It fixes a regression from the series around
d4bea547ebb57 ("ice/ptp: Remove convert_art_to_tsc()")
which affected multiple drivers and occasionally
caused phc2sys to fail on ioctl(fd, PTP_SYS_OFFSET_PRECISE, ...).
This was the initial fix for ice but apparently tagging it
for stable was forgotten during submission.
The hunk was moved around slightly in the upstream commit
92456e795ac6 ("ice: Add unified ice_capture_crosststamp")
from ice_ptp_get_syncdevicetime() into another helper function
ice_capture_crosststamp() so its indentation and context have changed.
I adapted it to apply cleanly.
---
drivers/net/ethernet/intel/ice/ice_ptp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/intel/ice/ice_ptp.c b/drivers/net/ethernet/intel/ice/ice_ptp.c
index 7c6f81beaee4602050b4cf366441a2584507d949..369c968a0117d0f7012241fd3e2c0a45a059bfa4 100644
--- a/drivers/net/ethernet/intel/ice/ice_ptp.c
+++ b/drivers/net/ethernet/intel/ice/ice_ptp.c
@@ -2226,6 +2226,7 @@ ice_ptp_get_syncdevicetime(ktime_t *device,
hh_ts = ((u64)hh_ts_hi << 32) | hh_ts_lo;
system->cycles = hh_ts;
system->cs_id = CSID_X86_ART;
+ system->use_nsecs = true;
/* Read Device source clock time */
hh_ts_lo = rd32(hw, GLTSYN_HHTIME_L(tmr_idx));
hh_ts_hi = rd32(hw, GLTSYN_HHTIME_H(tmr_idx));
---
base-commit: d90ecb2b1308b3e362ec4c21ff7cf0a051b445df
change-id: 20250716-ice_crosstimestamp_reporting-b6236a246c48
Best regards,
--
Markus Blöchl <markus(a)blochl.de>
--
2 weeks, 6 days
- 3
- 4
[PATCH 6.1.y 0/3] mptcp: fix recent failed backports (20250822)
by Matthieu Baerts (NGI0)
Greg recently reported the following patches could not be applied
without conflicts in this tree:
- 5d13349472ac ("mptcp: remove duplicate sk_reset_timer call")
- f5ce0714623c ("mptcp: disable add_addr retransmission when timeout is 0")
- 452690be7de2 ("selftests: mptcp: pm: check flush doesn't reset limits")
Conflicts have been resolved, and documented in each patch.
Geliang Tang (2):
mptcp: remove duplicate sk_reset_timer call
mptcp: disable add_addr retransmission when timeout is 0
Matthieu Baerts (NGI0) (1):
selftests: mptcp: pm: check flush doesn't reset limits
Documentation/networking/mptcp-sysctl.rst | 2 ++
net/mptcp/pm_netlink.c | 18 ++++++++++++------
.../testing/selftests/net/mptcp/pm_netlink.sh | 1 +
3 files changed, 15 insertions(+), 6 deletions(-)
--
2.50.0
2 weeks, 6 days
- 2
- 4
[PATCH] ipv6: mcast: extend RCU protection in igmp6_send()
by Chanho Min
From: Eric Dumazet <edumazet(a)google.com>
[ Upstream commit 087c1faa594fa07a66933d750c0b2610aa1a2946 ]
igmp6_send() can be called without RTNL or RCU being held.
Extend RCU protection so that we can safely fetch the net pointer
and avoid a potential UAF.
Note that we no longer can use sock_alloc_send_skb() because
ipv6.igmp_sk uses GFP_KERNEL allocations which can sleep.
Instead use alloc_skb() and charge the net->ipv6.igmp_sk
socket under RCU protection.
Cc: stable(a)vger.kernel.org # 5.4
Fixes: b8ad0cbc58f7 ("[NETNS][IPV6] mcast - handle several network namespace")
Signed-off-by: Eric Dumazet <edumazet(a)google.com>
Reviewed-by: David Ahern <dsahern(a)kernel.org>
Reviewed-by: Kuniyuki Iwashima <kuniyu(a)amazon.com>
Link: https://patch.msgid.link/20250207135841.1948589-9-edumazet@google.com
[ chanho: Backports to v5.4.y. v5.4.y does not include
commit b4a11b2033b7(net: fix IPSTATS_MIB_OUTPKGS increment in OutForwDatagrams),
so IPSTATS_MIB_OUTREQUESTS was changed to IPSTATS_MIB_OUTPKGS defined as
'OutRequests'. ]
Signed-off-by: Chanho Min <chanho.min(a)lge.com>
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
Signed-off-by: Sasha Levin <sashal(a)kernel.org>
---
net/ipv6/mcast.c | 32 +++++++++++++++-----------------
1 file changed, 15 insertions(+), 17 deletions(-)
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index 7d0a6a7c9d283..c2dc70a69be94 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -1977,21 +1977,21 @@ static void mld_send_cr(struct inet6_dev *idev)
static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type)
{
- struct net *net = dev_net(dev);
- struct sock *sk = net->ipv6.igmp_sk;
+ const struct in6_addr *snd_addr, *saddr;
+ int err, len, payload_len, full_len;
+ struct in6_addr addr_buf;
struct inet6_dev *idev;
struct sk_buff *skb;
struct mld_msg *hdr;
- const struct in6_addr *snd_addr, *saddr;
- struct in6_addr addr_buf;
int hlen = LL_RESERVED_SPACE(dev);
int tlen = dev->needed_tailroom;
- int err, len, payload_len, full_len;
u8 ra[8] = { IPPROTO_ICMPV6, 0,
IPV6_TLV_ROUTERALERT, 2, 0, 0,
IPV6_TLV_PADN, 0 };
- struct flowi6 fl6;
struct dst_entry *dst;
+ struct flowi6 fl6;
+ struct net *net;
+ struct sock *sk;
if (type == ICMPV6_MGM_REDUCTION)
snd_addr = &in6addr_linklocal_allrouters;
@@ -2002,20 +2002,21 @@ static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type)
payload_len = len + sizeof(ra);
full_len = sizeof(struct ipv6hdr) + payload_len;
- rcu_read_lock();
- IP6_UPD_PO_STATS(net, __in6_dev_get(dev),
- IPSTATS_MIB_OUT, full_len);
- rcu_read_unlock();
+ skb = alloc_skb(hlen + tlen + full_len, GFP_KERNEL);
- skb = sock_alloc_send_skb(sk, hlen + tlen + full_len, 1, &err);
+ rcu_read_lock();
+ net = dev_net_rcu(dev);
+ idev = __in6_dev_get(dev);
+ IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTPKTS);
if (!skb) {
- rcu_read_lock();
- IP6_INC_STATS(net, __in6_dev_get(dev),
- IPSTATS_MIB_OUTDISCARDS);
+ IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS);
rcu_read_unlock();
return;
}
+ sk = net->ipv6.igmp_sk;
+ skb_set_owner_w(skb, sk);
+
skb->priority = TC_PRIO_CONTROL;
skb_reserve(skb, hlen);
@@ -2040,9 +2041,6 @@ static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type)
IPPROTO_ICMPV6,
csum_partial(hdr, len, 0));
- rcu_read_lock();
- idev = __in6_dev_get(skb->dev);
-
icmpv6_flow_init(sk, &fl6, type,
&ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr,
skb->dev->ifindex);
2 weeks, 6 days
- 4
- 3
FAILED: patch "[PATCH] iio: light: as73211: Ensure buffer holes are zeroed" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x 433b99e922943efdfd62b9a8e3ad1604838181f2
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082316-antennae-resurrect-e01a@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 433b99e922943efdfd62b9a8e3ad1604838181f2 Mon Sep 17 00:00:00 2001
From: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
Date: Sat, 2 Aug 2025 17:44:21 +0100
Subject: [PATCH] iio: light: as73211: Ensure buffer holes are zeroed
Given that the buffer is copied to a kfifo that ultimately user space
can read, ensure we zero it.
Fixes: 403e5586b52e ("iio: light: as73211: New driver")
Reviewed-by: Matti Vaittinen <mazziesaccount(a)gmail.com>
Reviewed-by: Andy Shevchenko <andy(a)kernel.org>
Link: https://patch.msgid.link/20250802164436.515988-2-jic23@kernel.org
Cc: <Stable(a)vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
diff --git a/drivers/iio/light/as73211.c b/drivers/iio/light/as73211.c
index 68f60dc3c79d..32719f584c47 100644
--- a/drivers/iio/light/as73211.c
+++ b/drivers/iio/light/as73211.c
@@ -639,7 +639,7 @@ static irqreturn_t as73211_trigger_handler(int irq __always_unused, void *p)
struct {
__le16 chan[4];
aligned_s64 ts;
- } scan;
+ } scan = { };
int data_result, ret;
mutex_lock(&data->mutex);
2 weeks, 6 days
- 2
- 2
FAILED: patch "[PATCH] iio: temperature: maxim_thermocouple: use DMA-safe buffer for" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x ae5bc07ec9f73a41734270ef3f800c5c8a7e0ad3
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082359-tall-affected-36cf@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From ae5bc07ec9f73a41734270ef3f800c5c8a7e0ad3 Mon Sep 17 00:00:00 2001
From: David Lechner <dlechner(a)baylibre.com>
Date: Mon, 21 Jul 2025 18:04:04 -0500
Subject: [PATCH] iio: temperature: maxim_thermocouple: use DMA-safe buffer for
spi_read()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Replace using stack-allocated buffers with a DMA-safe buffer for use
with spi_read(). This allows the driver to be safely used with
DMA-enabled SPI controllers.
The buffer array is also converted to a struct with a union to make the
usage of the memory in the buffer more clear and ensure proper alignment.
Fixes: 1f25ca11d84a ("iio: temperature: add support for Maxim thermocouple chips")
Signed-off-by: David Lechner <dlechner(a)baylibre.com>
Reviewed-by: Nuno Sá <nuno.sa(a)analog.com>
Link: https://patch.msgid.link/20250721-iio-use-more-iio_declare_buffer_with_ts-3…
Cc: <Stable(a)vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
diff --git a/drivers/iio/temperature/maxim_thermocouple.c b/drivers/iio/temperature/maxim_thermocouple.c
index cae8e84821d7..205939680fd4 100644
--- a/drivers/iio/temperature/maxim_thermocouple.c
+++ b/drivers/iio/temperature/maxim_thermocouple.c
@@ -11,6 +11,7 @@
#include <linux/module.h>
#include <linux/err.h>
#include <linux/spi/spi.h>
+#include <linux/types.h>
#include <linux/iio/iio.h>
#include <linux/iio/sysfs.h>
#include <linux/iio/trigger.h>
@@ -121,8 +122,15 @@ struct maxim_thermocouple_data {
struct spi_device *spi;
const struct maxim_thermocouple_chip *chip;
char tc_type;
-
- u8 buffer[16] __aligned(IIO_DMA_MINALIGN);
+ /* Buffer for reading up to 2 hardware channels. */
+ struct {
+ union {
+ __be16 raw16;
+ __be32 raw32;
+ __be16 raw[2];
+ };
+ aligned_s64 timestamp;
+ } buffer __aligned(IIO_DMA_MINALIGN);
};
static int maxim_thermocouple_read(struct maxim_thermocouple_data *data,
@@ -130,18 +138,16 @@ static int maxim_thermocouple_read(struct maxim_thermocouple_data *data,
{
unsigned int storage_bytes = data->chip->read_size;
unsigned int shift = chan->scan_type.shift + (chan->address * 8);
- __be16 buf16;
- __be32 buf32;
int ret;
switch (storage_bytes) {
case 2:
- ret = spi_read(data->spi, (void *)&buf16, storage_bytes);
- *val = be16_to_cpu(buf16);
+ ret = spi_read(data->spi, &data->buffer.raw16, storage_bytes);
+ *val = be16_to_cpu(data->buffer.raw16);
break;
case 4:
- ret = spi_read(data->spi, (void *)&buf32, storage_bytes);
- *val = be32_to_cpu(buf32);
+ ret = spi_read(data->spi, &data->buffer.raw32, storage_bytes);
+ *val = be32_to_cpu(data->buffer.raw32);
break;
default:
ret = -EINVAL;
@@ -166,9 +172,9 @@ static irqreturn_t maxim_thermocouple_trigger_handler(int irq, void *private)
struct maxim_thermocouple_data *data = iio_priv(indio_dev);
int ret;
- ret = spi_read(data->spi, data->buffer, data->chip->read_size);
+ ret = spi_read(data->spi, data->buffer.raw, data->chip->read_size);
if (!ret) {
- iio_push_to_buffers_with_ts(indio_dev, data->buffer,
+ iio_push_to_buffers_with_ts(indio_dev, &data->buffer,
sizeof(data->buffer),
iio_get_time_ns(indio_dev));
}
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] drm/amd/display: Don't overclock DCE 6 by 15%" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x cb7b7ae53b557d168b4af5cd8549f3eff920bfb5
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082313-mobility-alive-f9e9@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From cb7b7ae53b557d168b4af5cd8549f3eff920bfb5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timur=20Krist=C3=B3f?= <timur.kristof(a)gmail.com>
Date: Thu, 31 Jul 2025 11:43:46 +0200
Subject: [PATCH] drm/amd/display: Don't overclock DCE 6 by 15%
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The extra 15% clock was added as a workaround for a Polaris issue
which uses DCE 11, and should not have been used on DCE 6 which
is already hardcoded to the highest possible display clock.
Unfortunately, the extra 15% was mistakenly copied and kept
even on code paths which don't affect Polaris.
This commit fixes that and also adds a check to make sure
not to exceed the maximum DCE 6 display clock.
Fixes: 8cd61c313d8b ("drm/amd/display: Raise dispclk value for Polaris")
Fixes: dc88b4a684d2 ("drm/amd/display: make clk mgr soc specific")
Fixes: 3ecb3b794e2c ("drm/amd/display: dc/clk_mgr: add support for SI parts (v2)")
Signed-off-by: Timur Kristóf <timur.kristof(a)gmail.com>
Acked-by: Alex Deucher <alexander.deucher(a)amd.com>
Reviewed-by: Rodrigo Siqueira <siqueira(a)igalia.com>
Reviewed-by: Alex Hung <alex.hung(a)amd.com>
Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com>
(cherry picked from commit 427980c1cbd22bb256b9385f5ce73c0937562408)
Cc: stable(a)vger.kernel.org
diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c
index 0267644717b2..cfd7309f2c6a 100644
--- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c
+++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c
@@ -123,11 +123,9 @@ static void dce60_update_clocks(struct clk_mgr *clk_mgr_base,
{
struct clk_mgr_internal *clk_mgr_dce = TO_CLK_MGR_INTERNAL(clk_mgr_base);
struct dm_pp_power_level_change_request level_change_req;
- int patched_disp_clk = context->bw_ctx.bw.dce.dispclk_khz;
-
- /*TODO: W/A for dal3 linux, investigate why this works */
- if (!clk_mgr_dce->dfs_bypass_active)
- patched_disp_clk = patched_disp_clk * 115 / 100;
+ const int max_disp_clk =
+ clk_mgr_dce->max_clks_by_state[DM_PP_CLOCKS_STATE_PERFORMANCE].display_clk_khz;
+ int patched_disp_clk = MIN(max_disp_clk, context->bw_ctx.bw.dce.dispclk_khz);
level_change_req.power_level = dce_get_required_clocks_state(clk_mgr_base, context);
/* get max clock state from PPLIB */
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] tracing: Limit access to parser->buffer when trace_get_user" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x 6a909ea83f226803ea0e718f6e88613df9234d58
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082330-tameness-senator-c4d5@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 6a909ea83f226803ea0e718f6e88613df9234d58 Mon Sep 17 00:00:00 2001
From: Pu Lehui <pulehui(a)huawei.com>
Date: Wed, 13 Aug 2025 04:02:32 +0000
Subject: [PATCH] tracing: Limit access to parser->buffer when trace_get_user
failed
When the length of the string written to set_ftrace_filter exceeds
FTRACE_BUFF_MAX, the following KASAN alarm will be triggered:
BUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0
Read of size 1 at addr ffff0000d00bd5ba by task ash/165
CPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty
Hardware name: linux,dummy-virt (DT)
Call trace:
show_stack+0x34/0x50 (C)
dump_stack_lvl+0xa0/0x158
print_address_description.constprop.0+0x88/0x398
print_report+0xb0/0x280
kasan_report+0xa4/0xf0
__asan_report_load1_noabort+0x20/0x30
strsep+0x18c/0x1b0
ftrace_process_regex.isra.0+0x100/0x2d8
ftrace_regex_release+0x484/0x618
__fput+0x364/0xa58
____fput+0x28/0x40
task_work_run+0x154/0x278
do_notify_resume+0x1f0/0x220
el0_svc+0xec/0xf0
el0t_64_sync_handler+0xa0/0xe8
el0t_64_sync+0x1ac/0x1b0
The reason is that trace_get_user will fail when processing a string
longer than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0.
Then an OOB access will be triggered in ftrace_regex_release->
ftrace_process_regex->strsep->strpbrk. We can solve this problem by
limiting access to parser->buffer when trace_get_user failed.
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/20250813040232.1344527-1-pulehui@huaweicloud.com
Fixes: 8c9af478c06b ("ftrace: Handle commands when closing set_ftrace_filter file")
Signed-off-by: Pu Lehui <pulehui(a)huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org>
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 4283ed4e8f59..8d8935ed416d 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1816,7 +1816,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
@@ -1830,7 +1830,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
while (cnt && isspace(ch)) {
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
}
@@ -1848,12 +1848,14 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
while (cnt && !isspace(ch) && ch) {
if (parser->idx < parser->size - 1)
parser->buffer[parser->idx++] = ch;
- else
- return -EINVAL;
+ else {
+ ret = -EINVAL;
+ goto fail;
+ }
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
}
@@ -1868,11 +1870,15 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
/* Make sure the parsed string always terminates with '\0'. */
parser->buffer[parser->idx] = 0;
} else {
- return -EINVAL;
+ ret = -EINVAL;
+ goto fail;
}
*ppos += read;
return read;
+fail:
+ trace_parser_fail(parser);
+ return ret;
}
/* TODO add a seq_buf_to_buffer() */
diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
index 1dbf1d3cf2f1..be6654899cae 100644
--- a/kernel/trace/trace.h
+++ b/kernel/trace/trace.h
@@ -1292,6 +1292,7 @@ bool ftrace_event_is_function(struct trace_event_call *call);
*/
struct trace_parser {
bool cont;
+ bool fail;
char *buffer;
unsigned idx;
unsigned size;
@@ -1299,7 +1300,7 @@ struct trace_parser {
static inline bool trace_parser_loaded(struct trace_parser *parser)
{
- return (parser->idx != 0);
+ return !parser->fail && parser->idx != 0;
}
static inline bool trace_parser_cont(struct trace_parser *parser)
@@ -1313,6 +1314,11 @@ static inline void trace_parser_clear(struct trace_parser *parser)
parser->idx = 0;
}
+static inline void trace_parser_fail(struct trace_parser *parser)
+{
+ parser->fail = true;
+}
+
extern int trace_parser_get_init(struct trace_parser *parser, int size);
extern void trace_parser_put(struct trace_parser *parser);
extern int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
2 weeks, 6 days
- 2
- 2
FAILED: patch "[PATCH] drm/amd/display: Don't overclock DCE 6 by 15%" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x cb7b7ae53b557d168b4af5cd8549f3eff920bfb5
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082350-improper-wrecker-f81c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From cb7b7ae53b557d168b4af5cd8549f3eff920bfb5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timur=20Krist=C3=B3f?= <timur.kristof(a)gmail.com>
Date: Thu, 31 Jul 2025 11:43:46 +0200
Subject: [PATCH] drm/amd/display: Don't overclock DCE 6 by 15%
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The extra 15% clock was added as a workaround for a Polaris issue
which uses DCE 11, and should not have been used on DCE 6 which
is already hardcoded to the highest possible display clock.
Unfortunately, the extra 15% was mistakenly copied and kept
even on code paths which don't affect Polaris.
This commit fixes that and also adds a check to make sure
not to exceed the maximum DCE 6 display clock.
