- Linux-stable-mirror - lists.linaro.org

[PATCH v3] mtd: spinand: winbond: Fix oob_layout for W25N01JW

by Santhosh Kumar K

Fix the W25N01JW's oob_layout according to the datasheet [1] [1] https://www.winbond.com/hq/product/code-storage-flash-memory/qspinand-flash… Fixes: 6a804fb72de5 ("mtd: spinand: winbond: add support for serial NAND flash") Cc: Sridharan S N <quic_sridsn(a)quicinc.com> Cc: stable(a)vger.kernel.org Signed-off-by: Santhosh Kumar K <s-k6(a)ti.com> --- Changes in v3: - Fix regions' offset and length aligned for Bad Block Management only for section 0 - Rebase on next - Link to v2: https://lore.kernel.org/linux-mtd/20250213060018.2664518-1-s-k6@ti.com/ Changes in v2: - Detach patch 3/3 from v1 - Rebase on next - Link to v1: https://lore.kernel.org/linux-mtd/20250102115110.1402440-1-s-k6@ti.com/ --- drivers/mtd/nand/spi/winbond.c | 37 +++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/drivers/mtd/nand/spi/winbond.c b/drivers/mtd/nand/spi/winbond.c index 87053389a1fc..4870b2d5edb2 100644 --- a/drivers/mtd/nand/spi/winbond.c +++ b/drivers/mtd/nand/spi/winbond.c @@ -176,6 +176,36 @@ static const struct mtd_ooblayout_ops w25n02kv_ooblayout = { .free = w25n02kv_ooblayout_free, }; +static int w25n01jw_ooblayout_ecc(struct mtd_info *mtd, int section, + struct mtd_oob_region *region) +{ + if (section > 3) + return -ERANGE; + + region->offset = (16 * section) + 12; + region->length = 4; + + return 0; +} + +static int w25n01jw_ooblayout_free(struct mtd_info *mtd, int section, + struct mtd_oob_region *region) +{ + if (section > 3) + return -ERANGE; + + region->offset = (16 * section); + region->length = 12; + + /* Extract BBM */ + if (!section) { + region->offset += 2; + region->length -= 2; + } + + return 0; +} + static int w35n01jw_ooblayout_ecc(struct mtd_info *mtd, int section, struct mtd_oob_region *region) { @@ -206,6 +236,11 @@ static int w35n01jw_ooblayout_free(struct mtd_info *mtd, int section, return 0; } +static const struct mtd_ooblayout_ops w25n01jw_ooblayout = { + .ecc = w25n01jw_ooblayout_ecc, + .free = w25n01jw_ooblayout_free, +}; + static const struct mtd_ooblayout_ops w35n01jw_ooblayout = { .ecc = w35n01jw_ooblayout_ecc, .free = w35n01jw_ooblayout_free, @@ -394,7 +429,7 @@ static const struct spinand_info winbond_spinand_table[] = { &write_cache_variants, &update_cache_variants), 0, - SPINAND_ECCINFO(&w25m02gv_ooblayout, NULL), + SPINAND_ECCINFO(&w25n01jw_ooblayout, NULL), SPINAND_CONFIGURE_CHIP(w25n0xjw_hs_cfg)), SPINAND_INFO("W25N01KV", /* 3.3V */ SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0xae, 0x21), -- 2.34.1

1 week, 6 days

1
0
0 0

[PATCH v3 2/3] drm/xe: Allow the pm notifier to continue on failure

by Thomas Hellström

Its actions are opportunistic anyway and will be completed on device suspend. Marking as a fix to simplify backporting of the fix that follows in the series. v2: - Keep the runtime pm reference over suspend / hibernate and document why. (Matt Auld, Rodrigo Vivi): Fixes: c6a4d46ec1d7 ("drm/xe: evict user memory in PM notifier") Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.16+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_pm.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_pm.c b/drivers/gpu/drm/xe/xe_pm.c index a2e85030b7f4..bee9aacd82e7 100644 --- a/drivers/gpu/drm/xe/xe_pm.c +++ b/drivers/gpu/drm/xe/xe_pm.c @@ -308,17 +308,17 @@ static int xe_pm_notifier_callback(struct notifier_block *nb, case PM_SUSPEND_PREPARE: xe_pm_runtime_get(xe); err = xe_bo_evict_all_user(xe); - if (err) { + if (err) drm_dbg(&xe->drm, "Notifier evict user failed (%d)\n", err); - xe_pm_runtime_put(xe); - break; - } err = xe_bo_notifier_prepare_all_pinned(xe); - if (err) { + if (err) drm_dbg(&xe->drm, "Notifier prepare pin failed (%d)\n", err); - xe_pm_runtime_put(xe); - } + /* + * Keep the runtime pm reference until post hibernation / post suspend to + * avoid a runtime suspend interfering with evicted objects or backup + * allocations. + */ break; case PM_POST_HIBERNATION: case PM_POST_SUSPEND: @@ -327,9 +327,6 @@ static int xe_pm_notifier_callback(struct notifier_block *nb, break; } - if (err) - return NOTIFY_BAD; - return NOTIFY_DONE; } -- 2.50.1

1 week, 6 days

1
0
0 0

[PATCH v3 1/3] drm/xe: Attempt to bring bos back to VRAM after eviction

by Thomas Hellström

VRAM+TT bos that are evicted from VRAM to TT may remain in TT also after a revalidation following eviction or suspend. This manifests itself as applications becoming sluggish after buffer objects get evicted or after a resume from suspend or hibernation. If the bo supports placement in both VRAM and TT, and we are on DGFX, mark the TT placement as fallback. This means that it is tried only after VRAM + eviction. This flaw has probably been present since the xe module was upstreamed but use a Fixes: commit below where backporting is likely to be simple. For earlier versions we need to open- code the fallback algorithm in the driver. v2: - Remove check for dgfx. (Matthew Auld) - Update the xe_dma_buf kunit test for the new strategy (CI) - Allow dma-buf to pin in current placement (CI) - Make xe_bo_validate() for pinned bos a NOP. Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/5995 Fixes: a78a8da51b36 ("drm/ttm: replace busy placement with flags v6") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.9+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Reviewed-by: Matthew Auld <matthew.auld(a)intel.com> #v1 --- drivers/gpu/drm/xe/tests/xe_bo.c | 2 +- drivers/gpu/drm/xe/tests/xe_dma_buf.c | 10 +--------- drivers/gpu/drm/xe/xe_bo.c | 16 ++++++++++++---- drivers/gpu/drm/xe/xe_bo.h | 2 +- drivers/gpu/drm/xe/xe_dma_buf.c | 2 +- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/drivers/gpu/drm/xe/tests/xe_bo.c b/drivers/gpu/drm/xe/tests/xe_bo.c index bb469096d072..7b40cc8be1c9 100644 --- a/drivers/gpu/drm/xe/tests/xe_bo.c +++ b/drivers/gpu/drm/xe/tests/xe_bo.c @@ -236,7 +236,7 @@ static int evict_test_run_tile(struct xe_device *xe, struct xe_tile *tile, struc } xe_bo_lock(external, false); - err = xe_bo_pin_external(external); + err = xe_bo_pin_external(external, false); xe_bo_unlock(external); if (err) { KUNIT_FAIL(test, "external bo pin err=%pe\n", diff --git a/drivers/gpu/drm/xe/tests/xe_dma_buf.c b/drivers/gpu/drm/xe/tests/xe_dma_buf.c index 3c5ad8cc65a0..5baeab6b6fb7 100644 --- a/drivers/gpu/drm/xe/tests/xe_dma_buf.c +++ b/drivers/gpu/drm/xe/tests/xe_dma_buf.c @@ -85,15 +85,7 @@ static void check_residency(struct kunit *test, struct xe_bo *exported, return; } - /* - * If on different devices, the exporter is kept in system if - * possible, saving a migration step as the transfer is just - * likely as fast from system memory. - */ - if (params->mem_mask & XE_BO_FLAG_SYSTEM) - KUNIT_EXPECT_TRUE(test, xe_bo_is_mem_type(exported, XE_PL_TT)); - else - KUNIT_EXPECT_TRUE(test, xe_bo_is_mem_type(exported, mem_type)); + KUNIT_EXPECT_TRUE(test, xe_bo_is_mem_type(exported, mem_type)); if (params->force_different_devices) KUNIT_EXPECT_TRUE(test, xe_bo_is_mem_type(imported, XE_PL_TT)); diff --git a/drivers/gpu/drm/xe/xe_bo.c b/drivers/gpu/drm/xe/xe_bo.c index 4faf15d5fa6d..870f43347281 100644 --- a/drivers/gpu/drm/xe/xe_bo.c +++ b/drivers/gpu/drm/xe/xe_bo.c @@ -188,6 +188,8 @@ static void try_add_system(struct xe_device *xe, struct xe_bo *bo, bo->placements[*c] = (struct ttm_place) { .mem_type = XE_PL_TT, + .flags = (bo_flags & XE_BO_FLAG_VRAM_MASK) ? + TTM_PL_FLAG_FALLBACK : 0, }; *c += 1; } @@ -2322,6 +2324,7 @@ uint64_t vram_region_gpu_offset(struct ttm_resource *res) /** * xe_bo_pin_external - pin an external BO * @bo: buffer object to be pinned + * @in_place: Pin in current placement, don't attempt to migrate. * * Pin an external (not tied to a VM, can be exported via dma-buf / prime FD) * BO. Unique call compared to xe_bo_pin as this function has it own set of @@ -2329,7 +2332,7 @@ uint64_t vram_region_gpu_offset(struct ttm_resource *res) * * Returns 0 for success, negative error code otherwise. */ -int xe_bo_pin_external(struct xe_bo *bo) +int xe_bo_pin_external(struct xe_bo *bo, bool in_place) { struct xe_device *xe = xe_bo_device(bo); int err; @@ -2338,9 +2341,11 @@ int xe_bo_pin_external(struct xe_bo *bo) xe_assert(xe, xe_bo_is_user(bo)); if (!xe_bo_is_pinned(bo)) { - err = xe_bo_validate(bo, NULL, false); - if (err) - return err; + if (!in_place) { + err = xe_bo_validate(bo, NULL, false); + if (err) + return err; + } spin_lock(&xe->pinned.lock); list_add_tail(&bo->pinned_link, &xe->pinned.late.external); @@ -2493,6 +2498,9 @@ int xe_bo_validate(struct xe_bo *bo, struct xe_vm *vm, bool allow_res_evict) }; int ret; + if (xe_bo_is_pinned(bo)) + return 0; + if (vm) { lockdep_assert_held(&vm->lock); xe_vm_assert_held(vm); diff --git a/drivers/gpu/drm/xe/xe_bo.h b/drivers/gpu/drm/xe/xe_bo.h index 8cce413b5235..cfb1ec266a6d 100644 --- a/drivers/gpu/drm/xe/xe_bo.h +++ b/drivers/gpu/drm/xe/xe_bo.h @@ -200,7 +200,7 @@ static inline void xe_bo_unlock_vm_held(struct xe_bo *bo) } } -int xe_bo_pin_external(struct xe_bo *bo); +int xe_bo_pin_external(struct xe_bo *bo, bool in_place); int xe_bo_pin(struct xe_bo *bo); void xe_bo_unpin_external(struct xe_bo *bo); void xe_bo_unpin(struct xe_bo *bo); diff --git a/drivers/gpu/drm/xe/xe_dma_buf.c b/drivers/gpu/drm/xe/xe_dma_buf.c index 346f857f3837..af64baf872ef 100644 --- a/drivers/gpu/drm/xe/xe_dma_buf.c +++ b/drivers/gpu/drm/xe/xe_dma_buf.c @@ -72,7 +72,7 @@ static int xe_dma_buf_pin(struct dma_buf_attachment *attach) return ret; } - ret = xe_bo_pin_external(bo); + ret = xe_bo_pin_external(bo, true); xe_assert(xe, !ret); return 0; -- 2.50.1

1 week, 6 days

1
0
0 0

Bug: Performance regression in 1013af4f585f: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race

by Uschakow, Stanislav

Hello. We have observed a huge latency increase using `fork()` after ingesting the CVE-2025-38085 fix which leads to the commit `1013af4f585f: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race`. On large machines with 1.5TB of memory with 196 cores, we identified mmapping of 1.2TB of shared memory and forking itself dozens or hundreds of times we see a increase of execution times of a factor of 4. The reproducer is at the end of the email. Comparing the a kernel without this patch with a kernel with this patch applied when spawning 1000 children we see those execution times: Patched kernel: $ time make stress ... real 0m11.275s user 0m0.177s sys 0m23.905s Original kernel : $ time make stress ...real 0m2.475s user 0m1.398s sys 0m2.501s The patch in question: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… My observation/assumption is: each child touches 100 random pages and despawns on each despawn `huge_pmd_unshare()` is called each call to `huge_pmd_unshare()` syncrhonizes all threads using `tlb_remove_table_sync_one()` leading to the regression I'm happy to provide more information. Thank you Stanislav Uschakow === Reproducer === Setup: #!/bin/bash echo "Setting up hugepages for reproduction..." # hugepages (1.2TB / 2MB = 614400 pages) REQUIRED_PAGES=614400 # Check current hugepage allocation CURRENT_PAGES=$(cat /proc/sys/vm/nr_hugepages) echo "Current hugepages: $CURRENT_PAGES" if [ "$CURRENT_PAGES" -lt "$REQUIRED_PAGES" ]; then echo "Allocating $REQUIRED_PAGES hugepages..." echo $REQUIRED_PAGES | sudo tee /proc/sys/vm/nr_hugepages ALLOCATED=$(cat /proc/sys/vm/nr_hugepages) echo "Allocated hugepages: $ALLOCATED" if [ "$ALLOCATED" -lt "$REQUIRED_PAGES" ]; then echo "Warning: Could not allocate all required hugepages" echo "Available: $ALLOCATED, Required: $REQUIRED_PAGES" fi fi echo never | sudo tee /sys/kernel/mm/transparent_hugepage/enabled echo -e "\nHugepage information:" cat /proc/meminfo | grep -i huge echo -e "\nSetup complete. You can now run the reproduction test." Makefile: CXX = gcc CXXFLAGS = -O2 -Wall TARGET = hugepage_repro SOURCE = hugepage_repro.c $(TARGET): $(SOURCE) $(CXX) $(CXXFLAGS) -o $(TARGET) $(SOURCE) clean: rm -f $(TARGET) setup: chmod +x setup_hugepages.sh ./setup_hugepages.sh test: $(TARGET) ./$(TARGET) 20 3 stress: $(TARGET) ./$(TARGET) 1000 1 .PHONY: clean setup test stress hugepage_repro.c: #include <sys/mman.h> #include <sys/wait.h> #include <unistd.h> #include <stdlib.h> #include <string.h> #include <time.h> #include <stdio.h> #define HUGEPAGE_SIZE (2 * 1024 * 1024) // 2MB #define TOTAL_SIZE (1200ULL * 1024 * 1024 * 1024) // 1.2TB #define NUM_HUGEPAGES (TOTAL_SIZE / HUGEPAGE_SIZE) void* create_hugepage_mapping() { void* addr = mmap(NULL, TOTAL_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS | MAP_HUGETLB, -1, 0); if (addr == MAP_FAILED) { perror("mmap hugepages failed"); exit(1); } return addr; } void touch_random_pages(void* addr, int num_touches) { char* base = (char*)addr; for (int i = 0; i < num_touches; ++i) { size_t offset = (rand() % NUM_HUGEPAGES) * HUGEPAGE_SIZE; volatile char val = base[offset]; (void)val; } } void child_process(void* shared_mem, int child_id) { struct timespec start, end; clock_gettime(CLOCK_MONOTONIC, &start); touch_random_pages(shared_mem, 100); clock_gettime(CLOCK_MONOTONIC, &end); long duration = (end.tv_sec - start.tv_sec) * 1000000 + (end.tv_nsec - start.tv_nsec) / 1000; printf("Child %d completed in %ld μs\n", child_id, duration); } int main(int argc, char* argv[]) { int num_processes = argc > 1 ? atoi(argv[1]) : 50; int iterations = argc > 2 ? atoi(argv[2]) : 5; printf("Creating %lluGB hugepage mapping...\n", TOTAL_SIZE / (1024*1024*1024)); void* shared_mem = create_hugepage_mapping(); for (int iter = 0; iter < iterations; ++iter) { printf("\nIteration %d: Forking %d processes\n", iter + 1, num_processes); pid_t children[num_processes]; struct timespec iter_start, iter_end; clock_gettime(CLOCK_MONOTONIC, &iter_start); for (int i = 0; i < num_processes; ++i) { pid_t pid = fork(); if (pid == 0) { child_process(shared_mem, i); exit(0); } else if (pid > 0) { children[i] = pid; } } for (int i = 0; i < num_processes; ++i) { waitpid(children[i], NULL, 0); } clock_gettime(CLOCK_MONOTONIC, &iter_end); long iter_duration = (iter_end.tv_sec - iter_start.tv_sec) * 1000 + (iter_end.tv_nsec - iter_start.tv_nsec) / 1000000; printf("Iteration completed in %ld ms\n", iter_duration); } munmap(shared_mem, TOTAL_SIZE); return 0; } Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

1 week, 6 days

3
3
0 0

[PATCH 5.10 00/34] 5.10.242-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.242 release. There are 34 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 04 Sep 2025 13:19:14 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.242-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.242-rc1 Eric Sandeen <sandeen(a)redhat.com> xfs: do not propagate ENODATA disk errors into xattr code Brent Lu <brent.lu(a)intel.com> ASoC: Intel: sof_da7219_mx98360a: fail to initialize soundcard Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: glk_rt5682_max98357a: shrink platform_id below 20 characters Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: sof_rt5682: shrink platform_id names below 20 characters Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: bxt_da7219_max98357a: shrink platform_id below 20 characters Imre Deak <imre.deak(a)intel.com> Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> HID: mcp2221: Handle reads greater than 60 bytes Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> HID: mcp2221: Don't set bus speed on every transfer James Jones <jajones(a)nvidia.com> drm/nouveau/disp: Always accept linear modifier Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions Shanker Donthineni <sdonthineni(a)nvidia.com> dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amdgpu: fix incorrect vm flags to map bo" Minjong Kim <minbell.kim(a)samsung.com> HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() Ping Cheng <pinglinux(a)gmail.com> HID: wacom: Add a new Art Pen 2 Qasim Ijaz <qasdev00(a)gmail.com> HID: asus: fix UAF via HID_CLAIMED_INPUT validation Thijs Raymakers <thijs(a)raymakers.nl> KVM: x86: use array_index_nospec with indices that come from guest Li Nan <linan122(a)huawei.com> efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Eric Dumazet <edumazet(a)google.com> sctp: initialize more fields in sctp_v6_from_sk() Rohan G Thomas <rohan.g.thomas(a)altera.com> net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Set local Xoff after FW update Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Update and set Xon/Xoff upon port speed set Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Update and set Xon/Xoff upon MTU set Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: fix multicast stats being counted incorrectly Kuniyuki Iwashima <kuniyu(a)google.com> atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/kvm: Fix ifdef to remove build warning Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix regression in local-broadcast routes Nikolay Kuratov <kniv(a)yandex-team.ru> vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix a race when updating an existing write Christoph Hellwig <hch(a)lst.de> nfs: fold nfs_page_group_lock_subrequests into nfs_lock_and_join_requests Tianxiang Peng <txpeng(a)tencent.com> x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Damien Le Moal <dlemoal(a)kernel.org> scsi: core: sysfs: Correct sysfs attributes access rights Tengda Wu <wutengda(a)huaweicloud.com> ftrace: Fix potential warning in trace_printk_seq during ftrace_dump Randy Dunlap <rdunlap(a)infradead.org> pinctrl: STMFX: add missing HAS_IOMEM dependency ------------- Diffstat: Makefile | 4 +- arch/powerpc/kernel/kvm.c | 8 +- arch/x86/kernel/cpu/hygon.c | 3 + arch/x86/kvm/lapic.c | 2 + arch/x86/kvm/x86.c | 7 +- drivers/atm/atmtcp.c | 17 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- drivers/gpu/drm/drm_dp_helper.c | 2 +- drivers/gpu/drm/nouveau/dispnv50/wndw.c | 4 + drivers/hid/hid-asus.c | 8 +- drivers/hid/hid-mcp2221.c | 71 +++++++---- drivers/hid/hid-ntrig.c | 3 + drivers/hid/wacom_wac.c | 1 + drivers/net/ethernet/dlink/dl2k.c | 2 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.c | 3 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 ++ drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 19 ++- drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 4 - drivers/net/usb/qmi_wwan.c | 3 + drivers/pinctrl/Kconfig | 1 + drivers/scsi/scsi_sysfs.c | 4 +- drivers/vhost/net.c | 9 +- fs/efivarfs/super.c | 4 + fs/nfs/pagelist.c | 86 +------------ fs/nfs/write.c | 142 +++++++++++++-------- fs/xfs/libxfs/xfs_attr_remote.c | 7 + fs/xfs/libxfs/xfs_da_btree.c | 6 + include/linux/atmdev.h | 1 + include/linux/nfs_page.h | 2 +- kernel/dma/pool.c | 4 +- kernel/trace/trace.c | 4 +- net/atm/common.c | 15 ++- net/bluetooth/hci_event.c | 12 +- net/ipv4/route.c | 10 +- net/sctp/ipv6.c | 2 + sound/soc/intel/boards/bxt_da7219_max98357a.c | 12 +- sound/soc/intel/boards/glk_rt5682_max98357a.c | 4 +- sound/soc/intel/boards/sof_da7219_max98373.c | 2 +- sound/soc/intel/boards/sof_rt5682.c | 12 +- sound/soc/intel/common/soc-acpi-intel-bxt-match.c | 2 +- sound/soc/intel/common/soc-acpi-intel-cml-match.c | 2 +- sound/soc/intel/common/soc-acpi-intel-glk-match.c | 4 +- sound/soc/intel/common/soc-acpi-intel-jsl-match.c | 2 +- sound/soc/intel/common/soc-acpi-intel-tgl-match.c | 4 +- 44 files changed, 317 insertions(+), 213 deletions(-)

1 week, 6 days

8
43
0 0

[PATCH 5.15.y 0/2] Fix TSA CPUID management in KVM

by Boris Ostrovsky

Backport of AMD's TSA mitigation to 5.15 did not set CPUID bits that are passed to a guest correctly (commit c334ae4a545a "KVM: SVM: Advertise TSA CPUID bits to guests"). This series attempts to address this: * The first patch from Kim allows us to properly use cpuid caps. * The second patch is a combination of fixes to c334ae4a545a and f3f9deccfc68, which is stable-only patch to 6.12.y. (Not sure what to do with attribution) Alternatively, we can opencode all of this (the way it's currently done in __do_cpuid_func()'s 0x80000021 case) and do everything in a single patch. Boris Ostrovsky (1): KVM: SVM: Properly advertise TSA CPUID bits to guests Kim Phillips (1): KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code arch/x86/kvm/cpuid.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) -- 2.43.5

1 week, 6 days

2
5
0 0

[PATCH 1/2] mmc: sdhci-uhs2: Fix calling incorrect sdhci_set_clock() function

by Ben Chuang

From: Ben Chuang <ben.chuang(a)genesyslogic.com.tw> Fix calling incorrect sdhci_set_clock() in __sdhci_uhs2_set_ios() when the vendor defines its own sdhci_set_clock(). Fixes: 10c8298a052b ("mmc: sdhci-uhs2: add set_ios()") Cc: stable(a)vger.kernel.org # v6.13+ Signed-off-by: Ben Chuang <ben.chuang(a)genesyslogic.com.tw> --- drivers/mmc/host/sdhci-uhs2.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/mmc/host/sdhci-uhs2.c b/drivers/mmc/host/sdhci-uhs2.c index 0efeb9d0c376..704fdc946ac3 100644 --- a/drivers/mmc/host/sdhci-uhs2.c +++ b/drivers/mmc/host/sdhci-uhs2.c @@ -295,7 +295,10 @@ static void __sdhci_uhs2_set_ios(struct mmc_host *mmc, struct mmc_ios *ios) else sdhci_uhs2_set_power(host, ios->power_mode, ios->vdd); - sdhci_set_clock(host, host->clock); + if (host->ops->set_clock) + host->ops->set_clock(host, host->clock); + else + sdhci_set_clock(host, host->clock); } static int sdhci_uhs2_set_ios(struct mmc_host *mmc, struct mmc_ios *ios) -- 2.51.0

1 week, 6 days

2
5
0 0

[PATCH] scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl()

by Thorsten Blum

Replace kmalloc() followed by copy_from_user() with memdup_user() to fix a memory leak that occurs when copy_from_user(buff[sg_used],,) fails and the 'cleanup1:' path does not free the memory for 'buff[sg_used]'. Using memdup_user() avoids this by freeing the memory internally. Since memdup_user() already allocates memory, use kzalloc() in the else branch instead of manually zeroing 'buff[sg_used]' using memset(0). Cc: stable(a)vger.kernel.org Fixes: edd163687ea5 ("[SCSI] hpsa: add driver for HP Smart Array controllers.") Signed-off-by: Thorsten Blum <thorsten.blum(a)linux.dev> --- drivers/scsi/hpsa.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c index c73a71ac3c29..1c6161d0b85c 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -6522,18 +6522,21 @@ static int hpsa_big_passthru_ioctl(struct ctlr_info *h, while (left) { sz = (left > ioc->malloc_size) ? ioc->malloc_size : left; buff_size[sg_used] = sz; - buff[sg_used] = kmalloc(sz, GFP_KERNEL); - if (buff[sg_used] == NULL) { - status = -ENOMEM; - goto cleanup1; - } + if (ioc->Request.Type.Direction & XFER_WRITE) { - if (copy_from_user(buff[sg_used], data_ptr, sz)) { - status = -EFAULT; + buff[sg_used] = memdup_user(data_ptr, sz); + if (IS_ERR(buff[sg_used])) { + status = PTR_ERR(buff[sg_used]); goto cleanup1; } - } else - memset(buff[sg_used], 0, sz); + } else { + buff[sg_used] = kzalloc(sz, GFP_KERNEL); + if (!buff[sg_used]) { + status = -ENOMEM; + goto cleanup1; + } + } + left -= sz; data_ptr += sz; sg_used++; -- 2.51.0

1 week, 6 days

1
0
0 0

[PATCH] cpuset: prevent freeing unallocated cpumask in hotplug handling

by Ashay Jaiswal

In cpuset hotplug handling, temporary cpumasks are allocated only when running under cgroup v2. The current code unconditionally frees these masks, which can lead to a crash on cgroup v1 case. Free the temporary cpumasks only when they were actually allocated. Fixes: 4b842da276a8 ("cpuset: Make CPU hotplug work with partition") Cc: stable(a)vger.kernel.org Signed-off-by: Ashay Jaiswal <quic_ashayj(a)quicinc.com> --- kernel/cgroup/cpuset.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/cgroup/cpuset.c b/kernel/cgroup/cpuset.c index a78ccd11ce9b43c2e8b0e2c454a8ee845ebdc808..a4f908024f3c0a22628a32f8a5b0ae96c7dccbb9 100644 --- a/kernel/cgroup/cpuset.c +++ b/kernel/cgroup/cpuset.c @@ -4019,7 +4019,8 @@ static void cpuset_handle_hotplug(void) if (force_sd_rebuild) rebuild_sched_domains_cpuslocked(); - free_tmpmasks(ptmp); + if (on_dfl && ptmp) + free_tmpmasks(ptmp); } void cpuset_update_active_cpus(void) --- base-commit: 33bcf93b9a6b028758105680f8b538a31bc563cf change-id: 20250902-cpuset-free-on-condition-85cf4eadb18c Best regards, -- Ashay Jaiswal <quic_ashayj(a)quicinc.com>

1 week, 6 days

3
5
0 0

[PATCH v2] ASoC: SDCA: Add quirk for incorrect function types for 3 systems

by Maciej Strozek

Certain systems have CS42L43 DisCo that claims to conform to version 0.6.28 but uses the function types from the 1.0 spec. Add a quirk as a workaround. Closes: https://github.com/thesofproject/linux/issues/5515 Cc: stable(a)vger.kernel.org Signed-off-by: Maciej Strozek <mstrozek(a)opensource.cirrus.com> Reviewed-by: Pierre-Louis Bossart <pierre-louis.bossart(a)linux.dev> --- v2: Added a Closes: and Cc: stable tags --- include/sound/sdca.h | 1 + sound/soc/sdca/sdca_device.c | 20 ++++++++++++++++++++ sound/soc/sdca/sdca_functions.c | 13 ++++++++----- 3 files changed, 29 insertions(+), 5 deletions(-) diff --git a/include/sound/sdca.h b/include/sound/sdca.h index 5a5d6de78d728..9c6a351c9d474 100644 --- a/include/sound/sdca.h +++ b/include/sound/sdca.h @@ -46,6 +46,7 @@ struct sdca_device_data { enum sdca_quirk { SDCA_QUIRKS_RT712_VB, + SDCA_QUIRKS_SKIP_FUNC_TYPE_PATCHING, }; #if IS_ENABLED(CONFIG_ACPI) && IS_ENABLED(CONFIG_SND_SOC_SDCA) diff --git a/sound/soc/sdca/sdca_device.c b/sound/soc/sdca/sdca_device.c index 0244cdcdd109a..4798ce2c8f0b4 100644 --- a/sound/soc/sdca/sdca_device.c +++ b/sound/soc/sdca/sdca_device.c @@ -7,6 +7,7 @@ */ #include <linux/acpi.h> +#include <linux/dmi.h> #include <linux/module.h> #include <linux/property.h> #include <linux/soundwire/sdw.h> @@ -55,11 +56,30 @@ static bool sdca_device_quirk_rt712_vb(struct sdw_slave *slave) return false; } +static bool sdca_device_quirk_skip_func_type_patching(struct sdw_slave *slave) +{ + const char *vendor, *sku; + + vendor = dmi_get_system_info(DMI_SYS_VENDOR); + sku = dmi_get_system_info(DMI_PRODUCT_SKU); + + if (vendor && sku && + !strcmp(vendor, "Dell Inc.") && + (!strcmp(sku, "0C62") || !strcmp(sku, "0C63") || !strcmp(sku, "0C6B")) && + slave->sdca_data.interface_revision == 0x061c && + slave->id.mfg_id == 0x01fa && slave->id.part_id == 0x4243) + return true; + + return false; +} + bool sdca_device_quirk_match(struct sdw_slave *slave, enum sdca_quirk quirk) { switch (quirk) { case SDCA_QUIRKS_RT712_VB: return sdca_device_quirk_rt712_vb(slave); + case SDCA_QUIRKS_SKIP_FUNC_TYPE_PATCHING: + return sdca_device_quirk_skip_func_type_patching(slave); default: break; } diff --git a/sound/soc/sdca/sdca_functions.c b/sound/soc/sdca/sdca_functions.c index f26f597dca9e9..13f68f7b6dd6a 100644 --- a/sound/soc/sdca/sdca_functions.c +++ b/sound/soc/sdca/sdca_functions.c @@ -90,6 +90,7 @@ static int find_sdca_function(struct acpi_device *adev, void *data) { struct fwnode_handle *function_node = acpi_fwnode_handle(adev); struct sdca_device_data *sdca_data = data; + struct sdw_slave *slave = container_of(sdca_data, struct sdw_slave, sdca_data); struct device *dev = &adev->dev; struct fwnode_handle *control5; /* used to identify function type */ const char *function_name; @@ -137,11 +138,13 @@ static int find_sdca_function(struct acpi_device *adev, void *data) return ret; } - ret = patch_sdca_function_type(sdca_data->interface_revision, &function_type); - if (ret < 0) { - dev_err(dev, "SDCA version %#x invalid function type %d\n", - sdca_data->interface_revision, function_type); - return ret; + if (!sdca_device_quirk_match(slave, SDCA_QUIRKS_SKIP_FUNC_TYPE_PATCHING)) { + ret = patch_sdca_function_type(sdca_data->interface_revision, &function_type); + if (ret < 0) { + dev_err(dev, "SDCA version %#x invalid function type %d\n", + sdca_data->interface_revision, function_type); + return ret; + } } function_name = get_sdca_function_name(function_type); -- 2.47.2

1 week, 6 days

3
2
0 0

[PATCH v2 0/3] phy: qcom: edp: Add missing refclk clock to x1e80100

by Abel Vesa

According to documentation, the DP PHY on x1e80100 has another clock called refclk. Rework the driver to allow different number of clocks. Fix the dt-bindings schema and add the clock to the DT node as well. Signed-off-by: Abel Vesa <abel.vesa(a)linaro.org> --- Changes in v2: - Fix schema by adding the minItems, as suggested by Krzysztof. - Use devm_clk_bulk_get_all, as suggested by Konrad. - Rephrase the commit messages to reflect the flexible number of clocks. - Link to v1: https://lore.kernel.org/r/20250730-phy-qcom-edp-add-missing-refclk-v1-0-6f7… --- Abel Vesa (3): dt-bindings: phy: qcom-edp: Add missing clock for X Elite phy: qcom: edp: Make the number of clocks flexible arm64: dts: qcom: Add missing TCSR refclk to the DP PHYs .../devicetree/bindings/phy/qcom,edp-phy.yaml | 28 +++++++++++++++++++++- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 12 ++++++---- drivers/phy/qualcomm/phy-qcom-edp.c | 18 +++++++------- 3 files changed, 45 insertions(+), 13 deletions(-) --- base-commit: 5d50cf9f7cf20a17ac469c20a2e07c29c1f6aab7 change-id: 20250730-phy-qcom-edp-add-missing-refclk-5ab82828f8e7 Best regards, -- Abel Vesa <abel.vesa(a)linaro.org>

1 week, 6 days

4
13
0 0

[PATCH 5.4 only v2] powerpc: boot: Remove leading zero in label in udelay()

by Nathan Chancellor

When building powerpc configurations in linux-5.4.y with binutils 2.43 or newer, there is an assembler error in arch/powerpc/boot/util.S: arch/powerpc/boot/util.S: Assembler messages: arch/powerpc/boot/util.S:44: Error: junk at end of line, first unrecognized character is `0' arch/powerpc/boot/util.S:49: Error: syntax error; found `b', expected `,' arch/powerpc/boot/util.S:49: Error: junk at end of line: `b' binutils 2.43 contains stricter parsing of certain labels [1], namely that leading zeros are no longer allowed. The GNU assembler documentation already somewhat forbade this construct: To define a local label, write a label of the form 'N:' (where N represents any non-negative integer). Eliminate the leading zero in the label to fix the syntax error. This is only needed in linux-5.4.y because commit 8b14e1dff067 ("powerpc: Remove support for PowerPC 601") removed this code altogether in 5.10. Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=226749d5a6ff0d5c6… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- v1 -> v2: - Adjust commit message to make it clearer this construct was already incorrect under the existing GNU assembler documentation (Segher) v1: https://lore.kernel.org/20250902235234.2046667-1-nathan@kernel.org/ --- arch/powerpc/boot/util.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/boot/util.S b/arch/powerpc/boot/util.S index f11f0589a669..5ab2bc864e66 100644 --- a/arch/powerpc/boot/util.S +++ b/arch/powerpc/boot/util.S @@ -41,12 +41,12 @@ udelay: srwi r4,r4,16 cmpwi 0,r4,1 /* 601 ? */ bne .Ludelay_not_601 -00: li r0,86 /* Instructions / microsecond? */ +0: li r0,86 /* Instructions / microsecond? */ mtctr r0 10: addi r0,r0,0 /* NOP */ bdnz 10b subic. r3,r3,1 - bne 00b + bne 0b blr .Ludelay_not_601: base-commit: c25f780e491e4734eb27d65aa58e0909fd78ad9f -- 2.51.0

1 week, 6 days

3
2
0 0

[PATCH 6.12 000/322] 6.12.44-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.44 release. There are 322 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 28 Aug 2025 11:08:26 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.44-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.44-rc1 Al Viro <viro(a)zeniv.linux.org.uk> alloc_fdtable(): change calling conventions. Florian Westphal <fw(a)strlen.de> netfilter: nf_reject: don't leak dst refcount for loopback packets Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/hypfs: Enable limited access during lockdown Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/hypfs: Avoid unnecessary ioctl registration in debugfs Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation Armen Ratner <armeng(a)nvidia.com> net/mlx5e: Preserve shared buffer capacity during headroom updates Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Query FW for buffer ownership Oren Sidi <osidi(a)nvidia.com> net/mlx5: Add IFC bits and enums for buf_ownership Shahar Shitrit <shshitrit(a)nvidia.com> net/mlx5: Relocate function declarations from port.h to mlx5_core.h Daniel Jurgens <danielj(a)nvidia.com> net/mlx5: Base ECVF devlink port attrs from 0 Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: Skip overlap check for SPI field Hangbin Liu <liuhangbin(a)gmail.com> bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU Hangbin Liu <liuhangbin(a)gmail.com> bonding: update LACP activity flag after setting lacp_active Dewei Meng <mengdewei(a)cqsoftware.com.cn> ALSA: timer: fix ida_free call while not allocated William Liu <will(a)willsroot.io> net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate William Liu <will(a)willsroot.io> net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: Fix KSZ9477 HSR port setup issue ValdikSS <iam(a)valdikss.org.ru> igc: fix disabling L1.2 PCI-E link substate on I226 on init Jason Xing <kernelxing(a)tencent.com> ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Do not map lowcore with identity mapping Kanglong Wang <wangkanglong(a)loongson.cn> LoongArch: Optimize module load time by optimizing PLT/GOT counting Parthiban Veerasooran <parthiban.veerasooran(a)microchip.com> microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1 Parthiban Veerasooran <parthiban.veerasooran(a)microchip.com> microchip: lan865x: fix missing netif_start_queue() call on device open D. Wythe <alibuda(a)linux.alibaba.com> net/smc: fix UAF on smcsk after smc_listen_out() Jordan Rhee <jordanrhee(a)google.com> gve: prevent ethtool ops after shutdown Yuichiro Tsuji <yuichtsu(a)amazon.com> net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Horatiu Vultur <horatiu.vultur(a)microchip.com> phy: mscc: Fix timestamping for vsc8584 David Howells <dhowells(a)redhat.com> cifs: Fix oops due to uninitialised variable MD Danish Anwar <danishanwar(a)ti.com> net: ti: icssg-prueth: Fix HSR and switch offload Enablement during firwmare reload. Qingfang Deng <dqfext(a)gmail.com> ppp: fix race conditions in ppp_fill_forward_path Qingfang Deng <dqfext(a)gmail.com> net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path Minhong He <heminhong(a)kylinos.cn> ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add Jakub Ramaseuski <jramaseu(a)redhat.com> net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Don't print errors for nonexistent connectors Chenyuan Yang <chenyuan0y(a)gmail.com> drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() Dan Carpenter <dan.carpenter(a)linaro.org> ALSA: usb-audio: Fix size validation in convert_chmap_v3() Baihan Li <libaihan(a)huawei.com> drm/hisilicon/hibmc: fix the hibmc loaded failed bug Baihan Li <libaihan(a)huawei.com> drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed Baihan Li <libaihan(a)huawei.com> drm/hisilicon/hibmc: refactored struct hibmc_drm_private Miguel Ojeda <ojeda(a)kernel.org> rust: alloc: fix `rusttest` by providing `Cmalloc::aligned_layout` too Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum: Forward packets with an IPv4 link-local source IP Sergey Shtylyov <s.shtylyov(a)omp.ru> Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() Pauli Virtanen <pav(a)iki.fi> Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established Yang Li <yang.li(a)amlogic.com> Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF Jiande Lu <jiande.lu(a)mediatek.com> Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix scan state after PA Sync has been established Kees Cook <kees(a)kernel.org> iommu/amd: Avoid stack buffer overflow from kernel cmdline Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla4xxx: Prevent a potential error pointer dereference Justin Lai <justinlai0215(a)realtek.com> rtase: Fix Rx descriptor CRC error bit definition Wang Liang <wangliang74(a)huawei.com> net: bridge: fix soft lockup in br_multicast_query_expired() Suraj Gupta <suraj.gupta2(a)amd.com> net: xilinx: axienet: Fix RX skb ring management in DMAengine mode Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix dip entries leak on devices newer than hip09 Anantha Prabhu <anantha.prabhu(a)broadcom.com> RDMA/bnxt_re: Fix to initialize the PBL array Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix a possible memory leak in the driver Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Fix to remove workload check in SRQ limit path Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Fix to do SRQ armena by default wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix querying wrong SCC context for DIP algorithm Boshi Yu <boshiyu(a)linux.alibaba.com> RDMA/erdma: Fix ignored return value of init_kernel_qp Danilo Krummrich <dakr(a)kernel.org> rust: alloc: replace aligned_size() with Kmalloc::aligned_layout() Nitin Gote <nitin.r.gote(a)intel.com> iosys-map: Fix undefined behavior in iosys_map_clear() José Expósito <jose.exposito89(a)gmail.com> drm/tests: Fix drm_test_fb_xrgb8888_to_xrgb2101010() on big-endian Thomas Zimmermann <tzimmermann(a)suse.de> drm/tests: Do not use drm_fb_blit() in format-helper tests Thomas Zimmermann <tzimmermann(a)suse.de> drm/format-helper: Add generic conversion to 32-bit formats Thomas Zimmermann <tzimmermann(a)suse.de> drm/format-helper: Move helpers for pixel conversion to header file Kerem Karabay <kekrby(a)gmail.com> drm/format-helper: Add conversion from XRGB8888 to BGR888 Jocelyn Falempe <jfalempe(a)redhat.com> drm/panic: Move drawing functions to drm_draw José Expósito <jose.exposito89(a)gmail.com> drm/tests: Fix endian warning Waiman Long <longman(a)redhat.com> cgroup/cpuset: Fix a partition error with CPU hotplug Waiman Long <longman(a)redhat.com> cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key Fanhua Li <lifanhua5(a)huawei.com> drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). Stefan Wahren <wahrenst(a)gmx.net> spi: spi-fsl-lpspi: Clamp too high speed_hz Tianxiang Peng <txpeng(a)tencent.com> x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_icm42600: change invalid data error to -EBUSY Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> iio: imu: inv_icm42600: Convert to uXX and sXX integer types David Lechner <dlechner(a)baylibre.com> iio: imu: inv_icm42600: use = { } instead of memset() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 Jakub Kicinski <kuba(a)kernel.org> tls: fix handling of zero-length records on the rx_list Michal Suchanek <msuchanek(a)suse.de> powerpc/boot: Fix build with gcc 15 NeilBrown <neil(a)brown.name> ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp() Imre Deak <imre.deak(a)intel.com> drm/i915/icl+/tc: Cache the max lane count value Jan Beulich <jbeulich(a)suse.com> compiler: remove __ADDRESSABLE_ASM{_STR,}() again Imre Deak <imre.deak(a)intel.com> drm/i915/icl+/tc: Convert AUX powered WARN to a debug message Pu Lehui <pulehui(a)huawei.com> tracing: Limit access to parser->buffer when trace_get_user failed Steven Rostedt <rostedt(a)goodmis.org> tracing: Remove unneeded goto out logic David Lechner <dlechner(a)baylibre.com> iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: light: as73211: Ensure buffer holes are zeroed Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: light: Use aligned_s64 instead of open coding alignment. Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for the Intel Wildcat Lake Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: Remove WARN_ON for device endpoint command timeouts Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Ignore late xferNotReady event to prevent halt timeout Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> usb: xhci: Fix slot_id resource race conflict Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: maxim_contaminant: disable low power mode when reading comparator values Zenm Chen <zenmchen(a)gmail.com> USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles Thorsten Blum <thorsten.blum(a)linux.dev> usb: storage: realtek_cr: Use correct byte order for bcs->Residue Mael GUERIN <mael.guerin(a)murena.io> USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera Marek Vasut <marek.vasut+renesas(a)mailbox.org> usb: renesas-xhci: Fix External ROM access timeouts Xu Yang <xu.yang_2(a)nxp.com> usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test Ian Abbott <abbotti(a)mev.co.uk> comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() Edward Adam Davis <eadavis(a)qq.com> comedi: pcl726: Prevent invalid irq number Ian Abbott <abbotti(a)mev.co.uk> comedi: Make insn_rw_emulate_bits() do insn->n samples Miao Li <limiao(a)kylinos.cn> usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive Thorsten Blum <thorsten.blum(a)linux.dev> cdx: Fix off-by-one error in cdx_rpmsg_probe() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> kcov, usb: Don't disable interrupts in kcov_remote_start_usb_softirq() Miaoqian Lin <linmq006(a)gmail.com> most: core: Drop device reference after usage in get_channel() David Lechner <dlechner(a)baylibre.com> iio: proximity: isl29501: fix buffered read on big-endian systems Salah Triki <salah.triki(a)gmail.com> iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() Steven Rostedt <rostedt(a)goodmis.org> ftrace: Also allocate and copy hash for reading of filter files Xu Yilun <yilun.xu(a)linux.intel.com> fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() Judith Mendez <jm(a)ti.com> mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 Imre Deak <imre.deak(a)intel.com> drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: governors: menu: Avoid selecting states with too much latency Christian Loehle <christian.loehle(a)arm.com> cpuidle: menu: Remove iowait influence Al Viro <viro(a)zeniv.linux.org.uk> use uniform permission checks for all mount propagation changes Ye Bin <yebin10(a)huawei.com> fs/buffer: fix use-after-free when call bh_read() helper Stefan Metzmacher <metze(a)samba.org> smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() Charalampos Mitrodimas <charmitro(a)posteo.net> debugfs: fix mount options not being applied Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62*: Move eMMC pinmux to top level board file Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am6*: Remove disable-wp for eMMC Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62*: Add non-removable flag for eMMC Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am6*: Add boot phase flag to support MMC boot Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: subpage: keep TOWRITE tag until folio is cleaned Baokun Li <libaokun1(a)huawei.com> ext4: preserve SB_I_VERSION on remount Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers David Lechner <dlechner(a)baylibre.com> iio: adc: ad7173: fix setting ODR in probe Geraldo Nascimento <geraldogabriel(a)gmail.com> PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining Geraldo Nascimento <geraldogabriel(a)gmail.com> PCI: rockchip: Use standard PCIe definitions Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features Frank Li <Frank.Li(a)nxp.com> PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support Simon Richter <Simon.Richter(a)hogyros.de> Mark xe driver as BROKEN if kernel page size is not 4kB Geliang Tang <geliang(a)kernel.org> mptcp: disable add_addr retransmission when timeout is 0 Geliang Tang <geliang(a)kernel.org> mptcp: remove duplicate sk_reset_timer call Dan Carpenter <dan.carpenter(a)linaro.org> soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() Mike Christie <michael.christie(a)oracle.com> scsi: core: Fix command pass through retry regression Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Fix Xorg desktop unresponsive on Replay panel Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Don't overclock DCE 6 by 15% Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Avoid a NULL pointer dereference Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/swm14: Update power limit logic Thorsten Blum <thorsten.blum(a)linux.dev> accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() Keith Busch <kbusch(a)kernel.org> kvm: retry nx_huge_page_recovery_thread creation Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86/intel-uncore-freq: Check write blocked for ELC Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/sclp: Fix SCCB present check Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Flush delayed SKBs while releasing RXE resources Evgeniy Harchenko <evgeniyharchenko.dev(a)gmail.com> ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 Jinjiang Tu <tujinjiang(a)huawei.com> mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn Herton R. Krzesinski <herton(a)redhat.com> mm/debug_vm_pgtable: clear page table entries at destroy_args() Phillip Lougher <phillip(a)squashfs.org.uk> squashfs: fix memory leak in squashfs_fill_super Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix a race when updating an existing write Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER Jiayi Li <lijiayi(a)kylinos.cn> memstick: Fix deadlock by moving removing flag earlier Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: Add a new function to simplify the code Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement Dominique Martinet <asmadeus(a)codewreck.org> iov_iter: iterate_folioq: fix handling of offset >= folio size Jens Axboe <axboe(a)kernel.dk> io_uring/futex: ensure io_futex_wait() cleans up properly on failure Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "can: ti_hecc: fix -Woverflow compiler warning" Andrea Righi <arighi(a)nvidia.com> sched_ext: initialize built-in idle state before ops.init() Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Return aborted command when missing sense and result TF Jens Axboe <axboe(a)kernel.dk> io_uring/net: commit partial buffers on retry David Howells <dhowells(a)redhat.com> netfs: Fix unbuffered write error handling Filipe Manana <fdmanana(a)suse.com> btrfs: send: make fs_path_len() inline and constify its argument Filipe Manana <fdmanana(a)suse.com> btrfs: send: use fallocate for hole punching with send stream v2 Filipe Manana <fdmanana(a)suse.com> btrfs: send: avoid path allocation for the current inode when issuing commands Filipe Manana <fdmanana(a)suse.com> btrfs: send: keep the current inode's path cached Filipe Manana <fdmanana(a)suse.com> btrfs: send: add and use helper to rename current inode when processing refs Filipe Manana <fdmanana(a)suse.com> btrfs: send: only use boolean variables at process_recorded_refs() Filipe Manana <fdmanana(a)suse.com> btrfs: send: factor out common logic when sending xattrs Christoph Hellwig <hch(a)lst.de> xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: requeue to unused block group list if zone finish failed Boris Burkov <boris(a)bur.io> btrfs: codify pattern for adding block_group to bg_list Boris Burkov <boris(a)bur.io> btrfs: explicitly ref count block_group on new_bgs list Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() Filipe Manana <fdmanana(a)suse.com> btrfs: always abort transaction on failure to add block group to free space tree David Sterba <dsterba(a)suse.com> btrfs: move transaction aborts to the error site in add_block_group_free_space() Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix race between quota disable and quota rescan ioctl David Sterba <dsterba(a)suse.com> btrfs: qgroup: drop unused parameter fs_info from __del_qgroup_rb() Sebastian Reichel <sebastian.reichel(a)collabora.com> usb: typec: fusb302: cache PD RX state Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> USB: typec: Use str_enable_disable-like helpers Tom Lendacky <thomas.lendacky(a)amd.com> x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero SeongJae Park <sj(a)kernel.org> mm/damon/ops-common: ignore migration request to invalid nodes Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: pm: check flush doesn't reset limits Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: kernel: flush: do not reset ADD_ADDR limit Christoph Paasch <cpaasch(a)openai.com> mptcp: drop skb if MPTCP skb extension allocation fails Chen Yu <yu.c.chen(a)intel.com> ACPI: pfr_update: Fix the driver update version check Eric Biggers <ebiggers(a)kernel.org> ipv6: sr: Fix MAC comparison to be constant-time Andrea Righi <arighi(a)nvidia.com> sched/ext: Fix invalid task state transitions on class switch Jakub Acs <acsjakub(a)amazon.de> net, hsr: reject HSR frame if skb can't hold tag Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Make function kvm_own_lbt() robust Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Don't overwrite dce60_clk_mgr Siyang Liu <Security(a)tencent.com> drm/amd/display: fix a Null pointer dereference vulnerability Michel Dänzer <mdaenzer(a)redhat.com> drm/amd/display: Add primary plane to commits for correct VRR handling Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Destroy KFD debugfs after destroy KFD wq Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: update mmhub 4.1.0 client id mappings Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: update mmhub 3.0.1 client id mappings Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Update external revid for GC v9.5.0 Nathan Chancellor <nathan(a)kernel.org> drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() Peter Shkenev <mustela(a)erminea.space> drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities Gang Ba <Gang.Ba(a)amd.com> drm/amdgpu: Avoid extra evict-restore process. Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Restore cached power limit during resume Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/discovery: fix fw based ip discovery Ricardo Ribalda <ribalda(a)chromium.org> media: venus: venc: Clamp param smaller than 1fps and bigger than 240 Ricardo Ribalda <ribalda(a)chromium.org> media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com> media: venus: protect against spurious interrupts during probe Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com> media: venus: hfi: explicitly release IRQ during teardown Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> media: venus: Fix MSM8998 frequency table Vedang Nagar <quic_vnagar(a)quicinc.com> media: venus: Add a check for packet size after reading from shared memory Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> media: qcom: camss: cleanup media device allocated resource on error path Hans de Goede <hansg(a)kernel.org> media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls Mathis Foerst <mathis.foerst(a)mt.com> media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval Zhang Shurong <zhang_shurong(a)foxmail.com> media: ov2659: Fix memory leaks in ov2659_probe() Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: pisp_be: Fix pm_runtime underrun in probe Gui-Dong Han <hanguidong02(a)gmail.com> media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() Ludwig Disterhof <ludwig(a)disterhof.eu> media: usbtv: Lock resolution while streaming Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: verisilicon: Fix AV1 decoder clock frequency Hans Verkuil <hverkuil(a)xs4all.nl> media: vivid: fix wrong pixel_array control size Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ipu6: isys: Use correct pads for xlate_streams() Haoxiang Li <haoxiang_li2024(a)163.com> media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() Bingbu Cao <bingbu.cao(a)intel.com> media: hi556: correct the test pattern configuration Dan Carpenter <dan.carpenter(a)linaro.org> media: gspca: Add bounds checking to firmware parser John David Anglin <dave.anglin(a)bell.net> parisc: Update comments in make_insert_tlb John David Anglin <dave.anglin(a)bell.net> parisc: Try to fixup kernel exception in bad_area_nosemaphore path of do_page_fault() John David Anglin <dave.anglin(a)bell.net> parisc: Revise gateway LWS calls to probe user read access John David Anglin <dave.anglin(a)bell.net> parisc: Revise __get_user() to probe user read access John David Anglin <dave.anglin(a)bell.net> parisc: Rename pte_needs_flush() to pte_needs_cache_flush() in cache.c Randy Dunlap <rdunlap(a)infradead.org> parisc: Makefile: explain that 64BIT requires both 32-bit and 64-bit compilers John David Anglin <dave.anglin(a)bell.net> parisc: Drop WARN_ON_ONCE() from flush_cache_vmap John David Anglin <dave.anglin(a)bell.net> parisc: Define and use set_pte_at() John David Anglin <dave.anglin(a)bell.net> parisc: Check region is readable by user in raw_copy_from_user() Jon Hunter <jonathanh(a)nvidia.com> soc/tegra: pmc: Ensure power-domains are in a known state Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: use correct linker when mixing clang and GNU ld Baokun Li <libaokun1(a)huawei.com> jbd2: prevent softlockup in jbd2_log_do_checkpoint() Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-boundary access in dnode page Muhammad Usama Anjum <usama.anjum(a)collabora.com> ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context Xaver Hugl <xaver.hugl(a)kde.org> amdgpu/amdgpu_discovery: increase timeout limit for IFWI init Kathiravan Thirumoorthy <kathiravan.thirumoorthy(a)oss.qualcomm.com> phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence Will Deacon <will(a)kernel.org> vhost/vsock: Avoid allocating arbitrarily-sized SKBs Will Deacon <will(a)kernel.org> vsock/virtio: Validate length in packet header before skb_put() Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Delay link start until configfs 'start' written Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features Damien Le Moal <dlemoal(a)kernel.org> PCI: endpoint: Fix configfs group removal on driver teardown Damien Le Moal <dlemoal(a)kernel.org> PCI: endpoint: Fix configfs group list head handling Lukas Wunner <lukas(a)wunner.de> PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge Chi Zhiling <chizhiling(a)kylinos.cn> readahead: fix return value of page_cache_next_miss() when no hole is found Thomas Fourier <fourier.thomas(a)gmail.com> mtd: rawnand: renesas: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> mtd: rawnand: fsmc: Add missing check after DMA map Gabor Juhos <j4g8y7(a)gmail.com> mtd: spinand: propagate spinand_wait() errors from spinand_write_page() Michael Walle <mwalle(a)kernel.org> mtd: spi-nor: Fix spi_nor_try_unlock_all() Tim Harvey <tharvey(a)gateworks.com> hwmon: (gsc-hwmon) fix fan pwm setpoint show functions Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Fix duty and period setting Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Handle hardware enable and clock enable separately Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> pwm: imx-tpm: Reset counter if CMOD is 0 Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix dest ring-buffer corruption when ring is full Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix source ring-buffer corruption Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix dest ring-buffer corruption Johan Hovold <johan+linaro(a)kernel.org> wifi: ath12k: fix dest ring-buffer corruption when ring is full Johan Hovold <johan+linaro(a)kernel.org> wifi: ath12k: fix source ring-buffer corruption Johan Hovold <johan+linaro(a)kernel.org> wifi: ath12k: fix dest ring-buffer corruption Nathan Chancellor <nathan(a)kernel.org> wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() David Lechner <dlechner(a)baylibre.com> iio: adc: ad_sigma_delta: change to buffer predisable David Lechner <dlechner(a)baylibre.com> iio: imu: bno055: fix OOB access of hw_xlate array Marek Szyprowski <m.szyprowski(a)samsung.com> zynq_fpga: use sgtable-based scatterlist wrappers Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: mdt_loader: Ensure we don't read past the ELF header Igor Pylypiv <ipylypiv(a)google.com> ata: libata-scsi: Fix CDL control Adrian Hunter <adrian.hunter(a)intel.com> scsi: ufs: ufs-pci: Fix default runtime and system PM levels Archana Patni <archana.patni(a)intel.com> scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_to_sense_error() status handling Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Fix race between config read submit and interrupt completion André Draszik <andre.draszik(a)linaro.org> scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE Macpaul Lin <macpaul.lin(a)mediatek.com> scsi: dt-bindings: mediatek,ufs: Add ufs-disable-mcq flag for UFS host Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints Helge Deller <deller(a)gmx.de> apparmor: Fix 8-byte alignment for initial dfa blob streams Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> arm64: dts: ti: k3-am62-verdin: Enable pull-ups on I2C buses Hong Guan <hguan(a)ti.com> arm64: dts: ti: k3-am62a7-sk: fix pinmux for main_uart1 Peter Griffin <peter.griffin(a)linaro.org> arm64: dts: exynos: gs101: ufs: add dma-coherent property Alexander Sverdlin <alexander.sverdlin(a)siemens.com> arm64: dts: ti: k3-pinctrl: Enable Schmitt Trigger by default Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62-main: Remove eMMC High Speed DDR support Kyoji Ogasawara <sawara04.o(a)gmail.com> btrfs: fix printing of mount info messages for NODATACOW/NODATASUM Kyoji Ogasawara <sawara04.o(a)gmail.com> btrfs: restore mount option info messages during mount Kyoji Ogasawara <sawara04.o(a)gmail.com> btrfs: fix incorrect log message for nobarrier mount option Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix write time activation failure for metadata block group Zhang Yi <yi.zhang(a)huawei.com> ext4: fix hole length calculation overflow in non-extent inodes Liao Yuanhong <liaoyuanhong(a)vivo.com> ext4: use kmalloc_array() for array space allocation Theodore Ts'o <tytso(a)mit.edu> ext4: don't try to clear the orphan_present feature block device is r/o Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: fix reserved gdt blocks handling in fsmap Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: fix fsmap end of range reporting with bigalloc Andreas Dilger <adilger(a)dilger.ca> ext4: check fast symlink for ea_inode correctly Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: fprobe-event: Sanitize wildcard for fprobe event name Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: extend the connection limiting mechanism to support IPv6 Ziyan Xu <ziyan(a)securitygossip.com> ksmbd: fix refcount leak causing resource not released Helge Deller <deller(a)gmx.de> Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - Fix address alignment issue on ucode loading Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - flush misc workqueue during device shutdown John Ernberg <john.ernberg(a)actia.se> crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - lower priority for skcipher and aead algorithms Eric Biggers <ebiggers(a)kernel.org> lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> vt: defkeymap: Map keycodes above 127 to K_HOLE Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> vt: keyboard: Don't process Unicode characters in K_OFF mode Youssef Samir <quic_yabdulra(a)quicinc.com> bus: mhi: host: Detect events pointing to unexpected TREs Alexander Wilhelm <alexander.wilhelm(a)westermo.com> bus: mhi: host: Fix endianness of BHI vector table Johan Hovold <johan(a)kernel.org> usb: dwc3: imx8mp: fix device leak at unbind Johan Hovold <johan(a)kernel.org> usb: dwc3: meson-g12a: fix device leaks at unbind Johan Hovold <johan(a)kernel.org> usb: musb: omap2430: fix device leak at unbind Johan Hovold <johan(a)kernel.org> usb: gadget: udc: renesas_usb3: fix device leak at unbind Nathan Chancellor <nathan(a)kernel.org> usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() Finn Thain <fthain(a)linux-m68k.org> m68k: Fix lost column on framebuffer debug console Damien Le Moal <dlemoal(a)kernel.org> dm: Check for forbidden splitting of zone write operations Damien Le Moal <dlemoal(a)kernel.org> dm: dm-crypt: Do not partially accept write BIOs with zoned targets Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Take active children into account in pm_runtime_get_if_in_use() Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() Dan Carpenter <dan.carpenter(a)linaro.org> cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() Damien Le Moal <dlemoal(a)kernel.org> ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig Yunhui Cui <cuiyunhui(a)bytedance.com> serial: 8250: fix panic due to PSLVERR ------------- Diffstat: .../bindings/display/sprd/sprd,sharkl3-dpu.yaml | 2 +- .../display/sprd/sprd,sharkl3-dsi-host.yaml | 2 +- .../devicetree/bindings/ufs/mediatek,ufs.yaml | 4 + Documentation/networking/mptcp-sysctl.rst | 2 + Makefile | 6 +- arch/arm64/boot/dts/exynos/google/gs101.dtsi | 1 + arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts | 36 ++ arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 - arch/arm64/boot/dts/ti/k3-am62-phycore-som.dtsi | 1 - arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 12 +- arch/arm64/boot/dts/ti/k3-am625-beagleplay.dts | 2 +- arch/arm64/boot/dts/ti/k3-am625-sk.dts | 24 ++ arch/arm64/boot/dts/ti/k3-am62a-phycore-som.dtsi | 1 - arch/arm64/boot/dts/ti/k3-am62a7-sk.dts | 7 +- arch/arm64/boot/dts/ti/k3-am62p5-sk.dts | 2 +- arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi | 24 -- arch/arm64/boot/dts/ti/k3-am642-evm.dts | 1 - arch/arm64/boot/dts/ti/k3-am654-base-board.dts | 1 - .../dts/ti/k3-am6548-iot2050-advanced-common.dtsi | 1 - arch/arm64/boot/dts/ti/k3-am69-sk.dts | 1 - arch/arm64/boot/dts/ti/k3-pinctrl.h | 15 +- arch/loongarch/kernel/module-sections.c | 38 +-- arch/loongarch/kvm/vcpu.c | 8 +- arch/m68k/kernel/head.S | 31 +- arch/mips/crypto/chacha-core.S | 20 +- arch/parisc/Makefile | 4 +- arch/parisc/include/asm/pgtable.h | 7 +- arch/parisc/include/asm/special_insns.h | 28 ++ arch/parisc/include/asm/uaccess.h | 21 +- arch/parisc/kernel/cache.c | 6 +- arch/parisc/kernel/entry.S | 17 +- arch/parisc/kernel/syscall.S | 30 +- arch/parisc/lib/memcpy.c | 19 +- arch/parisc/mm/fault.c | 4 + arch/powerpc/boot/Makefile | 1 + arch/s390/boot/vmem.c | 3 + arch/s390/hypfs/hypfs_dbfs.c | 19 +- arch/x86/coco/sev/shared.c | 3 + arch/x86/include/asm/xen/hypercall.h | 5 +- arch/x86/kernel/cpu/hygon.c | 3 + arch/x86/kvm/mmu/mmu.c | 10 +- drivers/accel/habanalabs/gaudi2/gaudi2.c | 2 +- drivers/acpi/pfr_update.c | 2 +- drivers/ata/Kconfig | 32 +- drivers/ata/libata-scsi.c | 58 ++-- drivers/base/power/runtime.c | 27 +- drivers/bluetooth/btmtk.c | 7 +- drivers/bus/mhi/host/boot.c | 8 +- drivers/bus/mhi/host/internal.h | 4 +- drivers/bus/mhi/host/main.c | 12 +- drivers/cdx/controller/cdx_rpmsg.c | 3 +- drivers/comedi/comedi_fops.c | 5 + drivers/comedi/drivers.c | 27 +- drivers/comedi/drivers/pcl726.c | 3 +- drivers/cpufreq/armada-8k-cpufreq.c | 2 +- drivers/cpuidle/governors/menu.c | 101 ++---- drivers/crypto/caam/ctrl.c | 5 +- drivers/crypto/caam/intern.h | 1 + .../crypto/intel/qat/qat_common/adf_common_drv.h | 1 + drivers/crypto/intel/qat/qat_common/adf_init.c | 1 + drivers/crypto/intel/qat/qat_common/adf_isr.c | 5 + drivers/crypto/intel/qat/qat_common/qat_algs.c | 12 +- drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h | 125 +++++-- .../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 35 +- drivers/fpga/zynq-fpga.c | 10 +- drivers/gpu/drm/Kconfig | 5 + drivers/gpu/drm/Makefile | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 76 +++-- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6 +- drivers/gpu/drm/amd/amdgpu/imu_v12_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/mmhub_v3_0_1.c | 57 ++-- drivers/gpu/drm/amd/amdgpu/mmhub_v4_1_0.c | 34 +- drivers/gpu/drm/amd/amdgpu/soc15.c | 2 + drivers/gpu/drm/amd/amdkfd/kfd_module.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 28 ++ .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 5 +- .../gpu/drm/amd/display/dc/bios/command_table.c | 2 +- drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 1 - .../amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 2 - .../amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 ++- .../amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 +- drivers/gpu/drm/amd/display/dc/core/dc.c | 34 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 + .../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 30 +- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/drm_draw.c | 155 +++++++++ drivers/gpu/drm/drm_draw_internal.h | 56 ++++ drivers/gpu/drm/drm_format_helper.c | 234 +++++++++---- drivers/gpu/drm/drm_format_internal.h | 127 ++++++++ drivers/gpu/drm/drm_panic.c | 269 ++------------- drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c | 4 +- drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.h | 17 +- drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_i2c.c | 42 +-- drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_vdac.c | 29 +- drivers/gpu/drm/i915/display/intel_tc.c | 58 +++- drivers/gpu/drm/nouveau/nvif/vmm.c | 3 +- drivers/gpu/drm/tests/drm_format_helper_test.c | 176 +++++----- drivers/gpu/drm/xe/Kconfig | 1 + drivers/hwmon/gsc-hwmon.c | 4 +- drivers/iio/adc/ad7173.c | 3 +- drivers/iio/adc/ad_sigma_delta.c | 4 +- drivers/iio/imu/bno055/bno055.c | 11 +- drivers/iio/imu/inv_icm42600/inv_icm42600.h | 8 +- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 33 +- drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c | 22 +- drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h | 10 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 6 +- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 43 ++- drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 12 +- drivers/iio/light/adjd_s311.c | 2 +- drivers/iio/light/as73211.c | 4 +- drivers/iio/light/bh1745.c | 2 +- drivers/iio/light/isl29125.c | 2 +- drivers/iio/light/ltr501.c | 2 +- drivers/iio/light/max44000.c | 2 +- drivers/iio/light/rohm-bu27034.c | 2 +- drivers/iio/light/rpr0521.c | 2 +- drivers/iio/light/st_uvis25.h | 2 +- drivers/iio/light/tcs3414.c | 2 +- drivers/iio/light/tcs3472.c | 2 +- drivers/iio/pressure/bmp280-core.c | 9 +- drivers/iio/proximity/isl29501.c | 14 +- drivers/iio/temperature/maxim_thermocouple.c | 26 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 +- drivers/infiniband/hw/bnxt_re/main.c | 23 ++ drivers/infiniband/hw/bnxt_re/qplib_fp.c | 30 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 - drivers/infiniband/hw/bnxt_re/qplib_res.c | 2 + drivers/infiniband/hw/erdma/erdma_verbs.c | 4 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 6 +- drivers/infiniband/hw/hns/hns_roce_restrack.c | 9 +- drivers/infiniband/sw/rxe/rxe_net.c | 29 +- drivers/infiniband/sw/rxe/rxe_qp.c | 2 +- drivers/iommu/amd/init.c | 4 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 +- drivers/md/dm-crypt.c | 47 ++- drivers/md/dm.c | 17 +- drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3 +- drivers/media/i2c/hi556.c | 26 +- drivers/media/i2c/mt9m114.c | 8 - drivers/media/i2c/ov2659.c | 3 +- drivers/media/pci/intel/ipu6/ipu6-isys-csi2.c | 12 +- drivers/media/pci/intel/ivsc/mei_ace.c | 2 + drivers/media/pci/intel/ivsc/mei_csi.c | 2 + drivers/media/platform/qcom/camss/camss.c | 4 +- drivers/media/platform/qcom/venus/core.c | 18 +- drivers/media/platform/qcom/venus/core.h | 2 + drivers/media/platform/qcom/venus/hfi_venus.c | 5 + drivers/media/platform/qcom/venus/vdec.c | 5 +- drivers/media/platform/qcom/venus/venc.c | 5 +- drivers/media/platform/raspberrypi/pisp_be/Kconfig | 1 + .../media/platform/raspberrypi/pisp_be/pisp_be.c | 5 +- .../media/platform/verisilicon/rockchip_vpu_hw.c | 9 - drivers/media/test-drivers/vivid/vivid-ctrls.c | 3 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 4 +- drivers/media/usb/gspca/vicam.c | 10 +- drivers/media/usb/usbtv/usbtv-video.c | 4 + drivers/media/v4l2-core/v4l2-ctrls-core.c | 1 - drivers/memstick/core/memstick.c | 1 - drivers/memstick/host/rtsx_usb_ms.c | 1 + drivers/mmc/host/sdhci-pci-gli.c | 37 ++- drivers/mmc/host/sdhci_am654.c | 18 + drivers/most/core.c | 2 +- drivers/mtd/nand/raw/fsmc_nand.c | 2 + drivers/mtd/nand/raw/renesas-nand-controller.c | 6 + drivers/mtd/nand/spi/core.c | 5 +- drivers/mtd/spi-nor/swp.c | 19 +- drivers/net/bonding/bond_3ad.c | 67 +++- drivers/net/bonding/bond_options.c | 1 + drivers/net/can/ti_hecc.c | 2 +- drivers/net/dsa/microchip/ksz_common.c | 6 + drivers/net/ethernet/google/gve/gve_main.c | 2 + drivers/net/ethernet/intel/igc/igc_main.c | 14 +- drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4 +- .../net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c | 4 +- drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/en/dcbnl.h | 1 - .../ethernet/mellanox/mlx5/core/en/port_buffer.c | 18 +- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 12 +- .../ethernet/mellanox/mlx5/core/esw/devlink_port.c | 4 +- .../net/ethernet/mellanox/mlx5/core/mlx5_core.h | 87 +++++ drivers/net/ethernet/mellanox/mlx5/core/port.c | 40 +-- drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2 + drivers/net/ethernet/mellanox/mlxsw/trap.h | 1 + drivers/net/ethernet/microchip/lan865x/lan865x.c | 21 ++ drivers/net/ethernet/realtek/rtase/rtase.h | 2 +- drivers/net/ethernet/ti/icssg/icssg_prueth.c | 72 ++-- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 8 +- drivers/net/phy/mscc/mscc.h | 12 + drivers/net/phy/mscc/mscc_main.c | 12 + drivers/net/phy/mscc/mscc_ptp.c | 49 ++- drivers/net/ppp/ppp_generic.c | 17 +- drivers/net/usb/asix_devices.c | 2 +- drivers/net/wireless/ath/ath11k/ce.c | 3 - drivers/net/wireless/ath/ath11k/dp_rx.c | 3 - drivers/net/wireless/ath/ath11k/hal.c | 33 +- drivers/net/wireless/ath/ath12k/ce.c | 3 - drivers/net/wireless/ath/ath12k/hal.c | 38 ++- .../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 +- drivers/pci/controller/dwc/pci-imx6.c | 32 +- drivers/pci/controller/pcie-rockchip-host.c | 49 +-- drivers/pci/controller/pcie-rockchip.h | 11 +- drivers/pci/endpoint/pci-ep-cfs.c | 1 + drivers/pci/endpoint/pci-epf-core.c | 2 +- drivers/pci/pcie/portdrv.c | 2 +- drivers/phy/qualcomm/phy-qcom-m31.c | 14 +- drivers/platform/chrome/cros_ec.c | 3 + .../intel/uncore-frequency/uncore-frequency-tpmi.c | 5 + drivers/pwm/pwm-imx-tpm.c | 9 + drivers/pwm/pwm-mediatek.c | 71 ++-- drivers/s390/char/sclp.c | 11 +- drivers/scsi/mpi3mr/mpi3mr.h | 6 +- drivers/scsi/mpi3mr/mpi3mr_fw.c | 17 +- drivers/scsi/mpi3mr/mpi3mr_os.c | 2 + drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/scsi_lib.c | 3 + drivers/soc/qcom/mdt_loader.c | 43 +++ drivers/soc/tegra/pmc.c | 51 +-- drivers/spi/spi-fsl-lpspi.c | 8 +- drivers/staging/media/imx/imx-media-csc-scaler.c | 2 +- drivers/tty/serial/8250/8250_port.c | 3 +- drivers/tty/vt/defkeymap.c_shipped | 112 +++++++ drivers/tty/vt/keyboard.c | 2 +- drivers/ufs/host/ufs-exynos.c | 4 +- drivers/ufs/host/ufshcd-pci.c | 42 ++- drivers/usb/atm/cxacru.c | 172 +++++----- drivers/usb/core/hcd.c | 20 +- drivers/usb/core/quirks.c | 1 + drivers/usb/dwc3/dwc3-imx8mp.c | 7 +- drivers/usb/dwc3/dwc3-meson-g12a.c | 3 + drivers/usb/dwc3/dwc3-pci.c | 2 + drivers/usb/dwc3/ep0.c | 20 +- drivers/usb/dwc3/gadget.c | 19 +- drivers/usb/gadget/udc/renesas_usb3.c | 1 + drivers/usb/host/xhci-hub.c | 3 +- drivers/usb/host/xhci-mem.c | 22 +- drivers/usb/host/xhci-pci-renesas.c | 7 +- drivers/usb/host/xhci-ring.c | 9 +- drivers/usb/host/xhci.c | 21 +- drivers/usb/host/xhci.h | 3 +- drivers/usb/musb/omap2430.c | 14 +- drivers/usb/storage/realtek_cr.c | 2 +- drivers/usb/storage/unusual_devs.h | 29 ++ drivers/usb/typec/class.c | 7 +- drivers/usb/typec/tcpm/fusb302.c | 32 +- drivers/usb/typec/tcpm/maxim_contaminant.c | 58 ++++ .../usb/typec/tcpm/qcom/qcom_pmic_typec_pdphy.c | 3 +- .../typec/tcpm/qcom/qcom_pmic_typec_pdphy_stub.c | 3 +- drivers/usb/typec/tcpm/qcom/qcom_pmic_typec_port.c | 4 +- drivers/usb/typec/tcpm/tcpci_maxim.h | 1 + drivers/usb/typec/tcpm/tcpm.c | 7 +- drivers/vhost/vsock.c | 6 +- drivers/video/console/vgacon.c | 2 +- fs/btrfs/block-group.c | 59 ++-- fs/btrfs/ctree.c | 9 +- fs/btrfs/free-space-tree.c | 17 +- fs/btrfs/qgroup.c | 38 ++- fs/btrfs/send.c | 361 ++++++++++++--------- fs/btrfs/subpage.c | 19 +- fs/btrfs/super.c | 13 +- fs/btrfs/transaction.c | 1 + fs/btrfs/zoned.c | 13 +- fs/buffer.c | 2 +- fs/debugfs/inode.c | 11 +- fs/ext4/fsmap.c | 23 +- fs/ext4/indirect.c | 4 +- fs/ext4/inode.c | 2 +- fs/ext4/orphan.c | 5 +- fs/ext4/super.c | 8 +- fs/f2fs/node.c | 10 + fs/file.c | 75 ++--- fs/jbd2/checkpoint.c | 1 + fs/namespace.c | 34 +- fs/netfs/write_collect.c | 10 +- fs/netfs/write_issue.c | 4 +- fs/nfs/pagelist.c | 9 +- fs/nfs/write.c | 29 +- fs/overlayfs/copy_up.c | 2 +- fs/smb/client/smb2ops.c | 2 +- fs/smb/server/connection.c | 3 +- fs/smb/server/connection.h | 7 +- fs/smb/server/oplock.c | 13 +- fs/smb/server/transport_rdma.c | 5 +- fs/smb/server/transport_rdma.h | 4 +- fs/smb/server/transport_tcp.c | 26 +- fs/splice.c | 3 + fs/squashfs/super.c | 14 +- fs/xfs/xfs_itable.c | 6 +- include/drm/drm_format_helper.h | 12 + include/linux/call_once.h | 43 ++- include/linux/compiler.h | 8 - include/linux/iosys-map.h | 7 +- include/linux/iov_iter.h | 20 +- include/linux/kcov.h | 47 +-- include/linux/mlx5/mlx5_ifc.h | 14 +- include/linux/mlx5/port.h | 83 ----- include/linux/netfs.h | 1 + include/linux/nfs_page.h | 1 + include/net/bond_3ad.h | 1 + include/uapi/linux/pfrut.h | 1 + io_uring/futex.c | 3 + io_uring/net.c | 27 +- kernel/cgroup/cpuset.c | 9 +- kernel/sched/ext.c | 18 +- kernel/trace/ftrace.c | 19 +- kernel/trace/trace.c | 34 +- kernel/trace/trace.h | 10 +- mm/damon/paddr.c | 4 + mm/debug_vm_pgtable.c | 9 +- mm/filemap.c | 3 +- mm/memory-failure.c | 8 + net/bluetooth/hci_conn.c | 3 +- net/bluetooth/hci_event.c | 8 +- net/bluetooth/hci_sync.c | 19 +- net/bridge/br_multicast.c | 16 + net/bridge/br_private.h | 2 + net/core/dev.c | 12 + net/hsr/hsr_slave.c | 8 +- net/ipv4/netfilter/nf_reject_ipv4.c | 6 +- net/ipv6/netfilter/nf_reject_ipv6.c | 5 +- net/ipv6/seg6_hmac.c | 6 +- net/mptcp/options.c | 6 +- net/mptcp/pm_netlink.c | 19 +- net/sched/sch_cake.c | 14 +- net/sched/sch_htb.c | 2 +- net/smc/af_smc.c | 3 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 12 +- rust/kernel/alloc/allocator.rs | 30 +- rust/kernel/alloc/allocator_test.rs | 11 + security/apparmor/lsm.c | 4 +- sound/core/timer.c | 4 +- sound/pci/hda/patch_realtek.c | 2 + sound/soc/sof/amd/acp-loader.c | 6 +- sound/usb/stream.c | 2 +- sound/usb/validate.c | 2 +- tools/testing/selftests/net/mptcp/pm_netlink.sh | 1 + 341 files changed, 3816 insertions(+), 2245 deletions(-)

1 week, 6 days

12
334
0 0

[PATCH RFC] riscv: Do not handle break traps from kernel as nmi

by Alexandre Ghiti

kprobe has been broken on riscv for quite some time. There is an attempt [1] to fix that which actually works. This patch works because it enables ARCH_HAVE_NMI_SAFE_CMPXCHG and that makes the ring buffer allocation succeed when handling a kprobe because we handle *all* kprobes in nmi context. We do so because Peter advised us to treat all kernel traps as nmi [2]. But that does not seem right for kprobe handling, so instead, treat break traps from kernel as non-nmi. Link: https://lore.kernel.org/linux-riscv/20250711090443.1688404-1-pulehui@huawei… [1] Link: https://lore.kernel.org/linux-riscv/20250422094419.GC14170@noisy.programmin… [2] Fixes: f0bddf50586d ("riscv: entry: Convert to generic entry") Cc: stable(a)vger.kernel.org Signed-off-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> --- This is clearly an RFC and this is likely not the right way to go, it is just a way to trigger a discussion about if handling kprobes in an nmi context is the right way or not. --- arch/riscv/kernel/traps.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c index 80230de167def3c33db5bc190347ec5f87dbb6e3..90f36bb9b12d4ba0db0f084f87899156e3c7dc6f 100644 --- a/arch/riscv/kernel/traps.c +++ b/arch/riscv/kernel/traps.c @@ -315,11 +315,11 @@ asmlinkage __visible __trap_section void do_trap_break(struct pt_regs *regs) local_irq_disable(); irqentry_exit_to_user_mode(regs); } else { - irqentry_state_t state = irqentry_nmi_enter(regs); + irqentry_state_t state = irqentry_enter(regs); handle_break(regs); - irqentry_nmi_exit(regs, state); + irqentry_exit(regs, state); } } --- base-commit: ae9a687664d965b13eeab276111b2f97dd02e090 change-id: 20250903-dev-alex-break_nmi_v1-57c5321f3e80 Best regards, -- Alexandre Ghiti <alexghiti(a)rivosinc.com>

1 week, 6 days

3
2
0 0

[PATCH v2] nvmem: layouts: fix automatic module loading

by Michael Walle

To support loading of a layout module automatically the MODALIAS variable in the uevent is needed. Add it. Fixes: fc29fd821d9a ("nvmem: core: Rework layouts to become regular devices") Cc: stable(a)vger.kernel.org Signed-off-by: Michael Walle <mwalle(a)kernel.org> --- I'm still not sure if the sysfs modalias file is required or not. It seems to work without it. I could't find any documentation about it. v2: - add Cc: stable --- drivers/nvmem/layouts.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/nvmem/layouts.c b/drivers/nvmem/layouts.c index 65d39e19f6ec..f381ce1e84bd 100644 --- a/drivers/nvmem/layouts.c +++ b/drivers/nvmem/layouts.c @@ -45,11 +45,24 @@ static void nvmem_layout_bus_remove(struct device *dev) return drv->remove(layout); } +static int nvmem_layout_bus_uevent(const struct device *dev, + struct kobj_uevent_env *env) +{ + int ret; + + ret = of_device_uevent_modalias(dev, env); + if (ret != ENODEV) + return ret; + + return 0; +} + static const struct bus_type nvmem_layout_bus_type = { .name = "nvmem-layout", .match = nvmem_layout_bus_match, .probe = nvmem_layout_bus_probe, .remove = nvmem_layout_bus_remove, + .uevent = nvmem_layout_bus_uevent, }; int __nvmem_layout_driver_register(struct nvmem_layout_driver *drv, -- 2.39.5

1 week, 6 days

3
2
0 0

[PATCH 6.6 1/2] Revert "spi: cadence-quadspi: fix cleanup of rx_chan on failure paths"

by jinfeng.wang.cn＠windriver.com

From: Jinfeng Wang <jinfeng.wang.cn(a)windriver.com> This reverts commit 1af6d1696ca40b2d22889b4b8bbea616f94aaa84. There is cadence-qspi ff8d2000.spi: Unbalanced pm_runtime_enable! error without this revert. After reverting commit cdfb20e4b34a ("spi: spi-cadence-quadspi: Fix pm runtime unbalance") and commit 1af6d1696ca4 ("spi: cadence-quadspi: fix cleanup of rx_chan on failure paths"), Unbalanced pm_runtime_enable! error does not appear. These two commits are backported from upstream commit b07f349d1864 ("spi: spi-cadence-quadspi: Fix pm runtime unbalance") and commit 04a8ff1bc351 ("spi: cadence-quadspi: fix cleanup of rx_chan on failure paths"). The commit 04a8ff1bc351 ("spi: cadence-quadspi: fix cleanup of rx_chan on failure paths") fix commit b07f349d1864 ("spi: spi-cadence-quadspi: Fix pm runtime unbalance"). The commit b07f349d1864 ("spi: spi-cadence-quadspi: Fix pm runtime unbalance") fix commit 86401132d7bb ("spi: spi-cadence-quadspi: Fix missing unwind goto warnings"). The commit 86401132d7bb ("spi: spi-cadence-quadspi: Fix missing unwind goto warnings") fix commit 0578a6dbfe75 ("spi: spi-cadence-quadspi: add runtime pm support"). 6.6.y only backport commit b07f349d1864 ("spi: spi-cadence-quadspi: Fix pm runtime unbalance") and commit 04a8ff1bc351 ("spi: cadence-quadspi: fix cleanup of rx_chan on failure paths"), but does not backport commit 0578a6dbfe75 ("spi: spi-cadence-quadspi: add runtime pm support") and commit 86401132d7bb ("spi: spi-cadence-quadspi: Fix missing unwind goto warnings"). And the backport of commit b07f349d1864 ("spi: spi-cadence-quadspi: Fix pm runtime unbalance") differs with the original patch. So there is Unbalanced pm_runtime_enable error. If revert the backport for commit b07f349d1864 ("spi: spi-cadence-quadspi: Fix pm runtime unbalance") and commit 04a8ff1bc351 ("spi: cadence-quadspi: fix cleanup of rx_chan on failure paths"), there is no error. If backport commit 0578a6dbfe75 ("spi: spi-cadence-quadspi: add runtime pm support") and commit 86401132d7bb ("spi: spi-cadence-quadspi: Fix missing unwind goto warnings"), there is hang during booting. I didn't find the cause of the hang. Since commit 0578a6dbfe75 ("spi: spi-cadence-quadspi: add runtime pm support") and commit 86401132d7bb ("spi: spi-cadence-quadspi: Fix missing unwind goto warnings") are not backported, commit b07f349d1864 ("spi: spi-cadence-quadspi: Fix pm runtime unbalance") and commit 04a8ff1bc351 ("spi: cadence-quadspi: fix cleanup of rx_chan on failure paths") are not needed. So revert commits commit cdfb20e4b34a ("spi: spi-cadence-quadspi: Fix pm runtime unbalance") and commit 1af6d1696ca4 ("spi: cadence-quadspi: fix cleanup of rx_chan on failure paths"). Signed-off-by: Jinfeng Wang <jinfeng.wang.cn(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Kernel builds successfully with patch. Test enviroment overview: Branch linux-6.6.y Tree: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git Hardware: compiled on X86 machine GCC: gcc version 11.4.0 (Ubuntu~20.04) commands: make clean;make allyesconfig; no building error is seen gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04.2) Hardware: compiled on socfpga stratix10 board verified by check the dmesg log and bind/unbind spi and no Unbalanced pm_runtime_enable! error is seen any more. cmds: dmesg | grep "Unbalanced pm_runtime_enable" echo ff8d2000.spi > /sys/bus/platform/drivers/cadence-qspi/unbind echo ff8d2000.spi > /sys/bus/platform/drivers/cadence-qspi/bind --- drivers/spi/spi-cadence-quadspi.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/spi/spi-cadence-quadspi.c b/drivers/spi/spi-cadence-quadspi.c index 7c17b8c0425e..9285a683324f 100644 --- a/drivers/spi/spi-cadence-quadspi.c +++ b/drivers/spi/spi-cadence-quadspi.c @@ -1870,6 +1870,11 @@ static int cqspi_probe(struct platform_device *pdev) pm_runtime_enable(dev); + if (cqspi->rx_chan) { + dma_release_channel(cqspi->rx_chan); + goto probe_setup_failed; + } + ret = spi_register_controller(host); if (ret) { dev_err(&pdev->dev, "failed to register SPI ctlr %d\n", ret); -- 2.25.1

1 week, 6 days

3
3
0 0

[PATCH] drivers/misc/amd-sbi/Kconfig: select REGMAP_I2C

by Max Kellermann

Without CONFIG_REGMAP, rmi-i2c.c fails to build because struct regmap_config is not defined: drivers/misc/amd-sbi/rmi-i2c.c: In function ‘sbrmi_i2c_probe’: drivers/misc/amd-sbi/rmi-i2c.c:57:16: error: variable ‘sbrmi_i2c_regmap_config’ has initializer but incomplete type 57 | struct regmap_config sbrmi_i2c_regmap_config = { | ^~~~~~~~~~~~~ Additionally, CONFIG_REGMAP_I2C is needed for devm_regmap_init_i2c(): ld: drivers/misc/amd-sbi/rmi-i2c.o: in function `sbrmi_i2c_probe': drivers/misc/amd-sbi/rmi-i2c.c:69:(.text+0x1c0): undefined reference to `__devm_regmap_init_i2c' Fixes: 013f7e7131bd ("misc: amd-sbi: Use regmap subsystem") Cc: stable(a)vger.kernel.org Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- drivers/misc/amd-sbi/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/misc/amd-sbi/Kconfig b/drivers/misc/amd-sbi/Kconfig index 4840831c84ca..4aae0733d0fc 100644 --- a/drivers/misc/amd-sbi/Kconfig +++ b/drivers/misc/amd-sbi/Kconfig @@ -2,6 +2,7 @@ config AMD_SBRMI_I2C tristate "AMD side band RMI support" depends on I2C + select REGMAP_I2C help Side band RMI over I2C support for AMD out of band management. -- 2.47.2

1 week, 6 days

2
1
0 0

[PATCH v2 RESEND] media: as102: fix to not free memory after the device is registered in as102_usb_probe()

by Jeongjun Park

In as102_usb driver, the following race condition occurs: ``` CPU0 CPU1 as102_usb_probe() kzalloc(); // alloc as102_dev_t .... usb_register_dev(); open("/path/to/dev"); // open as102 dev .... usb_deregister_dev(); .... kfree(); // free as102_dev_t .... close(fd); as102_release() // UAF!! as102_usb_release() kfree(); // DFB!! ``` When a USB character device registered with usb_register_dev() is later unregistered (via usb_deregister_dev() or disconnect), the device node is removed so new open() calls fail. However, file descriptors that are already open do not go away immediately: they remain valid until the last reference is dropped and the driver's .release() is invoked. In as102, as102_usb_probe() calls usb_register_dev() and then, on an error path, does usb_deregister_dev() and frees as102_dev_t right away. If userspace raced a successful open() before the deregistration, that open FD will later hit as102_release() --> as102_usb_release() and access or free as102_dev_t again, occur a race to use-after-free and double-free vuln. The fix is to never kfree(as102_dev_t) directly once usb_register_dev() has succeeded. After deregistration, defer freeing memory to .release(). In other words, let release() perform the last kfree when the final open FD is closed. Cc: <stable(a)vger.kernel.org> Reported-by: syzbot+47321e8fd5a4c84088db(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=47321e8fd5a4c84088db Fixes: cd19f7d3e39b ("[media] as102: fix leaks at failure paths in as102_usb_probe()") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> --- v2: Fix incorrect patch description style and CC stable mailing list - Link to v1: https://lore.kernel.org/all/20250822143539.1157329-1-aha310510@gmail.com/ --- drivers/media/usb/as102/as102_usb_drv.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/usb/as102/as102_usb_drv.c b/drivers/media/usb/as102/as102_usb_drv.c index e0ef66a522e2..abde5666b2ee 100644 --- a/drivers/media/usb/as102/as102_usb_drv.c +++ b/drivers/media/usb/as102/as102_usb_drv.c @@ -404,6 +404,7 @@ static int as102_usb_probe(struct usb_interface *intf, as102_free_usb_stream_buffer(as102_dev); failed_stream: usb_deregister_dev(intf, &as102_usb_class_driver); + return ret; failed: usb_put_dev(as102_dev->bus_adap.usb_dev); usb_set_intfdata(intf, NULL); --

1 week, 6 days

1
0
0 0

[PATCH v2 RESEND] media: hackrf: fix to not free memory after the device is registered in hackrf_probe()

by Jeongjun Park

In hackrf driver, the following race condition occurs: ``` CPU0 CPU1 hackrf_probe() kzalloc(); // alloc hackrf_dev .... v4l2_device_register(); .... open("/path/to/dev"); // open hackrf dev .... v4l2_device_unregister(); .... kfree(); // free hackrf_dev .... ioctl(fd, ...); v4l2_ioctl(); video_is_registered() // UAF!! .... close(fd); v4l2_release() // UAF!! hackrf_video_release() kfree(); // DFB!! ``` When a V4L2 or video device is unregistered, the device node is removed so new open() calls are blocked. However, file descriptors that are already open-and any in-flight I/O-do not terminate immediately; they remain valid until the last reference is dropped and the driver's release() is invoked. Therefore, freeing device memory on the error path after hackrf_probe() has registered dev it will lead to a race to use-after-free vuln, since those already-open handles haven't been released yet. And since release() free memory too, race to use-after-free and double-free vuln occur. To prevent this, if device is registered from probe(), it should be modified to free memory only through release() rather than calling kfree() directly. Cc: <stable(a)vger.kernel.org> Reported-by: syzbot+6ffd76b5405c006a46b7(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=6ffd76b5405c006a46b7 Reported-by: syzbot+f1b20958f93d2d250727(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=f1b20958f93d2d250727 Fixes: 8bc4a9ed8504 ("[media] hackrf: add support for transmitter") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> --- v2: Fix incorrect patch description style and CC stable mailing list - Link to v1: https://lore.kernel.org/all/20250822142729.1156816-1-aha310510@gmail.com/ --- drivers/media/usb/hackrf/hackrf.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/media/usb/hackrf/hackrf.c b/drivers/media/usb/hackrf/hackrf.c index 0b50de8775a3..d7a84422193d 100644 --- a/drivers/media/usb/hackrf/hackrf.c +++ b/drivers/media/usb/hackrf/hackrf.c @@ -1515,6 +1515,8 @@ static int hackrf_probe(struct usb_interface *intf, video_unregister_device(&dev->rx_vdev); err_v4l2_device_unregister: v4l2_device_unregister(&dev->v4l2_dev); + dev_dbg(&intf->dev, "failed=%d\n", ret); + return ret; err_v4l2_ctrl_handler_free_tx: v4l2_ctrl_handler_free(&dev->tx_ctrl_handler); err_v4l2_ctrl_handler_free_rx: --

1 week, 6 days

1
0
0 0

[PATCH] perf/x86/intel: Fix KASAN global-out-of-bounds warning

by Dapeng Mi

When running "perf mem record" command on CWF, the below KASAN global-out-of-bounds warning is seen. 196.273657] ================================================================== [ 196.273662] BUG: KASAN: global-out-of-bounds in cmt_latency_data+0x176/0x1b0 [ 196.273669] Read of size 4 at addr ffffffffb721d000 by task dtlb/9850 [ 196.273676] CPU: 126 UID: 0 PID: 9850 Comm: dtlb Kdump: loaded Not tainted 6.17.0-rc3-2025-08-29-intel-next-34160-g316938187eb0 #1 PREEMPT(none) [ 196.273680] Hardware name: Intel Corporation AvenueCity/AvenueCity, BIOS BHSDCRB1.IPC.3544.P83.2507110208 07/11/2025 [ 196.273682] Call Trace: [ 196.273683] <NMI> [ 196.273684] dump_stack_lvl+0x55/0x70 [ 196.273689] print_address_description.constprop.0+0x2c/0x3d0 [ 196.273694] ? cmt_latency_data+0x176/0x1b0 [ 196.273696] print_report+0xb4/0x270 [ 196.273699] ? kasan_addr_to_slab+0xd/0xa0 [ 196.273702] kasan_report+0xb8/0xf0 [ 196.273705] ? cmt_latency_data+0x176/0x1b0 [ 196.273707] cmt_latency_data+0x176/0x1b0 [ 196.273710] setup_arch_pebs_sample_data+0xf49/0x2560 [ 196.273713] intel_pmu_drain_arch_pebs+0x577/0xb00 [ 196.273716] ? __pfx_intel_pmu_drain_arch_pebs+0x10/0x10 [ 196.273719] ? perf_output_begin+0x3e4/0xa10 [ 196.273724] ? intel_pmu_drain_bts_buffer+0xc2/0x6a0 [ 196.273727] ? __pfx_intel_pmu_drain_bts_buffer+0x10/0x10 [ 196.273730] handle_pmi_common+0x6c4/0xc80 [ 196.273734] ? __pfx_handle_pmi_common+0x10/0x10 [ 196.273738] ? intel_bts_interrupt+0xd3/0x4d0 [ 196.273740] ? __pfx_intel_bts_interrupt+0x10/0x10 [ 196.273742] ? intel_pmu_lbr_enable_all+0x25/0x150 [ 196.273745] intel_pmu_handle_irq+0x388/0x700 [ 196.273748] perf_event_nmi_handler+0xff/0x150 [ 196.273751] nmi_handle.part.0+0xa8/0x2d0 [ 196.273755] ? perf_output_begin+0x3e9/0xa10 [ 196.273757] default_do_nmi+0x79/0x1a0 [ 196.273760] fred_exc_nmi+0x40/0x90 [ 196.273762] asm_fred_entrypoint_kernel+0x45/0x60 [ 196.273765] RIP: 0010:perf_output_begin+0x3e9/0xa10 [ 196.273768] Code: 54 24 1c 85 d2 0f 85 19 03 00 00 48 8b 44 24 18 48 c1 e8 03 42 0f b6 04 28 84 c0 74 08 3c 03 0f 8e 25 05 00 00 41 8b 44 24 18 <c1> e0 0c 48 98 48 83 e8 01 80 7c 24 2a 00 0f 85 f9 02 00 00 4c 29 [ 196.273770] RSP: 0018:ffffc9001cf575e8 EFLAGS: 00000246 [ 196.273774] RAX: 0000000000000080 RBX: ffff88c1a0f95028 RCX: 0000000000000004 [ 196.273775] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88c08c8f9408 [ 196.273777] RBP: 0000000000000028 R08: 0000000000000000 R09: ffffed18341f2a05 [ 196.273778] R10: ffff88c1a0f9502f R11: ffff88c1a0dbe1b8 R12: ffff88c1a0f95000 [ 196.273779] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc9001cf577e0 [ 196.273782] </NMI> The issue is caused by below code in __grt_latency_data(). The code tries to access x86_hybrid_pmu structure which doesn't exist on non-hybrid platform like CWF. WARN_ON_ONCE(hybrid_pmu(event->pmu)->pmu_type == hybrid_big) So add is_hybrid() check before calling this WARN_ON_ONCE to fix the global-out-of-bounds access issue. Reported-by: Xudong Hao <xudong.hao(a)intel.com> Cc: stable(a)vger.kernel.org Fixes: 090262439f66 ("perf/x86/intel: Rename model-specific pebs_latency_data functions") Signed-off-by: Dapeng Mi <dapeng1.mi(a)linux.intel.com> --- arch/x86/events/intel/ds.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/events/intel/ds.c b/arch/x86/events/intel/ds.c index c0b7ac1c7594..d1ac1f1ceee9 100644 --- a/arch/x86/events/intel/ds.c +++ b/arch/x86/events/intel/ds.c @@ -317,7 +317,7 @@ static u64 __grt_latency_data(struct perf_event *event, u64 status, { u64 val; - WARN_ON_ONCE(hybrid_pmu(event->pmu)->pmu_type == hybrid_big); + WARN_ON_ONCE(is_hybrid() && hybrid_pmu(event->pmu)->pmu_type == hybrid_big); dse &= PERF_PEBS_DATA_SOURCE_GRT_MASK; val = hybrid_var(event->pmu, pebs_data_source)[dse]; base-commit: 16ed389227651330879e17bd83d43bd234006722 -- 2.34.1

1 week, 6 days

1
0
0 0

[merged mm-hotfixes-stable] mm-memory-failure-fix-redundant-updates-for-already-poisoned-pages.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/memory-failure: fix redundant updates for already poisoned pages has been removed from the -mm tree. Its filename was mm-memory-failure-fix-redundant-updates-for-already-poisoned-pages.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kyle Meyer <kyle.meyer(a)hpe.com> Subject: mm/memory-failure: fix redundant updates for already poisoned pages Date: Thu, 28 Aug 2025 13:38:20 -0500 Duplicate memory errors can be reported by multiple sources. Passing an already poisoned page to action_result() causes issues: * The amount of hardware corrupted memory is incorrectly updated. * Per NUMA node MF stats are incorrectly updated. * Redundant "already poisoned" messages are printed. Avoid those issues by: * Skipping hardware corrupted memory updates for already poisoned pages. * Skipping per NUMA node MF stats updates for already poisoned pages. * Dropping redundant "already poisoned" messages. Make MF_MSG_ALREADY_POISONED consistent with other action_page_types and make calls to action_result() consistent for already poisoned normal pages and huge pages. Link: https://lkml.kernel.org/r/aLCiHMy12Ck3ouwC@hpe.com Fixes: b8b9488d50b7 ("mm/memory-failure: improve memory failure action_result messages") Signed-off-by: Kyle Meyer <kyle.meyer(a)hpe.com> Reviewed-by: Jiaqi Yan <jiaqiyan(a)google.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Jane Chu <jane.chu(a)oracle.com> Acked-by: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Borislav Betkov <bp(a)alien8.de> Cc: Kyle Meyer <kyle.meyer(a)hpe.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: "Luck, Tony" <tony.luck(a)intel.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Russ Anderson <russ.anderson(a)hpe.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) --- a/mm/memory-failure.c~mm-memory-failure-fix-redundant-updates-for-already-poisoned-pages +++ a/mm/memory-failure.c @@ -956,7 +956,7 @@ static const char * const action_page_ty [MF_MSG_BUDDY] = "free buddy page", [MF_MSG_DAX] = "dax page", [MF_MSG_UNSPLIT_THP] = "unsplit thp", - [MF_MSG_ALREADY_POISONED] = "already poisoned", + [MF_MSG_ALREADY_POISONED] = "already poisoned page", [MF_MSG_UNKNOWN] = "unknown page", }; @@ -1349,9 +1349,10 @@ static int action_result(unsigned long p { trace_memory_failure_event(pfn, type, result); - num_poisoned_pages_inc(pfn); - - update_per_node_mf_stats(pfn, result); + if (type != MF_MSG_ALREADY_POISONED) { + num_poisoned_pages_inc(pfn); + update_per_node_mf_stats(pfn, result); + } pr_err("%#lx: recovery action for %s: %s\n", pfn, action_page_types[type], action_name[result]); @@ -2094,12 +2095,11 @@ retry: *hugetlb = 0; return 0; } else if (res == -EHWPOISON) { - pr_err("%#lx: already hardware poisoned\n", pfn); if (flags & MF_ACTION_REQUIRED) { folio = page_folio(p); res = kill_accessing_process(current, folio_pfn(folio), flags); - action_result(pfn, MF_MSG_ALREADY_POISONED, MF_FAILED); } + action_result(pfn, MF_MSG_ALREADY_POISONED, MF_FAILED); return res; } else if (res == -EBUSY) { if (!(flags & MF_NO_RETRY)) { @@ -2285,7 +2285,6 @@ try_again: goto unlock_mutex; if (TestSetPageHWPoison(p)) { - pr_err("%#lx: already hardware poisoned\n", pfn); res = -EHWPOISON; if (flags & MF_ACTION_REQUIRED) res = kill_accessing_process(current, pfn, flags); _ Patches currently in -mm which might be from kyle.meyer(a)hpe.com are

1 week, 6 days

1
0
0 0

[merged mm-hotfixes-stable] s390-kexec-initialize-kexec_buf-struct.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: s390: kexec: initialize kexec_buf struct has been removed from the -mm tree. Its filename was s390-kexec-initialize-kexec_buf-struct.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Breno Leitao <leitao(a)debian.org> Subject: s390: kexec: initialize kexec_buf struct Date: Wed, 27 Aug 2025 03:42:23 -0700 The kexec_buf structure was previously declared without initialization. commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly") added a field that is always read but not consistently populated by all architectures. This un-initialized field will contain garbage. This is also triggering a UBSAN warning when the uninitialized data was accessed: ------------[ cut here ]------------ UBSAN: invalid-load in ./include/linux/kexec.h:210:10 load of value 252 is not a valid value for type '_Bool' Zero-initializing kexec_buf at declaration ensures all fields are cleanly set, preventing future instances of uninitialized memory being used. Link: https://lkml.kernel.org/r/20250827-kbuf_all-v1-3-1df9882bb01a@debian.org Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf randomly") Signed-off-by: Breno Leitao <leitao(a)debian.org> Cc: Albert Ou <aou(a)eecs.berkeley.edu> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Alexandre Ghiti <alex(a)ghiti.fr> Cc: Baoquan He <bhe(a)redhat.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com> Cc: Coiby Xu <coxu(a)redhat.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Palmer Dabbelt <palmer(a)dabbelt.com> Cc: Paul Walmsley <paul.walmsley(a)sifive.com> Cc: Sven Schnelle <svens(a)linux.ibm.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: Will Deacon <will(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/s390/kernel/kexec_elf.c | 2 +- arch/s390/kernel/kexec_image.c | 2 +- arch/s390/kernel/machine_kexec_file.c | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) --- a/arch/s390/kernel/kexec_elf.c~s390-kexec-initialize-kexec_buf-struct +++ a/arch/s390/kernel/kexec_elf.c @@ -16,7 +16,7 @@ static int kexec_file_add_kernel_elf(struct kimage *image, struct s390_load_data *data) { - struct kexec_buf buf; + struct kexec_buf buf = {}; const Elf_Ehdr *ehdr; const Elf_Phdr *phdr; Elf_Addr entry; --- a/arch/s390/kernel/kexec_image.c~s390-kexec-initialize-kexec_buf-struct +++ a/arch/s390/kernel/kexec_image.c @@ -16,7 +16,7 @@ static int kexec_file_add_kernel_image(struct kimage *image, struct s390_load_data *data) { - struct kexec_buf buf; + struct kexec_buf buf = {}; buf.image = image; --- a/arch/s390/kernel/machine_kexec_file.c~s390-kexec-initialize-kexec_buf-struct +++ a/arch/s390/kernel/machine_kexec_file.c @@ -129,7 +129,7 @@ static int kexec_file_update_purgatory(s static int kexec_file_add_purgatory(struct kimage *image, struct s390_load_data *data) { - struct kexec_buf buf; + struct kexec_buf buf = {}; int ret; buf.image = image; @@ -152,7 +152,7 @@ static int kexec_file_add_purgatory(stru static int kexec_file_add_initrd(struct kimage *image, struct s390_load_data *data) { - struct kexec_buf buf; + struct kexec_buf buf = {}; int ret; buf.image = image; @@ -184,7 +184,7 @@ static int kexec_file_add_ipl_report(str { __u32 *lc_ipl_parmblock_ptr; unsigned int len, ncerts; - struct kexec_buf buf; + struct kexec_buf buf = {}; unsigned long addr; void *ptr, *end; int ret; _ Patches currently in -mm which might be from leitao(a)debian.org are

1 week, 6 days

1
0
0 0

[merged mm-hotfixes-stable] riscv-kexec-initialize-kexec_buf-struct.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: riscv: kexec: initialize kexec_buf struct has been removed from the -mm tree. Its filename was riscv-kexec-initialize-kexec_buf-struct.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Breno Leitao <leitao(a)debian.org> Subject: riscv: kexec: initialize kexec_buf struct Date: Wed, 27 Aug 2025 03:42:22 -0700 The kexec_buf structure was previously declared without initialization. commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly") added a field that is always read but not consistently populated by all architectures. This un-initialized field will contain garbage. This is also triggering a UBSAN warning when the uninitialized data was accessed: ------------[ cut here ]------------ UBSAN: invalid-load in ./include/linux/kexec.h:210:10 load of value 252 is not a valid value for type '_Bool' Zero-initializing kexec_buf at declaration ensures all fields are cleanly set, preventing future instances of uninitialized memory being used. Link: https://lkml.kernel.org/r/20250827-kbuf_all-v1-2-1df9882bb01a@debian.org Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf randomly") Signed-off-by: Breno Leitao <leitao(a)debian.org> Cc: Albert Ou <aou(a)eecs.berkeley.edu> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Alexandre Ghiti <alex(a)ghiti.fr> Cc: Baoquan He <bhe(a)redhat.com> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com> Cc: Coiby Xu <coxu(a)redhat.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Palmer Dabbelt <palmer(a)dabbelt.com> Cc: Paul Walmsley <paul.walmsley(a)sifive.com> Cc: Sven Schnelle <svens(a)linux.ibm.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: Will Deacon <will(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/riscv/kernel/kexec_elf.c | 4 ++-- arch/riscv/kernel/kexec_image.c | 2 +- arch/riscv/kernel/machine_kexec_file.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) --- a/arch/riscv/kernel/kexec_elf.c~riscv-kexec-initialize-kexec_buf-struct +++ a/arch/riscv/kernel/kexec_elf.c @@ -28,7 +28,7 @@ static int riscv_kexec_elf_load(struct k int i; int ret = 0; size_t size; - struct kexec_buf kbuf; + struct kexec_buf kbuf = {}; const struct elf_phdr *phdr; kbuf.image = image; @@ -66,7 +66,7 @@ static int elf_find_pbase(struct kimage { int i; int ret; - struct kexec_buf kbuf; + struct kexec_buf kbuf = {}; const struct elf_phdr *phdr; unsigned long lowest_paddr = ULONG_MAX; unsigned long lowest_vaddr = ULONG_MAX; --- a/arch/riscv/kernel/kexec_image.c~riscv-kexec-initialize-kexec_buf-struct +++ a/arch/riscv/kernel/kexec_image.c @@ -41,7 +41,7 @@ static void *image_load(struct kimage *i struct riscv_image_header *h; u64 flags; bool be_image, be_kernel; - struct kexec_buf kbuf; + struct kexec_buf kbuf = {}; int ret; /* Check Image header */ --- a/arch/riscv/kernel/machine_kexec_file.c~riscv-kexec-initialize-kexec_buf-struct +++ a/arch/riscv/kernel/machine_kexec_file.c @@ -261,7 +261,7 @@ int load_extra_segments(struct kimage *i int ret; void *fdt; unsigned long initrd_pbase = 0UL; - struct kexec_buf kbuf; + struct kexec_buf kbuf = {}; char *modified_cmdline = NULL; kbuf.image = image; _ Patches currently in -mm which might be from leitao(a)debian.org are

1 week, 6 days

1
0
0 0

[merged mm-hotfixes-stable] arm64-kexec-initialize-kexec_buf-struct-in-load_other_segments.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: arm64: kexec: initialize kexec_buf struct in load_other_segments() has been removed from the -mm tree. Its filename was arm64-kexec-initialize-kexec_buf-struct-in-load_other_segments.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Breno Leitao <leitao(a)debian.org> Subject: arm64: kexec: initialize kexec_buf struct in load_other_segments() Date: Wed, 27 Aug 2025 03:42:21 -0700 Patch series "kexec: Fix invalid field access". The kexec_buf structure was previously declared without initialization. commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly") added a field that is always read but not consistently populated by all architectures. This un-initialized field will contain garbage. This is also triggering a UBSAN warning when the uninitialized data was accessed: ------------[ cut here ]------------ UBSAN: invalid-load in ./include/linux/kexec.h:210:10 load of value 252 is not a valid value for type '_Bool' Zero-initializing kexec_buf at declaration ensures all fields are cleanly set, preventing future instances of uninitialized memory being used. An initial fix was already landed for arm64[0], and this patchset fixes the problem on the remaining arm64 code and on riscv, as raised by Mark. Discussions about this problem could be found at[1][2]. This patch (of 3): The kexec_buf structure was previously declared without initialization. commit bf454ec31add ("kexec_file: allow to place kexec_buf randomly") added a field that is always read but not consistently populated by all architectures. This un-initialized field will contain garbage. This is also triggering a UBSAN warning when the uninitialized data was accessed: ------------[ cut here ]------------ UBSAN: invalid-load in ./include/linux/kexec.h:210:10 load of value 252 is not a valid value for type '_Bool' Zero-initializing kexec_buf at declaration ensures all fields are cleanly set, preventing future instances of uninitialized memory being used. Link: https://lkml.kernel.org/r/20250827-kbuf_all-v1-0-1df9882bb01a@debian.org Link: https://lkml.kernel.org/r/20250827-kbuf_all-v1-1-1df9882bb01a@debian.org Link: https://lore.kernel.org/all/20250826180742.f2471131255ec1c43683ea07@linux-f… [0] Link: https://lore.kernel.org/all/oninomspajhxp4omtdapxnckxydbk2nzmrix7rggmpukpnz… [1] Link: https://lore.kernel.org/all/20250826-akpm-v1-1-3c831f0e3799@debian.org/ [2] Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf randomly") Signed-off-by: Breno Leitao <leitao(a)debian.org> Acked-by: Baoquan He <bhe(a)redhat.com> Cc: Albert Ou <aou(a)eecs.berkeley.edu> Cc: Alexander Gordeev <agordeev(a)linux.ibm.com> Cc: Alexandre Ghiti <alex(a)ghiti.fr> Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Christian Borntraeger <borntraeger(a)linux.ibm.com> Cc: Coiby Xu <coxu(a)redhat.com> Cc: Heiko Carstens <hca(a)linux.ibm.com> Cc: Palmer Dabbelt <palmer(a)dabbelt.com> Cc: Paul Walmsley <paul.walmsley(a)sifive.com> Cc: Sven Schnelle <svens(a)linux.ibm.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: Will Deacon <will(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/arm64/kernel/machine_kexec_file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/arm64/kernel/machine_kexec_file.c~arm64-kexec-initialize-kexec_buf-struct-in-load_other_segments +++ a/arch/arm64/kernel/machine_kexec_file.c @@ -94,7 +94,7 @@ int load_other_segments(struct kimage *i char *initrd, unsigned long initrd_len, char *cmdline) { - struct kexec_buf kbuf; + struct kexec_buf kbuf = {}; void *dtb = NULL; unsigned long initrd_load_addr = 0, dtb_len, orig_segments = image->nr_segments; _ Patches currently in -mm which might be from leitao(a)debian.org are

1 week, 6 days

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-reclaim-avoid-divide-by-zero-in-damon_reclaim_apply_parameters.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() has been removed from the -mm tree. Its filename was mm-damon-reclaim-avoid-divide-by-zero-in-damon_reclaim_apply_parameters.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Quanmin Yan <yanquanmin1(a)huawei.com> Subject: mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() Date: Wed, 27 Aug 2025 19:58:58 +0800 When creating a new scheme of DAMON_RECLAIM, the calculation of 'min_age_region' uses 'aggr_interval' as the divisor, which may lead to division-by-zero errors. Fix it by directly returning -EINVAL when such a case occurs. Link: https://lkml.kernel.org/r/20250827115858.1186261-3-yanquanmin1@huawei.com Fixes: f5a79d7c0c87 ("mm/damon: introduce struct damos_access_pattern") Signed-off-by: Quanmin Yan <yanquanmin1(a)huawei.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: ze zuo <zuoze1(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.1+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/reclaim.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/mm/damon/reclaim.c~mm-damon-reclaim-avoid-divide-by-zero-in-damon_reclaim_apply_parameters +++ a/mm/damon/reclaim.c @@ -194,6 +194,11 @@ static int damon_reclaim_apply_parameter if (err) return err; + if (!damon_reclaim_mon_attrs.aggr_interval) { + err = -EINVAL; + goto out; + } + err = damon_set_attrs(param_ctx, &damon_reclaim_mon_attrs); if (err) goto out; _ Patches currently in -mm which might be from yanquanmin1(a)huawei.com are mm-damon-add-damon_ctx-min_sz_region.patch

1 week, 6 days

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-lru_sort-avoid-divide-by-zero-in-damon_lru_sort_apply_parameters.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() has been removed from the -mm tree. Its filename was mm-damon-lru_sort-avoid-divide-by-zero-in-damon_lru_sort_apply_parameters.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Quanmin Yan <yanquanmin1(a)huawei.com> Subject: mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() Date: Wed, 27 Aug 2025 19:58:57 +0800 Patch series "mm/damon: avoid divide-by-zero in DAMON module's parameters application". DAMON's RECLAIM and LRU_SORT modules perform no validation on user-configured parameters during application, which may lead to division-by-zero errors. Avoid the divide-by-zero by adding validation checks when DAMON modules attempt to apply the parameters. This patch (of 2): During the calculation of 'hot_thres' and 'cold_thres', either 'sample_interval' or 'aggr_interval' is used as the divisor, which may lead to division-by-zero errors. Fix it by directly returning -EINVAL when such a case occurs. Additionally, since 'aggr_interval' is already required to be set no smaller than 'sample_interval' in damon_set_attrs(), only the case where 'sample_interval' is zero needs to be checked. Link: https://lkml.kernel.org/r/20250827115858.1186261-2-yanquanmin1@huawei.com Fixes: 40e983cca927 ("mm/damon: introduce DAMON-based LRU-lists Sorting") Signed-off-by: Quanmin Yan <yanquanmin1(a)huawei.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: Kefeng Wang <wangkefeng.wang(a)huawei.com> Cc: ze zuo <zuoze1(a)huawei.com> Cc: <stable(a)vger.kernel.org> [6.0+] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/lru_sort.c | 5 +++++ 1 file changed, 5 insertions(+) --- a/mm/damon/lru_sort.c~mm-damon-lru_sort-avoid-divide-by-zero-in-damon_lru_sort_apply_parameters +++ a/mm/damon/lru_sort.c @@ -198,6 +198,11 @@ static int damon_lru_sort_apply_paramete if (err) return err; + if (!damon_lru_sort_mon_attrs.sample_interval) { + err = -EINVAL; + goto out; + } + err = damon_set_attrs(ctx, &damon_lru_sort_mon_attrs); if (err) goto out; _ Patches currently in -mm which might be from yanquanmin1(a)huawei.com are mm-damon-add-damon_ctx-min_sz_region.patch

1 week, 6 days

1
0
0 0

[merged mm-hotfixes-stable] mm-damon-core-set-quota-charged_from-to-jiffies-at-first-charge-window.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/damon/core: set quota->charged_from to jiffies at first charge window has been removed from the -mm tree. Its filename was mm-damon-core-set-quota-charged_from-to-jiffies-at-first-charge-window.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Sang-Heon Jeon <ekffu200098(a)gmail.com> Subject: mm/damon/core: set quota->charged_from to jiffies at first charge window Date: Fri, 22 Aug 2025 11:50:57 +0900 Kernel initializes the "jiffies" timer as 5 minutes below zero, as shown in include/linux/jiffies.h /* * Have the 32 bit jiffies value wrap 5 minutes after boot * so jiffies wrap bugs show up earlier. */ #define INITIAL_JIFFIES ((unsigned long)(unsigned int) (-300*HZ)) And jiffies comparison help functions cast unsigned value to signed to cover wraparound #define time_after_eq(a,b) \ (typecheck(unsigned long, a) && \ typecheck(unsigned long, b) && \ ((long)((a) - (b)) >= 0)) When quota->charged_from is initialized to 0, time_after_eq() can incorrectly return FALSE even after reset_interval has elapsed. This occurs when (jiffies - reset_interval) produces a value with MSB=1, which is interpreted as negative in signed arithmetic. This issue primarily affects 32-bit systems because: On 64-bit systems: MSB=1 values occur after ~292 million years from boot (assuming HZ=1000), almost impossible. On 32-bit systems: MSB=1 values occur during the first 5 minutes after boot, and the second half of every jiffies wraparound cycle, starting from day 25 (assuming HZ=1000) When above unexpected FALSE return from time_after_eq() occurs, the charging window will not reset. The user impact depends on esz value at that time. If esz is 0, scheme ignores configured quotas and runs without any limits. If esz is not 0, scheme stops working once the quota is exhausted. It remains until the charging window finally resets. So, change quota->charged_from to jiffies at damos_adjust_quota() when it is considered as the first charge window. By this change, we can avoid unexpected FALSE return from time_after_eq() Link: https://lkml.kernel.org/r/20250822025057.1740854-1-ekffu200098@gmail.com Fixes: 2b8a248d5873 ("mm/damon/schemes: implement size quota for schemes application speed control") # 5.16 Signed-off-by: Sang-Heon Jeon <ekffu200098(a)gmail.com> Reviewed-by: SeongJae Park <sj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/core.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/mm/damon/core.c~mm-damon-core-set-quota-charged_from-to-jiffies-at-first-charge-window +++ a/mm/damon/core.c @@ -2111,6 +2111,10 @@ static void damos_adjust_quota(struct da if (!quota->ms && !quota->sz && list_empty(&quota->goals)) return; + /* First charge window */ + if (!quota->total_charged_sz && !quota->charged_from) + quota->charged_from = jiffies; + /* New charge window starts */ if (time_after_eq(jiffies, quota->charged_from + msecs_to_jiffies(quota->reset_interval))) { _ Patches currently in -mm which might be from ekffu200098(a)gmail.com are mm-damon-update-expired-description-of-damos_action.patch docs-mm-damon-design-fix-typo-s-sz_trtied-sz_tried.patch selftests-damon-test-no-op-commit-broke-damon-status.patch selftests-damon-test-no-op-commit-broke-damon-status-fix.patch mm-damon-tests-core-kunit-add-damos_commit_filter-test.patch

1 week, 6 days

1
0
0 0

[merged mm-hotfixes-stable] mm-hugetlb-add-missing-hugetlb_lock-in-__unmap_hugepage_range.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/hugetlb: add missing hugetlb_lock in __unmap_hugepage_range() has been removed from the -mm tree. Its filename was mm-hugetlb-add-missing-hugetlb_lock-in-__unmap_hugepage_range.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Jeongjun Park <aha310510(a)gmail.com> Subject: mm/hugetlb: add missing hugetlb_lock in __unmap_hugepage_range() Date: Sun, 24 Aug 2025 03:21:15 +0900 When restoring a reservation for an anonymous page, we need to check to freeing a surplus. However, __unmap_hugepage_range() causes data race because it reads h->surplus_huge_pages without the protection of hugetlb_lock. And adjust_reservation is a boolean variable that indicates whether reservations for anonymous pages in each folio should be restored. Therefore, it should be initialized to false for each round of the loop. However, this variable is not initialized to false except when defining the current adjust_reservation variable. This means that once adjust_reservation is set to true even once within the loop, reservations for anonymous pages will be restored unconditionally in all subsequent rounds, regardless of the folio's state. To fix this, we need to add the missing hugetlb_lock, unlock the page_table_lock earlier so that we don't lock the hugetlb_lock inside the page_table_lock lock, and initialize adjust_reservation to false on each round within the loop. Link: https://lkml.kernel.org/r/20250823182115.1193563-1-aha310510@gmail.com Fixes: df7a6d1f6405 ("mm/hugetlb: restore the reservation if needed") Signed-off-by: Jeongjun Park <aha310510(a)gmail.com> Reported-by: syzbot+417aeb05fd190f3a6da9(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=417aeb05fd190f3a6da9 Reviewed-by: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Cc: Breno Leitao <leitao(a)debian.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/hugetlb.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) --- a/mm/hugetlb.c~mm-hugetlb-add-missing-hugetlb_lock-in-__unmap_hugepage_range +++ a/mm/hugetlb.c @@ -5851,7 +5851,7 @@ void __unmap_hugepage_range(struct mmu_g spinlock_t *ptl; struct hstate *h = hstate_vma(vma); unsigned long sz = huge_page_size(h); - bool adjust_reservation = false; + bool adjust_reservation; unsigned long last_addr_mask; bool force_flush = false; @@ -5944,6 +5944,7 @@ void __unmap_hugepage_range(struct mmu_g sz); hugetlb_count_sub(pages_per_huge_page(h), mm); hugetlb_remove_rmap(folio); + spin_unlock(ptl); /* * Restore the reservation for anonymous page, otherwise the @@ -5951,14 +5952,16 @@ void __unmap_hugepage_range(struct mmu_g * If there we are freeing a surplus, do not set the restore * reservation bit. */ + adjust_reservation = false; + + spin_lock_irq(&hugetlb_lock); if (!h->surplus_huge_pages && __vma_private_lock(vma) && folio_test_anon(folio)) { folio_set_hugetlb_restore_reserve(folio); /* Reservation to be adjusted after the spin lock */ adjust_reservation = true; } - - spin_unlock(ptl); + spin_unlock_irq(&hugetlb_lock); /* * Adjust the reservation for the region that will have the _ Patches currently in -mm which might be from aha310510(a)gmail.com are

1 week, 6 days

1
0
0 0

[merged mm-hotfixes-stable] mm-khugepaged-fix-the-address-passed-to-notifier-on-testing-young.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/khugepaged: fix the address passed to notifier on testing young has been removed from the -mm tree. Its filename was mm-khugepaged-fix-the-address-passed-to-notifier-on-testing-young.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Wei Yang <richard.weiyang(a)gmail.com> Subject: mm/khugepaged: fix the address passed to notifier on testing young Date: Fri, 22 Aug 2025 06:33:18 +0000 Commit 8ee53820edfd ("thp: mmu_notifier_test_young") introduced mmu_notifier_test_young(), but we are passing the wrong address. In xxx_scan_pmd(), the actual iteration address is "_address" not "address". We seem to misuse the variable on the very beginning. Change it to the right one. [akpm(a)linux-foundation.org fix whitespace, per everyone] Link: https://lkml.kernel.org/r/20250822063318.11644-1-richard.weiyang@gmail.com Fixes: 8ee53820edfd ("thp: mmu_notifier_test_young") Signed-off-by: Wei Yang <richard.weiyang(a)gmail.com> Reviewed-by: Dev Jain <dev.jain(a)arm.com> Reviewed-by: Zi Yan <ziy(a)nvidia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Nico Pache <npache(a)redhat.com> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Barry Song <baohua(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/khugepaged.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/mm/khugepaged.c~mm-khugepaged-fix-the-address-passed-to-notifier-on-testing-young +++ a/mm/khugepaged.c @@ -1417,8 +1417,8 @@ static int hpage_collapse_scan_pmd(struc */ if (cc->is_khugepaged && (pte_young(pteval) || folio_test_young(folio) || - folio_test_referenced(folio) || mmu_notifier_test_young(vma->vm_mm, - address))) + folio_test_referenced(folio) || + mmu_notifier_test_young(vma->vm_mm, _address))) referenced++; } if (!writable) { _ Patches currently in -mm which might be from richard.weiyang(a)gmail.com are mm-rmap-do-__folio_mod_stat-in-__folio_add_rmap.patch selftests-mm-do-check_huge_anon-with-a-number-been-passed-in.patch mm-rmap-not-necessary-to-mask-off-folio_pages_mapped.patch mm-rmap-use-folio_large_nr_pages-when-we-are-sure-it-is-a-large-folio.patch selftests-mm-put-general-ksm-operation-into-vm_util.patch selftests-mm-test-that-rmap-behave-as-expected.patch mm-khugepaged-use-list_xxx-helper-to-improve-readability.patch mm-page_alloc-use-xxx_pageblock_isolate-for-better-reading.patch mm-pageblock-flags-remove-pb_migratetype_bits-pb_migrate_end.patch mm-page_alloc-find_large_buddy-from-start_pfn-aligned-order.patch mm-page_alloc-find_large_buddy-from-start_pfn-aligned-order-v2.patch

1 week, 6 days

1
0
0 0

[alternative-merged] arm64-kexec-initialize-kexec_buf-struct-in-image_load.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: arm64: kexec: initialize kexec_buf struct in image_load() has been removed from the -mm tree. Its filename was arm64-kexec-initialize-kexec_buf-struct-in-image_load.patch This patch was dropped because an alternative patch was or shall be merged ------------------------------------------------------ From: Breno Leitao <leitao(a)debian.org> Subject: arm64: kexec: initialize kexec_buf struct in image_load() Date: Tue, 26 Aug 2025 05:08:51 -0700 The kexec_buf structure was previously declared without initialization in image_load(). This led to a UBSAN warning when the structure was expanded and uninitialized fields were accessed [1]. Zero-initializing kexec_buf at declaration ensures all fields are cleanly set, preventing future instances of uninitialized memory being used. Fixes this UBSAN warning: [ 32.362488] UBSAN: invalid-load in ./include/linux/kexec.h:210:10 [ 32.362649] load of value 252 is not a valid value for type '_Bool' Andrew Morton suggested that this function is only called 3x a week[2], thus, the memset() cost is inexpensive. Link: https://lore.kernel.org/all/oninomspajhxp4omtdapxnckxydbk2nzmrix7rggmpukpnz… [1] Link: https://lore.kernel.org/all/20250825180531.94bfb86a26a43127c0a1296f@linux-f… [2] Link: https://lkml.kernel.org/r/20250826-akpm-v1-1-3c831f0e3799@debian.org Fixes: bf454ec31add ("kexec_file: allow to place kexec_buf randomly") Signed-off-by: Breno Leitao <leitao(a)debian.org> Suggested-by: Andrew Morton <akpm(a)linux-foundation.org> Cc: Mark Rutland <mark.rutland(a)arm.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Coiby Xu <coxu(a)redhat.com> Cc: "Daniel P. Berrange" <berrange(a)redhat.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Dave Young <dyoung(a)redhat.com> Cc: Kairui Song <ryncsn(a)gmail.com> Cc: Liu Pingfan <kernelfans(a)gmail.com> Cc: Milan Broz <gmazyland(a)gmail.com> Cc: Ondrej Kozina <okozina(a)redhat.com> Cc: Vitaly Kuznetsov <vkuznets(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/arm64/kernel/kexec_image.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/arm64/kernel/kexec_image.c~arm64-kexec-initialize-kexec_buf-struct-in-image_load +++ a/arch/arm64/kernel/kexec_image.c @@ -41,7 +41,7 @@ static void *image_load(struct kimage *i struct arm64_image_header *h; u64 flags, value; bool be_image, be_kernel; - struct kexec_buf kbuf; + struct kexec_buf kbuf = {}; unsigned long text_offset, kernel_segment_number; struct kexec_segment *kernel_segment; int ret; _ Patches currently in -mm which might be from leitao(a)debian.org are arm64-kexec-initialize-kexec_buf-struct-in-load_other_segments.patch riscv-kexec-initialize-kexec_buf-struct.patch s390-kexec-initialize-kexec_buf-struct.patch

1 week, 6 days

1
0
0 0

[PATCH v7 03/12] i2c: rtl9300: remove broken SMBus Quick operation support

by Jonas Jelonek

Remove the SMBus Quick operation from this driver because it is not natively supported by the hardware and is wrongly implemented in the driver. The I2C controllers in Realtek RTL9300 and RTL9310 are SMBus-compliant but there doesn't seem to be native support for the SMBus Quick operation. It is not explicitly mentioned in the documentation but looking at the registers which configure an SMBus transaction, one can see that the data length cannot be set to 0. This suggests that the hardware doesn't allow any SMBus message without data bytes (except for those it does on it's own, see SMBus Block Read). The current implementation of SMBus Quick operation passes a length of 0 (which is actually invalid). Before the fix of a bug in a previous commit, this led to a read operation of 16 bytes from any register (the one of a former transaction or any other value. This caused issues like soft-bricked SFP modules after a simple probe with i2cdetect which uses Quick by default. Running this with SFP modules whose EEPROM isn't write-protected, some of the initial bytes are overwritten because a 16-byte write operation is executed instead of a Quick Write. (This temporarily soft-bricked one of my DAC cables.) Because SMBus Quick operation is obviously not supported on these controllers (because a length of 0 cannot be set, even when no register address is set), remove that instead of claiming there is support. There also shouldn't be any kind of emulated 'Quick' which just does another kind of operation in the background. Otherwise, specific issues occur in case of a 'Quick' Write which actually writes unknown data to an unknown register. Fixes: c366be720235 ("i2c: Add driver for the RTL9300 I2C controller") Cc: <stable(a)vger.kernel.org> # v6.13+ Signed-off-by: Jonas Jelonek <jelonek.jonas(a)gmail.com> Tested-by: Sven Eckelmann <sven(a)narfation.org> Reviewed-by: Chris Packham <chris.packham(a)alliedtelesis.co.nz> Tested-by: Chris Packham <chris.packham(a)alliedtelesis.co.nz> # On RTL9302C based board Tested-by: Markus Stockhausen <markus.stockhausen(a)gmx.de> --- drivers/i2c/busses/i2c-rtl9300.c | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/drivers/i2c/busses/i2c-rtl9300.c b/drivers/i2c/busses/i2c-rtl9300.c index ebd4a85e1bde..9e6232075137 100644 --- a/drivers/i2c/busses/i2c-rtl9300.c +++ b/drivers/i2c/busses/i2c-rtl9300.c @@ -235,15 +235,6 @@ static int rtl9300_i2c_smbus_xfer(struct i2c_adapter *adap, u16 addr, unsigned s } switch (size) { - case I2C_SMBUS_QUICK: - ret = rtl9300_i2c_config_xfer(i2c, chan, addr, 0); - if (ret) - goto out_unlock; - ret = rtl9300_i2c_reg_addr_set(i2c, 0, 0); - if (ret) - goto out_unlock; - break; - case I2C_SMBUS_BYTE: if (read_write == I2C_SMBUS_WRITE) { ret = rtl9300_i2c_config_xfer(i2c, chan, addr, 0); @@ -344,9 +335,9 @@ static int rtl9300_i2c_smbus_xfer(struct i2c_adapter *adap, u16 addr, unsigned s static u32 rtl9300_i2c_func(struct i2c_adapter *a) { - return I2C_FUNC_SMBUS_QUICK | I2C_FUNC_SMBUS_BYTE | - I2C_FUNC_SMBUS_BYTE_DATA | I2C_FUNC_SMBUS_WORD_DATA | - I2C_FUNC_SMBUS_BLOCK_DATA | I2C_FUNC_SMBUS_I2C_BLOCK; + return I2C_FUNC_SMBUS_BYTE | I2C_FUNC_SMBUS_BYTE_DATA | + I2C_FUNC_SMBUS_WORD_DATA | I2C_FUNC_SMBUS_BLOCK_DATA | + I2C_FUNC_SMBUS_I2C_BLOCK; } static const struct i2c_algorithm rtl9300_i2c_algo = { -- 2.48.1

2 weeks

2
1
0 0

[PATCH v2] drm/xe: Extend Wa_13011645652 to PTL-H, WCL

by Julia Filipchuk

Expand workaround to additional graphics architectures. Fixes: dddc53806dd2 ("drm/xe/ptl: Apply Wa_13011645652") Cc: Vinay Belgaumkar <vinay.belgaumkar(a)intel.com> Cc: Stuart Summers <stuart.summers(a)intel.com> Cc: Daniele Ceraolo Spurio <daniele.ceraolospurio(a)intel.com> Cc: Lucas De Marchi <lucas.demarchi(a)intel.com> Cc: "Thomas Hellström" <thomas.hellstrom(a)linux.intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: intel-xe(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.15+ Signed-off-by: Julia Filipchuk <julia.filipchuk(a)intel.com> --- drivers/gpu/drm/xe/xe_wa_oob.rules | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/xe/xe_wa_oob.rules b/drivers/gpu/drm/xe/xe_wa_oob.rules index e990f20eccfe..710f4423726c 100644 --- a/drivers/gpu/drm/xe/xe_wa_oob.rules +++ b/drivers/gpu/drm/xe/xe_wa_oob.rules @@ -30,7 +30,8 @@ 16022287689 GRAPHICS_VERSION(2001) GRAPHICS_VERSION(2004) 13011645652 GRAPHICS_VERSION(2004) - GRAPHICS_VERSION(3001) + GRAPHICS_VERSION_RANGE(3000, 3001) + GRAPHICS_VERSION(3003) 14022293748 GRAPHICS_VERSION_RANGE(2001, 2002) GRAPHICS_VERSION(2004) GRAPHICS_VERSION_RANGE(3000, 3001) -- 2.50.1

2 weeks

4
4
0 0

[PATCH 5.4 only] powerpc: boot: Remove unnecessary zero in label in udelay()

by Nathan Chancellor

When building powerpc configurations in linux-5.4.y with binutils 2.43 or newer, there is an assembler error in arch/powerpc/boot/util.S: arch/powerpc/boot/util.S: Assembler messages: arch/powerpc/boot/util.S:44: Error: junk at end of line, first unrecognized character is `0' arch/powerpc/boot/util.S:49: Error: syntax error; found `b', expected `,' arch/powerpc/boot/util.S:49: Error: junk at end of line: `b' binutils 2.43 contains stricter parsing of certain labels [1]. Remove the unnecessary leading zero to fix the build. This is only needed in linux-5.4.y because commit 8b14e1dff067 ("powerpc: Remove support for PowerPC 601") removed this code altogether in 5.10. Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=226749d5a6ff0d5c6… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- arch/powerpc/boot/util.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch/powerpc/boot/util.S b/arch/powerpc/boot/util.S index f11f0589a669..5ab2bc864e66 100644 --- a/arch/powerpc/boot/util.S +++ b/arch/powerpc/boot/util.S @@ -41,12 +41,12 @@ udelay: srwi r4,r4,16 cmpwi 0,r4,1 /* 601 ? */ bne .Ludelay_not_601 -00: li r0,86 /* Instructions / microsecond? */ +0: li r0,86 /* Instructions / microsecond? */ mtctr r0 10: addi r0,r0,0 /* NOP */ bdnz 10b subic. r3,r3,1 - bne 00b + bne 0b blr .Ludelay_not_601: base-commit: c25f780e491e4734eb27d65aa58e0909fd78ad9f -- 2.51.0

2 weeks

3
4
0 0

[PATCH] media: s5p-mfc: Always pass NULL to s5p_mfc_cmd_host2risc_v6()

by Nathan Chancellor

A new warning in clang [1] points out a few places in s5p_mfc_cmd_v6.c where an uninitialized variable is passed as a const pointer: drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c:45:7: error: variable 'h2r_args' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] 45 | &h2r_args); | ^~~~~~~~ drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c:133:7: error: variable 'h2r_args' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] 133 | &h2r_args); | ^~~~~~~~ drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c:148:7: error: variable 'h2r_args' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] 148 | &h2r_args); | ^~~~~~~~ The args parameter in s5p_mfc_cmd_host2risc_v6() is never actually used, so just pass NULL to it in the places where h2r_args is currently passed, clearing up the warning and not changing the functionality of the code. Cc: stable(a)vger.kernel.org Fixes: f96f3cfa0bb8 ("[media] s5p-mfc: Update MFC v4l2 driver to support MFC6.x") Link: https://github.com/llvm/llvm-project/commit/00dacf8c22f065cb52efb14cd091d44… [1] Closes: https://github.com/ClangBuiltLinux/linux/issues/2103 Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- From what I can tell, it seems like ->cmd_host2risc() is only ever called from v6 code, which always passes NULL? It seems like it should be possible to just drop .cmd_host2risc on the v5 side, then update .cmd_host2risc to only take two parameters? If so, I can send a follow up as a clean up, so that this can go back relatively conflict free. --- .../platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c | 22 +++++----------------- 1 file changed, 5 insertions(+), 17 deletions(-) diff --git a/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c b/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c index 47bc3014b5d8..735471c50dbb 100644 --- a/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c +++ b/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c @@ -31,7 +31,6 @@ static int s5p_mfc_cmd_host2risc_v6(struct s5p_mfc_dev *dev, int cmd, static int s5p_mfc_sys_init_cmd_v6(struct s5p_mfc_dev *dev) { - struct s5p_mfc_cmd_args h2r_args; const struct s5p_mfc_buf_size_v6 *buf_size = dev->variant->buf_size->priv; int ret; @@ -41,33 +40,23 @@ static int s5p_mfc_sys_init_cmd_v6(struct s5p_mfc_dev *dev) mfc_write(dev, dev->ctx_buf.dma, S5P_FIMV_CONTEXT_MEM_ADDR_V6); mfc_write(dev, buf_size->dev_ctx, S5P_FIMV_CONTEXT_MEM_SIZE_V6); - return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SYS_INIT_V6, - &h2r_args); + return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SYS_INIT_V6, NULL); } static int s5p_mfc_sleep_cmd_v6(struct s5p_mfc_dev *dev) { - struct s5p_mfc_cmd_args h2r_args; - - memset(&h2r_args, 0, sizeof(struct s5p_mfc_cmd_args)); - return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SLEEP_V6, - &h2r_args); + return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SLEEP_V6, NULL); } static int s5p_mfc_wakeup_cmd_v6(struct s5p_mfc_dev *dev) { - struct s5p_mfc_cmd_args h2r_args; - - memset(&h2r_args, 0, sizeof(struct s5p_mfc_cmd_args)); - return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_WAKEUP_V6, - &h2r_args); + return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_WAKEUP_V6, NULL); } /* Open a new instance and get its number */ static int s5p_mfc_open_inst_cmd_v6(struct s5p_mfc_ctx *ctx) { struct s5p_mfc_dev *dev = ctx->dev; - struct s5p_mfc_cmd_args h2r_args; int codec_type; mfc_debug(2, "Requested codec mode: %d\n", ctx->codec_mode); @@ -130,14 +119,13 @@ static int s5p_mfc_open_inst_cmd_v6(struct s5p_mfc_ctx *ctx) mfc_write(dev, 0, S5P_FIMV_D_CRC_CTRL_V6); /* no crc */ return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_OPEN_INSTANCE_V6, - &h2r_args); + NULL); } /* Close instance */ static int s5p_mfc_close_inst_cmd_v6(struct s5p_mfc_ctx *ctx) { struct s5p_mfc_dev *dev = ctx->dev; - struct s5p_mfc_cmd_args h2r_args; int ret = 0; dev->curr_ctx = ctx->num; @@ -145,7 +133,7 @@ static int s5p_mfc_close_inst_cmd_v6(struct s5p_mfc_ctx *ctx) mfc_write(dev, ctx->inst_no, S5P_FIMV_INSTANCE_ID_V6); ret = s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_CLOSE_INSTANCE_V6, - &h2r_args); + NULL); } else { ret = -EINVAL; } --- base-commit: 347e9f5043c89695b01e66b3ed111755afcf1911 change-id: 20250715-media-s5p-mfc-fix-uninit-const-pointer-cbf944ae4b4b Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

2 weeks

3
5
0 0

[PATCH 5.4 00/23] 5.4.298-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.298 release. There are 23 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 04 Sep 2025 13:19:14 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.298-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.298-rc1 Imre Deak <imre.deak(a)intel.com> Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amdgpu: fix incorrect vm flags to map bo" Minjong Kim <minbell.kim(a)samsung.com> HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() Ping Cheng <pinglinux(a)gmail.com> HID: wacom: Add a new Art Pen 2 Qasim Ijaz <qasdev00(a)gmail.com> HID: asus: fix UAF via HID_CLAIMED_INPUT validation Thijs Raymakers <thijs(a)raymakers.nl> KVM: x86: use array_index_nospec with indices that come from guest Li Nan <linan122(a)huawei.com> efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Eric Dumazet <edumazet(a)google.com> sctp: initialize more fields in sctp_v6_from_sk() Rohan G Thomas <rohan.g.thomas(a)altera.com> net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Set local Xoff after FW update Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Update and set Xon/Xoff upon port speed set Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Update and set Xon/Xoff upon MTU set Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: fix multicast stats being counted incorrectly Kuniyuki Iwashima <kuniyu(a)google.com> atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). Christoph Hellwig <hch(a)lst.de> net/atm: remove the atmdev_ops {get, set}sockopt methods Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/kvm: Fix ifdef to remove build warning Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix regression in local-broadcast routes Nikolay Kuratov <kniv(a)yandex-team.ru> vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() Damien Le Moal <dlemoal(a)kernel.org> scsi: core: sysfs: Correct sysfs attributes access rights Tengda Wu <wutengda(a)huaweicloud.com> ftrace: Fix potential warning in trace_printk_seq during ftrace_dump Randy Dunlap <rdunlap(a)infradead.org> pinctrl: STMFX: add missing HAS_IOMEM dependency ------------- Diffstat: Makefile | 4 +-- arch/powerpc/kernel/kvm.c | 8 ++--- arch/x86/kvm/lapic.c | 3 ++ arch/x86/kvm/x86.c | 7 ++-- drivers/atm/atmtcp.c | 17 +++++++-- drivers/atm/eni.c | 17 --------- drivers/atm/firestream.c | 2 -- drivers/atm/fore200e.c | 27 --------------- drivers/atm/horizon.c | 40 ---------------------- drivers/atm/iphase.c | 16 --------- drivers/atm/lanai.c | 2 -- drivers/atm/solos-pci.c | 2 -- drivers/atm/zatm.c | 16 --------- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +-- drivers/gpu/drm/drm_dp_helper.c | 2 +- drivers/hid/hid-asus.c | 8 ++++- drivers/hid/hid-ntrig.c | 3 ++ drivers/hid/wacom_wac.c | 1 + drivers/net/ethernet/dlink/dl2k.c | 2 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.c | 3 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 +++++++ drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 19 +++++++++- drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 4 --- drivers/net/usb/qmi_wwan.c | 3 ++ drivers/pinctrl/Kconfig | 1 + drivers/scsi/scsi_sysfs.c | 4 +-- drivers/vhost/net.c | 9 +++-- fs/efivarfs/super.c | 4 +++ include/linux/atmdev.h | 10 +----- kernel/trace/trace.c | 4 +-- net/atm/common.c | 29 ++++++++-------- net/bluetooth/hci_event.c | 12 ++++++- net/ipv4/route.c | 10 ++++-- net/sctp/ipv6.c | 2 ++ 34 files changed, 129 insertions(+), 178 deletions(-)

2 weeks

7
30
0 0

[PATCH] As the doc of of_parse_phandle() states: "The device_node pointer with refcount incremented. Use * of_node_put() on it when done."

by Miaoqian Lin

The function doesn't calls of_node_put() to release this reference, causing a reference leak. Move the of_parse_phandle() call after devm_kzalloc() and add the missing of_node_put() call immediately after of_address_to_resource() to properly release the device node reference. Found via static analysis. Fixes: 9a10c7e6519b ("drm/simpledrm: Add support for system memory framebuffers") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/gpu/drm/sysfb/simpledrm.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/gpu/drm/sysfb/simpledrm.c b/drivers/gpu/drm/sysfb/simpledrm.c index 8530a3ef8a7a..f0bd7e958398 100644 --- a/drivers/gpu/drm/sysfb/simpledrm.c +++ b/drivers/gpu/drm/sysfb/simpledrm.c @@ -183,15 +183,16 @@ simplefb_get_memory_of(struct drm_device *dev, struct device_node *of_node) struct resource *res; int err; - np = of_parse_phandle(of_node, "memory-region", 0); - if (!np) - return NULL; - res = devm_kzalloc(dev->dev, sizeof(*res), GFP_KERNEL); if (!res) return ERR_PTR(-ENOMEM); + np = of_parse_phandle(of_node, "memory-region", 0); + if (!np) + return NULL; + err = of_address_to_resource(np, 0, res); + of_node_put(np); if (err) return ERR_PTR(err); -- 2.35.1

2 weeks

2
1
0 0

[PATCH] media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled

by Miaoqian Lin

The function calls of_parse_phandle() which returns a device node with an incremented reference count. When the bonded device is not available, the function returns NULL without releasing the reference, causing a reference leak. Add of_node_put(np) to release the device node reference. The of_node_put function handles NULL pointers. Found through static analysis by reviewing the doc of of_parse_phandle() and cross-checking its usage patterns across the codebase. Fixes: 7625ee981af1 ("[media] media: platform: rcar_drif: Add DRIF support") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/media/platform/renesas/rcar_drif.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/media/platform/renesas/rcar_drif.c b/drivers/media/platform/renesas/rcar_drif.c index fc8b6bbef793..c5d676eb1091 100644 --- a/drivers/media/platform/renesas/rcar_drif.c +++ b/drivers/media/platform/renesas/rcar_drif.c @@ -1246,6 +1246,7 @@ static struct device_node *rcar_drif_bond_enabled(struct platform_device *p) if (np && of_device_is_available(np)) return np; + of_node_put(np); return NULL; } -- 2.35.1

2 weeks

4
3
0 0

[stable-6.16|lts-6.12] net: ipv4: fix regression in local-broadcast routes

by Sedat Dilek

Hi Sasha and Greg, Salvatore Bonaccorso <carnil(a)debian.org> from Debian Kernel Team included this regression-fix already. Upstream commit 5189446ba995556eaa3755a6e875bc06675b88bd "net: ipv4: fix regression in local-broadcast routes" As far as I have seen this should be included in stable-6.16 and LTS-6.12 (for other stable branches I simply have no interest - please double-check). I am sure Sasha's new kernel-patch-AI tool has catched this - just kindly inform you. Thanks. Best regards, -Sedat- https://salsa.debian.org/kernel-team/linux/-/commit/194de383c5cd5e8c22cadfc… https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…

2 weeks

4
4
0 0

[PATCHSET RFC v4 1/4] fuse: general bug fixes

by Darrick J. Wong

Hi all, Here's a collection of fixes that I *think* are bugs in fuse, along with some scattered improvements. If you're going to start using this code, I strongly recommend pulling from my git trees, which are linked below. This has been running on the djcloud for months with no problems. Enjoy! Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=fu… --- Commits in this patchset: * fuse: fix livelock in synchronous file put from fuseblk workers * fuse: flush pending fuse events before aborting the connection * fuse: capture the unique id of fuse commands being sent * fuse: implement file attributes mask for statx * fuse: update file mode when updating acls * fuse: propagate default and file acls on creation * fuse: enable FUSE_SYNCFS for all servers --- fs/fuse/fuse_i.h | 14 +++++++ fs/fuse/acl.c | 95 ++++++++++++++++++++++++++++++++++++++++++++++++++ fs/fuse/dev.c | 44 +++++++++++++++++++++++ fs/fuse/dev_uring.c | 8 ++++ fs/fuse/dir.c | 96 +++++++++++++++++++++++++++++++++++++++------------ fs/fuse/file.c | 10 +++++ fs/fuse/inode.c | 5 +++ 7 files changed, 245 insertions(+), 27 deletions(-)

2 weeks

2
3
0 0

[PATCH] phy: tegra: xusb-tegra210: Fix reference leaks in tegra210_xusb_padctl_probe

by Miaoqian Lin

Add missing of_node_put() and put_device() calls to release references. The function calls of_parse_phandle() and of_find_device_by_node() but fails to release the references. Both functions' documentation mentions that the returned references must be dropped after use. Found through static analysis by reviewing the documentation and cross-checking their usage patterns. Fixes: 2d1021487273 ("phy: tegra: xusb: Add wake/sleepwalk for Tegra210") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/phy/tegra/xusb-tegra210.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/phy/tegra/xusb-tegra210.c b/drivers/phy/tegra/xusb-tegra210.c index ebc8a7e21a31..cbfca51a53bc 100644 --- a/drivers/phy/tegra/xusb-tegra210.c +++ b/drivers/phy/tegra/xusb-tegra210.c @@ -3164,18 +3164,23 @@ tegra210_xusb_padctl_probe(struct device *dev, } pdev = of_find_device_by_node(np); + of_node_put(np); if (!pdev) { dev_warn(dev, "PMC device is not available\n"); goto out; } - if (!platform_get_drvdata(pdev)) + if (!platform_get_drvdata(pdev)) { + put_device(&pdev->dev); return ERR_PTR(-EPROBE_DEFER); + } padctl->regmap = dev_get_regmap(&pdev->dev, "usb_sleepwalk"); if (!padctl->regmap) dev_info(dev, "failed to find PMC regmap\n"); + put_device(&pdev->dev); + out: return &padctl->base; } -- 2.35.1

2 weeks

2
2
0 0

[PATCH] usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call

by Miaoqian Lin

The cdnsp-pci driver uses pcim_enable_device() to enable a PCI device, which means the device will be automatically disabled on driver detach through the managed device framework. The manual pci_disable_device() call in the error path is therefore redundant. Found via static anlaysis and this is similar to commit 99ca0b57e49f ("thermal: intel: int340x: processor: Fix warning during module unload"). Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/usb/cdns3/cdnsp-pci.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/usb/cdns3/cdnsp-pci.c b/drivers/usb/cdns3/cdnsp-pci.c index 8c361b8394e9..5e7b88ca8b96 100644 --- a/drivers/usb/cdns3/cdnsp-pci.c +++ b/drivers/usb/cdns3/cdnsp-pci.c @@ -85,7 +85,7 @@ static int cdnsp_pci_probe(struct pci_dev *pdev, cdnsp = kzalloc(sizeof(*cdnsp), GFP_KERNEL); if (!cdnsp) { ret = -ENOMEM; - goto disable_pci; + goto put_pci; } } @@ -168,9 +168,6 @@ static int cdnsp_pci_probe(struct pci_dev *pdev, if (!pci_is_enabled(func)) kfree(cdnsp); -disable_pci: - pci_disable_device(pdev); - put_pci: pci_dev_put(func); -- 2.35.1

2 weeks

1
0
0 0

[PATCH 6.1 00/50] 6.1.150-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.150 release. There are 50 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 04 Sep 2025 13:19:14 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.150-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.150-rc1 Eric Sandeen <sandeen(a)redhat.com> xfs: do not propagate ENODATA disk errors into xattr code Imre Deak <imre.deak(a)intel.com> Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> HID: mcp2221: Handle reads greater than 60 bytes Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> HID: mcp2221: Don't set bus speed on every transfer Eric Dumazet <edumazet(a)google.com> net: rose: fix a typo in rose_clear_routes() James Jones <jajones(a)nvidia.com> drm/nouveau/disp: Always accept linear modifier Steve French <stfrench(a)microsoft.com> smb3 client: fix return code mapping of remap_file_range Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions Shuhao Fu <sfual(a)cse.ust.hk> fs/smb: Fix inconsistent refcnt update Shanker Donthineni <sdonthineni(a)nvidia.com> dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amdgpu: fix incorrect vm flags to map bo" Minjong Kim <minbell.kim(a)samsung.com> HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() Ping Cheng <pinglinux(a)gmail.com> HID: wacom: Add a new Art Pen 2 Qasim Ijaz <qasdev00(a)gmail.com> HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() Qasim Ijaz <qasdev00(a)gmail.com> HID: asus: fix UAF via HID_CLAIMED_INPUT validation Thijs Raymakers <thijs(a)raymakers.nl> KVM: x86: use array_index_nospec with indices that come from guest Li Nan <linan122(a)huawei.com> efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Eric Dumazet <edumazet(a)google.com> sctp: initialize more fields in sctp_v6_from_sk() Takamitsu Iwai <takamitz(a)amazon.co.jp> net: rose: include node references in rose_neigh refcount Takamitsu Iwai <takamitz(a)amazon.co.jp> net: rose: convert 'use' field to refcount_t Takamitsu Iwai <takamitz(a)amazon.co.jp> net: rose: split remove and free operations in rose_remove_neigh() Rohan G Thomas <rohan.g.thomas(a)altera.com> net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Set local Xoff after FW update Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Update and set Xon/Xoff upon port speed set Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Update and set Xon/Xoff upon MTU set Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Reload auxiliary drivers on fw_activate Horatiu Vultur <horatiu.vultur(a)microchip.com> phy: mscc: Fix when PTP clock is register and unregister Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: fix multicast stats being counted incorrectly Kuniyuki Iwashima <kuniyu(a)google.com> atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). Pavel Shpakovskiy <pashpakovskii(a)salutedevices.com> Bluetooth: hci_sync: fix set_local_name race condition Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced Ludovico de Nittis <ludovico.denittis(a)collabora.com> Bluetooth: hci_event: Mark connection as closed during suspend disconnect Ludovico de Nittis <ludovico.denittis(a)collabora.com> Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success José Expósito <jose.exposito89(a)gmail.com> HID: input: report battery status changes immediately José Expósito <jose.exposito89(a)gmail.com> HID: input: rename hidinput_set_battery_charge_status() Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/kvm: Fix ifdef to remove build warning Rob Clark <robin.clark(a)oss.qualcomm.com> drm/msm: Defer fd_install in SUBMIT ioctl Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix regression in local-broadcast routes Nikolay Kuratov <kniv(a)yandex-team.ru> vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix a race when updating an existing write Christoph Hellwig <hch(a)lst.de> nfs: fold nfs_page_group_lock_subrequests into nfs_lock_and_join_requests Werner Sembach <wse(a)tuxedocomputers.com> ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: codecs: tx-macro: correct tx_macro_component_drv name Paulo Alcantara <pc(a)manguebit.org> smb: client: fix race with concurrent opens in rename(2) Paulo Alcantara <pc(a)manguebit.org> smb: client: fix race with concurrent opens in unlink(2) Damien Le Moal <dlemoal(a)kernel.org> scsi: core: sysfs: Correct sysfs attributes access rights Tengda Wu <wutengda(a)huaweicloud.com> ftrace: Fix potential warning in trace_printk_seq during ftrace_dump Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: xway: sysctrl: rename the etop node Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: dts: lantiq: danube: add missing burst length property Randy Dunlap <rdunlap(a)infradead.org> pinctrl: STMFX: add missing HAS_IOMEM dependency ------------- Diffstat: Makefile | 4 +- arch/mips/boot/dts/lantiq/danube_easy50712.dts | 5 +- arch/mips/lantiq/xway/sysctrl.c | 10 +- arch/powerpc/kernel/kvm.c | 8 +- arch/x86/kvm/lapic.c | 2 + arch/x86/kvm/x86.c | 7 +- drivers/acpi/ec.c | 6 + drivers/atm/atmtcp.c | 17 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 14 +- drivers/gpu/drm/nouveau/dispnv50/wndw.c | 4 + drivers/hid/hid-asus.c | 8 +- drivers/hid/hid-input-test.c | 10 +- drivers/hid/hid-input.c | 51 ++++---- drivers/hid/hid-mcp2221.c | 71 +++++++---- drivers/hid/hid-multitouch.c | 8 ++ drivers/hid/hid-ntrig.c | 3 + drivers/hid/wacom_wac.c | 1 + drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/devlink.c | 2 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.c | 3 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 ++ drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 19 ++- drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 4 - drivers/net/phy/mscc/mscc.h | 4 + drivers/net/phy/mscc/mscc_main.c | 4 +- drivers/net/phy/mscc/mscc_ptp.c | 34 +++-- drivers/net/usb/qmi_wwan.c | 3 + drivers/pinctrl/Kconfig | 1 + drivers/scsi/scsi_sysfs.c | 4 +- drivers/vhost/net.c | 9 +- fs/efivarfs/super.c | 4 + fs/nfs/pagelist.c | 86 +------------ fs/nfs/write.c | 142 +++++++++++++-------- fs/smb/client/cifsfs.c | 14 ++ fs/smb/client/inode.c | 34 ++++- fs/smb/client/smb2inode.c | 7 +- fs/xfs/libxfs/xfs_attr_remote.c | 7 + fs/xfs/libxfs/xfs_da_btree.c | 6 + include/linux/atmdev.h | 1 + include/linux/nfs_page.h | 2 +- include/net/bluetooth/hci_sync.h | 2 +- include/net/rose.h | 18 ++- kernel/dma/pool.c | 4 +- kernel/trace/trace.c | 4 +- net/atm/common.c | 15 ++- net/bluetooth/hci_event.c | 20 ++- net/bluetooth/hci_sync.c | 6 +- net/bluetooth/mgmt.c | 5 +- net/ipv4/route.c | 10 +- net/rose/af_rose.c | 13 +- net/rose/rose_in.c | 12 +- net/rose/rose_route.c | 62 +++++---- net/rose/rose_timer.c | 2 +- net/sctp/ipv6.c | 2 + sound/soc/codecs/lpass-tx-macro.c | 2 +- 57 files changed, 514 insertions(+), 302 deletions(-)

2 weeks

9
58
0 0

[PATCH 0/2] mfd: vexpress: convert the driver to using the new generic GPIO chip API

by Bartosz Golaszewski

This converts the vexpress-sysreg MFD driver to using the new generic GPIO interface but first fixes an issue with an unchecked return value of devm_gpiochio_add_data(). Lee: Please, create an immutable branch containing these commits after you pick them up, as I'd like to merge it into the GPIO tree and remove the legacy interface in this cycle. Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> --- Bartosz Golaszewski (2): mfd: vexpress-sysreg: check the return value of devm_gpiochip_add_data() mfd: vexpress-sysreg: use new generic GPIO chip API drivers/mfd/vexpress-sysreg.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) --- base-commit: 8f5ae30d69d7543eee0d70083daf4de8fe15d585 change-id: 20250728-gpio-mmio-mfd-conv-d27c2cfbccfe Best regards, -- Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>

2 weeks

4
10
0 0

[PATCH] net/mlx5: HWS, change error flow on matcher disconnect

by Subramaniam, Sujana

From: SujanaSubr <sujana.subramaniam(a)sap.com> [ Upstream commit 1ce840c7a659aa53a31ef49f0271b4fd0dc10296 ] Currently, when firmware failure occurs during matcher disconnect flow, the error flow of the function reconnects the matcher back and returns an error, which continues running the calling function and eventually frees the matcher that is being disconnected. This leads to a case where we have a freed matcher on the matchers list, which in turn leads to use-after-free and eventual crash. This patch fixes that by not trying to reconnect the matcher back when some FW command fails during disconnect. Note that we're dealing here with FW error. We can't overcome this problem. This might lead to bad steering state (e.g. wrong connection between matchers), and will also lead to resource leakage, as it is the case with any other error handling during resource destruction. However, the goal here is to allow the driver to continue and not crash the machine with use-after-free error. Signed-off-by: Yevgeny Kliteynik <kliteyn(a)nvidia.com> Signed-off-by: Itamar Gozlan <igozlan(a)nvidia.com> Reviewed-by: Mark Bloch <mbloch(a)nvidia.com> Signed-off-by: Tariq Toukan <tariqt(a)nvidia.com> Link: https://patch.msgid.link/20250102181415.1477316-7-tariqt@nvidia.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Akendo <akendo(a)akendo.eu> Signed-off-by: SujanaSubr <sujana.subramaniam(a)sap.com> --- .../mlx5/core/steering/hws/mlx5hws_matcher.c | 24 +++++++------------ 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws_matcher.c b/drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws_matcher.c index 61a1155d4b4f..ce541c60c5b4 100644 --- a/drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws_matcher.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws_matcher.c @@ -165,14 +165,14 @@ static int hws_matcher_disconnect(struct mlx5hws_matcher *matcher) next->match_ste.rtc_0_id, next->match_ste.rtc_1_id); if (ret) { - mlx5hws_err(tbl->ctx, "Failed to disconnect matcher\n"); - goto matcher_reconnect; + mlx5hws_err(tbl->ctx, "Fatal error, failed to disconnect matcher\n"); + return ret; } } else { ret = mlx5hws_table_connect_to_miss_table(tbl, tbl->default_miss.miss_tbl); if (ret) { - mlx5hws_err(tbl->ctx, "Failed to disconnect last matcher\n"); - goto matcher_reconnect; + mlx5hws_err(tbl->ctx, "Fatal error, failed to disconnect last matcher\n"); + return ret; } } @@ -180,27 +180,19 @@ static int hws_matcher_disconnect(struct mlx5hws_matcher *matcher) if (prev_ft_id == tbl->ft_id) { ret = mlx5hws_table_update_connected_miss_tables(tbl); if (ret) { - mlx5hws_err(tbl->ctx, "Fatal error, failed to update connected miss table\n"); - goto matcher_reconnect; + mlx5hws_err(tbl->ctx, + "Fatal error, failed to update connected miss table\n"); + return ret; } } ret = mlx5hws_table_ft_set_default_next_ft(tbl, prev_ft_id); if (ret) { mlx5hws_err(tbl->ctx, "Fatal error, failed to restore matcher ft default miss\n"); - goto matcher_reconnect; + return ret; } return 0; - -matcher_reconnect: - if (list_empty(&tbl->matchers_list) || !prev) - list_add(&matcher->list_node, &tbl->matchers_list); - else - /* insert after prev matcher */ - list_add(&matcher->list_node, &prev->list_node); - - return ret; } static void hws_matcher_set_rtc_attr_sz(struct mlx5hws_matcher *matcher, -- 2.39.5 (Apple Git-154)

2 weeks

3
4
0 0

[PATCH v7 00/16] pinctrl: introduce the concept of a GPIO pin function category

by Bartosz Golaszewski

Problem: when pinctrl core binds pins to a consumer device and the pinmux ops of the underlying driver are marked as strict, the pin in question can no longer be requested as a GPIO using the GPIO descriptor API. It will result in the following error: [ 5.095688] sc8280xp-tlmm f100000.pinctrl: pin GPIO_25 already requested by regulator-edp-3p3; cannot claim for f100000.pinctrl:570 [ 5.107822] sc8280xp-tlmm f100000.pinctrl: error -EINVAL: pin-25 (f100000.pinctrl:570) This typically makes sense except when the pins are muxed to a function that actually says "GPIO". Of course, the function name is just a string so it has no meaning to the pinctrl subsystem. We have many Qualcomm SoCs (and I can imagine it's a common pattern in other platforms as well) where we mux a pin to "gpio" function using the `pinctrl-X` property in order to configure bias or drive-strength and then access it using the gpiod API. This makes it impossible to mark the pin controller module as "strict". This series proposes to introduce a concept of a sub-category of pinfunctions: GPIO functions where the above is not true and the pin muxed as a GPIO can still be accessed via the GPIO consumer API even for strict pinmuxers. To that end: we first clean up the drivers that use struct function_desc and make them use the smaller struct pinfunction instead - which is the correct structure for drivers to describe their pin functions with. We also rework pinmux core to not duplicate memory used to store the pinfunctions unless they're allocated dynamically. First: provide the kmemdup_const() helper which only duplicates memory if it's not in the .rodata section. Then rework all pinctrl drivers that instantiate objects of type struct function_desc as they should only be created by pinmux core. Next constify the return value of the accessor used to expose these structures to users and finally convert the pinfunction object within struct function_desc to a pointer and use kmemdup_const() to assign it. With this done proceed to add infrastructure for the GPIO pin function category and use it in Qualcomm drivers. At the very end: make the Qualcomm pinmuxer strict. Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> --- Changes in v7: - Add a patch checking the return value of the get_function_name() callback in pinmux_func_name_to_selector(). This fixes a NULL-pointer dereference on IMX platforms - Don't assign the number of functions in pinctrl device in the IMX driver as it's done automatically when adding the pinfunctions using the provided API. This fixes a warning from pinctrl core on IMX platforms triggered by the conversion from accessing the radix tree directly - Link to v6: https://lore.kernel.org/r/20250828-pinctrl-gpio-pinfuncs-v6-0-c9abb6bdb689@… Changes in v6: - Select GENERIC_PINMUX_FUNCTIONS when using generic pinmux helpers in qcom pinctrl drivers to fix build on ARM 32-bit platforms - Assume that a pin can be requested in pin_request() if it has no mux_setting assigned - Also check if a function is a GPIO for pins within GPIO ranges - Fix an issue with the imx pinctrl driver where the conversion patch confused the function and pin group radix trees - Add a FIXME to the imx driver mentioning the need to switch to the provided helpers for accessing the group radix tree - Link to v5: https://lore.kernel.org/r/20250815-pinctrl-gpio-pinfuncs-v5-0-955de9fd91db@… Changes in v5: - Fix a potential NULL-pointer dereference in pinmux_can_be_used_for_gpio() - Use PINCTRL_PINFUNCTION() in pinctrl-airoha - Link to v4: https://lore.kernel.org/r/20250812-pinctrl-gpio-pinfuncs-v4-0-bb3906c55e64@… Changes in v4: - Update the GPIO pin function definitions to include the new qcom driver (milos) - Provide devm_kmemdup_const() instead of a non-managed kmemdup_const() as a way to avoid casting out the 'const' modifier when passing the const pointer to devm_add_action_or_reset() - Use devm_krealloc_array() where applicable instead of devm_krealloc() - Fix typos - Fix kerneldocs - Improve commit messages - Small tweaks as pointed out by Andy - Rebased on top of v6.17-rc1 - Link to v3: https://lore.kernel.org/r/20250724-pinctrl-gpio-pinfuncs-v3-0-af4db9302de4@… Changes in v3: - Add more patches in front: convert pinctrl drivers to stop defining their own struct function_desc objects and make pinmux core not duplicate .rodata memory in which struct pinfunction objects are stored. - Add a patch constifying pinmux_generic_get_function(). - Drop patches that were applied upstream. - Link to v2: https://lore.kernel.org/r/20250709-pinctrl-gpio-pinfuncs-v2-0-b6135149c0d9@… Changes in v2: - Extend the series with providing pinmux_generic_add_pinfunction(), using it in several drivers and converting pinctrl-msm to using generic pinmux helpers - Add a generic function_is_gpio() callback for pinmux_ops - Convert all qualcomm drivers to using the new GPIO pin category so that we can actually enable the strict flag - Link to v1: https://lore.kernel.org/r/20250702-pinctrl-gpio-pinfuncs-v1-0-ed2bd0f9468d@… --- Bartosz Golaszewski (16): pinctrl: check the return value of pinmux_ops::get_function_name() devres: provide devm_kmemdup_const() pinctrl: ingenic: use struct pinfunction instead of struct function_desc pinctrl: airoha: replace struct function_desc with struct pinfunction pinctrl: mediatek: mt7988: use PINCTRL_PIN_FUNCTION() pinctrl: mediatek: moore: replace struct function_desc with struct pinfunction pinctrl: imx: don't access the pin function radix tree directly pinctrl: keembay: release allocated memory in detach path pinctrl: keembay: use a dedicated structure for the pinfunction description pinctrl: constify pinmux_generic_get_function() pinctrl: make struct pinfunction a pointer in struct function_desc pinctrl: qcom: use generic pin function helpers pinctrl: allow to mark pin functions as requestable GPIOs pinctrl: qcom: add infrastructure for marking pin functions as GPIOs pinctrl: qcom: mark the `gpio` and `egpio` pins function as non-strict functions pinctrl: qcom: make the pinmuxing strict drivers/base/devres.c | 21 +++++++ drivers/pinctrl/freescale/pinctrl-imx.c | 45 +++++++-------- drivers/pinctrl/mediatek/pinctrl-airoha.c | 19 +++---- drivers/pinctrl/mediatek/pinctrl-moore.c | 10 ++-- drivers/pinctrl/mediatek/pinctrl-moore.h | 7 +-- drivers/pinctrl/mediatek/pinctrl-mt7622.c | 2 +- drivers/pinctrl/mediatek/pinctrl-mt7623.c | 2 +- drivers/pinctrl/mediatek/pinctrl-mt7629.c | 2 +- drivers/pinctrl/mediatek/pinctrl-mt7981.c | 2 +- drivers/pinctrl/mediatek/pinctrl-mt7986.c | 2 +- drivers/pinctrl/mediatek/pinctrl-mt7988.c | 44 ++++++--------- drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.h | 2 +- drivers/pinctrl/pinctrl-equilibrium.c | 2 +- drivers/pinctrl/pinctrl-ingenic.c | 49 ++++++++--------- drivers/pinctrl/pinctrl-keembay.c | 26 ++++++--- drivers/pinctrl/pinctrl-single.c | 4 +- drivers/pinctrl/pinmux.c | 70 ++++++++++++++++++++---- drivers/pinctrl/pinmux.h | 9 ++- drivers/pinctrl/qcom/Kconfig | 1 + drivers/pinctrl/qcom/pinctrl-ipq5018.c | 2 +- drivers/pinctrl/qcom/pinctrl-ipq5332.c | 2 +- drivers/pinctrl/qcom/pinctrl-ipq5424.c | 2 +- drivers/pinctrl/qcom/pinctrl-ipq6018.c | 2 +- drivers/pinctrl/qcom/pinctrl-ipq8074.c | 2 +- drivers/pinctrl/qcom/pinctrl-ipq9574.c | 2 +- drivers/pinctrl/qcom/pinctrl-mdm9607.c | 2 +- drivers/pinctrl/qcom/pinctrl-mdm9615.c | 2 +- drivers/pinctrl/qcom/pinctrl-milos.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm.c | 45 +++++---------- drivers/pinctrl/qcom/pinctrl-msm.h | 5 ++ drivers/pinctrl/qcom/pinctrl-msm8226.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8660.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8909.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8916.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8917.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8953.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8960.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8976.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8994.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8996.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8998.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm8x74.c | 2 +- drivers/pinctrl/qcom/pinctrl-qcm2290.c | 4 +- drivers/pinctrl/qcom/pinctrl-qcs404.c | 2 +- drivers/pinctrl/qcom/pinctrl-qcs615.c | 2 +- drivers/pinctrl/qcom/pinctrl-qcs8300.c | 4 +- drivers/pinctrl/qcom/pinctrl-qdu1000.c | 2 +- drivers/pinctrl/qcom/pinctrl-sa8775p.c | 4 +- drivers/pinctrl/qcom/pinctrl-sar2130p.c | 2 +- drivers/pinctrl/qcom/pinctrl-sc7180.c | 2 +- drivers/pinctrl/qcom/pinctrl-sc7280.c | 4 +- drivers/pinctrl/qcom/pinctrl-sc8180x.c | 2 +- drivers/pinctrl/qcom/pinctrl-sc8280xp.c | 4 +- drivers/pinctrl/qcom/pinctrl-sdm660.c | 2 +- drivers/pinctrl/qcom/pinctrl-sdm670.c | 2 +- drivers/pinctrl/qcom/pinctrl-sdm845.c | 2 +- drivers/pinctrl/qcom/pinctrl-sdx55.c | 2 +- drivers/pinctrl/qcom/pinctrl-sdx65.c | 2 +- drivers/pinctrl/qcom/pinctrl-sdx75.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm4450.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm6115.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm6125.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm6350.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm6375.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm7150.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm8150.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm8250.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm8350.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm8450.c | 4 +- drivers/pinctrl/qcom/pinctrl-sm8550.c | 2 +- drivers/pinctrl/qcom/pinctrl-sm8650.c | 4 +- drivers/pinctrl/qcom/pinctrl-sm8750.c | 4 +- drivers/pinctrl/qcom/pinctrl-x1e80100.c | 2 +- drivers/pinctrl/renesas/pinctrl-rza1.c | 2 +- drivers/pinctrl/renesas/pinctrl-rza2.c | 2 +- drivers/pinctrl/renesas/pinctrl-rzg2l.c | 2 +- drivers/pinctrl/renesas/pinctrl-rzv2m.c | 2 +- include/linux/device/devres.h | 2 + include/linux/pinctrl/pinctrl.h | 14 +++++ include/linux/pinctrl/pinmux.h | 2 + 80 files changed, 288 insertions(+), 227 deletions(-) --- base-commit: b320789d6883cc00ac78ce83bccbfe7ed58afcf0 change-id: 20250701-pinctrl-gpio-pinfuncs-de82bd9aac43 Best regards, -- Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org>

2 weeks

3
10
0 0

[PATCH 6.6 00/75] 6.6.104-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.104 release. There are 75 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 04 Sep 2025 13:19:14 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.104-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.104-rc1 Eric Sandeen <sandeen(a)redhat.com> xfs: do not propagate ENODATA disk errors into xattr code Imre Deak <imre.deak(a)intel.com> Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> HID: mcp2221: Handle reads greater than 60 bytes Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> HID: mcp2221: Don't set bus speed on every transfer Chris Mi <cmi(a)nvidia.com> net/mlx5: SF, Fix add port error handling Eric Dumazet <edumazet(a)google.com> net: rose: fix a typo in rose_clear_routes() James Jones <jajones(a)nvidia.com> drm/nouveau/disp: Always accept linear modifier Steve French <stfrench(a)microsoft.com> smb3 client: fix return code mapping of remap_file_range Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions Shuhao Fu <sfual(a)cse.ust.hk> fs/smb: Fix inconsistent refcnt update Shanker Donthineni <sdonthineni(a)nvidia.com> dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amdgpu: fix incorrect vm flags to map bo" Minjong Kim <minbell.kim(a)samsung.com> HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() Ping Cheng <pinglinux(a)gmail.com> HID: wacom: Add a new Art Pen 2 Matt Coffin <mcoffin13(a)gmail.com> HID: logitech: Add ids for G PRO 2 LIGHTSPEED Antheas Kapenekakis <lkml(a)antheas.dev> HID: quirks: add support for Legion Go dual dinput modes Qasim Ijaz <qasdev00(a)gmail.com> HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() Qasim Ijaz <qasdev00(a)gmail.com> HID: asus: fix UAF via HID_CLAIMED_INPUT validation Borislav Petkov (AMD) <bp(a)alien8.de> x86/microcode/AMD: Handle the case of no BIOS microcode Thijs Raymakers <thijs(a)raymakers.nl> KVM: x86: use array_index_nospec with indices that come from guest Li Nan <linan122(a)huawei.com> efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Eric Dumazet <edumazet(a)google.com> sctp: initialize more fields in sctp_v6_from_sk() Takamitsu Iwai <takamitz(a)amazon.co.jp> net: rose: include node references in rose_neigh refcount Takamitsu Iwai <takamitz(a)amazon.co.jp> net: rose: convert 'use' field to refcount_t Takamitsu Iwai <takamitz(a)amazon.co.jp> net: rose: split remove and free operations in rose_remove_neigh() Rohan G Thomas <rohan.g.thomas(a)altera.com> net: stmmac: Set CIC bit only for TX queues with COE Rohan G Thomas <rohan.g.thomas(a)altera.com> net: stmmac: xgmac: Correct supported speed modes Serge Semin <fancer.lancer(a)gmail.com> net: stmmac: Rename phylink_get_caps() callback to update_caps() Rohan G Thomas <rohan.g.thomas(a)altera.com> net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Set local Xoff after FW update Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Update and set Xon/Xoff upon port speed set Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Update and set Xon/Xoff upon MTU set Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Nack sync reset when SFs are present Jiri Pirko <jiri(a)resnulli.us> net/mlx5: Convert SF port_indices xarray to function_ids xarray Jiri Pirko <jiri(a)resnulli.us> net/mlx5: Use devlink port pointer to get the pointer of container SF struct Jiri Pirko <jiri(a)resnulli.us> net/mlx5: Call mlx5_sf_id_erase() once in mlx5_sf_dealloc() Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Fix lockdep assertion on sync reset unload event Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Add support for sync reset using hot reset Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Add device cap for supporting hot reset in sync reset flow Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Reload auxiliary drivers on fw_activate Horatiu Vultur <horatiu.vultur(a)microchip.com> phy: mscc: Fix when PTP clock is register and unregister Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: fix multicast stats being counted incorrectly Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> dt-bindings: display/msm: qcom,mdp5: drop lut clock Michal Kubiak <michal.kubiak(a)intel.com> ice: fix incorrect counter for buffer allocation failures Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: stop storing XDP verdict within ice_rx_buf Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> ice: gather page_count()'s of each frag right before XDP prog call Larysa Zaremba <larysa.zaremba(a)intel.com> ice: Introduce ice_xdp_buff Timur Tabi <ttabi(a)nvidia.com> drm/nouveau: remove unused memory target test Timur Tabi <ttabi(a)nvidia.com> drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr Kuniyuki Iwashima <kuniyu(a)google.com> atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). Pavel Shpakovskiy <pashpakovskii(a)salutedevices.com> Bluetooth: hci_sync: fix set_local_name race condition Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced Ludovico de Nittis <ludovico.denittis(a)collabora.com> Bluetooth: hci_event: Mark connection as closed during suspend disconnect Ludovico de Nittis <ludovico.denittis(a)collabora.com> Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success José Expósito <jose.exposito89(a)gmail.com> HID: input: report battery status changes immediately José Expósito <jose.exposito89(a)gmail.com> HID: input: rename hidinput_set_battery_charge_status() Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/kvm: Fix ifdef to remove build warning Rob Clark <robin.clark(a)oss.qualcomm.com> drm/msm: Defer fd_install in SUBMIT ioctl Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix regression in local-broadcast routes Nikolay Kuratov <kniv(a)yandex-team.ru> vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix a race when updating an existing write Christoph Hellwig <hch(a)lst.de> nfs: fold nfs_page_group_lock_subrequests into nfs_lock_and_join_requests Werner Sembach <wse(a)tuxedocomputers.com> ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list Junli Liu <liujunli(a)lixiang.com> erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: codecs: tx-macro: correct tx_macro_component_drv name Paulo Alcantara <pc(a)manguebit.org> smb: client: fix race with concurrent opens in rename(2) Paulo Alcantara <pc(a)manguebit.org> smb: client: fix race with concurrent opens in unlink(2) Damien Le Moal <dlemoal(a)kernel.org> scsi: core: sysfs: Correct sysfs attributes access rights Tengda Wu <wutengda(a)huaweicloud.com> ftrace: Fix potential warning in trace_printk_seq during ftrace_dump Dan Carpenter <dan.carpenter(a)linaro.org> of: dynamic: Fix use after free in of_changeset_add_prop_helper() Rob Herring <robh(a)kernel.org> of: Add a helper to free property struct Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: lantiq: xway: sysctrl: rename the etop node Aleksander Jan Bajkowski <olek2(a)wp.pl> mips: dts: lantiq: danube: add missing burst length property Randy Dunlap <rdunlap(a)infradead.org> pinctrl: STMFX: add missing HAS_IOMEM dependency Lizhi Hou <lizhi.hou(a)amd.com> of: dynamic: Fix memleak when of_pci_add_properties() failed ------------- Diffstat: .../devicetree/bindings/display/msm/qcom,mdp5.yaml | 1 - Makefile | 4 +- arch/mips/boot/dts/lantiq/danube_easy50712.dts | 5 +- arch/mips/lantiq/xway/sysctrl.c | 10 +- arch/powerpc/kernel/kvm.c | 8 +- arch/x86/kernel/cpu/microcode/amd.c | 22 ++- arch/x86/kvm/lapic.c | 2 + arch/x86/kvm/x86.c | 7 +- drivers/acpi/ec.c | 6 + drivers/atm/atmtcp.c | 17 +- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/msm/msm_gem_submit.c | 14 +- drivers/gpu/drm/nouveau/dispnv50/wndw.c | 4 + drivers/gpu/drm/nouveau/nvkm/falcon/gm200.c | 15 +- drivers/hid/hid-asus.c | 8 +- drivers/hid/hid-ids.h | 3 + drivers/hid/hid-input-test.c | 10 +- drivers/hid/hid-input.c | 51 +++--- drivers/hid/hid-logitech-dj.c | 4 + drivers/hid/hid-logitech-hidpp.c | 2 + drivers/hid/hid-mcp2221.c | 71 +++++--- drivers/hid/hid-multitouch.c | 8 + drivers/hid/hid-ntrig.c | 3 + drivers/hid/hid-quirks.c | 2 + drivers/hid/wacom_wac.c | 1 + drivers/net/ethernet/dlink/dl2k.c | 2 +- drivers/net/ethernet/intel/ice/ice_txrx.c | 94 +++++++--- drivers/net/ethernet/intel/ice/ice_txrx.h | 19 +- drivers/net/ethernet/intel/ice/ice_txrx_lib.h | 53 ++---- drivers/net/ethernet/mellanox/mlx5/core/devlink.c | 2 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.c | 3 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 ++ drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 19 +- drivers/net/ethernet/mellanox/mlx5/core/fw_reset.c | 200 ++++++++++++++------- drivers/net/ethernet/mellanox/mlx5/core/fw_reset.h | 1 + drivers/net/ethernet/mellanox/mlx5/core/main.c | 3 + .../net/ethernet/mellanox/mlx5/core/sf/devlink.c | 87 ++++----- drivers/net/ethernet/mellanox/mlx5/core/sf/sf.h | 6 + drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 8 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 13 +- drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 9 +- drivers/net/ethernet/stmicro/stmmac/hwif.h | 8 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 12 +- drivers/net/phy/mscc/mscc.h | 4 + drivers/net/phy/mscc/mscc_main.c | 4 +- drivers/net/phy/mscc/mscc_ptp.c | 34 ++-- drivers/net/usb/qmi_wwan.c | 3 + drivers/of/dynamic.c | 29 +-- drivers/of/of_private.h | 1 + drivers/of/overlay.c | 11 +- drivers/of/unittest.c | 12 +- drivers/pinctrl/Kconfig | 1 + drivers/scsi/scsi_sysfs.c | 4 +- drivers/vhost/net.c | 9 +- fs/efivarfs/super.c | 4 + fs/erofs/zdata.c | 13 +- fs/nfs/pagelist.c | 86 +-------- fs/nfs/write.c | 148 +++++++++------ fs/smb/client/cifsfs.c | 14 ++ fs/smb/client/inode.c | 34 +++- fs/smb/client/smb2inode.c | 7 +- fs/xfs/libxfs/xfs_attr_remote.c | 7 + fs/xfs/libxfs/xfs_da_btree.c | 6 + include/linux/atmdev.h | 1 + include/linux/mlx5/mlx5_ifc.h | 11 +- include/linux/nfs_page.h | 2 +- include/net/bluetooth/hci_sync.h | 2 +- include/net/rose.h | 18 +- kernel/dma/pool.c | 4 +- kernel/trace/trace.c | 4 +- net/atm/common.c | 15 +- net/bluetooth/hci_event.c | 20 ++- net/bluetooth/hci_sync.c | 6 +- net/bluetooth/mgmt.c | 5 +- net/ipv4/route.c | 10 +- net/rose/af_rose.c | 13 +- net/rose/rose_in.c | 12 +- net/rose/rose_route.c | 62 ++++--- net/rose/rose_timer.c | 2 +- net/sctp/ipv6.c | 2 + sound/soc/codecs/lpass-tx-macro.c | 2 +- 82 files changed, 897 insertions(+), 560 deletions(-)