Fixes: 8cd61c313d8b ("drm/amd/display: Raise dispclk value for Polaris")
Fixes: dc88b4a684d2 ("drm/amd/display: make clk mgr soc specific")
Fixes: 3ecb3b794e2c ("drm/amd/display: dc/clk_mgr: add support for SI parts (v2)")
Signed-off-by: Timur Kristóf <timur.kristof(a)gmail.com>
Acked-by: Alex Deucher <alexander.deucher(a)amd.com>
Reviewed-by: Rodrigo Siqueira <siqueira(a)igalia.com>
Reviewed-by: Alex Hung <alex.hung(a)amd.com>
Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com>
(cherry picked from commit 427980c1cbd22bb256b9385f5ce73c0937562408)
Cc: stable(a)vger.kernel.org
diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c
index 0267644717b2..cfd7309f2c6a 100644
--- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c
+++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c
@@ -123,11 +123,9 @@ static void dce60_update_clocks(struct clk_mgr *clk_mgr_base,
{
struct clk_mgr_internal *clk_mgr_dce = TO_CLK_MGR_INTERNAL(clk_mgr_base);
struct dm_pp_power_level_change_request level_change_req;
- int patched_disp_clk = context->bw_ctx.bw.dce.dispclk_khz;
-
- /*TODO: W/A for dal3 linux, investigate why this works */
- if (!clk_mgr_dce->dfs_bypass_active)
- patched_disp_clk = patched_disp_clk * 115 / 100;
+ const int max_disp_clk =
+ clk_mgr_dce->max_clks_by_state[DM_PP_CLOCKS_STATE_PERFORMANCE].display_clk_khz;
+ int patched_disp_clk = MIN(max_disp_clk, context->bw_ctx.bw.dce.dispclk_khz);
level_change_req.power_level = dce_get_required_clocks_state(clk_mgr_base, context);
/* get max clock state from PPLIB */
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] tracing: Limit access to parser->buffer when trace_get_user" failed to apply to 6.16-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.16-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.16.y
git checkout FETCH_HEAD
git cherry-pick -x 6a909ea83f226803ea0e718f6e88613df9234d58
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082329-outgrow-powdered-a0e3@gregkh' --subject-prefix 'PATCH 6.16.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 6a909ea83f226803ea0e718f6e88613df9234d58 Mon Sep 17 00:00:00 2001
From: Pu Lehui <pulehui(a)huawei.com>
Date: Wed, 13 Aug 2025 04:02:32 +0000
Subject: [PATCH] tracing: Limit access to parser->buffer when trace_get_user
failed
When the length of the string written to set_ftrace_filter exceeds
FTRACE_BUFF_MAX, the following KASAN alarm will be triggered:
BUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0
Read of size 1 at addr ffff0000d00bd5ba by task ash/165
CPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty
Hardware name: linux,dummy-virt (DT)
Call trace:
show_stack+0x34/0x50 (C)
dump_stack_lvl+0xa0/0x158
print_address_description.constprop.0+0x88/0x398
print_report+0xb0/0x280
kasan_report+0xa4/0xf0
__asan_report_load1_noabort+0x20/0x30
strsep+0x18c/0x1b0
ftrace_process_regex.isra.0+0x100/0x2d8
ftrace_regex_release+0x484/0x618
__fput+0x364/0xa58
____fput+0x28/0x40
task_work_run+0x154/0x278
do_notify_resume+0x1f0/0x220
el0_svc+0xec/0xf0
el0t_64_sync_handler+0xa0/0xe8
el0t_64_sync+0x1ac/0x1b0
The reason is that trace_get_user will fail when processing a string
longer than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0.
Then an OOB access will be triggered in ftrace_regex_release->
ftrace_process_regex->strsep->strpbrk. We can solve this problem by
limiting access to parser->buffer when trace_get_user failed.
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/20250813040232.1344527-1-pulehui@huaweicloud.com
Fixes: 8c9af478c06b ("ftrace: Handle commands when closing set_ftrace_filter file")
Signed-off-by: Pu Lehui <pulehui(a)huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org>
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 4283ed4e8f59..8d8935ed416d 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1816,7 +1816,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
@@ -1830,7 +1830,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
while (cnt && isspace(ch)) {
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
}
@@ -1848,12 +1848,14 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
while (cnt && !isspace(ch) && ch) {
if (parser->idx < parser->size - 1)
parser->buffer[parser->idx++] = ch;
- else
- return -EINVAL;
+ else {
+ ret = -EINVAL;
+ goto fail;
+ }
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
}
@@ -1868,11 +1870,15 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
/* Make sure the parsed string always terminates with '\0'. */
parser->buffer[parser->idx] = 0;
} else {
- return -EINVAL;
+ ret = -EINVAL;
+ goto fail;
}
*ppos += read;
return read;
+fail:
+ trace_parser_fail(parser);
+ return ret;
}
/* TODO add a seq_buf_to_buffer() */
diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
index 1dbf1d3cf2f1..be6654899cae 100644
--- a/kernel/trace/trace.h
+++ b/kernel/trace/trace.h
@@ -1292,6 +1292,7 @@ bool ftrace_event_is_function(struct trace_event_call *call);
*/
struct trace_parser {
bool cont;
+ bool fail;
char *buffer;
unsigned idx;
unsigned size;
@@ -1299,7 +1300,7 @@ struct trace_parser {
static inline bool trace_parser_loaded(struct trace_parser *parser)
{
- return (parser->idx != 0);
+ return !parser->fail && parser->idx != 0;
}
static inline bool trace_parser_cont(struct trace_parser *parser)
@@ -1313,6 +1314,11 @@ static inline void trace_parser_clear(struct trace_parser *parser)
parser->idx = 0;
}
+static inline void trace_parser_fail(struct trace_parser *parser)
+{
+ parser->fail = true;
+}
+
extern int trace_parser_get_init(struct trace_parser *parser, int size);
extern void trace_parser_put(struct trace_parser *parser);
extern int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
2 weeks, 6 days
- 2
- 2
FAILED: patch "[PATCH] mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 2e6053fea379806269c4f7f5e36b523c9c0fb35c
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082204-copied-affecting-d945@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 2e6053fea379806269c4f7f5e36b523c9c0fb35c Mon Sep 17 00:00:00 2001
From: Jinjiang Tu <tujinjiang(a)huawei.com>
Date: Fri, 15 Aug 2025 15:32:09 +0800
Subject: [PATCH] mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn
When memory_failure() is called for a already hwpoisoned pfn,
kill_accessing_process() will be called to kill current task. However, if
the vma of the accessing vaddr is VM_PFNMAP, walk_page_range() will skip
the vma in walk_page_test() and return 0.
Before commit aaf99ac2ceb7 ("mm/hwpoison: do not send SIGBUS to processes
with recovered clean pages"), kill_accessing_process() will return EFAULT.
For x86, the current task will be killed in kill_me_maybe().
However, after this commit, kill_accessing_process() simplies return 0,
that means UCE is handled properly, but it doesn't actually. In such
case, the user task will trigger UCE infinitely.
To fix it, add .test_walk callback for hwpoison_walk_ops to scan all vmas.
Link: https://lkml.kernel.org/r/20250815073209.1984582-1-tujinjiang@huawei.com
Fixes: aaf99ac2ceb7 ("mm/hwpoison: do not send SIGBUS to processes with recovered clean pages")
Signed-off-by: Jinjiang Tu <tujinjiang(a)huawei.com>
Acked-by: David Hildenbrand <david(a)redhat.com>
Acked-by: Miaohe Lin <linmiaohe(a)huawei.com>
Reviewed-by: Jane Chu <jane.chu(a)oracle.com>
Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com>
Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com>
Cc: Oscar Salvador <osalvador(a)suse.de>
Cc: Shuai Xue <xueshuai(a)linux.alibaba.com>
Cc: Zi Yan <ziy(a)nvidia.com>
Cc: <stable(a)vger.kernel.org>
Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org>
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
index e2e685b971bb..fc30ca4804bf 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -853,9 +853,17 @@ static int hwpoison_hugetlb_range(pte_t *ptep, unsigned long hmask,
#define hwpoison_hugetlb_range NULL
#endif
+static int hwpoison_test_walk(unsigned long start, unsigned long end,
+ struct mm_walk *walk)
+{
+ /* We also want to consider pages mapped into VM_PFNMAP. */
+ return 0;
+}
+
static const struct mm_walk_ops hwpoison_walk_ops = {
.pmd_entry = hwpoison_pte_range,
.hugetlb_entry = hwpoison_hugetlb_range,
+ .test_walk = hwpoison_test_walk,
.walk_lock = PGWALK_RDLOCK,
};
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] compiler: remove __ADDRESSABLE_ASM{_STR,}() again" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 8ea815399c3fcce1889bd951fec25b5b9a3979c1
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082217-neurotic-pointy-9acf@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8ea815399c3fcce1889bd951fec25b5b9a3979c1 Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich(a)suse.com>
Date: Mon, 14 Apr 2025 16:41:07 +0200
Subject: [PATCH] compiler: remove __ADDRESSABLE_ASM{_STR,}() again
__ADDRESSABLE_ASM_STR() is where the necessary stringification happens.
As long as "sym" doesn't contain any odd characters, no quoting is
required for its use with .quad / .long. In fact the quotation gets in
the way with gas 2.25; it's only from 2.26 onwards that quoted symbols
are half-way properly supported.
However, assembly being different from C anyway, drop
__ADDRESSABLE_ASM_STR() and its helper macro altogether. A simple
.global directive will suffice to get the symbol "declared", i.e. into
the symbol table. While there also stop open-coding STATIC_CALL_TRAMP()
and STATIC_CALL_KEY().
Fixes: 0ef8047b737d ("x86/static-call: provide a way to do very early static-call updates")
Signed-off-by: Jan Beulich <jbeulich(a)suse.com>
Acked-by: Josh Poimboeuf <jpoimboe(a)kernel.org>
Cc: stable(a)vger.kernel.org
Signed-off-by: Juergen Gross <jgross(a)suse.com>
Message-ID: <609d2c74-de13-4fae-ab1a-1ec44afb948d(a)suse.com>
diff --git a/arch/x86/include/asm/xen/hypercall.h b/arch/x86/include/asm/xen/hypercall.h
index 59a62c3780a2..a16d4631547c 100644
--- a/arch/x86/include/asm/xen/hypercall.h
+++ b/arch/x86/include/asm/xen/hypercall.h
@@ -94,12 +94,13 @@ DECLARE_STATIC_CALL(xen_hypercall, xen_hypercall_func);
#ifdef MODULE
#define __ADDRESSABLE_xen_hypercall
#else
-#define __ADDRESSABLE_xen_hypercall __ADDRESSABLE_ASM_STR(__SCK__xen_hypercall)
+#define __ADDRESSABLE_xen_hypercall \
+ __stringify(.global STATIC_CALL_KEY(xen_hypercall);)
#endif
#define __HYPERCALL \
__ADDRESSABLE_xen_hypercall \
- "call __SCT__xen_hypercall"
+ __stringify(call STATIC_CALL_TRAMP(xen_hypercall))
#define __HYPERCALL_ENTRY(x) "a" (x)
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 6f04a1d8c720..64ff73c533e5 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -288,14 +288,6 @@ static inline void *offset_to_ptr(const int *off)
#define __ADDRESSABLE(sym) \
___ADDRESSABLE(sym, __section(".discard.addressable"))
-#define __ADDRESSABLE_ASM(sym) \
- .pushsection .discard.addressable,"aw"; \
- .align ARCH_SEL(8,4); \
- ARCH_SEL(.quad, .long) __stringify(sym); \
- .popsection;
-
-#define __ADDRESSABLE_ASM_STR(sym) __stringify(__ADDRESSABLE_ASM(sym))
-
/*
* This returns a constant expression while determining if an argument is
* a constant expression, most importantly without evaluating the argument.
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] drm/i915/icl+/tc: Convert AUX powered WARN to a debug message" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x d7fa5754e83cd36c4327eb2d806064e598a72ff6
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082347-unstuck-spiral-493c@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From d7fa5754e83cd36c4327eb2d806064e598a72ff6 Mon Sep 17 00:00:00 2001
From: Imre Deak <imre.deak(a)intel.com>
Date: Mon, 11 Aug 2025 11:01:52 +0300
Subject: [PATCH] drm/i915/icl+/tc: Convert AUX powered WARN to a debug message
The BIOS can leave the AUX power well enabled on an output, even if this
isn't required (on platforms where the AUX power is only needed for an
AUX access). This was observed at least on PTL. To avoid the WARN which
would be triggered by this during the HW readout, convert the WARN to a
debug message.
Cc: stable(a)vger.kernel.org # v6.8+
Reported-by: Charlton Lin <charlton.lin(a)intel.com>
Tested-by: Khaled Almahallawy <khaled.almahallawy(a)intel.com>
Reviewed-by: Mika Kahola <mika.kahola(a)intel.com>
Signed-off-by: Imre Deak <imre.deak(a)intel.com>
Link: https://lore.kernel.org/r/20250811080152.906216-6-imre.deak@intel.com
(cherry picked from commit 6cb52cba474b2bec1a3018d3dbf75292059a29a1)
Signed-off-by: Tvrtko Ursulin <tursulin(a)ursulin.net>
diff --git a/drivers/gpu/drm/i915/display/intel_tc.c b/drivers/gpu/drm/i915/display/intel_tc.c
index 6a2442a0649e..668ef139391b 100644
--- a/drivers/gpu/drm/i915/display/intel_tc.c
+++ b/drivers/gpu/drm/i915/display/intel_tc.c
@@ -1498,11 +1498,11 @@ static void intel_tc_port_reset_mode(struct intel_tc_port *tc,
intel_display_power_flush_work(display);
if (!intel_tc_cold_requires_aux_pw(dig_port)) {
enum intel_display_power_domain aux_domain;
- bool aux_powered;
aux_domain = intel_aux_power_domain(dig_port);
- aux_powered = intel_display_power_is_enabled(display, aux_domain);
- drm_WARN_ON(display->drm, aux_powered);
+ if (intel_display_power_is_enabled(display, aux_domain))
+ drm_dbg_kms(display->drm, "Port %s: AUX unexpectedly powered\n",
+ tc->port_name);
}
tc_phy_disconnect(tc);
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] drm/amd/display: Don't overclock DCE 6 by 15%" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x cb7b7ae53b557d168b4af5cd8549f3eff920bfb5
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082313-relive-dallying-4eb7@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From cb7b7ae53b557d168b4af5cd8549f3eff920bfb5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timur=20Krist=C3=B3f?= <timur.kristof(a)gmail.com>
Date: Thu, 31 Jul 2025 11:43:46 +0200
Subject: [PATCH] drm/amd/display: Don't overclock DCE 6 by 15%
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The extra 15% clock was added as a workaround for a Polaris issue
which uses DCE 11, and should not have been used on DCE 6 which
is already hardcoded to the highest possible display clock.
Unfortunately, the extra 15% was mistakenly copied and kept
even on code paths which don't affect Polaris.
This commit fixes that and also adds a check to make sure
not to exceed the maximum DCE 6 display clock.
Fixes: 8cd61c313d8b ("drm/amd/display: Raise dispclk value for Polaris")
Fixes: dc88b4a684d2 ("drm/amd/display: make clk mgr soc specific")
Fixes: 3ecb3b794e2c ("drm/amd/display: dc/clk_mgr: add support for SI parts (v2)")
Signed-off-by: Timur Kristóf <timur.kristof(a)gmail.com>
Acked-by: Alex Deucher <alexander.deucher(a)amd.com>
Reviewed-by: Rodrigo Siqueira <siqueira(a)igalia.com>
Reviewed-by: Alex Hung <alex.hung(a)amd.com>
Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com>
(cherry picked from commit 427980c1cbd22bb256b9385f5ce73c0937562408)
Cc: stable(a)vger.kernel.org
diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c
index 0267644717b2..cfd7309f2c6a 100644
--- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c
+++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c
@@ -123,11 +123,9 @@ static void dce60_update_clocks(struct clk_mgr *clk_mgr_base,
{
struct clk_mgr_internal *clk_mgr_dce = TO_CLK_MGR_INTERNAL(clk_mgr_base);
struct dm_pp_power_level_change_request level_change_req;
- int patched_disp_clk = context->bw_ctx.bw.dce.dispclk_khz;
-
- /*TODO: W/A for dal3 linux, investigate why this works */
- if (!clk_mgr_dce->dfs_bypass_active)
- patched_disp_clk = patched_disp_clk * 115 / 100;
+ const int max_disp_clk =
+ clk_mgr_dce->max_clks_by_state[DM_PP_CLOCKS_STATE_PERFORMANCE].display_clk_khz;
+ int patched_disp_clk = MIN(max_disp_clk, context->bw_ctx.bw.dce.dispclk_khz);
level_change_req.power_level = dce_get_required_clocks_state(clk_mgr_base, context);
/* get max clock state from PPLIB */
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] compiler: remove __ADDRESSABLE_ASM{_STR,}() again" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x 8ea815399c3fcce1889bd951fec25b5b9a3979c1
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082216-dripping-prompter-8939@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 8ea815399c3fcce1889bd951fec25b5b9a3979c1 Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich(a)suse.com>
Date: Mon, 14 Apr 2025 16:41:07 +0200
Subject: [PATCH] compiler: remove __ADDRESSABLE_ASM{_STR,}() again
__ADDRESSABLE_ASM_STR() is where the necessary stringification happens.
As long as "sym" doesn't contain any odd characters, no quoting is
required for its use with .quad / .long. In fact the quotation gets in
the way with gas 2.25; it's only from 2.26 onwards that quoted symbols
are half-way properly supported.
However, assembly being different from C anyway, drop
__ADDRESSABLE_ASM_STR() and its helper macro altogether. A simple
.global directive will suffice to get the symbol "declared", i.e. into
the symbol table. While there also stop open-coding STATIC_CALL_TRAMP()
and STATIC_CALL_KEY().
Fixes: 0ef8047b737d ("x86/static-call: provide a way to do very early static-call updates")
Signed-off-by: Jan Beulich <jbeulich(a)suse.com>
Acked-by: Josh Poimboeuf <jpoimboe(a)kernel.org>
Cc: stable(a)vger.kernel.org
Signed-off-by: Juergen Gross <jgross(a)suse.com>
Message-ID: <609d2c74-de13-4fae-ab1a-1ec44afb948d(a)suse.com>
diff --git a/arch/x86/include/asm/xen/hypercall.h b/arch/x86/include/asm/xen/hypercall.h
index 59a62c3780a2..a16d4631547c 100644
--- a/arch/x86/include/asm/xen/hypercall.h
+++ b/arch/x86/include/asm/xen/hypercall.h
@@ -94,12 +94,13 @@ DECLARE_STATIC_CALL(xen_hypercall, xen_hypercall_func);
#ifdef MODULE
#define __ADDRESSABLE_xen_hypercall
#else
-#define __ADDRESSABLE_xen_hypercall __ADDRESSABLE_ASM_STR(__SCK__xen_hypercall)
+#define __ADDRESSABLE_xen_hypercall \
+ __stringify(.global STATIC_CALL_KEY(xen_hypercall);)
#endif
#define __HYPERCALL \
__ADDRESSABLE_xen_hypercall \
- "call __SCT__xen_hypercall"
+ __stringify(call STATIC_CALL_TRAMP(xen_hypercall))
#define __HYPERCALL_ENTRY(x) "a" (x)
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
index 6f04a1d8c720..64ff73c533e5 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -288,14 +288,6 @@ static inline void *offset_to_ptr(const int *off)
#define __ADDRESSABLE(sym) \
___ADDRESSABLE(sym, __section(".discard.addressable"))
-#define __ADDRESSABLE_ASM(sym) \
- .pushsection .discard.addressable,"aw"; \
- .align ARCH_SEL(8,4); \
- ARCH_SEL(.quad, .long) __stringify(sym); \
- .popsection;
-
-#define __ADDRESSABLE_ASM_STR(sym) __stringify(__ADDRESSABLE_ASM(sym))
-
/*
* This returns a constant expression while determining if an argument is
* a constant expression, most importantly without evaluating the argument.
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] drm/amd/display: Don't overclock DCE 6 by 15%" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x cb7b7ae53b557d168b4af5cd8549f3eff920bfb5
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082336-hasty-pregame-9547@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From cb7b7ae53b557d168b4af5cd8549f3eff920bfb5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timur=20Krist=C3=B3f?= <timur.kristof(a)gmail.com>
Date: Thu, 31 Jul 2025 11:43:46 +0200
Subject: [PATCH] drm/amd/display: Don't overclock DCE 6 by 15%
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The extra 15% clock was added as a workaround for a Polaris issue
which uses DCE 11, and should not have been used on DCE 6 which
is already hardcoded to the highest possible display clock.
Unfortunately, the extra 15% was mistakenly copied and kept
even on code paths which don't affect Polaris.
This commit fixes that and also adds a check to make sure
not to exceed the maximum DCE 6 display clock.
Fixes: 8cd61c313d8b ("drm/amd/display: Raise dispclk value for Polaris")
Fixes: dc88b4a684d2 ("drm/amd/display: make clk mgr soc specific")
Fixes: 3ecb3b794e2c ("drm/amd/display: dc/clk_mgr: add support for SI parts (v2)")
Signed-off-by: Timur Kristóf <timur.kristof(a)gmail.com>
Acked-by: Alex Deucher <alexander.deucher(a)amd.com>
Reviewed-by: Rodrigo Siqueira <siqueira(a)igalia.com>
Reviewed-by: Alex Hung <alex.hung(a)amd.com>
Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com>
(cherry picked from commit 427980c1cbd22bb256b9385f5ce73c0937562408)
Cc: stable(a)vger.kernel.org
diff --git a/drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c b/drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c
index 0267644717b2..cfd7309f2c6a 100644
--- a/drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c
+++ b/drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c
@@ -123,11 +123,9 @@ static void dce60_update_clocks(struct clk_mgr *clk_mgr_base,
{
struct clk_mgr_internal *clk_mgr_dce = TO_CLK_MGR_INTERNAL(clk_mgr_base);
struct dm_pp_power_level_change_request level_change_req;
- int patched_disp_clk = context->bw_ctx.bw.dce.dispclk_khz;
-
- /*TODO: W/A for dal3 linux, investigate why this works */
- if (!clk_mgr_dce->dfs_bypass_active)
- patched_disp_clk = patched_disp_clk * 115 / 100;
+ const int max_disp_clk =
+ clk_mgr_dce->max_clks_by_state[DM_PP_CLOCKS_STATE_PERFORMANCE].display_clk_khz;
+ int patched_disp_clk = MIN(max_disp_clk, context->bw_ctx.bw.dce.dispclk_khz);
level_change_req.power_level = dce_get_required_clocks_state(clk_mgr_base, context);
/* get max clock state from PPLIB */
2 weeks, 6 days
- 2
- 1
[PATCH 6.1.y 1/2] wifi: mac80211: avoid lockdep checking when removing deflink
by Hanne-Lotta Mäenpää
From: Benjamin Berg <benjamin.berg(a)intel.com>
struct sta_info may be removed without holding sta_mtx if it has not
yet been inserted. To support this, only assert that the lock is held
for links other than the deflink.
This fixes lockdep issues that may be triggered in error cases.
Signed-off-by: Benjamin Berg <benjamin.berg(a)intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman(a)intel.com>
Link: https://lore.kernel.org/r/20230619161906.cdd81377dea0.If5a6734b4b85608a2275…
Signed-off-by: Johannes Berg <johannes.berg(a)intel.com>
(cherry picked from commit b8b80770b26c4591f20f1cde3328e5f1489c4488)
Signed-off-by: Hanne-Lotta Mäenpää <hannelotta(a)gmail.com>
---
net/mac80211/sta_info.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index dd1864f6549f..e9ae92094794 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -357,8 +357,9 @@ static void sta_remove_link(struct sta_info *sta, unsigned int link_id,
struct sta_link_alloc *alloc = NULL;
struct link_sta_info *link_sta;
- link_sta = rcu_dereference_protected(sta->link[link_id],
- lockdep_is_held(&sta->local->sta_mtx));
+ link_sta = rcu_access_pointer(sta->link[link_id]);
+ if (link_sta != &sta->deflink)
+ lockdep_assert_held(&sta->local->sta_mtx);
if (WARN_ON(!link_sta))
return;
--
2.50.0
2 weeks, 6 days
- 1
- 1
[PATCH 6.1] softirq: Add trace points for tasklet entry/exit
by Sumanth Gavini
commit f4bf3ca2e5cba655824b6e0893a98dfb33ed24e5 upstream.
Tasklets are supposed to finish their work quickly and should not block the
current running process, but it is not guaranteed that they do so.
Currently softirq_entry/exit can be used to analyse the total tasklets
execution time, but that's not helpful to track individual tasklets
execution time. That makes it hard to identify tasklet functions, which
take more time than expected.
Add tasklet_entry/exit trace point support to track individual tasklet
execution.
Trivial usage example:
# echo 1 > /sys/kernel/debug/tracing/events/irq/tasklet_entry/enable
# echo 1 > /sys/kernel/debug/tracing/events/irq/tasklet_exit/enable
# cat /sys/kernel/debug/tracing/trace
# tracer: nop
#
# entries-in-buffer/entries-written: 4/4 #P:4
#
# _-----=> irqs-off/BH-disabled
# / _----=> need-resched
# | / _---=> hardirq/softirq
# || / _--=> preempt-depth
# ||| / _-=> migrate-disable
# |||| / delay
# TASK-PID CPU# ||||| TIMESTAMP FUNCTION
# | | | ||||| | |
<idle>-0 [003] ..s1. 314.011428: tasklet_entry: tasklet=0xffffa01ef8db2740 function=tcp_tasklet_func
<idle>-0 [003] ..s1. 314.011432: tasklet_exit: tasklet=0xffffa01ef8db2740 function=tcp_tasklet_func
<idle>-0 [003] ..s1. 314.017369: tasklet_entry: tasklet=0xffffa01ef8db2740 function=tcp_tasklet_func
<idle>-0 [003] ..s1. 314.017371: tasklet_exit: tasklet=0xffffa01ef8db2740 function=tcp_tasklet_func
Signed-off-by: Lingutla Chandrasekhar <clingutla(a)codeaurora.org>
Signed-off-by: J. Avila <elavila(a)google.com>
Signed-off-by: John Stultz <jstultz(a)google.com>
Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de>
Reviewed-by: Steven Rostedt (Google) <rostedt(a)goodmis.org>
Link: https://lore.kernel.org/r/20230407230526.1685443-1-jstultz@google.com
[elavila: Port to android-mainline]
[jstultz: Rebased to upstream, cut unused trace points, added
comments for the tracepoints, reworded commit]
Signed-off-by: Sumanth Gavini <sumanth.gavini(a)yahoo.com>
---
include/trace/events/irq.h | 47 ++++++++++++++++++++++++++++++++++++++
kernel/softirq.c | 9 ++++++--
2 files changed, 54 insertions(+), 2 deletions(-)
diff --git a/include/trace/events/irq.h b/include/trace/events/irq.h
index eeceafaaea4c..a07b4607b663 100644
--- a/include/trace/events/irq.h
+++ b/include/trace/events/irq.h
@@ -160,6 +160,53 @@ DEFINE_EVENT(softirq, softirq_raise,
TP_ARGS(vec_nr)
);
+DECLARE_EVENT_CLASS(tasklet,
+
+ TP_PROTO(struct tasklet_struct *t, void *func),
+
+ TP_ARGS(t, func),
+
+ TP_STRUCT__entry(
+ __field( void *, tasklet)
+ __field( void *, func)
+ ),
+
+ TP_fast_assign(
+ __entry->tasklet = t;
+ __entry->func = func;
+ ),
+
+ TP_printk("tasklet=%ps function=%ps", __entry->tasklet, __entry->func)
+);
+
+/**
+ * tasklet_entry - called immediately before the tasklet is run
+ * @t: tasklet pointer
+ * @func: tasklet callback or function being run
+ *
+ * Used to find individual tasklet execution time
+ */
+DEFINE_EVENT(tasklet, tasklet_entry,
+
+ TP_PROTO(struct tasklet_struct *t, void *func),
+
+ TP_ARGS(t, func)
+);
+
+/**
+ * tasklet_exit - called immediately after the tasklet is run
+ * @t: tasklet pointer
+ * @func: tasklet callback or function being run
+ *
+ * Used to find individual tasklet execution time
+ */
+DEFINE_EVENT(tasklet, tasklet_exit,
+
+ TP_PROTO(struct tasklet_struct *t, void *func),
+
+ TP_ARGS(t, func)
+);
+
#endif /* _TRACE_IRQ_H */
/* This part must be outside protection */
diff --git a/kernel/softirq.c b/kernel/softirq.c
index 9ab5ca399a99..fadc6bbda27b 100644
--- a/kernel/softirq.c
+++ b/kernel/softirq.c
@@ -822,10 +822,15 @@ static void tasklet_action_common(struct softirq_action *a,
if (tasklet_trylock(t)) {
if (!atomic_read(&t->count)) {
if (tasklet_clear_sched(t)) {
- if (t->use_callback)
+ if (t->use_callback) {
+ trace_tasklet_entry(t, t->callback);
t->callback(t);
- else
+ trace_tasklet_exit(t, t->callback);
+ } else {
+ trace_tasklet_entry(t, t->func);
t->func(t->data);
+ trace_tasklet_exit(t, t->func);
+ }
}
tasklet_unlock(t);
continue;
--
2.43.0
2 weeks, 6 days
- 4
- 6
FAILED: patch "[PATCH] drm/i915/icl+/tc: Cache the max lane count value" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x 5fd35236546abe780eaadb7561e09953719d4fc3
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082305-reappoint-annotate-8587@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 5fd35236546abe780eaadb7561e09953719d4fc3 Mon Sep 17 00:00:00 2001
From: Imre Deak <imre.deak(a)intel.com>
Date: Mon, 11 Aug 2025 11:01:49 +0300
Subject: [PATCH] drm/i915/icl+/tc: Cache the max lane count value
The PHY's pin assignment value in the TCSS_DDI_STATUS register - as set
by the HW/FW based on the connected DP-alt sink's TypeC/PD pin
assignment negotiation - gets cleared by the HW/FW on LNL+ as soon as
the sink gets disconnected, even if the PHY ownership got acquired
already by the driver (and hence the PHY itself is still connected and
used by the display). This is similar to how the PHY Ready flag gets
cleared on LNL+ in the same register.
To be able to query the max lane count value on LNL+ - which is based on
the above pin assignment - at all times even after the sink gets
disconnected, the max lane count must be determined and cached during
the PHY's HW readout and connect sequences. Do that here, leaving the
actual use of the cached value to a follow-up change.
v2: Don't read out the pin configuration if the PHY is disconnected.
Cc: stable(a)vger.kernel.org # v6.8+
Reported-by: Charlton Lin <charlton.lin(a)intel.com>
Tested-by: Khaled Almahallawy <khaled.almahallawy(a)intel.com>
Reviewed-by: Mika Kahola <mika.kahola(a)intel.com>
Signed-off-by: Imre Deak <imre.deak(a)intel.com>
Link: https://lore.kernel.org/r/20250811080152.906216-3-imre.deak@intel.com
(cherry picked from commit 3e32438fc406761f81b1928d210b3d2a5e7501a0)
Signed-off-by: Tvrtko Ursulin <tursulin(a)ursulin.net>
diff --git a/drivers/gpu/drm/i915/display/intel_tc.c b/drivers/gpu/drm/i915/display/intel_tc.c
index 8208539bfe66..34435c4fc280 100644
--- a/drivers/gpu/drm/i915/display/intel_tc.c
+++ b/drivers/gpu/drm/i915/display/intel_tc.c
@@ -66,6 +66,7 @@ struct intel_tc_port {
enum tc_port_mode init_mode;
enum phy_fia phy_fia;
u8 phy_fia_idx;
+ u8 max_lane_count;
};
static enum intel_display_power_domain
@@ -365,12 +366,12 @@ static int intel_tc_port_get_max_lane_count(struct intel_digital_port *dig_port)
}
}
-int intel_tc_port_max_lane_count(struct intel_digital_port *dig_port)
+static int get_max_lane_count(struct intel_tc_port *tc)
{
- struct intel_display *display = to_intel_display(dig_port);
- struct intel_tc_port *tc = to_tc_port(dig_port);
+ struct intel_display *display = to_intel_display(tc->dig_port);
+ struct intel_digital_port *dig_port = tc->dig_port;
- if (!intel_encoder_is_tc(&dig_port->base) || tc->mode != TC_PORT_DP_ALT)
+ if (tc->mode != TC_PORT_DP_ALT)
return 4;
assert_tc_cold_blocked(tc);
@@ -384,6 +385,21 @@ int intel_tc_port_max_lane_count(struct intel_digital_port *dig_port)
return intel_tc_port_get_max_lane_count(dig_port);
}
+static void read_pin_configuration(struct intel_tc_port *tc)
+{
+ tc->max_lane_count = get_max_lane_count(tc);
+}
+
+int intel_tc_port_max_lane_count(struct intel_digital_port *dig_port)
+{
+ struct intel_tc_port *tc = to_tc_port(dig_port);
+
+ if (!intel_encoder_is_tc(&dig_port->base))
+ return 4;
+
+ return get_max_lane_count(tc);
+}
+
void intel_tc_port_set_fia_lane_count(struct intel_digital_port *dig_port,
int required_lanes)
{
@@ -596,9 +612,12 @@ static void icl_tc_phy_get_hw_state(struct intel_tc_port *tc)
tc_cold_wref = __tc_cold_block(tc, &domain);
tc->mode = tc_phy_get_current_mode(tc);
- if (tc->mode != TC_PORT_DISCONNECTED)
+ if (tc->mode != TC_PORT_DISCONNECTED) {
tc->lock_wakeref = tc_cold_block(tc);
+ read_pin_configuration(tc);
+ }
+
__tc_cold_unblock(tc, domain, tc_cold_wref);
}
@@ -656,8 +675,11 @@ static bool icl_tc_phy_connect(struct intel_tc_port *tc,
tc->lock_wakeref = tc_cold_block(tc);
- if (tc->mode == TC_PORT_TBT_ALT)
+ if (tc->mode == TC_PORT_TBT_ALT) {
+ read_pin_configuration(tc);
+
return true;
+ }
if ((!tc_phy_is_ready(tc) ||
!icl_tc_phy_take_ownership(tc, true)) &&
@@ -668,6 +690,7 @@ static bool icl_tc_phy_connect(struct intel_tc_port *tc,
goto out_unblock_tc_cold;
}
+ read_pin_configuration(tc);
if (!tc_phy_verify_legacy_or_dp_alt_mode(tc, required_lanes))
goto out_release_phy;
@@ -858,9 +881,12 @@ static void adlp_tc_phy_get_hw_state(struct intel_tc_port *tc)
port_wakeref = intel_display_power_get(display, port_power_domain);
tc->mode = tc_phy_get_current_mode(tc);
- if (tc->mode != TC_PORT_DISCONNECTED)
+ if (tc->mode != TC_PORT_DISCONNECTED) {
tc->lock_wakeref = tc_cold_block(tc);
+ read_pin_configuration(tc);
+ }
+
intel_display_power_put(display, port_power_domain, port_wakeref);
}
@@ -873,6 +899,9 @@ static bool adlp_tc_phy_connect(struct intel_tc_port *tc, int required_lanes)
if (tc->mode == TC_PORT_TBT_ALT) {
tc->lock_wakeref = tc_cold_block(tc);
+
+ read_pin_configuration(tc);
+
return true;
}
@@ -894,6 +923,8 @@ static bool adlp_tc_phy_connect(struct intel_tc_port *tc, int required_lanes)
tc->lock_wakeref = tc_cold_block(tc);
+ read_pin_configuration(tc);
+
if (!tc_phy_verify_legacy_or_dp_alt_mode(tc, required_lanes))
goto out_unblock_tc_cold;
@@ -1124,9 +1155,12 @@ static void xelpdp_tc_phy_get_hw_state(struct intel_tc_port *tc)
tc_cold_wref = __tc_cold_block(tc, &domain);
tc->mode = tc_phy_get_current_mode(tc);
- if (tc->mode != TC_PORT_DISCONNECTED)
+ if (tc->mode != TC_PORT_DISCONNECTED) {
tc->lock_wakeref = tc_cold_block(tc);
+ read_pin_configuration(tc);
+ }
+
drm_WARN_ON(display->drm,
(tc->mode == TC_PORT_DP_ALT || tc->mode == TC_PORT_LEGACY) &&
!xelpdp_tc_phy_tcss_power_is_enabled(tc));
@@ -1138,14 +1172,19 @@ static bool xelpdp_tc_phy_connect(struct intel_tc_port *tc, int required_lanes)
{
tc->lock_wakeref = tc_cold_block(tc);
- if (tc->mode == TC_PORT_TBT_ALT)
+ if (tc->mode == TC_PORT_TBT_ALT) {
+ read_pin_configuration(tc);
+
return true;
+ }
if (!xelpdp_tc_phy_enable_tcss_power(tc, true))
goto out_unblock_tccold;
xelpdp_tc_phy_take_ownership(tc, true);
+ read_pin_configuration(tc);
+
if (!tc_phy_verify_legacy_or_dp_alt_mode(tc, required_lanes))
goto out_release_phy;
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 340be332e420ed37d15d4169a1b4174e912ad6cb
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082221-murmuring-commotion-35cb@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 340be332e420ed37d15d4169a1b4174e912ad6cb Mon Sep 17 00:00:00 2001
From: Victor Shih <victor.shih(a)genesyslogic.com.tw>
Date: Thu, 31 Jul 2025 14:57:52 +0800
Subject: [PATCH] mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of
AER
Due to a flaw in the hardware design, the GL9763e replay timer frequently
times out when ASPM is enabled. As a result, the warning messages will
often appear in the system log when the system accesses the GL9763e
PCI config. Therefore, the replay timer timeout must be masked.
Signed-off-by: Victor Shih <victor.shih(a)genesyslogic.com.tw>
Fixes: 1ae1d2d6e555 ("mmc: sdhci-pci-gli: Add Genesys Logic GL9763E support")
Cc: stable(a)vger.kernel.org
Acked-by: Adrian Hunter <adrian.hunter(a)intel.com>
Link: https://lore.kernel.org/r/20250731065752.450231-4-victorshihgli@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org>
diff --git a/drivers/mmc/host/sdhci-pci-gli.c b/drivers/mmc/host/sdhci-pci-gli.c
index 436f0460222f..3a1de477e9af 100644
--- a/drivers/mmc/host/sdhci-pci-gli.c
+++ b/drivers/mmc/host/sdhci-pci-gli.c
@@ -1782,6 +1782,9 @@ static void gl9763e_hw_setting(struct sdhci_pci_slot *slot)
value |= FIELD_PREP(GLI_9763E_HS400_RXDLY, GLI_9763E_HS400_RXDLY_5);
pci_write_config_dword(pdev, PCIE_GLI_9763E_CLKRXDLY, value);
+ /* mask the replay timer timeout of AER */
+ sdhci_gli_mask_replay_timer_timeout(pdev);
+
pci_read_config_dword(pdev, PCIE_GLI_9763E_VHS, &value);
value &= ~GLI_9763E_VHS_REV;
value |= FIELD_PREP(GLI_9763E_VHS_REV, GLI_9763E_VHS_REV_R);
2 weeks, 6 days
- 2
- 3
FAILED: patch "[PATCH] usb: dwc3: Remove WARN_ON for device endpoint command" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x 45eae113dccaf8e502090ecf5b3d9e9b805add6f
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082347-mounting-plausible-6994@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 45eae113dccaf8e502090ecf5b3d9e9b805add6f Mon Sep 17 00:00:00 2001
From: Selvarasu Ganesan <selvarasu.g(a)samsung.com>
Date: Fri, 8 Aug 2025 18:23:05 +0530
Subject: [PATCH] usb: dwc3: Remove WARN_ON for device endpoint command
timeouts
This commit addresses a rarely observed endpoint command timeout
which causes kernel panic due to warn when 'panic_on_warn' is enabled
and unnecessary call trace prints when 'panic_on_warn' is disabled.
It is seen during fast software-controlled connect/disconnect testcases.
The following is one such endpoint command timeout that we observed:
1. Connect
=======
->dwc3_thread_interrupt
->dwc3_ep0_interrupt
->configfs_composite_setup
->composite_setup
->usb_ep_queue
->dwc3_gadget_ep0_queue
->__dwc3_gadget_ep0_queue
->__dwc3_ep0_do_control_data
->dwc3_send_gadget_ep_cmd
2. Disconnect
==========
->dwc3_thread_interrupt
->dwc3_gadget_disconnect_interrupt
->dwc3_ep0_reset_state
->dwc3_ep0_end_control_data
->dwc3_send_gadget_ep_cmd
In the issue scenario, in Exynos platforms, we observed that control
transfers for the previous connect have not yet been completed and end
transfer command sent as a part of the disconnect sequence and
processing of USB_ENDPOINT_HALT feature request from the host timeout.
This maybe an expected scenario since the controller is processing EP
commands sent as a part of the previous connect. It maybe better to
remove WARN_ON in all places where device endpoint commands are sent to
avoid unnecessary kernel panic due to warn.
Cc: stable <stable(a)kernel.org>
Co-developed-by: Akash M <akash.m5(a)samsung.com>
Signed-off-by: Akash M <akash.m5(a)samsung.com>
Signed-off-by: Selvarasu Ganesan <selvarasu.g(a)samsung.com>
Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
Reviewed-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
Link: https://lore.kernel.org/r/20250808125315.1607-1-selvarasu.g@samsung.com
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/usb/dwc3/ep0.c b/drivers/usb/dwc3/ep0.c
index 666ac432f52d..b4229aa13f37 100644
--- a/drivers/usb/dwc3/ep0.c
+++ b/drivers/usb/dwc3/ep0.c
@@ -288,7 +288,9 @@ void dwc3_ep0_out_start(struct dwc3 *dwc)
dwc3_ep0_prepare_one_trb(dep, dwc->ep0_trb_addr, 8,
DWC3_TRBCTL_CONTROL_SETUP, false);
ret = dwc3_ep0_start_trans(dep);
- WARN_ON(ret < 0);
+ if (ret < 0)
+ dev_err(dwc->dev, "ep0 out start transfer failed: %d\n", ret);
+
for (i = 2; i < DWC3_ENDPOINTS_NUM; i++) {
struct dwc3_ep *dwc3_ep;
@@ -1061,7 +1063,9 @@ static void __dwc3_ep0_do_control_data(struct dwc3 *dwc,
ret = dwc3_ep0_start_trans(dep);
}
- WARN_ON(ret < 0);
+ if (ret < 0)
+ dev_err(dwc->dev,
+ "ep0 data phase start transfer failed: %d\n", ret);
}
static int dwc3_ep0_start_control_status(struct dwc3_ep *dep)
@@ -1078,7 +1082,12 @@ static int dwc3_ep0_start_control_status(struct dwc3_ep *dep)
static void __dwc3_ep0_do_control_status(struct dwc3 *dwc, struct dwc3_ep *dep)
{
- WARN_ON(dwc3_ep0_start_control_status(dep));
+ int ret;
+
+ ret = dwc3_ep0_start_control_status(dep);
+ if (ret)
+ dev_err(dwc->dev,
+ "ep0 status phase start transfer failed: %d\n", ret);
}
static void dwc3_ep0_do_control_status(struct dwc3 *dwc,
@@ -1121,7 +1130,10 @@ void dwc3_ep0_end_control_data(struct dwc3 *dwc, struct dwc3_ep *dep)
cmd |= DWC3_DEPCMD_PARAM(dep->resource_index);
memset(¶ms, 0, sizeof(params));
ret = dwc3_send_gadget_ep_cmd(dep, cmd, ¶ms);
- WARN_ON_ONCE(ret);
+ if (ret)
+ dev_err_ratelimited(dwc->dev,
+ "ep0 data phase end transfer failed: %d\n", ret);
+
dep->resource_index = 0;
}
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index 68fa2813e5f4..554f997eb8c4 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -1772,7 +1772,11 @@ static int __dwc3_stop_active_transfer(struct dwc3_ep *dep, bool force, bool int
dep->flags |= DWC3_EP_DELAY_STOP;
return 0;
}
- WARN_ON_ONCE(ret);
+
+ if (ret)
+ dev_err_ratelimited(dep->dwc->dev,
+ "end transfer failed: %d\n", ret);
+
dep->resource_index = 0;
if (!interrupt)
@@ -4048,7 +4052,9 @@ static void dwc3_clear_stall_all_ep(struct dwc3 *dwc)
dep->flags &= ~DWC3_EP_STALL;
ret = dwc3_send_clear_stall_ep_cmd(dep);
- WARN_ON_ONCE(ret);
+ if (ret)
+ dev_err_ratelimited(dwc->dev,
+ "failed to clear STALL on %s\n", dep->name);
}
}
2 weeks, 6 days
- 1
- 0
FAILED: patch "[PATCH] usb: dwc3: Remove WARN_ON for device endpoint command" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x 45eae113dccaf8e502090ecf5b3d9e9b805add6f
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082346-tux-happiness-8709@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 45eae113dccaf8e502090ecf5b3d9e9b805add6f Mon Sep 17 00:00:00 2001
From: Selvarasu Ganesan <selvarasu.g(a)samsung.com>
Date: Fri, 8 Aug 2025 18:23:05 +0530
Subject: [PATCH] usb: dwc3: Remove WARN_ON for device endpoint command
timeouts
This commit addresses a rarely observed endpoint command timeout
which causes kernel panic due to warn when 'panic_on_warn' is enabled
and unnecessary call trace prints when 'panic_on_warn' is disabled.