2 weeks

8
82
0 0

[Notification] Check the mail capacity.

by Lists

2 weeks

1
0
0 0

[PATCH 5.15 00/33] 5.15.191-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.191 release. There are 33 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 04 Sep 2025 13:19:14 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.191-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.191-rc1 Eric Sandeen <sandeen(a)redhat.com> xfs: do not propagate ENODATA disk errors into xattr code Imre Deak <imre.deak(a)intel.com> Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> HID: mcp2221: Handle reads greater than 60 bytes Hamish Martin <hamish.martin(a)alliedtelesis.co.nz> HID: mcp2221: Don't set bus speed on every transfer James Jones <jajones(a)nvidia.com> drm/nouveau/disp: Always accept linear modifier Fabio Porcedda <fabio.porcedda(a)gmail.com> net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions Shanker Donthineni <sdonthineni(a)nvidia.com> dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted Alex Deucher <alexander.deucher(a)amd.com> Revert "drm/amdgpu: fix incorrect vm flags to map bo" Minjong Kim <minbell.kim(a)samsung.com> HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() Ping Cheng <pinglinux(a)gmail.com> HID: wacom: Add a new Art Pen 2 Qasim Ijaz <qasdev00(a)gmail.com> HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() Qasim Ijaz <qasdev00(a)gmail.com> HID: asus: fix UAF via HID_CLAIMED_INPUT validation Thijs Raymakers <thijs(a)raymakers.nl> KVM: x86: use array_index_nospec with indices that come from guest Li Nan <linan122(a)huawei.com> efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Eric Dumazet <edumazet(a)google.com> sctp: initialize more fields in sctp_v6_from_sk() Rohan G Thomas <rohan.g.thomas(a)altera.com> net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Set local Xoff after FW update Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Update and set Xon/Xoff upon port speed set Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Update and set Xon/Xoff upon MTU set Horatiu Vultur <horatiu.vultur(a)microchip.com> phy: mscc: Fix when PTP clock is register and unregister Yeounsu Moon <yyyynoom(a)gmail.com> net: dlink: fix multicast stats being counted incorrectly Kuniyuki Iwashima <kuniyu(a)google.com> atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced Madhavan Srinivasan <maddy(a)linux.ibm.com> powerpc/kvm: Fix ifdef to remove build warning Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix regression in local-broadcast routes Jan Kara <jack(a)suse.cz> udf: Fix directory iteration for longer tail extents Nikolay Kuratov <kniv(a)yandex-team.ru> vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix a race when updating an existing write Christoph Hellwig <hch(a)lst.de> nfs: fold nfs_page_group_lock_subrequests into nfs_lock_and_join_requests Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: codecs: tx-macro: correct tx_macro_component_drv name Damien Le Moal <dlemoal(a)kernel.org> scsi: core: sysfs: Correct sysfs attributes access rights Tengda Wu <wutengda(a)huaweicloud.com> ftrace: Fix potential warning in trace_printk_seq during ftrace_dump Randy Dunlap <rdunlap(a)infradead.org> pinctrl: STMFX: add missing HAS_IOMEM dependency ------------- Diffstat: Makefile | 4 +- arch/powerpc/kernel/kvm.c | 8 +- arch/x86/kvm/lapic.c | 2 + arch/x86/kvm/x86.c | 7 +- drivers/atm/atmtcp.c | 17 ++- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- drivers/gpu/drm/drm_dp_helper.c | 2 +- drivers/gpu/drm/nouveau/dispnv50/wndw.c | 4 + drivers/hid/hid-asus.c | 8 +- drivers/hid/hid-mcp2221.c | 71 +++++++---- drivers/hid/hid-multitouch.c | 8 ++ drivers/hid/hid-ntrig.c | 3 + drivers/hid/wacom_wac.c | 1 + drivers/net/ethernet/dlink/dl2k.c | 2 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.c | 3 +- .../ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 ++ drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 19 ++- drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c | 4 - drivers/net/phy/mscc/mscc.h | 4 + drivers/net/phy/mscc/mscc_main.c | 4 +- drivers/net/phy/mscc/mscc_ptp.c | 34 +++-- drivers/net/usb/qmi_wwan.c | 3 + drivers/pinctrl/Kconfig | 1 + drivers/scsi/scsi_sysfs.c | 4 +- drivers/vhost/net.c | 9 +- fs/efivarfs/super.c | 4 + fs/nfs/pagelist.c | 86 +------------ fs/nfs/write.c | 142 +++++++++++++-------- fs/udf/directory.c | 2 +- fs/xfs/libxfs/xfs_attr_remote.c | 7 + fs/xfs/libxfs/xfs_da_btree.c | 6 + include/linux/atmdev.h | 1 + include/linux/nfs_page.h | 2 +- kernel/dma/pool.c | 4 +- kernel/trace/trace.c | 4 +- net/atm/common.c | 15 ++- net/bluetooth/hci_event.c | 12 +- net/ipv4/route.c | 10 +- net/sctp/ipv6.c | 2 + sound/soc/codecs/lpass-tx-macro.c | 2 +- 40 files changed, 328 insertions(+), 209 deletions(-)

2 weeks

8
40
0 0

[PATCH] fs: quota: create dedicated workqueue for quota_release_work

by Shashank A P

There is a kernel panic due to WARN_ONCE when panic_on_warn is set. This issue occurs when writeback is triggered due to sync call for an opened file(ie, writeback reason is WB_REASON_SYNC). When f2fs balance is needed at sync path, flush for quota_release_work is triggered. By default quota_release_work is queued to "events_unbound" queue which does not have WQ_MEM_RECLAIM flag. During f2fs balance "writeback" workqueue tries to flush quota_release_work causing kernel panic due to MEM_RECLAIM flag mismatch errors. This patch creates dedicated workqueue with WQ_MEM_RECLAIM flag for work quota_release_work. ------------[ cut here ]------------ WARNING: CPU: 4 PID: 14867 at kernel/workqueue.c:3721 check_flush_dependency+0x13c/0x148 Call trace: check_flush_dependency+0x13c/0x148 __flush_work+0xd0/0x398 flush_delayed_work+0x44/0x5c dquot_writeback_dquots+0x54/0x318 f2fs_do_quota_sync+0xb8/0x1a8 f2fs_write_checkpoint+0x3cc/0x99c f2fs_gc+0x190/0x750 f2fs_balance_fs+0x110/0x168 f2fs_write_single_data_page+0x474/0x7dc f2fs_write_data_pages+0x7d0/0xd0c do_writepages+0xe0/0x2f4 __writeback_single_inode+0x44/0x4ac writeback_sb_inodes+0x30c/0x538 wb_writeback+0xf4/0x440 wb_workfn+0x128/0x5d4 process_scheduled_works+0x1c4/0x45c worker_thread+0x32c/0x3e8 kthread+0x11c/0x1b0 ret_from_fork+0x10/0x20 Kernel panic - not syncing: kernel: panic_on_warn set ... Fixes: ac6f420291b3 ("quota: flush quota_release_work upon quota writeback") CC: stable(a)vger.kernel.org Signed-off-by: Shashank A P <shashank.ap(a)samsung.com> --- fs/quota/dquot.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c index df4a9b348769..d0f83a0c42df 100644 --- a/fs/quota/dquot.c +++ b/fs/quota/dquot.c @@ -162,6 +162,9 @@ static struct quota_module_name module_names[] = INIT_QUOTA_MODULE_NAMES; /* SLAB cache for dquot structures */ static struct kmem_cache *dquot_cachep; +/* workqueue for work quota_release_work*/ +struct workqueue_struct *quota_unbound_wq; + void register_quota_format(struct quota_format_type *fmt) { spin_lock(&dq_list_lock); @@ -881,7 +884,7 @@ void dqput(struct dquot *dquot) put_releasing_dquots(dquot); atomic_dec(&dquot->dq_count); spin_unlock(&dq_list_lock); - queue_delayed_work(system_unbound_wq, &quota_release_work, 1); + queue_delayed_work(quota_unbound_wq, &quota_release_work, 1); } EXPORT_SYMBOL(dqput); @@ -3041,6 +3044,11 @@ static int __init dquot_init(void) shrinker_register(dqcache_shrinker); + quota_unbound_wq = alloc_workqueue("quota_events_unbound", + WQ_UNBOUND | WQ_MEM_RECLAIM, WQ_MAX_ACTIVE); + if (!quota_unbound_wq) + panic("Cannot create quota_unbound_wq\n"); + return 0; } fs_initcall(dquot_init); -- 2.34.1

2 weeks

2
3
0 0

[PATCH] rust: kasan/kbuild: fix missing flags on first build

by Miguel Ojeda

If KASAN is enabled, and one runs in a clean repository e.g.: make LLVM=1 prepare make LLVM=1 prepare Then the Rust code gets rebuilt, which should not happen. The reason is some of the LLVM KASAN `rustc` flags are added in the second run: -Cllvm-args=-asan-instrumentation-with-call-threshold=10000 -Cllvm-args=-asan-stack=0 -Cllvm-args=-asan-globals=1 -Cllvm-args=-asan-kernel-mem-intrinsic-prefix=1 Further runs do not rebuild Rust because the flags do not change anymore. Rebuilding like that in the second run is bad, even if this just happens with KASAN enabled, but missing flags in the first one is even worse. The root issue is that we pass, for some architectures and for the moment, a generated `target.json` file. That file is not ready by the time `rustc` gets called for the flag test, and thus the flag test fails just because the file is not available, e.g.: $ ... --target=./scripts/target.json ... -Cllvm-args=... error: target file "./scripts/target.json" does not exist There are a few approaches we could take here to solve this. For instance, we could ensure that every time that the config is rebuilt, we regenerate the file and recompute the flags. Or we could use the LLVM version to check for these flags, instead of testing the flag (which may have other advantages, such as allowing us to detect renames on the LLVM side). However, it may be easier than that: `rustc` is aware of the `-Cllvm-args` regardless of the `--target` (e.g. I checked that the list printed is the same, plus that I can check for these flags even if I pass a completely unrelated target), and thus we can just eliminate the dependency completely. Thus filter out the target. This does mean that `rustc-option` cannot be used to test a flag that requires the right target, but we don't have other users yet, it is a minimal change and we want to get rid of custom targets in the future. We could only filter in the case `target.json` is used, to make it work in more cases, but then it would be harder to notice that it may not work in a couple architectures. Cc: Matthew Maurer <mmaurer(a)google.com> Cc: Sami Tolvanen <samitolvanen(a)google.com> Cc: stable(a)vger.kernel.org Fixes: e3117404b411 ("kbuild: rust: Enable KASAN support") Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- By the way, I noticed that we are not getting `asan-instrument-allocas` enabled in neither C nor Rust -- upstream LLVM renamed it in commit 8176ee9b5dda ("[asan] Rename asan-instrument-allocas -> asan-instrument-dynamic-allocas")). But it happened a very long time ago (9 years ago), and the addition in the kernel is fairly old too, in 342061ee4ef3 ("kasan: support alloca() poisoning"). I assume it should either be renamed or removed? Happy to send a patch if so. scripts/Makefile.compiler | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/Makefile.compiler b/scripts/Makefile.compiler index 8956587b8547..7ed7f92a7daa 100644 --- a/scripts/Makefile.compiler +++ b/scripts/Makefile.compiler @@ -80,7 +80,7 @@ ld-option = $(call try-run, $(LD) $(KBUILD_LDFLAGS) $(1) -v,$(1),$(2),$(3)) # TODO: remove RUSTC_BOOTSTRAP=1 when we raise the minimum GNU Make version to 4.4 __rustc-option = $(call try-run,\ echo '#![allow(missing_docs)]#![feature(no_core)]#![no_core]' | RUSTC_BOOTSTRAP=1\ - $(1) --sysroot=/dev/null $(filter-out --sysroot=/dev/null,$(2)) $(3)\ + $(1) --sysroot=/dev/null $(filter-out --sysroot=/dev/null --target=%,$(2)) $(3)\ --crate-type=rlib --out-dir=$(TMPOUT) --emit=obj=- - >/dev/null,$(3),$(4)) # rustc-option base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 -- 2.49.0

2 weeks

5
10
0 0

[PATCH v3] sched/deadline: Fix race in push_dl_task

by Harshit Agarwal

When a CPU chooses to call push_dl_task and picks a task to push to another CPU's runqueue then it will call find_lock_later_rq method which would take a double lock on both CPUs' runqueues. If one of the locks aren't readily available, it may lead to dropping the current runqueue lock and reacquiring both the locks at once. During this window it is possible that the task is already migrated and is running on some other CPU. These cases are already handled. However, if the task is migrated and has already been executed and another CPU is now trying to wake it up (ttwu) such that it is queued again on the runqeue (on_rq is 1) and also if the task was run by the same CPU, then the current checks will pass even though the task was migrated out and is no longer in the pushable tasks list. Please go through the original rt change for more details on the issue. To fix this, after the lock is obtained inside the find_lock_later_rq, it ensures that the task is still at the head of pushable tasks list. Also removed some checks that are no longer needed with the addition of this new check. However, the new check of pushable tasks list only applies when find_lock_later_rq is called by push_dl_task. For the other caller i.e. dl_task_offline_migration, existing checks are used. Signed-off-by: Harshit Agarwal <harshit(a)nutanix.com> Cc: stable(a)vger.kernel.org --- Changes in v3: - Incorporated review comments from Juri around the commit message as well as around the comment regarding checks in find_lock_later_rq. - Link to v2: https://lore.kernel.org/stable/20250317022325.52791-1-harshit@nutanix.com/ Changes in v2: - As per Juri's suggestion, moved the check inside find_lock_later_rq similar to rt change. Here we distinguish among the push_dl_task caller vs dl_task_offline_migration by checking if the task is throttled or not. - Fixed the commit message to refer to the rt change by title. - Link to v1: https://lore.kernel.org/lkml/20250307204255.60640-1-harshit@nutanix.com/ --- kernel/sched/deadline.c | 73 +++++++++++++++++++++++++++-------------- 1 file changed, 49 insertions(+), 24 deletions(-) diff --git a/kernel/sched/deadline.c b/kernel/sched/deadline.c index 38e4537790af..e0c95f33e1ed 100644 --- a/kernel/sched/deadline.c +++ b/kernel/sched/deadline.c @@ -2621,6 +2621,25 @@ static int find_later_rq(struct task_struct *task) return -1; } +static struct task_struct *pick_next_pushable_dl_task(struct rq *rq) +{ + struct task_struct *p; + + if (!has_pushable_dl_tasks(rq)) + return NULL; + + p = __node_2_pdl(rb_first_cached(&rq->dl.pushable_dl_tasks_root)); + + WARN_ON_ONCE(rq->cpu != task_cpu(p)); + WARN_ON_ONCE(task_current(rq, p)); + WARN_ON_ONCE(p->nr_cpus_allowed <= 1); + + WARN_ON_ONCE(!task_on_rq_queued(p)); + WARN_ON_ONCE(!dl_task(p)); + + return p; +} + /* Locks the rq it finds */ static struct rq *find_lock_later_rq(struct task_struct *task, struct rq *rq) { @@ -2648,12 +2667,37 @@ static struct rq *find_lock_later_rq(struct task_struct *task, struct rq *rq) /* Retry if something changed. */ if (double_lock_balance(rq, later_rq)) { - if (unlikely(task_rq(task) != rq || + /* + * double_lock_balance had to release rq->lock, in the + * meantime, task may no longer be fit to be migrated. + * Check the following to ensure that the task is + * still suitable for migration: + * 1. It is possible the task was scheduled, + * migrate_disabled was set and then got preempted, + * so we must check the task migration disable + * flag. + * 2. The CPU picked is in the task's affinity. + * 3. For throttled task (dl_task_offline_migration), + * check the following: + * - the task is not on the rq anymore (it was + * migrated) + * - the task is not on CPU anymore + * - the task is still a dl task + * - the task is not queued on the rq anymore + * 4. For the non-throttled task (push_dl_task), the + * check to ensure that this task is still at the + * head of the pushable tasks list is enough. + */ + if (unlikely(is_migration_disabled(task) || !cpumask_test_cpu(later_rq->cpu, &task->cpus_mask) || - task_on_cpu(rq, task) || - !dl_task(task) || - is_migration_disabled(task) || - !task_on_rq_queued(task))) { + (task->dl.dl_throttled && + (task_rq(task) != rq || + task_on_cpu(rq, task) || + !dl_task(task) || + !task_on_rq_queued(task))) || + (!task->dl.dl_throttled && + task != pick_next_pushable_dl_task(rq)))) { + double_unlock_balance(rq, later_rq); later_rq = NULL; break; @@ -2676,25 +2720,6 @@ static struct rq *find_lock_later_rq(struct task_struct *task, struct rq *rq) return later_rq; } -static struct task_struct *pick_next_pushable_dl_task(struct rq *rq) -{ - struct task_struct *p; - - if (!has_pushable_dl_tasks(rq)) - return NULL; - - p = __node_2_pdl(rb_first_cached(&rq->dl.pushable_dl_tasks_root)); - - WARN_ON_ONCE(rq->cpu != task_cpu(p)); - WARN_ON_ONCE(task_current(rq, p)); - WARN_ON_ONCE(p->nr_cpus_allowed <= 1); - - WARN_ON_ONCE(!task_on_rq_queued(p)); - WARN_ON_ONCE(!dl_task(p)); - - return p; -} - /* * See if the non running -deadline tasks on this rq * can be sent to some other CPU where they can preempt -- 2.49.0.111.g5b97a56fa0

2 weeks

3
3
0 0

[PATCH v3] proc: fix missing pde_set_flags() for net proc files

by wangzijie

To avoid potential UAF issues during module removal races, we use pde_set_flags() to save proc_ops flags in PDE itself before proc_register(), and then use pde_has_proc_*() helpers instead of directly dereferencing pde->proc_ops->*. However, the pde_set_flags() call was missing when creating net related proc files. This omission caused incorrect behavior which FMODE_LSEEK was being cleared inappropriately in proc_reg_open() for net proc files. Lars reported it in this link[1]. Fix this by ensuring pde_set_flags() is called when register proc entry, and add NULL check for proc_ops in pde_set_flags(). [1]: https://lore.kernel.org/all/20250815195616.64497967@chagall.paradoxon.rec/ Fixes: ff7ec8dc1b64 ("proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al") Cc: stable(a)vger.kernel.org Reported-by: Lars Wendler <polynomial-c(a)gmx.de> Signed-off-by: wangzijie <wangzijie1(a)honor.com> --- v3: - followed by Christian's suggestion to stash pde->proc_ops in a local const variable v2: - followed by Jiri's suggestion to refractor code and reformat commit message --- fs/proc/generic.c | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/fs/proc/generic.c b/fs/proc/generic.c index 76e800e38..bd0c099cf 100644 --- a/fs/proc/generic.c +++ b/fs/proc/generic.c @@ -367,6 +367,25 @@ static const struct inode_operations proc_dir_inode_operations = { .setattr = proc_notify_change, }; +static void pde_set_flags(struct proc_dir_entry *pde) +{ + const struct proc_ops *proc_ops = pde->proc_ops; + + if (!proc_ops) + return; + + if (proc_ops->proc_flags & PROC_ENTRY_PERMANENT) + pde->flags |= PROC_ENTRY_PERMANENT; + if (proc_ops->proc_read_iter) + pde->flags |= PROC_ENTRY_proc_read_iter; +#ifdef CONFIG_COMPAT + if (proc_ops->proc_compat_ioctl) + pde->flags |= PROC_ENTRY_proc_compat_ioctl; +#endif + if (proc_ops->proc_lseek) + pde->flags |= PROC_ENTRY_proc_lseek; +} + /* returns the registered entry, or frees dp and returns NULL on failure */ struct proc_dir_entry *proc_register(struct proc_dir_entry *dir, struct proc_dir_entry *dp) @@ -374,6 +393,8 @@ struct proc_dir_entry *proc_register(struct proc_dir_entry *dir, if (proc_alloc_inum(&dp->low_ino)) goto out_free_entry; + pde_set_flags(dp); + write_lock(&proc_subdir_lock); dp->parent = dir; if (pde_subdir_insert(dir, dp) == false) { @@ -561,20 +582,6 @@ struct proc_dir_entry *proc_create_reg(const char *name, umode_t mode, return p; } -static void pde_set_flags(struct proc_dir_entry *pde) -{ - if (pde->proc_ops->proc_flags & PROC_ENTRY_PERMANENT) - pde->flags |= PROC_ENTRY_PERMANENT; - if (pde->proc_ops->proc_read_iter) - pde->flags |= PROC_ENTRY_proc_read_iter; -#ifdef CONFIG_COMPAT - if (pde->proc_ops->proc_compat_ioctl) - pde->flags |= PROC_ENTRY_proc_compat_ioctl; -#endif - if (pde->proc_ops->proc_lseek) - pde->flags |= PROC_ENTRY_proc_lseek; -} - struct proc_dir_entry *proc_create_data(const char *name, umode_t mode, struct proc_dir_entry *parent, const struct proc_ops *proc_ops, void *data) @@ -585,7 +592,6 @@ struct proc_dir_entry *proc_create_data(const char *name, umode_t mode, if (!p) return NULL; p->proc_ops = proc_ops; - pde_set_flags(p); return proc_register(parent, p); } EXPORT_SYMBOL(proc_create_data); @@ -636,7 +642,6 @@ struct proc_dir_entry *proc_create_seq_private(const char *name, umode_t mode, p->proc_ops = &proc_seq_ops; p->seq_ops = ops; p->state_size = state_size; - pde_set_flags(p); return proc_register(parent, p); } EXPORT_SYMBOL(proc_create_seq_private); @@ -667,7 +672,6 @@ struct proc_dir_entry *proc_create_single_data(const char *name, umode_t mode, return NULL; p->proc_ops = &proc_single_ops; p->single_show = show; - pde_set_flags(p); return proc_register(parent, p); } EXPORT_SYMBOL(proc_create_single_data); -- 2.25.1

2 weeks

4
4
0 0

[PATCH v5.10.y] xen: replace xen_remap() with memremap()

by Teddy Astie

From: Juergen Gross <jgross(a)suse.com> From: Juergen Gross <jgross(a)suse.com> [ upstream commit 41925b105e345ebc84cedb64f59d20cb14a62613 ] xen_remap() is used to establish mappings for frames not under direct control of the kernel: for Xenstore and console ring pages, and for grant pages of non-PV guests. Today xen_remap() is defined to use ioremap() on x86 (doing uncached mappings), and ioremap_cache() on Arm (doing cached mappings). Uncached mappings for those use cases are bad for performance, so they should be avoided if possible. As all use cases of xen_remap() don't require uncached mappings (the mapped area is always physical RAM), a mapping using the standard WB cache mode is fine. As sparse is flagging some of the xen_remap() use cases to be not appropriate for iomem(), as the result is not annotated with the __iomem modifier, eliminate xen_remap() completely and replace all use cases with memremap() specifying the MEMREMAP_WB caching mode. xen_unmap() can be replaced with memunmap(). Reported-by: kernel test robot <lkp(a)intel.com> Signed-off-by: Juergen Gross <jgross(a)suse.com> Reviewed-by: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Acked-by: Stefano Stabellini <sstabellini(a)kernel.org> Link: https://lore.kernel.org/r/20220530082634.6339-1-jgross@suse.com Signed-off-by: Juergen Gross <jgross(a)suse.com> Signed-off-by: Teddy Astie <teddy.astie(a)vates.tech> [backport to 5.10.y] --- Cc: Anthoine Bourgeois <anthoine.bourgeois(a)vates.tech> Cc: Juergen Gross <jgross(a)suse.com> Cc: Boris Ostrovsky <boris.ostrovsky(a)oracle.com> Cc: Stefano Stabellini <sstabellini(a)kernel.org> Cc: Thomas Gleixner <tglx(a)linutronix.de> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Borislav Petkov <bp(a)alien8.de> Cc: Dave Hansen <dave.hansen(a)linux.intel.com> Cc: "H. Peter Anvin" <hpa(a)zytor.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Jiri Slaby <jirislaby(a)kernel.org> arch/x86/include/asm/xen/page.h | 3 --- drivers/tty/hvc/hvc_xen.c | 2 +- drivers/xen/grant-table.c | 6 +++--- drivers/xen/xenbus/xenbus_probe.c | 3 +-- include/xen/arm/page.h | 3 --- 5 files changed, 5 insertions(+), 12 deletions(-) diff --git a/arch/x86/include/asm/xen/page.h b/arch/x86/include/asm/xen/page.h index 5941e18edd5a..c183b7f9efef 100644 --- a/arch/x86/include/asm/xen/page.h +++ b/arch/x86/include/asm/xen/page.h @@ -355,9 +355,6 @@ unsigned long arbitrary_virt_to_mfn(void *vaddr); void make_lowmem_page_readonly(void *vaddr); void make_lowmem_page_readwrite(void *vaddr); -#define xen_remap(cookie, size) ioremap((cookie), (size)); -#define xen_unmap(cookie) iounmap((cookie)) - static inline bool xen_arch_need_swiotlb(struct device *dev, phys_addr_t phys, dma_addr_t dev_addr) diff --git a/drivers/tty/hvc/hvc_xen.c b/drivers/tty/hvc/hvc_xen.c index 4886cad0fde6..7b472ab2f34f 100644 --- a/drivers/tty/hvc/hvc_xen.c +++ b/drivers/tty/hvc/hvc_xen.c @@ -270,7 +270,7 @@ static int xen_hvm_console_init(void) if (r < 0 || v == 0) goto err; gfn = v; - info->intf = xen_remap(gfn << XEN_PAGE_SHIFT, XEN_PAGE_SIZE); + info->intf = memremap(gfn << XEN_PAGE_SHIFT, XEN_PAGE_SIZE, MEMREMAP_WB); if (info->intf == NULL) goto err; info->vtermno = HVC_COOKIE; diff --git a/drivers/xen/grant-table.c b/drivers/xen/grant-table.c index 0a2d24d6ac6f..a10e0741bec5 100644 --- a/drivers/xen/grant-table.c +++ b/drivers/xen/grant-table.c @@ -743,7 +743,7 @@ int gnttab_setup_auto_xlat_frames(phys_addr_t addr) if (xen_auto_xlat_grant_frames.count) return -EINVAL; - vaddr = xen_remap(addr, XEN_PAGE_SIZE * max_nr_gframes); + vaddr = memremap(addr, XEN_PAGE_SIZE * max_nr_gframes, MEMREMAP_WB); if (vaddr == NULL) { pr_warn("Failed to ioremap gnttab share frames (addr=%pa)!\n", &addr); @@ -751,7 +751,7 @@ int gnttab_setup_auto_xlat_frames(phys_addr_t addr) } pfn = kcalloc(max_nr_gframes, sizeof(pfn[0]), GFP_KERNEL); if (!pfn) { - xen_unmap(vaddr); + memunmap(vaddr); return -ENOMEM; } for (i = 0; i < max_nr_gframes; i++) @@ -770,7 +770,7 @@ void gnttab_free_auto_xlat_frames(void) if (!xen_auto_xlat_grant_frames.count) return; kfree(xen_auto_xlat_grant_frames.pfn); - xen_unmap(xen_auto_xlat_grant_frames.vaddr); + memunmap(xen_auto_xlat_grant_frames.vaddr); xen_auto_xlat_grant_frames.pfn = NULL; xen_auto_xlat_grant_frames.count = 0; diff --git a/drivers/xen/xenbus/xenbus_probe.c b/drivers/xen/xenbus/xenbus_probe.c index fb5358a73820..23595fdd053d 100644 --- a/drivers/xen/xenbus/xenbus_probe.c +++ b/drivers/xen/xenbus/xenbus_probe.c @@ -919,8 +919,7 @@ static int __init xenbus_init(void) #endif xen_store_gfn = (unsigned long)v; xen_store_interface = - xen_remap(xen_store_gfn << XEN_PAGE_SHIFT, - XEN_PAGE_SIZE); + memremap(xen_store_gfn << XEN_PAGE_SHIFT, XEN_PAGE_SIZE, MEMREMAP_WB); break; default: pr_warn("Xenstore state unknown\n"); diff --git a/include/xen/arm/page.h b/include/xen/arm/page.h index ac1b65470563..f831cfeca000 100644 --- a/include/xen/arm/page.h +++ b/include/xen/arm/page.h @@ -109,9 +109,6 @@ static inline bool set_phys_to_machine(unsigned long pfn, unsigned long mfn) return __set_phys_to_machine(pfn, mfn); } -#define xen_remap(cookie, size) ioremap_cache((cookie), (size)) -#define xen_unmap(cookie) iounmap((cookie)) - bool xen_arch_need_swiotlb(struct device *dev, phys_addr_t phys, dma_addr_t dev_addr); -- 2.51.0 -- Teddy Astie | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech

2 weeks

2
3
0 0

[PATCH v4 6/7] LoongArch: Automatically disable kaslr when the kernel loads from kexec_file

by Youling Tang

From: Youling Tang <tangyouling(a)kylinos.cn> Automatically disable kaslr when the kernel loads from kexec_file. kexec_file loads the secondary kernel image to a non-linked address, inherently providing KASLR-like randomization. However, on LoongArch where System RAM may be non-contiguous, enabling KASLR for the second kernel could relocate it to an invalid memory region and cause boot failure. Thus, we disable KASLR when "kexec_file" is detected in the command line. To ensure compatibility with older kernels loaded via kexec_file, this patch need be backported to stable branches. Cc: stable(a)vger.kernel.org Signed-off-by: Youling Tang <tangyouling(a)kylinos.cn> --- arch/loongarch/kernel/relocate.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/loongarch/kernel/relocate.c b/arch/loongarch/kernel/relocate.c index 50c469067f3a..4c097532cb88 100644 --- a/arch/loongarch/kernel/relocate.c +++ b/arch/loongarch/kernel/relocate.c @@ -140,6 +140,10 @@ static inline __init bool kaslr_disabled(void) if (str == boot_command_line || (str > boot_command_line && *(str - 1) == ' ')) return true; + str = strstr(boot_command_line, "kexec_file"); + if (str == boot_command_line || (str > boot_command_line && *(str - 1) == ' ')) + return true; + #ifdef CONFIG_HIBERNATION str = strstr(builtin_cmdline, "nohibernate"); if (str == builtin_cmdline || (str > builtin_cmdline && *(str - 1) == ' ')) -- 2.43.0

2 weeks

1
0
0 0

HOME-HARDWARE

by HOME-HARDWARE

2 weeks

1
0
0 0

[PATCH net] net: libwx: fix to enable RSS

by Jiawen Wu

When SRIOV is enabled, RSS is also supported for the functions. There is an incorrect flag judgement which causes RSS to fail to be enabled. Fixes: c52d4b898901 ("net: libwx: Redesign flow when sriov is enabled") Cc: stable(a)vger.kernel.org Signed-off-by: Jiawen Wu <jiawenwu(a)trustnetic.com> --- drivers/net/ethernet/wangxun/libwx/wx_hw.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/drivers/net/ethernet/wangxun/libwx/wx_hw.c b/drivers/net/ethernet/wangxun/libwx/wx_hw.c index bcd07a715752..5cb353a97d6d 100644 --- a/drivers/net/ethernet/wangxun/libwx/wx_hw.c +++ b/drivers/net/ethernet/wangxun/libwx/wx_hw.c @@ -2078,10 +2078,6 @@ static void wx_setup_mrqc(struct wx *wx) { u32 rss_field = 0; - /* VT, and RSS do not coexist at the same time */ - if (test_bit(WX_FLAG_VMDQ_ENABLED, wx->flags)) - return; - /* Disable indicating checksum in descriptor, enables RSS hash */ wr32m(wx, WX_PSR_CTL, WX_PSR_CTL_PCSD, WX_PSR_CTL_PCSD); -- 2.48.1

2 weeks

3
2
0 0

[PATCH v2] net: dsa: mv88e6xxx: Fix fwnode reference leaks in mv88e6xxx_port_setup_leds

by Miaoqian Lin

Fix multiple fwnode reference leaks: 1. The function calls fwnode_get_named_child_node() to get the "leds" node, but never calls fwnode_handle_put(leds) to release this reference. 2. Within the fwnode_for_each_child_node() loop, the early return paths that don't properly release the "led" fwnode reference. This fix follows the same pattern as commit d029edefed39 ("net dsa: qca8k: fix usages of device_get_named_child_node()") Fixes: 94a2a84f5e9e ("net: dsa: mv88e6xxx: Support LED control") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- changes in v2: - use goto for cleanup in error paths - v1: https://lore.kernel.org/all/20250830085508.2107507-1-linmq006@gmail.com/ --- drivers/net/dsa/mv88e6xxx/leds.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/drivers/net/dsa/mv88e6xxx/leds.c b/drivers/net/dsa/mv88e6xxx/leds.c index 1c88bfaea46b..ab3bc645da56 100644 --- a/drivers/net/dsa/mv88e6xxx/leds.c +++ b/drivers/net/dsa/mv88e6xxx/leds.c @@ -779,7 +779,8 @@ int mv88e6xxx_port_setup_leds(struct mv88e6xxx_chip *chip, int port) continue; if (led_num > 1) { dev_err(dev, "invalid LED specified port %d\n", port); - return -EINVAL; + ret = -EINVAL; + goto err_put_led; } if (led_num == 0) @@ -823,17 +824,25 @@ int mv88e6xxx_port_setup_leds(struct mv88e6xxx_chip *chip, int port) init_data.devname_mandatory = true; init_data.devicename = kasprintf(GFP_KERNEL, "%s:0%d:0%d", chip->info->name, port, led_num); - if (!init_data.devicename) - return -ENOMEM; + if (!init_data.devicename) { + ret = -ENOMEM; + goto err_put_led; + } ret = devm_led_classdev_register_ext(dev, l, &init_data); kfree(init_data.devicename); if (ret) { dev_err(dev, "Failed to init LED %d for port %d", led_num, port); - return ret; + goto err_put_led; } } + fwnode_handle_put(leds); return 0; + +err_put_led: + fwnode_handle_put(led); + fwnode_handle_put(leds); + return ret; } -- 2.35.1

2 weeks

4
3
0 0

[PATCH net] netpoll: fix incorrect refcount handling causing incorrect cleanup

by Breno Leitao

commit efa95b01da18 ("netpoll: fix use after free") incorrectly ignored the refcount and prematurely set dev->npinfo to NULL during netpoll cleanup, leading to improper behavior and memory leaks. Scenario causing lack of proper cleanup: 1) A netpoll is associated with a NIC (e.g., eth0) and netdev->npinfo is allocated, and refcnt = 1 - Keep in mind that npinfo is shared among all netpoll instances. In this case, there is just one. 2) Another netpoll is also associated with the same NIC and npinfo->refcnt += 1. - Now dev->npinfo->refcnt = 2; - There is just one npinfo associated to the netdev. 3) When the first netpolls goes to clean up: - The first cleanup succeeds and clears np->dev->npinfo, ignoring refcnt. - It basically calls `RCU_INIT_POINTER(np->dev->npinfo, NULL);` - Set dev->npinfo = NULL, without proper cleanup - No ->ndo_netpoll_cleanup() is either called 4) Now the second target tries to clean up - The second cleanup fails because np->dev->npinfo is already NULL. * In this case, ops->ndo_netpoll_cleanup() was never called, and the skb pool is not cleaned as well (for the second netpoll instance) - This leaks npinfo and skbpool skbs, which is clearly reported by kmemleak. Revert commit efa95b01da18 ("netpoll: fix use after free") and adds clarifying comments emphasizing that npinfo cleanup should only happen once the refcount reaches zero, ensuring stable and correct netpoll behavior. Cc: stable(a)vger.kernel.org Cc: jv(a)jvosburgh.net Fixes: efa95b01da18 ("netpoll: fix use after free") Signed-off-by: Breno Leitao <leitao(a)debian.org> --- I have a selftest that shows the memory leak when kmemleak is enabled and I will be submitting to net-next. Also, giving I am reverting commit efa95b01da18 ("netpoll: fix use after free"), which was supposed to fix a problem on bonding, I am copying Jay. --- net/core/netpoll.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/core/netpoll.c b/net/core/netpoll.c index 5f65b62346d4e..19676cd379640 100644 --- a/net/core/netpoll.c +++ b/net/core/netpoll.c @@ -815,6 +815,10 @@ static void __netpoll_cleanup(struct netpoll *np) if (!npinfo) return; + /* At this point, there is a single npinfo instance per netdevice, and + * its refcnt tracks how many netpoll structures are linked to it. We + * only perform npinfo cleanup when the refcnt decrements to zero. + */ if (refcount_dec_and_test(&npinfo->refcnt)) { const struct net_device_ops *ops; @@ -824,8 +828,7 @@ static void __netpoll_cleanup(struct netpoll *np) RCU_INIT_POINTER(np->dev->npinfo, NULL); call_rcu(&npinfo->rcu, rcu_cleanup_netpoll_info); - } else - RCU_INIT_POINTER(np->dev->npinfo, NULL); + } skb_pool_flush(np); } --- base-commit: 864ecc4a6dade82d3f70eab43dad0e277aa6fc78 change-id: 20250901-netpoll_memleak-90d0d4bc772c Best regards, -- Breno Leitao <leitao(a)debian.org>

2 weeks

2
1
0 0

+ compiler-clangh-define-__sanitize___-macros-only-when-undefined.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: compiler-clang.h: define __SANITIZE_*__ macros only when undefined has been added to the -mm mm-hotfixes-unstable branch. Its filename is compiler-clangh-define-__sanitize___-macros-only-when-undefined.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Nathan Chancellor <nathan(a)kernel.org> Subject: compiler-clang.h: define __SANITIZE_*__ macros only when undefined Date: Tue, 02 Sep 2025 15:49:26 -0700 Clang 22 recently added support for defining __SANITIZE__ macros similar to GCC [1], which causes warnings (or errors with CONFIG_WERROR=y or W=e) with the existing defines that the kernel creates to emulate this behavior with existing clang versions. In file included from <built-in>:3: In file included from include/linux/compiler_types.h:171: include/linux/compiler-clang.h:37:9: error: '__SANITIZE_THREAD__' macro redefined [-Werror,-Wmacro-redefined] 37 | #define __SANITIZE_THREAD__ | ^ <built-in>:352:9: note: previous definition is here 352 | #define __SANITIZE_THREAD__ 1 | ^ Refactor compiler-clang.h to only define the sanitizer macros when they are undefined and adjust the rest of the code to use these macros for checking if the sanitizers are enabled, clearing up the warnings and allowing the kernel to easily drop these defines when the minimum supported version of LLVM for building the kernel becomes 22.0.0 or newer. Link: https://lkml.kernel.org/r/20250902-clang-update-sanitize-defines-v1-1-cf370… Link: https://github.com/llvm/llvm-project/commit/568c23bbd3303518c5056d7f03444da… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> Reviewed-by: Justin Stitt <justinstitt(a)google.com> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Bill Wendling <morbo(a)google.com> Cc: Dmitriy Vyukov <dvyukov(a)google.com> Cc: Marco Elver <elver(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/compiler-clang.h | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) --- a/include/linux/compiler-clang.h~compiler-clangh-define-__sanitize___-macros-only-when-undefined +++ a/include/linux/compiler-clang.h @@ -18,23 +18,42 @@ #define KASAN_ABI_VERSION 5 /* + * Clang 22 added preprocessor macros to match GCC, in hopes of eventually + * dropping __has_feature support for sanitizers: + * https://github.com/llvm/llvm-project/commit/568c23bbd3303518c5056d7f03444da… + * Create these macros for older versions of clang so that it is easy to clean + * up once the minimum supported version of LLVM for building the kernel always + * creates these macros. + * * Note: Checking __has_feature(*_sanitizer) is only true if the feature is * enabled. Therefore it is not required to additionally check defined(CONFIG_*) * to avoid adding redundant attributes in other configurations. */ +#if __has_feature(address_sanitizer) && !defined(__SANITIZE_ADDRESS__) +#define __SANITIZE_ADDRESS__ +#endif +#if __has_feature(hwaddress_sanitizer) && !defined(__SANITIZE_HWADDRESS__) +#define __SANITIZE_HWADDRESS__ +#endif +#if __has_feature(thread_sanitizer) && !defined(__SANITIZE_THREAD__) +#define __SANITIZE_THREAD__ +#endif -#if __has_feature(address_sanitizer) || __has_feature(hwaddress_sanitizer) -/* Emulate GCC's __SANITIZE_ADDRESS__ flag */ +/* + * Treat __SANITIZE_HWADDRESS__ the same as __SANITIZE_ADDRESS__ in the kernel. + */ +#ifdef __SANITIZE_HWADDRESS__ #define __SANITIZE_ADDRESS__ +#endif + +#ifdef __SANITIZE_ADDRESS__ #define __no_sanitize_address \ __attribute__((no_sanitize("address", "hwaddress"))) #else #define __no_sanitize_address #endif -#if __has_feature(thread_sanitizer) -/* emulate gcc's __SANITIZE_THREAD__ flag */ -#define __SANITIZE_THREAD__ +#ifdef __SANITIZE_THREAD__ #define __no_sanitize_thread \ __attribute__((no_sanitize("thread"))) #else _ Patches currently in -mm which might be from nathan(a)kernel.org are compiler-clangh-define-__sanitize___-macros-only-when-undefined.patch mm-rmap-convert-enum-rmap_level-to-enum-pgtable_level-fix.patch

2 weeks, 1 day

1
0
0 0

[PATCH net 8/8] e1000e: fix heap overflow in e1000_set_eeprom

by Tony Nguyen

From: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Fix a possible heap overflow in e1000_set_eeprom function by adding input validation for the requested length of the change in the EEPROM. In addition, change the variable type from int to size_t for better code practices and rearrange declarations to RCT. Cc: stable(a)vger.kernel.org Fixes: bc7f75fa9788 ("[E1000E]: New pci-express e1000 driver (currently for ICH9 devices only)") Co-developed-by: Mikael Wessel <post(a)mikaelkw.online> Signed-off-by: Mikael Wessel <post(a)mikaelkw.online> Signed-off-by: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Tested-by: Mor Bar-Gabay <morx.bar.gabay(a)intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> --- drivers/net/ethernet/intel/e1000e/ethtool.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/net/ethernet/intel/e1000e/ethtool.c b/drivers/net/ethernet/intel/e1000e/ethtool.c index c0bbb12eed2e..cf01a108a5bb 100644 --- a/drivers/net/ethernet/intel/e1000e/ethtool.c +++ b/drivers/net/ethernet/intel/e1000e/ethtool.c @@ -549,12 +549,12 @@ static int e1000_set_eeprom(struct net_device *netdev, { struct e1000_adapter *adapter = netdev_priv(netdev); struct e1000_hw *hw = &adapter->hw; + size_t total_len, max_len; u16 *eeprom_buff; - void *ptr; - int max_len; + int ret_val = 0; int first_word; int last_word; - int ret_val = 0; + void *ptr; u16 i; if (eeprom->len == 0) @@ -569,6 +569,10 @@ static int e1000_set_eeprom(struct net_device *netdev, max_len = hw->nvm.word_size * 2; + if (check_add_overflow(eeprom->offset, eeprom->len, &total_len) || + total_len > max_len) + return -EFBIG; + first_word = eeprom->offset >> 1; last_word = (eeprom->offset + eeprom->len - 1) >> 1; eeprom_buff = kmalloc(max_len, GFP_KERNEL); -- 2.47.1

2 weeks, 1 day

1
0
0 0

[PATCH] compiler-clang.h: Define __SANITIZE_*__ macros only when undefined

by Nathan Chancellor

Clang 22 recently added support for defining __SANITIZE__ macros similar to GCC [1], which causes warnings (or errors with CONFIG_WERROR=y or W=e) with the existing defines that the kernel creates to emulate this behavior with existing clang versions. In file included from <built-in>:3: In file included from include/linux/compiler_types.h:171: include/linux/compiler-clang.h:37:9: error: '__SANITIZE_THREAD__' macro redefined [-Werror,-Wmacro-redefined] 37 | #define __SANITIZE_THREAD__ | ^ <built-in>:352:9: note: previous definition is here 352 | #define __SANITIZE_THREAD__ 1 | ^ Refactor compiler-clang.h to only define the sanitizer macros when they are undefined and adjust the rest of the code to use these macros for checking if the sanitizers are enabled, clearing up the warnings and allowing the kernel to easily drop these defines when the minimum supported version of LLVM for building the kernel becomes 22.0.0 or newer. Cc: stable(a)vger.kernel.org Link: https://github.com/llvm/llvm-project/commit/568c23bbd3303518c5056d7f03444da… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- Andrew, would it be possible to take this via mm-hotfixes? --- include/linux/compiler-clang.h | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/include/linux/compiler-clang.h b/include/linux/compiler-clang.h index fa4ffe037bc7..8720a0705900 100644 --- a/include/linux/compiler-clang.h +++ b/include/linux/compiler-clang.h @@ -18,23 +18,42 @@ #define KASAN_ABI_VERSION 5 /* + * Clang 22 added preprocessor macros to match GCC, in hopes of eventually + * dropping __has_feature support for sanitizers: + * https://github.com/llvm/llvm-project/commit/568c23bbd3303518c5056d7f03444da… + * Create these macros for older versions of clang so that it is easy to clean + * up once the minimum supported version of LLVM for building the kernel always + * creates these macros. + * * Note: Checking __has_feature(*_sanitizer) is only true if the feature is * enabled. Therefore it is not required to additionally check defined(CONFIG_*) * to avoid adding redundant attributes in other configurations. */ +#if __has_feature(address_sanitizer) && !defined(__SANITIZE_ADDRESS__) +#define __SANITIZE_ADDRESS__ +#endif +#if __has_feature(hwaddress_sanitizer) && !defined(__SANITIZE_HWADDRESS__) +#define __SANITIZE_HWADDRESS__ +#endif +#if __has_feature(thread_sanitizer) && !defined(__SANITIZE_THREAD__) +#define __SANITIZE_THREAD__ +#endif -#if __has_feature(address_sanitizer) || __has_feature(hwaddress_sanitizer) -/* Emulate GCC's __SANITIZE_ADDRESS__ flag */ +/* + * Treat __SANITIZE_HWADDRESS__ the same as __SANITIZE_ADDRESS__ in the kernel. + */ +#ifdef __SANITIZE_HWADDRESS__ #define __SANITIZE_ADDRESS__ +#endif + +#ifdef __SANITIZE_ADDRESS__ #define __no_sanitize_address \ __attribute__((no_sanitize("address", "hwaddress"))) #else #define __no_sanitize_address #endif -#if __has_feature(thread_sanitizer) -/* emulate gcc's __SANITIZE_THREAD__ flag */ -#define __SANITIZE_THREAD__ +#ifdef __SANITIZE_THREAD__ #define __no_sanitize_thread \ __attribute__((no_sanitize("thread"))) #else --- base-commit: b320789d6883cc00ac78ce83bccbfe7ed58afcf0 change-id: 20250902-clang-update-sanitize-defines-845000c29d2c Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

2 weeks, 1 day

2
1
0 0

[PATCHSET] xfs: improve online repair reap calculations

by Darrick J. Wong

Hi all, A few months ago, the multi-fsblock untorn writes patchset added a bunch of log intent item helper functions to estimate the number of intent items that could be added to a particular transaction. Those helpers enabled us to compute a safe upper bound on the number of blocks that could be written in an untorn fashion with filesystem-provided out of place writes. Currently, the online fsck code employs static limits on the number of intent items that it's willing to accrue to a single transaction when it's trying to reap what it thinks are the old blocks from a corrupt structure. There have been no problems reported with this approach after years of testing, but static limits are scary and gross because overestimating the intent item limit could result in transaction overflows and dead filesystems; and underestimating causes unnecessary overhead. This series uses the new log intent item size helpers to estimate the limits dynamically based on worst-case per-block repair work vs. the size of the scrub transaction. After several months of testing this, there don't seem to be any problems here either. If you're going to start using this code, I strongly recommend pulling from my git trees, which are linked below. This has been running on the djcloud for months with no problems. Enjoy! Comments and questions are, as always, welcome. --D kernel git tree: https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=fi… --- Commits in this patchset: * xfs: prepare reaping code for dynamic limits * xfs: convert the ifork reap code to use xreap_state * xfs: use deferred intent items for reaping crosslinked blocks * xfs: compute per-AG extent reap limits dynamically * xfs: compute data device CoW staging extent reap limits dynamically * xfs: compute realtime device CoW staging extent reap limits dynamically * xfs: compute file mapping reap limits dynamically * xfs: remove static reap limits * xfs: use deferred reaping for data device cow extents --- fs/xfs/scrub/repair.h | 8 - fs/xfs/scrub/trace.h | 45 ++++ fs/xfs/scrub/newbt.c | 7 + fs/xfs/scrub/reap.c | 622 +++++++++++++++++++++++++++++++++++++++---------- fs/xfs/scrub/trace.c | 1 5 files changed, 552 insertions(+), 131 deletions(-)

2 weeks, 1 day

2
3
0 0

[PATCH 2/4] fuse: fix possibly missing fuse_copy_finish() call in fuse_notify()

by Miklos Szeredi

In case of FUSE_NOTIFY_RESEND and FUSE_NOTIFY_INC_EPOCH fuse_copy_finish() isn't called. Fix by always calling fuse_copy_finish() after fuse_notify(). It's a no-op if called a second time. Fixes: 760eac73f9f6 ("fuse: Introduce a new notification type for resend pending requests") Fixes: 2396356a945b ("fuse: add more control over cache invalidation behaviour") Cc: <stable(a)vger.kernel.org> # v6.9 Signed-off-by: Miklos Szeredi <mszeredi(a)redhat.com> --- fs/fuse/dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c index df793003eb0c..85d05a5e40e9 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -2178,7 +2178,7 @@ static ssize_t fuse_dev_do_write(struct fuse_dev *fud, */ if (!oh.unique) { err = fuse_notify(fc, oh.error, nbytes - sizeof(oh), cs); - goto out; + goto copy_finish; } err = -EINVAL; -- 2.49.0

2 weeks, 1 day

2
1
0 0

[PATCH] Revert "drm/amdgpu: Avoid extra evict-restore process."

by Alex Deucher

This reverts commit 71598a5a7797f0052aaa7bcff0b8d4b8f20f1441. This commit introduced a regression, however the fix for the regression: aa5fc4362fac ("drm/amdgpu: fix task hang from failed job submission during process kill") depends on things not yet present in 6.12.y and older kernels. Since this commit is more of an optimization, just revert it for 6.12.y and older stable kernels. Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org # 6.1.x - 6.12.x --- Please apply this revert to 6.1.x to 6.12.x stable trees. The newer stable trees and Linus' tree already have the regression fix. drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c index 0adb106e2c42..37d53578825b 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c @@ -2292,11 +2292,13 @@ void amdgpu_vm_adjust_size(struct amdgpu_device *adev, uint32_t min_vm_size, */ long amdgpu_vm_wait_idle(struct amdgpu_vm *vm, long timeout) { - timeout = drm_sched_entity_flush(&vm->immediate, timeout); + timeout = dma_resv_wait_timeout(vm->root.bo->tbo.base.resv, + DMA_RESV_USAGE_BOOKKEEP, + true, timeout); if (timeout <= 0) return timeout; - return drm_sched_entity_flush(&vm->delayed, timeout); + return dma_fence_wait_timeout(vm->last_unlocked, true, timeout); } static void amdgpu_vm_destroy_task_info(struct kref *kref) -- 2.51.0

2 weeks, 1 day

3
2
0 0

FAILED: patch "[PATCH] drm/mediatek: Fix device/node reference count leaks in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1f403699c40f0806a707a9a6eed3b8904224021a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025090146-playback-kinsman-373c@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1f403699c40f0806a707a9a6eed3b8904224021a Mon Sep 17 00:00:00 2001 From: Ma Ke <make24(a)iscas.ac.cn> Date: Tue, 12 Aug 2025 15:19:32 +0800 Subject: [PATCH] drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv Using device_find_child() and of_find_device_by_node() to locate devices could cause an imbalance in the device's reference count. device_find_child() and of_find_device_by_node() both call get_device() to increment the reference count of the found device before returning the pointer. In mtk_drm_get_all_drm_priv(), these references are never released through put_device(), resulting in permanent reference count increments. Additionally, the for_each_child_of_node() iterator fails to release node references in all code paths. This leaks device node references when loop termination occurs before reaching MAX_CRTC. These reference count leaks may prevent device/node resources from being properly released during driver unbind operations. As comment of device_find_child() says, 'NOTE: you will need to drop the reference with put_device() after use'. Cc: stable(a)vger.kernel.org Fixes: 1ef7ed48356c ("drm/mediatek: Modify mediatek-drm for mt8195 multi mmsys support") Signed-off-by: Ma Ke <make24(a)iscas.ac.cn> Reviewed-by: CK Hu <ck.hu(a)mediatek.com> Link: https://patchwork.kernel.org/project/dri-devel/patch/20250812071932.471730-… Signed-off-by: Chun-Kuang Hu <chunkuang.hu(a)kernel.org> diff --git a/drivers/gpu/drm/mediatek/mtk_drm_drv.c b/drivers/gpu/drm/mediatek/mtk_drm_drv.c index d5e6bab36414..f8a817689e16 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_drv.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_drv.c @@ -387,19 +387,19 @@ static bool mtk_drm_get_all_drm_priv(struct device *dev) of_id = of_match_node(mtk_drm_of_ids, node); if (!of_id) - continue; + goto next_put_node; pdev = of_find_device_by_node(node); if (!pdev) - continue; + goto next_put_node; drm_dev = device_find_child(&pdev->dev, NULL, mtk_drm_match); if (!drm_dev) - continue; + goto next_put_device_pdev_dev; temp_drm_priv = dev_get_drvdata(drm_dev); if (!temp_drm_priv) - continue; + goto next_put_device_drm_dev; if (temp_drm_priv->data->main_len) all_drm_priv[CRTC_MAIN] = temp_drm_priv; @@ -411,10 +411,17 @@ static bool mtk_drm_get_all_drm_priv(struct device *dev) if (temp_drm_priv->mtk_drm_bound) cnt++; - if (cnt == MAX_CRTC) { - of_node_put(node); +next_put_device_drm_dev: + put_device(drm_dev); + +next_put_device_pdev_dev: + put_device(&pdev->dev); + +next_put_node: + of_node_put(node); + + if (cnt == MAX_CRTC) break; - } } if (drm_priv->data->mmsys_dev_num == cnt) {

2 weeks, 1 day

2
3
0 0

[PATCH] i2c: i801: Hide Intel Birch Stream SoC TCO WDT

by Chiasheng Lee

Hide the Intel Birch Stream SoC TCO WDT feature since it was removed. On platforms with PCH TCO WDT, this redundant device might be rendering errors like this: [ 28.144542] sysfs: cannot create duplicate filename '/bus/platform/devices/iTCO_wdt' Fixes: 8c56f9ef25a3 ("i2c: i801: Add support for Intel Birch Stream SoC") Cc: <stable(a)vger.kernel.org> Signed-off-by: Chiasheng Lee <chiasheng.lee(a)linux.intel.com> Reviewed-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Link: https://bugzilla.kernel.org/show_bug.cgi?id=220320 --- drivers/i2c/busses/i2c-i801.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/i2c/busses/i2c-i801.c b/drivers/i2c/busses/i2c-i801.c index a7f89946dad4..e94ac746a741 100644 --- a/drivers/i2c/busses/i2c-i801.c +++ b/drivers/i2c/busses/i2c-i801.c @@ -1052,7 +1052,7 @@ static const struct pci_device_id i801_ids[] = { { PCI_DEVICE_DATA(INTEL, METEOR_LAKE_P_SMBUS, FEATURES_ICH5 | FEATURE_TCO_CNL) }, { PCI_DEVICE_DATA(INTEL, METEOR_LAKE_SOC_S_SMBUS, FEATURES_ICH5 | FEATURE_TCO_CNL) }, { PCI_DEVICE_DATA(INTEL, METEOR_LAKE_PCH_S_SMBUS, FEATURES_ICH5 | FEATURE_TCO_CNL) }, - { PCI_DEVICE_DATA(INTEL, BIRCH_STREAM_SMBUS, FEATURES_ICH5 | FEATURE_TCO_CNL) }, + { PCI_DEVICE_DATA(INTEL, BIRCH_STREAM_SMBUS, FEATURES_ICH5) }, { PCI_DEVICE_DATA(INTEL, ARROW_LAKE_H_SMBUS, FEATURES_ICH5 | FEATURE_TCO_CNL) }, { PCI_DEVICE_DATA(INTEL, PANTHER_LAKE_H_SMBUS, FEATURES_ICH5 | FEATURE_TCO_CNL) }, { PCI_DEVICE_DATA(INTEL, PANTHER_LAKE_P_SMBUS, FEATURES_ICH5 | FEATURE_TCO_CNL) }, -- 2.43.0

2 weeks, 1 day

3
2
0 0

[PATCH v3 3/4] cxl, acpi/hmat: Update CXL access coordinates directly instead of through HMAT

by Dave Jiang

The current implementation of CXL memory hotplug notifier gets called before the HMAT memory hotplug notifier. The CXL driver calculates the access coordinates (bandwidth and latency values) for the CXL end to end path (i.e. CPU to endpoint). When the CXL region is onlined, the CXL memory hotplug notifier writes the access coordinates to the HMAT target structs. Then the HMAT memory hotplug notifier is called and it creates the access coordinates for the node sysfs attributes. During testing on an Intel platform, it was found that although the newly calculated coordinates were pushed to sysfs, the sysfs attributes for the access coordinates showed up with the wrong initiator. The system has 4 nodes (0, 1, 2, 3) where node 0 and 1 are CPU nodes and node 2 and 3 are CXL nodes. The expectation is that node 2 would show up as a target to node 0: /sys/devices/system/node/node2/access0/initiators/node0 However it was observed that node 2 showed up as a target under node 1: /sys/devices/system/node/node2/access0/initiators/node1 The original intent of the 'ext_updated' flag in HMAT handling code was to stop HMAT memory hotplug callback from clobbering the access coordinates after CXL has injected its calculated coordinates and replaced the generic target access coordinates provided by the HMAT table in the HMAT target structs. However the flag is hacky at best and blocks the updates from other CXL regions that are onlined in the same node later on. Remove the 'ext_updated' flag usage and just update the access coordinates for the nodes directly without touching HMAT target data. The hotplug memory callback ordering is changed. Instead of changing CXL, move HMAT back so there's room for the levels rather than have CXL share the same level as SLAB_CALLBACK_PRI. The change will resulting in the CXL callback to be executed after the HMAT callback. With the change, the CXL hotplug memory notifier runs after the HMAT callback. The HMAT callback will create the node sysfs attributes for access coordinates. The CXL callback will write the access coordinates to the now created node sysfs attributes directly and will not pollute the HMAT target values. A nodemask is introduced to keep track if a node has been updated and prevents further updates. Fixes: 067353a46d8c ("cxl/region: Add memory hotplug notifier for cxl region") Cc: stable(a)vger.kernel.org Tested-by: Marc Herbert <marc.herbert(a)linux.intel.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Signed-off-by: Dave Jiang <dave.jiang(a)intel.com> --- v3: - Use nodemask instead of xarray to keep track of node updates (Jonathan) --- drivers/acpi/numa/hmat.c | 6 ------ drivers/cxl/core/cdat.c | 5 ----- drivers/cxl/core/core.h | 1 - drivers/cxl/core/region.c | 20 ++++++++++++-------- include/linux/memory.h | 2 +- 5 files changed, 13 insertions(+), 21 deletions(-) diff --git a/drivers/acpi/numa/hmat.c b/drivers/acpi/numa/hmat.c index 4958301f5417..5d32490dc4ab 100644 --- a/drivers/acpi/numa/hmat.c +++ b/drivers/acpi/numa/hmat.c @@ -74,7 +74,6 @@ struct memory_target { struct node_cache_attrs cache_attrs; u8 gen_port_device_handle[ACPI_SRAT_DEVICE_HANDLE_SIZE]; bool registered; - bool ext_updated; /* externally updated */ }; struct memory_initiator { @@ -391,7 +390,6 @@ int hmat_update_target_coordinates(int nid, struct access_coordinate *coord, coord->read_bandwidth, access); hmat_update_target_access(target, ACPI_HMAT_WRITE_BANDWIDTH, coord->write_bandwidth, access); - target->ext_updated = true; return 0; } @@ -773,10 +771,6 @@ static void hmat_update_target_attrs(struct memory_target *target, u32 best = 0; int i; - /* Don't update if an external agent has changed the data. */ - if (target->ext_updated) - return; - /* Don't update for generic port if there's no device handle */ if ((access == NODE_ACCESS_CLASS_GENPORT_SINK_LOCAL || access == NODE_ACCESS_CLASS_GENPORT_SINK_CPU) && diff --git a/drivers/cxl/core/cdat.c b/drivers/cxl/core/cdat.c index c0af645425f4..c891fd618cfd 100644 --- a/drivers/cxl/core/cdat.c +++ b/drivers/cxl/core/cdat.c @@ -1081,8 +1081,3 @@ int cxl_update_hmat_access_coordinates(int nid, struct cxl_region *cxlr, { return hmat_update_target_coordinates(nid, &cxlr->coord[access], access); } - -bool cxl_need_node_perf_attrs_update(int nid) -{ - return !acpi_node_backed_by_real_pxm(nid); -} diff --git a/drivers/cxl/core/core.h b/drivers/cxl/core/core.h index 2669f251d677..a253d308f3c9 100644 --- a/drivers/cxl/core/core.h +++ b/drivers/cxl/core/core.h @@ -139,7 +139,6 @@ long cxl_pci_get_latency(struct pci_dev *pdev); int cxl_pci_get_bandwidth(struct pci_dev *pdev, struct access_coordinate *c); int cxl_update_hmat_access_coordinates(int nid, struct cxl_region *cxlr, enum access_coordinate_class access); -bool cxl_need_node_perf_attrs_update(int nid); int cxl_port_get_switch_dport_bandwidth(struct cxl_port *port, struct access_coordinate *c); diff --git a/drivers/cxl/core/region.c b/drivers/cxl/core/region.c index 71cc42d05248..0ed95cbc5d5b 100644 --- a/drivers/cxl/core/region.c +++ b/drivers/cxl/core/region.c @@ -30,6 +30,12 @@ * 3. Decoder targets */ +/* + * nodemask that sets per node when the access_coordinates for the node has + * been updated by the CXL memory hotplug notifier. + */ +static nodemask_t nodemask_region_seen = NODE_MASK_NONE; + static struct cxl_region *to_cxl_region(struct device *dev); #define __ACCESS_ATTR_RO(_level, _name) { \ @@ -2442,14 +2448,8 @@ static bool cxl_region_update_coordinates(struct cxl_region *cxlr, int nid) for (int i = 0; i < ACCESS_COORDINATE_MAX; i++) { if (cxlr->coord[i].read_bandwidth) { - rc = 0; - if (cxl_need_node_perf_attrs_update(nid)) - node_set_perf_attrs(nid, &cxlr->coord[i], i); - else - rc = cxl_update_hmat_access_coordinates(nid, cxlr, i); - - if (rc == 0) - cset++; + node_update_perf_attrs(nid, &cxlr->coord[i], i); + cset++; } } @@ -2487,6 +2487,10 @@ static int cxl_region_perf_attrs_callback(struct notifier_block *nb, if (nid != region_nid) return NOTIFY_DONE; + /* No action needed if node bit already set */ + if (node_test_and_set(nid, nodemask_region_seen)) + return NOTIFY_DONE; + if (!cxl_region_update_coordinates(cxlr, nid)) return NOTIFY_DONE; diff --git a/include/linux/memory.h b/include/linux/memory.h index 1305102688d0..0b755d1ef1ec 100644 --- a/include/linux/memory.h +++ b/include/linux/memory.h @@ -120,8 +120,8 @@ struct mem_section; */ #define DEFAULT_CALLBACK_PRI 0 #define SLAB_CALLBACK_PRI 1 -#define HMAT_CALLBACK_PRI 2 #define CXL_CALLBACK_PRI 5 +#define HMAT_CALLBACK_PRI 6 #define MM_COMPUTE_BATCH_PRI 10 #define CPUSET_CALLBACK_PRI 10 #define MEMTIER_HOTPLUG_PRI 100 -- 2.50.1

2 weeks, 1 day

2
1
0 0

Truth: AI adoption in healthcare

by Mohanish Ved

Hi Dr. Sam Lavi Cosmetic And Implant Dentistry , AI adoption in healthcare isn’t coming — it’s already here. Some implant clinics are quietly using AI to handle patient calls, consultations, and scheduling. Their growth isn’t a coincidence. Being first gives them an edge — being late means playing catch-up. Should I share a 2-min demo video so you can see how it works? Reply 'Video' and I’ll send it. — Best regards, Mohanish Ved AI Growth Specialist EditRage Solutions

2 weeks, 1 day

1
0
0 0

[PATCH v3 3/3] xen/events: Update virq_to_irq on migration

by Jason Andryuk

VIRQs come in 3 flavors, per-VPU, per-domain, and global, and the VIRQs are tracked in per-cpu virq_to_irq arrays. Per-domain and global VIRQs must be bound on CPU 0, and bind_virq_to_irq() sets the per_cpu virq_to_irq at registration time Later, the interrupt can migrate, and info->cpu is updated. When calling __unbind_from_irq(), the per-cpu virq_to_irq is cleared for a different cpu. If bind_virq_to_irq() is called again with CPU 0, the stale irq is returned. There won't be any irq_info for the irq, so things break. Make xen_rebind_evtchn_to_cpu() update the per_cpu virq_to_irq mappings to keep them update to date with the current cpu. This ensures the correct virq_to_irq is cleared in __unbind_from_irq(). Fixes: e46cdb66c8fc ("xen: event channels") Cc: stable(a)vger.kernel.org Signed-off-by: Jason Andryuk <jason.andryuk(a)amd.com> --- v3: Kernel style brace placement Delay setting old_cpu and tighten scope of variable v2: Different approach changing virq_to_irq --- drivers/xen/events/events_base.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c index b060b5a95f45..9478fae014e5 100644 --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -1797,9 +1797,20 @@ static int xen_rebind_evtchn_to_cpu(struct irq_info *info, unsigned int tcpu) * virq or IPI channel, which don't actually need to be rebound. Ignore * it, but don't do the xenlinux-level rebind in that case. */ - if (HYPERVISOR_event_channel_op(EVTCHNOP_bind_vcpu, &bind_vcpu) >= 0) + if (HYPERVISOR_event_channel_op(EVTCHNOP_bind_vcpu, &bind_vcpu) >= 0) { + int old_cpu = info->cpu; + bind_evtchn_to_cpu(info, tcpu, false); + if (info->type == IRQT_VIRQ) { + int virq = info->u.virq; + int irq = per_cpu(virq_to_irq, old_cpu)[virq]; + + per_cpu(virq_to_irq, old_cpu)[virq] = -1; + per_cpu(virq_to_irq, tcpu)[virq] = irq; + } + } + do_unmask(info, EVT_MASK_REASON_TEMPORARY); return 0; -- 2.34.1

2 weeks, 1 day

2
1
0 0

[PATCH v3 2/3] xen/events: Return -EEXIST for bound VIRQs

by Jason Andryuk

Change find_virq() to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUG_ON() from bind_virq_to_irq() to propogate the error upwards. Some VIRQs are per-cpu, but others are per-domain or global. Those must be bound to CPU0 and can then migrate elsewhere. The lookup for per-domain and global will probably fail when migrated off CPU 0, especially when the current CPU is tracked. This now returns -EEXIST instead of BUG_ON(). A second call to bind a per-domain or global VIRQ is not expected, but make it non-fatal to avoid trying to look up the irq, since we don't know which per_cpu(virq_to_irq) it will be in. Cc: stable(a)vger.kernel.org Signed-off-by: Jason Andryuk <jason.andryuk(a)amd.com> --- v3: Cc: stable as a pre-req for the subsequent virg tracking change Call __unbind_from_irq() on error ro avoid leaking info v2: New --- drivers/xen/events/events_base.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c index 374231d84e4f..b060b5a95f45 100644 --- a/drivers/xen/events/events_base.c +++ b/drivers/xen/events/events_base.c @@ -1314,10 +1314,12 @@ int bind_interdomain_evtchn_to_irq_lateeoi(struct xenbus_device *dev, } EXPORT_SYMBOL_GPL(bind_interdomain_evtchn_to_irq_lateeoi); -static int find_virq(unsigned int virq, unsigned int cpu, evtchn_port_t *evtchn) +static int find_virq(unsigned int virq, unsigned int cpu, evtchn_port_t *evtchn, + bool percpu) { struct evtchn_status status; evtchn_port_t port; + bool exists = false; memset(&status, 0, sizeof(status)); for (port = 0; port < xen_evtchn_max_channels(); port++) { @@ -1330,12 +1332,16 @@ static int find_virq(unsigned int virq, unsigned int cpu, evtchn_port_t *evtchn) continue; if (status.status != EVTCHNSTAT_virq) continue; - if (status.u.virq == virq && status.vcpu == xen_vcpu_nr(cpu)) { + if (status.u.virq != virq) + continue; + if (status.vcpu == xen_vcpu_nr(cpu)) { *evtchn = port; return 0; + } else if (!percpu) { + exists = true; } } - return -ENOENT; + return exists ? -EEXIST : -ENOENT; } /** @@ -1382,8 +1388,11 @@ int bind_virq_to_irq(unsigned int virq, unsigned int cpu, bool percpu) evtchn = bind_virq.port; else { if (ret == -EEXIST) - ret = find_virq(virq, cpu, &evtchn); - BUG_ON(ret < 0); + ret = find_virq(virq, cpu, &evtchn, percpu); + if (ret) { + __unbind_from_irq(info, info->irq); + goto out; + } } ret = xen_irq_info_virq_setup(info, cpu, evtchn, virq); -- 2.34.1

2 weeks, 1 day

2
1
0 0

[PATCH] dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate

by Miaoqian Lin

The reference taken by of_find_device_by_node() must be released when not needed anymore. Add missing put_device() call to fix device reference leaks. Fixes: 134d9c52fca2 ("dmaengine: dw: dmamux: Introduce RZN1 DMA router support") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/dma/dw/rzn1-dmamux.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/dma/dw/rzn1-dmamux.c b/drivers/dma/dw/rzn1-dmamux.c index 4fb8508419db..deadf135681b 100644 --- a/drivers/dma/dw/rzn1-dmamux.c +++ b/drivers/dma/dw/rzn1-dmamux.c @@ -48,12 +48,16 @@ static void *rzn1_dmamux_route_allocate(struct of_phandle_args *dma_spec, u32 mask; int ret; - if (dma_spec->args_count != RNZ1_DMAMUX_NCELLS) - return ERR_PTR(-EINVAL); + if (dma_spec->args_count != RNZ1_DMAMUX_NCELLS) { + ret = -EINVAL; + goto put_device; + } map = kzalloc(sizeof(*map), GFP_KERNEL); - if (!map) - return ERR_PTR(-ENOMEM); + if (!map) { + ret = -ENOMEM; + goto put_device; + } chan = dma_spec->args[0]; map->req_idx = dma_spec->args[4]; @@ -94,12 +98,15 @@ static void *rzn1_dmamux_route_allocate(struct of_phandle_args *dma_spec, if (ret) goto clear_bitmap; + put_device(&pdev->dev); return map; clear_bitmap: clear_bit(map->req_idx, dmamux->used_chans); free_map: kfree(map); +put_device: + put_device(&pdev->dev); return ERR_PTR(ret); } -- 2.35.1

2 weeks, 1 day

6
8
0 0

[PATCH] cdx: Fix device node reference leak in cdx_msi_domain_init

by Miaoqian Lin

Add missing of_node_put() call to release the device node reference obtained via of_parse_phandle(). Fixes: 0e439ba38e61 ("cdx: add MSI support for CDX bus") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/cdx/cdx_msi.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/cdx/cdx_msi.c b/drivers/cdx/cdx_msi.c index 3388a5d1462c..91b95422b263 100644 --- a/drivers/cdx/cdx_msi.c +++ b/drivers/cdx/cdx_msi.c @@ -174,6 +174,7 @@ struct irq_domain *cdx_msi_domain_init(struct device *dev) } parent = irq_find_matching_fwnode(of_fwnode_handle(parent_node), DOMAIN_BUS_NEXUS); + of_node_put(parent_node); if (!parent || !msi_get_domain_info(parent)) { dev_err(dev, "unable to locate ITS domain\n"); return NULL; -- 2.35.1

2 weeks, 1 day

4
3
0 0

FAILED: patch "[PATCH] xfs: do not propagate ENODATA disk errors into xattr code" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ae668cd567a6a7622bc813ee0bb61c42bed61ba7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025090112-skillet-muskiness-5948@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ae668cd567a6a7622bc813ee0bb61c42bed61ba7 Mon Sep 17 00:00:00 2001 From: Eric Sandeen <sandeen(a)redhat.com> Date: Fri, 22 Aug 2025 12:55:56 -0500 Subject: [PATCH] xfs: do not propagate ENODATA disk errors into xattr code ENODATA (aka ENOATTR) has a very specific meaning in the xfs xattr code; namely, that the requested attribute name could not be found. However, a medium error from disk may also return ENODATA. At best, this medium error may escape to userspace as "attribute not found" when in fact it's an IO (disk) error. At worst, we may oops in xfs_attr_leaf_get() when we do: error = xfs_attr_leaf_hasname(args, &bp); if (error == -ENOATTR) { xfs_trans_brelse(args->trans, bp); return error; } because an ENODATA/ENOATTR error from disk leaves us with a null bp, and the xfs_trans_brelse will then null-deref it. As discussed on the list, we really need to modify the lower level IO functions to trap all disk errors and ensure that we don't let unique errors like this leak up into higher xfs functions - many like this should be remapped to EIO. However, this patch directly addresses a reported bug in the xattr code, and should be safe to backport to stable kernels. A larger-scope patch to handle more unique errors at lower levels can follow later. (Note, prior to 07120f1abdff we did not oops, but we did return the wrong error code to userspace.) Signed-off-by: Eric Sandeen <sandeen(a)redhat.com> Fixes: 07120f1abdff ("xfs: Add xfs_has_attr and subroutines") Cc: stable(a)vger.kernel.org # v5.9+ Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Carlos Maiolino <cem(a)kernel.org> diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index 4c44ce1c8a64..bff3dc226f81 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -435,6 +435,13 @@ xfs_attr_rmtval_get( 0, &bp, &xfs_attr3_rmt_buf_ops); if (xfs_metadata_is_sick(error)) xfs_dirattr_mark_sick(args->dp, XFS_ATTR_FORK); + /* + * ENODATA from disk implies a disk medium failure; + * ENODATA for xattrs means attribute not found, so + * disambiguate that here. + */ + if (error == -ENODATA) + error = -EIO; if (error) return error; diff --git a/fs/xfs/libxfs/xfs_da_btree.c b/fs/xfs/libxfs/xfs_da_btree.c index 17d9e6154f19..723a0643b838 100644 --- a/fs/xfs/libxfs/xfs_da_btree.c +++ b/fs/xfs/libxfs/xfs_da_btree.c @@ -2833,6 +2833,12 @@ xfs_da_read_buf( &bp, ops); if (xfs_metadata_is_sick(error)) xfs_dirattr_mark_sick(dp, whichfork); + /* + * ENODATA from disk implies a disk medium failure; ENODATA for + * xattrs means attribute not found, so disambiguate that here. + */ + if (error == -ENODATA && whichfork == XFS_ATTR_FORK) + error = -EIO; if (error) goto out_free;

2 weeks, 1 day

2
1
0 0

FAILED: patch "[PATCH] xfs: do not propagate ENODATA disk errors into xattr code" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ae668cd567a6a7622bc813ee0bb61c42bed61ba7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025090111-acorn-ammonia-8c45@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ae668cd567a6a7622bc813ee0bb61c42bed61ba7 Mon Sep 17 00:00:00 2001 From: Eric Sandeen <sandeen(a)redhat.com> Date: Fri, 22 Aug 2025 12:55:56 -0500 Subject: [PATCH] xfs: do not propagate ENODATA disk errors into xattr code ENODATA (aka ENOATTR) has a very specific meaning in the xfs xattr code; namely, that the requested attribute name could not be found. However, a medium error from disk may also return ENODATA. At best, this medium error may escape to userspace as "attribute not found" when in fact it's an IO (disk) error. At worst, we may oops in xfs_attr_leaf_get() when we do: error = xfs_attr_leaf_hasname(args, &bp); if (error == -ENOATTR) { xfs_trans_brelse(args->trans, bp); return error; } because an ENODATA/ENOATTR error from disk leaves us with a null bp, and the xfs_trans_brelse will then null-deref it. As discussed on the list, we really need to modify the lower level IO functions to trap all disk errors and ensure that we don't let unique errors like this leak up into higher xfs functions - many like this should be remapped to EIO. However, this patch directly addresses a reported bug in the xattr code, and should be safe to backport to stable kernels. A larger-scope patch to handle more unique errors at lower levels can follow later. (Note, prior to 07120f1abdff we did not oops, but we did return the wrong error code to userspace.) Signed-off-by: Eric Sandeen <sandeen(a)redhat.com> Fixes: 07120f1abdff ("xfs: Add xfs_has_attr and subroutines") Cc: stable(a)vger.kernel.org # v5.9+ Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Carlos Maiolino <cem(a)kernel.org> diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index 4c44ce1c8a64..bff3dc226f81 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -435,6 +435,13 @@ xfs_attr_rmtval_get( 0, &bp, &xfs_attr3_rmt_buf_ops); if (xfs_metadata_is_sick(error)) xfs_dirattr_mark_sick(args->dp, XFS_ATTR_FORK); + /* + * ENODATA from disk implies a disk medium failure; + * ENODATA for xattrs means attribute not found, so + * disambiguate that here. + */ + if (error == -ENODATA) + error = -EIO; if (error) return error; diff --git a/fs/xfs/libxfs/xfs_da_btree.c b/fs/xfs/libxfs/xfs_da_btree.c index 17d9e6154f19..723a0643b838 100644 --- a/fs/xfs/libxfs/xfs_da_btree.c +++ b/fs/xfs/libxfs/xfs_da_btree.c @@ -2833,6 +2833,12 @@ xfs_da_read_buf( &bp, ops); if (xfs_metadata_is_sick(error)) xfs_dirattr_mark_sick(dp, whichfork); + /* + * ENODATA from disk implies a disk medium failure; ENODATA for + * xattrs means attribute not found, so disambiguate that here. + */ + if (error == -ENODATA && whichfork == XFS_ATTR_FORK) + error = -EIO; if (error) goto out_free;

2 weeks, 1 day

2
1
0 0

[PATCH AUTOSEL 6.16] gpiolib: acpi: Add quirk for ASUS ProArt PX13

by Sasha Levin

From: "Mario Limonciello (AMD)" <superm1(a)kernel.org> [ Upstream commit 23800ad1265f10c2bc6f42154ce4d20e59f2900e ] The ASUS ProArt PX13 has a spurious wakeup event from the touchpad a few moments after entering hardware sleep. This can be avoided by preventing the touchpad from being a wake source. Add to the wakeup ignore list. Reported-by: Amit Chaudhari <amitchaudhari(a)mac.com> Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/4482 Tested-by: Amit Chaudhari <amitchaudhari(a)mac.com> Signed-off-by: Mario Limonciello (AMD) <superm1(a)kernel.org> Reviewed-by: Mika Westerberg <mika.westerberg(a)linux.intel.com> Link: https://lore.kernel.org/20250814183430.3887973-1-superm1@kernel.org Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- LLM Generated explanations, may be completely bogus: Based on my comprehensive analysis of this commit and the context, here is my assessment: **Backport Status: YES** ## Extensive Analysis: ### 1. **Nature of the Fix** This commit fixes a real hardware bug - spurious wakeup events from the touchpad on the ASUS ProArt PX13 laptop. The code change adds a DMI- based quirk entry to the `gpiolib_acpi_quirks` table in `/home/sasha/linux/drivers/gpio/gpiolib-acpi-quirks.c:350-359`, which instructs the GPIO subsystem to ignore wake events from the specific touchpad GPIO pin (`ASCP1A00:00@8`). ### 2. **符合稳定内核规则 (Meets Stable Kernel Rules)** According to `/home/sasha/linux/Documentation/process/stable-kernel- rules.rst`: - **Fixes a real bug**: Yes - spurious wakeups are a real hardware issue that impacts users' ability to use sleep/suspend effectively (lines 18-19 of rules) - **Obviously correct and tested**: Yes - the fix is straightforward (adding a quirk entry), has been tested by the reporter (Amit Chaudhari), and reviewed by Mika Westerberg - **Size constraint**: The patch is only ~20 lines with context, well under the 100-line limit - **Already in mainline**: Yes - commit 23800ad1265f10c2bc6f42154ce4d20e59f2900e ### 3. **Historical Precedent** Multiple similar commits for spurious wakeup quirks have been backported to stable: - Commit `805c74eac8cb3` (GPD G1619-04 touchpad wakeup) - explicitly marked with `Cc: stable(a)vger.kernel.org` - Commit `782eea0c89f7d` (Clevo NL5xNU) - marked with `Cc: stable(a)vger.kernel.org` - Commit `a69982c37cd05` (Clevo NH5xAx) - marked with `Cc: <stable(a)vger.kernel.org> # v6.1+` ### 4. **Code Structure Analysis** The change follows the exact same pattern as other quirk entries in the file: ```c .driver_data = &(struct acpi_gpiolib_dmi_quirk) { .ignore_wake = "ASCP1A00:00@8", }, ``` This is a data-only addition to an existing quirk table - no logic changes, no new code paths, minimal regression risk. ### 5. **User Impact** The bug causes spurious wakeups "a few moments after entering hardware sleep", which: - Prevents proper system suspend/sleep functionality - Drains battery life on laptops - Disrupts user workflow - Is a clear hardware-specific issue that cannot be worked around by users ### 6. **Risk Assessment** - **Extremely low risk**: The change only affects systems that match the specific DMI strings (ASUSTeK COMPUTER INC. + ProArt PX13) - **No impact on other systems**: DMI matching ensures this quirk only applies to the affected hardware - **Well-established mechanism**: The ignore_wake infrastructure is mature and widely used ### 7. **Backporting Considerations** While this specific commit wasn't explicitly marked with `Cc: stable`, it follows the exact same pattern as commits that were. The commit has already been picked up by Sasha Levin's stable tree (as shown in the `[ Upstream commit ]` tag in the local repository), suggesting the stable maintainers recognize its importance. The fix is self-contained, requires no prerequisites, and can be cleanly applied to any kernel version that has the `gpiolib-acpi-quirks.c` file structure (introduced in commit `92dc572852ddc`). ### Conclusion This is a textbook example of a stable-appropriate fix: it addresses a specific hardware bug affecting real users, uses a well-established quirk mechanism, has zero impact on unaffected systems, and follows the exact pattern of previously backported fixes for identical issues on different hardware. drivers/gpio/gpiolib-acpi-quirks.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/gpio/gpiolib-acpi-quirks.c b/drivers/gpio/gpiolib-acpi-quirks.c index c13545dce3492..bfb04e67c4bc8 100644 --- a/drivers/gpio/gpiolib-acpi-quirks.c +++ b/drivers/gpio/gpiolib-acpi-quirks.c @@ -344,6 +344,20 @@ static const struct dmi_system_id gpiolib_acpi_quirks[] __initconst = { .ignore_interrupt = "AMDI0030:00@8", }, }, + { + /* + * Spurious wakeups from TP_ATTN# pin + * Found in BIOS 5.35 + * https://gitlab.freedesktop.org/drm/amd/-/issues/4482 + */ + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), + DMI_MATCH(DMI_PRODUCT_FAMILY, "ProArt PX13"), + }, + .driver_data = &(struct acpi_gpiolib_dmi_quirk) { + .ignore_wake = "ASCP1A00:00@8", + }, + }, {} /* Terminating entry */ }; -- 2.50.1

2 weeks, 1 day

1
16
0 0

FAILED: patch "[PATCH] xfs: do not propagate ENODATA disk errors into xattr code" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ae668cd567a6a7622bc813ee0bb61c42bed61ba7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025090111-poem-retold-4ac2@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ae668cd567a6a7622bc813ee0bb61c42bed61ba7 Mon Sep 17 00:00:00 2001 From: Eric Sandeen <sandeen(a)redhat.com> Date: Fri, 22 Aug 2025 12:55:56 -0500 Subject: [PATCH] xfs: do not propagate ENODATA disk errors into xattr code ENODATA (aka ENOATTR) has a very specific meaning in the xfs xattr code; namely, that the requested attribute name could not be found. However, a medium error from disk may also return ENODATA. At best, this medium error may escape to userspace as "attribute not found" when in fact it's an IO (disk) error. At worst, we may oops in xfs_attr_leaf_get() when we do: error = xfs_attr_leaf_hasname(args, &bp); if (error == -ENOATTR) { xfs_trans_brelse(args->trans, bp); return error; } because an ENODATA/ENOATTR error from disk leaves us with a null bp, and the xfs_trans_brelse will then null-deref it. As discussed on the list, we really need to modify the lower level IO functions to trap all disk errors and ensure that we don't let unique errors like this leak up into higher xfs functions - many like this should be remapped to EIO. However, this patch directly addresses a reported bug in the xattr code, and should be safe to backport to stable kernels. A larger-scope patch to handle more unique errors at lower levels can follow later. (Note, prior to 07120f1abdff we did not oops, but we did return the wrong error code to userspace.) Signed-off-by: Eric Sandeen <sandeen(a)redhat.com> Fixes: 07120f1abdff ("xfs: Add xfs_has_attr and subroutines") Cc: stable(a)vger.kernel.org # v5.9+ Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Carlos Maiolino <cem(a)kernel.org> diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index 4c44ce1c8a64..bff3dc226f81 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -435,6 +435,13 @@ xfs_attr_rmtval_get( 0, &bp, &xfs_attr3_rmt_buf_ops); if (xfs_metadata_is_sick(error)) xfs_dirattr_mark_sick(args->dp, XFS_ATTR_FORK); + /* + * ENODATA from disk implies a disk medium failure; + * ENODATA for xattrs means attribute not found, so + * disambiguate that here. + */ + if (error == -ENODATA) + error = -EIO; if (error) return error; diff --git a/fs/xfs/libxfs/xfs_da_btree.c b/fs/xfs/libxfs/xfs_da_btree.c index 17d9e6154f19..723a0643b838 100644 --- a/fs/xfs/libxfs/xfs_da_btree.c +++ b/fs/xfs/libxfs/xfs_da_btree.c @@ -2833,6 +2833,12 @@ xfs_da_read_buf( &bp, ops); if (xfs_metadata_is_sick(error)) xfs_dirattr_mark_sick(dp, whichfork); + /* + * ENODATA from disk implies a disk medium failure; ENODATA for + * xattrs means attribute not found, so disambiguate that here. + */ + if (error == -ENODATA && whichfork == XFS_ATTR_FORK) + error = -EIO; if (error) goto out_free;

2 weeks, 1 day

2
1
0 0

[PATCH] blk-throttle: check policy bit in blk_throtl_activated()

by gj.han＠foxmail.com

From: Han Guangjiang <hanguangjiang(a)lixiang.com> On repeated cold boots we occasionally hit a NULL pointer crash in blk_should_throtl() when throttling is consulted before the throttle policy is fully enabled for the queue. Checking only q->td != NULL is insufficient during early initialization, so blkg_to_pd() for the throttle policy can still return NULL and blkg_to_tg() becomes NULL, which later gets dereferenced. Tighten blk_throtl_activated() to also require that the throttle policy bit is set on the queue: return q->td != NULL && test_bit(blkcg_policy_throtl.plid, q->blkcg_pols); This prevents blk_should_throtl() from accessing throttle group state until policy data has been attached to blkgs. Fixes: a3166c51702b ("blk-throttle: delay initialization until configuration") Cc: stable(a)vger.kernel.org Co-developed-by: Liang Jie <liangjie(a)lixiang.com> Signed-off-by: Liang Jie <liangjie(a)lixiang.com> Signed-off-by: Han Guangjiang <hanguangjiang(a)lixiang.com> --- block/blk-throttle.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/block/blk-throttle.h b/block/blk-throttle.h index 3b27755bfbff..9ca43dc56eda 100644 --- a/block/blk-throttle.h +++ b/block/blk-throttle.h @@ -156,7 +156,7 @@ void blk_throtl_cancel_bios(struct gendisk *disk); static inline bool blk_throtl_activated(struct request_queue *q) { - return q->td != NULL; + return q->td != NULL && test_bit(blkcg_policy_throtl.plid, q->blkcg_pols); } static inline bool blk_should_throtl(struct bio *bio) -- 2.25.1

2 weeks, 1 day

1
0
0 0

FAILED: patch "[PATCH] xfs: do not propagate ENODATA disk errors into xattr code" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x ae668cd567a6a7622bc813ee0bb61c42bed61ba7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025090105-strainer-glider-fdcd@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ae668cd567a6a7622bc813ee0bb61c42bed61ba7 Mon Sep 17 00:00:00 2001 From: Eric Sandeen <sandeen(a)redhat.com> Date: Fri, 22 Aug 2025 12:55:56 -0500 Subject: [PATCH] xfs: do not propagate ENODATA disk errors into xattr code ENODATA (aka ENOATTR) has a very specific meaning in the xfs xattr code; namely, that the requested attribute name could not be found. However, a medium error from disk may also return ENODATA. At best, this medium error may escape to userspace as "attribute not found" when in fact it's an IO (disk) error. At worst, we may oops in xfs_attr_leaf_get() when we do: error = xfs_attr_leaf_hasname(args, &bp); if (error == -ENOATTR) { xfs_trans_brelse(args->trans, bp); return error; } because an ENODATA/ENOATTR error from disk leaves us with a null bp, and the xfs_trans_brelse will then null-deref it. As discussed on the list, we really need to modify the lower level IO functions to trap all disk errors and ensure that we don't let unique errors like this leak up into higher xfs functions - many like this should be remapped to EIO. However, this patch directly addresses a reported bug in the xattr code, and should be safe to backport to stable kernels. A larger-scope patch to handle more unique errors at lower levels can follow later. (Note, prior to 07120f1abdff we did not oops, but we did return the wrong error code to userspace.) Signed-off-by: Eric Sandeen <sandeen(a)redhat.com> Fixes: 07120f1abdff ("xfs: Add xfs_has_attr and subroutines") Cc: stable(a)vger.kernel.org # v5.9+ Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Carlos Maiolino <cem(a)kernel.org> diff --git a/fs/xfs/libxfs/xfs_attr_remote.c b/fs/xfs/libxfs/xfs_attr_remote.c index 4c44ce1c8a64..bff3dc226f81 100644 --- a/fs/xfs/libxfs/xfs_attr_remote.c +++ b/fs/xfs/libxfs/xfs_attr_remote.c @@ -435,6 +435,13 @@ xfs_attr_rmtval_get( 0, &bp, &xfs_attr3_rmt_buf_ops); if (xfs_metadata_is_sick(error)) xfs_dirattr_mark_sick(args->dp, XFS_ATTR_FORK); + /* + * ENODATA from disk implies a disk medium failure; + * ENODATA for xattrs means attribute not found, so + * disambiguate that here. + */ + if (error == -ENODATA) + error = -EIO; if (error) return error; diff --git a/fs/xfs/libxfs/xfs_da_btree.c b/fs/xfs/libxfs/xfs_da_btree.c index 17d9e6154f19..723a0643b838 100644 --- a/fs/xfs/libxfs/xfs_da_btree.c +++ b/fs/xfs/libxfs/xfs_da_btree.c @@ -2833,6 +2833,12 @@ xfs_da_read_buf( &bp, ops); if (xfs_metadata_is_sick(error)) xfs_dirattr_mark_sick(dp, whichfork); + /* + * ENODATA from disk implies a disk medium failure; ENODATA for + * xattrs means attribute not found, so disambiguate that here. + */ + if (error == -ENODATA && whichfork == XFS_ATTR_FORK) + error = -EIO; if (error) goto out_free;

2 weeks, 1 day

2
1
0 0

[PATCH] hisi_acc_vfio_pci: Fix reference leak in hisi_acc_vfio_debug_init

by Miaoqian Lin

The debugfs_lookup() function returns a dentry with an increased reference count that must be released by calling dput(). Fixes: b398f91779b8 ("hisi_acc_vfio_pci: register debugfs for hisilicon migration driver") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c index 2149f49aeec7..1710485cbbec 100644 --- a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c +++ b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c @@ -1611,8 +1611,10 @@ static void hisi_acc_vfio_debug_init(struct hisi_acc_vf_core_device *hisi_acc_vd } migf = kzalloc(sizeof(*migf), GFP_KERNEL); - if (!migf) + if (!migf) { + dput(vfio_dev_migration); return; + } hisi_acc_vdev->debug_migf = migf; vfio_hisi_acc = debugfs_create_dir("hisi_acc", vfio_dev_migration); @@ -1622,6 +1624,8 @@ static void hisi_acc_vfio_debug_init(struct hisi_acc_vf_core_device *hisi_acc_vd hisi_acc_vf_migf_read); debugfs_create_devm_seqfile(dev, "cmd_state", vfio_hisi_acc, hisi_acc_vf_debug_cmd); + + dput(vfio_dev_migration); } static void hisi_acc_vf_debugfs_exit(struct hisi_acc_vf_core_device *hisi_acc_vdev) -- 2.35.1

2 weeks, 1 day

3
2
0 0

[PATCH v2 1/3] drm/xe: Attempt to bring bos back to VRAM after eviction

by Thomas Hellström

VRAM+TT bos that are evicted from VRAM to TT may remain in TT also after a revalidation following eviction or suspend. This manifests itself as applications becoming sluggish after buffer objects get evicted or after a resume from suspend or hibernation. If the bo supports placement in both VRAM and TT, and we are on DGFX, mark the TT placement as fallback. This means that it is tried only after VRAM + eviction. This flaw has probably been present since the xe module was upstreamed but use a Fixes: commit below where backporting is likely to be simple. For earlier versions we need to open- code the fallback algorithm in the driver. v2: - Remove check for dgfx. (Matthew Auld) - Update the xe_dma_buf kunit test for the new strategy (CI) - Allow dma-buf to pin in current placement (CI) - Make xe_bo_validate() for pinned bos a NOP. Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/5995 Fixes: a78a8da51b36 ("drm/ttm: replace busy placement with flags v6") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.9+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Reviewed-by: Matthew Auld <matthew.auld(a)intel.com> #v1 --- drivers/gpu/drm/xe/tests/xe_bo.c | 2 +- drivers/gpu/drm/xe/tests/xe_dma_buf.c | 10 +--------- drivers/gpu/drm/xe/xe_bo.c | 16 ++++++++++++---- drivers/gpu/drm/xe/xe_bo.h | 2 +- drivers/gpu/drm/xe/xe_dma_buf.c | 2 +- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/drivers/gpu/drm/xe/tests/xe_bo.c b/drivers/gpu/drm/xe/tests/xe_bo.c index bb469096d072..7b40cc8be1c9 100644 --- a/drivers/gpu/drm/xe/tests/xe_bo.c +++ b/drivers/gpu/drm/xe/tests/xe_bo.c @@ -236,7 +236,7 @@ static int evict_test_run_tile(struct xe_device *xe, struct xe_tile *tile, struc } xe_bo_lock(external, false); - err = xe_bo_pin_external(external); + err = xe_bo_pin_external(external, false); xe_bo_unlock(external); if (err) { KUNIT_FAIL(test, "external bo pin err=%pe\n", diff --git a/drivers/gpu/drm/xe/tests/xe_dma_buf.c b/drivers/gpu/drm/xe/tests/xe_dma_buf.c index 3c5ad8cc65a0..5baeab6b6fb7 100644 --- a/drivers/gpu/drm/xe/tests/xe_dma_buf.c +++ b/drivers/gpu/drm/xe/tests/xe_dma_buf.c @@ -85,15 +85,7 @@ static void check_residency(struct kunit *test, struct xe_bo *exported, return; } - /* - * If on different devices, the exporter is kept in system if - * possible, saving a migration step as the transfer is just - * likely as fast from system memory. - */ - if (params->mem_mask & XE_BO_FLAG_SYSTEM) - KUNIT_EXPECT_TRUE(test, xe_bo_is_mem_type(exported, XE_PL_TT)); - else - KUNIT_EXPECT_TRUE(test, xe_bo_is_mem_type(exported, mem_type)); + KUNIT_EXPECT_TRUE(test, xe_bo_is_mem_type(exported, mem_type)); if (params->force_different_devices) KUNIT_EXPECT_TRUE(test, xe_bo_is_mem_type(imported, XE_PL_TT)); diff --git a/drivers/gpu/drm/xe/xe_bo.c b/drivers/gpu/drm/xe/xe_bo.c index 4faf15d5fa6d..870f43347281 100644 --- a/drivers/gpu/drm/xe/xe_bo.c +++ b/drivers/gpu/drm/xe/xe_bo.c @@ -188,6 +188,8 @@ static void try_add_system(struct xe_device *xe, struct xe_bo *bo, bo->placements[*c] = (struct ttm_place) { .mem_type = XE_PL_TT, + .flags = (bo_flags & XE_BO_FLAG_VRAM_MASK) ? + TTM_PL_FLAG_FALLBACK : 0, }; *c += 1; } @@ -2322,6 +2324,7 @@ uint64_t vram_region_gpu_offset(struct ttm_resource *res) /** * xe_bo_pin_external - pin an external BO * @bo: buffer object to be pinned + * @in_place: Pin in current placement, don't attempt to migrate. * * Pin an external (not tied to a VM, can be exported via dma-buf / prime FD) * BO. Unique call compared to xe_bo_pin as this function has it own set of @@ -2329,7 +2332,7 @@ uint64_t vram_region_gpu_offset(struct ttm_resource *res) * * Returns 0 for success, negative error code otherwise. */ -int xe_bo_pin_external(struct xe_bo *bo) +int xe_bo_pin_external(struct xe_bo *bo, bool in_place) { struct xe_device *xe = xe_bo_device(bo); int err; @@ -2338,9 +2341,11 @@ int xe_bo_pin_external(struct xe_bo *bo) xe_assert(xe, xe_bo_is_user(bo)); if (!xe_bo_is_pinned(bo)) { - err = xe_bo_validate(bo, NULL, false); - if (err) - return err; + if (!in_place) { + err = xe_bo_validate(bo, NULL, false); + if (err) + return err; + } spin_lock(&xe->pinned.lock); list_add_tail(&bo->pinned_link, &xe->pinned.late.external); @@ -2493,6 +2498,9 @@ int xe_bo_validate(struct xe_bo *bo, struct xe_vm *vm, bool allow_res_evict) }; int ret; + if (xe_bo_is_pinned(bo)) + return 0; + if (vm) { lockdep_assert_held(&vm->lock); xe_vm_assert_held(vm); diff --git a/drivers/gpu/drm/xe/xe_bo.h b/drivers/gpu/drm/xe/xe_bo.h index 8cce413b5235..cfb1ec266a6d 100644 --- a/drivers/gpu/drm/xe/xe_bo.h +++ b/drivers/gpu/drm/xe/xe_bo.h @@ -200,7 +200,7 @@ static inline void xe_bo_unlock_vm_held(struct xe_bo *bo) } } -int xe_bo_pin_external(struct xe_bo *bo); +int xe_bo_pin_external(struct xe_bo *bo, bool in_place); int xe_bo_pin(struct xe_bo *bo); void xe_bo_unpin_external(struct xe_bo *bo); void xe_bo_unpin(struct xe_bo *bo); diff --git a/drivers/gpu/drm/xe/xe_dma_buf.c b/drivers/gpu/drm/xe/xe_dma_buf.c index 346f857f3837..af64baf872ef 100644 --- a/drivers/gpu/drm/xe/xe_dma_buf.c +++ b/drivers/gpu/drm/xe/xe_dma_buf.c @@ -72,7 +72,7 @@ static int xe_dma_buf_pin(struct dma_buf_attachment *attach) return ret; } - ret = xe_bo_pin_external(bo); + ret = xe_bo_pin_external(bo, true); xe_assert(xe, !ret); return 0; -- 2.50.1

2 weeks, 1 day

2
1
0 0

Re: [PATCH net] netrom: validate header lengths in nr_rx_frame() using pskb_may_pull()

by Eric Dumazet

On Wed, Aug 27, 2025 at 7:38 AM Stanislav Fort <disclosure(a)aisle.com> wrote: > > NET/ROM nr_rx_frame() dereferences the 5-byte transport header > unconditionally. nr_route_frame() currently accepts frames as short as > NR_NETWORK_LEN (15 bytes), which can lead to small out-of-bounds reads > on short frames. > > Fix by using pskb_may_pull() in nr_rx_frame() to ensure the full > NET/ROM network + transport header is present before accessing it, and > guard the extra fields used by NR_CONNREQ (window, user address, and the > optional BPQ timeout extension) with additional pskb_may_pull() checks. > > This aligns with recent fixes using pskb_may_pull() to validate header > availability. > > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > Reported-by: Stanislav Fort <disclosure(a)aisle.com> > Cc: stable(a)vger.kernel.org > Signed-off-by: Stanislav Fort <disclosure(a)aisle.com> > --- > net/netrom/af_netrom.c | 12 +++++++++++- > net/netrom/nr_route.c | 2 +- > 2 files changed, 12 insertions(+), 2 deletions(-) > > diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c > index 3331669d8e33..1fbaa161288a 100644 > --- a/net/netrom/af_netrom.c > +++ b/net/netrom/af_netrom.c > @@ -885,6 +885,10 @@ int nr_rx_frame(struct sk_buff *skb, struct net_device *dev) > * skb->data points to the netrom frame start > */ > > + /* Ensure NET/ROM network + transport header are present */ > + if (!pskb_may_pull(skb, NR_NETWORK_LEN + NR_TRANSPORT_LEN)) > + return 0; > + > src = (ax25_address *)(skb->data + 0); > dest = (ax25_address *)(skb->data + 7); > > @@ -961,6 +965,12 @@ int nr_rx_frame(struct sk_buff *skb, struct net_device *dev) > return 0; > } > > + /* Ensure NR_CONNREQ fields (window + user address) are present */ > + if (!pskb_may_pull(skb, 21 + AX25_ADDR_LEN)) { If skb->head is reallocated by this pskb_may_pull(), dest variable might point to a freed piece of memory (old skb->head) As far as netrom is concerned, I would force a full linearization of the packet very early It is also unclear if the bug even exists in the first place. Can you show the stack trace leading to this function being called from an arbitrary provider (like a packet being fed by malicious user space) For instance nr_rx_frame() can be called from net/netrom/nr_loopback.c with non malicious packet. For the remaining caller (nr_route_frame()), it is unclear to me.

2 weeks, 1 day

2
1
0 0

[PATCH] cpufreq: nforce2: fix PCI device reference leaks in nforce2_fsb_read

by Miaoqian Lin

Add missing pci_dev_put() calls to release device references obtained via pci_get_subsys(). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/cpufreq/cpufreq-nforce2.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/cpufreq/cpufreq-nforce2.c b/drivers/cpufreq/cpufreq-nforce2.c index fedad1081973..0a49cb9d7ba1 100644 --- a/drivers/cpufreq/cpufreq-nforce2.c +++ b/drivers/cpufreq/cpufreq-nforce2.c @@ -148,13 +148,16 @@ static unsigned int nforce2_fsb_read(int bootfsb) /* Check if PLL register is already set */ pci_read_config_byte(nforce2_dev, NFORCE2_PLLENABLE, (u8 *)&temp); - if (bootfsb || !temp) + if (bootfsb || !temp) { + pci_dev_put(nforce2_sub5); return fsb; + } /* Use PLL register FSB value */ pci_read_config_dword(nforce2_dev, NFORCE2_PLLREG, &temp); fsb = nforce2_calc_fsb(temp); + pci_dev_put(nforce2_sub5); return fsb; } -- 2.35.1

2 weeks, 1 day

2
1
0 0

[PATCH 0/3] drm/exynos: vidi: fix various memory corruption bugs

by Jeongjun Park

This is a series of patches that address several memory bugs that occur in the Exynos Virtual Display driver. Jeongjun Park (3): drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl() drm/exynos: vidi: fix to avoid directly dereferencing user pointer drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free drivers/gpu/drm/exynos/exynos_drm_drv.h | 1 + drivers/gpu/drm/exynos/exynos_drm_vidi.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 64 insertions(+), 11 deletions(-)

2 weeks, 1 day

1
3
0 0

[PATCH] drivers: bus: fix device node reference leak in __cci_ace_get_port

by Miaoqian Lin

Add missing of_node_put() call to release the device node reference obtained via of_parse_phandle(). Fixes: ed69bdd8fd9b ("drivers: bus: add ARM CCI support") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/bus/arm-cci.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/drivers/bus/arm-cci.c b/drivers/bus/arm-cci.c index b8184a903583..af180f884f1d 100644 --- a/drivers/bus/arm-cci.c +++ b/drivers/bus/arm-cci.c @@ -163,14 +163,18 @@ static int __cci_ace_get_port(struct device_node *dn, int type) int i; bool ace_match; struct device_node *cci_portn; + int ret = -ENODEV; cci_portn = of_parse_phandle(dn, "cci-control-port", 0); for (i = 0; i < nb_cci_ports; i++) { ace_match = ports[i].type == type; - if (ace_match && cci_portn == ports[i].dn) - return i; + if (ace_match && cci_portn == ports[i].dn) { + ret = i; + break; + } } - return -ENODEV; + of_node_put(cci_portn); + return ret; } int cci_ace_get_port(struct device_node *dn) -- 2.35.1

2 weeks, 1 day

3
2
0 0

[PATCH] pasemi: fix PCI device reference leaks in pas_setup_mce_regs

by Miaoqian Lin

Fix reference leaks where PCI device references obtained via pci_get_device() were not being released: 1. The while loop that iterates through 0xa00a devices was not releasing the final device reference when the loop terminates. 2. Single device lookups for 0xa001 and 0xa009 devices were not releasing their references after use. Add missing pci_dev_put() calls to ensure all device references are properly released. Fixes: cd7834167ffb ("[POWERPC] pasemi: Print more information at machine check") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- arch/powerpc/platforms/pasemi/setup.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/powerpc/platforms/pasemi/setup.c b/arch/powerpc/platforms/pasemi/setup.c index d03b41336901..dafbee3afd86 100644 --- a/arch/powerpc/platforms/pasemi/setup.c +++ b/arch/powerpc/platforms/pasemi/setup.c @@ -169,6 +169,8 @@ static int __init pas_setup_mce_regs(void) dev = pci_get_device(PCI_VENDOR_ID_PASEMI, 0xa00a, dev); reg++; } + /* Release the last device reference from the while loop */ + pci_dev_put(dev); dev = pci_get_device(PCI_VENDOR_ID_PASEMI, 0xa001, NULL); if (dev && reg+4 < MAX_MCE_REGS) { @@ -185,6 +187,7 @@ static int __init pas_setup_mce_regs(void) mce_regs[reg].addr = pasemi_pci_getcfgaddr(dev, 0xc1c); reg++; } + pci_dev_put(dev); dev = pci_get_device(PCI_VENDOR_ID_PASEMI, 0xa009, NULL); if (dev && reg+2 < MAX_MCE_REGS) { @@ -195,6 +198,7 @@ static int __init pas_setup_mce_regs(void) mce_regs[reg].addr = pasemi_pci_getcfgaddr(dev, 0x214); reg++; } + pci_dev_put(dev); num_mce_regs = reg; -- 2.35.1

2 weeks, 1 day

4
4
0 0

[PATCH 3/3] xhci: fix memory leak regression when freeing xhci vdev devices depth first

by Mathias Nyman

Suspend-resume cycle test revealed a memory leak in 6.17-rc3 Turns out the slot_id race fix changes accidentally ends up calling xhci_free_virt_device() with an incorrect vdev parameter. The vdev variable was reused for temporary purposes right before calling xhci_free_virt_device(). Fix this by passing the correct vdev parameter. The slot_id race fix that caused this regression was targeted for stable, so this needs to be applied there as well. Fixes: 2eb03376151b ("usb: xhci: Fix slot_id resource race conflict") Reported-by: David Wang <00107082(a)163.com> Closes: https://lore.kernel.org/linux-usb/20250829181354.4450-1-00107082@163.com Suggested-by: Michal Pecio <michal.pecio(a)gmail.com> Suggested-by: David Wang <00107082(a)163.com> Cc: stable(a)vger.kernel.org Tested-by: David Wang <00107082(a)163.com> Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-mem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c index 81eaad87a3d9..c4a6544aa107 100644 --- a/drivers/usb/host/xhci-mem.c +++ b/drivers/usb/host/xhci-mem.c @@ -962,7 +962,7 @@ static void xhci_free_virt_devices_depth_first(struct xhci_hcd *xhci, int slot_i out: /* we are now at a leaf device */ xhci_debugfs_remove_slot(xhci, slot_id); - xhci_free_virt_device(xhci, vdev, slot_id); + xhci_free_virt_device(xhci, xhci->devs[slot_id], slot_id); } int xhci_alloc_virt_device(struct xhci_hcd *xhci, int slot_id, -- 2.43.0

2 weeks, 1 day

1
0
0 0

[PATCH 2/3] xhci: dbc: Fix full DbC transfer ring after several reconnects

by Mathias Nyman

Pending requests will be flushed on disconnect, and the corresponding TRBs will be turned into No-op TRBs, which are ignored by the xHC controller once it starts processing the ring. If the USB debug cable repeatedly disconnects before ring is started then the ring will eventually be filled with No-op TRBs. No new transfers can be queued when the ring is full, and driver will print the following error message: "xhci_hcd 0000:00:14.0: failed to queue trbs" This is a normal case for 'in' transfers where TRBs are always enqueued in advance, ready to take on incoming data. If no data arrives, and device is disconnected, then ring dequeue will remain at beginning of the ring while enqueue points to first free TRB after last cancelled No-op TRB. s Solve this by reinitializing the rings when the debug cable disconnects and DbC is leaving the configured state. Clear the whole ring buffer and set enqueue and dequeue to the beginning of ring, and set cycle bit to its initial state. Cc: stable(a)vger.kernel.org Fixes: dfba2174dc42 ("usb: xhci: Add DbC support in xHCI driver") Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-dbgcap.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/drivers/usb/host/xhci-dbgcap.c b/drivers/usb/host/xhci-dbgcap.c index d0faff233e3e..63edf2d8f245 100644 --- a/drivers/usb/host/xhci-dbgcap.c +++ b/drivers/usb/host/xhci-dbgcap.c @@ -462,6 +462,25 @@ static void xhci_dbc_ring_init(struct xhci_ring *ring) xhci_initialize_ring_info(ring); } +static int xhci_dbc_reinit_ep_rings(struct xhci_dbc *dbc) +{ + struct xhci_ring *in_ring = dbc->eps[BULK_IN].ring; + struct xhci_ring *out_ring = dbc->eps[BULK_OUT].ring; + + if (!in_ring || !out_ring || !dbc->ctx) { + dev_warn(dbc->dev, "Can't re-init unallocated endpoints\n"); + return -ENODEV; + } + + xhci_dbc_ring_init(in_ring); + xhci_dbc_ring_init(out_ring); + + /* set ep context enqueue, dequeue, and cycle to initial values */ + xhci_dbc_init_ep_contexts(dbc); + + return 0; +} + static struct xhci_ring * xhci_dbc_ring_alloc(struct device *dev, enum xhci_ring_type type, gfp_t flags) { @@ -885,7 +904,7 @@ static enum evtreturn xhci_dbc_do_handle_events(struct xhci_dbc *dbc) dev_info(dbc->dev, "DbC cable unplugged\n"); dbc->state = DS_ENABLED; xhci_dbc_flush_requests(dbc); - + xhci_dbc_reinit_ep_rings(dbc); return EVT_DISC; } @@ -895,7 +914,7 @@ static enum evtreturn xhci_dbc_do_handle_events(struct xhci_dbc *dbc) writel(portsc, &dbc->regs->portsc); dbc->state = DS_ENABLED; xhci_dbc_flush_requests(dbc); - + xhci_dbc_reinit_ep_rings(dbc); return EVT_DISC; } -- 2.43.0

2 weeks, 1 day

1
0
0 0

[PATCH 1/3] xhci: dbc: decouple endpoint allocation from initialization

by Mathias Nyman

Decouple allocation of endpoint ring buffer from initialization of the buffer, and initialization of endpoint context parts from from the rest of the contexts. It allows driver to clear up and reinitialize endpoint rings after disconnect without reallocating everything. This is a prerequisite for the next patch that prevents the transfer ring from filling up with cancelled (no-op) TRBs if a debug cable is reconnected several times without transferring anything. Cc: stable(a)vger.kernel.org Fixes: dfba2174dc42 ("usb: xhci: Add DbC support in xHCI driver") Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-dbgcap.c | 71 ++++++++++++++++++++++------------ 1 file changed, 46 insertions(+), 25 deletions(-) diff --git a/drivers/usb/host/xhci-dbgcap.c b/drivers/usb/host/xhci-dbgcap.c index 06a2edb9e86e..d0faff233e3e 100644 --- a/drivers/usb/host/xhci-dbgcap.c +++ b/drivers/usb/host/xhci-dbgcap.c @@ -101,13 +101,34 @@ static u32 xhci_dbc_populate_strings(struct dbc_str_descs *strings) return string_length; } +static void xhci_dbc_init_ep_contexts(struct xhci_dbc *dbc) +{ + struct xhci_ep_ctx *ep_ctx; + unsigned int max_burst; + dma_addr_t deq; + + max_burst = DBC_CTRL_MAXBURST(readl(&dbc->regs->control)); + + /* Populate bulk out endpoint context: */ + ep_ctx = dbc_bulkout_ctx(dbc); + deq = dbc_bulkout_enq(dbc); + ep_ctx->ep_info = 0; + ep_ctx->ep_info2 = dbc_epctx_info2(BULK_OUT_EP, 1024, max_burst); + ep_ctx->deq = cpu_to_le64(deq | dbc->ring_out->cycle_state); + + /* Populate bulk in endpoint context: */ + ep_ctx = dbc_bulkin_ctx(dbc); + deq = dbc_bulkin_enq(dbc); + ep_ctx->ep_info = 0; + ep_ctx->ep_info2 = dbc_epctx_info2(BULK_IN_EP, 1024, max_burst); + ep_ctx->deq = cpu_to_le64(deq | dbc->ring_in->cycle_state); +} + static void xhci_dbc_init_contexts(struct xhci_dbc *dbc, u32 string_length) { struct dbc_info_context *info; - struct xhci_ep_ctx *ep_ctx; u32 dev_info; - dma_addr_t deq, dma; - unsigned int max_burst; + dma_addr_t dma; if (!dbc) return; @@ -121,20 +142,8 @@ static void xhci_dbc_init_contexts(struct xhci_dbc *dbc, u32 string_length) info->serial = cpu_to_le64(dma + DBC_MAX_STRING_LENGTH * 3); info->length = cpu_to_le32(string_length); - /* Populate bulk out endpoint context: */ - ep_ctx = dbc_bulkout_ctx(dbc); - max_burst = DBC_CTRL_MAXBURST(readl(&dbc->regs->control)); - deq = dbc_bulkout_enq(dbc); - ep_ctx->ep_info = 0; - ep_ctx->ep_info2 = dbc_epctx_info2(BULK_OUT_EP, 1024, max_burst); - ep_ctx->deq = cpu_to_le64(deq | dbc->ring_out->cycle_state); - - /* Populate bulk in endpoint context: */ - ep_ctx = dbc_bulkin_ctx(dbc); - deq = dbc_bulkin_enq(dbc); - ep_ctx->ep_info = 0; - ep_ctx->ep_info2 = dbc_epctx_info2(BULK_IN_EP, 1024, max_burst); - ep_ctx->deq = cpu_to_le64(deq | dbc->ring_in->cycle_state); + /* Populate bulk in and out endpoint contexts: */ + xhci_dbc_init_ep_contexts(dbc); /* Set DbC context and info registers: */ lo_hi_writeq(dbc->ctx->dma, &dbc->regs->dccp); @@ -436,6 +445,23 @@ dbc_alloc_ctx(struct device *dev, gfp_t flags) return ctx; } +static void xhci_dbc_ring_init(struct xhci_ring *ring) +{ + struct xhci_segment *seg = ring->first_seg; + + /* clear all trbs on ring in case of old ring */ + memset(seg->trbs, 0, TRB_SEGMENT_SIZE); + + /* Only event ring does not use link TRB */ + if (ring->type != TYPE_EVENT) { + union xhci_trb *trb = &seg->trbs[TRBS_PER_SEGMENT - 1]; + + trb->link.segment_ptr = cpu_to_le64(ring->first_seg->dma); + trb->link.control = cpu_to_le32(LINK_TOGGLE | TRB_TYPE(TRB_LINK)); + } + xhci_initialize_ring_info(ring); +} + static struct xhci_ring * xhci_dbc_ring_alloc(struct device *dev, enum xhci_ring_type type, gfp_t flags) { @@ -464,15 +490,10 @@ xhci_dbc_ring_alloc(struct device *dev, enum xhci_ring_type type, gfp_t flags) seg->dma = dma; - /* Only event ring does not use link TRB */ - if (type != TYPE_EVENT) { - union xhci_trb *trb = &seg->trbs[TRBS_PER_SEGMENT - 1]; - - trb->link.segment_ptr = cpu_to_le64(dma); - trb->link.control = cpu_to_le32(LINK_TOGGLE | TRB_TYPE(TRB_LINK)); - } INIT_LIST_HEAD(&ring->td_list); - xhci_initialize_ring_info(ring); + + xhci_dbc_ring_init(ring); + return ring; dma_fail: kfree(seg); -- 2.43.0

2 weeks, 1 day

1
0
0 0

[PATCH 1/2] pinctrl: samsung: Drop unused S3C24xx driver data

by Krzysztof Kozlowski

Drop unused declarations after S3C24xx SoC family removal in the commit 61b7f8920b17 ("ARM: s3c: remove all s3c24xx support"). Fixes: 1ea35b355722 ("ARM: s3c: remove s3c24xx specific hacks") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- drivers/pinctrl/samsung/pinctrl-samsung.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/drivers/pinctrl/samsung/pinctrl-samsung.h b/drivers/pinctrl/samsung/pinctrl-samsung.h index 1cabcbe1401a..a51aee8c5f89 100644 --- a/drivers/pinctrl/samsung/pinctrl-samsung.h +++ b/drivers/pinctrl/samsung/pinctrl-samsung.h @@ -402,10 +402,6 @@ extern const struct samsung_pinctrl_of_match_data exynosautov920_of_data; extern const struct samsung_pinctrl_of_match_data fsd_of_data; extern const struct samsung_pinctrl_of_match_data gs101_of_data; extern const struct samsung_pinctrl_of_match_data s3c64xx_of_data; -extern const struct samsung_pinctrl_of_match_data s3c2412_of_data; -extern const struct samsung_pinctrl_of_match_data s3c2416_of_data; -extern const struct samsung_pinctrl_of_match_data s3c2440_of_data; -extern const struct samsung_pinctrl_of_match_data s3c2450_of_data; extern const struct samsung_pinctrl_of_match_data s5pv210_of_data; #endif /* __PINCTRL_SAMSUNG_H */ -- 2.48.1

2 weeks, 1 day

1
1
0 0

[PATCH v2 2/3] drm/xe: Allow the pm notifier to continue on failure

by Thomas Hellström

Its actions are opportunistic anyway and will be completed on device suspend. Marking as a fix to simplify backporting of the fix that follows in the series. v2: - Keep the runtime pm reference over suspend / hibernate and document why. (Matt Auld, Rodrigo Vivi): Fixes: c6a4d46ec1d7 ("drm/xe: evict user memory in PM notifier") Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.16+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_pm.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_pm.c b/drivers/gpu/drm/xe/xe_pm.c index a2e85030b7f4..bee9aacd82e7 100644 --- a/drivers/gpu/drm/xe/xe_pm.c +++ b/drivers/gpu/drm/xe/xe_pm.c @@ -308,17 +308,17 @@ static int xe_pm_notifier_callback(struct notifier_block *nb, case PM_SUSPEND_PREPARE: xe_pm_runtime_get(xe); err = xe_bo_evict_all_user(xe); - if (err) { + if (err) drm_dbg(&xe->drm, "Notifier evict user failed (%d)\n", err); - xe_pm_runtime_put(xe); - break; - } err = xe_bo_notifier_prepare_all_pinned(xe); - if (err) { + if (err) drm_dbg(&xe->drm, "Notifier prepare pin failed (%d)\n", err); - xe_pm_runtime_put(xe); - } + /* + * Keep the runtime pm reference until post hibernation / post suspend to + * avoid a runtime suspend interfering with evicted objects or backup + * allocations. + */ break; case PM_POST_HIBERNATION: case PM_POST_SUSPEND: @@ -327,9 +327,6 @@ static int xe_pm_notifier_callback(struct notifier_block *nb, break; } - if (err) - return NOTIFY_BAD; - return NOTIFY_DONE; } -- 2.50.1

2 weeks, 1 day

2
1
0 0

[PATCH net v4] selftests: net: add test for destination in broadcast packets

by Oscar Maes

Add test to check the broadcast ethernet destination field is set correctly. This test sends a broadcast ping, captures it using tcpdump and ensures that all bits of the 6 octet ethernet destination address are correctly set by examining the output capture file. Signed-off-by: Oscar Maes <oscmaes92(a)gmail.com> Co-authored-by: Brett A C Sheffield <bacs(a)librecast.net> --- v3 -> v4: - Added Brett as co-author - Wait for tcpdump to bind using slowwait Links: - Discussion: https://lore.kernel.org/netdev/20250822165231.4353-4-bacs@librecast.net/ - Previous version: https://lore.kernel.org/netdev/20250827062322.4807-2-oscmaes92@gmail.com/ Thanks to Brett Sheffield for writing the initial version of this selftest! tools/testing/selftests/net/Makefile | 1 + .../selftests/net/broadcast_ether_dst.sh | 83 +++++++++++++++++++ 2 files changed, 84 insertions(+) create mode 100755 tools/testing/selftests/net/broadcast_ether_dst.sh diff --git a/tools/testing/selftests/net/Makefile b/tools/testing/selftests/net/Makefile index b31a71f2b372..56ad10ea6628 100644 --- a/tools/testing/selftests/net/Makefile +++ b/tools/testing/selftests/net/Makefile @@ -115,6 +115,7 @@ TEST_PROGS += skf_net_off.sh TEST_GEN_FILES += skf_net_off TEST_GEN_FILES += tfo TEST_PROGS += tfo_passive.sh +TEST_PROGS += broadcast_ether_dst.sh TEST_PROGS += broadcast_pmtu.sh TEST_PROGS += ipv6_force_forwarding.sh diff --git a/tools/testing/selftests/net/broadcast_ether_dst.sh b/tools/testing/selftests/net/broadcast_ether_dst.sh new file mode 100755 index 000000000000..334a7eca8a80 --- /dev/null +++ b/tools/testing/selftests/net/broadcast_ether_dst.sh @@ -0,0 +1,83 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0 +# +# Author: Brett A C Sheffield <bacs(a)librecast.net> +# Author: Oscar Maes <oscmaes92(a)gmail.com> +# +# Ensure destination ethernet field is correctly set for +# broadcast packets + +source lib.sh + +CLIENT_IP4="192.168.0.1" +GW_IP4="192.168.0.2" + +setup() { + setup_ns CLIENT_NS SERVER_NS + + ip -net "${SERVER_NS}" link add link1 type veth \ + peer name link0 netns "${CLIENT_NS}" + + ip -net "${CLIENT_NS}" link set link0 up + ip -net "${CLIENT_NS}" addr add "${CLIENT_IP4}"/24 dev link0 + + ip -net "${SERVER_NS}" link set link1 up + + ip -net "${CLIENT_NS}" route add default via "${GW_IP4}" + ip netns exec "${CLIENT_NS}" arp -s "${GW_IP4}" 00:11:22:33:44:55 +} + +cleanup() { + rm -f "${CAPFILE}" "${OUTPUT}" + ip -net "${SERVER_NS}" link del link1 + cleanup_ns "${CLIENT_NS}" "${SERVER_NS}" +} + +test_broadcast_ether_dst() { + local rc=0 + CAPFILE=$(mktemp -u cap.XXXXXXXXXX) + OUTPUT=$(mktemp -u out.XXXXXXXXXX) + + echo "Testing ethernet broadcast destination" + + # start tcpdump listening for icmp + # tcpdump will exit after receiving a single packet + # timeout will kill tcpdump if it is still running after 2s + timeout 2s ip netns exec "${CLIENT_NS}" \ + tcpdump -i link0 -c 1 -w "${CAPFILE}" icmp &> "${OUTPUT}" & + pid=$! + slowwait 1 grep -qs "listening" "${OUTPUT}" + + # send broadcast ping + ip netns exec "${CLIENT_NS}" \ + ping -W0.01 -c1 -b 255.255.255.255 &> /dev/null + + # wait for tcpdump for exit after receiving packet + wait "${pid}" + + # compare ethernet destination field to ff:ff:ff:ff:ff:ff + ether_dst=$(tcpdump -r "${CAPFILE}" -tnne 2>/dev/null | \ + awk '{sub(/,/,"",$3); print $3}') + if [[ "${ether_dst}" == "ff:ff:ff:ff:ff:ff" ]]; then + echo "[ OK ]" + rc="${ksft_pass}" + else + echo "[FAIL] expected dst ether addr to be ff:ff:ff:ff:ff:ff," \ + "got ${ether_dst}" + rc="${ksft_fail}" + fi + + return "${rc}" +} + +if [ ! -x "$(command -v tcpdump)" ]; then + echo "SKIP: Could not run test without tcpdump tool" + exit "${ksft_skip}" +fi + +trap cleanup EXIT + +setup +test_broadcast_ether_dst + +exit $? -- 2.39.5

2 weeks, 1 day

6
10
0 0

IAA Mobility 2025 Verified List!

by Garnet Conwell

Hi, I’d like to share a verified database of 502,364 attendees and 750 exhibitors from IAA Mobility 2025. The file includes key information such as: Name, Job Title, Company, Location, Phone, and Email. Delivery is within 48 hours and the data is GDPR compliant. Labour Day Special: 20% discount available for a short time. If you’d like the pricing, just reply with “Send me the cost” and I’ll provide the details. Best regards, Garnet Conwell Sr. Marketing Manager P.S. To opt out of future updates, reply with “Unfollow”.

2 weeks, 1 day

1
0
0 0

[PATCH 2/2] mmc: sdhci-pci-gli: GL9767: Fix initializing the UHS-II interface during a power-on

by Ben Chuang

From: Ben Chuang <ben.chuang(a)genesyslogic.com.tw> According to the power structure of IC hardware design for UHS-II interface, reset control and timing must be added to the initialization process of powering on the UHS-II interface. Fixes: 27dd3b82557a ("mmc: sdhci-pci-gli: enable UHS-II mode for GL9767") Cc: stable(a)vger.kernel.org # v6.13+ Signed-off-by: Ben Chuang <ben.chuang(a)genesyslogic.com.tw> --- drivers/mmc/host/sdhci-pci-gli.c | 71 +++++++++++++++++++++++++++++++- 1 file changed, 70 insertions(+), 1 deletion(-) diff --git a/drivers/mmc/host/sdhci-pci-gli.c b/drivers/mmc/host/sdhci-pci-gli.c index 3a1de477e9af..85d0d7e6169c 100644 --- a/drivers/mmc/host/sdhci-pci-gli.c +++ b/drivers/mmc/host/sdhci-pci-gli.c @@ -283,6 +283,8 @@ #define PCIE_GLI_9767_UHS2_CTL2_ZC_VALUE 0xb #define PCIE_GLI_9767_UHS2_CTL2_ZC_CTL BIT(6) #define PCIE_GLI_9767_UHS2_CTL2_ZC_CTL_VALUE 0x1 +#define PCIE_GLI_9767_UHS2_CTL2_FORCE_PHY_RESETN BIT(13) +#define PCIE_GLI_9767_UHS2_CTL2_FORCE_RESETN_VALUE BIT(14) #define GLI_MAX_TUNING_LOOP 40 @@ -1179,6 +1181,69 @@ static void gl9767_set_low_power_negotiation(struct pci_dev *pdev, bool enable) gl9767_vhs_read(pdev); } +static void sdhci_gl9767_uhs2_phy_reset_assert(struct sdhci_host *host) +{ + struct sdhci_pci_slot *slot = sdhci_priv(host); + struct pci_dev *pdev = slot->chip->pdev; + u32 value; + + gl9767_vhs_write(pdev); + pci_read_config_dword(pdev, PCIE_GLI_9767_UHS2_CTL2, &value); + value |= PCIE_GLI_9767_UHS2_CTL2_FORCE_PHY_RESETN; + pci_write_config_dword(pdev, PCIE_GLI_9767_UHS2_CTL2, value); + value &= ~PCIE_GLI_9767_UHS2_CTL2_FORCE_RESETN_VALUE; + pci_write_config_dword(pdev, PCIE_GLI_9767_UHS2_CTL2, value); + gl9767_vhs_read(pdev); +} + +static void sdhci_gl9767_uhs2_phy_reset_deassert(struct sdhci_host *host) +{ + struct sdhci_pci_slot *slot = sdhci_priv(host); + struct pci_dev *pdev = slot->chip->pdev; + u32 value; + + gl9767_vhs_write(pdev); + pci_read_config_dword(pdev, PCIE_GLI_9767_UHS2_CTL2, &value); + value |= PCIE_GLI_9767_UHS2_CTL2_FORCE_RESETN_VALUE; + pci_write_config_dword(pdev, PCIE_GLI_9767_UHS2_CTL2, value); + value &= ~PCIE_GLI_9767_UHS2_CTL2_FORCE_PHY_RESETN; + pci_write_config_dword(pdev, PCIE_GLI_9767_UHS2_CTL2, value); + gl9767_vhs_read(pdev); +} + +static void __gl9767_uhs2_set_power(struct sdhci_host *host, unsigned char mode, unsigned short vdd) +{ + u8 pwr = 0; + + if (mode != MMC_POWER_OFF) { + pwr = sdhci_get_vdd_value(vdd); + if (!pwr) + WARN(1, "%s: Invalid vdd %#x\n", + mmc_hostname(host->mmc), vdd); + pwr |= SDHCI_VDD2_POWER_180; + } + + if (host->pwr == pwr) + return; + + host->pwr = pwr; + + if (pwr == 0) { + sdhci_writeb(host, 0, SDHCI_POWER_CONTROL); + } else { + sdhci_writeb(host, 0, SDHCI_POWER_CONTROL); + + pwr |= SDHCI_POWER_ON; + sdhci_writeb(host, pwr & 0xf, SDHCI_POWER_CONTROL); + mdelay(5); + + sdhci_gl9767_uhs2_phy_reset_assert(host); + pwr |= SDHCI_VDD2_POWER_ON; + sdhci_writeb(host, pwr, SDHCI_POWER_CONTROL); + mdelay(5); + } +} + static void sdhci_gl9767_set_clock(struct sdhci_host *host, unsigned int clock) { struct sdhci_pci_slot *slot = sdhci_priv(host); @@ -1205,6 +1270,10 @@ static void sdhci_gl9767_set_clock(struct sdhci_host *host, unsigned int clock) } sdhci_enable_clk(host, clk); + + if (mmc_card_uhs2(host->mmc)) + sdhci_gl9767_uhs2_phy_reset_deassert(host); + gl9767_set_low_power_negotiation(pdev, true); } @@ -1476,7 +1545,7 @@ static void sdhci_gl9767_set_power(struct sdhci_host *host, unsigned char mode, gl9767_vhs_read(pdev); sdhci_gli_overcurrent_event_enable(host, false); - sdhci_uhs2_set_power(host, mode, vdd); + __gl9767_uhs2_set_power(host, mode, vdd); sdhci_gli_overcurrent_event_enable(host, true); } else { gl9767_vhs_write(pdev); -- 2.51.0

2 weeks, 1 day

2
5
0 0

[PATCH] bus: vexpress-config: fix device node reference leak in vexpress_syscfg_probe

by Miaoqian Lin

Add missing of_node_put() call to release the device node reference obtained via of_parse_phandle(). Since we don't actually use the node, decrement the reference count immediately after obtaining it. Fixes: a5a38765ac79 ("bus: vexpress-config: simplify config bus probing") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/bus/vexpress-config.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/bus/vexpress-config.c b/drivers/bus/vexpress-config.c index 64ee920721ee..aa17f819dfc9 100644 --- a/drivers/bus/vexpress-config.c +++ b/drivers/bus/vexpress-config.c @@ -393,6 +393,7 @@ static int vexpress_syscfg_probe(struct platform_device *pdev) struct device_node *bridge_np; bridge_np = of_parse_phandle(node, "arm,vexpress,config-bridge", 0); + of_node_put(bridge_np); if (bridge_np != pdev->dev.parent->of_node) continue; -- 2.35.1

2 weeks, 1 day

2
1
0 0

[PATCH v3] mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag

by Hans de Goede

Testing has shown that reading multiple registers at once (for 10-bit ADC values) does not work. Set the use_single_read regmap_config flag to make regmap split these for us. This should fix temperature opregion accesses done by drivers/acpi/pmic/intel_pmic_chtdc_ti.c and is also necessary for the upcoming drivers for the ADC and battery MFD cells. Fixes: 6bac0606fdba ("mfd: Add support for Cherry Trail Dollar Cove TI PMIC") Cc: stable(a)vger.kernel.org Reviewed-by: Andy Shevchenko <andy(a)kernel.org> Signed-off-by: Hans de Goede <hansg(a)kernel.org> --- Changes in v3: - Fix a few typos in the commit message Changes in v2: - Update comment to: "The hardware does not support reading multiple registers at once" --- drivers/mfd/intel_soc_pmic_chtdc_ti.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/mfd/intel_soc_pmic_chtdc_ti.c b/drivers/mfd/intel_soc_pmic_chtdc_ti.c index 4c1a68c9f575..6daf33e07ea0 100644 --- a/drivers/mfd/intel_soc_pmic_chtdc_ti.c +++ b/drivers/mfd/intel_soc_pmic_chtdc_ti.c @@ -82,6 +82,8 @@ static const struct regmap_config chtdc_ti_regmap_config = { .reg_bits = 8, .val_bits = 8, .max_register = 0xff, + /* The hardware does not support reading multiple registers at once */ + .use_single_read = true, }; static const struct regmap_irq chtdc_ti_irqs[] = { -- 2.49.0

2 weeks, 1 day

2
1
0 0

[PATCH] thunderbolt: debugfs: Fix dentry reference leaks in margining_port_init

by Miaoqian Lin

The debugfs_lookup() function returns a dentry with an increased reference count that must be released by calling dput(). Fixes: d0f1e0c2a699 ("thunderbolt: Add support for receiver lane margining") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/thunderbolt/debugfs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/thunderbolt/debugfs.c b/drivers/thunderbolt/debugfs.c index f8328ca7e22e..2aadbec9a3e5 100644 --- a/drivers/thunderbolt/debugfs.c +++ b/drivers/thunderbolt/debugfs.c @@ -1770,6 +1770,7 @@ static void margining_port_init(struct tb_port *port) port->usb4->margining = margining_alloc(port, &port->usb4->dev, USB4_SB_TARGET_ROUTER, 0, parent); + dput(parent); } static void margining_port_remove(struct tb_port *port) -- 2.35.1

2 weeks, 1 day

2
1
0 0

[PATCH net v2] net: xilinx: axienet: Add error handling for RX metadata pointer retrieval

by Abin Joseph

Add proper error checking for dmaengine_desc_get_metadata_ptr() which can return an error pointer and lead to potential crashes or undefined behaviour if the pointer retrieval fails. Properly handle the error by unmapping DMA buffer, freeing the skb and returning early to prevent further processing with invalid data. Fixes: 6a91b846af85 ("net: axienet: Introduce dmaengine support") Signed-off-by: Abin Joseph <abin.joseph(a)amd.com> --- Changes in v2: Update the alias to net --- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c index 0d8a05fe541a..83469f7f08d1 100644 --- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c +++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c @@ -1166,8 +1166,18 @@ static void axienet_dma_rx_cb(void *data, const struct dmaengine_result *result) skb = skbuf_dma->skb; app_metadata = dmaengine_desc_get_metadata_ptr(skbuf_dma->desc, &meta_len, &meta_max_len); + dma_unmap_single(lp->dev, skbuf_dma->dma_address, lp->max_frm_size, DMA_FROM_DEVICE); + + if (IS_ERR(app_metadata)) { + if (net_ratelimit()) + netdev_err(lp->ndev, "Failed to get RX metadata pointer\n"); + dev_kfree_skb_any(skb); + lp->ndev->stats.rx_dropped++; + goto rx_submit; + } + /* TODO: Derive app word index programmatically */ rx_len = (app_metadata[LEN_APP] & 0xFFFF); skb_put(skb, rx_len); @@ -1180,6 +1190,7 @@ static void axienet_dma_rx_cb(void *data, const struct dmaengine_result *result) u64_stats_add(&lp->rx_bytes, rx_len); u64_stats_update_end(&lp->rx_stat_sync); +rx_submit: for (i = 0; i < CIRC_SPACE(lp->rx_ring_head, lp->rx_ring_tail, RX_BUF_NUM_DEFAULT); i++) axienet_rx_submit_desc(lp->ndev); -- 2.34.1

2 weeks, 1 day

3
2
0 0

[PATCH 6.6 000/139] 6.6.96-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.96 release. There are 139 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 05 Jul 2025 14:39:10 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.96-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.96-rc1 Sibi Sankar <quic_sibis(a)quicinc.com> firmware: arm_scmi: Ensure that the message-id supports fastchannel Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Add a common helper to check if a message is supported Jens Axboe <axboe(a)kernel.dk> nvme: always punt polled uring_cmd end_io work to task_work Khairul Anuar Romli <khairul.anuar.romli(a)altera.com> spi: spi-cadence-quadspi: Fix pm runtime unbalance Brett A C Sheffield (Librecast) <bacs(a)librecast.net> Revert "ipv6: save dontfrag in cork" Nathan Chancellor <nathan(a)kernel.org> x86/tools: Drop duplicate unlikely() definition in insn_decoder_test.c Sergio González Collado <sergio.collado(a)gmail.com> Kunit to check the longest symbol length Heiko Carstens <hca(a)linux.ibm.com> s390/entry: Fix last breaking event handling in case of stack corruption Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Rollback non processed entities on error Jose Ignacio Tornos Martinez <jtornosm(a)redhat.com> kbuild: rpm-pkg: simplify installkernel %post Masahiro Yamada <masahiroy(a)kernel.org> scripts: clean up IA-64 code Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: remove unsafe_memcpy use in session setup Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: Use unsafe_memcpy() for ntlm_negotiate Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: switch job hw_fence to amdgpu_fence Frank Min <Frank.Min(a)amd.com> drm/amdgpu: Add kicker device detection Ville Syrjälä <ville.syrjala(a)linux.intel.com> drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1 John Olender <john.olender(a)gmail.com> drm/amdgpu: amdgpu_vram_mgr_new(): Clamp lpfn to total vram Wentao Liang <vulab(a)iscas.ac.cn> drm/amd/display: Add null pointer check for get_first_active_display() Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Wait for Clk and Data Lanes to be ready Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Check return value when getting default PHY config Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix connecting to next bridge Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix phy de-init and flag it so Aradhya Bhatia <a-bhatia1(a)ti.com> drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() Jay Cornwall <jay.cornwall(a)amd.com> drm/amdkfd: Fix race in GWS queue scheduling Stephan Gerhold <stephan.gerhold(a)linaro.org> drm/msm/gpu: Fix crash when throttling GPU immediately during boot Thomas Zimmermann <tzimmermann(a)suse.de> drm/udl: Unregister device before cleaning up on disconnect Qiu-ji Chen <chenqiuji666(a)gmail.com> drm/tegra: Fix a possible null pointer dereference Thierry Reding <treding(a)nvidia.com> drm/tegra: Assign plane type before registration Maíra Canal <mcanal(a)igalia.com> drm/etnaviv: Protect the scheduler's pending list with its lock Thomas Zimmermann <tzimmermann(a)suse.de> drm/cirrus-qemu: Fix pitch programming Thomas Zimmermann <tzimmermann(a)suse.de> drm/ast: Fix comment on modeset lock Chen Yu <yu.c.chen(a)intel.com> scsi: megaraid_sas: Fix invalid node index Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix kobject reference count leak Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on sysfs attribute creation failure Qasim Ijaz <qasdev00(a)gmail.com> HID: wacom: fix memory leak on kobject creation failure Iusico Maxim <iusico.maxim(a)libero.it> HID: lenovo: Restrict F7/9/11 mode to compact keyboards only Jiawen Wu <jiawenwu(a)trustnetic.com> net: libwx: fix the creation of page_pool Mark Harmstone <maharmstone(a)fb.com> btrfs: update superblock's device bytes_used when dropping chunk Filipe Manana <fdmanana(a)suse.com> btrfs: fix a race between renames and directory logging Heinz Mauelshagen <heinzm(a)redhat.com> dm-raid: fix variable in journal device check Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: L2CAP: Fix L2CAP MTU negotiation Fabio Estevam <festevam(a)gmail.com> serial: imx: Restore original RXTL for console to fix data loss Yao Zi <ziyao(a)disroot.org> dt-bindings: serial: 8250: Make clocks and clock-frequency exclusive Nathan Chancellor <nathan(a)kernel.org> staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() Avadhut Naik <avadhut.naik(a)amd.com> EDAC/amd64: Fix size calculation for Non-Power-of-Two DIMMs Paulo Alcantara <pc(a)manguebit.org> smb: client: fix potential deadlock when reconnecting channels Jayesh Choudhary <j-choudhary(a)ti.com> drm/bridge: ti-sn65dsi86: Add HPD for DisplayPort connector type Wolfram Sang <wsa+renesas(a)sang-engineering.com> drm/bridge: ti-sn65dsi86: make use of debugfs_init callback Arnd Bergmann <arnd(a)arndb.de> drm/i915: fix build error some more Jakub Kicinski <kuba(a)kernel.org> net: selftests: fix TCP packet checksum Salvatore Bonaccorso <carnil(a)debian.org> ALSA: hda/realtek: Fix built-in mic on ASUS VivoBook X507UAR Kuniyuki Iwashima <kuniyu(a)google.com> atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). Simon Horman <horms(a)kernel.org> net: enetc: Correct endianness handling in _enetc_rd_reg64 Adin Scannell <amscanne(a)meta.com> libbpf: Fix possible use-after-free for externs Tiwei Bie <tiwei.btw(a)antgroup.com> um: ubd: Add missing error check in start_io_thread() Stefano Garzarella <sgarzare(a)redhat.com> vsock/uapi: fix linux/vm_sockets.h userspace compilation errors Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't set -ECONNRESET for consumed OOB skb. Lachlan Hodges <lachlan.hodges(a)morsemicro.com> wifi: mac80211: fix beacon interval calculation overflow Yuan Chen <chenyuan(a)kylinos.cn> libbpf: Fix null pointer dereference in btf_dump__free on allocation failure Al Viro <viro(a)zeniv.linux.org.uk> attach_recursive_mnt(): do not lock the covering tree when sliding something under it Youngjun Lee <yjjuny.lee(a)samsung.com> ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() Eric Dumazet <edumazet(a)google.com> atm: clip: prevent NULL deref in clip_push() Imre Deak <imre.deak(a)intel.com> drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Yu Kuai <yukuai3(a)huawei.com> lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() Fedor Pchelkin <pchelkin(a)ispras.ru> s390/pkey: Prevent overflow in size calculation for memdup_user() Oliver Schramm <oliver.schramm97(a)gmail.com> ASoC: amd: yc: Add DMI quirk for Lenovo IdeaPad Slim 5 15 SeongJae Park <sj(a)kernel.org> mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: robotfuzz-osif: disable zero-length read messages Wolfram Sang <wsa+renesas(a)sang-engineering.com> i2c: tiny-usb: disable zero-length read messages Kuniyuki Iwashima <kuniyu(a)google.com> af_unix: Don't leave consecutive consumed OOB skbs. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't call skb_get() for OOB skb. Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Define locking order for U_RECVQ_LOCK_EMBRYO in unix_collect_skb(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Define locking order for U_LOCK_SECOND in unix_state_double_lock(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Define locking order for unix_table_double_lock(). Rong Zhang <i(a)rong.moe> platform/x86: ideapad-laptop: use usleep_range() for EC polling Gergo Koteles <soyer(a)irl.hu> platform/x86: ideapad-laptop: move ACPI helpers from header to source file Gergo Koteles <soyer(a)irl.hu> platform/x86: ideapad-laptop: move ymc_trigger_ec from lenovo-ymc Gergo Koteles <soyer(a)irl.hu> platform/x86: ideapad-laptop: introduce a generic notification chain Thomas Zimmermann <tzimmermann(a)suse.de> dummycon: Trigger redraw when switching consoles with deferred takeover Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: make consw::con_switch() return a bool Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: sanitize arguments of consw::con_clear() Jiri Slaby (SUSE) <jirislaby(a)kernel.org> tty: vt: make init parameter of consw::con_init() a bool Janne Grunau <j(a)jannau.net> PCI: apple: Set only available ports up Zhang Zekun <zhangzekun11(a)huawei.com> PCI: apple: Use helper function for_each_child_of_node_scoped() Long Li <longli(a)microsoft.com> uio_hv_generic: Align ring size to system page Saurabh Sengar <ssengar(a)linux.microsoft.com> uio_hv_generic: Query the ringbuffer size for device Saurabh Sengar <ssengar(a)linux.microsoft.com> Drivers: hv: vmbus: Add utility function for querying ring size Chao Yu <chao(a)kernel.org> f2fs: don't over-report free space or inodes in statvfs Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd9335: Fix missing free of regulator supplies Peng Fan <peng.fan(a)nxp.com> ASoC: codec: wcd9335: Convert to GPIO descriptors Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd9335: Handle nicer probe deferral and simplify with dev_err_probe() Vasiliy Kovalev <kovalev(a)altlinux.org> jfs: validate AG parameters in dbMount() to prevent crashes Dave Kleikamp <dave.kleikamp(a)oracle.com> fs/jfs: consolidate sanity checking in dbMount Qu Wenruo <wqu(a)suse.com> btrfs: handle csum tree error with rescue=ibadroots correctly Kees Cook <kees(a)kernel.org> ovl: Check for NULL d_inode() in ovl_dentry_upper() Ziqi Chen <quic_ziqichen(a)quicinc.com> scsi: ufs: core: Don't perform UFS clkscaling during host async scan Dmitry Kandybka <d.kandybka(a)gmail.com> ceph: fix possible integer overflow in ceph_zero_objects() Mario Limonciello <mario.limonciello(a)amd.com> ALSA: usb-audio: Add a quirk for Lenovo Thinkpad Thunderbolt 3 dock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> ALSA: hda: Add new pci id for AMD GPU display HD audio controller Cezary Rojewski <cezary.rojewski(a)intel.com> ALSA: hda: Ignore unsol events for cards being shut down Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: typec: mux: do not return on EOPNOTSUPP in {mux, switch}_set Jos Wang <joswang(a)lenovo.com> usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode Robert Hodaszi <robert.hodaszi(a)digi.com> usb: cdc-wdm: avoid setting WDM_READ for ZLP-s Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: Add checks for snprintf() calls in usb_alloc_dev() Chance Yang <chance.yang(a)kneron.us> usb: common: usb-conn-gpio: use a unique name for usb connector device Jakub Lewalski <jakub.lewalski(a)nokia.com> tty: serial: uartlite: register uart driver in init Chen Yufeng <chenyufeng(a)iie.ac.cn> usb: potential integer overflow in usbg_make_tpg() Chenyuan Yang <chenyuan0y(a)gmail.com> misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe() Purva Yeshi <purvayeshi550(a)gmail.com> iio: adc: ad_sigma_delta: Fix use of uninitialized status_pos Michael Grzeschik <m.grzeschik(a)pengutronix.de> usb: dwc2: also exit clock_gating when stopping udc while suspended James Clark <james.clark(a)linaro.org> coresight: Only check bottom two claim bits Benjamin Berg <benjamin.berg(a)intel.com> um: use proper care when taking mmap lock during segfault Sami Tolvanen <samitolvanen(a)google.com> um: Add cmpxchg8b_emu and checksum functions to asm-prototypes.h Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: pressure: zpa2326: Use aligned_s64 for the timestamp Lin.Cao <lincao12(a)amd.com> drm/scheduler: signal scheduled fence when kill job Linggang Zeng <linggang.zeng(a)easystack.cn> bcache: fix NULL pointer in cache_set_flush() Yifan Zhang <yifan1.zhang(a)amd.com> amd/amdkfd: fix a kfd_process ref leak Yu Kuai <yukuai3(a)huawei.com> md/md-bitmap: fix dm-raid max_write_behind setting Hector Martin <marcan(a)marcan.st> PCI: apple: Fix missing OF node reference in apple_pcie_setup_port Wenbin Yao <quic_wenbyao(a)quicinc.com> PCI: dwc: Make link training more robust by setting PORT_LOGIC_LINK_WIDTH to one lane Thomas Gessler <thomas.gessler(a)brueckmann-gmbh.de> dmaengine: xilinx_dma: Set dma_device directions Yi Sun <yi.sun(a)intel.com> dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Lukas Wunner <lukas(a)wunner.de> Revert "iommu/amd: Prevent binding other PCI drivers to IOMMU PCI devices" FUJITA Tomonori <fujita.tomonori(a)gmail.com> rust: module: place cleanup_module() in .exit.text section Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: provide zero as a unique ID to the Mac client Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: allow a filename to contain special characters on SMB3.1.1 posix extension Alexis Czezar Torreno <alexisczezar.torreno(a)analog.com> hwmon: (pmbus/max34440) Fix support for max34451 Scott Mayhew <smayhew(a)redhat.com> NFSv4: xattr handlers should check for absent nfs filehandles Robert Richter <rrichter(a)amd.com> cxl/region: Add a dev_err() on missing target list entries Guang Yuan Wu <gwu(a)ddn.com> fuse: fix race between concurrent setattrs from multiple nodes Sven Schwermer <sven.schwermer(a)disruptive-technologies.com> leds: multicolor: Fix intensity setting while SW blinking Nikhil Jha <njha(a)janestreet.com> sunrpc: don't immediately retransmit on seqno miss Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> mfd: max14577: Fix wakeup source leaks on device unbind Peng Fan <peng.fan(a)nxp.com> mailbox: Not protect module_put with spin_lock_irqsave Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: fix listxattr to return selinux security label Han Young <hanyang.tony(a)bytedance.com> NFSv4: Always set NLINK even if the server doesn't support it Pali Rohár <pali(a)kernel.org> cifs: Fix encoding of SMB1 Session Setup NTLMSSP Request in non-UNICODE mode Pali Rohár <pali(a)kernel.org> cifs: Fix cifs_query_path_info() for Windows NT servers Pali Rohár <pali(a)kernel.org> cifs: Correctly set SMB1 SessionKey field in Session Setup Request ------------- Diffstat: Documentation/devicetree/bindings/serial/8250.yaml | 2 +- Makefile | 4 +- arch/s390/kernel/entry.S | 2 +- arch/um/drivers/ubd_user.c | 2 +- arch/um/include/asm/asm-prototypes.h | 5 + arch/um/kernel/trap.c | 129 +++++++++-- arch/x86/tools/insn_decoder_test.c | 5 +- arch/x86/um/asm/checksum.h | 3 + drivers/cxl/core/region.c | 7 + drivers/dma/idxd/cdev.c | 4 +- drivers/dma/xilinx/xilinx_dma.c | 2 + drivers/edac/amd64_edac.c | 57 +++-- drivers/firmware/arm_scmi/driver.c | 44 ++++ drivers/firmware/arm_scmi/protocols.h | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_debugfs.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_fence.c | 30 +-- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 12 +- drivers/gpu/drm/amd/amdgpu/amdgpu_job.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.h | 16 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 17 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.h | 6 + drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_events.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_packet_manager_v9.c | 2 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/ast/ast_mode.c | 6 +- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 32 ++- drivers/gpu/drm/bridge/ti-sn65dsi86.c | 109 ++++++---- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/etnaviv/etnaviv_sched.c | 5 +- drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c | 2 +- drivers/gpu/drm/i915/i915_pmu.c | 2 +- drivers/gpu/drm/msm/msm_gpu_devfreq.c | 1 + drivers/gpu/drm/scheduler/sched_entity.c | 1 + drivers/gpu/drm/tegra/dc.c | 17 +- drivers/gpu/drm/tegra/hub.c | 4 +- drivers/gpu/drm/tegra/hub.h | 3 +- drivers/gpu/drm/tiny/cirrus.c | 1 - drivers/gpu/drm/udl/udl_drv.c | 2 +- drivers/hid/hid-lenovo.c | 11 +- drivers/hid/wacom_sys.c | 6 +- drivers/hv/channel_mgmt.c | 15 +- drivers/hv/hyperv_vmbus.h | 5 + drivers/hwmon/pmbus/max34440.c | 48 ++++- drivers/hwtracing/coresight/coresight-core.c | 3 +- drivers/hwtracing/coresight/coresight-priv.h | 1 + drivers/i2c/busses/i2c-robotfuzz-osif.c | 6 + drivers/i2c/busses/i2c-tiny-usb.c | 6 + drivers/iio/adc/ad_sigma_delta.c | 4 + drivers/iio/pressure/zpa2326.c | 2 +- drivers/iommu/amd/init.c | 3 - drivers/leds/led-class-multicolor.c | 3 +- drivers/mailbox/mailbox.c | 2 +- drivers/md/bcache/super.c | 7 +- drivers/md/dm-raid.c | 2 +- drivers/md/md-bitmap.c | 2 +- drivers/media/usb/uvc/uvc_ctrl.c | 41 ++-- drivers/mfd/max14577.c | 1 + drivers/misc/tps6594-pfsm.c | 3 + drivers/net/ethernet/freescale/enetc/enetc_hw.h | 2 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 2 +- drivers/nvme/host/ioctl.c | 16 +- drivers/pci/controller/dwc/pcie-designware.c | 5 +- drivers/pci/controller/pcie-apple.c | 7 +- drivers/platform/x86/Kconfig | 1 + drivers/platform/x86/ideapad-laptop.c | 237 +++++++++++++++++++++ drivers/platform/x86/ideapad-laptop.h | 142 +----------- drivers/platform/x86/lenovo-ymc.c | 60 +----- drivers/s390/crypto/pkey_api.c | 2 +- drivers/scsi/megaraid/megaraid_sas_base.c | 6 +- drivers/spi/spi-cadence-quadspi.c | 11 +- drivers/staging/rtl8723bs/core/rtw_security.c | 44 ++-- drivers/tty/serial/imx.c | 17 +- drivers/tty/serial/uartlite.c | 25 ++- drivers/tty/vt/vt.c | 12 +- drivers/ufs/core/ufshcd.c | 3 + drivers/uio/uio_hv_generic.c | 10 +- drivers/usb/class/cdc-wdm.c | 23 +- drivers/usb/common/usb-conn-gpio.c | 25 ++- drivers/usb/core/usb.c | 14 +- drivers/usb/dwc2/gadget.c | 6 + drivers/usb/gadget/function/f_tcm.c | 4 +- drivers/usb/typec/altmodes/displayport.c | 4 + drivers/usb/typec/mux.c | 4 +- drivers/video/console/dummycon.c | 24 ++- drivers/video/console/mdacon.c | 21 +- drivers/video/console/newport_con.c | 12 +- drivers/video/console/sticon.c | 14 +- drivers/video/console/vgacon.c | 12 +- drivers/video/fbdev/core/fbcon.c | 40 ++-- fs/btrfs/disk-io.c | 3 +- fs/btrfs/inode.c | 83 ++++++-- fs/btrfs/volumes.c | 6 + fs/ceph/file.c | 2 +- fs/f2fs/super.c | 30 +-- fs/fuse/dir.c | 11 + fs/jfs/jfs_dmap.c | 41 ++-- fs/namespace.c | 8 +- fs/nfs/inode.c | 2 + fs/nfs/nfs4proc.c | 17 +- fs/overlayfs/util.c | 4 +- fs/smb/client/cifsglob.h | 2 + fs/smb/client/cifspdu.h | 6 +- fs/smb/client/cifssmb.c | 1 + fs/smb/client/connect.c | 58 +++-- fs/smb/client/misc.c | 8 + fs/smb/client/sess.c | 21 +- fs/smb/server/connection.h | 1 + fs/smb/server/smb2pdu.c | 81 ++++--- fs/smb/server/smb2pdu.h | 3 + include/linux/console.h | 13 +- include/linux/hyperv.h | 2 + include/linux/ipv6.h | 1 - include/uapi/linux/vm_sockets.h | 4 + lib/Kconfig.debug | 9 + lib/Makefile | 2 + lib/group_cpus.c | 9 +- lib/longest_symbol_kunit.c | 82 +++++++ mm/damon/sysfs-schemes.c | 1 + net/atm/clip.c | 11 +- net/atm/resources.c | 3 +- net/bluetooth/l2cap_core.c | 9 +- net/core/selftests.c | 5 +- net/ipv6/ip6_output.c | 9 +- net/mac80211/util.c | 2 +- net/sunrpc/clnt.c | 9 +- net/unix/af_unix.c | 107 +++++++--- net/unix/garbage.c | 24 +-- rust/macros/module.rs | 1 + scripts/checkstack.pl | 3 - scripts/gdb/linux/tasks.py | 15 +- scripts/head-object-list.txt | 1 - scripts/kconfig/mconf.c | 2 +- scripts/kconfig/nconf.c | 2 +- scripts/package/kernel.spec | 28 +-- scripts/package/mkdebian | 2 +- scripts/recordmcount.c | 1 - scripts/recordmcount.pl | 7 - scripts/xz_wrap.sh | 1 - sound/pci/hda/hda_bind.c | 2 +- sound/pci/hda/hda_intel.c | 3 + sound/pci/hda/patch_realtek.c | 1 + sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/wcd9335.c | 62 ++---- sound/usb/quirks.c | 2 + sound/usb/stream.c | 2 + tools/lib/bpf/btf_dump.c | 3 + tools/lib/bpf/libbpf.c | 10 +- .../selftests/bpf/progs/test_global_map_resize.c | 16 ++ 150 files changed, 1558 insertions(+), 833 deletions(-)

2 weeks, 1 day

15
159
0 0

[PATCH] wifi: iwlwifi: Fix dentry reference leak in iwl_mld_add_link_debugfs

by Miaoqian Lin

The debugfs_lookup() function increases the dentry reference count. Add missing dput() call to release the reference when the "iwlmld" directory already exists. Fixes: d1e879ec600f ("wifi: iwlwifi: add iwlmld sub-driver") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/net/wireless/intel/iwlwifi/mld/debugfs.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/intel/iwlwifi/mld/debugfs.c b/drivers/net/wireless/intel/iwlwifi/mld/debugfs.c index cc052b0aa53f..372204bf8452 100644 --- a/drivers/net/wireless/intel/iwlwifi/mld/debugfs.c +++ b/drivers/net/wireless/intel/iwlwifi/mld/debugfs.c @@ -1001,8 +1001,12 @@ void iwl_mld_add_link_debugfs(struct ieee80211_hw *hw, * If not, this is a per-link dir of a MLO vif, add in it the iwlmld * dir. */ - if (!mld_link_dir) + if (!mld_link_dir) { mld_link_dir = debugfs_create_dir("iwlmld", dir); + } else { + /* Release the reference from debugfs_lookup */ + dput(mld_link_dir); + } } static ssize_t _iwl_dbgfs_fixed_rate_write(struct iwl_mld *mld, char *buf, -- 2.35.1

2 weeks, 1 day

1
0
0 0

[PATCH] hisi_acc_vfio_pci: Fix reference leak in hisi_acc_vfio_debug_init

by Miaoqian Lin

The debugfs_lookup() function returns a dentry with an increased reference count that must be released by calling dput(). Fixes: b398f91779b8 ("hisi_acc_vfio_pci: register debugfs for hisilicon migration driver") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c index 2149f49aeec7..1710485cbbec 100644 --- a/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c +++ b/drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c @@ -1611,8 +1611,10 @@ static void hisi_acc_vfio_debug_init(struct hisi_acc_vf_core_device *hisi_acc_vd } migf = kzalloc(sizeof(*migf), GFP_KERNEL); - if (!migf) + if (!migf) { + dput(vfio_dev_migration); return; + } hisi_acc_vdev->debug_migf = migf; vfio_hisi_acc = debugfs_create_dir("hisi_acc", vfio_dev_migration); @@ -1622,6 +1624,8 @@ static void hisi_acc_vfio_debug_init(struct hisi_acc_vf_core_device *hisi_acc_vd hisi_acc_vf_migf_read); debugfs_create_devm_seqfile(dev, "cmd_state", vfio_hisi_acc, hisi_acc_vf_debug_cmd); + + dput(vfio_dev_migration); } static void hisi_acc_vf_debugfs_exit(struct hisi_acc_vf_core_device *hisi_acc_vdev) -- 2.35.1

2 weeks, 1 day

1
0
0 0

[PATCH 08/11] drm/amd/display: Correct sequences and delays for DCN35 PG & RCG

by waynelin

From: Ovidiu Bunea <ovidiu.bunea(a)amd.com> [why] The current PG & RCG programming in driver has some gaps and incorrect sequences. [how] Added delays after ungating clocks to allow ramp up, increased polling to allow more time for power up, and removed the incorrect sequences. Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Cc: stable(a)vger.kernel.org Reviewed-by: Charlene Liu <charlene.liu(a)amd.com> Signed-off-by: Ovidiu Bunea <ovidiu.bunea(a)amd.com> Signed-off-by: Wayne Lin <wayne.lin(a)amd.com> --- drivers/gpu/drm/amd/display/dc/dc.h | 1 + .../amd/display/dc/dccg/dcn35/dcn35_dccg.c | 74 +++++------ .../amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 115 +++--------------- .../amd/display/dc/hwss/dcn35/dcn35_init.c | 3 - .../amd/display/dc/hwss/dcn351/dcn351_init.c | 3 - .../gpu/drm/amd/display/dc/inc/hw/pg_cntl.h | 1 + .../amd/display/dc/pg/dcn35/dcn35_pg_cntl.c | 78 +++++++----- 7 files changed, 111 insertions(+), 164 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dc.h b/drivers/gpu/drm/amd/display/dc/dc.h index b41e66c31e6a..09d705cf5c9b 100644 --- a/drivers/gpu/drm/amd/display/dc/dc.h +++ b/drivers/gpu/drm/amd/display/dc/dc.h @@ -1162,6 +1162,7 @@ struct dc_debug_options { unsigned int auxless_alpm_lfps_silence_ns; unsigned int auxless_alpm_lfps_t1t2_us; short auxless_alpm_lfps_t1t2_offset_us; + bool enable_pg_cntl_debug_logs; }; diff --git a/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c b/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c index 58c84f555c0f..0ce9489ac6b7 100644 --- a/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c +++ b/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c @@ -133,30 +133,34 @@ enum dsc_clk_source { }; -static void dccg35_set_dsc_clk_rcg(struct dccg *dccg, int inst, bool enable) +static void dccg35_set_dsc_clk_rcg(struct dccg *dccg, int inst, bool allow_rcg) { struct dcn_dccg *dccg_dcn = TO_DCN_DCCG(dccg); - if (!dccg->ctx->dc->debug.root_clock_optimization.bits.dsc && enable) + if (!dccg->ctx->dc->debug.root_clock_optimization.bits.dsc && allow_rcg) return; switch (inst) { case 0: - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DSCCLK0_ROOT_GATE_DISABLE, enable ? 0 : 1); + REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DSCCLK0_ROOT_GATE_DISABLE, allow_rcg ? 0 : 1); break; case 1: - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DSCCLK1_ROOT_GATE_DISABLE, enable ? 0 : 1); + REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DSCCLK1_ROOT_GATE_DISABLE, allow_rcg ? 0 : 1); break; case 2: - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DSCCLK2_ROOT_GATE_DISABLE, enable ? 0 : 1); + REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DSCCLK2_ROOT_GATE_DISABLE, allow_rcg ? 0 : 1); break; case 3: - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DSCCLK3_ROOT_GATE_DISABLE, enable ? 0 : 1); + REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DSCCLK3_ROOT_GATE_DISABLE, allow_rcg ? 0 : 1); break; default: BREAK_TO_DEBUGGER(); return; } + + /* Wait for clock to ramp */ + if (!allow_rcg) + udelay(10); } static void dccg35_set_symclk32_se_rcg( @@ -385,35 +389,34 @@ static void dccg35_set_dtbclk_p_rcg(struct dccg *dccg, int inst, bool enable) } } -static void dccg35_set_dppclk_rcg(struct dccg *dccg, - int inst, bool enable) +static void dccg35_set_dppclk_rcg(struct dccg *dccg, int inst, bool allow_rcg) { - struct dcn_dccg *dccg_dcn = TO_DCN_DCCG(dccg); - - if (!dccg->ctx->dc->debug.root_clock_optimization.bits.dpp && enable) + if (!dccg->ctx->dc->debug.root_clock_optimization.bits.dpp && allow_rcg) return; switch (inst) { case 0: - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK0_ROOT_GATE_DISABLE, enable ? 0 : 1); + REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK0_ROOT_GATE_DISABLE, allow_rcg ? 0 : 1); break; case 1: - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK1_ROOT_GATE_DISABLE, enable ? 0 : 1); + REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK1_ROOT_GATE_DISABLE, allow_rcg ? 0 : 1); break; case 2: - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK2_ROOT_GATE_DISABLE, enable ? 0 : 1); + REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK2_ROOT_GATE_DISABLE, allow_rcg ? 0 : 1); break; case 3: - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK3_ROOT_GATE_DISABLE, enable ? 0 : 1); + REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK3_ROOT_GATE_DISABLE, allow_rcg ? 0 : 1); break; default: BREAK_TO_DEBUGGER(); break; } - //DC_LOG_DEBUG("%s: inst(%d) DPPCLK rcg_disable: %d\n", __func__, inst, enable ? 0 : 1); + /* Wait for clock to ramp */ + if (!allow_rcg) + udelay(10); } static void dccg35_set_dpstreamclk_rcg( @@ -1177,32 +1180,34 @@ static void dccg35_update_dpp_dto(struct dccg *dccg, int dpp_inst, } static void dccg35_set_dppclk_root_clock_gating(struct dccg *dccg, - uint32_t dpp_inst, uint32_t enable) + uint32_t dpp_inst, uint32_t disallow_rcg) { struct dcn_dccg *dccg_dcn = TO_DCN_DCCG(dccg); - if (!dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) + if (!dccg->ctx->dc->debug.root_clock_optimization.bits.dpp && !disallow_rcg) return; switch (dpp_inst) { case 0: - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK0_ROOT_GATE_DISABLE, enable); + REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK0_ROOT_GATE_DISABLE, disallow_rcg); break; case 1: - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK1_ROOT_GATE_DISABLE, enable); + REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK1_ROOT_GATE_DISABLE, disallow_rcg); break; case 2: - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK2_ROOT_GATE_DISABLE, enable); + REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK2_ROOT_GATE_DISABLE, disallow_rcg); break; case 3: - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK3_ROOT_GATE_DISABLE, enable); + REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK3_ROOT_GATE_DISABLE, disallow_rcg); break; default: break; } - //DC_LOG_DEBUG("%s: dpp_inst(%d) rcg: %d\n", __func__, dpp_inst, enable); + /* Wait for clock to ramp */ + if (disallow_rcg) + udelay(10); } static void dccg35_get_pixel_rate_div( @@ -1782,8 +1787,7 @@ static void dccg35_enable_dscclk(struct dccg *dccg, int inst) //Disable DTO switch (inst) { case 0: - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dsc) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DSCCLK0_ROOT_GATE_DISABLE, 1); + REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DSCCLK0_ROOT_GATE_DISABLE, 1); REG_UPDATE_2(DSCCLK0_DTO_PARAM, DSCCLK0_DTO_PHASE, 0, @@ -1791,8 +1795,7 @@ static void dccg35_enable_dscclk(struct dccg *dccg, int inst) REG_UPDATE(DSCCLK_DTO_CTRL, DSCCLK0_EN, 1); break; case 1: - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dsc) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DSCCLK1_ROOT_GATE_DISABLE, 1); + REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DSCCLK1_ROOT_GATE_DISABLE, 1); REG_UPDATE_2(DSCCLK1_DTO_PARAM, DSCCLK1_DTO_PHASE, 0, @@ -1800,8 +1803,7 @@ static void dccg35_enable_dscclk(struct dccg *dccg, int inst) REG_UPDATE(DSCCLK_DTO_CTRL, DSCCLK1_EN, 1); break; case 2: - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dsc) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DSCCLK2_ROOT_GATE_DISABLE, 1); + REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DSCCLK2_ROOT_GATE_DISABLE, 1); REG_UPDATE_2(DSCCLK2_DTO_PARAM, DSCCLK2_DTO_PHASE, 0, @@ -1809,8 +1811,7 @@ static void dccg35_enable_dscclk(struct dccg *dccg, int inst) REG_UPDATE(DSCCLK_DTO_CTRL, DSCCLK2_EN, 1); break; case 3: - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dsc) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DSCCLK3_ROOT_GATE_DISABLE, 1); + REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DSCCLK3_ROOT_GATE_DISABLE, 1); REG_UPDATE_2(DSCCLK3_DTO_PARAM, DSCCLK3_DTO_PHASE, 0, @@ -1821,6 +1822,9 @@ static void dccg35_enable_dscclk(struct dccg *dccg, int inst) BREAK_TO_DEBUGGER(); return; } + + /* Wait for clock to ramp */ + udelay(10); } static void dccg35_disable_dscclk(struct dccg *dccg, @@ -1864,6 +1868,9 @@ static void dccg35_disable_dscclk(struct dccg *dccg, default: return; } + + /* Wait for clock ramp */ + udelay(10); } static void dccg35_enable_symclk_se(struct dccg *dccg, uint32_t stream_enc_inst, uint32_t link_enc_inst) @@ -2349,10 +2356,7 @@ static void dccg35_disable_symclk_se_cb( void dccg35_root_gate_disable_control(struct dccg *dccg, uint32_t pipe_idx, uint32_t disable_clock_gating) { - - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) { - dccg35_set_dppclk_root_clock_gating(dccg, pipe_idx, disable_clock_gating); - } + dccg35_set_dppclk_root_clock_gating(dccg, pipe_idx, disable_clock_gating); } static const struct dccg_funcs dccg35_funcs_new = { diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c index a267f574b619..764eff6a4ec6 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c @@ -113,6 +113,14 @@ static void enable_memory_low_power(struct dc *dc) } #endif +static void print_pg_status(struct dc *dc, const char *debug_func, const char *debug_log) +{ + if (dc->debug.enable_pg_cntl_debug_logs && dc->res_pool->pg_cntl) { + if (dc->res_pool->pg_cntl->funcs->print_pg_status) + dc->res_pool->pg_cntl->funcs->print_pg_status(dc->res_pool->pg_cntl, debug_func, debug_log); + } +} + void dcn35_set_dmu_fgcg(struct dce_hwseq *hws, bool enable) { REG_UPDATE_3(DMU_CLK_CNTL, @@ -137,6 +145,8 @@ void dcn35_init_hw(struct dc *dc) uint32_t user_level = MAX_BACKLIGHT_LEVEL; int i; + print_pg_status(dc, __func__, ": start"); + if (dc->clk_mgr && dc->clk_mgr->funcs->init_clocks) dc->clk_mgr->funcs->init_clocks(dc->clk_mgr); @@ -200,10 +210,7 @@ void dcn35_init_hw(struct dc *dc) /* we want to turn off all dp displays before doing detection */ dc->link_srv->blank_all_dp_displays(dc); -/* - if (hws->funcs.enable_power_gating_plane) - hws->funcs.enable_power_gating_plane(dc->hwseq, true); -*/ + if (res_pool->hubbub && res_pool->hubbub->funcs->dchubbub_init) res_pool->hubbub->funcs->dchubbub_init(dc->res_pool->hubbub); /* If taking control over from VBIOS, we may want to optimize our first @@ -236,6 +243,8 @@ void dcn35_init_hw(struct dc *dc) } hws->funcs.init_pipes(dc, dc->current_state); + print_pg_status(dc, __func__, ": after init_pipes"); + if (dc->res_pool->hubbub->funcs->allow_self_refresh_control && !dc->res_pool->hubbub->ctx->dc->debug.disable_stutter) dc->res_pool->hubbub->funcs->allow_self_refresh_control(dc->res_pool->hubbub, @@ -312,6 +321,7 @@ void dcn35_init_hw(struct dc *dc) if (dc->res_pool->pg_cntl->funcs->init_pg_status) dc->res_pool->pg_cntl->funcs->init_pg_status(dc->res_pool->pg_cntl); } + print_pg_status(dc, __func__, ": after init_pg_status"); } static void update_dsc_on_stream(struct pipe_ctx *pipe_ctx, bool enable) @@ -500,97 +510,6 @@ void dcn35_physymclk_root_clock_control(struct dce_hwseq *hws, unsigned int phy_ } } -void dcn35_dsc_pg_control( - struct dce_hwseq *hws, - unsigned int dsc_inst, - bool power_on) -{ - uint32_t power_gate = power_on ? 0 : 1; - uint32_t pwr_status = power_on ? 0 : 2; - uint32_t org_ip_request_cntl = 0; - - if (hws->ctx->dc->debug.disable_dsc_power_gate) - return; - if (hws->ctx->dc->debug.ignore_pg) - return; - REG_GET(DC_IP_REQUEST_CNTL, IP_REQUEST_EN, &org_ip_request_cntl); - if (org_ip_request_cntl == 0) - REG_SET(DC_IP_REQUEST_CNTL, 0, IP_REQUEST_EN, 1); - - switch (dsc_inst) { - case 0: /* DSC0 */ - REG_UPDATE(DOMAIN16_PG_CONFIG, - DOMAIN_POWER_GATE, power_gate); - - REG_WAIT(DOMAIN16_PG_STATUS, - DOMAIN_PGFSM_PWR_STATUS, pwr_status, - 1, 1000); - break; - case 1: /* DSC1 */ - REG_UPDATE(DOMAIN17_PG_CONFIG, - DOMAIN_POWER_GATE, power_gate); - - REG_WAIT(DOMAIN17_PG_STATUS, - DOMAIN_PGFSM_PWR_STATUS, pwr_status, - 1, 1000); - break; - case 2: /* DSC2 */ - REG_UPDATE(DOMAIN18_PG_CONFIG, - DOMAIN_POWER_GATE, power_gate); - - REG_WAIT(DOMAIN18_PG_STATUS, - DOMAIN_PGFSM_PWR_STATUS, pwr_status, - 1, 1000); - break; - case 3: /* DSC3 */ - REG_UPDATE(DOMAIN19_PG_CONFIG, - DOMAIN_POWER_GATE, power_gate); - - REG_WAIT(DOMAIN19_PG_STATUS, - DOMAIN_PGFSM_PWR_STATUS, pwr_status, - 1, 1000); - break; - default: - BREAK_TO_DEBUGGER(); - break; - } - - if (org_ip_request_cntl == 0) - REG_SET(DC_IP_REQUEST_CNTL, 0, IP_REQUEST_EN, 0); -} - -void dcn35_enable_power_gating_plane(struct dce_hwseq *hws, bool enable) -{ - bool force_on = true; /* disable power gating */ - uint32_t org_ip_request_cntl = 0; - - if (hws->ctx->dc->debug.disable_hubp_power_gate) - return; - if (hws->ctx->dc->debug.ignore_pg) - return; - REG_GET(DC_IP_REQUEST_CNTL, IP_REQUEST_EN, &org_ip_request_cntl); - if (org_ip_request_cntl == 0) - REG_SET(DC_IP_REQUEST_CNTL, 0, IP_REQUEST_EN, 1); - /* DCHUBP0/1/2/3/4/5 */ - REG_UPDATE(DOMAIN0_PG_CONFIG, DOMAIN_POWER_FORCEON, force_on); - REG_UPDATE(DOMAIN2_PG_CONFIG, DOMAIN_POWER_FORCEON, force_on); - /* DPP0/1/2/3/4/5 */ - REG_UPDATE(DOMAIN1_PG_CONFIG, DOMAIN_POWER_FORCEON, force_on); - REG_UPDATE(DOMAIN3_PG_CONFIG, DOMAIN_POWER_FORCEON, force_on); - - force_on = true; /* disable power gating */ - if (enable && !hws->ctx->dc->debug.disable_dsc_power_gate) - force_on = false; - - /* DCS0/1/2/3/4 */ - REG_UPDATE(DOMAIN16_PG_CONFIG, DOMAIN_POWER_FORCEON, force_on); - REG_UPDATE(DOMAIN17_PG_CONFIG, DOMAIN_POWER_FORCEON, force_on); - REG_UPDATE(DOMAIN18_PG_CONFIG, DOMAIN_POWER_FORCEON, force_on); - REG_UPDATE(DOMAIN19_PG_CONFIG, DOMAIN_POWER_FORCEON, force_on); - - -} - /* In headless boot cases, DIG may be turned * on which causes HW/SW discrepancies. * To avoid this, power down hardware on boot @@ -1453,6 +1372,8 @@ void dcn35_prepare_bandwidth( } dcn20_prepare_bandwidth(dc, context); + + print_pg_status(dc, __func__, ": after rcg and power up"); } void dcn35_optimize_bandwidth( @@ -1461,6 +1382,8 @@ void dcn35_optimize_bandwidth( { struct pg_block_update pg_update_state; + print_pg_status(dc, __func__, ": before rcg and power up"); + dcn20_optimize_bandwidth(dc, context); if (dc->hwss.calc_blocks_to_gate) { @@ -1472,6 +1395,8 @@ void dcn35_optimize_bandwidth( if (dc->hwss.root_clock_control) dc->hwss.root_clock_control(dc, &pg_update_state, false); } + + print_pg_status(dc, __func__, ": after rcg and power up"); } void dcn35_set_drr(struct pipe_ctx **pipe_ctx, diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c index 52cc488416ac..f2f16a0bdb4f 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_init.c @@ -115,7 +115,6 @@ static const struct hw_sequencer_funcs dcn35_funcs = { .exit_optimized_pwr_state = dcn21_exit_optimized_pwr_state, .update_visual_confirm_color = dcn10_update_visual_confirm_color, .apply_idle_power_optimizations = dcn35_apply_idle_power_optimizations, - .update_dsc_pg = dcn32_update_dsc_pg, .calc_blocks_to_gate = dcn35_calc_blocks_to_gate, .calc_blocks_to_ungate = dcn35_calc_blocks_to_ungate, .hw_block_power_up = dcn35_hw_block_power_up, @@ -151,7 +150,6 @@ static const struct hwseq_private_funcs dcn35_private_funcs = { .plane_atomic_disable = dcn35_plane_atomic_disable, //.plane_atomic_disable = dcn20_plane_atomic_disable,/*todo*/ //.hubp_pg_control = dcn35_hubp_pg_control, - .enable_power_gating_plane = dcn35_enable_power_gating_plane, .dpp_root_clock_control = dcn35_dpp_root_clock_control, .dpstream_root_clock_control = dcn35_dpstream_root_clock_control, .physymclk_root_clock_control = dcn35_physymclk_root_clock_control, @@ -166,7 +164,6 @@ static const struct hwseq_private_funcs dcn35_private_funcs = { .calculate_dccg_k1_k2_values = dcn32_calculate_dccg_k1_k2_values, .resync_fifo_dccg_dio = dcn314_resync_fifo_dccg_dio, .is_dp_dig_pixel_rate_div_policy = dcn35_is_dp_dig_pixel_rate_div_policy, - .dsc_pg_control = dcn35_dsc_pg_control, .dsc_pg_status = dcn32_dsc_pg_status, .enable_plane = dcn35_enable_plane, .wait_for_pipe_update_if_needed = dcn10_wait_for_pipe_update_if_needed, diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn351/dcn351_init.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn351/dcn351_init.c index e34efcb7bde5..09e60158f0b5 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn351/dcn351_init.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn351/dcn351_init.c @@ -114,7 +114,6 @@ static const struct hw_sequencer_funcs dcn351_funcs = { .exit_optimized_pwr_state = dcn21_exit_optimized_pwr_state, .update_visual_confirm_color = dcn10_update_visual_confirm_color, .apply_idle_power_optimizations = dcn35_apply_idle_power_optimizations, - .update_dsc_pg = dcn32_update_dsc_pg, .calc_blocks_to_gate = dcn351_calc_blocks_to_gate, .calc_blocks_to_ungate = dcn351_calc_blocks_to_ungate, .hw_block_power_up = dcn351_hw_block_power_up, @@ -146,7 +145,6 @@ static const struct hwseq_private_funcs dcn351_private_funcs = { .plane_atomic_disable = dcn35_plane_atomic_disable, //.plane_atomic_disable = dcn20_plane_atomic_disable,/*todo*/ //.hubp_pg_control = dcn35_hubp_pg_control, - .enable_power_gating_plane = dcn35_enable_power_gating_plane, .dpp_root_clock_control = dcn35_dpp_root_clock_control, .dpstream_root_clock_control = dcn35_dpstream_root_clock_control, .physymclk_root_clock_control = dcn35_physymclk_root_clock_control, @@ -160,7 +158,6 @@ static const struct hwseq_private_funcs dcn351_private_funcs = { .setup_hpo_hw_control = dcn35_setup_hpo_hw_control, .calculate_dccg_k1_k2_values = dcn32_calculate_dccg_k1_k2_values, .is_dp_dig_pixel_rate_div_policy = dcn35_is_dp_dig_pixel_rate_div_policy, - .dsc_pg_control = dcn35_dsc_pg_control, .dsc_pg_status = dcn32_dsc_pg_status, .enable_plane = dcn35_enable_plane, .wait_for_pipe_update_if_needed = dcn10_wait_for_pipe_update_if_needed, diff --git a/drivers/gpu/drm/amd/display/dc/inc/hw/pg_cntl.h b/drivers/gpu/drm/amd/display/dc/inc/hw/pg_cntl.h index 44f86cc2d1d6..227e3f8d7e5f 100644 --- a/drivers/gpu/drm/amd/display/dc/inc/hw/pg_cntl.h +++ b/drivers/gpu/drm/amd/display/dc/inc/hw/pg_cntl.h @@ -49,6 +49,7 @@ struct pg_cntl_funcs { void (*mem_pg_control)(struct pg_cntl *pg_cntl, bool power_on); void (*dio_pg_control)(struct pg_cntl *pg_cntl, bool power_on); void (*init_pg_status)(struct pg_cntl *pg_cntl); + void (*print_pg_status)(struct pg_cntl *pg_cntl, const char *debug_func, const char *debug_log); }; #endif //__DC_PG_CNTL_H__ diff --git a/drivers/gpu/drm/amd/display/dc/pg/dcn35/dcn35_pg_cntl.c b/drivers/gpu/drm/amd/display/dc/pg/dcn35/dcn35_pg_cntl.c index af21c0a27f86..72bd43f9bbe2 100644 --- a/drivers/gpu/drm/amd/display/dc/pg/dcn35/dcn35_pg_cntl.c +++ b/drivers/gpu/drm/amd/display/dc/pg/dcn35/dcn35_pg_cntl.c @@ -79,16 +79,12 @@ void pg_cntl35_dsc_pg_control(struct pg_cntl *pg_cntl, unsigned int dsc_inst, bo uint32_t power_gate = power_on ? 0 : 1; uint32_t pwr_status = power_on ? 0 : 2; uint32_t org_ip_request_cntl = 0; - bool block_enabled; - - /*need to enable dscclk regardless DSC_PG*/ - if (pg_cntl->ctx->dc->res_pool->dccg->funcs->enable_dsc && power_on) - pg_cntl->ctx->dc->res_pool->dccg->funcs->enable_dsc( - pg_cntl->ctx->dc->res_pool->dccg, dsc_inst); + bool block_enabled = false; + bool skip_pg = pg_cntl->ctx->dc->debug.ignore_pg || + pg_cntl->ctx->dc->debug.disable_dsc_power_gate || + pg_cntl->ctx->dc->idle_optimizations_allowed; - if (pg_cntl->ctx->dc->debug.ignore_pg || - pg_cntl->ctx->dc->debug.disable_dsc_power_gate || - pg_cntl->ctx->dc->idle_optimizations_allowed) + if (skip_pg && !power_on) return; block_enabled = pg_cntl35_dsc_pg_status(pg_cntl, dsc_inst); @@ -111,7 +107,7 @@ void pg_cntl35_dsc_pg_control(struct pg_cntl *pg_cntl, unsigned int dsc_inst, bo REG_WAIT(DOMAIN16_PG_STATUS, DOMAIN_PGFSM_PWR_STATUS, pwr_status, - 1, 1000); + 1, 10000); break; case 1: /* DSC1 */ REG_UPDATE(DOMAIN17_PG_CONFIG, @@ -119,7 +115,7 @@ void pg_cntl35_dsc_pg_control(struct pg_cntl *pg_cntl, unsigned int dsc_inst, bo REG_WAIT(DOMAIN17_PG_STATUS, DOMAIN_PGFSM_PWR_STATUS, pwr_status, - 1, 1000); + 1, 10000); break; case 2: /* DSC2 */ REG_UPDATE(DOMAIN18_PG_CONFIG, @@ -127,7 +123,7 @@ void pg_cntl35_dsc_pg_control(struct pg_cntl *pg_cntl, unsigned int dsc_inst, bo REG_WAIT(DOMAIN18_PG_STATUS, DOMAIN_PGFSM_PWR_STATUS, pwr_status, - 1, 1000); + 1, 10000); break; case 3: /* DSC3 */ REG_UPDATE(DOMAIN19_PG_CONFIG, @@ -135,7 +131,7 @@ void pg_cntl35_dsc_pg_control(struct pg_cntl *pg_cntl, unsigned int dsc_inst, bo REG_WAIT(DOMAIN19_PG_STATUS, DOMAIN_PGFSM_PWR_STATUS, pwr_status, - 1, 1000); + 1, 10000); break; default: BREAK_TO_DEBUGGER(); @@ -144,12 +140,6 @@ void pg_cntl35_dsc_pg_control(struct pg_cntl *pg_cntl, unsigned int dsc_inst, bo if (dsc_inst < MAX_PIPES) pg_cntl->pg_pipe_res_enable[PG_DSC][dsc_inst] = power_on; - - if (pg_cntl->ctx->dc->res_pool->dccg->funcs->disable_dsc && !power_on) { - /*this is to disable dscclk*/ - pg_cntl->ctx->dc->res_pool->dccg->funcs->disable_dsc( - pg_cntl->ctx->dc->res_pool->dccg, dsc_inst); - } } static bool pg_cntl35_hubp_dpp_pg_status(struct pg_cntl *pg_cntl, unsigned int hubp_dpp_inst) @@ -189,11 +179,12 @@ void pg_cntl35_hubp_dpp_pg_control(struct pg_cntl *pg_cntl, unsigned int hubp_dp uint32_t pwr_status = power_on ? 0 : 2; uint32_t org_ip_request_cntl; bool block_enabled; + bool skip_pg = pg_cntl->ctx->dc->debug.ignore_pg || + pg_cntl->ctx->dc->debug.disable_hubp_power_gate || + pg_cntl->ctx->dc->debug.disable_dpp_power_gate || + pg_cntl->ctx->dc->idle_optimizations_allowed; - if (pg_cntl->ctx->dc->debug.ignore_pg || - pg_cntl->ctx->dc->debug.disable_hubp_power_gate || - pg_cntl->ctx->dc->debug.disable_dpp_power_gate || - pg_cntl->ctx->dc->idle_optimizations_allowed) + if (skip_pg && !power_on) return; block_enabled = pg_cntl35_hubp_dpp_pg_status(pg_cntl, hubp_dpp_inst); @@ -213,22 +204,22 @@ void pg_cntl35_hubp_dpp_pg_control(struct pg_cntl *pg_cntl, unsigned int hubp_dp case 0: /* DPP0 & HUBP0 */ REG_UPDATE(DOMAIN0_PG_CONFIG, DOMAIN_POWER_GATE, power_gate); - REG_WAIT(DOMAIN0_PG_STATUS, DOMAIN_PGFSM_PWR_STATUS, pwr_status, 1, 1000); + REG_WAIT(DOMAIN0_PG_STATUS, DOMAIN_PGFSM_PWR_STATUS, pwr_status, 1, 10000); break; case 1: /* DPP1 & HUBP1 */ REG_UPDATE(DOMAIN1_PG_CONFIG, DOMAIN_POWER_GATE, power_gate); - REG_WAIT(DOMAIN1_PG_STATUS, DOMAIN_PGFSM_PWR_STATUS, pwr_status, 1, 1000); + REG_WAIT(DOMAIN1_PG_STATUS, DOMAIN_PGFSM_PWR_STATUS, pwr_status, 1, 10000); break; case 2: /* DPP2 & HUBP2 */ REG_UPDATE(DOMAIN2_PG_CONFIG, DOMAIN_POWER_GATE, power_gate); - REG_WAIT(DOMAIN2_PG_STATUS, DOMAIN_PGFSM_PWR_STATUS, pwr_status, 1, 1000); + REG_WAIT(DOMAIN2_PG_STATUS, DOMAIN_PGFSM_PWR_STATUS, pwr_status, 1, 10000); break; case 3: /* DPP3 & HUBP3 */ REG_UPDATE(DOMAIN3_PG_CONFIG, DOMAIN_POWER_GATE, power_gate); - REG_WAIT(DOMAIN3_PG_STATUS, DOMAIN_PGFSM_PWR_STATUS, pwr_status, 1, 1000); + REG_WAIT(DOMAIN3_PG_STATUS, DOMAIN_PGFSM_PWR_STATUS, pwr_status, 1, 10000); break; default: BREAK_TO_DEBUGGER(); @@ -501,6 +492,36 @@ void pg_cntl35_init_pg_status(struct pg_cntl *pg_cntl) pg_cntl->pg_res_enable[PG_DWB] = block_enabled; } +static void pg_cntl35_print_pg_status(struct pg_cntl *pg_cntl, const char *debug_func, const char *debug_log) +{ + int i = 0; + bool block_enabled = false; + + DC_LOG_DEBUG("%s: %s", debug_func, debug_log); + + DC_LOG_DEBUG("PG_CNTL status:\n"); + + block_enabled = pg_cntl35_io_clk_status(pg_cntl); + DC_LOG_DEBUG("ONO0=%d (DCCG, DIO, DCIO)\n", block_enabled ? 1 : 0); + + block_enabled = pg_cntl35_mem_status(pg_cntl); + DC_LOG_DEBUG("ONO1=%d (DCHUBBUB, DCHVM, DCHUBBUBMEM)\n", block_enabled ? 1 : 0); + + block_enabled = pg_cntl35_plane_otg_status(pg_cntl); + DC_LOG_DEBUG("ONO2=%d (MPC, OPP, OPTC, DWB)\n", block_enabled ? 1 : 0); + + block_enabled = pg_cntl35_hpo_pg_status(pg_cntl); + DC_LOG_DEBUG("ONO3=%d (HPO)\n", block_enabled ? 1 : 0); + + for (i = 0; i < pg_cntl->ctx->dc->res_pool->pipe_count; i++) { + block_enabled = pg_cntl35_hubp_dpp_pg_status(pg_cntl, i); + DC_LOG_DEBUG("ONO%d=%d (DCHUBP%d, DPP%d)\n", 4 + i * 2, block_enabled ? 1 : 0, i, i); + + block_enabled = pg_cntl35_dsc_pg_status(pg_cntl, i); + DC_LOG_DEBUG("ONO%d=%d (DSC%d)\n", 5 + i * 2, block_enabled ? 1 : 0, i); + } +} + static const struct pg_cntl_funcs pg_cntl35_funcs = { .init_pg_status = pg_cntl35_init_pg_status, .dsc_pg_control = pg_cntl35_dsc_pg_control, @@ -511,7 +532,8 @@ static const struct pg_cntl_funcs pg_cntl35_funcs = { .mpcc_pg_control = pg_cntl35_mpcc_pg_control, .opp_pg_control = pg_cntl35_opp_pg_control, .optc_pg_control = pg_cntl35_optc_pg_control, - .dwb_pg_control = pg_cntl35_dwb_pg_control + .dwb_pg_control = pg_cntl35_dwb_pg_control, + .print_pg_status = pg_cntl35_print_pg_status }; struct pg_cntl *pg_cntl35_create( -- 2.43.0