It is seen during fast software-controlled connect/disconnect testcases.
The following is one such endpoint command timeout that we observed:
1. Connect
=======
->dwc3_thread_interrupt
->dwc3_ep0_interrupt
->configfs_composite_setup
->composite_setup
->usb_ep_queue
->dwc3_gadget_ep0_queue
->__dwc3_gadget_ep0_queue
->__dwc3_ep0_do_control_data
->dwc3_send_gadget_ep_cmd
2. Disconnect
==========
->dwc3_thread_interrupt
->dwc3_gadget_disconnect_interrupt
->dwc3_ep0_reset_state
->dwc3_ep0_end_control_data
->dwc3_send_gadget_ep_cmd
In the issue scenario, in Exynos platforms, we observed that control
transfers for the previous connect have not yet been completed and end
transfer command sent as a part of the disconnect sequence and
processing of USB_ENDPOINT_HALT feature request from the host timeout.
This maybe an expected scenario since the controller is processing EP
commands sent as a part of the previous connect. It maybe better to
remove WARN_ON in all places where device endpoint commands are sent to
avoid unnecessary kernel panic due to warn.
Cc: stable <stable(a)kernel.org>
Co-developed-by: Akash M <akash.m5(a)samsung.com>
Signed-off-by: Akash M <akash.m5(a)samsung.com>
Signed-off-by: Selvarasu Ganesan <selvarasu.g(a)samsung.com>
Acked-by: Thinh Nguyen <Thinh.Nguyen(a)synopsys.com>
Reviewed-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de>
Link: https://lore.kernel.org/r/20250808125315.1607-1-selvarasu.g@samsung.com
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/usb/dwc3/ep0.c b/drivers/usb/dwc3/ep0.c
index 666ac432f52d..b4229aa13f37 100644
--- a/drivers/usb/dwc3/ep0.c
+++ b/drivers/usb/dwc3/ep0.c
@@ -288,7 +288,9 @@ void dwc3_ep0_out_start(struct dwc3 *dwc)
dwc3_ep0_prepare_one_trb(dep, dwc->ep0_trb_addr, 8,
DWC3_TRBCTL_CONTROL_SETUP, false);
ret = dwc3_ep0_start_trans(dep);
- WARN_ON(ret < 0);
+ if (ret < 0)
+ dev_err(dwc->dev, "ep0 out start transfer failed: %d\n", ret);
+
for (i = 2; i < DWC3_ENDPOINTS_NUM; i++) {
struct dwc3_ep *dwc3_ep;
@@ -1061,7 +1063,9 @@ static void __dwc3_ep0_do_control_data(struct dwc3 *dwc,
ret = dwc3_ep0_start_trans(dep);
}
- WARN_ON(ret < 0);
+ if (ret < 0)
+ dev_err(dwc->dev,
+ "ep0 data phase start transfer failed: %d\n", ret);
}
static int dwc3_ep0_start_control_status(struct dwc3_ep *dep)
@@ -1078,7 +1082,12 @@ static int dwc3_ep0_start_control_status(struct dwc3_ep *dep)
static void __dwc3_ep0_do_control_status(struct dwc3 *dwc, struct dwc3_ep *dep)
{
- WARN_ON(dwc3_ep0_start_control_status(dep));
+ int ret;
+
+ ret = dwc3_ep0_start_control_status(dep);
+ if (ret)
+ dev_err(dwc->dev,
+ "ep0 status phase start transfer failed: %d\n", ret);
}
static void dwc3_ep0_do_control_status(struct dwc3 *dwc,
@@ -1121,7 +1130,10 @@ void dwc3_ep0_end_control_data(struct dwc3 *dwc, struct dwc3_ep *dep)
cmd |= DWC3_DEPCMD_PARAM(dep->resource_index);
memset(¶ms, 0, sizeof(params));
ret = dwc3_send_gadget_ep_cmd(dep, cmd, ¶ms);
- WARN_ON_ONCE(ret);
+ if (ret)
+ dev_err_ratelimited(dwc->dev,
+ "ep0 data phase end transfer failed: %d\n", ret);
+
dep->resource_index = 0;
}
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
index 68fa2813e5f4..554f997eb8c4 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -1772,7 +1772,11 @@ static int __dwc3_stop_active_transfer(struct dwc3_ep *dep, bool force, bool int
dep->flags |= DWC3_EP_DELAY_STOP;
return 0;
}
- WARN_ON_ONCE(ret);
+
+ if (ret)
+ dev_err_ratelimited(dep->dwc->dev,
+ "end transfer failed: %d\n", ret);
+
dep->resource_index = 0;
if (!interrupt)
@@ -4048,7 +4052,9 @@ static void dwc3_clear_stall_all_ep(struct dwc3 *dwc)
dep->flags &= ~DWC3_EP_STALL;
ret = dwc3_send_clear_stall_ep_cmd(dep);
- WARN_ON_ONCE(ret);
+ if (ret)
+ dev_err_ratelimited(dwc->dev,
+ "failed to clear STALL on %s\n", dep->name);
}
}
2 weeks, 6 days
- 1
- 0
FAILED: patch "[PATCH] usb: xhci: Fix slot_id resource race conflict" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x 2eb03376151bb8585caa23ed2673583107bb5193
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082306-plop-swampland-0f61@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 2eb03376151bb8585caa23ed2673583107bb5193 Mon Sep 17 00:00:00 2001
From: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com>
Date: Tue, 19 Aug 2025 15:58:43 +0300
Subject: [PATCH] usb: xhci: Fix slot_id resource race conflict
xHC controller may immediately reuse a slot_id after it's disabled,
giving it to a new enumerating device before the xhci driver freed
all resources related to the disabled device.
In such a scenario, device-A with slot_id equal to 1 is disconnecting
while device-B is enumerating, device-B will fail to enumerate in the
follow sequence.
1.[device-A] send disable slot command
2.[device-B] send enable slot command
3.[device-A] disable slot command completed and wakeup waiting thread
4.[device-B] enable slot command completed with slot_id equal to 1 and
wakeup waiting thread
5.[device-B] driver checks that slot_id is still in use (by device-A) in
xhci_alloc_virt_device, and fail to enumerate due to this
conflict
6.[device-A] xhci->devs[slot_id] set to NULL in xhci_free_virt_device
To fix driver's slot_id resources conflict, clear xhci->devs[slot_id] and
xhci->dcbba->dev_context_ptrs[slot_id] pointers in the interrupt context
when disable slot command completes successfully. Simultaneously, adjust
function xhci_free_virt_device to accurately handle device release.
[minor smatch warning and commit message fix -Mathias]
Cc: stable(a)vger.kernel.org
Fixes: 7faac1953ed1 ("xhci: avoid race between disable slot command and host runtime suspend")
Signed-off-by: Weitao Wang <WeitaoWang-oc(a)zhaoxin.com>
Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com>
Link: https://lore.kernel.org/r/20250819125844.2042452-2-mathias.nyman@linux.inte…
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c
index 92bb84f8132a..b3a59ce1b3f4 100644
--- a/drivers/usb/host/xhci-hub.c
+++ b/drivers/usb/host/xhci-hub.c
@@ -704,8 +704,7 @@ static int xhci_enter_test_mode(struct xhci_hcd *xhci,
if (!xhci->devs[i])
continue;
- retval = xhci_disable_slot(xhci, i);
- xhci_free_virt_device(xhci, i);
+ retval = xhci_disable_and_free_slot(xhci, i);
if (retval)
xhci_err(xhci, "Failed to disable slot %d, %d. Enter test mode anyway\n",
i, retval);
diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c
index 07289333a1e8..81eaad87a3d9 100644
--- a/drivers/usb/host/xhci-mem.c
+++ b/drivers/usb/host/xhci-mem.c
@@ -865,21 +865,20 @@ int xhci_alloc_tt_info(struct xhci_hcd *xhci,
* will be manipulated by the configure endpoint, allocate device, or update
* hub functions while this function is removing the TT entries from the list.
*/
-void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id)
+void xhci_free_virt_device(struct xhci_hcd *xhci, struct xhci_virt_device *dev,
+ int slot_id)
{
- struct xhci_virt_device *dev;
int i;
int old_active_eps = 0;
/* Slot ID 0 is reserved */
- if (slot_id == 0 || !xhci->devs[slot_id])
+ if (slot_id == 0 || !dev)
return;
- dev = xhci->devs[slot_id];
-
- xhci->dcbaa->dev_context_ptrs[slot_id] = 0;
- if (!dev)
- return;
+ /* If device ctx array still points to _this_ device, clear it */
+ if (dev->out_ctx &&
+ xhci->dcbaa->dev_context_ptrs[slot_id] == cpu_to_le64(dev->out_ctx->dma))
+ xhci->dcbaa->dev_context_ptrs[slot_id] = 0;
trace_xhci_free_virt_device(dev);
@@ -920,8 +919,9 @@ void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id)
dev->udev->slot_id = 0;
if (dev->rhub_port && dev->rhub_port->slot_id == slot_id)
dev->rhub_port->slot_id = 0;
- kfree(xhci->devs[slot_id]);
- xhci->devs[slot_id] = NULL;
+ if (xhci->devs[slot_id] == dev)
+ xhci->devs[slot_id] = NULL;
+ kfree(dev);
}
/*
@@ -962,7 +962,7 @@ static void xhci_free_virt_devices_depth_first(struct xhci_hcd *xhci, int slot_i
out:
/* we are now at a leaf device */
xhci_debugfs_remove_slot(xhci, slot_id);
- xhci_free_virt_device(xhci, slot_id);
+ xhci_free_virt_device(xhci, vdev, slot_id);
}
int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id,
diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c
index ecd757d482c5..4f8f5aab109d 100644
--- a/drivers/usb/host/xhci-ring.c
+++ b/drivers/usb/host/xhci-ring.c
@@ -1592,7 +1592,8 @@ static void xhci_handle_cmd_enable_slot(int slot_id, struct xhci_command *comman
command->slot_id = 0;
}
-static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id)
+static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id,
+ u32 cmd_comp_code)
{
struct xhci_virt_device *virt_dev;
struct xhci_slot_ctx *slot_ctx;
@@ -1607,6 +1608,10 @@ static void xhci_handle_cmd_disable_slot(struct xhci_hcd *xhci, int slot_id)
if (xhci->quirks & XHCI_EP_LIMIT_QUIRK)
/* Delete default control endpoint resources */
xhci_free_device_endpoint_resources(xhci, virt_dev, true);
+ if (cmd_comp_code == COMP_SUCCESS) {
+ xhci->dcbaa->dev_context_ptrs[slot_id] = 0;
+ xhci->devs[slot_id] = NULL;
+ }
}
static void xhci_handle_cmd_config_ep(struct xhci_hcd *xhci, int slot_id)
@@ -1856,7 +1861,7 @@ static void handle_cmd_completion(struct xhci_hcd *xhci,
xhci_handle_cmd_enable_slot(slot_id, cmd, cmd_comp_code);
break;
case TRB_DISABLE_SLOT:
- xhci_handle_cmd_disable_slot(xhci, slot_id);
+ xhci_handle_cmd_disable_slot(xhci, slot_id, cmd_comp_code);
break;
case TRB_CONFIG_EP:
if (!cmd->completion)
diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c
index 47151ca527bf..0e03691f03bf 100644
--- a/drivers/usb/host/xhci.c
+++ b/drivers/usb/host/xhci.c
@@ -3932,8 +3932,7 @@ static int xhci_discover_or_reset_device(struct usb_hcd *hcd,
* Obtaining a new device slot to inform the xHCI host that
* the USB device has been reset.
*/
- ret = xhci_disable_slot(xhci, udev->slot_id);
- xhci_free_virt_device(xhci, udev->slot_id);
+ ret = xhci_disable_and_free_slot(xhci, udev->slot_id);
if (!ret) {
ret = xhci_alloc_dev(hcd, udev);
if (ret == 1)
@@ -4090,7 +4089,7 @@ static void xhci_free_dev(struct usb_hcd *hcd, struct usb_device *udev)
xhci_disable_slot(xhci, udev->slot_id);
spin_lock_irqsave(&xhci->lock, flags);
- xhci_free_virt_device(xhci, udev->slot_id);
+ xhci_free_virt_device(xhci, virt_dev, udev->slot_id);
spin_unlock_irqrestore(&xhci->lock, flags);
}
@@ -4139,6 +4138,16 @@ int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id)
return 0;
}
+int xhci_disable_and_free_slot(struct xhci_hcd *xhci, u32 slot_id)
+{
+ struct xhci_virt_device *vdev = xhci->devs[slot_id];
+ int ret;
+
+ ret = xhci_disable_slot(xhci, slot_id);
+ xhci_free_virt_device(xhci, vdev, slot_id);
+ return ret;
+}
+
/*
* Checks if we have enough host controller resources for the default control
* endpoint.
@@ -4245,8 +4254,7 @@ int xhci_alloc_dev(struct usb_hcd *hcd, struct usb_device *udev)
return 1;
disable_slot:
- xhci_disable_slot(xhci, udev->slot_id);
- xhci_free_virt_device(xhci, udev->slot_id);
+ xhci_disable_and_free_slot(xhci, udev->slot_id);
return 0;
}
@@ -4382,8 +4390,7 @@ static int xhci_setup_device(struct usb_hcd *hcd, struct usb_device *udev,
dev_warn(&udev->dev, "Device not responding to setup %s.\n", act);
mutex_unlock(&xhci->mutex);
- ret = xhci_disable_slot(xhci, udev->slot_id);
- xhci_free_virt_device(xhci, udev->slot_id);
+ ret = xhci_disable_and_free_slot(xhci, udev->slot_id);
if (!ret) {
if (xhci_alloc_dev(hcd, udev) == 1)
xhci_setup_addressable_virt_dev(xhci, udev);
diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h
index a20f4e7cd43a..85d5b964bf1e 100644
--- a/drivers/usb/host/xhci.h
+++ b/drivers/usb/host/xhci.h
@@ -1791,7 +1791,7 @@ void xhci_dbg_trace(struct xhci_hcd *xhci, void (*trace)(struct va_format *),
/* xHCI memory management */
void xhci_mem_cleanup(struct xhci_hcd *xhci);
int xhci_mem_init(struct xhci_hcd *xhci, gfp_t flags);
-void xhci_free_virt_device(struct xhci_hcd *xhci, int slot_id);
+void xhci_free_virt_device(struct xhci_hcd *xhci, struct xhci_virt_device *dev, int slot_id);
int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id, struct usb_device *udev, gfp_t flags);
int xhci_setup_addressable_virt_dev(struct xhci_hcd *xhci, struct usb_device *udev);
void xhci_copy_ep0_dequeue_into_input_ctx(struct xhci_hcd *xhci,
@@ -1888,6 +1888,7 @@ void xhci_reset_bandwidth(struct usb_hcd *hcd, struct usb_device *udev);
int xhci_update_hub_device(struct usb_hcd *hcd, struct usb_device *hdev,
struct usb_tt *tt, gfp_t mem_flags);
int xhci_disable_slot(struct xhci_hcd *xhci, u32 slot_id);
+int xhci_disable_and_free_slot(struct xhci_hcd *xhci, u32 slot_id);
int xhci_ext_cap_init(struct xhci_hcd *xhci);
int xhci_suspend(struct xhci_hcd *xhci, bool do_wakeup);
2 weeks, 6 days
- 1
- 0
FAILED: patch "[PATCH] mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 340be332e420ed37d15d4169a1b4174e912ad6cb
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082238-bullring-fantasy-07b7@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 340be332e420ed37d15d4169a1b4174e912ad6cb Mon Sep 17 00:00:00 2001
From: Victor Shih <victor.shih(a)genesyslogic.com.tw>
Date: Thu, 31 Jul 2025 14:57:52 +0800
Subject: [PATCH] mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of
AER
Due to a flaw in the hardware design, the GL9763e replay timer frequently
times out when ASPM is enabled. As a result, the warning messages will
often appear in the system log when the system accesses the GL9763e
PCI config. Therefore, the replay timer timeout must be masked.
Signed-off-by: Victor Shih <victor.shih(a)genesyslogic.com.tw>
Fixes: 1ae1d2d6e555 ("mmc: sdhci-pci-gli: Add Genesys Logic GL9763E support")
Cc: stable(a)vger.kernel.org
Acked-by: Adrian Hunter <adrian.hunter(a)intel.com>
Link: https://lore.kernel.org/r/20250731065752.450231-4-victorshihgli@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org>
diff --git a/drivers/mmc/host/sdhci-pci-gli.c b/drivers/mmc/host/sdhci-pci-gli.c
index 436f0460222f..3a1de477e9af 100644
--- a/drivers/mmc/host/sdhci-pci-gli.c
+++ b/drivers/mmc/host/sdhci-pci-gli.c
@@ -1782,6 +1782,9 @@ static void gl9763e_hw_setting(struct sdhci_pci_slot *slot)
value |= FIELD_PREP(GLI_9763E_HS400_RXDLY, GLI_9763E_HS400_RXDLY_5);
pci_write_config_dword(pdev, PCIE_GLI_9763E_CLKRXDLY, value);
+ /* mask the replay timer timeout of AER */
+ sdhci_gli_mask_replay_timer_timeout(pdev);
+
pci_read_config_dword(pdev, PCIE_GLI_9763E_VHS, &value);
value &= ~GLI_9763E_VHS_REV;
value |= FIELD_PREP(GLI_9763E_VHS_REV, GLI_9763E_VHS_REV_R);
2 weeks, 6 days
- 2
- 3
FAILED: patch "[PATCH] iio: temperature: maxim_thermocouple: use DMA-safe buffer for" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x ae5bc07ec9f73a41734270ef3f800c5c8a7e0ad3
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082301-broiling-rendering-4758@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From ae5bc07ec9f73a41734270ef3f800c5c8a7e0ad3 Mon Sep 17 00:00:00 2001
From: David Lechner <dlechner(a)baylibre.com>
Date: Mon, 21 Jul 2025 18:04:04 -0500
Subject: [PATCH] iio: temperature: maxim_thermocouple: use DMA-safe buffer for
spi_read()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Replace using stack-allocated buffers with a DMA-safe buffer for use
with spi_read(). This allows the driver to be safely used with
DMA-enabled SPI controllers.
The buffer array is also converted to a struct with a union to make the
usage of the memory in the buffer more clear and ensure proper alignment.