2 weeks, 1 day

1
0
0 0

[PATCH 1/2] PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS

by Marek Vasut

From: Niklas Cassel <cassel(a)kernel.org> [ Upstream commit 817f989700fddefa56e5e443e7d138018ca6709d ] Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS. Suggested-by: Bjorn Helgaas <helgaas(a)kernel.org> Signed-off-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Manivannan Sadhasivam <mani(a)kernel.org> Cc: <stable(a)vger.kernel.org> # 6.12.x --- drivers/pci/controller/plda/pcie-starfive.c | 2 +- drivers/pci/pci.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/pci/controller/plda/pcie-starfive.c b/drivers/pci/controller/plda/pcie-starfive.c index 0564fdce47c2a..0a0b5a7d84d7e 100644 --- a/drivers/pci/controller/plda/pcie-starfive.c +++ b/drivers/pci/controller/plda/pcie-starfive.c @@ -368,7 +368,7 @@ static int starfive_pcie_host_init(struct plda_pcie_rp *plda) * of 100ms following exit from a conventional reset before * sending a configuration request to the device. */ - msleep(PCIE_RESET_CONFIG_DEVICE_WAIT_MS); + msleep(PCIE_RESET_CONFIG_WAIT_MS); if (starfive_pcie_host_wait_for_link(pcie)) dev_info(dev, "port link down\n"); diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h index b65868e709517..c951f861a69b2 100644 --- a/drivers/pci/pci.h +++ b/drivers/pci/pci.h @@ -57,7 +57,7 @@ * completes before sending a Configuration Request to the device * immediately below that Port." */ -#define PCIE_RESET_CONFIG_DEVICE_WAIT_MS 100 +#define PCIE_RESET_CONFIG_WAIT_MS 100 /* Message Routing (r[2:0]); PCIe r6.0, sec 2.2.8 */ #define PCIE_MSG_TYPE_R_RC 0 -- 2.50.1

2 weeks, 2 days

3
3
0 0

[PATCH v2 1/2] PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS

by Marek Vasut

From: Niklas Cassel <cassel(a)kernel.org> [ Upstream commit 817f989700fddefa56e5e443e7d138018ca6709d ] Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS. Suggested-by: Bjorn Helgaas <helgaas(a)kernel.org> Signed-off-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Manivannan Sadhasivam <mani(a)kernel.org> Signed-off-by: Marek Vasut <marek.vasut+renesas(a)mailbox.org> Cc: <stable(a)vger.kernel.org> # 6.12.x --- V2: Add own SoB line --- drivers/pci/controller/plda/pcie-starfive.c | 2 +- drivers/pci/pci.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/pci/controller/plda/pcie-starfive.c b/drivers/pci/controller/plda/pcie-starfive.c index 0564fdce47c2a..0a0b5a7d84d7e 100644 --- a/drivers/pci/controller/plda/pcie-starfive.c +++ b/drivers/pci/controller/plda/pcie-starfive.c @@ -368,7 +368,7 @@ static int starfive_pcie_host_init(struct plda_pcie_rp *plda) * of 100ms following exit from a conventional reset before * sending a configuration request to the device. */ - msleep(PCIE_RESET_CONFIG_DEVICE_WAIT_MS); + msleep(PCIE_RESET_CONFIG_WAIT_MS); if (starfive_pcie_host_wait_for_link(pcie)) dev_info(dev, "port link down\n"); diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h index b65868e709517..c951f861a69b2 100644 --- a/drivers/pci/pci.h +++ b/drivers/pci/pci.h @@ -57,7 +57,7 @@ * completes before sending a Configuration Request to the device * immediately below that Port." */ -#define PCIE_RESET_CONFIG_DEVICE_WAIT_MS 100 +#define PCIE_RESET_CONFIG_WAIT_MS 100 /* Message Routing (r[2:0]); PCIe r6.0, sec 2.2.8 */ #define PCIE_MSG_TYPE_R_RC 0 -- 2.50.1

2 weeks, 2 days

1
1
0 0

[PATCH v8] Bluetooth: hci_qca: Fix SSR (SubSystem Restart) fail when BT_EN is pulled up by hw

by Shuai Zhang

When the host actively triggers SSR and collects coredump data, the Bluetooth stack sends a reset command to the controller. However, due to the inability to clear the QCA_SSR_TRIGGERED and QCA_IBS_DISABLED bits, the reset command times out. To address this, this patch clears the QCA_SSR_TRIGGERED and QCA_IBS_DISABLED flags and adds a 50ms delay after SSR, but only when HCI_QUIRK_NON_PERSISTENT_SETUP is not set. This ensures the controller completes the SSR process when BT_EN is always high due to hardware. For the purpose of HCI_QUIRK_NON_PERSISTENT_SETUP, please refer to the comment in `include/net/bluetooth/hci.h`. The HCI_QUIRK_NON_PERSISTENT_SETUP quirk is associated with BT_EN, and its presence can be used to determine whether BT_EN is defined in DTS. After SSR, host will not download the firmware, causing controller to remain in the IBS_WAKE state. Host needs to synchronize with the controller to maintain proper operation. Multiple triggers of SSR only first generate coredump file, due to memcoredump_flag no clear. add clear coredump flag when ssr completed. When the SSR duration exceeds 2 seconds, it triggers host tx_idle_timeout, which sets host TX state to sleep. due to the hardware pulling up bt_en, the firmware is not downloaded after the SSR. As a result, the controller does not enter sleep mode. Consequently, when the host sends a command afterward, it sends 0xFD to the controller, but the controller does not respond, leading to a command timeout. So reset tx_idle_timer after SSR to prevent host enter TX IBS_Sleep mode. Changes since v6-7: - Merge the changes into a single patch. - Update commit. Changes since v1-5: - Add an explanation for HCI_QUIRK_NON_PERSISTENT_SETUP. - Add commments for msleep(50). - Update format and commit. Signed-off-by: Shuai Zhang <quic_shuaz(a)quicinc.com> --- drivers/bluetooth/hci_qca.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/drivers/bluetooth/hci_qca.c b/drivers/bluetooth/hci_qca.c index 4e56782b0..9dc59b002 100644 --- a/drivers/bluetooth/hci_qca.c +++ b/drivers/bluetooth/hci_qca.c @@ -1653,6 +1653,39 @@ static void qca_hw_error(struct hci_dev *hdev, u8 code) skb_queue_purge(&qca->rx_memdump_q); } + /* + * If the BT chip's bt_en pin is connected to a 3.3V power supply via + * hardware and always stays high, driver cannot control the bt_en pin. + * As a result, during SSR (SubSystem Restart), QCA_SSR_TRIGGERED and + * QCA_IBS_DISABLED flags cannot be cleared, which leads to a reset + * command timeout. + * Add an msleep delay to ensure controller completes the SSR process. + * + * Host will not download the firmware after SSR, controller to remain + * in the IBS_WAKE state, and the host needs to synchronize with it + * + * Since the bluetooth chip has been reset, clear the memdump state. + */ + if (!test_bit(HCI_QUIRK_NON_PERSISTENT_SETUP, &hdev->quirks)) { + /* + * When the SSR (SubSystem Restart) duration exceeds 2 seconds, + * it triggers host tx_idle_delay, which sets host TX state + * to sleep. Reset tx_idle_timer after SSR to prevent + * host enter TX IBS_Sleep mode. + */ + mod_timer(&qca->tx_idle_timer, jiffies + + msecs_to_jiffies(qca->tx_idle_delay)); + + /* Controller reset completion time is 50ms */ + msleep(50); + + clear_bit(QCA_SSR_TRIGGERED, &qca->flags); + clear_bit(QCA_IBS_DISABLED, &qca->flags); + + qca->tx_ibs_state = HCI_IBS_TX_AWAKE; + qca->memdump_state = QCA_MEMDUMP_IDLE; + } + clear_bit(QCA_HW_ERROR_EVENT, &qca->flags); } -- 2.34.1

2 weeks, 2 days

3
3
0 0

[PATCH v1] spi: microchip-core-qspi: stop checking viability of op->max_freq in supports_op callback

by Conor Dooley

From: Conor Dooley <conor.dooley(a)microchip.com> In commit 13529647743d9 ("spi: microchip-core-qspi: Support per spi-mem operation frequency switches") the logic for checking the viability of op->max_freq in mchp_coreqspi_setup_clock() was copied into mchp_coreqspi_supports_op(). Unfortunately, op->max_freq is not valid when this function is called during probe but is instead zero. Accordingly, baud_rate_val is calculated to be INT_MAX due to division by zero, causing probe of the attached memory device to fail. Seemingly spi-microchip-core-qspi was the only driver that had such a modification made to its supports_op callback when the per_op_freq capability was added, so just remove it to restore prior functionality. CC: stable(a)vger.kernel.org Reported-by: Valentina Fernandez <valentina.fernandezalanis(a)microchip.com> Fixes: 13529647743d9 ("spi: microchip-core-qspi: Support per spi-mem operation frequency switches") Signed-off-by: Conor Dooley <conor.dooley(a)microchip.com> --- CC: Conor Dooley <conor.dooley(a)microchip.com> CC: Daire McNamara <daire.mcnamara(a)microchip.com> CC: Mark Brown <broonie(a)kernel.org> CC: Miquel Raynal <miquel.raynal(a)bootlin.com> CC: linux-spi(a)vger.kernel.org CC: linux-kernel(a)vger.kernel.org --- drivers/spi/spi-microchip-core-qspi.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/drivers/spi/spi-microchip-core-qspi.c b/drivers/spi/spi-microchip-core-qspi.c index d13a9b755c7f8..8dc98b17f77b5 100644 --- a/drivers/spi/spi-microchip-core-qspi.c +++ b/drivers/spi/spi-microchip-core-qspi.c @@ -531,10 +531,6 @@ static int mchp_coreqspi_exec_op(struct spi_mem *mem, const struct spi_mem_op *o static bool mchp_coreqspi_supports_op(struct spi_mem *mem, const struct spi_mem_op *op) { - struct mchp_coreqspi *qspi = spi_controller_get_devdata(mem->spi->controller); - unsigned long clk_hz; - u32 baud_rate_val; - if (!spi_mem_default_supports_op(mem, op)) return false; @@ -557,14 +553,6 @@ static bool mchp_coreqspi_supports_op(struct spi_mem *mem, const struct spi_mem_ return false; } - clk_hz = clk_get_rate(qspi->clk); - if (!clk_hz) - return false; - - baud_rate_val = DIV_ROUND_UP(clk_hz, 2 * op->max_freq); - if (baud_rate_val > MAX_DIVIDER || baud_rate_val < MIN_DIVIDER) - return false; - return true; } -- 2.47.2

2 weeks, 2 days

2
2
0 0

[PATCH] PM: EM: Fix late boot with holes in CPU topology

by Christian Loehle

commit e3f1164fc9ee ("PM: EM: Support late CPUs booting and capacity adjustment") added a mechanism to handle CPUs that come up late by retrying when any of the `cpufreq_cpu_get()` call fails. However, if there are holes in the CPU topology (offline CPUs, e.g. nosmt), the first missing CPU causes the loop to break, preventing subsequent online CPUs from being updated. Instead of aborting on the first missing CPU policy, loop through all and retry if any were missing. Fixes: e3f1164fc9ee ("PM: EM: Support late CPUs booting and capacity adjustment") Suggested-by: Kenneth Crudup <kenneth.crudup(a)gmail.com> Reported-by: Kenneth Crudup <kenneth.crudup(a)gmail.com> Closes: https://lore.kernel.org/linux-pm/40212796-734c-4140-8a85-854f72b8144d@panix… Cc: stable(a)vger.kernel.org Signed-off-by: Christian Loehle <christian.loehle(a)arm.com> --- kernel/power/energy_model.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/kernel/power/energy_model.c b/kernel/power/energy_model.c index ea7995a25780..b63c2afc1379 100644 --- a/kernel/power/energy_model.c +++ b/kernel/power/energy_model.c @@ -778,7 +778,7 @@ void em_adjust_cpu_capacity(unsigned int cpu) static void em_check_capacity_update(void) { cpumask_var_t cpu_done_mask; - int cpu; + int cpu, failed_cpus = 0; if (!zalloc_cpumask_var(&cpu_done_mask, GFP_KERNEL)) { pr_warn("no free memory\n"); @@ -796,10 +796,8 @@ static void em_check_capacity_update(void) policy = cpufreq_cpu_get(cpu); if (!policy) { - pr_debug("Accessing cpu%d policy failed\n", cpu); - schedule_delayed_work(&em_update_work, - msecs_to_jiffies(1000)); - break; + failed_cpus++; + continue; } cpufreq_cpu_put(policy); @@ -814,6 +812,11 @@ static void em_check_capacity_update(void) em_adjust_new_capacity(cpu, dev, pd); } + if (failed_cpus) { + pr_debug("Accessing %d policies failed, retrying\n", failed_cpus); + schedule_delayed_work(&em_update_work, msecs_to_jiffies(1000)); + } + free_cpumask_var(cpu_done_mask); } -- 2.34.1

2 weeks, 2 days

2
5
0 0

[PATCH v3] mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting

by Ruan Shiyang

Goto-san reported confusing pgpromote statistics where the pgpromote_success count significantly exceeded pgpromote_candidate. On a system with three nodes (nodes 0-1: DRAM 4GB, node 2: NVDIMM 4GB): # Enable demotion only echo 1 > /sys/kernel/mm/numa/demotion_enabled numactl -m 0-1 memhog -r200 3500M >/dev/null & pid=$! sleep 2 numactl memhog -r100 2500M >/dev/null & sleep 10 kill -9 $pid # terminate the 1st memhog # Enable promotion echo 2 > /proc/sys/kernel/numa_balancing After a few seconds, we observeed `pgpromote_candidate < pgpromote_success` $ grep -e pgpromote /proc/vmstat pgpromote_success 2579 pgpromote_candidate 0 In this scenario, after terminating the first memhog, the conditions for pgdat_free_space_enough() are quickly met, and triggers promotion. However, these migrated pages are only counted for in PGPROMOTE_SUCCESS, not in PGPROMOTE_CANDIDATE. To solve these confusing statistics, introduce PGPROMOTE_CANDIDATE_NRL to count the missed promotion pages. And also, not counting these pages into PGPROMOTE_CANDIDATE is to avoid changing the existing algorithm or performance of the promotion rate limit. Link: https://lkml.kernel.org/r/20250729035101.1601407-1-ruansy.fnst@fujitsu.com Co-developed-by: Li Zhijian <lizhijian(a)fujitsu.com> Signed-off-by: Li Zhijian <lizhijian(a)fujitsu.com> Signed-off-by: Ruan Shiyang <ruansy.fnst(a)fujitsu.com> Reported-by: Yasunori Gotou (Fujitsu) <y-goto(a)fujitsu.com> Suggested-by: Huang Ying <ying.huang(a)linux.alibaba.com> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Juri Lelli <juri.lelli(a)redhat.com> Cc: Vincent Guittot <vincent.guittot(a)linaro.org> Cc: Dietmar Eggemann <dietmar.eggemann(a)arm.com> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Ben Segall <bsegall(a)google.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Valentin Schneider <vschneid(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Changes since v2: 1. add 'Co-developed-by: Li Zhijian' followed by 'Signed-off-by' per Vlastimil. --- include/linux/mmzone.h | 16 +++++++++++++++- kernel/sched/fair.c | 5 +++-- mm/vmstat.c | 1 + 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h index 0c5da9141983..9d3ea9085556 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h @@ -234,7 +234,21 @@ enum node_stat_item { #endif #ifdef CONFIG_NUMA_BALANCING PGPROMOTE_SUCCESS, /* promote successfully */ - PGPROMOTE_CANDIDATE, /* candidate pages to promote */ + /** + * Candidate pages for promotion based on hint fault latency. This + * counter is used to control the promotion rate and adjust the hot + * threshold. + */ + PGPROMOTE_CANDIDATE, + /** + * Not rate-limited (NRL) candidate pages for those can be promoted + * without considering hot threshold because of enough free pages in + * fast-tier node. These promotions bypass the regular hotness checks + * and do NOT influence the promotion rate-limiter or + * threshold-adjustment logic. + * This is for statistics/monitoring purposes. + */ + PGPROMOTE_CANDIDATE_NRL, #endif /* PGDEMOTE_*: pages demoted */ PGDEMOTE_KSWAPD, diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index b173a059315c..82c8d804c54c 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -1923,11 +1923,13 @@ bool should_numa_migrate_memory(struct task_struct *p, struct folio *folio, struct pglist_data *pgdat; unsigned long rate_limit; unsigned int latency, th, def_th; + long nr = folio_nr_pages(folio); pgdat = NODE_DATA(dst_nid); if (pgdat_free_space_enough(pgdat)) { /* workload changed, reset hot threshold */ pgdat->nbp_threshold = 0; + mod_node_page_state(pgdat, PGPROMOTE_CANDIDATE_NRL, nr); return true; } @@ -1941,8 +1943,7 @@ bool should_numa_migrate_memory(struct task_struct *p, struct folio *folio, if (latency >= th) return false; - return !numa_promotion_rate_limit(pgdat, rate_limit, - folio_nr_pages(folio)); + return !numa_promotion_rate_limit(pgdat, rate_limit, nr); } this_cpupid = cpu_pid_to_cpupid(dst_cpu, current->pid); diff --git a/mm/vmstat.c b/mm/vmstat.c index 71cd1ceba191..e74f0b2a1021 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c @@ -1280,6 +1280,7 @@ const char * const vmstat_text[] = { #ifdef CONFIG_NUMA_BALANCING [I(PGPROMOTE_SUCCESS)] = "pgpromote_success", [I(PGPROMOTE_CANDIDATE)] = "pgpromote_candidate", + [I(PGPROMOTE_CANDIDATE_NRL)] = "pgpromote_candidate_nrl", #endif [I(PGDEMOTE_KSWAPD)] = "pgdemote_kswapd", [I(PGDEMOTE_DIRECT)] = "pgdemote_direct", -- 2.43.0

2 weeks, 2 days

4
4
0 0

[PATCH net 1/1] batman-adv: fix OOB read/write in network-coding decode

by Simon Wunderlich

From: Stanislav Fort <stanislav.fort(a)aisle.com> batadv_nc_skb_decode_packet() trusts coded_len and checks only against skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing payload headroom, and the source skb length is not verified, allowing an out-of-bounds read and a small out-of-bounds write. Validate that coded_len fits within the payload area of both destination and source sk_buffs before XORing. Fixes: 2df5278b0267 ("batman-adv: network coding - receive coded packets and decode them") Cc: stable(a)vger.kernel.org Reported-by: Stanislav Fort <disclosure(a)aisle.com> Signed-off-by: Stanislav Fort <stanislav.fort(a)aisle.com> Signed-off-by: Sven Eckelmann <sven(a)narfation.org> Signed-off-by: Simon Wunderlich <sw(a)simonwunderlich.de> --- net/batman-adv/network-coding.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c index 9f56308779cc3..af97d077369f9 100644 --- a/net/batman-adv/network-coding.c +++ b/net/batman-adv/network-coding.c @@ -1687,7 +1687,12 @@ batadv_nc_skb_decode_packet(struct batadv_priv *bat_priv, struct sk_buff *skb, coding_len = ntohs(coded_packet_tmp.coded_len); - if (coding_len > skb->len) + /* ensure dst buffer is large enough (payload only) */ + if (coding_len + h_size > skb->len) + return NULL; + + /* ensure src buffer is large enough (payload only) */ + if (coding_len + h_size > nc_packet->skb->len) return NULL; /* Here the magic is reversed: -- 2.47.2

2 weeks, 2 days

2
1
0 0

[PATCH] KVM: arm64: nested: Fix VA sign extension in VNCR/TLBI paths

by Gyujeong Jin

From: gyutrange <wlsrbwjd643(a)naver.com> VNCR/TLBI VA reconstruction currently uses bit 48 as the sign bit, but for 48-bit virtual addresses the correct sign bit is bit 47. Using 48 can mis-canonicalize addresses in the negative half and may cause missed invalidations. Although VNCR_EL2 encodes other architectural fields (RESS, BADDR; see Arm ARM D24.2.206), sign_extend64() interprets its second argument as the index of the sign bit. Passing 48 prevents propagation of the canonical sign bit for 48-bit VAs. Impact: - Incorrect canonicalization of VAs with bit47=1 - Potential stale VNCR pseudo-TLB entries after TLBI or MMU notifier - Possible incorrect translation/permissions or DoS when combined with other issues Fixes: 667304740537 ("KVM: arm64: Mask out non-VA bits from TLBI VA* on VNCR invalidation") Cc: stable(a)vger.kernel.org Reported-by: DongHa Lee <gap-dev(a)example.com> Reported-by: Gyujeong Jin <wlsrbwjd7232(a)gmail.com> Reported-by: Daehyeon Ko <4ncient(a)example.com> Reported-by: Geonha Lee <leegn4a(a)example.com> Reported-by: Hyungyu Oh <dqpc_lover(a)example.com> Reported-by: Jaewon Yang <r4mbb1(a)example.com> Signed-off-by: Gyujeong Jin <wlsrbwjd7232(a)gmail.com> --- arch/arm64/kvm/nested.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kvm/nested.c b/arch/arm64/kvm/nested.c index 77db81bae86f..eaa6dd9da086 100644 --- a/arch/arm64/kvm/nested.c +++ b/arch/arm64/kvm/nested.c @@ -1169,7 +1169,7 @@ int kvm_vcpu_allocate_vncr_tlb(struct kvm_vcpu *vcpu) static u64 read_vncr_el2(struct kvm_vcpu *vcpu) { - return (u64)sign_extend64(__vcpu_sys_reg(vcpu, VNCR_EL2), 48); + return (u64)sign_extend64(__vcpu_sys_reg(vcpu, VNCR_EL2), 47); } static int kvm_translate_vncr(struct kvm_vcpu *vcpu) -- 2.43.0

2 weeks, 2 days

3
3
0 0

[PATCH v2] arm64: dts: qcom: sm8450: Fix address for usb controller node

by Krishna Kurapati

Correct the address in usb controller node to fix the following warning: Warning (simple_bus_reg): /soc@0/usb@a6f8800: simple-bus unit address format error, expected "a600000" Fixes: c5a87e3a6b3e ("arm64: dts: qcom: sm8450: Flatten usb controller node") Cc: stable(a)vger.kernel.org Reported-by: kernel test robot <lkp(a)intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202508121834.953Mvah2-lkp@intel.com/ Signed-off-by: Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> --- This change was tested with W=1 and the reported issue is not seen. Also didn't add RB Tag received from Neil Armstrong since there is a change in commit text. This change is based on top of latest linux next. Changes in v2: Fixed the fixes tag. Link to v1: https://lore.kernel.org/all/20250813063840.2158792-1-krishna.kurapati@oss.q… arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/qcom/sm8450.dtsi b/arch/arm64/boot/dts/qcom/sm8450.dtsi index 2baef6869ed7..38c91c3ec787 100644 --- a/arch/arm64/boot/dts/qcom/sm8450.dtsi +++ b/arch/arm64/boot/dts/qcom/sm8450.dtsi @@ -5417,7 +5417,7 @@ opp-202000000 { }; }; - usb_1: usb@a6f8800 { + usb_1: usb@a600000 { compatible = "qcom,sm8450-dwc3", "qcom,snps-dwc3"; reg = <0 0x0a600000 0 0xfc100>; status = "disabled"; -- 2.34.1

2 weeks, 2 days

4
3
0 0

[PATCH v5 2/2] drm/buddy: Separate clear and dirty free block trees

by Arunpravin Paneer Selvam

Maintain two separate RB trees per order - one for clear (zeroed) blocks and another for dirty (uncleared) blocks. This separation improves code clarity and makes it more obvious which tree is being searched during allocation. It also improves scalability and efficiency when searching for a specific type of block, avoiding unnecessary checks and making the allocator more predictable under fragmentation. The changes have been validated using the existing drm_buddy_test KUnit test cases, along with selected graphics workloads, to ensure correctness and avoid regressions. v2: Missed adding the suggested-by tag. Added it in v2. v3(Matthew): - Remove the double underscores from the internal functions. - Rename the internal functions to have less generic names. - Fix the error handling code. - Pass tree argument for the tree macro. - Use the existing dirty/free bit instead of new tree field. - Make free_trees[] instead of clear_tree and dirty_tree for more cleaner approach. v4: - A bug was reported by Intel CI and it is fixed by Matthew Auld. - Replace the get_root function with &mm->free_trees[tree][order] (Matthew) - Remove the unnecessary rbtree_is_empty() check (Matthew) - Remove the unnecessary get_tree_for_flags() function. - Rename get_tree_for_block() name with get_block_tree() for more clarity. v5(Jani Nikula): - Don't use static inline in .c files. - enum free_tree and enumerator names are quite generic for a header and usage and the whole enum should be an implementation detail. Signed-off-by: Arunpravin Paneer Selvam <Arunpravin.PaneerSelvam(a)amd.com> Suggested-by: Matthew Auld <matthew.auld(a)intel.com> Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/4260 --- drivers/gpu/drm/drm_buddy.c | 336 +++++++++++++++++++++--------------- include/drm/drm_buddy.h | 2 +- 2 files changed, 201 insertions(+), 137 deletions(-) diff --git a/drivers/gpu/drm/drm_buddy.c b/drivers/gpu/drm/drm_buddy.c index 978cabfbcf0f..4f96e2e17d08 100644 --- a/drivers/gpu/drm/drm_buddy.c +++ b/drivers/gpu/drm/drm_buddy.c @@ -12,8 +12,17 @@ #include <drm/drm_buddy.h> +enum drm_buddy_free_tree { + DRM_BUDDY_CLEAR_TREE = 0, + DRM_BUDDY_DIRTY_TREE, + DRM_BUDDY_MAX_FREE_TREES, +}; + static struct kmem_cache *slab_blocks; +#define for_each_free_tree(tree) \ + for ((tree) = 0; (tree) < DRM_BUDDY_MAX_FREE_TREES; (tree)++) + static struct drm_buddy_block *drm_block_alloc(struct drm_buddy *mm, struct drm_buddy_block *parent, unsigned int order, @@ -43,22 +52,61 @@ static void drm_block_free(struct drm_buddy *mm, kmem_cache_free(slab_blocks, block); } +static enum drm_buddy_free_tree +get_block_tree(struct drm_buddy_block *block) +{ + return drm_buddy_block_is_clear(block) ? + DRM_BUDDY_CLEAR_TREE : DRM_BUDDY_DIRTY_TREE; +} + +static struct drm_buddy_block * +rbtree_get_free_block(struct rb_node *node) +{ + return node ? rb_entry(node, struct drm_buddy_block, rb) : NULL; +} + +static struct drm_buddy_block * +rbtree_prev_free_block(struct rb_node *node) +{ + return rbtree_get_free_block(rb_prev(node)); +} + +static struct drm_buddy_block * +rbtree_first_free_block(struct rb_root *root) +{ + return rbtree_get_free_block(rb_first(root)); +} + +static struct drm_buddy_block * +rbtree_last_free_block(struct rb_root *root) +{ + return rbtree_get_free_block(rb_last(root)); +} + +static bool rbtree_is_empty(struct rb_root *root) +{ + return RB_EMPTY_ROOT(root); +} + static void rbtree_insert(struct drm_buddy *mm, - struct drm_buddy_block *block) + struct drm_buddy_block *block, + enum drm_buddy_free_tree tree) { - struct rb_root *root = &mm->free_tree[drm_buddy_block_order(block)]; - struct rb_node **link = &root->rb_node; - struct rb_node *parent = NULL; + struct rb_node **link, *parent = NULL; struct drm_buddy_block *node; - u64 offset; + struct rb_root *root; + unsigned int order; - offset = drm_buddy_block_offset(block); + order = drm_buddy_block_order(block); + + root = &mm->free_trees[tree][order]; + link = &root->rb_node; while (*link) { parent = *link; - node = rb_entry(parent, struct drm_buddy_block, rb); + node = rbtree_get_free_block(parent); - if (offset < drm_buddy_block_offset(node)) + if (drm_buddy_block_offset(block) < drm_buddy_block_offset(node)) link = &parent->rb_left; else link = &parent->rb_right; @@ -71,27 +119,17 @@ static void rbtree_insert(struct drm_buddy *mm, static void rbtree_remove(struct drm_buddy *mm, struct drm_buddy_block *block) { + unsigned int order = drm_buddy_block_order(block); struct rb_root *root; + enum drm_buddy_free_tree tree; - root = &mm->free_tree[drm_buddy_block_order(block)]; - rb_erase(&block->rb, root); + tree = get_block_tree(block); + root = &mm->free_trees[tree][order]; + rb_erase(&block->rb, root); RB_CLEAR_NODE(&block->rb); } -static inline struct drm_buddy_block * -rbtree_last_entry(struct drm_buddy *mm, unsigned int order) -{ - struct rb_node *node = rb_last(&mm->free_tree[order]); - - return node ? rb_entry(node, struct drm_buddy_block, rb) : NULL; -} - -static bool rbtree_is_empty(struct drm_buddy *mm, unsigned int order) -{ - return RB_EMPTY_ROOT(&mm->free_tree[order]); -} - static void clear_reset(struct drm_buddy_block *block) { block->header &= ~DRM_BUDDY_HEADER_CLEAR; @@ -114,10 +152,13 @@ static void mark_allocated(struct drm_buddy *mm, static void mark_free(struct drm_buddy *mm, struct drm_buddy_block *block) { + enum drm_buddy_free_tree tree; + block->header &= ~DRM_BUDDY_HEADER_STATE; block->header |= DRM_BUDDY_FREE; - rbtree_insert(mm, block); + tree = get_block_tree(block); + rbtree_insert(mm, block, tree); } static void mark_split(struct drm_buddy *mm, @@ -203,6 +244,7 @@ static int __force_merge(struct drm_buddy *mm, u64 end, unsigned int min_order) { + enum drm_buddy_free_tree tree; unsigned int order; int i; @@ -212,50 +254,49 @@ static int __force_merge(struct drm_buddy *mm, if (min_order > mm->max_order) return -EINVAL; - for (i = min_order - 1; i >= 0; i--) { - struct drm_buddy_block *block, *prev_block, *first_block; + for_each_free_tree(tree) { + for (i = min_order - 1; i >= 0; i--) { + struct rb_root *root = &mm->free_trees[tree][i]; + struct drm_buddy_block *block, *prev_block; - first_block = rb_entry(rb_first(&mm->free_tree[i]), struct drm_buddy_block, rb); + rbtree_reverse_for_each_entry_safe(block, prev_block, root, rb) { + struct drm_buddy_block *buddy; + u64 block_start, block_end; - rbtree_reverse_for_each_entry_safe(block, prev_block, &mm->free_tree[i], rb) { - struct drm_buddy_block *buddy; - u64 block_start, block_end; - - if (!block->parent) - continue; + if (!block->parent) + continue; - block_start = drm_buddy_block_offset(block); - block_end = block_start + drm_buddy_block_size(mm, block) - 1; + block_start = drm_buddy_block_offset(block); + block_end = block_start + drm_buddy_block_size(mm, block) - 1; - if (!contains(start, end, block_start, block_end)) - continue; + if (!contains(start, end, block_start, block_end)) + continue; - buddy = __get_buddy(block); - if (!drm_buddy_block_is_free(buddy)) - continue; + buddy = __get_buddy(block); + if (!drm_buddy_block_is_free(buddy)) + continue; - WARN_ON(drm_buddy_block_is_clear(block) == - drm_buddy_block_is_clear(buddy)); + WARN_ON(drm_buddy_block_is_clear(block) == + drm_buddy_block_is_clear(buddy)); - /* - * If the prev block is same as buddy, don't access the - * block in the next iteration as we would free the - * buddy block as part of the free function. - */ - if (prev_block && prev_block == buddy) { - if (prev_block != first_block) - prev_block = rb_entry(rb_prev(&prev_block->rb), - struct drm_buddy_block, - rb); - } + /* + * If the prev block is same as buddy, don't access the + * block in the next iteration as we would free the + * buddy block as part of the free function. + */ + if (prev_block && prev_block == buddy) { + if (prev_block != rbtree_first_free_block(root)) + prev_block = rbtree_prev_free_block(&prev_block->rb); + } - rbtree_remove(mm, block); - if (drm_buddy_block_is_clear(block)) - mm->clear_avail -= drm_buddy_block_size(mm, block); + rbtree_remove(mm, block); + if (drm_buddy_block_is_clear(block)) + mm->clear_avail -= drm_buddy_block_size(mm, block); - order = __drm_buddy_free(mm, block, true); - if (order >= min_order) - return 0; + order = __drm_buddy_free(mm, block, true); + if (order >= min_order) + return 0; + } } } @@ -276,7 +317,7 @@ static int __force_merge(struct drm_buddy *mm, */ int drm_buddy_init(struct drm_buddy *mm, u64 size, u64 chunk_size) { - unsigned int i; + unsigned int i, j; u64 offset; if (size < chunk_size) @@ -298,14 +339,22 @@ int drm_buddy_init(struct drm_buddy *mm, u64 size, u64 chunk_size) BUG_ON(mm->max_order > DRM_BUDDY_MAX_ORDER); - mm->free_tree = kmalloc_array(mm->max_order + 1, - sizeof(struct rb_root), - GFP_KERNEL); - if (!mm->free_tree) + mm->free_trees = kmalloc_array(DRM_BUDDY_MAX_FREE_TREES, + sizeof(*mm->free_trees), + GFP_KERNEL); + if (!mm->free_trees) return -ENOMEM; - for (i = 0; i <= mm->max_order; ++i) - mm->free_tree[i] = RB_ROOT; + for (i = 0; i < DRM_BUDDY_MAX_FREE_TREES; i++) { + mm->free_trees[i] = kmalloc_array(mm->max_order + 1, + sizeof(struct rb_root), + GFP_KERNEL); + if (!mm->free_trees[i]) + goto out_free_tree; + + for (j = 0; j <= mm->max_order; ++j) + mm->free_trees[i][j] = RB_ROOT; + } mm->n_roots = hweight64(size); @@ -353,7 +402,9 @@ int drm_buddy_init(struct drm_buddy *mm, u64 size, u64 chunk_size) drm_block_free(mm, mm->roots[i]); kfree(mm->roots); out_free_tree: - kfree(mm->free_tree); + while (i--) + kfree(mm->free_trees[i]); + kfree(mm->free_trees); return -ENOMEM; } EXPORT_SYMBOL(drm_buddy_init); @@ -389,8 +440,9 @@ void drm_buddy_fini(struct drm_buddy *mm) WARN_ON(mm->avail != mm->size); + for (i = 0; i < DRM_BUDDY_MAX_FREE_TREES; i++) + kfree(mm->free_trees[i]); kfree(mm->roots); - kfree(mm->free_tree); } EXPORT_SYMBOL(drm_buddy_fini); @@ -414,8 +466,7 @@ static int split_block(struct drm_buddy *mm, return -ENOMEM; } - mark_free(mm, block->left); - mark_free(mm, block->right); + mark_split(mm, block); if (drm_buddy_block_is_clear(block)) { mark_cleared(block->left); @@ -423,7 +474,8 @@ static int split_block(struct drm_buddy *mm, clear_reset(block); } - mark_split(mm, block); + mark_free(mm, block->left); + mark_free(mm, block->right); return 0; } @@ -456,6 +508,7 @@ EXPORT_SYMBOL(drm_get_buddy); */ void drm_buddy_reset_clear(struct drm_buddy *mm, bool is_clear) { + enum drm_buddy_free_tree src_tree, dst_tree; u64 root_size, size, start; unsigned int order; int i; @@ -470,19 +523,24 @@ void drm_buddy_reset_clear(struct drm_buddy *mm, bool is_clear) size -= root_size; } + src_tree = is_clear ? DRM_BUDDY_DIRTY_TREE : DRM_BUDDY_CLEAR_TREE; + dst_tree = is_clear ? DRM_BUDDY_CLEAR_TREE : DRM_BUDDY_DIRTY_TREE; + for (i = 0; i <= mm->max_order; ++i) { + struct rb_root *root = &mm->free_trees[src_tree][i]; struct drm_buddy_block *block; - rbtree_reverse_for_each_entry(block, &mm->free_tree[i], rb) { - if (is_clear != drm_buddy_block_is_clear(block)) { - if (is_clear) { - mark_cleared(block); - mm->clear_avail += drm_buddy_block_size(mm, block); - } else { - clear_reset(block); - mm->clear_avail -= drm_buddy_block_size(mm, block); - } + rbtree_reverse_for_each_entry(block, root, rb) { + rbtree_remove(mm, block); + if (is_clear) { + mark_cleared(block); + mm->clear_avail += drm_buddy_block_size(mm, block); + } else { + clear_reset(block); + mm->clear_avail -= drm_buddy_block_size(mm, block); } + + rbtree_insert(mm, block, dst_tree); } } } @@ -672,23 +730,17 @@ __drm_buddy_alloc_range_bias(struct drm_buddy *mm, } static struct drm_buddy_block * -get_maxblock(struct drm_buddy *mm, unsigned int order, - unsigned long flags) +get_maxblock(struct drm_buddy *mm, + unsigned int order, + enum drm_buddy_free_tree tree) { struct drm_buddy_block *max_block = NULL, *block = NULL; + struct rb_root *root; unsigned int i; for (i = order; i <= mm->max_order; ++i) { - struct drm_buddy_block *tmp_block; - - rbtree_reverse_for_each_entry(tmp_block, &mm->free_tree[i], rb) { - if (block_incompatible(tmp_block, flags)) - continue; - - block = tmp_block; - break; - } - + root = &mm->free_trees[tree][i]; + block = rbtree_last_free_block(root); if (!block) continue; @@ -712,39 +764,39 @@ alloc_from_freetree(struct drm_buddy *mm, unsigned long flags) { struct drm_buddy_block *block = NULL; + struct rb_root *root; + enum drm_buddy_free_tree tree; unsigned int tmp; int err; + tree = (flags & DRM_BUDDY_CLEAR_ALLOCATION) ? + DRM_BUDDY_CLEAR_TREE : DRM_BUDDY_DIRTY_TREE; + if (flags & DRM_BUDDY_TOPDOWN_ALLOCATION) { - block = get_maxblock(mm, order, flags); + block = get_maxblock(mm, order, tree); if (block) /* Store the obtained block order */ tmp = drm_buddy_block_order(block); } else { for (tmp = order; tmp <= mm->max_order; ++tmp) { - struct drm_buddy_block *tmp_block; - - rbtree_reverse_for_each_entry(tmp_block, &mm->free_tree[tmp], rb) { - if (block_incompatible(tmp_block, flags)) - continue; - - block = tmp_block; - break; - } - + /* Get RB tree root for this order and tree */ + root = &mm->free_trees[tree][tmp]; + block = rbtree_last_free_block(root); if (block) break; } } if (!block) { - /* Fallback method */ + /* Try allocating from the other tree */ + tree = (tree == DRM_BUDDY_CLEAR_TREE) ? + DRM_BUDDY_DIRTY_TREE : DRM_BUDDY_CLEAR_TREE; + for (tmp = order; tmp <= mm->max_order; ++tmp) { - if (!rbtree_is_empty(mm, tmp)) { - block = rbtree_last_entry(mm, tmp); - if (block) - break; - } + root = &mm->free_trees[tree][tmp]; + block = rbtree_last_free_block(root); + if (block) + break; } if (!block) @@ -888,6 +940,7 @@ static int __alloc_contig_try_harder(struct drm_buddy *mm, u64 rhs_offset, lhs_offset, lhs_size, filled; struct drm_buddy_block *block; LIST_HEAD(blocks_lhs); + enum drm_buddy_free_tree tree; unsigned long pages; unsigned int order; u64 modify_size; @@ -899,34 +952,39 @@ static int __alloc_contig_try_harder(struct drm_buddy *mm, if (order == 0) return -ENOSPC; - if (rbtree_is_empty(mm, order)) + if (rbtree_is_empty(&mm->free_trees[DRM_BUDDY_CLEAR_TREE][order]) && + rbtree_is_empty(&mm->free_trees[DRM_BUDDY_DIRTY_TREE][order])) return -ENOSPC; - rbtree_reverse_for_each_entry(block, &mm->free_tree[order], rb) { - /* Allocate blocks traversing RHS */ - rhs_offset = drm_buddy_block_offset(block); - err = __drm_buddy_alloc_range(mm, rhs_offset, size, - &filled, blocks); - if (!err || err != -ENOSPC) - return err; - - lhs_size = max((size - filled), min_block_size); - if (!IS_ALIGNED(lhs_size, min_block_size)) - lhs_size = round_up(lhs_size, min_block_size); - - /* Allocate blocks traversing LHS */ - lhs_offset = drm_buddy_block_offset(block) - lhs_size; - err = __drm_buddy_alloc_range(mm, lhs_offset, lhs_size, - NULL, &blocks_lhs); - if (!err) { - list_splice(&blocks_lhs, blocks); - return 0; - } else if (err != -ENOSPC) { + for_each_free_tree(tree) { + struct rb_root *root = &mm->free_trees[tree][order]; + + rbtree_reverse_for_each_entry(block, root, rb) { + /* Allocate blocks traversing RHS */ + rhs_offset = drm_buddy_block_offset(block); + err = __drm_buddy_alloc_range(mm, rhs_offset, size, + &filled, blocks); + if (!err || err != -ENOSPC) + return err; + + lhs_size = max((size - filled), min_block_size); + if (!IS_ALIGNED(lhs_size, min_block_size)) + lhs_size = round_up(lhs_size, min_block_size); + + /* Allocate blocks traversing LHS */ + lhs_offset = drm_buddy_block_offset(block) - lhs_size; + err = __drm_buddy_alloc_range(mm, lhs_offset, lhs_size, + NULL, &blocks_lhs); + if (!err) { + list_splice(&blocks_lhs, blocks); + return 0; + } else if (err != -ENOSPC) { + drm_buddy_free_list_internal(mm, blocks); + return err; + } + /* Free blocks for the next iteration */ drm_buddy_free_list_internal(mm, blocks); - return err; } - /* Free blocks for the next iteration */ - drm_buddy_free_list_internal(mm, blocks); } return -ENOSPC; @@ -1231,6 +1289,7 @@ EXPORT_SYMBOL(drm_buddy_block_print); */ void drm_buddy_print(struct drm_buddy *mm, struct drm_printer *p) { + enum drm_buddy_free_tree tree; int order; drm_printf(p, "chunk_size: %lluKiB, total: %lluMiB, free: %lluMiB, clear_free: %lluMiB\n", @@ -1238,11 +1297,16 @@ void drm_buddy_print(struct drm_buddy *mm, struct drm_printer *p) for (order = mm->max_order; order >= 0; order--) { struct drm_buddy_block *block; + struct rb_root *root; u64 count = 0, free; - rbtree_for_each_entry(block, &mm->free_tree[order], rb) { - BUG_ON(!drm_buddy_block_is_free(block)); - count++; + for_each_free_tree(tree) { + root = &mm->free_trees[tree][order]; + + rbtree_for_each_entry(block, root, rb) { + BUG_ON(!drm_buddy_block_is_free(block)); + count++; + } } drm_printf(p, "order-%2d ", order); diff --git a/include/drm/drm_buddy.h b/include/drm/drm_buddy.h index 091823592034..a2189a92bb7a 100644 --- a/include/drm/drm_buddy.h +++ b/include/drm/drm_buddy.h @@ -73,7 +73,7 @@ struct drm_buddy_block { */ struct drm_buddy { /* Maintain a free list for each order. */ - struct rb_root *free_tree; + struct rb_root **free_trees; /* * Maintain explicit binary tree(s) to track the allocation of the -- 2.34.1

2 weeks, 2 days

2
1
0 0

[PATCH v3 0/2] i2c: pxa: fix I2C communication on Armada 3700

by Gabor Juhos

There is a long standing bug which causes I2C communication not to work on the Armada 3700 based boards. The first patch in the series fixes that regression. The second patch improves recovery to make it more robust which helps to avoid communication problems with certain SFP modules. Signed-off-by: Gabor Juhos <j4g8y7(a)gmail.com> --- Changes in v3: - rebase on tip of i2c/for-current - remove Imre's tag from the cover letter, and replace his SoB tag to Reviewed-by in the individual patches - rework the second patch so it does not need changes in the I2C core code, and drop the first one as it is not needed now - Link to v2: https://lore.kernel.org/r/20250811-i2c-pxa-fix-i2c-communication-v2-0-ca42e… Changes in v2: - collect offered tags - rebase and retest on tip of i2c/for-current - Link to v1: https://lore.kernel.org/r/20250511-i2c-pxa-fix-i2c-communication-v1-0-e9097… --- Gabor Juhos (2): i2c: pxa: defer reset on Armada 3700 when recovery is used i2c: pxa: handle 'Early Bus Busy' condition on Armada 3700 drivers/i2c/busses/i2c-pxa.c | 35 ++++++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 7 deletions(-) --- base-commit: 3dd22078026c7cad4d4a3f32c5dc5452c7180de8 change-id: 20250510-i2c-pxa-fix-i2c-communication-3e6de1e3d0c6 Best regards, -- Gabor Juhos <j4g8y7(a)gmail.com>

2 weeks, 2 days

2
8
0 0

[PATCH] PCI: j721e: Fix module autoloading

by Siddharth Vadapalli

Commit under Fixes added support to build the driver as a loadable module. However, it did not add MODULE_DEVICE_TABLE() which is required for autoloading the driver when it is built as a loadable module. Fix it. Fixes: a2790bf81f0f ("PCI: j721e: Add support to build as a loadable module") Cc: <stable(a)vger.kernel.org> Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> --- Hello, This patch is based on commit b320789d6883 Linux 6.17-rc4 of Mainline Linux. Patch has been tested on J7200-EVM with the driver configs set to 'm'. The pci-j721e.c driver is autoloaded as Linux boots and it doesn't need to be manually probed. Logs: https://gist.github.com/Siddharth-Vadapalli-at-TI/f64eed4df6fd4f714747b3c7e… Regards, Siddharth. drivers/pci/controller/cadence/pci-j721e.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/pci/controller/cadence/pci-j721e.c b/drivers/pci/controller/cadence/pci-j721e.c index 6c93f39d0288..cfca13a4c840 100644 --- a/drivers/pci/controller/cadence/pci-j721e.c +++ b/drivers/pci/controller/cadence/pci-j721e.c @@ -440,6 +440,7 @@ static const struct of_device_id of_j721e_pcie_match[] = { }, {}, }; +MODULE_DEVICE_TABLE(of, of_j721e_pcie_match); static int j721e_pcie_probe(struct platform_device *pdev) { -- 2.43.0

2 weeks, 2 days

2
1
0 0

[PATCH 0/2] Backport request: mcp2221 needed to access eeprom data

by Romain Sioen

Hi maintainers, Please consider backporting the following patches to the stable trees. These patches fix a significant reading issue with mcp2221 on i2c eeprom. I have confirmed that the patches applie cleanly and build successfully against v6.6, v6.1, v5.15 and v5.10 stable branches. I will later come back to you with other patches that might need larger backport changes. Thanks, Romain Hamish Martin (2): HID: mcp2221: Don't set bus speed on every transfer HID: mcp2221: Handle reads greater than 60 bytes drivers/hid/hid-mcp2221.c | 71 +++++++++++++++++++++++++++------------ 1 file changed, 49 insertions(+), 22 deletions(-) -- 2.48.1

2 weeks, 2 days

1
2
0 0

5.10 backport request: ASoC: Intel: sof_rt5682: shrink platform_id names below 20 characters

by Michał Górny

Hello, I would like to request backporting the following patch to 5.10 series: 590cfb082837cc6c0c595adf1711330197c86a58 ASoC: Intel: sof_rt5682: shrink platform_id names below 20 characters The patch seems to be already present in 5.15 and newer branches, and its lack seems to be causing out-of-bounds read. I've hit it in the wild while trying to install 5.10.241 on i686: sh /var/tmp/portage/sys-kernel/gentoo-kernel-5.10.241/work/linux-5.10/scripts/depmod.sh depmod 5.10.241-gentoo-dist depmod: FATAL: Module index: bad character '�'=0x80 - only 7-bit ASCII is supported: platform:jsl_rt5682_max98360ax� TIA. -- Best regards, Michał Górny

2 weeks, 2 days

3
17
0 0

[PATCH v4 2/4] x86/cpu/topology: Always try cpu_parse_topology_ext() on AMD/Hygon

by K Prateek Nayak

Support for parsing the topology on AMD/Hygon processors using CPUID leaf 0xb was added in commit 3986a0a805e6 ("x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available"). In an effort to keep all the topology parsing bits in one place, this commit also introduced a pseudo dependency on the TOPOEXT feature to parse the CPUID leaf 0xb. TOPOEXT feature (CPUID 0x80000001 ECX[22]) advertises the support for Cache Properties leaf 0x8000001d and the CPUID leaf 0x8000001e EAX for "Extended APIC ID" however support for 0xb was introduced alongside the x2APIC support not only on AMD [1], but also historically on x86 [2]. Similar to 0xb, the support for extended CPU topology leaf 0x80000026 too does not depend on the TOPOEXT feature. The support for these leaves is expected to be confirmed by ensuring "leaf <= {extended_}cpuid_level" and then parsing the level 0 of the respective leaf to confirm EBX[15:0] (LogProcAtThisLevel) is non-zero as stated in the definition of "CPUID_Fn0000000B_EAX_x00 [Extended Topology Enumeration] (Core::X86::Cpuid::ExtTopEnumEax0)" in Processor Programming Reference (PPR) for AMD Family 19h Model 01h Rev B1 Vol1 [3] Sec. 2.1.15.1 "CPUID Instruction Functions". This has not been a problem on baremetal platforms since support for TOPOEXT (Fam 0x15 and later) predates the support for CPUID leaf 0xb (Fam 0x17[Zen2] and later), however, for AMD guests on QEMU, "x2apic" feature can be enabled independent of the "topoext" feature where QEMU expects topology and the initial APICID to be parsed using the CPUID leaf 0xb (especially when number of cores > 255) which is populated independent of the "topoext" feature flag. Unconditionally call cpu_parse_topology_ext() on AMD and Hygon processors to first parse the topology using the XTOPOLOGY leaves (0x80000026 / 0xb) before using the TOPOEXT leaf (0x8000001e). Cc: stable(a)vger.kernel.org # Only v6.9 and above Link: https://lore.kernel.org/lkml/1529686927-7665-1-git-send-email-suravee.suthi… [1] Link: https://lore.kernel.org/lkml/20080818181435.523309000@linux-os.sc.intel.com/ [2] Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 [3] Suggested-by: Naveen N Rao (AMD) <naveen(a)kernel.org> Fixes: 3986a0a805e6 ("x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available") Signed-off-by: K Prateek Nayak <kprateek.nayak(a)amd.com> --- Changelog v3..v4: o Quoted relevant section of the PPR justifying the changes. o Moved this patch up ahead. o Cc'd stable and made a note that backports should target v6.9 and above since this depends on the x86 topology rewrite. --- arch/x86/kernel/cpu/topology_amd.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/arch/x86/kernel/cpu/topology_amd.c b/arch/x86/kernel/cpu/topology_amd.c index 827dd0dbb6e9..4e3134a5550c 100644 --- a/arch/x86/kernel/cpu/topology_amd.c +++ b/arch/x86/kernel/cpu/topology_amd.c @@ -175,18 +175,14 @@ static void topoext_fixup(struct topo_scan *tscan) static void parse_topology_amd(struct topo_scan *tscan) { - bool has_topoext = false; - /* - * If the extended topology leaf 0x8000_001e is available - * try to get SMT, CORE, TILE, and DIE shifts from extended + * Try to get SMT, CORE, TILE, and DIE shifts from extended * CPUID leaf 0x8000_0026 on supported processors first. If * extended CPUID leaf 0x8000_0026 is not supported, try to * get SMT and CORE shift from leaf 0xb first, then try to * get the CORE shift from leaf 0x8000_0008. */ - if (cpu_feature_enabled(X86_FEATURE_TOPOEXT)) - has_topoext = cpu_parse_topology_ext(tscan); + bool has_topoext = cpu_parse_topology_ext(tscan); if (cpu_feature_enabled(X86_FEATURE_AMD_HTR_CORES)) tscan->c->topo.cpu_type = cpuid_ebx(0x80000026); -- 2.34.1

2 weeks, 2 days

2
3
0 0

[PATCH v2 0/4] nios2: Add architecture support for clone3

by Simon Schuster via B4 Relay

This series adds support for the clone3 system call to the nios2 architecture. This addresses the build-time warning "warning: clone3() entry point is missing, please fix" introduced in 505d66d1abfb9 ("clone3: drop __ARCH_WANT_SYS_CLONE3 macro"). The implementation passes the relevant clone3 tests of kselftest when applied on top of next-20250815: ./run_kselftest.sh TAP version 13 1..4 # selftests: clone3: clone3 ok 1 selftests: clone3: clone3 # selftests: clone3: clone3_clear_sighand ok 2 selftests: clone3: clone3_clear_sighand # selftests: clone3: clone3_set_tid ok 3 selftests: clone3: clone3_set_tid # selftests: clone3: clone3_cap_checkpoint_restore ok 4 selftests: clone3: clone3_cap_checkpoint_restore The series also includes a small patch to kernel/fork.c that ensures that clone_flags are passed correctly on architectures where unsigned long is insufficient to store the u64 clone_flags. It is marked as a fix for stable backporting. As requested, in v2, this series now further tries to correct this type error throughout the whole code base. Thus, it now touches a larger number of subsystems and all architectures. Therefore, another test was performed for ARCH=x86_64 (as a representative for 64-bit architectures). Here, the series builds cleanly without warnings on defconfig with CONFIG_SECURITY_APPARMOR=y and CONFIG_SECURITY_TOMOYO=y (to compile-check the LSM-related changes). The build further successfully passes testing/selftests/clone3 (with the patch from 20241105062948.1037011-1-zhouyuhang1010(a)163.com to prepare clone3_cap_checkpoint_restore for compatibility with the newer libcap version on my system). Is there any option to further preflight check this patch series via lkp/KernelCI/etc. for a broader test across architectures, or is this degree of testing sufficient to eventually get the series merged? N.B.: The series is not checkpatch clean right now: - include/linux/cred.h, include/linux/mnt_namespace.h: function definition arguments without identifier name - include/trace/events/task.h: space prohibited after that open parenthesis I did not fix these warnings to keep my changes minimal and reviewable, as the issues persist throughout the files and they were not introduced by me; I only followed the existing code style and just replaced the types. If desired, I'd be happy to make the changes in a potential v3, though. Signed-off-by: Simon Schuster <schuster.simon(a)siemens-energy.com> --- Changes in v2: - Introduce "Fixes:" and "Cc: stable(a)vger.kernel.org" where necessary - Factor out "Fixes:" when adapting the datatype of clone_flags for easier backports - Fix additional instances where `unsigned long` clone_flags is used - Reword commit message to make it clearer that any 32-bit arch is affected by this bug - Link to v1: https://lore.kernel.org/r/20250821-nios2-implement-clone3-v1-0-1bb24017376a… --- Simon Schuster (4): copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) copy_process: pass clone_flags as u64 across calltree arch: copy_thread: pass clone_flags as u64 nios2: implement architecture-specific portion of sys_clone3 arch/alpha/kernel/process.c | 2 +- arch/arc/kernel/process.c | 2 +- arch/arm/kernel/process.c | 2 +- arch/arm64/kernel/process.c | 2 +- arch/csky/kernel/process.c | 2 +- arch/hexagon/kernel/process.c | 2 +- arch/loongarch/kernel/process.c | 2 +- arch/m68k/kernel/process.c | 2 +- arch/microblaze/kernel/process.c | 2 +- arch/mips/kernel/process.c | 2 +- arch/nios2/include/asm/syscalls.h | 1 + arch/nios2/include/asm/unistd.h | 2 -- arch/nios2/kernel/entry.S | 6 ++++++ arch/nios2/kernel/process.c | 2 +- arch/nios2/kernel/syscall_table.c | 1 + arch/openrisc/kernel/process.c | 2 +- arch/parisc/kernel/process.c | 2 +- arch/powerpc/kernel/process.c | 2 +- arch/riscv/kernel/process.c | 2 +- arch/s390/kernel/process.c | 2 +- arch/sh/kernel/process_32.c | 2 +- arch/sparc/kernel/process_32.c | 2 +- arch/sparc/kernel/process_64.c | 2 +- arch/um/kernel/process.c | 2 +- arch/x86/include/asm/fpu/sched.h | 2 +- arch/x86/include/asm/shstk.h | 4 ++-- arch/x86/kernel/fpu/core.c | 2 +- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/shstk.c | 2 +- arch/xtensa/kernel/process.c | 2 +- block/blk-ioc.c | 2 +- fs/namespace.c | 2 +- include/linux/cgroup.h | 4 ++-- include/linux/cred.h | 2 +- include/linux/iocontext.h | 6 +++--- include/linux/ipc_namespace.h | 4 ++-- include/linux/lsm_hook_defs.h | 2 +- include/linux/mnt_namespace.h | 2 +- include/linux/nsproxy.h | 2 +- include/linux/pid_namespace.h | 4 ++-- include/linux/rseq.h | 4 ++-- include/linux/sched/task.h | 2 +- include/linux/security.h | 4 ++-- include/linux/sem.h | 4 ++-- include/linux/time_namespace.h | 4 ++-- include/linux/uprobes.h | 4 ++-- include/linux/user_events.h | 4 ++-- include/linux/utsname.h | 4 ++-- include/net/net_namespace.h | 4 ++-- include/trace/events/task.h | 6 +++--- ipc/namespace.c | 2 +- ipc/sem.c | 2 +- kernel/cgroup/namespace.c | 2 +- kernel/cred.c | 2 +- kernel/events/uprobes.c | 2 +- kernel/fork.c | 10 +++++----- kernel/nsproxy.c | 4 ++-- kernel/pid_namespace.c | 2 +- kernel/sched/core.c | 4 ++-- kernel/sched/fair.c | 2 +- kernel/sched/sched.h | 4 ++-- kernel/time/namespace.c | 2 +- kernel/utsname.c | 2 +- net/core/net_namespace.c | 2 +- security/apparmor/lsm.c | 2 +- security/security.c | 2 +- security/selinux/hooks.c | 2 +- security/tomoyo/tomoyo.c | 2 +- 68 files changed, 95 insertions(+), 89 deletions(-) --- base-commit: 1357b2649c026b51353c84ddd32bc963e8999603 change-id: 20250818-nios2-implement-clone3-7f252c20860b Best regards, -- Simon Schuster <schuster.simon(a)siemens-energy.com>

2 weeks, 2 days

4
5
0 0

[PATCH v2] mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing

by A. Sverdlin

From: Alexander Sverdlin <alexander.sverdlin(a)siemens.com> Having setup time 0 violates tAR, tCLR of some chips, for instance TOSHIBA TC58NVG2S3ETAI0 cannot be detected successfully (first ID byte being read duplicated, i.e. 98 98 dc 90 15 76 14 03 instead of 98 dc 90 15 76 ...). Atmel Application Notes postulated 1 cycle NRD_SETUP without explanation [1], but it looks more appropriate to just calculate setup time properly. [1] Link: https://ww1.microchip.com/downloads/aemDocuments/documents/MPU32/Applicatio… Cc: stable(a)vger.kernel.org Fixes: f9ce2eddf176 ("mtd: nand: atmel: Add ->setup_data_interface() hooks") Signed-off-by: Alexander Sverdlin <alexander.sverdlin(a)siemens.com> --- v2: - Cc'ed stable - reformatted atmel_smc_cs_conf_set_setup() call - rebased onto mtd/fixes drivers/mtd/nand/raw/atmel/nand-controller.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/drivers/mtd/nand/raw/atmel/nand-controller.c b/drivers/mtd/nand/raw/atmel/nand-controller.c index dedcca87defc7..ad0eff385e123 100644 --- a/drivers/mtd/nand/raw/atmel/nand-controller.c +++ b/drivers/mtd/nand/raw/atmel/nand-controller.c @@ -1377,14 +1377,24 @@ static int atmel_smc_nand_prepare_smcconf(struct atmel_nand *nand, if (ret) return ret; + /* + * Read setup timing depends on the operation done on the NAND: + * + * NRD_SETUP = max(tAR, tCLR) + */ + timeps = max(conf->timings.sdr.tAR_min, conf->timings.sdr.tCLR_min); + ncycles = DIV_ROUND_UP(timeps, mckperiodps); + totalcycles += ncycles; + ret = atmel_smc_cs_conf_set_setup(smcconf, ATMEL_SMC_NRD_SHIFT, ncycles); + if (ret) + return ret; + /* * The read cycle timing is directly matching tRC, but is also * dependent on the setup and hold timings we calculated earlier, * which gives: * - * NRD_CYCLE = max(tRC, NRD_PULSE + NRD_HOLD) - * - * NRD_SETUP is always 0. + * NRD_CYCLE = max(tRC, NRD_SETUP + NRD_PULSE + NRD_HOLD) */ ncycles = DIV_ROUND_UP(conf->timings.sdr.tRC_min, mckperiodps); ncycles = max(totalcycles, ncycles); -- 2.50.1

2 weeks, 2 days

4
6
0 0

[PATCH] mtd: rawnand: stm32_fmc2: fix ECC overwrite

by Christophe Kerello

In case OOB write is requested during a data write, ECC is currently lost. Avoid this issue by only writing in the free spare area. This issue has been seen with a YAFFS2 file system. Signed-off-by: Christophe Kerello <christophe.kerello(a)foss.st.com> Cc: stable(a)vger.kernel.org Fixes: 2cd457f328c1 ("mtd: rawnand: stm32_fmc2: add STM32 FMC2 NAND flash controller driver") --- drivers/mtd/nand/raw/stm32_fmc2_nand.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/drivers/mtd/nand/raw/stm32_fmc2_nand.c b/drivers/mtd/nand/raw/stm32_fmc2_nand.c index a960403081f11091837b73b8610231fe421d0c05..f84f23392fa441327bec90ba12a2a57d825d9330 100644 --- a/drivers/mtd/nand/raw/stm32_fmc2_nand.c +++ b/drivers/mtd/nand/raw/stm32_fmc2_nand.c @@ -996,9 +996,21 @@ static int stm32_fmc2_nfc_seq_write(struct nand_chip *chip, const u8 *buf, /* Write oob */ if (oob_required) { - ret = nand_change_write_column_op(chip, mtd->writesize, - chip->oob_poi, mtd->oobsize, - false); + unsigned int offset_in_page = mtd->writesize; + const void *buf = chip->oob_poi; + unsigned int len = mtd->oobsize; + + if (!raw) { + struct mtd_oob_region oob_free; + + mtd_ooblayout_free(mtd, 0, &oob_free); + offset_in_page += oob_free.offset; + buf += oob_free.offset; + len = oob_free.length; + } + + ret = nand_change_write_column_op(chip, offset_in_page, + buf, len, false); if (ret) return ret; } --- base-commit: fb2fae70e7e985c4acb1ad96110d8b98bb64a87c change-id: 20250811-fix-ecc-overwrite-9962b7797746 Best regards, -- Christophe Kerello <christophe.kerello(a)foss.st.com>

2 weeks, 2 days

2
1
0 0

[PATCH] mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer

by Christophe Kerello

Avoid below overlapping mappings by using a contiguous non-cacheable buffer. [ 4.077708] DMA-API: stm32_fmc2_nfc 48810000.nand-controller: cacheline tracking EEXIST, overlapping mappings aren't supported [ 4.089103] WARNING: CPU: 1 PID: 44 at kernel/dma/debug.c:568 add_dma_entry+0x23c/0x300 [ 4.097071] Modules linked in: [ 4.100101] CPU: 1 PID: 44 Comm: kworker/u4:2 Not tainted 6.1.82 #1 [ 4.106346] Hardware name: STMicroelectronics STM32MP257F VALID1 SNOR / MB1704 (LPDDR4 Power discrete) + MB1703 + MB1708 (SNOR MB1730) (DT) [ 4.118824] Workqueue: events_unbound deferred_probe_work_func [ 4.124674] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 4.131624] pc : add_dma_entry+0x23c/0x300 [ 4.135658] lr : add_dma_entry+0x23c/0x300 [ 4.139792] sp : ffff800009dbb490 [ 4.143016] x29: ffff800009dbb4a0 x28: 0000000004008022 x27: ffff8000098a6000 [ 4.150174] x26: 0000000000000000 x25: ffff8000099e7000 x24: ffff8000099e7de8 [ 4.157231] x23: 00000000ffffffff x22: 0000000000000000 x21: ffff8000098a6a20 [ 4.164388] x20: ffff000080964180 x19: ffff800009819ba0 x18: 0000000000000006 [ 4.171545] x17: 6361727420656e69 x16: 6c6568636163203a x15: 72656c6c6f72746e [ 4.178602] x14: 6f632d646e616e2e x13: ffff800009832f58 x12: 00000000000004ec [ 4.185759] x11: 00000000000001a4 x10: ffff80000988af58 x9 : ffff800009832f58 [ 4.192916] x8 : 00000000ffffefff x7 : ffff80000988af58 x6 : 80000000fffff000 [ 4.199972] x5 : 000000000000bff4 x4 : 0000000000000000 x3 : 0000000000000000 [ 4.207128] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0000812d2c40 [ 4.214185] Call trace: [ 4.216605] add_dma_entry+0x23c/0x300 [ 4.220338] debug_dma_map_sg+0x198/0x350 [ 4.224373] __dma_map_sg_attrs+0xa0/0x110 [ 4.228411] dma_map_sg_attrs+0x10/0x2c [ 4.232247] stm32_fmc2_nfc_xfer.isra.0+0x1c8/0x3fc [ 4.237088] stm32_fmc2_nfc_seq_read_page+0xc8/0x174 [ 4.242127] nand_read_oob+0x1d4/0x8e0 [ 4.245861] mtd_read_oob_std+0x58/0x84 [ 4.249596] mtd_read_oob+0x90/0x150 [ 4.253231] mtd_read+0x68/0xac Signed-off-by: Christophe Kerello <christophe.kerello(a)foss.st.com> Cc: stable(a)vger.kernel.org Fixes: 2cd457f328c1 ("mtd: rawnand: stm32_fmc2: add STM32 FMC2 NAND flash controller driver") --- drivers/mtd/nand/raw/stm32_fmc2_nand.c | 28 +++++++++------------------- 1 file changed, 9 insertions(+), 19 deletions(-) diff --git a/drivers/mtd/nand/raw/stm32_fmc2_nand.c b/drivers/mtd/nand/raw/stm32_fmc2_nand.c index a960403081f11091837b73b8610231fe421d0c05..222c3c3b684841879a55835e802dcf9983860c28 100644 --- a/drivers/mtd/nand/raw/stm32_fmc2_nand.c +++ b/drivers/mtd/nand/raw/stm32_fmc2_nand.c @@ -272,6 +272,7 @@ struct stm32_fmc2_nfc { struct sg_table dma_data_sg; struct sg_table dma_ecc_sg; u8 *ecc_buf; + dma_addr_t dma_ecc_addr; int dma_ecc_len; u32 tx_dma_max_burst; u32 rx_dma_max_burst; @@ -902,17 +903,10 @@ static int stm32_fmc2_nfc_xfer(struct nand_chip *chip, const u8 *buf, if (!write_data && !raw) { /* Configure DMA ECC status */ - p = nfc->ecc_buf; for_each_sg(nfc->dma_ecc_sg.sgl, sg, eccsteps, s) { - sg_set_buf(sg, p, nfc->dma_ecc_len); - p += nfc->dma_ecc_len; - } - - ret = dma_map_sg(nfc->dev, nfc->dma_ecc_sg.sgl, - eccsteps, dma_data_dir); - if (!ret) { - ret = -EIO; - goto err_unmap_data; + sg_dma_address(sg) = nfc->dma_ecc_addr + + s * nfc->dma_ecc_len; + sg_dma_len(sg) = nfc->dma_ecc_len; } desc_ecc = dmaengine_prep_slave_sg(nfc->dma_ecc_ch, @@ -921,7 +915,7 @@ static int stm32_fmc2_nfc_xfer(struct nand_chip *chip, const u8 *buf, DMA_PREP_INTERRUPT); if (!desc_ecc) { ret = -ENOMEM; - goto err_unmap_ecc; + goto err_unmap_data; } reinit_completion(&nfc->dma_ecc_complete); @@ -929,7 +923,7 @@ static int stm32_fmc2_nfc_xfer(struct nand_chip *chip, const u8 *buf, desc_ecc->callback_param = &nfc->dma_ecc_complete; ret = dma_submit_error(dmaengine_submit(desc_ecc)); if (ret) - goto err_unmap_ecc; + goto err_unmap_data; dma_async_issue_pending(nfc->dma_ecc_ch); } @@ -949,7 +943,7 @@ static int stm32_fmc2_nfc_xfer(struct nand_chip *chip, const u8 *buf, if (!write_data && !raw) dmaengine_terminate_all(nfc->dma_ecc_ch); ret = -ETIMEDOUT; - goto err_unmap_ecc; + goto err_unmap_data; } /* Wait DMA data transfer completion */ @@ -969,11 +963,6 @@ static int stm32_fmc2_nfc_xfer(struct nand_chip *chip, const u8 *buf, } } -err_unmap_ecc: - if (!write_data && !raw) - dma_unmap_sg(nfc->dev, nfc->dma_ecc_sg.sgl, - eccsteps, dma_data_dir); - err_unmap_data: dma_unmap_sg(nfc->dev, nfc->dma_data_sg.sgl, eccsteps, dma_data_dir); @@ -1610,7 +1599,8 @@ static int stm32_fmc2_nfc_dma_setup(struct stm32_fmc2_nfc *nfc) return ret; /* Allocate a buffer to store ECC status registers */ - nfc->ecc_buf = devm_kzalloc(nfc->dev, FMC2_MAX_ECC_BUF_LEN, GFP_KERNEL); + nfc->ecc_buf = dmam_alloc_coherent(nfc->dev, FMC2_MAX_ECC_BUF_LEN, + &nfc->dma_ecc_addr, GFP_KERNEL); if (!nfc->ecc_buf) return -ENOMEM; --- base-commit: fb2fae70e7e985c4acb1ad96110d8b98bb64a87c change-id: 20250811-fix-dma-overlapping-1c8fba7fd519 Best regards, -- Christophe Kerello <christophe.kerello(a)foss.st.com>

2 weeks, 2 days

2
1
0 0

UDF failures in 5.15

by Jan Kara

Hello, Henrik notified me that UDF in 5.15 kernel is failing for him, likely because commit 1ea1cd11c72d ("udf: Fix directory iteration for longer tail extents") is missing 5.15 stable tree. Basically wherever d16076d9b684b got backported, 1ea1cd11c72d needs to be backported as well (I'm sorry for forgetting to add proper Fixes tag back then). Honza -- Jan Kara <jack(a)suse.com> SUSE Labs, CR

2 weeks, 2 days

2
1
0 0

[PATCH] accel/ivpu: Prevent recovery work from being queued during device removal

by Jacek Lawrynowicz

From: Karol Wachowski <karol.wachowski(a)intel.com> Use disable_work_sync() instead of cancel_work_sync() in ivpu_dev_fini() to ensure that no new recovery work items can be queued after device removal has started. Previously, recovery work could be scheduled even after canceling existing work, potentially leading to use-after-free bugs if recovery accessed freed resources. Rename ivpu_pm_cancel_recovery() to ivpu_pm_disable_recovery() to better reflect its new behavior. Fixes: 58cde80f45a2 ("accel/ivpu: Use dedicated work for job timeout detection") Cc: <stable(a)vger.kernel.org> # v6.8+ Signed-off-by: Karol Wachowski <karol.wachowski(a)intel.com> Signed-off-by: Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> --- drivers/accel/ivpu/ivpu_drv.c | 2 +- drivers/accel/ivpu/ivpu_pm.c | 4 ++-- drivers/accel/ivpu/ivpu_pm.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/accel/ivpu/ivpu_drv.c b/drivers/accel/ivpu/ivpu_drv.c index 3d6d52492536a..3289751b47573 100644 --- a/drivers/accel/ivpu/ivpu_drv.c +++ b/drivers/accel/ivpu/ivpu_drv.c @@ -677,7 +677,7 @@ static void ivpu_bo_unbind_all_user_contexts(struct ivpu_device *vdev) static void ivpu_dev_fini(struct ivpu_device *vdev) { ivpu_jobs_abort_all(vdev); - ivpu_pm_cancel_recovery(vdev); + ivpu_pm_disable_recovery(vdev); ivpu_pm_disable(vdev); ivpu_prepare_for_reset(vdev); ivpu_shutdown(vdev); diff --git a/drivers/accel/ivpu/ivpu_pm.c b/drivers/accel/ivpu/ivpu_pm.c index eacda1dbe8405..475ddc94f1cfe 100644 --- a/drivers/accel/ivpu/ivpu_pm.c +++ b/drivers/accel/ivpu/ivpu_pm.c @@ -417,10 +417,10 @@ void ivpu_pm_init(struct ivpu_device *vdev) ivpu_dbg(vdev, PM, "Autosuspend delay = %d\n", delay); } -void ivpu_pm_cancel_recovery(struct ivpu_device *vdev) +void ivpu_pm_disable_recovery(struct ivpu_device *vdev) { drm_WARN_ON(&vdev->drm, delayed_work_pending(&vdev->pm->job_timeout_work)); - cancel_work_sync(&vdev->pm->recovery_work); + disable_work_sync(&vdev->pm->recovery_work); } void ivpu_pm_enable(struct ivpu_device *vdev) diff --git a/drivers/accel/ivpu/ivpu_pm.h b/drivers/accel/ivpu/ivpu_pm.h index 89b264cc0e3e7..a2aa7a27f32ef 100644 --- a/drivers/accel/ivpu/ivpu_pm.h +++ b/drivers/accel/ivpu/ivpu_pm.h @@ -25,7 +25,7 @@ struct ivpu_pm_info { void ivpu_pm_init(struct ivpu_device *vdev); void ivpu_pm_enable(struct ivpu_device *vdev); void ivpu_pm_disable(struct ivpu_device *vdev); -void ivpu_pm_cancel_recovery(struct ivpu_device *vdev); +void ivpu_pm_disable_recovery(struct ivpu_device *vdev); int ivpu_pm_suspend_cb(struct device *dev); int ivpu_pm_resume_cb(struct device *dev); -- 2.45.1

2 weeks, 2 days

2
2
0 0

[PATCH v2] drm/rcar-du: dsi: Fix 1/2/3 lane support

by Marek Vasut

Remove fixed PPI lane count setup. The R-Car DSI host is capable of operating in 1..4 DSI lane mode. Remove the hard-coded 4-lane configuration from PPI register settings and instead configure the PPI lane count according to lane count information already obtained by this driver instance. Configure TXSETR register to match PPI lane count. The R-Car V4H Reference Manual R19UH0186EJ0121 Rev.1.21 section 67.2.2.3 Tx Set Register (TXSETR), field LANECNT description indicates that the TXSETR register LANECNT bitfield lane count must be configured such, that it matches lane count configuration in PPISETR register DLEN bitfield. Make sure the LANECNT and DLEN bitfields are configured to match. Fixes: 155358310f01 ("drm: rcar-du: Add R-Car DSI driver") Cc: <stable(a)vger.kernel.org> Signed-off-by: Marek Vasut <marek.vasut+renesas(a)mailbox.org> --- Cc: David Airlie <airlied(a)gmail.com> Cc: Geert Uytterhoeven <geert+renesas(a)glider.be> Cc: Kieran Bingham <kieran.bingham+renesas(a)ideasonboard.com> Cc: Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> Cc: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> Cc: Magnus Damm <magnus.damm(a)gmail.com> Cc: Maxime Ripard <mripard(a)kernel.org> Cc: Simona Vetter <simona(a)ffwll.ch> Cc: Thomas Zimmermann <tzimmermann(a)suse.de> Cc: Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com> Cc: dri-devel(a)lists.freedesktop.org Cc: linux-renesas-soc(a)vger.kernel.org --- V2: - Split this out of a series, update commit message, combine from drm/rcar-du: dsi: Remove fixed PPI lane count setup drm/rcar-du: dsi: Configure TXSETR register to match PPI lane count - add Fixes tag, CC stable --- drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c | 5 ++++- drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 8 ++++---- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c b/drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c index 1af4c73f7a88..952c3efb74da 100644 --- a/drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c +++ b/drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c @@ -576,7 +576,10 @@ static int rcar_mipi_dsi_startup(struct rcar_mipi_dsi *dsi, udelay(10); rcar_mipi_dsi_clr(dsi, CLOCKSET1, CLOCKSET1_UPDATEPLL); - ppisetr = PPISETR_DLEN_3 | PPISETR_CLEN; + rcar_mipi_dsi_clr(dsi, TXSETR, TXSETR_LANECNT_MASK); + rcar_mipi_dsi_set(dsi, TXSETR, dsi->lanes - 1); + + ppisetr = ((BIT(dsi->lanes) - 1) & PPISETR_DLEN_MASK) | PPISETR_CLEN; rcar_mipi_dsi_write(dsi, PPISETR, ppisetr); rcar_mipi_dsi_set(dsi, PHYSETUP, PHYSETUP_SHUTDOWNZ); diff --git a/drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h b/drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h index a6b276f1d6ee..a54c7eb4113b 100644 --- a/drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h +++ b/drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h @@ -12,6 +12,9 @@ #define LINKSR_LPBUSY (1 << 1) #define LINKSR_HSBUSY (1 << 0) +#define TXSETR 0x100 +#define TXSETR_LANECNT_MASK (0x3 << 0) + /* * Video Mode Register */ @@ -80,10 +83,7 @@ * PHY-Protocol Interface (PPI) Registers */ #define PPISETR 0x700 -#define PPISETR_DLEN_0 (0x1 << 0) -#define PPISETR_DLEN_1 (0x3 << 0) -#define PPISETR_DLEN_2 (0x7 << 0) -#define PPISETR_DLEN_3 (0xf << 0) +#define PPISETR_DLEN_MASK (0xf << 0) #define PPISETR_CLEN (1 << 8) #define PPICLCR 0x710 -- 2.47.2

2 weeks, 2 days

3
4
0 0

[PATCH] xtensa: simdisk: add input size check in proc_write_simdisk

by Miaoqian Lin

A malicious user could pass an arbitrarily bad value to memdup_user_nul(), potentially causing kernel crash. This follows the same pattern as commit ee76746387f6 ("netdevsim: prevent bad user input in nsim_dev_health_break_write()") Fixes: b6c7e873daf7 ("xtensa: ISS: add host file-based simulated disk") Fixes: 16e5c1fc3604 ("convert a bunch of open-coded instances of memdup_user_nul()") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- arch/xtensa/platforms/iss/simdisk.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/xtensa/platforms/iss/simdisk.c b/arch/xtensa/platforms/iss/simdisk.c index 6ed009318d24..3cafc8feddee 100644 --- a/arch/xtensa/platforms/iss/simdisk.c +++ b/arch/xtensa/platforms/iss/simdisk.c @@ -231,10 +231,14 @@ static ssize_t proc_read_simdisk(struct file *file, char __user *buf, static ssize_t proc_write_simdisk(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - char *tmp = memdup_user_nul(buf, count); + char *tmp; struct simdisk *dev = pde_data(file_inode(file)); int err; + if (count == 0 || count > PAGE_SIZE) + return -EINVAL; + + tmp = memdup_user_nul(buf, count); if (IS_ERR(tmp)) return PTR_ERR(tmp); -- 2.35.1

2 weeks, 2 days

2
1
0 0

[PATCH v4] mm: slub: avoid wake up kswapd in set_track_prepare

by yangshiguang1011＠163.com

From: yangshiguang <yangshiguang(a)xiaomi.com> From: yangshiguang <yangshiguang(a)xiaomi.com> set_track_prepare() can incur lock recursion. The issue is that it is called from hrtimer_start_range_ns holding the per_cpu(hrtimer_bases)[n].lock, but when enabled CONFIG_DEBUG_OBJECTS_TIMERS, may wake up kswapd in set_track_prepare, and try to hold the per_cpu(hrtimer_bases)[n].lock. Avoid deadlock caused by implicitly waking up kswapd by passing in allocation flags. And the slab caller context has preemption disabled, so __GFP_KSWAPD_RECLAIM must not appear in gfp_flags. The oops looks something like: BUG: spinlock recursion on CPU#3, swapper/3/0 lock: 0xffffff8a4bf29c80, .magic: dead4ead, .owner: swapper/3/0, .owner_cpu: 3 Hardware name: Qualcomm Technologies, Inc. Popsicle based on SM8850 (DT) Call trace: spin_bug+0x0 _raw_spin_lock_irqsave+0x80 hrtimer_try_to_cancel+0x94 task_contending+0x10c enqueue_dl_entity+0x2a4 dl_server_start+0x74 enqueue_task_fair+0x568 enqueue_task+0xac do_activate_task+0x14c ttwu_do_activate+0xcc try_to_wake_up+0x6c8 default_wake_function+0x20 autoremove_wake_function+0x1c __wake_up+0xac wakeup_kswapd+0x19c wake_all_kswapds+0x78 __alloc_pages_slowpath+0x1ac __alloc_pages_noprof+0x298 stack_depot_save_flags+0x6b0 stack_depot_save+0x14 set_track_prepare+0x5c ___slab_alloc+0xccc __kmalloc_cache_noprof+0x470 __set_page_owner+0x2bc post_alloc_hook[jt]+0x1b8 prep_new_page+0x28 get_page_from_freelist+0x1edc __alloc_pages_noprof+0x13c alloc_slab_page+0x244 allocate_slab+0x7c ___slab_alloc+0x8e8 kmem_cache_alloc_noprof+0x450 debug_objects_fill_pool+0x22c debug_object_activate+0x40 enqueue_hrtimer[jt]+0xdc hrtimer_start_range_ns+0x5f8 ... Signed-off-by: yangshiguang <yangshiguang(a)xiaomi.com> Fixes: 5cf909c553e9 ("mm/slub: use stackdepot to save stack trace in objects") Cc: stable(a)vger.kernel.org --- v1 -> v2: propagate gfp flags to set_track_prepare() v2 -> v3: Remove the gfp restriction in set_track_prepare() v3 -> v4: Re-describe the comments in set_track_prepare. [1]https://lore.kernel.org/all/20250801065121.876793-1-yangshiguang1011@163.… [2]https://lore.kernel.org/all/20250814111641.380629-2-yangshiguang1011@163.… [3]https://lore.kernel.org/all/20250825121737.2535732-1-yangshiguang1011@163… --- mm/slub.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 30003763d224..b0af51a5321b 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -962,19 +962,25 @@ static struct track *get_track(struct kmem_cache *s, void *object, } #ifdef CONFIG_STACKDEPOT -static noinline depot_stack_handle_t set_track_prepare(void) +static noinline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags) { depot_stack_handle_t handle; unsigned long entries[TRACK_ADDRS_COUNT]; unsigned int nr_entries; + /* + * Preemption is disabled in ___slab_alloc() so we need to disallow + * blocking. The flags are further adjusted by gfp_nested_mask() in + * stack_depot itself. + */ + gfp_flags &= ~(__GFP_DIRECT_RECLAIM); nr_entries = stack_trace_save(entries, ARRAY_SIZE(entries), 3); - handle = stack_depot_save(entries, nr_entries, GFP_NOWAIT); + handle = stack_depot_save(entries, nr_entries, gfp_flags); return handle; } #else -static inline depot_stack_handle_t set_track_prepare(void) +static inline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags) { return 0; } @@ -996,9 +1002,9 @@ static void set_track_update(struct kmem_cache *s, void *object, } static __always_inline void set_track(struct kmem_cache *s, void *object, - enum track_item alloc, unsigned long addr) + enum track_item alloc, unsigned long addr, gfp_t gfp_flags) { - depot_stack_handle_t handle = set_track_prepare(); + depot_stack_handle_t handle = set_track_prepare(gfp_flags); set_track_update(s, object, alloc, addr, handle); } @@ -1921,9 +1927,9 @@ static inline bool free_debug_processing(struct kmem_cache *s, static inline void slab_pad_check(struct kmem_cache *s, struct slab *slab) {} static inline int check_object(struct kmem_cache *s, struct slab *slab, void *object, u8 val) { return 1; } -static inline depot_stack_handle_t set_track_prepare(void) { return 0; } +static inline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags) { return 0; } static inline void set_track(struct kmem_cache *s, void *object, - enum track_item alloc, unsigned long addr) {} + enum track_item alloc, unsigned long addr, gfp_t gfp_flags) {} static inline void add_full(struct kmem_cache *s, struct kmem_cache_node *n, struct slab *slab) {} static inline void remove_full(struct kmem_cache *s, struct kmem_cache_node *n, @@ -3878,7 +3884,7 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node, * tracking info and return the object. */ if (s->flags & SLAB_STORE_USER) - set_track(s, freelist, TRACK_ALLOC, addr); + set_track(s, freelist, TRACK_ALLOC, addr, gfpflags); return freelist; } @@ -3910,7 +3916,7 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node, goto new_objects; if (s->flags & SLAB_STORE_USER) - set_track(s, freelist, TRACK_ALLOC, addr); + set_track(s, freelist, TRACK_ALLOC, addr, gfpflags); return freelist; } @@ -4422,7 +4428,7 @@ static noinline void free_to_partial_list( depot_stack_handle_t handle = 0; if (s->flags & SLAB_STORE_USER) - handle = set_track_prepare(); + handle = set_track_prepare(__GFP_NOWARN); spin_lock_irqsave(&n->list_lock, flags); -- 2.43.0

2 weeks, 2 days

4
6
0 0

[PATCH] fbdev/simplefb: Fix use after free in simplefb_detach_genpds()

by Janne Grunau

The pm_domain cleanup can not be devres managed as it uses struct simplefb_par which is allocated within struct fb_info by framebuffer_alloc(). This allocation is explicitly freed by unregister_framebuffer() in simplefb_remove(). Devres managed cleanup runs after the device remove call and thus can no longer access struct simplefb_par. Call simplefb_detach_genpds() explicitly from simplefb_destroy() like the cleanup functions for clocks and regulators. Fixes an use after free on M2 Mac mini during aperture_remove_conflicting_devices() using the downstream asahi kernel with Debian's kernel config. For unknown reasons this started to consistently dereference an invalid pointer in v6.16.3 based kernels. [ 6.736134] BUG: KASAN: slab-use-after-free in simplefb_detach_genpds+0x58/0x220 [ 6.743545] Read of size 4 at addr ffff8000304743f0 by task (udev-worker)/227 [ 6.750697] [ 6.752182] CPU: 6 UID: 0 PID: 227 Comm: (udev-worker) Tainted: G S 6.16.3-asahi+ #16 PREEMPTLAZY [ 6.752186] Tainted: [S]=CPU_OUT_OF_SPEC [ 6.752187] Hardware name: Apple Mac mini (M2, 2023) (DT) [ 6.752189] Call trace: [ 6.752190] show_stack+0x34/0x98 (C) [ 6.752194] dump_stack_lvl+0x60/0x80 [ 6.752197] print_report+0x17c/0x4d8 [ 6.752201] kasan_report+0xb4/0x100 [ 6.752206] __asan_report_load4_noabort+0x20/0x30 [ 6.752209] simplefb_detach_genpds+0x58/0x220 [ 6.752213] devm_action_release+0x50/0x98 [ 6.752216] release_nodes+0xd0/0x2c8 [ 6.752219] devres_release_all+0xfc/0x178 [ 6.752221] device_unbind_cleanup+0x28/0x168 [ 6.752224] device_release_driver_internal+0x34c/0x470 [ 6.752228] device_release_driver+0x20/0x38 [ 6.752231] bus_remove_device+0x1b0/0x380 [ 6.752234] device_del+0x314/0x820 [ 6.752238] platform_device_del+0x3c/0x1e8 [ 6.752242] platform_device_unregister+0x20/0x50 [ 6.752246] aperture_detach_platform_device+0x1c/0x30 [ 6.752250] aperture_detach_devices+0x16c/0x290 [ 6.752253] aperture_remove_conflicting_devices+0x34/0x50 ... [ 6.752343] [ 6.967409] Allocated by task 62: [ 6.970724] kasan_save_stack+0x3c/0x70 [ 6.974560] kasan_save_track+0x20/0x40 [ 6.978397] kasan_save_alloc_info+0x40/0x58 [ 6.982670] __kasan_kmalloc+0xd4/0xd8 [ 6.986420] __kmalloc_noprof+0x194/0x540 [ 6.990432] framebuffer_alloc+0xc8/0x130 [ 6.994444] simplefb_probe+0x258/0x2378 ... [ 7.054356] [ 7.055838] Freed by task 227: [ 7.058891] kasan_save_stack+0x3c/0x70 [ 7.062727] kasan_save_track+0x20/0x40 [ 7.066565] kasan_save_free_info+0x4c/0x80 [ 7.070751] __kasan_slab_free+0x6c/0xa0 [ 7.074675] kfree+0x10c/0x380 [ 7.077727] framebuffer_release+0x5c/0x90 [ 7.081826] simplefb_destroy+0x1b4/0x2c0 [ 7.085837] put_fb_info+0x98/0x100 [ 7.089326] unregister_framebuffer+0x178/0x320 [ 7.093861] simplefb_remove+0x3c/0x60 [ 7.097611] platform_remove+0x60/0x98 [ 7.101361] device_remove+0xb8/0x160 [ 7.105024] device_release_driver_internal+0x2fc/0x470 [ 7.110256] device_release_driver+0x20/0x38 [ 7.114529] bus_remove_device+0x1b0/0x380 [ 7.118628] device_del+0x314/0x820 [ 7.122116] platform_device_del+0x3c/0x1e8 [ 7.126302] platform_device_unregister+0x20/0x50 [ 7.131012] aperture_detach_platform_device+0x1c/0x30 [ 7.136157] aperture_detach_devices+0x16c/0x290 [ 7.140779] aperture_remove_conflicting_devices+0x34/0x50 ... Reported-by: Daniel Huhardeaux <tech(a)tootai.net> Cc: stable(a)vger.kernel.org Fixes: 92a511a568e44 ("fbdev/simplefb: Add support for generic power-domains") Signed-off-by: Janne Grunau <j(a)jannau.net> --- drivers/video/fbdev/simplefb.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/video/fbdev/simplefb.c b/drivers/video/fbdev/simplefb.c index 1893815dc67f4c1403eea42c0e10a7ead4d96ba9..cd5193e704ffe1ccc178c13916a462446af9cb14 100644 --- a/drivers/video/fbdev/simplefb.c +++ b/drivers/video/fbdev/simplefb.c @@ -93,6 +93,7 @@ struct simplefb_par { static void simplefb_clocks_destroy(struct simplefb_par *par); static void simplefb_regulators_destroy(struct simplefb_par *par); +static void simplefb_detach_genpds(void *res); /* * fb_ops.fb_destroy is called by the last put_fb_info() call at the end @@ -105,6 +106,7 @@ static void simplefb_destroy(struct fb_info *info) simplefb_regulators_destroy(info->par); simplefb_clocks_destroy(info->par); + simplefb_detach_genpds(info->par); if (info->screen_base) iounmap(info->screen_base); @@ -465,13 +467,11 @@ static int simplefb_attach_genpds(struct simplefb_par *par, return err; } - par->num_genpds = err; - /* * Single power-domain devices are handled by the driver core, so * nothing to do here. */ - if (par->num_genpds <= 1) + if (err <= 1) return 0; par->genpds = devm_kcalloc(dev, par->num_genpds, sizeof(*par->genpds), @@ -485,6 +485,12 @@ static int simplefb_attach_genpds(struct simplefb_par *par, if (!par->genpd_links) return -ENOMEM; + /* + * Set num_genpds only after genpds and genpd_links are allocated to + * exit early from simplefb_detach_genpds() without full initialisation. + */ + par->num_genpds = err; + for (i = 0; i < par->num_genpds; i++) { par->genpds[i] = dev_pm_domain_attach_by_id(dev, i); if (IS_ERR(par->genpds[i])) { @@ -506,9 +512,10 @@ static int simplefb_attach_genpds(struct simplefb_par *par, dev_warn(dev, "failed to link power-domain %u\n", i); } - return devm_add_action_or_reset(dev, simplefb_detach_genpds, par); + return 0; } #else +static void simplefb_detach_genpds(void *res) { } static int simplefb_attach_genpds(struct simplefb_par *par, struct platform_device *pdev) { --- base-commit: 8f5ae30d69d7543eee0d70083daf4de8fe15d585 change-id: 20250901-simplefb-genpd-uaf-352704761a29 Best regards, -- Janne Grunau <j(a)jannau.net>

2 weeks, 2 days

1
0
0 0

[PATCH v5] mm: slub: avoid wake up kswapd in set_track_prepare

by yangshiguang1011＠163.com

From: yangshiguang <yangshiguang(a)xiaomi.com> set_track_prepare() can incur lock recursion. The issue is that it is called from hrtimer_start_range_ns holding the per_cpu(hrtimer_bases)[n].lock, but when enabled CONFIG_DEBUG_OBJECTS_TIMERS, may wake up kswapd in set_track_prepare, and try to hold the per_cpu(hrtimer_bases)[n].lock. Avoid deadlock caused by implicitly waking up kswapd by passing in allocation flags. And the slab caller context has preemption disabled, so __GFP_DIRECT_RECLAIM must not appear in gfp_flags. The oops looks something like: BUG: spinlock recursion on CPU#3, swapper/3/0 lock: 0xffffff8a4bf29c80, .magic: dead4ead, .owner: swapper/3/0, .owner_cpu: 3 Hardware name: Qualcomm Technologies, Inc. Popsicle based on SM8850 (DT) Call trace: spin_bug+0x0 _raw_spin_lock_irqsave+0x80 hrtimer_try_to_cancel+0x94 task_contending+0x10c enqueue_dl_entity+0x2a4 dl_server_start+0x74 enqueue_task_fair+0x568 enqueue_task+0xac do_activate_task+0x14c ttwu_do_activate+0xcc try_to_wake_up+0x6c8 default_wake_function+0x20 autoremove_wake_function+0x1c __wake_up+0xac wakeup_kswapd+0x19c wake_all_kswapds+0x78 __alloc_pages_slowpath+0x1ac __alloc_pages_noprof+0x298 stack_depot_save_flags+0x6b0 stack_depot_save+0x14 set_track_prepare+0x5c ___slab_alloc+0xccc __kmalloc_cache_noprof+0x470 __set_page_owner+0x2bc post_alloc_hook[jt]+0x1b8 prep_new_page+0x28 get_page_from_freelist+0x1edc __alloc_pages_noprof+0x13c alloc_slab_page+0x244 allocate_slab+0x7c ___slab_alloc+0x8e8 kmem_cache_alloc_noprof+0x450 debug_objects_fill_pool+0x22c debug_object_activate+0x40 enqueue_hrtimer[jt]+0xdc hrtimer_start_range_ns+0x5f8 ... Signed-off-by: yangshiguang <yangshiguang(a)xiaomi.com> Fixes: 5cf909c553e9 ("mm/slub: use stackdepot to save stack trace in objects") Cc: stable(a)vger.kernel.org --- v1 -> v2: propagate gfp flags to set_track_prepare() v2 -> v3: Remove the gfp restriction in set_track_prepare() v3 -> v4: Re-describe the comments in set_track_prepare. v4 -> v5: Modify the patch commit. [1]https://lore.kernel.org/all/20250801065121.876793-1-yangshiguang1011@163.… [2]https://lore.kernel.org/all/20250814111641.380629-2-yangshiguang1011@163.… [3]https://lore.kernel.org/all/20250825121737.2535732-1-yangshiguang1011@163… [4]https://lore.kernel.org/all/20250830020946.1767573-1-yangshiguang1011@163… --- mm/slub.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 30003763d224..b0af51a5321b 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -962,19 +962,25 @@ static struct track *get_track(struct kmem_cache *s, void *object, } #ifdef CONFIG_STACKDEPOT -static noinline depot_stack_handle_t set_track_prepare(void) +static noinline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags) { depot_stack_handle_t handle; unsigned long entries[TRACK_ADDRS_COUNT]; unsigned int nr_entries; + /* + * Preemption is disabled in ___slab_alloc() so we need to disallow + * blocking. The flags are further adjusted by gfp_nested_mask() in + * stack_depot itself. + */ + gfp_flags &= ~(__GFP_DIRECT_RECLAIM); nr_entries = stack_trace_save(entries, ARRAY_SIZE(entries), 3); - handle = stack_depot_save(entries, nr_entries, GFP_NOWAIT); + handle = stack_depot_save(entries, nr_entries, gfp_flags); return handle; } #else -static inline depot_stack_handle_t set_track_prepare(void) +static inline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags) { return 0; } @@ -996,9 +1002,9 @@ static void set_track_update(struct kmem_cache *s, void *object, } static __always_inline void set_track(struct kmem_cache *s, void *object, - enum track_item alloc, unsigned long addr) + enum track_item alloc, unsigned long addr, gfp_t gfp_flags) { - depot_stack_handle_t handle = set_track_prepare(); + depot_stack_handle_t handle = set_track_prepare(gfp_flags); set_track_update(s, object, alloc, addr, handle); } @@ -1921,9 +1927,9 @@ static inline bool free_debug_processing(struct kmem_cache *s, static inline void slab_pad_check(struct kmem_cache *s, struct slab *slab) {} static inline int check_object(struct kmem_cache *s, struct slab *slab, void *object, u8 val) { return 1; } -static inline depot_stack_handle_t set_track_prepare(void) { return 0; } +static inline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags) { return 0; } static inline void set_track(struct kmem_cache *s, void *object, - enum track_item alloc, unsigned long addr) {} + enum track_item alloc, unsigned long addr, gfp_t gfp_flags) {} static inline void add_full(struct kmem_cache *s, struct kmem_cache_node *n, struct slab *slab) {} static inline void remove_full(struct kmem_cache *s, struct kmem_cache_node *n, @@ -3878,7 +3884,7 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node, * tracking info and return the object. */ if (s->flags & SLAB_STORE_USER) - set_track(s, freelist, TRACK_ALLOC, addr); + set_track(s, freelist, TRACK_ALLOC, addr, gfpflags); return freelist; } @@ -3910,7 +3916,7 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node, goto new_objects; if (s->flags & SLAB_STORE_USER) - set_track(s, freelist, TRACK_ALLOC, addr); + set_track(s, freelist, TRACK_ALLOC, addr, gfpflags); return freelist; } @@ -4422,7 +4428,7 @@ static noinline void free_to_partial_list( depot_stack_handle_t handle = 0; if (s->flags & SLAB_STORE_USER) - handle = set_track_prepare(); + handle = set_track_prepare(__GFP_NOWARN); spin_lock_irqsave(&n->list_lock, flags); -- 2.43.0

2 weeks, 2 days

1
0
0 0

[PATCH v2 3/3] drm/xe: Block exec and rebind worker while evicting for suspend / hibernate

by Thomas Hellström

When the xe pm_notifier evicts for suspend / hibernate, there might be racing tasks trying to re-validate again. This can lead to suspend taking excessive time or get stuck in a live-lock. This behaviour becomes much worse with the fix that actually makes re-validation bring back bos to VRAM rather than letting them remain in TT. Prevent that by having exec and the rebind worker waiting for a completion that is set to block by the pm_notifier before suspend and is signaled by the pm_notifier after resume / wakeup. It's probably still possible to craft malicious applications that block suspending. More work is pending to fix that. Link: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/4288 Fixes: c6a4d46ec1d7 ("drm/xe: evict user memory in PM notifier") Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.16+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_device_types.h | 2 ++ drivers/gpu/drm/xe/xe_exec.c | 9 +++++++++ drivers/gpu/drm/xe/xe_pm.c | 4 ++++ drivers/gpu/drm/xe/xe_vm.c | 14 ++++++++++++++ 4 files changed, 29 insertions(+) diff --git a/drivers/gpu/drm/xe/xe_device_types.h b/drivers/gpu/drm/xe/xe_device_types.h index 092004d14db2..6602bd678cbc 100644 --- a/drivers/gpu/drm/xe/xe_device_types.h +++ b/drivers/gpu/drm/xe/xe_device_types.h @@ -507,6 +507,8 @@ struct xe_device { /** @pm_notifier: Our PM notifier to perform actions in response to various PM events. */ struct notifier_block pm_notifier; + /** @pm_block: Completion to block validating tasks on suspend / hibernate prepare */ + struct completion pm_block; /** @pmt: Support the PMT driver callback interface */ struct { diff --git a/drivers/gpu/drm/xe/xe_exec.c b/drivers/gpu/drm/xe/xe_exec.c index 44364c042ad7..374c831e691b 100644 --- a/drivers/gpu/drm/xe/xe_exec.c +++ b/drivers/gpu/drm/xe/xe_exec.c @@ -237,6 +237,15 @@ int xe_exec_ioctl(struct drm_device *dev, void *data, struct drm_file *file) goto err_unlock_list; } + /* + * It's OK to block interruptible here with the vm lock held, since + * on task freezing during suspend / hibernate, the call will + * return -ERESTARTSYS and the IOCTL will be rerun. + */ + err = wait_for_completion_interruptible(&xe->pm_block); + if (err) + goto err_unlock_list; + vm_exec.vm = &vm->gpuvm; vm_exec.flags = DRM_EXEC_INTERRUPTIBLE_WAIT; if (xe_vm_in_lr_mode(vm)) { diff --git a/drivers/gpu/drm/xe/xe_pm.c b/drivers/gpu/drm/xe/xe_pm.c index bee9aacd82e7..f4c7a84270ea 100644 --- a/drivers/gpu/drm/xe/xe_pm.c +++ b/drivers/gpu/drm/xe/xe_pm.c @@ -306,6 +306,7 @@ static int xe_pm_notifier_callback(struct notifier_block *nb, switch (action) { case PM_HIBERNATION_PREPARE: case PM_SUSPEND_PREPARE: + reinit_completion(&xe->pm_block); xe_pm_runtime_get(xe); err = xe_bo_evict_all_user(xe); if (err) @@ -322,6 +323,7 @@ static int xe_pm_notifier_callback(struct notifier_block *nb, break; case PM_POST_HIBERNATION: case PM_POST_SUSPEND: + complete_all(&xe->pm_block); xe_bo_notifier_unprepare_all_pinned(xe); xe_pm_runtime_put(xe); break; @@ -348,6 +350,8 @@ int xe_pm_init(struct xe_device *xe) if (err) return err; + init_completion(&xe->pm_block); + complete_all(&xe->pm_block); /* For now suspend/resume is only allowed with GuC */ if (!xe_device_uc_enabled(xe)) return 0; diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index 3ff3c67aa79d..edcdb0528f2a 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -394,6 +394,9 @@ static int xe_gpuvm_validate(struct drm_gpuvm_bo *vm_bo, struct drm_exec *exec) list_move_tail(&gpuva_to_vma(gpuva)->combined_links.rebind, &vm->rebind_list); + if (!try_wait_for_completion(&vm->xe->pm_block)) + return -EAGAIN; + ret = xe_bo_validate(gem_to_xe_bo(vm_bo->obj), vm, false); if (ret) return ret; @@ -494,6 +497,12 @@ static void preempt_rebind_work_func(struct work_struct *w) xe_assert(vm->xe, xe_vm_in_preempt_fence_mode(vm)); trace_xe_vm_rebind_worker_enter(vm); + /* + * This blocks the wq during suspend / hibernate. + * Don't hold any locks. + */ +retry_pm: + wait_for_completion(&vm->xe->pm_block); down_write(&vm->lock); if (xe_vm_is_closed_or_banned(vm)) { @@ -503,6 +512,11 @@ static void preempt_rebind_work_func(struct work_struct *w) } retry: + if (!try_wait_for_completion(&vm->xe->pm_block)) { + up_write(&vm->lock); + goto retry_pm; + } + if (xe_vm_userptr_check_repin(vm)) { err = xe_vm_userptr_pin(vm); if (err) -- 2.50.1

2 weeks, 2 days

1
0
0 0

[PATCH v5] mm: slub: avoid wake up kswapd in set_track_prepare

by yangshiguang1011＠163.com

From: yangshiguang <yangshiguang(a)xiaomi.com> From: yangshiguang <yangshiguang(a)xiaomi.com> set_track_prepare() can incur lock recursion. The issue is that it is called from hrtimer_start_range_ns holding the per_cpu(hrtimer_bases)[n].lock, but when enabled CONFIG_DEBUG_OBJECTS_TIMERS, may wake up kswapd in set_track_prepare, and try to hold the per_cpu(hrtimer_bases)[n].lock. Avoid deadlock caused by implicitly waking up kswapd by passing in allocation flags. And the slab caller context has preemption disabled, so __GFP_DIRECT_RECLAIM must not appear in gfp_flags. The oops looks something like: BUG: spinlock recursion on CPU#3, swapper/3/0 lock: 0xffffff8a4bf29c80, .magic: dead4ead, .owner: swapper/3/0, .owner_cpu: 3 Hardware name: Qualcomm Technologies, Inc. Popsicle based on SM8850 (DT) Call trace: spin_bug+0x0 _raw_spin_lock_irqsave+0x80 hrtimer_try_to_cancel+0x94 task_contending+0x10c enqueue_dl_entity+0x2a4 dl_server_start+0x74 enqueue_task_fair+0x568 enqueue_task+0xac do_activate_task+0x14c ttwu_do_activate+0xcc try_to_wake_up+0x6c8 default_wake_function+0x20 autoremove_wake_function+0x1c __wake_up+0xac wakeup_kswapd+0x19c wake_all_kswapds+0x78 __alloc_pages_slowpath+0x1ac __alloc_pages_noprof+0x298 stack_depot_save_flags+0x6b0 stack_depot_save+0x14 set_track_prepare+0x5c ___slab_alloc+0xccc __kmalloc_cache_noprof+0x470 __set_page_owner+0x2bc post_alloc_hook[jt]+0x1b8 prep_new_page+0x28 get_page_from_freelist+0x1edc __alloc_pages_noprof+0x13c alloc_slab_page+0x244 allocate_slab+0x7c ___slab_alloc+0x8e8 kmem_cache_alloc_noprof+0x450 debug_objects_fill_pool+0x22c debug_object_activate+0x40 enqueue_hrtimer[jt]+0xdc hrtimer_start_range_ns+0x5f8 ... Signed-off-by: yangshiguang <yangshiguang(a)xiaomi.com> Fixes: 5cf909c553e9 ("mm/slub: use stackdepot to save stack trace in objects") Cc: stable(a)vger.kernel.org --- v1 -> v2: propagate gfp flags to set_track_prepare() v2 -> v3: Remove the gfp restriction in set_track_prepare() v3 -> v4: Re-describe the comments in set_track_prepare. v4 -> v5: Modify the patch commit. [1]https://lore.kernel.org/all/20250801065121.876793-1-yangshiguang1011@163.… [2]https://lore.kernel.org/all/20250814111641.380629-2-yangshiguang1011@163.… [3]https://lore.kernel.org/all/20250825121737.2535732-1-yangshiguang1011@163… [4]https://lore.kernel.org/all/20250830020946.1767573-1-yangshiguang1011@163… --- mm/slub.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 30003763d224..b0af51a5321b 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -962,19 +962,25 @@ static struct track *get_track(struct kmem_cache *s, void *object, } #ifdef CONFIG_STACKDEPOT -static noinline depot_stack_handle_t set_track_prepare(void) +static noinline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags) { depot_stack_handle_t handle; unsigned long entries[TRACK_ADDRS_COUNT]; unsigned int nr_entries; + /* + * Preemption is disabled in ___slab_alloc() so we need to disallow + * blocking. The flags are further adjusted by gfp_nested_mask() in + * stack_depot itself. + */ + gfp_flags &= ~(__GFP_DIRECT_RECLAIM); nr_entries = stack_trace_save(entries, ARRAY_SIZE(entries), 3); - handle = stack_depot_save(entries, nr_entries, GFP_NOWAIT); + handle = stack_depot_save(entries, nr_entries, gfp_flags); return handle; } #else -static inline depot_stack_handle_t set_track_prepare(void) +static inline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags) { return 0; } @@ -996,9 +1002,9 @@ static void set_track_update(struct kmem_cache *s, void *object, } static __always_inline void set_track(struct kmem_cache *s, void *object, - enum track_item alloc, unsigned long addr) + enum track_item alloc, unsigned long addr, gfp_t gfp_flags) { - depot_stack_handle_t handle = set_track_prepare(); + depot_stack_handle_t handle = set_track_prepare(gfp_flags); set_track_update(s, object, alloc, addr, handle); } @@ -1921,9 +1927,9 @@ static inline bool free_debug_processing(struct kmem_cache *s, static inline void slab_pad_check(struct kmem_cache *s, struct slab *slab) {} static inline int check_object(struct kmem_cache *s, struct slab *slab, void *object, u8 val) { return 1; } -static inline depot_stack_handle_t set_track_prepare(void) { return 0; } +static inline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags) { return 0; } static inline void set_track(struct kmem_cache *s, void *object, - enum track_item alloc, unsigned long addr) {} + enum track_item alloc, unsigned long addr, gfp_t gfp_flags) {} static inline void add_full(struct kmem_cache *s, struct kmem_cache_node *n, struct slab *slab) {} static inline void remove_full(struct kmem_cache *s, struct kmem_cache_node *n, @@ -3878,7 +3884,7 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node, * tracking info and return the object. */ if (s->flags & SLAB_STORE_USER) - set_track(s, freelist, TRACK_ALLOC, addr); + set_track(s, freelist, TRACK_ALLOC, addr, gfpflags); return freelist; } @@ -3910,7 +3916,7 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node, goto new_objects; if (s->flags & SLAB_STORE_USER) - set_track(s, freelist, TRACK_ALLOC, addr); + set_track(s, freelist, TRACK_ALLOC, addr, gfpflags); return freelist; } @@ -4422,7 +4428,7 @@ static noinline void free_to_partial_list( depot_stack_handle_t handle = 0; if (s->flags & SLAB_STORE_USER) - handle = set_track_prepare(); + handle = set_track_prepare(__GFP_NOWARN); spin_lock_irqsave(&n->list_lock, flags); -- 2.43.0

2 weeks, 2 days

1
0
0 0

[PATCH v5] mm: slub: avoid wake up kswapd in set_track_prepare

by yangshiguang1011＠163.com

From: yangshiguang <yangshiguang(a)xiaomi.com> From: yangshiguang <yangshiguang(a)xiaomi.com> set_track_prepare() can incur lock recursion. The issue is that it is called from hrtimer_start_range_ns holding the per_cpu(hrtimer_bases)[n].lock, but when enabled CONFIG_DEBUG_OBJECTS_TIMERS, may wake up kswapd in set_track_prepare, and try to hold the per_cpu(hrtimer_bases)[n].lock. Avoid deadlock caused by implicitly waking up kswapd by passing in allocation flags. And the slab caller context has preemption disabled, so __GFP_DIRECT_RECLAIM must not appear in gfp_flags. The oops looks something like: BUG: spinlock recursion on CPU#3, swapper/3/0 lock: 0xffffff8a4bf29c80, .magic: dead4ead, .owner: swapper/3/0, .owner_cpu: 3 Hardware name: Qualcomm Technologies, Inc. Popsicle based on SM8850 (DT) Call trace: spin_bug+0x0 _raw_spin_lock_irqsave+0x80 hrtimer_try_to_cancel+0x94 task_contending+0x10c enqueue_dl_entity+0x2a4 dl_server_start+0x74 enqueue_task_fair+0x568 enqueue_task+0xac do_activate_task+0x14c ttwu_do_activate+0xcc try_to_wake_up+0x6c8 default_wake_function+0x20 autoremove_wake_function+0x1c __wake_up+0xac wakeup_kswapd+0x19c wake_all_kswapds+0x78 __alloc_pages_slowpath+0x1ac __alloc_pages_noprof+0x298 stack_depot_save_flags+0x6b0 stack_depot_save+0x14 set_track_prepare+0x5c ___slab_alloc+0xccc __kmalloc_cache_noprof+0x470 __set_page_owner+0x2bc post_alloc_hook[jt]+0x1b8 prep_new_page+0x28 get_page_from_freelist+0x1edc __alloc_pages_noprof+0x13c alloc_slab_page+0x244 allocate_slab+0x7c ___slab_alloc+0x8e8 kmem_cache_alloc_noprof+0x450 debug_objects_fill_pool+0x22c debug_object_activate+0x40 enqueue_hrtimer[jt]+0xdc hrtimer_start_range_ns+0x5f8 ... Signed-off-by: yangshiguang <yangshiguang(a)xiaomi.com> Fixes: 5cf909c553e9 ("mm/slub: use stackdepot to save stack trace in objects") Cc: stable(a)vger.kernel.org --- v1 -> v2: propagate gfp flags to set_track_prepare() v2 -> v3: Remove the gfp restriction in set_track_prepare() v3 -> v4: Re-describe the comments in set_track_prepare. v4 -> v5: Modify the patch commit. [1]https://lore.kernel.org/all/20250801065121.876793-1-yangshiguang1011@163.… [2]https://lore.kernel.org/all/20250814111641.380629-2-yangshiguang1011@163.… [3]https://lore.kernel.org/all/20250825121737.2535732-1-yangshiguang1011@163… [4]https://lore.kernel.org/all/20250830020946.1767573-1-yangshiguang1011@163… --- mm/slub.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/mm/slub.c b/mm/slub.c index 30003763d224..b0af51a5321b 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -962,19 +962,25 @@ static struct track *get_track(struct kmem_cache *s, void *object, } #ifdef CONFIG_STACKDEPOT -static noinline depot_stack_handle_t set_track_prepare(void) +static noinline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags) { depot_stack_handle_t handle; unsigned long entries[TRACK_ADDRS_COUNT]; unsigned int nr_entries; + /* + * Preemption is disabled in ___slab_alloc() so we need to disallow + * blocking. The flags are further adjusted by gfp_nested_mask() in + * stack_depot itself. + */ + gfp_flags &= ~(__GFP_DIRECT_RECLAIM); nr_entries = stack_trace_save(entries, ARRAY_SIZE(entries), 3); - handle = stack_depot_save(entries, nr_entries, GFP_NOWAIT); + handle = stack_depot_save(entries, nr_entries, gfp_flags); return handle; } #else -static inline depot_stack_handle_t set_track_prepare(void) +static inline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags) { return 0; } @@ -996,9 +1002,9 @@ static void set_track_update(struct kmem_cache *s, void *object, } static __always_inline void set_track(struct kmem_cache *s, void *object, - enum track_item alloc, unsigned long addr) + enum track_item alloc, unsigned long addr, gfp_t gfp_flags) { - depot_stack_handle_t handle = set_track_prepare(); + depot_stack_handle_t handle = set_track_prepare(gfp_flags); set_track_update(s, object, alloc, addr, handle); } @@ -1921,9 +1927,9 @@ static inline bool free_debug_processing(struct kmem_cache *s, static inline void slab_pad_check(struct kmem_cache *s, struct slab *slab) {} static inline int check_object(struct kmem_cache *s, struct slab *slab, void *object, u8 val) { return 1; } -static inline depot_stack_handle_t set_track_prepare(void) { return 0; } +static inline depot_stack_handle_t set_track_prepare(gfp_t gfp_flags) { return 0; } static inline void set_track(struct kmem_cache *s, void *object, - enum track_item alloc, unsigned long addr) {} + enum track_item alloc, unsigned long addr, gfp_t gfp_flags) {} static inline void add_full(struct kmem_cache *s, struct kmem_cache_node *n, struct slab *slab) {} static inline void remove_full(struct kmem_cache *s, struct kmem_cache_node *n, @@ -3878,7 +3884,7 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node, * tracking info and return the object. */ if (s->flags & SLAB_STORE_USER) - set_track(s, freelist, TRACK_ALLOC, addr); + set_track(s, freelist, TRACK_ALLOC, addr, gfpflags); return freelist; } @@ -3910,7 +3916,7 @@ static void *___slab_alloc(struct kmem_cache *s, gfp_t gfpflags, int node, goto new_objects; if (s->flags & SLAB_STORE_USER) - set_track(s, freelist, TRACK_ALLOC, addr); + set_track(s, freelist, TRACK_ALLOC, addr, gfpflags); return freelist; } @@ -4422,7 +4428,7 @@ static noinline void free_to_partial_list( depot_stack_handle_t handle = 0; if (s->flags & SLAB_STORE_USER) - handle = set_track_prepare(); + handle = set_track_prepare(__GFP_NOWARN); spin_lock_irqsave(&n->list_lock, flags); -- 2.43.0

2 weeks, 2 days

1
0
0 0

[PATCH v2] mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting

by Ruan Shiyang

Goto-san reported confusing pgpromote statistics where the pgpromote_success count significantly exceeded pgpromote_candidate. On a system with three nodes (nodes 0-1: DRAM 4GB, node 2: NVDIMM 4GB): # Enable demotion only echo 1 > /sys/kernel/mm/numa/demotion_enabled numactl -m 0-1 memhog -r200 3500M >/dev/null & pid=$! sleep 2 numactl memhog -r100 2500M >/dev/null & sleep 10 kill -9 $pid # terminate the 1st memhog # Enable promotion echo 2 > /proc/sys/kernel/numa_balancing After a few seconds, we observeed `pgpromote_candidate < pgpromote_success` $ grep -e pgpromote /proc/vmstat pgpromote_success 2579 pgpromote_candidate 0 In this scenario, after terminating the first memhog, the conditions for pgdat_free_space_enough() are quickly met, and triggers promotion. However, these migrated pages are only counted for in PGPROMOTE_SUCCESS, not in PGPROMOTE_CANDIDATE. To solve these confusing statistics, introduce PGPROMOTE_CANDIDATE_NRL to count the missed promotion pages. And also, not counting these pages into PGPROMOTE_CANDIDATE is to avoid changing the existing algorithm or performance of the promotion rate limit. Link: https://lkml.kernel.org/r/20250729035101.1601407-1-ruansy.fnst@fujitsu.com Co-developed-by: Li Zhijian <lizhijian(a)fujitsu.com> Signed-off-by: Ruan Shiyang <ruansy.fnst(a)fujitsu.com> Reported-by: Yasunori Gotou (Fujitsu) <y-goto(a)fujitsu.com> Suggested-by: Huang Ying <ying.huang(a)linux.alibaba.com> Acked-by: Vlastimil Babka <vbabka(a)suse.cz> Cc: Ingo Molnar <mingo(a)redhat.com> Cc: Peter Zijlstra <peterz(a)infradead.org> Cc: Juri Lelli <juri.lelli(a)redhat.com> Cc: Vincent Guittot <vincent.guittot(a)linaro.org> Cc: Dietmar Eggemann <dietmar.eggemann(a)arm.com> Cc: Steven Rostedt <rostedt(a)goodmis.org> Cc: Ben Segall <bsegall(a)google.com> Cc: Mel Gorman <mgorman(a)suse.de> Cc: Valentin Schneider <vschneid(a)redhat.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- Changes since v1: 1. change Li Zhijian from 'Signed-off-by' to 'Co-developed-by' per Vlastimil. 2. add Acked-by: Vlastimil Babka <vbabka(a)suse.cz> --- include/linux/mmzone.h | 16 +++++++++++++++- kernel/sched/fair.c | 5 +++-- mm/vmstat.c | 1 + 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h index 0c5da9141983..9d3ea9085556 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h @@ -234,7 +234,21 @@ enum node_stat_item { #endif #ifdef CONFIG_NUMA_BALANCING PGPROMOTE_SUCCESS, /* promote successfully */ - PGPROMOTE_CANDIDATE, /* candidate pages to promote */ + /** + * Candidate pages for promotion based on hint fault latency. This + * counter is used to control the promotion rate and adjust the hot + * threshold. + */ + PGPROMOTE_CANDIDATE, + /** + * Not rate-limited (NRL) candidate pages for those can be promoted + * without considering hot threshold because of enough free pages in + * fast-tier node. These promotions bypass the regular hotness checks + * and do NOT influence the promotion rate-limiter or + * threshold-adjustment logic. + * This is for statistics/monitoring purposes. + */ + PGPROMOTE_CANDIDATE_NRL, #endif /* PGDEMOTE_*: pages demoted */ PGDEMOTE_KSWAPD, diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c index b173a059315c..82c8d804c54c 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -1923,11 +1923,13 @@ bool should_numa_migrate_memory(struct task_struct *p, struct folio *folio, struct pglist_data *pgdat; unsigned long rate_limit; unsigned int latency, th, def_th; + long nr = folio_nr_pages(folio); pgdat = NODE_DATA(dst_nid); if (pgdat_free_space_enough(pgdat)) { /* workload changed, reset hot threshold */ pgdat->nbp_threshold = 0; + mod_node_page_state(pgdat, PGPROMOTE_CANDIDATE_NRL, nr); return true; } @@ -1941,8 +1943,7 @@ bool should_numa_migrate_memory(struct task_struct *p, struct folio *folio, if (latency >= th) return false; - return !numa_promotion_rate_limit(pgdat, rate_limit, - folio_nr_pages(folio)); + return !numa_promotion_rate_limit(pgdat, rate_limit, nr); } this_cpupid = cpu_pid_to_cpupid(dst_cpu, current->pid); diff --git a/mm/vmstat.c b/mm/vmstat.c index 71cd1ceba191..e74f0b2a1021 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c @@ -1280,6 +1280,7 @@ const char * const vmstat_text[] = { #ifdef CONFIG_NUMA_BALANCING [I(PGPROMOTE_SUCCESS)] = "pgpromote_success", [I(PGPROMOTE_CANDIDATE)] = "pgpromote_candidate", + [I(PGPROMOTE_CANDIDATE_NRL)] = "pgpromote_candidate_nrl", #endif [I(PGDEMOTE_KSWAPD)] = "pgdemote_kswapd", [I(PGDEMOTE_DIRECT)] = "pgdemote_direct", -- 2.43.0

2 weeks, 2 days

2
1
0 0

[PATCH] iommu/intel: Fix __domain_mapping()'s usage of switch_to_super_page()

by Eugene Koira

switch_to_super_page() assumes the memory range it's working on is aligned to the target large page level. Unfortunately, __domain_mapping() doesn't take this into account when using it, and will pass unaligned ranges ultimately freeing a PTE range larger than expected. Take for example a mapping with the following iov_pfn range [0x3fe400, 0x4c0600], which should be backed by the following mappings: iov_pfn [0x3fe400, 0x3fffff] covered by 2MiB pages iov_pfn [0x400000, 0x4bffff] covered by 1GiB pages iov_pfn [0x4c0000, 0x4c05ff] covered by 2MiB pages Under this circumstance, __domain_mapping() will pass [0x400000, 0x4c05ff] to switch_to_super_page() at a 1 GiB granularity, which will in turn free PTEs all the way to iov_pfn 0x4fffff. Mitigate this by rounding down the iov_pfn range passed to switch_to_super_page() in __domain_mapping() to the target large page level. Additionally add range alignment checks to switch_to_super_page. Fixes: 9906b9352a35 ("iommu/vt-d: Avoid duplicate removing in __domain_mapping()") Signed-off-by: Eugene Koira <eugkoira(a)amazon.com> Cc: stable(a)vger.kernel.org --- drivers/iommu/intel/iommu.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/iommu/intel/iommu.c b/drivers/iommu/intel/iommu.c index 9c3ab9d9f69a..dff2d895b8ab 100644 --- a/drivers/iommu/intel/iommu.c +++ b/drivers/iommu/intel/iommu.c @@ -1575,6 +1575,10 @@ static void switch_to_super_page(struct dmar_domain *domain, unsigned long lvl_pages = lvl_to_nr_pages(level); struct dma_pte *pte = NULL; + if (WARN_ON(!IS_ALIGNED(start_pfn, lvl_pages) || + !IS_ALIGNED(end_pfn + 1, lvl_pages))) + return; + while (start_pfn <= end_pfn) { if (!pte) pte = pfn_to_dma_pte(domain, start_pfn, &level, @@ -1650,7 +1654,8 @@ __domain_mapping(struct dmar_domain *domain, unsigned long iov_pfn, unsigned long pages_to_remove; pteval |= DMA_PTE_LARGE_PAGE; - pages_to_remove = min_t(unsigned long, nr_pages, + pages_to_remove = min_t(unsigned long, + round_down(nr_pages, lvl_pages), nr_pte_to_next_page(pte) * lvl_pages); end_pfn = iov_pfn + pages_to_remove - 1; switch_to_super_page(domain, iov_pfn, end_pfn, largepage_lvl); -- 2.47.3 Amazon Development Center (Netherlands) B.V., Johanna Westerdijkplein 1, NL-2521 EN The Hague, Registration No. Chamber of Commerce 56869649, VAT: NL 852339859B01

2 weeks, 2 days

4
5
0 0

[PATCH] coresight: trbe: Fix incorrect error check for devm_kzalloc

by Miaoqian Lin

Fix incorrect use of IS_ERR() to check devm_kzalloc() return value. devm_kzalloc() returns NULL on failure, not an error pointer. This issue was introduced by commit 4277f035d227 ("coresight: trbe: Add a representative coresight_platform_data for TRBE") which replaced the original function but didn't update the error check. Fixes: 4277f035d227 ("coresight: trbe: Add a representative coresight_platform_data for TRBE") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/hwtracing/coresight/coresight-trbe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/hwtracing/coresight/coresight-trbe.c b/drivers/hwtracing/coresight/coresight-trbe.c index 8267dd1a2130..caf873adfc3a 100644 --- a/drivers/hwtracing/coresight/coresight-trbe.c +++ b/drivers/hwtracing/coresight/coresight-trbe.c @@ -1279,7 +1279,7 @@ static void arm_trbe_register_coresight_cpu(struct trbe_drvdata *drvdata, int cp * into the device for that purpose. */ desc.pdata = devm_kzalloc(dev, sizeof(*desc.pdata), GFP_KERNEL); - if (IS_ERR(desc.pdata)) + if (!desc.pdata) goto cpu_clear; desc.type = CORESIGHT_DEV_TYPE_SINK; -- 2.35.1

2 weeks, 2 days

2
1
0 0

+ mm-fix-folio_expected_ref_count-when-pg_private_2.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm: fix folio_expected_ref_count() when PG_private_2 has been added to the -mm mm-new branch. Its filename is mm-fix-folio_expected_ref_count-when-pg_private_2.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Hugh Dickins <hughd(a)google.com> Subject: mm: fix folio_expected_ref_count() when PG_private_2 Date: Sun, 31 Aug 2025 02:01:16 -0700 (PDT) 6.16's folio_expected_ref_count() is forgetting the PG_private_2 flag, which (like PG_private, but not in addition to PG_private) counts for 1 more reference: it needs to be using folio_has_private() in place of folio_test_private(). But this went wrong earlier: folio_expected_ref_count() was based on (and replaced) mm/migrate.c's folio_expected_refs(), which has been using folio_test_private() since 6.0 converted to folios(): before that, expected_page_refs() was correctly using page_has_private(). Just a few filesystems are still using PG_private_2 a.k.a. PG_fscache. Potentially, this fix re-enables page migration on their folios; but it would not be surprising to learn that in practice those folios are not migratable for other reasons. Link: https://lkml.kernel.org/r/f91ee36e-a8cb-e3a4-c23b-524ff3848da7@google.com Fixes: 86ebd50224c0 ("mm: add folio_expected_ref_count() for reference count calculation") Fixes: 108ca8358139 ("mm/migrate: Convert expected_page_refs() to folio_expected_refs()") Signed-off-by: Hugh Dickins <hughd(a)google.com> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)kernel.org> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Keir Fraser <keirf(a)google.com> Cc: Konstantin Khlebnikov <koct9i(a)gmail.com> Cc: Li Zhe <lizhe.67(a)bytedance.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: Shivank Garg <shivankg(a)amd.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Wei Xu <weixugc(a)google.com> Cc: Will Deacon <will(a)kernel.org> Cc: yangge <yangge1116(a)126.com> Cc: Yuanchu Xie <yuanchu(a)google.com> Cc: Yu Zhao <yuzhao(a)google.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/mm.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/include/linux/mm.h~mm-fix-folio_expected_ref_count-when-pg_private_2 +++ a/include/linux/mm.h @@ -2234,8 +2234,8 @@ static inline int folio_expected_ref_cou } else { /* One reference per page from the pagecache. */ ref_count += !!folio->mapping << order; - /* One reference from PG_private. */ - ref_count += folio_test_private(folio); + /* One reference from PG_private or PG_private_2. */ + ref_count += folio_has_private(folio); } /* One reference per page table mapping. */ _ Patches currently in -mm which might be from hughd(a)google.com are mm-fix-folio_expected_ref_count-when-pg_private_2.patch mm-gup-check-ref_count-instead-of-lru-before-migration.patch mm-gup-local-lru_add_drain-to-avoid-lru_add_drain_all.patch mm-revert-mm-gup-clear-the-lru-flag-of-a-page-before-adding-to-lru-batch.patch mm-revert-mm-vmscanc-fix-oom-on-swap-stress-test.patch mm-folio_may_be_cached-unless-folio_test_large.patch mm-lru_add_drain_all-do-local-lru_add_drain-first.patch

2 weeks, 3 days

2
1
0 0

PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up

by Marek Vasut

Please backport the following commit into Linux v5.4 and newer stable releases: 80dc18a0cba8dea42614f021b20a04354b213d86 The backport will likely depend on macro rename commit: 817f989700fddefa56e5e443e7d138018ca6709d This part of commit description clarifies why this is a fix: " As per PCIe r6.0, sec 6.6.1, a Downstream Port that supports Link speeds greater than 5.0 GT/s, software must wait a minimum of 100 ms after Link training completes before sending a Configuration Request. " In practice, this makes detection of PCIe Gen3 and Gen4 SSDs reliable on Renesas R-Car V4H SoC. Without this commit, the SSDs sporadically do not get detected, or sometimes they link up in Gen1 mode. This fixes commit 886bc5ceb5cc ("PCI: designware: Add generic dw_pcie_wait_for_link()") which is in v4.5-rc1-4-g886bc5ceb5cc3 , so I think this fix should be backported to all currently maintained stable releases, i.e. v5.4+ . Thank you -- Best regards, Marek Vasut

2 weeks, 3 days

2
2
0 0

+ mm-folio_may_be_cached-unless-folio_test_large.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm: folio_may_be_cached() unless folio_test_large() has been added to the -mm mm-new branch. Its filename is mm-folio_may_be_cached-unless-folio_test_large.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Hugh Dickins <hughd(a)google.com> Subject: mm: folio_may_be_cached() unless folio_test_large() Date: Sun, 31 Aug 2025 02:16:25 -0700 (PDT) mm/swap.c and mm/mlock.c agree to drain any per-CPU batch as soon as a large folio is added: so collect_longterm_unpinnable_folios() just wastes effort when calling lru_add_drain_all() on a large folio. But although there is good reason not to batch up PMD-sized folios, we might well benefit from batching a small number of low-order mTHPs (though unclear how that "small number" limitation will be implemented). So ask if folio_may_be_cached() rather than !folio_test_large(), to insulate those particular checks from future change. Name preferred to "folio_is_batchable" because large folios can well be put on a batch: it's just the per-CPU LRU caches, drained much later, which need care. Marked for stable, to counter the increase in lru_add_drain_all()s from "mm/gup: check ref_count instead of lru before migration". Link: https://lkml.kernel.org/r/861c061c-51cd-b940-49df-9f55e1fee2c8@google.com Signed-off-by: Hugh Dickins <hughd(a)google.com> Suggested-by: David Hildenbrand <david(a)redhat.com> Cc: <stable(a)vger.kernel.org> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)kernel.org> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Keir Fraser <keirf(a)google.com> Cc: Konstantin Khlebnikov <koct9i(a)gmail.com> Cc: Li Zhe <lizhe.67(a)bytedance.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: Shivank Garg <shivankg(a)amd.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Wei Xu <weixugc(a)google.com> Cc: Will Deacon <will(a)kernel.org> Cc: yangge <yangge1116(a)126.com> Cc: Yuanchu Xie <yuanchu(a)google.com> Cc: Yu Zhao <yuzhao(a)google.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/swap.h | 10 ++++++++++ mm/gup.c | 5 +++-- mm/mlock.c | 6 +++--- mm/swap.c | 2 +- 4 files changed, 17 insertions(+), 6 deletions(-) --- a/include/linux/swap.h~mm-folio_may_be_cached-unless-folio_test_large +++ a/include/linux/swap.h @@ -381,6 +381,16 @@ void folio_add_lru_vma(struct folio *, s void mark_page_accessed(struct page *); void folio_mark_accessed(struct folio *); +static inline bool folio_may_be_cached(struct folio *folio) +{ + /* + * Holding PMD-sized folios in per-CPU LRU cache unbalances accounting. + * Holding small numbers of low-order mTHP folios in per-CPU LRU cache + * will be sensible, but nobody has implemented and tested that yet. + */ + return !folio_test_large(folio); +} + extern atomic_t lru_disable_count; static inline bool lru_cache_disabled(void) --- a/mm/gup.c~mm-folio_may_be_cached-unless-folio_test_large +++ a/mm/gup.c @@ -2309,8 +2309,9 @@ static unsigned long collect_longterm_un continue; } - if (drain_allow && folio_ref_count(folio) != - folio_expected_ref_count(folio) + 1) { + if (drain_allow && folio_may_be_cached(folio) && + folio_ref_count(folio) != + folio_expected_ref_count(folio) + 1) { lru_add_drain_all(); drain_allow = false; } --- a/mm/mlock.c~mm-folio_may_be_cached-unless-folio_test_large +++ a/mm/mlock.c @@ -255,7 +255,7 @@ void mlock_folio(struct folio *folio) folio_get(folio); if (!folio_batch_add(fbatch, mlock_lru(folio)) || - folio_test_large(folio) || lru_cache_disabled()) + !folio_may_be_cached(folio) || lru_cache_disabled()) mlock_folio_batch(fbatch); local_unlock(&mlock_fbatch.lock); } @@ -278,7 +278,7 @@ void mlock_new_folio(struct folio *folio folio_get(folio); if (!folio_batch_add(fbatch, mlock_new(folio)) || - folio_test_large(folio) || lru_cache_disabled()) + !folio_may_be_cached(folio) || lru_cache_disabled()) mlock_folio_batch(fbatch); local_unlock(&mlock_fbatch.lock); } @@ -299,7 +299,7 @@ void munlock_folio(struct folio *folio) */ folio_get(folio); if (!folio_batch_add(fbatch, folio) || - folio_test_large(folio) || lru_cache_disabled()) + !folio_may_be_cached(folio) || lru_cache_disabled()) mlock_folio_batch(fbatch); local_unlock(&mlock_fbatch.lock); } --- a/mm/swap.c~mm-folio_may_be_cached-unless-folio_test_large +++ a/mm/swap.c @@ -192,7 +192,7 @@ static void __folio_batch_add_and_move(s local_lock(&cpu_fbatches.lock); if (!folio_batch_add(this_cpu_ptr(fbatch), folio) || - folio_test_large(folio) || lru_cache_disabled()) + !folio_may_be_cached(folio) || lru_cache_disabled()) folio_batch_move_lru(this_cpu_ptr(fbatch), move_fn); if (disable_irq) _ Patches currently in -mm which might be from hughd(a)google.com are mm-fix-folio_expected_ref_count-when-pg_private_2.patch mm-gup-check-ref_count-instead-of-lru-before-migration.patch mm-gup-local-lru_add_drain-to-avoid-lru_add_drain_all.patch mm-revert-mm-gup-clear-the-lru-flag-of-a-page-before-adding-to-lru-batch.patch mm-revert-mm-vmscanc-fix-oom-on-swap-stress-test.patch mm-folio_may_be_cached-unless-folio_test_large.patch mm-lru_add_drain_all-do-local-lru_add_drain-first.patch

2 weeks, 3 days

1
0
0 0

+ mm-revert-mm-vmscanc-fix-oom-on-swap-stress-test.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm: Revert "mm: vmscan.c: fix OOM on swap stress test" has been added to the -mm mm-new branch. Its filename is mm-revert-mm-vmscanc-fix-oom-on-swap-stress-test.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Hugh Dickins <hughd(a)google.com> Subject: mm: Revert "mm: vmscan.c: fix OOM on swap stress test" Date: Sun, 31 Aug 2025 02:13:55 -0700 (PDT) This reverts commit 0885ef4705607936fc36a38fd74356e1c465b023: that was a fix to the reverted 33dfe9204f29b415bbc0abb1a50642d1ba94f5e9. Link: https://lkml.kernel.org/r/bd440614-3d2c-31d6-1b8f-9635c69cef7c@google.com Fixes: 0885ef470560 ("mm: vmscan.c: fix OOM on swap stress test") Signed-off-by: Hugh Dickins <hughd(a)google.com> Cc: <stable(a)vger.kernel.org> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)kernel.org> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Keir Fraser <keirf(a)google.com> Cc: Konstantin Khlebnikov <koct9i(a)gmail.com> Cc: Li Zhe <lizhe.67(a)bytedance.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: Shivank Garg <shivankg(a)amd.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Wei Xu <weixugc(a)google.com> Cc: Will Deacon <will(a)kernel.org> Cc: yangge <yangge1116(a)126.com> Cc: Yuanchu Xie <yuanchu(a)google.com> Cc: Yu Zhao <yuzhao(a)google.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/vmscan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/mm/vmscan.c~mm-revert-mm-vmscanc-fix-oom-on-swap-stress-test +++ a/mm/vmscan.c @@ -4500,7 +4500,7 @@ static bool sort_folio(struct lruvec *lr } /* ineligible */ - if (!folio_test_lru(folio) || zone > sc->reclaim_idx) { + if (zone > sc->reclaim_idx) { gen = folio_inc_gen(lruvec, folio, false); list_move_tail(&folio->lru, &lrugen->folios[gen][type][zone]); return true; _ Patches currently in -mm which might be from hughd(a)google.com are mm-fix-folio_expected_ref_count-when-pg_private_2.patch mm-gup-check-ref_count-instead-of-lru-before-migration.patch mm-gup-local-lru_add_drain-to-avoid-lru_add_drain_all.patch mm-revert-mm-gup-clear-the-lru-flag-of-a-page-before-adding-to-lru-batch.patch mm-revert-mm-vmscanc-fix-oom-on-swap-stress-test.patch mm-folio_may_be_cached-unless-folio_test_large.patch mm-lru_add_drain_all-do-local-lru_add_drain-first.patch

2 weeks, 3 days

1
0
0 0

+ mm-revert-mm-gup-clear-the-lru-flag-of-a-page-before-adding-to-lru-batch.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm: Revert "mm/gup: clear the LRU flag of a page before adding to LRU batch" has been added to the -mm mm-new branch. Its filename is mm-revert-mm-gup-clear-the-lru-flag-of-a-page-before-adding-to-lru-batch.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Hugh Dickins <hughd(a)google.com> Subject: mm: Revert "mm/gup: clear the LRU flag of a page before adding to LRU batch" Date: Sun, 31 Aug 2025 02:11:33 -0700 (PDT) This reverts commit 33dfe9204f29b415bbc0abb1a50642d1ba94f5e9: now that collect_longterm_unpinnable_folios() is checking ref_count instead of lru, and mlock/munlock do not participate in the revised LRU flag clearing, those changes are misleading, and enlarge the window during which mlock/munlock may miss an mlock_count update. It is possible (I'd hesitate to claim probable) that the greater likelihood of missed mlock_count updates would explain the "Realtime threads delayed due to kcompactd0" observed on 6.12 in the Link below. If that is the case, this reversion will help; but a complete solution needs also a further patch, beyond the scope of this series. Included some 80-column cleanup around folio_batch_add_and_move(). The role of folio_test_clear_lru() (before taking per-memcg lru_lock) is questionable since 6.13 removed mem_cgroup_move_account() etc; but perhaps there are still some races which need it - not examined here. Link: https://lore.kernel.org/linux-mm/DU0PR01MB10385345F7153F334100981888259A@DU… Link: https://lkml.kernel.org/r/0215a42b-99cd-612a-95f7-56f8251d99ef@google.com Fixes: 33dfe9204f29 ("mm/gup: clear the LRU flag of a page before adding to LRU batch") Signed-off-by: Hugh Dickins <hughd(a)google.com> Cc: <stable(a)vger.kernel.org> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)kernel.org> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Keir Fraser <keirf(a)google.com> Cc: Konstantin Khlebnikov <koct9i(a)gmail.com> Cc: Li Zhe <lizhe.67(a)bytedance.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: Shivank Garg <shivankg(a)amd.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Wei Xu <weixugc(a)google.com> Cc: Will Deacon <will(a)kernel.org> Cc: yangge <yangge1116(a)126.com> Cc: Yuanchu Xie <yuanchu(a)google.com> Cc: Yu Zhao <yuzhao(a)google.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/swap.c | 50 ++++++++++++++++++++++++++------------------------ 1 file changed, 26 insertions(+), 24 deletions(-) --- a/mm/swap.c~mm-revert-mm-gup-clear-the-lru-flag-of-a-page-before-adding-to-lru-batch +++ a/mm/swap.c @@ -164,6 +164,10 @@ static void folio_batch_move_lru(struct for (i = 0; i < folio_batch_count(fbatch); i++) { struct folio *folio = fbatch->folios[i]; + /* block memcg migration while the folio moves between lru */ + if (move_fn != lru_add && !folio_test_clear_lru(folio)) + continue; + folio_lruvec_relock_irqsave(folio, &lruvec, &flags); move_fn(lruvec, folio); @@ -176,14 +180,10 @@ static void folio_batch_move_lru(struct } static void __folio_batch_add_and_move(struct folio_batch __percpu *fbatch, - struct folio *folio, move_fn_t move_fn, - bool on_lru, bool disable_irq) + struct folio *folio, move_fn_t move_fn, bool disable_irq) { unsigned long flags; - if (on_lru && !folio_test_clear_lru(folio)) - return; - folio_get(folio); if (disable_irq) @@ -191,8 +191,8 @@ static void __folio_batch_add_and_move(s else local_lock(&cpu_fbatches.lock); - if (!folio_batch_add(this_cpu_ptr(fbatch), folio) || folio_test_large(folio) || - lru_cache_disabled()) + if (!folio_batch_add(this_cpu_ptr(fbatch), folio) || + folio_test_large(folio) || lru_cache_disabled()) folio_batch_move_lru(this_cpu_ptr(fbatch), move_fn); if (disable_irq) @@ -201,13 +201,13 @@ static void __folio_batch_add_and_move(s local_unlock(&cpu_fbatches.lock); } -#define folio_batch_add_and_move(folio, op, on_lru) \ - __folio_batch_add_and_move( \ - &cpu_fbatches.op, \ - folio, \ - op, \ - on_lru, \ - offsetof(struct cpu_fbatches, op) >= offsetof(struct cpu_fbatches, lock_irq) \ +#define folio_batch_add_and_move(folio, op) \ + __folio_batch_add_and_move( \ + &cpu_fbatches.op, \ + folio, \ + op, \ + offsetof(struct cpu_fbatches, op) >= \ + offsetof(struct cpu_fbatches, lock_irq) \ ) static void lru_move_tail(struct lruvec *lruvec, struct folio *folio) @@ -231,10 +231,10 @@ static void lru_move_tail(struct lruvec void folio_rotate_reclaimable(struct folio *folio) { if (folio_test_locked(folio) || folio_test_dirty(folio) || - folio_test_unevictable(folio)) + folio_test_unevictable(folio) || !folio_test_lru(folio)) return; - folio_batch_add_and_move(folio, lru_move_tail, true); + folio_batch_add_and_move(folio, lru_move_tail); } void lru_note_cost_unlock_irq(struct lruvec *lruvec, bool file, @@ -328,10 +328,11 @@ static void folio_activate_drain(int cpu void folio_activate(struct folio *folio) { - if (folio_test_active(folio) || folio_test_unevictable(folio)) + if (folio_test_active(folio) || folio_test_unevictable(folio) || + !folio_test_lru(folio)) return; - folio_batch_add_and_move(folio, lru_activate, true); + folio_batch_add_and_move(folio, lru_activate); } #else @@ -507,7 +508,7 @@ void folio_add_lru(struct folio *folio) lru_gen_in_fault() && !(current->flags & PF_MEMALLOC)) folio_set_active(folio); - folio_batch_add_and_move(folio, lru_add, false); + folio_batch_add_and_move(folio, lru_add); } EXPORT_SYMBOL(folio_add_lru); @@ -685,13 +686,13 @@ void lru_add_drain_cpu(int cpu) void deactivate_file_folio(struct folio *folio) { /* Deactivating an unevictable folio will not accelerate reclaim */ - if (folio_test_unevictable(folio)) + if (folio_test_unevictable(folio) || !folio_test_lru(folio)) return; if (lru_gen_enabled() && lru_gen_clear_refs(folio)) return; - folio_batch_add_and_move(folio, lru_deactivate_file, true); + folio_batch_add_and_move(folio, lru_deactivate_file); } /* @@ -704,13 +705,13 @@ void deactivate_file_folio(struct folio */ void folio_deactivate(struct folio *folio) { - if (folio_test_unevictable(folio)) + if (folio_test_unevictable(folio) || !folio_test_lru(folio)) return; if (lru_gen_enabled() ? lru_gen_clear_refs(folio) : !folio_test_active(folio)) return; - folio_batch_add_and_move(folio, lru_deactivate, true); + folio_batch_add_and_move(folio, lru_deactivate); } /** @@ -723,10 +724,11 @@ void folio_deactivate(struct folio *foli void folio_mark_lazyfree(struct folio *folio) { if (!folio_test_anon(folio) || !folio_test_swapbacked(folio) || + !folio_test_lru(folio) || folio_test_swapcache(folio) || folio_test_unevictable(folio)) return; - folio_batch_add_and_move(folio, lru_lazyfree, true); + folio_batch_add_and_move(folio, lru_lazyfree); } void lru_add_drain(void) _ Patches currently in -mm which might be from hughd(a)google.com are mm-fix-folio_expected_ref_count-when-pg_private_2.patch mm-gup-check-ref_count-instead-of-lru-before-migration.patch mm-gup-local-lru_add_drain-to-avoid-lru_add_drain_all.patch mm-revert-mm-gup-clear-the-lru-flag-of-a-page-before-adding-to-lru-batch.patch mm-revert-mm-vmscanc-fix-oom-on-swap-stress-test.patch mm-folio_may_be_cached-unless-folio_test_large.patch mm-lru_add_drain_all-do-local-lru_add_drain-first.patch

2 weeks, 3 days

1
0
0 0

+ mm-gup-local-lru_add_drain-to-avoid-lru_add_drain_all.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/gup: local lru_add_drain() to avoid lru_add_drain_all() has been added to the -mm mm-new branch. Its filename is mm-gup-local-lru_add_drain-to-avoid-lru_add_drain_all.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Hugh Dickins <hughd(a)google.com> Subject: mm/gup: local lru_add_drain() to avoid lru_add_drain_all() Date: Sun, 31 Aug 2025 02:08:26 -0700 (PDT) In many cases, if collect_longterm_unpinnable_folios() does need to drain the LRU cache to release a reference, the cache in question is on this same CPU, and much more efficiently drained by a preliminary local lru_add_drain(), than the later cross-CPU lru_add_drain_all(). Marked for stable, to counter the increase in lru_add_drain_all()s from "mm/gup: check ref_count instead of lru before migration". Note for clean backports: can take 6.16 commit a03db236aebf ("gup: optimize longterm pin_user_pages() for large folio") first. Link: https://lkml.kernel.org/r/165ccfdb-16b5-ac11-0d66-2984293590c8@google.com Signed-off-by: Hugh Dickins <hughd(a)google.com> Cc: <stable(a)vger.kernel.org> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)kernel.org> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Keir Fraser <keirf(a)google.com> Cc: Konstantin Khlebnikov <koct9i(a)gmail.com> Cc: Li Zhe <lizhe.67(a)bytedance.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: Shivank Garg <shivankg(a)amd.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Wei Xu <weixugc(a)google.com> Cc: Will Deacon <will(a)kernel.org> Cc: yangge <yangge1116(a)126.com> Cc: Yuanchu Xie <yuanchu(a)google.com> Cc: Yu Zhao <yuzhao(a)google.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup.c | 2 ++ 1 file changed, 2 insertions(+) --- a/mm/gup.c~mm-gup-local-lru_add_drain-to-avoid-lru_add_drain_all +++ a/mm/gup.c @@ -2291,6 +2291,8 @@ static unsigned long collect_longterm_un struct folio *folio; long i = 0; + lru_add_drain(); + for (folio = pofs_get_folio(pofs, i); folio; folio = pofs_next_folio(folio, pofs, &i)) { _ Patches currently in -mm which might be from hughd(a)google.com are mm-fix-folio_expected_ref_count-when-pg_private_2.patch mm-gup-check-ref_count-instead-of-lru-before-migration.patch mm-gup-local-lru_add_drain-to-avoid-lru_add_drain_all.patch mm-revert-mm-gup-clear-the-lru-flag-of-a-page-before-adding-to-lru-batch.patch mm-revert-mm-vmscanc-fix-oom-on-swap-stress-test.patch mm-folio_may_be_cached-unless-folio_test_large.patch mm-lru_add_drain_all-do-local-lru_add_drain-first.patch

2 weeks, 3 days

1
0
0 0

+ mm-gup-check-ref_count-instead-of-lru-before-migration.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/gup: check ref_count instead of lru before migration has been added to the -mm mm-new branch. Its filename is mm-gup-check-ref_count-instead-of-lru-before-migration.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Hugh Dickins <hughd(a)google.com> Subject: mm/gup: check ref_count instead of lru before migration Date: Sun, 31 Aug 2025 02:05:56 -0700 (PDT) Will Deacon reports:- When taking a longterm GUP pin via pin_user_pages(), __gup_longterm_locked() tries to migrate target folios that should not be longterm pinned, for example because they reside in a CMA region or movable zone. This is done by first pinning all of the target folios anyway, collecting all of the longterm-unpinnable target folios into a list, dropping the pins that were just taken and finally handing the list off to migrate_pages() for the actual migration. It is critically important that no unexpected references are held on the folios being migrated, otherwise the migration will fail and pin_user_pages() will return -ENOMEM to its caller. Unfortunately, it is relatively easy to observe migration failures when running pKVM (which uses pin_user_pages() on crosvm's virtual address space to resolve stage-2 page faults from the guest) on a 6.15-based Pixel 6 device and this results in the VM terminating prematurely. In the failure case, 'crosvm' has called mlock(MLOCK_ONFAULT) on its mapping of guest memory prior to the pinning. Subsequently, when pin_user_pages() walks the page-table, the relevant 'pte' is not present and so the faulting logic allocates a new folio, mlocks it with mlock_folio() and maps it in the page-table. Since commit 2fbb0c10d1e8 ("mm/munlock: mlock_page() munlock_page() batch by pagevec"), mlock/munlock operations on a folio (formerly page), are deferred. For example, mlock_folio() takes an additional reference on the target folio before placing it into a per-cpu 'folio_batch' for later processing by mlock_folio_batch(), which drops the refcount once the operation is complete. Processing of the batches is coupled with the LRU batch logic and can be forcefully drained with lru_add_drain_all() but as long as a folio remains unprocessed on the batch, its refcount will be elevated. This deferred batching therefore interacts poorly with the pKVM pinning scenario as we can find ourselves in a situation where the migration code fails to migrate a folio due to the elevated refcount from the pending mlock operation. Hugh Dickins adds:- !folio_test_lru() has never been a very reliable way to tell if an lru_add_drain_all() is worth calling, to remove LRU cache references to make the folio migratable: the LRU flag may be set even while the folio is held with an extra reference in a per-CPU LRU cache. 5.18 commit 2fbb0c10d1e8 may have made it more unreliable. Then 6.11 commit 33dfe9204f29 ("mm/gup: clear the LRU flag of a page before adding to LRU batch") tried to make it reliable, by moving LRU flag clearing; but missed the mlock/munlock batches, so still unreliable as reported. And it turns out to be difficult to extend 33dfe9204f29's LRU flag clearing to the mlock/munlock batches: if they do benefit from batching, mlock/munlock cannot be so effective when easily suppressed while !LRU. Instead, switch to an expected ref_count check, which was more reliable all along: some more false positives (unhelpful drains) than before, and never a guarantee that the folio will prove migratable, but better. Note for stable backports: requires 6.16 commit 86ebd50224c0 ("mm: add folio_expected_ref_count() for reference count calculation") and 6.17 commit ("mm: fix folio_expected_ref_count() when PG_private_2"). Link: https://lkml.kernel.org/r/47c51c9a-140f-1ea1-b692-c4bae5d1fa58@google.com Fixes: 9a4e9f3b2d73 ("mm: update get_user_pages_longterm to migrate pages allocated from CMA region") Signed-off-by: Hugh Dickins <hughd(a)google.com> Reported-by: Will Deacon <will(a)kernel.org> Link: https://lore.kernel.org/linux-mm/20250815101858.24352-1-will@kernel.org/ Cc: <stable(a)vger.kernel.org> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)kernel.org> Cc: Axel Rasmussen <axelrasmussen(a)google.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: Christoph Hellwig <hch(a)infradead.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Johannes Weiner <hannes(a)cmpxchg.org> Cc: John Hubbard <jhubbard(a)nvidia.com> Cc: Keir Fraser <keirf(a)google.com> Cc: Konstantin Khlebnikov <koct9i(a)gmail.com> Cc: Li Zhe <lizhe.67(a)bytedance.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Peter Xu <peterx(a)redhat.com> Cc: Shivank Garg <shivankg(a)amd.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Wei Xu <weixugc(a)google.com> Cc: yangge <yangge1116(a)126.com> Cc: Yuanchu Xie <yuanchu(a)google.com> Cc: Yu Zhao <yuzhao(a)google.com> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/mm/gup.c~mm-gup-check-ref_count-instead-of-lru-before-migration +++ a/mm/gup.c @@ -2307,7 +2307,8 @@ static unsigned long collect_longterm_un continue; } - if (!folio_test_lru(folio) && drain_allow) { + if (drain_allow && folio_ref_count(folio) != + folio_expected_ref_count(folio) + 1) { lru_add_drain_all(); drain_allow = false; } _ Patches currently in -mm which might be from hughd(a)google.com are mm-fix-folio_expected_ref_count-when-pg_private_2.patch mm-gup-check-ref_count-instead-of-lru-before-migration.patch mm-gup-local-lru_add_drain-to-avoid-lru_add_drain_all.patch mm-revert-mm-gup-clear-the-lru-flag-of-a-page-before-adding-to-lru-batch.patch mm-revert-mm-vmscanc-fix-oom-on-swap-stress-test.patch mm-folio_may_be_cached-unless-folio_test_large.patch mm-lru_add_drain_all-do-local-lru_add_drain-first.patch

2 weeks, 3 days

1
0
0 0

+ mm-vmalloc-mm-kasan-respect-gfp-mask-in-kasan_populate_vmalloc.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc() has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-vmalloc-mm-kasan-respect-gfp-mask-in-kasan_populate_vmalloc.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Uladzislau Rezki (Sony)" <urezki(a)gmail.com> Subject: mm/vmalloc, mm/kasan: respect gfp mask in kasan_populate_vmalloc() Date: Sun, 31 Aug 2025 14:10:58 +0200 kasan_populate_vmalloc() and its helpers ignore the caller's gfp_mask and always allocate memory using the hardcoded GFP_KERNEL flag. This makes them inconsistent with vmalloc(), which was recently extended to support GFP_NOFS and GFP_NOIO allocations. Page table allocations performed during shadow population also ignore the external gfp_mask. To preserve the intended semantics of GFP_NOFS and GFP_NOIO, wrap the apply_to_page_range() calls into the appropriate memalloc scope. This patch: - Extends kasan_populate_vmalloc() and helpers to take gfp_mask; - Passes gfp_mask down to alloc_pages_bulk() and __get_free_page(); - Enforces GFP_NOFS/NOIO semantics with memalloc_*_save()/restore() around apply_to_page_range(); - Updates vmalloc.c and percpu allocator call sites accordingly. Link: https://lkml.kernel.org/r/20250831121058.92971-1-urezki@gmail.com Fixes: 451769ebb7e7 ("mm/vmalloc: alloc GFP_NO{FS,IO} for vmalloc") Signed-off-by: Uladzislau Rezki (Sony) <urezki(a)gmail.com> Cc: Andrey Ryabinin <ryabinin.a.a(a)gmail.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Michal Hocko <mhocko(a)kernel.org> Cc: Alexander Potapenko <glider(a)google.com> Cc: Andrey Konovalov <andreyknvl(a)gmail.com> Cc: Dmitry Vyukov <dvyukov(a)google.com> Cc: Vincenzo Frascino <vincenzo.frascino(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- include/linux/kasan.h | 6 +++--- mm/kasan/shadow.c | 31 ++++++++++++++++++++++++------- mm/vmalloc.c | 8 ++++---- 3 files changed, 31 insertions(+), 14 deletions(-) --- a/include/linux/kasan.h~mm-vmalloc-mm-kasan-respect-gfp-mask-in-kasan_populate_vmalloc +++ a/include/linux/kasan.h @@ -562,7 +562,7 @@ static inline void kasan_init_hw_tags(vo #if defined(CONFIG_KASAN_GENERIC) || defined(CONFIG_KASAN_SW_TAGS) void kasan_populate_early_vm_area_shadow(void *start, unsigned long size); -int kasan_populate_vmalloc(unsigned long addr, unsigned long size); +int kasan_populate_vmalloc(unsigned long addr, unsigned long size, gfp_t gfp_mask); void kasan_release_vmalloc(unsigned long start, unsigned long end, unsigned long free_region_start, unsigned long free_region_end, @@ -574,7 +574,7 @@ static inline void kasan_populate_early_ unsigned long size) { } static inline int kasan_populate_vmalloc(unsigned long start, - unsigned long size) + unsigned long size, gfp_t gfp_mask) { return 0; } @@ -610,7 +610,7 @@ static __always_inline void kasan_poison static inline void kasan_populate_early_vm_area_shadow(void *start, unsigned long size) { } static inline int kasan_populate_vmalloc(unsigned long start, - unsigned long size) + unsigned long size, gfp_t gfp_mask) { return 0; } --- a/mm/kasan/shadow.c~mm-vmalloc-mm-kasan-respect-gfp-mask-in-kasan_populate_vmalloc +++ a/mm/kasan/shadow.c @@ -336,13 +336,13 @@ static void ___free_pages_bulk(struct pa } } -static int ___alloc_pages_bulk(struct page **pages, int nr_pages) +static int ___alloc_pages_bulk(struct page **pages, int nr_pages, gfp_t gfp_mask) { unsigned long nr_populated, nr_total = nr_pages; struct page **page_array = pages; while (nr_pages) { - nr_populated = alloc_pages_bulk(GFP_KERNEL, nr_pages, pages); + nr_populated = alloc_pages_bulk(gfp_mask, nr_pages, pages); if (!nr_populated) { ___free_pages_bulk(page_array, nr_total - nr_pages); return -ENOMEM; @@ -354,25 +354,42 @@ static int ___alloc_pages_bulk(struct pa return 0; } -static int __kasan_populate_vmalloc(unsigned long start, unsigned long end) +static int __kasan_populate_vmalloc(unsigned long start, unsigned long end, gfp_t gfp_mask) { unsigned long nr_pages, nr_total = PFN_UP(end - start); struct vmalloc_populate_data data; + unsigned int flags; int ret = 0; - data.pages = (struct page **)__get_free_page(GFP_KERNEL | __GFP_ZERO); + data.pages = (struct page **)__get_free_page(gfp_mask | __GFP_ZERO); if (!data.pages) return -ENOMEM; while (nr_total) { nr_pages = min(nr_total, PAGE_SIZE / sizeof(data.pages[0])); - ret = ___alloc_pages_bulk(data.pages, nr_pages); + ret = ___alloc_pages_bulk(data.pages, nr_pages, gfp_mask); if (ret) break; data.start = start; + + /* + * page tables allocations ignore external gfp mask, enforce it + * by the scope API + */ + if ((gfp_mask & (__GFP_FS | __GFP_IO)) == __GFP_IO) + flags = memalloc_nofs_save(); + else if ((gfp_mask & (__GFP_FS | __GFP_IO)) == 0) + flags = memalloc_noio_save(); + ret = apply_to_page_range(&init_mm, start, nr_pages * PAGE_SIZE, kasan_populate_vmalloc_pte, &data); + + if ((gfp_mask & (__GFP_FS | __GFP_IO)) == __GFP_IO) + memalloc_nofs_restore(flags); + else if ((gfp_mask & (__GFP_FS | __GFP_IO)) == 0) + memalloc_noio_restore(flags); + ___free_pages_bulk(data.pages, nr_pages); if (ret) break; @@ -386,7 +403,7 @@ static int __kasan_populate_vmalloc(unsi return ret; } -int kasan_populate_vmalloc(unsigned long addr, unsigned long size) +int kasan_populate_vmalloc(unsigned long addr, unsigned long size, gfp_t gfp_mask) { unsigned long shadow_start, shadow_end; int ret; @@ -415,7 +432,7 @@ int kasan_populate_vmalloc(unsigned long shadow_start = PAGE_ALIGN_DOWN(shadow_start); shadow_end = PAGE_ALIGN(shadow_end); - ret = __kasan_populate_vmalloc(shadow_start, shadow_end); + ret = __kasan_populate_vmalloc(shadow_start, shadow_end, gfp_mask); if (ret) return ret; --- a/mm/vmalloc.c~mm-vmalloc-mm-kasan-respect-gfp-mask-in-kasan_populate_vmalloc +++ a/mm/vmalloc.c @@ -2026,6 +2026,8 @@ static struct vmap_area *alloc_vmap_area if (unlikely(!vmap_initialized)) return ERR_PTR(-EBUSY); + /* Only reclaim behaviour flags are relevant. */ + gfp_mask = gfp_mask & GFP_RECLAIM_MASK; might_sleep(); /* @@ -2038,8 +2040,6 @@ static struct vmap_area *alloc_vmap_area */ va = node_alloc(size, align, vstart, vend, &addr, &vn_id); if (!va) { - gfp_mask = gfp_mask & GFP_RECLAIM_MASK; - va = kmem_cache_alloc_node(vmap_area_cachep, gfp_mask, node); if (unlikely(!va)) return ERR_PTR(-ENOMEM); @@ -2089,7 +2089,7 @@ retry: BUG_ON(va->va_start < vstart); BUG_ON(va->va_end > vend); - ret = kasan_populate_vmalloc(addr, size); + ret = kasan_populate_vmalloc(addr, size, gfp_mask); if (ret) { free_vmap_area(va); return ERR_PTR(ret); @@ -4826,7 +4826,7 @@ retry: /* populate the kasan shadow space */ for (area = 0; area < nr_vms; area++) { - if (kasan_populate_vmalloc(vas[area]->va_start, sizes[area])) + if (kasan_populate_vmalloc(vas[area]->va_start, sizes[area], GFP_KERNEL)) goto err_free_shadow; } _ Patches currently in -mm which might be from urezki(a)gmail.com are mm-vmalloc-mm-kasan-respect-gfp-mask-in-kasan_populate_vmalloc.patch

2 weeks, 3 days

1
0
0 0

+ ocfs2-fix-recursive-semaphore-deadlock-in-fiemap-call.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: fix recursive semaphore deadlock in fiemap call has been added to the -mm mm-hotfixes-unstable branch. Its filename is ocfs2-fix-recursive-semaphore-deadlock-in-fiemap-call.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Mark Tinguely <mark.tinguely(a)oracle.com> Subject: ocfs2: fix recursive semaphore deadlock in fiemap call Date: Fri, 29 Aug 2025 10:18:15 -0500 syzbot detected a OCFS2 hang due to a recursive semaphore on a FS_IOC_FIEMAP of the extent list on a specially crafted mmap file. context_switch kernel/sched/core.c:5357 [inline] __schedule+0x1798/0x4cc0 kernel/sched/core.c:6961 __schedule_loop kernel/sched/core.c:7043 [inline] schedule+0x165/0x360 kernel/sched/core.c:7058 schedule_preempt_disabled+0x13/0x30 kernel/sched/core.c:7115 rwsem_down_write_slowpath+0x872/0xfe0 kernel/locking/rwsem.c:1185 __down_write_common kernel/locking/rwsem.c:1317 [inline] __down_write kernel/locking/rwsem.c:1326 [inline] down_write+0x1ab/0x1f0 kernel/locking/rwsem.c:1591 ocfs2_page_mkwrite+0x2ff/0xc40 fs/ocfs2/mmap.c:142 do_page_mkwrite+0x14d/0x310 mm/memory.c:3361 wp_page_shared mm/memory.c:3762 [inline] do_wp_page+0x268d/0x5800 mm/memory.c:3981 handle_pte_fault mm/memory.c:6068 [inline] __handle_mm_fault+0x1033/0x5440 mm/memory.c:6195 handle_mm_fault+0x40a/0x8e0 mm/memory.c:6364 do_user_addr_fault+0x764/0x1390 arch/x86/mm/fault.c:1387 handle_page_fault arch/x86/mm/fault.c:1476 [inline] exc_page_fault+0x76/0xf0 arch/x86/mm/fault.c:1532 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0010:copy_user_generic arch/x86/include/asm/uaccess_64.h:126 [inline] RIP: 0010:raw_copy_to_user arch/x86/include/asm/uaccess_64.h:147 [inline] RIP: 0010:_inline_copy_to_user include/linux/uaccess.h:197 [inline] RIP: 0010:_copy_to_user+0x85/0xb0 lib/usercopy.c:26 Code: e8 00 bc f7 fc 4d 39 fc 72 3d 4d 39 ec 77 38 e8 91 b9 f7 fc 4c 89 f7 89 de e8 47 25 5b fd 0f 01 cb 4c 89 ff 48 89 d9 4c 89 f6 <f3> a4 0f 1f 00 48 89 cb 0f 01 ca 48 89 d8 5b 41 5c 41 5d 41 5e 41 RSP: 0018:ffffc9000403f950 EFLAGS: 00050256 RAX: ffffffff84c7f101 RBX: 0000000000000038 RCX: 0000000000000038 RDX: 0000000000000000 RSI: ffffc9000403f9e0 RDI: 0000200000000060 RBP: ffffc9000403fa90 R08: ffffc9000403fa17 R09: 1ffff92000807f42 R10: dffffc0000000000 R11: fffff52000807f43 R12: 0000200000000098 R13: 00007ffffffff000 R14: ffffc9000403f9e0 R15: 0000200000000060 copy_to_user include/linux/uaccess.h:225 [inline] fiemap_fill_next_extent+0x1c0/0x390 fs/ioctl.c:145 ocfs2_fiemap+0x888/0xc90 fs/ocfs2/extent_map.c:806 ioctl_fiemap fs/ioctl.c:220 [inline] do_vfs_ioctl+0x1173/0x1430 fs/ioctl.c:532 __do_sys_ioctl fs/ioctl.c:596 [inline] __se_sys_ioctl+0x82/0x170 fs/ioctl.c:584 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5f13850fd9 RSP: 002b:00007ffe3b3518b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000200000000000 RCX: 00007f5f13850fd9 RDX: 0000200000000040 RSI: 00000000c020660b RDI: 0000000000000004 RBP: 6165627472616568 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe3b3518f0 R13: 00007ffe3b351b18 R14: 431bde82d7b634db R15: 00007f5f1389a03b ocfs2_fiemap() takes a read lock of the ip_alloc_sem semaphore (since v2.6.22-527-g7307de80510a) and calls fiemap_fill_next_extent() to read the extent list of this running mmap executable. The user supplied buffer to hold the fiemap information page faults calling ocfs2_page_mkwrite() which will take a write lock (since v2.6.27-38-g00dc417fa3e7) of the same semaphore. This recursive semaphore will hold filesystem locks and causes a hang of the fileystem. The ip_alloc_sem protects the inode extent list and size. Release the read semphore before calling fiemap_fill_next_extent() in ocfs2_fiemap() and ocfs2_fiemap_inline(). This does an unnecessary semaphore lock/unlock on the last extent but simplifies the error path. Link: https://lkml.kernel.org/r/61d1a62b-2631-4f12-81e2-cd689914360b@oracle.com Fixes: 00dc417fa3e7 ("ocfs2: fiemap support") Signed-off-by: Mark Tinguely <mark.tinguely(a)oracle.com> Reported-by: syzbot+541dcc6ee768f77103e7(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=541dcc6ee768f77103e7 Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/extent_map.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) --- a/fs/ocfs2/extent_map.c~ocfs2-fix-recursive-semaphore-deadlock-in-fiemap-call +++ a/fs/ocfs2/extent_map.c @@ -706,6 +706,8 @@ out: * it not only handles the fiemap for inlined files, but also deals * with the fast symlink, cause they have no difference for extent * mapping per se. + * + * Must be called with ip_alloc_sem semaphore held. */ static int ocfs2_fiemap_inline(struct inode *inode, struct buffer_head *di_bh, struct fiemap_extent_info *fieinfo, @@ -717,6 +719,7 @@ static int ocfs2_fiemap_inline(struct in u64 phys; u32 flags = FIEMAP_EXTENT_DATA_INLINE|FIEMAP_EXTENT_LAST; struct ocfs2_inode_info *oi = OCFS2_I(inode); + lockdep_assert_held_read(&oi->ip_alloc_sem); di = (struct ocfs2_dinode *)di_bh->b_data; if (ocfs2_inode_is_fast_symlink(inode)) @@ -732,8 +735,11 @@ static int ocfs2_fiemap_inline(struct in phys += offsetof(struct ocfs2_dinode, id2.i_data.id_data); + /* Release the ip_alloc_sem to prevent deadlock on page fault */ + up_read(&OCFS2_I(inode)->ip_alloc_sem); ret = fiemap_fill_next_extent(fieinfo, 0, phys, id_count, flags); + down_read(&OCFS2_I(inode)->ip_alloc_sem); if (ret < 0) return ret; } @@ -802,9 +808,11 @@ int ocfs2_fiemap(struct inode *inode, st len_bytes = (u64)le16_to_cpu(rec.e_leaf_clusters) << osb->s_clustersize_bits; phys_bytes = le64_to_cpu(rec.e_blkno) << osb->sb->s_blocksize_bits; virt_bytes = (u64)le32_to_cpu(rec.e_cpos) << osb->s_clustersize_bits; - + /* Release the ip_alloc_sem to prevent deadlock on page fault */ + up_read(&OCFS2_I(inode)->ip_alloc_sem); ret = fiemap_fill_next_extent(fieinfo, virt_bytes, phys_bytes, len_bytes, fe_flags); + down_read(&OCFS2_I(inode)->ip_alloc_sem); if (ret) break; _ Patches currently in -mm which might be from mark.tinguely(a)oracle.com are ocfs2-fix-recursive-semaphore-deadlock-in-fiemap-call.patch