Fixes: 1f25ca11d84a ("iio: temperature: add support for Maxim thermocouple chips")
Signed-off-by: David Lechner <dlechner(a)baylibre.com>
Reviewed-by: Nuno Sá <nuno.sa(a)analog.com>
Link: https://patch.msgid.link/20250721-iio-use-more-iio_declare_buffer_with_ts-3…
Cc: <Stable(a)vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
diff --git a/drivers/iio/temperature/maxim_thermocouple.c b/drivers/iio/temperature/maxim_thermocouple.c
index cae8e84821d7..205939680fd4 100644
--- a/drivers/iio/temperature/maxim_thermocouple.c
+++ b/drivers/iio/temperature/maxim_thermocouple.c
@@ -11,6 +11,7 @@
#include <linux/module.h>
#include <linux/err.h>
#include <linux/spi/spi.h>
+#include <linux/types.h>
#include <linux/iio/iio.h>
#include <linux/iio/sysfs.h>
#include <linux/iio/trigger.h>
@@ -121,8 +122,15 @@ struct maxim_thermocouple_data {
struct spi_device *spi;
const struct maxim_thermocouple_chip *chip;
char tc_type;
-
- u8 buffer[16] __aligned(IIO_DMA_MINALIGN);
+ /* Buffer for reading up to 2 hardware channels. */
+ struct {
+ union {
+ __be16 raw16;
+ __be32 raw32;
+ __be16 raw[2];
+ };
+ aligned_s64 timestamp;
+ } buffer __aligned(IIO_DMA_MINALIGN);
};
static int maxim_thermocouple_read(struct maxim_thermocouple_data *data,
@@ -130,18 +138,16 @@ static int maxim_thermocouple_read(struct maxim_thermocouple_data *data,
{
unsigned int storage_bytes = data->chip->read_size;
unsigned int shift = chan->scan_type.shift + (chan->address * 8);
- __be16 buf16;
- __be32 buf32;
int ret;
switch (storage_bytes) {
case 2:
- ret = spi_read(data->spi, (void *)&buf16, storage_bytes);
- *val = be16_to_cpu(buf16);
+ ret = spi_read(data->spi, &data->buffer.raw16, storage_bytes);
+ *val = be16_to_cpu(data->buffer.raw16);
break;
case 4:
- ret = spi_read(data->spi, (void *)&buf32, storage_bytes);
- *val = be32_to_cpu(buf32);
+ ret = spi_read(data->spi, &data->buffer.raw32, storage_bytes);
+ *val = be32_to_cpu(data->buffer.raw32);
break;
default:
ret = -EINVAL;
@@ -166,9 +172,9 @@ static irqreturn_t maxim_thermocouple_trigger_handler(int irq, void *private)
struct maxim_thermocouple_data *data = iio_priv(indio_dev);
int ret;
- ret = spi_read(data->spi, data->buffer, data->chip->read_size);
+ ret = spi_read(data->spi, data->buffer.raw, data->chip->read_size);
if (!ret) {
- iio_push_to_buffers_with_ts(indio_dev, data->buffer,
+ iio_push_to_buffers_with_ts(indio_dev, &data->buffer,
sizeof(data->buffer),
iio_get_time_ns(indio_dev));
}
2 weeks, 6 days
- 1
- 0
FAILED: patch "[PATCH] iio: temperature: maxim_thermocouple: use DMA-safe buffer for" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x ae5bc07ec9f73a41734270ef3f800c5c8a7e0ad3
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082301-nickname-uncommon-49ac@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From ae5bc07ec9f73a41734270ef3f800c5c8a7e0ad3 Mon Sep 17 00:00:00 2001
From: David Lechner <dlechner(a)baylibre.com>
Date: Mon, 21 Jul 2025 18:04:04 -0500
Subject: [PATCH] iio: temperature: maxim_thermocouple: use DMA-safe buffer for
spi_read()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Replace using stack-allocated buffers with a DMA-safe buffer for use
with spi_read(). This allows the driver to be safely used with
DMA-enabled SPI controllers.
The buffer array is also converted to a struct with a union to make the
usage of the memory in the buffer more clear and ensure proper alignment.
Fixes: 1f25ca11d84a ("iio: temperature: add support for Maxim thermocouple chips")
Signed-off-by: David Lechner <dlechner(a)baylibre.com>
Reviewed-by: Nuno Sá <nuno.sa(a)analog.com>
Link: https://patch.msgid.link/20250721-iio-use-more-iio_declare_buffer_with_ts-3…
Cc: <Stable(a)vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
diff --git a/drivers/iio/temperature/maxim_thermocouple.c b/drivers/iio/temperature/maxim_thermocouple.c
index cae8e84821d7..205939680fd4 100644
--- a/drivers/iio/temperature/maxim_thermocouple.c
+++ b/drivers/iio/temperature/maxim_thermocouple.c
@@ -11,6 +11,7 @@
#include <linux/module.h>
#include <linux/err.h>
#include <linux/spi/spi.h>
+#include <linux/types.h>
#include <linux/iio/iio.h>
#include <linux/iio/sysfs.h>
#include <linux/iio/trigger.h>
@@ -121,8 +122,15 @@ struct maxim_thermocouple_data {
struct spi_device *spi;
const struct maxim_thermocouple_chip *chip;
char tc_type;
-
- u8 buffer[16] __aligned(IIO_DMA_MINALIGN);
+ /* Buffer for reading up to 2 hardware channels. */
+ struct {
+ union {
+ __be16 raw16;
+ __be32 raw32;
+ __be16 raw[2];
+ };
+ aligned_s64 timestamp;
+ } buffer __aligned(IIO_DMA_MINALIGN);
};
static int maxim_thermocouple_read(struct maxim_thermocouple_data *data,
@@ -130,18 +138,16 @@ static int maxim_thermocouple_read(struct maxim_thermocouple_data *data,
{
unsigned int storage_bytes = data->chip->read_size;
unsigned int shift = chan->scan_type.shift + (chan->address * 8);
- __be16 buf16;
- __be32 buf32;
int ret;
switch (storage_bytes) {
case 2:
- ret = spi_read(data->spi, (void *)&buf16, storage_bytes);
- *val = be16_to_cpu(buf16);
+ ret = spi_read(data->spi, &data->buffer.raw16, storage_bytes);
+ *val = be16_to_cpu(data->buffer.raw16);
break;
case 4:
- ret = spi_read(data->spi, (void *)&buf32, storage_bytes);
- *val = be32_to_cpu(buf32);
+ ret = spi_read(data->spi, &data->buffer.raw32, storage_bytes);
+ *val = be32_to_cpu(data->buffer.raw32);
break;
default:
ret = -EINVAL;
@@ -166,9 +172,9 @@ static irqreturn_t maxim_thermocouple_trigger_handler(int irq, void *private)
struct maxim_thermocouple_data *data = iio_priv(indio_dev);
int ret;
- ret = spi_read(data->spi, data->buffer, data->chip->read_size);
+ ret = spi_read(data->spi, data->buffer.raw, data->chip->read_size);
if (!ret) {
- iio_push_to_buffers_with_ts(indio_dev, data->buffer,
+ iio_push_to_buffers_with_ts(indio_dev, &data->buffer,
sizeof(data->buffer),
iio_get_time_ns(indio_dev));
}
2 weeks, 6 days
- 1
- 0
FAILED: patch "[PATCH] iio: temperature: maxim_thermocouple: use DMA-safe buffer for" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x ae5bc07ec9f73a41734270ef3f800c5c8a7e0ad3
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082300-defense-dormitory-d649@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From ae5bc07ec9f73a41734270ef3f800c5c8a7e0ad3 Mon Sep 17 00:00:00 2001
From: David Lechner <dlechner(a)baylibre.com>
Date: Mon, 21 Jul 2025 18:04:04 -0500
Subject: [PATCH] iio: temperature: maxim_thermocouple: use DMA-safe buffer for
spi_read()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Replace using stack-allocated buffers with a DMA-safe buffer for use
with spi_read(). This allows the driver to be safely used with
DMA-enabled SPI controllers.
The buffer array is also converted to a struct with a union to make the
usage of the memory in the buffer more clear and ensure proper alignment.
Fixes: 1f25ca11d84a ("iio: temperature: add support for Maxim thermocouple chips")
Signed-off-by: David Lechner <dlechner(a)baylibre.com>
Reviewed-by: Nuno Sá <nuno.sa(a)analog.com>
Link: https://patch.msgid.link/20250721-iio-use-more-iio_declare_buffer_with_ts-3…
Cc: <Stable(a)vger.kernel.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com>
diff --git a/drivers/iio/temperature/maxim_thermocouple.c b/drivers/iio/temperature/maxim_thermocouple.c
index cae8e84821d7..205939680fd4 100644
--- a/drivers/iio/temperature/maxim_thermocouple.c
+++ b/drivers/iio/temperature/maxim_thermocouple.c
@@ -11,6 +11,7 @@
#include <linux/module.h>
#include <linux/err.h>
#include <linux/spi/spi.h>
+#include <linux/types.h>
#include <linux/iio/iio.h>
#include <linux/iio/sysfs.h>
#include <linux/iio/trigger.h>
@@ -121,8 +122,15 @@ struct maxim_thermocouple_data {
struct spi_device *spi;
const struct maxim_thermocouple_chip *chip;
char tc_type;
-
- u8 buffer[16] __aligned(IIO_DMA_MINALIGN);
+ /* Buffer for reading up to 2 hardware channels. */
+ struct {
+ union {
+ __be16 raw16;
+ __be32 raw32;
+ __be16 raw[2];
+ };
+ aligned_s64 timestamp;
+ } buffer __aligned(IIO_DMA_MINALIGN);
};
static int maxim_thermocouple_read(struct maxim_thermocouple_data *data,
@@ -130,18 +138,16 @@ static int maxim_thermocouple_read(struct maxim_thermocouple_data *data,
{
unsigned int storage_bytes = data->chip->read_size;
unsigned int shift = chan->scan_type.shift + (chan->address * 8);
- __be16 buf16;
- __be32 buf32;
int ret;
switch (storage_bytes) {
case 2:
- ret = spi_read(data->spi, (void *)&buf16, storage_bytes);
- *val = be16_to_cpu(buf16);
+ ret = spi_read(data->spi, &data->buffer.raw16, storage_bytes);
+ *val = be16_to_cpu(data->buffer.raw16);
break;
case 4:
- ret = spi_read(data->spi, (void *)&buf32, storage_bytes);
- *val = be32_to_cpu(buf32);
+ ret = spi_read(data->spi, &data->buffer.raw32, storage_bytes);
+ *val = be32_to_cpu(data->buffer.raw32);
break;
default:
ret = -EINVAL;
@@ -166,9 +172,9 @@ static irqreturn_t maxim_thermocouple_trigger_handler(int irq, void *private)
struct maxim_thermocouple_data *data = iio_priv(indio_dev);
int ret;
- ret = spi_read(data->spi, data->buffer, data->chip->read_size);
+ ret = spi_read(data->spi, data->buffer.raw, data->chip->read_size);
if (!ret) {
- iio_push_to_buffers_with_ts(indio_dev, data->buffer,
+ iio_push_to_buffers_with_ts(indio_dev, &data->buffer,
sizeof(data->buffer),
iio_get_time_ns(indio_dev));
}
2 weeks, 6 days
- 1
- 0
FAILED: patch "[PATCH] tracing: Limit access to parser->buffer when trace_get_user" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x 6a909ea83f226803ea0e718f6e88613df9234d58
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082332-cusp-headstone-2927@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 6a909ea83f226803ea0e718f6e88613df9234d58 Mon Sep 17 00:00:00 2001
From: Pu Lehui <pulehui(a)huawei.com>
Date: Wed, 13 Aug 2025 04:02:32 +0000
Subject: [PATCH] tracing: Limit access to parser->buffer when trace_get_user
failed
When the length of the string written to set_ftrace_filter exceeds
FTRACE_BUFF_MAX, the following KASAN alarm will be triggered:
BUG: KASAN: slab-out-of-bounds in strsep+0x18c/0x1b0
Read of size 1 at addr ffff0000d00bd5ba by task ash/165
CPU: 1 UID: 0 PID: 165 Comm: ash Not tainted 6.16.0-g6bcdbd62bd56-dirty
Hardware name: linux,dummy-virt (DT)
Call trace:
show_stack+0x34/0x50 (C)
dump_stack_lvl+0xa0/0x158
print_address_description.constprop.0+0x88/0x398
print_report+0xb0/0x280
kasan_report+0xa4/0xf0
__asan_report_load1_noabort+0x20/0x30
strsep+0x18c/0x1b0
ftrace_process_regex.isra.0+0x100/0x2d8
ftrace_regex_release+0x484/0x618
__fput+0x364/0xa58
____fput+0x28/0x40
task_work_run+0x154/0x278
do_notify_resume+0x1f0/0x220
el0_svc+0xec/0xf0
el0t_64_sync_handler+0xa0/0xe8
el0t_64_sync+0x1ac/0x1b0
The reason is that trace_get_user will fail when processing a string
longer than FTRACE_BUFF_MAX, but not set the end of parser->buffer to 0.
Then an OOB access will be triggered in ftrace_regex_release->
ftrace_process_regex->strsep->strpbrk. We can solve this problem by
limiting access to parser->buffer when trace_get_user failed.
Cc: stable(a)vger.kernel.org
Link: https://lore.kernel.org/20250813040232.1344527-1-pulehui@huaweicloud.com
Fixes: 8c9af478c06b ("ftrace: Handle commands when closing set_ftrace_filter file")
Signed-off-by: Pu Lehui <pulehui(a)huawei.com>
Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org>
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
index 4283ed4e8f59..8d8935ed416d 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
@@ -1816,7 +1816,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
@@ -1830,7 +1830,7 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
while (cnt && isspace(ch)) {
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
}
@@ -1848,12 +1848,14 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
while (cnt && !isspace(ch) && ch) {
if (parser->idx < parser->size - 1)
parser->buffer[parser->idx++] = ch;
- else
- return -EINVAL;
+ else {
+ ret = -EINVAL;
+ goto fail;
+ }
ret = get_user(ch, ubuf++);
if (ret)
- return ret;
+ goto fail;
read++;
cnt--;
}
@@ -1868,11 +1870,15 @@ int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
/* Make sure the parsed string always terminates with '\0'. */
parser->buffer[parser->idx] = 0;
} else {
- return -EINVAL;
+ ret = -EINVAL;
+ goto fail;
}
*ppos += read;
return read;
+fail:
+ trace_parser_fail(parser);
+ return ret;
}
/* TODO add a seq_buf_to_buffer() */
diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
index 1dbf1d3cf2f1..be6654899cae 100644
--- a/kernel/trace/trace.h
+++ b/kernel/trace/trace.h
@@ -1292,6 +1292,7 @@ bool ftrace_event_is_function(struct trace_event_call *call);
*/
struct trace_parser {
bool cont;
+ bool fail;
char *buffer;
unsigned idx;
unsigned size;
@@ -1299,7 +1300,7 @@ struct trace_parser {
static inline bool trace_parser_loaded(struct trace_parser *parser)
{
- return (parser->idx != 0);
+ return !parser->fail && parser->idx != 0;
}
static inline bool trace_parser_cont(struct trace_parser *parser)
@@ -1313,6 +1314,11 @@ static inline void trace_parser_clear(struct trace_parser *parser)
parser->idx = 0;
}
+static inline void trace_parser_fail(struct trace_parser *parser)
+{
+ parser->fail = true;
+}
+
extern int trace_parser_get_init(struct trace_parser *parser, int size);
extern void trace_parser_put(struct trace_parser *parser);
extern int trace_get_user(struct trace_parser *parser, const char __user *ubuf,
2 weeks, 6 days
- 1
- 0
FAILED: patch "[PATCH] mptcp: disable add_addr retransmission when timeout is 0" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x f5ce0714623cffd00bf2a83e890d09c609b7f50a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082242-enrage-armoire-a4f8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From f5ce0714623cffd00bf2a83e890d09c609b7f50a Mon Sep 17 00:00:00 2001
From: Geliang Tang <geliang(a)kernel.org>
Date: Fri, 15 Aug 2025 19:28:23 +0200
Subject: [PATCH] mptcp: disable add_addr retransmission when timeout is 0
When add_addr_timeout was set to 0, this caused the ADD_ADDR to be
retransmitted immediately, which looks like a buggy behaviour. Instead,
interpret 0 as "no retransmissions needed".
The documentation is updated to explicitly state that setting the timeout
to 0 disables retransmission.
Fixes: 93f323b9cccc ("mptcp: add a new sysctl add_addr_timeout")
Cc: stable(a)vger.kernel.org
Suggested-by: Matthieu Baerts <matttbe(a)kernel.org>
Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Link: https://patch.msgid.link/20250815-net-mptcp-misc-fixes-6-17-rc2-v1-5-521fe9…
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
diff --git a/Documentation/networking/mptcp-sysctl.rst b/Documentation/networking/mptcp-sysctl.rst
index 5bfab01eff5a..1683c139821e 100644
--- a/Documentation/networking/mptcp-sysctl.rst
+++ b/Documentation/networking/mptcp-sysctl.rst
@@ -12,6 +12,8 @@ add_addr_timeout - INTEGER (seconds)
resent to an MPTCP peer that has not acknowledged a previous
ADD_ADDR message.
+ Do not retransmit if set to 0.
+
The default value matches TCP_RTO_MAX. This is a per-namespace
sysctl.
diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c
index c5f6a53ce5f1..136a380602ca 100644
--- a/net/mptcp/pm.c
+++ b/net/mptcp/pm.c
@@ -274,6 +274,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
add_timer);
struct mptcp_sock *msk = entry->sock;
struct sock *sk = (struct sock *)msk;
+ unsigned int timeout;
pr_debug("msk=%p\n", msk);
@@ -291,6 +292,10 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
goto out;
}
+ timeout = mptcp_get_add_addr_timeout(sock_net(sk));
+ if (!timeout)
+ goto out;
+
spin_lock_bh(&msk->pm.lock);
if (!mptcp_pm_should_add_signal_addr(msk)) {
@@ -302,7 +307,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
if (entry->retrans_times < ADD_ADDR_RETRANS_MAX)
sk_reset_timer(sk, timer,
- jiffies + mptcp_get_add_addr_timeout(sock_net(sk)));
+ jiffies + timeout);
spin_unlock_bh(&msk->pm.lock);
@@ -344,6 +349,7 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk,
struct mptcp_pm_add_entry *add_entry = NULL;
struct sock *sk = (struct sock *)msk;
struct net *net = sock_net(sk);
+ unsigned int timeout;
lockdep_assert_held(&msk->pm.lock);
@@ -368,8 +374,9 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk,
timer_setup(&add_entry->add_timer, mptcp_pm_add_timer, 0);
reset_timer:
- sk_reset_timer(sk, &add_entry->add_timer,
- jiffies + mptcp_get_add_addr_timeout(net));
+ timeout = mptcp_get_add_addr_timeout(net);
+ if (timeout)
+ sk_reset_timer(sk, &add_entry->add_timer, jiffies + timeout);
return true;
}
2 weeks, 6 days
- 2
- 1
[PATCH v2] Revert "arm64: dts: lx2160a: add pinmux and i2c gpio to support bus recovery"
by Josua Mayer
This reverts commit 8a1365c7bbc122bd843096f0008d259e7a8afc61.
The commit in questions most notably breaks SD-Card on SolidRun
LX2162A Clearfog by corrupting the pinmux in dynamic configuration area
for non-i2c pins without pinmux node.
It is further expected that it breaks SD Card-Detect, as well as CAN,
DSPI and GPIOs on any board based on LX2160 SoC.
Background:
The LX2160 SoC is configured at power-on from RCW (Reset
Configuration Word) typically located in the first 4k of boot media.
This blob configures various clock rates and pin functions.
The pinmux for i2c specifically is part of configuration words RCWSR12,
RCWSR13 and RCWSR14 size 32 bit each.
These values are accessible at read-only addresses 0x01e0012c following.
For runtime (re-)configuration the SoC has a dynamic configuration area
where alternative settings can be applied. The counterparts of
RCWSR[12-14] can be overridden at 0x70010012c following.
The commit in question used this area to switch i2c pins between i2c and
gpio function at runtime using the pinctrl-single driver - which reads a
32-bit value, makes particular changes by bitmask and writes back the
new value.
SolidRun have observed that if the dynamic configuration is read first
(before a write), it reads as zero regardless the initial values set by
RCW. After the first write consecutive reads reflect the written value.
Because multiple pins are configured from a single 32-bit value, this
causes unintentional change of all bits (except those for i2c) being set
to zero when the pinctrl driver applies the first configuration.
See below a short list of which functions RCWSR12 alone controls:
LX2162-CF RCWSR12: 0b0000100000000000 0000000000000110
IIC2_PMUX ||| ||| || | ||| |||XXX : I2C/GPIO/CD-WP
IIC3_PMUX ||| ||| || | ||| XXX : I2C/GPIO/CAN/EVT
IIC4_PMUX ||| ||| || | |||XXX||| : I2C/GPIO/CAN/EVT
IIC5_PMUX ||| ||| || | XXX ||| : I2C/GPIO/SDHC-CLK
IIC6_PMUX ||| ||| || |XXX||| ||| : I2C/GPIO/SDHC-CLK
XSPI1_A_DATA74_PMUX ||| ||| XX X ||| ||| : XSPI/GPIO
XSPI1_A_DATA30_PMUX ||| |||XXX|| | ||| ||| : XSPI/GPIO
XSPI1_A_BASE_PMUX ||| XXX || | ||| ||| : XSPI/GPIO
SDHC1_BASE_PMUX |||XXX||| || | ||| ||| : SDHC/GPIO/SPI
SDHC1_DIR_PMUX XXX ||| || | ||| ||| : SDHC/GPIO/SPI
RESERVED XX||| ||| || | ||| ||| :
On LX2162A Clearfog the initial (ant intended) value is 0x08000006 -
enabling card-detect on IIC2_PMUX and some LEDs on SDHC1_DIR_PMUX.
Everything else is intentional zero (enabling I2C & XSPI).
By reading zero from dynamic configuration area, the commit in question
changes IIC2_PMUX to value 0 (I2C function), and SDHC1_DIR_PMUX to 0
(SDHC data direction function) - breaking card-detect and led gpios.
This issue should affect any board based on LX2160 SoC that is using the
same or earlier versions of NXP bootloader as SolidRun have tested, in
particular: LSDK-21.08 and LS-5.15.71-2.2.0.
Whether NXP added some extra initialisation in the bootloader on later
releases was not investigated. However bootloader upgrade should not be
necessary to run a newer Linux kernel.
To work around this issue it is possible to explicitly define ALL pins
controlled by any 32-bit value so that gradually after processing all
pinctrl nodes the correct value is reached on all bits.
This is a large task that should be done carefully on a per-board basis
and not globally through the SoC dtsi.
Therefore the commit in question is reverted.