2 weeks, 3 days

1
0
0 0

[PATCH v2] uio_hv_generic: Let userspace take care of interrupt mask

by Naman Jain

Remove the logic to set interrupt mask by default in uio_hv_generic driver as the interrupt mask value is supposed to be controlled completely by the user space. If the mask bit gets changed by the driver, concurrently with user mode operating on the ring, the mask bit may be set when it is supposed to be clear, and the user-mode driver will miss an interrupt which will cause a hang. For eg- when the driver sets inbound ring buffer interrupt mask to 1, the host does not interrupt the guest on the UIO VMBus channel. However, setting the mask does not prevent the host from putting a message in the inbound ring buffer. So let’s assume that happens, the host puts a message into the ring buffer but does not interrupt. Subsequently, the user space code in the guest sets the inbound ring buffer interrupt mask to 0, saying “Hey, I’m ready for interrupts”. User space code then calls pread() to wait for an interrupt. Then one of two things happens: * The host never sends another message. So the pread() waits forever. * The host does send another message. But because there’s already a message in the ring buffer, it doesn’t generate an interrupt. This is the correct behavior, because the host should only send an interrupt when the inbound ring buffer transitions from empty to not-empty. Adding an additional message to a ring buffer that is not empty is not supposed to generate an interrupt on the guest. Since the guest is waiting in pread() and not removing messages from the ring buffer, the pread() waits forever. This could be easily reproduced in hv_fcopy_uio_daemon if we delay setting interrupt mask to 0. Similarly if hv_uio_channel_cb() sets the interrupt_mask to 1, there’s a race condition. Once user space empties the inbound ring buffer, but before user space sets interrupt_mask to 0, the host could put another message in the ring buffer but it wouldn’t interrupt. Then the next pread() would hang. Fix these by removing all instances where interrupt_mask is changed, while keeping the one in set_event() unchanged to enable userspace control the interrupt mask by writing 0/1 to /dev/uioX. Fixes: 95096f2fbd10 ("uio-hv-generic: new userspace i/o driver for VMBus") Suggested-by: John Starks <jostarks(a)microsoft.com> Signed-off-by: Naman Jain <namjain(a)linux.microsoft.com> Cc: <stable(a)vger.kernel.org> --- Changes since v1: https://lore.kernel.org/all/20250818064846.271294-1-namjain@linux.microsoft… * Added Fixes and Cc stable tags. --- drivers/uio/uio_hv_generic.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c index f19efad4d6f8..3f8e2e27697f 100644 --- a/drivers/uio/uio_hv_generic.c +++ b/drivers/uio/uio_hv_generic.c @@ -111,7 +111,6 @@ static void hv_uio_channel_cb(void *context) struct hv_device *hv_dev; struct hv_uio_private_data *pdata; - chan->inbound.ring_buffer->interrupt_mask = 1; virt_mb(); /* @@ -183,8 +182,6 @@ hv_uio_new_channel(struct vmbus_channel *new_sc) return; } - /* Disable interrupts on sub channel */ - new_sc->inbound.ring_buffer->interrupt_mask = 1; set_channel_read_mode(new_sc, HV_CALL_ISR); ret = hv_create_ring_sysfs(new_sc, hv_uio_ring_mmap); if (ret) { @@ -227,9 +224,7 @@ hv_uio_open(struct uio_info *info, struct inode *inode) ret = vmbus_connect_ring(dev->channel, hv_uio_channel_cb, dev->channel); - if (ret == 0) - dev->channel->inbound.ring_buffer->interrupt_mask = 1; - else + if (ret) atomic_dec(&pdata->refcnt); return ret; -- 2.34.1

2 weeks, 3 days

5
5
0 0

[PATCH 6.16 000/457] 6.16.4-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.16.4 release. There are 457 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 28 Aug 2025 11:08:27 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.16.4-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.16.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.16.4-rc1 Christoph Manszewski <christoph.manszewski(a)intel.com> drm/xe: Fix vm_bind_ioctl double free bug Piotr Piórkowski <piotr.piorkowski(a)intel.com> drm/xe: Move ASID allocation and user PT BO tracking into xe_vm_create Florian Westphal <fw(a)strlen.de> netfilter: nf_reject: don't leak dst refcount for loopback packets Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/hypfs: Enable limited access during lockdown Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/hypfs: Avoid unnecessary ioctl registration in debugfs Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation Armen Ratner <armeng(a)nvidia.com> net/mlx5e: Preserve shared buffer capacity during headroom updates Alexei Lazar <alazar(a)nvidia.com> net/mlx5e: Query FW for buffer ownership Oren Sidi <osidi(a)nvidia.com> net/mlx5: Add IFC bits and enums for buf_ownership Daniel Jurgens <danielj(a)nvidia.com> net/mlx5: Base ECVF devlink port attrs from 0 Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: Skip overlap check for SPI field Nilay Shroff <nilay(a)linux.ibm.com> block: avoid cpu_hotplug_lock depedency on freeze_lock Nilay Shroff <nilay(a)linux.ibm.com> block: skip q->rq_qos check in rq_qos_done_bio() Nilay Shroff <nilay(a)linux.ibm.com> block: decrement block_rq_qos static key in rq_qos_del() Ming Lei <ming.lei(a)redhat.com> blk-mq: fix lockdep warning in __blk_mq_update_nr_hw_queues Nilay Shroff <nilay(a)linux.ibm.com> block: fix potential deadlock while running nr_hw_queue update Nilay Shroff <nilay(a)linux.ibm.com> block: fix lockdep warning caused by lock dependency in elv_iosched_store Nilay Shroff <nilay(a)linux.ibm.com> block: move elevator queue allocation logic into blk_mq_init_sched Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: ppe: Do not invalid PPE entries in case of SW hash collision Hangbin Liu <liuhangbin(a)gmail.com> bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU Hangbin Liu <liuhangbin(a)gmail.com> bonding: update LACP activity flag after setting lacp_active Dewei Meng <mengdewei(a)cqsoftware.com.cn> ALSA: timer: fix ida_free call while not allocated William Liu <will(a)willsroot.io> net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate William Liu <will(a)willsroot.io> net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit Tristram Ha <tristram.ha(a)microchip.com> net: dsa: microchip: Fix KSZ9477 HSR port setup issue ValdikSS <iam(a)valdikss.org.ru> igc: fix disabling L1.2 PCI-E link substate on I226 on init Jason Xing <kernelxing(a)tencent.com> ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc Song Gao <gaosong(a)loongson.cn> LoongArch: KVM: Use kvm_get_vcpu_by_id() instead of kvm_get_vcpu() Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Use standard bitops API with eiointc Heiko Carstens <hca(a)linux.ibm.com> s390/mm: Do not map lowcore with identity mapping Stefan Binding <sbinding(a)opensource.cirrus.com> ASoC: cs35l56: Remove SoundWire Clock Divider workaround for CS35L63 Richard Fitzgerald <rf(a)opensource.cirrus.com> ASoC: cs35l56: Handle new algorithms IDs for CS35L63 Stefan Binding <sbinding(a)opensource.cirrus.com> ASoC: cs35l56: Update Firmware Addresses for CS35L63 for production silicon Kanglong Wang <wangkanglong(a)loongson.cn> LoongArch: Optimize module load time by optimizing PLT/GOT counting Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Pass annotate-tablejump option if LTO is enabled Tiezhu Yang <yangtiezhu(a)loongson.cn> objtool/LoongArch: Get table size correctly if LTO is enabled Parthiban Veerasooran <parthiban.veerasooran(a)microchip.com> microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1 Parthiban Veerasooran <parthiban.veerasooran(a)microchip.com> microchip: lan865x: fix missing netif_start_queue() call on device open Vlad Dogaru <vdogaru(a)nvidia.com> net/mlx5: CT: Use the correct counter offset Alex Vesker <valex(a)nvidia.com> net/mlx5: HWS, Fix table creation UID Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, fix complex rules rehash error flow Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, fix bad parameter in CQ creation D. Wythe <alibuda(a)linux.alibaba.com> net/smc: fix UAF on smcsk after smc_listen_out() Yao Zi <ziyao(a)disroot.org> net: stmmac: thead: Enable TX clock before MAC initialization Jordan Rhee <jordanrhee(a)google.com> gve: prevent ethtool ops after shutdown Yuichiro Tsuji <yuichtsu(a)amazon.com> net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Horatiu Vultur <horatiu.vultur(a)microchip.com> phy: mscc: Fix timestamping for vsc8584 David Howells <dhowells(a)redhat.com> cifs: Fix oops due to uninitialised variable Dan Carpenter <dan.carpenter(a)linaro.org> regulator: tps65219: regulator: tps65219: Fix error codes in probe() Piotr Piórkowski <piotr.piorkowski(a)intel.com> drm/xe: Assign ioctl xe file handler to vm in xe_vm_create MD Danish Anwar <danishanwar(a)ti.com> net: ti: icssg-prueth: Fix HSR and switch offload Enablement during firwmare reload. Qingfang Deng <dqfext(a)gmail.com> ppp: fix race conditions in ppp_fill_forward_path Qingfang Deng <dqfext(a)gmail.com> net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path Nitin Rawat <quic_nitirawa(a)quicinc.com> scsi: ufs: ufs-qcom: Fix ESI null pointer dereference Bao D. Nguyen <quic_nguyenb(a)quicinc.com> scsi: ufs: ufs-qcom: Update esi_vec_mask for HW major version >= 6 Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Remove WARN_ON_ONCE() call from ufshcd_uic_cmd_compl() Bart Van Assche <bvanassche(a)acm.org> scsi: ufs: core: Fix IRQ lock inversion for the SCSI host lock Michael Chan <michael.chan(a)broadcom.com> bnxt_en: Fix lockdep warning during rmmod Minhong He <heminhong(a)kylinos.cn> ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add Jakub Ramaseuski <jramaseu(a)redhat.com> net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Don't print errors for nonexistent connectors Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Adjust DCE 8-10 clock, don't overclock by 15% Chenyuan Yang <chenyuan0y(a)gmail.com> drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() Peng Fan <peng.fan(a)nxp.com> regulator: pca9450: Use devm_register_sys_off_handler Dan Carpenter <dan.carpenter(a)linaro.org> ALSA: usb-audio: Fix size validation in convert_chmap_v3() Baihan Li <libaihan(a)huawei.com> drm/hisilicon/hibmc: fix dp and vga cannot show together Baihan Li <libaihan(a)huawei.com> drm/hisilicon/hibmc: fix rare monitors cannot display problem Baihan Li <libaihan(a)huawei.com> drm/hisilicon/hibmc: fix the hibmc loaded failed bug Baihan Li <libaihan(a)huawei.com> drm/hisilicon/hibmc: fix irq_request()'s irq name variable is local Baihan Li <libaihan(a)huawei.com> drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed Miguel Ojeda <ojeda(a)kernel.org> rust: alloc: fix `rusttest` by providing `Cmalloc::aligned_layout` too Zheng Qixing <zhengqixing(a)huawei.com> md: fix sync_action incorrect display during resync Zheng Qixing <zhengqixing(a)huawei.com> md: add helper rdev_needs_recovery() Li Nan <linan122(a)huawei.com> md: rename recovery_cp to resync_offset Miguel Ojeda <ojeda(a)kernel.org> drm: nova-drm: fix 32-bit arm build Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum: Forward packets with an IPv4 link-local source IP Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix not accounting for BIS/CIS/PA links separately Yang Li <yang.li(a)amlogic.com> Bluetooth: Add PA_LINK to distinguish BIG sync and PA sync connections Sergey Shtylyov <s.shtylyov(a)omp.ru> Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() Pauli Virtanen <pav(a)iki.fi> Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established Yang Li <yang.li(a)amlogic.com> Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix using ll_privacy_capable for current settings Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings Jiande Lu <jiande.lu(a)mediatek.com> Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix scan state after PA Sync has been established Kees Cook <kees(a)kernel.org> iommu/amd: Avoid stack buffer overflow from kernel cmdline Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla4xxx: Prevent a potential error pointer dereference Justin Lai <justinlai0215(a)realtek.com> rtase: Fix Rx descriptor CRC error bit definition William Liu <will(a)willsroot.io> net/sched: Fix backlog accounting in qdisc_dequeue_internal Wang Liang <wangliang74(a)huawei.com> net: bridge: fix soft lockup in br_multicast_query_expired() Suraj Gupta <suraj.gupta2(a)amd.com> net: xilinx: axienet: Fix RX skb ring management in DMAengine mode Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix dip entries leak on devices newer than hip09 Akhilesh Patil <akhilesh(a)ee.iitb.ac.in> RDMA/core: Free pfn_list with appropriate kvfree call Anantha Prabhu <anantha.prabhu(a)broadcom.com> RDMA/bnxt_re: Fix to initialize the PBL array Kalesh AP <kalesh-anakkur.purayil(a)broadcom.com> RDMA/bnxt_re: Fix a possible memory leak in the driver Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Fix to remove workload check in SRQ limit path Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Fix to do SRQ armena by default wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix querying wrong SCC context for DIP algorithm Boshi Yu <boshiyu(a)linux.alibaba.com> RDMA/erdma: Fix unset QPN of GSI QP Boshi Yu <boshiyu(a)linux.alibaba.com> RDMA/erdma: Fix ignored return value of init_kernel_qp Suma Hegde <suma.hegde(a)amd.com> platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL Jocelyn Falempe <jfalempe(a)redhat.com> drm/panic: Add a u64 divide by 10 for arm32 Danilo Krummrich <dakr(a)kernel.org> rust: drm: don't pass the address of drm::Device to drm_dev_put() Danilo Krummrich <dakr(a)kernel.org> rust: drm: remove pin annotations from drm::Device Danilo Krummrich <dakr(a)kernel.org> rust: drm: ensure kmalloc() compatible Layout Danilo Krummrich <dakr(a)kernel.org> rust: alloc: replace aligned_size() with Kmalloc::aligned_layout() Nitin Gote <nitin.r.gote(a)intel.com> iosys-map: Fix undefined behavior in iosys_map_clear() José Expósito <jose.exposito89(a)gmail.com> drm/tests: Fix drm_test_fb_xrgb8888_to_xrgb2101010() on big-endian Thomas Zimmermann <tzimmermann(a)suse.de> drm/tests: Do not use drm_fb_blit() in format-helper tests José Expósito <jose.exposito89(a)gmail.com> drm/tests: Fix endian warning Waiman Long <longman(a)redhat.com> cgroup/cpuset: Fix a partition error with CPU hotplug Waiman Long <longman(a)redhat.com> cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key Fanhua Li <lifanhua5(a)huawei.com> drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). Gabor Juhos <j4g8y7(a)gmail.com> spi: spi-qpic-snand: fix calculating of ECC OOB regions' properties Stefan Wahren <wahrenst(a)gmx.net> spi: spi-fsl-lpspi: Clamp too high speed_hz Gabor Juhos <j4g8y7(a)gmail.com> spi: spi-qpic-snand: use correct CW_PER_PAGE value for OOB write Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_icm42600: change invalid data error to -EBUSY Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> iio: imu: inv_icm42600: Convert to uXX and sXX integer types David Lechner <dlechner(a)baylibre.com> iio: imu: inv_icm42600: use = { } instead of memset() Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> ixgbe: prevent from unwanted interface name changes Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> devlink: let driver opt out of automatic phys_port_name generation Sven Eckelmann <sven(a)narfation.org> i2c: rtl9300: Add missing count byte for SMBus Block Ops Sven Eckelmann <sven(a)narfation.org> i2c: rtl9300: Increase timeout for transfer polling Harshal Gohel <hg(a)simonwunderlich.de> i2c: rtl9300: Fix multi-byte I2C write Alex Guo <alexguo1023(a)gmail.com> i2c: rtl9300: Fix out-of-bounds bug in rtl9300_i2c_smbus_xfer Tianxiang Peng <txpeng(a)tencent.com> x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Yazen Ghannam <yazen.ghannam(a)amd.com> x86/CPU/AMD: Ignore invalid reset reason value Jakub Kicinski <kuba(a)kernel.org> tls: fix handling of zero-length records on the rx_list Niklas Cassel <cassel(a)kernel.org> PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up NeilBrown <neil(a)brown.name> ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp() Pu Lehui <pulehui(a)huawei.com> tracing: Limit access to parser->buffer when trace_get_user failed Steven Rostedt <rostedt(a)goodmis.org> tracing: Remove unneeded goto out logic Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for the Intel Wildcat Lake Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: Remove WARN_ON for device endpoint command timeouts Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Ignore late xferNotReady event to prevent halt timeout Niklas Neronin <niklas.neronin(a)linux.intel.com> usb: xhci: fix host not responding after suspend and resume Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> usb: xhci: Fix slot_id resource race conflict Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: maxim_contaminant: disable low power mode when reading comparator values Zenm Chen <zenmchen(a)gmail.com> USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles Thorsten Blum <thorsten.blum(a)linux.dev> usb: storage: realtek_cr: Use correct byte order for bcs->Residue Mael GUERIN <mael.guerin(a)murena.io> USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera Marek Vasut <marek.vasut+renesas(a)mailbox.org> usb: renesas-xhci: Fix External ROM access timeouts Xu Yang <xu.yang_2(a)nxp.com> usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test Ian Abbott <abbotti(a)mev.co.uk> comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() Edward Adam Davis <eadavis(a)qq.com> comedi: pcl726: Prevent invalid irq number Ian Abbott <abbotti(a)mev.co.uk> comedi: Make insn_rw_emulate_bits() do insn->n samples Miao Li <limiao(a)kylinos.cn> usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive Thorsten Blum <thorsten.blum(a)linux.dev> cdx: Fix off-by-one error in cdx_rpmsg_probe() Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> kcov, usb: Don't disable interrupts in kcov_remote_start_usb_softirq() Miaoqian Lin <linmq006(a)gmail.com> most: core: Drop device reference after usage in get_channel() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> iio: adc: rzg2l: Cleanup suspend/resume path David Lechner <dlechner(a)baylibre.com> iio: proximity: isl29501: fix buffered read on big-endian systems David Lechner <dlechner(a)baylibre.com> iio: adc: ad7173: prevent scan if too many setups requested Matti Vaittinen <mazziesaccount(a)gmail.com> iio: adc: bd79124: Add GPIOLIB dependency Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> iio: adc: rzg2l_adc: Set driver data before enabling runtime PM Salah Triki <salah.triki(a)gmail.com> iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: light: as73211: Ensure buffer holes are zeroed David Lechner <dlechner(a)baylibre.com> iio: adc: ad7124: fix channel lookup in syscalib functions David Lechner <dlechner(a)baylibre.com> iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() Steven Rostedt <rostedt(a)goodmis.org> ftrace: Also allocate and copy hash for reading of filter files David Lechner <dlechner(a)baylibre.com> iio: accel: sca3300: fix uninitialized iio scan data David Lechner <dlechner(a)baylibre.com> iio: adc: ad7380: fix missing max_conversion_rate_hz on adaq4381-4 Xu Yilun <yilun.xu(a)linux.intel.com> fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() Imre Deak <imre.deak(a)intel.com> drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Restore cached manual clock settings during resume Robin Murphy <robin.murphy(a)arm.com> iommu/virtio: Make instance lookup robust Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Remove ops.pgsize_bitmap from drivers that don't use it Al Viro <viro(a)zeniv.linux.org.uk> use uniform permission checks for all mount propagation changes Adrian Huang (Lenovo) <adrianhuang0701(a)gmail.com> signal: Fix memory leak for PIDFD_SELF* sentinels Ye Bin <yebin10(a)huawei.com> fs/buffer: fix use-after-free when call bh_read() helper Stefan Metzmacher <metze(a)samba.org> smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() Christian Brauner <brauner(a)kernel.org> libfs: massage path_from_stashed() to allow custom stashing behavior Thomas Bertschinger <tahbertschinger(a)gmail.com> fhandle: do_handle_open() should get FD with user flags Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix data relocation block group reservation Yuntao Wang <yuntao.wang(a)linux.dev> fs: fix incorrect lflags value in the move_mount syscall Charalampos Mitrodimas <charmitro(a)posteo.net> debugfs: fix mount options not being applied Miguel Ojeda <ojeda(a)kernel.org> rust: faux: fix C header link Christoph Hellwig <hch(a)lst.de> xfs: fix frozen file system assert in xfs_trans_alloc Dan Carpenter <dan.carpenter(a)linaro.org> soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() Liu01 Tong <Tong.Liu01(a)amd.com> drm/amdgpu: fix task hang from failed job submission during process kill Geraldo Nascimento <geraldogabriel(a)gmail.com> PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining Geraldo Nascimento <geraldogabriel(a)gmail.com> PCI: rockchip: Use standard PCIe definitions Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Fix Xorg desktop unresponsive on Replay panel Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Don't overclock DCE 6 by 15% Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Avoid a NULL pointer dereference Imre Deak <imre.deak(a)intel.com> drm/i915/icl+/tc: Convert AUX powered WARN to a debug message Imre Deak <imre.deak(a)intel.com> drm/i915/lnl+/tc: Use the cached max lane count value Imre Deak <imre.deak(a)intel.com> drm/i915/lnl+/tc: Fix max lane count HW readout Imre Deak <imre.deak(a)intel.com> drm/i915/icl+/tc: Cache the max lane count value Imre Deak <imre.deak(a)intel.com> drm/i915/lnl+/tc: Fix handling of an enabled/disconnected dp-alt sink Sebastian Brzezinka <sebastian.brzezinka(a)intel.com> drm/i915/gt: Relocate compression repacking WA for JSL/EHL Qianfeng Rong <rongqianfeng(a)vivo.com> drm/nouveau/gsp: fix mismatched alloc/free for kvmalloc() Jani Nikula <jani.nikula(a)intel.com> drm/i915: silence rpm wakeref asserts on GEN11_GU_MISC_IIR access Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/swm14: Update power limit logic Thorsten Blum <thorsten.blum(a)linux.dev> accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() Jan Beulich <jbeulich(a)suse.com> compiler: remove __ADDRESSABLE_ASM{_STR,}() again Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86/intel-uncore-freq: Check write blocked for ELC Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/sclp: Fix SCCB present check Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/rxe: Flush delayed SKBs while releasing RXE resources Evgeniy Harchenko <evgeniyharchenko.dev(a)gmail.com> ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 Takashi Iwai <tiwai(a)suse.de> ALSA: hda: tas2781: Fix wrong reference of tasdevice_priv David Hildenbrand <david(a)redhat.com> mm/mremap: fix WARN with uffd that has remap events disabled Jinjiang Tu <tujinjiang(a)huawei.com> mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn Herton R. Krzesinski <herton(a)redhat.com> mm/debug_vm_pgtable: clear page table entries at destroy_args() Sang-Heon Jeon <ekffu200098(a)gmail.com> mm/damon/core: fix damos_commit_filter not changing allow Phillip Lougher <phillip(a)squashfs.org.uk> squashfs: fix memory leak in squashfs_fill_super Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix a race when updating an existing write Judith Mendez <jm(a)ti.com> mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER Jiayi Li <lijiayi(a)kylinos.cn> memstick: Fix deadlock by moving removing flag earlier Pasha Tatashin <pasha.tatashin(a)soleen.com> kho: warn if KHO is disabled due to an error Pasha Tatashin <pasha.tatashin(a)soleen.com> kho: mm: don't allow deferred struct page with KHO Pasha Tatashin <pasha.tatashin(a)soleen.com> kho: init new_physxa->phys_bits to fix lockdep Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: Add a new function to simplify the code Sai Krishna Potthuri <sai.krishna.potthuri(a)amd.com> mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up Sang-Heon Jeon <ekffu200098(a)gmail.com> mm/damon/core: fix commit_ops_filters by using correct nth function Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement Dominique Martinet <asmadeus(a)codewreck.org> iov_iter: iterate_folioq: fix handling of offset >= folio size Jens Axboe <axboe(a)kernel.dk> io_uring/futex: ensure io_futex_wait() cleans up properly on failure XianLiang Huang <huangxianliang(a)lanxincomputing.com> iommu/riscv: prevent NULL deref in iova_to_phys Eric Biggers <ebiggers(a)kernel.org> crypto: acomp - Fix CFI failure due to type punning Geert Uytterhoeven <geert+renesas(a)glider.be> erofs: Do not select tristate symbols from bool symbols Bo Liu (OpenAnolis) <liubo03(a)inspur.com> erofs: fix build error with CONFIG_EROFS_FS_ZIP_ACCEL=y Alan Huang <mmpgouride(a)gmail.com> xfs: Remove unused label in xfs_dax_notify_dev_failure Christoph Hellwig <hch(a)lst.de> xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags Christoph Hellwig <hch(a)lst.de> xfs: improve the comments in xfs_select_zone_nowait Christoph Hellwig <hch(a)lst.de> xfs: return the allocated transaction from xfs_trans_alloc_empty Christoph Hellwig <hch(a)lst.de> xfs: decouple xfs_trans_alloc_empty from xfs_trans_alloc Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: subpage: keep TOWRITE tag until folio is cleaned Qu Wenruo <wqu(a)suse.com> btrfs: rename btrfs_subpage structure Qu Wenruo <wqu(a)suse.com> btrfs: add comments on the extra btrfs specific subpage bitmaps Leo Martins <loemra.dev(a)gmail.com> btrfs: fix subpage deadlock in try_release_subpage_extent_buffer() Filipe Manana <fdmanana(a)suse.com> btrfs: use refcount_t type for the extent buffer reference counter Filipe Manana <fdmanana(a)suse.com> btrfs: add comment for optimization in free_extent_buffer() Filipe Manana <fdmanana(a)suse.com> btrfs: reorganize logic at free_extent_buffer() for better readability Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() Filipe Manana <fdmanana(a)suse.com> btrfs: always abort transaction on failure to add block group to free space tree David Sterba <dsterba(a)suse.com> btrfs: move transaction aborts to the error site in add_block_group_free_space() SeongJae Park <sj(a)kernel.org> mm/damon/ops-common: ignore migration request to invalid nodes Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: sockopt: fix C23 extension warning Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: fix C23 extension warning Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: pm: check flush doesn't reset limits Geliang Tang <geliang(a)kernel.org> mptcp: disable add_addr retransmission when timeout is 0 Geliang Tang <geliang(a)kernel.org> mptcp: remove duplicate sk_reset_timer call Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: kernel: flush: do not reset ADD_ADDR limit Christoph Paasch <cpaasch(a)openai.com> mptcp: drop skb if MPTCP skb extension allocation fails Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> ACPI: APEI: EINJ: Fix resource leak by remove callback in .exit.text Chen Yu <yu.c.chen(a)intel.com> ACPI: pfr_update: Fix the driver update version check Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: governors: menu: Avoid selecting states with too much latency JP Kobryn <inwardvessel(a)gmail.com> cgroup: avoid null de-ref in css_rstat_exit() Eric Biggers <ebiggers(a)kernel.org> ipv6: sr: Fix MAC comparison to be constant-time Andrea Righi <arighi(a)nvidia.com> sched/ext: Fix invalid task state transitions on class switch Jakub Acs <acsjakub(a)amazon.de> net, hsr: reject HSR frame if skb can't hold tag Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Add address alignment check in pch_pic register access Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fix stack protector issue in send_ipi_data() Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Make function kvm_own_lbt() robust Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Don't overwrite dce60_clk_mgr Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Revert "drm/amd/display: Fix AMDGPU_MAX_BL_LEVEL value" Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Pass up errors for reset GPU that fails to init HW Lauri Tirkkonen <lauri(a)hacktheplanet.fi> drm/amd/display: fix initial backlight brightness calculation Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix DCE 6.0 and 6.4 PLL programming. Siyang Liu <Security(a)tencent.com> drm/amd/display: fix a Null pointer dereference vulnerability Michel Dänzer <mdaenzer(a)redhat.com> drm/amd/display: Add primary plane to commits for correct VRR handling David Yat Sin <David.YatSin(a)amd.com> drm/amdkfd: Fix checkpoint-restore on multi-xcc Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Destroy KFD debugfs after destroy KFD wq Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Update supported modes for GC v9.5.0 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: update mmhub 4.1.0 client id mappings Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: update mmhub 3.3 client id mappings Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: update mmhub 3.0.1 client id mappings Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Update external revid for GC v9.5.0 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: track whether a queue is a kernel queue in amdgpu_mqd_prop YuanShang <YuanShang.Mao(a)amd.com> drm/amdgpu: Retain job->vm in amdgpu_job_prepare_job Nathan Chancellor <nathan(a)kernel.org> drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() Peter Shkenev <mustela(a)erminea.space> drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities Gang Ba <Gang.Ba(a)amd.com> drm/amdgpu: Avoid extra evict-restore process. Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: add missing vram lost check for LEGACY RESET Frank Min <Frank.Min(a)amd.com> drm/amdgpu: add kicker fws loading for gfx12/smu14/psp14 Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Restore cached power limit during resume Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/discovery: fix fw based ip discovery Yang Wang <kevinyang.wang(a)amd.com> drm/amd/amdgpu: fix missing lock for cper.ring->rptr/wptr access Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Defer buffer object shrinker write-backs and GPU waits Vodapalli, Ravi Kumar <ravi.kumar.vodapalli(a)intel.com> drm/xe/bmg: Add one additional PCI ID Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Remove unnecessary re-initialization of flush completion Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Verify internal buffer release on close Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Update CAPTURE format info based on OUTPUT format Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Track flush responses to prevent premature completion Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Skip flush on first sequence change Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Skip destroying internal buffer if not dequeued Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Send V4L2_BUF_FLAG_ERROR for capture buffers with 0 filled length Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Remove error check for non-zero v4l2 controls Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Remove deprecated property setting to firmware Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Prevent HFI queue writes when core is in deinit state Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Fix typo in depth variable Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Fix NULL pointer dereference Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Fix missing function pointer initialization Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Fix buffer preparation failure during resolution change Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Drop port check for session property response Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Avoid updating frame size to firmware during reconfig Ricardo Ribalda <ribalda(a)chromium.org> media: venus: venc: Clamp param smaller than 1fps and bigger than 240 Ricardo Ribalda <ribalda(a)chromium.org> media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com> media: venus: protect against spurious interrupts during probe Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com> media: venus: hfi: explicitly release IRQ during teardown Konrad Dybcio <konrad.dybcio(a)oss.qualcomm.com> media: venus: Fix MSM8998 frequency table Vedang Nagar <quic_vnagar(a)quicinc.com> media: venus: Add a check for packet size after reading from shared memory Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: Remove extraneous -supply postfix on supply names Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> media: qcom: camss: cleanup media device allocated resource on error path Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: qcom: camss: csiphy-3ph: Fix inadvertent dropping of SDM660/SDM670 phy init Hans de Goede <hansg(a)kernel.org> media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls Mathis Foerst <mathis.foerst(a)mt.com> media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval Zhang Shurong <zhang_shurong(a)foxmail.com> media: ov2659: Fix memory leaks in ov2659_probe() Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: pisp_be: Fix pm_runtime underrun in probe Gui-Dong Han <hanguidong02(a)gmail.com> media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() Ludwig Disterhof <ludwig(a)disterhof.eu> media: usbtv: Lock resolution while streaming Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: verisilicon: Fix AV1 decoder clock frequency Hans Verkuil <hverkuil(a)xs4all.nl> media: vivid: fix wrong pixel_array control size Sakari Ailus <sakari.ailus(a)linux.intel.com> media: ipu6: isys: Use correct pads for xlate_streams() Haoxiang Li <haoxiang_li2024(a)163.com> media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() Bingbu Cao <bingbu.cao(a)intel.com> media: hi556: correct the test pattern configuration Dan Carpenter <dan.carpenter(a)linaro.org> media: gspca: Add bounds checking to firmware parser John David Anglin <dave.anglin(a)bell.net> parisc: Update comments in make_insert_tlb John David Anglin <dave.anglin(a)bell.net> parisc: Try to fixup kernel exception in bad_area_nosemaphore path of do_page_fault() John David Anglin <dave.anglin(a)bell.net> parisc: Revise gateway LWS calls to probe user read access John David Anglin <dave.anglin(a)bell.net> parisc: Revise __get_user() to probe user read access John David Anglin <dave.anglin(a)bell.net> parisc: Rename pte_needs_flush() to pte_needs_cache_flush() in cache.c Randy Dunlap <rdunlap(a)infradead.org> parisc: Makefile: explain that 64BIT requires both 32-bit and 64-bit compilers John David Anglin <dave.anglin(a)bell.net> parisc: Drop WARN_ON_ONCE() from flush_cache_vmap John David Anglin <dave.anglin(a)bell.net> parisc: Define and use set_pte_at() John David Anglin <dave.anglin(a)bell.net> parisc: Check region is readable by user in raw_copy_from_user() Jon Hunter <jonathanh(a)nvidia.com> soc/tegra: pmc: Ensure power-domains are in a known state Jialin Wang <wjl.linux(a)gmail.com> proc: proc_maps_open allow proc_mem_open to return NULL Aleksa Sarai <cyphar(a)cyphar.com> open_tree_attr: do not allow id-mapping changes without OPEN_TREE_CLONE Simon Richter <Simon.Richter(a)hogyros.de> Mark xe driver as BROKEN if kernel page size is not 4kB Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: use correct linker when mixing clang and GNU ld Jann Horn <jannh(a)google.com> kasan/test: fix protection against compiler elision Baokun Li <libaokun1(a)huawei.com> jbd2: prevent softlockup in jbd2_log_do_checkpoint() Jan Kara <jack(a)suse.cz> iomap: Fix broken data integrity guarantees for O_SYNC writes Kathiravan Thirumoorthy <kathiravan.thirumoorthy(a)oss.qualcomm.com> i2c: qcom-geni: fix I2C frequency table to achieve accurate bus rates Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-boundary access in dnode page Julian Sun <sunjunchao2870(a)gmail.com> block: restore default wbt enablement Muhammad Usama Anjum <usama.anjum(a)collabora.com> ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context Xaver Hugl <xaver.hugl(a)kde.org> amdgpu/amdgpu_discovery: increase timeout limit for IFWI init Kathiravan Thirumoorthy <kathiravan.thirumoorthy(a)oss.qualcomm.com> phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence Will Deacon <will(a)kernel.org> vhost/vsock: Avoid allocating arbitrarily-sized SKBs Will Deacon <will(a)kernel.org> vsock/virtio: Validate length in packet header before skb_put() Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Delay link start until configfs 'start' written Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features Damien Le Moal <dlemoal(a)kernel.org> PCI: endpoint: Fix configfs group removal on driver teardown Damien Le Moal <dlemoal(a)kernel.org> PCI: endpoint: Fix configfs group list head handling Jiwei Sun <sunjw10(a)lenovo.com> PCI: Fix link speed calculation on retrain failure Lukas Wunner <lukas(a)wunner.de> PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge Chi Zhiling <chizhiling(a)kylinos.cn> readahead: fix return value of page_cache_next_miss() when no hole is found Dmitry Torokhov <dmitry.torokhov(a)gmail.com> mfd: mt6397: Do not use generic name for keypad sub-devices Thomas Fourier <fourier.thomas(a)gmail.com> mtd: rawnand: renesas: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> mtd: rawnand: fsmc: Add missing check after DMA map Gabor Juhos <j4g8y7(a)gmail.com> mtd: spinand: propagate spinand_wait() errors from spinand_write_page() Michael Walle <mwalle(a)kernel.org> mtd: spi-nor: Fix spi_nor_try_unlock_all() Tim Harvey <tharvey(a)gateworks.com> hwmon: (gsc-hwmon) fix fan pwm setpoint show functions Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Fix duty and period setting Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Handle hardware enable and clock enable separately Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> pwm: imx-tpm: Reset counter if CMOD is 0 Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix dest ring-buffer corruption when ring is full Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix source ring-buffer corruption Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix dest ring-buffer corruption Johan Hovold <johan+linaro(a)kernel.org> wifi: ath12k: fix dest ring-buffer corruption when ring is full Johan Hovold <johan+linaro(a)kernel.org> wifi: ath12k: fix source ring-buffer corruption Johan Hovold <johan+linaro(a)kernel.org> wifi: ath12k: fix dest ring-buffer corruption Nathan Chancellor <nathan(a)kernel.org> wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() David Lechner <dlechner(a)baylibre.com> iio: adc: ad7173: fix setting ODR in probe David Lechner <dlechner(a)baylibre.com> iio: adc: ad7173: fix calibration channel David Lechner <dlechner(a)baylibre.com> iio: adc: ad7173: fix channels index for syscalib_mode David Lechner <dlechner(a)baylibre.com> iio: adc: ad_sigma_delta: change to buffer predisable David Lechner <dlechner(a)baylibre.com> iio: imu: bno055: fix OOB access of hw_xlate array Marek Szyprowski <m.szyprowski(a)samsung.com> zynq_fpga: use sgtable-based scatterlist wrappers Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: mdt_loader: Ensure we don't read past the ELF header Igor Pylypiv <ipylypiv(a)google.com> ata: libata-scsi: Fix CDL control Adrian Hunter <adrian.hunter(a)intel.com> scsi: ufs: ufs-pci: Fix default runtime and system PM levels Archana Patni <archana.patni(a)intel.com> scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Return aborted command when missing sense and result TF Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_to_sense_error() status handling Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Fix race between config read submit and interrupt completion André Draszik <andre.draszik(a)linaro.org> scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE Macpaul Lin <macpaul.lin(a)mediatek.com> scsi: dt-bindings: mediatek,ufs: Add ufs-disable-mcq flag for UFS host Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> dt-bindings: display: vop2: Add optional PLL clock property for rk3576 Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints Helge Deller <deller(a)gmx.de> apparmor: Fix 8-byte alignment for initial dfa blob streams Sam Edwards <cfsworks(a)gmail.com> arm64: dts: rockchip: Remove workaround that prevented Turing RK1 GPU power regulator control Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> arm64: dts: ti: k3-am62-verdin: Enable pull-ups on I2C buses Kaustabh Chakraborty <kauschluss(a)disroot.org> arm64: dts: exynos7870-on7xelte: reduce memory ranges to base amount Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62*: Move eMMC pinmux to top level board file Hong Guan <hguan(a)ti.com> arm64: dts: ti: k3-am62a7-sk: fix pinmux for main_uart1 Peter Griffin <peter.griffin(a)linaro.org> arm64: dts: exynos: gs101: ufs: add dma-coherent property Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Enable HDMI PHY clk provider on rk3576 Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Add HDMI PHY PLL clock source to VOP2 on rk3576 Kaustabh Chakraborty <kauschluss(a)disroot.org> arm64: dts: exynos7870: add quirk to disable USB2 LPM in gadget mode Alexander Sverdlin <alexander.sverdlin(a)gmail.com> arm64: dts: ti: k3-pinctrl: Enable Schmitt Trigger by default Kaustabh Chakraborty <kauschluss(a)disroot.org> arm64: dts: exynos7870-j6lte: reduce memory ranges to base amount Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62-main: Remove eMMC High Speed DDR support Nick Chan <towinchenmi(a)gmail.com> arm64: dts: apple: t8012-j132: Include touchbar framebuffer node Kyoji Ogasawara <sawara04.o(a)gmail.com> btrfs: fix printing of mount info messages for NODATACOW/NODATASUM Kyoji Ogasawara <sawara04.o(a)gmail.com> btrfs: restore mount option info messages during mount Kyoji Ogasawara <sawara04.o(a)gmail.com> btrfs: fix incorrect log message for nobarrier mount option Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix write time activation failure for metadata block group Zhang Yi <yi.zhang(a)huawei.com> ext4: fix hole length calculation overflow in non-extent inodes Liao Yuanhong <liaoyuanhong(a)vivo.com> ext4: use kmalloc_array() for array space allocation Theodore Ts'o <tytso(a)mit.edu> ext4: don't try to clear the orphan_present feature block device is r/o Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: fix reserved gdt blocks handling in fsmap Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: fix fsmap end of range reporting with bigalloc Andreas Dilger <adilger(a)dilger.ca> ext4: check fast symlink for ea_inode correctly Baokun Li <libaokun1(a)huawei.com> ext4: preserve SB_I_VERSION on remount Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: fprobe-event: Sanitize wildcard for fprobe event name Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: extend the connection limiting mechanism to support IPv6 Ziyan Xu <ziyan(a)securitygossip.com> ksmbd: fix refcount leak causing resource not released Helge Deller <deller(a)gmx.de> Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" Herbert Xu <herbert(a)gondor.apana.org.au> crypto: hash - Increase HASH_MAX_DESCSIZE for hmac(sha3-224-s390) Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - Fix address alignment issue on ucode loading Eric Biggers <ebiggers(a)kernel.org> crypto: x86/aegis - Add missing error checks Eric Biggers <ebiggers(a)kernel.org> crypto: x86/aegis - Fix sleeping when disallowed on PREEMPT_RT Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - flush misc workqueue during device shutdown John Ernberg <john.ernberg(a)actia.se> crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP Ashish Kalra <ashish.kalra(a)amd.com> crypto: ccp - Fix SNP panic notifier unregistration Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - lower priority for skcipher and aead algorithms Eric Biggers <ebiggers(a)kernel.org> lib/crypto: arm64/poly1305: Fix register corruption in no-SIMD contexts Eric Biggers <ebiggers(a)kernel.org> lib/crypto: arm/poly1305: Fix register corruption in no-SIMD contexts Eric Biggers <ebiggers(a)kernel.org> lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap David Howells <dhowells(a)redhat.com> netfs: Fix unbuffered write error handling Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> vt: defkeymap: Map keycodes above 127 to K_HOLE Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> vt: keyboard: Don't process Unicode characters in K_OFF mode Youssef Samir <quic_yabdulra(a)quicinc.com> bus: mhi: host: Detect events pointing to unexpected TREs Alexander Wilhelm <alexander.wilhelm(a)westermo.com> bus: mhi: host: Fix endianness of BHI vector table Johan Hovold <johan(a)kernel.org> usb: dwc3: imx8mp: fix device leak at unbind Johan Hovold <johan(a)kernel.org> usb: dwc3: meson-g12a: fix device leaks at unbind Johan Hovold <johan(a)kernel.org> usb: musb: omap2430: fix device leak at unbind Johan Hovold <johan(a)kernel.org> usb: gadget: udc: renesas_usb3: fix device leak at unbind Nathan Chancellor <nathan(a)kernel.org> usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() David Lechner <dlechner(a)baylibre.com> iio: adc: ad7173: fix num_slots Finn Thain <fthain(a)linux-m68k.org> m68k: Fix lost column on framebuffer debug console Damien Le Moal <dlemoal(a)kernel.org> dm: Check for forbidden splitting of zone write operations Damien Le Moal <dlemoal(a)kernel.org> dm: dm-crypt: Do not partially accept write BIOs with zoned targets Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Take active children into account in pm_runtime_get_if_in_use() Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() Dan Carpenter <dan.carpenter(a)linaro.org> cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() Damien Le Moal <dlemoal(a)kernel.org> ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig Yunhui Cui <cuiyunhui(a)bytedance.com> serial: 8250: fix panic due to PSLVERR ------------- Diffstat: .../bindings/display/rockchip/rockchip-vop2.yaml | 56 ++++- .../bindings/display/sprd/sprd,sharkl3-dpu.yaml | 2 +- .../display/sprd/sprd,sharkl3-dsi-host.yaml | 2 +- .../devicetree/bindings/ufs/mediatek,ufs.yaml | 4 + Documentation/networking/mptcp-sysctl.rst | 2 + Makefile | 6 +- arch/arm/lib/crypto/poly1305-glue.c | 3 +- arch/arm64/boot/dts/apple/t8012-j132.dts | 1 + arch/arm64/boot/dts/exynos/exynos7870-j6lte.dts | 2 +- arch/arm64/boot/dts/exynos/exynos7870-on7xelte.dts | 2 +- arch/arm64/boot/dts/exynos/exynos7870.dtsi | 1 + arch/arm64/boot/dts/exynos/google/gs101.dtsi | 1 + arch/arm64/boot/dts/rockchip/rk3576.dtsi | 7 +- .../arm64/boot/dts/rockchip/rk3588-turing-rk1.dtsi | 11 - arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts | 24 ++ arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 - arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 12 +- arch/arm64/boot/dts/ti/k3-am625-sk.dts | 24 ++ arch/arm64/boot/dts/ti/k3-am62a7-sk.dts | 4 +- arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi | 24 -- arch/arm64/boot/dts/ti/k3-pinctrl.h | 15 +- arch/arm64/lib/crypto/poly1305-glue.c | 3 +- arch/loongarch/Makefile | 6 + arch/loongarch/kernel/module-sections.c | 38 +-- arch/loongarch/kvm/intc/eiointc.c | 32 +-- arch/loongarch/kvm/intc/ipi.c | 8 +- arch/loongarch/kvm/intc/pch_pic.c | 10 + arch/loongarch/kvm/vcpu.c | 8 +- arch/m68k/kernel/head.S | 31 ++- arch/mips/lib/crypto/chacha-core.S | 20 +- arch/parisc/Makefile | 4 +- arch/parisc/include/asm/pgtable.h | 7 +- arch/parisc/include/asm/special_insns.h | 28 +++ arch/parisc/include/asm/uaccess.h | 21 +- arch/parisc/kernel/cache.c | 6 +- arch/parisc/kernel/entry.S | 17 +- arch/parisc/kernel/syscall.S | 30 ++- arch/parisc/lib/memcpy.c | 19 +- arch/parisc/mm/fault.c | 4 + arch/s390/boot/vmem.c | 3 + arch/s390/hypfs/hypfs_dbfs.c | 19 +- arch/x86/crypto/aegis128-aesni-glue.c | 40 +++- arch/x86/include/asm/xen/hypercall.h | 5 +- arch/x86/kernel/cpu/amd.c | 8 +- arch/x86/kernel/cpu/hygon.c | 3 + block/bfq-iosched.c | 13 +- block/blk-mq-debugfs.c | 1 + block/blk-mq-sched.c | 223 ++++++++++++------ block/blk-mq-sched.h | 12 +- block/blk-mq.c | 29 ++- block/blk-rq-qos.c | 8 +- block/blk-rq-qos.h | 48 ++-- block/blk-sysfs.c | 2 +- block/blk.h | 4 +- block/elevator.c | 38 ++- block/elevator.h | 16 +- block/kyber-iosched.c | 11 +- block/mq-deadline.c | 14 +- crypto/deflate.c | 7 +- drivers/accel/habanalabs/gaudi2/gaudi2.c | 2 +- drivers/acpi/apei/einj-core.c | 12 +- drivers/acpi/pfr_update.c | 2 +- drivers/ata/Kconfig | 32 ++- drivers/ata/libata-scsi.c | 49 ++-- drivers/base/power/runtime.c | 27 ++- drivers/bluetooth/btmtk.c | 7 +- drivers/bus/mhi/host/boot.c | 8 +- drivers/bus/mhi/host/internal.h | 4 +- drivers/bus/mhi/host/main.c | 12 +- drivers/cdx/controller/cdx_rpmsg.c | 3 +- drivers/comedi/comedi_fops.c | 5 + drivers/comedi/drivers.c | 27 +-- drivers/comedi/drivers/pcl726.c | 3 +- drivers/cpufreq/armada-8k-cpufreq.c | 2 +- drivers/cpuidle/governors/menu.c | 29 +-- drivers/crypto/caam/ctrl.c | 5 +- drivers/crypto/caam/intern.h | 1 + drivers/crypto/ccp/sev-dev.c | 10 +- .../crypto/intel/qat/qat_common/adf_common_drv.h | 1 + drivers/crypto/intel/qat/qat_common/adf_init.c | 1 + drivers/crypto/intel/qat/qat_common/adf_isr.c | 5 + drivers/crypto/intel/qat/qat_common/qat_algs.c | 12 +- drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h | 125 +++++++--- .../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 35 +-- drivers/fpga/zynq-fpga.c | 10 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_cper.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 3 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 76 +++--- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 - drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 21 +- drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 5 +- drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 14 +- drivers/gpu/drm/amd/amdgpu/imu_v12_0.c | 13 +- drivers/gpu/drm/amd/amdgpu/mmhub_v3_0_1.c | 57 +++-- drivers/gpu/drm/amd/amdgpu/mmhub_v3_3.c | 121 +++++++++- drivers/gpu/drm/amd/amdgpu/mmhub_v4_1_0.c | 34 ++- drivers/gpu/drm/amd/amdgpu/psp_v14_0.c | 2 + drivers/gpu/drm/amd/amdgpu/soc15.c | 2 + .../gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_module.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 61 ++++- .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 20 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 19 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 28 +++ .../drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 +- drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 5 +- .../gpu/drm/amd/display/dc/bios/command_table.c | 2 +- drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 1 - .../amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 19 +- .../amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 ++-- .../amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 +-- drivers/gpu/drm/amd/display/dc/core/dc.c | 34 ++- .../amd/display/dc/resource/dce60/dce60_resource.c | 34 +-- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 16 ++ drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0.c | 11 +- .../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 30 ++- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/drm_format_helper.c | 108 ++++++++- drivers/gpu/drm/drm_format_internal.h | 8 + drivers/gpu/drm/drm_panic_qr.rs | 22 +- drivers/gpu/drm/hisilicon/hibmc/dp/dp_link.c | 14 +- drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c | 22 +- drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.h | 1 + drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_i2c.c | 5 + drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_vdac.c | 11 +- drivers/gpu/drm/i915/display/intel_display_irq.c | 4 + drivers/gpu/drm/i915/display/intel_tc.c | 93 ++++++-- drivers/gpu/drm/i915/gt/intel_workarounds.c | 20 +- drivers/gpu/drm/nouveau/nvif/vmm.c | 3 +- .../gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c | 4 +- drivers/gpu/drm/nova/file.rs | 3 +- drivers/gpu/drm/tests/drm_format_helper_test.c | 111 ++------- drivers/gpu/drm/xe/Kconfig | 1 + drivers/gpu/drm/xe/xe_migrate.c | 2 +- drivers/gpu/drm/xe/xe_pxp_submit.c | 2 +- drivers/gpu/drm/xe/xe_shrinker.c | 51 +++- drivers/gpu/drm/xe/xe_vm.c | 48 ++-- drivers/gpu/drm/xe/xe_vm.h | 2 +- drivers/hwmon/gsc-hwmon.c | 4 +- drivers/i2c/busses/i2c-qcom-geni.c | 6 +- drivers/i2c/busses/i2c-rtl9300.c | 20 +- drivers/iio/accel/sca3300.c | 2 +- drivers/iio/adc/Kconfig | 2 +- drivers/iio/adc/ad7124.c | 14 +- drivers/iio/adc/ad7173.c | 137 ++++++++--- drivers/iio/adc/ad7380.c | 1 + drivers/iio/adc/ad_sigma_delta.c | 4 +- drivers/iio/adc/rzg2l_adc.c | 33 +-- drivers/iio/imu/bno055/bno055.c | 11 +- drivers/iio/imu/inv_icm42600/inv_icm42600.h | 8 +- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 31 ++- drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c | 22 +- drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h | 10 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 6 +- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 41 ++-- drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 12 +- drivers/iio/light/as73211.c | 2 +- drivers/iio/pressure/bmp280-core.c | 9 +- drivers/iio/proximity/isl29501.c | 14 +- drivers/iio/temperature/maxim_thermocouple.c | 26 ++- drivers/infiniband/core/umem_odp.c | 4 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 +- drivers/infiniband/hw/bnxt_re/main.c | 23 ++ drivers/infiniband/hw/bnxt_re/qplib_fp.c | 30 +-- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 - drivers/infiniband/hw/bnxt_re/qplib_res.c | 2 + drivers/infiniband/hw/erdma/erdma_verbs.c | 6 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 6 +- drivers/infiniband/hw/hns/hns_roce_restrack.c | 9 +- drivers/infiniband/sw/rxe/rxe_net.c | 29 +-- drivers/infiniband/sw/rxe/rxe_qp.c | 2 +- drivers/iommu/amd/init.c | 4 +- drivers/iommu/apple-dart.c | 1 - drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 +- drivers/iommu/intel/iommu.c | 1 - drivers/iommu/iommufd/selftest.c | 1 - drivers/iommu/riscv/iommu.c | 3 +- drivers/iommu/virtio-iommu.c | 19 +- drivers/md/dm-crypt.c | 47 +++- drivers/md/dm-raid.c | 42 ++-- drivers/md/dm.c | 17 +- drivers/md/md-bitmap.c | 8 +- drivers/md/md-cluster.c | 16 +- drivers/md/md.c | 110 ++++++--- drivers/md/md.h | 2 +- drivers/md/raid0.c | 6 +- drivers/md/raid1-10.c | 2 +- drivers/md/raid1.c | 10 +- drivers/md/raid10.c | 16 +- drivers/md/raid5-ppl.c | 6 +- drivers/md/raid5.c | 30 +-- drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3 +- drivers/media/i2c/hi556.c | 26 ++- drivers/media/i2c/mt9m114.c | 8 - drivers/media/i2c/ov2659.c | 3 +- drivers/media/pci/intel/ipu6/ipu6-isys-csi2.c | 12 +- drivers/media/pci/intel/ivsc/mei_ace.c | 2 + drivers/media/pci/intel/ivsc/mei_csi.c | 2 + .../platform/qcom/camss/camss-csiphy-3ph-1-0.c | 3 +- drivers/media/platform/qcom/camss/camss.c | 20 +- drivers/media/platform/qcom/iris/iris_buffer.c | 20 +- drivers/media/platform/qcom/iris/iris_buffer.h | 3 +- drivers/media/platform/qcom/iris/iris_ctrls.c | 7 +- .../platform/qcom/iris/iris_hfi_gen1_command.c | 27 +-- .../platform/qcom/iris/iris_hfi_gen1_defines.h | 1 - .../platform/qcom/iris/iris_hfi_gen1_response.c | 20 +- .../platform/qcom/iris/iris_hfi_gen2_command.c | 4 +- .../platform/qcom/iris/iris_hfi_gen2_response.c | 11 +- drivers/media/platform/qcom/iris/iris_hfi_queue.c | 2 +- drivers/media/platform/qcom/iris/iris_instance.h | 2 + .../platform/qcom/iris/iris_platform_common.h | 2 +- .../platform/qcom/iris/iris_platform_sm8250.c | 9 - drivers/media/platform/qcom/iris/iris_state.c | 2 +- drivers/media/platform/qcom/iris/iris_state.h | 1 + drivers/media/platform/qcom/iris/iris_vb2.c | 15 +- drivers/media/platform/qcom/iris/iris_vdec.c | 9 +- drivers/media/platform/qcom/iris/iris_vidc.c | 33 ++- drivers/media/platform/qcom/venus/core.c | 18 +- drivers/media/platform/qcom/venus/core.h | 2 + drivers/media/platform/qcom/venus/hfi_venus.c | 5 + drivers/media/platform/qcom/venus/vdec.c | 5 +- drivers/media/platform/qcom/venus/venc.c | 5 +- drivers/media/platform/raspberrypi/pisp_be/Kconfig | 1 + .../media/platform/raspberrypi/pisp_be/pisp_be.c | 5 +- .../media/platform/verisilicon/rockchip_vpu_hw.c | 9 - drivers/media/test-drivers/vivid/vivid-ctrls.c | 3 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 4 +- drivers/media/usb/gspca/vicam.c | 10 +- drivers/media/usb/usbtv/usbtv-video.c | 4 + drivers/media/v4l2-core/v4l2-ctrls-core.c | 1 - drivers/memstick/core/memstick.c | 1 - drivers/memstick/host/rtsx_usb_ms.c | 1 + drivers/mfd/mt6397-core.c | 12 +- drivers/mmc/host/sdhci-of-arasan.c | 33 ++- drivers/mmc/host/sdhci-pci-gli.c | 37 +-- drivers/mmc/host/sdhci_am654.c | 18 ++ drivers/most/core.c | 2 +- drivers/mtd/nand/raw/fsmc_nand.c | 2 + drivers/mtd/nand/raw/renesas-nand-controller.c | 6 + drivers/mtd/nand/spi/core.c | 5 +- drivers/mtd/spi-nor/swp.c | 19 +- drivers/net/bonding/bond_3ad.c | 67 ++++-- drivers/net/bonding/bond_options.c | 1 + drivers/net/dsa/microchip/ksz_common.c | 6 + drivers/net/ethernet/airoha/airoha_ppe.c | 4 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +- drivers/net/ethernet/google/gve/gve_main.c | 2 + drivers/net/ethernet/intel/igc/igc_main.c | 14 +- drivers/net/ethernet/intel/ixgbe/devlink/devlink.c | 1 + drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4 +- .../net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c | 4 +- drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/en/dcbnl.h | 1 - .../ethernet/mellanox/mlx5/core/en/port_buffer.c | 18 +- .../ethernet/mellanox/mlx5/core/en/tc/ct_fs_hmfs.c | 2 + drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 12 +- .../ethernet/mellanox/mlx5/core/esw/devlink_port.c | 4 +- .../net/ethernet/mellanox/mlx5/core/mlx5_core.h | 2 + drivers/net/ethernet/mellanox/mlx5/core/port.c | 20 ++ .../mellanox/mlx5/core/steering/hws/bwc_complex.c | 41 ++-- .../ethernet/mellanox/mlx5/core/steering/hws/cmd.c | 1 + .../ethernet/mellanox/mlx5/core/steering/hws/cmd.h | 1 + .../mellanox/mlx5/core/steering/hws/fs_hws.c | 1 + .../mellanox/mlx5/core/steering/hws/matcher.c | 5 +- .../mellanox/mlx5/core/steering/hws/mlx5hws.h | 1 + .../mellanox/mlx5/core/steering/hws/send.c | 1 - .../mellanox/mlx5/core/steering/hws/table.c | 13 +- .../mellanox/mlx5/core/steering/hws/table.h | 3 +- drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2 + drivers/net/ethernet/mellanox/mlxsw/trap.h | 1 + drivers/net/ethernet/microchip/lan865x/lan865x.c | 21 ++ drivers/net/ethernet/realtek/rtase/rtase.h | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac-thead.c | 9 +- drivers/net/ethernet/ti/icssg/icssg_prueth.c | 72 +++--- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 8 +- drivers/net/phy/mscc/mscc.h | 12 + drivers/net/phy/mscc/mscc_main.c | 12 + drivers/net/phy/mscc/mscc_ptp.c | 49 +++- drivers/net/ppp/ppp_generic.c | 17 +- drivers/net/usb/asix_devices.c | 2 +- drivers/net/wireless/ath/ath11k/ce.c | 3 - drivers/net/wireless/ath/ath11k/dp_rx.c | 3 - drivers/net/wireless/ath/ath11k/hal.c | 33 ++- drivers/net/wireless/ath/ath12k/ce.c | 3 - drivers/net/wireless/ath/ath12k/hal.c | 38 ++- .../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 +- drivers/pci/controller/dwc/pci-imx6.c | 12 +- drivers/pci/controller/dwc/pcie-designware.c | 8 + drivers/pci/controller/pcie-rockchip-ep.c | 4 +- drivers/pci/controller/pcie-rockchip-host.c | 49 ++-- drivers/pci/controller/pcie-rockchip.h | 12 +- drivers/pci/endpoint/pci-ep-cfs.c | 1 + drivers/pci/endpoint/pci-epf-core.c | 2 +- drivers/pci/pci.h | 32 +-- drivers/pci/pcie/portdrv.c | 2 +- drivers/phy/qualcomm/phy-qcom-m31.c | 14 +- drivers/platform/chrome/cros_ec.c | 3 + drivers/platform/x86/amd/hsmp/hsmp.c | 5 + .../intel/uncore-frequency/uncore-frequency-tpmi.c | 5 + drivers/pwm/pwm-imx-tpm.c | 9 + drivers/pwm/pwm-mediatek.c | 71 +++--- drivers/regulator/pca9450-regulator.c | 13 +- drivers/regulator/tps65219-regulator.c | 12 +- drivers/s390/char/sclp.c | 11 +- drivers/scsi/mpi3mr/mpi3mr.h | 6 +- drivers/scsi/mpi3mr/mpi3mr_fw.c | 17 +- drivers/scsi/mpi3mr/mpi3mr_os.c | 2 + drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/soc/qcom/mdt_loader.c | 43 ++++ drivers/soc/tegra/pmc.c | 51 ++-- drivers/spi/spi-fsl-lpspi.c | 8 +- drivers/spi/spi-qpic-snand.c | 22 +- drivers/staging/media/imx/imx-media-csc-scaler.c | 2 +- drivers/tty/serial/8250/8250_port.c | 3 +- drivers/tty/vt/defkeymap.c_shipped | 112 +++++++++ drivers/tty/vt/keyboard.c | 2 +- drivers/ufs/core/ufshcd.c | 10 +- drivers/ufs/host/ufs-exynos.c | 4 +- drivers/ufs/host/ufs-qcom.c | 42 ++-- drivers/ufs/host/ufshcd-pci.c | 42 +++- drivers/usb/atm/cxacru.c | 172 +++++++------- drivers/usb/core/hcd.c | 20 +- drivers/usb/core/quirks.c | 1 + drivers/usb/dwc3/dwc3-imx8mp.c | 7 +- drivers/usb/dwc3/dwc3-meson-g12a.c | 3 + drivers/usb/dwc3/dwc3-pci.c | 2 + drivers/usb/dwc3/ep0.c | 20 +- drivers/usb/dwc3/gadget.c | 19 +- drivers/usb/gadget/udc/renesas_usb3.c | 1 + drivers/usb/host/xhci-hub.c | 3 +- drivers/usb/host/xhci-mem.c | 22 +- drivers/usb/host/xhci-pci-renesas.c | 7 +- drivers/usb/host/xhci-ring.c | 9 +- drivers/usb/host/xhci.c | 23 +- drivers/usb/host/xhci.h | 3 +- drivers/usb/musb/omap2430.c | 14 +- drivers/usb/storage/realtek_cr.c | 2 +- drivers/usb/storage/unusual_devs.h | 29 +++ drivers/usb/typec/tcpm/maxim_contaminant.c | 58 +++++ drivers/usb/typec/tcpm/tcpci_maxim.h | 1 + drivers/vhost/vsock.c | 6 +- drivers/video/console/vgacon.c | 2 +- fs/btrfs/ctree.c | 23 +- fs/btrfs/extent-tree.c | 2 +- fs/btrfs/extent_io.c | 94 ++++---- fs/btrfs/extent_io.h | 2 +- fs/btrfs/fiemap.c | 2 +- fs/btrfs/free-space-tree.c | 17 +- fs/btrfs/inode.c | 8 +- fs/btrfs/print-tree.c | 2 +- fs/btrfs/qgroup.c | 6 +- fs/btrfs/relocation.c | 4 +- fs/btrfs/subpage.c | 258 +++++++++++---------- fs/btrfs/subpage.h | 45 +++- fs/btrfs/super.c | 13 +- fs/btrfs/tree-log.c | 4 +- fs/btrfs/zoned.c | 70 ++++-- fs/buffer.c | 2 +- fs/debugfs/inode.c | 11 +- fs/erofs/Kconfig | 18 +- fs/ext4/fsmap.c | 23 +- fs/ext4/indirect.c | 4 +- fs/ext4/inode.c | 2 +- fs/ext4/orphan.c | 5 +- fs/ext4/super.c | 8 +- fs/f2fs/node.c | 10 + fs/fhandle.c | 2 +- fs/internal.h | 3 + fs/iomap/direct-io.c | 14 +- fs/jbd2/checkpoint.c | 1 + fs/libfs.c | 27 ++- fs/namespace.c | 69 +++--- fs/netfs/read_collect.c | 4 +- fs/netfs/write_collect.c | 10 +- fs/netfs/write_issue.c | 4 +- fs/nfs/pagelist.c | 9 +- fs/nfs/write.c | 29 +-- fs/overlayfs/copy_up.c | 2 +- fs/proc/task_mmu.c | 4 +- fs/smb/client/smb2ops.c | 2 +- fs/smb/server/connection.c | 3 +- fs/smb/server/connection.h | 7 +- fs/smb/server/oplock.c | 13 +- fs/smb/server/transport_rdma.c | 5 +- fs/smb/server/transport_rdma.h | 4 +- fs/smb/server/transport_tcp.c | 26 ++- fs/splice.c | 3 + fs/squashfs/super.c | 14 +- fs/xfs/libxfs/xfs_refcount.c | 4 +- fs/xfs/scrub/common.c | 3 +- fs/xfs/scrub/repair.c | 12 +- fs/xfs/scrub/scrub.c | 5 +- fs/xfs/xfs_attr_item.c | 5 +- fs/xfs/xfs_discard.c | 12 +- fs/xfs/xfs_fsmap.c | 4 +- fs/xfs/xfs_icache.c | 5 +- fs/xfs/xfs_inode.c | 7 +- fs/xfs/xfs_itable.c | 24 +- fs/xfs/xfs_iwalk.c | 11 +- fs/xfs/xfs_notify_failure.c | 6 +- fs/xfs/xfs_qm.c | 10 +- fs/xfs/xfs_rtalloc.c | 13 +- fs/xfs/xfs_trans.c | 56 ++--- fs/xfs/xfs_trans.h | 3 +- fs/xfs/xfs_zone_alloc.c | 10 +- fs/xfs/xfs_zone_gc.c | 5 +- include/crypto/hash.h | 2 +- include/crypto/internal/acompress.h | 5 +- include/drm/drm_format_helper.h | 9 + include/drm/intel/pciids.h | 1 + include/linux/blkdev.h | 1 + include/linux/compiler.h | 8 - include/linux/iosys-map.h | 7 +- include/linux/iov_iter.h | 20 +- include/linux/kcov.h | 47 +--- include/linux/mlx5/mlx5_ifc.h | 14 +- include/linux/netfs.h | 1 + include/linux/nfs_page.h | 1 + include/net/bluetooth/bluetooth.h | 4 +- include/net/bluetooth/hci.h | 1 + include/net/bluetooth/hci_core.h | 54 ++++- include/net/bond_3ad.h | 1 + include/net/devlink.h | 6 +- include/net/sch_generic.h | 11 +- include/sound/cs35l56.h | 5 +- include/trace/events/btrfs.h | 2 +- include/uapi/linux/pfrut.h | 1 + include/uapi/linux/raid/md_p.h | 2 +- io_uring/futex.c | 3 + kernel/Kconfig.kexec | 1 + kernel/cgroup/cpuset.c | 9 +- kernel/cgroup/rstat.c | 3 + kernel/kexec_handover.c | 29 ++- kernel/sched/ext.c | 4 + kernel/signal.c | 6 +- kernel/trace/ftrace.c | 19 +- kernel/trace/trace.c | 34 ++- kernel/trace/trace.h | 10 +- mm/damon/core.c | 15 +- mm/damon/paddr.c | 4 + mm/debug_vm_pgtable.c | 9 +- mm/filemap.c | 3 +- mm/kasan/kasan_test_c.c | 2 +- mm/memory-failure.c | 8 + mm/mremap.c | 41 ++-- net/bluetooth/hci_conn.c | 17 +- net/bluetooth/hci_core.c | 27 ++- net/bluetooth/hci_event.c | 15 +- net/bluetooth/hci_sync.c | 33 +-- net/bluetooth/iso.c | 20 +- net/bluetooth/mgmt.c | 13 +- net/bridge/br_multicast.c | 16 ++ net/bridge/br_private.h | 2 + net/core/dev.c | 12 + net/devlink/port.c | 2 +- net/hsr/hsr_slave.c | 8 +- net/ipv4/netfilter/nf_reject_ipv4.c | 6 +- net/ipv6/netfilter/nf_reject_ipv6.c | 5 +- net/ipv6/seg6_hmac.c | 6 +- net/mptcp/options.c | 6 +- net/mptcp/pm.c | 18 +- net/mptcp/pm_kernel.c | 1 - net/sched/sch_cake.c | 14 +- net/sched/sch_codel.c | 12 +- net/sched/sch_fq.c | 12 +- net/sched/sch_fq_codel.c | 12 +- net/sched/sch_fq_pie.c | 12 +- net/sched/sch_hhf.c | 12 +- net/sched/sch_htb.c | 2 +- net/sched/sch_pie.c | 12 +- net/smc/af_smc.c | 3 +- net/tls/tls_sw.c | 7 +- net/vmw_vsock/virtio_transport.c | 12 +- rust/kernel/alloc/allocator.rs | 30 ++- rust/kernel/alloc/allocator_test.rs | 11 + rust/kernel/drm/device.rs | 32 ++- rust/kernel/faux.rs | 2 +- security/apparmor/lsm.c | 4 +- sound/core/timer.c | 4 +- sound/pci/hda/patch_realtek.c | 2 + sound/pci/hda/tas2781_hda_i2c.c | 2 +- sound/soc/codecs/cs35l56-sdw.c | 69 ------ sound/soc/codecs/cs35l56-shared.c | 29 ++- sound/soc/codecs/cs35l56.c | 2 +- sound/soc/codecs/cs35l56.h | 3 - sound/soc/sof/amd/acp-loader.c | 6 +- sound/usb/stream.c | 2 +- sound/usb/validate.c | 2 +- tools/objtool/arch/loongarch/special.c | 23 ++ tools/testing/selftests/net/mptcp/mptcp_connect.c | 5 +- tools/testing/selftests/net/mptcp/mptcp_inq.c | 5 +- tools/testing/selftests/net/mptcp/mptcp_sockopt.c | 5 +- tools/testing/selftests/net/mptcp/pm_netlink.sh | 1 + 498 files changed, 4907 insertions(+), 2746 deletions(-)

2 weeks, 3 days

20
477
0 0

[PATCH net v2] batman-adv: fix OOB read/write in network-coding decode

by Stanislav Fort

batadv_nc_skb_decode_packet() trusts coded_len and checks only against skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing payload headroom, and the source skb length is not verified, allowing an out-of-bounds read and a small out-of-bounds write. Validate that coded_len fits within the payload area of both destination and source sk_buffs before XORing. Fixes: 2df5278b0267 ("batman-adv: network coding - receive coded packets and decode them") Cc: stable(a)vger.kernel.org Reported-by: Stanislav Fort <disclosure(a)aisle.com> Signed-off-by: Stanislav Fort <disclosure(a)aisle.com> --- net/batman-adv/network-coding.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c index 9f56308779cc..af97d077369f 100644 --- a/net/batman-adv/network-coding.c +++ b/net/batman-adv/network-coding.c @@ -1687,7 +1687,12 @@ batadv_nc_skb_decode_packet(struct batadv_priv *bat_priv, struct sk_buff *skb, coding_len = ntohs(coded_packet_tmp.coded_len); - if (coding_len > skb->len) + /* ensure dst buffer is large enough (payload only) */ + if (coding_len + h_size > skb->len) + return NULL; + + /* ensure src buffer is large enough (payload only) */ + if (coding_len + h_size > nc_packet->skb->len) return NULL; /* Here the magic is reversed: -- 2.39.3 (Apple Git-146)

2 weeks, 3 days

2
1
0 0

[PATCH 0/3] clk: samsung: exynos990: Fix USB clock support

by Denzeel Oliva

Hi, Small fixes for Exynos990 HSI0 USB clocks: Add missing LHS_ACEL clock ID and implementation, plus two missing USB clock registers. Without these, USB connections fail with errors like device descriptor read timeouts and address response issues. These changes ensure proper USB operation by adding critical missing clock definitions. Denzeel Oliva Signed-off-by: Denzeel Oliva <wachiturroxd150(a)gmail.com> Signed-off-by: Denzeel Oliva <wachiturroxd150(a)gmail.com> --- Denzeel Oliva (3): dt-bindings: clock: exynos990: Add LHS_ACEL clock ID for HSI0 block clk: samsung: exynos990: Add LHS_ACEL gate clock for HSI0 and update CLK_NR_TOP clk: samsung: exynos990: Add missing USB clock registers to HSI0 drivers/clk/samsung/clk-exynos990.c | 8 +++++++- include/dt-bindings/clock/samsung,exynos990.h | 1 + 2 files changed, 8 insertions(+), 1 deletion(-) --- base-commit: e0edfc39b62e35dfb6d669b1189fa268147345ef change-id: 20250830-usb-c8d352f5de9f Best regards, -- Denzeel Oliva <wachiturroxd150(a)gmail.com>

2 weeks, 3 days

2
4
0 0

[PATCH v7 02/12] i2c: rtl9300: ensure data length is within supported range

by Jonas Jelonek

Add an explicit check for the xfer length to 'rtl9300_i2c_config_xfer' to ensure the data length isn't within the supported range. In particular a data length of 0 is not supported by the hardware and causes unintended or destructive behaviour. This limitation becomes obvious when looking at the register documentation [1]. 4 bits are reserved for DATA_WIDTH and the value of these 4 bits is used as N + 1, allowing a data length range of 1 <= len <= 16. Affected by this is the SMBus Quick Operation which works with a data length of 0. Passing 0 as the length causes an underflow of the value due to: (len - 1) & 0xf and effectively specifying a transfer length of 16 via the registers. This causes a 16-byte write operation instead of a Quick Write. For example, on SFP modules without write-protected EEPROM this soft-bricks them by overwriting some initial bytes. For completeness, also add a quirk for the zero length. [1] https://svanheule.net/realtek/longan/register/i2c_mst1_ctrl2 Fixes: c366be720235 ("i2c: Add driver for the RTL9300 I2C controller") Cc: <stable(a)vger.kernel.org> # v6.13+ Signed-off-by: Jonas Jelonek <jelonek.jonas(a)gmail.com> Tested-by: Sven Eckelmann <sven(a)narfation.org> Reviewed-by: Chris Packham <chris.packham(a)alliedtelesis.co.nz> Tested-by: Chris Packham <chris.packham(a)alliedtelesis.co.nz> # On RTL9302C based board Tested-by: Markus Stockhausen <markus.stockhausen(a)gmx.de> --- drivers/i2c/busses/i2c-rtl9300.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/i2c/busses/i2c-rtl9300.c b/drivers/i2c/busses/i2c-rtl9300.c index 19c367703eaf..ebd4a85e1bde 100644 --- a/drivers/i2c/busses/i2c-rtl9300.c +++ b/drivers/i2c/busses/i2c-rtl9300.c @@ -99,6 +99,9 @@ static int rtl9300_i2c_config_xfer(struct rtl9300_i2c *i2c, struct rtl9300_i2c_c { u32 val, mask; + if (len < 1 || len > 16) + return -EINVAL; + val = chan->bus_freq << RTL9300_I2C_MST_CTRL2_SCL_FREQ_OFS; mask = RTL9300_I2C_MST_CTRL2_SCL_FREQ_MASK; @@ -352,7 +355,7 @@ static const struct i2c_algorithm rtl9300_i2c_algo = { }; static struct i2c_adapter_quirks rtl9300_i2c_quirks = { - .flags = I2C_AQ_NO_CLK_STRETCH, + .flags = I2C_AQ_NO_CLK_STRETCH | I2C_AQ_NO_ZERO_LEN, .max_read_len = 16, .max_write_len = 16, }; -- 2.48.1

2 weeks, 3 days

1
0
0 0

[PATCH v7 01/12] i2c: rtl9300: fix channel number bound check

by Jonas Jelonek

Fix the current check for number of channels (child nodes in the device tree). Before, this was: if (device_get_child_node_count(dev) >= RTL9300_I2C_MUX_NCHAN) RTL9300_I2C_MUX_NCHAN gives the maximum number of channels so checking with '>=' isn't correct because it doesn't allow the last channel number. Thus, fix it to: if (device_get_child_node_count(dev) > RTL9300_I2C_MUX_NCHAN) Issue occured on a TP-Link TL-ST1008F v2.0 device (8 SFP+ ports) and fix is tested there. Fixes: c366be720235 ("i2c: Add driver for the RTL9300 I2C controller") Cc: <stable(a)vger.kernel.org> # v6.13+ Signed-off-by: Jonas Jelonek <jelonek.jonas(a)gmail.com> Tested-by: Sven Eckelmann <sven(a)narfation.org> Reviewed-by: Chris Packham <chris.packham(a)alliedtelesis.co.nz> Tested-by: Chris Packham <chris.packham(a)alliedtelesis.co.nz> # On RTL9302C based board Tested-by: Markus Stockhausen <markus.stockhausen(a)gmx.de> --- drivers/i2c/busses/i2c-rtl9300.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/i2c/busses/i2c-rtl9300.c b/drivers/i2c/busses/i2c-rtl9300.c index 4b215f9a24e6..19c367703eaf 100644 --- a/drivers/i2c/busses/i2c-rtl9300.c +++ b/drivers/i2c/busses/i2c-rtl9300.c @@ -382,7 +382,7 @@ static int rtl9300_i2c_probe(struct platform_device *pdev) platform_set_drvdata(pdev, i2c); - if (device_get_child_node_count(dev) >= RTL9300_I2C_MUX_NCHAN) + if (device_get_child_node_count(dev) > RTL9300_I2C_MUX_NCHAN) return dev_err_probe(dev, -EINVAL, "Too many channels\n"); device_for_each_child_node(dev, child) { -- 2.48.1

2 weeks, 3 days

1
0
0 0

New September Order. 15508 Sunday, August 31, 2025 at 11:07:52 AM

by Info - Albinayah 957

Hi Stable, Please provide a quote for your products: Include: 1.Pricing (per unit) 2.Delivery cost & timeline 3.Quote expiry date Deadline: September Thanks! Kamal Prasad Albinayah Trading

2 weeks, 3 days

1
0
0 0

[PATCH 6.6 0/8] Backport sched/schedutil fixes and depend patch series

by Wentao Guan

Our user report a bug that his cpu keep the min cpu freq, bisect to commit ada8d7fa0ad49a2a078f97f7f6e02d24d3c357a3 ("sched/cpufreq: Rework schedutil governor performance estimation") and test the fix e37617c8e53a1f7fcba6d5e1041f4fd8a2425c27 ("sched/fair: Fix frequency selection for non-invariant case") works. And backport the "stable-deps-of" series: "consolidate and cleanup CPU capacity" Link: https://lore.kernel.org/all/20231211104855.558096-1-vincent.guittot@linaro.… PS: commit 50b813b147e9eb6546a1fc49d4e703e6d23691f2 in series ("cpufreq/cppc: Move and rename cppc_cpufreq_{perf_to_khz|khz_to_perf}()") merged in v6.6.59 as 33e89c16cea0882bb05c585fa13236b730dd0efa Vincent Guittot (8): sched/topology: Add a new arch_scale_freq_ref() method cpufreq: Use the fixed and coherent frequency for scaling capacity cpufreq/schedutil: Use a fixed reference frequency energy_model: Use a fixed reference frequency cpufreq/cppc: Set the frequency used for computing the capacity arm64/amu: Use capacity_ref_freq() to set AMU ratio topology: Set capacity_freq_ref in all cases sched/fair: Fix frequency selection for non-invariant case arch/arm/include/asm/topology.h | 1 + arch/arm64/include/asm/topology.h | 1 + arch/arm64/kernel/topology.c | 26 ++++++------ arch/riscv/include/asm/topology.h | 1 + drivers/base/arch_topology.c | 69 ++++++++++++++++++++----------- drivers/cpufreq/cpufreq.c | 4 +- include/linux/arch_topology.h | 8 ++++ include/linux/cpufreq.h | 1 + include/linux/energy_model.h | 6 +-- include/linux/sched/topology.h | 8 ++++ kernel/sched/cpufreq_schedutil.c | 30 +++++++++++++- 11 files changed, 111 insertions(+), 44 deletions(-) -- 2.20.1

2 weeks, 3 days

3
12
0 0

[PATCH v2] scsi: lpfc: Fix buffer free/clear order in deferred receive path

by John Evans

Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only then cleared the context pointer under the lock. Concurrent paths (e.g., ABTS and the repost path) also inspect and release the same pointer under the lock, so the old order could lead to double-free/UAF. Note that the repost path already uses the correct pattern: detach the pointer under the lock, then free it after dropping the lock. The deferred path should do the same. Fixes: 472e146d1cf3 ("scsi: lpfc: Correct upcalling nvmet_fc transport during io done downcall") Cc: stable(a)vger.kernel.org Signed-off-by: John Evans <evans1210144(a)gmail.com> --- v2: * Rework locking to read and clear the buffer pointer atomically, as suggested by Justin Tee. --- drivers/scsi/lpfc/lpfc_nvmet.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/drivers/scsi/lpfc/lpfc_nvmet.c b/drivers/scsi/lpfc/lpfc_nvmet.c index fba2e62027b7..4cfc928bcf2d 100644 --- a/drivers/scsi/lpfc/lpfc_nvmet.c +++ b/drivers/scsi/lpfc/lpfc_nvmet.c @@ -1243,7 +1243,7 @@ lpfc_nvmet_defer_rcv(struct nvmet_fc_target_port *tgtport, struct lpfc_nvmet_tgtport *tgtp; struct lpfc_async_xchg_ctx *ctxp = container_of(rsp, struct lpfc_async_xchg_ctx, hdlrctx.fcp_req); - struct rqb_dmabuf *nvmebuf = ctxp->rqb_buffer; + struct rqb_dmabuf *nvmebuf; struct lpfc_hba *phba = ctxp->phba; unsigned long iflag; @@ -1251,13 +1251,18 @@ lpfc_nvmet_defer_rcv(struct nvmet_fc_target_port *tgtport, lpfc_nvmeio_data(phba, "NVMET DEFERRCV: xri x%x sz %d CPU %02x\n", ctxp->oxid, ctxp->size, raw_smp_processor_id()); + spin_lock_irqsave(&ctxp->ctxlock, iflag); + nvmebuf = ctxp->rqb_buffer; if (!nvmebuf) { + spin_unlock_irqrestore(&ctxp->ctxlock, iflag); lpfc_printf_log(phba, KERN_INFO, LOG_NVME_IOERR, "6425 Defer rcv: no buffer oxid x%x: " "flg %x ste %x\n", ctxp->oxid, ctxp->flag, ctxp->state); return; } + ctxp->rqb_buffer = NULL; + spin_unlock_irqrestore(&ctxp->ctxlock, iflag); tgtp = phba->targetport->private; if (tgtp) @@ -1265,9 +1270,6 @@ lpfc_nvmet_defer_rcv(struct nvmet_fc_target_port *tgtport, /* Free the nvmebuf since a new buffer already replaced it */ nvmebuf->hrq->rqbp->rqb_free_buffer(phba, nvmebuf); - spin_lock_irqsave(&ctxp->ctxlock, iflag); - ctxp->rqb_buffer = NULL; - spin_unlock_irqrestore(&ctxp->ctxlock, iflag); } /** -- 2.43.0

2 weeks, 3 days

3
2
0 0

[regression] Wireguard fragmentation fails with VXLAN since 8930424777e4 ("tunnels: Accept PACKET_HOST skb_tunnel_check_pmtu().") causing network timeouts

by Salvatore Bonaccorso

Hi, Charles Bordet reported the following issue (full context in https://bugs.debian.org/1108860) > Dear Maintainer, > > What led up to the situation? > We run a production environment using Debian 12 VMs, with a network > topology involving VXLAN tunnels encapsulated inside Wireguard > interfaces. This setup has worked reliably for over a year, with MTU set > to 1500 on all interfaces except the Wireguard interface (set to 1420). > Wireguard kernel fragmentation allowed this configuration to function > without issues, even though the effective path MTU is lower than 1500. > > What exactly did you do (or not do) that was effective (or ineffective)? > We performed a routine system upgrade, updating all packages include the > kernel. After the upgrade, we observed severe network issues (timeouts, > very slow HTTP/HTTPS, and apt update failures) on all VMs behind the > router. SSH and small-packet traffic continued to work. > > To diagnose, we: > > * Restored a backup (with the previous kernel): the problem disappeared. > * Repeated the upgrade, confirming the issue reappeared. > * Systematically tested each kernel version from 6.1.124-1 up to > 6.1.140-1. The problem first appears with kernel 6.1.135-1; all earlier > versions work as expected. > * Kernel version from the backports (6.12.32-1) did not resolve the > problem. > > What was the outcome of this action? > > * With kernel 6.1.135-1 or later, network timeouts occur for > large-packet protocols (HTTP, apt, etc.), while SSH and small-packet > protocols work. > * With kernel 6.1.133-1 or earlier, everything works as expected. > > What outcome did you expect instead? > We expected the network to function as before, with Wireguard handling > fragmentation transparently and no application-level timeouts, > regardless of the kernel version. While triaging the issue we found that the commit 8930424777e4 ("tunnels: Accept PACKET_HOST in skb_tunnel_check_pmtu()." introduces the issue and Charles confirmed that the issue was present as well in 6.12.35 and 6.15.4 (other version up could potentially still be affected, but we wanted to check it is not a 6.1.y specific regression). Reverthing the commit fixes Charles' issue. Does that ring a bell? Regards, Salvatore

2 weeks, 4 days

3
3
0 0

[PATCH] net: dsa: mv88e6xxx: Fix fwnode reference leaks in mv88e6xxx_port_setup_leds

by Miaoqian Lin

Fix multiple fwnode reference leaks: 1. The function calls fwnode_get_named_child_node() to get the "leds" node, but never calls fwnode_handle_put(leds) to release this reference. 2. Within the fwnode_for_each_child_node() loop, the early return paths that don't properly release the "led" fwnode reference. This fix follows the same pattern as commit d029edefed39 ("net dsa: qca8k: fix usages of device_get_named_child_node()") Fixes: 94a2a84f5e9e ("net: dsa: mv88e6xxx: Support LED control") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- drivers/net/dsa/mv88e6xxx/leds.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/net/dsa/mv88e6xxx/leds.c b/drivers/net/dsa/mv88e6xxx/leds.c index 1c88bfaea46b..dcc765066f9c 100644 --- a/drivers/net/dsa/mv88e6xxx/leds.c +++ b/drivers/net/dsa/mv88e6xxx/leds.c @@ -779,6 +779,8 @@ int mv88e6xxx_port_setup_leds(struct mv88e6xxx_chip *chip, int port) continue; if (led_num > 1) { dev_err(dev, "invalid LED specified port %d\n", port); + fwnode_handle_put(led); + fwnode_handle_put(leds); return -EINVAL; } @@ -823,17 +825,23 @@ int mv88e6xxx_port_setup_leds(struct mv88e6xxx_chip *chip, int port) init_data.devname_mandatory = true; init_data.devicename = kasprintf(GFP_KERNEL, "%s:0%d:0%d", chip->info->name, port, led_num); - if (!init_data.devicename) + if (!init_data.devicename) { + fwnode_handle_put(led); + fwnode_handle_put(leds); return -ENOMEM; + } ret = devm_led_classdev_register_ext(dev, l, &init_data); kfree(init_data.devicename); if (ret) { dev_err(dev, "Failed to init LED %d for port %d", led_num, port); + fwnode_handle_put(led); + fwnode_handle_put(leds); return ret; } } + fwnode_handle_put(leds); return 0; } -- 2.35.1

2 weeks, 4 days

2
1
0 0

[PATCH 1/2] ALSA: hda: tas2781: fix tas2563 EFI data endianness

by Gergo Koteles

Before conversion to unify the calibration data management, the tas2563_apply_calib() function performed the big endian conversion and wrote the calibration data to the device. The writing is now done by the common tasdev_load_calibrated_data() function, but without conversion. Put the values into the calibration data buffer with the expected endianness. Fixes: 4fe238513407 ("ALSA: hda/tas2781: Move and unified the calibrated-data getting function for SPI and I2C into the tas2781_hda lib") Cc: <stable(a)vger.kernel.org> Signed-off-by: Gergo Koteles <soyer(a)irl.hu> --- sound/hda/codecs/side-codecs/tas2781_hda_i2c.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sound/hda/codecs/side-codecs/tas2781_hda_i2c.c b/sound/hda/codecs/side-codecs/tas2781_hda_i2c.c index e34b17f0c9b9..1eac751ab2a6 100644 --- a/sound/hda/codecs/side-codecs/tas2781_hda_i2c.c +++ b/sound/hda/codecs/side-codecs/tas2781_hda_i2c.c @@ -310,6 +310,7 @@ static int tas2563_save_calibration(struct tas2781_hda *h) struct cali_reg *r = &cd->cali_reg_array; unsigned int offset = 0; unsigned char *data; + __be32 bedata; efi_status_t status; unsigned int attr; int ret, i, j, k; @@ -351,6 +352,8 @@ static int tas2563_save_calibration(struct tas2781_hda *h) i, j, status); return -EINVAL; } + bedata = cpu_to_be32(*(uint32_t *)&data[offset]); + memcpy(&data[offset], &bedata, sizeof(bedata)); offset += TAS2563_CAL_DATA_SIZE; } } -- 2.51.0

2 weeks, 4 days

2
2
0 0

[PATCH 5.4 000/403] 5.4.297-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.297 release. There are 403 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 28 Aug 2025 11:08:17 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.297-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.297-rc1 Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/hypfs: Enable limited access during lockdown Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/hypfs: Avoid unnecessary ioctl registration in debugfs Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation William Liu <will(a)willsroot.io> net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate William Liu <will(a)willsroot.io> net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit Jason Xing <kernelxing(a)tencent.com> ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc Minhong He <heminhong(a)kylinos.cn> ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add Dan Carpenter <dan.carpenter(a)linaro.org> ALSA: usb-audio: Fix size validation in convert_chmap_v3() Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla4xxx: Prevent a potential error pointer dereference Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> usb: xhci: Fix slot_id resource race conflict Josef Bacik <josef(a)toxicpanda.com> nfs: fix UAF in direct writes Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix up commit deadlocks Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> cifs: Fix UAF in cifs_demultiplex_thread() Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: fix use-after-free in device_for_each_child() Davide Caratti <dcaratti(a)redhat.com> act_mirred: use the backlog for nested calls to mirred ingress Davide Caratti <dcaratti(a)redhat.com> net/sched: act_mirred: better wording on protection against excessive stack growth wenxu <wenxu(a)ucloud.cn> net/sched: act_mirred: refactor the handle of xmit Jiri Pirko <jiri(a)mellanox.com> selftests: forwarding: tc_actions.sh: add matchall mirror test Vlad Buslov <vladbu(a)mellanox.com> net: sched: don't expose action qstats to skb_tc_reinsert() Vlad Buslov <vladbu(a)mellanox.com> net: sched: extract qstats update code into functions Vlad Buslov <vladbu(a)mellanox.com> net: sched: extract bstats update code into function Vlad Buslov <vladbu(a)mellanox.com> net: sched: extract common action counters update code into function Lorenzo Stoakes <lstoakes(a)gmail.com> mm: perform the mapping_map_writable() check after call_mmap() Lorenzo Stoakes <lstoakes(a)gmail.com> mm: update memfd seal write check to include F_SEAL_WRITE Lorenzo Stoakes <lstoakes(a)gmail.com> mm: drop the assumption that VM_SHARED always implies writable Cong Wang <xiyou.wangcong(a)gmail.com> codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() Cong Wang <xiyou.wangcong(a)gmail.com> sch_qfq: make qfq_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_hfsc: make hfsc_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_drr: make drr_qlen_notify() idempotent Qu Wenruo <wqu(a)suse.com> btrfs: populate otime when logging an inode item Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com> media: venus: hfi: explicitly release IRQ during teardown Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-boundary access in dnode page Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com> media: venus: protect against spurious interrupts during probe Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> media: qcom: camss: cleanup media device allocated resource on error path Ricardo Ribalda <ribalda(a)chromium.org> media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. Imre Deak <imre.deak(a)intel.com> drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Fix duty and period setting Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Handle hardware enable and clock enable separately Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: mediatek: Implement .apply() callback Gui-Dong Han <hanguidong02(a)gmail.com> media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: v4l2-ctrls: always copy the controls on completion Damien Le Moal <dlemoal(a)kernel.org> ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: mdt_loader: Ensure we don't read past the ELF header Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 Johan Hovold <johan(a)kernel.org> usb: musb: omap2430: fix device leak at unbind Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix the setting of capabilities when automounting a new filesystem Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix nfs4_bitmap_copy_adjust() Sebastian Reichel <sebastian.reichel(a)collabora.com> usb: typec: fusb302: cache PD RX state Oliver Neukum <oneukum(a)suse.com> cdc-acm: fix race between initial clearing halt and open Johan Hovold <johan(a)kernel.org> USB: cdc-acm: do not log successful probe on later errors Breno Leitao <leitao(a)debian.org> mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock He Zhe <zhe.he(a)windriver.com> mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() Dave Hansen <dave.hansen(a)linux.intel.com> x86/fpu: Delay instruction pointer fixup until after warning Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery Jeff Layton <jlayton(a)kernel.org> nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Maulik Shah <maulik.shah(a)oss.qualcomm.com> pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov Steven Rostedt <rostedt(a)goodmis.org> tracing: Add down_write(trace_event_sem) when adding trace event Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: hub: Don't try to recover devices lost during warm reset. Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: hub: avoid warm port reset during USB3 disconnect Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Add default names for MCA banks and blocks Zhang Lixu <lixu.zhang(a)intel.com> iio: hid-sensor-prox: Fix incorrect OFFSET calculation Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on ino and xnid Harry Yoo <harry.yoo(a)oracle.com> mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n Miaohe Lin <linmiaohe(a)huawei.com> mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage() Lin.Cao <lincao12(a)amd.com> drm/sched: Remove optimization that causes hang when killing dependent jobs Haoxiang Li <haoxiang_li2024(a)163.com> ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Ammar Faizi <ammarfaizi2(a)gnuweeb.org> net: usbnet: Fix the wrong netif_carrier_on() call John Ernberg <john.ernberg(a)actia.se> net: usbnet: Avoid potential RCU stall on LINK_CHANGE event Lukas Wunner <lukas(a)wunner.de> PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports Li Zhong <floridsleeves(a)gmail.com> ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value Ian Abbott <abbotti(a)mev.co.uk> comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large Ian Abbott <abbotti(a)mev.co.uk> comedi: Fix initialization of data for instructions that write to subdevice Nathan Chancellor <nathan(a)kernel.org> kbuild: Add KBUILD_CPPFLAGS to as-option invocation Masahiro Yamada <masahiroy(a)kernel.org> kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS Nathan Chancellor <nathan(a)kernel.org> kbuild: Add CLANG_FLAGS to as-instr Nathan Chancellor <nathan(a)kernel.org> mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation Nick Desaulniers <ndesaulniers(a)google.com> kbuild: Update assembler calls to use proper flags and language target Nathan Chancellor <nathan(a)kernel.org> ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Ignore late xferNotReady event to prevent halt timeout Zenm Chen <zenmchen(a)gmail.com> USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles Thorsten Blum <thorsten.blum(a)linux.dev> usb: storage: realtek_cr: Use correct byte order for bcs->Residue Mael GUERIN <mael.guerin(a)murena.io> USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera Miao Li <limiao(a)kylinos.cn> usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive David Lechner <dlechner(a)baylibre.com> iio: proximity: isl29501: fix buffered read on big-endian systems Steven Rostedt <rostedt(a)goodmis.org> ftrace: Also allocate and copy hash for reading of filter files Xu Yilun <yilun.xu(a)linux.intel.com> fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() Al Viro <viro(a)zeniv.linux.org.uk> use uniform permission checks for all mount propagation changes Pavel Tikhomirov <ptikhomirov(a)virtuozzo.com> move_mount: allow to add a mount into an existing group Ye Bin <yebin10(a)huawei.com> fs/buffer: fix use-after-free when call bh_read() helper Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 Phillip Lougher <phillip(a)squashfs.org.uk> squashfs: fix memory leak in squashfs_fill_super Jiayi Li <lijiayi(a)kylinos.cn> memstick: Fix deadlock by moving removing flag earlier Vedang Nagar <quic_vnagar(a)quicinc.com> media: venus: Add a check for packet size after reading from shared memory Zhang Shurong <zhang_shurong(a)foxmail.com> media: ov2659: Fix memory leaks in ov2659_probe() Ludwig Disterhof <ludwig(a)disterhof.eu> media: usbtv: Lock resolution while streaming Haoxiang Li <haoxiang_li2024(a)163.com> media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() Dan Carpenter <dan.carpenter(a)linaro.org> media: gspca: Add bounds checking to firmware parser Jon Hunter <jonathanh(a)nvidia.com> soc/tegra: pmc: Ensure power-domains are in a known state Baokun Li <libaokun1(a)huawei.com> jbd2: prevent softlockup in jbd2_log_do_checkpoint() Damien Le Moal <dlemoal(a)kernel.org> PCI: endpoint: Fix configfs group removal on driver teardown Damien Le Moal <dlemoal(a)kernel.org> PCI: endpoint: Fix configfs group list head handling Thomas Fourier <fourier.thomas(a)gmail.com> mtd: rawnand: fsmc: Add missing check after DMA map Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> pwm: imx-tpm: Reset counter if CMOD is 0 Nathan Chancellor <nathan(a)kernel.org> wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() Marek Szyprowski <m.szyprowski(a)samsung.com> zynq_fpga: use sgtable-based scatterlist wrappers Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_to_sense_error() status handling Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: fix reserved gdt blocks handling in fsmap Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: fix fsmap end of range reporting with bigalloc Andreas Dilger <adilger(a)dilger.ca> ext4: check fast symlink for ea_inode correctly Helge Deller <deller(a)gmx.de> Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> vt: defkeymap: Map keycodes above 127 to K_HOLE Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> vt: keyboard: Don't process Unicode characters in K_OFF mode Johan Hovold <johan(a)kernel.org> usb: dwc3: meson-g12a: fix device leaks at unbind Johan Hovold <johan(a)kernel.org> usb: gadget: udc: renesas_usb3: fix device leak at unbind Nathan Chancellor <nathan(a)kernel.org> usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() Finn Thain <fthain(a)linux-m68k.org> m68k: Fix lost column on framebuffer debug console Dan Carpenter <dan.carpenter(a)linaro.org> cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() Yunhui Cui <cuiyunhui(a)bytedance.com> serial: 8250: fix panic due to PSLVERR Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Do not mark valid metadata as invalid Youngjun Lee <yjjuny.lee(a)samsung.com> media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Waiman Long <longman(a)redhat.com> mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() Randy Dunlap <rdunlap(a)infradead.org> parisc: Makefile: fix a typo in palo.conf Filipe Manana <fdmanana(a)suse.com> btrfs: fix log tree replay failure due to file with 0 links and extents Eric Biggers <ebiggers(a)kernel.org> thunderbolt: Fix copy+paste error in match_service_id() Ian Abbott <abbotti(a)mev.co.uk> comedi: fix race between polling and detaching Ricky Wu <ricky_wu(a)realtek.com> misc: rtsx: usb: Ensure mmc child device is active when card is present Jack Xiao <Jack.Xiao(a)amd.com> drm/amdgpu: fix incorrect vm flags to map bo Jiasheng Jiang <jiashengjiangcool(a)gmail.com> scsi: lpfc: Remove redundant assignment to avoid memory leak Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix uninited ptr deref in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Handle RPC size limit for layoutcommits Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix disk addr range check in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix stripe mapping in block/scsi layout Buday Csaba <buday.csaba(a)prolan.hu> net: phy: smsc: add proper reset flags for LAN8710A Corey Minyard <corey(a)minyard.net> ipmi: Fix strcpy source and destination the same Yann E. MORIN <yann.morin.1998(a)free.fr> kconfig: lxdialog: fix 'space' to (de)select options Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: fix potential memory leak in renderer_edited() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() Breno Leitao <leitao(a)debian.org> ipmi: Use dev_warn_ratelimited() for incorrect message warnings John Garry <john.g.garry(a)oracle.com> scsi: aacraid: Stop using PCI_IRQ_AFFINITY Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans Shankari Anand <shankari.ak0208(a)gmail.com> kconfig: nconf: Ensure null termination where strncpy is used Suchit Karunakaran <suchitkarunakaran(a)gmail.com> kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: don't fail if GETHDRCAP is unsupported Timothy Pearson <tpearson(a)raptorengineering.com> PCI: pnv_php: Work around switches with broken presence detection Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: add missing include to internal header chenchangcheng <chenchangcheng(a)kylinos.cn> media: uvcvideo: Fix bandwidth issue for Alcor camera Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() Wolfram Sang <wsa+renesas(a)sang-engineering.com> media: usb: hdpvr: disable zero-length read messages Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Increase FIFO trigger level to 374 Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Return an appropriate colorspace from tc358743_set_fmt Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Check I2C succeeded during probe Cheick Traore <cheick.traore(a)foss.st.com> pinctrl: stm32: Manage irq affinity settings Damien Le Moal <dlemoal(a)kernel.org> scsi: mpt3sas: Correctly handle ATA device errors Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Yury Norov [NVIDIA] <yury.norov(a)gmail.com> RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Arnaud Lecomte <contact(a)arnaud-lcm.com> jfs: upper bound check of tree index in dbAllocAG Edward Adam Davis <eadavis(a)qq.com> jfs: Regular file corruption check Lizhi Xu <lizhi.xu(a)windriver.com> jfs: truncate good inode pages when hard link is 0 jackysliu <1972843537(a)qq.com> scsi: bfa: Double-free fix Shiji Yang <yangshiji66(a)outlook.com> MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} Sebastian Reichel <sebastian.reichel(a)collabora.com> watchdog: dw_wdt: Fix default timeout Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> fs/orangefs: use snprintf() instead of sprintf() Showrya M N <showrya(a)chelsio.com> scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Theodore Ts'o <tytso(a)mit.edu> ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr Pali Rohár <pali(a)kernel.org> cifs: Fix calling CIFSFindFirst() for root path without msearch Jason Wang <jasowang(a)redhat.com> vhost: fail early when __vhost_add_used() fails Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 Jakub Kicinski <kuba(a)kernel.org> uapi: in6: restore visibility of most IPv6 socket options Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com> net: ncsi: Fix buffer overflow in fetching version id Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 Gal Pressman <gal(a)nvidia.com> net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs Stanislaw Gruszka <stf_xl(a)wp.pl> wifi: iwlegacy: Check rate_idx range after addition Mina Almasry <almasrymina(a)google.com> netmem: fix skb_frag_address_safe with unreadable skbs Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. Pagadala Yesu Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Rand Deeb <rand.sec96(a)gmail.com> wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Jonas Rebmann <jre(a)pengutronix.de> net: fec: allow disable coalescing Thomas Fourier <fourier.thomas(a)gmail.com> (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer Sven Schnelle <svens(a)linux.ibm.com> s390/stp: Remove udelay from stp_sync_clock() Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: fix scan request validation Alok Tiwari <alok.a.tiwari(a)oracle.com> net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix incorrect MTU in broadcast routes Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Fix interface type validation Paul E. McKenney <paulmck(a)kernel.org> rcu: Protect ->defer_qs_iw_pending from data race Thomas Fourier <fourier.thomas(a)gmail.com> net: ag71xx: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> et131x: Add missing check after DMA map Alok Tiwari <alok.a.tiwari(a)oracle.com> be2net: Use correct byte order and format string for TCP seq and ack_seq Sven Schnelle <svens(a)linux.ibm.com> s390/time: Use monotonic clock in get_cycles() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: reject HTC bit for management frames Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Prevent recursion of default variable options Xinxin Wan <xinxin.wan(a)intel.com> ASoC: codecs: rt5640: Retry DEVICE_ID verification Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Lucy Thrun <lucy.thrun(a)digital-rabbithole.de> ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Kees Cook <kees(a)kernel.org> platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches Gautham R. Shenoy <gautham.shenoy(a)amd.com> pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() Oliver Neukum <oneukum(a)suse.com> usb: core: usb_submit_urb: downgrade type check Alok Tiwari <alok.a.tiwari(a)oracle.com> ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 Mark Brown <broonie(a)kernel.org> ASoC: hdac_hdmi: Rate limit logging on connection and disconnection Ulf Hansson <ulf.hansson(a)linaro.org> mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Breno Leitao <leitao(a)debian.org> ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path Sebastian Ott <sebott(a)redhat.com> ACPI: processor: fix acpi_object initialization tuhaowen <tuhaowen(a)uniontech.com> PM: sleep: console: Fix the black screen issue Hsin-Te Yuan <yuanhsinte(a)chromium.org> thermal: sysfs: Return ENODATA instead of EAGAIN for reads Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests: tracing: Use mutex_unlock for testing glob filter Aaron Kling <webgeek1234(a)gmail.com> ARM: tegra: Use I/O memcpy to write to IRAM Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: tps65912: check the return value of regmap_update_bits() Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed Alexander Kochetkov <al.kochet(a)gmail.com> ARM: rockchip: fix kernel hang during smp initialization Lifeng Zheng <zhenglifeng1(a)huawei.com> cpufreq: Exit governor when failed to start old governor Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing errors during surprise removal Jay Chen <shawn2000100(a)gmail.com> usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing warnings for dying controller Cynthia Huang <cynthia(a)andestech.com> selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t Prashant Malani <pmalani(a)google.com> cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag Su Hui <suhui(a)nfschina.com> usb: xhci: print xhci->xhc_state when queue_command failed Al Viro <viro(a)zeniv.linux.org.uk> securityfs: don't pin dentries twice, once is enough... Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix not erasing deleted b-tree node issue Sarah Newman <srn(a)prgmr.com> drbd: add missing kref_get in handle_write_conflicts Jan Kara <jack(a)suse.cz> udf: Verify partition map count Kees Cook <kees(a)kernel.org> arm64: Handle KCOV __init vs inline mismatches Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix slab-out-of-bounds in hfs_bnode_read() Xin Long <lucien.xin(a)gmail.com> sctp: linearize cloned gso packets in sctp_rcv Florian Westphal <fw(a)strlen.de> netfilter: ctnetlink: fix refcount leak on table dump Sabrina Dubroca <sd(a)queasysnail.net> udp: also consider secpath when evaluating ipsec use for checksumming Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: processor: perflib: Move problematic pr->performance check Jiayi Li <lijiayi(a)kylinos.cn> ACPI: processor: perflib: Fix initial _PPC limit application Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Documentation: ACPI: Fix parent device references Sasha Levin <sashal(a)kernel.org> fs: Prevent file descriptor table allocations exceeding INT_MAX Ma Ke <make24(a)iscas.ac.cn> sunvdc: Balance device refcount in vdc_port_mpgroup_check Dai Ngo <dai.ngo(a)oracle.com> NFSD: detect mismatch of file handle and delegation stateid in OPEN op Johan Hovold <johan(a)kernel.org> net: dpaa: fix device leak when querying time stamp info Johan Hovold <johan(a)kernel.org> net: gianfar: fix device leak when querying time stamp info Fedor Pchelkin <pchelkin(a)ispras.ru> netlink: avoid infinite retry looping in netlink_unicast() Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 cluster segment descriptors Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 power domain descriptors, too Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't use int for ABI Tao Xue <xuetao09(a)huawei.com> usb: gadget : fix use-after-free in composite_dev_cleanup() Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: mm: tlb-r4k: Uniquify TLB entries on init Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W709 Budimir Markovic <markovicbudimir(a)gmail.com> vsock: Do not allow binding to VMADDR_PORT_ANY Quang Le <quanglex97(a)gmail.com> net/packet: fix a race in packet_set_ring() and packet_notifier() Thomas Gleixner <tglx(a)linutronix.de> perf/core: Prevent VMA split of buffer mappings Thomas Gleixner <tglx(a)linutronix.de> perf/core: Exit early on perf_mmap() fail Thomas Gleixner <tglx(a)linutronix.de> perf/core: Don't leak AUX buffer refcount on allocation failure Eric Dumazet <edumazet(a)google.com> pptp: fix pptp_xmit() error path Stefan Metzmacher <metze(a)samba.org> smb: client: let recv_done() cleanup before notifying the callers. Michal Schmidt <mschmidt(a)redhat.com> benet: fix BUG when creating VFs Wang Liang <wangliang74(a)huawei.com> net: drop UFO packets in udp_rcv_segment() Eric Dumazet <edumazet(a)google.com> ipv6: reject malicious packets in ipv6_gso_segment() Eric Dumazet <edumazet(a)google.com> pptp: ensure minimal skb length in pptp_xmit() Jakub Kicinski <kuba(a)kernel.org> netpoll: prevent hanging NAPI when netcons gets enabled Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() Frederic Barrat <fbarrat(a)linux.ibm.com> pci/hotplug/pnv-php: Wrap warnings in macro Frederic Barrat <fbarrat(a)linux.ibm.com> pci/hotplug/pnv-php: Improve error msg on power state change failure Peter Chen <peter.chen(a)nxp.com> usb: chipidea: udc: fix sleeping function called from invalid context Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-boundary access in devs.path Chao Yu <chao(a)kernel.org> f2fs: fix to avoid panic in f2fs_evict_inode Chao Yu <chao(a)kernel.org> f2fs: fix to avoid UAF in f2fs_sync_inode_meta() Brian Masney <bmasney(a)redhat.com> rtc: pcf8563: fix incorrect maximum clock rate handling Brian Masney <bmasney(a)redhat.com> rtc: hym8563: fix incorrect maximum clock rate handling Brian Masney <bmasney(a)redhat.com> rtc: ds1307: fix incorrect maximum clock rate handling Petr Pavlu <petr.pavlu(a)suse.com> module: Restore the moduleparam prefix length check Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Check flow_dissector ctx accesses are aligned Balamanikandan Gunasundar <balamanikandan.gunasundar(a)microchip.com> mtd: rawnand: atmel: set pmecc data setup time Thomas Fourier <fourier.thomas(a)gmail.com> mtd: rawnand: atmel: Fix dma_mapping_error() address Zheng Yu <zheng.yu(a)northwestern.edu> jfs: fix metapage reference count leak in dbAllocCtl Chenyuan Yang <chenyuan0y(a)gmail.com> fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - fix seq_file position update in adf_ring_next() Thomas Fourier <fourier.thomas(a)gmail.com> dmaengine: nbpfaxi: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> dmaengine: mv_xor: Fix missing check after DMA map and missing unmap Dan Carpenter <dan.carpenter(a)linaro.org> fs/orangefs: Allow 2 more characters in do_c_string() Bard Liao <yung-chuan.liao(a)linux.intel.com> soundwire: stream: restore params when prepare ports fail Thomas Fourier <fourier.thomas(a)gmail.com> crypto: img-hash - Fix dma_unmap_sg() nents value Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> hwrng: mtk - handle devm_pm_runtime_enable errors Dan Carpenter <dan.carpenter(a)linaro.org> watchdog: ziirave_wdt: check record length in ziirave_firm_verify() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: isci: Fix dma_unmap_sg() nents value Thomas Fourier <fourier.thomas(a)gmail.com> scsi: mvsas: Fix dma_unmap_sg() nents value Thomas Fourier <fourier.thomas(a)gmail.com> scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value Paul Kocialkowski <paulk(a)sys-base.io> clk: sunxi-ng: v3s: Fix de clock definition Leo Yan <leo.yan(a)arm.com> perf tests bp_account: Fix leaked file descriptor Mengbiao Xiong <xisme1998(a)gmail.com> crypto: ccp - Fix crash when rebind ccp device for ccp.ko Yuan Chen <chenyuan(a)kylinos.cn> pinctrl: sunxi: Fix memory leak on krealloc failure Charles Han <hanchunchao(a)inspur.com> power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set Henry Martin <bsdhenrymartin(a)gmail.com> clk: davinci: Add NULL check in davinci_lpsc_clk_register() Ivan Stepchenko <sid(a)itb.spb.ru> mtd: fix possible integer overflow in erase_xfer() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Fix engine load inaccuracy Hans Zhang <18255117159(a)163.com> PCI: rockchip-host: Fix "Unexpected Completion" log message Stanislav Fomichev <sdf(a)fomichev.me> vrf: Drop existing dst reference in vrf_ip6_input_dst Xiumei Mu <xmu(a)redhat.com> selftests: rtnetlink.sh: remove esp4_offload after test Florian Westphal <fw(a)strlen.de> netfilter: xt_nfacct: don't assume acct name is null-terminated Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Assign netdev.dev_port based on device channel index Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_pciefd: Store device channel index Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com> wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE Remi Pommarel <repk(a)triplefau.lt> Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Thomas Fourier <fourier.thomas(a)gmail.com> mwl8k: Add missing check after DMA map Martin Kaistra <martin.kaistra(a)linutronix.de> wifi: rtl8xxxu: Fix RX skb size for aggregation disabled William Liu <will(a)willsroot.io> net/sched: Restrict conditions for adding duplicating netems to qdisc tree Johan Korsnes <johan.korsnes(a)gmail.com> arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX Fedor Pchelkin <pchelkin(a)ispras.ru> netfilter: nf_tables: adjust lockdep assertions handling Fedor Pchelkin <pchelkin(a)ispras.ru> drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value Finn Thain <fthain(a)linux-m68k.org> m68k: Don't unregister boot console needlessly xin.guo <guoxin0309(a)gmail.com> tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range Jiasheng Jiang <jiasheng(a)iscas.ac.cn> iwlwifi: Add missing check for alloc_ordered_workqueue Xiu Jianfeng <xiujianfeng(a)huawei.com> wifi: iwlwifi: Fix memory leak in iwl_mvm_init() Daniil Dulov <d.dulov(a)aladdin.ru> wifi: rtl818x: Kill URBs before clearing tx status queue Arnd Bergmann <arnd(a)arndb.de> caif: reduce stack size, again Yuan Chen <chenyuan(a)kylinos.cn> bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls Alok Tiwari <alok.a.tiwari(a)oracle.com> staging: nvec: Fix incorrect null termination of battery manufacturer Brahmajit Das <listout(a)listout.xyz> samples: mei: Fix building on musl libc Lifeng Zheng <zhenglifeng1(a)huawei.com> cpufreq: Init policy->rwsem before it may be possibly used Annette Kobou <annette.kobou(a)kontron.de> ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface Lucas De Marchi <lucas.demarchi(a)intel.com> usb: early: xhci-dbc: Fix early_ioremap leak Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "vmci: Prevent the dispatching of uninitialized payloads" Denis OSTERLAND-HEIM <denis.osterland(a)diehl.com> pps: fix poll support Lizhi Xu <lizhi.xu(a)windriver.com> vmci: Prevent the dispatching of uninitialized payloads Abdun Nihaal <abdun.nihaal(a)gmail.com> staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: vfxxx: Correctly use two tuples for timer address Arnd Bergmann <arnd(a)arndb.de> ASoC: ops: dynamically allocate struct snd_ctl_elem_value Yangtao Li <frank.li(a)vivo.com> hfsplus: remove mutex_lock check in hfsplus_free_extents Arnd Bergmann <arnd(a)arndb.de> ASoC: Intel: fix SND_SOC_SOF dependencies Arnd Bergmann <arnd(a)arndb.de> ethernet: intel: fix building with large NR_CPUS Xu Yang <xu.yang_2(a)nxp.com> usb: phy: mxs: disconnect line when USB charger is attached Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: add USB PHY event Peter Chen <peter.chen(a)nxp.com> usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use Jun Li <jun.li(a)nxp.com> usb: chipidea: udc: protect usb interrupt enable Peter Chen <peter.chen(a)nxp.com> usb: chipidea: udc: add new API ci_hdrc_gadget_connect Daniel Dadap <ddadap(a)nvidia.com> ALSA: hda: Add missing NVIDIA HDA codec IDs Ian Abbott <abbotti(a)mev.co.uk> comedi: comedi_test: Fix possible deletion of uninitialized timers Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: reject invalid file types when reading inodes Yang Xiwen <forbidden405(a)outlook.com> i2c: qup: jump out of the loop in case of timeout Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class Kito Xu (veritas501) <hxzene(a)gmail.com> net: appletalk: Fix use-after-free in AARP proxy probe Andrew Lunn <andrew(a)lunn.ch> net: appletalk: fix kerneldoc warnings Maor Gottlieb <maorg(a)nvidia.com> RDMA/core: Rate limit GID cache warning messages Alessandro Carminati <acarmina(a)redhat.com> regulator: core: fix NULL dereference on unbind due to stale coupling data Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: hub: fix detection of high tier USB3 devices behind suspended hubs Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: reject invalid perturb period Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: move the limit validation Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: use a temporary work area for validating configuration Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: don't allow 1 packet limit Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: handle bigger packets Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: annotate data-races around q->perturb_period Zheng Wang <zyytlz.wz(a)163.com> power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition Minghao Chi <chi.minghao(a)zte.com.cn> power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync Dinghao Liu <dinghao.liu(a)zju.edu.cn> power: supply: bq24190_charger: Fix runtime PM imbalance on error Hongyu Xie <xiehongyu1(a)kylinos.cn> xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: ensure the received length does not exceed allocated size Arun Raghavan <arun(a)asymptotic.io> ASoC: fsl_sai: Force a software reset when starting in consumer mode Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> usb: dwc3: qcom: Don't leave BCR asserted Drew Hamilton <drew.hamilton(a)zetier.com> usb: musb: fix gadget state on disconnect William Liu <will(a)willsroot.io> net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree Dong Chenchen <dongchenchen2(a)huawei.com> net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: If an unallowed command is received consider it a failure Kuniyuki Iwashima <kuniyu(a)google.com> Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() Oliver Neukum <oneukum(a)suse.com> usb: net: sierra: check for no status endpoint Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Fix race condition on qfq_aggregate Alok Tiwari <alok.a.tiwari(a)oracle.com> net: emaclite: Fix missing pointer increment in aligned_read() Ian Abbott <abbotti(a)mev.co.uk> comedi: Fix use of uninitialized data in insn_rw_emulate_bits() Ian Abbott <abbotti(a)mev.co.uk> comedi: Fix some signed shift left operations Ian Abbott <abbotti(a)mev.co.uk> comedi: das6402: Fix bit shift out of bounds Ian Abbott <abbotti(a)mev.co.uk> comedi: das16m1: Fix bit shift out of bounds Ian Abbott <abbotti(a)mev.co.uk> comedi: aio_iiro_16: Fix bit shift out of bounds Ian Abbott <abbotti(a)mev.co.uk> comedi: pcl812: Fix bit shift out of bounds Chen Ni <nichen(a)iscas.ac.cn> iio: adc: stm32-adc: Fix race in installing chained IRQ handler Fabio Estevam <festevam(a)denx.de> iio: adc: max1363: Reorder mode_list[] entries Fabio Estevam <festevam(a)denx.de> iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] Andrew Jeffery <andrew(a)codeconstruct.com.au> soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Andrew Jeffery <andrew(a)codeconstruct.com.au> soc: aspeed: lpc-snoop: Cleanup resources in stack-order Judith Mendez <jm(a)ti.com> mmc: sdhci_am654: Workaround for Errata i2312 Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models Thomas Fourier <fourier.thomas(a)gmail.com> mmc: bcm2835: Fix dma_unmap_sg() nents value Nathan Chancellor <nathan(a)kernel.org> memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() Jan Kara <jack(a)suse.cz> isofs: Verify inode mode when loading from disk Dan Carpenter <dan.carpenter(a)linaro.org> dmaengine: nbpfaxi: Fix memory corruption in probe() Yun Lu <luyun(a)kylinos.cn> af_packet: fix soft lockup issue caused by tpacket_snd() Yun Lu <luyun(a)kylinos.cn> af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() Nathan Chancellor <nathan(a)kernel.org> phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() Benjamin Tissoires <bentiss(a)kernel.org> HID: core: do not bypass hid_hw_raw_request Benjamin Tissoires <bentiss(a)kernel.org> HID: core: ensure __hid_request reserves the report ID as the first byte Benjamin Tissoires <bentiss(a)kernel.org> HID: core: ensure the allocated report buffer can contain the reserved report ID Thomas Fourier <fourier.thomas(a)gmail.com> pch_uart: Fix dma_sync_sg_for_device() nents value Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - set correct controller type for Acer NGR200 Clément Le Goffic <clement.legoffic(a)foss.st.com> i2c: stm32: fix the device used for the DMA map Xinyu Liu <1171169449(a)qq.com> usb: gadget: configfs: Fix OOB read on empty string write Ryan Mann (NDI) <rmann(a)ndigital.com> USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W640 Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition ------------- Diffstat: Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 +- Makefile | 7 +- arch/arm/Makefile | 2 +- arch/arm/boot/dts/imx6ul-kontron-n6310-s.dts | 1 - arch/arm/boot/dts/vfxxx.dtsi | 2 +- arch/arm/mach-rockchip/platsmp.c | 15 +- arch/arm/mach-tegra/reset.c | 2 +- arch/arm64/include/asm/acpi.h | 2 +- arch/m68k/Kconfig.debug | 2 +- arch/m68k/kernel/early_printk.c | 42 +-- arch/m68k/kernel/head.S | 39 ++- arch/mips/Makefile | 2 +- arch/mips/include/asm/vpe.h | 8 + arch/mips/kernel/process.c | 16 +- arch/mips/mm/tlb-r4k.c | 56 +++- arch/parisc/Makefile | 2 +- arch/powerpc/configs/ppc6xx_defconfig | 1 - arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 +- arch/s390/hypfs/hypfs_dbfs.c | 19 +- arch/s390/include/asm/timex.h | 13 +- arch/s390/kernel/time.c | 2 +- arch/x86/kernel/cpu/mce/amd.c | 13 +- arch/x86/mm/extable.c | 5 +- drivers/acpi/acpi_processor.c | 2 +- drivers/acpi/apei/ghes.c | 2 + drivers/acpi/processor_idle.c | 4 +- drivers/acpi/processor_perflib.c | 11 + drivers/ata/Kconfig | 35 ++- drivers/ata/libata-scsi.c | 20 +- drivers/base/power/domain_governor.c | 18 +- drivers/base/power/runtime.c | 5 + drivers/block/drbd/drbd_receiver.c | 6 +- drivers/block/sunvdc.c | 4 +- drivers/char/hw_random/mtk-rng.c | 4 +- drivers/char/ipmi/ipmi_msghandler.c | 8 +- drivers/char/ipmi/ipmi_watchdog.c | 59 +++-- drivers/clk/davinci/psc.c | 5 + drivers/clk/sunxi-ng/ccu-sun8i-v3s.c | 3 +- drivers/cpufreq/armada-8k-cpufreq.c | 2 +- drivers/cpufreq/cppc_cpufreq.c | 2 +- drivers/cpufreq/cpufreq.c | 11 +- drivers/crypto/ccp/ccp-debugfs.c | 3 + drivers/crypto/img-hash.c | 2 +- drivers/crypto/marvell/cipher.c | 4 +- drivers/crypto/marvell/hash.c | 5 +- .../crypto/qat/qat_common/adf_transport_debug.c | 4 +- drivers/dma/mv_xor.c | 21 +- drivers/dma/nbpfaxi.c | 24 +- drivers/fpga/zynq-fpga.c | 10 +- drivers/gpio/gpio-tps65912.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- .../gpu/drm/amd/display/dc/bios/command_table.c | 2 +- .../amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 30 ++- drivers/gpu/drm/amd/powerplay/hwmgr/smu_helper.c | 2 +- drivers/gpu/drm/drm_dp_helper.c | 2 +- drivers/gpu/drm/scheduler/sched_entity.c | 23 +- drivers/hid/hid-core.c | 21 +- drivers/i2c/busses/i2c-qup.c | 4 +- drivers/i2c/busses/i2c-stm32.c | 8 +- drivers/i2c/busses/i2c-stm32f7.c | 4 +- drivers/i3c/internals.h | 1 + drivers/i3c/master.c | 2 +- drivers/iio/adc/max1363.c | 43 ++- drivers/iio/adc/stm32-adc-core.c | 7 +- drivers/iio/light/hid-sensor-prox.c | 3 +- drivers/iio/proximity/isl29501.c | 14 +- drivers/infiniband/core/cache.c | 4 +- drivers/infiniband/hw/hfi1/affinity.c | 44 +-- drivers/input/joystick/xpad.c | 2 +- drivers/media/dvb-frontends/dib7000p.c | 8 + drivers/media/i2c/ov2659.c | 3 +- drivers/media/i2c/tc358743.c | 86 +++--- drivers/media/platform/qcom/camss/camss.c | 4 +- drivers/media/platform/qcom/venus/core.c | 8 +- drivers/media/platform/qcom/venus/core.h | 2 + drivers/media/platform/qcom/venus/hfi_venus.c | 5 + drivers/media/platform/qcom/venus/vdec.c | 5 +- drivers/media/usb/gspca/vicam.c | 10 +- drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 + drivers/media/usb/rainshadow-cec/rainshadow-cec.c | 3 +- drivers/media/usb/usbtv/usbtv-video.c | 4 + drivers/media/usb/uvc/uvc_driver.c | 3 + drivers/media/usb/uvc/uvc_video.c | 21 +- drivers/media/v4l2-core/v4l2-ctrls.c | 37 ++- drivers/memstick/core/memstick.c | 3 +- drivers/memstick/host/rtsx_usb_ms.c | 1 + drivers/misc/cardreader/rtsx_usb.c | 16 +- drivers/mmc/host/bcm2835.c | 3 +- drivers/mmc/host/rtsx_usb_sdmmc.c | 4 +- drivers/mmc/host/sdhci-pci-core.c | 3 +- drivers/mmc/host/sdhci_am654.c | 9 +- drivers/mtd/ftl.c | 2 +- drivers/mtd/nand/raw/atmel/nand-controller.c | 2 +- drivers/mtd/nand/raw/atmel/pmecc.c | 6 + drivers/mtd/nand/raw/fsmc_nand.c | 2 + drivers/net/can/kvaser_pciefd.c | 1 + drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 + drivers/net/dsa/b53/b53_common.c | 31 ++- drivers/net/dsa/b53/b53_regs.h | 1 + drivers/net/ethernet/agere/et131x.c | 36 +++ drivers/net/ethernet/atheros/ag71xx.c | 9 + drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +- drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +- drivers/net/ethernet/emulex/benet/be_main.c | 8 +- drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 +- drivers/net/ethernet/freescale/fec_main.c | 34 ++- drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 +- drivers/net/ethernet/intel/fm10k/fm10k.h | 3 +- drivers/net/ethernet/intel/i40e/i40e.h | 2 +- drivers/net/ethernet/intel/ice/ice_flex_pipe.c | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe.h | 3 +- drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4 +- drivers/net/ethernet/xilinx/xilinx_emaclite.c | 2 +- drivers/net/phy/smsc.c | 1 + drivers/net/ppp/pptp.c | 18 +- drivers/net/usb/sierra_net.c | 4 + drivers/net/usb/usbnet.c | 11 +- drivers/net/virtio_net.c | 38 ++- drivers/net/vrf.c | 2 + .../broadcom/brcm80211/brcmfmac/cfg80211.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 +- drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 +- drivers/net/wireless/intel/iwlwifi/dvm/main.c | 11 +- drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 +- drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- drivers/net/wireless/marvell/mwl8k.c | 4 + drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 3 +- .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 2 +- drivers/net/wireless/realtek/rtlwifi/pci.c | 18 +- drivers/pci/controller/pcie-rockchip-host.c | 2 +- drivers/pci/endpoint/pci-ep-cfs.c | 1 + drivers/pci/endpoint/pci-epf-core.c | 2 +- drivers/pci/hotplug/pnv_php.c | 90 +++++-- drivers/pci/pci-acpi.c | 4 +- drivers/pci/pci.c | 8 +- drivers/pci/probe.c | 2 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 1 + drivers/pinctrl/sunxi/pinctrl-sunxi.c | 11 +- drivers/platform/x86/thinkpad_acpi.c | 4 +- drivers/power/supply/bq24190_charger.c | 60 ++--- drivers/power/supply/max14577_charger.c | 4 +- drivers/pps/pps.c | 11 +- drivers/pwm/pwm-imx-tpm.c | 9 + drivers/pwm/pwm-mediatek.c | 78 ++++-- drivers/regulator/core.c | 1 + drivers/rtc/rtc-ds1307.c | 17 +- drivers/rtc/rtc-hym8563.c | 2 +- drivers/rtc/rtc-pcf8563.c | 2 +- drivers/scsi/aacraid/comminit.c | 3 +- drivers/scsi/bfa/bfad_im.c | 1 + drivers/scsi/ibmvscsi_tgt/libsrp.c | 6 +- drivers/scsi/isci/request.c | 2 +- drivers/scsi/libiscsi.c | 3 +- drivers/scsi/lpfc/lpfc_debugfs.c | 1 - drivers/scsi/lpfc/lpfc_scsi.c | 4 + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 ++ drivers/scsi/mvsas/mv_sas.c | 4 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/scsi_scan.c | 2 +- drivers/scsi/scsi_transport_sas.c | 62 ++++- drivers/soc/aspeed/aspeed-lpc-snoop.c | 13 +- drivers/soc/qcom/mdt_loader.c | 41 +++ drivers/soc/tegra/pmc.c | 51 ++-- drivers/soundwire/stream.c | 2 +- drivers/staging/comedi/comedi_compat32.c | 3 + drivers/staging/comedi/comedi_fops.c | 60 ++++- drivers/staging/comedi/comedi_internal.h | 1 + drivers/staging/comedi/drivers.c | 30 ++- drivers/staging/comedi/drivers/aio_iiro_16.c | 3 +- drivers/staging/comedi/drivers/comedi_test.c | 2 +- drivers/staging/comedi/drivers/das16m1.c | 3 +- drivers/staging/comedi/drivers/das6402.c | 3 +- drivers/staging/comedi/drivers/pcl812.c | 3 +- drivers/staging/fbtft/fbtft-core.c | 1 + drivers/staging/media/imx/imx-media-csc-scaler.c | 2 +- drivers/staging/nvec/nvec_power.c | 2 +- drivers/thermal/thermal_sysfs.c | 9 +- drivers/thunderbolt/domain.c | 2 +- drivers/tty/serial/8250/8250_port.c | 3 +- drivers/tty/serial/pch_uart.c | 2 +- drivers/tty/vt/defkeymap.c_shipped | 112 ++++++++ drivers/tty/vt/keyboard.c | 2 +- drivers/usb/atm/cxacru.c | 172 ++++++------ drivers/usb/chipidea/ci.h | 18 +- drivers/usb/chipidea/udc.c | 89 ++++--- drivers/usb/class/cdc-acm.c | 13 +- drivers/usb/core/hub.c | 67 ++++- drivers/usb/core/quirks.c | 1 + drivers/usb/core/urb.c | 2 +- drivers/usb/dwc3/dwc3-meson-g12a.c | 3 + drivers/usb/dwc3/dwc3-qcom.c | 8 +- drivers/usb/dwc3/gadget.c | 9 + drivers/usb/early/xhci-dbc.c | 4 + drivers/usb/gadget/composite.c | 5 + drivers/usb/gadget/configfs.c | 2 + drivers/usb/gadget/udc/renesas_usb3.c | 1 + drivers/usb/host/xhci-hub.c | 3 +- drivers/usb/host/xhci-mem.c | 24 +- drivers/usb/host/xhci-plat.c | 3 +- drivers/usb/host/xhci-ring.c | 19 +- drivers/usb/host/xhci.c | 24 +- drivers/usb/host/xhci.h | 3 +- drivers/usb/musb/musb_gadget.c | 2 + drivers/usb/musb/omap2430.c | 10 +- drivers/usb/phy/phy-mxs-usb.c | 4 +- drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 3 + drivers/usb/serial/option.c | 7 + drivers/usb/storage/realtek_cr.c | 2 +- drivers/usb/storage/unusual_devs.h | 29 ++ drivers/usb/typec/tcpm/fusb302.c | 8 + drivers/vhost/vhost.c | 3 + drivers/video/console/vgacon.c | 2 +- drivers/video/fbdev/imxfb.c | 9 +- drivers/watchdog/dw_wdt.c | 2 + drivers/watchdog/ziirave_wdt.c | 3 + fs/btrfs/tree-log.c | 53 ++-- fs/buffer.c | 2 +- fs/cifs/cifsglob.h | 1 + fs/cifs/cifssmb.c | 10 + fs/cifs/smbdirect.c | 14 +- fs/cifs/transport.c | 34 ++- fs/ext4/fsmap.c | 23 +- fs/ext4/inline.c | 19 +- fs/ext4/inode.c | 2 +- fs/f2fs/f2fs.h | 2 +- fs/f2fs/inode.c | 28 +- fs/f2fs/node.c | 10 + fs/file.c | 15 ++ fs/hfs/bnode.c | 93 +++++++ fs/hfsplus/bnode.c | 92 +++++++ fs/hfsplus/extents.c | 3 - fs/hfsplus/unicode.c | 7 + fs/hfsplus/xattr.c | 6 +- fs/hugetlbfs/inode.c | 2 +- fs/isofs/inode.c | 9 +- fs/jbd2/checkpoint.c | 1 + fs/jfs/file.c | 3 + fs/jfs/inode.c | 2 +- fs/jfs/jfs_dmap.c | 10 +- fs/namespace.c | 89 ++++++- fs/nfs/blocklayout/blocklayout.c | 4 +- fs/nfs/blocklayout/dev.c | 5 +- fs/nfs/blocklayout/extent_tree.c | 20 +- fs/nfs/client.c | 44 ++- fs/nfs/direct.c | 13 +- fs/nfs/export.c | 11 +- fs/nfs/inode.c | 6 +- fs/nfs/internal.h | 1 + fs/nfs/nfs4client.c | 13 +- fs/nfs/nfs4proc.c | 35 +-- fs/nfs/pnfs.c | 11 +- fs/nfs/write.c | 11 +- fs/nfsd/nfs4state.c | 34 ++- fs/nilfs2/inode.c | 9 +- fs/orangefs/orangefs-debugfs.c | 8 +- fs/squashfs/super.c | 14 +- fs/udf/super.c | 13 +- include/linux/fs.h | 4 +- include/linux/if_vlan.h | 6 +- include/linux/mm.h | 26 +- include/linux/moduleparam.h | 5 +- include/linux/nfs_fs.h | 2 + include/linux/pci.h | 1 + include/linux/pps_kernel.h | 1 + include/linux/skbuff.h | 31 ++- include/linux/usb/chipidea.h | 1 + include/linux/usb/usbnet.h | 1 + include/net/act_api.h | 25 ++ include/net/cfg80211.h | 2 +- include/net/sch_generic.h | 13 - include/net/udp.h | 24 +- include/uapi/linux/in6.h | 4 +- include/uapi/linux/io_uring.h | 2 +- include/uapi/linux/mount.h | 3 +- kernel/events/core.c | 20 +- kernel/fork.c | 2 +- kernel/power/console.c | 7 +- kernel/rcu/tree_plugin.h | 3 + kernel/trace/ftrace.c | 19 +- kernel/trace/trace_events.c | 5 + mm/filemap.c | 2 +- mm/hmm.c | 2 +- mm/kmemleak.c | 120 +++++---- mm/madvise.c | 2 +- mm/mmap.c | 26 +- mm/shmem.c | 2 +- mm/zsmalloc.c | 6 +- net/8021q/vlan.c | 42 ++- net/8021q/vlan.h | 1 + net/appletalk/aarp.c | 42 ++- net/appletalk/ddp.c | 7 +- net/bluetooth/hci_sysfs.c | 15 +- net/bluetooth/l2cap_core.c | 26 +- net/bluetooth/l2cap_sock.c | 3 + net/bluetooth/smp.c | 21 +- net/bluetooth/smp.h | 1 + net/caif/cfctrl.c | 294 ++++++++++----------- net/core/filter.c | 3 + net/core/netpoll.c | 7 + net/ipv4/route.c | 1 - net/ipv4/tcp_input.c | 3 +- net/ipv4/udp_offload.c | 2 +- net/ipv6/ip6_offload.c | 4 +- net/ipv6/seg6_hmac.c | 3 + net/mac80211/tx.c | 1 + net/ncsi/internal.h | 2 +- net/ncsi/ncsi-rsp.c | 1 + net/netfilter/nf_conntrack_netlink.c | 24 +- net/netfilter/nf_tables_api.c | 4 +- net/netfilter/xt_nfacct.c | 4 +- net/netlink/af_netlink.c | 2 +- net/packet/af_packet.c | 39 ++- net/phonet/pep.c | 2 +- net/sched/act_api.c | 14 + net/sched/act_csum.c | 4 +- net/sched/act_ct.c | 10 +- net/sched/act_gact.c | 14 +- net/sched/act_mirred.c | 55 ++-- net/sched/act_police.c | 5 +- net/sched/act_tunnel_key.c | 2 +- net/sched/act_vlan.c | 9 +- net/sched/sch_cake.c | 14 +- net/sched/sch_codel.c | 5 +- net/sched/sch_drr.c | 7 +- net/sched/sch_fq_codel.c | 6 +- net/sched/sch_hfsc.c | 8 +- net/sched/sch_htb.c | 6 +- net/sched/sch_netem.c | 40 +++ net/sched/sch_qfq.c | 40 ++- net/sched/sch_sfq.c | 116 +++++--- net/sctp/input.c | 2 +- net/tls/tls_sw.c | 13 + net/vmw_vsock/af_vsock.c | 3 +- net/wireless/mlme.c | 3 +- samples/mei/mei-amt-version.c | 2 +- scripts/Kbuild.include | 8 +- scripts/kconfig/gconf.c | 8 +- scripts/kconfig/lxdialog/inputbox.c | 6 +- scripts/kconfig/lxdialog/menubox.c | 2 +- scripts/kconfig/nconf.c | 2 + scripts/kconfig/nconf.gui.c | 1 + security/inode.c | 2 - sound/pci/hda/patch_ca0132.c | 2 +- sound/pci/hda/patch_hdmi.c | 19 ++ sound/pci/intel8x0.c | 2 +- sound/soc/codecs/hdac_hdmi.c | 10 +- sound/soc/codecs/rt5640.c | 5 + sound/soc/fsl/fsl_sai.c | 14 +- sound/soc/intel/boards/Kconfig | 2 +- sound/soc/soc-dapm.c | 4 + sound/soc/soc-ops.c | 28 +- sound/usb/mixer_quirks.c | 14 +- sound/usb/mixer_scarlett_gen2.c | 9 + sound/usb/stream.c | 25 +- sound/usb/validate.c | 14 +- tools/bpf/bpftool/net.c | 15 +- tools/perf/tests/bp_account.c | 1 + .../cpupower/utils/idle_monitor/mperf_monitor.c | 4 +- tools/testing/ktest/ktest.pl | 5 +- .../ftrace/test.d/ftrace/func-filter-glob.tc | 2 +- tools/testing/selftests/futex/include/futextest.h | 11 + .../testing/selftests/net/forwarding/tc_actions.sh | 72 ++++- tools/testing/selftests/net/rtnetlink.sh | 6 + 366 files changed, 3519 insertions(+), 1494 deletions(-)

2 weeks, 4 days

7
413
0 0

[RFC 1/8] powerpc/mm: Fix SLB multihit issue during SLB preload

by Ritesh Harjani (IBM)

From: Donet Tom <donettom(a)linux.ibm.com> On systems using the hash MMU, there is a software SLB preload cache that mirrors the entries loaded into the hardware SLB buffer. This preload cache is subject to periodic eviction — typically after every 256 context switches — to remove old entry. To optimize performance, the kernel skips switch_mmu_context() in switch_mm_irqs_off() when the prev and next mm_struct are the same. However, on hash MMU systems, this can lead to inconsistencies between the hardware SLB and the software preload cache. If an SLB entry for a process is evicted from the software cache on one CPU, and the same process later runs on another CPU without executing switch_mmu_context(), the hardware SLB may retain stale entries. If the kernel then attempts to reload that entry, it can trigger an SLB multi-hit error. The following timeline shows how stale SLB entries are created and can cause a multi-hit error when a process moves between CPUs without a MMU context switch. CPU 0 CPU 1 ----- ----- Process P exec swapper/1 load_elf_binary begin_new_exc activate_mm switch_mm_irqs_off switch_mmu_context switch_slb /* * This invalidates all * the entries in the HW * and setup the new HW * SLB entries as per the * preload cache. */ context_switch sched_migrate_task migrates process P to cpu-1 Process swapper/0 context switch (to process P) (uses mm_struct of Process P) switch_mm_irqs_off() switch_slb load_slb++ /* * load_slb becomes 0 here * and we evict an entry from * the preload cache with * preload_age(). We still * keep HW SLB and preload * cache in sync, that is * because all HW SLB entries * anyways gets evicted in * switch_slb during SLBIA. * We then only add those * entries back in HW SLB, * which are currently * present in preload_cache * (after eviction). */ load_elf_binary continues... setup_new_exec() slb_setup_new_exec() sched_switch event sched_migrate_task migrates process P to cpu-0 context_switch from swapper/0 to Process P switch_mm_irqs_off() /* * Since both prev and next mm struct are same we don't call * switch_mmu_context(). This will cause the HW SLB and SW preload * cache to go out of sync in preload_new_slb_context. Because there * was an SLB entry which was evicted from both HW and preload cache * on cpu-1. Now later in preload_new_slb_context(), when we will try * to add the same preload entry again, we will add this to the SW * preload cache and then will add it to the HW SLB. Since on cpu-0 * this entry was never invalidated, hence adding this entry to the HW * SLB will cause a SLB multi-hit error. */ load_elf_binary continues... START_THREAD start_thread preload_new_slb_context /* * This tries to add a new EA to preload cache which was earlier * evicted from both cpu-1 HW SLB and preload cache. This caused the * HW SLB of cpu-0 to go out of sync with the SW preload cache. The * reason for this was, that when we context switched back on CPU-0, * we should have ideally called switch_mmu_context() which will * bring the HW SLB entries on CPU-0 in sync with SW preload cache * entries by setting up the mmu context properly. But we didn't do * that since the prev mm_struct running on cpu-0 was same as the * next mm_struct (which is true for swapper / kernel threads). So * now when we try to add this new entry into the HW SLB of cpu-0, * we hit a SLB multi-hit error. */ WARNING: CPU: 0 PID: 1810970 at arch/powerpc/mm/book3s64/slb.c:62 assert_slb_presence+0x2c/0x50(48 results) 02:47:29 [20157/42149] Modules linked in: CPU: 0 UID: 0 PID: 1810970 Comm: dd Not tainted 6.16.0-rc3-dirty #12 VOLUNTARY Hardware name: IBM pSeries (emulated by qemu) POWER8 (architected) 0x4d0200 0xf000004 of:SLOF,HEAD hv:linux,kvm pSeries NIP: c00000000015426c LR: c0000000001543b4 CTR: 0000000000000000 REGS: c0000000497c77e0 TRAP: 0700 Not tainted (6.16.0-rc3-dirty) MSR: 8000000002823033 <SF,VEC,VSX,FP,ME,IR,DR,RI,LE> CR: 28888482 XER: 00000000 CFAR: c0000000001543b0 IRQMASK: 3 <...> NIP [c00000000015426c] assert_slb_presence+0x2c/0x50 LR [c0000000001543b4] slb_insert_entry+0x124/0x390 Call Trace: 0x7fffceb5ffff (unreliable) preload_new_slb_context+0x100/0x1a0 start_thread+0x26c/0x420 load_elf_binary+0x1b04/0x1c40 bprm_execve+0x358/0x680 do_execveat_common+0x1f8/0x240 sys_execve+0x58/0x70 system_call_exception+0x114/0x300 system_call_common+0x160/0x2c4 >From the above analysis, during early exec the hardware SLB is cleared, and entries from the software preload cache are reloaded into hardware by switch_slb. However, preload_new_slb_context and slb_setup_new_exec also attempt to load some of the same entries, which can trigger a multi-hit. In most cases, these additional preloads simply hit existing entries and add nothing new. Removing these functions avoids redundant preloads and eliminates the multi-hit issue. This patch removes these two functions. We tested process switching performance using the context_switch benchmark on POWER9/hash, and observed no regression. Without this patch: 129041 ops/sec With this patch: 129341 ops/sec We also measured SLB faults during boot, and the counts are essentially the same with and without this patch. SLB faults without this patch: 19727 SLB faults with this patch: 19786 Cc: Madhavan Srinivasan <maddy(a)linux.ibm.com> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Nicholas Piggin <npiggin(a)gmail.com> Cc: Christophe Leroy <christophe.leroy(a)csgroup.eu> Cc: Paul Mackerras <paulus(a)ozlabs.org> Cc: "Aneesh Kumar K.V" <aneesh.kumar(a)kernel.org> Cc: Donet Tom <donettom(a)linux.ibm.com> Cc: linuxppc-dev(a)lists.ozlabs.org Fixes: 5434ae74629a ("powerpc/64s/hash: Add a SLB preload cache") cc: <stable(a)vger.kernel.org> Suggested-by: Nicholas Piggin <npiggin(a)gmail.com> Signed-off-by: Donet Tom <donettom(a)linux.ibm.com> --- arch/powerpc/include/asm/book3s/64/mmu-hash.h | 1 - arch/powerpc/kernel/process.c | 5 -- arch/powerpc/mm/book3s64/internal.h | 2 - arch/powerpc/mm/book3s64/mmu_context.c | 2 - arch/powerpc/mm/book3s64/slb.c | 88 ------------------- 5 files changed, 98 deletions(-) diff --git a/arch/powerpc/include/asm/book3s/64/mmu-hash.h b/arch/powerpc/include/asm/book3s/64/mmu-hash.h index 1c4eebbc69c9..e1f77e2eead4 100644 --- a/arch/powerpc/include/asm/book3s/64/mmu-hash.h +++ b/arch/powerpc/include/asm/book3s/64/mmu-hash.h @@ -524,7 +524,6 @@ void slb_save_contents(struct slb_entry *slb_ptr); void slb_dump_contents(struct slb_entry *slb_ptr); extern void slb_vmalloc_update(void); -void preload_new_slb_context(unsigned long start, unsigned long sp); #ifdef CONFIG_PPC_64S_HASH_MMU void slb_set_size(u16 size); diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c index 855e09886503..2b9799157eb4 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c @@ -1897,8 +1897,6 @@ int copy_thread(struct task_struct *p, const struct kernel_clone_args *args) return 0; } -void preload_new_slb_context(unsigned long start, unsigned long sp); - /* * Set up a thread for executing a new program */ @@ -1906,9 +1904,6 @@ void start_thread(struct pt_regs *regs, unsigned long start, unsigned long sp) { #ifdef CONFIG_PPC64 unsigned long load_addr = regs->gpr[2]; /* saved by ELF_PLAT_INIT */ - - if (IS_ENABLED(CONFIG_PPC_BOOK3S_64) && !radix_enabled()) - preload_new_slb_context(start, sp); #endif #ifdef CONFIG_PPC_TRANSACTIONAL_MEM diff --git a/arch/powerpc/mm/book3s64/internal.h b/arch/powerpc/mm/book3s64/internal.h index a57a25f06a21..c26a6f0c90fc 100644 --- a/arch/powerpc/mm/book3s64/internal.h +++ b/arch/powerpc/mm/book3s64/internal.h @@ -24,8 +24,6 @@ static inline bool stress_hpt(void) void hpt_do_stress(unsigned long ea, unsigned long hpte_group); -void slb_setup_new_exec(void); - void exit_lazy_flush_tlb(struct mm_struct *mm, bool always_flush); #endif /* ARCH_POWERPC_MM_BOOK3S64_INTERNAL_H */ diff --git a/arch/powerpc/mm/book3s64/mmu_context.c b/arch/powerpc/mm/book3s64/mmu_context.c index 4e1e45420bd4..fb9dcf9ca599 100644 --- a/arch/powerpc/mm/book3s64/mmu_context.c +++ b/arch/powerpc/mm/book3s64/mmu_context.c @@ -150,8 +150,6 @@ static int hash__init_new_context(struct mm_struct *mm) void hash__setup_new_exec(void) { slice_setup_new_exec(); - - slb_setup_new_exec(); } #else static inline int hash__init_new_context(struct mm_struct *mm) diff --git a/arch/powerpc/mm/book3s64/slb.c b/arch/powerpc/mm/book3s64/slb.c index 6b783552403c..7e053c561a09 100644 --- a/arch/powerpc/mm/book3s64/slb.c +++ b/arch/powerpc/mm/book3s64/slb.c @@ -328,94 +328,6 @@ static void preload_age(struct thread_info *ti) ti->slb_preload_tail = (ti->slb_preload_tail + 1) % SLB_PRELOAD_NR; } -void slb_setup_new_exec(void) -{ - struct thread_info *ti = current_thread_info(); - struct mm_struct *mm = current->mm; - unsigned long exec = 0x10000000; - - WARN_ON(irqs_disabled()); - - /* - * preload cache can only be used to determine whether a SLB - * entry exists if it does not start to overflow. - */ - if (ti->slb_preload_nr + 2 > SLB_PRELOAD_NR) - return; - - hard_irq_disable(); - - /* - * We have no good place to clear the slb preload cache on exec, - * flush_thread is about the earliest arch hook but that happens - * after we switch to the mm and have already preloaded the SLBEs. - * - * For the most part that's probably okay to use entries from the - * previous exec, they will age out if unused. It may turn out to - * be an advantage to clear the cache before switching to it, - * however. - */ - - /* - * preload some userspace segments into the SLB. - * Almost all 32 and 64bit PowerPC executables are linked at - * 0x10000000 so it makes sense to preload this segment. - */ - if (!is_kernel_addr(exec)) { - if (preload_add(ti, exec)) - slb_allocate_user(mm, exec); - } - - /* Libraries and mmaps. */ - if (!is_kernel_addr(mm->mmap_base)) { - if (preload_add(ti, mm->mmap_base)) - slb_allocate_user(mm, mm->mmap_base); - } - - /* see switch_slb */ - asm volatile("isync" : : : "memory"); - - local_irq_enable(); -} - -void preload_new_slb_context(unsigned long start, unsigned long sp) -{ - struct thread_info *ti = current_thread_info(); - struct mm_struct *mm = current->mm; - unsigned long heap = mm->start_brk; - - WARN_ON(irqs_disabled()); - - /* see above */ - if (ti->slb_preload_nr + 3 > SLB_PRELOAD_NR) - return; - - hard_irq_disable(); - - /* Userspace entry address. */ - if (!is_kernel_addr(start)) { - if (preload_add(ti, start)) - slb_allocate_user(mm, start); - } - - /* Top of stack, grows down. */ - if (!is_kernel_addr(sp)) { - if (preload_add(ti, sp)) - slb_allocate_user(mm, sp); - } - - /* Bottom of heap, grows up. */ - if (heap && !is_kernel_addr(heap)) { - if (preload_add(ti, heap)) - slb_allocate_user(mm, heap); - } - - /* see switch_slb */ - asm volatile("isync" : : : "memory"); - - local_irq_enable(); -} - static void slb_cache_slbie_kernel(unsigned int index) { unsigned long slbie_data = get_paca()->slb_cache[index]; -- 2.50.1

2 weeks, 4 days

1
0
0 0

Re: [PATCH v3] mm: slub: avoid wake up kswapd in set_track_prepare

by Vlastimil Babka

On 8/29/25 13:29, yangshiguang wrote: > At 2025-08-27 16:40:21, "Vlastimil Babka" <vbabka(a)suse.cz> wrote: > >>> >>>> >>> >>> How about this? >>> >>> /* Preemption is disabled in ___slab_alloc() */ >>> - gfp_flags &= ~(__GFP_DIRECT_RECLAIM); >>> + gfp_flags = (gfp_flags & ~(__GFP_DIRECT_RECLAIM | __GFP_NOFAIL)) | >>> + __GFP_NOWARN; >> >>I'd suggest using gfp_nested_flags() and & ~(__GFP_DIRECT_RECLAIM); >> > > However, gfp has been processed by gfp_nested_mask() in > stack_depot_save_flags(). Aha, didn't notice. Good to know! > Still need to call here? No then we can indeed just mask out __GFP_DIRECT_RECLAIM. Maybe the comment could say something like: /* * Preemption is disabled in ___slab_alloc() so we need to disallow * blocking. The flags are further adjusted by gfp_nested_mask() in * stack_depot itself. */ > set_track_prepare() > ->stack_depot_save_flags() > >>> >-- >>>>Cheers, >>>>Harry / Hyeonggon

2 weeks, 4 days

2
1
0 0

[PATCH 2/3] drm/xe: Allow the pm notifier to continue on failure

by Thomas Hellström

Its actions are opportunistic anyway and will be completed on device suspend. Also restrict the scope of the pm runtime reference to the notifier callback itself to make it easier to follow. Marking as a fix to simplify backporting of the fix that follows in the series. Fixes: c6a4d46ec1d7 ("drm/xe: evict user memory in PM notifier") Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.16+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_pm.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_pm.c b/drivers/gpu/drm/xe/xe_pm.c index a2e85030b7f4..b57b46ad9f7c 100644 --- a/drivers/gpu/drm/xe/xe_pm.c +++ b/drivers/gpu/drm/xe/xe_pm.c @@ -308,28 +308,22 @@ static int xe_pm_notifier_callback(struct notifier_block *nb, case PM_SUSPEND_PREPARE: xe_pm_runtime_get(xe); err = xe_bo_evict_all_user(xe); - if (err) { + if (err) drm_dbg(&xe->drm, "Notifier evict user failed (%d)\n", err); - xe_pm_runtime_put(xe); - break; - } err = xe_bo_notifier_prepare_all_pinned(xe); - if (err) { + if (err) drm_dbg(&xe->drm, "Notifier prepare pin failed (%d)\n", err); - xe_pm_runtime_put(xe); - } + xe_pm_runtime_put(xe); break; case PM_POST_HIBERNATION: case PM_POST_SUSPEND: + xe_pm_runtime_get(xe); xe_bo_notifier_unprepare_all_pinned(xe); xe_pm_runtime_put(xe); break; } - if (err) - return NOTIFY_BAD; - return NOTIFY_DONE; } -- 2.50.1

2 weeks, 5 days

3
4
0 0

[PATCH 5.4 000/403] 5.4.297-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.297 release. There are 403 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 29 Aug 2025 07:37:48 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.297-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.297-rc2 Al Viro <viro(a)zeniv.linux.org.uk> alloc_fdtable(): change calling conventions. Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/hypfs: Enable limited access during lockdown Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/hypfs: Avoid unnecessary ioctl registration in debugfs Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation William Liu <will(a)willsroot.io> net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate William Liu <will(a)willsroot.io> net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit Jason Xing <kernelxing(a)tencent.com> ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc Minhong He <heminhong(a)kylinos.cn> ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add Dan Carpenter <dan.carpenter(a)linaro.org> ALSA: usb-audio: Fix size validation in convert_chmap_v3() Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla4xxx: Prevent a potential error pointer dereference Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> usb: xhci: Fix slot_id resource race conflict Josef Bacik <josef(a)toxicpanda.com> nfs: fix UAF in direct writes Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix up commit deadlocks Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> cifs: Fix UAF in cifs_demultiplex_thread() Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: fix use-after-free in device_for_each_child() Davide Caratti <dcaratti(a)redhat.com> act_mirred: use the backlog for nested calls to mirred ingress Davide Caratti <dcaratti(a)redhat.com> net/sched: act_mirred: better wording on protection against excessive stack growth wenxu <wenxu(a)ucloud.cn> net/sched: act_mirred: refactor the handle of xmit Jiri Pirko <jiri(a)mellanox.com> selftests: forwarding: tc_actions.sh: add matchall mirror test Vlad Buslov <vladbu(a)mellanox.com> net: sched: don't expose action qstats to skb_tc_reinsert() Vlad Buslov <vladbu(a)mellanox.com> net: sched: extract qstats update code into functions Vlad Buslov <vladbu(a)mellanox.com> net: sched: extract bstats update code into function Vlad Buslov <vladbu(a)mellanox.com> net: sched: extract common action counters update code into function Lorenzo Stoakes <lstoakes(a)gmail.com> mm: perform the mapping_map_writable() check after call_mmap() Lorenzo Stoakes <lstoakes(a)gmail.com> mm: update memfd seal write check to include F_SEAL_WRITE Lorenzo Stoakes <lstoakes(a)gmail.com> mm: drop the assumption that VM_SHARED always implies writable Cong Wang <xiyou.wangcong(a)gmail.com> codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() Cong Wang <xiyou.wangcong(a)gmail.com> sch_qfq: make qfq_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_hfsc: make hfsc_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_drr: make drr_qlen_notify() idempotent Qu Wenruo <wqu(a)suse.com> btrfs: populate otime when logging an inode item Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com> media: venus: hfi: explicitly release IRQ during teardown Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-boundary access in dnode page Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com> media: venus: protect against spurious interrupts during probe Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> media: qcom: camss: cleanup media device allocated resource on error path Ricardo Ribalda <ribalda(a)chromium.org> media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. Imre Deak <imre.deak(a)intel.com> drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Fix duty and period setting Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Handle hardware enable and clock enable separately Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: mediatek: Implement .apply() callback Gui-Dong Han <hanguidong02(a)gmail.com> media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: v4l2-ctrls: always copy the controls on completion Damien Le Moal <dlemoal(a)kernel.org> ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: mdt_loader: Ensure we don't read past the ELF header Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 Johan Hovold <johan(a)kernel.org> usb: musb: omap2430: fix device leak at unbind Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix the setting of capabilities when automounting a new filesystem Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix nfs4_bitmap_copy_adjust() Sebastian Reichel <sebastian.reichel(a)collabora.com> usb: typec: fusb302: cache PD RX state Oliver Neukum <oneukum(a)suse.com> cdc-acm: fix race between initial clearing halt and open Johan Hovold <johan(a)kernel.org> USB: cdc-acm: do not log successful probe on later errors Breno Leitao <leitao(a)debian.org> mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock He Zhe <zhe.he(a)windriver.com> mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() Dave Hansen <dave.hansen(a)linux.intel.com> x86/fpu: Delay instruction pointer fixup until after warning Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery Jeff Layton <jlayton(a)kernel.org> nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Maulik Shah <maulik.shah(a)oss.qualcomm.com> pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov Steven Rostedt <rostedt(a)goodmis.org> tracing: Add down_write(trace_event_sem) when adding trace event Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: hub: Don't try to recover devices lost during warm reset. Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: hub: avoid warm port reset during USB3 disconnect Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Add default names for MCA banks and blocks Zhang Lixu <lixu.zhang(a)intel.com> iio: hid-sensor-prox: Fix incorrect OFFSET calculation Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on ino and xnid Harry Yoo <harry.yoo(a)oracle.com> mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n Miaohe Lin <linmiaohe(a)huawei.com> mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage() Lin.Cao <lincao12(a)amd.com> drm/sched: Remove optimization that causes hang when killing dependent jobs Haoxiang Li <haoxiang_li2024(a)163.com> ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Ammar Faizi <ammarfaizi2(a)gnuweeb.org> net: usbnet: Fix the wrong netif_carrier_on() call John Ernberg <john.ernberg(a)actia.se> net: usbnet: Avoid potential RCU stall on LINK_CHANGE event Lukas Wunner <lukas(a)wunner.de> PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports Li Zhong <floridsleeves(a)gmail.com> ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value Ian Abbott <abbotti(a)mev.co.uk> comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large Ian Abbott <abbotti(a)mev.co.uk> comedi: Fix initialization of data for instructions that write to subdevice Nathan Chancellor <nathan(a)kernel.org> kbuild: Add KBUILD_CPPFLAGS to as-option invocation Masahiro Yamada <masahiroy(a)kernel.org> kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS Nathan Chancellor <nathan(a)kernel.org> kbuild: Add CLANG_FLAGS to as-instr Nathan Chancellor <nathan(a)kernel.org> mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation Nick Desaulniers <ndesaulniers(a)google.com> kbuild: Update assembler calls to use proper flags and language target Nathan Chancellor <nathan(a)kernel.org> ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Ignore late xferNotReady event to prevent halt timeout Zenm Chen <zenmchen(a)gmail.com> USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles Thorsten Blum <thorsten.blum(a)linux.dev> usb: storage: realtek_cr: Use correct byte order for bcs->Residue Mael GUERIN <mael.guerin(a)murena.io> USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera Miao Li <limiao(a)kylinos.cn> usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive David Lechner <dlechner(a)baylibre.com> iio: proximity: isl29501: fix buffered read on big-endian systems Steven Rostedt <rostedt(a)goodmis.org> ftrace: Also allocate and copy hash for reading of filter files Xu Yilun <yilun.xu(a)linux.intel.com> fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() Al Viro <viro(a)zeniv.linux.org.uk> use uniform permission checks for all mount propagation changes Pavel Tikhomirov <ptikhomirov(a)virtuozzo.com> move_mount: allow to add a mount into an existing group Ye Bin <yebin10(a)huawei.com> fs/buffer: fix use-after-free when call bh_read() helper Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 Phillip Lougher <phillip(a)squashfs.org.uk> squashfs: fix memory leak in squashfs_fill_super Jiayi Li <lijiayi(a)kylinos.cn> memstick: Fix deadlock by moving removing flag earlier Vedang Nagar <quic_vnagar(a)quicinc.com> media: venus: Add a check for packet size after reading from shared memory Zhang Shurong <zhang_shurong(a)foxmail.com> media: ov2659: Fix memory leaks in ov2659_probe() Ludwig Disterhof <ludwig(a)disterhof.eu> media: usbtv: Lock resolution while streaming Haoxiang Li <haoxiang_li2024(a)163.com> media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() Dan Carpenter <dan.carpenter(a)linaro.org> media: gspca: Add bounds checking to firmware parser Jon Hunter <jonathanh(a)nvidia.com> soc/tegra: pmc: Ensure power-domains are in a known state Baokun Li <libaokun1(a)huawei.com> jbd2: prevent softlockup in jbd2_log_do_checkpoint() Damien Le Moal <dlemoal(a)kernel.org> PCI: endpoint: Fix configfs group removal on driver teardown Damien Le Moal <dlemoal(a)kernel.org> PCI: endpoint: Fix configfs group list head handling Thomas Fourier <fourier.thomas(a)gmail.com> mtd: rawnand: fsmc: Add missing check after DMA map Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> pwm: imx-tpm: Reset counter if CMOD is 0 Nathan Chancellor <nathan(a)kernel.org> wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() Marek Szyprowski <m.szyprowski(a)samsung.com> zynq_fpga: use sgtable-based scatterlist wrappers Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_to_sense_error() status handling Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: fix reserved gdt blocks handling in fsmap Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: fix fsmap end of range reporting with bigalloc Andreas Dilger <adilger(a)dilger.ca> ext4: check fast symlink for ea_inode correctly Helge Deller <deller(a)gmx.de> Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> vt: defkeymap: Map keycodes above 127 to K_HOLE Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> vt: keyboard: Don't process Unicode characters in K_OFF mode Johan Hovold <johan(a)kernel.org> usb: dwc3: meson-g12a: fix device leaks at unbind Johan Hovold <johan(a)kernel.org> usb: gadget: udc: renesas_usb3: fix device leak at unbind Nathan Chancellor <nathan(a)kernel.org> usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() Finn Thain <fthain(a)linux-m68k.org> m68k: Fix lost column on framebuffer debug console Dan Carpenter <dan.carpenter(a)linaro.org> cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() Yunhui Cui <cuiyunhui(a)bytedance.com> serial: 8250: fix panic due to PSLVERR Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Do not mark valid metadata as invalid Youngjun Lee <yjjuny.lee(a)samsung.com> media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Waiman Long <longman(a)redhat.com> mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() Randy Dunlap <rdunlap(a)infradead.org> parisc: Makefile: fix a typo in palo.conf Filipe Manana <fdmanana(a)suse.com> btrfs: fix log tree replay failure due to file with 0 links and extents Eric Biggers <ebiggers(a)kernel.org> thunderbolt: Fix copy+paste error in match_service_id() Ian Abbott <abbotti(a)mev.co.uk> comedi: fix race between polling and detaching Ricky Wu <ricky_wu(a)realtek.com> misc: rtsx: usb: Ensure mmc child device is active when card is present Jack Xiao <Jack.Xiao(a)amd.com> drm/amdgpu: fix incorrect vm flags to map bo Jiasheng Jiang <jiashengjiangcool(a)gmail.com> scsi: lpfc: Remove redundant assignment to avoid memory leak Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix uninited ptr deref in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Handle RPC size limit for layoutcommits Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix disk addr range check in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix stripe mapping in block/scsi layout Buday Csaba <buday.csaba(a)prolan.hu> net: phy: smsc: add proper reset flags for LAN8710A Corey Minyard <corey(a)minyard.net> ipmi: Fix strcpy source and destination the same Yann E. MORIN <yann.morin.1998(a)free.fr> kconfig: lxdialog: fix 'space' to (de)select options Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: fix potential memory leak in renderer_edited() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() Breno Leitao <leitao(a)debian.org> ipmi: Use dev_warn_ratelimited() for incorrect message warnings John Garry <john.g.garry(a)oracle.com> scsi: aacraid: Stop using PCI_IRQ_AFFINITY Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans Shankari Anand <shankari.ak0208(a)gmail.com> kconfig: nconf: Ensure null termination where strncpy is used Suchit Karunakaran <suchitkarunakaran(a)gmail.com> kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: don't fail if GETHDRCAP is unsupported Timothy Pearson <tpearson(a)raptorengineering.com> PCI: pnv_php: Work around switches with broken presence detection Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: add missing include to internal header chenchangcheng <chenchangcheng(a)kylinos.cn> media: uvcvideo: Fix bandwidth issue for Alcor camera Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() Wolfram Sang <wsa+renesas(a)sang-engineering.com> media: usb: hdpvr: disable zero-length read messages Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Increase FIFO trigger level to 374 Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Return an appropriate colorspace from tc358743_set_fmt Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Check I2C succeeded during probe Cheick Traore <cheick.traore(a)foss.st.com> pinctrl: stm32: Manage irq affinity settings Damien Le Moal <dlemoal(a)kernel.org> scsi: mpt3sas: Correctly handle ATA device errors Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Yury Norov [NVIDIA] <yury.norov(a)gmail.com> RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Arnaud Lecomte <contact(a)arnaud-lcm.com> jfs: upper bound check of tree index in dbAllocAG Edward Adam Davis <eadavis(a)qq.com> jfs: Regular file corruption check Lizhi Xu <lizhi.xu(a)windriver.com> jfs: truncate good inode pages when hard link is 0 jackysliu <1972843537(a)qq.com> scsi: bfa: Double-free fix Shiji Yang <yangshiji66(a)outlook.com> MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} Sebastian Reichel <sebastian.reichel(a)collabora.com> watchdog: dw_wdt: Fix default timeout Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> fs/orangefs: use snprintf() instead of sprintf() Showrya M N <showrya(a)chelsio.com> scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Theodore Ts'o <tytso(a)mit.edu> ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr Pali Rohár <pali(a)kernel.org> cifs: Fix calling CIFSFindFirst() for root path without msearch Jason Wang <jasowang(a)redhat.com> vhost: fail early when __vhost_add_used() fails Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 Jakub Kicinski <kuba(a)kernel.org> uapi: in6: restore visibility of most IPv6 socket options Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com> net: ncsi: Fix buffer overflow in fetching version id Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 Gal Pressman <gal(a)nvidia.com> net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs Stanislaw Gruszka <stf_xl(a)wp.pl> wifi: iwlegacy: Check rate_idx range after addition Mina Almasry <almasrymina(a)google.com> netmem: fix skb_frag_address_safe with unreadable skbs Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. Pagadala Yesu Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Rand Deeb <rand.sec96(a)gmail.com> wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Jonas Rebmann <jre(a)pengutronix.de> net: fec: allow disable coalescing Thomas Fourier <fourier.thomas(a)gmail.com> (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer Sven Schnelle <svens(a)linux.ibm.com> s390/stp: Remove udelay from stp_sync_clock() Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: fix scan request validation Alok Tiwari <alok.a.tiwari(a)oracle.com> net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix incorrect MTU in broadcast routes Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Fix interface type validation Paul E. McKenney <paulmck(a)kernel.org> rcu: Protect ->defer_qs_iw_pending from data race Thomas Fourier <fourier.thomas(a)gmail.com> net: ag71xx: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> et131x: Add missing check after DMA map Alok Tiwari <alok.a.tiwari(a)oracle.com> be2net: Use correct byte order and format string for TCP seq and ack_seq Sven Schnelle <svens(a)linux.ibm.com> s390/time: Use monotonic clock in get_cycles() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: reject HTC bit for management frames Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Prevent recursion of default variable options Xinxin Wan <xinxin.wan(a)intel.com> ASoC: codecs: rt5640: Retry DEVICE_ID verification Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Lucy Thrun <lucy.thrun(a)digital-rabbithole.de> ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Kees Cook <kees(a)kernel.org> platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches Gautham R. Shenoy <gautham.shenoy(a)amd.com> pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() Oliver Neukum <oneukum(a)suse.com> usb: core: usb_submit_urb: downgrade type check Alok Tiwari <alok.a.tiwari(a)oracle.com> ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 Mark Brown <broonie(a)kernel.org> ASoC: hdac_hdmi: Rate limit logging on connection and disconnection Ulf Hansson <ulf.hansson(a)linaro.org> mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Breno Leitao <leitao(a)debian.org> ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path Sebastian Ott <sebott(a)redhat.com> ACPI: processor: fix acpi_object initialization tuhaowen <tuhaowen(a)uniontech.com> PM: sleep: console: Fix the black screen issue Hsin-Te Yuan <yuanhsinte(a)chromium.org> thermal: sysfs: Return ENODATA instead of EAGAIN for reads Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests: tracing: Use mutex_unlock for testing glob filter Aaron Kling <webgeek1234(a)gmail.com> ARM: tegra: Use I/O memcpy to write to IRAM Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: tps65912: check the return value of regmap_update_bits() Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed Alexander Kochetkov <al.kochet(a)gmail.com> ARM: rockchip: fix kernel hang during smp initialization Lifeng Zheng <zhenglifeng1(a)huawei.com> cpufreq: Exit governor when failed to start old governor Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing errors during surprise removal Jay Chen <shawn2000100(a)gmail.com> usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing warnings for dying controller Cynthia Huang <cynthia(a)andestech.com> selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t Su Hui <suhui(a)nfschina.com> usb: xhci: print xhci->xhc_state when queue_command failed Al Viro <viro(a)zeniv.linux.org.uk> securityfs: don't pin dentries twice, once is enough... Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix not erasing deleted b-tree node issue Sarah Newman <srn(a)prgmr.com> drbd: add missing kref_get in handle_write_conflicts Jan Kara <jack(a)suse.cz> udf: Verify partition map count Kees Cook <kees(a)kernel.org> arm64: Handle KCOV __init vs inline mismatches Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix slab-out-of-bounds in hfs_bnode_read() Xin Long <lucien.xin(a)gmail.com> sctp: linearize cloned gso packets in sctp_rcv Florian Westphal <fw(a)strlen.de> netfilter: ctnetlink: fix refcount leak on table dump Sabrina Dubroca <sd(a)queasysnail.net> udp: also consider secpath when evaluating ipsec use for checksumming Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: processor: perflib: Move problematic pr->performance check Jiayi Li <lijiayi(a)kylinos.cn> ACPI: processor: perflib: Fix initial _PPC limit application Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Documentation: ACPI: Fix parent device references Sasha Levin <sashal(a)kernel.org> fs: Prevent file descriptor table allocations exceeding INT_MAX Ma Ke <make24(a)iscas.ac.cn> sunvdc: Balance device refcount in vdc_port_mpgroup_check Dai Ngo <dai.ngo(a)oracle.com> NFSD: detect mismatch of file handle and delegation stateid in OPEN op Johan Hovold <johan(a)kernel.org> net: dpaa: fix device leak when querying time stamp info Johan Hovold <johan(a)kernel.org> net: gianfar: fix device leak when querying time stamp info Fedor Pchelkin <pchelkin(a)ispras.ru> netlink: avoid infinite retry looping in netlink_unicast() Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 cluster segment descriptors Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 power domain descriptors, too Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't use int for ABI Tao Xue <xuetao09(a)huawei.com> usb: gadget : fix use-after-free in composite_dev_cleanup() Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: mm: tlb-r4k: Uniquify TLB entries on init Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W709 Budimir Markovic <markovicbudimir(a)gmail.com> vsock: Do not allow binding to VMADDR_PORT_ANY Quang Le <quanglex97(a)gmail.com> net/packet: fix a race in packet_set_ring() and packet_notifier() Thomas Gleixner <tglx(a)linutronix.de> perf/core: Prevent VMA split of buffer mappings Thomas Gleixner <tglx(a)linutronix.de> perf/core: Exit early on perf_mmap() fail Thomas Gleixner <tglx(a)linutronix.de> perf/core: Don't leak AUX buffer refcount on allocation failure Eric Dumazet <edumazet(a)google.com> pptp: fix pptp_xmit() error path Stefan Metzmacher <metze(a)samba.org> smb: client: let recv_done() cleanup before notifying the callers. Michal Schmidt <mschmidt(a)redhat.com> benet: fix BUG when creating VFs Wang Liang <wangliang74(a)huawei.com> net: drop UFO packets in udp_rcv_segment() Eric Dumazet <edumazet(a)google.com> ipv6: reject malicious packets in ipv6_gso_segment() Eric Dumazet <edumazet(a)google.com> pptp: ensure minimal skb length in pptp_xmit() Jakub Kicinski <kuba(a)kernel.org> netpoll: prevent hanging NAPI when netcons gets enabled Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() Frederic Barrat <fbarrat(a)linux.ibm.com> pci/hotplug/pnv-php: Wrap warnings in macro Frederic Barrat <fbarrat(a)linux.ibm.com> pci/hotplug/pnv-php: Improve error msg on power state change failure Peter Chen <peter.chen(a)nxp.com> usb: chipidea: udc: fix sleeping function called from invalid context Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-boundary access in devs.path Chao Yu <chao(a)kernel.org> f2fs: fix to avoid panic in f2fs_evict_inode Chao Yu <chao(a)kernel.org> f2fs: fix to avoid UAF in f2fs_sync_inode_meta() Brian Masney <bmasney(a)redhat.com> rtc: pcf8563: fix incorrect maximum clock rate handling Brian Masney <bmasney(a)redhat.com> rtc: hym8563: fix incorrect maximum clock rate handling Brian Masney <bmasney(a)redhat.com> rtc: ds1307: fix incorrect maximum clock rate handling Petr Pavlu <petr.pavlu(a)suse.com> module: Restore the moduleparam prefix length check Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Check flow_dissector ctx accesses are aligned Balamanikandan Gunasundar <balamanikandan.gunasundar(a)microchip.com> mtd: rawnand: atmel: set pmecc data setup time Thomas Fourier <fourier.thomas(a)gmail.com> mtd: rawnand: atmel: Fix dma_mapping_error() address Zheng Yu <zheng.yu(a)northwestern.edu> jfs: fix metapage reference count leak in dbAllocCtl Chenyuan Yang <chenyuan0y(a)gmail.com> fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - fix seq_file position update in adf_ring_next() Thomas Fourier <fourier.thomas(a)gmail.com> dmaengine: nbpfaxi: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> dmaengine: mv_xor: Fix missing check after DMA map and missing unmap Dan Carpenter <dan.carpenter(a)linaro.org> fs/orangefs: Allow 2 more characters in do_c_string() Bard Liao <yung-chuan.liao(a)linux.intel.com> soundwire: stream: restore params when prepare ports fail Thomas Fourier <fourier.thomas(a)gmail.com> crypto: img-hash - Fix dma_unmap_sg() nents value Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> hwrng: mtk - handle devm_pm_runtime_enable errors Dan Carpenter <dan.carpenter(a)linaro.org> watchdog: ziirave_wdt: check record length in ziirave_firm_verify() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: isci: Fix dma_unmap_sg() nents value Thomas Fourier <fourier.thomas(a)gmail.com> scsi: mvsas: Fix dma_unmap_sg() nents value Thomas Fourier <fourier.thomas(a)gmail.com> scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value Paul Kocialkowski <paulk(a)sys-base.io> clk: sunxi-ng: v3s: Fix de clock definition Leo Yan <leo.yan(a)arm.com> perf tests bp_account: Fix leaked file descriptor Mengbiao Xiong <xisme1998(a)gmail.com> crypto: ccp - Fix crash when rebind ccp device for ccp.ko Yuan Chen <chenyuan(a)kylinos.cn> pinctrl: sunxi: Fix memory leak on krealloc failure Charles Han <hanchunchao(a)inspur.com> power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set Henry Martin <bsdhenrymartin(a)gmail.com> clk: davinci: Add NULL check in davinci_lpsc_clk_register() Ivan Stepchenko <sid(a)itb.spb.ru> mtd: fix possible integer overflow in erase_xfer() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Fix engine load inaccuracy Hans Zhang <18255117159(a)163.com> PCI: rockchip-host: Fix "Unexpected Completion" log message Stanislav Fomichev <sdf(a)fomichev.me> vrf: Drop existing dst reference in vrf_ip6_input_dst Xiumei Mu <xmu(a)redhat.com> selftests: rtnetlink.sh: remove esp4_offload after test Florian Westphal <fw(a)strlen.de> netfilter: xt_nfacct: don't assume acct name is null-terminated Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Assign netdev.dev_port based on device channel index Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_pciefd: Store device channel index Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com> wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE Remi Pommarel <repk(a)triplefau.lt> Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Thomas Fourier <fourier.thomas(a)gmail.com> mwl8k: Add missing check after DMA map Martin Kaistra <martin.kaistra(a)linutronix.de> wifi: rtl8xxxu: Fix RX skb size for aggregation disabled William Liu <will(a)willsroot.io> net/sched: Restrict conditions for adding duplicating netems to qdisc tree Johan Korsnes <johan.korsnes(a)gmail.com> arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX Fedor Pchelkin <pchelkin(a)ispras.ru> netfilter: nf_tables: adjust lockdep assertions handling Fedor Pchelkin <pchelkin(a)ispras.ru> drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value Finn Thain <fthain(a)linux-m68k.org> m68k: Don't unregister boot console needlessly xin.guo <guoxin0309(a)gmail.com> tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range Jiasheng Jiang <jiasheng(a)iscas.ac.cn> iwlwifi: Add missing check for alloc_ordered_workqueue Xiu Jianfeng <xiujianfeng(a)huawei.com> wifi: iwlwifi: Fix memory leak in iwl_mvm_init() Daniil Dulov <d.dulov(a)aladdin.ru> wifi: rtl818x: Kill URBs before clearing tx status queue Arnd Bergmann <arnd(a)arndb.de> caif: reduce stack size, again Yuan Chen <chenyuan(a)kylinos.cn> bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls Alok Tiwari <alok.a.tiwari(a)oracle.com> staging: nvec: Fix incorrect null termination of battery manufacturer Brahmajit Das <listout(a)listout.xyz> samples: mei: Fix building on musl libc Lifeng Zheng <zhenglifeng1(a)huawei.com> cpufreq: Init policy->rwsem before it may be possibly used Annette Kobou <annette.kobou(a)kontron.de> ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface Lucas De Marchi <lucas.demarchi(a)intel.com> usb: early: xhci-dbc: Fix early_ioremap leak Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "vmci: Prevent the dispatching of uninitialized payloads" Denis OSTERLAND-HEIM <denis.osterland(a)diehl.com> pps: fix poll support Lizhi Xu <lizhi.xu(a)windriver.com> vmci: Prevent the dispatching of uninitialized payloads Abdun Nihaal <abdun.nihaal(a)gmail.com> staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: vfxxx: Correctly use two tuples for timer address Arnd Bergmann <arnd(a)arndb.de> ASoC: ops: dynamically allocate struct snd_ctl_elem_value Yangtao Li <frank.li(a)vivo.com> hfsplus: remove mutex_lock check in hfsplus_free_extents Arnd Bergmann <arnd(a)arndb.de> ASoC: Intel: fix SND_SOC_SOF dependencies Arnd Bergmann <arnd(a)arndb.de> ethernet: intel: fix building with large NR_CPUS Xu Yang <xu.yang_2(a)nxp.com> usb: phy: mxs: disconnect line when USB charger is attached Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: add USB PHY event Peter Chen <peter.chen(a)nxp.com> usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use Jun Li <jun.li(a)nxp.com> usb: chipidea: udc: protect usb interrupt enable Peter Chen <peter.chen(a)nxp.com> usb: chipidea: udc: add new API ci_hdrc_gadget_connect Daniel Dadap <ddadap(a)nvidia.com> ALSA: hda: Add missing NVIDIA HDA codec IDs Ian Abbott <abbotti(a)mev.co.uk> comedi: comedi_test: Fix possible deletion of uninitialized timers Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: reject invalid file types when reading inodes Yang Xiwen <forbidden405(a)outlook.com> i2c: qup: jump out of the loop in case of timeout Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class Kito Xu (veritas501) <hxzene(a)gmail.com> net: appletalk: Fix use-after-free in AARP proxy probe Andrew Lunn <andrew(a)lunn.ch> net: appletalk: fix kerneldoc warnings Maor Gottlieb <maorg(a)nvidia.com> RDMA/core: Rate limit GID cache warning messages Alessandro Carminati <acarmina(a)redhat.com> regulator: core: fix NULL dereference on unbind due to stale coupling data Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: hub: fix detection of high tier USB3 devices behind suspended hubs Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: reject invalid perturb period Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: move the limit validation Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: use a temporary work area for validating configuration Octavian Purdila <tavip(a)google.com> net_sched: sch_sfq: don't allow 1 packet limit Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: handle bigger packets Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: annotate data-races around q->perturb_period Zheng Wang <zyytlz.wz(a)163.com> power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition Minghao Chi <chi.minghao(a)zte.com.cn> power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync Dinghao Liu <dinghao.liu(a)zju.edu.cn> power: supply: bq24190_charger: Fix runtime PM imbalance on error Hongyu Xie <xiehongyu1(a)kylinos.cn> xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: ensure the received length does not exceed allocated size Arun Raghavan <arun(a)asymptotic.io> ASoC: fsl_sai: Force a software reset when starting in consumer mode Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> usb: dwc3: qcom: Don't leave BCR asserted Drew Hamilton <drew.hamilton(a)zetier.com> usb: musb: fix gadget state on disconnect William Liu <will(a)willsroot.io> net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree Dong Chenchen <dongchenchen2(a)huawei.com> net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: If an unallowed command is received consider it a failure Kuniyuki Iwashima <kuniyu(a)google.com> Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() Oliver Neukum <oneukum(a)suse.com> usb: net: sierra: check for no status endpoint Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Fix race condition on qfq_aggregate Alok Tiwari <alok.a.tiwari(a)oracle.com> net: emaclite: Fix missing pointer increment in aligned_read() Ian Abbott <abbotti(a)mev.co.uk> comedi: Fix use of uninitialized data in insn_rw_emulate_bits() Ian Abbott <abbotti(a)mev.co.uk> comedi: Fix some signed shift left operations Ian Abbott <abbotti(a)mev.co.uk> comedi: das6402: Fix bit shift out of bounds Ian Abbott <abbotti(a)mev.co.uk> comedi: das16m1: Fix bit shift out of bounds Ian Abbott <abbotti(a)mev.co.uk> comedi: aio_iiro_16: Fix bit shift out of bounds Ian Abbott <abbotti(a)mev.co.uk> comedi: pcl812: Fix bit shift out of bounds Chen Ni <nichen(a)iscas.ac.cn> iio: adc: stm32-adc: Fix race in installing chained IRQ handler Fabio Estevam <festevam(a)denx.de> iio: adc: max1363: Reorder mode_list[] entries Fabio Estevam <festevam(a)denx.de> iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] Andrew Jeffery <andrew(a)codeconstruct.com.au> soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Andrew Jeffery <andrew(a)codeconstruct.com.au> soc: aspeed: lpc-snoop: Cleanup resources in stack-order Judith Mendez <jm(a)ti.com> mmc: sdhci_am654: Workaround for Errata i2312 Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models Thomas Fourier <fourier.thomas(a)gmail.com> mmc: bcm2835: Fix dma_unmap_sg() nents value Nathan Chancellor <nathan(a)kernel.org> memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() Jan Kara <jack(a)suse.cz> isofs: Verify inode mode when loading from disk Dan Carpenter <dan.carpenter(a)linaro.org> dmaengine: nbpfaxi: Fix memory corruption in probe() Yun Lu <luyun(a)kylinos.cn> af_packet: fix soft lockup issue caused by tpacket_snd() Yun Lu <luyun(a)kylinos.cn> af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() Nathan Chancellor <nathan(a)kernel.org> phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() Benjamin Tissoires <bentiss(a)kernel.org> HID: core: do not bypass hid_hw_raw_request Benjamin Tissoires <bentiss(a)kernel.org> HID: core: ensure __hid_request reserves the report ID as the first byte Benjamin Tissoires <bentiss(a)kernel.org> HID: core: ensure the allocated report buffer can contain the reserved report ID Thomas Fourier <fourier.thomas(a)gmail.com> pch_uart: Fix dma_sync_sg_for_device() nents value Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - set correct controller type for Acer NGR200 Clément Le Goffic <clement.legoffic(a)foss.st.com> i2c: stm32: fix the device used for the DMA map Xinyu Liu <1171169449(a)qq.com> usb: gadget: configfs: Fix OOB read on empty string write Ryan Mann (NDI) <rmann(a)ndigital.com> USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W640 Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition ------------- Diffstat: Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 +- Makefile | 7 +- arch/arm/Makefile | 2 +- arch/arm/boot/dts/imx6ul-kontron-n6310-s.dts | 1 - arch/arm/boot/dts/vfxxx.dtsi | 2 +- arch/arm/mach-rockchip/platsmp.c | 15 +- arch/arm/mach-tegra/reset.c | 2 +- arch/arm64/include/asm/acpi.h | 2 +- arch/m68k/Kconfig.debug | 2 +- arch/m68k/kernel/early_printk.c | 42 +-- arch/m68k/kernel/head.S | 39 ++- arch/mips/Makefile | 2 +- arch/mips/include/asm/vpe.h | 8 + arch/mips/kernel/process.c | 16 +- arch/mips/mm/tlb-r4k.c | 56 +++- arch/parisc/Makefile | 2 +- arch/powerpc/configs/ppc6xx_defconfig | 1 - arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 +- arch/s390/hypfs/hypfs_dbfs.c | 19 +- arch/s390/include/asm/timex.h | 13 +- arch/s390/kernel/time.c | 2 +- arch/x86/kernel/cpu/mce/amd.c | 13 +- arch/x86/mm/extable.c | 5 +- drivers/acpi/acpi_processor.c | 2 +- drivers/acpi/apei/ghes.c | 2 + drivers/acpi/processor_idle.c | 4 +- drivers/acpi/processor_perflib.c | 11 + drivers/ata/Kconfig | 35 ++- drivers/ata/libata-scsi.c | 20 +- drivers/base/power/domain_governor.c | 18 +- drivers/base/power/runtime.c | 5 + drivers/block/drbd/drbd_receiver.c | 6 +- drivers/block/sunvdc.c | 4 +- drivers/char/hw_random/mtk-rng.c | 4 +- drivers/char/ipmi/ipmi_msghandler.c | 8 +- drivers/char/ipmi/ipmi_watchdog.c | 59 +++-- drivers/clk/davinci/psc.c | 5 + drivers/clk/sunxi-ng/ccu-sun8i-v3s.c | 3 +- drivers/cpufreq/armada-8k-cpufreq.c | 2 +- drivers/cpufreq/cpufreq.c | 11 +- drivers/crypto/ccp/ccp-debugfs.c | 3 + drivers/crypto/img-hash.c | 2 +- drivers/crypto/marvell/cipher.c | 4 +- drivers/crypto/marvell/hash.c | 5 +- .../crypto/qat/qat_common/adf_transport_debug.c | 4 +- drivers/dma/mv_xor.c | 21 +- drivers/dma/nbpfaxi.c | 24 +- drivers/fpga/zynq-fpga.c | 10 +- drivers/gpio/gpio-tps65912.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- .../gpu/drm/amd/display/dc/bios/command_table.c | 2 +- .../amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 30 ++- drivers/gpu/drm/amd/powerplay/hwmgr/smu_helper.c | 2 +- drivers/gpu/drm/drm_dp_helper.c | 2 +- drivers/gpu/drm/scheduler/sched_entity.c | 23 +- drivers/hid/hid-core.c | 21 +- drivers/i2c/busses/i2c-qup.c | 4 +- drivers/i2c/busses/i2c-stm32.c | 8 +- drivers/i2c/busses/i2c-stm32f7.c | 4 +- drivers/i3c/internals.h | 1 + drivers/i3c/master.c | 2 +- drivers/iio/adc/max1363.c | 43 ++- drivers/iio/adc/stm32-adc-core.c | 7 +- drivers/iio/light/hid-sensor-prox.c | 3 +- drivers/iio/proximity/isl29501.c | 14 +- drivers/infiniband/core/cache.c | 4 +- drivers/infiniband/hw/hfi1/affinity.c | 44 +-- drivers/input/joystick/xpad.c | 2 +- drivers/media/dvb-frontends/dib7000p.c | 8 + drivers/media/i2c/ov2659.c | 3 +- drivers/media/i2c/tc358743.c | 86 +++--- drivers/media/platform/qcom/camss/camss.c | 4 +- drivers/media/platform/qcom/venus/core.c | 8 +- drivers/media/platform/qcom/venus/core.h | 2 + drivers/media/platform/qcom/venus/hfi_venus.c | 5 + drivers/media/platform/qcom/venus/vdec.c | 5 +- drivers/media/usb/gspca/vicam.c | 10 +- drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 + drivers/media/usb/rainshadow-cec/rainshadow-cec.c | 3 +- drivers/media/usb/usbtv/usbtv-video.c | 4 + drivers/media/usb/uvc/uvc_driver.c | 3 + drivers/media/usb/uvc/uvc_video.c | 21 +- drivers/media/v4l2-core/v4l2-ctrls.c | 37 ++- drivers/memstick/core/memstick.c | 3 +- drivers/memstick/host/rtsx_usb_ms.c | 1 + drivers/misc/cardreader/rtsx_usb.c | 16 +- drivers/mmc/host/bcm2835.c | 3 +- drivers/mmc/host/rtsx_usb_sdmmc.c | 4 +- drivers/mmc/host/sdhci-pci-core.c | 3 +- drivers/mmc/host/sdhci_am654.c | 9 +- drivers/mtd/ftl.c | 2 +- drivers/mtd/nand/raw/atmel/nand-controller.c | 2 +- drivers/mtd/nand/raw/atmel/pmecc.c | 6 + drivers/mtd/nand/raw/fsmc_nand.c | 2 + drivers/net/can/kvaser_pciefd.c | 1 + drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 + drivers/net/dsa/b53/b53_common.c | 31 ++- drivers/net/dsa/b53/b53_regs.h | 1 + drivers/net/ethernet/agere/et131x.c | 36 +++ drivers/net/ethernet/atheros/ag71xx.c | 9 + drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +- drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +- drivers/net/ethernet/emulex/benet/be_main.c | 8 +- drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 +- drivers/net/ethernet/freescale/fec_main.c | 34 ++- drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 +- drivers/net/ethernet/intel/fm10k/fm10k.h | 3 +- drivers/net/ethernet/intel/i40e/i40e.h | 2 +- drivers/net/ethernet/intel/ice/ice_flex_pipe.c | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe.h | 3 +- drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4 +- drivers/net/ethernet/xilinx/xilinx_emaclite.c | 2 +- drivers/net/phy/smsc.c | 1 + drivers/net/ppp/pptp.c | 18 +- drivers/net/usb/sierra_net.c | 4 + drivers/net/usb/usbnet.c | 11 +- drivers/net/virtio_net.c | 38 ++- drivers/net/vrf.c | 2 + .../broadcom/brcm80211/brcmfmac/cfg80211.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 +- drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 +- drivers/net/wireless/intel/iwlwifi/dvm/main.c | 11 +- drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 +- drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- drivers/net/wireless/marvell/mwl8k.c | 4 + drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 3 +- .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 2 +- drivers/net/wireless/realtek/rtlwifi/pci.c | 18 +- drivers/pci/controller/pcie-rockchip-host.c | 2 +- drivers/pci/endpoint/pci-ep-cfs.c | 1 + drivers/pci/endpoint/pci-epf-core.c | 2 +- drivers/pci/hotplug/pnv_php.c | 90 +++++-- drivers/pci/pci-acpi.c | 4 +- drivers/pci/pci.c | 8 +- drivers/pci/probe.c | 2 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 1 + drivers/pinctrl/sunxi/pinctrl-sunxi.c | 11 +- drivers/platform/x86/thinkpad_acpi.c | 4 +- drivers/power/supply/bq24190_charger.c | 60 ++--- drivers/power/supply/max14577_charger.c | 4 +- drivers/pps/pps.c | 11 +- drivers/pwm/pwm-imx-tpm.c | 9 + drivers/pwm/pwm-mediatek.c | 78 ++++-- drivers/regulator/core.c | 1 + drivers/rtc/rtc-ds1307.c | 17 +- drivers/rtc/rtc-hym8563.c | 2 +- drivers/rtc/rtc-pcf8563.c | 2 +- drivers/scsi/aacraid/comminit.c | 3 +- drivers/scsi/bfa/bfad_im.c | 1 + drivers/scsi/ibmvscsi_tgt/libsrp.c | 6 +- drivers/scsi/isci/request.c | 2 +- drivers/scsi/libiscsi.c | 3 +- drivers/scsi/lpfc/lpfc_debugfs.c | 1 - drivers/scsi/lpfc/lpfc_scsi.c | 4 + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 ++ drivers/scsi/mvsas/mv_sas.c | 4 +- drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/scsi_scan.c | 2 +- drivers/scsi/scsi_transport_sas.c | 62 ++++- drivers/soc/aspeed/aspeed-lpc-snoop.c | 13 +- drivers/soc/qcom/mdt_loader.c | 41 +++ drivers/soc/tegra/pmc.c | 51 ++-- drivers/soundwire/stream.c | 2 +- drivers/staging/comedi/comedi_compat32.c | 3 + drivers/staging/comedi/comedi_fops.c | 60 ++++- drivers/staging/comedi/comedi_internal.h | 1 + drivers/staging/comedi/drivers.c | 30 ++- drivers/staging/comedi/drivers/aio_iiro_16.c | 3 +- drivers/staging/comedi/drivers/comedi_test.c | 2 +- drivers/staging/comedi/drivers/das16m1.c | 3 +- drivers/staging/comedi/drivers/das6402.c | 3 +- drivers/staging/comedi/drivers/pcl812.c | 3 +- drivers/staging/fbtft/fbtft-core.c | 1 + drivers/staging/media/imx/imx-media-csc-scaler.c | 2 +- drivers/staging/nvec/nvec_power.c | 2 +- drivers/thermal/thermal_sysfs.c | 9 +- drivers/thunderbolt/domain.c | 2 +- drivers/tty/serial/8250/8250_port.c | 3 +- drivers/tty/serial/pch_uart.c | 2 +- drivers/tty/vt/defkeymap.c_shipped | 112 ++++++++ drivers/tty/vt/keyboard.c | 2 +- drivers/usb/atm/cxacru.c | 172 ++++++------ drivers/usb/chipidea/ci.h | 18 +- drivers/usb/chipidea/udc.c | 89 ++++--- drivers/usb/class/cdc-acm.c | 13 +- drivers/usb/core/hub.c | 67 ++++- drivers/usb/core/quirks.c | 1 + drivers/usb/core/urb.c | 2 +- drivers/usb/dwc3/dwc3-meson-g12a.c | 3 + drivers/usb/dwc3/dwc3-qcom.c | 8 +- drivers/usb/dwc3/gadget.c | 9 + drivers/usb/early/xhci-dbc.c | 4 + drivers/usb/gadget/composite.c | 5 + drivers/usb/gadget/configfs.c | 2 + drivers/usb/gadget/udc/renesas_usb3.c | 1 + drivers/usb/host/xhci-hub.c | 3 +- drivers/usb/host/xhci-mem.c | 24 +- drivers/usb/host/xhci-plat.c | 3 +- drivers/usb/host/xhci-ring.c | 19 +- drivers/usb/host/xhci.c | 24 +- drivers/usb/host/xhci.h | 3 +- drivers/usb/musb/musb_gadget.c | 2 + drivers/usb/musb/omap2430.c | 10 +- drivers/usb/phy/phy-mxs-usb.c | 4 +- drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 3 + drivers/usb/serial/option.c | 7 + drivers/usb/storage/realtek_cr.c | 2 +- drivers/usb/storage/unusual_devs.h | 29 ++ drivers/usb/typec/tcpm/fusb302.c | 8 + drivers/vhost/vhost.c | 3 + drivers/video/console/vgacon.c | 2 +- drivers/video/fbdev/imxfb.c | 9 +- drivers/watchdog/dw_wdt.c | 2 + drivers/watchdog/ziirave_wdt.c | 3 + fs/btrfs/tree-log.c | 53 ++-- fs/buffer.c | 2 +- fs/cifs/cifsglob.h | 1 + fs/cifs/cifssmb.c | 10 + fs/cifs/smbdirect.c | 14 +- fs/cifs/transport.c | 34 ++- fs/ext4/fsmap.c | 23 +- fs/ext4/inline.c | 19 +- fs/ext4/inode.c | 2 +- fs/f2fs/f2fs.h | 2 +- fs/f2fs/inode.c | 28 +- fs/f2fs/node.c | 10 + fs/file.c | 81 +++--- fs/hfs/bnode.c | 93 +++++++ fs/hfsplus/bnode.c | 92 +++++++ fs/hfsplus/extents.c | 3 - fs/hfsplus/unicode.c | 7 + fs/hfsplus/xattr.c | 6 +- fs/hugetlbfs/inode.c | 2 +- fs/isofs/inode.c | 9 +- fs/jbd2/checkpoint.c | 1 + fs/jfs/file.c | 3 + fs/jfs/inode.c | 2 +- fs/jfs/jfs_dmap.c | 10 +- fs/namespace.c | 89 ++++++- fs/nfs/blocklayout/blocklayout.c | 4 +- fs/nfs/blocklayout/dev.c | 5 +- fs/nfs/blocklayout/extent_tree.c | 20 +- fs/nfs/client.c | 44 ++- fs/nfs/direct.c | 13 +- fs/nfs/export.c | 11 +- fs/nfs/inode.c | 6 +- fs/nfs/internal.h | 1 + fs/nfs/nfs4client.c | 13 +- fs/nfs/nfs4proc.c | 35 +-- fs/nfs/pnfs.c | 11 +- fs/nfs/write.c | 11 +- fs/nfsd/nfs4state.c | 34 ++- fs/nilfs2/inode.c | 9 +- fs/orangefs/orangefs-debugfs.c | 8 +- fs/squashfs/super.c | 14 +- fs/udf/super.c | 13 +- include/linux/fs.h | 4 +- include/linux/if_vlan.h | 6 +- include/linux/mm.h | 26 +- include/linux/moduleparam.h | 5 +- include/linux/nfs_fs.h | 2 + include/linux/pci.h | 1 + include/linux/pps_kernel.h | 1 + include/linux/skbuff.h | 31 ++- include/linux/usb/chipidea.h | 1 + include/linux/usb/usbnet.h | 1 + include/net/act_api.h | 25 ++ include/net/cfg80211.h | 2 +- include/net/sch_generic.h | 13 - include/net/udp.h | 24 +- include/uapi/linux/in6.h | 4 +- include/uapi/linux/io_uring.h | 2 +- include/uapi/linux/mount.h | 3 +- kernel/events/core.c | 20 +- kernel/fork.c | 2 +- kernel/power/console.c | 7 +- kernel/rcu/tree_plugin.h | 3 + kernel/trace/ftrace.c | 19 +- kernel/trace/trace_events.c | 5 + mm/filemap.c | 2 +- mm/hmm.c | 2 +- mm/kmemleak.c | 120 +++++---- mm/madvise.c | 2 +- mm/mmap.c | 26 +- mm/shmem.c | 2 +- mm/zsmalloc.c | 6 +- net/8021q/vlan.c | 42 ++- net/8021q/vlan.h | 1 + net/appletalk/aarp.c | 42 ++- net/appletalk/ddp.c | 7 +- net/bluetooth/hci_sysfs.c | 15 +- net/bluetooth/l2cap_core.c | 26 +- net/bluetooth/l2cap_sock.c | 3 + net/bluetooth/smp.c | 21 +- net/bluetooth/smp.h | 1 + net/caif/cfctrl.c | 294 ++++++++++----------- net/core/filter.c | 3 + net/core/netpoll.c | 7 + net/ipv4/route.c | 1 - net/ipv4/tcp_input.c | 3 +- net/ipv4/udp_offload.c | 2 +- net/ipv6/ip6_offload.c | 4 +- net/ipv6/seg6_hmac.c | 3 + net/mac80211/tx.c | 1 + net/ncsi/internal.h | 2 +- net/ncsi/ncsi-rsp.c | 1 + net/netfilter/nf_conntrack_netlink.c | 24 +- net/netfilter/nf_tables_api.c | 4 +- net/netfilter/xt_nfacct.c | 4 +- net/netlink/af_netlink.c | 2 +- net/packet/af_packet.c | 39 ++- net/phonet/pep.c | 2 +- net/sched/act_api.c | 14 + net/sched/act_csum.c | 4 +- net/sched/act_ct.c | 10 +- net/sched/act_gact.c | 14 +- net/sched/act_mirred.c | 55 ++-- net/sched/act_police.c | 5 +- net/sched/act_tunnel_key.c | 2 +- net/sched/act_vlan.c | 9 +- net/sched/sch_cake.c | 14 +- net/sched/sch_codel.c | 5 +- net/sched/sch_drr.c | 7 +- net/sched/sch_fq_codel.c | 6 +- net/sched/sch_hfsc.c | 8 +- net/sched/sch_htb.c | 6 +- net/sched/sch_netem.c | 40 +++ net/sched/sch_qfq.c | 40 ++- net/sched/sch_sfq.c | 116 +++++--- net/sctp/input.c | 2 +- net/tls/tls_sw.c | 13 + net/vmw_vsock/af_vsock.c | 3 +- net/wireless/mlme.c | 3 +- samples/mei/mei-amt-version.c | 2 +- scripts/Kbuild.include | 8 +- scripts/kconfig/gconf.c | 8 +- scripts/kconfig/lxdialog/inputbox.c | 6 +- scripts/kconfig/lxdialog/menubox.c | 2 +- scripts/kconfig/nconf.c | 2 + scripts/kconfig/nconf.gui.c | 1 + security/inode.c | 2 - sound/pci/hda/patch_ca0132.c | 2 +- sound/pci/hda/patch_hdmi.c | 19 ++ sound/pci/intel8x0.c | 2 +- sound/soc/codecs/hdac_hdmi.c | 10 +- sound/soc/codecs/rt5640.c | 5 + sound/soc/fsl/fsl_sai.c | 14 +- sound/soc/intel/boards/Kconfig | 2 +- sound/soc/soc-dapm.c | 4 + sound/soc/soc-ops.c | 28 +- sound/usb/mixer_quirks.c | 14 +- sound/usb/mixer_scarlett_gen2.c | 9 + sound/usb/stream.c | 25 +- sound/usb/validate.c | 14 +- tools/bpf/bpftool/net.c | 15 +- tools/perf/tests/bp_account.c | 1 + .../cpupower/utils/idle_monitor/mperf_monitor.c | 4 +- tools/testing/ktest/ktest.pl | 5 +- .../ftrace/test.d/ftrace/func-filter-glob.tc | 2 +- tools/testing/selftests/futex/include/futextest.h | 11 + .../testing/selftests/net/forwarding/tc_actions.sh | 72 ++++- tools/testing/selftests/net/rtnetlink.sh | 6 + 365 files changed, 3553 insertions(+), 1524 deletions(-)