Fixes: 8a1365c7bbc1 ("arm64: dts: lx2160a: add pinmux and i2c gpio to support bus recovery")
Cc: stable(a)vger.kernel.org
Signed-off-by: Josua Mayer <josua(a)solid-run.com>
---
Changes in v2:
- changed to revert problematic commit, workaround is large effort
- Link to v1: https://lore.kernel.org/r/f32c5525-3162-4acd-880c-99fc46d3a63d@solid-run.com
---
arch/arm64/boot/dts/freescale/fsl-lx2160a.dtsi | 106 -------------------------
1 file changed, 106 deletions(-)
diff --git a/arch/arm64/boot/dts/freescale/fsl-lx2160a.dtsi b/arch/arm64/boot/dts/freescale/fsl-lx2160a.dtsi
index c9541403bcd8..eb1b4e607e2b 100644
--- a/arch/arm64/boot/dts/freescale/fsl-lx2160a.dtsi
+++ b/arch/arm64/boot/dts/freescale/fsl-lx2160a.dtsi
@@ -749,10 +749,6 @@ i2c0: i2c@2000000 {
clock-names = "ipg";
clocks = <&clockgen QORIQ_CLK_PLATFORM_PLL
QORIQ_CLK_PLL_DIV(16)>;
- pinctrl-names = "default", "gpio";
- pinctrl-0 = <&i2c0_scl>;
- pinctrl-1 = <&i2c0_scl_gpio>;
- scl-gpios = <&gpio0 3 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>;
status = "disabled";
};
@@ -765,10 +761,6 @@ i2c1: i2c@2010000 {
clock-names = "ipg";
clocks = <&clockgen QORIQ_CLK_PLATFORM_PLL
QORIQ_CLK_PLL_DIV(16)>;
- pinctrl-names = "default", "gpio";
- pinctrl-0 = <&i2c1_scl>;
- pinctrl-1 = <&i2c1_scl_gpio>;
- scl-gpios = <&gpio0 31 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>;
status = "disabled";
};
@@ -781,10 +773,6 @@ i2c2: i2c@2020000 {
clock-names = "ipg";
clocks = <&clockgen QORIQ_CLK_PLATFORM_PLL
QORIQ_CLK_PLL_DIV(16)>;
- pinctrl-names = "default", "gpio";
- pinctrl-0 = <&i2c2_scl>;
- pinctrl-1 = <&i2c2_scl_gpio>;
- scl-gpios = <&gpio0 29 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>;
status = "disabled";
};
@@ -797,10 +785,6 @@ i2c3: i2c@2030000 {
clock-names = "ipg";
clocks = <&clockgen QORIQ_CLK_PLATFORM_PLL
QORIQ_CLK_PLL_DIV(16)>;
- pinctrl-names = "default", "gpio";
- pinctrl-0 = <&i2c3_scl>;
- pinctrl-1 = <&i2c3_scl_gpio>;
- scl-gpios = <&gpio0 27 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>;
status = "disabled";
};
@@ -813,10 +797,6 @@ i2c4: i2c@2040000 {
clock-names = "ipg";
clocks = <&clockgen QORIQ_CLK_PLATFORM_PLL
QORIQ_CLK_PLL_DIV(16)>;
- pinctrl-names = "default", "gpio";
- pinctrl-0 = <&i2c4_scl>;
- pinctrl-1 = <&i2c4_scl_gpio>;
- scl-gpios = <&gpio0 25 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>;
status = "disabled";
};
@@ -829,10 +809,6 @@ i2c5: i2c@2050000 {
clock-names = "ipg";
clocks = <&clockgen QORIQ_CLK_PLATFORM_PLL
QORIQ_CLK_PLL_DIV(16)>;
- pinctrl-names = "default", "gpio";
- pinctrl-0 = <&i2c5_scl>;
- pinctrl-1 = <&i2c5_scl_gpio>;
- scl-gpios = <&gpio0 23 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>;
status = "disabled";
};
@@ -845,10 +821,6 @@ i2c6: i2c@2060000 {
clock-names = "ipg";
clocks = <&clockgen QORIQ_CLK_PLATFORM_PLL
QORIQ_CLK_PLL_DIV(16)>;
- pinctrl-names = "default", "gpio";
- pinctrl-0 = <&i2c6_scl>;
- pinctrl-1 = <&i2c6_scl_gpio>;
- scl-gpios = <&gpio1 16 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>;
status = "disabled";
};
@@ -861,10 +833,6 @@ i2c7: i2c@2070000 {
clock-names = "ipg";
clocks = <&clockgen QORIQ_CLK_PLATFORM_PLL
QORIQ_CLK_PLL_DIV(16)>;
- pinctrl-names = "default", "gpio";
- pinctrl-0 = <&i2c7_scl>;
- pinctrl-1 = <&i2c7_scl_gpio>;
- scl-gpios = <&gpio1 18 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>;
status = "disabled";
};
@@ -1700,80 +1668,6 @@ pcs18: ethernet-phy@0 {
};
};
- pinmux_i2crv: pinmux@70010012c {
- compatible = "pinctrl-single";
- reg = <0x00000007 0x0010012c 0x0 0xc>;
- #address-cells = <1>;
- #size-cells = <0>;
- pinctrl-single,bit-per-mux;
- pinctrl-single,register-width = <32>;
- pinctrl-single,function-mask = <0x7>;
-
- i2c1_scl: i2c1-scl-pins {
- pinctrl-single,bits = <0x0 0 0x7>;
- };
-
- i2c1_scl_gpio: i2c1-scl-gpio-pins {
- pinctrl-single,bits = <0x0 0x1 0x7>;
- };
-
- i2c2_scl: i2c2-scl-pins {
- pinctrl-single,bits = <0x0 0 (0x7 << 3)>;
- };
-
- i2c2_scl_gpio: i2c2-scl-gpio-pins {
- pinctrl-single,bits = <0x0 (0x1 << 3) (0x7 << 3)>;
- };
-
- i2c3_scl: i2c3-scl-pins {
- pinctrl-single,bits = <0x0 0 (0x7 << 6)>;
- };
-
- i2c3_scl_gpio: i2c3-scl-gpio-pins {
- pinctrl-single,bits = <0x0 (0x1 << 6) (0x7 << 6)>;
- };
-
- i2c4_scl: i2c4-scl-pins {
- pinctrl-single,bits = <0x0 0 (0x7 << 9)>;
- };
-
- i2c4_scl_gpio: i2c4-scl-gpio-pins {
- pinctrl-single,bits = <0x0 (0x1 << 9) (0x7 << 9)>;
- };
-
- i2c5_scl: i2c5-scl-pins {
- pinctrl-single,bits = <0x0 0 (0x7 << 12)>;
- };
-
- i2c5_scl_gpio: i2c5-scl-gpio-pins {
- pinctrl-single,bits = <0x0 (0x1 << 12) (0x7 << 12)>;
- };
-
- i2c6_scl: i2c6-scl-pins {
- pinctrl-single,bits = <0x4 0x2 0x7>;
- };
-
- i2c6_scl_gpio: i2c6-scl-gpio-pins {
- pinctrl-single,bits = <0x4 0x1 0x7>;
- };
-
- i2c7_scl: i2c7-scl-pins {
- pinctrl-single,bits = <0x4 0x2 0x7>;
- };
-
- i2c7_scl_gpio: i2c7-scl-gpio-pins {
- pinctrl-single,bits = <0x4 0x1 0x7>;
- };
-
- i2c0_scl: i2c0-scl-pins {
- pinctrl-single,bits = <0x8 0 (0x7 << 10)>;
- };
-
- i2c0_scl_gpio: i2c0-scl-gpio-pins {
- pinctrl-single,bits = <0x8 (0x1 << 10) (0x7 << 10)>;
- };
- };
-
fsl_mc: fsl-mc@80c000000 {
compatible = "fsl,qoriq-mc";
reg = <0x00000008 0x0c000000 0 0x40>,
---
base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494
change-id: 20250710-lx2160-sd-cd-00bf38ae169e
Best regards,
--
Josua Mayer <josua(a)solid-run.com>
2 weeks, 6 days
- 2
- 3
FAILED: patch "[PATCH] mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x d2d7a96b29ea6ab093973a1a37d26126db70c79f
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082207-defog-stunned-9396@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From d2d7a96b29ea6ab093973a1a37d26126db70c79f Mon Sep 17 00:00:00 2001
From: Judith Mendez <jm(a)ti.com>
Date: Wed, 20 Aug 2025 14:30:47 -0500
Subject: [PATCH] mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1
This adds SDHCI_AM654_QUIRK_DISABLE_HS400 quirk which shall be used
to disable HS400 support. AM62P SR1.0 and SR1.1 do not support HS400
due to errata i2458 [0] so disable HS400 for these SoC revisions.
[0] https://www.ti.com/lit/er/sprz574a/sprz574a.pdf
Fixes: 37f28165518f ("arm64: dts: ti: k3-am62p: Add ITAP/OTAP values for MMC")
Cc: stable(a)vger.kernel.org
Signed-off-by: Judith Mendez <jm(a)ti.com>
Reviewed-by: Andrew Davis <afd(a)ti.com>
Acked-by: Adrian Hunter <adrian.hunter(a)intel.com>
Link: https://lore.kernel.org/r/20250820193047.4064142-1-jm@ti.com
Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org>
diff --git a/drivers/mmc/host/sdhci_am654.c b/drivers/mmc/host/sdhci_am654.c
index e4fc345be7e5..17e62c61b6e6 100644
--- a/drivers/mmc/host/sdhci_am654.c
+++ b/drivers/mmc/host/sdhci_am654.c
@@ -156,6 +156,7 @@ struct sdhci_am654_data {
#define SDHCI_AM654_QUIRK_FORCE_CDTEST BIT(0)
#define SDHCI_AM654_QUIRK_SUPPRESS_V1P8_ENA BIT(1)
+#define SDHCI_AM654_QUIRK_DISABLE_HS400 BIT(2)
};
struct window {
@@ -765,6 +766,7 @@ static int sdhci_am654_init(struct sdhci_host *host)
{
struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host);
struct sdhci_am654_data *sdhci_am654 = sdhci_pltfm_priv(pltfm_host);
+ struct device *dev = mmc_dev(host->mmc);
u32 ctl_cfg_2 = 0;
u32 mask;
u32 val;
@@ -820,6 +822,12 @@ static int sdhci_am654_init(struct sdhci_host *host)
if (ret)
goto err_cleanup_host;
+ if (sdhci_am654->quirks & SDHCI_AM654_QUIRK_DISABLE_HS400 &&
+ host->mmc->caps2 & (MMC_CAP2_HS400 | MMC_CAP2_HS400_ES)) {
+ dev_info(dev, "HS400 mode not supported on this silicon revision, disabling it\n");
+ host->mmc->caps2 &= ~(MMC_CAP2_HS400 | MMC_CAP2_HS400_ES);
+ }
+
ret = __sdhci_add_host(host);
if (ret)
goto err_cleanup_host;
@@ -883,6 +891,12 @@ static int sdhci_am654_get_of_property(struct platform_device *pdev,
return 0;
}
+static const struct soc_device_attribute sdhci_am654_descope_hs400[] = {
+ { .family = "AM62PX", .revision = "SR1.0" },
+ { .family = "AM62PX", .revision = "SR1.1" },
+ { /* sentinel */ }
+};
+
static const struct of_device_id sdhci_am654_of_match[] = {
{
.compatible = "ti,am654-sdhci-5.1",
@@ -970,6 +984,10 @@ static int sdhci_am654_probe(struct platform_device *pdev)
if (ret)
return dev_err_probe(dev, ret, "parsing dt failed\n");
+ soc = soc_device_match(sdhci_am654_descope_hs400);
+ if (soc)
+ sdhci_am654->quirks |= SDHCI_AM654_QUIRK_DISABLE_HS400;
+
host->mmc_host_ops.start_signal_voltage_switch = sdhci_am654_start_signal_voltage_switch;
host->mmc_host_ops.execute_tuning = sdhci_am654_execute_tuning;
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] mptcp: disable add_addr retransmission when timeout is 0" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x f5ce0714623cffd00bf2a83e890d09c609b7f50a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082242-rickety-degree-c696@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From f5ce0714623cffd00bf2a83e890d09c609b7f50a Mon Sep 17 00:00:00 2001
From: Geliang Tang <geliang(a)kernel.org>
Date: Fri, 15 Aug 2025 19:28:23 +0200
Subject: [PATCH] mptcp: disable add_addr retransmission when timeout is 0
When add_addr_timeout was set to 0, this caused the ADD_ADDR to be
retransmitted immediately, which looks like a buggy behaviour. Instead,
interpret 0 as "no retransmissions needed".
The documentation is updated to explicitly state that setting the timeout
to 0 disables retransmission.
Fixes: 93f323b9cccc ("mptcp: add a new sysctl add_addr_timeout")
Cc: stable(a)vger.kernel.org
Suggested-by: Matthieu Baerts <matttbe(a)kernel.org>
Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Link: https://patch.msgid.link/20250815-net-mptcp-misc-fixes-6-17-rc2-v1-5-521fe9…
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
diff --git a/Documentation/networking/mptcp-sysctl.rst b/Documentation/networking/mptcp-sysctl.rst
index 5bfab01eff5a..1683c139821e 100644
--- a/Documentation/networking/mptcp-sysctl.rst
+++ b/Documentation/networking/mptcp-sysctl.rst
@@ -12,6 +12,8 @@ add_addr_timeout - INTEGER (seconds)
resent to an MPTCP peer that has not acknowledged a previous
ADD_ADDR message.
+ Do not retransmit if set to 0.
+
The default value matches TCP_RTO_MAX. This is a per-namespace
sysctl.
diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c
index c5f6a53ce5f1..136a380602ca 100644
--- a/net/mptcp/pm.c
+++ b/net/mptcp/pm.c
@@ -274,6 +274,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
add_timer);
struct mptcp_sock *msk = entry->sock;
struct sock *sk = (struct sock *)msk;
+ unsigned int timeout;
pr_debug("msk=%p\n", msk);
@@ -291,6 +292,10 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
goto out;
}
+ timeout = mptcp_get_add_addr_timeout(sock_net(sk));
+ if (!timeout)
+ goto out;
+
spin_lock_bh(&msk->pm.lock);
if (!mptcp_pm_should_add_signal_addr(msk)) {
@@ -302,7 +307,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
if (entry->retrans_times < ADD_ADDR_RETRANS_MAX)
sk_reset_timer(sk, timer,
- jiffies + mptcp_get_add_addr_timeout(sock_net(sk)));
+ jiffies + timeout);
spin_unlock_bh(&msk->pm.lock);
@@ -344,6 +349,7 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk,
struct mptcp_pm_add_entry *add_entry = NULL;
struct sock *sk = (struct sock *)msk;
struct net *net = sock_net(sk);
+ unsigned int timeout;
lockdep_assert_held(&msk->pm.lock);
@@ -368,8 +374,9 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk,
timer_setup(&add_entry->add_timer, mptcp_pm_add_timer, 0);
reset_timer:
- sk_reset_timer(sk, &add_entry->add_timer,
- jiffies + mptcp_get_add_addr_timeout(net));
+ timeout = mptcp_get_add_addr_timeout(net);
+ if (timeout)
+ sk_reset_timer(sk, &add_entry->add_timer, jiffies + timeout);
return true;
}
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] drm/dp: Change AUX DPCD probe address from DPCD_REV to" failed to apply to 5.4-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.4-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y
git checkout FETCH_HEAD
git cherry-pick -x a40c5d727b8111b5db424a1e43e14a1dcce1e77f
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082152-monkhood-dig-c861@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From a40c5d727b8111b5db424a1e43e14a1dcce1e77f Mon Sep 17 00:00:00 2001
From: Imre Deak <imre.deak(a)intel.com>
Date: Thu, 5 Jun 2025 11:28:46 +0300
Subject: [PATCH] drm/dp: Change AUX DPCD probe address from DPCD_REV to
LANE0_1_STATUS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reading DPCD registers has side-effects in general. In particular
accessing registers outside of the link training register range
(0x102-0x106, 0x202-0x207, 0x200c-0x200f, 0x2216) is explicitly
forbidden by the DP v2.1 Standard, see
3.6.5.1 DPTX AUX Transaction Handling Mandates
3.6.7.4 128b/132b DP Link Layer LTTPR Link Training Mandates
Based on my tests, accessing the DPCD_REV register during the link
training of an UHBR TBT DP tunnel sink leads to link training failures.
Solve the above by using the DP_LANE0_1_STATUS (0x202) register for the
DPCD register access quirk.
Cc: <stable(a)vger.kernel.org>
Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com>
Cc: Jani Nikula <jani.nikula(a)linux.intel.com>
Acked-by: Jani Nikula <jani.nikula(a)intel.com>
Signed-off-by: Imre Deak <imre.deak(a)intel.com>
Link: https://lore.kernel.org/r/20250605082850.65136-2-imre.deak@intel.com
diff --git a/drivers/gpu/drm/display/drm_dp_helper.c b/drivers/gpu/drm/display/drm_dp_helper.c
index f2a6559a2710..dc622c78db9d 100644
--- a/drivers/gpu/drm/display/drm_dp_helper.c
+++ b/drivers/gpu/drm/display/drm_dp_helper.c
@@ -725,7 +725,7 @@ ssize_t drm_dp_dpcd_read(struct drm_dp_aux *aux, unsigned int offset,
* monitor doesn't power down exactly after the throw away read.
*/
if (!aux->is_remote) {
- ret = drm_dp_dpcd_probe(aux, DP_DPCD_REV);
+ ret = drm_dp_dpcd_probe(aux, DP_LANE0_1_STATUS);
if (ret < 0)
return ret;
}
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] mptcp: disable add_addr retransmission when timeout is 0" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x f5ce0714623cffd00bf2a83e890d09c609b7f50a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082241-diner-uncoated-a54e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From f5ce0714623cffd00bf2a83e890d09c609b7f50a Mon Sep 17 00:00:00 2001
From: Geliang Tang <geliang(a)kernel.org>
Date: Fri, 15 Aug 2025 19:28:23 +0200
Subject: [PATCH] mptcp: disable add_addr retransmission when timeout is 0
When add_addr_timeout was set to 0, this caused the ADD_ADDR to be
retransmitted immediately, which looks like a buggy behaviour. Instead,
interpret 0 as "no retransmissions needed".
The documentation is updated to explicitly state that setting the timeout
to 0 disables retransmission.
Fixes: 93f323b9cccc ("mptcp: add a new sysctl add_addr_timeout")
Cc: stable(a)vger.kernel.org
Suggested-by: Matthieu Baerts <matttbe(a)kernel.org>
Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Link: https://patch.msgid.link/20250815-net-mptcp-misc-fixes-6-17-rc2-v1-5-521fe9…
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
diff --git a/Documentation/networking/mptcp-sysctl.rst b/Documentation/networking/mptcp-sysctl.rst
index 5bfab01eff5a..1683c139821e 100644
--- a/Documentation/networking/mptcp-sysctl.rst
+++ b/Documentation/networking/mptcp-sysctl.rst
@@ -12,6 +12,8 @@ add_addr_timeout - INTEGER (seconds)
resent to an MPTCP peer that has not acknowledged a previous
ADD_ADDR message.
+ Do not retransmit if set to 0.
+
The default value matches TCP_RTO_MAX. This is a per-namespace
sysctl.
diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c
index c5f6a53ce5f1..136a380602ca 100644
--- a/net/mptcp/pm.c
+++ b/net/mptcp/pm.c
@@ -274,6 +274,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
add_timer);
struct mptcp_sock *msk = entry->sock;
struct sock *sk = (struct sock *)msk;
+ unsigned int timeout;
pr_debug("msk=%p\n", msk);
@@ -291,6 +292,10 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
goto out;
}
+ timeout = mptcp_get_add_addr_timeout(sock_net(sk));
+ if (!timeout)
+ goto out;
+
spin_lock_bh(&msk->pm.lock);
if (!mptcp_pm_should_add_signal_addr(msk)) {
@@ -302,7 +307,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
if (entry->retrans_times < ADD_ADDR_RETRANS_MAX)
sk_reset_timer(sk, timer,
- jiffies + mptcp_get_add_addr_timeout(sock_net(sk)));
+ jiffies + timeout);
spin_unlock_bh(&msk->pm.lock);
@@ -344,6 +349,7 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk,
struct mptcp_pm_add_entry *add_entry = NULL;
struct sock *sk = (struct sock *)msk;
struct net *net = sock_net(sk);
+ unsigned int timeout;
lockdep_assert_held(&msk->pm.lock);
@@ -368,8 +374,9 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk,
timer_setup(&add_entry->add_timer, mptcp_pm_add_timer, 0);
reset_timer:
- sk_reset_timer(sk, &add_entry->add_timer,
- jiffies + mptcp_get_add_addr_timeout(net));
+ timeout = mptcp_get_add_addr_timeout(net);
+ if (timeout)
+ sk_reset_timer(sk, &add_entry->add_timer, jiffies + timeout);
return true;
}
2 weeks, 6 days
- 2
- 1
[PATCH v2] media: vidtv: initialize local pointers upon transfer of memory ownership
by Jeongjun Park
vidtv_channel_si_init() creates a temporary list (program, service, event)
and ownership of the memory itself is transferred to the PAT/SDT/EIT
tables through vidtv_psi_pat_program_assign(),
vidtv_psi_sdt_service_assign(), vidtv_psi_eit_event_assign().