2 weeks, 5 days

5
4
0 0

[PATCH 6.6 000/587] 6.6.103-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.103 release. There are 587 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 28 Aug 2025 11:08:24 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.103-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.103-rc1 Florian Westphal <fw(a)strlen.de> netfilter: nf_reject: don't leak dst refcount for loopback packets Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/hypfs: Enable limited access during lockdown Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/hypfs: Avoid unnecessary ioctl registration in debugfs Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation Armen Ratner <armeng(a)nvidia.com> net/mlx5e: Preserve shared buffer capacity during headroom updates Daniel Jurgens <danielj(a)nvidia.com> net/mlx5: Base ECVF devlink port attrs from 0 Hariprasad Kelam <hkelam(a)marvell.com> Octeontx2-af: Skip overlap check for SPI field Hangbin Liu <liuhangbin(a)gmail.com> bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU Aahil Awatramani <aahila(a)google.com> bonding: Add independent control state machine Hangbin Liu <liuhangbin(a)gmail.com> bonding: update LACP activity flag after setting lacp_active William Liu <will(a)willsroot.io> net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate William Liu <will(a)willsroot.io> net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit ValdikSS <iam(a)valdikss.org.ru> igc: fix disabling L1.2 PCI-E link substate on I226 on init Jason Xing <kernelxing(a)tencent.com> ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc Kanglong Wang <wangkanglong(a)loongson.cn> LoongArch: Optimize module load time by optimizing PLT/GOT counting D. Wythe <alibuda(a)linux.alibaba.com> net/smc: fix UAF on smcsk after smc_listen_out() Jordan Rhee <jordanrhee(a)google.com> gve: prevent ethtool ops after shutdown Yuichiro Tsuji <yuichtsu(a)amazon.com> net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Horatiu Vultur <horatiu.vultur(a)microchip.com> phy: mscc: Fix timestamping for vsc8584 Qingfang Deng <dqfext(a)gmail.com> ppp: fix race conditions in ppp_fill_forward_path Qingfang Deng <dqfext(a)gmail.com> net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path Minhong He <heminhong(a)kylinos.cn> ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add Jakub Ramaseuski <jramaseu(a)redhat.com> net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM Chenyuan Yang <chenyuan0y(a)gmail.com> drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() Dan Carpenter <dan.carpenter(a)linaro.org> ALSA: usb-audio: Fix size validation in convert_chmap_v3() Baihan Li <libaihan(a)huawei.com> drm/hisilicon/hibmc: fix the hibmc loaded failed bug Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum: Forward packets with an IPv4 link-local source IP Sergey Shtylyov <s.shtylyov(a)omp.ru> Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() Pauli Virtanen <pav(a)iki.fi> Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established Kees Cook <kees(a)kernel.org> iommu/amd: Avoid stack buffer overflow from kernel cmdline Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla4xxx: Prevent a potential error pointer dereference Wang Liang <wangliang74(a)huawei.com> net: bridge: fix soft lockup in br_multicast_query_expired() Anantha Prabhu <anantha.prabhu(a)broadcom.com> RDMA/bnxt_re: Fix to initialize the PBL array Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Fix to remove workload check in SRQ limit path Kashyap Desai <kashyap.desai(a)broadcom.com> RDMA/bnxt_re: Fix to do SRQ armena by default Boshi Yu <boshiyu(a)linux.alibaba.com> RDMA/erdma: Fix ignored return value of init_kernel_qp Nitin Gote <nitin.r.gote(a)intel.com> iosys-map: Fix undefined behavior in iosys_map_clear() Waiman Long <longman(a)redhat.com> cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key Fanhua Li <lifanhua5(a)huawei.com> drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). Stefan Wahren <wahrenst(a)gmx.net> spi: spi-fsl-lpspi: Clamp too high speed_hz Tianxiang Peng <txpeng(a)tencent.com> x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: maxim_contaminant: disable low power mode when reading comparator values Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> usb: xhci: Fix slot_id resource race conflict Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_icm42600: change invalid data error to -EBUSY Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> iio: imu: inv_icm42600: Convert to uXX and sXX integer types David Lechner <dlechner(a)baylibre.com> iio: imu: inv_icm42600: use = { } instead of memset() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 David Lechner <dlechner(a)baylibre.com> iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: light: as73211: Ensure buffer holes are zeroed Pu Lehui <pulehui(a)huawei.com> tracing: Limit access to parser->buffer when trace_get_user failed Steven Rostedt <rostedt(a)goodmis.org> tracing: Remove unneeded goto out logic Jakub Kicinski <kuba(a)kernel.org> tls: fix handling of zero-length records on the rx_list Michal Suchanek <msuchanek(a)suse.de> powerpc/boot: Fix build with gcc 15 Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER Jan Beulich <jbeulich(a)suse.com> compiler: remove __ADDRESSABLE_ASM{_STR,}() again Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Don't overclock DCE 6 by 15% Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: dwc3: pci: add support for the Intel Wildcat Lake Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: Remove WARN_ON for device endpoint command timeouts Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Ignore late xferNotReady event to prevent halt timeout Zenm Chen <zenmchen(a)gmail.com> USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles Thorsten Blum <thorsten.blum(a)linux.dev> usb: storage: realtek_cr: Use correct byte order for bcs->Residue Mael GUERIN <mael.guerin(a)murena.io> USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera Marek Vasut <marek.vasut+renesas(a)mailbox.org> usb: renesas-xhci: Fix External ROM access timeouts Xu Yang <xu.yang_2(a)nxp.com> usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test Ian Abbott <abbotti(a)mev.co.uk> comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() Edward Adam Davis <eadavis(a)qq.com> comedi: pcl726: Prevent invalid irq number Ian Abbott <abbotti(a)mev.co.uk> comedi: Make insn_rw_emulate_bits() do insn->n samples Miao Li <limiao(a)kylinos.cn> usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive Thorsten Blum <thorsten.blum(a)linux.dev> cdx: Fix off-by-one error in cdx_rpmsg_probe() Miaoqian Lin <linmq006(a)gmail.com> most: core: Drop device reference after usage in get_channel() David Lechner <dlechner(a)baylibre.com> iio: proximity: isl29501: fix buffered read on big-endian systems Salah Triki <salah.triki(a)gmail.com> iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() Steven Rostedt <rostedt(a)goodmis.org> ftrace: Also allocate and copy hash for reading of filter files Xu Yilun <yilun.xu(a)linux.intel.com> fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() Imre Deak <imre.deak(a)intel.com> drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: governors: menu: Avoid selecting states with too much latency Christian Loehle <christian.loehle(a)arm.com> cpuidle: menu: Remove iowait influence Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: Add a new function to simplify the code Bjorn Helgaas <bhelgaas(a)google.com> mmc: sdhci-pci-gli: Use PCI AER definitions, not hard-coded values Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: pm: check flush doesn't reset limits Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: disable add_addr retransmission when timeout is 0 Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: remove duplicate sk_reset_timer call Al Viro <viro(a)zeniv.linux.org.uk> use uniform permission checks for all mount propagation changes Ye Bin <yebin10(a)huawei.com> fs/buffer: fix use-after-free when call bh_read() helper Stefan Metzmacher <metze(a)samba.org> smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62-main: Remove eMMC High Speed DDR support Baokun Li <libaokun1(a)huawei.com> ext4: preserve SB_I_VERSION on remount Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers André Draszik <andre.draszik(a)linaro.org> scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Delay link start until configfs 'start' written Geraldo Nascimento <geraldogabriel(a)gmail.com> PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining Geraldo Nascimento <geraldogabriel(a)gmail.com> PCI: rockchip: Use standard PCIe definitions Dan Carpenter <dan.carpenter(a)linaro.org> soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Avoid a NULL pointer dereference Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/sclp: Fix SCCB present check Evgeniy Harchenko <evgeniyharchenko.dev(a)gmail.com> ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 Jinjiang Tu <tujinjiang(a)huawei.com> mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn Herton R. Krzesinski <herton(a)redhat.com> mm/debug_vm_pgtable: clear page table entries at destroy_args() Phillip Lougher <phillip(a)squashfs.org.uk> squashfs: fix memory leak in squashfs_fill_super Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency Jiayi Li <lijiayi(a)kylinos.cn> memstick: Fix deadlock by moving removing flag earlier Will Deacon <will(a)kernel.org> KVM: arm64: Fix kernel BUG() due to bad backport of FPSIMD/SVE/SME fix Vincent Guittot <vincent.guittot(a)linaro.org> sched/fair: Fix frequency selection for non-invariant case Vincent Guittot <vincent.guittot(a)linaro.org> topology: Set capacity_freq_ref in all cases Vincent Guittot <vincent.guittot(a)linaro.org> arm64/amu: Use capacity_ref_freq() to set AMU ratio Vincent Guittot <vincent.guittot(a)linaro.org> cpufreq/cppc: Set the frequency used for computing the capacity Vincent Guittot <vincent.guittot(a)linaro.org> energy_model: Use a fixed reference frequency Vincent Guittot <vincent.guittot(a)linaro.org> cpufreq/schedutil: Use a fixed reference frequency Vincent Guittot <vincent.guittot(a)linaro.org> cpufreq: Use the fixed and coherent frequency for scaling capacity Vincent Guittot <vincent.guittot(a)linaro.org> sched/topology: Add a new arch_scale_freq_ref() method Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: use correct linker when mixing clang and GNU ld Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Return aborted command when missing sense and result TF Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Take active children into account in pm_runtime_get_if_in_use() Sakari Ailus <sakari.ailus(a)linux.intel.com> PM: runtime: Simplify pm_runtime_get_if_active() usage Damien Le Moal <dlemoal(a)kernel.org> ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig Johan Hovold <johan(a)kernel.org> usb: dwc3: imx8mp: fix device leak at unbind Anshuman Khandual <anshuman.khandual(a)arm.com> mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Mikhail Lobanov <m.lobanov(a)rosa.ru> wifi: mac80211: check basic rates validity in sta_link_apply_parameters Sean Christopherson <seanjc(a)google.com> KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer Gerald Schaefer <gerald.schaefer(a)linux.ibm.com> s390/mm: Remove possible false-positive warning in pte_free_defer() Filipe Manana <fdmanana(a)suse.com> btrfs: send: make fs_path_len() inline and constify its argument Filipe Manana <fdmanana(a)suse.com> btrfs: send: use fallocate for hole punching with send stream v2 Filipe Manana <fdmanana(a)suse.com> btrfs: send: avoid path allocation for the current inode when issuing commands Filipe Manana <fdmanana(a)suse.com> btrfs: send: keep the current inode's path cached Filipe Manana <fdmanana(a)suse.com> btrfs: send: add and use helper to rename current inode when processing refs Filipe Manana <fdmanana(a)suse.com> btrfs: send: only use boolean variables at process_recorded_refs() Filipe Manana <fdmanana(a)suse.com> btrfs: send: factor out common logic when sending xattrs Qu Wenruo <wqu(a)suse.com> btrfs: populate otime when logging an inode item David Sterba <dsterba(a)suse.com> btrfs: constify more pointer parameters Boris Burkov <boris(a)bur.io> btrfs: fix ssd_spread overallocation David Sterba <dsterba(a)suse.com> btrfs: open code timespec64 in struct btrfs_inode Christoph Hellwig <hch(a)lst.de> xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() Filipe Manana <fdmanana(a)suse.com> btrfs: always abort transaction on failure to add block group to free space tree David Sterba <dsterba(a)suse.com> btrfs: move transaction aborts to the error site in add_block_group_free_space() Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix race between quota disable and quota rescan ioctl Filipe Manana <fdmanana(a)suse.com> btrfs: don't ignore inode missing when replaying log tree Sebastian Reichel <sebastian.reichel(a)collabora.com> usb: typec: fusb302: cache PD RX state Lukas Wunner <lukas(a)wunner.de> PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports Damien Le Moal <dlemoal(a)kernel.org> block: Make REQ_OP_ZONE_FINISH a write operation Christoph Hellwig <hch(a)lst.de> block: reject invalid operation in submit_bio_noacct Eric Biggers <ebiggers(a)kernel.org> fscrypt: Don't use problematic non-inline crypto engines Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> leds: flash: leds-qcom-flash: Fix registry access after re-bind Fenglin Wu <quic_fenglinw(a)quicinc.com> leds: flash: leds-qcom-flash: Limit LED current based on thermal condition Davide Caratti <dcaratti(a)redhat.com> net/sched: ets: use old 'nbands' while purging unused classes Eric Dumazet <edumazet(a)google.com> net_sched: sch_ets: implement lockless ets_dump() Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: fix netns refcount leak after net_passive changes Eric Dumazet <edumazet(a)google.com> net: better track kernel sockets lifetime Kuniyuki Iwashima <kuniyu(a)amazon.com> net: Add net_passive_inc() and net_passive_dec(). Isaac J. Manjarres <isaacmanjarres(a)google.com> selftests/memfd: add test for mapping write-sealed memfd read-only Isaac J. Manjarres <isaacmanjarres(a)google.com> mm: reinstate ability to map write-sealed memfd mappings read-only Isaac J. Manjarres <isaacmanjarres(a)google.com> mm: update memfd seal write check to include F_SEAL_WRITE Isaac J. Manjarres <isaacmanjarres(a)google.com> mm: drop the assumption that VM_SHARED always implies writable Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: kernel: flush: do not reset ADD_ADDR limit Christoph Paasch <cpaasch(a)openai.com> mptcp: drop skb if MPTCP skb extension allocation fails Chen Yu <yu.c.chen(a)intel.com> ACPI: pfr_update: Fix the driver update version check Eric Biggers <ebiggers(a)kernel.org> ipv6: sr: Fix MAC comparison to be constant-time Jakub Acs <acsjakub(a)amazon.de> net, hsr: reject HSR frame if skb can't hold tag Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Don't overwrite dce60_clk_mgr Michel Dänzer <mdaenzer(a)redhat.com> drm/amd/display: Add primary plane to commits for correct VRR handling Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Destroy KFD debugfs after destroy KFD wq Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: update mmhub 3.0.1 client id mappings Gang Ba <Gang.Ba(a)amd.com> drm/amdgpu: Avoid extra evict-restore process. Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Restore cached power limit during resume Ricardo Ribalda <ribalda(a)chromium.org> media: venus: venc: Clamp param smaller than 1fps and bigger than 240 Ricardo Ribalda <ribalda(a)chromium.org> media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com> media: venus: protect against spurious interrupts during probe Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com> media: venus: hfi: explicitly release IRQ during teardown Vedang Nagar <quic_vnagar(a)quicinc.com> media: venus: Add a check for packet size after reading from shared memory Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> media: qcom: camss: cleanup media device allocated resource on error path Hans de Goede <hansg(a)kernel.org> media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls Zhang Shurong <zhang_shurong(a)foxmail.com> media: ov2659: Fix memory leaks in ov2659_probe() Gui-Dong Han <hanguidong02(a)gmail.com> media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() Ludwig Disterhof <ludwig(a)disterhof.eu> media: usbtv: Lock resolution while streaming Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() Nicolas Dufresne <nicolas.dufresne(a)collabora.com> media: verisilicon: Fix AV1 decoder clock frequency Hans Verkuil <hverkuil(a)xs4all.nl> media: vivid: fix wrong pixel_array control size Haoxiang Li <haoxiang_li2024(a)163.com> media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() Bingbu Cao <bingbu.cao(a)intel.com> media: hi556: correct the test pattern configuration Dan Carpenter <dan.carpenter(a)linaro.org> media: gspca: Add bounds checking to firmware parser John David Anglin <dave.anglin(a)bell.net> parisc: Update comments in make_insert_tlb John David Anglin <dave.anglin(a)bell.net> parisc: Try to fixup kernel exception in bad_area_nosemaphore path of do_page_fault() John David Anglin <dave.anglin(a)bell.net> parisc: Revise gateway LWS calls to probe user read access John David Anglin <dave.anglin(a)bell.net> parisc: Revise __get_user() to probe user read access John David Anglin <dave.anglin(a)bell.net> parisc: Rename pte_needs_flush() to pte_needs_cache_flush() in cache.c Randy Dunlap <rdunlap(a)infradead.org> parisc: Makefile: explain that 64BIT requires both 32-bit and 64-bit compilers John David Anglin <dave.anglin(a)bell.net> parisc: Drop WARN_ON_ONCE() from flush_cache_vmap John David Anglin <dave.anglin(a)bell.net> parisc: Define and use set_pte_at() John David Anglin <dave.anglin(a)bell.net> parisc: Check region is readable by user in raw_copy_from_user() Jon Hunter <jonathanh(a)nvidia.com> soc/tegra: pmc: Ensure power-domains are in a known state Baokun Li <libaokun1(a)huawei.com> jbd2: prevent softlockup in jbd2_log_do_checkpoint() Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-boundary access in dnode page Kathiravan Thirumoorthy <kathiravan.thirumoorthy(a)oss.qualcomm.com> phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence Will Deacon <will(a)kernel.org> vhost/vsock: Avoid allocating arbitrarily-sized SKBs Will Deacon <will(a)kernel.org> vsock/virtio: Validate length in packet header before skb_put() Damien Le Moal <dlemoal(a)kernel.org> PCI: endpoint: Fix configfs group removal on driver teardown Damien Le Moal <dlemoal(a)kernel.org> PCI: endpoint: Fix configfs group list head handling Thomas Fourier <fourier.thomas(a)gmail.com> mtd: rawnand: renesas: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> mtd: rawnand: fsmc: Add missing check after DMA map Gabor Juhos <j4g8y7(a)gmail.com> mtd: spinand: propagate spinand_wait() errors from spinand_write_page() Michael Walle <mwalle(a)kernel.org> mtd: spi-nor: Fix spi_nor_try_unlock_all() Tim Harvey <tharvey(a)gateworks.com> hwmon: (gsc-hwmon) fix fan pwm setpoint show functions Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Fix duty and period setting Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Handle hardware enable and clock enable separately Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> pwm: imx-tpm: Reset counter if CMOD is 0 Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix dest ring-buffer corruption when ring is full Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix source ring-buffer corruption Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix dest ring-buffer corruption Johan Hovold <johan+linaro(a)kernel.org> wifi: ath12k: fix dest ring-buffer corruption when ring is full Johan Hovold <johan+linaro(a)kernel.org> wifi: ath12k: fix source ring-buffer corruption Johan Hovold <johan+linaro(a)kernel.org> wifi: ath12k: fix dest ring-buffer corruption Nathan Chancellor <nathan(a)kernel.org> wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() David Lechner <dlechner(a)baylibre.com> iio: adc: ad_sigma_delta: change to buffer predisable David Lechner <dlechner(a)baylibre.com> iio: imu: bno055: fix OOB access of hw_xlate array Marek Szyprowski <m.szyprowski(a)samsung.com> zynq_fpga: use sgtable-based scatterlist wrappers Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: mdt_loader: Ensure we don't read past the ELF header Igor Pylypiv <ipylypiv(a)google.com> ata: libata-scsi: Fix CDL control Adrian Hunter <adrian.hunter(a)intel.com> scsi: ufs: ufs-pci: Fix default runtime and system PM levels Archana Patni <archana.patni(a)intel.com> scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_to_sense_error() status handling Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Fix race between config read submit and interrupt completion Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> arm64: dts: ti: k3-am62-verdin: Enable pull-ups on I2C buses Hong Guan <hguan(a)ti.com> arm64: dts: ti: k3-am62a7-sk: fix pinmux for main_uart1 Alexander Sverdlin <alexander.sverdlin(a)siemens.com> arm64: dts: ti: k3-pinctrl: Enable Schmitt Trigger by default Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: fix write time activation failure for metadata block group Zhang Yi <yi.zhang(a)huawei.com> ext4: fix hole length calculation overflow in non-extent inodes Liao Yuanhong <liaoyuanhong(a)vivo.com> ext4: use kmalloc_array() for array space allocation Theodore Ts'o <tytso(a)mit.edu> ext4: don't try to clear the orphan_present feature block device is r/o Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: fix reserved gdt blocks handling in fsmap Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: fix fsmap end of range reporting with bigalloc Andreas Dilger <adilger(a)dilger.ca> ext4: check fast symlink for ea_inode correctly Masami Hiramatsu (Google) <mhiramat(a)kernel.org> tracing: fprobe-event: Sanitize wildcard for fprobe event name Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: extend the connection limiting mechanism to support IPv6 Ziyan Xu <ziyan(a)securitygossip.com> ksmbd: fix refcount leak causing resource not released Helge Deller <deller(a)gmx.de> Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - flush misc workqueue during device shutdown Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - lower priority for skcipher and aead algorithms Eric Biggers <ebiggers(a)kernel.org> lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> vt: defkeymap: Map keycodes above 127 to K_HOLE Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> vt: keyboard: Don't process Unicode characters in K_OFF mode Youssef Samir <quic_yabdulra(a)quicinc.com> bus: mhi: host: Detect events pointing to unexpected TREs Alexander Wilhelm <alexander.wilhelm(a)westermo.com> bus: mhi: host: Fix endianness of BHI vector table Johan Hovold <johan(a)kernel.org> usb: dwc3: meson-g12a: fix device leaks at unbind Johan Hovold <johan(a)kernel.org> usb: musb: omap2430: fix device leak at unbind Johan Hovold <johan(a)kernel.org> usb: gadget: udc: renesas_usb3: fix device leak at unbind Nathan Chancellor <nathan(a)kernel.org> usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() Finn Thain <fthain(a)linux-m68k.org> m68k: Fix lost column on framebuffer debug console Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() Dan Carpenter <dan.carpenter(a)linaro.org> cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() Yunhui Cui <cuiyunhui(a)bytedance.com> serial: 8250: fix panic due to PSLVERR Frederic Weisbecker <frederic(a)kernel.org> rcu: Fix racy re-initialization of irq_work causing hangs Aditya Garg <gargaditya08(a)live.com> HID: apple: avoid setting up battery timer for devices without battery Aditya Garg <gargaditya08(a)live.com> HID: magicmouse: avoid setting up battery timer when not needed Pedro Falcato <pfalcato(a)suse.de> RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages Willy Tarreau <w(a)1wt.eu> tools/nolibc: fix spelling of FD_SETBITMASK in FD_* macros Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Do not mark valid metadata as invalid Vedang Nagar <quic_vnagar(a)quicinc.com> media: venus: Fix OOB read due to missing payload bound check Youngjun Lee <yjjuny.lee(a)samsung.com> media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Breno Leitao <leitao(a)debian.org> mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock Waiman Long <longman(a)redhat.com> mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() Randy Dunlap <rdunlap(a)infradead.org> parisc: Makefile: fix a typo in palo.conf Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix panic during namespace deletion with VF Sravan Kumar Gundu <sravankumarlpu(a)gmail.com> fbdev: Fix vmalloc out-of-bounds write in fast_imageblit Qu Wenruo <wqu(a)suse.com> btrfs: do not allow relocation of partially dropped subvolumes Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: do not select metadata BG as finish target Filipe Manana <fdmanana(a)suse.com> btrfs: fix log tree replay failure due to file with 0 links and extents Filipe Manana <fdmanana(a)suse.com> btrfs: clear dirty status from extent buffer on error at insert_new_root() Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: do not remove unwritten non-data block group Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction during log replay if walk_log_tree() failed Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use filesystem size not disk size for reclaim decision Oliver Neukum <oneukum(a)suse.com> cdc-acm: fix race between initial clearing halt and open Eric Biggers <ebiggers(a)kernel.org> thunderbolt: Fix copy+paste error in match_service_id() Ian Abbott <abbotti(a)mev.co.uk> comedi: fix race between polling and detaching Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> usb: typec: ucsi: Update power_supply on power role change Ricky Wu <ricky_wu(a)realtek.com> misc: rtsx: usb: Ensure mmc child device is active when card is present Xinyu Liu <katieeliu(a)tencent.com> usb: core: config: Prevent OOB read in SS endpoint companion parsing Baokun Li <libaokun1(a)huawei.com> ext4: fix largest free orders lists corruption on mb_optimize_scan switch Baokun Li <libaokun1(a)huawei.com> ext4: fix zombie groups in average fragment size lists Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Prevent ALIGN() overflow Nicolin Chen <nicolinc(a)nvidia.com> iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range Alexey Klimov <alexey.klimov(a)linaro.org> iommu/arm-smmu-qcom: Add SM6115 MDSS compatible Shyam Prasad N <sprasad(a)microsoft.com> cifs: reset iface weights when we cannot find a candidate Jack Xiao <Jack.Xiao(a)amd.com> drm/amdgpu: fix incorrect vm flags to map bo Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: replace regmap_write with regmap_update_bits Jiasheng Jiang <jiashengjiangcool(a)gmail.com> scsi: lpfc: Remove redundant assignment to avoid memory leak Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix uninited ptr deref in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Handle RPC size limit for layoutcommits Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix disk addr range check in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix stripe mapping in block/scsi layout John Garry <john.g.garry(a)oracle.com> block: avoid possible overflow for chunk_sectors check in blk_stack_limits() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix uninitialized pointer error in probe() Buday Csaba <buday.csaba(a)prolan.hu> net: phy: smsc: add proper reset flags for LAN8710A Corey Minyard <corey(a)minyard.net> ipmi: Fix strcpy source and destination the same Yann E. MORIN <yann.morin.1998(a)free.fr> kconfig: lxdialog: fix 'space' to (de)select options Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: fix potential memory leak in renderer_edited() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() Breno Leitao <leitao(a)debian.org> ipmi: Use dev_warn_ratelimited() for incorrect message warnings Artem Sadovnikov <a.sadovnikov(a)ispras.ru> vfio/mlx5: fix possible overflow in tracking max message size John Garry <john.g.garry(a)oracle.com> scsi: aacraid: Stop using PCI_IRQ_AFFINITY Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: core: Generate correct identifiers for PR OUT transport IDs Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans Shankari Anand <shankari.ak0208(a)gmail.com> kconfig: nconf: Ensure null termination where strncpy is used Keith Busch <kbusch(a)kernel.org> vfio/type1: conditional rescheduling while pinning Suchit Karunakaran <suchitkarunakaran(a)gmail.com> kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c Jaegeuk Kim <jaegeuk(a)kernel.org> f2fs: check the generic conditions first Yuezhang Mo <Yuezhang.Mo(a)sony.com> exfat: add cluster chain loop check for dir fangzhong.zhou <myth5(a)myth5.com> i2c: Force DLL0945 touchpad i2c freq to 100khz Mateusz Guzik <mjguzik(a)gmail.com> apparmor: use the condition in AA_BUG_FMT even with debug disabled Benjamin Marzinski <bmarzins(a)redhat.com> dm-table: fix checking for rq stackable devices Mikulas Patocka <mpatocka(a)redhat.com> dm-mpath: don't print the "loaded" message if registering fails Jorge Marques <jorge.marques(a)analog.com> i3c: master: Initialize ret in i3c_i2c_notifier_call() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: don't fail if GETHDRCAP is unsupported Gabriel Totev <gabriel.totev(a)zetier.com> apparmor: shift ouid when mediating hard links in userns Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: add missing include to internal header Petr Pavlu <petr.pavlu(a)suse.com> module: Prevent silent truncation of module name in delete_module(2) Purva Yeshi <purvayeshi550(a)gmail.com> md: dm-zoned-target: Initialize return variable r to avoid uninitialized use Charles Keepax <ckeepax(a)opensource.cirrus.com> soundwire: Move handle_nested_irq outside of sdw_dev_lock Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> soundwire: amd: serialize amd manager resume sequence during pm_prepare Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - add timeout for load_fvc completion poll chenchangcheng <chenchangcheng(a)kylinos.cn> media: uvcvideo: Fix bandwidth issue for Alcor camera Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() Wolfram Sang <wsa+renesas(a)sang-engineering.com> media: usb: hdpvr: disable zero-length read messages Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Increase FIFO trigger level to 374 Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Return an appropriate colorspace from tc358743_set_fmt Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Check I2C succeeded during probe Cheick Traore <cheick.traore(a)foss.st.com> pinctrl: stm32: Manage irq affinity settings Damien Le Moal <dlemoal(a)kernel.org> scsi: mpi3mr: Correctly handle ATA device errors Damien Le Moal <dlemoal(a)kernel.org> scsi: mpt3sas: Correctly handle ATA device errors Abel Vesa <abel.vesa(a)linaro.org> power: supply: qcom_battmgr: Add lithium-polymer entry Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Arnd Bergmann <arnd(a)arndb.de> RDMA/core: reduce stack using in nldev_stat_get_doit() Yury Norov [NVIDIA] <yury.norov(a)gmail.com> RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs Johan Adolfsson <johan.adolfsson(a)axis.com> leds: leds-lp50xx: Handle reg to get correct multi_index Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control Shiji Yang <yangshiji66(a)outlook.com> MIPS: lantiq: falcon: sysctrl: fix request memory check logic Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Markus Theil <theil.markus(a)gmail.com> crypto: jitter - fix intermediary handling Arnaud Lecomte <contact(a)arnaud-lcm.com> jfs: upper bound check of tree index in dbAllocAG Edward Adam Davis <eadavis(a)qq.com> jfs: Regular file corruption check Lizhi Xu <lizhi.xu(a)windriver.com> jfs: truncate good inode pages when hard link is 0 jackysliu <1972843537(a)qq.com> scsi: bfa: Double-free fix Ziyan Fu <fuzy5(a)lenovo.com> watchdog: iTCO_wdt: Report error if timeout configuration fails Shiji Yang <yangshiji66(a)outlook.com> MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} George Moussalem <george.moussalem(a)outlook.com> clk: qcom: ipq5018: keep XO clock always on Florin Leotescu <florin.leotescu(a)nxp.com> hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state Sebastian Reichel <sebastian.reichel(a)collabora.com> watchdog: dw_wdt: Fix default timeout Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> fs/orangefs: use snprintf() instead of sprintf() Showrya M N <showrya(a)chelsio.com> scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Geraldo Nascimento <geraldogabriel(a)gmail.com> phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal Chen-Yu Tsai <wens(a)csie.org> mfd: axp20x: Set explicit ID for AXP313 regulator Pei Xiao <xiaopei01(a)kylinos.cn> clk: tegra: periph: Fix error handling and resolve unsigned compare warning Theodore Ts'o <tytso(a)mit.edu> ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr Zhiqi Song <songzhiqi1(a)huawei.com> crypto: hisilicon/hpre - fix dma unmap sequence Yongzhen Zhang <zhangyongzhen(a)kylinos.cn> fbdev: fix potential buffer overflow in do_register_framebuffer() Pali Rohár <pali(a)kernel.org> cifs: Fix calling CIFSFindFirst() for root path without msearch Aaron Plattner <aplattner(a)nvidia.com> watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Only finalize atomic_obj if it was initialized Jason Wang <jasowang(a)redhat.com> vhost: fail early when __vhost_add_used() fails Will Deacon <will(a)kernel.org> vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 Joel Fernandes <joelagnelf(a)nvidia.com> rcu: Fix rcu_read_unlock() deadloop due to IRQ work Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/ttm: Respect the shrinker core free target Wayne Lin <Wayne.Lin(a)amd.com> drm/amd/display: Avoid trying AUX transactions on disconnected ports Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix a user_ringbuf failure with arm64 64KB page size Ihor Solodrai <isolodrai(a)meta.com> bpf: Make reg_not_null() true for CONST_PTR_TO_MAP Jakub Kicinski <kuba(a)kernel.org> uapi: in6: restore visibility of most IPv6 socket options Emily Deng <Emily.Deng(a)amd.com> drm/ttm: Should to return the evict error Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com> net: ncsi: Fix buffer overflow in fetching version id Shannon Nelson <shannon.nelson(a)amd.com> ionic: clean dbpage in de-init Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() Breno Leitao <leitao(a)debian.org> ptp: Use ratelimite for freerun error message Yuan Chen <chenyuan(a)kylinos.cn> bpftool: Fix JSON writer resource leak in version command Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent DIS_LEARNING access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: Return error for unknown admin queue command Gal Pressman <gal(a)nvidia.com> net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs Gal Pressman <gal(a)nvidia.com> net: vlan: Make is_vlan_dev() a stub when VLAN is not configured Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual Heiner Kallweit <hkallweit1(a)gmail.com> dpaa_eth: don't use fixed_phy_change_carrier Nicolas Escande <nico.escande(a)gmail.com> neighbour: add support for NUD_PERMANENT proxy entries Stanislaw Gruszka <stf_xl(a)wp.pl> wifi: iwlegacy: Check rate_idx range after addition Mina Almasry <almasrymina(a)google.com> netmem: fix skb_frag_address_safe with unreadable skbs Thomas Fourier <fourier.thomas(a)gmail.com> powerpc: floppy: Add missing checks after DMA map Karthikeyan Kathirvel <quic_kathirve(a)quicinc.com> wifi: ath12k: Decrement TID on RX peer frag setup error handling Raj Kumar Bhagat <quic_rajkbhag(a)quicinc.com> wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. Ramya Gnanasekar <ramya.gnanasekar(a)oss.qualcomm.com> wifi: mac80211: update radar_required in channel context after channel switch Wen Chen <Wen.Chen3(a)amd.com> drm/amd/display: Fix 'failed to blank crtc!' Pagadala Yesu Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Rand Deeb <rand.sec96(a)gmail.com> wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: Add memset and update default rate value in wmi tx completion Ilya Bakoulin <Ilya.Bakoulin(a)amd.com> drm/amd/display: Separate set_gsl from set_gsl_source_select Jonas Rebmann <jre(a)pengutronix.de> net: fec: allow disable coalescing Eric Work <work.eric(a)gmail.com> net: atlantic: add set_power to fw_ops for atl2 to fix wol Aakash Kumar S <saakashkumar(a)marvell.com> xfrm: Duplicate SPI Handling zhangjianrong <zhangjianrong5(a)huawei.com> net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() zhangjianrong <zhangjianrong5(a)huawei.com> net: thunderbolt: Enable end-to-end flow control also in transmit Mark Brown <broonie(a)kernel.org> kselftest/arm64: Specify SVE data when testing VL set in sve-ptrace David Bauer <mail(a)david-bauer.net> wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Disable deep power saving for USB/SDIO Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Fix rtw89_mac_power_switch() for USB Rob Clark <robdclark(a)chromium.org> drm/msm: use trylock for debugfs Hari Chandrakanthan <quic_haric(a)quicinc.com> wifi: mac80211: fix rx link assignment for non-MLO stations Kuniyuki Iwashima <kuniyu(a)google.com> ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). Thomas Fourier <fourier.thomas(a)gmail.com> (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't complete management TX on SAE commit Chris Mason <clm(a)fb.com> sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails Sven Schnelle <svens(a)linux.ibm.com> s390/stp: Remove udelay from stp_sync_clock() Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: fix scan request validation Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> um: Re-evaluate thread flags repeatedly Miri Korenblit <miriam.rachel.korenblit(a)intel.com> wifi: iwlwifi: mvm: set gtk id also in older FWs Alok Tiwari <alok.a.tiwari(a)oracle.com> perf/cxlpmu: Remove unintended newline from IRQ name format string Biju Das <biju.das.jz(a)bp.renesas.com> net: phy: micrel: Add ksz9131_resume() Alok Tiwari <alok.a.tiwari(a)oracle.com> net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix incorrect MTU in broadcast routes Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Fix interface type validation Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Prevent duplicate binds Paul E. McKenney <paulmck(a)kernel.org> rcu: Protect ->defer_qs_iw_pending from data race Breno Leitao <leitao(a)debian.org> arm64: Mark kernel as tainted on SAE and SError panic Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Properly access RCU protected qdisc_sleeping variable Thomas Fourier <fourier.thomas(a)gmail.com> net: ag71xx: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> et131x: Add missing check after DMA map Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB Alok Tiwari <alok.a.tiwari(a)oracle.com> be2net: Use correct byte order and format string for TCP seq and ack_seq Sven Schnelle <svens(a)linux.ibm.com> s390/time: Use monotonic clock in get_cycles() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: reject HTC bit for management frames Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Prevent recursion of default variable options Sarika Sharma <quic_sarishar(a)quicinc.com> wifi: ath12k: Correct tid cleanup when tid setup fails Oliver Neukum <oneukum(a)suse.com> net: usb: cdc-ncm: check for filtering capability Anthoine Bourgeois <anthoine.bourgeois(a)vates.tech> xen/netfront: Fix TX response spurious interrupts Zijun Hu <zijun.hu(a)oss.qualcomm.com> Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() Steven Rostedt <rostedt(a)goodmis.org> powerpc/thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 Srinivas Kandagatla <srini(a)kernel.org> ASoC: qcom: use drvdata instead of component to keep id Xinxin Wan <xinxin.wan(a)intel.com> ASoC: codecs: rt5640: Retry DEVICE_ID verification Jonathan Santos <Jonathan.Santos(a)analog.com> iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Christophe Leroy <christophe.leroy(a)csgroup.eu> ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop Lucy Thrun <lucy.thrun(a)digital-rabbithole.de> ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Tomasz Michalec <tmichalec(a)google.com> platform/chrome: cros_ec_typec: Defer probe on missing EC parent Kees Cook <kees(a)kernel.org> platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: mdt_loader: Actually use the e_phoff Krzysztof Hałasa <khalasa(a)piap.pl> imx8m-blk-ctrl: set ISI panic write hurry level Gautham R. Shenoy <gautham.shenoy(a)amd.com> pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() Oliver Neukum <oneukum(a)suse.com> usb: core: usb_submit_urb: downgrade type check Tomasz Michalec <tmichalec(a)google.com> usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() Alok Tiwari <alok.a.tiwari(a)oracle.com> ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 Mark Brown <broonie(a)kernel.org> ASoC: hdac_hdmi: Rate limit logging on connection and disconnection Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Avoid warning when overriding return thunk Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Disable jack polling at shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Handle the jack polling always via a work Ulf Hansson <ulf.hansson(a)linaro.org> mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Hans de Goede <hansg(a)kernel.org> mei: bus: Check for still connected devices in mei_cl_bus_dev_release() Zijun Hu <zijun.hu(a)oss.qualcomm.com> char: misc: Fix improper and inaccurate error code returned by misc_init() Peter Robinson <pbrobinson(a)gmail.com> reset: brcmstb: Enable reset drivers for ARCH_BCM2835 Eliav Farber <farbere(a)amazon.com> pps: clients: gpio: fix interrupt handling order in remove path Breno Leitao <leitao(a)debian.org> ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Ensure SD card power isn't ON when card removed Sebastian Ott <sebott(a)redhat.com> ACPI: processor: fix acpi_object initialization tuhaowen <tuhaowen(a)uniontech.com> PM: sleep: console: Fix the black screen issue Hsin-Te Yuan <yuanhsinte(a)chromium.org> thermal: sysfs: Return ENODATA instead of EAGAIN for reads Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() Thierry Reding <treding(a)nvidia.com> firmware: tegra: Fix IVC dependency problems Zhu Qiyu <qiyuzhu2(a)amd.com> ACPI: PRM: Reduce unnecessary printing to avoid user confusion Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests: tracing: Use mutex_unlock for testing glob filter Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> tools/build: Fix s390(x) cross-compilation with clang Aaron Kling <webgeek1234(a)gmail.com> ARM: tegra: Use I/O memcpy to write to IRAM Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: tps65912: check the return value of regmap_update_bits() David Lechner <dlechner(a)baylibre.com> iio: adc: ad_sigma_delta: don't overallocate scan buffer Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: define time_t in terms of __kernel_old_time_t David Collins <david.collins(a)oss.qualcomm.com> thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/synopsys: Clear the ECC counters on init Lifeng Zheng <zhenglifeng1(a)huawei.com> PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() Alexander Kochetkov <al.kochet(a)gmail.com> ARM: rockchip: fix kernel hang during smp initialization Lifeng Zheng <zhenglifeng1(a)huawei.com> cpufreq: Exit governor when failed to start old governor Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: wcd934x: check the return value of regmap_update_bits() Hiago De Franco <hiago.franco(a)toradex.com> remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU Shuai Xue <xueshuai(a)linux.alibaba.com> ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered Maulik Shah <maulik.shah(a)oss.qualcomm.com> soc: qcom: rpmh-rsc: Add RSC version 4 support Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing errors during surprise removal Jay Chen <shawn2000100(a)gmail.com> usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing warnings for dying controller Benson Leung <bleung(a)chromium.org> usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default Cynthia Huang <cynthia(a)andestech.com> selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t Prashant Malani <pmalani(a)google.com> cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag Mario Limonciello <mario.limonciello(a)amd.com> platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list Su Hui <suhui(a)nfschina.com> usb: xhci: print xhci->xhc_state when queue_command failed Steven Rostedt <rostedt(a)goodmis.org> tracefs: Add d_delete to remove negative dentries Al Viro <viro(a)zeniv.linux.org.uk> securityfs: don't pin dentries twice, once is enough... Al Viro <viro(a)zeniv.linux.org.uk> fix locking in efi_secret_unlink() Wei Gao <wegao(a)suse.com> ext2: Handle fiemap on empty files to prevent EINVAL Rong Zhang <ulin0208(a)gmail.com> fs/ntfs3: correctly create symlink for relative path Lizhi Xu <lizhi.xu(a)windriver.com> fs/ntfs3: Add sanity check for file name Damien Le Moal <dlemoal(a)kernel.org> ata: libata-sata: Disallow changing LPM state if not supported Al Viro <viro(a)zeniv.linux.org.uk> better lockdep annotations for simple_recursive_removal() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix not erasing deleted b-tree node issue Sarah Newman <srn(a)prgmr.com> drbd: add missing kref_get in handle_write_conflicts Jan Kara <jack(a)suse.cz> udf: Verify partition map count Jan Kara <jack(a)suse.cz> loop: Avoid updating block size under exclusive owner Andrew Price <anprice(a)redhat.com> gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops Keith Busch <kbusch(a)kernel.org> nvme-pci: try function level reset on init failure NeilBrown <neil(a)brown.name> smb/server: avoid deadlock when linking with ReplaceIfExists Kees Cook <kees(a)kernel.org> arm64: Handle KCOV __init vs inline mismatches Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix slab-out-of-bounds in hfs_bnode_read() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix general protection fault in hfs_find_init() Jakub Kicinski <kuba(a)kernel.org> tls: handle data disappearing from under the TLS ULP Jeongjun Park <aha310510(a)gmail.com> ptp: prevent possible ABBA deadlock in ptp_clock_freerun() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: governors: menu: Avoid using invalid recent intervals data Len Brown <len.brown(a)intel.com> intel_idle: Allow loading ACPI tables for any family Xin Long <lucien.xin(a)gmail.com> sctp: linearize cloned gso packets in sctp_rcv Alok Tiwari <alok.a.tiwari(a)oracle.com> net: ti: icss-iep: Fix incorrect type for return value in extts_enable() Florian Westphal <fw(a)strlen.de> netfilter: ctnetlink: fix refcount leak on table dump Sabrina Dubroca <sd(a)queasysnail.net> udp: also consider secpath when evaluating ipsec use for checksumming Maxim Levitsky <mlevitsk(a)redhat.com> KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest Maxim Levitsky <mlevitsk(a)redhat.com> KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs Maxim Levitsky <mlevitsk(a)redhat.com> KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter Sean Christopherson <seanjc(a)google.com> KVM: VMX: Extract checking of guest's DEBUGCTL into helper Sean Christopherson <seanjc(a)google.com> KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported Sean Christopherson <seanjc(a)google.com> KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag Sean Christopherson <seanjc(a)google.com> KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap Sean Christopherson <seanjc(a)google.com> KVM: x86: Fully defer to vendor code to decide how to force immediate exit Sean Christopherson <seanjc(a)google.com> KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 Sean Christopherson <seanjc(a)google.com> KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers Sean Christopherson <seanjc(a)google.com> KVM: VMX: Handle forced exit due to preemption timer in fastpath Sean Christopherson <seanjc(a)google.com> KVM: VMX: Re-enter guest in fastpath for "spurious" preemption timer exits Sean Christopherson <seanjc(a)google.com> KVM: x86: Plumb "force_immediate_exit" into kvm_entry() tracepoint Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot the host's DEBUGCTL in common x86 Chao Gao <chao.gao(a)intel.com> KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID Sean Christopherson <seanjc(a)google.com> KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() Sean Christopherson <seanjc(a)google.com> KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow Manuel Andreas <manuel.andreas(a)tum.de> KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush Stefan Metzmacher <metze(a)samba.org> smb: client: don't wait for info->send_pending == 0 on error Stefan Metzmacher <metze(a)samba.org> smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: processor: perflib: Move problematic pr->performance check Jiayi Li <lijiayi(a)kylinos.cn> ACPI: processor: perflib: Fix initial _PPC limit application Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Documentation: ACPI: Fix parent device references Jann Horn <jannh(a)google.com> eventpoll: Fix semi-unbounded recursion Sasha Levin <sashal(a)kernel.org> fs: Prevent file descriptor table allocations exceeding INT_MAX Ma Ke <make24(a)iscas.ac.cn> sunvdc: Balance device refcount in vdc_port_mpgroup_check Haoran Jiang <jianghaoran(a)kylinos.cn> LoongArch: BPF: Fix jump offset calculation in tailcall Huacai Chen <chenhuacai(a)kernel.org> PCI: Extend isolated function probing to LoongArch Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix the setting of capabilities when automounting a new filesystem Dai Ngo <dai.ngo(a)oracle.com> NFSD: detect mismatch of file handle and delegation stateid in OPEN op Jeff Layton <jlayton(a)kernel.org> nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Jens Axboe <axboe(a)kernel.dk> io_uring/net: commit partial buffers on retry Xu Yang <xu.yang_2(a)nxp.com> net: usb: asix_devices: add phy_mask for ax88772 mdio bus Johan Hovold <johan(a)kernel.org> net: dpaa: fix device leak when querying time stamp info Johan Hovold <johan(a)kernel.org> net: ti: icss-iep: fix device and OF node leaks at probe Johan Hovold <johan(a)kernel.org> net: mtk_eth_soc: fix device leak at probe Johan Hovold <johan(a)kernel.org> net: enetc: fix device and OF node leak at probe Johan Hovold <johan(a)kernel.org> net: gianfar: fix device leak when querying time stamp info Florian Larysch <fl(a)n621.de> net: phy: micrel: fix KSZ8081/KSZ8091 cable test Fedor Pchelkin <pchelkin(a)ispras.ru> netlink: avoid infinite retry looping in netlink_unicast() Daniel Golle <daniel(a)makrotopia.org> Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" David Thompson <davthompson(a)nvidia.com> gpio: mlxbf3: use platform_get_irq_optional() David Thompson <davthompson(a)nvidia.com> Revert "gpio: mlxbf3: only get IRQ for device instance 0" David Thompson <davthompson(a)nvidia.com> gpio: mlxbf2: use platform_get_irq_optional() Harald Mommer <harald.mommer(a)oss.qualcomm.com> gpio: virtio: Fix config space reading. Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: remove redundant lstrp update in negotiate protocol Steve French <stfrench(a)microsoft.com> smb3: fix for slab out of bounds on mount to ksmbd Christopher Eby <kreed(a)kreed.org> ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks Vasiliy Kovalev <kovalev(a)altlinux.org> ALSA: hda/realtek: Fix headset mic on HONOR BRB-X Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 cluster segment descriptors Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 power domain descriptors, too Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't use int for ABI ------------- Diffstat: .../bindings/display/sprd/sprd,sharkl3-dpu.yaml | 2 +- .../display/sprd/sprd,sharkl3-dsi-host.yaml | 2 +- Documentation/filesystems/fscrypt.rst | 37 +-- Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 +- Documentation/networking/bonding.rst | 12 + Documentation/networking/mptcp-sysctl.rst | 2 + Documentation/power/runtime_pm.rst | 5 +- Makefile | 6 +- arch/arm/include/asm/topology.h | 1 + arch/arm/mach-rockchip/platsmp.c | 15 +- arch/arm/mach-tegra/reset.c | 2 +- arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 - arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 12 +- arch/arm64/boot/dts/ti/k3-am62a7-sk.dts | 4 +- arch/arm64/boot/dts/ti/k3-pinctrl.h | 15 +- arch/arm64/include/asm/acpi.h | 2 +- arch/arm64/include/asm/topology.h | 1 + arch/arm64/kernel/fpsimd.c | 4 +- arch/arm64/kernel/topology.c | 26 +- arch/arm64/kernel/traps.c | 1 + arch/arm64/mm/fault.c | 1 + arch/arm64/mm/ptdump_debugfs.c | 3 - arch/loongarch/kernel/module-sections.c | 38 +-- arch/loongarch/net/bpf_jit.c | 21 +- arch/m68k/kernel/head.S | 31 +- arch/mips/crypto/chacha-core.S | 20 +- arch/mips/include/asm/vpe.h | 8 + arch/mips/kernel/process.c | 16 +- arch/mips/lantiq/falcon/sysctrl.c | 23 +- arch/parisc/Makefile | 6 +- arch/parisc/include/asm/pgtable.h | 7 +- arch/parisc/include/asm/special_insns.h | 28 ++ arch/parisc/include/asm/uaccess.h | 21 +- arch/parisc/kernel/cache.c | 6 +- arch/parisc/kernel/entry.S | 17 +- arch/parisc/kernel/syscall.S | 30 +- arch/parisc/lib/memcpy.c | 19 +- arch/parisc/mm/fault.c | 4 + arch/powerpc/boot/Makefile | 1 + arch/powerpc/include/asm/floppy.h | 5 +- arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 +- arch/riscv/include/asm/topology.h | 1 + arch/s390/hypfs/hypfs_dbfs.c | 19 +- arch/s390/include/asm/timex.h | 13 +- arch/s390/kernel/time.c | 2 +- arch/s390/mm/dump_pagetables.c | 2 - arch/s390/mm/pgalloc.c | 5 - arch/um/include/asm/thread_info.h | 4 + arch/um/kernel/process.c | 18 +- arch/x86/include/asm/kvm-x86-ops.h | 2 - arch/x86/include/asm/kvm_host.h | 22 +- arch/x86/include/asm/msr-index.h | 1 + arch/x86/include/asm/xen/hypercall.h | 5 +- arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kernel/cpu/hygon.c | 3 + arch/x86/kvm/hyperv.c | 3 + arch/x86/kvm/lapic.c | 19 +- arch/x86/kvm/lapic.h | 1 + arch/x86/kvm/svm/svm.c | 42 ++- arch/x86/kvm/svm/vmenter.S | 9 +- arch/x86/kvm/trace.h | 9 +- arch/x86/kvm/vmx/nested.c | 26 +- arch/x86/kvm/vmx/pmu_intel.c | 8 +- arch/x86/kvm/vmx/vmx.c | 164 ++++++---- arch/x86/kvm/vmx/vmx.h | 31 +- arch/x86/kvm/x86.c | 46 ++- block/blk-core.c | 26 +- block/blk-settings.c | 2 +- crypto/jitterentropy-kcapi.c | 9 +- drivers/acpi/acpi_processor.c | 2 +- drivers/acpi/apei/ghes.c | 13 + drivers/acpi/pfr_update.c | 2 +- drivers/acpi/prmt.c | 26 +- drivers/acpi/processor_perflib.c | 11 + drivers/ata/Kconfig | 35 +- drivers/ata/libata-sata.c | 5 + drivers/ata/libata-scsi.c | 58 ++-- drivers/base/arch_topology.c | 69 ++-- drivers/base/power/runtime.c | 59 +++- drivers/block/drbd/drbd_receiver.c | 6 +- drivers/block/loop.c | 38 ++- drivers/block/sunvdc.c | 4 +- drivers/bus/mhi/host/boot.c | 8 +- drivers/bus/mhi/host/internal.h | 4 +- drivers/bus/mhi/host/main.c | 12 +- drivers/cdx/controller/cdx_rpmsg.c | 3 +- drivers/char/ipmi/ipmi_msghandler.c | 8 +- drivers/char/ipmi/ipmi_watchdog.c | 59 +++- drivers/char/misc.c | 4 +- drivers/clk/qcom/gcc-ipq5018.c | 2 +- drivers/clk/tegra/clk-periph.c | 4 +- drivers/comedi/comedi_fops.c | 38 ++- drivers/comedi/comedi_internal.h | 1 + drivers/comedi/drivers.c | 40 ++- drivers/comedi/drivers/pcl726.c | 3 +- drivers/cpufreq/armada-8k-cpufreq.c | 2 +- drivers/cpufreq/cppc_cpufreq.c | 2 +- drivers/cpufreq/cpufreq.c | 12 +- drivers/cpuidle/governors/menu.c | 98 ++---- drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 +- .../crypto/intel/qat/qat_common/adf_common_drv.h | 1 + drivers/crypto/intel/qat/qat_common/adf_init.c | 1 + drivers/crypto/intel/qat/qat_common/adf_isr.c | 5 + drivers/crypto/intel/qat/qat_common/qat_algs.c | 12 +- .../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 +- drivers/devfreq/governor_userspace.c | 6 +- drivers/dma/stm32-dma.c | 2 +- drivers/edac/synopsys_edac.c | 93 +++--- drivers/firmware/tegra/Kconfig | 5 +- drivers/fpga/zynq-fpga.c | 10 +- drivers/gpio/gpio-mlxbf2.c | 2 +- drivers/gpio/gpio-mlxbf3.c | 52 +-- drivers/gpio/gpio-tps65912.c | 7 +- drivers/gpio/gpio-virtio.c | 9 +- drivers/gpio/gpio-wcd934x.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6 +- drivers/gpu/drm/amd/amdgpu/mmhub_v3_0_1.c | 57 ++-- drivers/gpu/drm/amd/amdkfd/kfd_module.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 6 +- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 9 + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 6 +- .../gpu/drm/amd/display/dc/bios/command_table.c | 2 +- drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 1 - .../amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 2 - .../amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 ++- .../amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 +- drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 +- drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 + drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 +-- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c | 4 +- drivers/gpu/drm/i915/intel_runtime_pm.c | 5 +- drivers/gpu/drm/msm/msm_gem.c | 3 +- drivers/gpu/drm/msm/msm_gem.h | 6 + drivers/gpu/drm/nouveau/nvif/vmm.c | 3 +- drivers/gpu/drm/renesas/rcar-du/rzg2l_mipi_dsi.c | 3 + drivers/gpu/drm/ttm/ttm_pool.c | 8 +- drivers/gpu/drm/ttm/ttm_resource.c | 3 + drivers/hid/hid-apple.c | 13 +- drivers/hid/hid-magicmouse.c | 56 ++-- drivers/hwmon/emc2305.c | 10 +- drivers/hwmon/gsc-hwmon.c | 4 +- drivers/i2c/i2c-core-acpi.c | 1 + drivers/i3c/internals.h | 1 + drivers/i3c/master.c | 4 +- drivers/idle/intel_idle.c | 2 +- drivers/iio/adc/ad7768-1.c | 23 +- drivers/iio/adc/ad_sigma_delta.c | 6 +- drivers/iio/imu/bno055/bno055.c | 11 +- drivers/iio/imu/inv_icm42600/inv_icm42600.h | 8 +- drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 33 +- drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c | 22 +- drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h | 10 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 6 +- drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 43 ++- drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 12 +- drivers/iio/light/as73211.c | 2 +- drivers/iio/pressure/bmp280-core.c | 9 +- drivers/iio/proximity/isl29501.c | 14 +- drivers/iio/temperature/maxim_thermocouple.c | 26 +- drivers/infiniband/core/nldev.c | 22 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 30 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 - drivers/infiniband/hw/bnxt_re/qplib_res.c | 2 + drivers/infiniband/hw/erdma/erdma_verbs.c | 4 +- drivers/infiniband/hw/hfi1/affinity.c | 44 +-- drivers/infiniband/sw/siw/siw_qp_tx.c | 5 +- drivers/iommu/amd/init.c | 4 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 + drivers/iommu/iommufd/io_pagetable.c | 48 ++- drivers/leds/flash/leds-qcom-flash.c | 178 +++++++++- drivers/leds/leds-lp50xx.c | 11 +- drivers/leds/trigger/ledtrig-netdev.c | 16 +- drivers/md/dm-ps-historical-service-time.c | 4 +- drivers/md/dm-ps-queue-length.c | 4 +- drivers/md/dm-ps-round-robin.c | 4 +- drivers/md/dm-ps-service-time.c | 4 +- drivers/md/dm-table.c | 10 +- drivers/md/dm-zoned-target.c | 2 +- drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3 +- drivers/media/dvb-frontends/dib7000p.c | 8 + drivers/media/i2c/ccs/ccs-core.c | 2 +- drivers/media/i2c/hi556.c | 26 +- drivers/media/i2c/ov2659.c | 3 +- drivers/media/i2c/tc358743.c | 86 +++-- drivers/media/pci/intel/ivsc/mei_ace.c | 2 + drivers/media/pci/intel/ivsc/mei_csi.c | 2 + drivers/media/platform/qcom/camss/camss.c | 4 +- drivers/media/platform/qcom/venus/core.c | 8 +- drivers/media/platform/qcom/venus/core.h | 2 + drivers/media/platform/qcom/venus/hfi_msgs.c | 83 +++-- drivers/media/platform/qcom/venus/hfi_venus.c | 5 + drivers/media/platform/qcom/venus/vdec.c | 5 +- drivers/media/platform/qcom/venus/venc.c | 5 +- .../media/platform/verisilicon/rockchip_vpu_hw.c | 9 - drivers/media/test-drivers/vivid/vivid-ctrls.c | 3 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 4 +- drivers/media/usb/gspca/vicam.c | 10 +- drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 + drivers/media/usb/usbtv/usbtv-video.c | 4 + drivers/media/usb/uvc/uvc_driver.c | 3 + drivers/media/usb/uvc/uvc_video.c | 21 +- drivers/media/v4l2-core/v4l2-common.c | 8 +- drivers/media/v4l2-core/v4l2-ctrls-core.c | 1 - drivers/memstick/core/memstick.c | 1 - drivers/memstick/host/rtsx_usb_ms.c | 1 + drivers/mfd/axp20x.c | 3 +- drivers/misc/cardreader/rtsx_usb.c | 16 +- drivers/misc/mei/bus.c | 6 + drivers/mmc/host/rtsx_usb_sdmmc.c | 4 +- drivers/mmc/host/sdhci-msm.c | 14 + drivers/mmc/host/sdhci-pci-gli.c | 35 +- drivers/most/core.c | 2 +- drivers/mtd/nand/raw/fsmc_nand.c | 2 + drivers/mtd/nand/raw/renesas-nand-controller.c | 6 + drivers/mtd/nand/spi/core.c | 5 +- drivers/mtd/spi-nor/swp.c | 19 +- drivers/net/bonding/bond_3ad.c | 224 +++++++++++-- drivers/net/bonding/bond_main.c | 1 + drivers/net/bonding/bond_netlink.c | 16 + drivers/net/bonding/bond_options.c | 29 +- drivers/net/dsa/b53/b53_common.c | 63 +++- drivers/net/dsa/b53/b53_regs.h | 2 + drivers/net/ethernet/agere/et131x.c | 36 ++ drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2 + .../aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 +++ drivers/net/ethernet/atheros/ag71xx.c | 9 + drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +- drivers/net/ethernet/emulex/benet/be_main.c | 8 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 - drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 +- drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14 +- drivers/net/ethernet/freescale/fec_main.c | 34 +- drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 +- drivers/net/ethernet/google/gve/gve_adminq.c | 1 + drivers/net/ethernet/google/gve/gve_main.c | 2 + drivers/net/ethernet/intel/igc/igc_main.c | 14 +- drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4 +- .../net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c | 4 +- drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 2 + drivers/net/ethernet/mediatek/mtk_wed.c | 1 - .../ethernet/mellanox/mlx5/core/en/port_buffer.c | 18 +- drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2 +- .../ethernet/mellanox/mlx5/core/esw/devlink_port.c | 4 +- drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2 + drivers/net/ethernet/mellanox/mlxsw/trap.h | 1 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 7 +- drivers/net/ethernet/ti/icssg/icss_iep.c | 26 +- drivers/net/hyperv/hyperv_net.h | 3 + drivers/net/hyperv/netvsc_drv.c | 29 +- drivers/net/ipa/ipa_smp2p.c | 2 +- drivers/net/phy/micrel.c | 12 +- drivers/net/phy/mscc/mscc.h | 12 + drivers/net/phy/mscc/mscc_main.c | 12 + drivers/net/phy/mscc/mscc_ptp.c | 49 ++- drivers/net/phy/smsc.c | 1 + drivers/net/ppp/ppp_generic.c | 17 +- drivers/net/thunderbolt/main.c | 21 +- drivers/net/usb/asix_devices.c | 1 + drivers/net/usb/cdc_ncm.c | 20 +- drivers/net/wireless/ath/ath11k/ce.c | 3 - drivers/net/wireless/ath/ath11k/dp_rx.c | 3 - drivers/net/wireless/ath/ath11k/hal.c | 33 +- drivers/net/wireless/ath/ath12k/ce.c | 3 - drivers/net/wireless/ath/ath12k/dp.c | 3 +- drivers/net/wireless/ath/ath12k/hal.c | 38 ++- drivers/net/wireless/ath/ath12k/hw.c | 2 +- drivers/net/wireless/ath/ath12k/wmi.c | 5 + .../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 +- drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 +- drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 +- drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 25 +- drivers/net/wireless/realtek/rtlwifi/pci.c | 23 +- drivers/net/wireless/realtek/rtw89/core.c | 3 + drivers/net/wireless/realtek/rtw89/fw.c | 9 +- drivers/net/wireless/realtek/rtw89/fw.h | 2 + drivers/net/wireless/realtek/rtw89/mac.c | 19 ++ drivers/net/wireless/realtek/rtw89/reg.h | 1 + drivers/net/xen-netfront.c | 5 - drivers/nvme/host/pci.c | 24 +- drivers/pci/controller/dwc/pci-imx6.c | 7 +- drivers/pci/controller/pcie-rockchip-host.c | 49 +-- drivers/pci/controller/pcie-rockchip.h | 11 +- drivers/pci/endpoint/pci-ep-cfs.c | 1 + drivers/pci/endpoint/pci-epf-core.c | 2 +- drivers/pci/pci-acpi.c | 4 +- drivers/pci/pci.c | 10 +- drivers/pci/probe.c | 2 +- drivers/perf/cxl_pmu.c | 2 +- drivers/phy/qualcomm/phy-qcom-m31.c | 14 +- drivers/phy/rockchip/phy-rockchip-pcie.c | 3 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 1 + drivers/platform/chrome/cros_ec.c | 3 + drivers/platform/chrome/cros_ec_typec.c | 4 +- drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 + drivers/platform/x86/thinkpad_acpi.c | 4 +- drivers/pmdomain/imx/imx8m-blk-ctrl.c | 10 + drivers/power/supply/qcom_battmgr.c | 2 + drivers/pps/clients/pps-gpio.c | 5 +- drivers/ptp/ptp_clock.c | 2 +- drivers/ptp/ptp_private.h | 5 + drivers/ptp/ptp_vclock.c | 7 + drivers/pwm/pwm-imx-tpm.c | 9 + drivers/pwm/pwm-mediatek.c | 71 ++-- drivers/remoteproc/imx_rproc.c | 4 +- drivers/reset/Kconfig | 10 +- drivers/rtc/rtc-ds1307.c | 15 +- drivers/s390/char/sclp.c | 11 +- drivers/scsi/aacraid/comminit.c | 3 +- drivers/scsi/bfa/bfad_im.c | 1 + drivers/scsi/libiscsi.c | 3 +- drivers/scsi/lpfc/lpfc_debugfs.c | 1 - drivers/scsi/lpfc/lpfc_scsi.c | 4 + drivers/scsi/mpi3mr/mpi3mr.h | 6 +- drivers/scsi/mpi3mr/mpi3mr_fw.c | 17 +- drivers/scsi/mpi3mr/mpi3mr_os.c | 22 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 ++ drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/scsi_scan.c | 2 +- drivers/scsi/scsi_transport_sas.c | 62 +++- drivers/soc/qcom/mdt_loader.c | 53 ++- drivers/soc/qcom/rpmh-rsc.c | 2 +- drivers/soc/tegra/pmc.c | 51 +-- drivers/soundwire/amd_manager.c | 6 +- drivers/soundwire/bus.c | 6 +- drivers/spi/spi-fsl-lpspi.c | 8 +- drivers/staging/media/imx/imx-media-csc-scaler.c | 2 +- drivers/target/target_core_fabric_lib.c | 65 +++- drivers/target/target_core_internal.h | 4 +- drivers/target/target_core_pr.c | 18 +- drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 ++- drivers/thermal/thermal_sysfs.c | 9 +- drivers/thunderbolt/domain.c | 2 +- drivers/tty/serial/8250/8250_port.c | 3 +- drivers/tty/vt/defkeymap.c_shipped | 112 +++++++ drivers/tty/vt/keyboard.c | 2 +- drivers/ufs/core/ufshcd-priv.h | 2 +- drivers/ufs/host/ufs-exynos.c | 4 +- drivers/ufs/host/ufshcd-pci.c | 42 ++- drivers/usb/atm/cxacru.c | 172 +++++----- drivers/usb/class/cdc-acm.c | 11 +- drivers/usb/core/config.c | 10 +- drivers/usb/core/hcd.c | 8 +- drivers/usb/core/quirks.c | 1 + drivers/usb/core/urb.c | 2 +- drivers/usb/dwc3/dwc3-imx8mp.c | 6 +- drivers/usb/dwc3/dwc3-meson-g12a.c | 3 + drivers/usb/dwc3/dwc3-pci.c | 2 + drivers/usb/dwc3/ep0.c | 20 +- drivers/usb/dwc3/gadget.c | 19 +- drivers/usb/gadget/udc/renesas_usb3.c | 1 + drivers/usb/host/xhci-hub.c | 3 +- drivers/usb/host/xhci-mem.c | 24 +- drivers/usb/host/xhci-pci-renesas.c | 7 +- drivers/usb/host/xhci-ring.c | 19 +- drivers/usb/host/xhci.c | 27 +- drivers/usb/host/xhci.h | 3 +- drivers/usb/musb/omap2430.c | 14 +- drivers/usb/storage/realtek_cr.c | 2 +- drivers/usb/storage/unusual_devs.h | 29 ++ drivers/usb/typec/mux/intel_pmc_mux.c | 2 +- drivers/usb/typec/tcpm/fusb302.c | 8 + drivers/usb/typec/tcpm/maxim_contaminant.c | 54 +++ drivers/usb/typec/tcpm/tcpci_maxim.h | 1 + drivers/usb/typec/ucsi/psy.c | 2 +- drivers/usb/typec/ucsi/ucsi.c | 1 + drivers/usb/typec/ucsi/ucsi.h | 7 +- drivers/vfio/pci/mlx5/cmd.c | 4 +- drivers/vfio/vfio_iommu_type1.c | 7 + drivers/vhost/vhost.c | 3 + drivers/vhost/vsock.c | 6 +- drivers/video/console/vgacon.c | 2 +- drivers/video/fbdev/core/fbcon.c | 9 +- drivers/video/fbdev/core/fbmem.c | 3 + drivers/virt/coco/efi_secret/efi_secret.c | 10 +- drivers/watchdog/dw_wdt.c | 2 + drivers/watchdog/iTCO_wdt.c | 6 +- drivers/watchdog/sbsa_gwdt.c | 50 ++- fs/btrfs/backref.c | 6 +- fs/btrfs/block-group.c | 61 ++-- fs/btrfs/block-group.h | 11 +- fs/btrfs/block-rsv.c | 2 +- fs/btrfs/block-rsv.h | 2 +- fs/btrfs/btrfs_inode.h | 3 +- fs/btrfs/ctree.c | 24 +- fs/btrfs/ctree.h | 6 +- fs/btrfs/delayed-inode.c | 12 +- fs/btrfs/discard.c | 4 +- fs/btrfs/extent-tree.c | 33 +- fs/btrfs/file-item.c | 4 +- fs/btrfs/file-item.h | 2 +- fs/btrfs/free-space-tree.c | 17 +- fs/btrfs/inode-item.c | 10 +- fs/btrfs/inode-item.h | 4 +- fs/btrfs/inode.c | 26 +- fs/btrfs/qgroup.c | 31 +- fs/btrfs/relocation.c | 19 ++ fs/btrfs/send.c | 361 ++++++++++++--------- fs/btrfs/space-info.c | 17 +- fs/btrfs/space-info.h | 6 +- fs/btrfs/tree-log.c | 72 ++-- fs/btrfs/tree-mod-log.c | 14 +- fs/btrfs/tree-mod-log.h | 6 +- fs/btrfs/zoned.c | 20 +- fs/btrfs/zoned.h | 4 +- fs/buffer.c | 2 +- fs/crypto/fscrypt_private.h | 16 + fs/crypto/hkdf.c | 2 +- fs/crypto/keysetup.c | 3 +- fs/crypto/keysetup_v1.c | 3 +- fs/eventpoll.c | 60 +++- fs/exfat/dir.c | 12 + fs/exfat/fatent.c | 10 + fs/exfat/namei.c | 5 + fs/exfat/super.c | 32 +- fs/ext2/inode.c | 12 +- fs/ext4/fsmap.c | 23 +- fs/ext4/indirect.c | 4 +- fs/ext4/inline.c | 19 +- fs/ext4/inode.c | 2 +- fs/ext4/mballoc.c | 69 ++-- fs/ext4/orphan.c | 5 +- fs/ext4/super.c | 8 +- fs/f2fs/file.c | 24 +- fs/f2fs/node.c | 10 + fs/file.c | 15 + fs/gfs2/meta_io.c | 2 + fs/hfs/bfind.c | 3 + fs/hfs/bnode.c | 93 ++++++ fs/hfs/btree.c | 57 +++- fs/hfs/extent.c | 2 +- fs/hfs/hfs_fs.h | 1 + fs/hfsplus/bnode.c | 92 ++++++ fs/hfsplus/unicode.c | 7 + fs/hfsplus/xattr.c | 6 +- fs/hugetlbfs/inode.c | 2 +- fs/jbd2/checkpoint.c | 1 + fs/jfs/file.c | 3 + fs/jfs/inode.c | 2 +- fs/jfs/jfs_dmap.c | 6 + fs/libfs.c | 4 +- fs/namespace.c | 34 +- fs/nfs/blocklayout/blocklayout.c | 4 +- fs/nfs/blocklayout/dev.c | 5 +- fs/nfs/blocklayout/extent_tree.c | 20 +- fs/nfs/client.c | 44 ++- fs/nfs/internal.h | 2 +- fs/nfs/nfs4client.c | 20 +- fs/nfs/nfs4proc.c | 2 +- fs/nfs/pnfs.c | 11 +- fs/nfsd/nfs4state.c | 34 +- fs/ntfs3/dir.c | 3 + fs/ntfs3/inode.c | 31 +- fs/orangefs/orangefs-debugfs.c | 2 +- fs/smb/client/cifssmb.c | 10 + fs/smb/client/connect.c | 10 +- fs/smb/client/sess.c | 9 + fs/smb/client/smb2ops.c | 11 +- fs/smb/client/smbdirect.c | 24 +- fs/smb/server/connection.c | 3 +- fs/smb/server/connection.h | 7 +- fs/smb/server/oplock.c | 13 +- fs/smb/server/smb2pdu.c | 16 +- fs/smb/server/transport_rdma.c | 5 +- fs/smb/server/transport_rdma.h | 4 +- fs/smb/server/transport_tcp.c | 26 +- fs/squashfs/super.c | 14 +- fs/tracefs/inode.c | 11 + fs/udf/super.c | 13 +- fs/xfs/xfs_itable.c | 6 +- include/linux/arch_topology.h | 8 + include/linux/blk_types.h | 6 +- include/linux/compiler.h | 8 - include/linux/cpufreq.h | 1 + include/linux/energy_model.h | 6 +- include/linux/fs.h | 4 +- include/linux/hypervisor.h | 3 + include/linux/if_vlan.h | 21 +- include/linux/iosys-map.h | 7 +- include/linux/memfd.h | 14 + include/linux/mm.h | 76 +++-- include/linux/pci.h | 10 +- include/linux/pm_runtime.h | 18 +- include/linux/sched/topology.h | 8 + include/linux/skbuff.h | 8 +- include/linux/usb/cdc_ncm.h | 1 + include/linux/virtio_vsock.h | 7 +- include/net/bond_3ad.h | 3 + include/net/bond_options.h | 1 + include/net/bonding.h | 23 ++ include/net/cfg80211.h | 2 +- include/net/mac80211.h | 2 + include/net/neighbour.h | 1 + include/net/net_namespace.h | 16 + include/net/sock.h | 1 + include/trace/events/btrfs.h | 6 +- include/trace/events/thp.h | 2 + include/uapi/linux/if_link.h | 1 + include/uapi/linux/in6.h | 4 +- include/uapi/linux/io_uring.h | 2 +- include/uapi/linux/pfrut.h | 1 + io_uring/net.c | 19 +- kernel/bpf/verifier.c | 3 +- kernel/cgroup/cpuset.c | 2 +- kernel/fork.c | 2 +- kernel/module/main.c | 10 +- kernel/power/console.c | 7 +- kernel/rcu/tree.c | 2 + kernel/rcu/tree.h | 14 +- kernel/rcu/tree_plugin.h | 44 ++- kernel/sched/cpufreq_schedutil.c | 30 +- kernel/sched/fair.c | 19 +- kernel/trace/ftrace.c | 19 +- kernel/trace/trace.c | 33 +- kernel/trace/trace.h | 10 +- mm/debug_vm_pgtable.c | 9 +- mm/filemap.c | 2 +- mm/kmemleak.c | 10 +- mm/madvise.c | 2 +- mm/memfd.c | 2 +- mm/memory-failure.c | 8 + mm/mmap.c | 12 +- mm/ptdump.c | 2 + mm/shmem.c | 2 +- net/bluetooth/hci_conn.c | 3 +- net/bluetooth/hci_event.c | 8 +- net/bluetooth/hci_sock.c | 2 +- net/bridge/br_multicast.c | 16 + net/bridge/br_private.h | 2 + net/core/dev.c | 12 + net/core/neighbour.c | 12 +- net/core/net_namespace.c | 8 +- net/core/sock.c | 27 +- net/hsr/hsr_slave.c | 8 +- net/ipv4/netfilter/nf_reject_ipv4.c | 6 +- net/ipv4/route.c | 1 - net/ipv4/udp_offload.c | 2 +- net/ipv6/addrconf.c | 7 +- net/ipv6/mcast.c | 11 +- net/ipv6/netfilter/nf_reject_ipv6.c | 5 +- net/ipv6/seg6_hmac.c | 6 +- net/mac80211/cfg.c | 12 +- net/mac80211/chan.c | 1 + net/mac80211/mlme.c | 9 +- net/mac80211/rx.c | 12 +- net/mctp/af_mctp.c | 28 +- net/mptcp/options.c | 6 +- net/mptcp/pm_netlink.c | 19 +- net/mptcp/subflow.c | 5 +- net/ncsi/internal.h | 2 +- net/ncsi/ncsi-rsp.c | 1 + net/netfilter/nf_conntrack_netlink.c | 24 +- net/netlink/af_netlink.c | 12 +- net/rds/tcp.c | 8 +- net/sched/sch_cake.c | 14 +- net/sched/sch_ets.c | 36 +- net/sched/sch_htb.c | 2 +- net/sctp/input.c | 2 +- net/smc/af_smc.c | 8 +- net/sunrpc/svcsock.c | 5 +- net/sunrpc/xprtsock.c | 8 +- net/tls/tls.h | 2 +- net/tls/tls_strp.c | 11 +- net/tls/tls_sw.c | 10 +- net/vmw_vsock/virtio_transport.c | 14 +- net/wireless/mlme.c | 3 +- net/xfrm/xfrm_state.c | 74 +++-- scripts/kconfig/gconf.c | 8 +- scripts/kconfig/lxdialog/inputbox.c | 6 +- scripts/kconfig/lxdialog/menubox.c | 2 +- scripts/kconfig/nconf.c | 2 + scripts/kconfig/nconf.gui.c | 1 + security/apparmor/file.c | 6 +- security/apparmor/include/lib.h | 6 +- security/inode.c | 2 - sound/core/pcm_native.c | 19 +- sound/hda/hdac_device.c | 2 +- sound/pci/hda/hda_codec.c | 44 +-- sound/pci/hda/patch_ca0132.c | 2 +- sound/pci/hda/patch_realtek.c | 4 + sound/pci/intel8x0.c | 2 +- sound/soc/codecs/hdac_hdmi.c | 10 +- sound/soc/codecs/rt5640.c | 5 + sound/soc/fsl/fsl_sai.c | 20 +- sound/soc/intel/avs/core.c | 3 +- sound/soc/qcom/lpass-platform.c | 27 +- sound/soc/soc-core.c | 3 + sound/soc/soc-dapm.c | 4 + sound/usb/mixer_quirks.c | 14 +- sound/usb/stream.c | 25 +- sound/usb/validate.c | 14 +- tools/bpf/bpftool/main.c | 6 +- tools/include/nolibc/std.h | 4 +- tools/include/nolibc/types.h | 4 +- tools/include/uapi/linux/if_link.h | 1 + .../cpupower/utils/idle_monitor/mperf_monitor.c | 4 +- tools/scripts/Makefile.include | 4 +- tools/testing/ktest/ktest.pl | 5 +- tools/testing/selftests/arm64/fp/sve-ptrace.c | 3 +- .../selftests/bpf/prog_tests/user_ringbuf.c | 10 +- .../testing/selftests/bpf/progs/verifier_unpriv.c | 2 +- .../ftrace/test.d/ftrace/func-filter-glob.tc | 2 +- tools/testing/selftests/futex/include/futextest.h | 11 + tools/testing/selftests/memfd/memfd_test.c | 43 +++ tools/testing/selftests/net/mptcp/pm_netlink.sh | 1 + 612 files changed, 6034 insertions(+), 2714 deletions(-)

2 weeks, 5 days

12
602
0 0

Mate dar vo vyske dva miliony patsto tisic euro

by Dr Leonard Valentinovic Blavatnik.

2 weeks, 5 days

1
0
0 0

[PATCH v2 3/4] cxl, acpi/hmat: Update CXL access coordinates directly instead of through HMAT

by Dave Jiang

The current implementation of CXL memory hotplug notifier gets called before the HMAT memory hotplug notifier. The CXL driver calculates the access coordinates (bandwidth and latency values) for the CXL end to end path (i.e. CPU to endpoint). When the CXL region is onlined, the CXL memory hotplug notifier writes the access coordinates to the HMAT target structs. Then the HMAT memory hotplug notifier is called and it creates the access coordinates for the node sysfs attributes. During testing on an Intel platform, it was found that although the newly calculated coordinates were pushed to sysfs, the sysfs attributes for the access coordinates showed up with the wrong initiator. The system has 4 nodes (0, 1, 2, 3) where node 0 and 1 are CPU nodes and node 2 and 3 are CXL nodes. The expectation is that node 2 would show up as a target to node 0: /sys/devices/system/node/node2/access0/initiators/node0 However it was observed that node 2 showed up as a target under node 1: /sys/devices/system/node/node2/access0/initiators/node1 The original intent of the 'ext_updated' flag in HMAT handling code was to stop HMAT memory hotplug callback from clobbering the access coordinates after CXL has injected its calculated coordinates and replaced the generic target access coordinates provided by the HMAT table in the HMAT target structs. However the flag is hacky at best and blocks the updates from other CXL regions that are onlined in the same node later on. Remove the 'ext_updated' flag usage and just update the access coordinates for the nodes directly without touching HMAT target data. The hotplug memory callback ordering is changed. Instead of changing CXL, move HMAT back so there's room for the levels rather than have CXL share the same level as SLAB_CALLBACK_PRI. The change will resulting in the CXL callback to be executed after the HMAT callback. With the change, the CXL hotplug memory notifier runs after the HMAT callback. The HMAT callback will create the node sysfs attributes for access coordinates. The CXL callback will write the access coordinates to the now created node sysfs attributes directly and will not pollute the HMAT target values. Fixes: 067353a46d8c ("cxl/region: Add memory hotplug notifier for cxl region") Cc: stable(a)vger.kernel.org Tested-by: Marc Herbert <marc.herbert(a)linux.intel.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Signed-off-by: Dave Jiang <dave.jiang(a)intel.com> --- v2: - Add description to what was observed for the issue. (Dan) - Use the correct Fixes tag. (Dan) - Add Cc to stable. (Dan) - Add support to only update on first region appearance. (Jonathan) --- drivers/acpi/numa/hmat.c | 6 ------ drivers/cxl/core/cdat.c | 5 ----- drivers/cxl/core/core.h | 1 - drivers/cxl/core/region.c | 21 +++++++++++++-------- include/linux/memory.h | 2 +- 5 files changed, 14 insertions(+), 21 deletions(-) diff --git a/drivers/acpi/numa/hmat.c b/drivers/acpi/numa/hmat.c index 4958301f5417..5d32490dc4ab 100644 --- a/drivers/acpi/numa/hmat.c +++ b/drivers/acpi/numa/hmat.c @@ -74,7 +74,6 @@ struct memory_target { struct node_cache_attrs cache_attrs; u8 gen_port_device_handle[ACPI_SRAT_DEVICE_HANDLE_SIZE]; bool registered; - bool ext_updated; /* externally updated */ }; struct memory_initiator { @@ -391,7 +390,6 @@ int hmat_update_target_coordinates(int nid, struct access_coordinate *coord, coord->read_bandwidth, access); hmat_update_target_access(target, ACPI_HMAT_WRITE_BANDWIDTH, coord->write_bandwidth, access); - target->ext_updated = true; return 0; } @@ -773,10 +771,6 @@ static void hmat_update_target_attrs(struct memory_target *target, u32 best = 0; int i; - /* Don't update if an external agent has changed the data. */ - if (target->ext_updated) - return; - /* Don't update for generic port if there's no device handle */ if ((access == NODE_ACCESS_CLASS_GENPORT_SINK_LOCAL || access == NODE_ACCESS_CLASS_GENPORT_SINK_CPU) && diff --git a/drivers/cxl/core/cdat.c b/drivers/cxl/core/cdat.c index c0af645425f4..c891fd618cfd 100644 --- a/drivers/cxl/core/cdat.c +++ b/drivers/cxl/core/cdat.c @@ -1081,8 +1081,3 @@ int cxl_update_hmat_access_coordinates(int nid, struct cxl_region *cxlr, { return hmat_update_target_coordinates(nid, &cxlr->coord[access], access); } - -bool cxl_need_node_perf_attrs_update(int nid) -{ - return !acpi_node_backed_by_real_pxm(nid); -} diff --git a/drivers/cxl/core/core.h b/drivers/cxl/core/core.h index 2669f251d677..a253d308f3c9 100644 --- a/drivers/cxl/core/core.h +++ b/drivers/cxl/core/core.h @@ -139,7 +139,6 @@ long cxl_pci_get_latency(struct pci_dev *pdev); int cxl_pci_get_bandwidth(struct pci_dev *pdev, struct access_coordinate *c); int cxl_update_hmat_access_coordinates(int nid, struct cxl_region *cxlr, enum access_coordinate_class access); -bool cxl_need_node_perf_attrs_update(int nid); int cxl_port_get_switch_dport_bandwidth(struct cxl_port *port, struct access_coordinate *c); diff --git a/drivers/cxl/core/region.c b/drivers/cxl/core/region.c index 71cc42d05248..371873fc43eb 100644 --- a/drivers/cxl/core/region.c +++ b/drivers/cxl/core/region.c @@ -9,6 +9,7 @@ #include <linux/uuid.h> #include <linux/sort.h> #include <linux/idr.h> +#include <linux/xarray.h> #include <linux/memory-tiers.h> #include <cxlmem.h> #include <cxl.h> @@ -30,6 +31,9 @@ * 3. Decoder targets */ +/* xarray that stores the reference count per node for regions */ +static DEFINE_XARRAY(node_regions_xa); + static struct cxl_region *to_cxl_region(struct device *dev); #define __ACCESS_ATTR_RO(_level, _name) { \ @@ -2442,14 +2446,8 @@ static bool cxl_region_update_coordinates(struct cxl_region *cxlr, int nid) for (int i = 0; i < ACCESS_COORDINATE_MAX; i++) { if (cxlr->coord[i].read_bandwidth) { - rc = 0; - if (cxl_need_node_perf_attrs_update(nid)) - node_set_perf_attrs(nid, &cxlr->coord[i], i); - else - rc = cxl_update_hmat_access_coordinates(nid, cxlr, i); - - if (rc == 0) - cset++; + node_update_perf_attrs(nid, &cxlr->coord[i], i); + cset++; } } @@ -2475,6 +2473,7 @@ static int cxl_region_perf_attrs_callback(struct notifier_block *nb, struct node_notify *nn = arg; int nid = nn->nid; int region_nid; + int rc; if (action != NODE_ADDED_FIRST_MEMORY) return NOTIFY_DONE; @@ -2487,6 +2486,11 @@ static int cxl_region_perf_attrs_callback(struct notifier_block *nb, if (nid != region_nid) return NOTIFY_DONE; + /* No action needed if there's existing entry */ + rc = xa_insert(&node_regions_xa, nid, NULL, GFP_KERNEL); + if (rc < 0) + return NOTIFY_DONE; + if (!cxl_region_update_coordinates(cxlr, nid)) return NOTIFY_DONE; @@ -3638,6 +3642,7 @@ int cxl_region_init(void) void cxl_region_exit(void) { + xa_destroy(&node_regions_xa); cxl_driver_unregister(&cxl_region_driver); } diff --git a/include/linux/memory.h b/include/linux/memory.h index de5c0d8e8925..684fd641f2f0 100644 --- a/include/linux/memory.h +++ b/include/linux/memory.h @@ -120,8 +120,8 @@ struct mem_section; */ #define DEFAULT_CALLBACK_PRI 0 #define SLAB_CALLBACK_PRI 1 -#define HMAT_CALLBACK_PRI 2 #define CXL_CALLBACK_PRI 5 +#define HMAT_CALLBACK_PRI 6 #define MM_COMPUTE_BATCH_PRI 10 #define CPUSET_CALLBACK_PRI 10 #define MEMTIER_HOTPLUG_PRI 100 -- 2.50.1

2 weeks, 5 days

2
1
0 0

Re: [PATCH] interconnect: qcom: icc-rpm: Set the count member before accessing the flex array

by Dan Carpenter

Hi Greg, Could you pick up this commit for 6.12 and 6.6: 00a973e093e9 ("interconnect: qcom: icc-rpm: Set the count member before accessing the flex array") It just silences a UBSan warning so it doesn't affect regular users, but it helps in testing to silence those warnings. It is a clean cherry-pick. regards, dan carpenter On Wed, Dec 04, 2024 at 12:33:34AM +0200, djakov(a)kernel.org wrote: > From: Georgi Djakov <djakov(a)kernel.org> > > The following UBSAN error is reported during boot on the db410c board on > a clang-19 build: > > Internal error: UBSAN: array index out of bounds: 00000000f2005512 [#1] PREEMPT SMP > ... > pc : qnoc_probe+0x5f8/0x5fc > ... > > The cause of the error is that the counter member was not set before > accessing the annotated flexible array member, but after that. Fix this > by initializing it earlier. > > Reported-by: Linux Kernel Functional Testing <lkft(a)linaro.org> > Closes: https://lore.kernel.org/r/CA+G9fYs+2mBz1y2dAzxkj9-oiBJ2Acm1Sf1h2YQ3VmBqj_VX… > Fixes: dd4904f3b924 ("interconnect: qcom: Annotate struct icc_onecell_data with __counted_by") > Signed-off-by: Georgi Djakov <djakov(a)kernel.org> > --- > drivers/interconnect/qcom/icc-rpm.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/interconnect/qcom/icc-rpm.c b/drivers/interconnect/qcom/icc-rpm.c > index a8ed435f696c..ea1042d38128 100644 > --- a/drivers/interconnect/qcom/icc-rpm.c > +++ b/drivers/interconnect/qcom/icc-rpm.c > @@ -503,6 +503,7 @@ int qnoc_probe(struct platform_device *pdev) > GFP_KERNEL); > if (!data) > return -ENOMEM; > + data->num_nodes = num_nodes; > > qp->num_intf_clks = cd_num; > for (i = 0; i < cd_num; i++) > @@ -597,7 +598,6 @@ int qnoc_probe(struct platform_device *pdev) > > data->nodes[i] = node; > } > - data->num_nodes = num_nodes; > > clk_bulk_disable_unprepare(qp->num_intf_clks, qp->intf_clks); >

2 weeks, 5 days

1
0
0 0

ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list

by Werner Sembach

Commit ID: 9cd51eefae3c871440b93c03716c5398f41bdf78 Why it should be applied: This is a small addition to a quirk list for which I forgot to set cc: stable when originally submitted it. Bringing it onto stable will result in several downstream distributions automatically adopting the patch, helping the affected device. What kernel versions I wish it to be applied to: It should apply cleanly to 6.1.y and newer longterm releases. I hope I correctly followed https://docs.kernel.org/process/stable-kernel-rules.html#option-2 to bring this into stable.

2 weeks, 5 days

2
1
0 0

After Hours? Dr. Sam Lavi Cosmetic And Implant Dentistry

by Mohanish Ved

Hi Dr. Sam Lavi Cosmetic And Implant Dentistry , Quick question: what happens when a patient calls after hours about implants? Studies show 35–40% of dental calls go unanswered. Every unanswered call = one implant patient choosing another practice. We built an AI voice agent that answers every call, educates patients, and books consultations 24/7. Want me to send you a 30-sec demo recording so you can hear it in action? Just reply 'Yes' and I’ll send it right away. — Best regards, Mohanish Ved AI Growth Specialist EditRage Solutions

2 weeks, 5 days

1
0
0 0

Re: Bug report - Sticky keys acting not sticky sometimes

by Alerymin

Note: The issue looks like it's from tty directly but I don't see who is the maintainer, so I email the closest I can get Description: In command line, sticky keys reset only when typing ASCII and ISO-8859-1 characters. Tested with the QWERTY Lafayette layout: https://codeberg.org/Alerymin/kbd-qwerty-lafayette Observed Behaviour: When the layout is loaded in ISO-8859-15, most characters typed don't reset the sticky key, unless it's basic ASCII characters or Unicode When the layout is loaded in ISO-8859-1, the sticky key works fine. Expected behaviour: Sticky key working in ISO-8859-1 and ISO-8859-15 System used: Arch Linux, kernel 6.16.3-arch1-1

2 weeks, 5 days

2
3
0 0

[PATCH 3/3] drm/xe: Block exec and rebind worker while evicting for suspend / hibernate

by Thomas Hellström

When the xe pm_notifier evicts for suspend / hibernate, there might be racing tasks trying to re-validate again. This can lead to suspend taking excessive time or get stuck in a live-lock. This behaviour becomes much worse with the fix that actually makes re-validation bring back bos to VRAM rather than letting them remain in TT. Prevent that by having exec and the rebind worker waiting for a completion that is set to block by the pm_notifier before suspend and is signaled by the pm_notifier after resume / wakeup. It's probably still possible to craft malicious applications that block suspending. More work is pending to fix that. Link: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/4288 Fixes: c6a4d46ec1d7 ("drm/xe: evict user memory in PM notifier") Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Rodrigo Vivi <rodrigo.vivi(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.16+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_device_types.h | 2 ++ drivers/gpu/drm/xe/xe_exec.c | 9 +++++++++ drivers/gpu/drm/xe/xe_pm.c | 4 ++++ drivers/gpu/drm/xe/xe_vm.c | 14 ++++++++++++++ 4 files changed, 29 insertions(+) diff --git a/drivers/gpu/drm/xe/xe_device_types.h b/drivers/gpu/drm/xe/xe_device_types.h index 092004d14db2..6602bd678cbc 100644 --- a/drivers/gpu/drm/xe/xe_device_types.h +++ b/drivers/gpu/drm/xe/xe_device_types.h @@ -507,6 +507,8 @@ struct xe_device { /** @pm_notifier: Our PM notifier to perform actions in response to various PM events. */ struct notifier_block pm_notifier; + /** @pm_block: Completion to block validating tasks on suspend / hibernate prepare */ + struct completion pm_block; /** @pmt: Support the PMT driver callback interface */ struct { diff --git a/drivers/gpu/drm/xe/xe_exec.c b/drivers/gpu/drm/xe/xe_exec.c index 44364c042ad7..374c831e691b 100644 --- a/drivers/gpu/drm/xe/xe_exec.c +++ b/drivers/gpu/drm/xe/xe_exec.c @@ -237,6 +237,15 @@ int xe_exec_ioctl(struct drm_device *dev, void *data, struct drm_file *file) goto err_unlock_list; } + /* + * It's OK to block interruptible here with the vm lock held, since + * on task freezing during suspend / hibernate, the call will + * return -ERESTARTSYS and the IOCTL will be rerun. + */ + err = wait_for_completion_interruptible(&xe->pm_block); + if (err) + goto err_unlock_list; + vm_exec.vm = &vm->gpuvm; vm_exec.flags = DRM_EXEC_INTERRUPTIBLE_WAIT; if (xe_vm_in_lr_mode(vm)) { diff --git a/drivers/gpu/drm/xe/xe_pm.c b/drivers/gpu/drm/xe/xe_pm.c index b57b46ad9f7c..2d7b05d8a78b 100644 --- a/drivers/gpu/drm/xe/xe_pm.c +++ b/drivers/gpu/drm/xe/xe_pm.c @@ -306,6 +306,7 @@ static int xe_pm_notifier_callback(struct notifier_block *nb, switch (action) { case PM_HIBERNATION_PREPARE: case PM_SUSPEND_PREPARE: + reinit_completion(&xe->pm_block); xe_pm_runtime_get(xe); err = xe_bo_evict_all_user(xe); if (err) @@ -318,6 +319,7 @@ static int xe_pm_notifier_callback(struct notifier_block *nb, break; case PM_POST_HIBERNATION: case PM_POST_SUSPEND: + complete_all(&xe->pm_block); xe_pm_runtime_get(xe); xe_bo_notifier_unprepare_all_pinned(xe); xe_pm_runtime_put(xe); @@ -345,6 +347,8 @@ int xe_pm_init(struct xe_device *xe) if (err) return err; + init_completion(&xe->pm_block); + complete_all(&xe->pm_block); /* For now suspend/resume is only allowed with GuC */ if (!xe_device_uc_enabled(xe)) return 0; diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index 3ff3c67aa79d..edcdb0528f2a 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -394,6 +394,9 @@ static int xe_gpuvm_validate(struct drm_gpuvm_bo *vm_bo, struct drm_exec *exec) list_move_tail(&gpuva_to_vma(gpuva)->combined_links.rebind, &vm->rebind_list); + if (!try_wait_for_completion(&vm->xe->pm_block)) + return -EAGAIN; + ret = xe_bo_validate(gem_to_xe_bo(vm_bo->obj), vm, false); if (ret) return ret; @@ -494,6 +497,12 @@ static void preempt_rebind_work_func(struct work_struct *w) xe_assert(vm->xe, xe_vm_in_preempt_fence_mode(vm)); trace_xe_vm_rebind_worker_enter(vm); + /* + * This blocks the wq during suspend / hibernate. + * Don't hold any locks. + */ +retry_pm: + wait_for_completion(&vm->xe->pm_block); down_write(&vm->lock); if (xe_vm_is_closed_or_banned(vm)) { @@ -503,6 +512,11 @@ static void preempt_rebind_work_func(struct work_struct *w) } retry: + if (!try_wait_for_completion(&vm->xe->pm_block)) { + up_write(&vm->lock); + goto retry_pm; + } + if (xe_vm_userptr_check_repin(vm)) { err = xe_vm_userptr_pin(vm); if (err) -- 2.50.1

2 weeks, 5 days

1
0
0 0

[PATCH 1/3] drm/xe: Attempt to bring bos back to VRAM after eviction

by Thomas Hellström

VRAM+TT bos that are evicted from VRAM to TT may remain in TT also after a revalidation following eviction or suspend. This manifests itself as applications becoming sluggish after buffer objects get evicted or after a resume from suspend or hibernation. If the bo supports placement in both VRAM and TT, and we are on DGFX, mark the TT placement as fallback. This means that it is tried only after VRAM + eviction. This flaw has probably been present since the xe module was upstreamed but use a Fixes: commit below where backporting is likely to be simple. For earlier versions we need to open- code the fallback algorithm in the driver. v2: - Remove check for dgfx. (Matthew Auld) - Update the xe_dma_buf kunit test for the new strategy (CI) - Allow dma-buf to pin in current placement (CI) - Make xe_bo_validate() for pinned bos a NOP. Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/5995 Fixes: a78a8da51b36 ("drm/ttm: replace busy placement with flags v6") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.9+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Reviewed-by: Matthew Auld <matthew.auld(a)intel.com> --- drivers/gpu/drm/xe/tests/xe_bo.c | 2 +- drivers/gpu/drm/xe/tests/xe_dma_buf.c | 10 +--------- drivers/gpu/drm/xe/xe_bo.c | 16 ++++++++++++---- drivers/gpu/drm/xe/xe_bo.h | 2 +- drivers/gpu/drm/xe/xe_dma_buf.c | 2 +- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/drivers/gpu/drm/xe/tests/xe_bo.c b/drivers/gpu/drm/xe/tests/xe_bo.c index bb469096d072..7b40cc8be1c9 100644 --- a/drivers/gpu/drm/xe/tests/xe_bo.c +++ b/drivers/gpu/drm/xe/tests/xe_bo.c @@ -236,7 +236,7 @@ static int evict_test_run_tile(struct xe_device *xe, struct xe_tile *tile, struc } xe_bo_lock(external, false); - err = xe_bo_pin_external(external); + err = xe_bo_pin_external(external, false); xe_bo_unlock(external); if (err) { KUNIT_FAIL(test, "external bo pin err=%pe\n", diff --git a/drivers/gpu/drm/xe/tests/xe_dma_buf.c b/drivers/gpu/drm/xe/tests/xe_dma_buf.c index cde9530bef8c..3f30d2cef917 100644 --- a/drivers/gpu/drm/xe/tests/xe_dma_buf.c +++ b/drivers/gpu/drm/xe/tests/xe_dma_buf.c @@ -85,15 +85,7 @@ static void check_residency(struct kunit *test, struct xe_bo *exported, return; } - /* - * If on different devices, the exporter is kept in system if - * possible, saving a migration step as the transfer is just - * likely as fast from system memory. - */ - if (params->mem_mask & XE_BO_FLAG_SYSTEM) - KUNIT_EXPECT_TRUE(test, xe_bo_is_mem_type(exported, XE_PL_TT)); - else - KUNIT_EXPECT_TRUE(test, xe_bo_is_mem_type(exported, mem_type)); + KUNIT_EXPECT_TRUE(test, xe_bo_is_mem_type(exported, mem_type)); if (params->force_different_devices) KUNIT_EXPECT_TRUE(test, xe_bo_is_mem_type(imported, XE_PL_TT)); diff --git a/drivers/gpu/drm/xe/xe_bo.c b/drivers/gpu/drm/xe/xe_bo.c index 4faf15d5fa6d..870f43347281 100644 --- a/drivers/gpu/drm/xe/xe_bo.c +++ b/drivers/gpu/drm/xe/xe_bo.c @@ -188,6 +188,8 @@ static void try_add_system(struct xe_device *xe, struct xe_bo *bo, bo->placements[*c] = (struct ttm_place) { .mem_type = XE_PL_TT, + .flags = (bo_flags & XE_BO_FLAG_VRAM_MASK) ? + TTM_PL_FLAG_FALLBACK : 0, }; *c += 1; } @@ -2322,6 +2324,7 @@ uint64_t vram_region_gpu_offset(struct ttm_resource *res) /** * xe_bo_pin_external - pin an external BO * @bo: buffer object to be pinned + * @in_place: Pin in current placement, don't attempt to migrate. * * Pin an external (not tied to a VM, can be exported via dma-buf / prime FD) * BO. Unique call compared to xe_bo_pin as this function has it own set of @@ -2329,7 +2332,7 @@ uint64_t vram_region_gpu_offset(struct ttm_resource *res) * * Returns 0 for success, negative error code otherwise. */ -int xe_bo_pin_external(struct xe_bo *bo) +int xe_bo_pin_external(struct xe_bo *bo, bool in_place) { struct xe_device *xe = xe_bo_device(bo); int err; @@ -2338,9 +2341,11 @@ int xe_bo_pin_external(struct xe_bo *bo) xe_assert(xe, xe_bo_is_user(bo)); if (!xe_bo_is_pinned(bo)) { - err = xe_bo_validate(bo, NULL, false); - if (err) - return err; + if (!in_place) { + err = xe_bo_validate(bo, NULL, false); + if (err) + return err; + } spin_lock(&xe->pinned.lock); list_add_tail(&bo->pinned_link, &xe->pinned.late.external); @@ -2493,6 +2498,9 @@ int xe_bo_validate(struct xe_bo *bo, struct xe_vm *vm, bool allow_res_evict) }; int ret; + if (xe_bo_is_pinned(bo)) + return 0; + if (vm) { lockdep_assert_held(&vm->lock); xe_vm_assert_held(vm); diff --git a/drivers/gpu/drm/xe/xe_bo.h b/drivers/gpu/drm/xe/xe_bo.h index 8cce413b5235..cfb1ec266a6d 100644 --- a/drivers/gpu/drm/xe/xe_bo.h +++ b/drivers/gpu/drm/xe/xe_bo.h @@ -200,7 +200,7 @@ static inline void xe_bo_unlock_vm_held(struct xe_bo *bo) } } -int xe_bo_pin_external(struct xe_bo *bo); +int xe_bo_pin_external(struct xe_bo *bo, bool in_place); int xe_bo_pin(struct xe_bo *bo); void xe_bo_unpin_external(struct xe_bo *bo); void xe_bo_unpin(struct xe_bo *bo); diff --git a/drivers/gpu/drm/xe/xe_dma_buf.c b/drivers/gpu/drm/xe/xe_dma_buf.c index 346f857f3837..af64baf872ef 100644 --- a/drivers/gpu/drm/xe/xe_dma_buf.c +++ b/drivers/gpu/drm/xe/xe_dma_buf.c @@ -72,7 +72,7 @@ static int xe_dma_buf_pin(struct dma_buf_attachment *attach) return ret; } - ret = xe_bo_pin_external(bo); + ret = xe_bo_pin_external(bo, true); xe_assert(xe, !ret); return 0; -- 2.50.1

2 weeks, 5 days

1
0
0 0

[PATCH] drm/xe: Attempt to bring bos back to VRAM after eviction

by Thomas Hellström

VRAM+TT bos that are evicted from VRAM to TT may remain in TT also after a revalidation following eviction or suspend. This manifests itself as applications becoming sluggish after buffer objects get evicted or after a resume from suspend or hibernation. If the bo supports placement in both VRAM and TT, and we are on DGFX, mark the TT placement as fallback. This means that it is tried only after VRAM + eviction. This flaw has probably been present since the xe module was upstreamed but use a Fixes: commit below where backporting is likely to be simple. For earlier versions we need to open- code the fallback algorithm in the driver. Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/5995 Fixes: a78a8da51b36 ("drm/ttm: replace busy placement with flags v6") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.9+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_bo.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/xe/xe_bo.c b/drivers/gpu/drm/xe/xe_bo.c index 4faf15d5fa6d..64dea4e478bd 100644 --- a/drivers/gpu/drm/xe/xe_bo.c +++ b/drivers/gpu/drm/xe/xe_bo.c @@ -188,6 +188,8 @@ static void try_add_system(struct xe_device *xe, struct xe_bo *bo, bo->placements[*c] = (struct ttm_place) { .mem_type = XE_PL_TT, + .flags = (IS_DGFX(xe) && (bo_flags & XE_BO_FLAG_VRAM_MASK)) ? + TTM_PL_FLAG_FALLBACK : 0, }; *c += 1; } -- 2.50.1

2 weeks, 5 days

3
7
0 0

[PATCH rtw v3 2/5] wifi: rtw89: fix tx_wait initialization race

by Fedor Pchelkin

Now that nullfunc skbs are recycled in a separate work item in the driver, the following race during initialization and processing of those skbs might lead to noticeable bugs: Waiting thread Completing thread rtw89_core_send_nullfunc() rtw89_core_tx_write_link() ... rtw89_pci_txwd_submit() skb_data->wait = NULL /* add skb to the queue */ skb_queue_tail(&txwd->queue, skb) rtw89_pci_napi_poll() ... rtw89_pci_release_txwd_skb() /* get skb from the queue */ skb_unlink(skb, &txwd->queue) rtw89_pci_tx_status() rtw89_core_tx_wait_complete() /* use incorrect skb_data->wait */ rtw89_core_tx_kick_off_and_wait() /* assign skb_data->wait but too late */ The value of skb_data->wait indicates whether skb is passed on to the core ieee80211 stack or released by the driver itself. So assure that by the time skb is added to txwd queue and becomes visible to the completing side, it has already allocated tx_wait-related data (in case it's needed). Found by Linux Verification Center (linuxtesting.org). Fixes: 1ae5ca615285 ("wifi: rtw89: add function to wait for completion of TX skbs") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- drivers/net/wireless/realtek/rtw89/core.c | 30 ++++++++++++++--------- drivers/net/wireless/realtek/rtw89/pci.c | 2 -- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/drivers/net/wireless/realtek/rtw89/core.c b/drivers/net/wireless/realtek/rtw89/core.c index 5c964283cd67..57f20559dfde 100644 --- a/drivers/net/wireless/realtek/rtw89/core.c +++ b/drivers/net/wireless/realtek/rtw89/core.c @@ -1094,20 +1094,12 @@ int rtw89_core_tx_kick_off_and_wait(struct rtw89_dev *rtwdev, struct sk_buff *sk int qsel, unsigned int timeout) { struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb); - struct rtw89_tx_wait_info *wait; + struct rtw89_tx_wait_info *wait = skb_data->wait; unsigned long time_left; int ret = 0; lockdep_assert_wiphy(rtwdev->hw->wiphy); - wait = kzalloc(sizeof(*wait), GFP_KERNEL); - if (!wait) { - rtw89_core_tx_kick_off(rtwdev, qsel); - return 0; - } - - init_completion(&wait->completion); - rcu_assign_pointer(skb_data->wait, wait); wait->skb = skb; rtw89_core_tx_kick_off(rtwdev, qsel); @@ -1172,10 +1164,12 @@ int rtw89_h2c_tx(struct rtw89_dev *rtwdev, static int rtw89_core_tx_write_link(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rtwvif_link, struct rtw89_sta_link *rtwsta_link, - struct sk_buff *skb, int *qsel, bool sw_mld) + struct sk_buff *skb, int *qsel, bool sw_mld, + struct rtw89_tx_wait_info *wait) { struct ieee80211_sta *sta = rtwsta_link_to_sta_safe(rtwsta_link); struct ieee80211_vif *vif = rtwvif_link_to_vif(rtwvif_link); + struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb); struct rtw89_vif *rtwvif = rtwvif_link->rtwvif; struct rtw89_core_tx_request tx_req = {}; int ret; @@ -1192,6 +1186,8 @@ static int rtw89_core_tx_write_link(struct rtw89_dev *rtwdev, rtw89_core_tx_update_desc_info(rtwdev, &tx_req); rtw89_core_tx_wake(rtwdev, &tx_req); + rcu_assign_pointer(skb_data->wait, wait); + ret = rtw89_hci_tx_write(rtwdev, &tx_req); if (ret) { rtw89_err(rtwdev, "failed to transmit skb to HCI\n"); @@ -1228,7 +1224,8 @@ int rtw89_core_tx_write(struct rtw89_dev *rtwdev, struct ieee80211_vif *vif, } } - return rtw89_core_tx_write_link(rtwdev, rtwvif_link, rtwsta_link, skb, qsel, false); + return rtw89_core_tx_write_link(rtwdev, rtwvif_link, rtwsta_link, skb, qsel, false, + NULL); } static __le32 rtw89_build_txwd_body0(struct rtw89_tx_desc_info *desc_info) @@ -3426,6 +3423,7 @@ int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rt struct ieee80211_vif *vif = rtwvif_link_to_vif(rtwvif_link); int link_id = ieee80211_vif_is_mld(vif) ? rtwvif_link->link_id : -1; struct rtw89_sta_link *rtwsta_link; + struct rtw89_tx_wait_info *wait; struct ieee80211_sta *sta; struct ieee80211_hdr *hdr; struct rtw89_sta *rtwsta; @@ -3435,6 +3433,12 @@ int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rt if (vif->type != NL80211_IFTYPE_STATION || !vif->cfg.assoc) return 0; + wait = kzalloc(sizeof(*wait), GFP_KERNEL); + if (!wait) + return -ENOMEM; + + init_completion(&wait->completion); + rcu_read_lock(); sta = ieee80211_find_sta(vif, vif->cfg.ap_addr); if (!sta) { @@ -3459,7 +3463,8 @@ int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rt goto out; } - ret = rtw89_core_tx_write_link(rtwdev, rtwvif_link, rtwsta_link, skb, &qsel, true); + ret = rtw89_core_tx_write_link(rtwdev, rtwvif_link, rtwsta_link, skb, &qsel, true, + wait); if (ret) { rtw89_warn(rtwdev, "nullfunc transmit failed: %d\n", ret); dev_kfree_skb_any(skb); @@ -3472,6 +3477,7 @@ int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rt timeout); out: rcu_read_unlock(); + kfree(wait); return ret; } diff --git a/drivers/net/wireless/realtek/rtw89/pci.c b/drivers/net/wireless/realtek/rtw89/pci.c index 4e3034b44f56..cb9682f306a6 100644 --- a/drivers/net/wireless/realtek/rtw89/pci.c +++ b/drivers/net/wireless/realtek/rtw89/pci.c @@ -1372,7 +1372,6 @@ static int rtw89_pci_txwd_submit(struct rtw89_dev *rtwdev, struct pci_dev *pdev = rtwpci->pdev; struct sk_buff *skb = tx_req->skb; struct rtw89_pci_tx_data *tx_data = RTW89_PCI_TX_SKB_CB(skb); - struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb); bool en_wd_info = desc_info->en_wd_info; u32 txwd_len; u32 txwp_len; @@ -1388,7 +1387,6 @@ static int rtw89_pci_txwd_submit(struct rtw89_dev *rtwdev, } tx_data->dma = dma; - rcu_assign_pointer(skb_data->wait, NULL); txwp_len = sizeof(*txwp_info); txwd_len = chip->txwd_body_size; -- 2.51.0

2 weeks, 5 days

2
1
0 0

[PATCH] drm/mediatek: fix device leaks at bind

by Johan Hovold

Make sure to drop the references to the sibling platform devices and their child drm devices taken by of_find_device_by_node() and device_find_child() when initialising the driver data during bind(). Fixes: 1ef7ed48356c ("drm/mediatek: Modify mediatek-drm for mt8195 multi mmsys support") Cc: stable(a)vger.kernel.org # 6.4 Cc: Nancy.Lin <nancy.lin(a)mediatek.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/gpu/drm/mediatek/mtk_drm_drv.c b/drivers/gpu/drm/mediatek/mtk_drm_drv.c index 7c0c12dde488..33b83576af7e 100644 --- a/drivers/gpu/drm/mediatek/mtk_drm_drv.c +++ b/drivers/gpu/drm/mediatek/mtk_drm_drv.c @@ -395,10 +395,12 @@ static bool mtk_drm_get_all_drm_priv(struct device *dev) continue; drm_dev = device_find_child(&pdev->dev, NULL, mtk_drm_match); + put_device(&pdev->dev); if (!drm_dev) continue; temp_drm_priv = dev_get_drvdata(drm_dev); + put_device(drm_dev); if (!temp_drm_priv) continue; -- 2.49.1

2 weeks, 5 days

3
5
0 0

[PATCH rtw v3 1/5] wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()

by Fedor Pchelkin

There is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to access already freed skb_data: BUG: KFENCE: use-after-free write in rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110 CPU: 6 UID: 0 PID: 41377 Comm: kworker/u64:24 Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS edk2-20250523-14.fc42 05/23/2025 Workqueue: events_unbound cfg80211_wiphy_work [cfg80211] Use-after-free write at 0x0000000020309d9d (in kfence-#251): rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110 rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338 rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979 rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165 rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.h:141 rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012 rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059 rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758 process_one_work kernel/workqueue.c:3241 worker_thread kernel/workqueue.c:3400 kthread kernel/kthread.c:463 ret_from_fork arch/x86/kernel/process.c:154 ret_from_fork_asm arch/x86/entry/entry_64.S:258 kfence-#251: 0x0000000056e2393d-0x000000009943cb62, size=232, cache=skbuff_head_cache allocated by task 41377 on cpu 6 at 77869.159548s (0.009551s ago): __alloc_skb net/core/skbuff.c:659 __netdev_alloc_skb net/core/skbuff.c:734 ieee80211_nullfunc_get net/mac80211/tx.c:5844 rtw89_core_send_nullfunc drivers/net/wireless/realtek/rtw89/core.c:3431 rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338 rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979 rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165 rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.c:3194 rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012 rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059 rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758 process_one_work kernel/workqueue.c:3241 worker_thread kernel/workqueue.c:3400 kthread kernel/kthread.c:463 ret_from_fork arch/x86/kernel/process.c:154 ret_from_fork_asm arch/x86/entry/entry_64.S:258 freed by task 1045 on cpu 9 at 77869.168393s (0.001557s ago): ieee80211_tx_status_skb net/mac80211/status.c:1117 rtw89_pci_release_txwd_skb drivers/net/wireless/realtek/rtw89/pci.c:564 rtw89_pci_release_tx_skbs.isra.0 drivers/net/wireless/realtek/rtw89/pci.c:651 rtw89_pci_release_tx drivers/net/wireless/realtek/rtw89/pci.c:676 rtw89_pci_napi_poll drivers/net/wireless/realtek/rtw89/pci.c:4238 __napi_poll net/core/dev.c:7495 net_rx_action net/core/dev.c:7557 net/core/dev.c:7684 handle_softirqs kernel/softirq.c:580 do_softirq.part.0 kernel/softirq.c:480 __local_bh_enable_ip kernel/softirq.c:407 rtw89_pci_interrupt_threadfn drivers/net/wireless/realtek/rtw89/pci.c:927 irq_thread_fn kernel/irq/manage.c:1133 irq_thread kernel/irq/manage.c:1257 kthread kernel/kthread.c:463 ret_from_fork arch/x86/kernel/process.c:154 ret_from_fork_asm arch/x86/entry/entry_64.S:258 It is a consequence of a race between the waiting and the signaling side of the completion: Waiting thread Completing thread rtw89_core_tx_kick_off_and_wait() rcu_assign_pointer(skb_data->wait, wait) /* start waiting */ wait_for_completion_timeout() rtw89_pci_tx_status() rtw89_core_tx_wait_complete() rcu_read_lock() /* signals completion and * proceeds further */ complete(&wait->completion) rcu_read_unlock() ... /* frees skb_data */ ieee80211_tx_status_ni() /* returns (exit status doesn't matter) */ wait_for_completion_timeout() ... /* accesses the already freed skb_data */ rcu_assign_pointer(skb_data->wait, NULL) The completing side might proceed and free the underlying skb even before the waiting side is fully awoken and run to execution. Actually the race happens regardless of wait_for_completion_timeout() exit status, e.g. the waiting side may hit a timeout and the concurrent completing side is still able to free the skb. Skbs which are sent by rtw89_core_tx_kick_off_and_wait() are owned by the driver. They don't come from core ieee80211 stack so no need to pass them to ieee80211_tx_status_ni() on completing side. Introduce a work function which will act as a garbage collector for rtw89_tx_wait_info objects and the associated skbs. Thus no potentially heavy locks are required on the completing side. Found by Linux Verification Center (linuxtesting.org). Fixes: 1ae5ca615285 ("wifi: rtw89: add function to wait for completion of TX skbs") Cc: stable(a)vger.kernel.org Suggested-by: Zong-Zhe Yang <kevin_yang(a)realtek.com> Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- v3: - decrease waiting timeout in rtw89_tx_wait_work() (Zong-Zhe) - clear tx_waits list from rtw89_hci_reset(), too (Zong-Zhe) - keep RCU updating for skb_data->wait (Zong-Zhe) - keep the old order of calls in rtw89_pci_tx_status() (Zong-Zhe) - drop wait->finished as complete_all() would make the completion be done permanently (me) v2: - use a work function to manage release of tx_waits and associated skbs (Zong-Zhe) FWIW, I think RCU locking becomes unnecessary after the next patch [PATCH rtw v3 2/5] wifi: rtw89: fix tx_wait initialization race but let's keep it if you feel that's more safe. drivers/net/wireless/realtek/rtw89/core.c | 28 ++++++++++++++--- drivers/net/wireless/realtek/rtw89/core.h | 38 +++++++++++++++++++++-- drivers/net/wireless/realtek/rtw89/pci.c | 3 +- drivers/net/wireless/realtek/rtw89/ser.c | 2 ++ 4 files changed, 63 insertions(+), 8 deletions(-) diff --git a/drivers/net/wireless/realtek/rtw89/core.c b/drivers/net/wireless/realtek/rtw89/core.c index 57590f5577a3..5c964283cd67 100644 --- a/drivers/net/wireless/realtek/rtw89/core.c +++ b/drivers/net/wireless/realtek/rtw89/core.c @@ -1073,6 +1073,14 @@ rtw89_core_tx_update_desc_info(struct rtw89_dev *rtwdev, } } +static void rtw89_tx_wait_work(struct wiphy *wiphy, struct wiphy_work *work) +{ + struct rtw89_dev *rtwdev = container_of(work, struct rtw89_dev, + tx_wait_work); + + rtw89_tx_wait_list_clear(rtwdev); +} + void rtw89_core_tx_kick_off(struct rtw89_dev *rtwdev, u8 qsel) { u8 ch_dma; @@ -1090,6 +1098,8 @@ int rtw89_core_tx_kick_off_and_wait(struct rtw89_dev *rtwdev, struct sk_buff *sk unsigned long time_left; int ret = 0; + lockdep_assert_wiphy(rtwdev->hw->wiphy); + wait = kzalloc(sizeof(*wait), GFP_KERNEL); if (!wait) { rtw89_core_tx_kick_off(rtwdev, qsel); @@ -1098,17 +1108,22 @@ int rtw89_core_tx_kick_off_and_wait(struct rtw89_dev *rtwdev, struct sk_buff *sk init_completion(&wait->completion); rcu_assign_pointer(skb_data->wait, wait); + wait->skb = skb; rtw89_core_tx_kick_off(rtwdev, qsel); time_left = wait_for_completion_timeout(&wait->completion, msecs_to_jiffies(timeout)); - if (time_left == 0) + + if (time_left == 0) { ret = -ETIMEDOUT; - else if (!wait->tx_done) - ret = -EAGAIN; + list_add_tail(&wait->list, &rtwdev->tx_waits); + wiphy_work_queue(rtwdev->hw->wiphy, &rtwdev->tx_wait_work); - rcu_assign_pointer(skb_data->wait, NULL); - kfree_rcu(wait, rcu_head); + } else { + if (!wait->tx_done) + ret = -EAGAIN; + rtw89_tx_wait_release(&wait->rcu_head); + } return ret; } @@ -4972,6 +4987,7 @@ void rtw89_core_stop(struct rtw89_dev *rtwdev) clear_bit(RTW89_FLAG_RUNNING, rtwdev->flags); wiphy_work_cancel(wiphy, &rtwdev->c2h_work); + wiphy_work_cancel(wiphy, &rtwdev->tx_wait_work); wiphy_work_cancel(wiphy, &rtwdev->cancel_6ghz_probe_work); wiphy_work_cancel(wiphy, &btc->eapol_notify_work); wiphy_work_cancel(wiphy, &btc->arp_notify_work); @@ -5203,6 +5219,7 @@ int rtw89_core_init(struct rtw89_dev *rtwdev) INIT_LIST_HEAD(&rtwdev->scan_info.pkt_list[band]); } INIT_LIST_HEAD(&rtwdev->scan_info.chan_list); + INIT_LIST_HEAD(&rtwdev->tx_waits); INIT_WORK(&rtwdev->ba_work, rtw89_core_ba_work); INIT_WORK(&rtwdev->txq_work, rtw89_core_txq_work); INIT_DELAYED_WORK(&rtwdev->txq_reinvoke_work, rtw89_core_txq_reinvoke_work); @@ -5233,6 +5250,7 @@ int rtw89_core_init(struct rtw89_dev *rtwdev) wiphy_work_init(&rtwdev->c2h_work, rtw89_fw_c2h_work); wiphy_work_init(&rtwdev->ips_work, rtw89_ips_work); wiphy_work_init(&rtwdev->cancel_6ghz_probe_work, rtw89_cancel_6ghz_probe_work); + wiphy_work_init(&rtwdev->tx_wait_work, rtw89_tx_wait_work); INIT_WORK(&rtwdev->load_firmware_work, rtw89_load_firmware_work); skb_queue_head_init(&rtwdev->c2h_queue); diff --git a/drivers/net/wireless/realtek/rtw89/core.h b/drivers/net/wireless/realtek/rtw89/core.h index 43e10278e14d..9b22bb116af9 100644 --- a/drivers/net/wireless/realtek/rtw89/core.h +++ b/drivers/net/wireless/realtek/rtw89/core.h @@ -3506,9 +3506,12 @@ struct rtw89_phy_rate_pattern { bool enable; }; +#define RTW89_TX_WAIT_DEFAULT_TIMEOUT 10 struct rtw89_tx_wait_info { struct rcu_head rcu_head; + struct list_head list; struct completion completion; + struct sk_buff *skb; bool tx_done; }; @@ -5925,6 +5928,9 @@ struct rtw89_dev { /* used to protect rpwm */ spinlock_t rpwm_lock; + struct list_head tx_waits; + struct wiphy_work tx_wait_work; + struct rtw89_cam_info cam_info; struct sk_buff_head c2h_queue; @@ -6181,6 +6187,30 @@ rtw89_assoc_link_rcu_dereference(struct rtw89_dev *rtwdev, u8 macid) list_first_entry_or_null(&p->dlink_pool, typeof(*p->links_inst), dlink_schd); \ }) +static inline void rtw89_tx_wait_release(struct rcu_head *rcu_head) +{ + struct rtw89_tx_wait_info *wait = + container_of(rcu_head, struct rtw89_tx_wait_info, rcu_head); + + dev_kfree_skb_any(wait->skb); + kfree(wait); +} + +static inline void rtw89_tx_wait_list_clear(struct rtw89_dev *rtwdev) +{ + struct rtw89_tx_wait_info *wait, *tmp; + + lockdep_assert_wiphy(rtwdev->hw->wiphy); + + list_for_each_entry_safe(wait, tmp, &rtwdev->tx_waits, list) { + if (!wait_for_completion_timeout(&wait->completion, + RTW89_TX_WAIT_DEFAULT_TIMEOUT)) + continue; + list_del(&wait->list); + call_rcu(&wait->rcu_head, rtw89_tx_wait_release); + } +} + static inline int rtw89_hci_tx_write(struct rtw89_dev *rtwdev, struct rtw89_core_tx_request *tx_req) { @@ -6190,6 +6220,7 @@ static inline int rtw89_hci_tx_write(struct rtw89_dev *rtwdev, static inline void rtw89_hci_reset(struct rtw89_dev *rtwdev) { rtwdev->hci.ops->reset(rtwdev); + rtw89_tx_wait_list_clear(rtwdev); } static inline int rtw89_hci_start(struct rtw89_dev *rtwdev) @@ -7258,11 +7289,12 @@ static inline struct sk_buff *rtw89_alloc_skb_for_rx(struct rtw89_dev *rtwdev, return dev_alloc_skb(length); } -static inline void rtw89_core_tx_wait_complete(struct rtw89_dev *rtwdev, +static inline bool rtw89_core_tx_wait_complete(struct rtw89_dev *rtwdev, struct rtw89_tx_skb_data *skb_data, bool tx_done) { struct rtw89_tx_wait_info *wait; + bool ret = false; rcu_read_lock(); @@ -7270,11 +7302,13 @@ static inline void rtw89_core_tx_wait_complete(struct rtw89_dev *rtwdev, if (!wait) goto out; + ret = true; wait->tx_done = tx_done; - complete(&wait->completion); + complete_all(&wait->completion); out: rcu_read_unlock(); + return ret; } static inline bool rtw89_is_mlo_1_1(struct rtw89_dev *rtwdev) diff --git a/drivers/net/wireless/realtek/rtw89/pci.c b/drivers/net/wireless/realtek/rtw89/pci.c index a669f2f843aa..4e3034b44f56 100644 --- a/drivers/net/wireless/realtek/rtw89/pci.c +++ b/drivers/net/wireless/realtek/rtw89/pci.c @@ -464,7 +464,8 @@ static void rtw89_pci_tx_status(struct rtw89_dev *rtwdev, struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb); struct ieee80211_tx_info *info; - rtw89_core_tx_wait_complete(rtwdev, skb_data, tx_status == RTW89_TX_DONE); + if (rtw89_core_tx_wait_complete(rtwdev, skb_data, tx_status == RTW89_TX_DONE)) + return; info = IEEE80211_SKB_CB(skb); ieee80211_tx_info_clear_status(info); diff --git a/drivers/net/wireless/realtek/rtw89/ser.c b/drivers/net/wireless/realtek/rtw89/ser.c index bb39fdbcba0d..fe7beff8c424 100644 --- a/drivers/net/wireless/realtek/rtw89/ser.c +++ b/drivers/net/wireless/realtek/rtw89/ser.c @@ -502,7 +502,9 @@ static void ser_reset_trx_st_hdl(struct rtw89_ser *ser, u8 evt) } drv_stop_rx(ser); + wiphy_lock(wiphy); drv_trx_reset(ser); + wiphy_unlock(wiphy); /* wait m3 */ hal_send_m2_event(ser); -- 2.51.0

2 weeks, 5 days

2
1
0 0

[PATCH 6.1 000/482] 6.1.149-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.149 release. There are 482 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 28 Aug 2025 11:08:22 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.149-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.149-rc1 Florian Westphal <fw(a)strlen.de> netfilter: nf_reject: don't leak dst refcount for loopback packets Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/hypfs: Enable limited access during lockdown Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/hypfs: Avoid unnecessary ioctl registration in debugfs Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation Hangbin Liu <liuhangbin(a)gmail.com> bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU Aahil Awatramani <aahila(a)google.com> bonding: Add independent control state machine Hangbin Liu <liuhangbin(a)gmail.com> bonding: update LACP activity flag after setting lacp_active William Liu <will(a)willsroot.io> net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate William Liu <will(a)willsroot.io> net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit ValdikSS <iam(a)valdikss.org.ru> igc: fix disabling L1.2 PCI-E link substate on I226 on init Jason Xing <kernelxing(a)tencent.com> ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc Jordan Rhee <jordanrhee(a)google.com> gve: prevent ethtool ops after shutdown Yuichiro Tsuji <yuichtsu(a)amazon.com> net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Horatiu Vultur <horatiu.vultur(a)microchip.com> phy: mscc: Fix timestamping for vsc8584 Qingfang Deng <dqfext(a)gmail.com> ppp: fix race conditions in ppp_fill_forward_path Qingfang Deng <dqfext(a)gmail.com> net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path Minhong He <heminhong(a)kylinos.cn> ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add Jakub Ramaseuski <jramaseu(a)redhat.com> net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM Chenyuan Yang <chenyuan0y(a)gmail.com> drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() Dan Carpenter <dan.carpenter(a)linaro.org> ALSA: usb-audio: Fix size validation in convert_chmap_v3() Baihan Li <libaihan(a)huawei.com> drm/hisilicon/hibmc: fix the hibmc loaded failed bug Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum: Forward packets with an IPv4 link-local source IP Sergey Shtylyov <s.shtylyov(a)omp.ru> Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() Kees Cook <kees(a)kernel.org> iommu/amd: Avoid stack buffer overflow from kernel cmdline Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla4xxx: Prevent a potential error pointer dereference Wang Liang <wangliang74(a)huawei.com> net: bridge: fix soft lockup in br_multicast_query_expired() Anantha Prabhu <anantha.prabhu(a)broadcom.com> RDMA/bnxt_re: Fix to initialize the PBL array Boshi Yu <boshiyu(a)linux.alibaba.com> RDMA/erdma: Fix ignored return value of init_kernel_qp Nitin Gote <nitin.r.gote(a)intel.com> iosys-map: Fix undefined behavior in iosys_map_clear() Waiman Long <longman(a)redhat.com> cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key Tianxiang Peng <txpeng(a)tencent.com> x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Jan Beulich <jbeulich(a)suse.com> compiler: remove __ADDRESSABLE_ASM{_STR,}() again David Lechner <dlechner(a)baylibre.com> iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: light: as73211: Ensure buffer holes are zeroed Pu Lehui <pulehui(a)huawei.com> tracing: Limit access to parser->buffer when trace_get_user failed Steven Rostedt <rostedt(a)goodmis.org> tracing: Remove unneeded goto out logic Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_icm42600: change invalid data error to -EBUSY Jakub Kicinski <kuba(a)kernel.org> tls: fix handling of zero-length records on the rx_list Mikhail Lobanov <m.lobanov(a)rosa.ru> wifi: mac80211: check basic rates validity in sta_link_apply_parameters Benjamin Berg <benjamin.berg(a)intel.com> wifi: mac80211: avoid lockdep checking when removing deflink Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: pm: check flush doesn't reset limits Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Don't overclock DCE 6 by 15% Jinjiang Tu <tujinjiang(a)huawei.com> mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: Add a new function to simplify the code Bjorn Helgaas <bhelgaas(a)google.com> mmc: sdhci-pci-gli: Use PCI AER definitions, not hard-coded values Imre Deak <imre.deak(a)intel.com> drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Geliang Tang <tanggeliang(a)kylinos.cn> mptcp: disable add_addr retransmission when timeout is 0 Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-boundary access in dnode page Chao Yu <chao(a)kernel.org> f2fs: fix to call clear_page_private_reference in .{release,invalid}_folio Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: mdt_loader: Ensure we don't read past the ELF header Gokul krishna Krishnakumar <quic_gokukris(a)quicinc.com> soc: qcom: mdt_loader: Enhance split binary detection Geraldo Nascimento <geraldogabriel(a)gmail.com> PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining Geraldo Nascimento <geraldogabriel(a)gmail.com> PCI: rockchip: Use standard PCIe definitions Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers Baokun Li <libaokun1(a)huawei.com> ext4: preserve SB_I_VERSION on remount André Draszik <andre.draszik(a)linaro.org> scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62-main: Remove eMMC High Speed DDR support Selvarasu Ganesan <selvarasu.g(a)samsung.com> usb: dwc3: Remove WARN_ON for device endpoint command timeouts Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Ignore late xferNotReady event to prevent halt timeout Zenm Chen <zenmchen(a)gmail.com> USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles Thorsten Blum <thorsten.blum(a)linux.dev> usb: storage: realtek_cr: Use correct byte order for bcs->Residue Mael GUERIN <mael.guerin(a)murena.io> USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera Marek Vasut <marek.vasut+renesas(a)mailbox.org> usb: renesas-xhci: Fix External ROM access timeouts Xu Yang <xu.yang_2(a)nxp.com> usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test Ian Abbott <abbotti(a)mev.co.uk> comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() Edward Adam Davis <eadavis(a)qq.com> comedi: pcl726: Prevent invalid irq number Ian Abbott <abbotti(a)mev.co.uk> comedi: Make insn_rw_emulate_bits() do insn->n samples Miao Li <limiao(a)kylinos.cn> usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive Miaoqian Lin <linmq006(a)gmail.com> most: core: Drop device reference after usage in get_channel() David Lechner <dlechner(a)baylibre.com> iio: proximity: isl29501: fix buffered read on big-endian systems Salah Triki <salah.triki(a)gmail.com> iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() Steven Rostedt <rostedt(a)goodmis.org> ftrace: Also allocate and copy hash for reading of filter files Xu Yilun <yilun.xu(a)linux.intel.com> fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() Al Viro <viro(a)zeniv.linux.org.uk> use uniform permission checks for all mount propagation changes Ye Bin <yebin10(a)huawei.com> fs/buffer: fix use-after-free when call bh_read() helper Stefan Metzmacher <metze(a)samba.org> smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Avoid a NULL pointer dereference Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/sclp: Fix SCCB present check Evgeniy Harchenko <evgeniyharchenko.dev(a)gmail.com> ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 Herton R. Krzesinski <herton(a)redhat.com> mm/debug_vm_pgtable: clear page table entries at destroy_args() Phillip Lougher <phillip(a)squashfs.org.uk> squashfs: fix memory leak in squashfs_fill_super Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency Jiayi Li <lijiayi(a)kylinos.cn> memstick: Fix deadlock by moving removing flag earlier Will Deacon <will(a)kernel.org> KVM: arm64: Fix kernel BUG() due to bad backport of FPSIMD/SVE/SME fix Chao Gao <chao.gao(a)intel.com> KVM: VMX: Flush shadow VMCS on emergency reboot Sean Christopherson <seanjc(a)google.com> x86/reboot: KVM: Handle VMXOFF in KVM's reboot callback Sean Christopherson <seanjc(a)google.com> x86/reboot: Harden virtualization hooks for emergency reboot Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: use correct linker when mixing clang and GNU ld Sumanth Gavini <sumanth.gavini(a)yahoo.com> Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> selftests/memfd: add test for mapping write-sealed memfd read-only Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm: reinstate ability to map write-sealed memfd mappings read-only Lorenzo Stoakes <lstoakes(a)gmail.com> mm: update memfd seal write check to include F_SEAL_WRITE Lorenzo Stoakes <lstoakes(a)gmail.com> mm: drop the assumption that VM_SHARED always implies writable Paolo Abeni <pabeni(a)redhat.com> mptcp: reset fallback status gracefully at disconnect() time Paolo Abeni <pabeni(a)redhat.com> mptcp: plug races between subflow fail and subflow creation Paolo Abeni <pabeni(a)redhat.com> mptcp: make fallback action and fallback decision atomic Sean Christopherson <seanjc(a)google.com> KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer Nianyao Tang <tangnianyao(a)huawei.com> arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 register Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - fix ring to service map for QAT GEN4 Sabrina Dubroca <sd(a)queasysnail.net> tls: separate no-async decryption request handling from async Qu Wenruo <wqu(a)suse.com> btrfs: populate otime when logging an inode item Damien Le Moal <dlemoal(a)kernel.org> ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig Johan Hovold <johan(a)kernel.org> usb: dwc3: imx8mp: fix device leak at unbind Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec: remove unneeded label and if-condition Chen-Yu Tsai <wenst(a)chromium.org> platform/chrome: cros_ec: Use per-device lockdep key Johan Hovold <johan(a)kernel.org> usb: musb: omap2430: fix device leak at unbind Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> usb: musb: omap2430: Convert to platform remove callback returning void Vedang Nagar <quic_vnagar(a)quicinc.com> media: venus: Fix OOB read due to missing payload bound check Konrad Dybcio <konrad.dybcio(a)linaro.org> media: venus: Introduce accessors for remapped hfi_buffer_reqs members Anshuman Khandual <anshuman.khandual(a)arm.com> mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Davide Caratti <dcaratti(a)redhat.com> net/sched: ets: use old 'nbands' while purging unused classes Eric Dumazet <edumazet(a)google.com> net_sched: sch_ets: implement lockless ets_dump() Filipe Manana <fdmanana(a)suse.com> btrfs: send: use fallocate for hole punching with send stream v2 Christoph Hellwig <hch(a)lst.de> xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() Filipe Manana <fdmanana(a)suse.com> btrfs: qgroup: fix race between quota disable and quota rescan ioctl Sebastian Reichel <sebastian.reichel(a)collabora.com> usb: typec: fusb302: cache PD RX state Shyam Prasad N <sprasad(a)microsoft.com> cifs: reset iface weights when we cannot find a candidate Lukas Wunner <lukas(a)wunner.de> PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports Damien Le Moal <dlemoal(a)kernel.org> block: Make REQ_OP_ZONE_FINISH a write operation Christoph Hellwig <hch(a)lst.de> block: reject invalid operation in submit_bio_noacct Eric Biggers <ebiggers(a)kernel.org> fscrypt: Don't use problematic non-inline crypto engines Johan Hovold <johan(a)kernel.org> net: enetc: fix device and OF node leak at probe Lin.Cao <lincao12(a)amd.com> drm/sched: Remove optimization that causes hang when killing dependent jobs Ada Couprie Diaz <ada.coupriediaz(a)arm.com> arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() Nathan Chancellor <nathan(a)kernel.org> ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS Filipe Manana <fdmanana(a)suse.com> btrfs: fix qgroup reservation leak on failure to allocate ordered extent Eric Dumazet <edumazet(a)google.com> net: add netdev_lockdep_set_classes() to virtual drivers Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Add default names for MCA banks and blocks Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Fix crash in icl_update_topdown_event() Zhang Lixu <lixu.zhang(a)intel.com> iio: hid-sensor-prox: Fix incorrect OFFSET calculation Zhang Lixu <lixu.zhang(a)intel.com> iio: hid-sensor-prox: Restore lost scale assignments Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on ino and xnid Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: kernel: flush: do not reset ADD_ADDR limit Christoph Paasch <cpaasch(a)openai.com> mptcp: drop skb if MPTCP skb extension allocation fails Chen Yu <yu.c.chen(a)intel.com> ACPI: pfr_update: Fix the driver update version check Eric Biggers <ebiggers(a)kernel.org> ipv6: sr: Fix MAC comparison to be constant-time Jakub Acs <acsjakub(a)amazon.de> net, hsr: reject HSR frame if skb can't hold tag Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Don't overwrite dce60_clk_mgr Amber Lin <Amber.Lin(a)amd.com> drm/amdkfd: Destroy KFD debugfs after destroy KFD wq Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: update mmhub 3.0.1 client id mappings Gang Ba <Gang.Ba(a)amd.com> drm/amdgpu: Avoid extra evict-restore process. Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Restore cached power limit during resume Ricardo Ribalda <ribalda(a)chromium.org> media: venus: venc: Clamp param smaller than 1fps and bigger than 240 Ricardo Ribalda <ribalda(a)chromium.org> media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com> media: venus: protect against spurious interrupts during probe Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com> media: venus: hfi: explicitly release IRQ during teardown Vedang Nagar <quic_vnagar(a)quicinc.com> media: venus: Add a check for packet size after reading from shared memory Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> media: qcom: camss: cleanup media device allocated resource on error path Zhang Shurong <zhang_shurong(a)foxmail.com> media: ov2659: Fix memory leaks in ov2659_probe() Gui-Dong Han <hanguidong02(a)gmail.com> media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() Ludwig Disterhof <ludwig(a)disterhof.eu> media: usbtv: Lock resolution while streaming Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() Hans Verkuil <hverkuil(a)xs4all.nl> media: vivid: fix wrong pixel_array control size Haoxiang Li <haoxiang_li2024(a)163.com> media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() Bingbu Cao <bingbu.cao(a)intel.com> media: hi556: correct the test pattern configuration Dan Carpenter <dan.carpenter(a)linaro.org> media: gspca: Add bounds checking to firmware parser John David Anglin <dave.anglin(a)bell.net> parisc: Update comments in make_insert_tlb John David Anglin <dave.anglin(a)bell.net> parisc: Try to fixup kernel exception in bad_area_nosemaphore path of do_page_fault() John David Anglin <dave.anglin(a)bell.net> parisc: Revise gateway LWS calls to probe user read access John David Anglin <dave.anglin(a)bell.net> parisc: Revise __get_user() to probe user read access Randy Dunlap <rdunlap(a)infradead.org> parisc: Makefile: explain that 64BIT requires both 32-bit and 64-bit compilers John David Anglin <dave.anglin(a)bell.net> parisc: Check region is readable by user in raw_copy_from_user() Jon Hunter <jonathanh(a)nvidia.com> soc/tegra: pmc: Ensure power-domains are in a known state Baokun Li <libaokun1(a)huawei.com> jbd2: prevent softlockup in jbd2_log_do_checkpoint() Will Deacon <will(a)kernel.org> vhost/vsock: Avoid allocating arbitrarily-sized SKBs Will Deacon <will(a)kernel.org> vsock/virtio: Validate length in packet header before skb_put() Damien Le Moal <dlemoal(a)kernel.org> PCI: endpoint: Fix configfs group removal on driver teardown Damien Le Moal <dlemoal(a)kernel.org> PCI: endpoint: Fix configfs group list head handling Thomas Fourier <fourier.thomas(a)gmail.com> mtd: rawnand: renesas: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> mtd: rawnand: fsmc: Add missing check after DMA map Gabor Juhos <j4g8y7(a)gmail.com> mtd: spinand: propagate spinand_wait() errors from spinand_write_page() Michael Walle <mwalle(a)kernel.org> mtd: spi-nor: Fix spi_nor_try_unlock_all() Tim Harvey <tharvey(a)gateworks.com> hwmon: (gsc-hwmon) fix fan pwm setpoint show functions Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Fix duty and period setting Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Handle hardware enable and clock enable separately Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> pwm: imx-tpm: Reset counter if CMOD is 0 Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix dest ring-buffer corruption when ring is full Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix source ring-buffer corruption Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix dest ring-buffer corruption Nathan Chancellor <nathan(a)kernel.org> wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() David Lechner <dlechner(a)baylibre.com> iio: adc: ad_sigma_delta: change to buffer predisable David Lechner <dlechner(a)baylibre.com> iio: imu: bno055: fix OOB access of hw_xlate array Marek Szyprowski <m.szyprowski(a)samsung.com> zynq_fpga: use sgtable-based scatterlist wrappers Adrian Hunter <adrian.hunter(a)intel.com> scsi: ufs: ufs-pci: Fix default runtime and system PM levels Archana Patni <archana.patni(a)intel.com> scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_to_sense_error() status handling Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Fix race between config read submit and interrupt completion Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints Zhang Yi <yi.zhang(a)huawei.com> ext4: fix hole length calculation overflow in non-extent inodes Liao Yuanhong <liaoyuanhong(a)vivo.com> ext4: use kmalloc_array() for array space allocation Theodore Ts'o <tytso(a)mit.edu> ext4: don't try to clear the orphan_present feature block device is r/o Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: fix reserved gdt blocks handling in fsmap Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: fix fsmap end of range reporting with bigalloc Andreas Dilger <adilger(a)dilger.ca> ext4: check fast symlink for ea_inode correctly Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: extend the connection limiting mechanism to support IPv6 Helge Deller <deller(a)gmx.de> Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" Eric Biggers <ebiggers(a)kernel.org> lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> vt: defkeymap: Map keycodes above 127 to K_HOLE Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> vt: keyboard: Don't process Unicode characters in K_OFF mode Youssef Samir <quic_yabdulra(a)quicinc.com> bus: mhi: host: Detect events pointing to unexpected TREs Alexander Wilhelm <alexander.wilhelm(a)westermo.com> bus: mhi: host: Fix endianness of BHI vector table Johan Hovold <johan(a)kernel.org> usb: dwc3: meson-g12a: fix device leaks at unbind Johan Hovold <johan(a)kernel.org> usb: gadget: udc: renesas_usb3: fix device leak at unbind Nathan Chancellor <nathan(a)kernel.org> usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() Finn Thain <fthain(a)linux-m68k.org> m68k: Fix lost column on framebuffer debug console Dan Carpenter <dan.carpenter(a)linaro.org> cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() Yunhui Cui <cuiyunhui(a)bytedance.com> serial: 8250: fix panic due to PSLVERR Aditya Garg <gargaditya08(a)live.com> HID: apple: avoid setting up battery timer for devices without battery Aditya Garg <gargaditya08(a)live.com> HID: magicmouse: avoid setting up battery timer when not needed Willy Tarreau <w(a)1wt.eu> tools/nolibc: fix spelling of FD_SETBITMASK in FD_* macros Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Do not mark valid metadata as invalid Youngjun Lee <yjjuny.lee(a)samsung.com> media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Breno Leitao <leitao(a)debian.org> mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock Waiman Long <longman(a)redhat.com> mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() Randy Dunlap <rdunlap(a)infradead.org> parisc: Makefile: fix a typo in palo.conf Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix panic during namespace deletion with VF Sravan Kumar Gundu <sravankumarlpu(a)gmail.com> fbdev: Fix vmalloc out-of-bounds write in fast_imageblit Qu Wenruo <wqu(a)suse.com> btrfs: do not allow relocation of partially dropped subvolumes Filipe Manana <fdmanana(a)suse.com> btrfs: fix log tree replay failure due to file with 0 links and extents Naohiro Aota <naohiro.aota(a)wdc.com> btrfs: zoned: do not remove unwritten non-data block group Filipe Manana <fdmanana(a)suse.com> btrfs: abort transaction during log replay if walk_log_tree() failed Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: use filesystem size not disk size for reclaim decision Oliver Neukum <oneukum(a)suse.com> cdc-acm: fix race between initial clearing halt and open Eric Biggers <ebiggers(a)kernel.org> thunderbolt: Fix copy+paste error in match_service_id() Ian Abbott <abbotti(a)mev.co.uk> comedi: fix race between polling and detaching Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> usb: typec: ucsi: Update power_supply on power role change Ricky Wu <ricky_wu(a)realtek.com> misc: rtsx: usb: Ensure mmc child device is active when card is present Xinyu Liu <katieeliu(a)tencent.com> usb: core: config: Prevent OOB read in SS endpoint companion parsing Baokun Li <libaokun1(a)huawei.com> ext4: fix largest free orders lists corruption on mb_optimize_scan switch Baokun Li <libaokun1(a)huawei.com> ext4: fix zombie groups in average fragment size lists Jack Xiao <Jack.Xiao(a)amd.com> drm/amdgpu: fix incorrect vm flags to map bo Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: replace regmap_write with regmap_update_bits Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: fsl: merge DAI call back functions into ops Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dai.h: merge DAI call back functions into ops Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dai.c: add missing flag check at snd_soc_pcm_dai_probe() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> scsi: lpfc: Remove redundant assignment to avoid memory leak Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix uninited ptr deref in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Handle RPC size limit for layoutcommits Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix disk addr range check in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix stripe mapping in block/scsi layout John Garry <john.g.garry(a)oracle.com> block: avoid possible overflow for chunk_sectors check in blk_stack_limits() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix uninitialized pointer error in probe() Buday Csaba <buday.csaba(a)prolan.hu> net: phy: smsc: add proper reset flags for LAN8710A Corey Minyard <corey(a)minyard.net> ipmi: Fix strcpy source and destination the same Yann E. MORIN <yann.morin.1998(a)free.fr> kconfig: lxdialog: fix 'space' to (de)select options Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: fix potential memory leak in renderer_edited() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() Breno Leitao <leitao(a)debian.org> ipmi: Use dev_warn_ratelimited() for incorrect message warnings Artem Sadovnikov <a.sadovnikov(a)ispras.ru> vfio/mlx5: fix possible overflow in tracking max message size John Garry <john.g.garry(a)oracle.com> scsi: aacraid: Stop using PCI_IRQ_AFFINITY Maurizio Lombardi <mlombard(a)redhat.com> scsi: target: core: Generate correct identifiers for PR OUT transport IDs Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans Shankari Anand <shankari.ak0208(a)gmail.com> kconfig: nconf: Ensure null termination where strncpy is used Keith Busch <kbusch(a)kernel.org> vfio/type1: conditional rescheduling while pinning Suchit Karunakaran <suchitkarunakaran(a)gmail.com> kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c fangzhong.zhou <myth5(a)myth5.com> i2c: Force DLL0945 touchpad i2c freq to 100khz Mateusz Guzik <mjguzik(a)gmail.com> apparmor: use the condition in AA_BUG_FMT even with debug disabled Benjamin Marzinski <bmarzins(a)redhat.com> dm-table: fix checking for rq stackable devices Mikulas Patocka <mpatocka(a)redhat.com> dm-mpath: don't print the "loaded" message if registering fails Jorge Marques <jorge.marques(a)analog.com> i3c: master: Initialize ret in i3c_i2c_notifier_call() Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: don't fail if GETHDRCAP is unsupported Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: add missing include to internal header Petr Pavlu <petr.pavlu(a)suse.com> module: Prevent silent truncation of module name in delete_module(2) Purva Yeshi <purvayeshi550(a)gmail.com> md: dm-zoned-target: Initialize return variable r to avoid uninitialized use Bharat Bhushan <bbhushan2(a)marvell.com> crypto: octeontx2 - add timeout for load_fvc completion poll chenchangcheng <chenchangcheng(a)kylinos.cn> media: uvcvideo: Fix bandwidth issue for Alcor camera Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() Wolfram Sang <wsa+renesas(a)sang-engineering.com> media: usb: hdpvr: disable zero-length read messages Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Increase FIFO trigger level to 374 Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Return an appropriate colorspace from tc358743_set_fmt Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Check I2C succeeded during probe Cheick Traore <cheick.traore(a)foss.st.com> pinctrl: stm32: Manage irq affinity settings Damien Le Moal <dlemoal(a)kernel.org> scsi: mpi3mr: Correctly handle ATA device errors Damien Le Moal <dlemoal(a)kernel.org> scsi: mpt3sas: Correctly handle ATA device errors Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Arnd Bergmann <arnd(a)arndb.de> RDMA/core: reduce stack using in nldev_stat_get_doit() Yury Norov [NVIDIA] <yury.norov(a)gmail.com> RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Amelie Delaunay <amelie.delaunay(a)foss.st.com> dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs Johan Adolfsson <johan.adolfsson(a)axis.com> leds: leds-lp50xx: Handle reg to get correct multi_index Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control Shiji Yang <yangshiji66(a)outlook.com> MIPS: lantiq: falcon: sysctrl: fix request memory check logic Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Arnaud Lecomte <contact(a)arnaud-lcm.com> jfs: upper bound check of tree index in dbAllocAG Edward Adam Davis <eadavis(a)qq.com> jfs: Regular file corruption check Lizhi Xu <lizhi.xu(a)windriver.com> jfs: truncate good inode pages when hard link is 0 jackysliu <1972843537(a)qq.com> scsi: bfa: Double-free fix Ziyan Fu <fuzy5(a)lenovo.com> watchdog: iTCO_wdt: Report error if timeout configuration fails Shiji Yang <yangshiji66(a)outlook.com> MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} Florin Leotescu <florin.leotescu(a)nxp.com> hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state Sebastian Reichel <sebastian.reichel(a)collabora.com> watchdog: dw_wdt: Fix default timeout Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> fs/orangefs: use snprintf() instead of sprintf() Showrya M N <showrya(a)chelsio.com> scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Theodore Ts'o <tytso(a)mit.edu> ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr Zhiqi Song <songzhiqi1(a)huawei.com> crypto: hisilicon/hpre - fix dma unmap sequence Yongzhen Zhang <zhangyongzhen(a)kylinos.cn> fbdev: fix potential buffer overflow in do_register_framebuffer() Pali Rohár <pali(a)kernel.org> cifs: Fix calling CIFSFindFirst() for root path without msearch Aaron Plattner <aplattner(a)nvidia.com> watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Only finalize atomic_obj if it was initialized Jason Wang <jasowang(a)redhat.com> vhost: fail early when __vhost_add_used() fails Will Deacon <will(a)kernel.org> vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/ttm: Respect the shrinker core free target Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix a user_ringbuf failure with arm64 64KB page size Jakub Kicinski <kuba(a)kernel.org> uapi: in6: restore visibility of most IPv6 socket options Emily Deng <Emily.Deng(a)amd.com> drm/ttm: Should to return the evict error Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com> net: ncsi: Fix buffer overflow in fetching version id Shannon Nelson <shannon.nelson(a)amd.com> ionic: clean dbpage in de-init Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() Breno Leitao <leitao(a)debian.org> ptp: Use ratelimite for freerun error message Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent DIS_LEARNING access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: Return error for unknown admin queue command Gal Pressman <gal(a)nvidia.com> net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual Heiner Kallweit <hkallweit1(a)gmail.com> dpaa_eth: don't use fixed_phy_change_carrier Nicolas Escande <nico.escande(a)gmail.com> neighbour: add support for NUD_PERMANENT proxy entries Stanislaw Gruszka <stf_xl(a)wp.pl> wifi: iwlegacy: Check rate_idx range after addition Mina Almasry <almasrymina(a)google.com> netmem: fix skb_frag_address_safe with unreadable skbs Thomas Fourier <fourier.thomas(a)gmail.com> powerpc: floppy: Add missing checks after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. Ramya Gnanasekar <ramya.gnanasekar(a)oss.qualcomm.com> wifi: mac80211: update radar_required in channel context after channel switch Wen Chen <Wen.Chen3(a)amd.com> drm/amd/display: Fix 'failed to blank crtc!' Pagadala Yesu Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Rand Deeb <rand.sec96(a)gmail.com> wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Ilya Bakoulin <Ilya.Bakoulin(a)amd.com> drm/amd/display: Separate set_gsl from set_gsl_source_select Jonas Rebmann <jre(a)pengutronix.de> net: fec: allow disable coalescing Eric Work <work.eric(a)gmail.com> net: atlantic: add set_power to fw_ops for atl2 to fix wol zhangjianrong <zhangjianrong5(a)huawei.com> net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() zhangjianrong <zhangjianrong5(a)huawei.com> net: thunderbolt: Enable end-to-end flow control also in transmit Mark Brown <broonie(a)kernel.org> kselftest/arm64: Specify SVE data when testing VL set in sve-ptrace Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Disable deep power saving for USB/SDIO Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Fix rtw89_mac_power_switch() for USB Rob Clark <robdclark(a)chromium.org> drm/msm: use trylock for debugfs Kuniyuki Iwashima <kuniyu(a)google.com> ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). Thomas Fourier <fourier.thomas(a)gmail.com> (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: don't complete management TX on SAE commit Chris Mason <clm(a)fb.com> sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails Sven Schnelle <svens(a)linux.ibm.com> s390/stp: Remove udelay from stp_sync_clock() Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: fix scan request validation Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> um: Re-evaluate thread flags repeatedly Alok Tiwari <alok.a.tiwari(a)oracle.com> net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix incorrect MTU in broadcast routes Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Fix interface type validation Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Prevent duplicate binds Paul E. McKenney <paulmck(a)kernel.org> rcu: Protect ->defer_qs_iw_pending from data race Breno Leitao <leitao(a)debian.org> arm64: Mark kernel as tainted on SAE and SError panic Leon Romanovsky <leon(a)kernel.org> net/mlx5e: Properly access RCU protected qdisc_sleeping variable Thomas Fourier <fourier.thomas(a)gmail.com> net: ag71xx: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> et131x: Add missing check after DMA map Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB Alok Tiwari <alok.a.tiwari(a)oracle.com> be2net: Use correct byte order and format string for TCP seq and ack_seq Sven Schnelle <svens(a)linux.ibm.com> s390/time: Use monotonic clock in get_cycles() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: reject HTC bit for management frames Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Prevent recursion of default variable options Oliver Neukum <oneukum(a)suse.com> net: usb: cdc-ncm: check for filtering capability Anthoine Bourgeois <anthoine.bourgeois(a)vates.tech> xen/netfront: Fix TX response spurious interrupts Xinxin Wan <xinxin.wan(a)intel.com> ASoC: codecs: rt5640: Retry DEVICE_ID verification Jonathan Santos <Jonathan.Santos(a)analog.com> iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Christophe Leroy <christophe.leroy(a)csgroup.eu> ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop Lucy Thrun <lucy.thrun(a)digital-rabbithole.de> ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Tomasz Michalec <tmichalec(a)google.com> platform/chrome: cros_ec_typec: Defer probe on missing EC parent Kees Cook <kees(a)kernel.org> platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches Gautham R. Shenoy <gautham.shenoy(a)amd.com> pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() Oliver Neukum <oneukum(a)suse.com> usb: core: usb_submit_urb: downgrade type check Tomasz Michalec <tmichalec(a)google.com> usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() Alok Tiwari <alok.a.tiwari(a)oracle.com> ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 Mark Brown <broonie(a)kernel.org> ASoC: hdac_hdmi: Rate limit logging on connection and disconnection Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Avoid warning when overriding return thunk Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Disable jack polling at shutdown Takashi Iwai <tiwai(a)suse.de> ALSA: hda: Handle the jack polling always via a work Ulf Hansson <ulf.hansson(a)linaro.org> mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Hans de Goede <hansg(a)kernel.org> mei: bus: Check for still connected devices in mei_cl_bus_dev_release() Peter Robinson <pbrobinson(a)gmail.com> reset: brcmstb: Enable reset drivers for ARCH_BCM2835 Eliav Farber <farbere(a)amazon.com> pps: clients: gpio: fix interrupt handling order in remove path Breno Leitao <leitao(a)debian.org> ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Ensure SD card power isn't ON when card removed Sebastian Ott <sebott(a)redhat.com> ACPI: processor: fix acpi_object initialization tuhaowen <tuhaowen(a)uniontech.com> PM: sleep: console: Fix the black screen issue Hsin-Te Yuan <yuanhsinte(a)chromium.org> thermal: sysfs: Return ENODATA instead of EAGAIN for reads Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() Zhu Qiyu <qiyuzhu2(a)amd.com> ACPI: PRM: Reduce unnecessary printing to avoid user confusion Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests: tracing: Use mutex_unlock for testing glob filter Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> tools/build: Fix s390(x) cross-compilation with clang Aaron Kling <webgeek1234(a)gmail.com> ARM: tegra: Use I/O memcpy to write to IRAM Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: tps65912: check the return value of regmap_update_bits() David Lechner <dlechner(a)baylibre.com> iio: adc: ad_sigma_delta: don't overallocate scan buffer Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: define time_t in terms of __kernel_old_time_t David Collins <david.collins(a)oss.qualcomm.com> thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/synopsys: Clear the ECC counters on init Lifeng Zheng <zhenglifeng1(a)huawei.com> PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() Alexander Kochetkov <al.kochet(a)gmail.com> ARM: rockchip: fix kernel hang during smp initialization Lifeng Zheng <zhenglifeng1(a)huawei.com> cpufreq: Exit governor when failed to start old governor Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: wcd934x: check the return value of regmap_update_bits() Hiago De Franco <hiago.franco(a)toradex.com> remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing errors during surprise removal Jay Chen <shawn2000100(a)gmail.com> usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing warnings for dying controller Benson Leung <bleung(a)chromium.org> usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default Cynthia Huang <cynthia(a)andestech.com> selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t Prashant Malani <pmalani(a)google.com> cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag Su Hui <suhui(a)nfschina.com> usb: xhci: print xhci->xhc_state when queue_command failed Al Viro <viro(a)zeniv.linux.org.uk> securityfs: don't pin dentries twice, once is enough... Al Viro <viro(a)zeniv.linux.org.uk> fix locking in efi_secret_unlink() Wei Gao <wegao(a)suse.com> ext2: Handle fiemap on empty files to prevent EINVAL Rong Zhang <ulin0208(a)gmail.com> fs/ntfs3: correctly create symlink for relative path Lizhi Xu <lizhi.xu(a)windriver.com> fs/ntfs3: Add sanity check for file name Damien Le Moal <dlemoal(a)kernel.org> ata: libata-sata: Disallow changing LPM state if not supported Al Viro <viro(a)zeniv.linux.org.uk> better lockdep annotations for simple_recursive_removal() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix not erasing deleted b-tree node issue Sarah Newman <srn(a)prgmr.com> drbd: add missing kref_get in handle_write_conflicts Jan Kara <jack(a)suse.cz> udf: Verify partition map count NeilBrown <neil(a)brown.name> smb/server: avoid deadlock when linking with ReplaceIfExists Kees Cook <kees(a)kernel.org> arm64: Handle KCOV __init vs inline mismatches Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix slab-out-of-bounds in hfs_bnode_read() Florian Westphal <fw(a)strlen.de> netfilter: ctnetlink: fix refcount leak on table dump Sabrina Dubroca <sd(a)queasysnail.net> udp: also consider secpath when evaluating ipsec use for checksumming Maxim Levitsky <mlevitsk(a)redhat.com> KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest Maxim Levitsky <mlevitsk(a)redhat.com> KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs Maxim Levitsky <mlevitsk(a)redhat.com> KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter Sean Christopherson <seanjc(a)google.com> KVM: VMX: Extract checking of guest's DEBUGCTL into helper Sean Christopherson <seanjc(a)google.com> KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported Sean Christopherson <seanjc(a)google.com> KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag Sean Christopherson <seanjc(a)google.com> KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap Sean Christopherson <seanjc(a)google.com> KVM: x86: Fully defer to vendor code to decide how to force immediate exit Sean Christopherson <seanjc(a)google.com> KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 Sean Christopherson <seanjc(a)google.com> KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers Sean Christopherson <seanjc(a)google.com> KVM: VMX: Handle forced exit due to preemption timer in fastpath Sean Christopherson <seanjc(a)google.com> KVM: VMX: Re-enter guest in fastpath for "spurious" preemption timer exits Sean Christopherson <seanjc(a)google.com> KVM: x86: Plumb "force_immediate_exit" into kvm_entry() tracepoint Sean Christopherson <seanjc(a)google.com> KVM: x86/pmu: Gate all "unimplemented MSR" prints on report_ignored_msrs Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs Sean Christopherson <seanjc(a)google.com> KVM: x86: Snapshot the host's DEBUGCTL in common x86 Chao Gao <chao.gao(a)intel.com> KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID Sean Christopherson <seanjc(a)google.com> KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() Sean Christopherson <seanjc(a)google.com> KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) Sean Christopherson <seanjc(a)google.com> KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: processor: perflib: Move problematic pr->performance check Jiayi Li <lijiayi(a)kylinos.cn> ACPI: processor: perflib: Fix initial _PPC limit application Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Documentation: ACPI: Fix parent device references Jann Horn <jannh(a)google.com> eventpoll: Fix semi-unbounded recursion Sasha Levin <sashal(a)kernel.org> fs: Prevent file descriptor table allocations exceeding INT_MAX Ma Ke <make24(a)iscas.ac.cn> sunvdc: Balance device refcount in vdc_port_mpgroup_check Haoran Jiang <jianghaoran(a)kylinos.cn> LoongArch: BPF: Fix jump offset calculation in tailcall Huacai Chen <chenhuacai(a)kernel.org> PCI: Extend isolated function probing to LoongArch Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix the setting of capabilities when automounting a new filesystem Dai Ngo <dai.ngo(a)oracle.com> NFSD: detect mismatch of file handle and delegation stateid in OPEN op Jeff Layton <jlayton(a)kernel.org> nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Xu Yang <xu.yang_2(a)nxp.com> net: usb: asix_devices: add phy_mask for ax88772 mdio bus Johan Hovold <johan(a)kernel.org> net: dpaa: fix device leak when querying time stamp info Johan Hovold <johan(a)kernel.org> net: mtk_eth_soc: fix device leak at probe Johan Hovold <johan(a)kernel.org> net: gianfar: fix device leak when querying time stamp info Florian Larysch <fl(a)n621.de> net: phy: micrel: fix KSZ8081/KSZ8091 cable test Fedor Pchelkin <pchelkin(a)ispras.ru> netlink: avoid infinite retry looping in netlink_unicast() David Thompson <davthompson(a)nvidia.com> gpio: mlxbf2: use platform_get_irq_optional() Harald Mommer <harald.mommer(a)oss.qualcomm.com> gpio: virtio: Fix config space reading. Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: remove redundant lstrp update in negotiate protocol Steve French <stfrench(a)microsoft.com> smb3: fix for slab out of bounds on mount to ksmbd Christopher Eby <kreed(a)kreed.org> ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks Vasiliy Kovalev <kovalev(a)altlinux.org> ALSA: hda/realtek: Fix headset mic on HONOR BRB-X Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 cluster segment descriptors Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 power domain descriptors, too Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't use int for ABI ------------- Diffstat: .../bindings/display/sprd/sprd,sharkl3-dpu.yaml | 2 +- .../display/sprd/sprd,sharkl3-dsi-host.yaml | 2 +- Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 +- Documentation/networking/bonding.rst | 12 ++ Documentation/networking/mptcp-sysctl.rst | 2 + Makefile | 6 +- arch/arm/Makefile | 2 +- arch/arm/mach-rockchip/platsmp.c | 15 +- arch/arm/mach-tegra/reset.c | 2 +- arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 - arch/arm64/include/asm/acpi.h | 2 +- arch/arm64/kernel/cpufeature.c | 1 + arch/arm64/kernel/entry.S | 6 + arch/arm64/kernel/fpsimd.c | 4 +- arch/arm64/kernel/traps.c | 1 + arch/arm64/mm/fault.c | 1 + arch/arm64/mm/ptdump_debugfs.c | 3 - arch/loongarch/net/bpf_jit.c | 21 +- arch/m68k/kernel/head.S | 31 ++- arch/mips/crypto/chacha-core.S | 20 +- arch/mips/include/asm/vpe.h | 8 + arch/mips/kernel/process.c | 16 +- arch/mips/lantiq/falcon/sysctrl.c | 23 +-- arch/parisc/Makefile | 6 +- arch/parisc/include/asm/special_insns.h | 28 +++ arch/parisc/include/asm/uaccess.h | 21 +- arch/parisc/kernel/entry.S | 17 +- arch/parisc/kernel/syscall.S | 30 ++- arch/parisc/lib/memcpy.c | 19 +- arch/parisc/mm/fault.c | 4 + arch/powerpc/include/asm/floppy.h | 5 +- arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 +- arch/s390/hypfs/hypfs_dbfs.c | 19 +- arch/s390/include/asm/timex.h | 13 +- arch/s390/kernel/time.c | 2 +- arch/s390/mm/dump_pagetables.c | 2 - arch/um/include/asm/thread_info.h | 4 + arch/um/kernel/process.c | 18 +- arch/x86/events/intel/core.c | 2 +- arch/x86/include/asm/kvm-x86-ops.h | 2 - arch/x86/include/asm/kvm_host.h | 24 ++- arch/x86/include/asm/msr-index.h | 1 + arch/x86/include/asm/reboot.h | 5 +- arch/x86/include/asm/virtext.h | 10 - arch/x86/include/asm/xen/hypercall.h | 5 +- arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kernel/cpu/hygon.c | 3 + arch/x86/kernel/cpu/mce/amd.c | 13 +- arch/x86/kernel/reboot.c | 43 ++-- arch/x86/kvm/hyperv.c | 10 +- arch/x86/kvm/lapic.c | 61 ++++-- arch/x86/kvm/lapic.h | 1 + arch/x86/kvm/svm/svm.c | 49 +++-- arch/x86/kvm/svm/vmenter.S | 9 +- arch/x86/kvm/trace.h | 9 +- arch/x86/kvm/vmx/nested.c | 26 ++- arch/x86/kvm/vmx/pmu_intel.c | 8 +- arch/x86/kvm/vmx/vmx.c | 183 +++++++++++------ arch/x86/kvm/vmx/vmx.h | 31 ++- arch/x86/kvm/x86.c | 65 +++--- arch/x86/kvm/x86.h | 12 ++ block/blk-core.c | 26 ++- block/blk-settings.c | 2 +- drivers/acpi/acpi_processor.c | 2 +- drivers/acpi/apei/ghes.c | 2 + drivers/acpi/pfr_update.c | 2 +- drivers/acpi/prmt.c | 26 ++- drivers/acpi/processor_perflib.c | 11 + drivers/ata/Kconfig | 35 +++- drivers/ata/libata-sata.c | 5 + drivers/ata/libata-scsi.c | 20 +- drivers/base/power/runtime.c | 5 + drivers/block/drbd/drbd_receiver.c | 6 +- drivers/block/sunvdc.c | 4 +- drivers/bus/mhi/host/boot.c | 8 +- drivers/bus/mhi/host/internal.h | 4 +- drivers/bus/mhi/host/main.c | 12 +- drivers/char/ipmi/ipmi_msghandler.c | 8 +- drivers/char/ipmi/ipmi_watchdog.c | 59 ++++-- drivers/comedi/comedi_fops.c | 38 +++- drivers/comedi/comedi_internal.h | 1 + drivers/comedi/drivers.c | 40 ++-- drivers/comedi/drivers/pcl726.c | 3 +- drivers/cpufreq/armada-8k-cpufreq.c | 2 +- drivers/cpufreq/cppc_cpufreq.c | 2 +- drivers/cpufreq/cpufreq.c | 8 +- drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 +- .../crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 +- drivers/crypto/qat/qat_4xxx/adf_4xxx_hw_data.c | 13 ++ drivers/crypto/qat/qat_common/adf_accel_devices.h | 1 + drivers/crypto/qat/qat_common/adf_gen4_hw_data.h | 6 + drivers/crypto/qat/qat_common/adf_init.c | 3 + drivers/devfreq/governor_userspace.c | 6 +- drivers/dma/stm32-dma.c | 2 +- drivers/edac/synopsys_edac.c | 93 ++++----- drivers/fpga/zynq-fpga.c | 10 +- drivers/gpio/gpio-mlxbf2.c | 2 +- drivers/gpio/gpio-tps65912.c | 7 +- drivers/gpio/gpio-virtio.c | 9 +- drivers/gpio/gpio-wcd934x.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6 +- drivers/gpu/drm/amd/amdgpu/mmhub_v3_0_1.c | 57 +++--- drivers/gpu/drm/amd/amdkfd/kfd_module.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 6 +- .../gpu/drm/amd/display/dc/bios/command_table.c | 2 +- drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 1 - .../amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 2 - .../amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 ++-- .../amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 +-- drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 +- .../gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 + drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 + drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 ++-- drivers/gpu/drm/display/drm_dp_helper.c | 2 +- drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c | 4 +- drivers/gpu/drm/msm/msm_gem.c | 3 +- drivers/gpu/drm/msm/msm_gem.h | 6 + drivers/gpu/drm/scheduler/sched_entity.c | 21 +- drivers/gpu/drm/ttm/ttm_pool.c | 8 +- drivers/gpu/drm/ttm/ttm_resource.c | 3 + drivers/hid/hid-apple.c | 13 +- drivers/hid/hid-magicmouse.c | 56 ++++-- drivers/hwmon/emc2305.c | 10 +- drivers/hwmon/gsc-hwmon.c | 4 +- drivers/i2c/i2c-core-acpi.c | 1 + drivers/i3c/internals.h | 1 + drivers/i3c/master.c | 4 +- drivers/iio/adc/ad7768-1.c | 23 ++- drivers/iio/adc/ad_sigma_delta.c | 6 +- drivers/iio/imu/bno055/bno055.c | 11 +- drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 6 +- drivers/iio/light/as73211.c | 2 +- drivers/iio/light/hid-sensor-prox.c | 8 +- drivers/iio/pressure/bmp280-core.c | 9 +- drivers/iio/proximity/isl29501.c | 14 +- drivers/iio/temperature/maxim_thermocouple.c | 26 ++- drivers/infiniband/core/nldev.c | 22 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 2 + drivers/infiniband/hw/erdma/erdma_verbs.c | 4 +- drivers/infiniband/hw/hfi1/affinity.c | 44 ++-- drivers/iommu/amd/init.c | 4 +- drivers/leds/leds-lp50xx.c | 11 +- drivers/md/dm-ps-historical-service-time.c | 4 +- drivers/md/dm-ps-queue-length.c | 4 +- drivers/md/dm-ps-round-robin.c | 4 +- drivers/md/dm-ps-service-time.c | 4 +- drivers/md/dm-table.c | 10 +- drivers/md/dm-zoned-target.c | 2 +- drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3 +- drivers/media/dvb-frontends/dib7000p.c | 8 + drivers/media/i2c/hi556.c | 26 +-- drivers/media/i2c/ov2659.c | 3 +- drivers/media/i2c/tc358743.c | 86 +++++--- drivers/media/platform/qcom/camss/camss.c | 4 +- drivers/media/platform/qcom/venus/core.c | 8 +- drivers/media/platform/qcom/venus/core.h | 2 + drivers/media/platform/qcom/venus/helpers.c | 2 +- drivers/media/platform/qcom/venus/hfi_helper.h | 61 +++++- drivers/media/platform/qcom/venus/hfi_msgs.c | 85 +++++--- drivers/media/platform/qcom/venus/hfi_venus.c | 5 + drivers/media/platform/qcom/venus/vdec.c | 13 +- drivers/media/platform/qcom/venus/vdec_ctrls.c | 2 +- drivers/media/platform/qcom/venus/venc.c | 9 +- drivers/media/platform/qcom/venus/venc_ctrls.c | 2 +- drivers/media/test-drivers/vivid/vivid-ctrls.c | 3 +- drivers/media/test-drivers/vivid/vivid-vid-cap.c | 4 +- drivers/media/usb/gspca/vicam.c | 10 +- drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 + drivers/media/usb/usbtv/usbtv-video.c | 4 + drivers/media/usb/uvc/uvc_driver.c | 3 + drivers/media/usb/uvc/uvc_video.c | 21 +- drivers/media/v4l2-core/v4l2-common.c | 8 +- drivers/media/v4l2-core/v4l2-ctrls-core.c | 1 - drivers/memstick/core/memstick.c | 1 - drivers/memstick/host/rtsx_usb_ms.c | 1 + drivers/misc/cardreader/rtsx_usb.c | 16 +- drivers/misc/mei/bus.c | 6 + drivers/mmc/host/rtsx_usb_sdmmc.c | 4 +- drivers/mmc/host/sdhci-msm.c | 14 ++ drivers/mmc/host/sdhci-pci-gli.c | 33 +-- drivers/most/core.c | 2 +- drivers/mtd/nand/raw/fsmc_nand.c | 2 + drivers/mtd/nand/raw/renesas-nand-controller.c | 6 + drivers/mtd/nand/spi/core.c | 5 +- drivers/mtd/spi-nor/swp.c | 19 +- drivers/net/bonding/bond_3ad.c | 224 ++++++++++++++++++--- drivers/net/bonding/bond_main.c | 1 + drivers/net/bonding/bond_netlink.c | 16 ++ drivers/net/bonding/bond_options.c | 29 ++- drivers/net/dsa/b53/b53_common.c | 63 ++++-- drivers/net/dsa/b53/b53_regs.h | 2 + drivers/net/dummy.c | 1 + drivers/net/ethernet/agere/et131x.c | 36 ++++ drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2 + .../aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 ++++ drivers/net/ethernet/atheros/ag71xx.c | 9 + drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +- drivers/net/ethernet/emulex/benet/be_main.c | 8 +- drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 - drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 +- drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14 +- drivers/net/ethernet/freescale/fec_main.c | 34 ++-- drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 +- drivers/net/ethernet/google/gve/gve_adminq.c | 1 + drivers/net/ethernet/google/gve/gve_main.c | 2 + drivers/net/ethernet/intel/igc/igc_main.c | 14 +- drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4 +- drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 2 + drivers/net/ethernet/mediatek/mtk_wed.c | 1 - drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2 +- drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2 + drivers/net/ethernet/mellanox/mlxsw/trap.h | 1 + drivers/net/ethernet/pensando/ionic/ionic_lif.c | 7 +- drivers/net/geneve.c | 1 + drivers/net/hyperv/hyperv_net.h | 3 + drivers/net/hyperv/netvsc_drv.c | 29 ++- drivers/net/loopback.c | 1 + drivers/net/phy/micrel.c | 2 + drivers/net/phy/mscc/mscc.h | 12 ++ drivers/net/phy/mscc/mscc_main.c | 12 ++ drivers/net/phy/mscc/mscc_ptp.c | 49 +++-- drivers/net/phy/smsc.c | 1 + drivers/net/ppp/ppp_generic.c | 17 +- drivers/net/thunderbolt.c | 21 +- drivers/net/usb/asix_devices.c | 1 + drivers/net/usb/cdc_ncm.c | 20 +- drivers/net/veth.c | 1 + drivers/net/vxlan/vxlan_core.c | 1 + drivers/net/wireless/ath/ath11k/ce.c | 3 - drivers/net/wireless/ath/ath11k/dp_rx.c | 3 - drivers/net/wireless/ath/ath11k/hal.c | 33 ++- .../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 +- drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 +- drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- drivers/net/wireless/realtek/rtlwifi/pci.c | 23 ++- drivers/net/wireless/realtek/rtw89/core.c | 3 + drivers/net/wireless/realtek/rtw89/fw.c | 9 +- drivers/net/wireless/realtek/rtw89/fw.h | 2 + drivers/net/wireless/realtek/rtw89/mac.c | 19 ++ drivers/net/wireless/realtek/rtw89/reg.h | 1 + drivers/net/xen-netfront.c | 5 - drivers/pci/controller/pcie-rockchip-host.c | 49 +++-- drivers/pci/controller/pcie-rockchip.h | 11 +- drivers/pci/endpoint/pci-ep-cfs.c | 1 + drivers/pci/endpoint/pci-epf-core.c | 2 +- drivers/pci/pci-acpi.c | 4 +- drivers/pci/pci.c | 8 +- drivers/pci/probe.c | 2 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 1 + drivers/platform/chrome/cros_ec.c | 19 +- drivers/platform/chrome/cros_ec_typec.c | 4 +- drivers/platform/x86/thinkpad_acpi.c | 4 +- drivers/pps/clients/pps-gpio.c | 5 +- drivers/ptp/ptp_clock.c | 2 +- drivers/pwm/pwm-imx-tpm.c | 9 + drivers/pwm/pwm-mediatek.c | 71 +++---- drivers/remoteproc/imx_rproc.c | 4 +- drivers/reset/Kconfig | 10 +- drivers/rtc/rtc-ds1307.c | 15 +- drivers/s390/char/sclp.c | 11 +- drivers/scsi/aacraid/comminit.c | 3 +- drivers/scsi/bfa/bfad_im.c | 1 + drivers/scsi/libiscsi.c | 3 +- drivers/scsi/lpfc/lpfc_debugfs.c | 1 - drivers/scsi/lpfc/lpfc_scsi.c | 4 + drivers/scsi/mpi3mr/mpi3mr.h | 6 +- drivers/scsi/mpi3mr/mpi3mr_fw.c | 17 +- drivers/scsi/mpi3mr/mpi3mr_os.c | 22 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 ++ drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/scsi_scan.c | 2 +- drivers/scsi/scsi_transport_sas.c | 62 ++++-- drivers/soc/qcom/mdt_loader.c | 68 ++++++- drivers/soc/tegra/pmc.c | 51 +++-- drivers/staging/media/imx/imx-media-csc-scaler.c | 2 +- drivers/target/target_core_fabric_lib.c | 65 ++++-- drivers/target/target_core_internal.h | 4 +- drivers/target/target_core_pr.c | 18 +- drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 +++- drivers/thermal/thermal_sysfs.c | 9 +- drivers/thunderbolt/domain.c | 2 +- drivers/tty/serial/8250/8250_port.c | 3 +- drivers/tty/vt/defkeymap.c_shipped | 112 +++++++++++ drivers/tty/vt/keyboard.c | 2 +- drivers/ufs/host/ufs-exynos.c | 4 +- drivers/ufs/host/ufshcd-pci.c | 42 +++- drivers/usb/atm/cxacru.c | 172 ++++++++-------- drivers/usb/class/cdc-acm.c | 11 +- drivers/usb/core/config.c | 10 +- drivers/usb/core/hcd.c | 8 +- drivers/usb/core/quirks.c | 1 + drivers/usb/core/urb.c | 2 +- drivers/usb/dwc3/dwc3-imx8mp.c | 6 +- drivers/usb/dwc3/dwc3-meson-g12a.c | 3 + drivers/usb/dwc3/ep0.c | 20 +- drivers/usb/dwc3/gadget.c | 19 +- drivers/usb/gadget/udc/renesas_usb3.c | 1 + drivers/usb/host/xhci-mem.c | 2 + drivers/usb/host/xhci-pci-renesas.c | 7 +- drivers/usb/host/xhci-ring.c | 10 +- drivers/usb/host/xhci.c | 6 +- drivers/usb/musb/omap2430.c | 20 +- drivers/usb/storage/realtek_cr.c | 2 +- drivers/usb/storage/unusual_devs.h | 29 +++ drivers/usb/typec/mux/intel_pmc_mux.c | 2 +- drivers/usb/typec/tcpm/fusb302.c | 8 + drivers/usb/typec/ucsi/psy.c | 2 +- drivers/usb/typec/ucsi/ucsi.c | 1 + drivers/usb/typec/ucsi/ucsi.h | 7 +- drivers/vfio/pci/mlx5/cmd.c | 4 +- drivers/vfio/vfio_iommu_type1.c | 7 + drivers/vhost/vhost.c | 3 + drivers/vhost/vsock.c | 6 +- drivers/video/console/vgacon.c | 2 +- drivers/video/fbdev/core/fbcon.c | 9 +- drivers/video/fbdev/core/fbmem.c | 3 + drivers/virt/coco/efi_secret/efi_secret.c | 10 +- drivers/watchdog/dw_wdt.c | 2 + drivers/watchdog/iTCO_wdt.c | 6 +- drivers/watchdog/sbsa_gwdt.c | 50 ++++- fs/btrfs/block-group.c | 27 ++- fs/btrfs/ctree.c | 9 +- fs/btrfs/ordered-data.c | 12 +- fs/btrfs/qgroup.c | 31 ++- fs/btrfs/relocation.c | 19 ++ fs/btrfs/send.c | 39 ++++ fs/btrfs/tree-log.c | 60 ++++-- fs/btrfs/zoned.c | 3 +- fs/buffer.c | 2 +- fs/crypto/fscrypt_private.h | 17 ++ fs/crypto/hkdf.c | 2 +- fs/crypto/keysetup.c | 3 +- fs/crypto/keysetup_v1.c | 3 +- fs/eventpoll.c | 60 ++++-- fs/ext2/inode.c | 12 +- fs/ext4/fsmap.c | 23 ++- fs/ext4/indirect.c | 4 +- fs/ext4/inline.c | 19 +- fs/ext4/inode.c | 2 +- fs/ext4/mballoc.c | 69 +++---- fs/ext4/orphan.c | 5 +- fs/ext4/super.c | 8 +- fs/f2fs/data.c | 2 + fs/f2fs/f2fs.h | 1 - fs/f2fs/inode.c | 7 + fs/f2fs/node.c | 10 + fs/file.c | 15 ++ fs/hfs/bnode.c | 93 +++++++++ fs/hfsplus/bnode.c | 92 +++++++++ fs/hfsplus/unicode.c | 7 + fs/hfsplus/xattr.c | 6 +- fs/hugetlbfs/inode.c | 2 +- fs/jbd2/checkpoint.c | 1 + fs/jfs/file.c | 3 + fs/jfs/inode.c | 2 +- fs/jfs/jfs_dmap.c | 6 + fs/libfs.c | 4 +- fs/namespace.c | 34 ++-- fs/nfs/blocklayout/blocklayout.c | 4 +- fs/nfs/blocklayout/dev.c | 5 +- fs/nfs/blocklayout/extent_tree.c | 20 +- fs/nfs/client.c | 44 +++- fs/nfs/internal.h | 2 +- fs/nfs/nfs4client.c | 20 +- fs/nfs/nfs4proc.c | 2 +- fs/nfs/pnfs.c | 11 +- fs/nfsd/nfs4state.c | 34 +++- fs/ntfs3/dir.c | 3 + fs/ntfs3/inode.c | 31 +-- fs/orangefs/orangefs-debugfs.c | 2 +- fs/smb/client/cifssmb.c | 10 + fs/smb/client/connect.c | 1 - fs/smb/client/sess.c | 9 + fs/smb/client/smb2ops.c | 11 +- fs/smb/server/connection.c | 3 +- fs/smb/server/connection.h | 7 +- fs/smb/server/smb2pdu.c | 16 +- fs/smb/server/transport_rdma.c | 5 +- fs/smb/server/transport_rdma.h | 4 +- fs/smb/server/transport_tcp.c | 26 ++- fs/squashfs/super.c | 14 +- fs/udf/super.c | 13 +- fs/xfs/xfs_itable.c | 6 +- include/linux/blk_types.h | 6 +- include/linux/compiler.h | 8 - include/linux/fs.h | 4 +- include/linux/hypervisor.h | 3 + include/linux/if_vlan.h | 6 +- include/linux/iosys-map.h | 7 +- include/linux/memfd.h | 14 ++ include/linux/mm.h | 76 +++++-- include/linux/pci.h | 10 +- include/linux/platform_data/cros_ec_proto.h | 4 + include/linux/skbuff.h | 8 +- include/linux/usb/cdc_ncm.h | 1 + include/linux/virtio_vsock.h | 7 +- include/net/bond_3ad.h | 3 + include/net/bond_options.h | 1 + include/net/bonding.h | 23 +++ include/net/cfg80211.h | 2 +- include/net/mac80211.h | 2 + include/net/neighbour.h | 1 + include/sound/soc-dai.h | 13 ++ include/uapi/linux/if_link.h | 1 + include/uapi/linux/in6.h | 4 +- include/uapi/linux/io_uring.h | 2 +- include/uapi/linux/pfrut.h | 1 + kernel/cgroup/cpuset.c | 2 +- kernel/fork.c | 2 +- kernel/module/main.c | 10 +- kernel/power/console.c | 7 +- kernel/rcu/tree_plugin.h | 3 + kernel/sched/fair.c | 19 +- kernel/trace/ftrace.c | 19 +- kernel/trace/trace.c | 33 ++- kernel/trace/trace.h | 8 +- mm/debug_vm_pgtable.c | 9 +- mm/filemap.c | 2 +- mm/kmemleak.c | 10 +- mm/madvise.c | 2 +- mm/memfd.c | 2 +- mm/memory-failure.c | 8 + mm/mmap.c | 12 +- mm/ptdump.c | 2 + mm/shmem.c | 2 +- net/bluetooth/hci_conn.c | 3 +- net/bluetooth/hci_sync.c | 43 ++-- net/bridge/br_multicast.c | 16 ++ net/bridge/br_private.h | 2 + net/core/dev.c | 12 ++ net/core/neighbour.c | 12 +- net/hsr/hsr_slave.c | 8 +- net/ipv4/ip_tunnel.c | 1 + net/ipv4/netfilter/nf_reject_ipv4.c | 6 +- net/ipv4/route.c | 1 - net/ipv4/udp_offload.c | 2 +- net/ipv6/addrconf.c | 7 +- net/ipv6/ip6_gre.c | 2 + net/ipv6/ip6_tunnel.c | 1 + net/ipv6/ip6_vti.c | 1 + net/ipv6/mcast.c | 11 +- net/ipv6/netfilter/nf_reject_ipv6.c | 5 +- net/ipv6/seg6_hmac.c | 6 +- net/ipv6/sit.c | 1 + net/mac80211/cfg.c | 12 +- net/mac80211/chan.c | 1 + net/mac80211/mlme.c | 9 +- net/mac80211/sta_info.c | 5 +- net/mctp/af_mctp.c | 28 ++- net/mptcp/options.c | 9 +- net/mptcp/pm.c | 8 +- net/mptcp/pm_netlink.c | 19 +- net/mptcp/protocol.c | 55 ++++- net/mptcp/protocol.h | 27 ++- net/mptcp/subflow.c | 30 ++- net/ncsi/internal.h | 2 +- net/ncsi/ncsi-rsp.c | 1 + net/netfilter/nf_conntrack_netlink.c | 24 ++- net/netlink/af_netlink.c | 2 +- net/sched/sch_cake.c | 14 +- net/sched/sch_ets.c | 36 ++-- net/sched/sch_htb.c | 2 +- net/tls/tls_sw.c | 16 +- net/vmw_vsock/virtio_transport.c | 14 +- net/wireless/mlme.c | 3 +- scripts/kconfig/gconf.c | 8 +- scripts/kconfig/lxdialog/inputbox.c | 6 +- scripts/kconfig/lxdialog/menubox.c | 2 +- scripts/kconfig/nconf.c | 2 + scripts/kconfig/nconf.gui.c | 1 + security/apparmor/include/lib.h | 6 +- security/inode.c | 2 - sound/core/pcm_native.c | 19 +- sound/pci/hda/hda_codec.c | 44 ++-- sound/pci/hda/patch_ca0132.c | 2 +- sound/pci/hda/patch_realtek.c | 4 + sound/pci/intel8x0.c | 2 +- sound/soc/codecs/hdac_hdmi.c | 10 +- sound/soc/codecs/rt5640.c | 5 + sound/soc/fsl/fsl_asrc.c | 16 +- sound/soc/fsl/fsl_aud2htx.c | 10 +- sound/soc/fsl/fsl_easrc.c | 16 +- sound/soc/fsl/fsl_esai.c | 20 +- sound/soc/fsl/fsl_micfil.c | 14 +- sound/soc/fsl/fsl_sai.c | 44 ++-- sound/soc/fsl/fsl_spdif.c | 17 +- sound/soc/fsl/fsl_ssi.c | 3 +- sound/soc/fsl/fsl_xcvr.c | 16 +- sound/soc/generic/audio-graph-card.c | 2 +- sound/soc/intel/avs/core.c | 3 +- sound/soc/soc-core.c | 28 +++ sound/soc/soc-dai.c | 43 ++-- sound/soc/soc-dapm.c | 4 + sound/usb/mixer_quirks.c | 14 +- sound/usb/stream.c | 25 ++- sound/usb/validate.c | 14 +- tools/include/nolibc/std.h | 4 +- tools/include/nolibc/types.h | 4 +- tools/include/uapi/linux/if_link.h | 1 + .../cpupower/utils/idle_monitor/mperf_monitor.c | 4 +- tools/scripts/Makefile.include | 4 +- tools/testing/ktest/ktest.pl | 5 +- tools/testing/selftests/arm64/fp/sve-ptrace.c | 3 +- .../selftests/bpf/prog_tests/user_ringbuf.c | 10 +- .../ftrace/test.d/ftrace/func-filter-glob.tc | 2 +- tools/testing/selftests/futex/include/futextest.h | 11 + tools/testing/selftests/memfd/memfd_test.c | 43 ++++ tools/testing/selftests/net/mptcp/pm_netlink.sh | 1 + 511 files changed, 4945 insertions(+), 1976 deletions(-)

2 weeks, 5 days

10
491
0 0

[PATCH rtw v2 1/4] wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()

by Fedor Pchelkin

There is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to access already freed skb_data: BUG: KFENCE: use-after-free write in rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110 CPU: 6 UID: 0 PID: 41377 Comm: kworker/u64:24 Not tainted 6.17.0-rc1+ #1 PREEMPT(lazy) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS edk2-20250523-14.fc42 05/23/2025 Workqueue: events_unbound cfg80211_wiphy_work [cfg80211] Use-after-free write at 0x0000000020309d9d (in kfence-#251): rtw89_core_tx_kick_off_and_wait drivers/net/wireless/realtek/rtw89/core.c:1110 rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338 rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979 rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165 rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.h:141 rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012 rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059 rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758 process_one_work kernel/workqueue.c:3241 worker_thread kernel/workqueue.c:3400 kthread kernel/kthread.c:463 ret_from_fork arch/x86/kernel/process.c:154 ret_from_fork_asm arch/x86/entry/entry_64.S:258 kfence-#251: 0x0000000056e2393d-0x000000009943cb62, size=232, cache=skbuff_head_cache allocated by task 41377 on cpu 6 at 77869.159548s (0.009551s ago): __alloc_skb net/core/skbuff.c:659 __netdev_alloc_skb net/core/skbuff.c:734 ieee80211_nullfunc_get net/mac80211/tx.c:5844 rtw89_core_send_nullfunc drivers/net/wireless/realtek/rtw89/core.c:3431 rtw89_core_scan_complete drivers/net/wireless/realtek/rtw89/core.c:5338 rtw89_hw_scan_complete_cb drivers/net/wireless/realtek/rtw89/fw.c:7979 rtw89_chanctx_proceed_cb drivers/net/wireless/realtek/rtw89/chan.c:3165 rtw89_chanctx_proceed drivers/net/wireless/realtek/rtw89/chan.c:3194 rtw89_hw_scan_complete drivers/net/wireless/realtek/rtw89/fw.c:8012 rtw89_mac_c2h_scanofld_rsp drivers/net/wireless/realtek/rtw89/mac.c:5059 rtw89_fw_c2h_work drivers/net/wireless/realtek/rtw89/fw.c:6758 process_one_work kernel/workqueue.c:3241 worker_thread kernel/workqueue.c:3400 kthread kernel/kthread.c:463 ret_from_fork arch/x86/kernel/process.c:154 ret_from_fork_asm arch/x86/entry/entry_64.S:258 freed by task 1045 on cpu 9 at 77869.168393s (0.001557s ago): ieee80211_tx_status_skb net/mac80211/status.c:1117 rtw89_pci_release_txwd_skb drivers/net/wireless/realtek/rtw89/pci.c:564 rtw89_pci_release_tx_skbs.isra.0 drivers/net/wireless/realtek/rtw89/pci.c:651 rtw89_pci_release_tx drivers/net/wireless/realtek/rtw89/pci.c:676 rtw89_pci_napi_poll drivers/net/wireless/realtek/rtw89/pci.c:4238 __napi_poll net/core/dev.c:7495 net_rx_action net/core/dev.c:7557 net/core/dev.c:7684 handle_softirqs kernel/softirq.c:580 do_softirq.part.0 kernel/softirq.c:480 __local_bh_enable_ip kernel/softirq.c:407 rtw89_pci_interrupt_threadfn drivers/net/wireless/realtek/rtw89/pci.c:927 irq_thread_fn kernel/irq/manage.c:1133 irq_thread kernel/irq/manage.c:1257 kthread kernel/kthread.c:463 ret_from_fork arch/x86/kernel/process.c:154 ret_from_fork_asm arch/x86/entry/entry_64.S:258 It is a consequence of a race between the waiting and the signaling side of the completion: Waiting thread Completing thread rtw89_core_tx_kick_off_and_wait() rcu_assign_pointer(skb_data->wait, wait) /* start waiting */ wait_for_completion_timeout() rtw89_pci_tx_status() rtw89_core_tx_wait_complete() rcu_read_lock() /* signals completion and * proceeds further */ complete(&wait->completion) rcu_read_unlock() ... /* frees skb_data */ ieee80211_tx_status_ni() /* returns (exit status doesn't matter) */ wait_for_completion_timeout() ... /* accesses the already freed skb_data */ rcu_assign_pointer(skb_data->wait, NULL) The completing side might proceed and free the underlying skb even before the waiting side is fully awoken and run to execution. Actually the race happens regardless of wait_for_completion_timeout() exit status, e.g. the waiting side may hit a timeout and the concurrent completing side is still able to free the skb. Skbs which are sent by rtw89_core_tx_kick_off_and_wait() are owned by the driver. They don't come from core ieee80211 stack so no need to pass them to ieee80211_tx_status_ni() on completing side. Introduce a work function which will act as a garbage collector for rtw89_tx_wait_info objects and the associated skbs. Thus no potentially heavy locks are required on the completing side. Found by Linux Verification Center (linuxtesting.org). Fixes: 1ae5ca615285 ("wifi: rtw89: add function to wait for completion of TX skbs") Cc: stable(a)vger.kernel.org Suggested-by: Zong-Zhe Yang <kevin_yang(a)realtek.com> Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- v2: use a work function to manage release of tx_waits and associated skbs (Zong-Zhe) The interesting part is how rtw89_tx_wait_work() should wait for completion - based on timeout or without it, or just check status with a call to completion_done(). Simply waiting with wait_for_completion() may become a bottleneck if for any reason the completion is delayed significantly, and we are holding a wiphy lock here. I _suspect_ rtw89_pci_tx_status() should be called either by napi polling handler or in other cases e.g. by rtw89_hci_reset() but it's hard to deduce for any possible scenario that it will be called in some time. Anyway, the current and the next patch try to make sure that when rtw89_core_tx_wait_complete() is called, skbdata->wait is properly initialized so that there should be no buggy situations when tx_wait skb is not recognized and invalidly passed to ieee80211 stack, also without signaling a completion. If rtw89_core_tx_wait_complete() is not called at all, this should indicate a bug elsewhere. drivers/net/wireless/realtek/rtw89/core.c | 42 +++++++++++++++++++---- drivers/net/wireless/realtek/rtw89/core.h | 22 +++++++----- drivers/net/wireless/realtek/rtw89/pci.c | 9 ++--- 3 files changed, 54 insertions(+), 19 deletions(-) diff --git a/drivers/net/wireless/realtek/rtw89/core.c b/drivers/net/wireless/realtek/rtw89/core.c index 57590f5577a3..48aa02d6abd4 100644 --- a/drivers/net/wireless/realtek/rtw89/core.c +++ b/drivers/net/wireless/realtek/rtw89/core.c @@ -1073,6 +1073,26 @@ rtw89_core_tx_update_desc_info(struct rtw89_dev *rtwdev, } } +static void rtw89_tx_wait_work(struct wiphy *wiphy, struct wiphy_work *work) +{ + struct rtw89_dev *rtwdev = container_of(work, struct rtw89_dev, + tx_wait_work); + struct rtw89_tx_wait_info *wait, *tmp; + + lockdep_assert_wiphy(wiphy); + + list_for_each_entry_safe(wait, tmp, &rtwdev->tx_waits, list) { + if (!wait->finished) { + unsigned long tmo = msecs_to_jiffies(wait->timeout); + if (!wait_for_completion_timeout(&wait->completion, tmo)) + continue; + } + list_del(&wait->list); + dev_kfree_skb_any(wait->skb); + kfree(wait); + } +} + void rtw89_core_tx_kick_off(struct rtw89_dev *rtwdev, u8 qsel) { u8 ch_dma; @@ -1090,6 +1110,8 @@ int rtw89_core_tx_kick_off_and_wait(struct rtw89_dev *rtwdev, struct sk_buff *sk unsigned long time_left; int ret = 0; + lockdep_assert_wiphy(rtwdev->hw->wiphy); + wait = kzalloc(sizeof(*wait), GFP_KERNEL); if (!wait) { rtw89_core_tx_kick_off(rtwdev, qsel); @@ -1097,18 +1119,23 @@ int rtw89_core_tx_kick_off_and_wait(struct rtw89_dev *rtwdev, struct sk_buff *sk } init_completion(&wait->completion); - rcu_assign_pointer(skb_data->wait, wait); + skb_data->wait = wait; rtw89_core_tx_kick_off(rtwdev, qsel); time_left = wait_for_completion_timeout(&wait->completion, msecs_to_jiffies(timeout)); - if (time_left == 0) + if (time_left == 0) { ret = -ETIMEDOUT; - else if (!wait->tx_done) - ret = -EAGAIN; + } else { + wait->finished = true; + if (!wait->tx_done) + ret = -EAGAIN; + } - rcu_assign_pointer(skb_data->wait, NULL); - kfree_rcu(wait, rcu_head); + wait->skb = skb; + wait->timeout = timeout; + list_add_tail(&wait->list, &rtwdev->tx_waits); + wiphy_work_queue(rtwdev->hw->wiphy, &rtwdev->tx_wait_work); return ret; } @@ -4972,6 +4999,7 @@ void rtw89_core_stop(struct rtw89_dev *rtwdev) clear_bit(RTW89_FLAG_RUNNING, rtwdev->flags); wiphy_work_cancel(wiphy, &rtwdev->c2h_work); + wiphy_work_cancel(wiphy, &rtwdev->tx_wait_work); wiphy_work_cancel(wiphy, &rtwdev->cancel_6ghz_probe_work); wiphy_work_cancel(wiphy, &btc->eapol_notify_work); wiphy_work_cancel(wiphy, &btc->arp_notify_work); @@ -5203,6 +5231,7 @@ int rtw89_core_init(struct rtw89_dev *rtwdev) INIT_LIST_HEAD(&rtwdev->scan_info.pkt_list[band]); } INIT_LIST_HEAD(&rtwdev->scan_info.chan_list); + INIT_LIST_HEAD(&rtwdev->tx_waits); INIT_WORK(&rtwdev->ba_work, rtw89_core_ba_work); INIT_WORK(&rtwdev->txq_work, rtw89_core_txq_work); INIT_DELAYED_WORK(&rtwdev->txq_reinvoke_work, rtw89_core_txq_reinvoke_work); @@ -5233,6 +5262,7 @@ int rtw89_core_init(struct rtw89_dev *rtwdev) wiphy_work_init(&rtwdev->c2h_work, rtw89_fw_c2h_work); wiphy_work_init(&rtwdev->ips_work, rtw89_ips_work); wiphy_work_init(&rtwdev->cancel_6ghz_probe_work, rtw89_cancel_6ghz_probe_work); + wiphy_work_init(&rtwdev->tx_wait_work, rtw89_tx_wait_work); INIT_WORK(&rtwdev->load_firmware_work, rtw89_load_firmware_work); skb_queue_head_init(&rtwdev->c2h_queue); diff --git a/drivers/net/wireless/realtek/rtw89/core.h b/drivers/net/wireless/realtek/rtw89/core.h index 43e10278e14d..06f7d82a8d18 100644 --- a/drivers/net/wireless/realtek/rtw89/core.h +++ b/drivers/net/wireless/realtek/rtw89/core.h @@ -3508,12 +3508,16 @@ struct rtw89_phy_rate_pattern { struct rtw89_tx_wait_info { struct rcu_head rcu_head; + struct list_head list; struct completion completion; + struct sk_buff *skb; + unsigned int timeout; bool tx_done; + bool finished; }; struct rtw89_tx_skb_data { - struct rtw89_tx_wait_info __rcu *wait; + struct rtw89_tx_wait_info *wait; u8 hci_priv[]; }; @@ -5925,6 +5929,9 @@ struct rtw89_dev { /* used to protect rpwm */ spinlock_t rpwm_lock; + struct list_head tx_waits; + struct wiphy_work tx_wait_work; + struct rtw89_cam_info cam_info; struct sk_buff_head c2h_queue; @@ -7258,23 +7265,20 @@ static inline struct sk_buff *rtw89_alloc_skb_for_rx(struct rtw89_dev *rtwdev, return dev_alloc_skb(length); } -static inline void rtw89_core_tx_wait_complete(struct rtw89_dev *rtwdev, +static inline bool rtw89_core_tx_wait_complete(struct rtw89_dev *rtwdev, struct rtw89_tx_skb_data *skb_data, bool tx_done) { struct rtw89_tx_wait_info *wait; - rcu_read_lock(); - - wait = rcu_dereference(skb_data->wait); + wait = skb_data->wait; if (!wait) - goto out; + return false; wait->tx_done = tx_done; - complete(&wait->completion); + complete_all(&wait->completion); -out: - rcu_read_unlock(); + return true; } static inline bool rtw89_is_mlo_1_1(struct rtw89_dev *rtwdev) diff --git a/drivers/net/wireless/realtek/rtw89/pci.c b/drivers/net/wireless/realtek/rtw89/pci.c index a669f2f843aa..6356c2c224c5 100644 --- a/drivers/net/wireless/realtek/rtw89/pci.c +++ b/drivers/net/wireless/realtek/rtw89/pci.c @@ -464,10 +464,7 @@ static void rtw89_pci_tx_status(struct rtw89_dev *rtwdev, struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb); struct ieee80211_tx_info *info; - rtw89_core_tx_wait_complete(rtwdev, skb_data, tx_status == RTW89_TX_DONE); - info = IEEE80211_SKB_CB(skb); - ieee80211_tx_info_clear_status(info); if (info->flags & IEEE80211_TX_CTL_NO_ACK) info->flags |= IEEE80211_TX_STAT_NOACK_TRANSMITTED; @@ -494,6 +491,10 @@ static void rtw89_pci_tx_status(struct rtw89_dev *rtwdev, } } + if (rtw89_core_tx_wait_complete(rtwdev, skb_data, tx_status == RTW89_TX_DONE)) + return; + + ieee80211_tx_info_clear_status(info); ieee80211_tx_status_ni(rtwdev->hw, skb); } @@ -1387,7 +1388,7 @@ static int rtw89_pci_txwd_submit(struct rtw89_dev *rtwdev, } tx_data->dma = dma; - rcu_assign_pointer(skb_data->wait, NULL); + skb_data->wait = NULL; txwp_len = sizeof(*txwp_info); txwd_len = chip->txwd_body_size; -- 2.50.1

2 weeks, 5 days

3
3
0 0

[REGRESSION][BISECTED][PATCH] net: ipv4: fix regression in broadcast routes

by Brett A C Sheffield

Fix the regression introduced in 9e30ecf23b1b whereby IPv4 broadcast packets were having their ethernet destination field mangled. This broke WOL magic packets and likely other IPv4 broadcast. The regression can be observed by sending an IPv4 WOL packet using the wakeonlan program to any ethernet address: wakeonlan 46:3b:ad:61:e0:5d and capturing the packet with tcpdump: tcpdump -i eth0 -w /tmp/bad.cap dst port 9 The ethernet destination MUST be ff:ff:ff:ff:ff:ff for broadcast, but is mangled with 9e30ecf23b1b applied. Revert the change made in 9e30ecf23b1b and ensure the MTU value for broadcast routes is retained by calling ip_dst_init_metrics() directly, avoiding the need to enter the main code block in rt_set_nexthop(). Simplify the code path taken for broadcast packets back to the original before the regression, adding only the call to ip_dst_init_metrics(). The broadcast_pmtu.sh selftest provided with the original patch still passes with this patch applied. Fixes: 9e30ecf23b1b ("net: ipv4: fix incorrect MTU in broadcast routes") Signed-off-by: Brett A C Sheffield <bacs(a)librecast.net> --- net/ipv4/route.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index f639a2ae881a..eaf78e128aca 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2588,6 +2588,7 @@ static struct rtable *__mkroute_output(const struct fib_result *res, do_cache = true; if (type == RTN_BROADCAST) { flags |= RTCF_BROADCAST | RTCF_LOCAL; + fi = NULL; } else if (type == RTN_MULTICAST) { flags |= RTCF_MULTICAST | RTCF_LOCAL; if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr, @@ -2657,8 +2658,12 @@ static struct rtable *__mkroute_output(const struct fib_result *res, rth->dst.output = ip_mc_output; RT_CACHE_STAT_INC(out_slow_mc); } + if (type == RTN_BROADCAST) { + /* ensure MTU value for broadcast routes is retained */ + ip_dst_init_metrics(&rth->dst, res->fi->fib_metrics); + } #ifdef CONFIG_IP_MROUTE - if (type == RTN_MULTICAST) { + else if (type == RTN_MULTICAST) { if (IN_DEV_MFORWARD(in_dev) && !ipv4_is_local_multicast(fl4->daddr)) { rth->dst.input = ip_mr_input; base-commit: 01b9128c5db1b470575d07b05b67ffa3cb02ebf1 -- 2.49.1

2 weeks, 5 days

8
21
0 0

[PATCH 1/2] mm/slub: Fix cmp_loc_by_count() to return 0 when counts are equal

by Kuan-Wei Chiu

The comparison function cmp_loc_by_count() used for sorting stack trace locations in debugfs currently returns -1 if a->count > b->count and 1 otherwise. This breaks the antisymmetry property required by sort(), because when two counts are equal, both cmp(a, b) and cmp(b, a) return 1. This can lead to undefined or incorrect ordering results. Fix it by explicitly returning 0 when the counts are equal, ensuring that the comparison function follows the expected mathematical properties. Fixes: 553c0369b3e1 ("mm/slub: sort debugfs output by frequency of stack traces") Cc: stable(a)vger.kernel.org Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> --- mm/slub.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mm/slub.c b/mm/slub.c index 30003763d224..c91b3744adbc 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -7718,8 +7718,9 @@ static int cmp_loc_by_count(const void *a, const void *b, const void *data) if (loc1->count > loc2->count) return -1; - else + if (loc1->count < loc2->count) return 1; + return 0; } static void *slab_debugfs_start(struct seq_file *seq, loff_t *ppos) -- 2.34.1

2 weeks, 5 days

4
8
0 0

+ mm-memory-failure-fix-vm_bug_on_pagepagepoisonedpage-when-unpoison-memory.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memory-failure-fix-vm_bug_on_pagepagepoisonedpage-when-unpoison-memory.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Miaohe Lin <linmiaohe(a)huawei.com> Subject: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory Date: Thu, 28 Aug 2025 10:46:18 +0800 When I did memory failure tests, below panic occurs: page dumped because: VM_BUG_ON_PAGE(PagePoisoned(page)) kernel BUG at include/linux/page-flags.h:616! Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 720 Comm: bash Not tainted 6.10.0-rc1-00195-g148743902568 #40 RIP: 0010:unpoison_memory+0x2f3/0x590 RSP: 0018:ffffa57fc8787d60 EFLAGS: 00000246 RAX: 0000000000000037 RBX: 0000000000000009 RCX: ffff9be25fcdc9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff9be25fcdc9c0 RBP: 0000000000300000 R08: ffffffffb4956f88 R09: 0000000000009ffb R10: 0000000000000284 R11: ffffffffb4926fa0 R12: ffffe6b00c000000 R13: ffff9bdb453dfd00 R14: 0000000000000000 R15: fffffffffffffffe FS: 00007f08f04e4740(0000) GS:ffff9be25fcc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000564787a30410 CR3: 000000010d4e2000 CR4: 00000000000006f0 Call Trace: <TASK> unpoison_memory+0x2f3/0x590 simple_attr_write_xsigned.constprop.0.isra.0+0xb3/0x110 debugfs_attr_write+0x42/0x60 full_proxy_write+0x5b/0x80 vfs_write+0xd5/0x540 ksys_write+0x64/0xe0 do_syscall_64+0xb9/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f08f0314887 RSP: 002b:00007ffece710078 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00007f08f0314887 RDX: 0000000000000009 RSI: 0000564787a30410 RDI: 0000000000000001 RBP: 0000564787a30410 R08: 000000000000fefe R09: 000000007fffffff R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 R13: 00007f08f041b780 R14: 00007f08f0417600 R15: 00007f08f0416a00 </TASK> Modules linked in: hwpoison_inject ---[ end trace 0000000000000000 ]--- RIP: 0010:unpoison_memory+0x2f3/0x590 RSP: 0018:ffffa57fc8787d60 EFLAGS: 00000246 RAX: 0000000000000037 RBX: 0000000000000009 RCX: ffff9be25fcdc9c8 RDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff9be25fcdc9c0 RBP: 0000000000300000 R08: ffffffffb4956f88 R09: 0000000000009ffb R10: 0000000000000284 R11: ffffffffb4926fa0 R12: ffffe6b00c000000 R13: ffff9bdb453dfd00 R14: 0000000000000000 R15: fffffffffffffffe FS: 00007f08f04e4740(0000) GS:ffff9be25fcc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000564787a30410 CR3: 000000010d4e2000 CR4: 00000000000006f0 Kernel panic - not syncing: Fatal exception Kernel Offset: 0x31c00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) ---[ end Kernel panic - not syncing: Fatal exception ]--- The root cause is that unpoison_memory() tries to check the PG_HWPoison flags of an uninitialized page. So VM_BUG_ON_PAGE(PagePoisoned(page)) is triggered. This can be reproduced by below steps: 1.Offline memory block: echo offline > /sys/devices/system/memory/memory12/state 2.Get offlined memory pfn: page-types -b n -rlN 3.Write pfn to unpoison-pfn echo <pfn> > /sys/kernel/debug/hwpoison/unpoison-pfn This scenario can be identified by pfn_to_online_page() returning NULL. And ZONE_DEVICE pages are never expected, so we can simply fail if pfn_to_online_page() == NULL to fix the bug. Link: https://lkml.kernel.org/r/20250828024618.1744895-1-linmiaohe@huawei.com Fixes: f1dd2cd13c4b ("mm, memory_hotplug: do not associate hotadded memory to zones until online") Signed-off-by: Miaohe Lin <linmiaohe(a)huawei.com> Suggested-by: David Hildenbrand <david(a)redhat.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) --- a/mm/memory-failure.c~mm-memory-failure-fix-vm_bug_on_pagepagepoisonedpage-when-unpoison-memory +++ a/mm/memory-failure.c @@ -2568,10 +2568,9 @@ int unpoison_memory(unsigned long pfn) static DEFINE_RATELIMIT_STATE(unpoison_rs, DEFAULT_RATELIMIT_INTERVAL, DEFAULT_RATELIMIT_BURST); - if (!pfn_valid(pfn)) - return -ENXIO; - - p = pfn_to_page(pfn); + p = pfn_to_online_page(pfn); + if (!p) + return -EIO; folio = page_folio(p); mutex_lock(&mf_mutex); _ Patches currently in -mm which might be from linmiaohe(a)huawei.com are mm-memory-failure-fix-vm_bug_on_pagepagepoisonedpage-when-unpoison-memory.patch revert-hugetlb-make-hugetlb-depends-on-sysfs-or-sysctl.patch

2 weeks, 6 days

1
0
0 0

Loan Offer

by Mrs.Seinfield

Hello, Are you looking for a loan to either increase your activity or to carry out a project. We offer Crypto Loans at 2-7% interest rate with or without a credit check. We also pay 1% commission to brokers, who introduce project owners for finance or other opportunities. Please get back to me if you are interested in more details. Best Regards, Lucy Seinfield Assistant Secretary

2 weeks, 6 days

1
0
0 0

+ mm-memory-failure-fix-redundant-updates-for-already-poisoned-pages.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/memory-failure: fix redundant updates for already poisoned pages has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-memory-failure-fix-redundant-updates-for-already-poisoned-pages.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kyle Meyer <kyle.meyer(a)hpe.com> Subject: mm/memory-failure: fix redundant updates for already poisoned pages Date: Thu, 28 Aug 2025 13:38:20 -0500 Duplicate memory errors can be reported by multiple sources. Passing an already poisoned page to action_result() causes issues: * The amount of hardware corrupted memory is incorrectly updated. * Per NUMA node MF stats are incorrectly updated. * Redundant "already poisoned" messages are printed. Avoid those issues by: * Skipping hardware corrupted memory updates for already poisoned pages. * Skipping per NUMA node MF stats updates for already poisoned pages. * Dropping redundant "already poisoned" messages. Make MF_MSG_ALREADY_POISONED consistent with other action_page_types and make calls to action_result() consistent for already poisoned normal pages and huge pages. Link: https://lkml.kernel.org/r/aLCiHMy12Ck3ouwC@hpe.com Fixes: b8b9488d50b7 ("mm/memory-failure: improve memory failure action_result messages") Signed-off-by: Kyle Meyer <kyle.meyer(a)hpe.com> Reviewed-by: Jiaqi Yan <jiaqiyan(a)google.com> Acked-by: David Hildenbrand <david(a)redhat.com> Cc: Borislav Betkov <bp(a)alien8.de> Cc: Jane Chu <jane.chu(a)oracle.com> Cc: Kyle Meyer <kyle.meyer(a)hpe.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: "Luck, Tony" <tony.luck(a)intel.com> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Naoya Horiguchi <nao.horiguchi(a)gmail.com> Cc: Oscar Salvador <osalvador(a)suse.de> Cc: Russ Anderson <russ.anderson(a)hpe.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory-failure.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) --- a/mm/memory-failure.c~mm-memory-failure-fix-redundant-updates-for-already-poisoned-pages +++ a/mm/memory-failure.c @@ -956,7 +956,7 @@ static const char * const action_page_ty [MF_MSG_BUDDY] = "free buddy page", [MF_MSG_DAX] = "dax page", [MF_MSG_UNSPLIT_THP] = "unsplit thp", - [MF_MSG_ALREADY_POISONED] = "already poisoned", + [MF_MSG_ALREADY_POISONED] = "already poisoned page", [MF_MSG_UNKNOWN] = "unknown page", }; @@ -1349,9 +1349,10 @@ static int action_result(unsigned long p { trace_memory_failure_event(pfn, type, result); - num_poisoned_pages_inc(pfn); - - update_per_node_mf_stats(pfn, result); + if (type != MF_MSG_ALREADY_POISONED) { + num_poisoned_pages_inc(pfn); + update_per_node_mf_stats(pfn, result); + } pr_err("%#lx: recovery action for %s: %s\n", pfn, action_page_types[type], action_name[result]); @@ -2094,12 +2095,11 @@ retry: *hugetlb = 0; return 0; } else if (res == -EHWPOISON) { - pr_err("%#lx: already hardware poisoned\n", pfn); if (flags & MF_ACTION_REQUIRED) { folio = page_folio(p); res = kill_accessing_process(current, folio_pfn(folio), flags); - action_result(pfn, MF_MSG_ALREADY_POISONED, MF_FAILED); } + action_result(pfn, MF_MSG_ALREADY_POISONED, MF_FAILED); return res; } else if (res == -EBUSY) { if (!(flags & MF_NO_RETRY)) { @@ -2285,7 +2285,6 @@ try_again: goto unlock_mutex; if (TestSetPageHWPoison(p)) { - pr_err("%#lx: already hardware poisoned\n", pfn); res = -EHWPOISON; if (flags & MF_ACTION_REQUIRED) res = kill_accessing_process(current, pfn, flags); _ Patches currently in -mm which might be from kyle.meyer(a)hpe.com are mm-memory-failure-fix-redundant-updates-for-already-poisoned-pages.patch

2 weeks, 6 days

1
0
0 0

[PATCH v3 1/1] iommu/sva: Invalidate KVA range on kernel TLB flush

by Lu Baolu

In the IOMMU Shared Virtual Addressing (SVA) context, the IOMMU hardware shares and walks the CPU's page tables. The Linux x86 architecture maps the kernel address space into the upper portion of every process’s page table. Consequently, in an SVA context, the IOMMU hardware can walk and cache kernel space mappings. However, the Linux kernel currently lacks a notification mechanism for kernel space mapping changes. This means the IOMMU driver is not aware of such changes, leading to a break in IOMMU cache coherence. Modern IOMMUs often cache page table entries of the intermediate-level page table as long as the entry is valid, no matter the permissions, to optimize walk performance. Currently the iommu driver is notified only for changes of user VA mappings, so the IOMMU's internal caches may retain stale entries for kernel VA. When kernel page table mappings are changed (e.g., by vfree()), but the IOMMU's internal caches retain stale entries, Use-After-Free (UAF) vulnerability condition arises. If these freed page table pages are reallocated for a different purpose, potentially by an attacker, the IOMMU could misinterpret the new data as valid page table entries. This allows the IOMMU to walk into attacker- controlled memory, leading to arbitrary physical memory DMA access or privilege escalation. To mitigate this, introduce a new iommu interface to flush IOMMU caches. This interface should be invoked from architecture-specific code that manages combined user and kernel page tables, whenever a kernel page table update is done and the CPU TLB needs to be flushed. Fixes: 26b25a2b98e4 ("iommu: Bind process address spaces to devices") Cc: stable(a)vger.kernel.org Suggested-by: Jann Horn <jannh(a)google.com> Co-developed-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Lu Baolu <baolu.lu(a)linux.intel.com> Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com> Reviewed-by: Vasant Hegde <vasant.hegde(a)amd.com> Reviewed-by: Kevin Tian <kevin.tian(a)intel.com> Tested-by: Yi Lai <yi1.lai(a)intel.com> --- arch/x86/mm/tlb.c | 4 +++ drivers/iommu/iommu-sva.c | 60 ++++++++++++++++++++++++++++++++++++++- include/linux/iommu.h | 4 +++ 3 files changed, 67 insertions(+), 1 deletion(-) Change log: v3: - iommu_sva_mms is an unbound list; iterating it in an atomic context could introduce significant latency issues. Schedule it in a kernel thread and replace the spinlock with a mutex. - Replace the static key with a normal bool; it can be brought back if data shows the benefit. - Invalidate KVA range in the flush_tlb_all() paths. - All previous reviewed-bys are preserved. Please let me know if there are any objections. v2: - https://lore.kernel.org/linux-iommu/20250709062800.651521-1-baolu.lu@linux.… - Remove EXPORT_SYMBOL_GPL(iommu_sva_invalidate_kva_range); - Replace the mutex with a spinlock to make the interface usable in the critical regions. v1: https://lore.kernel.org/linux-iommu/20250704133056.4023816-1-baolu.lu@linux… diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c index 39f80111e6f1..3b85e7d3ba44 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -12,6 +12,7 @@ #include <linux/task_work.h> #include <linux/mmu_notifier.h> #include <linux/mmu_context.h> +#include <linux/iommu.h> #include <asm/tlbflush.h> #include <asm/mmu_context.h> @@ -1478,6 +1479,8 @@ void flush_tlb_all(void) else /* Fall back to the IPI-based invalidation. */ on_each_cpu(do_flush_tlb_all, NULL, 1); + + iommu_sva_invalidate_kva_range(0, TLB_FLUSH_ALL); } /* Flush an arbitrarily large range of memory with INVLPGB. */ @@ -1540,6 +1543,7 @@ void flush_tlb_kernel_range(unsigned long start, unsigned long end) kernel_tlb_flush_range(info); put_flush_tlb_info(); + iommu_sva_invalidate_kva_range(start, end); } /* diff --git a/drivers/iommu/iommu-sva.c b/drivers/iommu/iommu-sva.c index 1a51cfd82808..d0da2b3fd64b 100644 --- a/drivers/iommu/iommu-sva.c +++ b/drivers/iommu/iommu-sva.c @@ -10,6 +10,8 @@ #include "iommu-priv.h" static DEFINE_MUTEX(iommu_sva_lock); +static bool iommu_sva_present; +static LIST_HEAD(iommu_sva_mms); static struct iommu_domain *iommu_sva_domain_alloc(struct device *dev, struct mm_struct *mm); @@ -42,6 +44,7 @@ static struct iommu_mm_data *iommu_alloc_mm_data(struct mm_struct *mm, struct de return ERR_PTR(-ENOSPC); } iommu_mm->pasid = pasid; + iommu_mm->mm = mm; INIT_LIST_HEAD(&iommu_mm->sva_domains); /* * Make sure the write to mm->iommu_mm is not reordered in front of @@ -132,8 +135,13 @@ struct iommu_sva *iommu_sva_bind_device(struct device *dev, struct mm_struct *mm if (ret) goto out_free_domain; domain->users = 1; - list_add(&domain->next, &mm->iommu_mm->sva_domains); + if (list_empty(&iommu_mm->sva_domains)) { + if (list_empty(&iommu_sva_mms)) + WRITE_ONCE(iommu_sva_present, true); + list_add(&iommu_mm->mm_list_elm, &iommu_sva_mms); + } + list_add(&domain->next, &iommu_mm->sva_domains); out: refcount_set(&handle->users, 1); mutex_unlock(&iommu_sva_lock); @@ -175,6 +183,13 @@ void iommu_sva_unbind_device(struct iommu_sva *handle) list_del(&domain->next); iommu_domain_free(domain); } + + if (list_empty(&iommu_mm->sva_domains)) { + list_del(&iommu_mm->mm_list_elm); + if (list_empty(&iommu_sva_mms)) + WRITE_ONCE(iommu_sva_present, false); + } + mutex_unlock(&iommu_sva_lock); kfree(handle); } @@ -312,3 +327,46 @@ static struct iommu_domain *iommu_sva_domain_alloc(struct device *dev, return domain; } + +struct kva_invalidation_work_data { + struct work_struct work; + unsigned long start; + unsigned long end; +}; + +static void invalidate_kva_func(struct work_struct *work) +{ + struct kva_invalidation_work_data *data = + container_of(work, struct kva_invalidation_work_data, work); + struct iommu_mm_data *iommu_mm; + + guard(mutex)(&iommu_sva_lock); + list_for_each_entry(iommu_mm, &iommu_sva_mms, mm_list_elm) + mmu_notifier_arch_invalidate_secondary_tlbs(iommu_mm->mm, + data->start, data->end); + + kfree(data); +} + +void iommu_sva_invalidate_kva_range(unsigned long start, unsigned long end) +{ + struct kva_invalidation_work_data *data; + + if (likely(!READ_ONCE(iommu_sva_present))) + return; + + /* will be freed in the task function */ + data = kzalloc(sizeof(*data), GFP_ATOMIC); + if (!data) + return; + + data->start = start; + data->end = end; + INIT_WORK(&data->work, invalidate_kva_func); + + /* + * Since iommu_sva_mms is an unbound list, iterating it in an atomic + * context could introduce significant latency issues. + */ + schedule_work(&data->work); +} diff --git a/include/linux/iommu.h b/include/linux/iommu.h index c30d12e16473..66e4abb2df0d 100644 --- a/include/linux/iommu.h +++ b/include/linux/iommu.h @@ -1134,7 +1134,9 @@ struct iommu_sva { struct iommu_mm_data { u32 pasid; + struct mm_struct *mm; struct list_head sva_domains; + struct list_head mm_list_elm; }; int iommu_fwspec_init(struct device *dev, struct fwnode_handle *iommu_fwnode); @@ -1615,6 +1617,7 @@ struct iommu_sva *iommu_sva_bind_device(struct device *dev, struct mm_struct *mm); void iommu_sva_unbind_device(struct iommu_sva *handle); u32 iommu_sva_get_pasid(struct iommu_sva *handle); +void iommu_sva_invalidate_kva_range(unsigned long start, unsigned long end); #else static inline struct iommu_sva * iommu_sva_bind_device(struct device *dev, struct mm_struct *mm) @@ -1639,6 +1642,7 @@ static inline u32 mm_get_enqcmd_pasid(struct mm_struct *mm) } static inline void mm_pasid_drop(struct mm_struct *mm) {} +static inline void iommu_sva_invalidate_kva_range(unsigned long start, unsigned long end) {} #endif /* CONFIG_IOMMU_SVA */ #ifdef CONFIG_IOMMU_IOPF -- 2.43.0

2 weeks, 6 days

8
48
0 0

[PATCH 5.4.y] Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS"

by Imre Deak

This reverts commit 2402adce8da4e7396b63b5ffa71e1fa16e5fe5c4. The upstream commit a40c5d727b8111b5db424a1e43e14a1dcce1e77f ("drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS") the reverted commit backported causes a regression, on one eDP panel at least resulting in display flickering, described in detail at the Link: below. The issue fixed by the upstream commit will need a different solution, revert the backport for now. Cc: intel-gfx(a)lists.freedesktop.org Cc: dri-devel(a)lists.freedesktop.org Cc: Sasha Levin <sashal(a)kernel.org> Link: https://gitlab.freedesktop.org/drm/i915/kernel/-/issues/14558 Signed-off-by: Imre Deak <imre.deak(a)intel.com> --- drivers/gpu/drm/drm_dp_helper.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/drm_dp_helper.c b/drivers/gpu/drm/drm_dp_helper.c index 4eabef5b86d0..ffc68d305afe 100644 --- a/drivers/gpu/drm/drm_dp_helper.c +++ b/drivers/gpu/drm/drm_dp_helper.c @@ -280,7 +280,7 @@ ssize_t drm_dp_dpcd_read(struct drm_dp_aux *aux, unsigned int offset, * We just have to do it before any DPCD access and hope that the * monitor doesn't power down exactly after the throw away read. */ - ret = drm_dp_dpcd_access(aux, DP_AUX_NATIVE_READ, DP_LANE0_1_STATUS, buffer, + ret = drm_dp_dpcd_access(aux, DP_AUX_NATIVE_READ, DP_DPCD_REV, buffer, 1); if (ret != 1) goto out; -- 2.49.1

2 weeks, 6 days

1
6
0 0

FAILED: patch "[PATCH] NFS: Fix a race when updating an existing write" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 76d2e3890fb169168c73f2e4f8375c7cc24a765e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082225-attribute-embark-823b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76d2e3890fb169168c73f2e4f8375c7cc24a765e Mon Sep 17 00:00:00 2001 From: Trond Myklebust <trond.myklebust(a)hammerspace.com> Date: Sat, 16 Aug 2025 07:25:20 -0700 Subject: [PATCH] NFS: Fix a race when updating an existing write After nfs_lock_and_join_requests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfs_inode_remove_request() from succeeding until we actually lock the page group. The reason is that whoever called nfs_inode_remove_request() doesn't necessarily have a lock on the page group head. So in order to avoid races, let's take the page group lock earlier in nfs_lock_and_join_requests(), and hold it across the removal of the request in nfs_inode_remove_request(). Reported-by: Jeff Layton <jlayton(a)kernel.org> Tested-by: Joe Quanaim <jdq(a)meta.com> Tested-by: Andrew Steffen <aksteffen(a)meta.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Fixes: bd37d6fce184 ("NFSv4: Convert nfs_lock_and_join_requests() to use nfs_page_find_head_request()") Cc: stable(a)vger.kernel.org Signed-off-by: Trond Myklebust <trond.myklebust(a)hammerspace.com> diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c index 11968dcb7243..6e69ce43a13f 100644 --- a/fs/nfs/pagelist.c +++ b/fs/nfs/pagelist.c @@ -253,13 +253,14 @@ nfs_page_group_unlock(struct nfs_page *req) nfs_page_clear_headlock(req); } -/* - * nfs_page_group_sync_on_bit_locked +/** + * nfs_page_group_sync_on_bit_locked - Test if all requests have @bit set + * @req: request in page group + * @bit: PG_* bit that is used to sync page group * * must be called with page group lock held */ -static bool -nfs_page_group_sync_on_bit_locked(struct nfs_page *req, unsigned int bit) +bool nfs_page_group_sync_on_bit_locked(struct nfs_page *req, unsigned int bit) { struct nfs_page *head = req->wb_head; struct nfs_page *tmp; diff --git a/fs/nfs/write.c b/fs/nfs/write.c index fa5c41d0989a..8b7c04737967 100644 --- a/fs/nfs/write.c +++ b/fs/nfs/write.c @@ -153,20 +153,10 @@ nfs_page_set_inode_ref(struct nfs_page *req, struct inode *inode) } } -static int -nfs_cancel_remove_inode(struct nfs_page *req, struct inode *inode) +static void nfs_cancel_remove_inode(struct nfs_page *req, struct inode *inode) { - int ret; - - if (!test_bit(PG_REMOVE, &req->wb_flags)) - return 0; - ret = nfs_page_group_lock(req); - if (ret) - return ret; if (test_and_clear_bit(PG_REMOVE, &req->wb_flags)) nfs_page_set_inode_ref(req, inode); - nfs_page_group_unlock(req); - return 0; } /** @@ -585,19 +575,18 @@ retry: } } + ret = nfs_page_group_lock(head); + if (ret < 0) + goto out_unlock; + /* Ensure that nobody removed the request before we locked it */ if (head != folio->private) { + nfs_page_group_unlock(head); nfs_unlock_and_release_request(head); goto retry; } - ret = nfs_cancel_remove_inode(head, inode); - if (ret < 0) - goto out_unlock; - - ret = nfs_page_group_lock(head); - if (ret < 0) - goto out_unlock; + nfs_cancel_remove_inode(head, inode); /* lock each request in the page group */ for (subreq = head->wb_this_page; @@ -786,7 +775,8 @@ static void nfs_inode_remove_request(struct nfs_page *req) { struct nfs_inode *nfsi = NFS_I(nfs_page_to_inode(req)); - if (nfs_page_group_sync_on_bit(req, PG_REMOVE)) { + nfs_page_group_lock(req); + if (nfs_page_group_sync_on_bit_locked(req, PG_REMOVE)) { struct folio *folio = nfs_page_to_folio(req->wb_head); struct address_space *mapping = folio->mapping; @@ -798,6 +788,7 @@ static void nfs_inode_remove_request(struct nfs_page *req) } spin_unlock(&mapping->i_private_lock); } + nfs_page_group_unlock(req); if (test_and_clear_bit(PG_INODE_REF, &req->wb_flags)) { atomic_long_dec(&nfsi->nrequests); diff --git a/include/linux/nfs_page.h b/include/linux/nfs_page.h index 169b4ae30ff4..9aed39abc94b 100644 --- a/include/linux/nfs_page.h +++ b/include/linux/nfs_page.h @@ -160,6 +160,7 @@ extern void nfs_join_page_group(struct nfs_page *head, extern int nfs_page_group_lock(struct nfs_page *); extern void nfs_page_group_unlock(struct nfs_page *); extern bool nfs_page_group_sync_on_bit(struct nfs_page *, unsigned int); +extern bool nfs_page_group_sync_on_bit_locked(struct nfs_page *, unsigned int); extern int nfs_page_set_headlock(struct nfs_page *req); extern void nfs_page_clear_headlock(struct nfs_page *req); extern bool nfs_async_iocounter_wait(struct rpc_task *, struct nfs_lock_context *);

2 weeks, 6 days

2
3
0 0

FAILED: patch "[PATCH] NFS: Fix a race when updating an existing write" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 76d2e3890fb169168c73f2e4f8375c7cc24a765e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025082225-cling-drainer-d884@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76d2e3890fb169168c73f2e4f8375c7cc24a765e Mon Sep 17 00:00:00 2001 From: Trond Myklebust <trond.myklebust(a)hammerspace.com> Date: Sat, 16 Aug 2025 07:25:20 -0700 Subject: [PATCH] NFS: Fix a race when updating an existing write After nfs_lock_and_join_requests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfs_inode_remove_request() from succeeding until we actually lock the page group. The reason is that whoever called nfs_inode_remove_request() doesn't necessarily have a lock on the page group head. So in order to avoid races, let's take the page group lock earlier in nfs_lock_and_join_requests(), and hold it across the removal of the request in nfs_inode_remove_request(). Reported-by: Jeff Layton <jlayton(a)kernel.org> Tested-by: Joe Quanaim <jdq(a)meta.com> Tested-by: Andrew Steffen <aksteffen(a)meta.com> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Fixes: bd37d6fce184 ("NFSv4: Convert nfs_lock_and_join_requests() to use nfs_page_find_head_request()") Cc: stable(a)vger.kernel.org Signed-off-by: Trond Myklebust <trond.myklebust(a)hammerspace.com> diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c index 11968dcb7243..6e69ce43a13f 100644 --- a/fs/nfs/pagelist.c +++ b/fs/nfs/pagelist.c @@ -253,13 +253,14 @@ nfs_page_group_unlock(struct nfs_page *req) nfs_page_clear_headlock(req); } -/* - * nfs_page_group_sync_on_bit_locked +/** + * nfs_page_group_sync_on_bit_locked - Test if all requests have @bit set + * @req: request in page group + * @bit: PG_* bit that is used to sync page group * * must be called with page group lock held */ -static bool -nfs_page_group_sync_on_bit_locked(struct nfs_page *req, unsigned int bit) +bool nfs_page_group_sync_on_bit_locked(struct nfs_page *req, unsigned int bit) { struct nfs_page *head = req->wb_head; struct nfs_page *tmp; diff --git a/fs/nfs/write.c b/fs/nfs/write.c index fa5c41d0989a..8b7c04737967 100644 --- a/fs/nfs/write.c +++ b/fs/nfs/write.c @@ -153,20 +153,10 @@ nfs_page_set_inode_ref(struct nfs_page *req, struct inode *inode) } } -static int -nfs_cancel_remove_inode(struct nfs_page *req, struct inode *inode) +static void nfs_cancel_remove_inode(struct nfs_page *req, struct inode *inode) { - int ret; - - if (!test_bit(PG_REMOVE, &req->wb_flags)) - return 0; - ret = nfs_page_group_lock(req); - if (ret) - return ret; if (test_and_clear_bit(PG_REMOVE, &req->wb_flags)) nfs_page_set_inode_ref(req, inode); - nfs_page_group_unlock(req); - return 0; } /** @@ -585,19 +575,18 @@ retry: } } + ret = nfs_page_group_lock(head); + if (ret < 0) + goto out_unlock; + /* Ensure that nobody removed the request before we locked it */ if (head != folio->private) { + nfs_page_group_unlock(head); nfs_unlock_and_release_request(head); goto retry; } - ret = nfs_cancel_remove_inode(head, inode); - if (ret < 0) - goto out_unlock; - - ret = nfs_page_group_lock(head); - if (ret < 0) - goto out_unlock; + nfs_cancel_remove_inode(head, inode); /* lock each request in the page group */ for (subreq = head->wb_this_page; @@ -786,7 +775,8 @@ static void nfs_inode_remove_request(struct nfs_page *req) { struct nfs_inode *nfsi = NFS_I(nfs_page_to_inode(req)); - if (nfs_page_group_sync_on_bit(req, PG_REMOVE)) { + nfs_page_group_lock(req); + if (nfs_page_group_sync_on_bit_locked(req, PG_REMOVE)) { struct folio *folio = nfs_page_to_folio(req->wb_head); struct address_space *mapping = folio->mapping; @@ -798,6 +788,7 @@ static void nfs_inode_remove_request(struct nfs_page *req) } spin_unlock(&mapping->i_private_lock); } + nfs_page_group_unlock(req); if (test_and_clear_bit(PG_INODE_REF, &req->wb_flags)) { atomic_long_dec(&nfsi->nrequests); diff --git a/include/linux/nfs_page.h b/include/linux/nfs_page.h index 169b4ae30ff4..9aed39abc94b 100644 --- a/include/linux/nfs_page.h +++ b/include/linux/nfs_page.h @@ -160,6 +160,7 @@ extern void nfs_join_page_group(struct nfs_page *head, extern int nfs_page_group_lock(struct nfs_page *); extern void nfs_page_group_unlock(struct nfs_page *); extern bool nfs_page_group_sync_on_bit(struct nfs_page *, unsigned int); +extern bool nfs_page_group_sync_on_bit_locked(struct nfs_page *, unsigned int); extern int nfs_page_set_headlock(struct nfs_page *req); extern void nfs_page_clear_headlock(struct nfs_page *req); extern bool nfs_async_iocounter_wait(struct rpc_task *, struct nfs_lock_context *);

2 weeks, 6 days

2
3
0 0

[PATCH] drm/xe: Fix incorrect migration of backed-up object to VRAM

by Thomas Hellström

If an object is backed up to shmem it is incorrectly identified as not having valid data by the move code. This means moving to VRAM skips the -EMULTIHOP step and the bo is cleared. This causes all sorts of weird behaviour on DGFX if an already evicted object is targeted by the shrinker. Fix this by using ttm_tt_is_swapped() to identify backed-up objects. Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/5996 Fixes: 00c8efc3180f ("drm/xe: Add a shrinker for xe bos") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.15+ Signed-off-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> --- drivers/gpu/drm/xe/xe_bo.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_bo.c b/drivers/gpu/drm/xe/xe_bo.c index 7d1ff642b02a..4faf15d5fa6d 100644 --- a/drivers/gpu/drm/xe/xe_bo.c +++ b/drivers/gpu/drm/xe/xe_bo.c @@ -823,8 +823,7 @@ static int xe_bo_move(struct ttm_buffer_object *ttm_bo, bool evict, return ret; } - tt_has_data = ttm && (ttm_tt_is_populated(ttm) || - (ttm->page_flags & TTM_TT_FLAG_SWAPPED)); + tt_has_data = ttm && (ttm_tt_is_populated(ttm) || ttm_tt_is_swapped(ttm)); move_lacks_source = !old_mem || (handle_system_ccs ? (!bo->ccs_cleared) : (!mem_type_is_vram(old_mem_type) && !tt_has_data)); -- 2.50.1

2 weeks, 6 days

2
2
0 0

Linux 6.16.4

by Greg Kroah-Hartman

I'm announcing the release of the 6.16.4 kernel. All users of the 6.16 kernel series must upgrade. The updated 6.16.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.16.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/display/rockchip/rockchip-vop2.yaml | 56 +- Documentation/devicetree/bindings/display/sprd/sprd,sharkl3-dpu.yaml | 2 Documentation/devicetree/bindings/display/sprd/sprd,sharkl3-dsi-host.yaml | 2 Documentation/devicetree/bindings/ufs/mediatek,ufs.yaml | 4 Documentation/networking/mptcp-sysctl.rst | 2 Makefile | 4 arch/arm/lib/crypto/poly1305-glue.c | 3 arch/arm64/boot/dts/apple/t8012-j132.dts | 1 arch/arm64/boot/dts/exynos/exynos7870-j6lte.dts | 2 arch/arm64/boot/dts/exynos/exynos7870-on7xelte.dts | 2 arch/arm64/boot/dts/exynos/exynos7870.dtsi | 1 arch/arm64/boot/dts/exynos/google/gs101.dtsi | 1 arch/arm64/boot/dts/rockchip/rk3576.dtsi | 7 arch/arm64/boot/dts/rockchip/rk3588-turing-rk1.dtsi | 11 arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts | 24 arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 12 arch/arm64/boot/dts/ti/k3-am625-sk.dts | 24 arch/arm64/boot/dts/ti/k3-am62a7-sk.dts | 4 arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi | 24 arch/arm64/boot/dts/ti/k3-pinctrl.h | 15 arch/arm64/lib/crypto/poly1305-glue.c | 3 arch/loongarch/Makefile | 6 arch/loongarch/kernel/module-sections.c | 36 - arch/loongarch/kvm/intc/eiointc.c | 32 - arch/loongarch/kvm/intc/ipi.c | 8 arch/loongarch/kvm/intc/pch_pic.c | 10 arch/loongarch/kvm/vcpu.c | 8 arch/m68k/kernel/head.S | 31 - arch/mips/lib/crypto/chacha-core.S | 20 arch/parisc/Makefile | 4 arch/parisc/include/asm/pgtable.h | 7 arch/parisc/include/asm/special_insns.h | 28 + arch/parisc/include/asm/uaccess.h | 21 arch/parisc/kernel/cache.c | 6 arch/parisc/kernel/entry.S | 17 arch/parisc/kernel/syscall.S | 30 - arch/parisc/lib/memcpy.c | 19 arch/parisc/mm/fault.c | 4 arch/s390/boot/vmem.c | 3 arch/s390/hypfs/hypfs_dbfs.c | 19 arch/x86/crypto/aegis128-aesni-glue.c | 40 + arch/x86/include/asm/xen/hypercall.h | 5 arch/x86/kernel/cpu/amd.c | 8 arch/x86/kernel/cpu/hygon.c | 3 block/bfq-iosched.c | 13 block/blk-mq-debugfs.c | 1 block/blk-mq-sched.c | 223 +++++--- block/blk-mq-sched.h | 12 block/blk-mq.c | 29 - block/blk-rq-qos.c | 8 block/blk-rq-qos.h | 48 + block/blk-sysfs.c | 2 block/blk.h | 4 block/elevator.c | 38 + block/elevator.h | 16 block/kyber-iosched.c | 11 block/mq-deadline.c | 14 crypto/deflate.c | 7 drivers/accel/habanalabs/gaudi2/gaudi2.c | 2 drivers/acpi/apei/einj-core.c | 12 drivers/acpi/pfr_update.c | 2 drivers/ata/Kconfig | 36 + drivers/ata/libata-scsi.c | 49 - drivers/base/power/runtime.c | 27 - drivers/bluetooth/btmtk.c | 7 drivers/bus/mhi/host/boot.c | 8 drivers/bus/mhi/host/internal.h | 4 drivers/bus/mhi/host/main.c | 12 drivers/cdx/controller/cdx_rpmsg.c | 3 drivers/comedi/comedi_fops.c | 5 drivers/comedi/drivers.c | 23 drivers/comedi/drivers/pcl726.c | 3 drivers/cpufreq/armada-8k-cpufreq.c | 2 drivers/cpuidle/governors/menu.c | 29 - drivers/crypto/caam/ctrl.c | 5 drivers/crypto/caam/intern.h | 1 drivers/crypto/ccp/sev-dev.c | 10 drivers/crypto/intel/qat/qat_common/adf_common_drv.h | 1 drivers/crypto/intel/qat/qat_common/adf_init.c | 1 drivers/crypto/intel/qat/qat_common/adf_isr.c | 5 drivers/crypto/intel/qat/qat_common/qat_algs.c | 12 drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h | 125 +++- drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 35 - drivers/fpga/zynq-fpga.c | 10 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_cper.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 76 +- drivers/gpu/drm/amd/amdgpu/amdgpu_job.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_ucode.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 21 drivers/gpu/drm/amd/amdgpu/aqua_vanjaram.c | 5 drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 14 drivers/gpu/drm/amd/amdgpu/imu_v12_0.c | 13 drivers/gpu/drm/amd/amdgpu/mmhub_v3_0_1.c | 57 +- drivers/gpu/drm/amd/amdgpu/mmhub_v3_3.c | 105 ++++ drivers/gpu/drm/amd/amdgpu/mmhub_v4_1_0.c | 34 - drivers/gpu/drm/amd/amdgpu/psp_v14_0.c | 2 drivers/gpu/drm/amd/amdgpu/soc15.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_device_queue_manager.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_module.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v9.c | 61 +- drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 20 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 19 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 28 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 5 drivers/gpu/drm/amd/display/dc/bios/command_table.c | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 1 drivers/gpu/drm/amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 19 drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 - drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 - drivers/gpu/drm/amd/display/dc/core/dc.c | 34 - drivers/gpu/drm/amd/display/dc/resource/dce60/dce60_resource.c | 34 - drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 16 drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0.c | 11 drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 30 - drivers/gpu/drm/display/drm_dp_helper.c | 2 drivers/gpu/drm/drm_format_helper.c | 108 +++- drivers/gpu/drm/drm_format_internal.h | 8 drivers/gpu/drm/drm_panic_qr.rs | 22 drivers/gpu/drm/hisilicon/hibmc/dp/dp_link.c | 14 drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c | 22 drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.h | 1 drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_i2c.c | 5 drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_vdac.c | 11 drivers/gpu/drm/i915/display/intel_display_irq.c | 4 drivers/gpu/drm/i915/display/intel_tc.c | 93 ++- drivers/gpu/drm/i915/gt/intel_workarounds.c | 20 drivers/gpu/drm/nouveau/nvif/vmm.c | 3 drivers/gpu/drm/nouveau/nvkm/subdev/gsp/rm/r535/rpc.c | 4 drivers/gpu/drm/nova/file.rs | 3 drivers/gpu/drm/tests/drm_format_helper_test.c | 111 ---- drivers/gpu/drm/xe/Kconfig | 1 drivers/gpu/drm/xe/xe_migrate.c | 2 drivers/gpu/drm/xe/xe_pxp_submit.c | 2 drivers/gpu/drm/xe/xe_shrinker.c | 51 + drivers/gpu/drm/xe/xe_vm.c | 48 - drivers/gpu/drm/xe/xe_vm.h | 2 drivers/hwmon/gsc-hwmon.c | 4 drivers/i2c/busses/i2c-qcom-geni.c | 6 drivers/i2c/busses/i2c-rtl9300.c | 20 drivers/iio/accel/sca3300.c | 2 drivers/iio/adc/Kconfig | 2 drivers/iio/adc/ad7124.c | 14 drivers/iio/adc/ad7173.c | 137 ++++- drivers/iio/adc/ad7380.c | 1 drivers/iio/adc/ad_sigma_delta.c | 4 drivers/iio/adc/rzg2l_adc.c | 33 - drivers/iio/imu/bno055/bno055.c | 11 drivers/iio/imu/inv_icm42600/inv_icm42600.h | 8 drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 31 - drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c | 22 drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h | 10 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 6 drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 41 - drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 12 drivers/iio/light/as73211.c | 2 drivers/iio/pressure/bmp280-core.c | 9 drivers/iio/proximity/isl29501.c | 16 drivers/iio/temperature/maxim_thermocouple.c | 26 - drivers/infiniband/core/umem_odp.c | 4 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 drivers/infiniband/hw/bnxt_re/main.c | 23 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 30 - drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 drivers/infiniband/hw/bnxt_re/qplib_res.c | 2 drivers/infiniband/hw/erdma/erdma_verbs.c | 6 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 6 drivers/infiniband/hw/hns/hns_roce_restrack.c | 9 drivers/infiniband/sw/rxe/rxe_net.c | 29 - drivers/infiniband/sw/rxe/rxe_qp.c | 2 drivers/iommu/amd/init.c | 4 drivers/iommu/apple-dart.c | 1 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 drivers/iommu/intel/iommu.c | 1 drivers/iommu/iommufd/selftest.c | 1 drivers/iommu/riscv/iommu.c | 3 drivers/iommu/virtio-iommu.c | 19 drivers/md/dm-crypt.c | 49 + drivers/md/dm-raid.c | 42 - drivers/md/dm.c | 17 drivers/md/md-bitmap.c | 8 drivers/md/md-cluster.c | 16 drivers/md/md.c | 110 ++-- drivers/md/md.h | 2 drivers/md/raid0.c | 6 drivers/md/raid1-10.c | 2 drivers/md/raid1.c | 10 drivers/md/raid10.c | 16 drivers/md/raid5-ppl.c | 6 drivers/md/raid5.c | 30 - drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3 drivers/media/i2c/hi556.c | 26 - drivers/media/i2c/mt9m114.c | 8 drivers/media/i2c/ov2659.c | 3 drivers/media/pci/intel/ipu6/ipu6-isys-csi2.c | 12 drivers/media/pci/intel/ivsc/mei_ace.c | 2 drivers/media/pci/intel/ivsc/mei_csi.c | 2 drivers/media/platform/qcom/camss/camss-csiphy-3ph-1-0.c | 3 drivers/media/platform/qcom/camss/camss.c | 20 drivers/media/platform/qcom/iris/iris_buffer.c | 20 drivers/media/platform/qcom/iris/iris_buffer.h | 3 drivers/media/platform/qcom/iris/iris_ctrls.c | 7 drivers/media/platform/qcom/iris/iris_hfi_gen1_command.c | 27 - drivers/media/platform/qcom/iris/iris_hfi_gen1_defines.h | 1 drivers/media/platform/qcom/iris/iris_hfi_gen1_response.c | 20 drivers/media/platform/qcom/iris/iris_hfi_gen2_command.c | 4 drivers/media/platform/qcom/iris/iris_hfi_gen2_response.c | 11 drivers/media/platform/qcom/iris/iris_hfi_queue.c | 2 drivers/media/platform/qcom/iris/iris_instance.h | 2 drivers/media/platform/qcom/iris/iris_platform_common.h | 2 drivers/media/platform/qcom/iris/iris_platform_sm8250.c | 9 drivers/media/platform/qcom/iris/iris_state.c | 2 drivers/media/platform/qcom/iris/iris_state.h | 1 drivers/media/platform/qcom/iris/iris_vb2.c | 15 drivers/media/platform/qcom/iris/iris_vdec.c | 9 drivers/media/platform/qcom/iris/iris_vidc.c | 33 + drivers/media/platform/qcom/venus/core.c | 18 drivers/media/platform/qcom/venus/core.h | 2 drivers/media/platform/qcom/venus/hfi_venus.c | 5 drivers/media/platform/qcom/venus/vdec.c | 5 drivers/media/platform/qcom/venus/venc.c | 5 drivers/media/platform/raspberrypi/pisp_be/Kconfig | 1 drivers/media/platform/raspberrypi/pisp_be/pisp_be.c | 5 drivers/media/platform/verisilicon/rockchip_vpu_hw.c | 9 drivers/media/test-drivers/vivid/vivid-ctrls.c | 3 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 4 drivers/media/usb/gspca/vicam.c | 10 drivers/media/usb/usbtv/usbtv-video.c | 4 drivers/media/v4l2-core/v4l2-ctrls-core.c | 1 drivers/memstick/core/memstick.c | 1 drivers/memstick/host/rtsx_usb_ms.c | 1 drivers/mfd/mt6397-core.c | 12 drivers/mmc/host/sdhci-of-arasan.c | 33 + drivers/mmc/host/sdhci-pci-gli.c | 37 - drivers/mmc/host/sdhci_am654.c | 18 drivers/most/core.c | 2 drivers/mtd/nand/raw/fsmc_nand.c | 2 drivers/mtd/nand/raw/renesas-nand-controller.c | 6 drivers/mtd/nand/spi/core.c | 5 drivers/mtd/spi-nor/swp.c | 19 drivers/net/bonding/bond_3ad.c | 67 +- drivers/net/bonding/bond_options.c | 1 drivers/net/dsa/microchip/ksz_common.c | 6 drivers/net/ethernet/airoha/airoha_ppe.c | 4 drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 drivers/net/ethernet/google/gve/gve_main.c | 2 drivers/net/ethernet/intel/igc/igc_main.c | 14 drivers/net/ethernet/intel/ixgbe/devlink/devlink.c | 1 drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c | 4 drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/dcbnl.h | 1 drivers/net/ethernet/mellanox/mlx5/core/en/port_buffer.c | 18 drivers/net/ethernet/mellanox/mlx5/core/en/tc/ct_fs_hmfs.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 12 drivers/net/ethernet/mellanox/mlx5/core/esw/devlink_port.c | 4 drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h | 2 drivers/net/ethernet/mellanox/mlx5/core/port.c | 20 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/bwc_complex.c | 41 + drivers/net/ethernet/mellanox/mlx5/core/steering/hws/cmd.c | 1 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/cmd.h | 1 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/fs_hws.c | 1 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/matcher.c | 5 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws.h | 1 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/send.c | 1 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/table.c | 13 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/table.h | 3 drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2 drivers/net/ethernet/mellanox/mlxsw/trap.h | 1 drivers/net/ethernet/microchip/lan865x/lan865x.c | 21 drivers/net/ethernet/realtek/rtase/rtase.h | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-thead.c | 9 drivers/net/ethernet/ti/icssg/icssg_prueth.c | 72 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 8 drivers/net/phy/mscc/mscc.h | 12 drivers/net/phy/mscc/mscc_main.c | 12 drivers/net/phy/mscc/mscc_ptp.c | 49 + drivers/net/ppp/ppp_generic.c | 17 drivers/net/usb/asix_devices.c | 2 drivers/net/wireless/ath/ath11k/ce.c | 3 drivers/net/wireless/ath/ath11k/dp_rx.c | 3 drivers/net/wireless/ath/ath11k/hal.c | 33 + drivers/net/wireless/ath/ath12k/ce.c | 3 drivers/net/wireless/ath/ath12k/hal.c | 38 + drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 drivers/pci/controller/dwc/pci-imx6.c | 12 drivers/pci/controller/dwc/pcie-designware.c | 8 drivers/pci/controller/pcie-rockchip-ep.c | 4 drivers/pci/controller/pcie-rockchip-host.c | 49 + drivers/pci/controller/pcie-rockchip.h | 12 drivers/pci/endpoint/pci-ep-cfs.c | 1 drivers/pci/endpoint/pci-epf-core.c | 2 drivers/pci/pci.h | 32 - drivers/pci/pcie/portdrv.c | 2 drivers/phy/qualcomm/phy-qcom-m31.c | 14 drivers/platform/chrome/cros_ec.c | 3 drivers/platform/x86/amd/hsmp/hsmp.c | 5 drivers/platform/x86/intel/uncore-frequency/uncore-frequency-tpmi.c | 5 drivers/pwm/pwm-imx-tpm.c | 9 drivers/pwm/pwm-mediatek.c | 71 +- drivers/regulator/pca9450-regulator.c | 13 drivers/regulator/tps65219-regulator.c | 12 drivers/s390/char/sclp.c | 11 drivers/scsi/mpi3mr/mpi3mr.h | 6 drivers/scsi/mpi3mr/mpi3mr_fw.c | 17 drivers/scsi/mpi3mr/mpi3mr_os.c | 2 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/soc/qcom/mdt_loader.c | 43 + drivers/soc/tegra/pmc.c | 51 + drivers/spi/spi-fsl-lpspi.c | 8 drivers/spi/spi-qpic-snand.c | 22 drivers/staging/media/imx/imx-media-csc-scaler.c | 2 drivers/tty/serial/8250/8250_port.c | 3 drivers/tty/vt/defkeymap.c_shipped | 112 ++++ drivers/tty/vt/keyboard.c | 2 drivers/ufs/core/ufshcd.c | 10 drivers/ufs/host/ufs-exynos.c | 4 drivers/ufs/host/ufs-qcom.c | 42 - drivers/ufs/host/ufshcd-pci.c | 42 + drivers/usb/atm/cxacru.c | 106 +--- drivers/usb/core/hcd.c | 20 drivers/usb/core/quirks.c | 1 drivers/usb/dwc3/dwc3-imx8mp.c | 7 drivers/usb/dwc3/dwc3-meson-g12a.c | 3 drivers/usb/dwc3/dwc3-pci.c | 2 drivers/usb/dwc3/ep0.c | 20 drivers/usb/dwc3/gadget.c | 19 drivers/usb/gadget/udc/renesas_usb3.c | 1 drivers/usb/host/xhci-hub.c | 3 drivers/usb/host/xhci-mem.c | 22 drivers/usb/host/xhci-pci-renesas.c | 7 drivers/usb/host/xhci-ring.c | 9 drivers/usb/host/xhci.c | 23 drivers/usb/host/xhci.h | 3 drivers/usb/musb/omap2430.c | 14 drivers/usb/storage/realtek_cr.c | 2 drivers/usb/storage/unusual_devs.h | 29 + drivers/usb/typec/tcpm/maxim_contaminant.c | 58 ++ drivers/usb/typec/tcpm/tcpci_maxim.h | 1 drivers/vhost/vsock.c | 6 drivers/video/console/vgacon.c | 2 fs/btrfs/ctree.c | 23 fs/btrfs/extent-tree.c | 2 fs/btrfs/extent_io.c | 94 +-- fs/btrfs/extent_io.h | 2 fs/btrfs/fiemap.c | 2 fs/btrfs/free-space-tree.c | 17 fs/btrfs/inode.c | 8 fs/btrfs/print-tree.c | 2 fs/btrfs/qgroup.c | 6 fs/btrfs/relocation.c | 4 fs/btrfs/subpage.c | 258 +++++----- fs/btrfs/subpage.h | 45 + fs/btrfs/super.c | 13 fs/btrfs/tree-log.c | 4 fs/btrfs/zoned.c | 70 ++ fs/buffer.c | 2 fs/debugfs/inode.c | 11 fs/erofs/Kconfig | 18 fs/ext4/fsmap.c | 23 fs/ext4/indirect.c | 4 fs/ext4/inode.c | 2 fs/ext4/orphan.c | 5 fs/ext4/super.c | 8 fs/f2fs/node.c | 10 fs/fhandle.c | 2 fs/internal.h | 3 fs/iomap/direct-io.c | 14 fs/jbd2/checkpoint.c | 1 fs/libfs.c | 27 - fs/namespace.c | 69 +- fs/netfs/read_collect.c | 4 fs/netfs/write_collect.c | 10 fs/netfs/write_issue.c | 4 fs/nfs/pagelist.c | 9 fs/nfs/write.c | 29 - fs/overlayfs/copy_up.c | 2 fs/proc/task_mmu.c | 4 fs/smb/client/smb2ops.c | 2 fs/smb/server/connection.c | 3 fs/smb/server/connection.h | 7 fs/smb/server/oplock.c | 13 fs/smb/server/transport_rdma.c | 5 fs/smb/server/transport_rdma.h | 4 fs/smb/server/transport_tcp.c | 26 - fs/splice.c | 3 fs/squashfs/super.c | 14 fs/xfs/libxfs/xfs_refcount.c | 4 fs/xfs/scrub/common.c | 3 fs/xfs/scrub/repair.c | 12 fs/xfs/scrub/scrub.c | 5 fs/xfs/xfs_attr_item.c | 5 fs/xfs/xfs_discard.c | 12 fs/xfs/xfs_fsmap.c | 4 fs/xfs/xfs_icache.c | 5 fs/xfs/xfs_inode.c | 7 fs/xfs/xfs_itable.c | 24 fs/xfs/xfs_iwalk.c | 11 fs/xfs/xfs_notify_failure.c | 6 fs/xfs/xfs_qm.c | 10 fs/xfs/xfs_rtalloc.c | 13 fs/xfs/xfs_trans.c | 56 +- fs/xfs/xfs_trans.h | 3 fs/xfs/xfs_zone_alloc.c | 10 fs/xfs/xfs_zone_gc.c | 5 include/crypto/hash.h | 2 include/crypto/internal/acompress.h | 5 include/drm/drm_format_helper.h | 9 include/drm/intel/pciids.h | 1 include/linux/blkdev.h | 1 include/linux/compiler.h | 8 include/linux/iosys-map.h | 7 include/linux/iov_iter.h | 20 include/linux/kcov.h | 47 - include/linux/mlx5/mlx5_ifc.h | 14 include/linux/netfs.h | 1 include/linux/nfs_page.h | 1 include/net/bluetooth/bluetooth.h | 4 include/net/bluetooth/hci.h | 1 include/net/bluetooth/hci_core.h | 54 +- include/net/bond_3ad.h | 1 include/net/devlink.h | 6 include/net/sch_generic.h | 11 include/sound/cs35l56.h | 5 include/trace/events/btrfs.h | 2 include/uapi/linux/pfrut.h | 1 include/uapi/linux/raid/md_p.h | 2 io_uring/futex.c | 3 kernel/Kconfig.kexec | 1 kernel/cgroup/cpuset.c | 9 kernel/cgroup/rstat.c | 3 kernel/kexec_handover.c | 29 - kernel/sched/ext.c | 4 kernel/signal.c | 6 kernel/trace/ftrace.c | 19 kernel/trace/trace.c | 34 - kernel/trace/trace.h | 10 mm/damon/core.c | 15 mm/damon/paddr.c | 4 mm/debug_vm_pgtable.c | 9 mm/filemap.c | 3 mm/kasan/kasan_test_c.c | 2 mm/memory-failure.c | 8 mm/mremap.c | 41 - net/bluetooth/hci_conn.c | 17 net/bluetooth/hci_core.c | 27 - net/bluetooth/hci_event.c | 15 net/bluetooth/hci_sync.c | 33 - net/bluetooth/iso.c | 20 net/bluetooth/mgmt.c | 13 net/bridge/br_multicast.c | 16 net/bridge/br_private.h | 2 net/core/dev.c | 12 net/devlink/port.c | 2 net/hsr/hsr_slave.c | 8 net/ipv4/netfilter/nf_reject_ipv4.c | 6 net/ipv6/netfilter/nf_reject_ipv6.c | 5 net/ipv6/seg6_hmac.c | 6 net/mptcp/options.c | 6 net/mptcp/pm.c | 18 net/mptcp/pm_kernel.c | 1 net/sched/sch_cake.c | 14 net/sched/sch_codel.c | 12 net/sched/sch_fq.c | 12 net/sched/sch_fq_codel.c | 12 net/sched/sch_fq_pie.c | 12 net/sched/sch_hhf.c | 12 net/sched/sch_htb.c | 2 net/sched/sch_pie.c | 12 net/smc/af_smc.c | 3 net/tls/tls_sw.c | 7 net/vmw_vsock/virtio_transport.c | 12 rust/kernel/alloc/allocator.rs | 30 - rust/kernel/alloc/allocator_test.rs | 11 rust/kernel/drm/device.rs | 32 - rust/kernel/faux.rs | 2 security/apparmor/lsm.c | 4 sound/core/timer.c | 4 sound/pci/hda/patch_realtek.c | 2 sound/pci/hda/tas2781_hda_i2c.c | 2 sound/soc/codecs/cs35l56-sdw.c | 69 -- sound/soc/codecs/cs35l56-shared.c | 29 + sound/soc/codecs/cs35l56.c | 2 sound/soc/codecs/cs35l56.h | 3 sound/soc/sof/amd/acp-loader.c | 6 sound/usb/stream.c | 2 sound/usb/validate.c | 2 tools/objtool/arch/loongarch/special.c | 23 tools/testing/selftests/net/mptcp/mptcp_connect.c | 5 tools/testing/selftests/net/mptcp/mptcp_inq.c | 5 tools/testing/selftests/net/mptcp/mptcp_sockopt.c | 5 tools/testing/selftests/net/mptcp/pm_netlink.sh | 1 498 files changed, 4865 insertions(+), 2704 deletions(-) Adrian Huang (Lenovo) (1): signal: Fix memory leak for PIDFD_SELF* sentinels Adrian Hunter (1): scsi: ufs: ufs-pci: Fix default runtime and system PM levels Akhilesh Patil (1): RDMA/core: Free pfn_list with appropriate kvfree call Al Viro (1): use uniform permission checks for all mount propagation changes Alan Huang (1): xfs: Remove unused label in xfs_dax_notify_dev_failure Aleksa Sarai (1): open_tree_attr: do not allow id-mapping changes without OPEN_TREE_CLONE Alex Deucher (7): drm/amdgpu/discovery: fix fw based ip discovery drm/amdgpu: add missing vram lost check for LEGACY RESET drm/amdgpu: track whether a queue is a kernel queue in amdgpu_mqd_prop drm/amdgpu: update mmhub 3.0.1 client id mappings drm/amdgpu: update mmhub 3.3 client id mappings drm/amdgpu: update mmhub 4.1.0 client id mappings drm/amdgpu/swm14: Update power limit logic Alex Guo (1): i2c: rtl9300: Fix out-of-bounds bug in rtl9300_i2c_smbus_xfer Alex Vesker (1): net/mlx5: HWS, Fix table creation UID Alexander Sverdlin (1): arm64: dts: ti: k3-pinctrl: Enable Schmitt Trigger by default Alexander Wilhelm (1): bus: mhi: host: Fix endianness of BHI vector table Alexei Lazar (1): net/mlx5e: Query FW for buffer ownership Amber Lin (1): drm/amdkfd: Destroy KFD debugfs after destroy KFD wq Amit Sunil Dhamne (2): usb: typec: maxim_contaminant: disable low power mode when reading comparator values usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean Anantha Prabhu (1): RDMA/bnxt_re: Fix to initialize the PBL array Andrea Righi (1): sched/ext: Fix invalid task state transitions on class switch Andreas Dilger (1): ext4: check fast symlink for ea_inode correctly André Draszik (1): scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE Andy Shevchenko (1): iio: imu: inv_icm42600: Convert to uXX and sXX integer types Archana Patni (1): scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers Armen Ratner (1): net/mlx5e: Preserve shared buffer capacity during headroom updates Ashish Kalra (1): crypto: ccp - Fix SNP panic notifier unregistration Baihan Li (5): drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed drm/hisilicon/hibmc: fix irq_request()'s irq name variable is local drm/hisilicon/hibmc: fix the hibmc loaded failed bug drm/hisilicon/hibmc: fix rare monitors cannot display problem drm/hisilicon/hibmc: fix dp and vga cannot show together Bao D. Nguyen (1): scsi: ufs: ufs-qcom: Update esi_vec_mask for HW major version >= 6 Baokun Li (2): ext4: preserve SB_I_VERSION on remount jbd2: prevent softlockup in jbd2_log_do_checkpoint() Bart Van Assche (2): scsi: ufs: core: Fix IRQ lock inversion for the SCSI host lock scsi: ufs: core: Remove WARN_ON_ONCE() call from ufshcd_uic_cmd_compl() Bharat Bhushan (3): crypto: octeontx2 - Fix address alignment issue on ucode loading crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 Bibo Mao (4): LoongArch: KVM: Make function kvm_own_lbt() robust LoongArch: KVM: Fix stack protector issue in send_ipi_data() LoongArch: KVM: Add address alignment check in pch_pic register access LoongArch: KVM: Use standard bitops API with eiointc Bingbu Cao (1): media: hi556: correct the test pattern configuration Bjorn Andersson (1): soc: qcom: mdt_loader: Ensure we don't read past the ELF header Bo Liu (OpenAnolis) (1): erofs: fix build error with CONFIG_EROFS_FS_ZIP_ACCEL=y Boshi Yu (2): RDMA/erdma: Fix ignored return value of init_kernel_qp RDMA/erdma: Fix unset QPN of GSI QP Bryan O'Donoghue (2): media: qcom: camss: csiphy-3ph: Fix inadvertent dropping of SDM660/SDM670 phy init media: qcom: camss: Remove extraneous -supply postfix on supply names Chao Yu (1): f2fs: fix to avoid out-of-boundary access in dnode page Charalampos Mitrodimas (1): debugfs: fix mount options not being applied Chen Yu (1): ACPI: pfr_update: Fix the driver update version check Chenyuan Yang (1): drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() Chi Zhiling (1): readahead: fix return value of page_cache_next_miss() when no hole is found Christian Brauner (1): libfs: massage path_from_stashed() to allow custom stashing behavior Christoph Hellwig (5): xfs: decouple xfs_trans_alloc_empty from xfs_trans_alloc xfs: return the allocated transaction from xfs_trans_alloc_empty xfs: improve the comments in xfs_select_zone_nowait xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags xfs: fix frozen file system assert in xfs_trans_alloc Christoph Manszewski (1): drm/xe: Fix vm_bind_ioctl double free bug Christoph Paasch (1): mptcp: drop skb if MPTCP skb extension allocation fails Claudiu Beznea (2): iio: adc: rzg2l_adc: Set driver data before enabling runtime PM iio: adc: rzg2l: Cleanup suspend/resume path Cristian Ciocaltea (3): arm64: dts: rockchip: Add HDMI PHY PLL clock source to VOP2 on rk3576 arm64: dts: rockchip: Enable HDMI PHY clk provider on rk3576 dt-bindings: display: vop2: Add optional PLL clock property for rk3576 D. Wythe (1): net/smc: fix UAF on smcsk after smc_listen_out() Damien Le Moal (7): ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig dm: dm-crypt: Do not partially accept write BIOs with zoned targets dm: Check for forbidden splitting of zone write operations ata: libata-scsi: Fix ata_to_sense_error() status handling ata: libata-scsi: Return aborted command when missing sense and result TF PCI: endpoint: Fix configfs group list head handling PCI: endpoint: Fix configfs group removal on driver teardown Dan Carpenter (6): cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() media: gspca: Add bounds checking to firmware parser soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() scsi: qla4xxx: Prevent a potential error pointer dereference ALSA: usb-audio: Fix size validation in convert_chmap_v3() regulator: tps65219: regulator: tps65219: Fix error codes in probe() Daniel Jurgens (1): net/mlx5: Base ECVF devlink port attrs from 0 Danilo Krummrich (4): rust: alloc: replace aligned_size() with Kmalloc::aligned_layout() rust: drm: ensure kmalloc() compatible Layout rust: drm: remove pin annotations from drm::Device rust: drm: don't pass the address of drm::Device to drm_dev_put() David Hildenbrand (1): mm/mremap: fix WARN with uffd that has remap events disabled David Howells (2): netfs: Fix unbuffered write error handling cifs: Fix oops due to uninitialised variable David Lechner (13): iio: adc: ad7173: fix num_slots iio: imu: bno055: fix OOB access of hw_xlate array iio: adc: ad_sigma_delta: change to buffer predisable iio: adc: ad7173: fix channels index for syscalib_mode iio: adc: ad7173: fix calibration channel iio: adc: ad7173: fix setting ODR in probe iio: adc: ad7380: fix missing max_conversion_rate_hz on adaq4381-4 iio: accel: sca3300: fix uninitialized iio scan data iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() iio: adc: ad7124: fix channel lookup in syscalib functions iio: adc: ad7173: prevent scan if too many setups requested iio: proximity: isl29501: fix buffered read on big-endian systems iio: imu: inv_icm42600: use = { } instead of memset() David Sterba (1): btrfs: move transaction aborts to the error site in add_block_group_free_space() David Yat Sin (1): drm/amdkfd: Fix checkpoint-restore on multi-xcc Dewei Meng (1): ALSA: timer: fix ida_free call while not allocated Dikshita Agarwal (16): media: iris: Avoid updating frame size to firmware during reconfig media: iris: Drop port check for session property response media: iris: Fix buffer preparation failure during resolution change media: iris: Fix missing function pointer initialization media: iris: Fix NULL pointer dereference media: iris: Fix typo in depth variable media: iris: Prevent HFI queue writes when core is in deinit state media: iris: Remove deprecated property setting to firmware media: iris: Remove error check for non-zero v4l2 controls media: iris: Send V4L2_BUF_FLAG_ERROR for capture buffers with 0 filled length media: iris: Skip destroying internal buffer if not dequeued media: iris: Skip flush on first sequence change media: iris: Track flush responses to prevent premature completion media: iris: Update CAPTURE format info based on OUTPUT format media: iris: Verify internal buffer release on close media: iris: Remove unnecessary re-initialization of flush completion Dmitry Torokhov (1): mfd: mt6397: Do not use generic name for keypad sub-devices Dominique Martinet (1): iov_iter: iterate_folioq: fix handling of offset >= folio size Edward Adam Davis (1): comedi: pcl726: Prevent invalid irq number Emanuele Ghidoli (1): arm64: dts: ti: k3-am62-verdin: Enable pull-ups on I2C buses Eric Biggers (7): lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap lib/crypto: arm/poly1305: Fix register corruption in no-SIMD contexts lib/crypto: arm64/poly1305: Fix register corruption in no-SIMD contexts crypto: x86/aegis - Fix sleeping when disallowed on PREEMPT_RT crypto: x86/aegis - Add missing error checks ipv6: sr: Fix MAC comparison to be constant-time crypto: acomp - Fix CFI failure due to type punning Evgeniy Harchenko (1): ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 Fanhua Li (1): drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). Filipe Manana (5): btrfs: always abort transaction on failure to add block group to free space tree btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() btrfs: reorganize logic at free_extent_buffer() for better readability btrfs: add comment for optimization in free_extent_buffer() btrfs: use refcount_t type for the extent buffer reference counter Finn Thain (1): m68k: Fix lost column on framebuffer debug console Florian Westphal (1): netfilter: nf_reject: don't leak dst refcount for loopback packets Frank Min (1): drm/amdgpu: add kicker fws loading for gfx12/smu14/psp14 Gabor Juhos (3): mtd: spinand: propagate spinand_wait() errors from spinand_write_page() spi: spi-qpic-snand: use correct CW_PER_PAGE value for OOB write spi: spi-qpic-snand: fix calculating of ECC OOB regions' properties Gang Ba (1): drm/amdgpu: Avoid extra evict-restore process. Geert Uytterhoeven (1): erofs: Do not select tristate symbols from bool symbols Geliang Tang (2): mptcp: remove duplicate sk_reset_timer call mptcp: disable add_addr retransmission when timeout is 0 Geraldo Nascimento (2): PCI: rockchip: Use standard PCIe definitions PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining Giovanni Cabiddu (2): crypto: qat - lower priority for skcipher and aead algorithms crypto: qat - flush misc workqueue during device shutdown Greg Kroah-Hartman (1): Linux 6.16.4 Gui-Dong Han (1): media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() Hangbin Liu (2): bonding: update LACP activity flag after setting lacp_active bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU Hans Verkuil (1): media: vivid: fix wrong pixel_array control size Hans de Goede (1): media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls Haoxiang Li (1): media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() Hariprasad Kelam (1): Octeontx2-af: Skip overlap check for SPI field Harshal Gohel (1): i2c: rtl9300: Fix multi-byte I2C write Heikki Krogerus (1): usb: dwc3: pci: add support for the Intel Wildcat Lake Heiko Carstens (1): s390/mm: Do not map lowcore with identity mapping Helge Deller (2): Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" apparmor: Fix 8-byte alignment for initial dfa blob streams Herbert Xu (1): crypto: hash - Increase HASH_MAX_DESCSIZE for hmac(sha3-224-s390) Herton R. Krzesinski (1): mm/debug_vm_pgtable: clear page table entries at destroy_args() Hong Guan (1): arm64: dts: ti: k3-am62a7-sk: fix pinmux for main_uart1 Horatiu Vultur (1): phy: mscc: Fix timestamping for vsc8584 Ian Abbott (2): comedi: Make insn_rw_emulate_bits() do insn->n samples comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() Ido Schimmel (1): mlxsw: spectrum: Forward packets with an IPv4 link-local source IP Igor Pylypiv (1): ata: libata-scsi: Fix CDL control Imre Deak (6): drm/i915/lnl+/tc: Fix handling of an enabled/disconnected dp-alt sink drm/i915/icl+/tc: Cache the max lane count value drm/i915/lnl+/tc: Fix max lane count HW readout drm/i915/lnl+/tc: Use the cached max lane count value drm/i915/icl+/tc: Convert AUX powered WARN to a debug message drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS JP Kobryn (1): cgroup: avoid null de-ref in css_rstat_exit() Jacopo Mondi (1): media: pisp_be: Fix pm_runtime underrun in probe Jakub Acs (1): net, hsr: reject HSR frame if skb can't hold tag Jakub Kicinski (1): tls: fix handling of zero-length records on the rx_list Jakub Ramaseuski (1): net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM Jan Beulich (1): compiler: remove __ADDRESSABLE_ASM{_STR,}() again Jan Kara (1): iomap: Fix broken data integrity guarantees for O_SYNC writes Jani Nikula (1): drm/i915: silence rpm wakeref asserts on GEN11_GU_MISC_IIR access Jann Horn (1): kasan/test: fix protection against compiler elision Jason Gunthorpe (1): iommu: Remove ops.pgsize_bitmap from drivers that don't use it Jason Xing (1): ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc Jean-Baptiste Maneyrol (1): iio: imu: inv_icm42600: change invalid data error to -EBUSY Jedrzej Jagielski (2): devlink: let driver opt out of automatic phys_port_name generation ixgbe: prevent from unwanted interface name changes Jens Axboe (1): io_uring/futex: ensure io_futex_wait() cleans up properly on failure Jialin Wang (1): proc: proc_maps_open allow proc_mem_open to return NULL Jiande Lu (1): Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown Jiayi Li (1): memstick: Fix deadlock by moving removing flag earlier Jinjiang Tu (1): mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn Jiwei Sun (1): PCI: Fix link speed calculation on retrain failure Jocelyn Falempe (1): drm/panic: Add a u64 divide by 10 for arm32 Johan Hovold (10): usb: gadget: udc: renesas_usb3: fix device leak at unbind usb: musb: omap2430: fix device leak at unbind usb: dwc3: meson-g12a: fix device leaks at unbind usb: dwc3: imx8mp: fix device leak at unbind wifi: ath12k: fix dest ring-buffer corruption wifi: ath12k: fix source ring-buffer corruption wifi: ath12k: fix dest ring-buffer corruption when ring is full wifi: ath11k: fix dest ring-buffer corruption wifi: ath11k: fix source ring-buffer corruption wifi: ath11k: fix dest ring-buffer corruption when ring is full John David Anglin (8): parisc: Check region is readable by user in raw_copy_from_user() parisc: Define and use set_pte_at() parisc: Drop WARN_ON_ONCE() from flush_cache_vmap parisc: Rename pte_needs_flush() to pte_needs_cache_flush() in cache.c parisc: Revise __get_user() to probe user read access parisc: Revise gateway LWS calls to probe user read access parisc: Try to fixup kernel exception in bad_area_nosemaphore path of do_page_fault() parisc: Update comments in make_insert_tlb John Ernberg (1): crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP Jon Hunter (1): soc/tegra: pmc: Ensure power-domains are in a known state Jonathan Cameron (1): iio: light: as73211: Ensure buffer holes are zeroed Jordan Rhee (1): gve: prevent ethtool ops after shutdown Jorge Ramirez-Ortiz (2): media: venus: hfi: explicitly release IRQ during teardown media: venus: protect against spurious interrupts during probe José Expósito (2): drm/tests: Fix endian warning drm/tests: Fix drm_test_fb_xrgb8888_to_xrgb2101010() on big-endian Judith Mendez (3): arm64: dts: ti: k3-am62-main: Remove eMMC High Speed DDR support arm64: dts: ti: k3-am62*: Move eMMC pinmux to top level board file mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 Julian Sun (1): block: restore default wbt enablement Junxian Huang (1): RDMA/hns: Fix dip entries leak on devices newer than hip09 Justin Lai (1): rtase: Fix Rx descriptor CRC error bit definition Kalesh AP (1): RDMA/bnxt_re: Fix a possible memory leak in the driver Kanglong Wang (1): LoongArch: Optimize module load time by optimizing PLT/GOT counting Kashyap Desai (2): RDMA/bnxt_re: Fix to do SRQ armena by default RDMA/bnxt_re: Fix to remove workload check in SRQ limit path Kathiravan Thirumoorthy (2): phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence i2c: qcom-geni: fix I2C frequency table to achieve accurate bus rates Kaustabh Chakraborty (3): arm64: dts: exynos7870-j6lte: reduce memory ranges to base amount arm64: dts: exynos7870: add quirk to disable USB2 LPM in gadget mode arm64: dts: exynos7870-on7xelte: reduce memory ranges to base amount Kees Cook (1): iommu/amd: Avoid stack buffer overflow from kernel cmdline Konrad Dybcio (1): media: venus: Fix MSM8998 frequency table Krzysztof Kozlowski (2): dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints Kuen-Han Tsai (1): usb: dwc3: Ignore late xferNotReady event to prevent halt timeout Kyoji Ogasawara (3): btrfs: fix incorrect log message for nobarrier mount option btrfs: restore mount option info messages during mount btrfs: fix printing of mount info messages for NODATACOW/NODATASUM Laurentiu Mihalcea (1): pwm: imx-tpm: Reset counter if CMOD is 0 Lauri Tirkkonen (1): drm/amd/display: fix initial backlight brightness calculation Leo Martins (1): btrfs: fix subpage deadlock in try_release_subpage_extent_buffer() Li Nan (1): md: rename recovery_cp to resync_offset Liao Yuanhong (1): ext4: use kmalloc_array() for array space allocation Lijo Lazar (2): drm/amdgpu: Update external revid for GC v9.5.0 drm/amdgpu: Update supported modes for GC v9.5.0 Liu01 Tong (1): drm/amdgpu: fix task hang from failed job submission during process kill Lorenzo Bianconi (1): net: airoha: ppe: Do not invalid PPE entries in case of SW hash collision Ludwig Disterhof (1): media: usbtv: Lock resolution while streaming Luiz Augusto von Dentz (4): Bluetooth: hci_sync: Fix scan state after PA Sync has been established Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings Bluetooth: hci_core: Fix using ll_privacy_capable for current settings Bluetooth: hci_core: Fix not accounting for BIS/CIS/PA links separately Lukas Wunner (1): PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge MD Danish Anwar (1): net: ti: icssg-prueth: Fix HSR and switch offload Enablement during firwmare reload. Macpaul Lin (1): scsi: dt-bindings: mediatek,ufs: Add ufs-disable-mcq flag for UFS host Mael GUERIN (1): USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera Marek Szyprowski (1): zynq_fpga: use sgtable-based scatterlist wrappers Marek Vasut (1): usb: renesas-xhci: Fix External ROM access timeouts Mario Limonciello (5): drm/amd: Restore cached power limit during resume drm/amd/display: Pass up errors for reset GPU that fails to init HW drm/amd/display: Revert "drm/amd/display: Fix AMDGPU_MAX_BL_LEVEL value" drm/amd/display: Avoid a NULL pointer dereference drm/amd: Restore cached manual clock settings during resume Masami Hiramatsu (Google) (1): tracing: fprobe-event: Sanitize wildcard for fprobe event name Mathis Foerst (1): media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval Matthieu Baerts (NGI0) (4): mptcp: pm: kernel: flush: do not reset ADD_ADDR limit selftests: mptcp: pm: check flush doesn't reset limits selftests: mptcp: connect: fix C23 extension warning selftests: mptcp: sockopt: fix C23 extension warning Matti Vaittinen (1): iio: adc: bd79124: Add GPIOLIB dependency Miao Li (1): usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive Miaoqian Lin (1): most: core: Drop device reference after usage in get_channel() Michael Chan (1): bnxt_en: Fix lockdep warning during rmmod Michael Walle (1): mtd: spi-nor: Fix spi_nor_try_unlock_all() Michel Dänzer (1): drm/amd/display: Add primary plane to commits for correct VRR handling Miguel Ojeda (3): rust: faux: fix C header link drm: nova-drm: fix 32-bit arm build rust: alloc: fix `rusttest` by providing `Cmalloc::aligned_layout` too Ming Lei (1): blk-mq: fix lockdep warning in __blk_mq_update_nr_hw_queues Minhong He (1): ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add Muhammad Usama Anjum (1): ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context Myrrh Periwinkle (2): vt: keyboard: Don't process Unicode characters in K_OFF mode vt: defkeymap: Map keycodes above 127 to K_HOLE Namjae Jeon (1): ksmbd: extend the connection limiting mechanism to support IPv6 Naohiro Aota (3): btrfs: zoned: fix write time activation failure for metadata block group btrfs: subpage: keep TOWRITE tag until folio is cleaned btrfs: zoned: fix data relocation block group reservation Nathan Chancellor (3): usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() NeilBrown (1): ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp() Nick Chan (1): arm64: dts: apple: t8012-j132: Include touchbar framebuffer node Nicolas Dufresne (1): media: verisilicon: Fix AV1 decoder clock frequency Nicolin Chen (1): iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement Niklas Cassel (1): PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up Niklas Neronin (1): usb: xhci: fix host not responding after suspend and resume Nilay Shroff (6): block: move elevator queue allocation logic into blk_mq_init_sched block: fix lockdep warning caused by lock dependency in elv_iosched_store block: fix potential deadlock while running nr_hw_queue update block: decrement block_rq_qos static key in rq_qos_del() block: skip q->rq_qos check in rq_qos_done_bio() block: avoid cpu_hotplug_lock depedency on freeze_lock Nitin Gote (1): iosys-map: Fix undefined behavior in iosys_map_clear() Nitin Rawat (1): scsi: ufs: ufs-qcom: Fix ESI null pointer dereference Ojaswin Mujoo (2): ext4: fix fsmap end of range reporting with bigalloc ext4: fix reserved gdt blocks handling in fsmap Oren Sidi (1): net/mlx5: Add IFC bits and enums for buf_ownership Parthiban Veerasooran (2): microchip: lan865x: fix missing netif_start_queue() call on device open microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1 Pasha Tatashin (3): kho: init new_physxa->phys_bits to fix lockdep kho: mm: don't allow deferred struct page with KHO kho: warn if KHO is disabled due to an error Pauli Virtanen (1): Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established Peng Fan (1): regulator: pca9450: Use devm_register_sys_off_handler Peter Griffin (1): arm64: dts: exynos: gs101: ufs: add dma-coherent property Peter Oberparleiter (3): s390/sclp: Fix SCCB present check s390/hypfs: Avoid unnecessary ioctl registration in debugfs s390/hypfs: Enable limited access during lockdown Peter Shkenev (1): drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities Phillip Lougher (1): squashfs: fix memory leak in squashfs_fill_super Piotr Piórkowski (2): drm/xe: Assign ioctl xe file handler to vm in xe_vm_create drm/xe: Move ASID allocation and user PT BO tracking into xe_vm_create Pu Lehui (1): tracing: Limit access to parser->buffer when trace_get_user failed Qianfeng Rong (1): drm/nouveau/gsp: fix mismatched alloc/free for kvmalloc() Qingfang Deng (2): net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path ppp: fix race conditions in ppp_fill_forward_path Qu Wenruo (2): btrfs: add comments on the extra btrfs specific subpage bitmaps btrfs: rename btrfs_subpage structure Rafael J. Wysocki (2): PM: runtime: Take active children into account in pm_runtime_get_if_in_use() cpuidle: governors: menu: Avoid selecting states with too much latency Randy Dunlap (1): parisc: Makefile: explain that 64BIT requires both 32-bit and 64-bit compilers Ranjan Kumar (3): scsi: mpi3mr: Fix race between config read submit and interrupt completion scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems Ricardo Ribalda (2): media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. media: venus: venc: Clamp param smaller than 1fps and bigger than 240 Richard Fitzgerald (1): ASoC: cs35l56: Handle new algorithms IDs for CS35L63 Richard Zhu (4): PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset PCI: imx6: Delay link start until configfs 'start' written Robin Murphy (1): iommu/virtio: Make instance lookup robust Sai Krishna Potthuri (1): mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up Sakari Ailus (2): media: ipu6: isys: Use correct pads for xlate_streams() media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() Salah Triki (1): iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() Sam Edwards (1): arm64: dts: rockchip: Remove workaround that prevented Turing RK1 GPU power regulator control Sang-Heon Jeon (2): mm/damon/core: fix commit_ops_filters by using correct nth function mm/damon/core: fix damos_commit_filter not changing allow Sebastian Andrzej Siewior (1): kcov, usb: Don't disable interrupts in kcov_remote_start_usb_softirq() Sebastian Brzezinka (1): drm/i915/gt: Relocate compression repacking WA for JSL/EHL Selvarasu Ganesan (1): usb: dwc3: Remove WARN_ON for device endpoint command timeouts SeongJae Park (1): mm/damon/ops-common: ignore migration request to invalid nodes Sergey Shtylyov (1): Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() Simon Richter (1): Mark xe driver as BROKEN if kernel page size is not 4kB Siyang Liu (1): drm/amd/display: fix a Null pointer dereference vulnerability Song Gao (1): LoongArch: KVM: Use kvm_get_vcpu_by_id() instead of kvm_get_vcpu() Srinivas Pandruvada (1): platform/x86/intel-uncore-freq: Check write blocked for ELC Stefan Binding (2): ASoC: cs35l56: Update Firmware Addresses for CS35L63 for production silicon ASoC: cs35l56: Remove SoundWire Clock Divider workaround for CS35L63 Stefan Metzmacher (1): smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() Stefan Wahren (1): spi: spi-fsl-lpspi: Clamp too high speed_hz Steven Rostedt (2): ftrace: Also allocate and copy hash for reading of filter files tracing: Remove unneeded goto out logic Suma Hegde (1): platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL Suraj Gupta (1): net: xilinx: axienet: Fix RX skb ring management in DMAengine mode Sven Eckelmann (2): i2c: rtl9300: Increase timeout for transfer polling i2c: rtl9300: Add missing count byte for SMBus Block Ops Takashi Iwai (2): ALSA: hda: tas2781: Fix wrong reference of tasdevice_priv ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation Theodore Ts'o (1): ext4: don't try to clear the orphan_present feature block device is r/o Thomas Bertschinger (1): fhandle: do_handle_open() should get FD with user flags Thomas Fourier (2): mtd: rawnand: fsmc: Add missing check after DMA map mtd: rawnand: renesas: Add missing check after DMA map Thomas Hellström (1): drm/xe: Defer buffer object shrinker write-backs and GPU waits Thomas Weißschuh (1): kbuild: userprogs: use correct linker when mixing clang and GNU ld Thomas Zimmermann (1): drm/tests: Do not use drm_fb_blit() in format-helper tests Thorsten Blum (3): accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() cdx: Fix off-by-one error in cdx_rpmsg_probe() usb: storage: realtek_cr: Use correct byte order for bcs->Residue Tianxiang Peng (1): x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Tiezhu Yang (2): objtool/LoongArch: Get table size correctly if LTO is enabled LoongArch: Pass annotate-tablejump option if LTO is enabled Tim Harvey (1): hwmon: (gsc-hwmon) fix fan pwm setpoint show functions Timur Kristóf (9): drm/amd/display: Fix DCE 6.0 and 6.4 PLL programming. drm/amd/display: Don't overwrite dce60_clk_mgr drm/amd/display: Don't overclock DCE 6 by 15% drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs drm/amd/display: Adjust DCE 8-10 clock, don't overclock by 15% drm/amd/display: Don't print errors for nonexistent connectors Tom Chung (1): drm/amd/display: Fix Xorg desktop unresponsive on Replay panel Tristram Ha (1): net: dsa: microchip: Fix KSZ9477 HSR port setup issue Trond Myklebust (1): NFS: Fix a race when updating an existing write Tzung-Bi Shih (1): platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() Uwe Kleine-König (3): pwm: mediatek: Handle hardware enable and clock enable separately pwm: mediatek: Fix duty and period setting ACPI: APEI: EINJ: Fix resource leak by remove callback in .exit.text ValdikSS (1): igc: fix disabling L1.2 PCI-E link substate on I226 on init Vedang Nagar (1): media: venus: Add a check for packet size after reading from shared memory Victor Shih (3): mmc: sdhci-pci-gli: Add a new function to simplify the code mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency Vlad Dogaru (1): net/mlx5: CT: Use the correct counter offset Vladimir Zapolskiy (1): media: qcom: camss: cleanup media device allocated resource on error path Vodapalli, Ravi Kumar (1): drm/xe/bmg: Add one additional PCI ID Waiman Long (2): cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key cgroup/cpuset: Fix a partition error with CPU hotplug Wang Liang (1): net: bridge: fix soft lockup in br_multicast_query_expired() Weitao Wang (1): usb: xhci: Fix slot_id resource race conflict Will Deacon (2): vsock/virtio: Validate length in packet header before skb_put() vhost/vsock: Avoid allocating arbitrarily-sized SKBs William Liu (3): net/sched: Fix backlog accounting in qdisc_dequeue_internal net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate Xaver Hugl (1): amdgpu/amdgpu_discovery: increase timeout limit for IFWI init XianLiang Huang (1): iommu/riscv: prevent NULL deref in iova_to_phys Xu Yang (1): usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test Xu Yilun (1): fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() Yang Li (2): Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF Bluetooth: Add PA_LINK to distinguish BIG sync and PA sync connections Yang Wang (1): drm/amd/amdgpu: fix missing lock for cper.ring->rptr/wptr access Yao Zi (1): net: stmmac: thead: Enable TX clock before MAC initialization Yazen Ghannam (1): x86/CPU/AMD: Ignore invalid reset reason value Ye Bin (1): fs/buffer: fix use-after-free when call bh_read() helper Yevgeny Kliteynik (2): net/mlx5: HWS, fix bad parameter in CQ creation net/mlx5: HWS, fix complex rules rehash error flow Youssef Samir (1): bus: mhi: host: Detect events pointing to unexpected TREs YuanShang (1): drm/amdgpu: Retain job->vm in amdgpu_job_prepare_job Yuichiro Tsuji (1): net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Yunhui Cui (1): serial: 8250: fix panic due to PSLVERR Yuntao Wang (1): fs: fix incorrect lflags value in the move_mount syscall Zenm Chen (1): USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles Zhang Shurong (1): media: ov2659: Fix memory leaks in ov2659_probe() Zhang Yi (1): ext4: fix hole length calculation overflow in non-extent inodes Zheng Qixing (2): md: add helper rdev_needs_recovery() md: fix sync_action incorrect display during resync Zhu Yanjun (1): RDMA/rxe: Flush delayed SKBs while releasing RXE resources Ziyan Xu (1): ksmbd: fix refcount leak causing resource not released wenglianfa (1): RDMA/hns: Fix querying wrong SCC context for DIP algorithm

2 weeks, 6 days

1
1
0 0

Linux 6.12.44

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.44 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/display/sprd/sprd,sharkl3-dpu.yaml | 2 Documentation/devicetree/bindings/display/sprd/sprd,sharkl3-dsi-host.yaml | 2 Documentation/devicetree/bindings/ufs/mediatek,ufs.yaml | 4 Documentation/networking/mptcp-sysctl.rst | 2 Makefile | 4 arch/arm64/boot/dts/exynos/google/gs101.dtsi | 1 arch/arm64/boot/dts/ti/k3-am62-lp-sk.dts | 36 + arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 arch/arm64/boot/dts/ti/k3-am62-phycore-som.dtsi | 1 arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 12 arch/arm64/boot/dts/ti/k3-am625-beagleplay.dts | 2 arch/arm64/boot/dts/ti/k3-am625-sk.dts | 24 arch/arm64/boot/dts/ti/k3-am62a-phycore-som.dtsi | 1 arch/arm64/boot/dts/ti/k3-am62a7-sk.dts | 7 arch/arm64/boot/dts/ti/k3-am62p5-sk.dts | 2 arch/arm64/boot/dts/ti/k3-am62x-sk-common.dtsi | 24 arch/arm64/boot/dts/ti/k3-am642-evm.dts | 1 arch/arm64/boot/dts/ti/k3-am654-base-board.dts | 1 arch/arm64/boot/dts/ti/k3-am6548-iot2050-advanced-common.dtsi | 1 arch/arm64/boot/dts/ti/k3-am69-sk.dts | 1 arch/arm64/boot/dts/ti/k3-pinctrl.h | 15 arch/loongarch/kernel/module-sections.c | 36 - arch/loongarch/kvm/vcpu.c | 8 arch/m68k/kernel/head.S | 31 arch/mips/crypto/chacha-core.S | 20 arch/parisc/Makefile | 4 arch/parisc/include/asm/pgtable.h | 7 arch/parisc/include/asm/special_insns.h | 28 arch/parisc/include/asm/uaccess.h | 21 arch/parisc/kernel/cache.c | 6 arch/parisc/kernel/entry.S | 17 arch/parisc/kernel/syscall.S | 30 arch/parisc/lib/memcpy.c | 19 arch/parisc/mm/fault.c | 4 arch/powerpc/boot/Makefile | 1 arch/s390/boot/vmem.c | 3 arch/s390/hypfs/hypfs_dbfs.c | 19 arch/x86/coco/sev/shared.c | 3 arch/x86/include/asm/xen/hypercall.h | 5 arch/x86/kernel/cpu/hygon.c | 3 arch/x86/kvm/mmu/mmu.c | 10 drivers/accel/habanalabs/gaudi2/gaudi2.c | 2 drivers/acpi/pfr_update.c | 2 drivers/ata/Kconfig | 36 - drivers/ata/libata-scsi.c | 58 - drivers/base/power/runtime.c | 27 drivers/bluetooth/btmtk.c | 7 drivers/bus/mhi/host/boot.c | 8 drivers/bus/mhi/host/internal.h | 4 drivers/bus/mhi/host/main.c | 12 drivers/cdx/controller/cdx_rpmsg.c | 3 drivers/comedi/comedi_fops.c | 5 drivers/comedi/drivers.c | 23 drivers/comedi/drivers/pcl726.c | 3 drivers/cpufreq/armada-8k-cpufreq.c | 2 drivers/cpuidle/governors/menu.c | 101 -- drivers/crypto/caam/ctrl.c | 5 drivers/crypto/caam/intern.h | 1 drivers/crypto/intel/qat/qat_common/adf_common_drv.h | 1 drivers/crypto/intel/qat/qat_common/adf_init.c | 1 drivers/crypto/intel/qat/qat_common/adf_isr.c | 5 drivers/crypto/intel/qat/qat_common/qat_algs.c | 12 drivers/crypto/marvell/octeontx2/otx2_cpt_reqmgr.h | 125 ++- drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 35 drivers/fpga/zynq-fpga.c | 10 drivers/gpu/drm/Kconfig | 5 drivers/gpu/drm/Makefile | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 5 drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 76 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6 drivers/gpu/drm/amd/amdgpu/imu_v12_0.c | 2 drivers/gpu/drm/amd/amdgpu/mmhub_v3_0_1.c | 57 - drivers/gpu/drm/amd/amdgpu/mmhub_v4_1_0.c | 34 drivers/gpu/drm/amd/amdgpu/soc15.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_module.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 28 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c | 2 drivers/gpu/drm/amd/display/dc/bios/bios_parser.c | 5 drivers/gpu/drm/amd/display/dc/bios/command_table.c | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 1 drivers/gpu/drm/amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 - drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 drivers/gpu/drm/amd/display/dc/core/dc.c | 34 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 30 drivers/gpu/drm/display/drm_dp_helper.c | 2 drivers/gpu/drm/drm_draw.c | 155 ++++ drivers/gpu/drm/drm_draw_internal.h | 56 + drivers/gpu/drm/drm_format_helper.c | 234 ++++-- drivers/gpu/drm/drm_format_internal.h | 127 +++ drivers/gpu/drm/drm_panic.c | 269 ------- drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c | 4 drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.h | 17 drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_i2c.c | 46 - drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_vdac.c | 29 drivers/gpu/drm/i915/display/intel_tc.c | 58 + drivers/gpu/drm/nouveau/nvif/vmm.c | 3 drivers/gpu/drm/tests/drm_format_helper_test.c | 176 ++-- drivers/gpu/drm/xe/Kconfig | 1 drivers/hwmon/gsc-hwmon.c | 4 drivers/iio/adc/ad7173.c | 3 drivers/iio/adc/ad_sigma_delta.c | 4 drivers/iio/imu/bno055/bno055.c | 11 drivers/iio/imu/inv_icm42600/inv_icm42600.h | 8 drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 33 drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c | 22 drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h | 10 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 6 drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 43 - drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 12 drivers/iio/light/adjd_s311.c | 2 drivers/iio/light/as73211.c | 4 drivers/iio/light/bh1745.c | 2 drivers/iio/light/isl29125.c | 2 drivers/iio/light/ltr501.c | 2 drivers/iio/light/max44000.c | 2 drivers/iio/light/rohm-bu27034.c | 2 drivers/iio/light/rpr0521.c | 2 drivers/iio/light/st_uvis25.h | 2 drivers/iio/light/tcs3414.c | 2 drivers/iio/light/tcs3472.c | 2 drivers/iio/pressure/bmp280-core.c | 9 drivers/iio/proximity/isl29501.c | 16 drivers/iio/temperature/maxim_thermocouple.c | 26 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 drivers/infiniband/hw/bnxt_re/main.c | 23 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 30 drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 drivers/infiniband/hw/bnxt_re/qplib_res.c | 2 drivers/infiniband/hw/erdma/erdma_verbs.c | 4 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 6 drivers/infiniband/hw/hns/hns_roce_restrack.c | 9 drivers/infiniband/sw/rxe/rxe_net.c | 29 drivers/infiniband/sw/rxe/rxe_qp.c | 2 drivers/iommu/amd/init.c | 4 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 drivers/md/dm-crypt.c | 49 + drivers/md/dm.c | 17 drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3 drivers/media/i2c/hi556.c | 26 drivers/media/i2c/mt9m114.c | 8 drivers/media/i2c/ov2659.c | 3 drivers/media/pci/intel/ipu6/ipu6-isys-csi2.c | 12 drivers/media/pci/intel/ivsc/mei_ace.c | 2 drivers/media/pci/intel/ivsc/mei_csi.c | 2 drivers/media/platform/qcom/camss/camss.c | 4 drivers/media/platform/qcom/venus/core.c | 18 drivers/media/platform/qcom/venus/core.h | 2 drivers/media/platform/qcom/venus/hfi_venus.c | 5 drivers/media/platform/qcom/venus/vdec.c | 5 drivers/media/platform/qcom/venus/venc.c | 5 drivers/media/platform/raspberrypi/pisp_be/Kconfig | 1 drivers/media/platform/raspberrypi/pisp_be/pisp_be.c | 5 drivers/media/platform/verisilicon/rockchip_vpu_hw.c | 9 drivers/media/test-drivers/vivid/vivid-ctrls.c | 3 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 4 drivers/media/usb/gspca/vicam.c | 10 drivers/media/usb/usbtv/usbtv-video.c | 4 drivers/media/v4l2-core/v4l2-ctrls-core.c | 1 drivers/memstick/core/memstick.c | 1 drivers/memstick/host/rtsx_usb_ms.c | 1 drivers/mmc/host/sdhci-pci-gli.c | 37 - drivers/mmc/host/sdhci_am654.c | 18 drivers/most/core.c | 2 drivers/mtd/nand/raw/fsmc_nand.c | 2 drivers/mtd/nand/raw/renesas-nand-controller.c | 6 drivers/mtd/nand/spi/core.c | 5 drivers/mtd/spi-nor/swp.c | 19 drivers/net/bonding/bond_3ad.c | 67 + drivers/net/bonding/bond_options.c | 1 drivers/net/can/ti_hecc.c | 2 drivers/net/dsa/microchip/ksz_common.c | 6 drivers/net/ethernet/google/gve/gve_main.c | 2 drivers/net/ethernet/intel/igc/igc_main.c | 14 drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c | 4 drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/dcbnl.h | 1 drivers/net/ethernet/mellanox/mlx5/core/en/port_buffer.c | 18 drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 12 drivers/net/ethernet/mellanox/mlx5/core/esw/devlink_port.c | 4 drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h | 87 ++ drivers/net/ethernet/mellanox/mlx5/core/port.c | 40 - drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2 drivers/net/ethernet/mellanox/mlxsw/trap.h | 1 drivers/net/ethernet/microchip/lan865x/lan865x.c | 21 drivers/net/ethernet/realtek/rtase/rtase.h | 2 drivers/net/ethernet/ti/icssg/icssg_prueth.c | 72 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 8 drivers/net/phy/mscc/mscc.h | 12 drivers/net/phy/mscc/mscc_main.c | 12 drivers/net/phy/mscc/mscc_ptp.c | 49 + drivers/net/ppp/ppp_generic.c | 17 drivers/net/usb/asix_devices.c | 2 drivers/net/wireless/ath/ath11k/ce.c | 3 drivers/net/wireless/ath/ath11k/dp_rx.c | 3 drivers/net/wireless/ath/ath11k/hal.c | 33 drivers/net/wireless/ath/ath12k/ce.c | 3 drivers/net/wireless/ath/ath12k/hal.c | 38 - drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 drivers/pci/controller/dwc/pci-imx6.c | 32 drivers/pci/controller/pcie-rockchip-host.c | 49 - drivers/pci/controller/pcie-rockchip.h | 11 drivers/pci/endpoint/pci-ep-cfs.c | 1 drivers/pci/endpoint/pci-epf-core.c | 2 drivers/pci/pcie/portdrv.c | 2 drivers/phy/qualcomm/phy-qcom-m31.c | 14 drivers/platform/chrome/cros_ec.c | 3 drivers/platform/x86/intel/uncore-frequency/uncore-frequency-tpmi.c | 5 drivers/pwm/pwm-imx-tpm.c | 9 drivers/pwm/pwm-mediatek.c | 71 + drivers/s390/char/sclp.c | 11 drivers/scsi/mpi3mr/mpi3mr.h | 6 drivers/scsi/mpi3mr/mpi3mr_fw.c | 17 drivers/scsi/mpi3mr/mpi3mr_os.c | 2 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/scsi/scsi_lib.c | 3 drivers/soc/qcom/mdt_loader.c | 43 + drivers/soc/tegra/pmc.c | 51 - drivers/spi/spi-fsl-lpspi.c | 8 drivers/staging/media/imx/imx-media-csc-scaler.c | 2 drivers/tty/serial/8250/8250_port.c | 3 drivers/tty/vt/defkeymap.c_shipped | 112 +++ drivers/tty/vt/keyboard.c | 2 drivers/ufs/host/ufs-exynos.c | 4 drivers/ufs/host/ufshcd-pci.c | 42 + drivers/usb/atm/cxacru.c | 106 +- drivers/usb/core/hcd.c | 20 drivers/usb/core/quirks.c | 1 drivers/usb/dwc3/dwc3-imx8mp.c | 7 drivers/usb/dwc3/dwc3-meson-g12a.c | 3 drivers/usb/dwc3/dwc3-pci.c | 2 drivers/usb/dwc3/ep0.c | 20 drivers/usb/dwc3/gadget.c | 19 drivers/usb/gadget/udc/renesas_usb3.c | 1 drivers/usb/host/xhci-hub.c | 3 drivers/usb/host/xhci-mem.c | 22 drivers/usb/host/xhci-pci-renesas.c | 7 drivers/usb/host/xhci-ring.c | 9 drivers/usb/host/xhci.c | 21 drivers/usb/host/xhci.h | 3 drivers/usb/musb/omap2430.c | 14 drivers/usb/storage/realtek_cr.c | 2 drivers/usb/storage/unusual_devs.h | 29 drivers/usb/typec/class.c | 7 drivers/usb/typec/tcpm/fusb302.c | 32 drivers/usb/typec/tcpm/maxim_contaminant.c | 58 + drivers/usb/typec/tcpm/qcom/qcom_pmic_typec_pdphy.c | 3 drivers/usb/typec/tcpm/qcom/qcom_pmic_typec_pdphy_stub.c | 3 drivers/usb/typec/tcpm/qcom/qcom_pmic_typec_port.c | 4 drivers/usb/typec/tcpm/tcpci_maxim.h | 1 drivers/usb/typec/tcpm/tcpm.c | 7 drivers/vhost/vsock.c | 6 drivers/video/console/vgacon.c | 2 fs/btrfs/block-group.c | 59 - fs/btrfs/ctree.c | 9 fs/btrfs/free-space-tree.c | 17 fs/btrfs/qgroup.c | 38 - fs/btrfs/send.c | 359 +++++----- fs/btrfs/subpage.c | 19 fs/btrfs/super.c | 13 fs/btrfs/transaction.c | 1 fs/btrfs/zoned.c | 13 fs/buffer.c | 2 fs/debugfs/inode.c | 11 fs/ext4/fsmap.c | 23 fs/ext4/indirect.c | 4 fs/ext4/inode.c | 2 fs/ext4/orphan.c | 5 fs/ext4/super.c | 8 fs/f2fs/node.c | 10 fs/file.c | 75 -- fs/jbd2/checkpoint.c | 1 fs/namespace.c | 34 fs/netfs/write_collect.c | 10 fs/netfs/write_issue.c | 4 fs/nfs/pagelist.c | 9 fs/nfs/write.c | 29 fs/overlayfs/copy_up.c | 2 fs/smb/client/smb2ops.c | 2 fs/smb/server/connection.c | 3 fs/smb/server/connection.h | 7 fs/smb/server/oplock.c | 13 fs/smb/server/transport_rdma.c | 5 fs/smb/server/transport_rdma.h | 4 fs/smb/server/transport_tcp.c | 26 fs/splice.c | 3 fs/squashfs/super.c | 14 fs/xfs/xfs_itable.c | 6 include/drm/drm_format_helper.h | 12 include/linux/call_once.h | 47 - include/linux/compiler.h | 8 include/linux/iosys-map.h | 7 include/linux/iov_iter.h | 20 include/linux/kcov.h | 47 - include/linux/mlx5/mlx5_ifc.h | 14 include/linux/mlx5/port.h | 85 -- include/linux/netfs.h | 1 include/linux/nfs_page.h | 1 include/net/bond_3ad.h | 1 include/uapi/linux/pfrut.h | 1 io_uring/futex.c | 3 io_uring/net.c | 27 kernel/cgroup/cpuset.c | 9 kernel/sched/ext.c | 18 kernel/trace/ftrace.c | 19 kernel/trace/trace.c | 34 kernel/trace/trace.h | 10 mm/damon/paddr.c | 4 mm/debug_vm_pgtable.c | 9 mm/filemap.c | 3 mm/memory-failure.c | 8 net/bluetooth/hci_conn.c | 3 net/bluetooth/hci_event.c | 8 net/bluetooth/hci_sync.c | 19 net/bridge/br_multicast.c | 16 net/bridge/br_private.h | 2 net/core/dev.c | 12 net/hsr/hsr_slave.c | 8 net/ipv4/netfilter/nf_reject_ipv4.c | 6 net/ipv6/netfilter/nf_reject_ipv6.c | 5 net/ipv6/seg6_hmac.c | 6 net/mptcp/options.c | 6 net/mptcp/pm_netlink.c | 19 net/sched/sch_cake.c | 14 net/sched/sch_htb.c | 2 net/smc/af_smc.c | 3 net/tls/tls_sw.c | 7 net/vmw_vsock/virtio_transport.c | 12 rust/kernel/alloc/allocator.rs | 30 rust/kernel/alloc/allocator_test.rs | 11 security/apparmor/lsm.c | 4 sound/core/timer.c | 4 sound/pci/hda/patch_realtek.c | 2 sound/soc/sof/amd/acp-loader.c | 6 sound/usb/stream.c | 2 sound/usb/validate.c | 2 tools/testing/selftests/net/mptcp/pm_netlink.sh | 1 341 files changed, 3787 insertions(+), 2216 deletions(-) Adrian Hunter (1): scsi: ufs: ufs-pci: Fix default runtime and system PM levels Al Viro (2): use uniform permission checks for all mount propagation changes alloc_fdtable(): change calling conventions. Alex Deucher (4): drm/amdgpu/discovery: fix fw based ip discovery drm/amdgpu: update mmhub 3.0.1 client id mappings drm/amdgpu: update mmhub 4.1.0 client id mappings drm/amdgpu/swm14: Update power limit logic Alexander Sverdlin (1): arm64: dts: ti: k3-pinctrl: Enable Schmitt Trigger by default Alexander Wilhelm (1): bus: mhi: host: Fix endianness of BHI vector table Alexei Lazar (1): net/mlx5e: Query FW for buffer ownership Amber Lin (1): drm/amdkfd: Destroy KFD debugfs after destroy KFD wq Amit Sunil Dhamne (2): usb: typec: maxim_contaminant: disable low power mode when reading comparator values usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean Anantha Prabhu (1): RDMA/bnxt_re: Fix to initialize the PBL array Andrea Righi (2): sched/ext: Fix invalid task state transitions on class switch sched_ext: initialize built-in idle state before ops.init() Andreas Dilger (1): ext4: check fast symlink for ea_inode correctly André Draszik (1): scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE Andy Shevchenko (1): iio: imu: inv_icm42600: Convert to uXX and sXX integer types Archana Patni (1): scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers Armen Ratner (1): net/mlx5e: Preserve shared buffer capacity during headroom updates Baihan Li (3): drm/hisilicon/hibmc: refactored struct hibmc_drm_private drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed drm/hisilicon/hibmc: fix the hibmc loaded failed bug Baokun Li (2): jbd2: prevent softlockup in jbd2_log_do_checkpoint() ext4: preserve SB_I_VERSION on remount Bharat Bhushan (3): crypto: octeontx2 - Fix address alignment issue on ucode loading crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 Bibo Mao (1): LoongArch: KVM: Make function kvm_own_lbt() robust Bingbu Cao (1): media: hi556: correct the test pattern configuration Bjorn Andersson (1): soc: qcom: mdt_loader: Ensure we don't read past the ELF header Boris Burkov (2): btrfs: explicitly ref count block_group on new_bgs list btrfs: codify pattern for adding block_group to bg_list Boshi Yu (1): RDMA/erdma: Fix ignored return value of init_kernel_qp Chao Yu (1): f2fs: fix to avoid out-of-boundary access in dnode page Charalampos Mitrodimas (1): debugfs: fix mount options not being applied Chen Yu (1): ACPI: pfr_update: Fix the driver update version check Chenyuan Yang (1): drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() Chi Zhiling (1): readahead: fix return value of page_cache_next_miss() when no hole is found Christian Loehle (1): cpuidle: menu: Remove iowait influence Christoph Hellwig (1): xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags Christoph Paasch (1): mptcp: drop skb if MPTCP skb extension allocation fails D. Wythe (1): net/smc: fix UAF on smcsk after smc_listen_out() Damien Le Moal (7): ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig dm: dm-crypt: Do not partially accept write BIOs with zoned targets dm: Check for forbidden splitting of zone write operations ata: libata-scsi: Fix ata_to_sense_error() status handling PCI: endpoint: Fix configfs group list head handling PCI: endpoint: Fix configfs group removal on driver teardown ata: libata-scsi: Return aborted command when missing sense and result TF Dan Carpenter (5): cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() media: gspca: Add bounds checking to firmware parser soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() scsi: qla4xxx: Prevent a potential error pointer dereference ALSA: usb-audio: Fix size validation in convert_chmap_v3() Daniel Jurgens (1): net/mlx5: Base ECVF devlink port attrs from 0 Danilo Krummrich (1): rust: alloc: replace aligned_size() with Kmalloc::aligned_layout() David Howells (2): netfs: Fix unbuffered write error handling cifs: Fix oops due to uninitialised variable David Lechner (6): iio: imu: bno055: fix OOB access of hw_xlate array iio: adc: ad_sigma_delta: change to buffer predisable iio: adc: ad7173: fix setting ODR in probe iio: proximity: isl29501: fix buffered read on big-endian systems iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() iio: imu: inv_icm42600: use = { } instead of memset() David Sterba (2): btrfs: qgroup: drop unused parameter fs_info from __del_qgroup_rb() btrfs: move transaction aborts to the error site in add_block_group_free_space() Dewei Meng (1): ALSA: timer: fix ida_free call while not allocated Dominique Martinet (1): iov_iter: iterate_folioq: fix handling of offset >= folio size Edward Adam Davis (1): comedi: pcl726: Prevent invalid irq number Emanuele Ghidoli (1): arm64: dts: ti: k3-am62-verdin: Enable pull-ups on I2C buses Eric Biggers (2): lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap ipv6: sr: Fix MAC comparison to be constant-time Evgeniy Harchenko (1): ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 Fanhua Li (1): drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). Filipe Manana (10): btrfs: qgroup: fix race between quota disable and quota rescan ioctl btrfs: always abort transaction on failure to add block group to free space tree btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() btrfs: send: factor out common logic when sending xattrs btrfs: send: only use boolean variables at process_recorded_refs() btrfs: send: add and use helper to rename current inode when processing refs btrfs: send: keep the current inode's path cached btrfs: send: avoid path allocation for the current inode when issuing commands btrfs: send: use fallocate for hole punching with send stream v2 btrfs: send: make fs_path_len() inline and constify its argument Finn Thain (1): m68k: Fix lost column on framebuffer debug console Florian Westphal (1): netfilter: nf_reject: don't leak dst refcount for loopback packets Frank Li (1): PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support Gabor Juhos (1): mtd: spinand: propagate spinand_wait() errors from spinand_write_page() Gang Ba (1): drm/amdgpu: Avoid extra evict-restore process. Geliang Tang (2): mptcp: remove duplicate sk_reset_timer call mptcp: disable add_addr retransmission when timeout is 0 Geraldo Nascimento (2): PCI: rockchip: Use standard PCIe definitions PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining Giovanni Cabiddu (2): crypto: qat - lower priority for skcipher and aead algorithms crypto: qat - flush misc workqueue during device shutdown Greg Kroah-Hartman (2): Revert "can: ti_hecc: fix -Woverflow compiler warning" Linux 6.12.44 Gui-Dong Han (1): media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() Hangbin Liu (2): bonding: update LACP activity flag after setting lacp_active bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU Hans Verkuil (1): media: vivid: fix wrong pixel_array control size Hans de Goede (1): media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls Haoxiang Li (1): media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() Hariprasad Kelam (1): Octeontx2-af: Skip overlap check for SPI field Heikki Krogerus (1): usb: dwc3: pci: add support for the Intel Wildcat Lake Heiko Carstens (1): s390/mm: Do not map lowcore with identity mapping Helge Deller (2): Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" apparmor: Fix 8-byte alignment for initial dfa blob streams Herton R. Krzesinski (1): mm/debug_vm_pgtable: clear page table entries at destroy_args() Hong Guan (1): arm64: dts: ti: k3-am62a7-sk: fix pinmux for main_uart1 Horatiu Vultur (1): phy: mscc: Fix timestamping for vsc8584 Ian Abbott (2): comedi: Make insn_rw_emulate_bits() do insn->n samples comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() Ido Schimmel (1): mlxsw: spectrum: Forward packets with an IPv4 link-local source IP Igor Pylypiv (1): ata: libata-scsi: Fix CDL control Imre Deak (3): drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS drm/i915/icl+/tc: Convert AUX powered WARN to a debug message drm/i915/icl+/tc: Cache the max lane count value Jacopo Mondi (1): media: pisp_be: Fix pm_runtime underrun in probe Jakub Acs (1): net, hsr: reject HSR frame if skb can't hold tag Jakub Kicinski (1): tls: fix handling of zero-length records on the rx_list Jakub Ramaseuski (1): net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM Jan Beulich (1): compiler: remove __ADDRESSABLE_ASM{_STR,}() again Jason Xing (1): ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc Jean-Baptiste Maneyrol (1): iio: imu: inv_icm42600: change invalid data error to -EBUSY Jens Axboe (2): io_uring/net: commit partial buffers on retry io_uring/futex: ensure io_futex_wait() cleans up properly on failure Jiande Lu (1): Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown Jiayi Li (1): memstick: Fix deadlock by moving removing flag earlier Jinjiang Tu (1): mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn Jocelyn Falempe (1): drm/panic: Move drawing functions to drm_draw Johan Hovold (10): usb: gadget: udc: renesas_usb3: fix device leak at unbind usb: musb: omap2430: fix device leak at unbind usb: dwc3: meson-g12a: fix device leaks at unbind usb: dwc3: imx8mp: fix device leak at unbind wifi: ath12k: fix dest ring-buffer corruption wifi: ath12k: fix source ring-buffer corruption wifi: ath12k: fix dest ring-buffer corruption when ring is full wifi: ath11k: fix dest ring-buffer corruption wifi: ath11k: fix source ring-buffer corruption wifi: ath11k: fix dest ring-buffer corruption when ring is full John David Anglin (8): parisc: Check region is readable by user in raw_copy_from_user() parisc: Define and use set_pte_at() parisc: Drop WARN_ON_ONCE() from flush_cache_vmap parisc: Rename pte_needs_flush() to pte_needs_cache_flush() in cache.c parisc: Revise __get_user() to probe user read access parisc: Revise gateway LWS calls to probe user read access parisc: Try to fixup kernel exception in bad_area_nosemaphore path of do_page_fault() parisc: Update comments in make_insert_tlb John Ernberg (1): crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP Jon Hunter (1): soc/tegra: pmc: Ensure power-domains are in a known state Jonathan Cameron (3): iio: light: Use aligned_s64 instead of open coding alignment. iio: light: as73211: Ensure buffer holes are zeroed iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 Jordan Rhee (1): gve: prevent ethtool ops after shutdown Jorge Ramirez-Ortiz (2): media: venus: hfi: explicitly release IRQ during teardown media: venus: protect against spurious interrupts during probe José Expósito (2): drm/tests: Fix endian warning drm/tests: Fix drm_test_fb_xrgb8888_to_xrgb2101010() on big-endian Judith Mendez (6): arm64: dts: ti: k3-am62-main: Remove eMMC High Speed DDR support arm64: dts: ti: k3-am6*: Add boot phase flag to support MMC boot arm64: dts: ti: k3-am62*: Add non-removable flag for eMMC arm64: dts: ti: k3-am6*: Remove disable-wp for eMMC arm64: dts: ti: k3-am62*: Move eMMC pinmux to top level board file mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 Junxian Huang (1): RDMA/hns: Fix dip entries leak on devices newer than hip09 Justin Lai (1): rtase: Fix Rx descriptor CRC error bit definition Kalesh AP (1): RDMA/bnxt_re: Fix a possible memory leak in the driver Kanglong Wang (1): LoongArch: Optimize module load time by optimizing PLT/GOT counting Kashyap Desai (2): RDMA/bnxt_re: Fix to do SRQ armena by default RDMA/bnxt_re: Fix to remove workload check in SRQ limit path Kathiravan Thirumoorthy (1): phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence Kees Cook (1): iommu/amd: Avoid stack buffer overflow from kernel cmdline Keith Busch (1): kvm: retry nx_huge_page_recovery_thread creation Kerem Karabay (1): drm/format-helper: Add conversion from XRGB8888 to BGR888 Konrad Dybcio (1): media: venus: Fix MSM8998 frequency table Krzysztof Kozlowski (3): dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints USB: typec: Use str_enable_disable-like helpers Kuen-Han Tsai (1): usb: dwc3: Ignore late xferNotReady event to prevent halt timeout Kyoji Ogasawara (3): btrfs: fix incorrect log message for nobarrier mount option btrfs: restore mount option info messages during mount btrfs: fix printing of mount info messages for NODATACOW/NODATASUM Laurentiu Mihalcea (1): pwm: imx-tpm: Reset counter if CMOD is 0 Liao Yuanhong (1): ext4: use kmalloc_array() for array space allocation Lijo Lazar (1): drm/amdgpu: Update external revid for GC v9.5.0 Ludwig Disterhof (1): media: usbtv: Lock resolution while streaming Luiz Augusto von Dentz (1): Bluetooth: hci_sync: Fix scan state after PA Sync has been established Lukas Wunner (1): PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge MD Danish Anwar (1): net: ti: icssg-prueth: Fix HSR and switch offload Enablement during firwmare reload. Macpaul Lin (1): scsi: dt-bindings: mediatek,ufs: Add ufs-disable-mcq flag for UFS host Mael GUERIN (1): USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera Marek Szyprowski (1): zynq_fpga: use sgtable-based scatterlist wrappers Marek Vasut (1): usb: renesas-xhci: Fix External ROM access timeouts Mario Limonciello (2): drm/amd: Restore cached power limit during resume drm/amd/display: Avoid a NULL pointer dereference Masami Hiramatsu (Google) (1): tracing: fprobe-event: Sanitize wildcard for fprobe event name Mathis Foerst (1): media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval Matthieu Baerts (NGI0) (2): mptcp: pm: kernel: flush: do not reset ADD_ADDR limit selftests: mptcp: pm: check flush doesn't reset limits Miao Li (1): usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive Miaoqian Lin (1): most: core: Drop device reference after usage in get_channel() Michael Walle (1): mtd: spi-nor: Fix spi_nor_try_unlock_all() Michal Suchanek (1): powerpc/boot: Fix build with gcc 15 Michel Dänzer (1): drm/amd/display: Add primary plane to commits for correct VRR handling Miguel Ojeda (1): rust: alloc: fix `rusttest` by providing `Cmalloc::aligned_layout` too Mike Christie (1): scsi: core: Fix command pass through retry regression Minhong He (1): ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add Muhammad Usama Anjum (1): ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context Myrrh Periwinkle (2): vt: keyboard: Don't process Unicode characters in K_OFF mode vt: defkeymap: Map keycodes above 127 to K_HOLE Namjae Jeon (1): ksmbd: extend the connection limiting mechanism to support IPv6 Naohiro Aota (3): btrfs: zoned: fix write time activation failure for metadata block group btrfs: zoned: requeue to unused block group list if zone finish failed btrfs: subpage: keep TOWRITE tag until folio is cleaned Nathan Chancellor (3): usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() NeilBrown (1): ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp() Nicolas Dufresne (1): media: verisilicon: Fix AV1 decoder clock frequency Nicolin Chen (1): iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement Nitin Gote (1): iosys-map: Fix undefined behavior in iosys_map_clear() Ojaswin Mujoo (2): ext4: fix fsmap end of range reporting with bigalloc ext4: fix reserved gdt blocks handling in fsmap Oren Sidi (1): net/mlx5: Add IFC bits and enums for buf_ownership Parthiban Veerasooran (2): microchip: lan865x: fix missing netif_start_queue() call on device open microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1 Pauli Virtanen (1): Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established Peter Griffin (1): arm64: dts: exynos: gs101: ufs: add dma-coherent property Peter Oberparleiter (3): s390/sclp: Fix SCCB present check s390/hypfs: Avoid unnecessary ioctl registration in debugfs s390/hypfs: Enable limited access during lockdown Peter Shkenev (1): drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities Phillip Lougher (1): squashfs: fix memory leak in squashfs_fill_super Pu Lehui (1): tracing: Limit access to parser->buffer when trace_get_user failed Qingfang Deng (2): net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path ppp: fix race conditions in ppp_fill_forward_path Rafael J. Wysocki (2): PM: runtime: Take active children into account in pm_runtime_get_if_in_use() cpuidle: governors: menu: Avoid selecting states with too much latency Randy Dunlap (1): parisc: Makefile: explain that 64BIT requires both 32-bit and 64-bit compilers Ranjan Kumar (3): scsi: mpi3mr: Fix race between config read submit and interrupt completion scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems Ricardo Ribalda (2): media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. media: venus: venc: Clamp param smaller than 1fps and bigger than 240 Richard Zhu (4): PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset PCI: imx6: Delay link start until configfs 'start' written PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features Sakari Ailus (2): media: ipu6: isys: Use correct pads for xlate_streams() media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() Salah Triki (1): iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() Sebastian Andrzej Siewior (1): kcov, usb: Don't disable interrupts in kcov_remote_start_usb_softirq() Sebastian Reichel (1): usb: typec: fusb302: cache PD RX state Selvarasu Ganesan (1): usb: dwc3: Remove WARN_ON for device endpoint command timeouts SeongJae Park (1): mm/damon/ops-common: ignore migration request to invalid nodes Sergey Shtylyov (1): Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() Shahar Shitrit (1): net/mlx5: Relocate function declarations from port.h to mlx5_core.h Simon Richter (1): Mark xe driver as BROKEN if kernel page size is not 4kB Siyang Liu (1): drm/amd/display: fix a Null pointer dereference vulnerability Srinivas Pandruvada (1): platform/x86/intel-uncore-freq: Check write blocked for ELC Stefan Metzmacher (1): smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() Stefan Wahren (1): spi: spi-fsl-lpspi: Clamp too high speed_hz Steven Rostedt (2): ftrace: Also allocate and copy hash for reading of filter files tracing: Remove unneeded goto out logic Suraj Gupta (1): net: xilinx: axienet: Fix RX skb ring management in DMAengine mode Takashi Iwai (1): ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation Theodore Ts'o (1): ext4: don't try to clear the orphan_present feature block device is r/o Thomas Fourier (2): mtd: rawnand: fsmc: Add missing check after DMA map mtd: rawnand: renesas: Add missing check after DMA map Thomas Weißschuh (1): kbuild: userprogs: use correct linker when mixing clang and GNU ld Thomas Zimmermann (3): drm/format-helper: Move helpers for pixel conversion to header file drm/format-helper: Add generic conversion to 32-bit formats drm/tests: Do not use drm_fb_blit() in format-helper tests Thorsten Blum (3): accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() cdx: Fix off-by-one error in cdx_rpmsg_probe() usb: storage: realtek_cr: Use correct byte order for bcs->Residue Tianxiang Peng (1): x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Tim Harvey (1): hwmon: (gsc-hwmon) fix fan pwm setpoint show functions Timur Kristóf (7): drm/amd/display: Don't overwrite dce60_clk_mgr drm/amd/display: Don't overclock DCE 6 by 15% drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs drm/amd/display: Don't print errors for nonexistent connectors Tom Chung (1): drm/amd/display: Fix Xorg desktop unresponsive on Replay panel Tom Lendacky (1): x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero Tristram Ha (1): net: dsa: microchip: Fix KSZ9477 HSR port setup issue Trond Myklebust (1): NFS: Fix a race when updating an existing write Tzung-Bi Shih (1): platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() Uwe Kleine-König (2): pwm: mediatek: Handle hardware enable and clock enable separately pwm: mediatek: Fix duty and period setting ValdikSS (1): igc: fix disabling L1.2 PCI-E link substate on I226 on init Vedang Nagar (1): media: venus: Add a check for packet size after reading from shared memory Victor Shih (3): mmc: sdhci-pci-gli: Add a new function to simplify the code mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency Vladimir Zapolskiy (1): media: qcom: camss: cleanup media device allocated resource on error path Waiman Long (2): cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key cgroup/cpuset: Fix a partition error with CPU hotplug Wang Liang (1): net: bridge: fix soft lockup in br_multicast_query_expired() Weitao Wang (1): usb: xhci: Fix slot_id resource race conflict Will Deacon (2): vsock/virtio: Validate length in packet header before skb_put() vhost/vsock: Avoid allocating arbitrarily-sized SKBs William Liu (2): net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate Xaver Hugl (1): amdgpu/amdgpu_discovery: increase timeout limit for IFWI init Xu Yang (1): usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test Xu Yilun (1): fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() Yang Li (1): Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF Ye Bin (1): fs/buffer: fix use-after-free when call bh_read() helper Youssef Samir (1): bus: mhi: host: Detect events pointing to unexpected TREs Yuichiro Tsuji (1): net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Yunhui Cui (1): serial: 8250: fix panic due to PSLVERR Zenm Chen (1): USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles Zhang Shurong (1): media: ov2659: Fix memory leaks in ov2659_probe() Zhang Yi (1): ext4: fix hole length calculation overflow in non-extent inodes Zhu Yanjun (1): RDMA/rxe: Flush delayed SKBs while releasing RXE resources Ziyan Xu (1): ksmbd: fix refcount leak causing resource not released wenglianfa (1): RDMA/hns: Fix querying wrong SCC context for DIP algorithm