The problem here is that the local pointer where the memory ownership
transfer was completed is not initialized to NULL. This causes the
vidtv_psi_pmt_create_sec_for_each_pat_entry() function to fail, and
in the flow that jumps to free_eit, the memory that was freed by
vidtv_psi_*_table_destroy() can be accessed again by
vidtv_psi_*_event_destroy() due to the uninitialized local pointer, so it
is freed once again.
Therefore, to prevent use-after-free and double-free vuln, local pointers
must be initialized to NULL when transferring memory ownership.
Cc: <stable(a)vger.kernel.org>
Reported-by: syzbot+1d9c0edea5907af239e0(a)syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=1d9c0edea5907af239e0
Fixes: 3be8037960bc ("media: vidtv: add error checks")
Signed-off-by: Jeongjun Park <aha310510(a)gmail.com>
---
v2: Improved patch description wording and CC stable mailing list
- Link to v1: https://lore.kernel.org/all/20250822065849.1145572-1-aha310510@gmail.com/
---
drivers/media/test-drivers/vidtv/vidtv_channel.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/media/test-drivers/vidtv/vidtv_channel.c b/drivers/media/test-drivers/vidtv/vidtv_channel.c
index f3023e91b3eb..3541155c6fc6 100644
--- a/drivers/media/test-drivers/vidtv/vidtv_channel.c
+++ b/drivers/media/test-drivers/vidtv/vidtv_channel.c
@@ -461,12 +461,15 @@ int vidtv_channel_si_init(struct vidtv_mux *m)
/* assemble all programs and assign to PAT */
vidtv_psi_pat_program_assign(m->si.pat, programs);
+ programs = NULL;
/* assemble all services and assign to SDT */
vidtv_psi_sdt_service_assign(m->si.sdt, services);
+ services = NULL;
/* assemble all events and assign to EIT */
vidtv_psi_eit_event_assign(m->si.eit, events);
+ events = NULL;
m->si.pmt_secs = vidtv_psi_pmt_create_sec_for_each_pat_entry(m->si.pat,
m->pcr_pid);
--
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] mmc: sdhci-pci-gli: Add a new function to simplify the code" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x dec8b38be4b35cae5f7fa086daf2631e2cfa09c1
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082238-portal-perfectly-7a53@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From dec8b38be4b35cae5f7fa086daf2631e2cfa09c1 Mon Sep 17 00:00:00 2001
From: Victor Shih <victor.shih(a)genesyslogic.com.tw>
Date: Thu, 31 Jul 2025 14:57:50 +0800
Subject: [PATCH] mmc: sdhci-pci-gli: Add a new function to simplify the code
In preparation to fix replay timer timeout, add
sdhci_gli_mask_replay_timer_timeout() function
to simplify some of the code, allowing it to be re-used.
Signed-off-by: Victor Shih <victor.shih(a)genesyslogic.com.tw>
Fixes: 1ae1d2d6e555 ("mmc: sdhci-pci-gli: Add Genesys Logic GL9763E support")
Cc: stable(a)vger.kernel.org
Acked-by: Adrian Hunter <adrian.hunter(a)intel.com>
Link: https://lore.kernel.org/r/20250731065752.450231-2-victorshihgli@gmail.com
Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org>
diff --git a/drivers/mmc/host/sdhci-pci-gli.c b/drivers/mmc/host/sdhci-pci-gli.c
index 4c2ae71770f7..f678c91f8d3e 100644
--- a/drivers/mmc/host/sdhci-pci-gli.c
+++ b/drivers/mmc/host/sdhci-pci-gli.c
@@ -287,6 +287,20 @@
#define GLI_MAX_TUNING_LOOP 40
/* Genesys Logic chipset */
+static void sdhci_gli_mask_replay_timer_timeout(struct pci_dev *pdev)
+{
+ int aer;
+ u32 value;
+
+ /* mask the replay timer timeout of AER */
+ aer = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ERR);
+ if (aer) {
+ pci_read_config_dword(pdev, aer + PCI_ERR_COR_MASK, &value);
+ value |= PCI_ERR_COR_REP_TIMER;
+ pci_write_config_dword(pdev, aer + PCI_ERR_COR_MASK, value);
+ }
+}
+
static inline void gl9750_wt_on(struct sdhci_host *host)
{
u32 wt_value;
@@ -607,7 +621,6 @@ static void gl9750_hw_setting(struct sdhci_host *host)
{
struct sdhci_pci_slot *slot = sdhci_priv(host);
struct pci_dev *pdev;
- int aer;
u32 value;
pdev = slot->chip->pdev;
@@ -626,12 +639,7 @@ static void gl9750_hw_setting(struct sdhci_host *host)
pci_set_power_state(pdev, PCI_D0);
/* mask the replay timer timeout of AER */
- aer = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ERR);
- if (aer) {
- pci_read_config_dword(pdev, aer + PCI_ERR_COR_MASK, &value);
- value |= PCI_ERR_COR_REP_TIMER;
- pci_write_config_dword(pdev, aer + PCI_ERR_COR_MASK, value);
- }
+ sdhci_gli_mask_replay_timer_timeout(pdev);
gl9750_wt_off(host);
}
@@ -806,7 +814,6 @@ static void sdhci_gl9755_set_clock(struct sdhci_host *host, unsigned int clock)
static void gl9755_hw_setting(struct sdhci_pci_slot *slot)
{
struct pci_dev *pdev = slot->chip->pdev;
- int aer;
u32 value;
gl9755_wt_on(pdev);
@@ -841,12 +848,7 @@ static void gl9755_hw_setting(struct sdhci_pci_slot *slot)
pci_set_power_state(pdev, PCI_D0);
/* mask the replay timer timeout of AER */
- aer = pci_find_ext_capability(pdev, PCI_EXT_CAP_ID_ERR);
- if (aer) {
- pci_read_config_dword(pdev, aer + PCI_ERR_COR_MASK, &value);
- value |= PCI_ERR_COR_REP_TIMER;
- pci_write_config_dword(pdev, aer + PCI_ERR_COR_MASK, value);
- }
+ sdhci_gli_mask_replay_timer_timeout(pdev);
gl9755_wt_off(pdev);
}
2 weeks, 6 days
- 2
- 2
FAILED: patch "[PATCH] mptcp: disable add_addr retransmission when timeout is 0" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x f5ce0714623cffd00bf2a83e890d09c609b7f50a
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082241-oxidant-avoid-0017@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From f5ce0714623cffd00bf2a83e890d09c609b7f50a Mon Sep 17 00:00:00 2001
From: Geliang Tang <geliang(a)kernel.org>
Date: Fri, 15 Aug 2025 19:28:23 +0200
Subject: [PATCH] mptcp: disable add_addr retransmission when timeout is 0
When add_addr_timeout was set to 0, this caused the ADD_ADDR to be
retransmitted immediately, which looks like a buggy behaviour. Instead,
interpret 0 as "no retransmissions needed".
The documentation is updated to explicitly state that setting the timeout
to 0 disables retransmission.
Fixes: 93f323b9cccc ("mptcp: add a new sysctl add_addr_timeout")
Cc: stable(a)vger.kernel.org
Suggested-by: Matthieu Baerts <matttbe(a)kernel.org>
Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Link: https://patch.msgid.link/20250815-net-mptcp-misc-fixes-6-17-rc2-v1-5-521fe9…
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
diff --git a/Documentation/networking/mptcp-sysctl.rst b/Documentation/networking/mptcp-sysctl.rst
index 5bfab01eff5a..1683c139821e 100644
--- a/Documentation/networking/mptcp-sysctl.rst
+++ b/Documentation/networking/mptcp-sysctl.rst
@@ -12,6 +12,8 @@ add_addr_timeout - INTEGER (seconds)
resent to an MPTCP peer that has not acknowledged a previous
ADD_ADDR message.
+ Do not retransmit if set to 0.
+
The default value matches TCP_RTO_MAX. This is a per-namespace
sysctl.
diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c
index c5f6a53ce5f1..136a380602ca 100644
--- a/net/mptcp/pm.c
+++ b/net/mptcp/pm.c
@@ -274,6 +274,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
add_timer);
struct mptcp_sock *msk = entry->sock;
struct sock *sk = (struct sock *)msk;
+ unsigned int timeout;
pr_debug("msk=%p\n", msk);
@@ -291,6 +292,10 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
goto out;
}
+ timeout = mptcp_get_add_addr_timeout(sock_net(sk));
+ if (!timeout)
+ goto out;
+
spin_lock_bh(&msk->pm.lock);
if (!mptcp_pm_should_add_signal_addr(msk)) {
@@ -302,7 +307,7 @@ static void mptcp_pm_add_timer(struct timer_list *timer)
if (entry->retrans_times < ADD_ADDR_RETRANS_MAX)
sk_reset_timer(sk, timer,
- jiffies + mptcp_get_add_addr_timeout(sock_net(sk)));
+ jiffies + timeout);
spin_unlock_bh(&msk->pm.lock);
@@ -344,6 +349,7 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk,
struct mptcp_pm_add_entry *add_entry = NULL;
struct sock *sk = (struct sock *)msk;
struct net *net = sock_net(sk);
+ unsigned int timeout;
lockdep_assert_held(&msk->pm.lock);
@@ -368,8 +374,9 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk,
timer_setup(&add_entry->add_timer, mptcp_pm_add_timer, 0);
reset_timer:
- sk_reset_timer(sk, &add_entry->add_timer,
- jiffies + mptcp_get_add_addr_timeout(net));
+ timeout = mptcp_get_add_addr_timeout(net);
+ if (timeout)
+ sk_reset_timer(sk, &add_entry->add_timer, jiffies + timeout);
return true;
}
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] mptcp: remove duplicate sk_reset_timer call" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 5d13349472ac8abcbcb94407969aa0fdc2e1f1be
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082229-perch-unusable-f355@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 5d13349472ac8abcbcb94407969aa0fdc2e1f1be Mon Sep 17 00:00:00 2001
From: Geliang Tang <geliang(a)kernel.org>
Date: Fri, 15 Aug 2025 19:28:22 +0200
Subject: [PATCH] mptcp: remove duplicate sk_reset_timer call
sk_reset_timer() was called twice in mptcp_pm_alloc_anno_list.
Simplify the code by using a 'goto' statement to eliminate the
duplication.
Note that this is not a fix, but it will help backporting the following
patch. The same "Fixes" tag has been added for this reason.
Fixes: 93f323b9cccc ("mptcp: add a new sysctl add_addr_timeout")
Cc: stable(a)vger.kernel.org
Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Link: https://patch.msgid.link/20250815-net-mptcp-misc-fixes-6-17-rc2-v1-4-521fe9…
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c
index 420d416e2603..c5f6a53ce5f1 100644
--- a/net/mptcp/pm.c
+++ b/net/mptcp/pm.c
@@ -353,9 +353,7 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk,
if (WARN_ON_ONCE(mptcp_pm_is_kernel(msk)))
return false;
- sk_reset_timer(sk, &add_entry->add_timer,
- jiffies + mptcp_get_add_addr_timeout(net));
- return true;
+ goto reset_timer;
}
add_entry = kmalloc(sizeof(*add_entry), GFP_ATOMIC);
@@ -369,6 +367,7 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk,
add_entry->retrans_times = 0;
timer_setup(&add_entry->add_timer, mptcp_pm_add_timer, 0);
+reset_timer:
sk_reset_timer(sk, &add_entry->add_timer,
jiffies + mptcp_get_add_addr_timeout(net));
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] drm/dp: Change AUX DPCD probe address from DPCD_REV to" failed to apply to 5.10-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x a40c5d727b8111b5db424a1e43e14a1dcce1e77f
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082151-aftermost-fanatic-fb5f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From a40c5d727b8111b5db424a1e43e14a1dcce1e77f Mon Sep 17 00:00:00 2001
From: Imre Deak <imre.deak(a)intel.com>
Date: Thu, 5 Jun 2025 11:28:46 +0300
Subject: [PATCH] drm/dp: Change AUX DPCD probe address from DPCD_REV to
LANE0_1_STATUS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reading DPCD registers has side-effects in general. In particular
accessing registers outside of the link training register range
(0x102-0x106, 0x202-0x207, 0x200c-0x200f, 0x2216) is explicitly
forbidden by the DP v2.1 Standard, see
3.6.5.1 DPTX AUX Transaction Handling Mandates
3.6.7.4 128b/132b DP Link Layer LTTPR Link Training Mandates
Based on my tests, accessing the DPCD_REV register during the link
training of an UHBR TBT DP tunnel sink leads to link training failures.
Solve the above by using the DP_LANE0_1_STATUS (0x202) register for the
DPCD register access quirk.
Cc: <stable(a)vger.kernel.org>
Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com>
Cc: Jani Nikula <jani.nikula(a)linux.intel.com>
Acked-by: Jani Nikula <jani.nikula(a)intel.com>
Signed-off-by: Imre Deak <imre.deak(a)intel.com>
Link: https://lore.kernel.org/r/20250605082850.65136-2-imre.deak@intel.com
diff --git a/drivers/gpu/drm/display/drm_dp_helper.c b/drivers/gpu/drm/display/drm_dp_helper.c
index f2a6559a2710..dc622c78db9d 100644
--- a/drivers/gpu/drm/display/drm_dp_helper.c
+++ b/drivers/gpu/drm/display/drm_dp_helper.c
@@ -725,7 +725,7 @@ ssize_t drm_dp_dpcd_read(struct drm_dp_aux *aux, unsigned int offset,
* monitor doesn't power down exactly after the throw away read.
*/
if (!aux->is_remote) {
- ret = drm_dp_dpcd_probe(aux, DP_DPCD_REV);
+ ret = drm_dp_dpcd_probe(aux, DP_LANE0_1_STATUS);
if (ret < 0)
return ret;
}
2 weeks, 6 days
- 2
- 1
Backporting Selftests to Stable Kernels?
by Brett Sheffield
Dear Stable Maintainers,
When a bugfix is backported to stable kernels, should we be backporting the
associated selftest(s)?
eg.
9e30ecf23b1b ("net: ipv4: fix incorrect MTU in broadcast routes")
was backported to stable, but the selftest was not:
5777d1871bf6 ("selftests: net: add test for variable PMTU in broadcast routes")
Does stable policy say whether it should be?
It does not fix a bug, per se, but it does enable those of us running stable
kernel tests to more thoroughly test stable RCs.
Should mainline authors be encouraged to mark related tests for backporting?
Cheers,
Brett
2 weeks, 6 days
- 3
- 2
FAILED: patch "[PATCH] drm/dp: Change AUX DPCD probe address from DPCD_REV to" failed to apply to 5.15-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 5.15-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y
git checkout FETCH_HEAD
git cherry-pick -x a40c5d727b8111b5db424a1e43e14a1dcce1e77f
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082151-chase-quilt-9ad4@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From a40c5d727b8111b5db424a1e43e14a1dcce1e77f Mon Sep 17 00:00:00 2001
From: Imre Deak <imre.deak(a)intel.com>
Date: Thu, 5 Jun 2025 11:28:46 +0300
Subject: [PATCH] drm/dp: Change AUX DPCD probe address from DPCD_REV to
LANE0_1_STATUS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reading DPCD registers has side-effects in general. In particular
accessing registers outside of the link training register range
(0x102-0x106, 0x202-0x207, 0x200c-0x200f, 0x2216) is explicitly
forbidden by the DP v2.1 Standard, see
3.6.5.1 DPTX AUX Transaction Handling Mandates
3.6.7.4 128b/132b DP Link Layer LTTPR Link Training Mandates
Based on my tests, accessing the DPCD_REV register during the link
training of an UHBR TBT DP tunnel sink leads to link training failures.
Solve the above by using the DP_LANE0_1_STATUS (0x202) register for the
DPCD register access quirk.
Cc: <stable(a)vger.kernel.org>
Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com>
Cc: Jani Nikula <jani.nikula(a)linux.intel.com>
Acked-by: Jani Nikula <jani.nikula(a)intel.com>
Signed-off-by: Imre Deak <imre.deak(a)intel.com>
Link: https://lore.kernel.org/r/20250605082850.65136-2-imre.deak@intel.com
diff --git a/drivers/gpu/drm/display/drm_dp_helper.c b/drivers/gpu/drm/display/drm_dp_helper.c
index f2a6559a2710..dc622c78db9d 100644
--- a/drivers/gpu/drm/display/drm_dp_helper.c
+++ b/drivers/gpu/drm/display/drm_dp_helper.c
@@ -725,7 +725,7 @@ ssize_t drm_dp_dpcd_read(struct drm_dp_aux *aux, unsigned int offset,
* monitor doesn't power down exactly after the throw away read.
*/
if (!aux->is_remote) {
- ret = drm_dp_dpcd_probe(aux, DP_DPCD_REV);
+ ret = drm_dp_dpcd_probe(aux, DP_LANE0_1_STATUS);
if (ret < 0)
return ret;
}
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] mptcp: remove duplicate sk_reset_timer call" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x 5d13349472ac8abcbcb94407969aa0fdc2e1f1be
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082229-sly-caution-e57f@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 5d13349472ac8abcbcb94407969aa0fdc2e1f1be Mon Sep 17 00:00:00 2001
From: Geliang Tang <geliang(a)kernel.org>
Date: Fri, 15 Aug 2025 19:28:22 +0200
Subject: [PATCH] mptcp: remove duplicate sk_reset_timer call
sk_reset_timer() was called twice in mptcp_pm_alloc_anno_list.
Simplify the code by using a 'goto' statement to eliminate the
duplication.
Note that this is not a fix, but it will help backporting the following
patch. The same "Fixes" tag has been added for this reason.
Fixes: 93f323b9cccc ("mptcp: add a new sysctl add_addr_timeout")
Cc: stable(a)vger.kernel.org
Signed-off-by: Geliang Tang <tanggeliang(a)kylinos.cn>
Reviewed-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org>
Link: https://patch.msgid.link/20250815-net-mptcp-misc-fixes-6-17-rc2-v1-4-521fe9…
Signed-off-by: Jakub Kicinski <kuba(a)kernel.org>
diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c
index 420d416e2603..c5f6a53ce5f1 100644
--- a/net/mptcp/pm.c
+++ b/net/mptcp/pm.c
@@ -353,9 +353,7 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk,
if (WARN_ON_ONCE(mptcp_pm_is_kernel(msk)))
return false;
- sk_reset_timer(sk, &add_entry->add_timer,
- jiffies + mptcp_get_add_addr_timeout(net));
- return true;
+ goto reset_timer;
}
add_entry = kmalloc(sizeof(*add_entry), GFP_ATOMIC);
@@ -369,6 +367,7 @@ bool mptcp_pm_alloc_anno_list(struct mptcp_sock *msk,
add_entry->retrans_times = 0;
timer_setup(&add_entry->add_timer, mptcp_pm_add_timer, 0);
+reset_timer:
sk_reset_timer(sk, &add_entry->add_timer,
jiffies + mptcp_get_add_addr_timeout(net));
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] iommu/virtio: Make instance lookup robust" failed to apply to 6.16-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.16-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.16.y
git checkout FETCH_HEAD
git cherry-pick -x 72b6f7cd89cea8251979b65528d302f9c0ed37bf
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082258-exert-mousy-2b51@gregkh' --subject-prefix 'PATCH 6.16.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 72b6f7cd89cea8251979b65528d302f9c0ed37bf Mon Sep 17 00:00:00 2001
From: Robin Murphy <robin.murphy(a)arm.com>
Date: Thu, 14 Aug 2025 17:47:16 +0100
Subject: [PATCH] iommu/virtio: Make instance lookup robust
Much like arm-smmu in commit 7d835134d4e1 ("iommu/arm-smmu: Make
instance lookup robust"), virtio-iommu appears to have the same issue
where iommu_device_register() makes the IOMMU instance visible to other
API callers (including itself) straight away, but internally the
instance isn't ready to recognise itself for viommu_probe_device() to
work correctly until after viommu_probe() has returned. This matters a
lot more now that bus_iommu_probe() has the DT/VIOT knowledge to probe
client devices the way that was always intended. Tweak the lookup and
initialisation in much the same way as for arm-smmu, to ensure that what
we register is functional and ready to go.
Cc: stable(a)vger.kernel.org
Fixes: bcb81ac6ae3c ("iommu: Get DT/ACPI parsing into the proper probe path")
Signed-off-by: Robin Murphy <robin.murphy(a)arm.com>
Tested-by: Eric Auger <eric.auger(a)redhat.com>
Link: https://lore.kernel.org/r/308911aaa1f5be32a3a709996c7bd6cf71d30f33.17551900…
Signed-off-by: Joerg Roedel <joerg.roedel(a)amd.com>
diff --git a/drivers/iommu/virtio-iommu.c b/drivers/iommu/virtio-iommu.c
index 532db1de201b..b39d6f134ab2 100644
--- a/drivers/iommu/virtio-iommu.c
+++ b/drivers/iommu/virtio-iommu.c
@@ -998,8 +998,7 @@ static void viommu_get_resv_regions(struct device *dev, struct list_head *head)
iommu_dma_get_resv_regions(dev, head);
}
-static const struct iommu_ops viommu_ops;
-static struct virtio_driver virtio_iommu_drv;
+static const struct bus_type *virtio_bus_type;
static int viommu_match_node(struct device *dev, const void *data)
{
@@ -1008,8 +1007,9 @@ static int viommu_match_node(struct device *dev, const void *data)
static struct viommu_dev *viommu_get_by_fwnode(struct fwnode_handle *fwnode)
{
- struct device *dev = driver_find_device(&virtio_iommu_drv.driver, NULL,
- fwnode, viommu_match_node);
+ struct device *dev = bus_find_device(virtio_bus_type, NULL, fwnode,
+ viommu_match_node);
+
put_device(dev);
return dev ? dev_to_virtio(dev)->priv : NULL;
@@ -1160,6 +1160,9 @@ static int viommu_probe(struct virtio_device *vdev)
if (!viommu)
return -ENOMEM;
+ /* Borrow this for easy lookups later */
+ virtio_bus_type = dev->bus;
+
spin_lock_init(&viommu->request_lock);
ida_init(&viommu->domain_ids);
viommu->dev = dev;
@@ -1229,10 +1232,10 @@ static int viommu_probe(struct virtio_device *vdev)
if (ret)
goto err_free_vqs;
- iommu_device_register(&viommu->iommu, &viommu_ops, parent_dev);
-
vdev->priv = viommu;
+ iommu_device_register(&viommu->iommu, &viommu_ops, parent_dev);
+
dev_info(dev, "input address: %u bits\n",
order_base_2(viommu->geometry.aperture_end));
dev_info(dev, "page mask: %#llx\n", viommu->pgsize_bitmap);
2 weeks, 6 days
- 2
- 2
FAILED: patch "[PATCH] cpuidle: governors: menu: Avoid selecting states with too" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x 779b1a1cb13ae17028aeddb2fbbdba97357a1e15
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082216-despair-postnasal-6dbe@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 779b1a1cb13ae17028aeddb2fbbdba97357a1e15 Mon Sep 17 00:00:00 2001
From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com>
Date: Wed, 13 Aug 2025 12:25:58 +0200
Subject: [PATCH] cpuidle: governors: menu: Avoid selecting states with too
much latency
Occasionally, the exit latency of the idle state selected by the menu
governor may exceed the PM QoS CPU wakeup latency limit. Namely, if the
scheduler tick has been stopped already and predicted_ns is greater than
the tick period length, the governor may return an idle state whose exit
latency exceeds latency_req because that decision is made before
checking the current idle state's exit latency.
For instance, say that there are 3 idle states, 0, 1, and 2. For idle
states 0 and 1, the exit latency is equal to the target residency and
the values are 0 and 5 us, respectively. State 2 is deeper and has the
exit latency and target residency of 200 us and 2 ms (which is greater
than the tick period length), respectively.
Say that predicted_ns is equal to TICK_NSEC and the PM QoS latency
limit is 20 us. After the first two iterations of the main loop in
menu_select(), idx becomes 1 and in the third iteration of it the target
residency of the current state (state 2) is greater than predicted_ns.
State 2 is not a polling one and predicted_ns is not less than TICK_NSEC,
so the check on whether or not the tick has been stopped is done. Say
that the tick has been stopped already and there are no imminent timers
(that is, delta_tick is greater than the target residency of state 2).
In that case, idx becomes 2 and it is returned immediately, but the exit
latency of state 2 exceeds the latency limit.
Address this issue by modifying the code to compare the exit latency of
the current idle state (idle state i) with the latency limit before
comparing its target residency with predicted_ns, which allows one
more exit_latency_ns check that becomes redundant to be dropped.
However, after the above change, latency_req cannot take the predicted_ns
value any more, which takes place after commit 38f83090f515 ("cpuidle:
menu: Remove iowait influence"), because it may cause a polling state
to be returned prematurely.
In the context of the previous example say that predicted_ns is 3000 and
the PM QoS latency limit is still 20 us. Additionally, say that idle
state 0 is a polling one. Moving the exit_latency_ns check before the
target_residency_ns one causes the loop to terminate in the second
iteration, before the target_residency_ns check, so idle state 0 will be
returned even though previously state 1 would be returned if there were
no imminent timers.
For this reason, remove the assignment of the predicted_ns value to
latency_req from the code.
Fixes: 5ef499cd571c ("cpuidle: menu: Handle stopped tick more aggressively")
Cc: 4.17+ <stable(a)vger.kernel.org> # 4.17+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
Reviewed-by: Christian Loehle <christian.loehle(a)arm.com>
Link: https://patch.msgid.link/5043159.31r3eYUQgx@rafael.j.wysocki
diff --git a/drivers/cpuidle/governors/menu.c b/drivers/cpuidle/governors/menu.c
index 81306612a5c6..b2e3d0b0a116 100644
--- a/drivers/cpuidle/governors/menu.c
+++ b/drivers/cpuidle/governors/menu.c
@@ -287,20 +287,15 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev,
return 0;
}
- if (tick_nohz_tick_stopped()) {
- /*
- * If the tick is already stopped, the cost of possible short
- * idle duration misprediction is much higher, because the CPU
- * may be stuck in a shallow idle state for a long time as a
- * result of it. In that case say we might mispredict and use
- * the known time till the closest timer event for the idle
- * state selection.
- */
- if (predicted_ns < TICK_NSEC)
- predicted_ns = data->next_timer_ns;
- } else if (latency_req > predicted_ns) {
- latency_req = predicted_ns;
- }
+ /*
+ * If the tick is already stopped, the cost of possible short idle
+ * duration misprediction is much higher, because the CPU may be stuck
+ * in a shallow idle state for a long time as a result of it. In that
+ * case, say we might mispredict and use the known time till the closest
+ * timer event for the idle state selection.
+ */
+ if (tick_nohz_tick_stopped() && predicted_ns < TICK_NSEC)
+ predicted_ns = data->next_timer_ns;
/*
* Find the idle state with the lowest power while satisfying
@@ -316,13 +311,15 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev,
if (idx == -1)
idx = i; /* first enabled state */
+ if (s->exit_latency_ns > latency_req)
+ break;
+
if (s->target_residency_ns > predicted_ns) {
/*
* Use a physical idle state, not busy polling, unless
* a timer is going to trigger soon enough.
*/
if ((drv->states[idx].flags & CPUIDLE_FLAG_POLLING) &&
- s->exit_latency_ns <= latency_req &&
s->target_residency_ns <= data->next_timer_ns) {
predicted_ns = s->target_residency_ns;
idx = i;
@@ -354,8 +351,6 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev,
return idx;
}
- if (s->exit_latency_ns > latency_req)
- break;
idx = i;
}
2 weeks, 6 days
- 2
- 2
FAILED: patch "[PATCH] cpuidle: governors: menu: Avoid selecting states with too" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x 779b1a1cb13ae17028aeddb2fbbdba97357a1e15
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082214-daughter-popsicle-4c08@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 779b1a1cb13ae17028aeddb2fbbdba97357a1e15 Mon Sep 17 00:00:00 2001
From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com>
Date: Wed, 13 Aug 2025 12:25:58 +0200
Subject: [PATCH] cpuidle: governors: menu: Avoid selecting states with too
much latency
Occasionally, the exit latency of the idle state selected by the menu
governor may exceed the PM QoS CPU wakeup latency limit. Namely, if the
scheduler tick has been stopped already and predicted_ns is greater than
the tick period length, the governor may return an idle state whose exit
latency exceeds latency_req because that decision is made before
checking the current idle state's exit latency.
For instance, say that there are 3 idle states, 0, 1, and 2. For idle
states 0 and 1, the exit latency is equal to the target residency and
the values are 0 and 5 us, respectively. State 2 is deeper and has the
exit latency and target residency of 200 us and 2 ms (which is greater
than the tick period length), respectively.
Say that predicted_ns is equal to TICK_NSEC and the PM QoS latency
limit is 20 us. After the first two iterations of the main loop in
menu_select(), idx becomes 1 and in the third iteration of it the target
residency of the current state (state 2) is greater than predicted_ns.
State 2 is not a polling one and predicted_ns is not less than TICK_NSEC,
so the check on whether or not the tick has been stopped is done. Say
that the tick has been stopped already and there are no imminent timers
(that is, delta_tick is greater than the target residency of state 2).
In that case, idx becomes 2 and it is returned immediately, but the exit
latency of state 2 exceeds the latency limit.
Address this issue by modifying the code to compare the exit latency of
the current idle state (idle state i) with the latency limit before
comparing its target residency with predicted_ns, which allows one
more exit_latency_ns check that becomes redundant to be dropped.
However, after the above change, latency_req cannot take the predicted_ns
value any more, which takes place after commit 38f83090f515 ("cpuidle:
menu: Remove iowait influence"), because it may cause a polling state
to be returned prematurely.
In the context of the previous example say that predicted_ns is 3000 and
the PM QoS latency limit is still 20 us. Additionally, say that idle
state 0 is a polling one. Moving the exit_latency_ns check before the
target_residency_ns one causes the loop to terminate in the second
iteration, before the target_residency_ns check, so idle state 0 will be
returned even though previously state 1 would be returned if there were
no imminent timers.
For this reason, remove the assignment of the predicted_ns value to
latency_req from the code.
Fixes: 5ef499cd571c ("cpuidle: menu: Handle stopped tick more aggressively")
Cc: 4.17+ <stable(a)vger.kernel.org> # 4.17+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com>
Reviewed-by: Christian Loehle <christian.loehle(a)arm.com>
Link: https://patch.msgid.link/5043159.31r3eYUQgx@rafael.j.wysocki
diff --git a/drivers/cpuidle/governors/menu.c b/drivers/cpuidle/governors/menu.c
index 81306612a5c6..b2e3d0b0a116 100644
--- a/drivers/cpuidle/governors/menu.c
+++ b/drivers/cpuidle/governors/menu.c
@@ -287,20 +287,15 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev,
return 0;
}
- if (tick_nohz_tick_stopped()) {
- /*
- * If the tick is already stopped, the cost of possible short
- * idle duration misprediction is much higher, because the CPU
- * may be stuck in a shallow idle state for a long time as a
- * result of it. In that case say we might mispredict and use
- * the known time till the closest timer event for the idle
- * state selection.
- */
- if (predicted_ns < TICK_NSEC)
- predicted_ns = data->next_timer_ns;
- } else if (latency_req > predicted_ns) {
- latency_req = predicted_ns;
- }
+ /*
+ * If the tick is already stopped, the cost of possible short idle
+ * duration misprediction is much higher, because the CPU may be stuck
+ * in a shallow idle state for a long time as a result of it. In that
+ * case, say we might mispredict and use the known time till the closest
+ * timer event for the idle state selection.
+ */
+ if (tick_nohz_tick_stopped() && predicted_ns < TICK_NSEC)
+ predicted_ns = data->next_timer_ns;
/*
* Find the idle state with the lowest power while satisfying
@@ -316,13 +311,15 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev,
if (idx == -1)
idx = i; /* first enabled state */
+ if (s->exit_latency_ns > latency_req)
+ break;
+
if (s->target_residency_ns > predicted_ns) {
/*
* Use a physical idle state, not busy polling, unless
* a timer is going to trigger soon enough.
*/
if ((drv->states[idx].flags & CPUIDLE_FLAG_POLLING) &&
- s->exit_latency_ns <= latency_req &&
s->target_residency_ns <= data->next_timer_ns) {
predicted_ns = s->target_residency_ns;
idx = i;
@@ -354,8 +351,6 @@ static int menu_select(struct cpuidle_driver *drv, struct cpuidle_device *dev,
return idx;
}
- if (s->exit_latency_ns > latency_req)
- break;
idx = i;
}
2 weeks, 6 days
- 2
- 2
FAILED: patch "[PATCH] drm/dp: Change AUX DPCD probe address from DPCD_REV to" failed to apply to 6.1-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.1-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y
git checkout FETCH_HEAD
git cherry-pick -x a40c5d727b8111b5db424a1e43e14a1dcce1e77f
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082150-fiddle-impure-4da2@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From a40c5d727b8111b5db424a1e43e14a1dcce1e77f Mon Sep 17 00:00:00 2001
From: Imre Deak <imre.deak(a)intel.com>
Date: Thu, 5 Jun 2025 11:28:46 +0300
Subject: [PATCH] drm/dp: Change AUX DPCD probe address from DPCD_REV to
LANE0_1_STATUS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reading DPCD registers has side-effects in general. In particular
accessing registers outside of the link training register range
(0x102-0x106, 0x202-0x207, 0x200c-0x200f, 0x2216) is explicitly
forbidden by the DP v2.1 Standard, see
3.6.5.1 DPTX AUX Transaction Handling Mandates
3.6.7.4 128b/132b DP Link Layer LTTPR Link Training Mandates
Based on my tests, accessing the DPCD_REV register during the link
training of an UHBR TBT DP tunnel sink leads to link training failures.
Solve the above by using the DP_LANE0_1_STATUS (0x202) register for the
DPCD register access quirk.
Cc: <stable(a)vger.kernel.org>
Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com>
Cc: Jani Nikula <jani.nikula(a)linux.intel.com>
Acked-by: Jani Nikula <jani.nikula(a)intel.com>
Signed-off-by: Imre Deak <imre.deak(a)intel.com>
Link: https://lore.kernel.org/r/20250605082850.65136-2-imre.deak@intel.com
diff --git a/drivers/gpu/drm/display/drm_dp_helper.c b/drivers/gpu/drm/display/drm_dp_helper.c
index f2a6559a2710..dc622c78db9d 100644
--- a/drivers/gpu/drm/display/drm_dp_helper.c
+++ b/drivers/gpu/drm/display/drm_dp_helper.c
@@ -725,7 +725,7 @@ ssize_t drm_dp_dpcd_read(struct drm_dp_aux *aux, unsigned int offset,
* monitor doesn't power down exactly after the throw away read.
*/
if (!aux->is_remote) {
- ret = drm_dp_dpcd_probe(aux, DP_DPCD_REV);
+ ret = drm_dp_dpcd_probe(aux, DP_LANE0_1_STATUS);
if (ret < 0)
return ret;
}
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] drm/amd: Restore cached manual clock settings during resume" failed to apply to 6.16-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.16-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.16.y
git checkout FETCH_HEAD
git cherry-pick -x 796ff8a7e01bd18738d3bb4111f9d6f963145d29
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082108-oil-trailing-aa0d@gregkh' --subject-prefix 'PATCH 6.16.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From 796ff8a7e01bd18738d3bb4111f9d6f963145d29 Mon Sep 17 00:00:00 2001
From: Mario Limonciello <mario.limonciello(a)amd.com>
Date: Thu, 24 Jul 2025 22:12:22 -0500
Subject: [PATCH] drm/amd: Restore cached manual clock settings during resume
If the SCLK limits have been set before S3 they will not
be restored. The limits are however cached in the driver and so
they can be restored by running a commit sequence during resume.
Acked-by: Alex Deucher <alexander.deucher(a)amd.com>
Link: https://lore.kernel.org/r/20250725031222.3015095-3-superm1@kernel.org
Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com>
Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com>
(cherry picked from commit 4e9526924d09057a9ba854305e17eded900ced82)
Cc: stable(a)vger.kernel.org
diff --git a/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c b/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c
index 310f51ff05b9..b47cb4a5f488 100644
--- a/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c
+++ b/drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c
@@ -77,6 +77,9 @@ static void smu_power_profile_mode_get(struct smu_context *smu,
static void smu_power_profile_mode_put(struct smu_context *smu,
enum PP_SMC_POWER_PROFILE profile_mode);
static enum smu_clk_type smu_convert_to_smuclk(enum pp_clock_type type);
+static int smu_od_edit_dpm_table(void *handle,
+ enum PP_OD_DPM_TABLE_COMMAND type,
+ long *input, uint32_t size);
static int smu_sys_get_pp_feature_mask(void *handle,
char *buf)
@@ -2195,6 +2198,7 @@ static int smu_resume(struct amdgpu_ip_block *ip_block)
int ret;
struct amdgpu_device *adev = ip_block->adev;
struct smu_context *smu = adev->powerplay.pp_handle;
+ struct smu_dpm_context *smu_dpm_ctx = &(smu->smu_dpm);
if (amdgpu_sriov_multi_vf_mode(adev))
return 0;
@@ -2232,6 +2236,12 @@ static int smu_resume(struct amdgpu_ip_block *ip_block)
return ret;
}
+ if (smu_dpm_ctx->dpm_level == AMD_DPM_FORCED_LEVEL_MANUAL) {
+ ret = smu_od_edit_dpm_table(smu, PP_OD_COMMIT_DPM_TABLE, NULL, 0);
+ if (ret)
+ return ret;
+ }
+
dev_info(adev->dev, "SMU is resumed successfully!\n");
return 0;
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] drm/dp: Change AUX DPCD probe address from DPCD_REV to" failed to apply to 6.6-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.6-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y
git checkout FETCH_HEAD
git cherry-pick -x a40c5d727b8111b5db424a1e43e14a1dcce1e77f
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082149-disfigure-divinely-bc5c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From a40c5d727b8111b5db424a1e43e14a1dcce1e77f Mon Sep 17 00:00:00 2001
From: Imre Deak <imre.deak(a)intel.com>
Date: Thu, 5 Jun 2025 11:28:46 +0300
Subject: [PATCH] drm/dp: Change AUX DPCD probe address from DPCD_REV to
LANE0_1_STATUS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reading DPCD registers has side-effects in general. In particular
accessing registers outside of the link training register range
(0x102-0x106, 0x202-0x207, 0x200c-0x200f, 0x2216) is explicitly
forbidden by the DP v2.1 Standard, see
3.6.5.1 DPTX AUX Transaction Handling Mandates
3.6.7.4 128b/132b DP Link Layer LTTPR Link Training Mandates
Based on my tests, accessing the DPCD_REV register during the link
training of an UHBR TBT DP tunnel sink leads to link training failures.
Solve the above by using the DP_LANE0_1_STATUS (0x202) register for the
DPCD register access quirk.
Cc: <stable(a)vger.kernel.org>
Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com>
Cc: Jani Nikula <jani.nikula(a)linux.intel.com>
Acked-by: Jani Nikula <jani.nikula(a)intel.com>
Signed-off-by: Imre Deak <imre.deak(a)intel.com>
Link: https://lore.kernel.org/r/20250605082850.65136-2-imre.deak@intel.com
diff --git a/drivers/gpu/drm/display/drm_dp_helper.c b/drivers/gpu/drm/display/drm_dp_helper.c
index f2a6559a2710..dc622c78db9d 100644
--- a/drivers/gpu/drm/display/drm_dp_helper.c
+++ b/drivers/gpu/drm/display/drm_dp_helper.c
@@ -725,7 +725,7 @@ ssize_t drm_dp_dpcd_read(struct drm_dp_aux *aux, unsigned int offset,
* monitor doesn't power down exactly after the throw away read.
*/
if (!aux->is_remote) {
- ret = drm_dp_dpcd_probe(aux, DP_DPCD_REV);
+ ret = drm_dp_dpcd_probe(aux, DP_LANE0_1_STATUS);
if (ret < 0)
return ret;
}
2 weeks, 6 days
- 2
- 1
FAILED: patch "[PATCH] drm/dp: Change AUX DPCD probe address from DPCD_REV to" failed to apply to 6.12-stable tree
by gregkh@linuxfoundation.org
The patch below does not apply to the 6.12-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable(a)vger.kernel.org>.
To reproduce the conflict and resubmit, you may use the following commands:
git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y
git checkout FETCH_HEAD
git cherry-pick -x a40c5d727b8111b5db424a1e43e14a1dcce1e77f
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082149-baggy-limpness-3f61@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^..
Possible dependencies:
thanks,
greg k-h
------------------ original commit in Linus's tree ------------------
From a40c5d727b8111b5db424a1e43e14a1dcce1e77f Mon Sep 17 00:00:00 2001
From: Imre Deak <imre.deak(a)intel.com>
Date: Thu, 5 Jun 2025 11:28:46 +0300
Subject: [PATCH] drm/dp: Change AUX DPCD probe address from DPCD_REV to
LANE0_1_STATUS
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reading DPCD registers has side-effects in general. In particular
accessing registers outside of the link training register range
(0x102-0x106, 0x202-0x207, 0x200c-0x200f, 0x2216) is explicitly
forbidden by the DP v2.1 Standard, see
3.6.5.1 DPTX AUX Transaction Handling Mandates
3.6.7.4 128b/132b DP Link Layer LTTPR Link Training Mandates
Based on my tests, accessing the DPCD_REV register during the link
training of an UHBR TBT DP tunnel sink leads to link training failures.
Solve the above by using the DP_LANE0_1_STATUS (0x202) register for the
DPCD register access quirk.
Cc: <stable(a)vger.kernel.org>
Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com>
Cc: Jani Nikula <jani.nikula(a)linux.intel.com>
Acked-by: Jani Nikula <jani.nikula(a)intel.com>
Signed-off-by: Imre Deak <imre.deak(a)intel.com>
Link: https://lore.kernel.org/r/20250605082850.65136-2-imre.deak@intel.com
diff --git a/drivers/gpu/drm/display/drm_dp_helper.c b/drivers/gpu/drm/display/drm_dp_helper.c
index f2a6559a2710..dc622c78db9d 100644
--- a/drivers/gpu/drm/display/drm_dp_helper.c
+++ b/drivers/gpu/drm/display/drm_dp_helper.c
@@ -725,7 +725,7 @@ ssize_t drm_dp_dpcd_read(struct drm_dp_aux *aux, unsigned int offset,
* monitor doesn't power down exactly after the throw away read.
*/
if (!aux->is_remote) {
- ret = drm_dp_dpcd_probe(aux, DP_DPCD_REV);
+ ret = drm_dp_dpcd_probe(aux, DP_LANE0_1_STATUS);
if (ret < 0)
return ret;
}
2 weeks, 6 days
- 2
- 1