2 weeks, 6 days

1
1
0 0

Linux 6.6.103

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.103 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/display/sprd/sprd,sharkl3-dpu.yaml | 2 Documentation/devicetree/bindings/display/sprd/sprd,sharkl3-dsi-host.yaml | 2 Documentation/filesystems/fscrypt.rst | 37 - Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 Documentation/networking/bonding.rst | 12 Documentation/networking/mptcp-sysctl.rst | 2 Documentation/power/runtime_pm.rst | 5 Makefile | 4 arch/arm/include/asm/topology.h | 1 arch/arm/mach-rockchip/platsmp.c | 15 arch/arm/mach-tegra/reset.c | 2 arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 arch/arm64/boot/dts/ti/k3-am62-verdin.dtsi | 12 arch/arm64/boot/dts/ti/k3-am62a7-sk.dts | 4 arch/arm64/boot/dts/ti/k3-pinctrl.h | 15 arch/arm64/include/asm/acpi.h | 2 arch/arm64/include/asm/topology.h | 1 arch/arm64/kernel/fpsimd.c | 4 arch/arm64/kernel/topology.c | 26 arch/arm64/kernel/traps.c | 1 arch/arm64/mm/fault.c | 1 arch/arm64/mm/ptdump_debugfs.c | 3 arch/loongarch/kernel/module-sections.c | 36 - arch/loongarch/net/bpf_jit.c | 21 arch/m68k/kernel/head.S | 31 arch/mips/crypto/chacha-core.S | 20 arch/mips/include/asm/vpe.h | 8 arch/mips/kernel/process.c | 16 arch/mips/lantiq/falcon/sysctrl.c | 23 arch/parisc/Makefile | 6 arch/parisc/include/asm/pgtable.h | 7 arch/parisc/include/asm/special_insns.h | 28 arch/parisc/include/asm/uaccess.h | 21 arch/parisc/kernel/cache.c | 6 arch/parisc/kernel/entry.S | 17 arch/parisc/kernel/syscall.S | 30 arch/parisc/lib/memcpy.c | 19 arch/parisc/mm/fault.c | 4 arch/powerpc/boot/Makefile | 1 arch/powerpc/include/asm/floppy.h | 5 arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 arch/riscv/include/asm/topology.h | 1 arch/s390/hypfs/hypfs_dbfs.c | 19 arch/s390/include/asm/timex.h | 13 arch/s390/kernel/time.c | 2 arch/s390/mm/dump_pagetables.c | 2 arch/s390/mm/pgalloc.c | 5 arch/um/include/asm/thread_info.h | 4 arch/um/kernel/process.c | 20 arch/x86/include/asm/kvm-x86-ops.h | 2 arch/x86/include/asm/kvm_host.h | 22 arch/x86/include/asm/msr-index.h | 1 arch/x86/include/asm/xen/hypercall.h | 5 arch/x86/kernel/cpu/bugs.c | 5 arch/x86/kernel/cpu/hygon.c | 3 arch/x86/kvm/hyperv.c | 3 arch/x86/kvm/lapic.c | 19 arch/x86/kvm/lapic.h | 1 arch/x86/kvm/svm/svm.c | 42 - arch/x86/kvm/svm/vmenter.S | 9 arch/x86/kvm/trace.h | 9 arch/x86/kvm/vmx/nested.c | 26 arch/x86/kvm/vmx/pmu_intel.c | 8 arch/x86/kvm/vmx/vmx.c | 164 ++-- arch/x86/kvm/vmx/vmx.h | 31 arch/x86/kvm/x86.c | 46 - block/blk-core.c | 26 block/blk-settings.c | 2 crypto/jitterentropy-kcapi.c | 9 drivers/acpi/acpi_processor.c | 2 drivers/acpi/apei/ghes.c | 13 drivers/acpi/pfr_update.c | 2 drivers/acpi/prmt.c | 26 drivers/acpi/processor_perflib.c | 11 drivers/ata/Kconfig | 35 drivers/ata/libata-sata.c | 5 drivers/ata/libata-scsi.c | 58 - drivers/base/arch_topology.c | 69 + drivers/base/power/runtime.c | 59 + drivers/block/drbd/drbd_receiver.c | 6 drivers/block/loop.c | 38 - drivers/block/sunvdc.c | 4 drivers/bus/mhi/host/boot.c | 8 drivers/bus/mhi/host/internal.h | 4 drivers/bus/mhi/host/main.c | 12 drivers/cdx/controller/cdx_rpmsg.c | 3 drivers/char/ipmi/ipmi_msghandler.c | 8 drivers/char/ipmi/ipmi_watchdog.c | 59 + drivers/char/misc.c | 4 drivers/clk/qcom/gcc-ipq5018.c | 2 drivers/clk/tegra/clk-periph.c | 4 drivers/comedi/comedi_fops.c | 36 - drivers/comedi/comedi_internal.h | 1 drivers/comedi/drivers.c | 36 - drivers/comedi/drivers/pcl726.c | 3 drivers/cpufreq/armada-8k-cpufreq.c | 2 drivers/cpufreq/cppc_cpufreq.c | 2 drivers/cpufreq/cpufreq.c | 12 drivers/cpuidle/governors/menu.c | 96 -- drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 drivers/crypto/intel/qat/qat_common/adf_common_drv.h | 1 drivers/crypto/intel/qat/qat_common/adf_init.c | 1 drivers/crypto/intel/qat/qat_common/adf_isr.c | 5 drivers/crypto/intel/qat/qat_common/qat_algs.c | 12 drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 drivers/devfreq/governor_userspace.c | 6 drivers/dma/stm32-dma.c | 2 drivers/edac/synopsys_edac.c | 97 +- drivers/firmware/tegra/Kconfig | 5 drivers/fpga/zynq-fpga.c | 10 drivers/gpio/gpio-mlxbf2.c | 2 drivers/gpio/gpio-mlxbf3.c | 54 - drivers/gpio/gpio-tps65912.c | 7 drivers/gpio/gpio-virtio.c | 9 drivers/gpio/gpio-wcd934x.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6 drivers/gpu/drm/amd/amdgpu/mmhub_v3_0_1.c | 57 - drivers/gpu/drm/amd/amdkfd/kfd_module.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 6 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c | 9 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_psr.c | 6 drivers/gpu/drm/amd/display/dc/bios/command_table.c | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 1 drivers/gpu/drm/amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 - drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 drivers/gpu/drm/amd/display/dc/link/link_dpms.c | 3 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 - drivers/gpu/drm/display/drm_dp_helper.c | 2 drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c | 4 drivers/gpu/drm/i915/intel_runtime_pm.c | 5 drivers/gpu/drm/msm/msm_gem.c | 3 drivers/gpu/drm/msm/msm_gem.h | 6 drivers/gpu/drm/nouveau/nvif/vmm.c | 3 drivers/gpu/drm/renesas/rcar-du/rzg2l_mipi_dsi.c | 3 drivers/gpu/drm/ttm/ttm_pool.c | 8 drivers/gpu/drm/ttm/ttm_resource.c | 3 drivers/hid/hid-apple.c | 13 drivers/hid/hid-magicmouse.c | 56 + drivers/hwmon/emc2305.c | 10 drivers/hwmon/gsc-hwmon.c | 4 drivers/i2c/i2c-core-acpi.c | 1 drivers/i3c/internals.h | 1 drivers/i3c/master.c | 4 drivers/idle/intel_idle.c | 2 drivers/iio/adc/ad7768-1.c | 23 drivers/iio/adc/ad_sigma_delta.c | 6 drivers/iio/imu/bno055/bno055.c | 11 drivers/iio/imu/inv_icm42600/inv_icm42600.h | 8 drivers/iio/imu/inv_icm42600/inv_icm42600_accel.c | 33 drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.c | 22 drivers/iio/imu/inv_icm42600/inv_icm42600_buffer.h | 10 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 6 drivers/iio/imu/inv_icm42600/inv_icm42600_gyro.c | 43 - drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 12 drivers/iio/light/as73211.c | 2 drivers/iio/pressure/bmp280-core.c | 9 drivers/iio/proximity/isl29501.c | 16 drivers/iio/temperature/maxim_thermocouple.c | 26 drivers/infiniband/core/nldev.c | 22 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 30 drivers/infiniband/hw/bnxt_re/qplib_fp.h | 2 drivers/infiniband/hw/bnxt_re/qplib_res.c | 2 drivers/infiniband/hw/erdma/erdma_verbs.c | 4 drivers/infiniband/hw/hfi1/affinity.c | 44 - drivers/infiniband/sw/siw/siw_qp_tx.c | 5 drivers/iommu/amd/init.c | 4 drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 1 drivers/iommu/iommufd/io_pagetable.c | 48 - drivers/leds/flash/leds-qcom-flash.c | 178 ++++ drivers/leds/leds-lp50xx.c | 11 drivers/leds/trigger/ledtrig-netdev.c | 16 drivers/md/dm-ps-historical-service-time.c | 4 drivers/md/dm-ps-queue-length.c | 4 drivers/md/dm-ps-round-robin.c | 4 drivers/md/dm-ps-service-time.c | 4 drivers/md/dm-table.c | 10 drivers/md/dm-zoned-target.c | 2 drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3 drivers/media/dvb-frontends/dib7000p.c | 8 drivers/media/i2c/ccs/ccs-core.c | 2 drivers/media/i2c/hi556.c | 26 drivers/media/i2c/ov2659.c | 3 drivers/media/i2c/tc358743.c | 86 +- drivers/media/pci/intel/ivsc/mei_ace.c | 2 drivers/media/pci/intel/ivsc/mei_csi.c | 2 drivers/media/platform/qcom/camss/camss.c | 4 drivers/media/platform/qcom/venus/core.c | 8 drivers/media/platform/qcom/venus/core.h | 2 drivers/media/platform/qcom/venus/hfi_msgs.c | 83 +- drivers/media/platform/qcom/venus/hfi_venus.c | 5 drivers/media/platform/qcom/venus/vdec.c | 5 drivers/media/platform/qcom/venus/venc.c | 5 drivers/media/platform/verisilicon/rockchip_vpu_hw.c | 9 drivers/media/test-drivers/vivid/vivid-ctrls.c | 3 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 4 drivers/media/usb/gspca/vicam.c | 10 drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 drivers/media/usb/usbtv/usbtv-video.c | 4 drivers/media/usb/uvc/uvc_driver.c | 3 drivers/media/usb/uvc/uvc_video.c | 21 drivers/media/v4l2-core/v4l2-common.c | 8 drivers/media/v4l2-core/v4l2-ctrls-core.c | 1 drivers/memstick/core/memstick.c | 1 drivers/memstick/host/rtsx_usb_ms.c | 1 drivers/mfd/axp20x.c | 3 drivers/misc/cardreader/rtsx_usb.c | 16 drivers/misc/mei/bus.c | 6 drivers/mmc/host/rtsx_usb_sdmmc.c | 4 drivers/mmc/host/sdhci-msm.c | 14 drivers/mmc/host/sdhci-pci-gli.c | 35 drivers/most/core.c | 2 drivers/mtd/nand/raw/fsmc_nand.c | 2 drivers/mtd/nand/raw/renesas-nand-controller.c | 6 drivers/mtd/nand/spi/core.c | 5 drivers/mtd/spi-nor/swp.c | 19 drivers/net/bonding/bond_3ad.c | 224 +++++- drivers/net/bonding/bond_main.c | 1 drivers/net/bonding/bond_netlink.c | 16 drivers/net/bonding/bond_options.c | 29 drivers/net/dsa/b53/b53_common.c | 65 + drivers/net/dsa/b53/b53_regs.h | 2 drivers/net/ethernet/agere/et131x.c | 36 + drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2 drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 + drivers/net/ethernet/atheros/ag71xx.c | 9 drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 drivers/net/ethernet/emulex/benet/be_main.c | 8 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14 drivers/net/ethernet/freescale/fec_main.c | 34 drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 drivers/net/ethernet/google/gve/gve_adminq.c | 1 drivers/net/ethernet/google/gve/gve_main.c | 2 drivers/net/ethernet/intel/igc/igc_main.c | 14 drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4 drivers/net/ethernet/marvell/octeontx2/af/rvu_npc_fs.c | 4 drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 2 drivers/net/ethernet/mediatek/mtk_wed.c | 1 drivers/net/ethernet/mellanox/mlx5/core/en/port_buffer.c | 18 drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2 drivers/net/ethernet/mellanox/mlx5/core/esw/devlink_port.c | 4 drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2 drivers/net/ethernet/mellanox/mlxsw/trap.h | 1 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 7 drivers/net/ethernet/ti/icssg/icss_iep.c | 26 drivers/net/hyperv/hyperv_net.h | 3 drivers/net/hyperv/netvsc_drv.c | 29 drivers/net/ipa/ipa_smp2p.c | 2 drivers/net/phy/micrel.c | 12 drivers/net/phy/mscc/mscc.h | 12 drivers/net/phy/mscc/mscc_main.c | 12 drivers/net/phy/mscc/mscc_ptp.c | 49 + drivers/net/phy/smsc.c | 1 drivers/net/ppp/ppp_generic.c | 17 drivers/net/thunderbolt/main.c | 21 drivers/net/usb/asix_devices.c | 1 drivers/net/usb/cdc_ncm.c | 20 drivers/net/wireless/ath/ath11k/ce.c | 3 drivers/net/wireless/ath/ath11k/dp_rx.c | 3 drivers/net/wireless/ath/ath11k/hal.c | 33 drivers/net/wireless/ath/ath12k/ce.c | 3 drivers/net/wireless/ath/ath12k/dp.c | 3 drivers/net/wireless/ath/ath12k/hal.c | 38 - drivers/net/wireless/ath/ath12k/hw.c | 2 drivers/net/wireless/ath/ath12k/wmi.c | 5 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 drivers/net/wireless/intel/iwlwifi/mvm/d3.c | 2 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 drivers/net/wireless/mediatek/mt76/mt7915/mcu.c | 25 drivers/net/wireless/realtek/rtlwifi/pci.c | 23 drivers/net/wireless/realtek/rtw89/core.c | 3 drivers/net/wireless/realtek/rtw89/fw.c | 9 drivers/net/wireless/realtek/rtw89/fw.h | 2 drivers/net/wireless/realtek/rtw89/mac.c | 19 drivers/net/wireless/realtek/rtw89/reg.h | 1 drivers/net/xen-netfront.c | 5 drivers/nvme/host/pci.c | 24 drivers/pci/controller/dwc/pci-imx6.c | 7 drivers/pci/controller/pcie-rockchip-host.c | 49 - drivers/pci/controller/pcie-rockchip.h | 11 drivers/pci/endpoint/pci-ep-cfs.c | 1 drivers/pci/endpoint/pci-epf-core.c | 2 drivers/pci/pci-acpi.c | 4 drivers/pci/pci.c | 10 drivers/pci/probe.c | 2 drivers/perf/cxl_pmu.c | 2 drivers/phy/qualcomm/phy-qcom-m31.c | 14 drivers/phy/rockchip/phy-rockchip-pcie.c | 3 drivers/pinctrl/stm32/pinctrl-stm32.c | 1 drivers/platform/chrome/cros_ec.c | 3 drivers/platform/chrome/cros_ec_typec.c | 4 drivers/platform/x86/amd/pmc/pmc-quirks.c | 9 drivers/platform/x86/thinkpad_acpi.c | 4 drivers/pmdomain/imx/imx8m-blk-ctrl.c | 10 drivers/power/supply/qcom_battmgr.c | 2 drivers/pps/clients/pps-gpio.c | 5 drivers/ptp/ptp_clock.c | 2 drivers/ptp/ptp_private.h | 5 drivers/ptp/ptp_vclock.c | 7 drivers/pwm/pwm-imx-tpm.c | 9 drivers/pwm/pwm-mediatek.c | 71 + drivers/remoteproc/imx_rproc.c | 4 drivers/reset/Kconfig | 10 drivers/rtc/rtc-ds1307.c | 15 drivers/s390/char/sclp.c | 11 drivers/scsi/aacraid/comminit.c | 3 drivers/scsi/bfa/bfad_im.c | 1 drivers/scsi/libiscsi.c | 3 drivers/scsi/lpfc/lpfc_debugfs.c | 1 drivers/scsi/lpfc/lpfc_scsi.c | 4 drivers/scsi/mpi3mr/mpi3mr.h | 6 drivers/scsi/mpi3mr/mpi3mr_fw.c | 17 drivers/scsi/mpi3mr/mpi3mr_os.c | 22 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/scsi/scsi_scan.c | 2 drivers/scsi/scsi_transport_sas.c | 60 + drivers/soc/qcom/mdt_loader.c | 53 + drivers/soc/qcom/rpmh-rsc.c | 2 drivers/soc/tegra/pmc.c | 51 - drivers/soundwire/amd_manager.c | 6 drivers/soundwire/bus.c | 6 drivers/spi/spi-fsl-lpspi.c | 8 drivers/staging/media/imx/imx-media-csc-scaler.c | 2 drivers/target/target_core_fabric_lib.c | 63 + drivers/target/target_core_internal.h | 4 drivers/target/target_core_pr.c | 18 drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 - drivers/thermal/thermal_sysfs.c | 9 drivers/thunderbolt/domain.c | 2 drivers/tty/serial/8250/8250_port.c | 3 drivers/tty/vt/defkeymap.c_shipped | 112 +++ drivers/tty/vt/keyboard.c | 2 drivers/ufs/core/ufshcd-priv.h | 2 drivers/ufs/host/ufs-exynos.c | 4 drivers/ufs/host/ufshcd-pci.c | 42 + drivers/usb/atm/cxacru.c | 106 +- drivers/usb/class/cdc-acm.c | 11 drivers/usb/core/config.c | 10 drivers/usb/core/hcd.c | 8 drivers/usb/core/quirks.c | 1 drivers/usb/core/urb.c | 2 drivers/usb/dwc3/dwc3-imx8mp.c | 6 drivers/usb/dwc3/dwc3-meson-g12a.c | 3 drivers/usb/dwc3/dwc3-pci.c | 2 drivers/usb/dwc3/ep0.c | 20 drivers/usb/dwc3/gadget.c | 19 drivers/usb/gadget/udc/renesas_usb3.c | 1 drivers/usb/host/xhci-hub.c | 3 drivers/usb/host/xhci-mem.c | 24 drivers/usb/host/xhci-pci-renesas.c | 7 drivers/usb/host/xhci-ring.c | 19 drivers/usb/host/xhci.c | 27 drivers/usb/host/xhci.h | 3 drivers/usb/musb/omap2430.c | 14 drivers/usb/storage/realtek_cr.c | 2 drivers/usb/storage/unusual_devs.h | 29 drivers/usb/typec/mux/intel_pmc_mux.c | 2 drivers/usb/typec/tcpm/fusb302.c | 8 drivers/usb/typec/tcpm/maxim_contaminant.c | 54 + drivers/usb/typec/tcpm/tcpci_maxim.h | 1 drivers/usb/typec/ucsi/psy.c | 2 drivers/usb/typec/ucsi/ucsi.c | 1 drivers/usb/typec/ucsi/ucsi.h | 7 drivers/vfio/pci/mlx5/cmd.c | 4 drivers/vfio/vfio_iommu_type1.c | 7 drivers/vhost/vhost.c | 3 drivers/vhost/vsock.c | 6 drivers/video/console/vgacon.c | 2 drivers/video/fbdev/core/fbcon.c | 9 drivers/video/fbdev/core/fbmem.c | 3 drivers/virt/coco/efi_secret/efi_secret.c | 10 drivers/watchdog/dw_wdt.c | 2 drivers/watchdog/iTCO_wdt.c | 6 drivers/watchdog/sbsa_gwdt.c | 50 + fs/btrfs/backref.c | 6 fs/btrfs/block-group.c | 61 + fs/btrfs/block-group.h | 11 fs/btrfs/block-rsv.c | 2 fs/btrfs/block-rsv.h | 2 fs/btrfs/btrfs_inode.h | 3 fs/btrfs/ctree.c | 24 fs/btrfs/ctree.h | 6 fs/btrfs/delayed-inode.c | 12 fs/btrfs/discard.c | 4 fs/btrfs/extent-tree.c | 33 fs/btrfs/file-item.c | 4 fs/btrfs/file-item.h | 2 fs/btrfs/free-space-tree.c | 17 fs/btrfs/inode-item.c | 10 fs/btrfs/inode-item.h | 4 fs/btrfs/inode.c | 26 fs/btrfs/qgroup.c | 31 fs/btrfs/relocation.c | 19 fs/btrfs/send.c | 359 +++++----- fs/btrfs/space-info.c | 17 fs/btrfs/space-info.h | 6 fs/btrfs/tree-log.c | 72 +- fs/btrfs/tree-mod-log.c | 14 fs/btrfs/tree-mod-log.h | 6 fs/btrfs/zoned.c | 20 fs/btrfs/zoned.h | 4 fs/buffer.c | 2 fs/crypto/fscrypt_private.h | 16 fs/crypto/hkdf.c | 2 fs/crypto/keysetup.c | 3 fs/crypto/keysetup_v1.c | 3 fs/eventpoll.c | 60 + fs/exfat/dir.c | 12 fs/exfat/fatent.c | 10 fs/exfat/namei.c | 5 fs/exfat/super.c | 32 fs/ext2/inode.c | 12 fs/ext4/fsmap.c | 23 fs/ext4/indirect.c | 4 fs/ext4/inline.c | 19 fs/ext4/inode.c | 2 fs/ext4/mballoc.c | 67 - fs/ext4/orphan.c | 5 fs/ext4/super.c | 8 fs/f2fs/file.c | 24 fs/f2fs/node.c | 10 fs/file.c | 90 +- fs/gfs2/meta_io.c | 2 fs/hfs/bfind.c | 3 fs/hfs/bnode.c | 93 ++ fs/hfs/btree.c | 57 + fs/hfs/extent.c | 2 fs/hfs/hfs_fs.h | 1 fs/hfsplus/bnode.c | 92 ++ fs/hfsplus/unicode.c | 7 fs/hfsplus/xattr.c | 6 fs/hugetlbfs/inode.c | 2 fs/jbd2/checkpoint.c | 1 fs/jfs/file.c | 3 fs/jfs/inode.c | 2 fs/jfs/jfs_dmap.c | 6 fs/libfs.c | 4 fs/namespace.c | 34 fs/nfs/blocklayout/blocklayout.c | 4 fs/nfs/blocklayout/dev.c | 5 fs/nfs/blocklayout/extent_tree.c | 20 fs/nfs/client.c | 44 + fs/nfs/internal.h | 2 fs/nfs/nfs4client.c | 20 fs/nfs/nfs4proc.c | 2 fs/nfs/pnfs.c | 11 fs/nfsd/nfs4state.c | 34 fs/ntfs3/dir.c | 3 fs/ntfs3/inode.c | 31 fs/orangefs/orangefs-debugfs.c | 2 fs/smb/client/cifssmb.c | 10 fs/smb/client/connect.c | 10 fs/smb/client/sess.c | 9 fs/smb/client/smb2ops.c | 11 fs/smb/client/smbdirect.c | 24 fs/smb/server/connection.c | 3 fs/smb/server/connection.h | 7 fs/smb/server/oplock.c | 13 fs/smb/server/smb2pdu.c | 16 fs/smb/server/transport_rdma.c | 5 fs/smb/server/transport_rdma.h | 4 fs/smb/server/transport_tcp.c | 26 fs/squashfs/super.c | 14 fs/tracefs/inode.c | 11 fs/udf/super.c | 13 fs/xfs/xfs_itable.c | 6 include/linux/arch_topology.h | 8 include/linux/blk_types.h | 6 include/linux/compiler.h | 8 include/linux/cpufreq.h | 1 include/linux/energy_model.h | 6 include/linux/fs.h | 4 include/linux/hypervisor.h | 3 include/linux/if_vlan.h | 21 include/linux/iosys-map.h | 7 include/linux/memfd.h | 14 include/linux/mm.h | 82 +- include/linux/pci.h | 10 include/linux/pm_runtime.h | 18 include/linux/sched/topology.h | 8 include/linux/skbuff.h | 8 include/linux/usb/cdc_ncm.h | 1 include/linux/virtio_vsock.h | 7 include/net/bond_3ad.h | 3 include/net/bond_options.h | 1 include/net/bonding.h | 23 include/net/cfg80211.h | 2 include/net/mac80211.h | 2 include/net/neighbour.h | 1 include/net/net_namespace.h | 16 include/net/sock.h | 1 include/trace/events/btrfs.h | 6 include/trace/events/thp.h | 2 include/uapi/linux/if_link.h | 1 include/uapi/linux/in6.h | 4 include/uapi/linux/io_uring.h | 2 include/uapi/linux/pfrut.h | 1 io_uring/net.c | 19 kernel/bpf/verifier.c | 3 kernel/cgroup/cpuset.c | 2 kernel/fork.c | 2 kernel/module/main.c | 10 kernel/power/console.c | 7 kernel/rcu/tree.c | 2 kernel/rcu/tree.h | 14 kernel/rcu/tree_plugin.h | 44 - kernel/sched/cpufreq_schedutil.c | 30 kernel/sched/fair.c | 19 kernel/trace/ftrace.c | 19 kernel/trace/trace.c | 33 kernel/trace/trace.h | 10 mm/debug_vm_pgtable.c | 9 mm/filemap.c | 2 mm/kmemleak.c | 10 mm/madvise.c | 2 mm/memfd.c | 2 mm/memory-failure.c | 8 mm/mmap.c | 12 mm/ptdump.c | 2 mm/shmem.c | 2 net/bluetooth/hci_conn.c | 3 net/bluetooth/hci_event.c | 8 net/bluetooth/hci_sock.c | 2 net/bridge/br_multicast.c | 16 net/bridge/br_private.h | 2 net/core/dev.c | 12 net/core/neighbour.c | 12 net/core/net_namespace.c | 8 net/core/sock.c | 27 net/hsr/hsr_slave.c | 8 net/ipv4/netfilter/nf_reject_ipv4.c | 6 net/ipv4/route.c | 1 net/ipv4/udp_offload.c | 2 net/ipv6/addrconf.c | 7 net/ipv6/mcast.c | 11 net/ipv6/netfilter/nf_reject_ipv6.c | 5 net/ipv6/seg6_hmac.c | 6 net/mac80211/cfg.c | 12 net/mac80211/chan.c | 1 net/mac80211/mlme.c | 9 net/mac80211/rx.c | 12 net/mctp/af_mctp.c | 26 net/mptcp/options.c | 6 net/mptcp/pm_netlink.c | 19 net/mptcp/subflow.c | 5 net/ncsi/internal.h | 2 net/ncsi/ncsi-rsp.c | 1 net/netfilter/nf_conntrack_netlink.c | 24 net/netlink/af_netlink.c | 12 net/rds/tcp.c | 8 net/sched/sch_cake.c | 14 net/sched/sch_ets.c | 36 - net/sched/sch_htb.c | 2 net/sctp/input.c | 2 net/smc/af_smc.c | 8 net/sunrpc/svcsock.c | 5 net/sunrpc/xprtsock.c | 8 net/tls/tls.h | 2 net/tls/tls_strp.c | 11 net/tls/tls_sw.c | 10 net/vmw_vsock/virtio_transport.c | 14 net/wireless/mlme.c | 3 net/xfrm/xfrm_state.c | 72 +- scripts/kconfig/gconf.c | 8 scripts/kconfig/lxdialog/inputbox.c | 6 scripts/kconfig/lxdialog/menubox.c | 2 scripts/kconfig/nconf.c | 2 scripts/kconfig/nconf.gui.c | 1 security/apparmor/file.c | 6 security/apparmor/include/lib.h | 6 security/inode.c | 2 sound/core/pcm_native.c | 19 sound/hda/hdac_device.c | 2 sound/pci/hda/hda_codec.c | 42 - sound/pci/hda/patch_ca0132.c | 2 sound/pci/hda/patch_realtek.c | 4 sound/pci/intel8x0.c | 2 sound/soc/codecs/hdac_hdmi.c | 10 sound/soc/codecs/rt5640.c | 5 sound/soc/fsl/fsl_sai.c | 20 sound/soc/intel/avs/core.c | 3 sound/soc/qcom/lpass-platform.c | 27 sound/soc/soc-core.c | 3 sound/soc/soc-dapm.c | 4 sound/usb/mixer_quirks.c | 14 sound/usb/stream.c | 25 sound/usb/validate.c | 14 tools/bpf/bpftool/main.c | 6 tools/include/nolibc/std.h | 4 tools/include/nolibc/types.h | 4 tools/include/uapi/linux/if_link.h | 1 tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 4 tools/scripts/Makefile.include | 4 tools/testing/ktest/ktest.pl | 5 tools/testing/selftests/arm64/fp/sve-ptrace.c | 3 tools/testing/selftests/bpf/prog_tests/user_ringbuf.c | 10 tools/testing/selftests/bpf/progs/verifier_unpriv.c | 2 tools/testing/selftests/ftrace/test.d/ftrace/func-filter-glob.tc | 2 tools/testing/selftests/futex/include/futextest.h | 11 tools/testing/selftests/memfd/memfd_test.c | 43 + tools/testing/selftests/net/mptcp/pm_netlink.sh | 1 612 files changed, 6026 insertions(+), 2723 deletions(-) Aahil Awatramani (1): bonding: Add independent control state machine Aakash Kumar S (1): xfrm: Duplicate SPI Handling Aaron Kling (1): ARM: tegra: Use I/O memcpy to write to IRAM Aaron Plattner (1): watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition Abel Vesa (1): power: supply: qcom_battmgr: Add lithium-polymer entry Aditya Garg (2): HID: magicmouse: avoid setting up battery timer when not needed HID: apple: avoid setting up battery timer for devices without battery Adrian Hunter (1): scsi: ufs: ufs-pci: Fix default runtime and system PM levels Al Viro (5): better lockdep annotations for simple_recursive_removal() fix locking in efi_secret_unlink() securityfs: don't pin dentries twice, once is enough... use uniform permission checks for all mount propagation changes alloc_fdtable(): change calling conventions. Alex Deucher (1): drm/amdgpu: update mmhub 3.0.1 client id mappings Alex Guo (2): media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alexander Kochetkov (1): ARM: rockchip: fix kernel hang during smp initialization Alexander Sverdlin (1): arm64: dts: ti: k3-pinctrl: Enable Schmitt Trigger by default Alexander Wilhelm (1): bus: mhi: host: Fix endianness of BHI vector table Alexey Klimov (1): iommu/arm-smmu-qcom: Add SM6115 MDSS compatible Alok Tiwari (6): net: ti: icss-iep: Fix incorrect type for return value in extts_enable() ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 be2net: Use correct byte order and format string for TCP seq and ack_seq net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() perf/cxlpmu: Remove unintended newline from IRQ name format string gve: Return error for unknown admin queue command Amber Lin (1): drm/amdkfd: Destroy KFD debugfs after destroy KFD wq Amelie Delaunay (1): dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs Amir Mohammad Jahangirzad (1): fs/orangefs: use snprintf() instead of sprintf() Amit Sunil Dhamne (2): usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean usb: typec: maxim_contaminant: disable low power mode when reading comparator values Anantha Prabhu (1): RDMA/bnxt_re: Fix to initialize the PBL array Andreas Dilger (1): ext4: check fast symlink for ea_inode correctly Andrew Price (1): gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops André Draszik (1): scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE Andy Shevchenko (2): Documentation: ACPI: Fix parent device references iio: imu: inv_icm42600: Convert to uXX and sXX integer types Anshuman Khandual (1): mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Anthoine Bourgeois (1): xen/netfront: Fix TX response spurious interrupts Archana Patni (1): scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers Armen Ratner (1): net/mlx5e: Preserve shared buffer capacity during headroom updates Arnaud Lecomte (1): jfs: upper bound check of tree index in dbAllocAG Arnd Bergmann (1): RDMA/core: reduce stack using in nldev_stat_get_doit() Artem Sadovnikov (1): vfio/mlx5: fix possible overflow in tracking max message size Avraham Stern (1): wifi: iwlwifi: mvm: fix scan request validation Baihan Li (1): drm/hisilicon/hibmc: fix the hibmc loaded failed bug Baokun Li (4): ext4: fix zombie groups in average fragment size lists ext4: fix largest free orders lists corruption on mb_optimize_scan switch jbd2: prevent softlockup in jbd2_log_do_checkpoint() ext4: preserve SB_I_VERSION on remount Bartosz Golaszewski (2): gpio: wcd934x: check the return value of regmap_update_bits() gpio: tps65912: check the return value of regmap_update_bits() Benjamin Marzinski (1): dm-table: fix checking for rq stackable devices Benson Leung (1): usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default Bharat Bhushan (1): crypto: octeontx2 - add timeout for load_fvc completion poll Biju Das (1): net: phy: micrel: Add ksz9131_resume() Bingbu Cao (1): media: hi556: correct the test pattern configuration Bitterblue Smith (3): wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB wifi: rtw89: Fix rtw89_mac_power_switch() for USB wifi: rtw89: Disable deep power saving for USB/SDIO Bjorn Andersson (2): soc: qcom: mdt_loader: Actually use the e_phoff soc: qcom: mdt_loader: Ensure we don't read past the ELF header Bjorn Helgaas (1): mmc: sdhci-pci-gli: Use PCI AER definitions, not hard-coded values Boris Burkov (1): btrfs: fix ssd_spread overallocation Boshi Yu (1): RDMA/erdma: Fix ignored return value of init_kernel_qp Breno Leitao (5): ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path arm64: Mark kernel as tainted on SAE and SError panic ptp: Use ratelimite for freerun error message ipmi: Use dev_warn_ratelimited() for incorrect message warnings mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock Buday Csaba (1): net: phy: smsc: add proper reset flags for LAN8710A Cezary Rojewski (1): ASoC: Intel: avs: Fix uninitialized pointer error in probe() Chao Gao (1): KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID Chao Yu (1): f2fs: fix to avoid out-of-boundary access in dnode page Charles Keepax (1): soundwire: Move handle_nested_irq outside of sdw_dev_lock Cheick Traore (1): pinctrl: stm32: Manage irq affinity settings Chen Yu (1): ACPI: pfr_update: Fix the driver update version check Chen-Yu Tsai (1): mfd: axp20x: Set explicit ID for AXP313 regulator Chenyuan Yang (1): drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() Chris Mason (1): sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails Christian Loehle (1): cpuidle: menu: Remove iowait influence Christoph Hellwig (2): block: reject invalid operation in submit_bio_noacct xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags Christoph Paasch (1): mptcp: drop skb if MPTCP skb extension allocation fails Christophe Leroy (1): ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop Christopher Eby (1): ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks Corey Minyard (1): ipmi: Fix strcpy source and destination the same Cristian Ciocaltea (1): ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Cynthia Huang (1): selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t D. Wythe (1): net/smc: fix UAF on smcsk after smc_listen_out() Dai Ngo (1): NFSD: detect mismatch of file handle and delegation stateid in OPEN op Damien Le Moal (9): ata: libata-sata: Disallow changing LPM state if not supported scsi: mpt3sas: Correctly handle ATA device errors scsi: mpi3mr: Correctly handle ATA device errors ata: libata-scsi: Fix ata_to_sense_error() status handling PCI: endpoint: Fix configfs group list head handling PCI: endpoint: Fix configfs group removal on driver teardown block: Make REQ_OP_ZONE_FINISH a write operation ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig ata: libata-scsi: Return aborted command when missing sense and result TF Dan Carpenter (5): cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() media: gspca: Add bounds checking to firmware parser soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() scsi: qla4xxx: Prevent a potential error pointer dereference ALSA: usb-audio: Fix size validation in convert_chmap_v3() Daniel Golle (1): Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" Daniel Jurgens (1): net/mlx5: Base ECVF devlink port attrs from 0 Dave Stevenson (3): media: tc358743: Check I2C succeeded during probe media: tc358743: Return an appropriate colorspace from tc358743_set_fmt media: tc358743: Increase FIFO trigger level to 374 David Bauer (1): wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch David Collins (1): thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required David Lechner (6): iio: adc: ad_sigma_delta: don't overallocate scan buffer iio: imu: bno055: fix OOB access of hw_xlate array iio: adc: ad_sigma_delta: change to buffer predisable iio: proximity: isl29501: fix buffered read on big-endian systems iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() iio: imu: inv_icm42600: use = { } instead of memset() David Sterba (3): btrfs: move transaction aborts to the error site in add_block_group_free_space() btrfs: open code timespec64 in struct btrfs_inode btrfs: constify more pointer parameters David Thompson (3): gpio: mlxbf2: use platform_get_irq_optional() Revert "gpio: mlxbf3: only get IRQ for device instance 0" gpio: mlxbf3: use platform_get_irq_optional() Davide Caratti (1): net/sched: ets: use old 'nbands' while purging unused classes Edward Adam Davis (2): jfs: Regular file corruption check comedi: pcl726: Prevent invalid irq number Eliav Farber (1): pps: clients: gpio: fix interrupt handling order in remove path Emanuele Ghidoli (1): arm64: dts: ti: k3-am62-verdin: Enable pull-ups on I2C buses Emily Deng (1): drm/ttm: Should to return the evict error Eric Biggers (4): thunderbolt: Fix copy+paste error in match_service_id() lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap ipv6: sr: Fix MAC comparison to be constant-time fscrypt: Don't use problematic non-inline crypto engines Eric Dumazet (2): net: better track kernel sockets lifetime net_sched: sch_ets: implement lockless ets_dump() Eric Work (1): net: atlantic: add set_power to fw_ops for atl2 to fix wol Evgeniy Harchenko (1): ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 Fanhua Li (1): drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). Fedor Pchelkin (1): netlink: avoid infinite retry looping in netlink_unicast() Fenglin Wu (1): leds: flash: leds-qcom-flash: Limit LED current based on thermal condition Filipe Manana (14): btrfs: abort transaction during log replay if walk_log_tree() failed btrfs: clear dirty status from extent buffer on error at insert_new_root() btrfs: fix log tree replay failure due to file with 0 links and extents btrfs: don't ignore inode missing when replaying log tree btrfs: qgroup: fix race between quota disable and quota rescan ioctl btrfs: always abort transaction on failure to add block group to free space tree btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() btrfs: send: factor out common logic when sending xattrs btrfs: send: only use boolean variables at process_recorded_refs() btrfs: send: add and use helper to rename current inode when processing refs btrfs: send: keep the current inode's path cached btrfs: send: avoid path allocation for the current inode when issuing commands btrfs: send: use fallocate for hole punching with send stream v2 btrfs: send: make fs_path_len() inline and constify its argument Finn Thain (1): m68k: Fix lost column on framebuffer debug console Florian Larysch (1): net: phy: micrel: fix KSZ8081/KSZ8091 cable test Florian Westphal (2): netfilter: ctnetlink: fix refcount leak on table dump netfilter: nf_reject: don't leak dst refcount for loopback packets Florin Leotescu (1): hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state Frederic Weisbecker (1): rcu: Fix racy re-initialization of irq_work causing hangs Gabor Juhos (1): mtd: spinand: propagate spinand_wait() errors from spinand_write_page() Gabriel Totev (1): apparmor: shift ouid when mediating hard links in userns Gal Pressman (2): net: vlan: Make is_vlan_dev() a stub when VLAN is not configured net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs Gang Ba (1): drm/amdgpu: Avoid extra evict-restore process. Gautham R. Shenoy (1): pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() Geliang Tang (2): mptcp: remove duplicate sk_reset_timer call mptcp: disable add_addr retransmission when timeout is 0 George Moussalem (1): clk: qcom: ipq5018: keep XO clock always on Gerald Schaefer (1): s390/mm: Remove possible false-positive warning in pte_free_defer() Geraldo Nascimento (3): phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal PCI: rockchip: Use standard PCIe definitions PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining Giovanni Cabiddu (2): crypto: qat - lower priority for skcipher and aead algorithms crypto: qat - flush misc workqueue during device shutdown Greg Kroah-Hartman (1): Linux 6.6.103 Gui-Dong Han (1): media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() Haiyang Zhang (1): hv_netvsc: Fix panic during namespace deletion with VF Hangbin Liu (2): bonding: update LACP activity flag after setting lacp_active bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU Hans Verkuil (1): media: vivid: fix wrong pixel_array control size Hans de Goede (2): mei: bus: Check for still connected devices in mei_cl_bus_dev_release() media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls Haoran Jiang (1): LoongArch: BPF: Fix jump offset calculation in tailcall Haoxiang Li (1): media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() Harald Mommer (1): gpio: virtio: Fix config space reading. Hari Chandrakanthan (1): wifi: mac80211: fix rx link assignment for non-MLO stations Hari Kalavakunta (1): net: ncsi: Fix buffer overflow in fetching version id Hariprasad Kelam (1): Octeontx2-af: Skip overlap check for SPI field Heikki Krogerus (1): usb: dwc3: pci: add support for the Intel Wildcat Lake Heiner Kallweit (1): dpaa_eth: don't use fixed_phy_change_carrier Helge Deller (1): Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" Herton R. Krzesinski (1): mm/debug_vm_pgtable: clear page table entries at destroy_args() Hiago De Franco (1): remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU Hong Guan (1): arm64: dts: ti: k3-am62a7-sk: fix pinmux for main_uart1 Horatiu Vultur (1): phy: mscc: Fix timestamping for vsc8584 Hsin-Te Yuan (1): thermal: sysfs: Return ENODATA instead of EAGAIN for reads Huacai Chen (1): PCI: Extend isolated function probing to LoongArch Ian Abbott (3): comedi: fix race between polling and detaching comedi: Make insn_rw_emulate_bits() do insn->n samples comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() Ido Schimmel (1): mlxsw: spectrum: Forward packets with an IPv4 link-local source IP Igor Pylypiv (1): ata: libata-scsi: Fix CDL control Ihor Solodrai (1): bpf: Make reg_not_null() true for CONST_PTR_TO_MAP Ilan Peer (1): wifi: cfg80211: Fix interface type validation Ilya Bakoulin (1): drm/amd/display: Separate set_gsl from set_gsl_source_select Imre Deak (1): drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Isaac J. Manjarres (4): mm: drop the assumption that VM_SHARED always implies writable mm: update memfd seal write check to include F_SEAL_WRITE mm: reinstate ability to map write-sealed memfd mappings read-only selftests/memfd: add test for mapping write-sealed memfd read-only Jack Xiao (1): drm/amdgpu: fix incorrect vm flags to map bo Jaegeuk Kim (1): f2fs: check the generic conditions first Jakub Acs (1): net, hsr: reject HSR frame if skb can't hold tag Jakub Kicinski (3): tls: handle data disappearing from under the TLS ULP uapi: in6: restore visibility of most IPv6 socket options tls: fix handling of zero-length records on the rx_list Jakub Ramaseuski (1): net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM Jan Beulich (1): compiler: remove __ADDRESSABLE_ASM{_STR,}() again Jan Kara (2): loop: Avoid updating block size under exclusive owner udf: Verify partition map count Jann Horn (1): eventpoll: Fix semi-unbounded recursion Jason Gunthorpe (1): iommufd: Prevent ALIGN() overflow Jason Wang (1): vhost: fail early when __vhost_add_used() fails Jason Xing (1): ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc Jay Chen (1): usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Jean-Baptiste Maneyrol (1): iio: imu: inv_icm42600: change invalid data error to -EBUSY Jeff Layton (1): nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Jens Axboe (1): io_uring/net: commit partial buffers on retry Jeongjun Park (1): ptp: prevent possible ABBA deadlock in ptp_clock_freerun() Jiasheng Jiang (1): scsi: lpfc: Remove redundant assignment to avoid memory leak Jiayi Li (2): ACPI: processor: perflib: Fix initial _PPC limit application memstick: Fix deadlock by moving removing flag earlier Jinjiang Tu (1): mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn Joel Fernandes (1): rcu: Fix rcu_read_unlock() deadloop due to IRQ work Johan Adolfsson (1): leds: leds-lp50xx: Handle reg to get correct multi_index Johan Hovold (15): net: gianfar: fix device leak when querying time stamp info net: enetc: fix device and OF node leak at probe net: mtk_eth_soc: fix device leak at probe net: ti: icss-iep: fix device and OF node leaks at probe net: dpaa: fix device leak when querying time stamp info usb: gadget: udc: renesas_usb3: fix device leak at unbind usb: musb: omap2430: fix device leak at unbind usb: dwc3: meson-g12a: fix device leaks at unbind wifi: ath12k: fix dest ring-buffer corruption wifi: ath12k: fix source ring-buffer corruption wifi: ath12k: fix dest ring-buffer corruption when ring is full wifi: ath11k: fix dest ring-buffer corruption wifi: ath11k: fix source ring-buffer corruption wifi: ath11k: fix dest ring-buffer corruption when ring is full usb: dwc3: imx8mp: fix device leak at unbind Johannes Berg (2): wifi: cfg80211: reject HTC bit for management frames wifi: mac80211: don't complete management TX on SAE commit Johannes Thumshirn (1): btrfs: zoned: use filesystem size not disk size for reclaim decision John David Anglin (8): parisc: Check region is readable by user in raw_copy_from_user() parisc: Define and use set_pte_at() parisc: Drop WARN_ON_ONCE() from flush_cache_vmap parisc: Rename pte_needs_flush() to pte_needs_cache_flush() in cache.c parisc: Revise __get_user() to probe user read access parisc: Revise gateway LWS calls to probe user read access parisc: Try to fixup kernel exception in bad_area_nosemaphore path of do_page_fault() parisc: Update comments in make_insert_tlb John Garry (2): scsi: aacraid: Stop using PCI_IRQ_AFFINITY block: avoid possible overflow for chunk_sectors check in blk_stack_limits() Jon Hunter (1): soc/tegra: pmc: Ensure power-domains are in a known state Jonas Rebmann (1): net: fec: allow disable coalescing Jonathan Cameron (2): iio: light: as73211: Ensure buffer holes are zeroed iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 Jonathan Santos (1): iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement Jordan Rhee (1): gve: prevent ethtool ops after shutdown Jorge Marques (1): i3c: master: Initialize ret in i3c_i2c_notifier_call() Jorge Ramirez-Ortiz (2): media: venus: hfi: explicitly release IRQ during teardown media: venus: protect against spurious interrupts during probe Judith Mendez (1): arm64: dts: ti: k3-am62-main: Remove eMMC High Speed DDR support Justin Tee (1): scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Kanglong Wang (1): LoongArch: Optimize module load time by optimizing PLT/GOT counting Karthikeyan Kathirvel (1): wifi: ath12k: Decrement TID on RX peer frag setup error handling Kashyap Desai (2): RDMA/bnxt_re: Fix to do SRQ armena by default RDMA/bnxt_re: Fix to remove workload check in SRQ limit path Kathiravan Thirumoorthy (1): phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence Kees Cook (3): arm64: Handle KCOV __init vs inline mismatches platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches iommu/amd: Avoid stack buffer overflow from kernel cmdline Keith Busch (2): nvme-pci: try function level reset on init failure vfio/type1: conditional rescheduling while pinning Krzysztof Hałasa (1): imx8m-blk-ctrl: set ISI panic write hurry level Krzysztof Kozlowski (3): dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints leds: flash: leds-qcom-flash: Fix registry access after re-bind Kuen-Han Tsai (1): usb: dwc3: Ignore late xferNotReady event to prevent halt timeout Kuninori Morimoto (1): ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed Kuniyuki Iwashima (2): ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). net: Add net_passive_inc() and net_passive_dec(). Lad Prabhakar (1): drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range Laurentiu Mihalcea (1): pwm: imx-tpm: Reset counter if CMOD is 0 Len Brown (1): intel_idle: Allow loading ACPI tables for any family Leon Romanovsky (1): net/mlx5e: Properly access RCU protected qdisc_sleeping variable Liao Yuanhong (1): ext4: use kmalloc_array() for array space allocation Lifeng Zheng (2): cpufreq: Exit governor when failed to start old governor PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() Lizhi Xu (2): fs/ntfs3: Add sanity check for file name jfs: truncate good inode pages when hard link is 0 Lucy Thrun (1): ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Ludwig Disterhof (1): media: usbtv: Lock resolution while streaming Lukas Wunner (1): PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports Ma Ke (1): sunvdc: Balance device refcount in vdc_port_mpgroup_check Mael GUERIN (1): USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera Manuel Andreas (1): KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush Marek Szyprowski (1): zynq_fpga: use sgtable-based scatterlist wrappers Marek Vasut (1): usb: renesas-xhci: Fix External ROM access timeouts Mario Limonciello (8): platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list usb: xhci: Avoid showing warnings for dying controller usb: xhci: Avoid showing errors during surprise removal drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual drm/amd/display: Only finalize atomic_obj if it was initialized drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported drm/amd: Restore cached power limit during resume drm/amd/display: Avoid a NULL pointer dereference Mark Brown (2): ASoC: hdac_hdmi: Rate limit logging on connection and disconnection kselftest/arm64: Specify SVE data when testing VL set in sve-ptrace Markus Theil (1): crypto: jitter - fix intermediary handling Masahiro Yamada (2): kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() kconfig: gconf: fix potential memory leak in renderer_edited() Masami Hiramatsu (Google) (2): selftests: tracing: Use mutex_unlock for testing glob filter tracing: fprobe-event: Sanitize wildcard for fprobe event name Mateusz Guzik (1): apparmor: use the condition in AA_BUG_FMT even with debug disabled Matt Johnston (1): net: mctp: Prevent duplicate binds Matthieu Baerts (NGI0) (2): mptcp: pm: kernel: flush: do not reset ADD_ADDR limit selftests: mptcp: pm: check flush doesn't reset limits Maulik Shah (1): soc: qcom: rpmh-rsc: Add RSC version 4 support Maurizio Lombardi (1): scsi: target: core: Generate correct identifiers for PR OUT transport IDs Maxim Levitsky (3): KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest Meagan Lloyd (2): rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe Miao Li (1): usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive Miaoqian Lin (1): most: core: Drop device reference after usage in get_channel() Michael Walle (1): mtd: spi-nor: Fix spi_nor_try_unlock_all() Michal Suchanek (1): powerpc/boot: Fix build with gcc 15 Michel Dänzer (1): drm/amd/display: Add primary plane to commits for correct VRR handling Mikhail Lobanov (1): wifi: mac80211: check basic rates validity in sta_link_apply_parameters Mikulas Patocka (1): dm-mpath: don't print the "loaded" message if registering fails Mina Almasry (1): netmem: fix skb_frag_address_safe with unreadable skbs Minhong He (1): ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add Miri Korenblit (1): wifi: iwlwifi: mvm: set gtk id also in older FWs Myrrh Periwinkle (3): usb: typec: ucsi: Update power_supply on power role change vt: keyboard: Don't process Unicode characters in K_OFF mode vt: defkeymap: Map keycodes above 127 to K_HOLE Namjae Jeon (1): ksmbd: extend the connection limiting mechanism to support IPv6 Naohiro Aota (3): btrfs: zoned: do not remove unwritten non-data block group btrfs: zoned: do not select metadata BG as finish target btrfs: zoned: fix write time activation failure for metadata block group Nathan Chancellor (2): usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() NeilBrown (1): smb/server: avoid deadlock when linking with ReplaceIfExists Nicolas Dufresne (1): media: verisilicon: Fix AV1 decoder clock frequency Nicolas Escande (1): neighbour: add support for NUD_PERMANENT proxy entries Nicolin Chen (1): iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range Niklas Söderlund (1): media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control Nitin Gote (1): iosys-map: Fix undefined behavior in iosys_map_clear() Ojaswin Mujoo (2): ext4: fix fsmap end of range reporting with bigalloc ext4: fix reserved gdt blocks handling in fsmap Oliver Neukum (3): usb: core: usb_submit_urb: downgrade type check net: usb: cdc-ncm: check for filtering capability cdc-acm: fix race between initial clearing halt and open Oscar Maes (1): net: ipv4: fix incorrect MTU in broadcast routes Pagadala Yesu Anjaneyulu (1): wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Pali Rohár (1): cifs: Fix calling CIFSFindFirst() for root path without msearch Paul E. McKenney (1): rcu: Protect ->defer_qs_iw_pending from data race Pauli Virtanen (1): Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established Pavel Begunkov (1): io_uring: don't use int for ABI Pawan Gupta (1): x86/bugs: Avoid warning when overriding return thunk Pedro Falcato (1): RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages Pei Xiao (1): clk: tegra: periph: Fix error handling and resolve unsigned compare warning Peter Oberparleiter (3): s390/sclp: Fix SCCB present check s390/hypfs: Avoid unnecessary ioctl registration in debugfs s390/hypfs: Enable limited access during lockdown Peter Robinson (1): reset: brcmstb: Enable reset drivers for ARCH_BCM2835 Peter Ujfalusi (1): ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() Petr Pavlu (1): module: Prevent silent truncation of module name in delete_module(2) Phillip Lougher (1): squashfs: fix memory leak in squashfs_fill_super Prashant Malani (1): cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag Pu Lehui (1): tracing: Limit access to parser->buffer when trace_get_user failed Purva Yeshi (1): md: dm-zoned-target: Initialize return variable r to avoid uninitialized use Qingfang Deng (2): net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path ppp: fix race conditions in ppp_fill_forward_path Qu Wenruo (2): btrfs: do not allow relocation of partially dropped subvolumes btrfs: populate otime when logging an inode item Rafael J. Wysocki (5): ACPI: processor: perflib: Move problematic pr->performance check cpuidle: governors: menu: Avoid using invalid recent intervals data PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() PM: runtime: Take active children into account in pm_runtime_get_if_in_use() cpuidle: governors: menu: Avoid selecting states with too much latency Raj Kumar Bhagat (1): wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 Ramya Gnanasekar (1): wifi: mac80211: update radar_required in channel context after channel switch Rand Deeb (1): wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Randy Dunlap (2): parisc: Makefile: fix a typo in palo.conf parisc: Makefile: explain that 64BIT requires both 32-bit and 64-bit compilers Ranjan Kumar (4): scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans scsi: mpi3mr: Fix race between config read submit and interrupt completion scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems Ricardo Ribalda (3): media: uvcvideo: Do not mark valid metadata as invalid media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. media: venus: venc: Clamp param smaller than 1fps and bigger than 240 Richard Zhu (2): PCI: imx6: Delay link start until configfs 'start' written PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features Ricky Wu (1): misc: rtsx: usb: Ensure mmc child device is active when card is present Rob Clark (1): drm/msm: use trylock for debugfs Rong Zhang (1): fs/ntfs3: correctly create symlink for relative path Sabrina Dubroca (1): udp: also consider secpath when evaluating ipsec use for checksumming Sakari Ailus (2): media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() PM: runtime: Simplify pm_runtime_get_if_active() usage Salah Triki (1): iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() Sarah Newman (1): drbd: add missing kref_get in handle_write_conflicts Sarika Sharma (2): wifi: ath12k: Correct tid cleanup when tid setup fails wifi: ath12k: Add memset and update default rate value in wmi tx completion Sarthak Garg (1): mmc: sdhci-msm: Ensure SD card power isn't ON when card removed Sasha Levin (1): fs: Prevent file descriptor table allocations exceeding INT_MAX Sean Christopherson (15): KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() KVM: x86: Snapshot the host's DEBUGCTL in common x86 KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs KVM: x86: Plumb "force_immediate_exit" into kvm_entry() tracepoint KVM: VMX: Re-enter guest in fastpath for "spurious" preemption timer exits KVM: VMX: Handle forced exit due to preemption timer in fastpath KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 KVM: x86: Fully defer to vendor code to decide how to force immediate exit KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported KVM: VMX: Extract checking of guest's DEBUGCTL into helper KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer Sebastian Ott (1): ACPI: processor: fix acpi_object initialization Sebastian Reichel (2): watchdog: dw_wdt: Fix default timeout usb: typec: fusb302: cache PD RX state Selvarasu Ganesan (1): usb: dwc3: Remove WARN_ON for device endpoint command timeouts Sergey Bashirov (4): pNFS: Fix stripe mapping in block/scsi layout pNFS: Fix disk addr range check in block/scsi layout pNFS: Handle RPC size limit for layoutcommits pNFS: Fix uninited ptr deref in block/scsi layout Sergey Shtylyov (1): Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() Shankari Anand (1): kconfig: nconf: Ensure null termination where strncpy is used Shannon Nelson (1): ionic: clean dbpage in de-init Shengjiu Wang (1): ASoC: fsl_sai: replace regmap_write with regmap_update_bits Shiji Yang (2): MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} MIPS: lantiq: falcon: sysctrl: fix request memory check logic Showrya M N (1): scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Shuai Xue (1): ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered Shubhrajyoti Datta (1): EDAC/synopsys: Clear the ECC counters on init Shyam Prasad N (1): cifs: reset iface weights when we cannot find a candidate Sravan Kumar Gundu (1): fbdev: Fix vmalloc out-of-bounds write in fast_imageblit Srinivas Kandagatla (1): ASoC: qcom: use drvdata instead of component to keep id Stanislaw Gruszka (1): wifi: iwlegacy: Check rate_idx range after addition Stefan Metzmacher (3): smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() smb: client: don't wait for info->send_pending == 0 on error smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() Stefan Wahren (1): spi: spi-fsl-lpspi: Clamp too high speed_hz Steve French (1): smb3: fix for slab out of bounds on mount to ksmbd Steven Rostedt (5): tracefs: Add d_delete to remove negative dentries powerpc/thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 ktest.pl: Prevent recursion of default variable options ftrace: Also allocate and copy hash for reading of filter files tracing: Remove unneeded goto out logic Su Hui (1): usb: xhci: print xhci->xhc_state when queue_command failed Suchit Karunakaran (1): kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c Sven Schnelle (2): s390/time: Use monotonic clock in get_cycles() s390/stp: Remove udelay from stp_sync_clock() Takashi Iwai (5): ALSA: usb-audio: Validate UAC3 power domain descriptors, too ALSA: usb-audio: Validate UAC3 cluster segment descriptors ALSA: hda: Handle the jack polling always via a work ALSA: hda: Disable jack polling at shutdown ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation Tetsuo Handa (1): hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Theodore Ts'o (2): ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr ext4: don't try to clear the orphan_present feature block device is r/o Thierry Reding (1): firmware: tegra: Fix IVC dependency problems Thomas Fourier (8): et131x: Add missing check after DMA map net: ag71xx: Add missing check after DMA map (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. powerpc: floppy: Add missing checks after DMA map wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() mtd: rawnand: fsmc: Add missing check after DMA map mtd: rawnand: renesas: Add missing check after DMA map Thomas Weißschuh (5): tools/nolibc: define time_t in terms of __kernel_old_time_t tools/build: Fix s390(x) cross-compilation with clang um: Re-evaluate thread flags repeatedly MIPS: Don't crash in stack_top() for tasks without ABI or vDSO kbuild: userprogs: use correct linker when mixing clang and GNU ld Thorsten Blum (2): cdx: Fix off-by-one error in cdx_rpmsg_probe() usb: storage: realtek_cr: Use correct byte order for bcs->Residue Tianxiang Peng (1): x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Tim Harvey (1): hwmon: (gsc-hwmon) fix fan pwm setpoint show functions Timur Kristóf (6): drm/amd/display: Don't overwrite dce60_clk_mgr drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs drm/amd/display: Don't overclock DCE 6 by 15% Tomasz Michalec (2): usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present platform/chrome: cros_ec_typec: Defer probe on missing EC parent Trond Myklebust (1): NFS: Fix the setting of capabilities when automounting a new filesystem Tvrtko Ursulin (1): drm/ttm: Respect the shrinker core free target Tzung-Bi Shih (1): platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() Ulf Hansson (1): mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Uwe Kleine-König (2): pwm: mediatek: Handle hardware enable and clock enable separately pwm: mediatek: Fix duty and period setting ValdikSS (1): igc: fix disabling L1.2 PCI-E link substate on I226 on init Vasiliy Kovalev (1): ALSA: hda/realtek: Fix headset mic on HONOR BRB-X Vedang Nagar (2): media: venus: Fix OOB read due to missing payload bound check media: venus: Add a check for packet size after reading from shared memory Viacheslav Dubeyko (5): hfs: fix general protection fault in hfs_find_init() hfs: fix slab-out-of-bounds in hfs_bnode_read() hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() hfs: fix not erasing deleted b-tree node issue Victor Shih (3): mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency mmc: sdhci-pci-gli: Add a new function to simplify the code mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER Vijendar Mukunda (1): soundwire: amd: serialize amd manager resume sequence during pm_prepare Vincent Guittot (8): sched/topology: Add a new arch_scale_freq_ref() method cpufreq: Use the fixed and coherent frequency for scaling capacity cpufreq/schedutil: Use a fixed reference frequency energy_model: Use a fixed reference frequency cpufreq/cppc: Set the frequency used for computing the capacity arm64/amu: Use capacity_ref_freq() to set AMU ratio topology: Set capacity_freq_ref in all cases sched/fair: Fix frequency selection for non-invariant case Vladimir Zapolskiy (1): media: qcom: camss: cleanup media device allocated resource on error path Waiman Long (2): mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key Wang Liang (1): net: bridge: fix soft lockup in br_multicast_query_expired() Wang Zhaolong (2): smb: client: remove redundant lstrp update in negotiate protocol smb: client: fix netns refcount leak after net_passive changes Wayne Lin (1): drm/amd/display: Avoid trying AUX transactions on disconnected ports Wei Gao (1): ext2: Handle fiemap on empty files to prevent EINVAL Weitao Wang (1): usb: xhci: Fix slot_id resource race conflict Wen Chen (1): drm/amd/display: Fix 'failed to blank crtc!' Will Deacon (4): vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page vsock/virtio: Validate length in packet header before skb_put() vhost/vsock: Avoid allocating arbitrarily-sized SKBs KVM: arm64: Fix kernel BUG() due to bad backport of FPSIMD/SVE/SME fix William Liu (2): net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate Willy Tarreau (1): tools/nolibc: fix spelling of FD_SETBITMASK in FD_* macros Wolfram Sang (3): media: usb: hdpvr: disable zero-length read messages i3c: add missing include to internal header i3c: don't fail if GETHDRCAP is unsupported Xin Long (1): sctp: linearize cloned gso packets in sctp_rcv Xinxin Wan (1): ASoC: codecs: rt5640: Retry DEVICE_ID verification Xinyu Liu (1): usb: core: config: Prevent OOB read in SS endpoint companion parsing Xu Yang (2): net: usb: asix_devices: add phy_mask for ax88772 mdio bus usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test Xu Yilun (1): fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() Yann E. MORIN (1): kconfig: lxdialog: fix 'space' to (de)select options Ye Bin (1): fs/buffer: fix use-after-free when call bh_read() helper Yonghong Song (1): selftests/bpf: Fix a user_ringbuf failure with arm64 64KB page size Yongzhen Zhang (1): fbdev: fix potential buffer overflow in do_register_framebuffer() Youngjun Lee (1): media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Youssef Samir (1): bus: mhi: host: Detect events pointing to unexpected TREs Yuan Chen (1): bpftool: Fix JSON writer resource leak in version command Yuezhang Mo (1): exfat: add cluster chain loop check for dir Yuichiro Tsuji (1): net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Yunhui Cui (1): serial: 8250: fix panic due to PSLVERR Yury Norov [NVIDIA] (1): RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Zenm Chen (1): USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles Zhang Shurong (1): media: ov2659: Fix memory leaks in ov2659_probe() Zhang Yi (1): ext4: fix hole length calculation overflow in non-extent inodes Zhiqi Song (1): crypto: hisilicon/hpre - fix dma unmap sequence Zhu Qiyu (1): ACPI: PRM: Reduce unnecessary printing to avoid user confusion Zijun Hu (2): char: misc: Fix improper and inaccurate error code returned by misc_init() Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() Ziyan Fu (1): watchdog: iTCO_wdt: Report error if timeout configuration fails Ziyan Xu (1): ksmbd: fix refcount leak causing resource not released chenchangcheng (1): media: uvcvideo: Fix bandwidth issue for Alcor camera fangzhong.zhou (1): i2c: Force DLL0945 touchpad i2c freq to 100khz jackysliu (1): scsi: bfa: Double-free fix tuhaowen (1): PM: sleep: console: Fix the black screen issue zhangjianrong (2): net: thunderbolt: Enable end-to-end flow control also in transmit net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() Álvaro Fernández Rojas (5): net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 net: dsa: b53: prevent DIS_LEARNING access on BCM5325 net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325

2 weeks, 6 days

1
1
0 0

Linux 6.1.149

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.149 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/display/sprd/sprd,sharkl3-dpu.yaml | 2 Documentation/devicetree/bindings/display/sprd/sprd,sharkl3-dsi-host.yaml | 2 Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 Documentation/networking/bonding.rst | 12 Documentation/networking/mptcp-sysctl.rst | 2 Makefile | 4 arch/arm/Makefile | 2 arch/arm/mach-rockchip/platsmp.c | 15 arch/arm/mach-tegra/reset.c | 2 arch/arm64/boot/dts/ti/k3-am62-main.dtsi | 1 arch/arm64/include/asm/acpi.h | 2 arch/arm64/kernel/cpufeature.c | 1 arch/arm64/kernel/entry.S | 6 arch/arm64/kernel/fpsimd.c | 4 arch/arm64/kernel/traps.c | 1 arch/arm64/mm/fault.c | 1 arch/arm64/mm/ptdump_debugfs.c | 3 arch/loongarch/net/bpf_jit.c | 21 arch/m68k/kernel/head.S | 31 - arch/mips/crypto/chacha-core.S | 20 arch/mips/include/asm/vpe.h | 8 arch/mips/kernel/process.c | 16 arch/mips/lantiq/falcon/sysctrl.c | 23 - arch/parisc/Makefile | 6 arch/parisc/include/asm/special_insns.h | 28 + arch/parisc/include/asm/uaccess.h | 21 arch/parisc/kernel/entry.S | 17 arch/parisc/kernel/syscall.S | 30 - arch/parisc/lib/memcpy.c | 19 arch/parisc/mm/fault.c | 4 arch/powerpc/include/asm/floppy.h | 5 arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 arch/s390/hypfs/hypfs_dbfs.c | 19 arch/s390/include/asm/timex.h | 13 arch/s390/kernel/time.c | 2 arch/s390/mm/dump_pagetables.c | 2 arch/um/include/asm/thread_info.h | 4 arch/um/kernel/process.c | 20 arch/x86/events/intel/core.c | 2 arch/x86/include/asm/kvm-x86-ops.h | 2 arch/x86/include/asm/kvm_host.h | 24 - arch/x86/include/asm/msr-index.h | 1 arch/x86/include/asm/reboot.h | 5 arch/x86/include/asm/virtext.h | 10 arch/x86/include/asm/xen/hypercall.h | 5 arch/x86/kernel/cpu/bugs.c | 5 arch/x86/kernel/cpu/hygon.c | 3 arch/x86/kernel/cpu/mce/amd.c | 13 arch/x86/kernel/reboot.c | 43 + arch/x86/kvm/hyperv.c | 10 arch/x86/kvm/lapic.c | 61 ++ arch/x86/kvm/lapic.h | 1 arch/x86/kvm/svm/svm.c | 49 +- arch/x86/kvm/svm/vmenter.S | 9 arch/x86/kvm/trace.h | 9 arch/x86/kvm/vmx/nested.c | 26 - arch/x86/kvm/vmx/pmu_intel.c | 8 arch/x86/kvm/vmx/vmx.c | 183 +++++--- arch/x86/kvm/vmx/vmx.h | 31 + arch/x86/kvm/x86.c | 65 +- arch/x86/kvm/x86.h | 12 block/blk-core.c | 26 - block/blk-settings.c | 2 drivers/acpi/acpi_processor.c | 2 drivers/acpi/apei/ghes.c | 2 drivers/acpi/pfr_update.c | 2 drivers/acpi/prmt.c | 26 + drivers/acpi/processor_perflib.c | 11 drivers/ata/Kconfig | 35 + drivers/ata/libata-sata.c | 5 drivers/ata/libata-scsi.c | 20 drivers/base/power/runtime.c | 5 drivers/block/drbd/drbd_receiver.c | 6 drivers/block/sunvdc.c | 4 drivers/bus/mhi/host/boot.c | 8 drivers/bus/mhi/host/internal.h | 4 drivers/bus/mhi/host/main.c | 12 drivers/char/ipmi/ipmi_msghandler.c | 8 drivers/char/ipmi/ipmi_watchdog.c | 59 +- drivers/comedi/comedi_fops.c | 36 + drivers/comedi/comedi_internal.h | 1 drivers/comedi/drivers.c | 36 - drivers/comedi/drivers/pcl726.c | 3 drivers/cpufreq/armada-8k-cpufreq.c | 2 drivers/cpufreq/cppc_cpufreq.c | 2 drivers/cpufreq/cpufreq.c | 8 drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 drivers/crypto/qat/qat_4xxx/adf_4xxx_hw_data.c | 13 drivers/crypto/qat/qat_common/adf_accel_devices.h | 1 drivers/crypto/qat/qat_common/adf_gen4_hw_data.h | 6 drivers/crypto/qat/qat_common/adf_init.c | 3 drivers/devfreq/governor_userspace.c | 6 drivers/dma/stm32-dma.c | 2 drivers/edac/synopsys_edac.c | 97 ++-- drivers/fpga/zynq-fpga.c | 10 drivers/gpio/gpio-mlxbf2.c | 2 drivers/gpio/gpio-tps65912.c | 7 drivers/gpio/gpio-virtio.c | 9 drivers/gpio/gpio-wcd934x.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6 drivers/gpu/drm/amd/amdgpu/mmhub_v3_0_1.c | 57 +- drivers/gpu/drm/amd/amdkfd/kfd_module.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 6 drivers/gpu/drm/amd/display/dc/bios/command_table.c | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 1 drivers/gpu/drm/amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 + drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 - drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 - drivers/gpu/drm/display/drm_dp_helper.c | 2 drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c | 4 drivers/gpu/drm/msm/msm_gem.c | 3 drivers/gpu/drm/msm/msm_gem.h | 6 drivers/gpu/drm/scheduler/sched_entity.c | 21 drivers/gpu/drm/ttm/ttm_pool.c | 8 drivers/gpu/drm/ttm/ttm_resource.c | 3 drivers/hid/hid-apple.c | 13 drivers/hid/hid-magicmouse.c | 56 +- drivers/hwmon/emc2305.c | 10 drivers/hwmon/gsc-hwmon.c | 4 drivers/i2c/i2c-core-acpi.c | 1 drivers/i3c/internals.h | 1 drivers/i3c/master.c | 4 drivers/iio/adc/ad7768-1.c | 23 - drivers/iio/adc/ad_sigma_delta.c | 6 drivers/iio/imu/bno055/bno055.c | 11 drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 6 drivers/iio/light/as73211.c | 2 drivers/iio/light/hid-sensor-prox.c | 8 drivers/iio/pressure/bmp280-core.c | 9 drivers/iio/proximity/isl29501.c | 16 drivers/iio/temperature/maxim_thermocouple.c | 26 - drivers/infiniband/core/nldev.c | 22 drivers/infiniband/hw/bnxt_re/qplib_res.c | 2 drivers/infiniband/hw/erdma/erdma_verbs.c | 4 drivers/infiniband/hw/hfi1/affinity.c | 44 + drivers/iommu/amd/init.c | 4 drivers/leds/leds-lp50xx.c | 11 drivers/md/dm-ps-historical-service-time.c | 4 drivers/md/dm-ps-queue-length.c | 4 drivers/md/dm-ps-round-robin.c | 4 drivers/md/dm-ps-service-time.c | 4 drivers/md/dm-table.c | 10 drivers/md/dm-zoned-target.c | 2 drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3 drivers/media/dvb-frontends/dib7000p.c | 8 drivers/media/i2c/hi556.c | 26 - drivers/media/i2c/ov2659.c | 3 drivers/media/i2c/tc358743.c | 86 ++- drivers/media/platform/qcom/camss/camss.c | 4 drivers/media/platform/qcom/venus/core.c | 8 drivers/media/platform/qcom/venus/core.h | 2 drivers/media/platform/qcom/venus/helpers.c | 2 drivers/media/platform/qcom/venus/hfi_helper.h | 61 ++ drivers/media/platform/qcom/venus/hfi_msgs.c | 85 ++- drivers/media/platform/qcom/venus/hfi_venus.c | 5 drivers/media/platform/qcom/venus/vdec.c | 13 drivers/media/platform/qcom/venus/vdec_ctrls.c | 2 drivers/media/platform/qcom/venus/venc.c | 9 drivers/media/platform/qcom/venus/venc_ctrls.c | 2 drivers/media/test-drivers/vivid/vivid-ctrls.c | 3 drivers/media/test-drivers/vivid/vivid-vid-cap.c | 4 drivers/media/usb/gspca/vicam.c | 10 drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 drivers/media/usb/usbtv/usbtv-video.c | 4 drivers/media/usb/uvc/uvc_driver.c | 3 drivers/media/usb/uvc/uvc_video.c | 21 drivers/media/v4l2-core/v4l2-common.c | 8 drivers/media/v4l2-core/v4l2-ctrls-core.c | 1 drivers/memstick/core/memstick.c | 1 drivers/memstick/host/rtsx_usb_ms.c | 1 drivers/misc/cardreader/rtsx_usb.c | 16 drivers/misc/mei/bus.c | 6 drivers/mmc/host/rtsx_usb_sdmmc.c | 4 drivers/mmc/host/sdhci-msm.c | 14 drivers/mmc/host/sdhci-pci-gli.c | 33 - drivers/most/core.c | 2 drivers/mtd/nand/raw/fsmc_nand.c | 2 drivers/mtd/nand/raw/renesas-nand-controller.c | 6 drivers/mtd/nand/spi/core.c | 5 drivers/mtd/spi-nor/swp.c | 19 drivers/net/bonding/bond_3ad.c | 224 ++++++++-- drivers/net/bonding/bond_main.c | 1 drivers/net/bonding/bond_netlink.c | 16 drivers/net/bonding/bond_options.c | 29 + drivers/net/dsa/b53/b53_common.c | 65 ++ drivers/net/dsa/b53/b53_regs.h | 2 drivers/net/dummy.c | 1 drivers/net/ethernet/agere/et131x.c | 36 + drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2 drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 + drivers/net/ethernet/atheros/ag71xx.c | 9 drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 drivers/net/ethernet/emulex/benet/be_main.c | 8 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14 drivers/net/ethernet/freescale/fec_main.c | 34 - drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 drivers/net/ethernet/google/gve/gve_adminq.c | 1 drivers/net/ethernet/google/gve/gve_main.c | 2 drivers/net/ethernet/intel/igc/igc_main.c | 14 drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4 drivers/net/ethernet/mediatek/mtk_ppe_offload.c | 2 drivers/net/ethernet/mediatek/mtk_wed.c | 1 drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2 drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2 drivers/net/ethernet/mellanox/mlxsw/trap.h | 1 drivers/net/ethernet/pensando/ionic/ionic_lif.c | 7 drivers/net/geneve.c | 1 drivers/net/hyperv/hyperv_net.h | 3 drivers/net/hyperv/netvsc_drv.c | 29 + drivers/net/loopback.c | 1 drivers/net/phy/micrel.c | 2 drivers/net/phy/mscc/mscc.h | 12 drivers/net/phy/mscc/mscc_main.c | 12 drivers/net/phy/mscc/mscc_ptp.c | 49 +- drivers/net/phy/smsc.c | 1 drivers/net/ppp/ppp_generic.c | 17 drivers/net/thunderbolt.c | 21 drivers/net/usb/asix_devices.c | 1 drivers/net/usb/cdc_ncm.c | 20 drivers/net/veth.c | 1 drivers/net/vxlan/vxlan_core.c | 1 drivers/net/wireless/ath/ath11k/ce.c | 3 drivers/net/wireless/ath/ath11k/dp_rx.c | 3 drivers/net/wireless/ath/ath11k/hal.c | 33 + drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 drivers/net/wireless/realtek/rtlwifi/pci.c | 23 - drivers/net/wireless/realtek/rtw89/core.c | 3 drivers/net/wireless/realtek/rtw89/fw.c | 9 drivers/net/wireless/realtek/rtw89/fw.h | 2 drivers/net/wireless/realtek/rtw89/mac.c | 19 drivers/net/wireless/realtek/rtw89/reg.h | 1 drivers/net/xen-netfront.c | 5 drivers/pci/controller/pcie-rockchip-host.c | 49 +- drivers/pci/controller/pcie-rockchip.h | 11 drivers/pci/endpoint/pci-ep-cfs.c | 1 drivers/pci/endpoint/pci-epf-core.c | 2 drivers/pci/pci-acpi.c | 4 drivers/pci/pci.c | 8 drivers/pci/probe.c | 2 drivers/pinctrl/stm32/pinctrl-stm32.c | 1 drivers/platform/chrome/cros_ec.c | 19 drivers/platform/chrome/cros_ec_typec.c | 4 drivers/platform/x86/thinkpad_acpi.c | 4 drivers/pps/clients/pps-gpio.c | 5 drivers/ptp/ptp_clock.c | 2 drivers/pwm/pwm-imx-tpm.c | 9 drivers/pwm/pwm-mediatek.c | 71 +-- drivers/remoteproc/imx_rproc.c | 4 drivers/reset/Kconfig | 10 drivers/rtc/rtc-ds1307.c | 15 drivers/s390/char/sclp.c | 11 drivers/scsi/aacraid/comminit.c | 3 drivers/scsi/bfa/bfad_im.c | 1 drivers/scsi/libiscsi.c | 3 drivers/scsi/lpfc/lpfc_debugfs.c | 1 drivers/scsi/lpfc/lpfc_scsi.c | 4 drivers/scsi/mpi3mr/mpi3mr.h | 6 drivers/scsi/mpi3mr/mpi3mr_fw.c | 17 drivers/scsi/mpi3mr/mpi3mr_os.c | 22 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/scsi/scsi_scan.c | 2 drivers/scsi/scsi_transport_sas.c | 60 ++ drivers/soc/qcom/mdt_loader.c | 68 ++- drivers/soc/tegra/pmc.c | 51 +- drivers/staging/media/imx/imx-media-csc-scaler.c | 2 drivers/target/target_core_fabric_lib.c | 63 ++ drivers/target/target_core_internal.h | 4 drivers/target/target_core_pr.c | 18 drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 + drivers/thermal/thermal_sysfs.c | 9 drivers/thunderbolt/domain.c | 2 drivers/tty/serial/8250/8250_port.c | 3 drivers/tty/vt/defkeymap.c_shipped | 112 +++++ drivers/tty/vt/keyboard.c | 2 drivers/ufs/host/ufs-exynos.c | 4 drivers/ufs/host/ufshcd-pci.c | 42 + drivers/usb/atm/cxacru.c | 106 ++-- drivers/usb/class/cdc-acm.c | 11 drivers/usb/core/config.c | 10 drivers/usb/core/hcd.c | 8 drivers/usb/core/quirks.c | 1 drivers/usb/core/urb.c | 2 drivers/usb/dwc3/dwc3-imx8mp.c | 6 drivers/usb/dwc3/dwc3-meson-g12a.c | 3 drivers/usb/dwc3/ep0.c | 20 drivers/usb/dwc3/gadget.c | 19 drivers/usb/gadget/udc/renesas_usb3.c | 1 drivers/usb/host/xhci-mem.c | 2 drivers/usb/host/xhci-pci-renesas.c | 7 drivers/usb/host/xhci-ring.c | 10 drivers/usb/host/xhci.c | 6 drivers/usb/musb/omap2430.c | 20 drivers/usb/storage/realtek_cr.c | 2 drivers/usb/storage/unusual_devs.h | 29 + drivers/usb/typec/mux/intel_pmc_mux.c | 2 drivers/usb/typec/tcpm/fusb302.c | 8 drivers/usb/typec/ucsi/psy.c | 2 drivers/usb/typec/ucsi/ucsi.c | 1 drivers/usb/typec/ucsi/ucsi.h | 7 drivers/vfio/pci/mlx5/cmd.c | 4 drivers/vfio/vfio_iommu_type1.c | 7 drivers/vhost/vhost.c | 3 drivers/vhost/vsock.c | 6 drivers/video/console/vgacon.c | 2 drivers/video/fbdev/core/fbcon.c | 9 drivers/video/fbdev/core/fbmem.c | 3 drivers/virt/coco/efi_secret/efi_secret.c | 10 drivers/watchdog/dw_wdt.c | 2 drivers/watchdog/iTCO_wdt.c | 6 drivers/watchdog/sbsa_gwdt.c | 50 ++ fs/btrfs/block-group.c | 27 + fs/btrfs/ctree.c | 9 fs/btrfs/ordered-data.c | 12 fs/btrfs/qgroup.c | 31 + fs/btrfs/relocation.c | 19 fs/btrfs/send.c | 39 + fs/btrfs/tree-log.c | 60 +- fs/btrfs/zoned.c | 3 fs/buffer.c | 2 fs/crypto/fscrypt_private.h | 17 fs/crypto/hkdf.c | 2 fs/crypto/keysetup.c | 3 fs/crypto/keysetup_v1.c | 3 fs/eventpoll.c | 60 ++ fs/ext2/inode.c | 12 fs/ext4/fsmap.c | 23 - fs/ext4/indirect.c | 4 fs/ext4/inline.c | 19 fs/ext4/inode.c | 2 fs/ext4/mballoc.c | 67 +- fs/ext4/orphan.c | 5 fs/ext4/super.c | 8 fs/f2fs/data.c | 2 fs/f2fs/f2fs.h | 1 fs/f2fs/inode.c | 7 fs/f2fs/node.c | 10 fs/file.c | 90 +--- fs/hfs/bnode.c | 93 ++++ fs/hfsplus/bnode.c | 92 ++++ fs/hfsplus/unicode.c | 7 fs/hfsplus/xattr.c | 6 fs/hugetlbfs/inode.c | 2 fs/jbd2/checkpoint.c | 1 fs/jfs/file.c | 3 fs/jfs/inode.c | 2 fs/jfs/jfs_dmap.c | 6 fs/libfs.c | 4 fs/namespace.c | 34 - fs/nfs/blocklayout/blocklayout.c | 4 fs/nfs/blocklayout/dev.c | 5 fs/nfs/blocklayout/extent_tree.c | 20 fs/nfs/client.c | 44 + fs/nfs/internal.h | 2 fs/nfs/nfs4client.c | 20 fs/nfs/nfs4proc.c | 2 fs/nfs/pnfs.c | 11 fs/nfsd/nfs4state.c | 34 + fs/ntfs3/dir.c | 3 fs/ntfs3/inode.c | 31 - fs/orangefs/orangefs-debugfs.c | 2 fs/smb/client/cifssmb.c | 10 fs/smb/client/connect.c | 1 fs/smb/client/sess.c | 9 fs/smb/client/smb2ops.c | 11 fs/smb/server/connection.c | 3 fs/smb/server/connection.h | 7 fs/smb/server/smb2pdu.c | 16 fs/smb/server/transport_rdma.c | 5 fs/smb/server/transport_rdma.h | 4 fs/smb/server/transport_tcp.c | 26 + fs/squashfs/super.c | 14 fs/udf/super.c | 13 fs/xfs/xfs_itable.c | 6 include/linux/blk_types.h | 6 include/linux/compiler.h | 8 include/linux/fs.h | 4 include/linux/hypervisor.h | 3 include/linux/if_vlan.h | 6 include/linux/iosys-map.h | 7 include/linux/memfd.h | 14 include/linux/mm.h | 82 ++- include/linux/pci.h | 10 include/linux/platform_data/cros_ec_proto.h | 4 include/linux/skbuff.h | 8 include/linux/usb/cdc_ncm.h | 1 include/linux/virtio_vsock.h | 7 include/net/bond_3ad.h | 3 include/net/bond_options.h | 1 include/net/bonding.h | 23 + include/net/cfg80211.h | 2 include/net/mac80211.h | 2 include/net/neighbour.h | 1 include/sound/soc-dai.h | 13 include/uapi/linux/if_link.h | 1 include/uapi/linux/in6.h | 4 include/uapi/linux/io_uring.h | 2 include/uapi/linux/pfrut.h | 1 kernel/cgroup/cpuset.c | 2 kernel/fork.c | 2 kernel/module/main.c | 10 kernel/power/console.c | 7 kernel/rcu/tree_plugin.h | 3 kernel/sched/fair.c | 19 kernel/trace/ftrace.c | 19 kernel/trace/trace.c | 33 - kernel/trace/trace.h | 8 mm/debug_vm_pgtable.c | 9 mm/filemap.c | 2 mm/kmemleak.c | 10 mm/madvise.c | 2 mm/memfd.c | 2 mm/memory-failure.c | 8 mm/mmap.c | 12 mm/ptdump.c | 2 mm/shmem.c | 2 net/bluetooth/hci_conn.c | 3 net/bluetooth/hci_sync.c | 43 + net/bridge/br_multicast.c | 16 net/bridge/br_private.h | 2 net/core/dev.c | 12 net/core/neighbour.c | 12 net/hsr/hsr_slave.c | 8 net/ipv4/ip_tunnel.c | 1 net/ipv4/netfilter/nf_reject_ipv4.c | 6 net/ipv4/route.c | 1 net/ipv4/udp_offload.c | 2 net/ipv6/addrconf.c | 7 net/ipv6/ip6_gre.c | 2 net/ipv6/ip6_tunnel.c | 1 net/ipv6/ip6_vti.c | 1 net/ipv6/mcast.c | 11 net/ipv6/netfilter/nf_reject_ipv6.c | 5 net/ipv6/seg6_hmac.c | 6 net/ipv6/sit.c | 1 net/mac80211/cfg.c | 12 net/mac80211/chan.c | 1 net/mac80211/mlme.c | 9 net/mac80211/sta_info.c | 5 net/mctp/af_mctp.c | 26 + net/mptcp/options.c | 9 net/mptcp/pm.c | 8 net/mptcp/pm_netlink.c | 19 net/mptcp/protocol.c | 55 ++ net/mptcp/protocol.h | 27 - net/mptcp/subflow.c | 30 - net/ncsi/internal.h | 2 net/ncsi/ncsi-rsp.c | 1 net/netfilter/nf_conntrack_netlink.c | 24 - net/netlink/af_netlink.c | 2 net/sched/sch_cake.c | 14 net/sched/sch_ets.c | 36 - net/sched/sch_htb.c | 2 net/tls/tls_sw.c | 16 net/vmw_vsock/virtio_transport.c | 14 net/wireless/mlme.c | 3 scripts/kconfig/gconf.c | 8 scripts/kconfig/lxdialog/inputbox.c | 6 scripts/kconfig/lxdialog/menubox.c | 2 scripts/kconfig/nconf.c | 2 scripts/kconfig/nconf.gui.c | 1 security/apparmor/include/lib.h | 6 security/inode.c | 2 sound/core/pcm_native.c | 19 sound/pci/hda/hda_codec.c | 42 - sound/pci/hda/patch_ca0132.c | 2 sound/pci/hda/patch_realtek.c | 4 sound/pci/intel8x0.c | 2 sound/soc/codecs/hdac_hdmi.c | 10 sound/soc/codecs/rt5640.c | 5 sound/soc/fsl/fsl_asrc.c | 16 sound/soc/fsl/fsl_aud2htx.c | 10 sound/soc/fsl/fsl_easrc.c | 16 sound/soc/fsl/fsl_esai.c | 20 sound/soc/fsl/fsl_micfil.c | 14 sound/soc/fsl/fsl_sai.c | 44 - sound/soc/fsl/fsl_spdif.c | 17 sound/soc/fsl/fsl_ssi.c | 3 sound/soc/fsl/fsl_xcvr.c | 16 sound/soc/generic/audio-graph-card.c | 2 sound/soc/intel/avs/core.c | 3 sound/soc/soc-core.c | 28 + sound/soc/soc-dai.c | 43 + sound/soc/soc-dapm.c | 4 sound/usb/mixer_quirks.c | 14 sound/usb/stream.c | 25 - sound/usb/validate.c | 14 tools/include/nolibc/std.h | 4 tools/include/nolibc/types.h | 4 tools/include/uapi/linux/if_link.h | 1 tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 4 tools/scripts/Makefile.include | 4 tools/testing/ktest/ktest.pl | 5 tools/testing/selftests/arm64/fp/sve-ptrace.c | 3 tools/testing/selftests/bpf/prog_tests/user_ringbuf.c | 10 tools/testing/selftests/ftrace/test.d/ftrace/func-filter-glob.tc | 2 tools/testing/selftests/futex/include/futextest.h | 11 tools/testing/selftests/memfd/memfd_test.c | 43 + tools/testing/selftests/net/mptcp/pm_netlink.sh | 1 511 files changed, 4940 insertions(+), 1988 deletions(-) Aahil Awatramani (1): bonding: Add independent control state machine Aaron Kling (1): ARM: tegra: Use I/O memcpy to write to IRAM Aaron Plattner (1): watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition Ada Couprie Diaz (1): arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() Aditya Garg (2): HID: magicmouse: avoid setting up battery timer when not needed HID: apple: avoid setting up battery timer for devices without battery Adrian Hunter (1): scsi: ufs: ufs-pci: Fix default runtime and system PM levels Al Viro (5): better lockdep annotations for simple_recursive_removal() fix locking in efi_secret_unlink() securityfs: don't pin dentries twice, once is enough... use uniform permission checks for all mount propagation changes alloc_fdtable(): change calling conventions. Alex Deucher (1): drm/amdgpu: update mmhub 3.0.1 client id mappings Alex Guo (2): media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alexander Kochetkov (1): ARM: rockchip: fix kernel hang during smp initialization Alexander Wilhelm (1): bus: mhi: host: Fix endianness of BHI vector table Alok Tiwari (4): ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 be2net: Use correct byte order and format string for TCP seq and ack_seq net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() gve: Return error for unknown admin queue command Amber Lin (1): drm/amdkfd: Destroy KFD debugfs after destroy KFD wq Amelie Delaunay (1): dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs Amir Mohammad Jahangirzad (1): fs/orangefs: use snprintf() instead of sprintf() Anantha Prabhu (1): RDMA/bnxt_re: Fix to initialize the PBL array Andreas Dilger (1): ext4: check fast symlink for ea_inode correctly André Draszik (1): scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE Andy Shevchenko (1): Documentation: ACPI: Fix parent device references Anshuman Khandual (1): mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Anthoine Bourgeois (1): xen/netfront: Fix TX response spurious interrupts Archana Patni (1): scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers Arnaud Lecomte (1): jfs: upper bound check of tree index in dbAllocAG Arnd Bergmann (1): RDMA/core: reduce stack using in nldev_stat_get_doit() Artem Sadovnikov (1): vfio/mlx5: fix possible overflow in tracking max message size Avraham Stern (1): wifi: iwlwifi: mvm: fix scan request validation Baihan Li (1): drm/hisilicon/hibmc: fix the hibmc loaded failed bug Baokun Li (4): ext4: fix zombie groups in average fragment size lists ext4: fix largest free orders lists corruption on mb_optimize_scan switch jbd2: prevent softlockup in jbd2_log_do_checkpoint() ext4: preserve SB_I_VERSION on remount Bartosz Golaszewski (2): gpio: wcd934x: check the return value of regmap_update_bits() gpio: tps65912: check the return value of regmap_update_bits() Benjamin Berg (1): wifi: mac80211: avoid lockdep checking when removing deflink Benjamin Marzinski (1): dm-table: fix checking for rq stackable devices Benson Leung (1): usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default Bharat Bhushan (1): crypto: octeontx2 - add timeout for load_fvc completion poll Bingbu Cao (1): media: hi556: correct the test pattern configuration Bitterblue Smith (3): wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB wifi: rtw89: Fix rtw89_mac_power_switch() for USB wifi: rtw89: Disable deep power saving for USB/SDIO Bjorn Andersson (1): soc: qcom: mdt_loader: Ensure we don't read past the ELF header Bjorn Helgaas (1): mmc: sdhci-pci-gli: Use PCI AER definitions, not hard-coded values Boshi Yu (1): RDMA/erdma: Fix ignored return value of init_kernel_qp Breno Leitao (5): ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path arm64: Mark kernel as tainted on SAE and SError panic ptp: Use ratelimite for freerun error message ipmi: Use dev_warn_ratelimited() for incorrect message warnings mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock Buday Csaba (1): net: phy: smsc: add proper reset flags for LAN8710A Cezary Rojewski (1): ASoC: Intel: avs: Fix uninitialized pointer error in probe() Chao Gao (2): KVM: nVMX: Defer SVI update to vmcs01 on EOI when L2 is active w/o VID KVM: VMX: Flush shadow VMCS on emergency reboot Chao Yu (3): f2fs: fix to do sanity check on ino and xnid f2fs: fix to call clear_page_private_reference in .{release,invalid}_folio f2fs: fix to avoid out-of-boundary access in dnode page Cheick Traore (1): pinctrl: stm32: Manage irq affinity settings Chen Yu (1): ACPI: pfr_update: Fix the driver update version check Chen-Yu Tsai (1): platform/chrome: cros_ec: Use per-device lockdep key Chenyuan Yang (1): drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() Chris Mason (1): sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails Christoph Hellwig (2): block: reject invalid operation in submit_bio_noacct xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags Christoph Paasch (1): mptcp: drop skb if MPTCP skb extension allocation fails Christophe Leroy (1): ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop Christopher Eby (1): ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks Corey Minyard (1): ipmi: Fix strcpy source and destination the same Cristian Ciocaltea (1): ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Cynthia Huang (1): selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t Dai Ngo (1): NFSD: detect mismatch of file handle and delegation stateid in OPEN op Damien Le Moal (8): ata: libata-sata: Disallow changing LPM state if not supported scsi: mpt3sas: Correctly handle ATA device errors scsi: mpi3mr: Correctly handle ATA device errors ata: libata-scsi: Fix ata_to_sense_error() status handling PCI: endpoint: Fix configfs group list head handling PCI: endpoint: Fix configfs group removal on driver teardown block: Make REQ_OP_ZONE_FINISH a write operation ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig Dan Carpenter (4): cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() media: gspca: Add bounds checking to firmware parser scsi: qla4xxx: Prevent a potential error pointer dereference ALSA: usb-audio: Fix size validation in convert_chmap_v3() Dave Stevenson (3): media: tc358743: Check I2C succeeded during probe media: tc358743: Return an appropriate colorspace from tc358743_set_fmt media: tc358743: Increase FIFO trigger level to 374 David Collins (1): thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required David Lechner (5): iio: adc: ad_sigma_delta: don't overallocate scan buffer iio: imu: bno055: fix OOB access of hw_xlate array iio: adc: ad_sigma_delta: change to buffer predisable iio: proximity: isl29501: fix buffered read on big-endian systems iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() David Thompson (1): gpio: mlxbf2: use platform_get_irq_optional() Davide Caratti (1): net/sched: ets: use old 'nbands' while purging unused classes Edward Adam Davis (2): jfs: Regular file corruption check comedi: pcl726: Prevent invalid irq number Eliav Farber (1): pps: clients: gpio: fix interrupt handling order in remove path Emily Deng (1): drm/ttm: Should to return the evict error Eric Biggers (4): thunderbolt: Fix copy+paste error in match_service_id() lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap ipv6: sr: Fix MAC comparison to be constant-time fscrypt: Don't use problematic non-inline crypto engines Eric Dumazet (2): net: add netdev_lockdep_set_classes() to virtual drivers net_sched: sch_ets: implement lockless ets_dump() Eric Work (1): net: atlantic: add set_power to fw_ops for atl2 to fix wol Evgeniy Harchenko (1): ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 Fedor Pchelkin (1): netlink: avoid infinite retry looping in netlink_unicast() Filipe Manana (6): btrfs: abort transaction during log replay if walk_log_tree() failed btrfs: fix log tree replay failure due to file with 0 links and extents btrfs: fix qgroup reservation leak on failure to allocate ordered extent btrfs: qgroup: fix race between quota disable and quota rescan ioctl btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() btrfs: send: use fallocate for hole punching with send stream v2 Finn Thain (1): m68k: Fix lost column on framebuffer debug console Florian Larysch (1): net: phy: micrel: fix KSZ8081/KSZ8091 cable test Florian Westphal (2): netfilter: ctnetlink: fix refcount leak on table dump netfilter: nf_reject: don't leak dst refcount for loopback packets Florin Leotescu (1): hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state Gabor Juhos (1): mtd: spinand: propagate spinand_wait() errors from spinand_write_page() Gal Pressman (1): net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs Gang Ba (1): drm/amdgpu: Avoid extra evict-restore process. Gautham R. Shenoy (1): pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() Geliang Tang (1): mptcp: disable add_addr retransmission when timeout is 0 Geraldo Nascimento (2): PCI: rockchip: Use standard PCIe definitions PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining Giovanni Cabiddu (1): crypto: qat - fix ring to service map for QAT GEN4 Gokul krishna Krishnakumar (1): soc: qcom: mdt_loader: Enhance split binary detection Greg Kroah-Hartman (1): Linux 6.1.149 Gui-Dong Han (1): media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() Haiyang Zhang (1): hv_netvsc: Fix panic during namespace deletion with VF Hangbin Liu (2): bonding: update LACP activity flag after setting lacp_active bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU Hans Verkuil (1): media: vivid: fix wrong pixel_array control size Hans de Goede (1): mei: bus: Check for still connected devices in mei_cl_bus_dev_release() Haoran Jiang (1): LoongArch: BPF: Fix jump offset calculation in tailcall Haoxiang Li (1): media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() Harald Mommer (1): gpio: virtio: Fix config space reading. Hari Kalavakunta (1): net: ncsi: Fix buffer overflow in fetching version id Heiner Kallweit (1): dpaa_eth: don't use fixed_phy_change_carrier Helge Deller (1): Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" Herton R. Krzesinski (1): mm/debug_vm_pgtable: clear page table entries at destroy_args() Hiago De Franco (1): remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU Horatiu Vultur (1): phy: mscc: Fix timestamping for vsc8584 Hsin-Te Yuan (1): thermal: sysfs: Return ENODATA instead of EAGAIN for reads Huacai Chen (1): PCI: Extend isolated function probing to LoongArch Ian Abbott (3): comedi: fix race between polling and detaching comedi: Make insn_rw_emulate_bits() do insn->n samples comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() Ido Schimmel (1): mlxsw: spectrum: Forward packets with an IPv4 link-local source IP Ilan Peer (1): wifi: cfg80211: Fix interface type validation Ilya Bakoulin (1): drm/amd/display: Separate set_gsl from set_gsl_source_select Imre Deak (1): drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Jack Xiao (1): drm/amdgpu: fix incorrect vm flags to map bo Jakub Acs (1): net, hsr: reject HSR frame if skb can't hold tag Jakub Kicinski (2): uapi: in6: restore visibility of most IPv6 socket options tls: fix handling of zero-length records on the rx_list Jakub Ramaseuski (1): net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM Jan Beulich (1): compiler: remove __ADDRESSABLE_ASM{_STR,}() again Jan Kara (1): udf: Verify partition map count Jann Horn (1): eventpoll: Fix semi-unbounded recursion Jason Wang (1): vhost: fail early when __vhost_add_used() fails Jason Xing (1): ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc Jay Chen (1): usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Jean-Baptiste Maneyrol (1): iio: imu: inv_icm42600: change invalid data error to -EBUSY Jeff Layton (1): nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Jiasheng Jiang (1): scsi: lpfc: Remove redundant assignment to avoid memory leak Jiayi Li (2): ACPI: processor: perflib: Fix initial _PPC limit application memstick: Fix deadlock by moving removing flag earlier Jinjiang Tu (1): mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn Johan Adolfsson (1): leds: leds-lp50xx: Handle reg to get correct multi_index Johan Hovold (11): net: gianfar: fix device leak when querying time stamp info net: mtk_eth_soc: fix device leak at probe net: dpaa: fix device leak when querying time stamp info usb: gadget: udc: renesas_usb3: fix device leak at unbind usb: dwc3: meson-g12a: fix device leaks at unbind wifi: ath11k: fix dest ring-buffer corruption wifi: ath11k: fix source ring-buffer corruption wifi: ath11k: fix dest ring-buffer corruption when ring is full net: enetc: fix device and OF node leak at probe usb: musb: omap2430: fix device leak at unbind usb: dwc3: imx8mp: fix device leak at unbind Johannes Berg (2): wifi: cfg80211: reject HTC bit for management frames wifi: mac80211: don't complete management TX on SAE commit Johannes Thumshirn (1): btrfs: zoned: use filesystem size not disk size for reclaim decision John David Anglin (5): parisc: Check region is readable by user in raw_copy_from_user() parisc: Revise __get_user() to probe user read access parisc: Revise gateway LWS calls to probe user read access parisc: Try to fixup kernel exception in bad_area_nosemaphore path of do_page_fault() parisc: Update comments in make_insert_tlb John Garry (2): scsi: aacraid: Stop using PCI_IRQ_AFFINITY block: avoid possible overflow for chunk_sectors check in blk_stack_limits() Jon Hunter (1): soc/tegra: pmc: Ensure power-domains are in a known state Jonas Rebmann (1): net: fec: allow disable coalescing Jonathan Cameron (1): iio: light: as73211: Ensure buffer holes are zeroed Jonathan Santos (1): iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement Jordan Rhee (1): gve: prevent ethtool ops after shutdown Jorge Marques (1): i3c: master: Initialize ret in i3c_i2c_notifier_call() Jorge Ramirez-Ortiz (2): media: venus: hfi: explicitly release IRQ during teardown media: venus: protect against spurious interrupts during probe Judith Mendez (1): arm64: dts: ti: k3-am62-main: Remove eMMC High Speed DDR support Justin Tee (1): scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Kan Liang (1): perf/x86/intel: Fix crash in icl_update_topdown_event() Kees Cook (3): arm64: Handle KCOV __init vs inline mismatches platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches iommu/amd: Avoid stack buffer overflow from kernel cmdline Keith Busch (1): vfio/type1: conditional rescheduling while pinning Konrad Dybcio (1): media: venus: Introduce accessors for remapped hfi_buffer_reqs members Krzysztof Kozlowski (2): dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints Kuen-Han Tsai (1): usb: dwc3: Ignore late xferNotReady event to prevent halt timeout Kuninori Morimoto (4): ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed ASoC: soc-dai.c: add missing flag check at snd_soc_pcm_dai_probe() ASoC: soc-dai.h: merge DAI call back functions into ops ASoC: fsl: merge DAI call back functions into ops Kuniyuki Iwashima (1): ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). Laurentiu Mihalcea (1): pwm: imx-tpm: Reset counter if CMOD is 0 Leon Romanovsky (1): net/mlx5e: Properly access RCU protected qdisc_sleeping variable Liao Yuanhong (1): ext4: use kmalloc_array() for array space allocation Lifeng Zheng (2): cpufreq: Exit governor when failed to start old governor PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() Lin.Cao (1): drm/sched: Remove optimization that causes hang when killing dependent jobs Lizhi Xu (2): fs/ntfs3: Add sanity check for file name jfs: truncate good inode pages when hard link is 0 Lorenzo Stoakes (4): mm: drop the assumption that VM_SHARED always implies writable mm: update memfd seal write check to include F_SEAL_WRITE mm: reinstate ability to map write-sealed memfd mappings read-only selftests/memfd: add test for mapping write-sealed memfd read-only Lucy Thrun (1): ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Ludwig Disterhof (1): media: usbtv: Lock resolution while streaming Lukas Wunner (1): PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports Ma Ke (1): sunvdc: Balance device refcount in vdc_port_mpgroup_check Mael GUERIN (1): USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera Marek Szyprowski (1): zynq_fpga: use sgtable-based scatterlist wrappers Marek Vasut (1): usb: renesas-xhci: Fix External ROM access timeouts Mario Limonciello (6): usb: xhci: Avoid showing warnings for dying controller usb: xhci: Avoid showing errors during surprise removal drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual drm/amd/display: Only finalize atomic_obj if it was initialized drm/amd: Restore cached power limit during resume drm/amd/display: Avoid a NULL pointer dereference Mark Brown (2): ASoC: hdac_hdmi: Rate limit logging on connection and disconnection kselftest/arm64: Specify SVE data when testing VL set in sve-ptrace Masahiro Yamada (2): kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() kconfig: gconf: fix potential memory leak in renderer_edited() Masami Hiramatsu (Google) (1): selftests: tracing: Use mutex_unlock for testing glob filter Mateusz Guzik (1): apparmor: use the condition in AA_BUG_FMT even with debug disabled Matt Johnston (1): net: mctp: Prevent duplicate binds Matthieu Baerts (NGI0) (2): mptcp: pm: kernel: flush: do not reset ADD_ADDR limit selftests: mptcp: pm: check flush doesn't reset limits Maurizio Lombardi (1): scsi: target: core: Generate correct identifiers for PR OUT transport IDs Maxim Levitsky (3): KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest Meagan Lloyd (2): rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe Miao Li (1): usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive Miaoqian Lin (1): most: core: Drop device reference after usage in get_channel() Michael Walle (1): mtd: spi-nor: Fix spi_nor_try_unlock_all() Mikhail Lobanov (1): wifi: mac80211: check basic rates validity in sta_link_apply_parameters Mikulas Patocka (1): dm-mpath: don't print the "loaded" message if registering fails Mina Almasry (1): netmem: fix skb_frag_address_safe with unreadable skbs Minhong He (1): ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add Myrrh Periwinkle (3): usb: typec: ucsi: Update power_supply on power role change vt: keyboard: Don't process Unicode characters in K_OFF mode vt: defkeymap: Map keycodes above 127 to K_HOLE Namjae Jeon (1): ksmbd: extend the connection limiting mechanism to support IPv6 Naohiro Aota (1): btrfs: zoned: do not remove unwritten non-data block group Nathan Chancellor (3): usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS NeilBrown (1): smb/server: avoid deadlock when linking with ReplaceIfExists Nianyao Tang (1): arm64/cpufeatures/kvm: Add ARMv8.9 FEAT_ECBHB bits in ID_AA64MMFR1 register Nicolas Escande (1): neighbour: add support for NUD_PERMANENT proxy entries Niklas Söderlund (1): media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control Nitin Gote (1): iosys-map: Fix undefined behavior in iosys_map_clear() Ojaswin Mujoo (2): ext4: fix fsmap end of range reporting with bigalloc ext4: fix reserved gdt blocks handling in fsmap Oliver Neukum (3): usb: core: usb_submit_urb: downgrade type check net: usb: cdc-ncm: check for filtering capability cdc-acm: fix race between initial clearing halt and open Oscar Maes (1): net: ipv4: fix incorrect MTU in broadcast routes Pagadala Yesu Anjaneyulu (1): wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Pali Rohár (1): cifs: Fix calling CIFSFindFirst() for root path without msearch Paolo Abeni (3): mptcp: make fallback action and fallback decision atomic mptcp: plug races between subflow fail and subflow creation mptcp: reset fallback status gracefully at disconnect() time Paul E. McKenney (1): rcu: Protect ->defer_qs_iw_pending from data race Pavel Begunkov (1): io_uring: don't use int for ABI Pawan Gupta (1): x86/bugs: Avoid warning when overriding return thunk Peter Oberparleiter (3): s390/sclp: Fix SCCB present check s390/hypfs: Avoid unnecessary ioctl registration in debugfs s390/hypfs: Enable limited access during lockdown Peter Robinson (1): reset: brcmstb: Enable reset drivers for ARCH_BCM2835 Peter Ujfalusi (1): ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() Petr Pavlu (1): module: Prevent silent truncation of module name in delete_module(2) Phillip Lougher (1): squashfs: fix memory leak in squashfs_fill_super Prashant Malani (1): cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag Pu Lehui (1): tracing: Limit access to parser->buffer when trace_get_user failed Purva Yeshi (1): md: dm-zoned-target: Initialize return variable r to avoid uninitialized use Qingfang Deng (2): net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path ppp: fix race conditions in ppp_fill_forward_path Qu Wenruo (2): btrfs: do not allow relocation of partially dropped subvolumes btrfs: populate otime when logging an inode item Rafael J. Wysocki (2): ACPI: processor: perflib: Move problematic pr->performance check PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() Ramya Gnanasekar (1): wifi: mac80211: update radar_required in channel context after channel switch Rand Deeb (1): wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Randy Dunlap (2): parisc: Makefile: fix a typo in palo.conf parisc: Makefile: explain that 64BIT requires both 32-bit and 64-bit compilers Ranjan Kumar (4): scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans scsi: mpi3mr: Fix race between config read submit and interrupt completion scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems Ricardo Ribalda (3): media: uvcvideo: Do not mark valid metadata as invalid media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. media: venus: venc: Clamp param smaller than 1fps and bigger than 240 Ricky Wu (1): misc: rtsx: usb: Ensure mmc child device is active when card is present Rob Clark (1): drm/msm: use trylock for debugfs Rong Zhang (1): fs/ntfs3: correctly create symlink for relative path Sabrina Dubroca (2): udp: also consider secpath when evaluating ipsec use for checksumming tls: separate no-async decryption request handling from async Sakari Ailus (1): media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() Salah Triki (1): iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() Sarah Newman (1): drbd: add missing kref_get in handle_write_conflicts Sarthak Garg (1): mmc: sdhci-msm: Ensure SD card power isn't ON when card removed Sasha Levin (1): fs: Prevent file descriptor table allocations exceeding INT_MAX Sean Christopherson (19): KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the STI shadow KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update() KVM: x86: Snapshot the host's DEBUGCTL in common x86 KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs KVM: x86/pmu: Gate all "unimplemented MSR" prints on report_ignored_msrs KVM: x86: Plumb "force_immediate_exit" into kvm_entry() tracepoint KVM: VMX: Re-enter guest in fastpath for "spurious" preemption timer exits KVM: VMX: Handle forced exit due to preemption timer in fastpath KVM: x86: Move handling of is_guest_mode() into fastpath exit handlers KVM: VMX: Handle KVM-induced preemption timer exits in fastpath for L2 KVM: x86: Fully defer to vendor code to decide how to force immediate exit KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported KVM: VMX: Extract checking of guest's DEBUGCTL into helper KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer x86/reboot: Harden virtualization hooks for emergency reboot x86/reboot: KVM: Handle VMXOFF in KVM's reboot callback Sebastian Ott (1): ACPI: processor: fix acpi_object initialization Sebastian Reichel (2): watchdog: dw_wdt: Fix default timeout usb: typec: fusb302: cache PD RX state Selvarasu Ganesan (1): usb: dwc3: Remove WARN_ON for device endpoint command timeouts Sergey Bashirov (4): pNFS: Fix stripe mapping in block/scsi layout pNFS: Fix disk addr range check in block/scsi layout pNFS: Handle RPC size limit for layoutcommits pNFS: Fix uninited ptr deref in block/scsi layout Sergey Shtylyov (1): Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() Shankari Anand (1): kconfig: nconf: Ensure null termination where strncpy is used Shannon Nelson (1): ionic: clean dbpage in de-init Shengjiu Wang (1): ASoC: fsl_sai: replace regmap_write with regmap_update_bits Shiji Yang (2): MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} MIPS: lantiq: falcon: sysctrl: fix request memory check logic Showrya M N (1): scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Shubhrajyoti Datta (1): EDAC/synopsys: Clear the ECC counters on init Shyam Prasad N (1): cifs: reset iface weights when we cannot find a candidate Sravan Kumar Gundu (1): fbdev: Fix vmalloc out-of-bounds write in fast_imageblit Stanislaw Gruszka (1): wifi: iwlegacy: Check rate_idx range after addition Stefan Metzmacher (1): smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() Steve French (1): smb3: fix for slab out of bounds on mount to ksmbd Steven Rostedt (3): ktest.pl: Prevent recursion of default variable options ftrace: Also allocate and copy hash for reading of filter files tracing: Remove unneeded goto out logic Su Hui (1): usb: xhci: print xhci->xhc_state when queue_command failed Suchit Karunakaran (1): kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c Sumanth Gavini (1): Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync Sven Schnelle (2): s390/time: Use monotonic clock in get_cycles() s390/stp: Remove udelay from stp_sync_clock() Takashi Iwai (5): ALSA: usb-audio: Validate UAC3 power domain descriptors, too ALSA: usb-audio: Validate UAC3 cluster segment descriptors ALSA: hda: Handle the jack polling always via a work ALSA: hda: Disable jack polling at shutdown ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation Tetsuo Handa (1): hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Theodore Ts'o (2): ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr ext4: don't try to clear the orphan_present feature block device is r/o Thomas Fourier (8): et131x: Add missing check after DMA map net: ag71xx: Add missing check after DMA map (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. powerpc: floppy: Add missing checks after DMA map wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() mtd: rawnand: fsmc: Add missing check after DMA map mtd: rawnand: renesas: Add missing check after DMA map Thomas Weißschuh (5): tools/nolibc: define time_t in terms of __kernel_old_time_t tools/build: Fix s390(x) cross-compilation with clang um: Re-evaluate thread flags repeatedly MIPS: Don't crash in stack_top() for tasks without ABI or vDSO kbuild: userprogs: use correct linker when mixing clang and GNU ld Thorsten Blum (1): usb: storage: realtek_cr: Use correct byte order for bcs->Residue Tianxiang Peng (1): x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Tim Harvey (1): hwmon: (gsc-hwmon) fix fan pwm setpoint show functions Timur Kristóf (6): drm/amd/display: Don't overwrite dce60_clk_mgr drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs drm/amd/display: Don't overclock DCE 6 by 15% Tomasz Michalec (2): usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present platform/chrome: cros_ec_typec: Defer probe on missing EC parent Trond Myklebust (1): NFS: Fix the setting of capabilities when automounting a new filesystem Tvrtko Ursulin (1): drm/ttm: Respect the shrinker core free target Tzung-Bi Shih (2): platform/chrome: cros_ec: remove unneeded label and if-condition platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() Ulf Hansson (1): mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Uwe Kleine-König (3): pwm: mediatek: Handle hardware enable and clock enable separately pwm: mediatek: Fix duty and period setting usb: musb: omap2430: Convert to platform remove callback returning void ValdikSS (1): igc: fix disabling L1.2 PCI-E link substate on I226 on init Vasiliy Kovalev (1): ALSA: hda/realtek: Fix headset mic on HONOR BRB-X Vedang Nagar (2): media: venus: Add a check for packet size after reading from shared memory media: venus: Fix OOB read due to missing payload bound check Viacheslav Dubeyko (4): hfs: fix slab-out-of-bounds in hfs_bnode_read() hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() hfs: fix not erasing deleted b-tree node issue Victor Shih (3): mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency mmc: sdhci-pci-gli: Add a new function to simplify the code mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER Vladimir Zapolskiy (1): media: qcom: camss: cleanup media device allocated resource on error path Waiman Long (2): mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key Wang Liang (1): net: bridge: fix soft lockup in br_multicast_query_expired() Wang Zhaolong (1): smb: client: remove redundant lstrp update in negotiate protocol Wei Gao (1): ext2: Handle fiemap on empty files to prevent EINVAL Wen Chen (1): drm/amd/display: Fix 'failed to blank crtc!' Will Deacon (4): vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page vsock/virtio: Validate length in packet header before skb_put() vhost/vsock: Avoid allocating arbitrarily-sized SKBs KVM: arm64: Fix kernel BUG() due to bad backport of FPSIMD/SVE/SME fix William Liu (2): net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate Willy Tarreau (1): tools/nolibc: fix spelling of FD_SETBITMASK in FD_* macros Wolfram Sang (3): media: usb: hdpvr: disable zero-length read messages i3c: add missing include to internal header i3c: don't fail if GETHDRCAP is unsupported Xinxin Wan (1): ASoC: codecs: rt5640: Retry DEVICE_ID verification Xinyu Liu (1): usb: core: config: Prevent OOB read in SS endpoint companion parsing Xu Yang (2): net: usb: asix_devices: add phy_mask for ax88772 mdio bus usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test Xu Yilun (1): fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() Yann E. MORIN (1): kconfig: lxdialog: fix 'space' to (de)select options Yazen Ghannam (1): x86/mce/amd: Add default names for MCA banks and blocks Ye Bin (1): fs/buffer: fix use-after-free when call bh_read() helper Yonghong Song (1): selftests/bpf: Fix a user_ringbuf failure with arm64 64KB page size Yongzhen Zhang (1): fbdev: fix potential buffer overflow in do_register_framebuffer() Youngjun Lee (1): media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Youssef Samir (1): bus: mhi: host: Detect events pointing to unexpected TREs Yuichiro Tsuji (1): net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Yunhui Cui (1): serial: 8250: fix panic due to PSLVERR Yury Norov [NVIDIA] (1): RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Zenm Chen (1): USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles Zhang Lixu (2): iio: hid-sensor-prox: Restore lost scale assignments iio: hid-sensor-prox: Fix incorrect OFFSET calculation Zhang Shurong (1): media: ov2659: Fix memory leaks in ov2659_probe() Zhang Yi (1): ext4: fix hole length calculation overflow in non-extent inodes Zhiqi Song (1): crypto: hisilicon/hpre - fix dma unmap sequence Zhu Qiyu (1): ACPI: PRM: Reduce unnecessary printing to avoid user confusion Ziyan Fu (1): watchdog: iTCO_wdt: Report error if timeout configuration fails chenchangcheng (1): media: uvcvideo: Fix bandwidth issue for Alcor camera fangzhong.zhou (1): i2c: Force DLL0945 touchpad i2c freq to 100khz jackysliu (1): scsi: bfa: Double-free fix tuhaowen (1): PM: sleep: console: Fix the black screen issue zhangjianrong (2): net: thunderbolt: Enable end-to-end flow control also in transmit net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() Álvaro Fernández Rojas (5): net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 net: dsa: b53: prevent DIS_LEARNING access on BCM5325 net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325

2 weeks, 6 days

1
1
0 0

Linux 5.15.190

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.190 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/filesystems/f2fs.rst | 6 Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 Documentation/memory-barriers.txt | 11 Documentation/networking/mptcp-sysctl.rst | 2 Makefile | 4 arch/alpha/include/asm/processor.h | 2 arch/alpha/kernel/process.c | 5 arch/arc/include/asm/processor.h | 2 arch/arc/kernel/stacktrace.c | 4 arch/arm/Makefile | 2 arch/arm/boot/dts/am335x-boneblack.dts | 2 arch/arm/boot/dts/imx6ul-kontron-n6x1x-s.dtsi | 1 arch/arm/boot/dts/vfxxx.dtsi | 2 arch/arm/include/asm/processor.h | 2 arch/arm/kernel/process.c | 4 arch/arm/mach-rockchip/platsmp.c | 15 arch/arm/mach-tegra/reset.c | 2 arch/arm64/boot/dts/freescale/imx8mm-beacon-som.dtsi | 2 arch/arm64/boot/dts/freescale/imx8mn-beacon-som.dtsi | 2 arch/arm64/include/asm/acpi.h | 2 arch/arm64/include/asm/processor.h | 2 arch/arm64/kernel/entry.S | 6 arch/arm64/kernel/fpsimd.c | 4 arch/arm64/kernel/process.c | 4 arch/arm64/kernel/traps.c | 1 arch/arm64/mm/fault.c | 1 arch/arm64/mm/ptdump_debugfs.c | 3 arch/csky/include/asm/processor.h | 2 arch/csky/kernel/stacktrace.c | 5 arch/h8300/include/asm/processor.h | 2 arch/h8300/kernel/process.c | 5 arch/hexagon/include/asm/processor.h | 2 arch/hexagon/kernel/process.c | 4 arch/ia64/include/asm/processor.h | 2 arch/ia64/kernel/process.c | 5 arch/m68k/Kconfig.debug | 2 arch/m68k/include/asm/processor.h | 2 arch/m68k/kernel/early_printk.c | 42 - arch/m68k/kernel/head.S | 39 - arch/m68k/kernel/process.c | 4 arch/microblaze/include/asm/processor.h | 2 arch/microblaze/kernel/process.c | 2 arch/mips/crypto/chacha-core.S | 20 arch/mips/include/asm/processor.h | 2 arch/mips/include/asm/vpe.h | 8 arch/mips/kernel/process.c | 24 arch/mips/mm/tlb-r4k.c | 56 + arch/nds32/include/asm/processor.h | 2 arch/nds32/kernel/process.c | 7 arch/nios2/include/asm/processor.h | 2 arch/nios2/kernel/process.c | 5 arch/openrisc/include/asm/processor.h | 2 arch/openrisc/kernel/process.c | 2 arch/parisc/Makefile | 2 arch/parisc/include/asm/processor.h | 2 arch/parisc/kernel/process.c | 5 arch/powerpc/configs/ppc6xx_defconfig | 1 arch/powerpc/include/asm/processor.h | 2 arch/powerpc/kernel/eeh.c | 1 arch/powerpc/kernel/eeh_driver.c | 48 + arch/powerpc/kernel/eeh_pe.c | 11 arch/powerpc/kernel/pci-hotplug.c | 3 arch/powerpc/kernel/process.c | 9 arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 arch/riscv/include/asm/processor.h | 2 arch/riscv/kernel/stacktrace.c | 12 arch/s390/hypfs/hypfs_dbfs.c | 19 arch/s390/include/asm/processor.h | 2 arch/s390/include/asm/timex.h | 13 arch/s390/kernel/process.c | 4 arch/s390/kernel/time.c | 2 arch/s390/mm/dump_pagetables.c | 2 arch/sh/Makefile | 10 arch/sh/boot/compressed/Makefile | 4 arch/sh/boot/romimage/Makefile | 4 arch/sh/include/asm/processor_32.h | 2 arch/sh/kernel/process_32.c | 5 arch/sparc/include/asm/processor_32.h | 2 arch/sparc/include/asm/processor_64.h | 2 arch/sparc/kernel/process_32.c | 5 arch/sparc/kernel/process_64.c | 5 arch/um/drivers/rtc_user.c | 2 arch/um/include/asm/processor-generic.h | 2 arch/um/kernel/process.c | 5 arch/x86/include/asm/processor.h | 2 arch/x86/include/asm/xen/hypercall.h | 6 arch/x86/kernel/cpu/amd.c | 2 arch/x86/kernel/cpu/bugs.c | 5 arch/x86/kernel/cpu/hygon.c | 3 arch/x86/kernel/cpu/mce/amd.c | 13 arch/x86/kernel/process.c | 62 -- arch/x86/kvm/vmx/vmx.c | 5 arch/x86/mm/extable.c | 5 arch/xtensa/include/asm/processor.h | 2 arch/xtensa/kernel/process.c | 5 block/blk-settings.c | 2 drivers/acpi/acpi_processor.c | 2 drivers/acpi/apei/ghes.c | 2 drivers/acpi/prmt.c | 26 drivers/acpi/processor_idle.c | 4 drivers/acpi/processor_perflib.c | 11 drivers/ata/Kconfig | 35 - drivers/ata/libata-sata.c | 5 drivers/ata/libata-scsi.c | 20 drivers/base/power/domain_governor.c | 18 drivers/base/power/runtime.c | 5 drivers/base/regmap/regmap.c | 2 drivers/block/drbd/drbd_receiver.c | 6 drivers/block/sunvdc.c | 4 drivers/bus/fsl-mc/fsl-mc-bus.c | 19 drivers/bus/mhi/host/boot.c | 8 drivers/bus/mhi/host/internal.h | 4 drivers/bus/mhi/host/main.c | 15 drivers/char/hw_random/mtk-rng.c | 4 drivers/char/ipmi/ipmi_msghandler.c | 8 drivers/char/ipmi/ipmi_watchdog.c | 59 +- drivers/clk/clk-axi-clkgen.c | 2 drivers/clk/davinci/psc.c | 5 drivers/clk/sunxi-ng/ccu-sun8i-v3s.c | 3 drivers/clk/xilinx/xlnx_vcu.c | 4 drivers/comedi/comedi_fops.c | 66 +- drivers/comedi/comedi_internal.h | 1 drivers/comedi/drivers.c | 43 - drivers/comedi/drivers/aio_iiro_16.c | 3 drivers/comedi/drivers/comedi_test.c | 2 drivers/comedi/drivers/das16m1.c | 3 drivers/comedi/drivers/das6402.c | 3 drivers/comedi/drivers/pcl726.c | 3 drivers/comedi/drivers/pcl812.c | 3 drivers/cpufreq/armada-8k-cpufreq.c | 2 drivers/cpufreq/cppc_cpufreq.c | 2 drivers/cpufreq/cpufreq.c | 29 drivers/cpufreq/intel_pstate.c | 4 drivers/cpuidle/governors/menu.c | 21 drivers/crypto/ccp/ccp-debugfs.c | 3 drivers/crypto/hisilicon/hpre/hpre_crypto.c | 8 drivers/crypto/img-hash.c | 2 drivers/crypto/inside-secure/safexcel_hash.c | 8 drivers/crypto/keembay/keembay-ocs-hcu-core.c | 8 drivers/crypto/marvell/cesa/cipher.c | 4 drivers/crypto/marvell/cesa/hash.c | 5 drivers/crypto/marvell/octeontx2/otx2_cptpf_ucode.c | 16 drivers/crypto/qat/qat_common/adf_transport_debug.c | 4 drivers/devfreq/devfreq.c | 10 drivers/devfreq/governor_userspace.c | 6 drivers/dma/mv_xor.c | 21 drivers/dma/nbpfaxi.c | 24 drivers/edac/synopsys_edac.c | 97 +-- drivers/fpga/zynq-fpga.c | 10 drivers/gpio/gpio-tps65912.c | 7 drivers/gpio/gpio-virtio.c | 9 drivers/gpio/gpio-wcd934x.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 drivers/gpu/drm/amd/display/dc/bios/command_table.c | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/clk_mgr.c | 1 drivers/gpu/drm/amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 - drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 - drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_psp.c | 3 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu_helper.c | 2 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 drivers/gpu/drm/amd/pm/swsmu/smu11/vangogh_ppt.c | 37 - drivers/gpu/drm/drm_dp_helper.c | 2 drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c | 4 drivers/gpu/drm/msm/msm_gem.c | 3 drivers/gpu/drm/rockchip/rockchip_drm_fb.c | 9 drivers/gpu/drm/scheduler/sched_entity.c | 27 drivers/gpu/drm/ttm/ttm_pool.c | 8 drivers/gpu/drm/ttm/ttm_resource.c | 3 drivers/hid/hid-core.c | 19 drivers/hid/hid-magicmouse.c | 51 + drivers/hwmon/corsair-cpro.c | 5 drivers/hwmon/gsc-hwmon.c | 4 drivers/i2c/busses/i2c-qup.c | 4 drivers/i2c/busses/i2c-stm32.c | 8 drivers/i2c/busses/i2c-stm32f7.c | 4 drivers/i2c/busses/i2c-virtio.c | 15 drivers/i2c/i2c-core-acpi.c | 1 drivers/i3c/internals.h | 1 drivers/i3c/master.c | 2 drivers/idle/intel_idle.c | 2 drivers/iio/adc/ad7768-1.c | 23 drivers/iio/adc/ad_sigma_delta.c | 4 drivers/iio/adc/max1363.c | 43 - drivers/iio/adc/stm32-adc-core.c | 7 drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 6 drivers/iio/light/as73211.c | 2 drivers/iio/light/hid-sensor-prox.c | 8 drivers/iio/pressure/bmp280-core.c | 9 drivers/iio/proximity/isl29501.c | 16 drivers/infiniband/core/cache.c | 4 drivers/infiniband/core/nldev.c | 22 drivers/infiniband/hw/bnxt_re/qplib_res.c | 2 drivers/infiniband/hw/hfi1/affinity.c | 44 - drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 15 drivers/infiniband/hw/mlx5/dm.c | 2 drivers/input/joystick/xpad.c | 2 drivers/input/keyboard/gpio_keys.c | 4 drivers/interconnect/qcom/sc7280.c | 1 drivers/iommu/amd/init.c | 4 drivers/leds/leds-lp50xx.c | 11 drivers/md/dm-ps-historical-service-time.c | 4 drivers/md/dm-ps-queue-length.c | 4 drivers/md/dm-ps-round-robin.c | 4 drivers/md/dm-ps-service-time.c | 4 drivers/md/dm-zoned-target.c | 2 drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3 drivers/media/dvb-frontends/dib7000p.c | 10 drivers/media/i2c/hi556.c | 26 drivers/media/i2c/ov2659.c | 3 drivers/media/i2c/tc358743.c | 86 +- drivers/media/platform/qcom/camss/camss.c | 10 drivers/media/platform/qcom/venus/core.c | 21 drivers/media/platform/qcom/venus/core.h | 2 drivers/media/platform/qcom/venus/dbgfs.c | 9 drivers/media/platform/qcom/venus/dbgfs.h | 13 drivers/media/platform/qcom/venus/hfi_venus.c | 5 drivers/media/platform/qcom/venus/vdec.c | 5 drivers/media/platform/qcom/venus/venc.c | 5 drivers/media/usb/gspca/vicam.c | 10 drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 drivers/media/usb/usbtv/usbtv-video.c | 4 drivers/media/usb/uvc/uvc_driver.c | 3 drivers/media/usb/uvc/uvc_video.c | 21 drivers/media/v4l2-core/v4l2-common.c | 8 drivers/media/v4l2-core/v4l2-ctrls-core.c | 9 drivers/memstick/core/memstick.c | 3 drivers/memstick/host/rtsx_usb_ms.c | 1 drivers/misc/cardreader/rtsx_usb.c | 16 drivers/mmc/host/bcm2835.c | 3 drivers/mmc/host/rtsx_usb_sdmmc.c | 4 drivers/mmc/host/sdhci-msm.c | 14 drivers/mmc/host/sdhci-pci-core.c | 3 drivers/mmc/host/sdhci-pci-gli.c | 4 drivers/mmc/host/sdhci_am654.c | 9 drivers/most/core.c | 2 drivers/mtd/ftl.c | 2 drivers/mtd/nand/raw/atmel/nand-controller.c | 2 drivers/mtd/nand/raw/atmel/pmecc.c | 6 drivers/mtd/nand/raw/fsmc_nand.c | 2 drivers/mtd/nand/raw/rockchip-nand-controller.c | 15 drivers/mtd/nand/spi/core.c | 5 drivers/net/bonding/bond_3ad.c | 25 drivers/net/bonding/bond_options.c | 1 drivers/net/can/kvaser_pciefd.c | 1 drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 drivers/net/dsa/b53/b53_common.c | 65 +- drivers/net/dsa/b53/b53_regs.h | 2 drivers/net/ethernet/agere/et131x.c | 36 + drivers/net/ethernet/aquantia/atlantic/aq_hw.h | 2 drivers/net/ethernet/aquantia/atlantic/hw_atl2/hw_atl2_utils_fw.c | 39 + drivers/net/ethernet/atheros/ag71xx.c | 9 drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 drivers/net/ethernet/emulex/benet/be_cmds.c | 2 drivers/net/ethernet/emulex/benet/be_main.c | 8 drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 15 drivers/net/ethernet/freescale/dpaa2/dpaa2-switch.c | 15 drivers/net/ethernet/freescale/enetc/enetc_pf.c | 14 drivers/net/ethernet/freescale/fec_main.c | 34 - drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 drivers/net/ethernet/google/gve/gve_adminq.c | 1 drivers/net/ethernet/google/gve/gve_main.c | 67 +- drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 36 - drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c | 9 drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 6 drivers/net/ethernet/intel/e1000e/defines.h | 3 drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 drivers/net/ethernet/intel/e1000e/nvm.c | 6 drivers/net/ethernet/intel/fm10k/fm10k.h | 3 drivers/net/ethernet/intel/i40e/i40e.h | 2 drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 3 drivers/net/ethernet/intel/i40e/i40e_main.c | 18 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 drivers/net/ethernet/intel/ice/ice_flex_pipe.c | 2 drivers/net/ethernet/intel/igc/igc_main.c | 14 drivers/net/ethernet/intel/ixgbe/ixgbe.h | 3 drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4 drivers/net/ethernet/mellanox/mlx5/core/en.h | 24 drivers/net/ethernet/mellanox/mlx5/core/en/qos.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 13 drivers/net/ethernet/mellanox/mlx5/core/lib/dm.c | 4 drivers/net/ethernet/mellanox/mlx5/core/main.c | 3 drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2 drivers/net/ethernet/mellanox/mlxsw/trap.h | 1 drivers/net/ethernet/xilinx/xilinx_emaclite.c | 2 drivers/net/hyperv/hyperv_net.h | 3 drivers/net/hyperv/netvsc_drv.c | 29 drivers/net/phy/dp83640.c | 6 drivers/net/phy/mscc/mscc.h | 12 drivers/net/phy/mscc/mscc_main.c | 12 drivers/net/phy/mscc/mscc_ptp.c | 50 + drivers/net/phy/mscc/mscc_ptp.h | 1 drivers/net/phy/nxp-c45-tja11xx.c | 2 drivers/net/phy/smsc.c | 1 drivers/net/ppp/ppp_generic.c | 17 drivers/net/ppp/pptp.c | 18 drivers/net/thunderbolt.c | 8 drivers/net/usb/asix_devices.c | 1 drivers/net/usb/sierra_net.c | 4 drivers/net/usb/usbnet.c | 11 drivers/net/vrf.c | 2 drivers/net/wireless/ath/ath11k/hal.c | 25 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 8 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 drivers/net/wireless/intel/iwlwifi/dvm/main.c | 11 drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 drivers/net/wireless/marvell/mwl8k.c | 4 drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 3 drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 2 drivers/net/wireless/realtek/rtlwifi/pci.c | 23 drivers/net/xen-netfront.c | 5 drivers/nvme/host/core.c | 4 drivers/pci/controller/pcie-rockchip-host.c | 2 drivers/pci/controller/vmd.c | 3 drivers/pci/endpoint/functions/pci-epf-vntb.c | 4 drivers/pci/endpoint/pci-ep-cfs.c | 1 drivers/pci/endpoint/pci-epf-core.c | 2 drivers/pci/hotplug/pnv_php.c | 233 +++++++ drivers/pci/pci-acpi.c | 4 drivers/pci/pci.c | 8 drivers/pci/probe.c | 2 drivers/phy/tegra/xusb-tegra186.c | 59 +- drivers/pinctrl/mediatek/pinctrl-moore.c | 18 drivers/pinctrl/stm32/pinctrl-stm32.c | 1 drivers/pinctrl/sunxi/pinctrl-sunxi.c | 11 drivers/platform/chrome/cros_ec.c | 23 drivers/platform/chrome/cros_ec.h | 2 drivers/platform/chrome/cros_ec_i2c.c | 4 drivers/platform/chrome/cros_ec_lpc.c | 4 drivers/platform/chrome/cros_ec_spi.c | 4 drivers/platform/chrome/cros_ec_typec.c | 4 drivers/platform/x86/ideapad-laptop.c | 2 drivers/platform/x86/think-lmi.c | 27 drivers/platform/x86/thinkpad_acpi.c | 4 drivers/power/supply/cpcap-charger.c | 5 drivers/power/supply/max14577_charger.c | 4 drivers/powercap/intel_rapl_common.c | 23 drivers/pps/clients/pps-gpio.c | 5 drivers/pps/pps.c | 11 drivers/ptp/ptp_private.h | 5 drivers/ptp/ptp_vclock.c | 7 drivers/pwm/pwm-imx-tpm.c | 9 drivers/pwm/pwm-mediatek.c | 78 +- drivers/regulator/core.c | 1 drivers/reset/Kconfig | 10 drivers/rtc/rtc-ds1307.c | 17 drivers/rtc/rtc-hym8563.c | 2 drivers/rtc/rtc-pcf85063.c | 2 drivers/rtc/rtc-pcf8563.c | 2 drivers/rtc/rtc-rv3028.c | 2 drivers/scsi/aacraid/comminit.c | 3 drivers/scsi/bfa/bfad_im.c | 1 drivers/scsi/ibmvscsi_tgt/libsrp.c | 6 drivers/scsi/isci/request.c | 2 drivers/scsi/libiscsi.c | 3 drivers/scsi/lpfc/lpfc_debugfs.c | 1 drivers/scsi/lpfc/lpfc_scsi.c | 4 drivers/scsi/mpi3mr/mpi3mr.h | 6 drivers/scsi/mpi3mr/mpi3mr_fw.c | 17 drivers/scsi/mpi3mr/mpi3mr_os.c | 2 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 22 drivers/scsi/mvsas/mv_sas.c | 4 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/scsi/scsi_scan.c | 2 drivers/scsi/scsi_transport_sas.c | 60 +- drivers/scsi/ufs/ufs-exynos.c | 4 drivers/scsi/ufs/ufshcd-pci.c | 42 + drivers/scsi/ufs/ufshcd.c | 10 drivers/soc/aspeed/aspeed-lpc-snoop.c | 13 drivers/soc/qcom/mdt_loader.c | 41 + drivers/soc/tegra/pmc.c | 51 - drivers/soundwire/stream.c | 2 drivers/staging/fbtft/fbtft-core.c | 1 drivers/staging/media/imx/imx-media-csc-scaler.c | 2 drivers/staging/nvec/nvec_power.c | 2 drivers/target/target_core_fabric_lib.c | 63 +- drivers/target/target_core_internal.h | 4 drivers/target/target_core_pr.c | 18 drivers/thermal/qcom/qcom-spmi-temp-alarm.c | 43 + drivers/thermal/thermal_sysfs.c | 9 drivers/thunderbolt/domain.c | 2 drivers/thunderbolt/switch.c | 2 drivers/tty/serial/8250/8250_port.c | 3 drivers/tty/serial/pch_uart.c | 2 drivers/tty/vt/defkeymap.c_shipped | 112 +++ drivers/tty/vt/keyboard.c | 2 drivers/usb/atm/cxacru.c | 106 +-- drivers/usb/chipidea/ci.h | 18 drivers/usb/chipidea/udc.c | 10 drivers/usb/class/cdc-acm.c | 11 drivers/usb/core/config.c | 10 drivers/usb/core/hcd.c | 8 drivers/usb/core/hub.c | 60 +- drivers/usb/core/hub.h | 1 drivers/usb/core/quirks.c | 1 drivers/usb/core/urb.c | 2 drivers/usb/dwc3/dwc3-imx8mp.c | 6 drivers/usb/dwc3/dwc3-meson-g12a.c | 3 drivers/usb/dwc3/dwc3-qcom.c | 7 drivers/usb/dwc3/ep0.c | 20 drivers/usb/dwc3/gadget.c | 19 drivers/usb/early/xhci-dbc.c | 4 drivers/usb/gadget/composite.c | 5 drivers/usb/gadget/configfs.c | 2 drivers/usb/gadget/udc/renesas_usb3.c | 1 drivers/usb/host/xhci-hub.c | 3 drivers/usb/host/xhci-mem.c | 24 drivers/usb/host/xhci-pci-renesas.c | 7 drivers/usb/host/xhci-ring.c | 19 drivers/usb/host/xhci.c | 24 drivers/usb/host/xhci.h | 3 drivers/usb/misc/apple-mfi-fastcharge.c | 24 drivers/usb/musb/musb_core.c | 62 +- drivers/usb/musb/musb_core.h | 11 drivers/usb/musb/musb_debugfs.c | 6 drivers/usb/musb/musb_gadget.c | 30 - drivers/usb/musb/musb_host.c | 6 drivers/usb/musb/musb_virthub.c | 18 drivers/usb/musb/omap2430.c | 16 drivers/usb/phy/phy-mxs-usb.c | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 3 drivers/usb/serial/option.c | 7 drivers/usb/storage/realtek_cr.c | 2 drivers/usb/storage/unusual_devs.h | 29 drivers/usb/typec/mux/intel_pmc_mux.c | 2 drivers/usb/typec/tcpm/fusb302.c | 8 drivers/usb/typec/tcpm/tcpm.c | 64 +- drivers/usb/typec/ucsi/psy.c | 2 drivers/usb/typec/ucsi/ucsi.c | 1 drivers/usb/typec/ucsi/ucsi.h | 7 drivers/vhost/scsi.c | 4 drivers/vhost/vhost.c | 3 drivers/video/console/vgacon.c | 2 drivers/video/fbdev/core/fbcon.c | 9 drivers/video/fbdev/imxfb.c | 9 drivers/watchdog/dw_wdt.c | 2 drivers/watchdog/iTCO_wdt.c | 6 drivers/watchdog/sbsa_gwdt.c | 50 + drivers/watchdog/ziirave_wdt.c | 3 drivers/xen/gntdev-common.h | 4 drivers/xen/gntdev.c | 71 +- fs/btrfs/relocation.c | 19 fs/btrfs/tree-log.c | 53 + fs/buffer.c | 2 fs/cifs/cifssmb.c | 10 fs/cifs/file.c | 10 fs/cifs/smb2ops.c | 7 fs/cifs/smbdirect.c | 14 fs/eventpoll.c | 60 +- fs/ext2/inode.c | 12 fs/ext4/fsmap.c | 23 fs/ext4/indirect.c | 4 fs/ext4/inline.c | 19 fs/ext4/inode.c | 2 fs/ext4/mballoc.c | 33 - fs/ext4/orphan.c | 5 fs/ext4/super.c | 2 fs/f2fs/extent_cache.c | 2 fs/f2fs/f2fs.h | 2 fs/f2fs/inode.c | 28 fs/f2fs/node.c | 10 fs/file.c | 90 +-- fs/hfs/bnode.c | 93 +++ fs/hfsplus/bnode.c | 92 +++ fs/hfsplus/extents.c | 3 fs/hfsplus/unicode.c | 7 fs/hfsplus/xattr.c | 6 fs/hugetlbfs/inode.c | 2 fs/isofs/inode.c | 9 fs/jbd2/checkpoint.c | 1 fs/jfs/file.c | 3 fs/jfs/inode.c | 2 fs/jfs/jfs_dmap.c | 10 fs/jfs/jfs_imap.c | 13 fs/ksmbd/smb2pdu.c | 16 fs/ksmbd/smb_common.c | 2 fs/ksmbd/transport_rdma.c | 97 +-- fs/libfs.c | 4 fs/namespace.c | 39 - fs/nfs/blocklayout/blocklayout.c | 4 fs/nfs/blocklayout/dev.c | 5 fs/nfs/blocklayout/extent_tree.c | 20 fs/nfs/client.c | 44 + fs/nfs/export.c | 11 fs/nfs/flexfilelayout/flexfilelayout.c | 26 fs/nfs/flexfilelayout/flexfilelayoutdev.c | 6 fs/nfs/internal.h | 10 fs/nfs/nfs4client.c | 15 fs/nfs/nfs4proc.c | 12 fs/nfs/pnfs.c | 11 fs/nfsd/nfs4state.c | 34 - fs/nilfs2/inode.c | 9 fs/ntfs3/dir.c | 3 fs/ntfs3/file.c | 5 fs/ntfs3/inode.c | 31 - fs/orangefs/orangefs-debugfs.c | 8 fs/squashfs/super.c | 14 fs/udf/super.c | 13 include/asm-generic/barrier.h | 33 + include/linux/bitmap.h | 2 include/linux/blk_types.h | 8 include/linux/compiler.h | 8 include/linux/cpuset.h | 17 include/linux/fs.h | 4 include/linux/fs_context.h | 2 include/linux/if_vlan.h | 6 include/linux/memfd.h | 14 include/linux/mlx5/device.h | 1 include/linux/mm.h | 80 +- include/linux/mmzone.h | 22 include/linux/moduleparam.h | 5 include/linux/pci.h | 10 include/linux/platform_data/cros_ec_proto.h | 4 include/linux/pps_kernel.h | 1 include/linux/sched.h | 1 include/linux/skbuff.h | 31 + include/linux/usb/usbnet.h | 1 include/linux/xarray.h | 15 include/net/bond_3ad.h | 1 include/net/cfg80211.h | 2 include/net/mac80211.h | 2 include/net/tc_act/tc_ctinfo.h | 6 include/net/udp.h | 24 include/sound/soc-dai.h | 13 include/uapi/linux/in6.h | 4 include/uapi/linux/io_uring.h | 2 kernel/bpf/helpers.c | 11 kernel/cgroup/cpuset.c | 23 kernel/events/core.c | 20 kernel/fork.c | 2 kernel/power/console.c | 7 kernel/rcu/tree_plugin.h | 3 kernel/sched/core.c | 19 kernel/sched/deadline.c | 4 kernel/sched/loadavg.c | 2 kernel/sched/rt.c | 6 kernel/sched/sched.h | 2 kernel/trace/ftrace.c | 19 kernel/trace/preemptirq_delay_test.c | 13 kernel/trace/trace.c | 33 - kernel/trace/trace.h | 8 kernel/trace/trace_events.c | 5 kernel/ucount.c | 2 lib/bitmap.c | 13 mm/debug_vm_pgtable.c | 9 mm/filemap.c | 2 mm/hmm.c | 2 mm/kmemleak.c | 10 mm/madvise.c | 2 mm/memfd.c | 2 mm/memory-failure.c | 8 mm/mmap.c | 10 mm/page_alloc.c | 13 mm/ptdump.c | 2 mm/shmem.c | 2 mm/vmalloc.c | 17 mm/zsmalloc.c | 3 net/8021q/vlan.c | 42 + net/8021q/vlan.h | 1 net/appletalk/aarp.c | 24 net/bluetooth/l2cap_core.c | 26 net/bluetooth/l2cap_sock.c | 3 net/bluetooth/smp.c | 21 net/bluetooth/smp.h | 1 net/bridge/br_multicast.c | 16 net/bridge/br_private.h | 2 net/bridge/br_switchdev.c | 3 net/caif/cfctrl.c | 294 ++++------ net/core/filter.c | 3 net/core/netpoll.c | 7 net/core/skmsg.c | 57 + net/hsr/hsr_slave.c | 8 net/ipv4/netfilter/nf_reject_ipv4.c | 6 net/ipv4/route.c | 1 net/ipv4/tcp_input.c | 3 net/ipv4/udp_offload.c | 2 net/ipv6/addrconf.c | 7 net/ipv6/ip6_offload.c | 4 net/ipv6/mcast.c | 13 net/ipv6/netfilter/nf_reject_ipv6.c | 5 net/ipv6/rpl_iptunnel.c | 8 net/ipv6/seg6_hmac.c | 6 net/mac80211/cfg.c | 13 net/mac80211/mlme.c | 9 net/mac80211/tx.c | 10 net/mctp/af_mctp.c | 26 net/mptcp/options.c | 7 net/mptcp/pm_netlink.c | 14 net/mptcp/protocol.c | 17 net/mptcp/protocol.h | 11 net/mptcp/subflow.c | 20 net/ncsi/internal.h | 2 net/ncsi/ncsi-rsp.c | 1 net/netfilter/nf_conntrack_netlink.c | 24 net/netfilter/nf_tables_api.c | 4 net/netfilter/xt_nfacct.c | 4 net/netlink/af_netlink.c | 2 net/packet/af_packet.c | 39 - net/phonet/pep.c | 2 net/sched/act_ctinfo.c | 19 net/sched/sch_cake.c | 14 net/sched/sch_codel.c | 5 net/sched/sch_drr.c | 7 net/sched/sch_ets.c | 46 - net/sched/sch_fq_codel.c | 6 net/sched/sch_hfsc.c | 8 net/sched/sch_htb.c | 19 net/sched/sch_netem.c | 40 + net/sched/sch_qfq.c | 40 - net/sctp/input.c | 2 net/tls/tls_sw.c | 13 net/vmw_vsock/af_vsock.c | 3 net/wireless/mlme.c | 3 samples/mei/mei-amt-version.c | 2 scripts/kconfig/gconf.c | 8 scripts/kconfig/lxdialog/inputbox.c | 6 scripts/kconfig/lxdialog/menubox.c | 2 scripts/kconfig/nconf.c | 2 scripts/kconfig/nconf.gui.c | 1 scripts/kconfig/qconf.cc | 2 security/apparmor/include/match.h | 3 security/apparmor/match.c | 1 security/inode.c | 2 sound/core/pcm_native.c | 19 sound/pci/hda/patch_ca0132.c | 7 sound/pci/hda/patch_hdmi.c | 19 sound/pci/hda/patch_realtek.c | 3 sound/pci/intel8x0.c | 2 sound/soc/codecs/hdac_hdmi.c | 10 sound/soc/codecs/rt5640.c | 5 sound/soc/fsl/fsl_sai.c | 30 - sound/soc/generic/audio-graph-card.c | 2 sound/soc/intel/boards/Kconfig | 2 sound/soc/soc-core.c | 28 sound/soc/soc-dai.c | 59 +- sound/soc/soc-dapm.c | 4 sound/soc/soc-ops.c | 26 sound/usb/mixer_quirks.c | 14 sound/usb/mixer_scarlett_gen2.c | 8 sound/usb/stream.c | 25 sound/usb/validate.c | 14 sound/x86/intel_hdmi_audio.c | 2 tools/bpf/bpftool/net.c | 15 tools/include/linux/sched/mm.h | 2 tools/include/nolibc/std.h | 4 tools/perf/builtin-sched.c | 12 tools/perf/tests/bp_account.c | 1 tools/perf/util/evsel.c | 11 tools/perf/util/evsel.h | 2 tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 4 tools/testing/ktest/ktest.pl | 5 tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 28 tools/testing/selftests/ftrace/test.d/ftrace/func-filter-glob.tc | 2 tools/testing/selftests/futex/include/futextest.h | 11 tools/testing/selftests/memfd/memfd_test.c | 43 + tools/testing/selftests/net/mptcp/Makefile | 3 tools/testing/selftests/net/mptcp/mptcp_connect.c | 28 tools/testing/selftests/net/mptcp/mptcp_connect_checksum.sh | 5 tools/testing/selftests/net/mptcp/mptcp_connect_mmap.sh | 5 tools/testing/selftests/net/mptcp/mptcp_connect_sendfile.sh | 5 tools/testing/selftests/net/mptcp/mptcp_join.sh | 1 tools/testing/selftests/net/mptcp/pm_netlink.sh | 1 tools/testing/selftests/net/rtnetlink.sh | 6 tools/testing/selftests/net/udpgro.sh | 46 - tools/testing/selftests/perf_events/.gitignore | 1 tools/testing/selftests/perf_events/Makefile | 2 tools/testing/selftests/perf_events/mmap.c | 236 ++++++++ tools/testing/selftests/syscall_user_dispatch/sud_test.c | 50 - 677 files changed, 6071 insertions(+), 2522 deletions(-) Aaron Kling (1): ARM: tegra: Use I/O memcpy to write to IRAM Aaron Plattner (1): watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition Abdun Nihaal (2): regmap: fix potential memory leak of regmap_bus staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() Abinash Singh (1): f2fs: fix KMSAN uninit-value in extent_info usage Ada Couprie Diaz (1): arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() Adam Ford (2): arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed Aditya Garg (1): HID: magicmouse: avoid setting up battery timer when not needed Adrian Hunter (1): scsi: ufs: ufs-pci: Fix default runtime and system PM levels Al Viro (5): clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns better lockdep annotations for simple_recursive_removal() securityfs: don't pin dentries twice, once is enough... use uniform permission checks for all mount propagation changes alloc_fdtable(): change calling conventions. Albin Törnqvist (1): arm: dts: ti: omap: Fixup pinheader typo Alessandro Carminati (1): regulator: core: fix NULL dereference on unbind due to stale coupling data Alex Guo (2): media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alexander Gordeev (1): mm/vmalloc: leave lazy MMU mode on PTE mapping error Alexander Kochetkov (1): ARM: rockchip: fix kernel hang during smp initialization Alexander Wetzel (1): wifi: mac80211: Don't call fq_flow_idx() for management frames Alexander Wilhelm (1): bus: mhi: host: Fix endianness of BHI vector table Alok Tiwari (7): thunderbolt: Fix bit masking in tb_dp_port_set_hops() net: emaclite: Fix missing pointer increment in aligned_read() staging: nvec: Fix incorrect null termination of battery manufacturer ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 be2net: Use correct byte order and format string for TCP seq and ack_seq net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() gve: Return error for unknown admin queue command Amir Mohammad Jahangirzad (1): fs/orangefs: use snprintf() instead of sprintf() Ammar Faizi (1): net: usbnet: Fix the wrong netif_carrier_on() call Anantha Prabhu (1): RDMA/bnxt_re: Fix to initialize the PBL array Andreas Dilger (1): ext4: check fast symlink for ea_inode correctly Andrew Jeffery (2): soc: aspeed: lpc-snoop: Cleanup resources in stack-order soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled André Draszik (1): scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE Andy Shevchenko (2): mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery Documentation: ACPI: Fix parent device references Andy Yan (1): drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed Anna Schumaker (1): NFS: Create an nfs4_server_set_init_caps() function Annette Kobou (1): ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface Anshuman Khandual (1): mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Anthoine Bourgeois (1): xen/netfront: Fix TX response spurious interrupts Archana Patni (1): scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers Arnaud Lecomte (1): jfs: upper bound check of tree index in dbAllocAG Arnd Bergmann (6): ethernet: intel: fix building with large NR_CPUS ASoC: Intel: fix SND_SOC_SOF dependencies ASoC: ops: dynamically allocate struct snd_ctl_elem_value caif: reduce stack size, again kernel: trace: preemptirq_delay_test: use offstack cpu mask RDMA/core: reduce stack using in nldev_stat_get_doit() Arun Raghavan (1): ASoC: fsl_sai: Force a software reset when starting in consumer mode Aruna Ramakrishna (1): sched: Change nr_uninterruptible type to unsigned long Avraham Stern (1): wifi: iwlwifi: mvm: fix scan request validation Baihan Li (1): drm/hisilicon/hibmc: fix the hibmc loaded failed bug Balamanikandan Gunasundar (1): mtd: rawnand: atmel: set pmecc data setup time Baokun Li (2): ext4: fix largest free orders lists corruption on mb_optimize_scan switch jbd2: prevent softlockup in jbd2_log_do_checkpoint() Bard Liao (1): soundwire: stream: restore params when prepare ports fail Bartosz Golaszewski (2): gpio: wcd934x: check the return value of regmap_update_bits() gpio: tps65912: check the return value of regmap_update_bits() Ben Ben-Ishay (1): net/mlx5e: Add support to klm_umr_wqe Ben Hutchings (1): sh: Do not use hyphen in exported variable name Benjamin Coddington (1): NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY Benjamin Tissoires (3): HID: core: ensure the allocated report buffer can contain the reserved report ID HID: core: ensure __hid_request reserves the report ID as the first byte HID: core: do not bypass hid_hw_raw_request Benson Leung (1): usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default Bharat Bhushan (1): crypto: octeontx2 - add timeout for load_fvc completion poll Bingbu Cao (1): media: hi556: correct the test pattern configuration Bjorn Andersson (1): soc: qcom: mdt_loader: Ensure we don't read past the ELF header Brahmajit Das (1): samples: mei: Fix building on musl libc Breno Leitao (4): ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path arm64: Mark kernel as tainted on SAE and SError panic ipmi: Use dev_warn_ratelimited() for incorrect message warnings mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock Brian Masney (5): rtc: ds1307: fix incorrect maximum clock rate handling rtc: hym8563: fix incorrect maximum clock rate handling rtc: pcf85063: fix incorrect maximum clock rate handling rtc: pcf8563: fix incorrect maximum clock rate handling rtc: rv3028: fix incorrect maximum clock rate handling Buday Csaba (1): net: phy: smsc: add proper reset flags for LAN8710A Budimir Markovic (1): vsock: Do not allow binding to VMADDR_PORT_ANY Chao Gao (1): KVM: VMX: Flush shadow VMCS on emergency reboot Chao Yu (6): f2fs: doc: fix wrong quota mount option description f2fs: fix to avoid UAF in f2fs_sync_inode_meta() f2fs: fix to avoid panic in f2fs_evict_inode f2fs: fix to avoid out-of-boundary access in devs.path f2fs: fix to do sanity check on ino and xnid f2fs: fix to avoid out-of-boundary access in dnode page Charalampos Mitrodimas (1): usb: misc: apple-mfi-fastcharge: Make power supply names unique Charles Han (2): power: supply: cpcap-charger: Fix null check for power_supply_get_by_name power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set Cheick Traore (1): pinctrl: stm32: Manage irq affinity settings Chen Ni (1): iio: adc: stm32-adc: Fix race in installing chained IRQ handler Chen-Yu Tsai (1): platform/chrome: cros_ec: Use per-device lockdep key Chenyuan Yang (2): fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() Christoph Paasch (3): net/mlx5: Correctly set gso_size when LRO is used net/mlx5: Correctly set gso_segs when LRO is used mptcp: drop skb if MPTCP skb extension allocation fails Christophe Leroy (1): ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop Clément Le Goffic (1): i2c: stm32: fix the device used for the DMA map Cong Wang (6): sch_htb: make htb_qlen_notify() idempotent sch_hfsc: make hfsc_qlen_notify() idempotent sch_qfq: make qfq_qlen_notify() idempotent sch_drr: make drr_qlen_notify() idempotent codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() sch_htb: make htb_deactivate() idempotent Corey Minyard (1): ipmi: Fix strcpy source and destination the same Cristian Ciocaltea (1): ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Cynthia Huang (1): selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t Dai Ngo (1): NFSD: detect mismatch of file handle and delegation stateid in OPEN op Damien Le Moal (7): ata: libata-sata: Disallow changing LPM state if not supported scsi: mpt3sas: Correctly handle ATA device errors ata: libata-scsi: Fix ata_to_sense_error() status handling PCI: endpoint: Fix configfs group list head handling PCI: endpoint: Fix configfs group removal on driver teardown block: Make REQ_OP_ZONE_FINISH a write operation ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig Dan Carpenter (7): dmaengine: nbpfaxi: Fix memory corruption in probe() watchdog: ziirave_wdt: check record length in ziirave_firm_verify() fs/orangefs: Allow 2 more characters in do_c_string() cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() media: gspca: Add bounds checking to firmware parser scsi: qla4xxx: Prevent a potential error pointer dereference ALSA: usb-audio: Fix size validation in convert_chmap_v3() Daniel Dadap (1): ALSA: hda: Add missing NVIDIA HDA codec IDs Daniil Dulov (1): wifi: rtl818x: Kill URBs before clearing tx status queue Dave Hansen (1): x86/fpu: Delay instruction pointer fixup until after warning Dave Stevenson (3): media: tc358743: Check I2C succeeded during probe media: tc358743: Return an appropriate colorspace from tc358743_set_fmt media: tc358743: Increase FIFO trigger level to 374 David Collins (1): thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required David Lechner (2): iio: proximity: isl29501: fix buffered read on big-endian systems iio: adc: ad_sigma_delta: change to buffer predisable Davide Caratti (2): net/sched: sch_ets: properly init all active DRR list handles net/sched: ets: use old 'nbands' while purging unused classes Dawid Rezler (1): ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx Denis OSTERLAND-HEIM (1): pps: fix poll support Dennis Chen (1): i40e: report VF tx_dropped with tx_errors instead of tx_discards Dikshita Agarwal (1): media: venus: Add support for SSR trigger using fault injection Dmitry Antipov (1): jfs: reject on-disk inodes of an unsupported type Dmitry Vyukov (1): selftests: Fix errno checking in syscall_user_dispatch test Dong Chenchen (1): net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Drew Hamilton (1): usb: musb: fix gadget state on disconnect Edson Juliano Drosdeck (1): mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models Edward Adam Davis (2): jfs: Regular file corruption check comedi: pcl726: Prevent invalid irq number Eliav Farber (1): pps: clients: gpio: fix interrupt handling order in remove path Emily Deng (1): drm/ttm: Should to return the evict error Eric Biggers (3): thunderbolt: Fix copy+paste error in match_service_id() lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap ipv6: sr: Fix MAC comparison to be constant-time Eric Dumazet (5): net_sched: act_ctinfo: use atomic64_t for three counters pptp: ensure minimal skb length in pptp_xmit() ipv6: reject malicious packets in ipv6_gso_segment() pptp: fix pptp_xmit() error path net_sched: sch_ets: implement lockless ets_dump() Eric Work (1): net: atlantic: add set_power to fw_ops for atl2 to fix wol Evgeniy Harchenko (1): ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 Fabio Estevam (2): iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] iio: adc: max1363: Reorder mode_list[] entries Fabio Porcedda (1): USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition Fabrice Gasnier (1): Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT Fedor Pchelkin (3): drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value netfilter: nf_tables: adjust lockdep assertions handling netlink: avoid infinite retry looping in netlink_unicast() Feng Tang (1): mm/page_alloc: detect allocation forbidden by cpuset and bail out early Filipe Manana (1): btrfs: fix log tree replay failure due to file with 0 links and extents Finn Thain (2): m68k: Don't unregister boot console needlessly m68k: Fix lost column on framebuffer debug console Florian Westphal (4): netfilter: xt_nfacct: don't assume acct name is null-terminated netfilter: ctnetlink: fix refcount leak on table dump selftests: mptcp: make sendfile selftest work netfilter: nf_reject: don't leak dst refcount for loopback packets Gabor Juhos (1): mtd: spinand: propagate spinand_wait() errors from spinand_write_page() Gal Pressman (1): net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs Gautham R. Shenoy (1): pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() Geliang Tang (2): mptcp: drop unused sk in mptcp_push_release mptcp: disable add_addr retransmission when timeout is 0 Geoffrey D. Bennett (1): ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() Giovanni Cabiddu (1): crypto: qat - fix seq_file position update in adf_ring_next() Gokul Sivakumar (1): wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE Greg Kroah-Hartman (2): Revert "vmci: Prevent the dispatching of uninitialized payloads" Linux 5.15.190 Gui-Dong Han (1): media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() Haiyang Zhang (1): hv_netvsc: Fix panic during namespace deletion with VF Hangbin Liu (2): selftests: udpgro: report error when receive failed bonding: update LACP activity flag after setting lacp_active Hans Zhang (1): PCI: rockchip-host: Fix "Unexpected Completion" log message Haoxiang Li (2): media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Harald Mommer (1): gpio: virtio: Fix config space reading. Hari Kalavakunta (1): net: ncsi: Fix buffer overflow in fetching version id Harry Yoo (1): mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n Heiner Kallweit (1): dpaa_eth: don't use fixed_phy_change_carrier Helge Deller (1): Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" Henry Martin (1): clk: davinci: Add NULL check in davinci_lpsc_clk_register() Herbert Xu (1): crypto: marvell/cesa - Fix engine load inaccuracy Herton R. Krzesinski (1): mm/debug_vm_pgtable: clear page table entries at destroy_args() Horatiu Vultur (2): phy: mscc: Fix parsing of unicast frames phy: mscc: Fix timestamping for vsc8584 Hsin-Te Yuan (1): thermal: sysfs: Return ENODATA instead of EAGAIN for reads Ian Abbott (12): comedi: pcl812: Fix bit shift out of bounds comedi: aio_iiro_16: Fix bit shift out of bounds comedi: das16m1: Fix bit shift out of bounds comedi: das6402: Fix bit shift out of bounds comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large comedi: Fix some signed shift left operations comedi: Fix use of uninitialized data in insn_rw_emulate_bits() comedi: Fix initialization of data for instructions that write to subdevice comedi: comedi_test: Fix possible deletion of uninitialized timers comedi: fix race between polling and detaching comedi: Make insn_rw_emulate_bits() do insn->n samples comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() Ido Schimmel (1): mlxsw: spectrum: Forward packets with an IPv4 link-local source IP Ilan Peer (1): wifi: cfg80211: Fix interface type validation Ilya Bakoulin (1): drm/amd/display: Separate set_gsl from set_gsl_source_select Imre Deak (1): drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Ivan Stepchenko (1): mtd: fix possible integer overflow in erase_xfer() Jacek Kowalski (2): e1000e: disregard NVM checksum on tgp when valid checksum bit is not set e1000e: ignore uninitialized checksum word on tgp Jack Xiao (1): drm/amdgpu: fix incorrect vm flags to map bo Jakub Acs (1): net, hsr: reject HSR frame if skb can't hold tag Jakub Kicinski (2): netpoll: prevent hanging NAPI when netcons gets enabled uapi: in6: restore visibility of most IPv6 socket options James Cowgill (1): media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check Jan Beulich (1): compiler: remove __ADDRESSABLE_ASM{_STR,}() again Jan Kara (2): isofs: Verify inode mode when loading from disk udf: Verify partition map count Jann Horn (1): eventpoll: Fix semi-unbounded recursion Jason Wang (1): vhost: fail early when __vhost_add_used() fails Jason Xing (1): ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc Jay Chen (1): usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Jean-Baptiste Maneyrol (1): iio: imu: inv_icm42600: change invalid data error to -EBUSY Jeff Layton (1): nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Jeongjun Park (1): ptp: prevent possible ABBA deadlock in ptp_clock_freerun() Jerome Brunet (1): PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails Jian Shen (2): net: hns3: fix concurrent setting vlan filter issue net: hns3: fixed vf get max channels bug Jiasheng Jiang (2): iwlwifi: Add missing check for alloc_ordered_workqueue scsi: lpfc: Remove redundant assignment to avoid memory leak Jiaxun Yang (1): MIPS: mm: tlb-r4k: Uniquify TLB entries on init Jiayi Li (2): ACPI: processor: perflib: Fix initial _PPC limit application memstick: Fix deadlock by moving removing flag earlier Jiayuan Chen (3): bpf, sockmap: Fix panic when calling skb_linearize bpf, sockmap: Fix psock incorrectly pointing to sk bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls Jimmy Assarsson (2): can: kvaser_pciefd: Store device channel index can: kvaser_usb: Assign netdev.dev_port based on device channel index Jinjiang Tu (1): mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn Johan Adolfsson (1): leds: leds-lp50xx: Handle reg to get correct multi_index Johan Hovold (9): net: gianfar: fix device leak when querying time stamp info net: dpaa: fix device leak when querying time stamp info usb: gadget: udc: renesas_usb3: fix device leak at unbind usb: dwc3: meson-g12a: fix device leaks at unbind wifi: ath11k: fix source ring-buffer corruption net: enetc: fix device and OF node leak at probe usb: musb: omap2430: fix device leak at unbind usb: dwc3: imx8mp: fix device leak at unbind wifi: ath11k: fix dest ring-buffer corruption when ring is full Johan Korsnes (1): arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX Johannes Berg (2): wifi: cfg80211: reject HTC bit for management frames wifi: mac80211: don't complete management TX on SAE commit John Ernberg (1): net: usbnet: Avoid potential RCU stall on LINK_CHANGE event John Garry (2): scsi: aacraid: Stop using PCI_IRQ_AFFINITY block: avoid possible overflow for chunk_sectors check in blk_stack_limits() Jon Hunter (1): soc/tegra: pmc: Ensure power-domains are in a known state Jonas Rebmann (1): net: fec: allow disable coalescing Jonathan Cameron (1): iio: light: as73211: Ensure buffer holes are zeroed Jonathan Santos (1): iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement Jorge Ramirez-Ortiz (2): media: venus: hfi: explicitly release IRQ during teardown media: venus: protect against spurious interrupts during probe Joseph Huang (1): net: bridge: Do not offload IGMP/MLD messages Judith Mendez (1): mmc: sdhci_am654: Workaround for Errata i2312 Juergen Gross (1): xen/gntdev: remove struct gntdev_copy_batch from stack Junxian Huang (1): RDMA/hns: Fix -Wframe-larger-than issue Juri Lelli (1): sched/deadline: Fix accounting after global limits change Justin Tee (1): scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Kees Cook (4): sched: Add wrapper for get_wchan() to keep task blocked arm64: Handle KCOV __init vs inline mismatches platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches iommu/amd: Avoid stack buffer overflow from kernel cmdline Kefeng Wang (1): asm-generic: Add memory barrier dma_mb() Kito Xu (veritas501) (1): net: appletalk: Fix use-after-free in AARP proxy probe Konstantin Komarov (1): Revert "fs/ntfs3: Replace inode_trylock with inode_lock" Krishna Kurapati (1): usb: dwc3: qcom: Don't leave BCR asserted Krzysztof Kozlowski (1): ARM: dts: vfxxx: Correctly use two tuples for timer address Kuen-Han Tsai (1): usb: dwc3: Ignore late xferNotReady event to prevent halt timeout Kuninori Morimoto (4): ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed ASoC: soc-dai.c: add missing flag check at snd_soc_pcm_dai_probe() ASoC: soc-dai.h: merge DAI call back functions into ops Kuniyuki Iwashima (3): rpl: Fix use-after-free in rpl_do_srh_inline(). Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). Kurt Borja (1): platform/x86: think-lmi: Fix kobject cleanup Laurentiu Mihalcea (1): pwm: imx-tpm: Reset counter if CMOD is 0 Len Brown (1): intel_idle: Allow loading ACPI tables for any family Leo Yan (1): perf tests bp_account: Fix leaked file descriptor Leon Romanovsky (1): net/mlx5e: Properly access RCU protected qdisc_sleeping variable Li Zhong (1): ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value Liao Yuanhong (1): ext4: use kmalloc_array() for array space allocation Lifeng Zheng (5): PM / devfreq: Check governor before using governor->name cpufreq: Initialize cpufreq-based frequency-invariance later cpufreq: Init policy->rwsem before it may be possibly used cpufreq: Exit governor when failed to start old governor PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() Lin.Cao (1): drm/sched: Remove optimization that causes hang when killing dependent jobs Lizhi Xu (3): vmci: Prevent the dispatching of uninitialized payloads fs/ntfs3: Add sanity check for file name jfs: truncate good inode pages when hard link is 0 Lorenzo Stoakes (5): selftests/perf_events: Add a mmap() correctness test mm: drop the assumption that VM_SHARED always implies writable mm: update memfd seal write check to include F_SEAL_WRITE mm: reinstate ability to map write-sealed memfd mappings read-only selftests/memfd: add test for mapping write-sealed memfd read-only Lucas De Marchi (1): usb: early: xhci-dbc: Fix early_ioremap leak Lucy Thrun (1): ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Ludwig Disterhof (1): media: usbtv: Lock resolution while streaming Luiz Augusto von Dentz (3): Bluetooth: SMP: If an unallowed command is received consider it a failure Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU Lukas Wunner (1): PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports Ma Ke (4): bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() dpaa2-eth: Fix device reference count leak in MAC endpoint handling dpaa2-switch: Fix device reference count leak in MAC endpoint handling sunvdc: Balance device refcount in vdc_port_mpgroup_check Maciej W. Rozycki (1): powerpc/eeh: Rely on dev->link_active_reporting Mael GUERIN (1): USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera Manivannan Sadhasivam (1): PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute Maor Gottlieb (1): RDMA/core: Rate limit GID cache warning messages Marco Elver (1): locking/barriers, kcsan: Support generic instrumentation Marek Szyprowski (1): zynq_fpga: use sgtable-based scatterlist wrappers Marek Vasut (1): usb: renesas-xhci: Fix External ROM access timeouts Mario Limonciello (5): usb: xhci: Avoid showing warnings for dying controller usb: xhci: Avoid showing errors during surprise removal drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual drm/amd: Restore cached power limit during resume drm/amd/display: Avoid a NULL pointer dereference Marius Zachmann (1): hwmon: (corsair-cpro) Validate the size of the received input buffer Mark Brown (1): ASoC: hdac_hdmi: Rate limit logging on connection and disconnection Martin Kaistra (1): wifi: rtl8xxxu: Fix RX skb size for aggregation disabled Masahiro Yamada (3): kconfig: qconf: fix ConfigList::updateListAllforAll() kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() kconfig: gconf: fix potential memory leak in renderer_edited() Masami Hiramatsu (Google) (1): selftests: tracing: Use mutex_unlock for testing glob filter Mat Martineau (1): selftests: mptcp: Initialize variables to quiet gcc 12 warnings Mathias Nyman (5): usb: hub: fix detection of high tier USB3 devices behind suspended hubs usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm usb: hub: Fix flushing of delayed work used for post resume purposes usb: hub: avoid warm port reset during USB3 disconnect usb: hub: Don't try to recover devices lost during warm reset. Matt Johnston (1): net: mctp: Prevent duplicate binds Matthew Wilcox (Oracle) (1): XArray: Add calls to might_alloc() Matthieu Baerts (1): selftests: mptcp: add missing join check Matthieu Baerts (NGI0) (4): mptcp: pm: kernel: flush: do not reset ADD_ADDR limit selftests: mptcp: connect: also cover alt modes selftests: mptcp: connect: also cover checksum selftests: mptcp: pm: check flush doesn't reset limits Maulik Shah (1): pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov Maurizio Lombardi (1): scsi: target: core: Generate correct identifiers for PR OUT transport IDs Meagan Lloyd (2): rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe Mengbiao Xiong (1): crypto: ccp - Fix crash when rebind ccp device for ccp.ko Miao Li (1): usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive Miaoqian Lin (1): most: core: Drop device reference after usage in get_channel() Michael Grzeschik (2): usb: typec: tcpm: allow to use sink in accessory mode usb: typec: tcpm: allow switching to mode accessory to mux properly Michael Zhivich (1): x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode() Michal Schmidt (1): benet: fix BUG when creating VFs Mike Christie (1): vhost-scsi: Fix log flooding with target does not exist errors Mikhail Lobanov (1): wifi: mac80211: check basic rates validity in sta_link_apply_parameters Mikulas Patocka (1): dm-mpath: don't print the "loaded" message if registering fails Mina Almasry (1): netmem: fix skb_frag_address_safe with unreadable skbs Minhong He (1): ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add Myrrh Periwinkle (3): usb: typec: ucsi: Update power_supply on power role change vt: keyboard: Don't process Unicode characters in K_OFF mode vt: defkeymap: Map keycodes above 127 to K_HOLE Namhyung Kim (1): perf sched: Fix memory leaks for evsel->priv in timehist Nathan Chancellor (5): phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS NeilBrown (1): smb/server: avoid deadlock when linking with ReplaceIfExists Niklas Söderlund (1): media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control Nilton Perim Neto (1): Input: xpad - set correct controller type for Acer NGR200 Nirmal Patel (1): PCI: vmd: Assign VMD IRQ domain before enumeration Nuno Sá (1): clk: clk-axi-clkgen: fix fpfd_max frequency for zynq Ojaswin Mujoo (2): ext4: fix fsmap end of range reporting with bigalloc ext4: fix reserved gdt blocks handling in fsmap Olga Kornievskaia (1): NFSv4.2: another fix for listxattr Oliver Neukum (3): usb: net: sierra: check for no status endpoint usb: core: usb_submit_urb: downgrade type check cdc-acm: fix race between initial clearing halt and open Oscar Maes (1): net: ipv4: fix incorrect MTU in broadcast routes Ovidiu Panait (1): hwrng: mtk - handle devm_pm_runtime_enable errors Pagadala Yesu Anjaneyulu (1): wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Pali Rohár (1): cifs: Fix calling CIFSFindFirst() for root path without msearch Paolo Abeni (4): selftests: net: increase inter-packet timeout in udpgro.sh mptcp: fix error mibs accounting mptcp: introduce MAPPING_BAD_CSUM mptcp: do not queue data on closed subflows Paul Cercueil (1): usb: musb: Add and use inline functions musb_{get,set}_state Paul Chaignon (2): bpf: Reject %p% format string in bprintf-like helpers bpf: Check flow_dissector ctx accesses are aligned Paul E. McKenney (1): rcu: Protect ->defer_qs_iw_pending from data race Paul Kocialkowski (1): clk: sunxi-ng: v3s: Fix de clock definition Pavel Begunkov (1): io_uring: don't use int for ABI Pawan Gupta (1): x86/bugs: Avoid warning when overriding return thunk Peter Oberparleiter (2): s390/hypfs: Avoid unnecessary ioctl registration in debugfs s390/hypfs: Enable limited access during lockdown Peter Robinson (1): reset: brcmstb: Enable reset drivers for ARCH_BCM2835 Peter Ujfalusi (1): ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() Peter Zijlstra (2): x86: Fix __get_wchan() for !STACKTRACE x86: Pin task-stack in __get_wchan() Petr Pavlu (1): module: Restore the moduleparam prefix length check Phillip Lougher (1): squashfs: fix memory leak in squashfs_fill_super Prashant Malani (1): cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag Praveen Kaligineedi (1): gve: Fix stuck TX queue for DQ queue format Pu Lehui (1): tracing: Limit access to parser->buffer when trace_get_user failed Purva Yeshi (1): md: dm-zoned-target: Initialize return variable r to avoid uninitialized use Qi Zheng (1): x86: Fix get_wchan() to support the ORC unwinder Qingfang Deng (1): ppp: fix race conditions in ppp_fill_forward_path Qu Wenruo (2): btrfs: do not allow relocation of partially dropped subvolumes btrfs: populate otime when logging an inode item Quang Le (1): net/packet: fix a race in packet_set_ring() and packet_notifier() RD Babiera (1): usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach Rafael J. Wysocki (4): cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode ACPI: processor: perflib: Move problematic pr->performance check cpuidle: governors: menu: Avoid using invalid recent intervals data PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() Rand Deeb (1): wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Randy Dunlap (1): parisc: Makefile: fix a typo in palo.conf Ranjan Kumar (4): scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans scsi: mpi3mr: Fix race between config read submit and interrupt completion scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems Remi Pommarel (2): wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Ricardo Ribalda (3): media: uvcvideo: Do not mark valid metadata as invalid media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. media: venus: venc: Clamp param smaller than 1fps and bigger than 240 Ricky Wu (1): misc: rtsx: usb: Ensure mmc child device is active when card is present Rob Clark (1): drm/msm: use trylock for debugfs Rohit Visavalia (1): clk: xilinx: vcu: unregister pll_post only if registered correctly Rong Zhang (2): platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots fs/ntfs3: correctly create symlink for relative path RubenKelevra (1): fs_context: fix parameter name in infofc() macro Ryan Lee (1): apparmor: ensure WB_HISTORY_SIZE value is a power of 2 Ryan Mann (NDI) (1): USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI Ryusuke Konishi (1): nilfs2: reject invalid file types when reading inodes Sabrina Dubroca (1): udp: also consider secpath when evaluating ipsec use for checksumming Sakari Ailus (1): media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() Salah Triki (1): iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() Sam Shih (1): pinctrl: mediatek: moore: check if pin_desc is valid before use Sarah Newman (1): drbd: add missing kref_get in handle_write_conflicts Sarthak Garg (1): mmc: sdhci-msm: Ensure SD card power isn't ON when card removed Sasha Levin (2): fs: Prevent file descriptor table allocations exceeding INT_MAX media: qcom: camss: cleanup media device allocated resource on error path Sebastian Andrzej Siewior (1): net: phy: Use netif_rx(). Sebastian Ott (1): ACPI: processor: fix acpi_object initialization Sebastian Reichel (2): watchdog: dw_wdt: Fix default timeout usb: typec: fusb302: cache PD RX state Selvarasu Ganesan (1): usb: dwc3: Remove WARN_ON for device endpoint command timeouts Sergey Bashirov (4): pNFS: Fix stripe mapping in block/scsi layout pNFS: Fix disk addr range check in block/scsi layout pNFS: Handle RPC size limit for layoutcommits pNFS: Fix uninited ptr deref in block/scsi layout Sergey Senozhatsky (1): wifi: ath11k: clear initialized flag for deinit-ed srng lists Seunghui Lee (1): scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume Shankari Anand (1): kconfig: nconf: Ensure null termination where strncpy is used Shengjiu Wang (1): ASoC: fsl_sai: replace regmap_write with regmap_update_bits Shiji Yang (1): MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} Showrya M N (1): scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Shubhrajyoti Datta (1): EDAC/synopsys: Clear the ECC counters on init Slark Xiao (2): USB: serial: option: add Foxconn T99W640 USB: serial: option: add Foxconn T99W709 Sravan Kumar Gundu (1): fbdev: Fix vmalloc out-of-bounds write in fast_imageblit Stanislav Fomichev (1): vrf: Drop existing dst reference in vrf_ip6_input_dst Stanislaw Gruszka (1): wifi: iwlegacy: Check rate_idx range after addition Stav Aviram (1): net/mlx5: Check device memory pointer before usage Stefan Metzmacher (5): smb: server: remove separate empty_recvmsg_queue smb: server: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already smb: server: let recv_done() consistently call put_recvmsg/smb_direct_disconnect_rdma_connection smb: server: let recv_done() avoid touching data_transfer after cleanup/move smb: client: let recv_done() cleanup before notifying the callers. Steven Rostedt (5): tracing: Add down_write(trace_event_sem) when adding trace event selftests/tracing: Fix false failure of subsystem event test ktest.pl: Prevent recursion of default variable options ftrace: Also allocate and copy hash for reading of filter files tracing: Remove unneeded goto out logic Su Hui (1): usb: xhci: print xhci->xhc_state when queue_command failed Suchit Karunakaran (1): kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c Sven Schnelle (2): s390/time: Use monotonic clock in get_cycles() s390/stp: Remove udelay from stp_sync_clock() Takashi Iwai (4): ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() ALSA: usb-audio: Validate UAC3 power domain descriptors, too ALSA: usb-audio: Validate UAC3 cluster segment descriptors ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation Tao Xue (1): usb: gadget : fix use-after-free in composite_dev_cleanup() Tariq Toukan (1): lib: bitmap: Introduce node-aware alloc API Tetsuo Handa (1): hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Theodore Ts'o (2): ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr ext4: don't try to clear the orphan_present feature block device is r/o Thomas Fourier (19): pch_uart: Fix dma_sync_sg_for_device() nents value mmc: bcm2835: Fix dma_unmap_sg() nents value mwl8k: Add missing check after DMA map crypto: inside-secure - Fix `dma_unmap_sg()` nents value scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value scsi: mvsas: Fix dma_unmap_sg() nents value scsi: isci: Fix dma_unmap_sg() nents value crypto: keembay - Fix dma_unmap_sg() nents value crypto: img-hash - Fix dma_unmap_sg() nents value dmaengine: mv_xor: Fix missing check after DMA map and missing unmap dmaengine: nbpfaxi: Add missing check after DMA map mtd: rawnand: atmel: Fix dma_mapping_error() address mtd: rawnand: rockchip: Add missing check after DMA map et131x: Add missing check after DMA map net: ag71xx: Add missing check after DMA map (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() mtd: rawnand: fsmc: Add missing check after DMA map Thomas Gleixner (3): perf/core: Don't leak AUX buffer refcount on allocation failure perf/core: Exit early on perf_mmap() fail perf/core: Prevent VMA split of buffer mappings Thomas Weißschuh (3): tools/nolibc: define time_t in terms of __kernel_old_time_t MIPS: Don't crash in stack_top() for tasks without ABI or vDSO kbuild: userprogs: use correct linker when mixing clang and GNU ld Thorsten Blum (3): ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() smb: server: Fix extension string in ksmbd_extract_shortname() usb: storage: realtek_cr: Use correct byte order for bcs->Residue Tianxiang Peng (1): x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Tigran Mkrtchyan (1): pNFS/flexfiles: don't attempt pnfs on fatal DS errors Tim Harvey (1): hwmon: (gsc-hwmon) fix fan pwm setpoint show functions Timothy Pearson (5): PCI: pnv_php: Clean up allocated IRQs on unplug PCI: pnv_php: Work around switches with broken presence detection powerpc/eeh: Export eeh_unfreeze_pe() powerpc/eeh: Make EEH driver device hotplug safe PCI: pnv_php: Fix surprise plug detection and recovery Timur Kristóf (6): drm/amd/display: Don't overwrite dce60_clk_mgr drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs drm/amd/display: Don't overclock DCE 6 by 15% Tiwei Bie (1): um: rtc: Avoid shadowing err in uml_rtc_start() Tomas Henzl (1): scsi: mpt3sas: Fix a fw_event memory leak Tomasz Michalec (2): usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present platform/chrome: cros_ec_typec: Defer probe on missing EC parent Trond Myklebust (2): NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() NFS: Fix the setting of capabilities when automounting a new filesystem Tvrtko Ursulin (1): drm/ttm: Respect the shrinker core free target Tzung-Bi Shih (2): platform/chrome: cros_ec: remove unneeded label and if-condition platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() Ulf Hansson (1): mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Uros Bizjak (1): ucount: fix atomic_long_inc_below() argument type Uwe Kleine-König (6): usb: musb: omap2430: Convert to platform remove callback returning void platform/chrome: cros_ec: Make cros_ec_unregister() return void media: camss: Convert to platform remove callback returning void pwm: mediatek: Implement .apply() callback pwm: mediatek: Handle hardware enable and clock enable separately pwm: mediatek: Fix duty and period setting ValdikSS (1): igc: fix disabling L1.2 PCI-E link substate on I226 on init Vedang Nagar (1): media: venus: Add a check for packet size after reading from shared memory Viacheslav Dubeyko (4): hfs: fix slab-out-of-bounds in hfs_bnode_read() hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() hfs: fix not erasing deleted b-tree node issue Victor Shih (1): mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency Viresh Kumar (1): i2c: virtio: Avoid hang by using interruptible completion wait Waiman Long (2): mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key Wang Liang (2): net: drop UFO packets in udp_rcv_segment() net: bridge: fix soft lockup in br_multicast_query_expired() Wang Zhaolong (2): smb: client: fix use-after-free in cifs_oplock_break smb: client: fix use-after-free in crypt_message when using async crypto Wayne Chang (1): phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode Wei Gao (1): ext2: Handle fiemap on empty files to prevent EINVAL Weitao Wang (1): usb: xhci: Fix slot_id resource race conflict Wen Chen (1): drm/amd/display: Fix 'failed to blank crtc!' Will Deacon (1): KVM: arm64: Fix kernel BUG() due to bad backport of FPSIMD/SVE/SME fix William Liu (4): net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree net/sched: Restrict conditions for adding duplicating netems to qdisc tree net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate Wolfram Sang (3): media: usb: hdpvr: disable zero-length read messages i3c: add missing include to internal header i3c: don't fail if GETHDRCAP is unsupported Xiang Mei (2): net/sched: sch_qfq: Fix race condition on qfq_aggregate net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class Xilin Wu (1): interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node Xin Long (1): sctp: linearize cloned gso packets in sctp_rcv Xinxin Wan (1): ASoC: codecs: rt5640: Retry DEVICE_ID verification Xinyu Liu (2): usb: gadget: configfs: Fix OOB read on empty string write usb: core: config: Prevent OOB read in SS endpoint companion parsing Xiu Jianfeng (1): wifi: iwlwifi: Fix memory leak in iwl_mvm_init() Xiumei Mu (1): selftests: rtnetlink.sh: remove esp4_offload after test Xu Yang (4): usb: chipidea: add USB PHY event usb: phy: mxs: disconnect line when USB charger is attached net: usb: asix_devices: add phy_mask for ax88772 mdio bus usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test Xu Yilun (1): fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() Yajun Deng (1): i40e: Add rx_missed_errors for buffer exhaustion Yang Xiwen (1): i2c: qup: jump out of the loop in case of timeout Yangtao Li (1): hfsplus: remove mutex_lock check in hfsplus_free_extents Yann E. MORIN (1): kconfig: lxdialog: fix 'space' to (de)select options Yazen Ghannam (1): x86/mce/amd: Add default names for MCA banks and blocks Ye Bin (1): fs/buffer: fix use-after-free when call bh_read() helper Yonglong Liu (1): net: hns3: disable interrupt when ptp init failed Youngjun Lee (1): media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Youssef Samir (1): bus: mhi: host: Detect events pointing to unexpected TREs Yu Kuai (1): nvme: fix misaccounting of nvme-mpath inflight I/O Yuan Chen (2): bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure pinctrl: sunxi: Fix memory leak on krealloc failure Yue Haibing (1): ipv6: mcast: Delay put pmc->idev in mld_del_delrec() Yuichiro Tsuji (1): net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Yun Lu (2): af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() af_packet: fix soft lockup issue caused by tpacket_snd() Yunhui Cui (1): serial: 8250: fix panic due to PSLVERR Yury Norov [NVIDIA] (1): RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Zenm Chen (1): USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles Zhang Lixu (2): iio: hid-sensor-prox: Restore lost scale assignments iio: hid-sensor-prox: Fix incorrect OFFSET calculation Zhang Rui (1): powercap: intel_rapl: Do not change CLAMPING bit if ENABLE bit cannot be changed Zhang Shurong (1): media: ov2659: Fix memory leaks in ov2659_probe() Zhang Yi (1): ext4: fix hole length calculation overflow in non-extent inodes Zheng Yu (1): jfs: fix metapage reference count leak in dbAllocCtl Zhiqi Song (1): crypto: hisilicon/hpre - fix dma unmap sequence Zhu Qiyu (1): ACPI: PRM: Reduce unnecessary printing to avoid user confusion Ziyan Fu (1): watchdog: iTCO_wdt: Report error if timeout configuration fails chenchangcheng (1): media: uvcvideo: Fix bandwidth issue for Alcor camera fangzhong.zhou (1): i2c: Force DLL0945 touchpad i2c freq to 100khz jackysliu (1): scsi: bfa: Double-free fix tuhaowen (1): PM: sleep: console: Fix the black screen issue xin.guo (1): tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range zhangjianrong (1): net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() Álvaro Fernández Rojas (5): net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 net: dsa: b53: prevent DIS_LEARNING access on BCM5325 net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325

2 weeks, 6 days

1
1
0 0

Linux 5.10.241

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.241 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/filesystems/f2fs.rst | 6 Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 Documentation/memory-barriers.txt | 11 Makefile | 4 arch/arm/Makefile | 2 arch/arm/boot/dts/imx6ul-kontron-n6x1x-s.dtsi | 1 arch/arm/boot/dts/vfxxx.dtsi | 2 arch/arm/mach-rockchip/platsmp.c | 15 arch/arm/mach-tegra/reset.c | 2 arch/arm64/boot/dts/freescale/imx8mm-beacon-som.dtsi | 2 arch/arm64/include/asm/acpi.h | 2 arch/arm64/mm/ptdump_debugfs.c | 3 arch/m68k/Kconfig.debug | 2 arch/m68k/kernel/early_printk.c | 42 - arch/m68k/kernel/head.S | 39 - arch/mips/crypto/chacha-core.S | 20 arch/mips/include/asm/vpe.h | 8 arch/mips/kernel/process.c | 16 arch/mips/mm/tlb-r4k.c | 56 + arch/parisc/Makefile | 2 arch/powerpc/configs/ppc6xx_defconfig | 1 arch/powerpc/kernel/eeh.c | 1 arch/powerpc/kernel/eeh_driver.c | 48 + arch/powerpc/kernel/eeh_pe.c | 11 arch/powerpc/kernel/pci-hotplug.c | 3 arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 arch/s390/hypfs/hypfs_dbfs.c | 19 arch/s390/include/asm/timex.h | 13 arch/s390/kernel/time.c | 2 arch/s390/mm/dump_pagetables.c | 2 arch/sh/Makefile | 10 arch/sh/boot/compressed/Makefile | 4 arch/sh/boot/romimage/Makefile | 4 arch/x86/include/asm/xen/hypercall.h | 6 arch/x86/kernel/cpu/amd.c | 2 arch/x86/kernel/cpu/bugs.c | 5 arch/x86/kernel/cpu/mce/amd.c | 13 arch/x86/mm/extable.c | 5 block/bio.c | 2 block/blk-settings.c | 2 drivers/acpi/acpi_processor.c | 2 drivers/acpi/apei/ghes.c | 2 drivers/acpi/processor_idle.c | 4 drivers/acpi/processor_perflib.c | 11 drivers/ata/Kconfig | 35 - drivers/ata/libata-sata.c | 5 drivers/ata/libata-scsi.c | 20 drivers/base/power/domain_governor.c | 18 drivers/base/power/runtime.c | 5 drivers/block/drbd/drbd_receiver.c | 6 drivers/block/sunvdc.c | 4 drivers/bus/mhi/host/boot.c | 8 drivers/bus/mhi/host/internal.h | 4 drivers/char/hw_random/mtk-rng.c | 4 drivers/char/ipmi/ipmi_msghandler.c | 8 drivers/char/ipmi/ipmi_watchdog.c | 59 +- drivers/clk/davinci/psc.c | 5 drivers/clk/sunxi-ng/ccu-sun8i-v3s.c | 3 drivers/cpufreq/armada-8k-cpufreq.c | 2 drivers/cpufreq/cppc_cpufreq.c | 2 drivers/cpufreq/cpufreq.c | 29 drivers/cpuidle/governors/menu.c | 21 drivers/crypto/ccp/ccp-debugfs.c | 3 drivers/crypto/img-hash.c | 2 drivers/crypto/inside-secure/safexcel_hash.c | 8 drivers/crypto/marvell/cesa/cipher.c | 4 drivers/crypto/marvell/cesa/hash.c | 5 drivers/crypto/qat/qat_common/adf_transport_debug.c | 4 drivers/devfreq/governor_userspace.c | 6 drivers/dma-buf/dma-resv.c | 5 drivers/dma/mv_xor.c | 21 drivers/dma/nbpfaxi.c | 24 drivers/fpga/zynq-fpga.c | 10 drivers/gpio/gpio-rcar.c | 20 drivers/gpio/gpio-tps65912.c | 7 drivers/gpio/gpio-wcd934x.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 6 drivers/gpu/drm/amd/display/dc/bios/command_table.c | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 - drivers/gpu/drm/amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 - drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu_helper.c | 2 drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 drivers/gpu/drm/drm_dp_helper.c | 2 drivers/gpu/drm/rockchip/rockchip_drm_fb.c | 9 drivers/gpu/drm/scheduler/sched_entity.c | 23 drivers/gpu/drm/ttm/ttm_resource.c | 3 drivers/hid/hid-core.c | 19 drivers/hwmon/corsair-cpro.c | 5 drivers/hwmon/gsc-hwmon.c | 4 drivers/i2c/busses/i2c-qup.c | 4 drivers/i2c/busses/i2c-stm32.c | 8 drivers/i2c/busses/i2c-stm32f7.c | 4 drivers/i2c/i2c-core-acpi.c | 1 drivers/i3c/internals.h | 1 drivers/i3c/master.c | 2 drivers/idle/intel_idle.c | 2 drivers/iio/adc/ad7768-1.c | 23 drivers/iio/adc/ad_sigma_delta.c | 4 drivers/iio/adc/max1363.c | 43 - drivers/iio/adc/stm32-adc-core.c | 7 drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 6 drivers/iio/light/as73211.c | 2 drivers/iio/light/hid-sensor-prox.c | 3 drivers/iio/pressure/bmp280-core.c | 9 drivers/iio/proximity/isl29501.c | 16 drivers/infiniband/core/cache.c | 4 drivers/infiniband/core/nldev.c | 22 drivers/infiniband/hw/bnxt_re/qplib_res.c | 2 drivers/infiniband/hw/hfi1/affinity.c | 44 - drivers/infiniband/sw/rxe/rxe_comp.c | 16 drivers/input/joystick/xpad.c | 2 drivers/iommu/amd/init.c | 4 drivers/leds/leds-lp50xx.c | 11 drivers/md/dm-core.h | 52 + drivers/md/dm-historical-service-time.c | 4 drivers/md/dm-queue-length.c | 4 drivers/md/dm-round-robin.c | 4 drivers/md/dm-rq.c | 8 drivers/md/dm-service-time.c | 4 drivers/md/dm-zoned-target.c | 2 drivers/md/dm.c | 59 -- drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3 drivers/media/dvb-frontends/dib7000p.c | 8 drivers/media/i2c/hi556.c | 26 drivers/media/i2c/ov2659.c | 3 drivers/media/i2c/tc358743.c | 86 +- drivers/media/platform/qcom/camss/camss.c | 4 drivers/media/platform/qcom/venus/core.c | 21 drivers/media/platform/qcom/venus/core.h | 2 drivers/media/platform/qcom/venus/dbgfs.c | 9 drivers/media/platform/qcom/venus/dbgfs.h | 13 drivers/media/platform/qcom/venus/hfi_venus.c | 14 drivers/media/platform/qcom/venus/vdec.c | 5 drivers/media/usb/gspca/vicam.c | 10 drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 drivers/media/usb/usbtv/usbtv-video.c | 4 drivers/media/usb/uvc/uvc_driver.c | 3 drivers/media/usb/uvc/uvc_video.c | 21 drivers/media/v4l2-core/v4l2-ctrls.c | 37 + drivers/memstick/core/memstick.c | 3 drivers/memstick/host/rtsx_usb_ms.c | 1 drivers/misc/cardreader/rtsx_usb.c | 16 drivers/mmc/host/bcm2835.c | 3 drivers/mmc/host/rtsx_usb_sdmmc.c | 4 drivers/mmc/host/sdhci-msm.c | 14 drivers/mmc/host/sdhci-pci-core.c | 3 drivers/mmc/host/sdhci-pci-gli.c | 4 drivers/mmc/host/sdhci_am654.c | 9 drivers/most/core.c | 2 drivers/mtd/ftl.c | 2 drivers/mtd/nand/raw/atmel/nand-controller.c | 2 drivers/mtd/nand/raw/atmel/pmecc.c | 6 drivers/mtd/nand/raw/fsmc_nand.c | 2 drivers/net/can/kvaser_pciefd.c | 1 drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 drivers/net/dsa/b53/b53_common.c | 54 + drivers/net/dsa/b53/b53_regs.h | 2 drivers/net/ethernet/agere/et131x.c | 36 + drivers/net/ethernet/atheros/ag71xx.c | 9 drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 drivers/net/ethernet/emulex/benet/be_cmds.c | 2 drivers/net/ethernet/emulex/benet/be_main.c | 8 drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 66 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 13 drivers/net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 16 drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c | 95 +-- drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.h | 5 drivers/net/ethernet/freescale/fec_main.c | 34 - drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 drivers/net/ethernet/google/gve/gve_adminq.c | 1 drivers/net/ethernet/google/gve/gve_main.c | 67 +- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 17 drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 3 drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 33 - drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 2 drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 49 - drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 drivers/net/ethernet/intel/e1000e/defines.h | 3 drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 drivers/net/ethernet/intel/e1000e/nvm.c | 6 drivers/net/ethernet/intel/fm10k/fm10k.h | 3 drivers/net/ethernet/intel/i40e/i40e.h | 2 drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 3 drivers/net/ethernet/intel/i40e/i40e_main.c | 18 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 drivers/net/ethernet/intel/ice/ice_flex_pipe.c | 2 drivers/net/ethernet/intel/ixgbe/ixgbe.h | 3 drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4 drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2 drivers/net/ethernet/mellanox/mlxsw/trap.h | 1 drivers/net/ethernet/xilinx/xilinx_emaclite.c | 2 drivers/net/hyperv/hyperv_net.h | 3 drivers/net/hyperv/netvsc_drv.c | 29 drivers/net/phy/mscc/mscc_ptp.c | 1 drivers/net/phy/mscc/mscc_ptp.h | 1 drivers/net/phy/smsc.c | 1 drivers/net/ppp/pptp.c | 18 drivers/net/usb/sierra_net.c | 4 drivers/net/usb/usbnet.c | 11 drivers/net/virtio_net.c | 38 + drivers/net/vrf.c | 2 drivers/net/wireless/ath/ath11k/hal.c | 25 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 8 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 drivers/net/wireless/intel/iwlwifi/dvm/main.c | 11 drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 drivers/net/wireless/marvell/mwl8k.c | 4 drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 3 drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 2 drivers/net/wireless/realtek/rtlwifi/pci.c | 23 drivers/net/xen-netfront.c | 5 drivers/pci/controller/pcie-rockchip-host.c | 2 drivers/pci/endpoint/pci-ep-cfs.c | 1 drivers/pci/endpoint/pci-epf-core.c | 2 drivers/pci/hotplug/pnv_php.c | 233 +++++++ drivers/pci/pci-acpi.c | 4 drivers/pci/pci.c | 8 drivers/pci/probe.c | 2 drivers/phy/tegra/xusb-tegra186.c | 59 +- drivers/pinctrl/stm32/pinctrl-stm32.c | 1 drivers/pinctrl/sunxi/pinctrl-sunxi.c | 11 drivers/platform/chrome/cros_ec.c | 23 drivers/platform/chrome/cros_ec.h | 2 drivers/platform/chrome/cros_ec_i2c.c | 4 drivers/platform/chrome/cros_ec_lpc.c | 4 drivers/platform/chrome/cros_ec_spi.c | 4 drivers/platform/chrome/cros_ec_typec.c | 4 drivers/platform/x86/thinkpad_acpi.c | 4 drivers/power/supply/max14577_charger.c | 4 drivers/pps/pps.c | 11 drivers/ptp/ptp_clock.c | 13 drivers/pwm/pwm-imx-tpm.c | 9 drivers/pwm/pwm-mediatek.c | 78 +- drivers/regulator/core.c | 1 drivers/reset/Kconfig | 10 drivers/rtc/rtc-ds1307.c | 17 drivers/rtc/rtc-hym8563.c | 2 drivers/rtc/rtc-pcf85063.c | 2 drivers/rtc/rtc-pcf8563.c | 2 drivers/rtc/rtc-rv3028.c | 2 drivers/scsi/aacraid/comminit.c | 3 drivers/scsi/bfa/bfad_im.c | 1 drivers/scsi/ibmvscsi_tgt/libsrp.c | 6 drivers/scsi/isci/request.c | 2 drivers/scsi/libiscsi.c | 3 drivers/scsi/lpfc/lpfc_debugfs.c | 1 drivers/scsi/lpfc/lpfc_scsi.c | 4 drivers/scsi/lpfc/lpfc_sli.c | 8 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 drivers/scsi/mvsas/mv_sas.c | 4 drivers/scsi/pm8001/pm8001_init.c | 11 drivers/scsi/pm8001/pm8001_sas.h | 1 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/scsi/scsi_scan.c | 2 drivers/scsi/scsi_transport_sas.c | 60 +- drivers/scsi/ufs/ufs-exynos.c | 4 drivers/scsi/ufs/ufshcd.c | 10 drivers/soc/aspeed/aspeed-lpc-snoop.c | 13 drivers/soc/qcom/mdt_loader.c | 41 + drivers/soc/tegra/pmc.c | 51 - drivers/soundwire/stream.c | 2 drivers/staging/comedi/comedi_fops.c | 61 +- drivers/staging/comedi/comedi_internal.h | 1 drivers/staging/comedi/drivers.c | 30 - drivers/staging/comedi/drivers/aio_iiro_16.c | 3 drivers/staging/comedi/drivers/comedi_test.c | 2 drivers/staging/comedi/drivers/das16m1.c | 3 drivers/staging/comedi/drivers/das6402.c | 3 drivers/staging/comedi/drivers/pcl812.c | 3 drivers/staging/fbtft/fbtft-core.c | 1 drivers/staging/media/imx/imx-media-csc-scaler.c | 2 drivers/staging/nvec/nvec_power.c | 2 drivers/thermal/thermal_sysfs.c | 9 drivers/thunderbolt/domain.c | 2 drivers/thunderbolt/switch.c | 2 drivers/tty/serial/8250/8250_port.c | 3 drivers/tty/serial/pch_uart.c | 2 drivers/tty/vt/defkeymap.c_shipped | 112 +++ drivers/tty/vt/keyboard.c | 2 drivers/uio/uio_hv_generic.c | 4 drivers/usb/atm/cxacru.c | 106 +-- drivers/usb/chipidea/ci.h | 18 drivers/usb/chipidea/udc.c | 10 drivers/usb/class/cdc-acm.c | 13 drivers/usb/core/config.c | 10 drivers/usb/core/hub.c | 60 +- drivers/usb/core/hub.h | 1 drivers/usb/core/quirks.c | 1 drivers/usb/core/urb.c | 2 drivers/usb/dwc3/core.c | 10 drivers/usb/dwc3/dwc3-meson-g12a.c | 3 drivers/usb/dwc3/dwc3-qcom.c | 7 drivers/usb/dwc3/gadget.c | 14 drivers/usb/early/xhci-dbc.c | 4 drivers/usb/gadget/composite.c | 5 drivers/usb/gadget/configfs.c | 2 drivers/usb/gadget/udc/renesas_usb3.c | 1 drivers/usb/host/xhci-hub.c | 3 drivers/usb/host/xhci-mem.c | 24 drivers/usb/host/xhci-pci-renesas.c | 7 drivers/usb/host/xhci-plat.c | 3 drivers/usb/host/xhci-ring.c | 19 drivers/usb/host/xhci.c | 24 drivers/usb/host/xhci.h | 3 drivers/usb/musb/musb_core.c | 62 +- drivers/usb/musb/musb_core.h | 11 drivers/usb/musb/musb_debugfs.c | 6 drivers/usb/musb/musb_gadget.c | 30 - drivers/usb/musb/musb_host.c | 6 drivers/usb/musb/musb_virthub.c | 18 drivers/usb/musb/omap2430.c | 10 drivers/usb/phy/phy-mxs-usb.c | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 3 drivers/usb/serial/option.c | 7 drivers/usb/storage/realtek_cr.c | 2 drivers/usb/storage/unusual_devs.h | 29 drivers/usb/typec/mux/intel_pmc_mux.c | 2 drivers/usb/typec/tcpm/fusb302.c | 8 drivers/usb/typec/ucsi/psy.c | 2 drivers/usb/typec/ucsi/ucsi.c | 1 drivers/usb/typec/ucsi/ucsi.h | 7 drivers/vhost/scsi.c | 4 drivers/vhost/vhost.c | 3 drivers/video/console/vgacon.c | 2 drivers/video/fbdev/imxfb.c | 9 drivers/watchdog/dw_wdt.c | 2 drivers/watchdog/ziirave_wdt.c | 3 drivers/xen/gntdev-common.h | 4 drivers/xen/gntdev.c | 71 +- fs/btrfs/ctree.h | 2 fs/btrfs/inode.c | 4 fs/btrfs/ioctl.c | 2 fs/btrfs/qgroup.c | 2 fs/btrfs/send.c | 4 fs/btrfs/transaction.c | 2 fs/btrfs/tree-log.c | 53 + fs/buffer.c | 2 fs/cifs/cifssmb.c | 10 fs/cifs/smb2ops.c | 7 fs/cifs/smbdirect.c | 14 fs/ext4/fsmap.c | 23 fs/ext4/indirect.c | 4 fs/ext4/inline.c | 19 fs/ext4/inode.c | 2 fs/f2fs/f2fs.h | 2 fs/f2fs/inode.c | 28 fs/f2fs/node.c | 10 fs/file.c | 83 +- fs/hfs/bnode.c | 93 +++ fs/hfsplus/bnode.c | 92 +++ fs/hfsplus/extents.c | 3 fs/hfsplus/unicode.c | 7 fs/hfsplus/xattr.c | 6 fs/hugetlbfs/inode.c | 2 fs/isofs/inode.c | 9 fs/jbd2/checkpoint.c | 1 fs/jfs/file.c | 3 fs/jfs/inode.c | 2 fs/jfs/jfs_dmap.c | 10 fs/libfs.c | 4 fs/namespace.c | 89 ++- fs/nfs/blocklayout/blocklayout.c | 4 fs/nfs/blocklayout/dev.c | 5 fs/nfs/blocklayout/extent_tree.c | 20 fs/nfs/client.c | 46 + fs/nfs/export.c | 11 fs/nfs/flexfilelayout/flexfilelayout.c | 32 - fs/nfs/flexfilelayout/flexfilelayoutdev.c | 6 fs/nfs/inode.c | 6 fs/nfs/internal.h | 10 fs/nfs/nfs4client.c | 15 fs/nfs/nfs4proc.c | 46 - fs/nfs/pnfs.c | 11 fs/nfsd/nfs4state.c | 34 - fs/nilfs2/inode.c | 9 fs/orangefs/orangefs-debugfs.c | 8 fs/squashfs/super.c | 14 fs/udf/super.c | 13 include/asm-generic/barrier.h | 33 + include/linux/blk_types.h | 8 include/linux/compiler.h | 8 include/linux/cpuset.h | 17 include/linux/fs.h | 4 include/linux/fs_context.h | 2 include/linux/if_vlan.h | 6 include/linux/memfd.h | 14 include/linux/minmax.h | 17 include/linux/mm.h | 80 +- include/linux/mmzone.h | 22 include/linux/moduleparam.h | 5 include/linux/pci.h | 1 include/linux/platform_data/cros_ec_proto.h | 4 include/linux/pps_kernel.h | 1 include/linux/sched/mm.h | 16 include/linux/skbuff.h | 31 + include/linux/usb/usbnet.h | 1 include/linux/xarray.h | 15 include/net/cfg80211.h | 2 include/net/tc_act/tc_ctinfo.h | 6 include/net/udp.h | 24 include/uapi/linux/in6.h | 4 include/uapi/linux/io_uring.h | 2 include/uapi/linux/mount.h | 3 kernel/cgroup/cpuset.c | 23 kernel/events/core.c | 20 kernel/fork.c | 2 kernel/power/console.c | 7 kernel/rcu/tree_plugin.h | 3 kernel/trace/ftrace.c | 19 kernel/trace/trace.c | 33 - kernel/trace/trace.h | 8 kernel/trace/trace_events.c | 5 mm/filemap.c | 2 mm/hmm.c | 2 mm/kmemleak.c | 10 mm/madvise.c | 2 mm/memfd.c | 2 mm/mmap.c | 10 mm/page_alloc.c | 13 mm/ptdump.c | 2 mm/shmem.c | 2 mm/slab.h | 5 mm/slob.c | 6 mm/vmalloc.c | 16 mm/zsmalloc.c | 6 net/8021q/vlan.c | 42 + net/8021q/vlan.h | 1 net/appletalk/aarp.c | 42 + net/appletalk/ddp.c | 7 net/bluetooth/l2cap_core.c | 26 net/bluetooth/l2cap_sock.c | 3 net/bluetooth/smp.c | 21 net/bluetooth/smp.h | 1 net/bridge/netfilter/nft_reject_bridge.c | 60 -- net/caif/cfctrl.c | 294 ++++------ net/core/filter.c | 3 net/core/netpoll.c | 7 net/hsr/hsr_slave.c | 8 net/ipv4/netfilter/nf_reject_ipv4.c | 4 net/ipv4/route.c | 1 net/ipv4/tcp_input.c | 3 net/ipv4/udp_offload.c | 2 net/ipv6/ip6_offload.c | 4 net/ipv6/netfilter/nf_reject_ipv6.c | 4 net/ipv6/rpl_iptunnel.c | 8 net/ipv6/seg6_hmac.c | 3 net/mac80211/tx.c | 7 net/ncsi/internal.h | 2 net/ncsi/ncsi-rsp.c | 1 net/netfilter/nf_conntrack_netlink.c | 24 net/netfilter/nf_tables_api.c | 4 net/netfilter/nft_reject.c | 12 net/netfilter/nft_reject_inet.c | 68 -- net/netfilter/xt_nfacct.c | 4 net/netlink/af_netlink.c | 2 net/packet/af_packet.c | 39 - net/phonet/pep.c | 2 net/sched/act_ctinfo.c | 19 net/sched/sch_cake.c | 14 net/sched/sch_codel.c | 5 net/sched/sch_drr.c | 7 net/sched/sch_ets.c | 46 - net/sched/sch_fq_codel.c | 6 net/sched/sch_hfsc.c | 8 net/sched/sch_htb.c | 19 net/sched/sch_netem.c | 40 + net/sched/sch_qfq.c | 40 - net/sctp/input.c | 2 net/tls/tls_sw.c | 13 net/vmw_vsock/af_vsock.c | 3 net/wireless/mlme.c | 3 samples/mei/mei-amt-version.c | 2 scripts/kconfig/gconf.c | 8 scripts/kconfig/lxdialog/inputbox.c | 6 scripts/kconfig/lxdialog/menubox.c | 2 scripts/kconfig/nconf.c | 2 scripts/kconfig/nconf.gui.c | 1 scripts/kconfig/qconf.cc | 2 security/apparmor/include/match.h | 3 security/apparmor/match.c | 1 security/inode.c | 2 sound/core/pcm_native.c | 19 sound/pci/hda/patch_ca0132.c | 7 sound/pci/hda/patch_hdmi.c | 19 sound/pci/hda/patch_realtek.c | 3 sound/pci/intel8x0.c | 2 sound/soc/codecs/hdac_hdmi.c | 10 sound/soc/codecs/rt5640.c | 5 sound/soc/fsl/fsl_sai.c | 30 - sound/soc/intel/boards/Kconfig | 2 sound/soc/soc-core.c | 3 sound/soc/soc-dai.c | 19 sound/soc/soc-dapm.c | 4 sound/soc/soc-ops.c | 26 sound/usb/mixer_quirks.c | 14 sound/usb/mixer_scarlett_gen2.c | 8 sound/usb/stream.c | 25 sound/usb/validate.c | 14 tools/bpf/bpftool/net.c | 15 tools/include/linux/sched/mm.h | 2 tools/perf/tests/bp_account.c | 1 tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 4 tools/testing/ktest/ktest.pl | 5 tools/testing/selftests/ftrace/test.d/event/subsystem-enable.tc | 28 tools/testing/selftests/ftrace/test.d/ftrace/func-filter-glob.tc | 2 tools/testing/selftests/futex/include/futextest.h | 11 tools/testing/selftests/memfd/memfd_test.c | 43 + tools/testing/selftests/net/mptcp/Makefile | 3 tools/testing/selftests/net/mptcp/mptcp_connect_mmap.sh | 5 tools/testing/selftests/net/mptcp/pm_netlink.sh | 1 tools/testing/selftests/net/rtnetlink.sh | 6 523 files changed, 4755 insertions(+), 2125 deletions(-) Aaron Kling (1): ARM: tegra: Use I/O memcpy to write to IRAM Abdun Nihaal (1): staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() Adam Ford (1): arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed Ajish Koshy (1): scsi: pm80xx: Fix memory leak during rmmod Al Viro (4): better lockdep annotations for simple_recursive_removal() securityfs: don't pin dentries twice, once is enough... use uniform permission checks for all mount propagation changes alloc_fdtable(): change calling conventions. Alessandro Carminati (1): regulator: core: fix NULL dereference on unbind due to stale coupling data Alex Guo (2): media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alexander Gordeev (1): mm/vmalloc: leave lazy MMU mode on PTE mapping error Alexander Kochetkov (1): ARM: rockchip: fix kernel hang during smp initialization Alexander Wilhelm (1): bus: mhi: host: Fix endianness of BHI vector table Alok Tiwari (7): thunderbolt: Fix bit masking in tb_dp_port_set_hops() net: emaclite: Fix missing pointer increment in aligned_read() staging: nvec: Fix incorrect null termination of battery manufacturer ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 be2net: Use correct byte order and format string for TCP seq and ack_seq net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() gve: Return error for unknown admin queue command Amir Mohammad Jahangirzad (1): fs/orangefs: use snprintf() instead of sprintf() Ammar Faizi (1): net: usbnet: Fix the wrong netif_carrier_on() call Anantha Prabhu (1): RDMA/bnxt_re: Fix to initialize the PBL array Andreas Dilger (1): ext4: check fast symlink for ea_inode correctly Andrew Jeffery (2): soc: aspeed: lpc-snoop: Cleanup resources in stack-order soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Andrew Lunn (1): net: appletalk: fix kerneldoc warnings André Draszik (1): scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE Andy Shevchenko (2): mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery Documentation: ACPI: Fix parent device references Andy Yan (1): drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed Anna Schumaker (1): NFS: Create an nfs4_server_set_init_caps() function Annette Kobou (1): ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface Anshuman Khandual (1): mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Anthoine Bourgeois (1): xen/netfront: Fix TX response spurious interrupts Arnaud Lecomte (1): jfs: upper bound check of tree index in dbAllocAG Arnd Bergmann (5): ethernet: intel: fix building with large NR_CPUS ASoC: Intel: fix SND_SOC_SOF dependencies ASoC: ops: dynamically allocate struct snd_ctl_elem_value caif: reduce stack size, again RDMA/core: reduce stack using in nldev_stat_get_doit() Arun Raghavan (1): ASoC: fsl_sai: Force a software reset when starting in consumer mode Avraham Stern (1): wifi: iwlwifi: mvm: fix scan request validation Balamanikandan Gunasundar (1): mtd: rawnand: atmel: set pmecc data setup time Baokun Li (1): jbd2: prevent softlockup in jbd2_log_do_checkpoint() Bard Liao (1): soundwire: stream: restore params when prepare ports fail Bartosz Golaszewski (2): gpio: wcd934x: check the return value of regmap_update_bits() gpio: tps65912: check the return value of regmap_update_bits() Ben Hutchings (1): sh: Do not use hyphen in exported variable name Benjamin Coddington (1): NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY Benjamin Tissoires (3): HID: core: ensure the allocated report buffer can contain the reserved report ID HID: core: ensure __hid_request reserves the report ID as the first byte HID: core: do not bypass hid_hw_raw_request Benson Leung (1): usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default Bingbu Cao (1): media: hi556: correct the test pattern configuration Bjorn Andersson (1): soc: qcom: mdt_loader: Ensure we don't read past the ELF header Brahmajit Das (1): samples: mei: Fix building on musl libc Breno Leitao (3): ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path ipmi: Use dev_warn_ratelimited() for incorrect message warnings mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock Brian Masney (5): rtc: ds1307: fix incorrect maximum clock rate handling rtc: hym8563: fix incorrect maximum clock rate handling rtc: pcf85063: fix incorrect maximum clock rate handling rtc: pcf8563: fix incorrect maximum clock rate handling rtc: rv3028: fix incorrect maximum clock rate handling Buday Csaba (1): net: phy: smsc: add proper reset flags for LAN8710A Budimir Markovic (1): vsock: Do not allow binding to VMADDR_PORT_ANY Bui Quang Minh (1): virtio-net: ensure the received length does not exceed allocated size Chao Yu (6): f2fs: doc: fix wrong quota mount option description f2fs: fix to avoid UAF in f2fs_sync_inode_meta() f2fs: fix to avoid panic in f2fs_evict_inode f2fs: fix to avoid out-of-boundary access in devs.path f2fs: fix to do sanity check on ino and xnid f2fs: fix to avoid out-of-boundary access in dnode page Charles Han (1): power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set Cheick Traore (1): pinctrl: stm32: Manage irq affinity settings Chen Ni (1): iio: adc: stm32-adc: Fix race in installing chained IRQ handler Chen-Yu Tsai (1): platform/chrome: cros_ec: Use per-device lockdep key Chenyuan Yang (1): fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref Christophe JAILLET (1): uio_hv_generic: Fix another memory leak in error handling paths Christophe Leroy (1): ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop Clément Le Goffic (1): i2c: stm32: fix the device used for the DMA map Cong Wang (6): sch_htb: make htb_qlen_notify() idempotent sch_drr: make drr_qlen_notify() idempotent sch_hfsc: make hfsc_qlen_notify() idempotent sch_qfq: make qfq_qlen_notify() idempotent codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() sch_htb: make htb_deactivate() idempotent Corey Minyard (1): ipmi: Fix strcpy source and destination the same Cristian Ciocaltea (1): ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Cynthia Huang (1): selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t Dai Ngo (1): NFSD: detect mismatch of file handle and delegation stateid in OPEN op Damien Le Moal (8): ata: libata-sata: Disallow changing LPM state if not supported scsi: mpt3sas: Correctly handle ATA device errors ata: libata-scsi: Fix ata_to_sense_error() status handling PCI: endpoint: Fix configfs group list head handling PCI: endpoint: Fix configfs group removal on driver teardown block: Make REQ_OP_ZONE_FINISH a write operation ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig dm: rearrange core declarations for extended use from dm-zone.c Dan Carpenter (7): dmaengine: nbpfaxi: Fix memory corruption in probe() watchdog: ziirave_wdt: check record length in ziirave_firm_verify() fs/orangefs: Allow 2 more characters in do_c_string() cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() media: gspca: Add bounds checking to firmware parser scsi: qla4xxx: Prevent a potential error pointer dereference ALSA: usb-audio: Fix size validation in convert_chmap_v3() Daniel Dadap (1): ALSA: hda: Add missing NVIDIA HDA codec IDs Daniel Vetter (1): mm: extract might_alloc() debug check Daniil Dulov (1): wifi: rtl818x: Kill URBs before clearing tx status queue Dave Hansen (1): x86/fpu: Delay instruction pointer fixup until after warning Dave Stevenson (3): media: tc358743: Check I2C succeeded during probe media: tc358743: Return an appropriate colorspace from tc358743_set_fmt media: tc358743: Increase FIFO trigger level to 374 David Laight (1): minmax: add umin(a, b) and umax(a, b) David Lechner (2): iio: proximity: isl29501: fix buffered read on big-endian systems iio: adc: ad_sigma_delta: change to buffer predisable Davide Caratti (2): net/sched: sch_ets: properly init all active DRR list handles net/sched: ets: use old 'nbands' while purging unused classes Dawid Rezler (1): ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx Denis OSTERLAND-HEIM (1): pps: fix poll support Dennis Chen (1): i40e: report VF tx_dropped with tx_errors instead of tx_discards Dikshita Agarwal (1): media: venus: Add support for SSR trigger using fault injection Dong Chenchen (1): net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Drew Hamilton (1): usb: musb: fix gadget state on disconnect Edson Juliano Drosdeck (1): mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models Edward Adam Davis (1): jfs: Regular file corruption check Emily Deng (1): drm/ttm: Should to return the evict error Eric Biggers (2): thunderbolt: Fix copy+paste error in match_service_id() lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap Eric Dumazet (5): net_sched: act_ctinfo: use atomic64_t for three counters pptp: ensure minimal skb length in pptp_xmit() ipv6: reject malicious packets in ipv6_gso_segment() pptp: fix pptp_xmit() error path net_sched: sch_ets: implement lockless ets_dump() Evgeniy Harchenko (1): ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 Fabio Estevam (2): iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] iio: adc: max1363: Reorder mode_list[] entries Fabio Porcedda (1): USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition Fedor Pchelkin (3): drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value netfilter: nf_tables: adjust lockdep assertions handling netlink: avoid infinite retry looping in netlink_unicast() Feng Tang (1): mm/page_alloc: detect allocation forbidden by cpuset and bail out early Filipe Manana (2): btrfs: fix log tree replay failure due to file with 0 links and extents btrfs: fix deadlock when cloning inline extents and using qgroups Finn Thain (2): m68k: Don't unregister boot console needlessly m68k: Fix lost column on framebuffer debug console Florian Westphal (3): netfilter: xt_nfacct: don't assume acct name is null-terminated netfilter: ctnetlink: fix refcount leak on table dump netfilter: nf_reject: don't leak dst refcount for loopback packets Gal Pressman (1): net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs Gautham R. Shenoy (1): pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() Geoffrey D. Bennett (1): ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() Giovanni Cabiddu (1): crypto: qat - fix seq_file position update in adf_ring_next() Gokul Sivakumar (1): wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE Greg Kroah-Hartman (2): Revert "vmci: Prevent the dispatching of uninitialized payloads" Linux 5.10.241 Guchun Chen (1): drm/amdgpu: handle the case of pci_channel_io_frozen only in amdgpu_pci_resume Gui-Dong Han (1): media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() Haiyang Zhang (1): hv_netvsc: Fix panic during namespace deletion with VF Hans Verkuil (1): media: v4l2-ctrls: always copy the controls on completion Hans Zhang (1): PCI: rockchip-host: Fix "Unexpected Completion" log message Haoxiang Li (2): media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Hari Kalavakunta (1): net: ncsi: Fix buffer overflow in fetching version id Harry Yoo (1): mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n Helge Deller (1): Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" Henry Martin (1): clk: davinci: Add NULL check in davinci_lpsc_clk_register() Herbert Xu (1): crypto: marvell/cesa - Fix engine load inaccuracy Hongyu Xie (1): xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Horatiu Vultur (1): phy: mscc: Fix parsing of unicast frames Hsin-Te Yuan (1): thermal: sysfs: Return ENODATA instead of EAGAIN for reads Hyejeong Choi (1): dma-buf: insert memory barrier before updating num_fences Ian Abbott (10): comedi: pcl812: Fix bit shift out of bounds comedi: aio_iiro_16: Fix bit shift out of bounds comedi: das16m1: Fix bit shift out of bounds comedi: das6402: Fix bit shift out of bounds comedi: Fix some signed shift left operations comedi: Fix use of uninitialized data in insn_rw_emulate_bits() comedi: Fix initialization of data for instructions that write to subdevice comedi: comedi_test: Fix possible deletion of uninitialized timers comedi: fix race between polling and detaching comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large Ido Schimmel (1): mlxsw: spectrum: Forward packets with an IPv4 link-local source IP Ilan Peer (1): wifi: cfg80211: Fix interface type validation Ilya Bakoulin (1): drm/amd/display: Separate set_gsl from set_gsl_source_select Imre Deak (1): drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Ioana Ciornei (3): dpaa2-mac: split up initializing the MAC object from connecting to it dpaa2-mac: export MAC counters even when in TYPE_FIXED dpaa2-eth: retry the probe when the MAC is not yet discovered on the bus Ivan Stepchenko (1): mtd: fix possible integer overflow in erase_xfer() Jacek Kowalski (2): e1000e: disregard NVM checksum on tgp when valid checksum bit is not set e1000e: ignore uninitialized checksum word on tgp Jack Xiao (1): drm/amdgpu: fix incorrect vm flags to map bo Jakub Acs (1): net, hsr: reject HSR frame if skb can't hold tag Jakub Kicinski (2): netpoll: prevent hanging NAPI when netcons gets enabled uapi: in6: restore visibility of most IPv6 socket options James Smart (1): scsi: lpfc: Fix link down processing to address NULL pointer dereference Jan Beulich (1): compiler: remove __ADDRESSABLE_ASM{_STR,}() again Jan Kara (2): isofs: Verify inode mode when loading from disk udf: Verify partition map count Jason Wang (1): vhost: fail early when __vhost_add_used() fails Jason Xing (1): ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc Jay Chen (1): usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Jean-Baptiste Maneyrol (1): iio: imu: inv_icm42600: change invalid data error to -EBUSY Jeff Layton (1): nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Jian Shen (2): net: hns3: refine the struct hane3_tc_info net: hns3: fixed vf get max channels bug Jiasheng Jiang (2): iwlwifi: Add missing check for alloc_ordered_workqueue scsi: lpfc: Remove redundant assignment to avoid memory leak Jiaxun Yang (1): MIPS: mm: tlb-r4k: Uniquify TLB entries on init Jiayi Li (2): ACPI: processor: perflib: Fix initial _PPC limit application memstick: Fix deadlock by moving removing flag earlier Jiayuan Chen (1): bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls Jimmy Assarsson (2): can: kvaser_pciefd: Store device channel index can: kvaser_usb: Assign netdev.dev_port based on device channel index Johan Adolfsson (1): leds: leds-lp50xx: Handle reg to get correct multi_index Johan Hovold (8): net: gianfar: fix device leak when querying time stamp info net: dpaa: fix device leak when querying time stamp info usb: gadget: udc: renesas_usb3: fix device leak at unbind usb: dwc3: meson-g12a: fix device leaks at unbind wifi: ath11k: fix source ring-buffer corruption USB: cdc-acm: do not log successful probe on later errors usb: musb: omap2430: fix device leak at unbind wifi: ath11k: fix dest ring-buffer corruption when ring is full Johan Korsnes (1): arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX Johannes Berg (1): wifi: cfg80211: reject HTC bit for management frames John Ernberg (1): net: usbnet: Avoid potential RCU stall on LINK_CHANGE event John Garry (2): scsi: aacraid: Stop using PCI_IRQ_AFFINITY block: avoid possible overflow for chunk_sectors check in blk_stack_limits() Jon Hunter (1): soc/tegra: pmc: Ensure power-domains are in a known state Jonas Rebmann (1): net: fec: allow disable coalescing Jonathan Cameron (1): iio: light: as73211: Ensure buffer holes are zeroed Jonathan Santos (1): iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement Jorge Ramirez-Ortiz (2): media: venus: hfi: explicitly release IRQ during teardown media: venus: protect against spurious interrupts during probe Jose M. Guisado Gomez (1): netfilter: nft_reject: unify reject init and dump into nft_reject Judith Mendez (1): mmc: sdhci_am654: Workaround for Errata i2312 Juergen Gross (1): xen/gntdev: remove struct gntdev_copy_batch from stack Justin Tee (1): scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Kees Cook (3): arm64: Handle KCOV __init vs inline mismatches platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches iommu/amd: Avoid stack buffer overflow from kernel cmdline Kefeng Wang (1): asm-generic: Add memory barrier dma_mb() Kito Xu (veritas501) (1): net: appletalk: Fix use-after-free in AARP proxy probe Krishna Kurapati (1): usb: dwc3: qcom: Don't leave BCR asserted Krzysztof Kozlowski (1): ARM: dts: vfxxx: Correctly use two tuples for timer address Kuen-Han Tsai (1): usb: dwc3: Ignore late xferNotReady event to prevent halt timeout Kuninori Morimoto (3): ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed ASoC: soc-dai.c: add missing flag check at snd_soc_pcm_dai_probe() Kuniyuki Iwashima (2): rpl: Fix use-after-free in rpl_do_srh_inline(). Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() Laurentiu Mihalcea (1): pwm: imx-tpm: Reset counter if CMOD is 0 Len Brown (1): intel_idle: Allow loading ACPI tables for any family Leo Yan (1): perf tests bp_account: Fix leaked file descriptor Leon Romanovsky (1): RDMA/rxe: Return CQE error if invalid lkey was supplied Li Zhong (1): ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value Lifeng Zheng (4): cpufreq: Initialize cpufreq-based frequency-invariance later cpufreq: Init policy->rwsem before it may be possibly used cpufreq: Exit governor when failed to start old governor PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() Lin.Cao (1): drm/sched: Remove optimization that causes hang when killing dependent jobs Lizhi Xu (2): vmci: Prevent the dispatching of uninitialized payloads jfs: truncate good inode pages when hard link is 0 Lorenzo Stoakes (4): mm: drop the assumption that VM_SHARED always implies writable mm: update memfd seal write check to include F_SEAL_WRITE mm: reinstate ability to map write-sealed memfd mappings read-only selftests/memfd: add test for mapping write-sealed memfd read-only Lucas De Marchi (1): usb: early: xhci-dbc: Fix early_ioremap leak Lucy Thrun (1): ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Ludwig Disterhof (1): media: usbtv: Lock resolution while streaming Luiz Augusto von Dentz (3): Bluetooth: SMP: If an unallowed command is received consider it a failure Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU Lukas Wunner (1): PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports Ma Ke (2): sunvdc: Balance device refcount in vdc_port_mpgroup_check dpaa2-eth: Fix device reference count leak in MAC endpoint handling Maciej W. Rozycki (1): powerpc/eeh: Rely on dev->link_active_reporting Mael GUERIN (1): USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera Maor Gottlieb (1): RDMA/core: Rate limit GID cache warning messages Marco Elver (1): locking/barriers, kcsan: Support generic instrumentation Marek Szyprowski (1): zynq_fpga: use sgtable-based scatterlist wrappers Marek Vasut (1): usb: renesas-xhci: Fix External ROM access timeouts Mario Limonciello (3): usb: xhci: Avoid showing warnings for dying controller usb: xhci: Avoid showing errors during surprise removal drm/amd: Restore cached power limit during resume Marius Zachmann (1): hwmon: (corsair-cpro) Validate the size of the received input buffer Mark Brown (1): ASoC: hdac_hdmi: Rate limit logging on connection and disconnection Martin Kaistra (1): wifi: rtl8xxxu: Fix RX skb size for aggregation disabled Masahiro Yamada (3): kconfig: qconf: fix ConfigList::updateListAllforAll() kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() kconfig: gconf: fix potential memory leak in renderer_edited() Masami Hiramatsu (Google) (1): selftests: tracing: Use mutex_unlock for testing glob filter Mathias Nyman (5): usb: hub: fix detection of high tier USB3 devices behind suspended hubs usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm usb: hub: Fix flushing of delayed work used for post resume purposes usb: hub: avoid warm port reset during USB3 disconnect usb: hub: Don't try to recover devices lost during warm reset. Matthew Wilcox (Oracle) (1): XArray: Add calls to might_alloc() Matthieu Baerts (NGI0) (2): selftests: mptcp: connect: also cover alt modes selftests: mptcp: pm: check flush doesn't reset limits Maulik Shah (1): pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov Mauro Carvalho Chehab (1): media: venus: don't de-reference NULL pointers at IRQ time Meagan Lloyd (2): rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe Meng Li (1): usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock Mengbiao Xiong (1): crypto: ccp - Fix crash when rebind ccp device for ccp.ko Miao Li (1): usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive Miaohe Lin (1): mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage() Miaoqian Lin (1): most: core: Drop device reference after usage in get_channel() Michael Zhivich (1): x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode() Michal Schmidt (1): benet: fix BUG when creating VFs Mike Christie (1): vhost-scsi: Fix log flooding with target does not exist errors Mikulas Patocka (1): dm-mpath: don't print the "loaded" message if registering fails Mina Almasry (1): netmem: fix skb_frag_address_safe with unreadable skbs Ming Lei (2): block: don't call rq_qos_ops->done_bio if the bio isn't tracked dm rq: don't queue request to blk-mq during DM suspend Minhong He (1): ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add Myrrh Periwinkle (3): usb: typec: ucsi: Update power_supply on power role change vt: keyboard: Don't process Unicode characters in K_OFF mode vt: defkeymap: Map keycodes above 127 to K_HOLE Nathan Chancellor (5): phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS Niklas Söderlund (1): gpio: rcar: Use raw_spinlock to protect register access Nilton Perim Neto (1): Input: xpad - set correct controller type for Acer NGR200 Ojaswin Mujoo (2): ext4: fix fsmap end of range reporting with bigalloc ext4: fix reserved gdt blocks handling in fsmap Olga Kornievskaia (1): NFSv4.2: another fix for listxattr Oliver Neukum (3): usb: net: sierra: check for no status endpoint usb: core: usb_submit_urb: downgrade type check cdc-acm: fix race between initial clearing halt and open Oscar Maes (1): net: ipv4: fix incorrect MTU in broadcast routes Ovidiu Panait (1): hwrng: mtk - handle devm_pm_runtime_enable errors Pablo Neira Ayuso (1): netfilter: nft_reject_inet: allow to use reject from inet ingress Pagadala Yesu Anjaneyulu (1): wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Pali Rohár (1): cifs: Fix calling CIFSFindFirst() for root path without msearch Paul Cercueil (1): usb: musb: Add and use inline functions musb_{get,set}_state Paul Chaignon (1): bpf: Check flow_dissector ctx accesses are aligned Paul E. McKenney (1): rcu: Protect ->defer_qs_iw_pending from data race Paul Kocialkowski (1): clk: sunxi-ng: v3s: Fix de clock definition Pavel Begunkov (1): io_uring: don't use int for ABI Pavel Tikhomirov (1): move_mount: allow to add a mount into an existing group Pawan Gupta (1): x86/bugs: Avoid warning when overriding return thunk Peter Oberparleiter (2): s390/hypfs: Avoid unnecessary ioctl registration in debugfs s390/hypfs: Enable limited access during lockdown Peter Robinson (1): reset: brcmstb: Enable reset drivers for ARCH_BCM2835 Peter Ujfalusi (1): ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() Petr Pavlu (1): module: Restore the moduleparam prefix length check Phillip Lougher (1): squashfs: fix memory leak in squashfs_fill_super Prashant Malani (1): cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag Praveen Kaligineedi (1): gve: Fix stuck TX queue for DQ queue format Pu Lehui (1): tracing: Limit access to parser->buffer when trace_get_user failed Purva Yeshi (1): md: dm-zoned-target: Initialize return variable r to avoid uninitialized use Qu Wenruo (1): btrfs: populate otime when logging an inode item Quang Le (1): net/packet: fix a race in packet_set_ring() and packet_notifier() Rafael J. Wysocki (3): ACPI: processor: perflib: Move problematic pr->performance check cpuidle: governors: menu: Avoid using invalid recent intervals data PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() Rand Deeb (1): wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Randy Dunlap (1): parisc: Makefile: fix a typo in palo.conf Ranjan Kumar (1): scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans Remi Pommarel (2): wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Ricardo Ribalda (2): media: uvcvideo: Do not mark valid metadata as invalid media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. Ricky Wu (1): misc: rtsx: usb: Ensure mmc child device is active when card is present RubenKelevra (1): fs_context: fix parameter name in infofc() macro Ryan Lee (1): apparmor: ensure WB_HISTORY_SIZE value is a power of 2 Ryan Mann (NDI) (1): USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI Ryusuke Konishi (1): nilfs2: reject invalid file types when reading inodes Sabrina Dubroca (1): udp: also consider secpath when evaluating ipsec use for checksumming Sakari Ailus (1): media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() Salah Triki (1): iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() Sarah Newman (1): drbd: add missing kref_get in handle_write_conflicts Sarthak Garg (1): mmc: sdhci-msm: Ensure SD card power isn't ON when card removed Sasha Levin (1): fs: Prevent file descriptor table allocations exceeding INT_MAX Sebastian Ott (1): ACPI: processor: fix acpi_object initialization Sebastian Reichel (2): watchdog: dw_wdt: Fix default timeout usb: typec: fusb302: cache PD RX state Sergey Bashirov (4): pNFS: Fix stripe mapping in block/scsi layout pNFS: Fix disk addr range check in block/scsi layout pNFS: Handle RPC size limit for layoutcommits pNFS: Fix uninited ptr deref in block/scsi layout Sergey Senozhatsky (1): wifi: ath11k: clear initialized flag for deinit-ed srng lists Seunghui Lee (1): scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume Shankari Anand (1): kconfig: nconf: Ensure null termination where strncpy is used Shengjiu Wang (1): ASoC: fsl_sai: replace regmap_write with regmap_update_bits Shiji Yang (1): MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} Showrya M N (1): scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Slark Xiao (2): USB: serial: option: add Foxconn T99W640 USB: serial: option: add Foxconn T99W709 Stanislav Fomichev (1): vrf: Drop existing dst reference in vrf_ip6_input_dst Stanislaw Gruszka (1): wifi: iwlegacy: Check rate_idx range after addition Stefan Metzmacher (1): smb: client: let recv_done() cleanup before notifying the callers. Steven Rostedt (5): selftests/tracing: Fix false failure of subsystem event test ktest.pl: Prevent recursion of default variable options ftrace: Also allocate and copy hash for reading of filter files tracing: Add down_write(trace_event_sem) when adding trace event tracing: Remove unneeded goto out logic Su Hui (1): usb: xhci: print xhci->xhc_state when queue_command failed Suchit Karunakaran (1): kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c Sven Schnelle (2): s390/time: Use monotonic clock in get_cycles() s390/stp: Remove udelay from stp_sync_clock() Takashi Iwai (4): ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() ALSA: usb-audio: Validate UAC3 power domain descriptors, too ALSA: usb-audio: Validate UAC3 cluster segment descriptors ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation Tao Xue (1): usb: gadget : fix use-after-free in composite_dev_cleanup() Tetsuo Handa (1): hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Theodore Ts'o (1): ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr Thomas Fourier (17): pch_uart: Fix dma_sync_sg_for_device() nents value mmc: bcm2835: Fix dma_unmap_sg() nents value mwl8k: Add missing check after DMA map crypto: inside-secure - Fix `dma_unmap_sg()` nents value scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value scsi: mvsas: Fix dma_unmap_sg() nents value scsi: isci: Fix dma_unmap_sg() nents value crypto: img-hash - Fix dma_unmap_sg() nents value dmaengine: mv_xor: Fix missing check after DMA map and missing unmap dmaengine: nbpfaxi: Add missing check after DMA map mtd: rawnand: atmel: Fix dma_mapping_error() address et131x: Add missing check after DMA map net: ag71xx: Add missing check after DMA map (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() mtd: rawnand: fsmc: Add missing check after DMA map Thomas Gleixner (3): perf/core: Don't leak AUX buffer refcount on allocation failure perf/core: Exit early on perf_mmap() fail perf/core: Prevent VMA split of buffer mappings Thomas Weißschuh (2): MIPS: Don't crash in stack_top() for tasks without ABI or vDSO kbuild: userprogs: use correct linker when mixing clang and GNU ld Thorsten Blum (1): usb: storage: realtek_cr: Use correct byte order for bcs->Residue Tigran Mkrtchyan (1): pNFS/flexfiles: don't attempt pnfs on fatal DS errors Tim Harvey (1): hwmon: (gsc-hwmon) fix fan pwm setpoint show functions Timothy Pearson (5): PCI: pnv_php: Clean up allocated IRQs on unplug PCI: pnv_php: Work around switches with broken presence detection powerpc/eeh: Export eeh_unfreeze_pe() powerpc/eeh: Make EEH driver device hotplug safe PCI: pnv_php: Fix surprise plug detection and recovery Timur Kristóf (5): drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs drm/amd/display: Don't overclock DCE 6 by 15% Tomasz Michalec (2): usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present platform/chrome: cros_ec_typec: Defer probe on missing EC parent Trond Myklebust (5): pNFS/flexfiles: Avoid spurious layout returns in ff_layout_choose_ds_for_read NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() NFS: Don't set NFS_INO_REVAL_PAGECACHE in the inode cache validity NFSv4: Fix nfs4_bitmap_copy_adjust() NFS: Fix the setting of capabilities when automounting a new filesystem Tzung-Bi Shih (2): platform/chrome: cros_ec: remove unneeded label and if-condition platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() Ulf Hansson (1): mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Uwe Kleine-König (4): platform/chrome: cros_ec: Make cros_ec_unregister() return void pwm: mediatek: Implement .apply() callback pwm: mediatek: Handle hardware enable and clock enable separately pwm: mediatek: Fix duty and period setting Vedang Nagar (1): media: venus: Add a check for packet size after reading from shared memory Viacheslav Dubeyko (4): hfs: fix slab-out-of-bounds in hfs_bnode_read() hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() hfs: fix not erasing deleted b-tree node issue Victor Shih (1): mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency Vladimir Zapolskiy (1): media: qcom: camss: cleanup media device allocated resource on error path Waiman Long (2): mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key Wang Liang (1): net: drop UFO packets in udp_rcv_segment() Wang Zhaolong (1): smb: client: fix use-after-free in crypt_message when using async crypto Wayne Chang (1): phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode Weitao Wang (1): usb: xhci: Fix slot_id resource race conflict Wen Chen (1): drm/amd/display: Fix 'failed to blank crtc!' Wesley Cheng (1): usb: dwc3: Remove DWC3 locking during gadget suspend/resume William Liu (4): net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree net/sched: Restrict conditions for adding duplicating netems to qdisc tree net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate Wolfram Sang (3): media: usb: hdpvr: disable zero-length read messages i3c: add missing include to internal header i3c: don't fail if GETHDRCAP is unsupported Xiang Mei (2): net/sched: sch_qfq: Fix race condition on qfq_aggregate net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class Xin Long (1): sctp: linearize cloned gso packets in sctp_rcv Xinxin Wan (1): ASoC: codecs: rt5640: Retry DEVICE_ID verification Xinyu Liu (2): usb: gadget: configfs: Fix OOB read on empty string write usb: core: config: Prevent OOB read in SS endpoint companion parsing Xiu Jianfeng (1): wifi: iwlwifi: Fix memory leak in iwl_mvm_init() Xiumei Mu (1): selftests: rtnetlink.sh: remove esp4_offload after test Xu Yang (2): usb: chipidea: add USB PHY event usb: phy: mxs: disconnect line when USB charger is attached Xu Yilun (1): fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() Yajun Deng (1): i40e: Add rx_missed_errors for buffer exhaustion Yang Xiwen (1): i2c: qup: jump out of the loop in case of timeout Yang Yingliang (1): ptp: Fix possible memory leak in ptp_clock_register() Yangtao Li (1): hfsplus: remove mutex_lock check in hfsplus_free_extents Yann E. MORIN (1): kconfig: lxdialog: fix 'space' to (de)select options Yazen Ghannam (1): x86/mce/amd: Add default names for MCA banks and blocks Ye Bin (1): fs/buffer: fix use-after-free when call bh_read() helper Youngjun Lee (1): media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Yuan Chen (2): bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure pinctrl: sunxi: Fix memory leak on krealloc failure Yun Lu (2): af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() af_packet: fix soft lockup issue caused by tpacket_snd() Yunhui Cui (1): serial: 8250: fix panic due to PSLVERR Yury Norov [NVIDIA] (1): RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Zenm Chen (1): USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles Zhang Lixu (1): iio: hid-sensor-prox: Fix incorrect OFFSET calculation Zhang Shurong (1): media: ov2659: Fix memory leaks in ov2659_probe() Zhang Yi (1): ext4: fix hole length calculation overflow in non-extent inodes Zheng Yu (1): jfs: fix metapage reference count leak in dbAllocCtl chenchangcheng (1): media: uvcvideo: Fix bandwidth issue for Alcor camera fangzhong.zhou (1): i2c: Force DLL0945 touchpad i2c freq to 100khz jackysliu (1): scsi: bfa: Double-free fix tuhaowen (1): PM: sleep: console: Fix the black screen issue xin.guo (1): tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range Álvaro Fernández Rojas (4): net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325

2 weeks, 6 days

1
1
0 0

Linux 5.4.297

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.297 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 Makefile | 5 arch/arm/Makefile | 2 arch/arm/boot/dts/imx6ul-kontron-n6310-s.dts | 1 arch/arm/boot/dts/vfxxx.dtsi | 2 arch/arm/mach-rockchip/platsmp.c | 15 arch/arm/mach-tegra/reset.c | 2 arch/arm64/include/asm/acpi.h | 2 arch/m68k/Kconfig.debug | 2 arch/m68k/kernel/early_printk.c | 42 - arch/m68k/kernel/head.S | 39 - arch/mips/Makefile | 2 arch/mips/include/asm/vpe.h | 8 arch/mips/kernel/process.c | 16 arch/mips/mm/tlb-r4k.c | 56 + arch/parisc/Makefile | 2 arch/powerpc/configs/ppc6xx_defconfig | 1 arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 arch/s390/hypfs/hypfs_dbfs.c | 19 arch/s390/include/asm/timex.h | 13 arch/s390/kernel/time.c | 2 arch/x86/kernel/cpu/mce/amd.c | 13 arch/x86/mm/extable.c | 5 drivers/acpi/acpi_processor.c | 2 drivers/acpi/apei/ghes.c | 2 drivers/acpi/processor_idle.c | 4 drivers/acpi/processor_perflib.c | 11 drivers/ata/Kconfig | 35 - drivers/ata/libata-scsi.c | 20 drivers/base/power/domain_governor.c | 18 drivers/base/power/runtime.c | 5 drivers/block/drbd/drbd_receiver.c | 6 drivers/block/sunvdc.c | 4 drivers/char/hw_random/mtk-rng.c | 4 drivers/char/ipmi/ipmi_msghandler.c | 8 drivers/char/ipmi/ipmi_watchdog.c | 59 +- drivers/clk/davinci/psc.c | 5 drivers/clk/sunxi-ng/ccu-sun8i-v3s.c | 3 drivers/cpufreq/armada-8k-cpufreq.c | 2 drivers/cpufreq/cpufreq.c | 11 drivers/crypto/ccp/ccp-debugfs.c | 3 drivers/crypto/img-hash.c | 2 drivers/crypto/marvell/cipher.c | 4 drivers/crypto/marvell/hash.c | 5 drivers/crypto/qat/qat_common/adf_transport_debug.c | 4 drivers/dma/mv_xor.c | 21 drivers/dma/nbpfaxi.c | 24 drivers/fpga/zynq-fpga.c | 10 drivers/gpio/gpio-tps65912.c | 7 drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 drivers/gpu/drm/amd/display/dc/bios/command_table.c | 2 drivers/gpu/drm/amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 30 - drivers/gpu/drm/amd/powerplay/hwmgr/smu_helper.c | 2 drivers/gpu/drm/drm_dp_helper.c | 2 drivers/gpu/drm/scheduler/sched_entity.c | 23 drivers/hid/hid-core.c | 19 drivers/i2c/busses/i2c-qup.c | 4 drivers/i2c/busses/i2c-stm32.c | 8 drivers/i2c/busses/i2c-stm32f7.c | 4 drivers/i3c/internals.h | 1 drivers/i3c/master.c | 2 drivers/iio/adc/max1363.c | 43 - drivers/iio/adc/stm32-adc-core.c | 7 drivers/iio/light/hid-sensor-prox.c | 3 drivers/iio/proximity/isl29501.c | 16 drivers/infiniband/core/cache.c | 4 drivers/infiniband/hw/hfi1/affinity.c | 44 - drivers/input/joystick/xpad.c | 2 drivers/media/dvb-frontends/dib7000p.c | 8 drivers/media/i2c/ov2659.c | 3 drivers/media/i2c/tc358743.c | 86 +- drivers/media/platform/qcom/camss/camss.c | 4 drivers/media/platform/qcom/venus/core.c | 8 drivers/media/platform/qcom/venus/core.h | 2 drivers/media/platform/qcom/venus/hfi_venus.c | 5 drivers/media/platform/qcom/venus/vdec.c | 5 drivers/media/usb/gspca/vicam.c | 10 drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 drivers/media/usb/rainshadow-cec/rainshadow-cec.c | 3 drivers/media/usb/usbtv/usbtv-video.c | 4 drivers/media/usb/uvc/uvc_driver.c | 3 drivers/media/usb/uvc/uvc_video.c | 21 drivers/media/v4l2-core/v4l2-ctrls.c | 37 + drivers/memstick/core/memstick.c | 3 drivers/memstick/host/rtsx_usb_ms.c | 1 drivers/misc/cardreader/rtsx_usb.c | 16 drivers/mmc/host/bcm2835.c | 3 drivers/mmc/host/rtsx_usb_sdmmc.c | 4 drivers/mmc/host/sdhci-pci-core.c | 3 drivers/mmc/host/sdhci_am654.c | 9 drivers/mtd/ftl.c | 2 drivers/mtd/nand/raw/atmel/nand-controller.c | 2 drivers/mtd/nand/raw/atmel/pmecc.c | 6 drivers/mtd/nand/raw/fsmc_nand.c | 2 drivers/net/can/kvaser_pciefd.c | 1 drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 drivers/net/dsa/b53/b53_common.c | 33 - drivers/net/dsa/b53/b53_regs.h | 1 drivers/net/ethernet/agere/et131x.c | 36 + drivers/net/ethernet/atheros/ag71xx.c | 9 drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 drivers/net/ethernet/emulex/benet/be_cmds.c | 2 drivers/net/ethernet/emulex/benet/be_main.c | 8 drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 drivers/net/ethernet/freescale/fec_main.c | 34 - drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 drivers/net/ethernet/intel/fm10k/fm10k.h | 3 drivers/net/ethernet/intel/i40e/i40e.h | 2 drivers/net/ethernet/intel/ice/ice_flex_pipe.c | 2 drivers/net/ethernet/intel/ixgbe/ixgbe.h | 3 drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4 drivers/net/ethernet/xilinx/xilinx_emaclite.c | 2 drivers/net/phy/smsc.c | 1 drivers/net/ppp/pptp.c | 18 drivers/net/usb/sierra_net.c | 4 drivers/net/usb/usbnet.c | 11 drivers/net/virtio_net.c | 38 + drivers/net/vrf.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 8 drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 drivers/net/wireless/intel/iwlwifi/dvm/main.c | 11 drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 4 drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 drivers/net/wireless/marvell/mwl8k.c | 4 drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 3 drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 2 drivers/net/wireless/realtek/rtlwifi/pci.c | 18 drivers/pci/controller/pcie-rockchip-host.c | 2 drivers/pci/endpoint/pci-ep-cfs.c | 1 drivers/pci/endpoint/pci-epf-core.c | 2 drivers/pci/hotplug/pnv_php.c | 90 ++- drivers/pci/pci-acpi.c | 4 drivers/pci/pci.c | 8 drivers/pci/probe.c | 2 drivers/pinctrl/stm32/pinctrl-stm32.c | 1 drivers/pinctrl/sunxi/pinctrl-sunxi.c | 11 drivers/platform/x86/thinkpad_acpi.c | 4 drivers/power/supply/bq24190_charger.c | 60 -- drivers/power/supply/max14577_charger.c | 4 drivers/pps/pps.c | 11 drivers/pwm/pwm-imx-tpm.c | 9 drivers/pwm/pwm-mediatek.c | 78 +- drivers/regulator/core.c | 1 drivers/rtc/rtc-ds1307.c | 17 drivers/rtc/rtc-hym8563.c | 2 drivers/rtc/rtc-pcf8563.c | 2 drivers/scsi/aacraid/comminit.c | 3 drivers/scsi/bfa/bfad_im.c | 1 drivers/scsi/ibmvscsi_tgt/libsrp.c | 6 drivers/scsi/isci/request.c | 2 drivers/scsi/libiscsi.c | 3 drivers/scsi/lpfc/lpfc_debugfs.c | 1 drivers/scsi/lpfc/lpfc_scsi.c | 4 drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 drivers/scsi/mvsas/mv_sas.c | 4 drivers/scsi/qla4xxx/ql4_os.c | 2 drivers/scsi/scsi_scan.c | 2 drivers/scsi/scsi_transport_sas.c | 60 +- drivers/soc/aspeed/aspeed-lpc-snoop.c | 13 drivers/soc/qcom/mdt_loader.c | 41 + drivers/soc/tegra/pmc.c | 51 - drivers/soundwire/stream.c | 2 drivers/staging/comedi/comedi_compat32.c | 3 drivers/staging/comedi/comedi_fops.c | 58 + drivers/staging/comedi/comedi_internal.h | 1 drivers/staging/comedi/drivers.c | 30 - drivers/staging/comedi/drivers/aio_iiro_16.c | 3 drivers/staging/comedi/drivers/comedi_test.c | 2 drivers/staging/comedi/drivers/das16m1.c | 3 drivers/staging/comedi/drivers/das6402.c | 3 drivers/staging/comedi/drivers/pcl812.c | 3 drivers/staging/fbtft/fbtft-core.c | 1 drivers/staging/media/imx/imx-media-csc-scaler.c | 2 drivers/staging/nvec/nvec_power.c | 2 drivers/thermal/thermal_sysfs.c | 9 drivers/thunderbolt/domain.c | 2 drivers/tty/serial/8250/8250_port.c | 3 drivers/tty/serial/pch_uart.c | 2 drivers/tty/vt/defkeymap.c_shipped | 112 +++ drivers/tty/vt/keyboard.c | 2 drivers/usb/atm/cxacru.c | 106 +-- drivers/usb/chipidea/ci.h | 18 drivers/usb/chipidea/udc.c | 89 +-- drivers/usb/class/cdc-acm.c | 13 drivers/usb/core/hub.c | 67 ++ drivers/usb/core/quirks.c | 1 drivers/usb/core/urb.c | 2 drivers/usb/dwc3/dwc3-meson-g12a.c | 3 drivers/usb/dwc3/dwc3-qcom.c | 8 drivers/usb/dwc3/gadget.c | 9 drivers/usb/early/xhci-dbc.c | 4 drivers/usb/gadget/composite.c | 5 drivers/usb/gadget/configfs.c | 2 drivers/usb/gadget/udc/renesas_usb3.c | 1 drivers/usb/host/xhci-hub.c | 3 drivers/usb/host/xhci-mem.c | 24 drivers/usb/host/xhci-plat.c | 3 drivers/usb/host/xhci-ring.c | 19 drivers/usb/host/xhci.c | 24 drivers/usb/host/xhci.h | 3 drivers/usb/musb/musb_gadget.c | 2 drivers/usb/musb/omap2430.c | 10 drivers/usb/phy/phy-mxs-usb.c | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 3 drivers/usb/serial/option.c | 7 drivers/usb/storage/realtek_cr.c | 2 drivers/usb/storage/unusual_devs.h | 29 drivers/usb/typec/tcpm/fusb302.c | 8 drivers/vhost/vhost.c | 3 drivers/video/console/vgacon.c | 2 drivers/video/fbdev/imxfb.c | 9 drivers/watchdog/dw_wdt.c | 2 drivers/watchdog/ziirave_wdt.c | 3 fs/btrfs/tree-log.c | 53 + fs/buffer.c | 2 fs/cifs/cifsglob.h | 1 fs/cifs/cifssmb.c | 10 fs/cifs/smbdirect.c | 14 fs/cifs/transport.c | 34 - fs/ext4/fsmap.c | 23 fs/ext4/inline.c | 19 fs/ext4/inode.c | 2 fs/f2fs/f2fs.h | 2 fs/f2fs/inode.c | 28 fs/f2fs/node.c | 10 fs/file.c | 81 +- fs/hfs/bnode.c | 93 +++ fs/hfsplus/bnode.c | 92 +++ fs/hfsplus/extents.c | 3 fs/hfsplus/unicode.c | 7 fs/hfsplus/xattr.c | 6 fs/hugetlbfs/inode.c | 2 fs/isofs/inode.c | 9 fs/jbd2/checkpoint.c | 1 fs/jfs/file.c | 3 fs/jfs/inode.c | 2 fs/jfs/jfs_dmap.c | 10 fs/namespace.c | 89 ++- fs/nfs/blocklayout/blocklayout.c | 4 fs/nfs/blocklayout/dev.c | 5 fs/nfs/blocklayout/extent_tree.c | 20 fs/nfs/client.c | 44 + fs/nfs/direct.c | 13 fs/nfs/export.c | 11 fs/nfs/inode.c | 6 fs/nfs/internal.h | 1 fs/nfs/nfs4client.c | 13 fs/nfs/nfs4proc.c | 35 - fs/nfs/pnfs.c | 11 fs/nfs/write.c | 11 fs/nfsd/nfs4state.c | 34 - fs/nilfs2/inode.c | 9 fs/orangefs/orangefs-debugfs.c | 8 fs/squashfs/super.c | 14 fs/udf/super.c | 13 include/linux/fs.h | 4 include/linux/if_vlan.h | 6 include/linux/mm.h | 26 include/linux/moduleparam.h | 5 include/linux/nfs_fs.h | 2 include/linux/pci.h | 1 include/linux/pps_kernel.h | 1 include/linux/skbuff.h | 31 + include/linux/usb/chipidea.h | 1 include/linux/usb/usbnet.h | 1 include/net/act_api.h | 25 include/net/cfg80211.h | 2 include/net/sch_generic.h | 13 include/net/udp.h | 24 include/uapi/linux/in6.h | 4 include/uapi/linux/io_uring.h | 2 include/uapi/linux/mount.h | 3 kernel/events/core.c | 20 kernel/fork.c | 2 kernel/power/console.c | 7 kernel/rcu/tree_plugin.h | 3 kernel/trace/ftrace.c | 19 kernel/trace/trace_events.c | 5 mm/filemap.c | 2 mm/hmm.c | 2 mm/kmemleak.c | 120 ++-- mm/madvise.c | 2 mm/mmap.c | 26 mm/shmem.c | 2 mm/zsmalloc.c | 6 net/8021q/vlan.c | 42 + net/8021q/vlan.h | 1 net/appletalk/aarp.c | 42 + net/appletalk/ddp.c | 7 net/bluetooth/hci_sysfs.c | 15 net/bluetooth/l2cap_core.c | 26 net/bluetooth/l2cap_sock.c | 3 net/bluetooth/smp.c | 21 net/bluetooth/smp.h | 1 net/caif/cfctrl.c | 294 ++++------ net/core/filter.c | 3 net/core/netpoll.c | 7 net/ipv4/route.c | 1 net/ipv4/tcp_input.c | 3 net/ipv4/udp_offload.c | 2 net/ipv6/ip6_offload.c | 4 net/ipv6/seg6_hmac.c | 3 net/mac80211/tx.c | 1 net/ncsi/internal.h | 2 net/ncsi/ncsi-rsp.c | 1 net/netfilter/nf_conntrack_netlink.c | 24 net/netfilter/nf_tables_api.c | 4 net/netfilter/xt_nfacct.c | 4 net/netlink/af_netlink.c | 2 net/packet/af_packet.c | 39 - net/phonet/pep.c | 2 net/sched/act_api.c | 14 net/sched/act_csum.c | 4 net/sched/act_ct.c | 10 net/sched/act_gact.c | 14 net/sched/act_mirred.c | 55 + net/sched/act_police.c | 5 net/sched/act_tunnel_key.c | 2 net/sched/act_vlan.c | 9 net/sched/sch_cake.c | 14 net/sched/sch_codel.c | 5 net/sched/sch_drr.c | 7 net/sched/sch_fq_codel.c | 6 net/sched/sch_hfsc.c | 8 net/sched/sch_htb.c | 6 net/sched/sch_netem.c | 40 + net/sched/sch_qfq.c | 40 - net/sched/sch_sfq.c | 114 ++- net/sctp/input.c | 2 net/tls/tls_sw.c | 13 net/vmw_vsock/af_vsock.c | 3 net/wireless/mlme.c | 3 samples/mei/mei-amt-version.c | 2 scripts/Kbuild.include | 8 scripts/kconfig/gconf.c | 8 scripts/kconfig/lxdialog/inputbox.c | 6 scripts/kconfig/lxdialog/menubox.c | 2 scripts/kconfig/nconf.c | 2 scripts/kconfig/nconf.gui.c | 1 security/inode.c | 2 sound/pci/hda/patch_ca0132.c | 2 sound/pci/hda/patch_hdmi.c | 19 sound/pci/intel8x0.c | 2 sound/soc/codecs/hdac_hdmi.c | 10 sound/soc/codecs/rt5640.c | 5 sound/soc/fsl/fsl_sai.c | 14 sound/soc/intel/boards/Kconfig | 2 sound/soc/soc-dapm.c | 4 sound/soc/soc-ops.c | 26 sound/usb/mixer_quirks.c | 14 sound/usb/mixer_scarlett_gen2.c | 9 sound/usb/stream.c | 25 sound/usb/validate.c | 14 tools/bpf/bpftool/net.c | 15 tools/perf/tests/bp_account.c | 1 tools/power/cpupower/utils/idle_monitor/mperf_monitor.c | 4 tools/testing/ktest/ktest.pl | 5 tools/testing/selftests/ftrace/test.d/ftrace/func-filter-glob.tc | 2 tools/testing/selftests/futex/include/futextest.h | 11 tools/testing/selftests/net/forwarding/tc_actions.sh | 72 ++ tools/testing/selftests/net/rtnetlink.sh | 6 365 files changed, 3516 insertions(+), 1487 deletions(-) Aaron Kling (1): ARM: tegra: Use I/O memcpy to write to IRAM Abdun Nihaal (1): staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() Al Viro (3): securityfs: don't pin dentries twice, once is enough... use uniform permission checks for all mount propagation changes alloc_fdtable(): change calling conventions. Alessandro Carminati (1): regulator: core: fix NULL dereference on unbind due to stale coupling data Alex Guo (2): media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alexander Kochetkov (1): ARM: rockchip: fix kernel hang during smp initialization Alok Tiwari (5): net: emaclite: Fix missing pointer increment in aligned_read() staging: nvec: Fix incorrect null termination of battery manufacturer ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 be2net: Use correct byte order and format string for TCP seq and ack_seq net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() Amir Mohammad Jahangirzad (1): fs/orangefs: use snprintf() instead of sprintf() Ammar Faizi (1): net: usbnet: Fix the wrong netif_carrier_on() call Andreas Dilger (1): ext4: check fast symlink for ea_inode correctly Andrew Jeffery (2): soc: aspeed: lpc-snoop: Cleanup resources in stack-order soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Andrew Lunn (1): net: appletalk: fix kerneldoc warnings Andy Shevchenko (2): Documentation: ACPI: Fix parent device references mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery Annette Kobou (1): ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface Arnaud Lecomte (1): jfs: upper bound check of tree index in dbAllocAG Arnd Bergmann (4): ethernet: intel: fix building with large NR_CPUS ASoC: Intel: fix SND_SOC_SOF dependencies ASoC: ops: dynamically allocate struct snd_ctl_elem_value caif: reduce stack size, again Arun Raghavan (1): ASoC: fsl_sai: Force a software reset when starting in consumer mode Avraham Stern (1): wifi: iwlwifi: mvm: fix scan request validation Balamanikandan Gunasundar (1): mtd: rawnand: atmel: set pmecc data setup time Baokun Li (1): jbd2: prevent softlockup in jbd2_log_do_checkpoint() Bard Liao (1): soundwire: stream: restore params when prepare ports fail Bartosz Golaszewski (1): gpio: tps65912: check the return value of regmap_update_bits() Benjamin Tissoires (3): HID: core: ensure the allocated report buffer can contain the reserved report ID HID: core: ensure __hid_request reserves the report ID as the first byte HID: core: do not bypass hid_hw_raw_request Bjorn Andersson (1): soc: qcom: mdt_loader: Ensure we don't read past the ELF header Brahmajit Das (1): samples: mei: Fix building on musl libc Breno Leitao (3): ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path ipmi: Use dev_warn_ratelimited() for incorrect message warnings mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock Brian Masney (3): rtc: ds1307: fix incorrect maximum clock rate handling rtc: hym8563: fix incorrect maximum clock rate handling rtc: pcf8563: fix incorrect maximum clock rate handling Buday Csaba (1): net: phy: smsc: add proper reset flags for LAN8710A Budimir Markovic (1): vsock: Do not allow binding to VMADDR_PORT_ANY Bui Quang Minh (1): virtio-net: ensure the received length does not exceed allocated size Chao Yu (5): f2fs: fix to avoid UAF in f2fs_sync_inode_meta() f2fs: fix to avoid panic in f2fs_evict_inode f2fs: fix to avoid out-of-boundary access in devs.path f2fs: fix to do sanity check on ino and xnid f2fs: fix to avoid out-of-boundary access in dnode page Charles Han (1): power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set Cheick Traore (1): pinctrl: stm32: Manage irq affinity settings Chen Ni (1): iio: adc: stm32-adc: Fix race in installing chained IRQ handler Chenyuan Yang (1): fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref Clément Le Goffic (1): i2c: stm32: fix the device used for the DMA map Cong Wang (4): sch_drr: make drr_qlen_notify() idempotent sch_hfsc: make hfsc_qlen_notify() idempotent sch_qfq: make qfq_qlen_notify() idempotent codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() Corey Minyard (1): ipmi: Fix strcpy source and destination the same Cristian Ciocaltea (1): ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Cynthia Huang (1): selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t Dai Ngo (1): NFSD: detect mismatch of file handle and delegation stateid in OPEN op Damien Le Moal (5): scsi: mpt3sas: Correctly handle ATA device errors ata: libata-scsi: Fix ata_to_sense_error() status handling PCI: endpoint: Fix configfs group list head handling PCI: endpoint: Fix configfs group removal on driver teardown ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig Dan Carpenter (7): dmaengine: nbpfaxi: Fix memory corruption in probe() watchdog: ziirave_wdt: check record length in ziirave_firm_verify() fs/orangefs: Allow 2 more characters in do_c_string() cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() media: gspca: Add bounds checking to firmware parser scsi: qla4xxx: Prevent a potential error pointer dereference ALSA: usb-audio: Fix size validation in convert_chmap_v3() Daniel Dadap (1): ALSA: hda: Add missing NVIDIA HDA codec IDs Daniil Dulov (1): wifi: rtl818x: Kill URBs before clearing tx status queue Dave Hansen (1): x86/fpu: Delay instruction pointer fixup until after warning Dave Stevenson (3): media: tc358743: Check I2C succeeded during probe media: tc358743: Return an appropriate colorspace from tc358743_set_fmt media: tc358743: Increase FIFO trigger level to 374 David Lechner (1): iio: proximity: isl29501: fix buffered read on big-endian systems Davide Caratti (2): net/sched: act_mirred: better wording on protection against excessive stack growth act_mirred: use the backlog for nested calls to mirred ingress Denis OSTERLAND-HEIM (1): pps: fix poll support Dinghao Liu (1): power: supply: bq24190_charger: Fix runtime PM imbalance on error Dmitry Antipov (1): Bluetooth: fix use-after-free in device_for_each_child() Dong Chenchen (1): net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Drew Hamilton (1): usb: musb: fix gadget state on disconnect Edson Juliano Drosdeck (1): mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models Edward Adam Davis (1): jfs: Regular file corruption check Eric Biggers (1): thunderbolt: Fix copy+paste error in match_service_id() Eric Dumazet (6): net_sched: sch_sfq: annotate data-races around q->perturb_period net_sched: sch_sfq: handle bigger packets net_sched: sch_sfq: reject invalid perturb period pptp: ensure minimal skb length in pptp_xmit() ipv6: reject malicious packets in ipv6_gso_segment() pptp: fix pptp_xmit() error path Fabio Estevam (2): iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] iio: adc: max1363: Reorder mode_list[] entries Fabio Porcedda (1): USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition Fedor Pchelkin (3): drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value netfilter: nf_tables: adjust lockdep assertions handling netlink: avoid infinite retry looping in netlink_unicast() Filipe Manana (1): btrfs: fix log tree replay failure due to file with 0 links and extents Finn Thain (2): m68k: Don't unregister boot console needlessly m68k: Fix lost column on framebuffer debug console Florian Westphal (2): netfilter: xt_nfacct: don't assume acct name is null-terminated netfilter: ctnetlink: fix refcount leak on table dump Frederic Barrat (2): pci/hotplug/pnv-php: Improve error msg on power state change failure pci/hotplug/pnv-php: Wrap warnings in macro Gal Pressman (1): net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs Gautham R. Shenoy (1): pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() Geoffrey D. Bennett (1): ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() Giovanni Cabiddu (1): crypto: qat - fix seq_file position update in adf_ring_next() Gokul Sivakumar (1): wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE Greg Kroah-Hartman (2): Revert "vmci: Prevent the dispatching of uninitialized payloads" Linux 5.4.297 Gui-Dong Han (1): media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() Hans Verkuil (1): media: v4l2-ctrls: always copy the controls on completion Hans Zhang (1): PCI: rockchip-host: Fix "Unexpected Completion" log message Haoxiang Li (2): media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Hari Kalavakunta (1): net: ncsi: Fix buffer overflow in fetching version id Harry Yoo (1): mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n He Zhe (1): mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t Helge Deller (1): Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" Henry Martin (1): clk: davinci: Add NULL check in davinci_lpsc_clk_register() Herbert Xu (1): crypto: marvell/cesa - Fix engine load inaccuracy Hongyu Xie (1): xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Hsin-Te Yuan (1): thermal: sysfs: Return ENODATA instead of EAGAIN for reads Ian Abbott (10): comedi: pcl812: Fix bit shift out of bounds comedi: aio_iiro_16: Fix bit shift out of bounds comedi: das16m1: Fix bit shift out of bounds comedi: das6402: Fix bit shift out of bounds comedi: Fix some signed shift left operations comedi: Fix use of uninitialized data in insn_rw_emulate_bits() comedi: comedi_test: Fix possible deletion of uninitialized timers comedi: fix race between polling and detaching comedi: Fix initialization of data for instructions that write to subdevice comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large Ilan Peer (1): wifi: cfg80211: Fix interface type validation Imre Deak (1): drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Ivan Stepchenko (1): mtd: fix possible integer overflow in erase_xfer() Jack Xiao (1): drm/amdgpu: fix incorrect vm flags to map bo Jakub Kicinski (2): netpoll: prevent hanging NAPI when netcons gets enabled uapi: in6: restore visibility of most IPv6 socket options Jan Kara (2): isofs: Verify inode mode when loading from disk udf: Verify partition map count Jason Wang (1): vhost: fail early when __vhost_add_used() fails Jason Xing (1): ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc Jay Chen (1): usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Jeff Layton (1): nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Jiasheng Jiang (2): iwlwifi: Add missing check for alloc_ordered_workqueue scsi: lpfc: Remove redundant assignment to avoid memory leak Jiaxun Yang (1): MIPS: mm: tlb-r4k: Uniquify TLB entries on init Jiayi Li (2): ACPI: processor: perflib: Fix initial _PPC limit application memstick: Fix deadlock by moving removing flag earlier Jiayuan Chen (1): bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls Jimmy Assarsson (2): can: kvaser_pciefd: Store device channel index can: kvaser_usb: Assign netdev.dev_port based on device channel index Jiri Pirko (1): selftests: forwarding: tc_actions.sh: add matchall mirror test Johan Hovold (6): net: gianfar: fix device leak when querying time stamp info net: dpaa: fix device leak when querying time stamp info usb: gadget: udc: renesas_usb3: fix device leak at unbind usb: dwc3: meson-g12a: fix device leaks at unbind USB: cdc-acm: do not log successful probe on later errors usb: musb: omap2430: fix device leak at unbind Johan Korsnes (1): arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX Johannes Berg (1): wifi: cfg80211: reject HTC bit for management frames John Ernberg (1): net: usbnet: Avoid potential RCU stall on LINK_CHANGE event John Garry (1): scsi: aacraid: Stop using PCI_IRQ_AFFINITY Jon Hunter (1): soc/tegra: pmc: Ensure power-domains are in a known state Jonas Rebmann (1): net: fec: allow disable coalescing Jorge Ramirez-Ortiz (2): media: venus: protect against spurious interrupts during probe media: venus: hfi: explicitly release IRQ during teardown Josef Bacik (1): nfs: fix UAF in direct writes Judith Mendez (1): mmc: sdhci_am654: Workaround for Errata i2312 Jun Li (1): usb: chipidea: udc: protect usb interrupt enable Justin Tee (1): scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Kees Cook (2): arm64: Handle KCOV __init vs inline mismatches platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches Kito Xu (veritas501) (1): net: appletalk: Fix use-after-free in AARP proxy probe Krishna Kurapati (1): usb: dwc3: qcom: Don't leave BCR asserted Krzysztof Kozlowski (1): ARM: dts: vfxxx: Correctly use two tuples for timer address Kuen-Han Tsai (1): usb: dwc3: Ignore late xferNotReady event to prevent halt timeout Kuninori Morimoto (1): ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed Kuniyuki Iwashima (1): Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() Laurentiu Mihalcea (1): pwm: imx-tpm: Reset counter if CMOD is 0 Leo Yan (1): perf tests bp_account: Fix leaked file descriptor Li Zhong (1): ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value Lifeng Zheng (2): cpufreq: Init policy->rwsem before it may be possibly used cpufreq: Exit governor when failed to start old governor Lin.Cao (1): drm/sched: Remove optimization that causes hang when killing dependent jobs Lizhi Xu (2): vmci: Prevent the dispatching of uninitialized payloads jfs: truncate good inode pages when hard link is 0 Lorenzo Stoakes (3): mm: drop the assumption that VM_SHARED always implies writable mm: update memfd seal write check to include F_SEAL_WRITE mm: perform the mapping_map_writable() check after call_mmap() Lucas De Marchi (1): usb: early: xhci-dbc: Fix early_ioremap leak Lucy Thrun (1): ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Ludwig Disterhof (1): media: usbtv: Lock resolution while streaming Luiz Augusto von Dentz (3): Bluetooth: SMP: If an unallowed command is received consider it a failure Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU Lukas Wunner (1): PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports Ma Ke (1): sunvdc: Balance device refcount in vdc_port_mpgroup_check Mael GUERIN (1): USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera Maor Gottlieb (1): RDMA/core: Rate limit GID cache warning messages Marek Szyprowski (1): zynq_fpga: use sgtable-based scatterlist wrappers Mario Limonciello (2): usb: xhci: Avoid showing warnings for dying controller usb: xhci: Avoid showing errors during surprise removal Mark Brown (1): ASoC: hdac_hdmi: Rate limit logging on connection and disconnection Martin Kaistra (1): wifi: rtl8xxxu: Fix RX skb size for aggregation disabled Masahiro Yamada (3): kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() kconfig: gconf: fix potential memory leak in renderer_edited() kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS Masami Hiramatsu (Google) (1): selftests: tracing: Use mutex_unlock for testing glob filter Mathias Nyman (4): usb: hub: fix detection of high tier USB3 devices behind suspended hubs usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm usb: hub: avoid warm port reset during USB3 disconnect usb: hub: Don't try to recover devices lost during warm reset. Maulik Shah (1): pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov Meagan Lloyd (2): rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 Mengbiao Xiong (1): crypto: ccp - Fix crash when rebind ccp device for ccp.ko Miao Li (1): usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive Miaohe Lin (1): mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage() Michal Schmidt (1): benet: fix BUG when creating VFs Mina Almasry (1): netmem: fix skb_frag_address_safe with unreadable skbs Minghao Chi (1): power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync Minhong He (1): ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add Myrrh Periwinkle (2): vt: keyboard: Don't process Unicode characters in K_OFF mode vt: defkeymap: Map keycodes above 127 to K_HOLE Nathan Chancellor (8): phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation kbuild: Add CLANG_FLAGS to as-instr kbuild: Add KBUILD_CPPFLAGS to as-option invocation Nick Desaulniers (1): kbuild: Update assembler calls to use proper flags and language target Nilton Perim Neto (1): Input: xpad - set correct controller type for Acer NGR200 Octavian Purdila (3): net_sched: sch_sfq: don't allow 1 packet limit net_sched: sch_sfq: use a temporary work area for validating configuration net_sched: sch_sfq: move the limit validation Ojaswin Mujoo (2): ext4: fix fsmap end of range reporting with bigalloc ext4: fix reserved gdt blocks handling in fsmap Oliver Neukum (3): usb: net: sierra: check for no status endpoint usb: core: usb_submit_urb: downgrade type check cdc-acm: fix race between initial clearing halt and open Oscar Maes (1): net: ipv4: fix incorrect MTU in broadcast routes Ovidiu Panait (1): hwrng: mtk - handle devm_pm_runtime_enable errors Pagadala Yesu Anjaneyulu (1): wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Pali Rohár (1): cifs: Fix calling CIFSFindFirst() for root path without msearch Paul Chaignon (1): bpf: Check flow_dissector ctx accesses are aligned Paul E. McKenney (1): rcu: Protect ->defer_qs_iw_pending from data race Paul Kocialkowski (1): clk: sunxi-ng: v3s: Fix de clock definition Pavel Begunkov (1): io_uring: don't use int for ABI Pavel Tikhomirov (1): move_mount: allow to add a mount into an existing group Peter Chen (3): usb: chipidea: udc: add new API ci_hdrc_gadget_connect usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use usb: chipidea: udc: fix sleeping function called from invalid context Peter Oberparleiter (2): s390/hypfs: Avoid unnecessary ioctl registration in debugfs s390/hypfs: Enable limited access during lockdown Petr Pavlu (1): module: Restore the moduleparam prefix length check Phillip Lougher (1): squashfs: fix memory leak in squashfs_fill_super Qu Wenruo (1): btrfs: populate otime when logging an inode item Quang Le (1): net/packet: fix a race in packet_set_ring() and packet_notifier() Rafael J. Wysocki (2): ACPI: processor: perflib: Move problematic pr->performance check PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() Rand Deeb (1): wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Randy Dunlap (1): parisc: Makefile: fix a typo in palo.conf Ranjan Kumar (1): scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans Remi Pommarel (1): Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Ricardo Ribalda (2): media: uvcvideo: Do not mark valid metadata as invalid media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. Ricky Wu (1): misc: rtsx: usb: Ensure mmc child device is active when card is present Ryan Mann (NDI) (1): USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI Ryusuke Konishi (1): nilfs2: reject invalid file types when reading inodes Sabrina Dubroca (1): udp: also consider secpath when evaluating ipsec use for checksumming Sakari Ailus (1): media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() Sarah Newman (1): drbd: add missing kref_get in handle_write_conflicts Sasha Levin (1): fs: Prevent file descriptor table allocations exceeding INT_MAX Sebastian Ott (1): ACPI: processor: fix acpi_object initialization Sebastian Reichel (2): watchdog: dw_wdt: Fix default timeout usb: typec: fusb302: cache PD RX state Sergey Bashirov (4): pNFS: Fix stripe mapping in block/scsi layout pNFS: Fix disk addr range check in block/scsi layout pNFS: Handle RPC size limit for layoutcommits pNFS: Fix uninited ptr deref in block/scsi layout Shankari Anand (1): kconfig: nconf: Ensure null termination where strncpy is used Shiji Yang (1): MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} Showrya M N (1): scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Slark Xiao (2): USB: serial: option: add Foxconn T99W640 USB: serial: option: add Foxconn T99W709 Stanislav Fomichev (1): vrf: Drop existing dst reference in vrf_ip6_input_dst Stanislaw Gruszka (1): wifi: iwlegacy: Check rate_idx range after addition Stefan Metzmacher (1): smb: client: let recv_done() cleanup before notifying the callers. Steven Rostedt (3): ktest.pl: Prevent recursion of default variable options ftrace: Also allocate and copy hash for reading of filter files tracing: Add down_write(trace_event_sem) when adding trace event Su Hui (1): usb: xhci: print xhci->xhc_state when queue_command failed Suchit Karunakaran (1): kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c Sven Schnelle (2): s390/time: Use monotonic clock in get_cycles() s390/stp: Remove udelay from stp_sync_clock() Takashi Iwai (3): ALSA: usb-audio: Validate UAC3 power domain descriptors, too ALSA: usb-audio: Validate UAC3 cluster segment descriptors ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation Tao Xue (1): usb: gadget : fix use-after-free in composite_dev_cleanup() Tetsuo Handa (1): hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Theodore Ts'o (1): ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr Thomas Fourier (15): pch_uart: Fix dma_sync_sg_for_device() nents value mmc: bcm2835: Fix dma_unmap_sg() nents value mwl8k: Add missing check after DMA map scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value scsi: mvsas: Fix dma_unmap_sg() nents value scsi: isci: Fix dma_unmap_sg() nents value crypto: img-hash - Fix dma_unmap_sg() nents value dmaengine: mv_xor: Fix missing check after DMA map and missing unmap dmaengine: nbpfaxi: Add missing check after DMA map mtd: rawnand: atmel: Fix dma_mapping_error() address et131x: Add missing check after DMA map net: ag71xx: Add missing check after DMA map (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. mtd: rawnand: fsmc: Add missing check after DMA map Thomas Gleixner (3): perf/core: Don't leak AUX buffer refcount on allocation failure perf/core: Exit early on perf_mmap() fail perf/core: Prevent VMA split of buffer mappings Thomas Weißschuh (1): MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Thorsten Blum (1): usb: storage: realtek_cr: Use correct byte order for bcs->Residue Timothy Pearson (1): PCI: pnv_php: Work around switches with broken presence detection Timur Kristóf (2): drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs Trond Myklebust (5): NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() NFSv4: Fix nfs4_bitmap_copy_adjust() NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode() NFS: Fix the setting of capabilities when automounting a new filesystem NFS: Fix up commit deadlocks Ulf Hansson (1): mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Uwe Kleine-König (3): pwm: mediatek: Implement .apply() callback pwm: mediatek: Handle hardware enable and clock enable separately pwm: mediatek: Fix duty and period setting Vedang Nagar (1): media: venus: Add a check for packet size after reading from shared memory Viacheslav Dubeyko (4): hfs: fix slab-out-of-bounds in hfs_bnode_read() hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() hfs: fix not erasing deleted b-tree node issue Vlad Buslov (4): net: sched: extract common action counters update code into function net: sched: extract bstats update code into function net: sched: extract qstats update code into functions net: sched: don't expose action qstats to skb_tc_reinsert() Vladimir Zapolskiy (1): media: qcom: camss: cleanup media device allocated resource on error path Waiman Long (1): mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() Wang Liang (1): net: drop UFO packets in udp_rcv_segment() Weitao Wang (1): usb: xhci: Fix slot_id resource race conflict William Liu (4): net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree net/sched: Restrict conditions for adding duplicating netems to qdisc tree net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate Wolfram Sang (3): media: usb: hdpvr: disable zero-length read messages i3c: add missing include to internal header i3c: don't fail if GETHDRCAP is unsupported Xiang Mei (2): net/sched: sch_qfq: Fix race condition on qfq_aggregate net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class Xin Long (1): sctp: linearize cloned gso packets in sctp_rcv Xinxin Wan (1): ASoC: codecs: rt5640: Retry DEVICE_ID verification Xinyu Liu (1): usb: gadget: configfs: Fix OOB read on empty string write Xiu Jianfeng (1): wifi: iwlwifi: Fix memory leak in iwl_mvm_init() Xiumei Mu (1): selftests: rtnetlink.sh: remove esp4_offload after test Xu Yang (2): usb: chipidea: add USB PHY event usb: phy: mxs: disconnect line when USB charger is attached Xu Yilun (1): fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() Yang Xiwen (1): i2c: qup: jump out of the loop in case of timeout Yangtao Li (1): hfsplus: remove mutex_lock check in hfsplus_free_extents Yann E. MORIN (1): kconfig: lxdialog: fix 'space' to (de)select options Yazen Ghannam (1): x86/mce/amd: Add default names for MCA banks and blocks Ye Bin (1): fs/buffer: fix use-after-free when call bh_read() helper Youngjun Lee (1): media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Yuan Chen (2): bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure pinctrl: sunxi: Fix memory leak on krealloc failure Yun Lu (2): af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() af_packet: fix soft lockup issue caused by tpacket_snd() Yunhui Cui (1): serial: 8250: fix panic due to PSLVERR Yury Norov [NVIDIA] (1): RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Zenm Chen (1): USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles Zhang Lixu (1): iio: hid-sensor-prox: Fix incorrect OFFSET calculation Zhang Shurong (1): media: ov2659: Fix memory leaks in ov2659_probe() Zhang Xiaoxu (1): cifs: Fix UAF in cifs_demultiplex_thread() Zheng Wang (1): power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition Zheng Yu (1): jfs: fix metapage reference count leak in dbAllocCtl chenchangcheng (1): media: uvcvideo: Fix bandwidth issue for Alcor camera jackysliu (1): scsi: bfa: Double-free fix tuhaowen (1): PM: sleep: console: Fix the black screen issue wenxu (1): net/sched: act_mirred: refactor the handle of xmit xin.guo (1): tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range Álvaro Fernández Rojas (3): net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325

2 weeks, 6 days

1
1
0 0

[PATCH v2] mm/mremap: fix regression in vrm->new_addr check

by Carlos Llamas

Commit 3215eaceca87 ("mm/mremap: refactor initial parameter sanity checks") moved the sanity check for vrm->new_addr from mremap_to() to check_mremap_params(). However, this caused a regression as vrm->new_addr is now checked even when MREMAP_FIXED and MREMAP_DONTUNMAP flags are not specified. In this case, vrm->new_addr can be garbage and create unexpected failures. Fix this by moving the new_addr check after the vrm_implies_new_addr() guard. This ensures that the new_addr is only checked when the user has specified one explicitly. Cc: stable(a)vger.kernel.org Fixes: 3215eaceca87 ("mm/mremap: refactor initial parameter sanity checks") Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Signed-off-by: Carlos Llamas <cmllamas(a)google.com> --- v2: - split out vrm->new_len into individual checks - cc stable, collect tags v1: https://lore.kernel.org/all/20250828032653.521314-1-cmllamas@google.com/ mm/mremap.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/mm/mremap.c b/mm/mremap.c index e618a706aff5..35de0a7b910e 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -1774,15 +1774,18 @@ static unsigned long check_mremap_params(struct vma_remap_struct *vrm) if (!vrm->new_len) return -EINVAL; - /* Is the new length or address silly? */ - if (vrm->new_len > TASK_SIZE || - vrm->new_addr > TASK_SIZE - vrm->new_len) + /* Is the new length silly? */ + if (vrm->new_len > TASK_SIZE) return -EINVAL; /* Remainder of checks are for cases with specific new_addr. */ if (!vrm_implies_new_addr(vrm)) return 0; + /* Is the new address silly? */ + if (vrm->new_addr > TASK_SIZE - vrm->new_len) + return -EINVAL; + /* The new address must be page-aligned. */ if (offset_in_page(vrm->new_addr)) return -EINVAL; -- 2.51.0.268.g9569e192d0-goog

2 weeks, 6 days

3
2
0 0

[PATCH 5.10 000/523] 5.10.241-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.241 release. There are 523 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 28 Aug 2025 11:08:19 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.241-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.241-rc1 Florian Westphal <fw(a)strlen.de> netfilter: nf_reject: don't leak dst refcount for loopback packets Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_reject_inet: allow to use reject from inet ingress Jose M. Guisado Gomez <guigom(a)riseup.net> netfilter: nft_reject: unify reject init and dump into nft_reject Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/hypfs: Enable limited access during lockdown Peter Oberparleiter <oberpar(a)linux.ibm.com> s390/hypfs: Avoid unnecessary ioctl registration in debugfs Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation William Liu <will(a)willsroot.io> net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate William Liu <will(a)willsroot.io> net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit Jason Xing <kernelxing(a)tencent.com> ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc Minhong He <heminhong(a)kylinos.cn> ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add Dan Carpenter <dan.carpenter(a)linaro.org> ALSA: usb-audio: Fix size validation in convert_chmap_v3() Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum: Forward packets with an IPv4 link-local source IP Kees Cook <kees(a)kernel.org> iommu/amd: Avoid stack buffer overflow from kernel cmdline Dan Carpenter <dan.carpenter(a)linaro.org> scsi: qla4xxx: Prevent a potential error pointer dereference Anantha Prabhu <anantha.prabhu(a)broadcom.com> RDMA/bnxt_re: Fix to initialize the PBL array Waiman Long <longman(a)redhat.com> cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key Feng Tang <feng.tang(a)intel.com> mm/page_alloc: detect allocation forbidden by cpuset and bail out early Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: light: as73211: Ensure buffer holes are zeroed Pu Lehui <pulehui(a)huawei.com> tracing: Limit access to parser->buffer when trace_get_user failed Steven Rostedt <rostedt(a)goodmis.org> tracing: Remove unneeded goto out logic Jean-Baptiste Maneyrol <jean-baptiste.maneyrol(a)tdk.com> iio: imu: inv_icm42600: change invalid data error to -EBUSY Weitao Wang <WeitaoWang-oc(a)zhaoxin.com> usb: xhci: Fix slot_id resource race conflict Jan Beulich <jbeulich(a)suse.com> compiler: remove __ADDRESSABLE_ASM{_STR,}() again Ammar Faizi <ammarfaizi2(a)gnuweeb.org> net: usbnet: Fix the wrong netif_carrier_on() call Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: pm: check flush doesn't reset limits Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> gpio: rcar: Use raw_spinlock to protect register access Meng Li <Meng.Li(a)windriver.com> usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock Wesley Cheng <quic_wcheng(a)quicinc.com> usb: dwc3: Remove DWC3 locking during gadget suspend/resume Ming Lei <ming.lei(a)redhat.com> dm rq: don't queue request to blk-mq during DM suspend Damien Le Moal <damien.lemoal(a)wdc.com> dm: rearrange core declarations for extended use from dm-zone.c Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> uio_hv_generic: Fix another memory leak in error handling paths Ricardo Ribalda <ribalda(a)chromium.org> media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-boundary access in dnode page Vladimir Zapolskiy <vladimir.zapolskiy(a)linaro.org> media: qcom: camss: cleanup media device allocated resource on error path Imre Deak <imre.deak(a)intel.com> drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Don't overclock DCE 6 by 15% Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com> media: venus: protect against spurious interrupts during probe Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: venus: Add support for SSR trigger using fault injection Jorge Ramirez-Ortiz <jorge.ramirez(a)oss.qualcomm.com> media: venus: hfi: explicitly release IRQ during teardown Mauro Carvalho Chehab <mchehab+huawei(a)kernel.org> media: venus: don't de-reference NULL pointers at IRQ time Sakari Ailus <sakari.ailus(a)linux.intel.com> media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() Hans Verkuil <hverkuil-cisco(a)xs4all.nl> media: v4l2-ctrls: always copy the controls on completion Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix dest ring-buffer corruption when ring is full Kefeng Wang <wangkefeng.wang(a)huawei.com> asm-generic: Add memory barrier dma_mb() Marco Elver <elver(a)google.com> locking/barriers, kcsan: Support generic instrumentation Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Fix duty and period setting Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: mediatek: Handle hardware enable and clock enable separately Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: mediatek: Implement .apply() callback Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec: remove unneeded label and if-condition Chen-Yu Tsai <wenst(a)chromium.org> platform/chrome: cros_ec: Use per-device lockdep key Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> platform/chrome: cros_ec: Make cros_ec_unregister() return void Zhang Yi <yi.zhang(a)huawei.com> ext4: fix hole length calculation overflow in non-extent inodes David Laight <David.Laight(a)ACULAB.COM> minmax: add umin(a, b) and umax(a, b) Li Zhong <floridsleeves(a)gmail.com> ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value Qu Wenruo <wqu(a)suse.com> btrfs: populate otime when logging an inode item Johan Hovold <johan(a)kernel.org> usb: musb: omap2430: fix device leak at unbind Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> soc: qcom: mdt_loader: Ensure we don't read past the ELF header David Lechner <dlechner(a)baylibre.com> iio: adc: ad_sigma_delta: change to buffer predisable André Draszik <andre.draszik(a)linaro.org> scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE Damien Le Moal <dlemoal(a)kernel.org> ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig Anshuman Khandual <anshuman.khandual(a)arm.com> mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() Davide Caratti <dcaratti(a)redhat.com> net/sched: ets: use old 'nbands' while purging unused classes Eric Dumazet <edumazet(a)google.com> net_sched: sch_ets: implement lockless ets_dump() Davide Caratti <dcaratti(a)redhat.com> net/sched: sch_ets: properly init all active DRR list handles Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix the setting of capabilities when automounting a new filesystem Anna Schumaker <Anna.Schumaker(a)Netapp.com> NFS: Create an nfs4_server_set_init_caps() function Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Fix nfs4_bitmap_copy_adjust() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Don't set NFS_INO_REVAL_PAGECACHE in the inode cache validity Ajish Koshy <Ajish.Koshy(a)microchip.com> scsi: pm80xx: Fix memory leak during rmmod James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix link down processing to address NULL pointer dereference Leon Romanovsky <leon(a)kernel.org> RDMA/rxe: Return CQE error if invalid lkey was supplied Guchun Chen <guchun.chen(a)amd.com> drm/amdgpu: handle the case of pci_channel_io_frozen only in amdgpu_pci_resume Hyejeong Choi <hjeong.choi(a)samsung.com> dma-buf: insert memory barrier before updating num_fences Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> selftests/memfd: add test for mapping write-sealed memfd read-only Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> mm: reinstate ability to map write-sealed memfd mappings read-only Lorenzo Stoakes <lstoakes(a)gmail.com> mm: update memfd seal write check to include F_SEAL_WRITE Lorenzo Stoakes <lstoakes(a)gmail.com> mm: drop the assumption that VM_SHARED always implies writable Ma Ke <make24(a)iscas.ac.cn> dpaa2-eth: Fix device reference count leak in MAC endpoint handling Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-eth: retry the probe when the MAC is not yet discovered on the bus Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-mac: export MAC counters even when in TYPE_FIXED Ioana Ciornei <ioana.ciornei(a)nxp.com> dpaa2-mac: split up initializing the MAC object from connecting to it Nathan Chancellor <nathan(a)kernel.org> ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS Filipe Manana <fdmanana(a)suse.com> btrfs: fix deadlock when cloning inline extents and using qgroups Ming Lei <ming.lei(a)redhat.com> block: don't call rq_qos_ops->done_bio if the bio isn't tracked Yang Yingliang <yangyingliang(a)huawei.com> ptp: Fix possible memory leak in ptp_clock_register() Ian Abbott <abbotti(a)mev.co.uk> comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large Oliver Neukum <oneukum(a)suse.com> cdc-acm: fix race between initial clearing halt and open Johan Hovold <johan(a)kernel.org> USB: cdc-acm: do not log successful probe on later errors Haiyang Zhang <haiyangz(a)microsoft.com> hv_netvsc: Fix panic during namespace deletion with VF Damien Le Moal <dlemoal(a)kernel.org> block: Make REQ_OP_ZONE_FINISH a write operation Lukas Wunner <lukas(a)wunner.de> PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports Sebastian Reichel <sebastian.reichel(a)collabora.com> usb: typec: fusb302: cache PD RX state John Ernberg <john.ernberg(a)actia.se> net: usbnet: Avoid potential RCU stall on LINK_CHANGE event Geoffrey D. Bennett <g(a)b4.vu> ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() Dave Hansen <dave.hansen(a)linux.intel.com> x86/fpu: Delay instruction pointer fixup until after warning Harry Yoo <harry.yoo(a)oracle.com> mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n Miaohe Lin <linmiaohe(a)huawei.com> mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage() Lin.Cao <lincao12(a)amd.com> drm/sched: Remove optimization that causes hang when killing dependent jobs Haoxiang Li <haoxiang_li2024(a)163.com> ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Maulik Shah <maulik.shah(a)oss.qualcomm.com> pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov Steven Rostedt <rostedt(a)goodmis.org> tracing: Add down_write(trace_event_sem) when adding trace event Wang Zhaolong <wangzhaolong(a)huaweicloud.com> smb: client: fix use-after-free in crypt_message when using async crypto Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: hub: Don't try to recover devices lost during warm reset. Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: hub: avoid warm port reset during USB3 disconnect Yazen Ghannam <yazen.ghannam(a)amd.com> x86/mce/amd: Add default names for MCA banks and blocks Zhang Lixu <lixu.zhang(a)intel.com> iio: hid-sensor-prox: Fix incorrect OFFSET calculation Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on ino and xnid Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> kbuild: userprogs: use correct linker when mixing clang and GNU ld Kuen-Han Tsai <khtsai(a)google.com> usb: dwc3: Ignore late xferNotReady event to prevent halt timeout Zenm Chen <zenmchen(a)gmail.com> USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles Thorsten Blum <thorsten.blum(a)linux.dev> usb: storage: realtek_cr: Use correct byte order for bcs->Residue Mael GUERIN <mael.guerin(a)murena.io> USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera Marek Vasut <marek.vasut+renesas(a)mailbox.org> usb: renesas-xhci: Fix External ROM access timeouts Miao Li <limiao(a)kylinos.cn> usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive Miaoqian Lin <linmq006(a)gmail.com> most: core: Drop device reference after usage in get_channel() David Lechner <dlechner(a)baylibre.com> iio: proximity: isl29501: fix buffered read on big-endian systems Salah Triki <salah.triki(a)gmail.com> iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() Steven Rostedt <rostedt(a)goodmis.org> ftrace: Also allocate and copy hash for reading of filter files Xu Yilun <yilun.xu(a)linux.intel.com> fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() Al Viro <viro(a)zeniv.linux.org.uk> use uniform permission checks for all mount propagation changes Pavel Tikhomirov <ptikhomirov(a)virtuozzo.com> move_mount: allow to add a mount into an existing group Ye Bin <yebin10(a)huawei.com> fs/buffer: fix use-after-free when call bh_read() helper Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: connect: also cover alt modes Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 Evgeniy Harchenko <evgeniyharchenko.dev(a)gmail.com> ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 Phillip Lougher <phillip(a)squashfs.org.uk> squashfs: fix memory leak in squashfs_fill_super Victor Shih <victor.shih(a)genesyslogic.com.tw> mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency Jiayi Li <lijiayi(a)kylinos.cn> memstick: Fix deadlock by moving removing flag earlier Cong Wang <xiyou.wangcong(a)gmail.com> sch_htb: make htb_deactivate() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() Cong Wang <xiyou.wangcong(a)gmail.com> sch_qfq: make qfq_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_hfsc: make hfsc_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_drr: make drr_qlen_notify() idempotent Cong Wang <xiyou.wangcong(a)gmail.com> sch_htb: make htb_qlen_notify() idempotent Jakub Acs <acsjakub(a)amazon.de> net, hsr: reject HSR frame if skb can't hold tag Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Restore cached power limit during resume Vedang Nagar <quic_vnagar(a)quicinc.com> media: venus: Add a check for packet size after reading from shared memory Zhang Shurong <zhang_shurong(a)foxmail.com> media: ov2659: Fix memory leaks in ov2659_probe() Gui-Dong Han <hanguidong02(a)gmail.com> media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() Ludwig Disterhof <ludwig(a)disterhof.eu> media: usbtv: Lock resolution while streaming Haoxiang Li <haoxiang_li2024(a)163.com> media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() Bingbu Cao <bingbu.cao(a)intel.com> media: hi556: correct the test pattern configuration Dan Carpenter <dan.carpenter(a)linaro.org> media: gspca: Add bounds checking to firmware parser Jon Hunter <jonathanh(a)nvidia.com> soc/tegra: pmc: Ensure power-domains are in a known state Baokun Li <libaokun1(a)huawei.com> jbd2: prevent softlockup in jbd2_log_do_checkpoint() Damien Le Moal <dlemoal(a)kernel.org> PCI: endpoint: Fix configfs group removal on driver teardown Damien Le Moal <dlemoal(a)kernel.org> PCI: endpoint: Fix configfs group list head handling Thomas Fourier <fourier.thomas(a)gmail.com> mtd: rawnand: fsmc: Add missing check after DMA map Tim Harvey <tharvey(a)gateworks.com> hwmon: (gsc-hwmon) fix fan pwm setpoint show functions Laurentiu Mihalcea <laurentiu.mihalcea(a)nxp.com> pwm: imx-tpm: Reset counter if CMOD is 0 Johan Hovold <johan+linaro(a)kernel.org> wifi: ath11k: fix source ring-buffer corruption Nathan Chancellor <nathan(a)kernel.org> wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() Marek Szyprowski <m.szyprowski(a)samsung.com> zynq_fpga: use sgtable-based scatterlist wrappers Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_to_sense_error() status handling Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: fix reserved gdt blocks handling in fsmap Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: fix fsmap end of range reporting with bigalloc Andreas Dilger <adilger(a)dilger.ca> ext4: check fast symlink for ea_inode correctly Helge Deller <deller(a)gmx.de> Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" Eric Biggers <ebiggers(a)kernel.org> lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> vt: defkeymap: Map keycodes above 127 to K_HOLE Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> vt: keyboard: Don't process Unicode characters in K_OFF mode Alexander Wilhelm <alexander.wilhelm(a)westermo.com> bus: mhi: host: Fix endianness of BHI vector table Johan Hovold <johan(a)kernel.org> usb: dwc3: meson-g12a: fix device leaks at unbind Johan Hovold <johan(a)kernel.org> usb: gadget: udc: renesas_usb3: fix device leak at unbind Nathan Chancellor <nathan(a)kernel.org> usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() Finn Thain <fthain(a)linux-m68k.org> m68k: Fix lost column on framebuffer debug console Dan Carpenter <dan.carpenter(a)linaro.org> cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() Yunhui Cui <cuiyunhui(a)bytedance.com> serial: 8250: fix panic due to PSLVERR Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Do not mark valid metadata as invalid Youngjun Lee <yjjuny.lee(a)samsung.com> media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() Breno Leitao <leitao(a)debian.org> mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock Waiman Long <longman(a)redhat.com> mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() Randy Dunlap <rdunlap(a)infradead.org> parisc: Makefile: fix a typo in palo.conf Filipe Manana <fdmanana(a)suse.com> btrfs: fix log tree replay failure due to file with 0 links and extents Eric Biggers <ebiggers(a)kernel.org> thunderbolt: Fix copy+paste error in match_service_id() Ian Abbott <abbotti(a)mev.co.uk> comedi: fix race between polling and detaching Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> usb: typec: ucsi: Update power_supply on power role change Ricky Wu <ricky_wu(a)realtek.com> misc: rtsx: usb: Ensure mmc child device is active when card is present Xinyu Liu <katieeliu(a)tencent.com> usb: core: config: Prevent OOB read in SS endpoint companion parsing Jack Xiao <Jack.Xiao(a)amd.com> drm/amdgpu: fix incorrect vm flags to map bo Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_sai: replace regmap_write with regmap_update_bits Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dai.c: add missing flag check at snd_soc_pcm_dai_probe() Jiasheng Jiang <jiashengjiangcool(a)gmail.com> scsi: lpfc: Remove redundant assignment to avoid memory leak Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix uninited ptr deref in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Handle RPC size limit for layoutcommits Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix disk addr range check in block/scsi layout Sergey Bashirov <sergeybashirov(a)gmail.com> pNFS: Fix stripe mapping in block/scsi layout John Garry <john.g.garry(a)oracle.com> block: avoid possible overflow for chunk_sectors check in blk_stack_limits() Buday Csaba <buday.csaba(a)prolan.hu> net: phy: smsc: add proper reset flags for LAN8710A Corey Minyard <corey(a)minyard.net> ipmi: Fix strcpy source and destination the same Yann E. MORIN <yann.morin.1998(a)free.fr> kconfig: lxdialog: fix 'space' to (de)select options Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: fix potential memory leak in renderer_edited() Masahiro Yamada <masahiroy(a)kernel.org> kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() Breno Leitao <leitao(a)debian.org> ipmi: Use dev_warn_ratelimited() for incorrect message warnings John Garry <john.g.garry(a)oracle.com> scsi: aacraid: Stop using PCI_IRQ_AFFINITY Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans Shankari Anand <shankari.ak0208(a)gmail.com> kconfig: nconf: Ensure null termination where strncpy is used Suchit Karunakaran <suchitkarunakaran(a)gmail.com> kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c fangzhong.zhou <myth5(a)myth5.com> i2c: Force DLL0945 touchpad i2c freq to 100khz Mikulas Patocka <mpatocka(a)redhat.com> dm-mpath: don't print the "loaded" message if registering fails Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: don't fail if GETHDRCAP is unsupported Meagan Lloyd <meaganlloyd(a)linux.microsoft.com> rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 Wolfram Sang <wsa+renesas(a)sang-engineering.com> i3c: add missing include to internal header Purva Yeshi <purvayeshi550(a)gmail.com> md: dm-zoned-target: Initialize return variable r to avoid uninitialized use chenchangcheng <chenchangcheng(a)kylinos.cn> media: uvcvideo: Fix bandwidth issue for Alcor camera Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar Alex Guo <alexguo1023(a)gmail.com> media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() Wolfram Sang <wsa+renesas(a)sang-engineering.com> media: usb: hdpvr: disable zero-length read messages Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Increase FIFO trigger level to 374 Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Return an appropriate colorspace from tc358743_set_fmt Dave Stevenson <dave.stevenson(a)raspberrypi.com> media: tc358743: Check I2C succeeded during probe Cheick Traore <cheick.traore(a)foss.st.com> pinctrl: stm32: Manage irq affinity settings Damien Le Moal <dlemoal(a)kernel.org> scsi: mpt3sas: Correctly handle ATA device errors Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure Arnd Bergmann <arnd(a)arndb.de> RDMA/core: reduce stack using in nldev_stat_get_doit() Yury Norov [NVIDIA] <yury.norov(a)gmail.com> RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() Johan Adolfsson <johan.adolfsson(a)axis.com> leds: leds-lp50xx: Handle reg to get correct multi_index Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> MIPS: Don't crash in stack_top() for tasks without ABI or vDSO Arnaud Lecomte <contact(a)arnaud-lcm.com> jfs: upper bound check of tree index in dbAllocAG Edward Adam Davis <eadavis(a)qq.com> jfs: Regular file corruption check Lizhi Xu <lizhi.xu(a)windriver.com> jfs: truncate good inode pages when hard link is 0 jackysliu <1972843537(a)qq.com> scsi: bfa: Double-free fix Shiji Yang <yangshiji66(a)outlook.com> MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} Sebastian Reichel <sebastian.reichel(a)collabora.com> watchdog: dw_wdt: Fix default timeout Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> fs/orangefs: use snprintf() instead of sprintf() Showrya M N <showrya(a)chelsio.com> scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated Theodore Ts'o <tytso(a)mit.edu> ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr Pali Rohár <pali(a)kernel.org> cifs: Fix calling CIFSFindFirst() for root path without msearch Jason Wang <jasowang(a)redhat.com> vhost: fail early when __vhost_add_used() fails Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 Jakub Kicinski <kuba(a)kernel.org> uapi: in6: restore visibility of most IPv6 socket options Emily Deng <Emily.Deng(a)amd.com> drm/ttm: Should to return the evict error Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com> net: ncsi: Fix buffer overflow in fetching version id Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: Return error for unknown admin queue command Gal Pressman <gal(a)nvidia.com> net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs Stanislaw Gruszka <stf_xl(a)wp.pl> wifi: iwlegacy: Check rate_idx range after addition Mina Almasry <almasrymina(a)google.com> netmem: fix skb_frag_address_safe with unreadable skbs Thomas Fourier <fourier.thomas(a)gmail.com> wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. Wen Chen <Wen.Chen3(a)amd.com> drm/amd/display: Fix 'failed to blank crtc!' Pagadala Yesu Anjaneyulu <pagadala.yesu.anjaneyulu(a)intel.com> wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect Rand Deeb <rand.sec96(a)gmail.com> wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() Ilya Bakoulin <Ilya.Bakoulin(a)amd.com> drm/amd/display: Separate set_gsl from set_gsl_source_select Jonas Rebmann <jre(a)pengutronix.de> net: fec: allow disable coalescing Thomas Fourier <fourier.thomas(a)gmail.com> (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer Sven Schnelle <svens(a)linux.ibm.com> s390/stp: Remove udelay from stp_sync_clock() Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: fix scan request validation Alok Tiwari <alok.a.tiwari(a)oracle.com> net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() Oscar Maes <oscmaes92(a)gmail.com> net: ipv4: fix incorrect MTU in broadcast routes Ilan Peer <ilan.peer(a)intel.com> wifi: cfg80211: Fix interface type validation Paul E. McKenney <paulmck(a)kernel.org> rcu: Protect ->defer_qs_iw_pending from data race Thomas Fourier <fourier.thomas(a)gmail.com> net: ag71xx: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> et131x: Add missing check after DMA map Alok Tiwari <alok.a.tiwari(a)oracle.com> be2net: Use correct byte order and format string for TCP seq and ack_seq Sven Schnelle <svens(a)linux.ibm.com> s390/time: Use monotonic clock in get_cycles() Johannes Berg <johannes.berg(a)intel.com> wifi: cfg80211: reject HTC bit for management frames Steven Rostedt <rostedt(a)goodmis.org> ktest.pl: Prevent recursion of default variable options Anthoine Bourgeois <anthoine.bourgeois(a)vates.tech> xen/netfront: Fix TX response spurious interrupts Xinxin Wan <xinxin.wan(a)intel.com> ASoC: codecs: rt5640: Retry DEVICE_ID verification Jonathan Santos <Jonathan.Santos(a)analog.com> iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros Christophe Leroy <christophe.leroy(a)csgroup.eu> ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop Lucy Thrun <lucy.thrun(a)digital-rabbithole.de> ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control Tomasz Michalec <tmichalec(a)google.com> platform/chrome: cros_ec_typec: Defer probe on missing EC parent Kees Cook <kees(a)kernel.org> platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches Gautham R. Shenoy <gautham.shenoy(a)amd.com> pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() Oliver Neukum <oneukum(a)suse.com> usb: core: usb_submit_urb: downgrade type check Tomasz Michalec <tmichalec(a)google.com> usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() Alok Tiwari <alok.a.tiwari(a)oracle.com> ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 Mark Brown <broonie(a)kernel.org> ASoC: hdac_hdmi: Rate limit logging on connection and disconnection Pawan Gupta <pawan.kumar.gupta(a)linux.intel.com> x86/bugs: Avoid warning when overriding return thunk Ulf Hansson <ulf.hansson(a)linaro.org> mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() Peter Robinson <pbrobinson(a)gmail.com> reset: brcmstb: Enable reset drivers for ARCH_BCM2835 Breno Leitao <leitao(a)debian.org> ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path Sarthak Garg <quic_sartgarg(a)quicinc.com> mmc: sdhci-msm: Ensure SD card power isn't ON when card removed Sebastian Ott <sebott(a)redhat.com> ACPI: processor: fix acpi_object initialization tuhaowen <tuhaowen(a)uniontech.com> PM: sleep: console: Fix the black screen issue Hsin-Te Yuan <yuanhsinte(a)chromium.org> thermal: sysfs: Return ENODATA instead of EAGAIN for reads Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests: tracing: Use mutex_unlock for testing glob filter Aaron Kling <webgeek1234(a)gmail.com> ARM: tegra: Use I/O memcpy to write to IRAM Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: tps65912: check the return value of regmap_update_bits() Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed Lifeng Zheng <zhenglifeng1(a)huawei.com> PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() Alexander Kochetkov <al.kochet(a)gmail.com> ARM: rockchip: fix kernel hang during smp initialization Lifeng Zheng <zhenglifeng1(a)huawei.com> cpufreq: Exit governor when failed to start old governor Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: wcd934x: check the return value of regmap_update_bits() Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing errors during surprise removal Jay Chen <shawn2000100(a)gmail.com> usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command Mario Limonciello <mario.limonciello(a)amd.com> usb: xhci: Avoid showing warnings for dying controller Benson Leung <bleung(a)chromium.org> usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default Cynthia Huang <cynthia(a)andestech.com> selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t Prashant Malani <pmalani(a)google.com> cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag Su Hui <suhui(a)nfschina.com> usb: xhci: print xhci->xhc_state when queue_command failed Al Viro <viro(a)zeniv.linux.org.uk> securityfs: don't pin dentries twice, once is enough... Damien Le Moal <dlemoal(a)kernel.org> ata: libata-sata: Disallow changing LPM state if not supported Al Viro <viro(a)zeniv.linux.org.uk> better lockdep annotations for simple_recursive_removal() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix not erasing deleted b-tree node issue Sarah Newman <srn(a)prgmr.com> drbd: add missing kref_get in handle_write_conflicts Jan Kara <jack(a)suse.cz> udf: Verify partition map count Kees Cook <kees(a)kernel.org> arm64: Handle KCOV __init vs inline mismatches Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() Viacheslav Dubeyko <slava(a)dubeyko.com> hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() Viacheslav Dubeyko <slava(a)dubeyko.com> hfs: fix slab-out-of-bounds in hfs_bnode_read() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: governors: menu: Avoid using invalid recent intervals data Len Brown <len.brown(a)intel.com> intel_idle: Allow loading ACPI tables for any family Xin Long <lucien.xin(a)gmail.com> sctp: linearize cloned gso packets in sctp_rcv Florian Westphal <fw(a)strlen.de> netfilter: ctnetlink: fix refcount leak on table dump Sabrina Dubroca <sd(a)queasysnail.net> udp: also consider secpath when evaluating ipsec use for checksumming Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: processor: perflib: Move problematic pr->performance check Jiayi Li <lijiayi(a)kylinos.cn> ACPI: processor: perflib: Fix initial _PPC limit application Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Documentation: ACPI: Fix parent device references Sasha Levin <sashal(a)kernel.org> fs: Prevent file descriptor table allocations exceeding INT_MAX Ma Ke <make24(a)iscas.ac.cn> sunvdc: Balance device refcount in vdc_port_mpgroup_check Dai Ngo <dai.ngo(a)oracle.com> NFSD: detect mismatch of file handle and delegation stateid in OPEN op Jeff Layton <jlayton(a)kernel.org> nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Johan Hovold <johan(a)kernel.org> net: dpaa: fix device leak when querying time stamp info Johan Hovold <johan(a)kernel.org> net: gianfar: fix device leak when querying time stamp info Fedor Pchelkin <pchelkin(a)ispras.ru> netlink: avoid infinite retry looping in netlink_unicast() Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 cluster segment descriptors Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Validate UAC3 power domain descriptors, too Pavel Begunkov <asml.silence(a)gmail.com> io_uring: don't use int for ABI Tao Xue <xuetao09(a)huawei.com> usb: gadget : fix use-after-free in composite_dev_cleanup() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: mm: tlb-r4k: Uniquify TLB entries on init Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W709 Budimir Markovic <markovicbudimir(a)gmail.com> vsock: Do not allow binding to VMADDR_PORT_ANY Quang Le <quanglex97(a)gmail.com> net/packet: fix a race in packet_set_ring() and packet_notifier() Thomas Gleixner <tglx(a)linutronix.de> perf/core: Prevent VMA split of buffer mappings Thomas Gleixner <tglx(a)linutronix.de> perf/core: Exit early on perf_mmap() fail Thomas Gleixner <tglx(a)linutronix.de> perf/core: Don't leak AUX buffer refcount on allocation failure Eric Dumazet <edumazet(a)google.com> pptp: fix pptp_xmit() error path Stefan Metzmacher <metze(a)samba.org> smb: client: let recv_done() cleanup before notifying the callers. Takashi Iwai <tiwai(a)suse.de> ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() Michal Schmidt <mschmidt(a)redhat.com> benet: fix BUG when creating VFs Wang Liang <wangliang74(a)huawei.com> net: drop UFO packets in udp_rcv_segment() Eric Dumazet <edumazet(a)google.com> ipv6: reject malicious packets in ipv6_gso_segment() Eric Dumazet <edumazet(a)google.com> pptp: ensure minimal skb length in pptp_xmit() Horatiu Vultur <horatiu.vultur(a)microchip.com> phy: mscc: Fix parsing of unicast frames Jakub Kicinski <kuba(a)kernel.org> netpoll: prevent hanging NAPI when netcons gets enabled Benjamin Coddington <bcodding(a)redhat.com> NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY Matthew Wilcox (Oracle) <willy(a)infradead.org> XArray: Add calls to might_alloc() Daniel Vetter <daniel.vetter(a)ffwll.ch> mm: extract might_alloc() debug check Olga Kornievskaia <okorniev(a)redhat.com> NFSv4.2: another fix for listxattr Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() Tigran Mkrtchyan <tigran.mkrtchyan(a)desy.de> pNFS/flexfiles: don't attempt pnfs on fatal DS errors Trond Myklebust <trond.myklebust(a)hammerspace.com> pNFS/flexfiles: Avoid spurious layout returns in ff_layout_choose_ds_for_read Timothy Pearson <tpearson(a)raptorengineering.com> PCI: pnv_php: Fix surprise plug detection and recovery Timothy Pearson <tpearson(a)raptorengineering.com> powerpc/eeh: Make EEH driver device hotplug safe Maciej W. Rozycki <macro(a)orcam.me.uk> powerpc/eeh: Rely on dev->link_active_reporting Timothy Pearson <tpearson(a)raptorengineering.com> powerpc/eeh: Export eeh_unfreeze_pe() Timothy Pearson <tpearson(a)raptorengineering.com> PCI: pnv_php: Work around switches with broken presence detection Timothy Pearson <tpearson(a)raptorengineering.com> PCI: pnv_php: Clean up allocated IRQs on unplug Masahiro Yamada <masahiroy(a)kernel.org> kconfig: qconf: fix ConfigList::updateListAllforAll() Seunghui Lee <sh043.lee(a)samsung.com> scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-boundary access in devs.path Chao Yu <chao(a)kernel.org> f2fs: fix to avoid panic in f2fs_evict_inode Chao Yu <chao(a)kernel.org> f2fs: fix to avoid UAF in f2fs_sync_inode_meta() Chao Yu <chao(a)kernel.org> f2fs: doc: fix wrong quota mount option description Brian Masney <bmasney(a)redhat.com> rtc: rv3028: fix incorrect maximum clock rate handling Brian Masney <bmasney(a)redhat.com> rtc: pcf8563: fix incorrect maximum clock rate handling Brian Masney <bmasney(a)redhat.com> rtc: pcf85063: fix incorrect maximum clock rate handling Brian Masney <bmasney(a)redhat.com> rtc: hym8563: fix incorrect maximum clock rate handling Brian Masney <bmasney(a)redhat.com> rtc: ds1307: fix incorrect maximum clock rate handling Petr Pavlu <petr.pavlu(a)suse.com> module: Restore the moduleparam prefix length check Ryan Lee <ryan.lee(a)canonical.com> apparmor: ensure WB_HISTORY_SIZE value is a power of 2 Paul Chaignon <paul.chaignon(a)gmail.com> bpf: Check flow_dissector ctx accesses are aligned Mike Christie <michael.christie(a)oracle.com> vhost-scsi: Fix log flooding with target does not exist errors Balamanikandan Gunasundar <balamanikandan.gunasundar(a)microchip.com> mtd: rawnand: atmel: set pmecc data setup time Thomas Fourier <fourier.thomas(a)gmail.com> mtd: rawnand: atmel: Fix dma_mapping_error() address Zheng Yu <zheng.yu(a)northwestern.edu> jfs: fix metapage reference count leak in dbAllocCtl Chenyuan Yang <chenyuan0y(a)gmail.com> fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> crypto: qat - fix seq_file position update in adf_ring_next() Ben Hutchings <benh(a)debian.org> sh: Do not use hyphen in exported variable name Thomas Fourier <fourier.thomas(a)gmail.com> dmaengine: nbpfaxi: Add missing check after DMA map Thomas Fourier <fourier.thomas(a)gmail.com> dmaengine: mv_xor: Fix missing check after DMA map and missing unmap Dan Carpenter <dan.carpenter(a)linaro.org> fs/orangefs: Allow 2 more characters in do_c_string() Bard Liao <yung-chuan.liao(a)linux.intel.com> soundwire: stream: restore params when prepare ports fail Thomas Fourier <fourier.thomas(a)gmail.com> crypto: img-hash - Fix dma_unmap_sg() nents value Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> hwrng: mtk - handle devm_pm_runtime_enable errors Dan Carpenter <dan.carpenter(a)linaro.org> watchdog: ziirave_wdt: check record length in ziirave_firm_verify() Thomas Fourier <fourier.thomas(a)gmail.com> scsi: isci: Fix dma_unmap_sg() nents value Thomas Fourier <fourier.thomas(a)gmail.com> scsi: mvsas: Fix dma_unmap_sg() nents value Thomas Fourier <fourier.thomas(a)gmail.com> scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value Paul Kocialkowski <paulk(a)sys-base.io> clk: sunxi-ng: v3s: Fix de clock definition Leo Yan <leo.yan(a)arm.com> perf tests bp_account: Fix leaked file descriptor Mengbiao Xiong <xisme1998(a)gmail.com> crypto: ccp - Fix crash when rebind ccp device for ccp.ko Thomas Fourier <fourier.thomas(a)gmail.com> crypto: inside-secure - Fix `dma_unmap_sg()` nents value Yuan Chen <chenyuan(a)kylinos.cn> pinctrl: sunxi: Fix memory leak on krealloc failure Charles Han <hanchunchao(a)inspur.com> power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set Henry Martin <bsdhenrymartin(a)gmail.com> clk: davinci: Add NULL check in davinci_lpsc_clk_register() Ivan Stepchenko <sid(a)itb.spb.ru> mtd: fix possible integer overflow in erase_xfer() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Fix engine load inaccuracy Hans Zhang <18255117159(a)163.com> PCI: rockchip-host: Fix "Unexpected Completion" log message Stanislav Fomichev <sdf(a)fomichev.me> vrf: Drop existing dst reference in vrf_ip6_input_dst Xiumei Mu <xmu(a)redhat.com> selftests: rtnetlink.sh: remove esp4_offload after test Florian Westphal <fw(a)strlen.de> netfilter: xt_nfacct: don't assume acct name is null-terminated Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_usb: Assign netdev.dev_port based on device channel index Jimmy Assarsson <extja(a)kvaser.com> can: kvaser_pciefd: Store device channel index Gokul Sivakumar <gokulkumar.sivakumar(a)infineon.com> wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE Remi Pommarel <repk(a)triplefau.lt> Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() Thomas Fourier <fourier.thomas(a)gmail.com> mwl8k: Add missing check after DMA map Martin Kaistra <martin.kaistra(a)linutronix.de> wifi: rtl8xxxu: Fix RX skb size for aggregation disabled Juergen Gross <jgross(a)suse.com> xen/gntdev: remove struct gntdev_copy_batch from stack Eric Dumazet <edumazet(a)google.com> net_sched: act_ctinfo: use atomic64_t for three counters William Liu <will(a)willsroot.io> net/sched: Restrict conditions for adding duplicating netems to qdisc tree Johan Korsnes <johan.korsnes(a)gmail.com> arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX Fedor Pchelkin <pchelkin(a)ispras.ru> netfilter: nf_tables: adjust lockdep assertions handling Fedor Pchelkin <pchelkin(a)ispras.ru> drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value Finn Thain <fthain(a)linux-m68k.org> m68k: Don't unregister boot console needlessly xin.guo <guoxin0309(a)gmail.com> tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range Sergey Senozhatsky <senozhatsky(a)chromium.org> wifi: ath11k: clear initialized flag for deinit-ed srng lists Jiasheng Jiang <jiasheng(a)iscas.ac.cn> iwlwifi: Add missing check for alloc_ordered_workqueue Xiu Jianfeng <xiujianfeng(a)huawei.com> wifi: iwlwifi: Fix memory leak in iwl_mvm_init() Daniil Dulov <d.dulov(a)aladdin.ru> wifi: rtl818x: Kill URBs before clearing tx status queue Arnd Bergmann <arnd(a)arndb.de> caif: reduce stack size, again Yuan Chen <chenyuan(a)kylinos.cn> bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed Steven Rostedt <rostedt(a)goodmis.org> selftests/tracing: Fix false failure of subsystem event test Alok Tiwari <alok.a.tiwari(a)oracle.com> staging: nvec: Fix incorrect null termination of battery manufacturer Brahmajit Das <listout(a)listout.xyz> samples: mei: Fix building on musl libc Lifeng Zheng <zhenglifeng1(a)huawei.com> cpufreq: Init policy->rwsem before it may be possibly used Lifeng Zheng <zhenglifeng1(a)huawei.com> cpufreq: Initialize cpufreq-based frequency-invariance later Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed Annette Kobou <annette.kobou(a)kontron.de> ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface Lucas De Marchi <lucas.demarchi(a)intel.com> usb: early: xhci-dbc: Fix early_ioremap leak Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "vmci: Prevent the dispatching of uninitialized payloads" Denis OSTERLAND-HEIM <denis.osterland(a)diehl.com> pps: fix poll support Lizhi Xu <lizhi.xu(a)windriver.com> vmci: Prevent the dispatching of uninitialized payloads Abdun Nihaal <abdun.nihaal(a)gmail.com> staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: vfxxx: Correctly use two tuples for timer address Arnd Bergmann <arnd(a)arndb.de> ASoC: ops: dynamically allocate struct snd_ctl_elem_value Kuninori Morimoto <kuninori.morimoto.gx(a)renesas.com> ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() Yangtao Li <frank.li(a)vivo.com> hfsplus: remove mutex_lock check in hfsplus_free_extents RubenKelevra <rubenkelevra(a)gmail.com> fs_context: fix parameter name in infofc() macro Arnd Bergmann <arnd(a)arndb.de> ASoC: Intel: fix SND_SOC_SOF dependencies Arnd Bergmann <arnd(a)arndb.de> ethernet: intel: fix building with large NR_CPUS Xu Yang <xu.yang_2(a)nxp.com> usb: phy: mxs: disconnect line when USB charger is attached Xu Yang <xu.yang_2(a)nxp.com> usb: chipidea: add USB PHY event Daniel Dadap <ddadap(a)nvidia.com> ALSA: hda: Add missing NVIDIA HDA codec IDs Ian Abbott <abbotti(a)mev.co.uk> comedi: comedi_test: Fix possible deletion of uninitialized timers Michael Zhivich <mzhivich(a)akamai.com> x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: reject invalid file types when reading inodes Praveen Kaligineedi <pkaligineedi(a)google.com> gve: Fix stuck TX queue for DQ queue format Jacek Kowalski <jacek(a)jacekk.info> e1000e: ignore uninitialized checksum word on tgp Jacek Kowalski <jacek(a)jacekk.info> e1000e: disregard NVM checksum on tgp when valid checksum bit is not set Dawid Rezler <dawidrezler.patches(a)gmail.com> ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx Yang Xiwen <forbidden405(a)outlook.com> i2c: qup: jump out of the loop in case of timeout Jian Shen <shenjian15(a)huawei.com> net: hns3: fixed vf get max channels bug Jian Shen <shenjian15(a)huawei.com> net: hns3: refine the struct hane3_tc_info Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class Kito Xu (veritas501) <hxzene(a)gmail.com> net: appletalk: Fix use-after-free in AARP proxy probe Andrew Lunn <andrew(a)lunn.ch> net: appletalk: fix kerneldoc warnings Dennis Chen <dechen(a)redhat.com> i40e: report VF tx_dropped with tx_errors instead of tx_discards Yajun Deng <yajun.deng(a)linux.dev> i40e: Add rx_missed_errors for buffer exhaustion Maor Gottlieb <maorg(a)nvidia.com> RDMA/core: Rate limit GID cache warning messages Alessandro Carminati <acarmina(a)redhat.com> regulator: core: fix NULL dereference on unbind due to stale coupling data Hongyu Xie <xiehongyu1(a)kylinos.cn> xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: ensure the received length does not exceed allocated size Alexander Gordeev <agordeev(a)linux.ibm.com> mm/vmalloc: leave lazy MMU mode on PTE mapping error Arun Raghavan <arun(a)asymptotic.io> ASoC: fsl_sai: Force a software reset when starting in consumer mode Krishna Kurapati <krishna.kurapati(a)oss.qualcomm.com> usb: dwc3: qcom: Don't leave BCR asserted Drew Hamilton <drew.hamilton(a)zetier.com> usb: musb: fix gadget state on disconnect Paul Cercueil <paul(a)crapouillou.net> usb: musb: Add and use inline functions musb_{get,set}_state Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: hub: Fix flushing of delayed work used for post resume purposes Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: hub: fix detection of high tier USB3 devices behind suspended hubs William Liu <will(a)willsroot.io> net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree Dong Chenchen <dongchenchen2(a)huawei.com> net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SMP: If an unallowed command is received consider it a failure Kuniyuki Iwashima <kuniyu(a)google.com> Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() Oliver Neukum <oneukum(a)suse.com> usb: net: sierra: check for no status endpoint Marius Zachmann <mail(a)mariuszachmann.de> hwmon: (corsair-cpro) Validate the size of the received input buffer Kuniyuki Iwashima <kuniyu(a)google.com> rpl: Fix use-after-free in rpl_do_srh_inline(). Xiang Mei <xmei5(a)asu.edu> net/sched: sch_qfq: Fix race condition on qfq_aggregate Alok Tiwari <alok.a.tiwari(a)oracle.com> net: emaclite: Fix missing pointer increment in aligned_read() Ian Abbott <abbotti(a)mev.co.uk> comedi: Fix initialization of data for instructions that write to subdevice Ian Abbott <abbotti(a)mev.co.uk> comedi: Fix use of uninitialized data in insn_rw_emulate_bits() Ian Abbott <abbotti(a)mev.co.uk> comedi: Fix some signed shift left operations Ian Abbott <abbotti(a)mev.co.uk> comedi: das6402: Fix bit shift out of bounds Ian Abbott <abbotti(a)mev.co.uk> comedi: das16m1: Fix bit shift out of bounds Ian Abbott <abbotti(a)mev.co.uk> comedi: aio_iiro_16: Fix bit shift out of bounds Ian Abbott <abbotti(a)mev.co.uk> comedi: pcl812: Fix bit shift out of bounds Chen Ni <nichen(a)iscas.ac.cn> iio: adc: stm32-adc: Fix race in installing chained IRQ handler Fabio Estevam <festevam(a)denx.de> iio: adc: max1363: Reorder mode_list[] entries Fabio Estevam <festevam(a)denx.de> iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] Andrew Jeffery <andrew(a)codeconstruct.com.au> soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Andrew Jeffery <andrew(a)codeconstruct.com.au> soc: aspeed: lpc-snoop: Cleanup resources in stack-order Judith Mendez <jm(a)ti.com> mmc: sdhci_am654: Workaround for Errata i2312 Edson Juliano Drosdeck <edson.drosdeck(a)gmail.com> mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models Thomas Fourier <fourier.thomas(a)gmail.com> mmc: bcm2835: Fix dma_unmap_sg() nents value Nathan Chancellor <nathan(a)kernel.org> memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() Jan Kara <jack(a)suse.cz> isofs: Verify inode mode when loading from disk Dan Carpenter <dan.carpenter(a)linaro.org> dmaengine: nbpfaxi: Fix memory corruption in probe() Yun Lu <luyun(a)kylinos.cn> af_packet: fix soft lockup issue caused by tpacket_snd() Yun Lu <luyun(a)kylinos.cn> af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() Nathan Chancellor <nathan(a)kernel.org> phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() Benjamin Tissoires <bentiss(a)kernel.org> HID: core: do not bypass hid_hw_raw_request Benjamin Tissoires <bentiss(a)kernel.org> HID: core: ensure __hid_request reserves the report ID as the first byte Benjamin Tissoires <bentiss(a)kernel.org> HID: core: ensure the allocated report buffer can contain the reserved report ID Thomas Fourier <fourier.thomas(a)gmail.com> pch_uart: Fix dma_sync_sg_for_device() nents value Nilton Perim Neto <niltonperimneto(a)gmail.com> Input: xpad - set correct controller type for Acer NGR200 Alok Tiwari <alok.a.tiwari(a)oracle.com> thunderbolt: Fix bit masking in tb_dp_port_set_hops() Clément Le Goffic <clement.legoffic(a)foss.st.com> i2c: stm32: fix the device used for the DMA map Xinyu Liu <1171169449(a)qq.com> usb: gadget: configfs: Fix OOB read on empty string write Ryan Mann (NDI) <rmann(a)ndigital.com> USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI Slark Xiao <slark_xiao(a)163.com> USB: serial: option: add Foxconn T99W640 Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition Wayne Chang <waynec(a)nvidia.com> phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode ------------- Diffstat: Documentation/filesystems/f2fs.rst | 6 +- Documentation/firmware-guide/acpi/i2c-muxes.rst | 8 +- Documentation/memory-barriers.txt | 11 +- Makefile | 6 +- arch/arm/Makefile | 2 +- arch/arm/boot/dts/imx6ul-kontron-n6x1x-s.dtsi | 1 - arch/arm/boot/dts/vfxxx.dtsi | 2 +- arch/arm/mach-rockchip/platsmp.c | 15 +- arch/arm/mach-tegra/reset.c | 2 +- .../boot/dts/freescale/imx8mm-beacon-som.dtsi | 2 + arch/arm64/include/asm/acpi.h | 2 +- arch/arm64/mm/ptdump_debugfs.c | 3 - arch/m68k/Kconfig.debug | 2 +- arch/m68k/kernel/early_printk.c | 42 +-- arch/m68k/kernel/head.S | 39 ++- arch/mips/crypto/chacha-core.S | 20 +- arch/mips/include/asm/vpe.h | 8 + arch/mips/kernel/process.c | 16 +- arch/mips/mm/tlb-r4k.c | 56 +++- arch/parisc/Makefile | 2 +- arch/powerpc/configs/ppc6xx_defconfig | 1 - arch/powerpc/kernel/eeh.c | 1 + arch/powerpc/kernel/eeh_driver.c | 48 ++-- arch/powerpc/kernel/eeh_pe.c | 11 +- arch/powerpc/kernel/pci-hotplug.c | 3 + arch/powerpc/platforms/512x/mpc512x_lpbfifo.c | 6 +- arch/s390/hypfs/hypfs_dbfs.c | 19 +- arch/s390/include/asm/timex.h | 13 +- arch/s390/kernel/time.c | 2 +- arch/s390/mm/dump_pagetables.c | 2 - arch/sh/Makefile | 10 +- arch/sh/boot/compressed/Makefile | 4 +- arch/sh/boot/romimage/Makefile | 4 +- arch/x86/include/asm/xen/hypercall.h | 6 +- arch/x86/kernel/cpu/amd.c | 2 + arch/x86/kernel/cpu/bugs.c | 5 +- arch/x86/kernel/cpu/mce/amd.c | 13 +- arch/x86/mm/extable.c | 5 +- block/bio.c | 2 +- block/blk-settings.c | 2 +- drivers/acpi/acpi_processor.c | 2 +- drivers/acpi/apei/ghes.c | 2 + drivers/acpi/processor_idle.c | 4 +- drivers/acpi/processor_perflib.c | 11 + drivers/ata/Kconfig | 35 ++- drivers/ata/libata-sata.c | 5 + drivers/ata/libata-scsi.c | 20 +- drivers/base/power/domain_governor.c | 18 +- drivers/base/power/runtime.c | 5 + drivers/block/drbd/drbd_receiver.c | 6 +- drivers/block/sunvdc.c | 4 +- drivers/bus/mhi/host/boot.c | 8 +- drivers/bus/mhi/host/internal.h | 4 +- drivers/char/hw_random/mtk-rng.c | 4 +- drivers/char/ipmi/ipmi_msghandler.c | 8 +- drivers/char/ipmi/ipmi_watchdog.c | 59 +++-- drivers/clk/davinci/psc.c | 5 + drivers/clk/sunxi-ng/ccu-sun8i-v3s.c | 3 +- drivers/cpufreq/armada-8k-cpufreq.c | 2 +- drivers/cpufreq/cppc_cpufreq.c | 2 +- drivers/cpufreq/cpufreq.c | 29 +- drivers/cpuidle/governors/menu.c | 21 +- drivers/crypto/ccp/ccp-debugfs.c | 3 + drivers/crypto/img-hash.c | 2 +- drivers/crypto/inside-secure/safexcel_hash.c | 8 +- drivers/crypto/marvell/cesa/cipher.c | 4 +- drivers/crypto/marvell/cesa/hash.c | 5 +- .../crypto/qat/qat_common/adf_transport_debug.c | 4 +- drivers/devfreq/governor_userspace.c | 6 +- drivers/dma-buf/dma-resv.c | 5 +- drivers/dma/mv_xor.c | 21 +- drivers/dma/nbpfaxi.c | 24 +- drivers/fpga/zynq-fpga.c | 10 +- drivers/gpio/gpio-rcar.c | 20 +- drivers/gpio/gpio-tps65912.c | 7 +- drivers/gpio/gpio-wcd934x.c | 7 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_csa.c | 4 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 6 + .../gpu/drm/amd/display/dc/bios/command_table.c | 2 +- .../amd/display/dc/clk_mgr/dce100/dce_clk_mgr.c | 2 - .../amd/display/dc/clk_mgr/dce110/dce110_clk_mgr.c | 40 +-- .../amd/display/dc/clk_mgr/dce60/dce60_clk_mgr.c | 31 +-- drivers/gpu/drm/amd/display/dc/dcn20/dcn20_hwseq.c | 11 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu_helper.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/amdgpu_smu.c | 6 + drivers/gpu/drm/drm_dp_helper.c | 2 +- drivers/gpu/drm/rockchip/rockchip_drm_fb.c | 9 +- drivers/gpu/drm/scheduler/sched_entity.c | 23 +- drivers/gpu/drm/ttm/ttm_resource.c | 3 + drivers/hid/hid-core.c | 21 +- drivers/hwmon/corsair-cpro.c | 5 + drivers/hwmon/gsc-hwmon.c | 4 +- drivers/i2c/busses/i2c-qup.c | 4 +- drivers/i2c/busses/i2c-stm32.c | 8 +- drivers/i2c/busses/i2c-stm32f7.c | 4 +- drivers/i2c/i2c-core-acpi.c | 1 + drivers/i3c/internals.h | 1 + drivers/i3c/master.c | 2 +- drivers/idle/intel_idle.c | 2 +- drivers/iio/adc/ad7768-1.c | 23 +- drivers/iio/adc/ad_sigma_delta.c | 4 +- drivers/iio/adc/max1363.c | 43 ++- drivers/iio/adc/stm32-adc-core.c | 7 +- drivers/iio/imu/inv_icm42600/inv_icm42600_temp.c | 6 +- drivers/iio/light/as73211.c | 2 +- drivers/iio/light/hid-sensor-prox.c | 3 +- drivers/iio/pressure/bmp280-core.c | 9 +- drivers/iio/proximity/isl29501.c | 14 +- drivers/infiniband/core/cache.c | 4 +- drivers/infiniband/core/nldev.c | 22 +- drivers/infiniband/hw/bnxt_re/qplib_res.c | 2 + drivers/infiniband/hw/hfi1/affinity.c | 44 +-- drivers/infiniband/sw/rxe/rxe_comp.c | 16 +- drivers/input/joystick/xpad.c | 2 +- drivers/iommu/amd/init.c | 4 +- drivers/leds/leds-lp50xx.c | 11 +- drivers/md/dm-core.h | 52 ++++ drivers/md/dm-historical-service-time.c | 4 +- drivers/md/dm-queue-length.c | 4 +- drivers/md/dm-round-robin.c | 4 +- drivers/md/dm-rq.c | 8 + drivers/md/dm-service-time.c | 4 +- drivers/md/dm-zoned-target.c | 2 +- drivers/md/dm.c | 59 +---- drivers/media/cec/usb/rainshadow/rainshadow-cec.c | 3 +- drivers/media/dvb-frontends/dib7000p.c | 8 + drivers/media/i2c/hi556.c | 26 +- drivers/media/i2c/ov2659.c | 3 +- drivers/media/i2c/tc358743.c | 86 +++--- drivers/media/platform/qcom/camss/camss.c | 4 +- drivers/media/platform/qcom/venus/core.c | 21 +- drivers/media/platform/qcom/venus/core.h | 2 + drivers/media/platform/qcom/venus/dbgfs.c | 9 + drivers/media/platform/qcom/venus/dbgfs.h | 13 + drivers/media/platform/qcom/venus/hfi_venus.c | 14 +- drivers/media/platform/qcom/venus/vdec.c | 5 +- drivers/media/usb/gspca/vicam.c | 10 +- drivers/media/usb/hdpvr/hdpvr-i2c.c | 6 + drivers/media/usb/usbtv/usbtv-video.c | 4 + drivers/media/usb/uvc/uvc_driver.c | 3 + drivers/media/usb/uvc/uvc_video.c | 21 +- drivers/media/v4l2-core/v4l2-ctrls.c | 37 ++- drivers/memstick/core/memstick.c | 3 +- drivers/memstick/host/rtsx_usb_ms.c | 1 + drivers/misc/cardreader/rtsx_usb.c | 16 +- drivers/mmc/host/bcm2835.c | 3 +- drivers/mmc/host/rtsx_usb_sdmmc.c | 4 +- drivers/mmc/host/sdhci-msm.c | 14 + drivers/mmc/host/sdhci-pci-core.c | 3 +- drivers/mmc/host/sdhci-pci-gli.c | 4 +- drivers/mmc/host/sdhci_am654.c | 9 +- drivers/most/core.c | 2 +- drivers/mtd/ftl.c | 2 +- drivers/mtd/nand/raw/atmel/nand-controller.c | 2 +- drivers/mtd/nand/raw/atmel/pmecc.c | 6 + drivers/mtd/nand/raw/fsmc_nand.c | 2 + drivers/net/can/kvaser_pciefd.c | 1 + drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 1 + drivers/net/dsa/b53/b53_common.c | 52 ++-- drivers/net/dsa/b53/b53_regs.h | 2 + drivers/net/ethernet/agere/et131x.c | 36 +++ drivers/net/ethernet/atheros/ag71xx.c | 9 + drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 4 +- drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +- drivers/net/ethernet/emulex/benet/be_main.c | 8 +- drivers/net/ethernet/freescale/dpaa/dpaa_ethtool.c | 4 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.c | 66 +++-- drivers/net/ethernet/freescale/dpaa2/dpaa2-eth.h | 13 + .../net/ethernet/freescale/dpaa2/dpaa2-ethtool.c | 16 +- drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c | 97 +++---- drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.h | 5 + drivers/net/ethernet/freescale/fec_main.c | 34 ++- drivers/net/ethernet/freescale/gianfar_ethtool.c | 4 +- drivers/net/ethernet/google/gve/gve_adminq.c | 1 + drivers/net/ethernet/google/gve/gve_main.c | 67 ++--- drivers/net/ethernet/hisilicon/hns3/hnae3.h | 19 +- drivers/net/ethernet/hisilicon/hns3/hns3_debugfs.c | 3 +- drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 33 ++- .../ethernet/hisilicon/hns3/hns3pf/hclge_debugfs.c | 2 +- .../ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 4 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_mbx.c | 2 +- .../net/ethernet/hisilicon/hns3/hns3pf/hclge_tm.c | 49 ++-- .../ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c | 25 +- drivers/net/ethernet/intel/e1000e/defines.h | 3 + drivers/net/ethernet/intel/e1000e/ich8lan.c | 2 + drivers/net/ethernet/intel/e1000e/nvm.c | 6 + drivers/net/ethernet/intel/fm10k/fm10k.h | 3 +- drivers/net/ethernet/intel/i40e/i40e.h | 2 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 3 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 18 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 4 +- drivers/net/ethernet/intel/ice/ice_flex_pipe.c | 2 + drivers/net/ethernet/intel/ixgbe/ixgbe.h | 3 +- drivers/net/ethernet/intel/ixgbe/ixgbe_xsk.c | 4 +- drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2 + drivers/net/ethernet/mellanox/mlxsw/trap.h | 1 + drivers/net/ethernet/xilinx/xilinx_emaclite.c | 2 +- drivers/net/hyperv/hyperv_net.h | 3 + drivers/net/hyperv/netvsc_drv.c | 29 +- drivers/net/phy/mscc/mscc_ptp.c | 1 + drivers/net/phy/mscc/mscc_ptp.h | 1 + drivers/net/phy/smsc.c | 1 + drivers/net/ppp/pptp.c | 18 +- drivers/net/usb/sierra_net.c | 4 + drivers/net/usb/usbnet.c | 11 +- drivers/net/virtio_net.c | 38 ++- drivers/net/vrf.c | 2 + drivers/net/wireless/ath/ath11k/hal.c | 25 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 8 +- .../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 2 +- drivers/net/wireless/intel/iwlegacy/4965-mac.c | 5 +- drivers/net/wireless/intel/iwlwifi/dvm/main.c | 11 +- drivers/net/wireless/intel/iwlwifi/dvm/rs.c | 2 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 7 +- drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 4 +- drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 2 +- drivers/net/wireless/marvell/mwl8k.c | 4 + drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c | 3 +- .../net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 2 +- drivers/net/wireless/realtek/rtlwifi/pci.c | 23 +- drivers/net/xen-netfront.c | 5 - drivers/pci/controller/pcie-rockchip-host.c | 2 +- drivers/pci/endpoint/pci-ep-cfs.c | 1 + drivers/pci/endpoint/pci-epf-core.c | 2 +- drivers/pci/hotplug/pnv_php.c | 235 ++++++++++++++-- drivers/pci/pci-acpi.c | 4 +- drivers/pci/pci.c | 8 +- drivers/pci/probe.c | 2 +- drivers/phy/tegra/xusb-tegra186.c | 61 +++-- drivers/pinctrl/stm32/pinctrl-stm32.c | 1 + drivers/pinctrl/sunxi/pinctrl-sunxi.c | 11 +- drivers/platform/chrome/cros_ec.c | 23 +- drivers/platform/chrome/cros_ec.h | 2 +- drivers/platform/chrome/cros_ec_i2c.c | 4 +- drivers/platform/chrome/cros_ec_lpc.c | 4 +- drivers/platform/chrome/cros_ec_spi.c | 4 +- drivers/platform/chrome/cros_ec_typec.c | 4 +- drivers/platform/x86/thinkpad_acpi.c | 4 +- drivers/power/supply/max14577_charger.c | 4 +- drivers/pps/pps.c | 11 +- drivers/ptp/ptp_clock.c | 13 +- drivers/pwm/pwm-imx-tpm.c | 9 + drivers/pwm/pwm-mediatek.c | 78 ++++-- drivers/regulator/core.c | 1 + drivers/reset/Kconfig | 10 +- drivers/rtc/rtc-ds1307.c | 17 +- drivers/rtc/rtc-hym8563.c | 2 +- drivers/rtc/rtc-pcf85063.c | 2 +- drivers/rtc/rtc-pcf8563.c | 2 +- drivers/rtc/rtc-rv3028.c | 2 +- drivers/scsi/aacraid/comminit.c | 3 +- drivers/scsi/bfa/bfad_im.c | 1 + drivers/scsi/ibmvscsi_tgt/libsrp.c | 6 +- drivers/scsi/isci/request.c | 2 +- drivers/scsi/libiscsi.c | 3 +- drivers/scsi/lpfc/lpfc_debugfs.c | 1 - drivers/scsi/lpfc/lpfc_scsi.c | 4 + drivers/scsi/lpfc/lpfc_sli.c | 8 +- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 19 ++ drivers/scsi/mvsas/mv_sas.c | 4 +- drivers/scsi/pm8001/pm8001_init.c | 11 + drivers/scsi/pm8001/pm8001_sas.h | 1 + drivers/scsi/qla4xxx/ql4_os.c | 2 + drivers/scsi/scsi_scan.c | 2 +- drivers/scsi/scsi_transport_sas.c | 62 ++++- drivers/scsi/ufs/ufs-exynos.c | 4 +- drivers/scsi/ufs/ufshcd.c | 10 +- drivers/soc/aspeed/aspeed-lpc-snoop.c | 13 +- drivers/soc/qcom/mdt_loader.c | 41 +++ drivers/soc/tegra/pmc.c | 51 ++-- drivers/soundwire/stream.c | 2 +- drivers/staging/comedi/comedi_fops.c | 63 ++++- drivers/staging/comedi/comedi_internal.h | 1 + drivers/staging/comedi/drivers.c | 30 ++- drivers/staging/comedi/drivers/aio_iiro_16.c | 3 +- drivers/staging/comedi/drivers/comedi_test.c | 2 +- drivers/staging/comedi/drivers/das16m1.c | 3 +- drivers/staging/comedi/drivers/das6402.c | 3 +- drivers/staging/comedi/drivers/pcl812.c | 3 +- drivers/staging/fbtft/fbtft-core.c | 1 + drivers/staging/media/imx/imx-media-csc-scaler.c | 2 +- drivers/staging/nvec/nvec_power.c | 2 +- drivers/thermal/thermal_sysfs.c | 9 +- drivers/thunderbolt/domain.c | 2 +- drivers/thunderbolt/switch.c | 2 +- drivers/tty/serial/8250/8250_port.c | 3 +- drivers/tty/serial/pch_uart.c | 2 +- drivers/tty/vt/defkeymap.c_shipped | 112 ++++++++ drivers/tty/vt/keyboard.c | 2 +- drivers/uio/uio_hv_generic.c | 4 +- drivers/usb/atm/cxacru.c | 172 ++++++------ drivers/usb/chipidea/ci.h | 18 +- drivers/usb/chipidea/udc.c | 10 + drivers/usb/class/cdc-acm.c | 13 +- drivers/usb/core/config.c | 10 +- drivers/usb/core/hub.c | 60 ++++- drivers/usb/core/hub.h | 1 + drivers/usb/core/quirks.c | 1 + drivers/usb/core/urb.c | 2 +- drivers/usb/dwc3/core.c | 10 - drivers/usb/dwc3/dwc3-meson-g12a.c | 3 + drivers/usb/dwc3/dwc3-qcom.c | 7 +- drivers/usb/dwc3/gadget.c | 14 + drivers/usb/early/xhci-dbc.c | 4 + drivers/usb/gadget/composite.c | 5 + drivers/usb/gadget/configfs.c | 2 + drivers/usb/gadget/udc/renesas_usb3.c | 1 + drivers/usb/host/xhci-hub.c | 3 +- drivers/usb/host/xhci-mem.c | 24 +- drivers/usb/host/xhci-pci-renesas.c | 7 +- drivers/usb/host/xhci-plat.c | 3 +- drivers/usb/host/xhci-ring.c | 19 +- drivers/usb/host/xhci.c | 24 +- drivers/usb/host/xhci.h | 3 +- drivers/usb/musb/musb_core.c | 62 ++--- drivers/usb/musb/musb_core.h | 11 + drivers/usb/musb/musb_debugfs.c | 6 +- drivers/usb/musb/musb_gadget.c | 30 ++- drivers/usb/musb/musb_host.c | 6 +- drivers/usb/musb/musb_virthub.c | 18 +- drivers/usb/musb/omap2430.c | 10 +- drivers/usb/phy/phy-mxs-usb.c | 4 +- drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 3 + drivers/usb/serial/option.c | 7 + drivers/usb/storage/realtek_cr.c | 2 +- drivers/usb/storage/unusual_devs.h | 29 ++ drivers/usb/typec/mux/intel_pmc_mux.c | 2 +- drivers/usb/typec/tcpm/fusb302.c | 8 + drivers/usb/typec/ucsi/psy.c | 2 +- drivers/usb/typec/ucsi/ucsi.c | 1 + drivers/usb/typec/ucsi/ucsi.h | 7 +- drivers/vhost/scsi.c | 4 +- drivers/vhost/vhost.c | 3 + drivers/video/console/vgacon.c | 2 +- drivers/video/fbdev/imxfb.c | 9 +- drivers/watchdog/dw_wdt.c | 2 + drivers/watchdog/ziirave_wdt.c | 3 + drivers/xen/gntdev-common.h | 4 + drivers/xen/gntdev.c | 71 +++-- fs/btrfs/ctree.h | 2 +- fs/btrfs/inode.c | 4 +- fs/btrfs/ioctl.c | 2 +- fs/btrfs/qgroup.c | 2 +- fs/btrfs/send.c | 4 +- fs/btrfs/transaction.c | 2 +- fs/btrfs/tree-log.c | 53 ++-- fs/buffer.c | 2 +- fs/cifs/cifssmb.c | 10 + fs/cifs/smb2ops.c | 7 +- fs/cifs/smbdirect.c | 14 +- fs/ext4/fsmap.c | 23 +- fs/ext4/indirect.c | 4 +- fs/ext4/inline.c | 19 +- fs/ext4/inode.c | 2 +- fs/f2fs/f2fs.h | 2 +- fs/f2fs/inode.c | 28 +- fs/f2fs/node.c | 10 + fs/file.c | 15 ++ fs/hfs/bnode.c | 93 +++++++ fs/hfsplus/bnode.c | 92 +++++++ fs/hfsplus/extents.c | 3 - fs/hfsplus/unicode.c | 7 + fs/hfsplus/xattr.c | 6 +- fs/hugetlbfs/inode.c | 2 +- fs/isofs/inode.c | 9 +- fs/jbd2/checkpoint.c | 1 + fs/jfs/file.c | 3 + fs/jfs/inode.c | 2 +- fs/jfs/jfs_dmap.c | 10 +- fs/libfs.c | 4 +- fs/namespace.c | 89 ++++++- fs/nfs/blocklayout/blocklayout.c | 4 +- fs/nfs/blocklayout/dev.c | 5 +- fs/nfs/blocklayout/extent_tree.c | 20 +- fs/nfs/client.c | 46 +++- fs/nfs/export.c | 11 +- fs/nfs/flexfilelayout/flexfilelayout.c | 32 +-- fs/nfs/flexfilelayout/flexfilelayoutdev.c | 6 +- fs/nfs/inode.c | 6 +- fs/nfs/internal.h | 10 +- fs/nfs/nfs4client.c | 15 +- fs/nfs/nfs4proc.c | 46 ++-- fs/nfs/pnfs.c | 11 +- fs/nfsd/nfs4state.c | 34 ++- fs/nilfs2/inode.c | 9 +- fs/orangefs/orangefs-debugfs.c | 8 +- fs/squashfs/super.c | 14 +- fs/udf/super.c | 13 +- include/asm-generic/barrier.h | 33 +++ include/linux/blk_types.h | 8 +- include/linux/compiler.h | 8 - include/linux/cpuset.h | 17 ++ include/linux/fs.h | 4 +- include/linux/fs_context.h | 2 +- include/linux/if_vlan.h | 6 +- include/linux/memfd.h | 14 + include/linux/minmax.h | 17 ++ include/linux/mm.h | 76 ++++-- include/linux/mmzone.h | 22 ++ include/linux/moduleparam.h | 5 +- include/linux/pci.h | 1 + include/linux/platform_data/cros_ec_proto.h | 4 + include/linux/pps_kernel.h | 1 + include/linux/sched/mm.h | 16 ++ include/linux/skbuff.h | 31 ++- include/linux/usb/usbnet.h | 1 + include/linux/xarray.h | 15 ++ include/net/cfg80211.h | 2 +- include/net/tc_act/tc_ctinfo.h | 6 +- include/net/udp.h | 24 +- include/uapi/linux/in6.h | 4 +- include/uapi/linux/io_uring.h | 2 +- include/uapi/linux/mount.h | 3 +- kernel/cgroup/cpuset.c | 23 ++ kernel/events/core.c | 20 +- kernel/fork.c | 2 +- kernel/power/console.c | 7 +- kernel/rcu/tree_plugin.h | 3 + kernel/trace/ftrace.c | 19 +- kernel/trace/trace.c | 33 ++- kernel/trace/trace.h | 8 +- kernel/trace/trace_events.c | 5 + mm/filemap.c | 2 +- mm/hmm.c | 2 +- mm/kmemleak.c | 10 +- mm/madvise.c | 2 +- mm/memfd.c | 2 +- mm/mmap.c | 10 +- mm/page_alloc.c | 13 + mm/ptdump.c | 2 + mm/shmem.c | 2 +- mm/slab.h | 5 +- mm/slob.c | 6 +- mm/vmalloc.c | 16 +- mm/zsmalloc.c | 6 +- net/8021q/vlan.c | 42 ++- net/8021q/vlan.h | 1 + net/appletalk/aarp.c | 42 ++- net/appletalk/ddp.c | 7 +- net/bluetooth/l2cap_core.c | 26 +- net/bluetooth/l2cap_sock.c | 3 + net/bluetooth/smp.c | 21 +- net/bluetooth/smp.h | 1 + net/bridge/netfilter/nft_reject_bridge.c | 60 +---- net/caif/cfctrl.c | 294 ++++++++++----------- net/core/filter.c | 3 + net/core/netpoll.c | 7 + net/hsr/hsr_slave.c | 8 +- net/ipv4/netfilter/nf_reject_ipv4.c | 4 +- net/ipv4/route.c | 1 - net/ipv4/tcp_input.c | 3 +- net/ipv4/udp_offload.c | 2 +- net/ipv6/ip6_offload.c | 4 +- net/ipv6/netfilter/nf_reject_ipv6.c | 4 +- net/ipv6/rpl_iptunnel.c | 8 +- net/ipv6/seg6_hmac.c | 3 + net/mac80211/tx.c | 7 + net/ncsi/internal.h | 2 +- net/ncsi/ncsi-rsp.c | 1 + net/netfilter/nf_conntrack_netlink.c | 24 +- net/netfilter/nf_tables_api.c | 4 +- net/netfilter/nft_reject.c | 12 +- net/netfilter/nft_reject_inet.c | 68 +---- net/netfilter/xt_nfacct.c | 4 +- net/netlink/af_netlink.c | 2 +- net/packet/af_packet.c | 39 ++- net/phonet/pep.c | 2 +- net/sched/act_ctinfo.c | 19 +- net/sched/sch_cake.c | 14 +- net/sched/sch_codel.c | 5 +- net/sched/sch_drr.c | 7 +- net/sched/sch_ets.c | 46 ++-- net/sched/sch_fq_codel.c | 6 +- net/sched/sch_hfsc.c | 8 +- net/sched/sch_htb.c | 19 +- net/sched/sch_netem.c | 40 +++ net/sched/sch_qfq.c | 40 ++- net/sctp/input.c | 2 +- net/tls/tls_sw.c | 13 + net/vmw_vsock/af_vsock.c | 3 +- net/wireless/mlme.c | 3 +- samples/mei/mei-amt-version.c | 2 +- scripts/kconfig/gconf.c | 8 +- scripts/kconfig/lxdialog/inputbox.c | 6 +- scripts/kconfig/lxdialog/menubox.c | 2 +- scripts/kconfig/nconf.c | 2 + scripts/kconfig/nconf.gui.c | 1 + scripts/kconfig/qconf.cc | 2 +- security/apparmor/include/match.h | 3 +- security/apparmor/match.c | 1 + security/inode.c | 2 - sound/core/pcm_native.c | 19 +- sound/pci/hda/patch_ca0132.c | 7 +- sound/pci/hda/patch_hdmi.c | 19 ++ sound/pci/hda/patch_realtek.c | 3 + sound/pci/intel8x0.c | 2 +- sound/soc/codecs/hdac_hdmi.c | 10 +- sound/soc/codecs/rt5640.c | 5 + sound/soc/fsl/fsl_sai.c | 30 ++- sound/soc/intel/boards/Kconfig | 2 +- sound/soc/soc-core.c | 3 + sound/soc/soc-dai.c | 19 +- sound/soc/soc-dapm.c | 4 + sound/soc/soc-ops.c | 28 +- sound/usb/mixer_quirks.c | 14 +- sound/usb/mixer_scarlett_gen2.c | 8 + sound/usb/stream.c | 25 +- sound/usb/validate.c | 14 +- tools/bpf/bpftool/net.c | 15 +- tools/include/linux/sched/mm.h | 2 + tools/perf/tests/bp_account.c | 1 + .../cpupower/utils/idle_monitor/mperf_monitor.c | 4 +- tools/testing/ktest/ktest.pl | 5 +- .../ftrace/test.d/event/subsystem-enable.tc | 28 +- .../ftrace/test.d/ftrace/func-filter-glob.tc | 2 +- tools/testing/selftests/futex/include/futextest.h | 11 + tools/testing/selftests/memfd/memfd_test.c | 43 +++ tools/testing/selftests/net/mptcp/Makefile | 3 +- .../selftests/net/mptcp/mptcp_connect_mmap.sh | 5 + tools/testing/selftests/net/mptcp/pm_netlink.sh | 1 + tools/testing/selftests/net/rtnetlink.sh | 6 + 523 files changed, 4765 insertions(+), 2123 deletions(-)

2 weeks, 6 days

7
530
0 0

[PATCH] Revert "virtio_pci: Support surprise removal of virtio pci device"

by Parav Pandit

This reverts commit 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device"). Virtio drivers and PCI devices have never fully supported true surprise (aka hot unplug) removal. Drivers historically continued processing and waiting for pending I/O and even continued synchronous device reset during surprise removal. Devices have also continued completing I/Os, doing DMA and allowing device reset after surprise removal to support such drivers. Supporting it correctly would require a new device capability and driver negotiation in the virtio specification to safely stop I/O and free queue memory. Failure to do so either breaks all the existing drivers with call trace listed in the commit or crashes the host on continuing the DMA. Hence, until such specification and devices are invented, restore the previous behavior of treating surprise removal as graceful removal to avoid regressions and maintain system stability same as before the commit 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device"). As explained above, previous analysis of solving this only in driver was incomplete and non-reliable at [1] and at [2]; Hence reverting commit 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device") is still the best stand to restore failures of virtio net and block devices. [1] https://lore.kernel.org/virtualization/CY8PR12MB719506CC5613EB100BC6C638DCB… [2] https://lore.kernel.org/virtualization/20250602024358.57114-1-parav@nvidia.… Fixes: 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device") Cc: stable(a)vger.kernel.org Reported-by: lirongqing(a)baidu.com Closes: https://lore.kernel.org/virtualization/c45dd68698cd47238c55fb73ca9b4741@bai… Signed-off-by: Parav Pandit <parav(a)nvidia.com> --- drivers/virtio/virtio_pci_common.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/drivers/virtio/virtio_pci_common.c b/drivers/virtio/virtio_pci_common.c index d6d79af44569..dba5eb2eaff9 100644 --- a/drivers/virtio/virtio_pci_common.c +++ b/drivers/virtio/virtio_pci_common.c @@ -747,13 +747,6 @@ static void virtio_pci_remove(struct pci_dev *pci_dev) struct virtio_pci_device *vp_dev = pci_get_drvdata(pci_dev); struct device *dev = get_device(&vp_dev->vdev.dev); - /* - * Device is marked broken on surprise removal so that virtio upper - * layers can abort any ongoing operation. - */ - if (!pci_device_is_present(pci_dev)) - virtio_break_device(&vp_dev->vdev); - pci_disable_sriov(pci_dev); unregister_virtio_device(&vp_dev->vdev); -- 2.26.2

2 weeks, 6 days

3
17
0 0

Ref:-""Breakthrough Funding for Innovative Ideas"

by Mr. William Man Fu Hung

Dear Entrepreneur, "Global Support for Project & Business Development" Need funds for your project or business plan? Our investors are ready to help and support you. Our network of professional investors offers soft loans to support project owners worldwide. Contact us to explore funding opportunities." "Businesses and entrepreneurs seeking strategic partnerships and investment opportunities can benefit from our expertise. We consider collaborations in various sectors, including: 1. Business development 2. Project financing 3. Growth and expansion 4. Real estate investments 5. Strategic contracts Note: IF YOU BRING A PROJECT OWNER TO US, YOU WILL RECEIVE A REFERER COMMISION. KINDLY DISCUSS PARTNERSHIP WITH US TODAY. info(a)firstcapitalsinvestors.com or firstcapitalsinvestors(a)gmail.com We finance all kinds of viable projects ranging from personal projects to multi mega capital project. Organizational projects, . Government projects and community development are part of our services to humanity. We have support project such as real estate projects, Oil and Gas Projects, Health and medications, Engineering, Construction, Agriculture, Aviation, Retail sales business. All viable projects and businesses are welcome. Our investors are ready to support you. Best Regards Mr. William Man Fu Hung First Capital Loans and Finance www.firstcapitalsinvestors.com info(a)firstcapitalsinvestors.com

2 weeks, 6 days

1
0
0 0

[PATCH] perf lzma: Fix return value in lzma_is_compressed()

by Miaoqian Lin

lzma_is_compressed() returns -1 on error but is declared as bool. And -1 gets converted to true, which could be misleading. Return false instead to match the declared type. Fixes: 4b57fd44b61b ("perf tools: Add lzma_is_compressed function") Cc: <stable(a)vger.kernel.org> Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- tools/perf/util/lzma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/util/lzma.c b/tools/perf/util/lzma.c index bbcd2ffcf4bd..c355757ed391 100644 --- a/tools/perf/util/lzma.c +++ b/tools/perf/util/lzma.c @@ -120,7 +120,7 @@ bool lzma_is_compressed(const char *input) ssize_t rc; if (fd < 0) - return -1; + return false; rc = read(fd, buf, sizeof(buf)); close(fd); -- 2.39.5 (Apple Git-154)

2 weeks, 6 days

1
0
0 0

[PATCH] perf tools: Fix bool return value in gzip_is_compressed()

by Miaoqian Lin

gzip_is_compressed() returns -1 on error but is declared as bool. And -1 gets converted to true, which could be misleading. Return false instead to match the declared type. Fixes: 88c74dc76a30 ("perf tools: Add gzip_is_compressed function") Cc: <stable(a)vger.kernel.org> Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> --- tools/perf/util/zlib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/perf/util/zlib.c b/tools/perf/util/zlib.c index 78d2297c1b67..1f7c06523059 100644 --- a/tools/perf/util/zlib.c +++ b/tools/perf/util/zlib.c @@ -88,7 +88,7 @@ bool gzip_is_compressed(const char *input) ssize_t rc; if (fd < 0) - return -1; + return false; rc = read(fd, buf, sizeof(buf)); close(fd); -- 2.39.5 (Apple Git-154)

2 weeks, 6 days

1
0
0 0

RE: [PATCH] Revert "virtio_pci: Support surprise removal of virtio pci device"

by Li,Rongqing

> This reverts commit 43bb40c5b926 ("virtio_pci: Support surprise removal of > virtio pci device"). > > Virtio drivers and PCI devices have never fully supported true surprise (aka hot > unplug) removal. Drivers historically continued processing and waiting for > pending I/O and even continued synchronous device reset during surprise > removal. Devices have also continued completing I/Os, doing DMA and allowing > device reset after surprise removal to support such drivers. > > Supporting it correctly would require a new device capability and driver > negotiation in the virtio specification to safely stop I/O and free queue memory. > Failure to do so either breaks all the existing drivers with call trace listed in the > commit or crashes the host on continuing the DMA. Hence, until such > specification and devices are invented, restore the previous behavior of treating > surprise removal as graceful removal to avoid regressions and maintain system > stability same as before the commit 43bb40c5b926 ("virtio_pci: Support surprise > removal of virtio pci device"). > > As explained above, previous analysis of solving this only in driver was > incomplete and non-reliable at [1] and at [2]; Hence reverting commit > 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device") is still > the best stand to restore failures of virtio net and block devices. > > [1] > https://lore.kernel.org/virtualization/CY8PR12MB719506CC5613EB100BC6C638 > DCBD2(a)CY8PR12MB7195.namprd12.prod.outlook.com/#t > [2] > https://lore.kernel.org/virtualization/20250602024358.57114-1-parav@nvidia.c > om/ > > Fixes: 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci device") > Cc: stable(a)vger.kernel.org > Reported-by: lirongqing(a)baidu.com > Closes: > https://lore.kernel.org/virtualization/c45dd68698cd47238c55fb73ca9b4741@b > aidu.com/ > Signed-off-by: Parav Pandit <parav(a)nvidia.com> Tested-by: Li RongQing <lirongqing(a)baidu.com> Thanks -Li > --- > drivers/virtio/virtio_pci_common.c | 7 ------- > 1 file changed, 7 deletions(-) > > diff --git a/drivers/virtio/virtio_pci_common.c > b/drivers/virtio/virtio_pci_common.c > index d6d79af44569..dba5eb2eaff9 100644 > --- a/drivers/virtio/virtio_pci_common.c > +++ b/drivers/virtio/virtio_pci_common.c > @@ -747,13 +747,6 @@ static void virtio_pci_remove(struct pci_dev *pci_dev) > struct virtio_pci_device *vp_dev = pci_get_drvdata(pci_dev); > struct device *dev = get_device(&vp_dev->vdev.dev); > > - /* > - * Device is marked broken on surprise removal so that virtio upper > - * layers can abort any ongoing operation. > - */ > - if (!pci_device_is_present(pci_dev)) > - virtio_break_device(&vp_dev->vdev); > - > pci_disable_sriov(pci_dev); > > unregister_virtio_device(&vp_dev->vdev); > -- > 2.26.2

2 weeks, 6 days

3
14
0 0

[PATCH iwl-net v1 0/4] ixgbe/ixgbevf: fix PF/VF communication issues

by Jedrzej Jagielski

Within two-step API update let's provide 2 new MBX operations: 1) request PF's link state (speed & up/down) - as legacy approach became obsolete for new E610 adapter and link state data can't be correctly provided - increasing API to 1.6 2) ask PF about supported features - for some time there is quite a mess in negotiating API versions caused by too loose approach in adding new specific (not supported by all of the drivers capable of linking with ixgbevf) feature and corresponding API versions. Now list of supported features is provided by MBX operation - increasing API to 1.7 Jedrzej Jagielski (4): ixgbevf: fix getting link speed data for E610 devices ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation ixgbevf: fix mailbox API compatibility by negotiating supported features ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd drivers/net/ethernet/intel/ixgbe/ixgbe_mbx.h | 15 ++ .../net/ethernet/intel/ixgbe/ixgbe_sriov.c | 79 ++++++++ drivers/net/ethernet/intel/ixgbevf/defines.h | 1 + drivers/net/ethernet/intel/ixgbevf/ipsec.c | 10 + drivers/net/ethernet/intel/ixgbevf/ixgbevf.h | 7 + .../net/ethernet/intel/ixgbevf/ixgbevf_main.c | 34 +++- drivers/net/ethernet/intel/ixgbevf/mbx.h | 8 + drivers/net/ethernet/intel/ixgbevf/vf.c | 182 +++++++++++++++--- drivers/net/ethernet/intel/ixgbevf/vf.h | 1 + 9 files changed, 304 insertions(+), 33 deletions(-) -- 2.31.1

2 weeks, 6 days

2
5
0 0

[PATCH net v3 1/2] net: ipv4: fix regression in local-broadcast routes

by Oscar Maes

Commit 9e30ecf23b1b ("net: ipv4: fix incorrect MTU in broadcast routes") introduced a regression where local-broadcast packets would have their gateway set in __mkroute_output, which was caused by fi = NULL being removed. Fix this by resetting the fib_info for local-broadcast packets. This preserves the intended changes for directed-broadcast packets. Cc: stable(a)vger.kernel.org Fixes: 9e30ecf23b1b ("net: ipv4: fix incorrect MTU in broadcast routes") Reported-by: Brett A C Sheffield <bacs(a)librecast.net> Closes: https://lore.kernel.org/regressions/20250822165231.4353-4-bacs@librecast.net Signed-off-by: Oscar Maes <oscmaes92(a)gmail.com> --- Link to discussion: https://lore.kernel.org/netdev/20250822165231.4353-4-bacs@librecast.net/ Thanks to Brett Sheffield for finding the regression and writing the initial fix! net/ipv4/route.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/net/ipv4/route.c b/net/ipv4/route.c index f639a2ae881a..baa43e5966b1 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2575,12 +2575,16 @@ static struct rtable *__mkroute_output(const struct fib_result *res, !netif_is_l3_master(dev_out)) return ERR_PTR(-EINVAL); - if (ipv4_is_lbcast(fl4->daddr)) + if (ipv4_is_lbcast(fl4->daddr)) { type = RTN_BROADCAST; - else if (ipv4_is_multicast(fl4->daddr)) + + /* reset fi to prevent gateway resolution */ + fi = NULL; + } else if (ipv4_is_multicast(fl4->daddr)) { type = RTN_MULTICAST; - else if (ipv4_is_zeronet(fl4->daddr)) + } else if (ipv4_is_zeronet(fl4->daddr)) { return ERR_PTR(-EINVAL); + } if (dev_out->flags & IFF_LOOPBACK) flags |= RTCF_LOCAL; -- 2.39.5

2 weeks, 6 days

6
6
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror