- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] f2fs: fix wrong block mapping for multi-devices" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 9d5c4f5c7a2c7677e1b3942772122b032c265aae # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102053-joylessly-pony-8641@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9d5c4f5c7a2c7677e1b3942772122b032c265aae Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim <jaegeuk(a)kernel.org> Date: Tue, 7 Oct 2025 03:32:30 +0000 Subject: [PATCH] f2fs: fix wrong block mapping for multi-devices Assuming the disk layout as below, disk0: 0 --- 0x00035abfff disk1: 0x00035ac000 --- 0x00037abfff disk2: 0x00037ac000 --- 0x00037ebfff and we want to read data from offset=13568 having len=128 across the block devices, we can illustrate the block addresses like below. 0 .. 0x00037ac000 ------------------- 0x00037ebfff, 0x00037ec000 ------- | ^ ^ ^ | fofs 0 13568 13568+128 | ------------------------------------------------------ | LBA 0x37e8aa9 0x37ebfa9 0x37ec029 --- map 0x3caa9 0x3ffa9 In this example, we should give the relative map of the target block device ranging from 0x3caa9 to 0x3ffa9 where the length should be calculated by 0x37ebfff + 1 - 0x37ebfa9. In the below equation, however, map->m_pblk was supposed to be the original address instead of the one from the target block address. - map->m_len = min(map->m_len, dev->end_blk + 1 - map->m_pblk); Cc: stable(a)vger.kernel.org Fixes: 71f2c8206202 ("f2fs: multidevice: support direct IO") Reviewed-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index ef38e62cda8f..775aa4f63aa3 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -1497,8 +1497,8 @@ static bool f2fs_map_blocks_cached(struct inode *inode, struct f2fs_dev_info *dev = &sbi->devs[bidx]; map->m_bdev = dev->bdev; - map->m_pblk -= dev->start_blk; map->m_len = min(map->m_len, dev->end_blk + 1 - map->m_pblk); + map->m_pblk -= dev->start_blk; } else { map->m_bdev = inode->i_sb->s_bdev; }

6 days, 21 hours

2
1
0 0

FAILED: patch "[PATCH] vfs: Don't leak disconnected dentries on umount" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 56094ad3eaa21e6621396cc33811d8f72847a834 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102038-pogo-backfire-3d6e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 56094ad3eaa21e6621396cc33811d8f72847a834 Mon Sep 17 00:00:00 2001 From: Jan Kara <jack(a)suse.cz> Date: Thu, 2 Oct 2025 17:55:07 +0200 Subject: [PATCH] vfs: Don't leak disconnected dentries on umount When user calls open_by_handle_at() on some inode that is not cached, we will create disconnected dentry for it. If such dentry is a directory, exportfs_decode_fh_raw() will then try to connect this dentry to the dentry tree through reconnect_path(). It may happen for various reasons (such as corrupted fs or race with rename) that the call to lookup_one_unlocked() in reconnect_one() will fail to find the dentry we are trying to reconnect and instead create a new dentry under the parent. Now this dentry will not be marked as disconnected although the parent still may well be disconnected (at least in case this inconsistency happened because the fs is corrupted and .. doesn't point to the real parent directory). This creates inconsistency in disconnected flags but AFAICS it was mostly harmless. At least until commit f1ee616214cb ("VFS: don't keep disconnected dentries on d_anon") which removed adding of most disconnected dentries to sb->s_anon list. Thus after this commit cleanup of disconnected dentries implicitely relies on the fact that dput() will immediately reclaim such dentries. However when some leaf dentry isn't marked as disconnected, as in the scenario described above, the reclaim doesn't happen and the dentries are "leaked". Memory reclaim can eventually reclaim them but otherwise they stay in memory and if umount comes first, we hit infamous "Busy inodes after unmount" bug. Make sure all dentries created under a disconnected parent are marked as disconnected as well. Reported-by: syzbot+1d79ebe5383fc016cf07(a)syzkaller.appspotmail.com Fixes: f1ee616214cb ("VFS: don't keep disconnected dentries on d_anon") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/fs/dcache.c b/fs/dcache.c index a067fa0a965a..035cccbc9276 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -2557,6 +2557,8 @@ struct dentry *d_alloc_parallel(struct dentry *parent, spin_lock(&parent->d_lock); new->d_parent = dget_dlock(parent); hlist_add_head(&new->d_sib, &parent->d_children); + if (parent->d_flags & DCACHE_DISCONNECTED) + new->d_flags |= DCACHE_DISCONNECTED; spin_unlock(&parent->d_lock); retry:

6 days, 21 hours

2
1
0 0

FAILED: patch "[PATCH] NFSD: Define a proc_layoutcommit for the FlexFiles layout" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 4b47a8601b71ad98833b447d465592d847b4dc77 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102007-unashamed-manmade-2cbd@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4b47a8601b71ad98833b447d465592d847b4dc77 Mon Sep 17 00:00:00 2001 From: Chuck Lever <chuck.lever(a)oracle.com> Date: Thu, 11 Sep 2025 11:12:06 -0400 Subject: [PATCH] NFSD: Define a proc_layoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout. Reported-by: Robert Morris <rtm(a)csail.mit.edu> Closes: https://lore.kernel.org/linux-nfs/152f99b2-ba35-4dec-93a9-4690e625dccd@orac… Cc: Thomas Haynes <loghyr(a)hammerspace.com> Cc: stable(a)vger.kernel.org Fixes: 9b9960a0ca47 ("nfsd: Add a super simple flex file server") Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/flexfilelayout.c b/fs/nfsd/flexfilelayout.c index c318cf74e388..0f1a35400cd5 100644 --- a/fs/nfsd/flexfilelayout.c +++ b/fs/nfsd/flexfilelayout.c @@ -125,6 +125,13 @@ nfsd4_ff_proc_getdeviceinfo(struct super_block *sb, struct svc_rqst *rqstp, return 0; } +static __be32 +nfsd4_ff_proc_layoutcommit(struct inode *inode, struct svc_rqst *rqstp, + struct nfsd4_layoutcommit *lcp) +{ + return nfs_ok; +} + const struct nfsd4_layout_ops ff_layout_ops = { .notify_types = NOTIFY_DEVICEID4_DELETE | NOTIFY_DEVICEID4_CHANGE, @@ -133,4 +140,5 @@ const struct nfsd4_layout_ops ff_layout_ops = { .encode_getdeviceinfo = nfsd4_ff_encode_getdeviceinfo, .proc_layoutget = nfsd4_ff_proc_layoutget, .encode_layoutget = nfsd4_ff_encode_layoutget, + .proc_layoutcommit = nfsd4_ff_proc_layoutcommit, };

6 days, 21 hours

2
1
0 0

[PATCH 6.12] dmaengine: Add missing cleanup on module unload

by Guenter Roeck

Upstream commit b7cb9a034305 ("dmaengine: idxd: Fix refcount underflow on module unload") fixes a refcount underflow by replacing the call to idxd_cleanup() in the remove function with direct cleanup calls. That works fine upstream. However, upstream removed support for IOMMU_DEV_FEAT_IOPF, which is still supported in v6.12.y. The backport of commit b7cb9a034305 into v6.12.y misses the call to disable it. This results in a warning backtrace when unloading and reloading the module. WARNING: CPU: 0 PID: 665849 at drivers/pci/ats.c:337 pci_reset_pri+0x4c/0x60 ... RIP: 0010:pci_reset_pri+0xa7/0x130 Add the missing cleanup call to fix the problem. Fixes: ce81905bec91 ("dmaengine: idxd: Fix refcount underflow on module unload") Cc: Yi Sun <yi.sun(a)intel.com> Cc: Shuai Xue <xueshuai(a)linux.alibaba.com> Cc: Dave Jiang <dave.jiang(a)intel.com> Cc: Vinicius Costa Gomes <vinicius.gomes(a)intel.com> Cc: Vinod Koul <vkoul(a)kernel.org> Signed-off-by: Guenter Roeck <linux(a)roeck-us.net> --- The problem fixed with this patch only affects v6.12.y. drivers/dma/idxd/init.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/dma/idxd/init.c b/drivers/dma/idxd/init.c index 74a83203181d..e55136bb525e 100644 --- a/drivers/dma/idxd/init.c +++ b/drivers/dma/idxd/init.c @@ -923,6 +923,8 @@ static void idxd_remove(struct pci_dev *pdev) idxd_cleanup_interrupts(idxd); if (device_pasid_enabled(idxd)) idxd_disable_system_pasid(idxd); + if (device_user_pasid_enabled(idxd)) + idxd_disable_sva(idxd->pdev); pci_iounmap(pdev, idxd->reg_base); put_device(idxd_confdev(idxd)); pci_disable_device(pdev); -- 2.45.2

6 days, 22 hours

2
1
0 0

FAILED: patch "[PATCH] nfsd: decouple the xprtsec policy check from" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x e4f574ca9c6dfa66695bb054ff5df43ecea873ec # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101611-revisit-ranging-52d6@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e4f574ca9c6dfa66695bb054ff5df43ecea873ec Mon Sep 17 00:00:00 2001 From: Scott Mayhew <smayhew(a)redhat.com> Date: Wed, 6 Aug 2025 15:15:43 -0400 Subject: [PATCH] nfsd: decouple the xprtsec policy check from check_nfsd_access() A while back I had reported that an NFSv3 client could successfully mount using '-o xprtsec=none' an export that had been exported with 'xprtsec=tls:mtls'. By "successfully" I mean that the mount command would succeed and the mount would show up in /proc/mount. Attempting to do anything futher with the mount would be met with NFS3ERR_ACCES. This was fixed (albeit accidentally) by commit bb4f07f2409c ("nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT") and was subsequently re-broken by commit 0813c5f01249 ("nfsd: fix access checking for NLM under XPRTSEC policies"). Transport Layer Security isn't an RPC security flavor or pseudo-flavor, so we shouldn't be conflating them when determining whether the access checks can be bypassed. Split check_nfsd_access() into two helpers, and have __fh_verify() call the helpers directly since __fh_verify() has logic that allows one or both of the checks to be skipped. All other sites will continue to call check_nfsd_access(). Link: https://lore.kernel.org/linux-nfs/ZjO3Qwf_G87yNXb2@aion/ Fixes: 9280c5774314 ("NFSD: Handle new xprtsec= export option") Cc: stable(a)vger.kernel.org Signed-off-by: Scott Mayhew <smayhew(a)redhat.com> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/export.c b/fs/nfsd/export.c index cadfc2bae60e..95b5681152c4 100644 --- a/fs/nfsd/export.c +++ b/fs/nfsd/export.c @@ -1082,50 +1082,62 @@ static struct svc_export *exp_find(struct cache_detail *cd, } /** - * check_nfsd_access - check if access to export is allowed. + * check_xprtsec_policy - check if access to export is allowed by the + * xprtsec policy * @exp: svc_export that is being accessed. - * @rqstp: svc_rqst attempting to access @exp (will be NULL for LOCALIO). - * @may_bypass_gss: reduce strictness of authorization check + * @rqstp: svc_rqst attempting to access @exp. + * + * Helper function for check_nfsd_access(). Note that callers should be + * using check_nfsd_access() instead of calling this function directly. The + * one exception is __fh_verify() since it has logic that may result in one + * or both of the helpers being skipped. * * Return values: * %nfs_ok if access is granted, or * %nfserr_wrongsec if access is denied */ -__be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp, - bool may_bypass_gss) +__be32 check_xprtsec_policy(struct svc_export *exp, struct svc_rqst *rqstp) { - struct exp_flavor_info *f, *end = exp->ex_flavors + exp->ex_nflavors; - struct svc_xprt *xprt; - - /* - * If rqstp is NULL, this is a LOCALIO request which will only - * ever use a filehandle/credential pair for which access has - * been affirmed (by ACCESS or OPEN NFS requests) over the - * wire. So there is no need for further checks here. - */ - if (!rqstp) - return nfs_ok; - - xprt = rqstp->rq_xprt; + struct svc_xprt *xprt = rqstp->rq_xprt; if (exp->ex_xprtsec_modes & NFSEXP_XPRTSEC_NONE) { if (!test_bit(XPT_TLS_SESSION, &xprt->xpt_flags)) - goto ok; + return nfs_ok; } if (exp->ex_xprtsec_modes & NFSEXP_XPRTSEC_TLS) { if (test_bit(XPT_TLS_SESSION, &xprt->xpt_flags) && !test_bit(XPT_PEER_AUTH, &xprt->xpt_flags)) - goto ok; + return nfs_ok; } if (exp->ex_xprtsec_modes & NFSEXP_XPRTSEC_MTLS) { if (test_bit(XPT_TLS_SESSION, &xprt->xpt_flags) && test_bit(XPT_PEER_AUTH, &xprt->xpt_flags)) - goto ok; + return nfs_ok; } - if (!may_bypass_gss) - goto denied; + return nfserr_wrongsec; +} + +/** + * check_security_flavor - check if access to export is allowed by the + * security flavor + * @exp: svc_export that is being accessed. + * @rqstp: svc_rqst attempting to access @exp. + * @may_bypass_gss: reduce strictness of authorization check + * + * Helper function for check_nfsd_access(). Note that callers should be + * using check_nfsd_access() instead of calling this function directly. The + * one exception is __fh_verify() since it has logic that may result in one + * or both of the helpers being skipped. + * + * Return values: + * %nfs_ok if access is granted, or + * %nfserr_wrongsec if access is denied + */ +__be32 check_security_flavor(struct svc_export *exp, struct svc_rqst *rqstp, + bool may_bypass_gss) +{ + struct exp_flavor_info *f, *end = exp->ex_flavors + exp->ex_nflavors; -ok: /* legacy gss-only clients are always OK: */ if (exp->ex_client == rqstp->rq_gssclient) return nfs_ok; @@ -1167,10 +1179,30 @@ __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp, } } -denied: return nfserr_wrongsec; } +/** + * check_nfsd_access - check if access to export is allowed. + * @exp: svc_export that is being accessed. + * @rqstp: svc_rqst attempting to access @exp. + * @may_bypass_gss: reduce strictness of authorization check + * + * Return values: + * %nfs_ok if access is granted, or + * %nfserr_wrongsec if access is denied + */ +__be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp, + bool may_bypass_gss) +{ + __be32 status; + + status = check_xprtsec_policy(exp, rqstp); + if (status != nfs_ok) + return status; + return check_security_flavor(exp, rqstp, may_bypass_gss); +} + /* * Uses rq_client and rq_gssclient to find an export; uses rq_client (an * auth_unix client) if it's available and has secinfo information; diff --git a/fs/nfsd/export.h b/fs/nfsd/export.h index b9c0adb3ce09..ef5581911d5b 100644 --- a/fs/nfsd/export.h +++ b/fs/nfsd/export.h @@ -101,6 +101,9 @@ struct svc_expkey { struct svc_cred; int nfsexp_flags(struct svc_cred *cred, struct svc_export *exp); +__be32 check_xprtsec_policy(struct svc_export *exp, struct svc_rqst *rqstp); +__be32 check_security_flavor(struct svc_export *exp, struct svc_rqst *rqstp, + bool may_bypass_gss); __be32 check_nfsd_access(struct svc_export *exp, struct svc_rqst *rqstp, bool may_bypass_gss); diff --git a/fs/nfsd/nfsfh.c b/fs/nfsd/nfsfh.c index f4c2fb3dd5d0..062cfc18d8c6 100644 --- a/fs/nfsd/nfsfh.c +++ b/fs/nfsd/nfsfh.c @@ -364,10 +364,30 @@ __fh_verify(struct svc_rqst *rqstp, if (error) goto out; + /* + * If rqstp is NULL, this is a LOCALIO request which will only + * ever use a filehandle/credential pair for which access has + * been affirmed (by ACCESS or OPEN NFS requests) over the + * wire. Skip both the xprtsec policy and the security flavor + * checks. + */ + if (!rqstp) + goto check_permissions; + if ((access & NFSD_MAY_NLM) && (exp->ex_flags & NFSEXP_NOAUTHNLM)) /* NLM is allowed to fully bypass authentication */ goto out; + /* + * NLM is allowed to bypass the xprtsec policy check because lockd + * doesn't support xprtsec. + */ + if (!(access & NFSD_MAY_NLM)) { + error = check_xprtsec_policy(exp, rqstp); + if (error) + goto out; + } + if (access & NFSD_MAY_BYPASS_GSS) may_bypass_gss = true; /* @@ -379,13 +399,15 @@ __fh_verify(struct svc_rqst *rqstp, && exp->ex_path.dentry == dentry) may_bypass_gss = true; - error = check_nfsd_access(exp, rqstp, may_bypass_gss); + error = check_security_flavor(exp, rqstp, may_bypass_gss); if (error) goto out; + /* During LOCALIO call to fh_verify will be called with a NULL rqstp */ if (rqstp) svc_xprt_set_valid(rqstp->rq_xprt); +check_permissions: /* Finally, check access permissions. */ error = nfsd_permission(cred, exp, dentry, access); out:

6 days, 22 hours

3
2
0 0

FAILED: patch "[PATCH] f2fs: fix wrong block mapping for multi-devices" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 9d5c4f5c7a2c7677e1b3942772122b032c265aae # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102052-work-collected-f03f@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9d5c4f5c7a2c7677e1b3942772122b032c265aae Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim <jaegeuk(a)kernel.org> Date: Tue, 7 Oct 2025 03:32:30 +0000 Subject: [PATCH] f2fs: fix wrong block mapping for multi-devices Assuming the disk layout as below, disk0: 0 --- 0x00035abfff disk1: 0x00035ac000 --- 0x00037abfff disk2: 0x00037ac000 --- 0x00037ebfff and we want to read data from offset=13568 having len=128 across the block devices, we can illustrate the block addresses like below. 0 .. 0x00037ac000 ------------------- 0x00037ebfff, 0x00037ec000 ------- | ^ ^ ^ | fofs 0 13568 13568+128 | ------------------------------------------------------ | LBA 0x37e8aa9 0x37ebfa9 0x37ec029 --- map 0x3caa9 0x3ffa9 In this example, we should give the relative map of the target block device ranging from 0x3caa9 to 0x3ffa9 where the length should be calculated by 0x37ebfff + 1 - 0x37ebfa9. In the below equation, however, map->m_pblk was supposed to be the original address instead of the one from the target block address. - map->m_len = min(map->m_len, dev->end_blk + 1 - map->m_pblk); Cc: stable(a)vger.kernel.org Fixes: 71f2c8206202 ("f2fs: multidevice: support direct IO") Reviewed-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c index ef38e62cda8f..775aa4f63aa3 100644 --- a/fs/f2fs/data.c +++ b/fs/f2fs/data.c @@ -1497,8 +1497,8 @@ static bool f2fs_map_blocks_cached(struct inode *inode, struct f2fs_dev_info *dev = &sbi->devs[bidx]; map->m_bdev = dev->bdev; - map->m_pblk -= dev->start_blk; map->m_len = min(map->m_len, dev->end_blk + 1 - map->m_pblk); + map->m_pblk -= dev->start_blk; } else { map->m_bdev = inode->i_sb->s_bdev; }

6 days, 22 hours

2
4
0 0

, conoce mejor a tu candidato antes de contratar

by Valeria Pérez

Evaluaciones Psicométricas para RR.HH. body { margin: 0; padding: 0; font-family: Arial, Helvetica, sans-serif; font-size: 14px; color: #333; background-color: #ffffff; } table { border-spacing: 0; width: 100%; max-width: 600px; margin: auto; } td { padding: 12px 20px; } a { color: #1a73e8; text-decoration: none; } .footer { font-size: 12px; color: #888888; text-align: center; } Mejora tus procesos de selección con evaluaciones psicométricas fáciles y confiables. Hola, {{{sus_name}}} Sabemos que encontrar al candidato ideal va más allá del currículum. Por eso quiero contarte brevemente sobre PsicoSmart, una plataforma que ayuda a equipos de RR.HH. a evaluar talento con pruebas psicométricas rápidas, confiables y fáciles de aplicar. Con PsicoSmart puedes: Aplicar evaluaciones psicométricas 100% en línea. Elegir entre más de 31 pruebas psicométricas Generar reportes automáticos, visuales y fáciles de interpretar. Comparar resultados entre candidatos en segundos. Ahorrar horas valiosas del proceso de selección. Si estás buscando mejorar tus contrataciones, te lo recomiendo muchísimo. Si quieres conocer más puedes responder este correo o simplemente contactarme, mis datos están abajo. Saludos, ----------------------------- Atte.: Valeria Pérez Ciudad de México: (55) 5018 0565 WhatsApp: +52 33 1607 2089 Si no deseas recibir más correos, haz clic aquí para darte de baja. Para remover su dirección de esta lista haga <a href="https://s1.arrobamail.com/unsuscribe.php?id=yiwtsrewispooseup">click aquí</a>

6 days, 22 hours

1
0
0 0

Re: Patch "PCI/sysfs: Ensure devices are powered for config reads" has been added to the 6.6-stable tree

by Brian Norris

Hi, On Thu, Oct 16, 2025 at 03:09:27PM +0200, Greg Kroah-Hartman wrote: > > This is a note to let you know that I've just added the patch titled > > PCI/sysfs: Ensure devices are powered for config reads > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > pci-sysfs-ensure-devices-are-powered-for-config-reads.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Adding to the stable tree is good IMO, but one note about exactly how to do so below: > Wrap these access in pci_config_pm_runtime_{get,put}() like most of the > rest of the similar sysfs attributes. > > Notably, "max_link_speed" does not access config registers; it returns a > cached value since d2bd39c0456b ("PCI: Store all PCIe Supported Link > Speeds"). ^^ This note about commit d2bd39c0456b was specifically to provide hints about backporting. Without commit d2bd39c0456b, the solution is somewhat incomplete. We should either backport commit d2bd39c0456b as well, or we should adapt the change to add pci_config_pm_runtime_{get,put}() in max_link_speed_show() too. Commit d2bd39c0456b was already ported to 6.12.y, but seemingly no further. If adapting this change to pre-commit-d2bd39c0456b is better, I can submit an updated version here. Without commit d2bd39c0456b, it just means that the 'max_link_speed' sysfs attribute is still susceptible to accessing a powered-down device/link. We're in no worse state than we were without this patch. And frankly, people are not likely to notice if they haven't already, since I'd guess most systems don't suspend devices this aggressively. Brian > Fixes: 56c1af4606f0 ("PCI: Add sysfs max_link_speed/width, current_link_speed/width, etc") > Signed-off-by: Brian Norris <briannorris(a)google.com> > Signed-off-by: Brian Norris <briannorris(a)chromium.org> > Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> > Cc: stable(a)vger.kernel.org > Link: https://patch.msgid.link/20250924095711.v2.1.Ibb5b6ca1e2c059e04ec53140cd98a… > Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> > --- > drivers/pci/pci-sysfs.c | 20 +++++++++++++++++++- > 1 file changed, 19 insertions(+), 1 deletion(-) > > --- a/drivers/pci/pci-sysfs.c > +++ b/drivers/pci/pci-sysfs.c > @@ -196,8 +196,14 @@ static ssize_t max_link_width_show(struc > struct device_attribute *attr, char *buf) > { > struct pci_dev *pdev = to_pci_dev(dev); > + ssize_t ret; > > - return sysfs_emit(buf, "%u\n", pcie_get_width_cap(pdev)); > + /* We read PCI_EXP_LNKCAP, so we need the device to be accessible. */ > + pci_config_pm_runtime_get(pdev); > + ret = sysfs_emit(buf, "%u\n", pcie_get_width_cap(pdev)); > + pci_config_pm_runtime_put(pdev); > + > + return ret; > } > static DEVICE_ATTR_RO(max_link_width); > > @@ -209,7 +215,10 @@ static ssize_t current_link_speed_show(s > int err; > enum pci_bus_speed speed; > > + pci_config_pm_runtime_get(pci_dev); > err = pcie_capability_read_word(pci_dev, PCI_EXP_LNKSTA, &linkstat); > + pci_config_pm_runtime_put(pci_dev); > + > if (err) > return -EINVAL; > > @@ -226,7 +235,10 @@ static ssize_t current_link_width_show(s > u16 linkstat; > int err; > > + pci_config_pm_runtime_get(pci_dev); > err = pcie_capability_read_word(pci_dev, PCI_EXP_LNKSTA, &linkstat); > + pci_config_pm_runtime_put(pci_dev); > + > if (err) > return -EINVAL; > > @@ -242,7 +254,10 @@ static ssize_t secondary_bus_number_show > u8 sec_bus; > int err; > > + pci_config_pm_runtime_get(pci_dev); > err = pci_read_config_byte(pci_dev, PCI_SECONDARY_BUS, &sec_bus); > + pci_config_pm_runtime_put(pci_dev); > + > if (err) > return -EINVAL; > > @@ -258,7 +273,10 @@ static ssize_t subordinate_bus_number_sh > u8 sub_bus; > int err; > > + pci_config_pm_runtime_get(pci_dev); > err = pci_read_config_byte(pci_dev, PCI_SUBORDINATE_BUS, &sub_bus); > + pci_config_pm_runtime_put(pci_dev); > + > if (err) > return -EINVAL; > > > > Patches currently in stable-queue which might be from briannorris(a)google.com are > > queue-6.6/pci-sysfs-ensure-devices-are-powered-for-config-reads.patch

6 days, 22 hours

2
3
0 0

[PATCH 6.6] PCI/sysfs: Ensure devices are powered for config reads (part 2)

by Brian Norris

From: Brian Norris <briannorris(a)google.com> Commit 48991e493507 ("PCI/sysfs: Ensure devices are powered for config reads") was applied to various linux-stable trees. However, prior to 6.12.y, we do not have commit d2bd39c0456b ("PCI: Store all PCIe Supported Link Speeds"). Therefore, we also need to apply the change to max_link_speed_show(). This was pointed out here: Re: Patch "PCI/sysfs: Ensure devices are powered for config reads" has been added to the 6.6-stable tree https://lore.kernel.org/all/aPEMIreBYZ7yk3cm@google.com/ Original change description follows: The "max_link_width", "current_link_speed", "current_link_width", "secondary_bus_number", and "subordinate_bus_number" sysfs files all access config registers, but they don't check the runtime PM state. If the device is in D3cold or a parent bridge is suspended, we may see -EINVAL, bogus values, or worse, depending on implementation details. Wrap these access in pci_config_pm_runtime_{get,put}() like most of the rest of the similar sysfs attributes. Notably, "max_link_speed" does not access config registers; it returns a cached value since d2bd39c0456b ("PCI: Store all PCIe Supported Link Speeds"). Fixes: 56c1af4606f0 ("PCI: Add sysfs max_link_speed/width, current_link_speed/width, etc") Link: https://lore.kernel.org/all/aPEMIreBYZ7yk3cm@google.com/ Signed-off-by: Brian Norris <briannorris(a)google.com> Signed-off-by: Brian Norris <briannorris(a)chromium.org> Cc: stable(a)vger.kernel.org --- This patch should be applicable to any linux-stable version that has commit 48991e493507 but not d2bd39c0456b. So far, I believe that's any linux-stable branch prior to 6.12.y. I've tested this on 6.6.y. drivers/pci/pci-sysfs.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c index 449d42744d33..300caafcfa10 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -186,9 +186,15 @@ static ssize_t max_link_speed_show(struct device *dev, struct device_attribute *attr, char *buf) { struct pci_dev *pdev = to_pci_dev(dev); + ssize_t ret; + + /* We read PCI_EXP_LNKCAP, so we need the device to be accessible. */ + pci_config_pm_runtime_get(pdev); + ret = sysfs_emit(buf, "%s\n", + pci_speed_string(pcie_get_speed_cap(pdev))); + pci_config_pm_runtime_put(pdev); - return sysfs_emit(buf, "%s\n", - pci_speed_string(pcie_get_speed_cap(pdev))); + return ret; } static DEVICE_ATTR_RO(max_link_speed); -- 2.51.0.869.ge66316f041-goog

6 days, 22 hours

1
0
0 0

FAILED: patch "[PATCH] NFSD: Define a proc_layoutcommit for the FlexFiles layout" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 4b47a8601b71ad98833b447d465592d847b4dc77 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102008-childlike-sneezing-5892@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4b47a8601b71ad98833b447d465592d847b4dc77 Mon Sep 17 00:00:00 2001 From: Chuck Lever <chuck.lever(a)oracle.com> Date: Thu, 11 Sep 2025 11:12:06 -0400 Subject: [PATCH] NFSD: Define a proc_layoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout. Reported-by: Robert Morris <rtm(a)csail.mit.edu> Closes: https://lore.kernel.org/linux-nfs/152f99b2-ba35-4dec-93a9-4690e625dccd@orac… Cc: Thomas Haynes <loghyr(a)hammerspace.com> Cc: stable(a)vger.kernel.org Fixes: 9b9960a0ca47 ("nfsd: Add a super simple flex file server") Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/flexfilelayout.c b/fs/nfsd/flexfilelayout.c index c318cf74e388..0f1a35400cd5 100644 --- a/fs/nfsd/flexfilelayout.c +++ b/fs/nfsd/flexfilelayout.c @@ -125,6 +125,13 @@ nfsd4_ff_proc_getdeviceinfo(struct super_block *sb, struct svc_rqst *rqstp, return 0; } +static __be32 +nfsd4_ff_proc_layoutcommit(struct inode *inode, struct svc_rqst *rqstp, + struct nfsd4_layoutcommit *lcp) +{ + return nfs_ok; +} + const struct nfsd4_layout_ops ff_layout_ops = { .notify_types = NOTIFY_DEVICEID4_DELETE | NOTIFY_DEVICEID4_CHANGE, @@ -133,4 +140,5 @@ const struct nfsd4_layout_ops ff_layout_ops = { .encode_getdeviceinfo = nfsd4_ff_encode_getdeviceinfo, .proc_layoutget = nfsd4_ff_proc_layoutget, .encode_layoutget = nfsd4_ff_encode_layoutget, + .proc_layoutcommit = nfsd4_ff_proc_layoutcommit, };

6 days, 22 hours

2
5
0 0

FAILED: patch "[PATCH] NFSD: Define a proc_layoutcommit for the FlexFiles layout" failed to apply to 6.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.17.y git checkout FETCH_HEAD git cherry-pick -x 4b47a8601b71ad98833b447d465592d847b4dc77 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102049-comic-carpentry-952e@gregkh' --subject-prefix 'PATCH 6.17.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4b47a8601b71ad98833b447d465592d847b4dc77 Mon Sep 17 00:00:00 2001 From: Chuck Lever <chuck.lever(a)oracle.com> Date: Thu, 11 Sep 2025 11:12:06 -0400 Subject: [PATCH] NFSD: Define a proc_layoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout. Reported-by: Robert Morris <rtm(a)csail.mit.edu> Closes: https://lore.kernel.org/linux-nfs/152f99b2-ba35-4dec-93a9-4690e625dccd@orac… Cc: Thomas Haynes <loghyr(a)hammerspace.com> Cc: stable(a)vger.kernel.org Fixes: 9b9960a0ca47 ("nfsd: Add a super simple flex file server") Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/flexfilelayout.c b/fs/nfsd/flexfilelayout.c index c318cf74e388..0f1a35400cd5 100644 --- a/fs/nfsd/flexfilelayout.c +++ b/fs/nfsd/flexfilelayout.c @@ -125,6 +125,13 @@ nfsd4_ff_proc_getdeviceinfo(struct super_block *sb, struct svc_rqst *rqstp, return 0; } +static __be32 +nfsd4_ff_proc_layoutcommit(struct inode *inode, struct svc_rqst *rqstp, + struct nfsd4_layoutcommit *lcp) +{ + return nfs_ok; +} + const struct nfsd4_layout_ops ff_layout_ops = { .notify_types = NOTIFY_DEVICEID4_DELETE | NOTIFY_DEVICEID4_CHANGE, @@ -133,4 +140,5 @@ const struct nfsd4_layout_ops ff_layout_ops = { .encode_getdeviceinfo = nfsd4_ff_encode_getdeviceinfo, .proc_layoutget = nfsd4_ff_proc_layoutget, .encode_layoutget = nfsd4_ff_encode_layoutget, + .proc_layoutcommit = nfsd4_ff_proc_layoutcommit, };

6 days, 23 hours

2
3
0 0

FAILED: patch "[PATCH] ixgbevf: fix mailbox API compatibility by negotiating" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a7075f501bd33c93570af759b6f4302ef0175168 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102053-upheld-recess-9b2f@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a7075f501bd33c93570af759b6f4302ef0175168 Mon Sep 17 00:00:00 2001 From: Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> Date: Thu, 9 Oct 2025 17:03:49 -0700 Subject: [PATCH] ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfolio could easily negotiate mailbox API. This convention has been broken since introducing API 1.4. Commit 0062e7cc955e ("ixgbevf: add VF IPsec offload code") added support for IPSec which is specific only for the kernel ixgbe driver. None of the rest of the Intel 10G PF/VF drivers supports it. And actually lack of support was not included in the IPSec implementation - there were no such code paths. No possibility to negotiate support for the feature was introduced along with introduction of the feature itself. Commit 339f28964147 ("ixgbevf: Add support for new mailbox communication between PF and VF") increasing API version to 1.5 did the same - it introduced code supported specifically by the PF ESX driver. It altered API version for the VF driver in the same time not touching the version defined for the PF ixgbe driver. It led to additional discrepancies, as the code provided within API 1.6 cannot be supported for Linux ixgbe driver as it causes crashes. The issue was noticed some time ago and mitigated by Jake within the commit d0725312adf5 ("ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5"). As a result we have regression for IPsec support and after increasing API to version 1.6 ixgbevf driver stopped to support ESX MBX. To fix this mess add new mailbox op asking PF driver about supported features. Basing on a response determine whether to set support for IPSec and ESX-specific enhanced mailbox. New mailbox op, for compatibility purposes, must be added within new API revision, as API version of OOT PF & VF drivers is already increased to 1.6 and doesn't incorporate features negotiate op. Features negotiation mechanism gives possibility to be extended with new features when needed in the future. Reported-by: Jacob Keller <jacob.e.keller(a)intel.com> Closes: https://lore.kernel.org/intel-wired-lan/20241101-jk-ixgbevf-mailbox-v1-5-fi… Fixes: 0062e7cc955e ("ixgbevf: add VF IPsec offload code") Fixes: 339f28964147 ("ixgbevf: Add support for new mailbox communication between PF and VF") Reviewed-by: Jacob Keller <jacob.e.keller(a)intel.com> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> Tested-by: Rafal Romanowski <rafal.romanowski(a)intel.com> Signed-off-by: Jacob Keller <jacob.e.keller(a)intel.com> Link: https://patch.msgid.link/20251009-jk-iwl-net-2025-10-01-v3-4-ef32a425b92a@i… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/intel/ixgbevf/ipsec.c b/drivers/net/ethernet/intel/ixgbevf/ipsec.c index 65580b9cb06f..fce35924ff8b 100644 --- a/drivers/net/ethernet/intel/ixgbevf/ipsec.c +++ b/drivers/net/ethernet/intel/ixgbevf/ipsec.c @@ -273,6 +273,9 @@ static int ixgbevf_ipsec_add_sa(struct net_device *dev, adapter = netdev_priv(dev); ipsec = adapter->ipsec; + if (!(adapter->pf_features & IXGBEVF_PF_SUP_IPSEC)) + return -EOPNOTSUPP; + if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) { NL_SET_ERR_MSG_MOD(extack, "Unsupported protocol for IPsec offload"); return -EINVAL; @@ -405,6 +408,9 @@ static void ixgbevf_ipsec_del_sa(struct net_device *dev, adapter = netdev_priv(dev); ipsec = adapter->ipsec; + if (!(adapter->pf_features & IXGBEVF_PF_SUP_IPSEC)) + return; + if (xs->xso.dir == XFRM_DEV_OFFLOAD_IN) { sa_idx = xs->xso.offload_handle - IXGBE_IPSEC_BASE_RX_INDEX; @@ -612,6 +618,10 @@ void ixgbevf_init_ipsec_offload(struct ixgbevf_adapter *adapter) size_t size; switch (adapter->hw.api_version) { + case ixgbe_mbox_api_17: + if (!(adapter->pf_features & IXGBEVF_PF_SUP_IPSEC)) + return; + break; case ixgbe_mbox_api_14: break; default: diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h b/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h index 3a379e6a3a2a..039187607e98 100644 --- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h +++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h @@ -363,6 +363,13 @@ struct ixgbevf_adapter { struct ixgbe_hw hw; u16 msg_enable; + u32 pf_features; +#define IXGBEVF_PF_SUP_IPSEC BIT(0) +#define IXGBEVF_PF_SUP_ESX_MBX BIT(1) + +#define IXGBEVF_SUPPORTED_FEATURES (IXGBEVF_PF_SUP_IPSEC | \ + IXGBEVF_PF_SUP_ESX_MBX) + struct ixgbevf_hw_stats stats; unsigned long state; diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c index 92671638b428..d5ce20f47def 100644 --- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c +++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c @@ -2271,10 +2271,35 @@ static void ixgbevf_init_last_counter_stats(struct ixgbevf_adapter *adapter) adapter->stats.base_vfmprc = adapter->stats.last_vfmprc; } +/** + * ixgbevf_set_features - Set features supported by PF + * @adapter: pointer to the adapter struct + * + * Negotiate with PF supported features and then set pf_features accordingly. + */ +static void ixgbevf_set_features(struct ixgbevf_adapter *adapter) +{ + u32 *pf_features = &adapter->pf_features; + struct ixgbe_hw *hw = &adapter->hw; + int err; + + err = hw->mac.ops.negotiate_features(hw, pf_features); + if (err && err != -EOPNOTSUPP) + netdev_dbg(adapter->netdev, + "PF feature negotiation failed.\n"); + + /* Address also pre API 1.7 cases */ + if (hw->api_version == ixgbe_mbox_api_14) + *pf_features |= IXGBEVF_PF_SUP_IPSEC; + else if (hw->api_version == ixgbe_mbox_api_15) + *pf_features |= IXGBEVF_PF_SUP_ESX_MBX; +} + static void ixgbevf_negotiate_api(struct ixgbevf_adapter *adapter) { struct ixgbe_hw *hw = &adapter->hw; static const int api[] = { + ixgbe_mbox_api_17, ixgbe_mbox_api_16, ixgbe_mbox_api_15, ixgbe_mbox_api_14, @@ -2295,8 +2320,9 @@ static void ixgbevf_negotiate_api(struct ixgbevf_adapter *adapter) idx++; } - /* Following is not supported by API 1.6, it is specific for 1.5 */ - if (hw->api_version == ixgbe_mbox_api_15) { + ixgbevf_set_features(adapter); + + if (adapter->pf_features & IXGBEVF_PF_SUP_ESX_MBX) { hw->mbx.ops.init_params(hw); memcpy(&hw->mbx.ops, &ixgbevf_mbx_ops, sizeof(struct ixgbe_mbx_operations)); @@ -2654,6 +2680,7 @@ static void ixgbevf_set_num_queues(struct ixgbevf_adapter *adapter) case ixgbe_mbox_api_14: case ixgbe_mbox_api_15: case ixgbe_mbox_api_16: + case ixgbe_mbox_api_17: if (adapter->xdp_prog && hw->mac.max_tx_queues == rss) rss = rss > 3 ? 2 : 1; @@ -4649,6 +4676,7 @@ static int ixgbevf_probe(struct pci_dev *pdev, const struct pci_device_id *ent) case ixgbe_mbox_api_14: case ixgbe_mbox_api_15: case ixgbe_mbox_api_16: + case ixgbe_mbox_api_17: netdev->max_mtu = IXGBE_MAX_JUMBO_FRAME_SIZE - (ETH_HLEN + ETH_FCS_LEN); break; diff --git a/drivers/net/ethernet/intel/ixgbevf/mbx.h b/drivers/net/ethernet/intel/ixgbevf/mbx.h index c1494fd1f67b..a8ed23ee66aa 100644 --- a/drivers/net/ethernet/intel/ixgbevf/mbx.h +++ b/drivers/net/ethernet/intel/ixgbevf/mbx.h @@ -67,6 +67,7 @@ enum ixgbe_pfvf_api_rev { ixgbe_mbox_api_14, /* API version 1.4, linux/freebsd VF driver */ ixgbe_mbox_api_15, /* API version 1.5, linux/freebsd VF driver */ ixgbe_mbox_api_16, /* API version 1.6, linux/freebsd VF driver */ + ixgbe_mbox_api_17, /* API version 1.7, linux/freebsd VF driver */ /* This value should always be last */ ixgbe_mbox_api_unknown, /* indicates that API version is not known */ }; @@ -106,6 +107,9 @@ enum ixgbe_pfvf_api_rev { /* mailbox API, version 1.6 VF requests */ #define IXGBE_VF_GET_PF_LINK_STATE 0x11 /* request PF to send link info */ +/* mailbox API, version 1.7 VF requests */ +#define IXGBE_VF_FEATURES_NEGOTIATE 0x12 /* get features supported by PF*/ + /* length of permanent address message returned from PF */ #define IXGBE_VF_PERMADDR_MSG_LEN 4 /* word in permanent address message with the current multicast type */ diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.c b/drivers/net/ethernet/intel/ixgbevf/vf.c index f05246fb5a74..74d320879513 100644 --- a/drivers/net/ethernet/intel/ixgbevf/vf.c +++ b/drivers/net/ethernet/intel/ixgbevf/vf.c @@ -313,6 +313,7 @@ int ixgbevf_get_reta_locked(struct ixgbe_hw *hw, u32 *reta, int num_rx_queues) * is not supported for this device type. */ switch (hw->api_version) { + case ixgbe_mbox_api_17: case ixgbe_mbox_api_16: case ixgbe_mbox_api_15: case ixgbe_mbox_api_14: @@ -383,6 +384,7 @@ int ixgbevf_get_rss_key_locked(struct ixgbe_hw *hw, u8 *rss_key) * or if the operation is not supported for this device type. */ switch (hw->api_version) { + case ixgbe_mbox_api_17: case ixgbe_mbox_api_16: case ixgbe_mbox_api_15: case ixgbe_mbox_api_14: @@ -555,6 +557,7 @@ static s32 ixgbevf_update_xcast_mode(struct ixgbe_hw *hw, int xcast_mode) case ixgbe_mbox_api_14: case ixgbe_mbox_api_15: case ixgbe_mbox_api_16: + case ixgbe_mbox_api_17: break; default: return -EOPNOTSUPP; @@ -646,6 +649,7 @@ static int ixgbevf_get_pf_link_state(struct ixgbe_hw *hw, ixgbe_link_speed *spee switch (hw->api_version) { case ixgbe_mbox_api_16: + case ixgbe_mbox_api_17: break; default: return -EOPNOTSUPP; @@ -669,6 +673,42 @@ static int ixgbevf_get_pf_link_state(struct ixgbe_hw *hw, ixgbe_link_speed *spee return err; } +/** + * ixgbevf_negotiate_features_vf - negotiate supported features with PF driver + * @hw: pointer to the HW structure + * @pf_features: bitmask of features supported by PF + * + * Return: IXGBE_ERR_MBX in the case of mailbox error, + * -EOPNOTSUPP if the op is not supported or 0 on success. + */ +static int ixgbevf_negotiate_features_vf(struct ixgbe_hw *hw, u32 *pf_features) +{ + u32 msgbuf[2] = {}; + int err; + + switch (hw->api_version) { + case ixgbe_mbox_api_17: + break; + default: + return -EOPNOTSUPP; + } + + msgbuf[0] = IXGBE_VF_FEATURES_NEGOTIATE; + msgbuf[1] = IXGBEVF_SUPPORTED_FEATURES; + + err = ixgbevf_write_msg_read_ack(hw, msgbuf, msgbuf, + ARRAY_SIZE(msgbuf)); + + if (err || (msgbuf[0] & IXGBE_VT_MSGTYPE_FAILURE)) { + err = IXGBE_ERR_MBX; + *pf_features = 0x0; + } else { + *pf_features = msgbuf[1]; + } + + return err; +} + /** * ixgbevf_set_vfta_vf - Set/Unset VLAN filter table address * @hw: pointer to the HW structure @@ -799,6 +839,7 @@ static s32 ixgbevf_check_mac_link_vf(struct ixgbe_hw *hw, bool *link_up, bool autoneg_wait_to_complete) { + struct ixgbevf_adapter *adapter = hw->back; struct ixgbe_mbx_info *mbx = &hw->mbx; struct ixgbe_mac_info *mac = &hw->mac; s32 ret_val = 0; @@ -825,7 +866,7 @@ static s32 ixgbevf_check_mac_link_vf(struct ixgbe_hw *hw, * until we are called again and don't report an error */ if (mbx->ops.read(hw, &in_msg, 1)) { - if (hw->api_version >= ixgbe_mbox_api_15) + if (adapter->pf_features & IXGBEVF_PF_SUP_ESX_MBX) mac->get_link_status = false; goto out; } @@ -1026,6 +1067,7 @@ int ixgbevf_get_queues(struct ixgbe_hw *hw, unsigned int *num_tcs, case ixgbe_mbox_api_14: case ixgbe_mbox_api_15: case ixgbe_mbox_api_16: + case ixgbe_mbox_api_17: break; default: return 0; @@ -1080,6 +1122,7 @@ static const struct ixgbe_mac_operations ixgbevf_mac_ops = { .setup_link = ixgbevf_setup_mac_link_vf, .check_link = ixgbevf_check_mac_link_vf, .negotiate_api_version = ixgbevf_negotiate_api_version_vf, + .negotiate_features = ixgbevf_negotiate_features_vf, .set_rar = ixgbevf_set_rar_vf, .update_mc_addr_list = ixgbevf_update_mc_addr_list_vf, .update_xcast_mode = ixgbevf_update_xcast_mode, diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.h b/drivers/net/ethernet/intel/ixgbevf/vf.h index 2d791bc26ae4..4f19b8900c29 100644 --- a/drivers/net/ethernet/intel/ixgbevf/vf.h +++ b/drivers/net/ethernet/intel/ixgbevf/vf.h @@ -26,6 +26,7 @@ struct ixgbe_mac_operations { s32 (*stop_adapter)(struct ixgbe_hw *); s32 (*get_bus_info)(struct ixgbe_hw *); s32 (*negotiate_api_version)(struct ixgbe_hw *hw, int api); + int (*negotiate_features)(struct ixgbe_hw *hw, u32 *pf_features); /* Link */ s32 (*setup_link)(struct ixgbe_hw *, ixgbe_link_speed, bool, bool);

6 days, 23 hours

2
4
0 0

[PATCH v2 1/1] selftest/sched: skip the test if smt is not enabled

by Yifei Liu

The core scheduling is for smt enabled cpus. It is not returns failure and gives plenty of error messages and not clearly points to the smt issue if the smt is disabled. It just mention "not a core sched system" and many other messages. For example: Not a core sched system tid=210574, / tgid=210574 / pgid=210574: ffffffffffffffff Not a core sched system tid=210575, / tgid=210575 / pgid=210574: ffffffffffffffff Not a core sched system tid=210577, / tgid=210575 / pgid=210574: ffffffffffffffff (similar things many other times) In this patch, the test will first read /sys/devices/system/cpu/smt/active, if the file cannot be opened or its value is 0, the test is skipped with an explanatory message. This helps developers understand why it is skipped and avoids unnecessary attention when running the full selftest suite. Cc: stable(a)vger.kernel.org Signed-off-by: Yifei Liu <yifei.l.liu(a)oracle.com> --- tools/testing/selftests/sched/cs_prctl_test.c | 23 ++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/sched/cs_prctl_test.c b/tools/testing/selftests/sched/cs_prctl_test.c index 52d97fae4dbd..7ce8088cde6a 100644 --- a/tools/testing/selftests/sched/cs_prctl_test.c +++ b/tools/testing/selftests/sched/cs_prctl_test.c @@ -32,6 +32,8 @@ #include <stdlib.h> #include <string.h> +#include "../kselftest.h" + #if __GLIBC_PREREQ(2, 30) == 0 #include <sys/syscall.h> static pid_t gettid(void) @@ -109,6 +111,22 @@ static void handle_usage(int rc, char *msg) exit(rc); } +int check_smt(void) +{ + int c = 0; + FILE *file; + + file = fopen("/sys/devices/system/cpu/smt/active", "r"); + if (!file) + return 0; + c = fgetc(file) - 0x30; + fclose(file); + if (c == 0 || c == 1) + return c; + //if fgetc returns EOF or -1 for correupted files, return 0. + return 0; +} + static unsigned long get_cs_cookie(int pid) { unsigned long long cookie; @@ -271,7 +289,10 @@ int main(int argc, char *argv[]) delay = -1; srand(time(NULL)); - + if (!check_smt()) { + ksft_test_result_skip("smt not enabled\n"); + return 1; + } /* put into separate process group */ if (setpgid(0, 0) != 0) handle_error("process group"); -- 2.50.1

1 week

1
0
0 0

[PATCH v1 1/3] PCI: Allow per function PCI slots

by Farhan Ali

On s390 systems, which use a machine level hypervisor, PCI devices are always accessed through a form of PCI pass-through which fundamentally operates on a per PCI function granularity. This is also reflected in the s390 PCI hotplug driver which creates hotplug slots for individual PCI functions. Its reset_slot() function, which is a wrapper for zpci_hot_reset_device(), thus also resets individual functions. Currently, the kernel's PCI_SLOT() macro assigns the same pci_slot object to multifunction devices. This approach worked fine on s390 systems that only exposed virtual functions as individual PCI domains to the operating system. Since commit 44510d6fa0c0 ("s390/pci: Handling multifunctions") s390 supports exposing the topology of multifunction PCI devices by grouping them in a shared PCI domain. When attempting to reset a function through the hotplug driver, the shared slot assignment causes the wrong function to be reset instead of the intended one. It also leaks memory as we do create a pci_slot object for the function, but don't correctly free it in pci_slot_release(). Add a flag for struct pci_slot to allow per function PCI slots for functions managed through a hypervisor, which exposes individual PCI functions while retaining the topology. Fixes: 44510d6fa0c0 ("s390/pci: Handling multifunctions") Cc: stable(a)vger.kernel.org Suggested-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Reviewed-by: Benjamin Block <bblock(a)linux.ibm.com> Signed-off-by: Farhan Ali <alifm(a)linux.ibm.com> --- drivers/pci/hotplug/s390_pci_hpc.c | 10 ++++++++-- drivers/pci/pci.c | 5 +++-- drivers/pci/slot.c | 14 +++++++++++--- include/linux/pci.h | 1 + 4 files changed, 23 insertions(+), 7 deletions(-) diff --git a/drivers/pci/hotplug/s390_pci_hpc.c b/drivers/pci/hotplug/s390_pci_hpc.c index d9996516f49e..8b547de464bf 100644 --- a/drivers/pci/hotplug/s390_pci_hpc.c +++ b/drivers/pci/hotplug/s390_pci_hpc.c @@ -126,14 +126,20 @@ static const struct hotplug_slot_ops s390_hotplug_slot_ops = { int zpci_init_slot(struct zpci_dev *zdev) { + int ret; char name[SLOT_NAME_SIZE]; struct zpci_bus *zbus = zdev->zbus; zdev->hotplug_slot.ops = &s390_hotplug_slot_ops; snprintf(name, SLOT_NAME_SIZE, "%08x", zdev->fid); - return pci_hp_register(&zdev->hotplug_slot, zbus->bus, - zdev->devfn, name); + ret = pci_hp_register(&zdev->hotplug_slot, zbus->bus, + zdev->devfn, name); + if (ret) + return ret; + + zdev->hotplug_slot.pci_slot->per_func_slot = 1; + return 0; } void zpci_exit_slot(struct zpci_dev *zdev) diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index b14dd064006c..36ee38e0d817 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -4980,8 +4980,9 @@ static int pci_reset_hotplug_slot(struct hotplug_slot *hotplug, bool probe) static int pci_dev_reset_slot_function(struct pci_dev *dev, bool probe) { - if (dev->multifunction || dev->subordinate || !dev->slot || - dev->dev_flags & PCI_DEV_FLAGS_NO_BUS_RESET) + if (dev->subordinate || !dev->slot || + dev->dev_flags & PCI_DEV_FLAGS_NO_BUS_RESET || + (dev->multifunction && !dev->slot->per_func_slot)) return -ENOTTY; return pci_reset_hotplug_slot(dev->slot->hotplug, probe); diff --git a/drivers/pci/slot.c b/drivers/pci/slot.c index 50fb3eb595fe..51ee59e14393 100644 --- a/drivers/pci/slot.c +++ b/drivers/pci/slot.c @@ -63,6 +63,14 @@ static ssize_t cur_speed_read_file(struct pci_slot *slot, char *buf) return bus_speed_read(slot->bus->cur_bus_speed, buf); } +static bool pci_dev_matches_slot(struct pci_dev *dev, struct pci_slot *slot) +{ + if (slot->per_func_slot) + return dev->devfn == slot->number; + + return PCI_SLOT(dev->devfn) == slot->number; +} + static void pci_slot_release(struct kobject *kobj) { struct pci_dev *dev; @@ -73,7 +81,7 @@ static void pci_slot_release(struct kobject *kobj) down_read(&pci_bus_sem); list_for_each_entry(dev, &slot->bus->devices, bus_list) - if (PCI_SLOT(dev->devfn) == slot->number) + if (pci_dev_matches_slot(dev, slot)) dev->slot = NULL; up_read(&pci_bus_sem); @@ -166,7 +174,7 @@ void pci_dev_assign_slot(struct pci_dev *dev) mutex_lock(&pci_slot_mutex); list_for_each_entry(slot, &dev->bus->slots, list) - if (PCI_SLOT(dev->devfn) == slot->number) + if (pci_dev_matches_slot(dev, slot)) dev->slot = slot; mutex_unlock(&pci_slot_mutex); } @@ -285,7 +293,7 @@ struct pci_slot *pci_create_slot(struct pci_bus *parent, int slot_nr, down_read(&pci_bus_sem); list_for_each_entry(dev, &parent->devices, bus_list) - if (PCI_SLOT(dev->devfn) == slot_nr) + if (pci_dev_matches_slot(dev, slot)) dev->slot = slot; up_read(&pci_bus_sem); diff --git a/include/linux/pci.h b/include/linux/pci.h index d1fdf81fbe1e..6ad194597ab5 100644 --- a/include/linux/pci.h +++ b/include/linux/pci.h @@ -78,6 +78,7 @@ struct pci_slot { struct list_head list; /* Node in list of slots */ struct hotplug_slot *hotplug; /* Hotplug info (move here) */ unsigned char number; /* PCI_SLOT(pci_dev->devfn) */ + unsigned int per_func_slot:1; /* Allow per function slot */ struct kobject kobj; }; -- 2.43.0

1 week

1
0
0 0

FAILED: patch "[PATCH] xfs: use deferred intent items for reaping crosslinked blocks" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x cd32a0c0dcdf634f2e0e71f41c272e19dece6264 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101603-parasitic-impatient-2d2b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cd32a0c0dcdf634f2e0e71f41c272e19dece6264 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Tue, 8 Apr 2025 16:14:32 -0700 Subject: [PATCH] xfs: use deferred intent items for reaping crosslinked blocks When we're removing rmap records for crosslinked blocks, use deferred intent items so that we can try to free/unmap as many of the old data structure's blocks as we can in the same transaction as the commit. Cc: <stable(a)vger.kernel.org> # v6.6 Fixes: 1c7ce115e52106 ("xfs: reap large AG metadata extents when possible") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/scrub/reap.c b/fs/xfs/scrub/reap.c index 8703897c0a9c..86d3d104b8d9 100644 --- a/fs/xfs/scrub/reap.c +++ b/fs/xfs/scrub/reap.c @@ -416,8 +416,6 @@ xreap_agextent_iter( trace_xreap_dispose_unmap_extent(pag_group(sc->sa.pag), agbno, *aglenp); - rs->force_roll = true; - if (rs->oinfo == &XFS_RMAP_OINFO_COW) { /* * If we're unmapping CoW staging extents, remove the @@ -426,11 +424,14 @@ xreap_agextent_iter( */ xfs_refcount_free_cow_extent(sc->tp, false, fsbno, *aglenp); + rs->force_roll = true; return 0; } - return xfs_rmap_free(sc->tp, sc->sa.agf_bp, sc->sa.pag, agbno, - *aglenp, rs->oinfo); + xfs_rmap_free_extent(sc->tp, false, fsbno, *aglenp, + rs->oinfo->oi_owner); + rs->deferred++; + return 0; } trace_xreap_dispose_free_extent(pag_group(sc->sa.pag), agbno, *aglenp);

1 week

3
2
0 0

FAILED: patch "[PATCH] ixgbevf: fix mailbox API compatibility by negotiating" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x a7075f501bd33c93570af759b6f4302ef0175168 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102051-bonded-proofread-bd52@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a7075f501bd33c93570af759b6f4302ef0175168 Mon Sep 17 00:00:00 2001 From: Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> Date: Thu, 9 Oct 2025 17:03:49 -0700 Subject: [PATCH] ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfolio could easily negotiate mailbox API. This convention has been broken since introducing API 1.4. Commit 0062e7cc955e ("ixgbevf: add VF IPsec offload code") added support for IPSec which is specific only for the kernel ixgbe driver. None of the rest of the Intel 10G PF/VF drivers supports it. And actually lack of support was not included in the IPSec implementation - there were no such code paths. No possibility to negotiate support for the feature was introduced along with introduction of the feature itself. Commit 339f28964147 ("ixgbevf: Add support for new mailbox communication between PF and VF") increasing API version to 1.5 did the same - it introduced code supported specifically by the PF ESX driver. It altered API version for the VF driver in the same time not touching the version defined for the PF ixgbe driver. It led to additional discrepancies, as the code provided within API 1.6 cannot be supported for Linux ixgbe driver as it causes crashes. The issue was noticed some time ago and mitigated by Jake within the commit d0725312adf5 ("ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5"). As a result we have regression for IPsec support and after increasing API to version 1.6 ixgbevf driver stopped to support ESX MBX. To fix this mess add new mailbox op asking PF driver about supported features. Basing on a response determine whether to set support for IPSec and ESX-specific enhanced mailbox. New mailbox op, for compatibility purposes, must be added within new API revision, as API version of OOT PF & VF drivers is already increased to 1.6 and doesn't incorporate features negotiate op. Features negotiation mechanism gives possibility to be extended with new features when needed in the future. Reported-by: Jacob Keller <jacob.e.keller(a)intel.com> Closes: https://lore.kernel.org/intel-wired-lan/20241101-jk-ixgbevf-mailbox-v1-5-fi… Fixes: 0062e7cc955e ("ixgbevf: add VF IPsec offload code") Fixes: 339f28964147 ("ixgbevf: Add support for new mailbox communication between PF and VF") Reviewed-by: Jacob Keller <jacob.e.keller(a)intel.com> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> Tested-by: Rafal Romanowski <rafal.romanowski(a)intel.com> Signed-off-by: Jacob Keller <jacob.e.keller(a)intel.com> Link: https://patch.msgid.link/20251009-jk-iwl-net-2025-10-01-v3-4-ef32a425b92a@i… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/intel/ixgbevf/ipsec.c b/drivers/net/ethernet/intel/ixgbevf/ipsec.c index 65580b9cb06f..fce35924ff8b 100644 --- a/drivers/net/ethernet/intel/ixgbevf/ipsec.c +++ b/drivers/net/ethernet/intel/ixgbevf/ipsec.c @@ -273,6 +273,9 @@ static int ixgbevf_ipsec_add_sa(struct net_device *dev, adapter = netdev_priv(dev); ipsec = adapter->ipsec; + if (!(adapter->pf_features & IXGBEVF_PF_SUP_IPSEC)) + return -EOPNOTSUPP; + if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) { NL_SET_ERR_MSG_MOD(extack, "Unsupported protocol for IPsec offload"); return -EINVAL; @@ -405,6 +408,9 @@ static void ixgbevf_ipsec_del_sa(struct net_device *dev, adapter = netdev_priv(dev); ipsec = adapter->ipsec; + if (!(adapter->pf_features & IXGBEVF_PF_SUP_IPSEC)) + return; + if (xs->xso.dir == XFRM_DEV_OFFLOAD_IN) { sa_idx = xs->xso.offload_handle - IXGBE_IPSEC_BASE_RX_INDEX; @@ -612,6 +618,10 @@ void ixgbevf_init_ipsec_offload(struct ixgbevf_adapter *adapter) size_t size; switch (adapter->hw.api_version) { + case ixgbe_mbox_api_17: + if (!(adapter->pf_features & IXGBEVF_PF_SUP_IPSEC)) + return; + break; case ixgbe_mbox_api_14: break; default: diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h b/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h index 3a379e6a3a2a..039187607e98 100644 --- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h +++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h @@ -363,6 +363,13 @@ struct ixgbevf_adapter { struct ixgbe_hw hw; u16 msg_enable; + u32 pf_features; +#define IXGBEVF_PF_SUP_IPSEC BIT(0) +#define IXGBEVF_PF_SUP_ESX_MBX BIT(1) + +#define IXGBEVF_SUPPORTED_FEATURES (IXGBEVF_PF_SUP_IPSEC | \ + IXGBEVF_PF_SUP_ESX_MBX) + struct ixgbevf_hw_stats stats; unsigned long state; diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c index 92671638b428..d5ce20f47def 100644 --- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c +++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c @@ -2271,10 +2271,35 @@ static void ixgbevf_init_last_counter_stats(struct ixgbevf_adapter *adapter) adapter->stats.base_vfmprc = adapter->stats.last_vfmprc; } +/** + * ixgbevf_set_features - Set features supported by PF + * @adapter: pointer to the adapter struct + * + * Negotiate with PF supported features and then set pf_features accordingly. + */ +static void ixgbevf_set_features(struct ixgbevf_adapter *adapter) +{ + u32 *pf_features = &adapter->pf_features; + struct ixgbe_hw *hw = &adapter->hw; + int err; + + err = hw->mac.ops.negotiate_features(hw, pf_features); + if (err && err != -EOPNOTSUPP) + netdev_dbg(adapter->netdev, + "PF feature negotiation failed.\n"); + + /* Address also pre API 1.7 cases */ + if (hw->api_version == ixgbe_mbox_api_14) + *pf_features |= IXGBEVF_PF_SUP_IPSEC; + else if (hw->api_version == ixgbe_mbox_api_15) + *pf_features |= IXGBEVF_PF_SUP_ESX_MBX; +} + static void ixgbevf_negotiate_api(struct ixgbevf_adapter *adapter) { struct ixgbe_hw *hw = &adapter->hw; static const int api[] = { + ixgbe_mbox_api_17, ixgbe_mbox_api_16, ixgbe_mbox_api_15, ixgbe_mbox_api_14, @@ -2295,8 +2320,9 @@ static void ixgbevf_negotiate_api(struct ixgbevf_adapter *adapter) idx++; } - /* Following is not supported by API 1.6, it is specific for 1.5 */ - if (hw->api_version == ixgbe_mbox_api_15) { + ixgbevf_set_features(adapter); + + if (adapter->pf_features & IXGBEVF_PF_SUP_ESX_MBX) { hw->mbx.ops.init_params(hw); memcpy(&hw->mbx.ops, &ixgbevf_mbx_ops, sizeof(struct ixgbe_mbx_operations)); @@ -2654,6 +2680,7 @@ static void ixgbevf_set_num_queues(struct ixgbevf_adapter *adapter) case ixgbe_mbox_api_14: case ixgbe_mbox_api_15: case ixgbe_mbox_api_16: + case ixgbe_mbox_api_17: if (adapter->xdp_prog && hw->mac.max_tx_queues == rss) rss = rss > 3 ? 2 : 1; @@ -4649,6 +4676,7 @@ static int ixgbevf_probe(struct pci_dev *pdev, const struct pci_device_id *ent) case ixgbe_mbox_api_14: case ixgbe_mbox_api_15: case ixgbe_mbox_api_16: + case ixgbe_mbox_api_17: netdev->max_mtu = IXGBE_MAX_JUMBO_FRAME_SIZE - (ETH_HLEN + ETH_FCS_LEN); break; diff --git a/drivers/net/ethernet/intel/ixgbevf/mbx.h b/drivers/net/ethernet/intel/ixgbevf/mbx.h index c1494fd1f67b..a8ed23ee66aa 100644 --- a/drivers/net/ethernet/intel/ixgbevf/mbx.h +++ b/drivers/net/ethernet/intel/ixgbevf/mbx.h @@ -67,6 +67,7 @@ enum ixgbe_pfvf_api_rev { ixgbe_mbox_api_14, /* API version 1.4, linux/freebsd VF driver */ ixgbe_mbox_api_15, /* API version 1.5, linux/freebsd VF driver */ ixgbe_mbox_api_16, /* API version 1.6, linux/freebsd VF driver */ + ixgbe_mbox_api_17, /* API version 1.7, linux/freebsd VF driver */ /* This value should always be last */ ixgbe_mbox_api_unknown, /* indicates that API version is not known */ }; @@ -106,6 +107,9 @@ enum ixgbe_pfvf_api_rev { /* mailbox API, version 1.6 VF requests */ #define IXGBE_VF_GET_PF_LINK_STATE 0x11 /* request PF to send link info */ +/* mailbox API, version 1.7 VF requests */ +#define IXGBE_VF_FEATURES_NEGOTIATE 0x12 /* get features supported by PF*/ + /* length of permanent address message returned from PF */ #define IXGBE_VF_PERMADDR_MSG_LEN 4 /* word in permanent address message with the current multicast type */ diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.c b/drivers/net/ethernet/intel/ixgbevf/vf.c index f05246fb5a74..74d320879513 100644 --- a/drivers/net/ethernet/intel/ixgbevf/vf.c +++ b/drivers/net/ethernet/intel/ixgbevf/vf.c @@ -313,6 +313,7 @@ int ixgbevf_get_reta_locked(struct ixgbe_hw *hw, u32 *reta, int num_rx_queues) * is not supported for this device type. */ switch (hw->api_version) { + case ixgbe_mbox_api_17: case ixgbe_mbox_api_16: case ixgbe_mbox_api_15: case ixgbe_mbox_api_14: @@ -383,6 +384,7 @@ int ixgbevf_get_rss_key_locked(struct ixgbe_hw *hw, u8 *rss_key) * or if the operation is not supported for this device type. */ switch (hw->api_version) { + case ixgbe_mbox_api_17: case ixgbe_mbox_api_16: case ixgbe_mbox_api_15: case ixgbe_mbox_api_14: @@ -555,6 +557,7 @@ static s32 ixgbevf_update_xcast_mode(struct ixgbe_hw *hw, int xcast_mode) case ixgbe_mbox_api_14: case ixgbe_mbox_api_15: case ixgbe_mbox_api_16: + case ixgbe_mbox_api_17: break; default: return -EOPNOTSUPP; @@ -646,6 +649,7 @@ static int ixgbevf_get_pf_link_state(struct ixgbe_hw *hw, ixgbe_link_speed *spee switch (hw->api_version) { case ixgbe_mbox_api_16: + case ixgbe_mbox_api_17: break; default: return -EOPNOTSUPP; @@ -669,6 +673,42 @@ static int ixgbevf_get_pf_link_state(struct ixgbe_hw *hw, ixgbe_link_speed *spee return err; } +/** + * ixgbevf_negotiate_features_vf - negotiate supported features with PF driver + * @hw: pointer to the HW structure + * @pf_features: bitmask of features supported by PF + * + * Return: IXGBE_ERR_MBX in the case of mailbox error, + * -EOPNOTSUPP if the op is not supported or 0 on success. + */ +static int ixgbevf_negotiate_features_vf(struct ixgbe_hw *hw, u32 *pf_features) +{ + u32 msgbuf[2] = {}; + int err; + + switch (hw->api_version) { + case ixgbe_mbox_api_17: + break; + default: + return -EOPNOTSUPP; + } + + msgbuf[0] = IXGBE_VF_FEATURES_NEGOTIATE; + msgbuf[1] = IXGBEVF_SUPPORTED_FEATURES; + + err = ixgbevf_write_msg_read_ack(hw, msgbuf, msgbuf, + ARRAY_SIZE(msgbuf)); + + if (err || (msgbuf[0] & IXGBE_VT_MSGTYPE_FAILURE)) { + err = IXGBE_ERR_MBX; + *pf_features = 0x0; + } else { + *pf_features = msgbuf[1]; + } + + return err; +} + /** * ixgbevf_set_vfta_vf - Set/Unset VLAN filter table address * @hw: pointer to the HW structure @@ -799,6 +839,7 @@ static s32 ixgbevf_check_mac_link_vf(struct ixgbe_hw *hw, bool *link_up, bool autoneg_wait_to_complete) { + struct ixgbevf_adapter *adapter = hw->back; struct ixgbe_mbx_info *mbx = &hw->mbx; struct ixgbe_mac_info *mac = &hw->mac; s32 ret_val = 0; @@ -825,7 +866,7 @@ static s32 ixgbevf_check_mac_link_vf(struct ixgbe_hw *hw, * until we are called again and don't report an error */ if (mbx->ops.read(hw, &in_msg, 1)) { - if (hw->api_version >= ixgbe_mbox_api_15) + if (adapter->pf_features & IXGBEVF_PF_SUP_ESX_MBX) mac->get_link_status = false; goto out; } @@ -1026,6 +1067,7 @@ int ixgbevf_get_queues(struct ixgbe_hw *hw, unsigned int *num_tcs, case ixgbe_mbox_api_14: case ixgbe_mbox_api_15: case ixgbe_mbox_api_16: + case ixgbe_mbox_api_17: break; default: return 0; @@ -1080,6 +1122,7 @@ static const struct ixgbe_mac_operations ixgbevf_mac_ops = { .setup_link = ixgbevf_setup_mac_link_vf, .check_link = ixgbevf_check_mac_link_vf, .negotiate_api_version = ixgbevf_negotiate_api_version_vf, + .negotiate_features = ixgbevf_negotiate_features_vf, .set_rar = ixgbevf_set_rar_vf, .update_mc_addr_list = ixgbevf_update_mc_addr_list_vf, .update_xcast_mode = ixgbevf_update_xcast_mode, diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.h b/drivers/net/ethernet/intel/ixgbevf/vf.h index 2d791bc26ae4..4f19b8900c29 100644 --- a/drivers/net/ethernet/intel/ixgbevf/vf.h +++ b/drivers/net/ethernet/intel/ixgbevf/vf.h @@ -26,6 +26,7 @@ struct ixgbe_mac_operations { s32 (*stop_adapter)(struct ixgbe_hw *); s32 (*get_bus_info)(struct ixgbe_hw *); s32 (*negotiate_api_version)(struct ixgbe_hw *hw, int api); + int (*negotiate_features)(struct ixgbe_hw *hw, u32 *pf_features); /* Link */ s32 (*setup_link)(struct ixgbe_hw *, ixgbe_link_speed, bool, bool);

1 week

2
4
0 0

[PATCH 6.1 v2 00/10] fix invalid sleeping in detect_cache_attributes()

by Wen Yang

commit 3fcbf1c77d08 ("arch_topology: Fix cache attributes detection in the CPU hotplug path") adds a call to detect_cache_attributes() to populate the cacheinfo before updating the siblings mask. detect_cache_attributes() allocates memory and can take the PPTT mutex (on ACPI platforms). On PREEMPT_RT kernels, on secondary CPUs, this triggers a: 'BUG: sleeping function called from invalid context' as the code is executed with preemption and interrupts disabled: | BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46 | in_atomic(): 1, irqs_disabled(): 128, non_block: 0, pid: 0, name: swapper/111 | preempt_count: 1, expected: 0 | RCU nest depth: 1, expected: 1 | 3 locks held by swapper/111/0: | #0: (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x218/0x12c8 | #1: (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x48/0xf0 | #2: (&zone->lock){+.+.}-{3:3}, at: rmqueue_bulk+0x64/0xa80 | irq event stamp: 0 | hardirqs last enabled at (0): 0x0 | hardirqs last disabled at (0): copy_process+0x5dc/0x1ab8 | softirqs last enabled at (0): copy_process+0x5dc/0x1ab8 | softirqs last disabled at (0): 0x0 | Preemption disabled at: | migrate_enable+0x30/0x130 | CPU: 111 PID: 0 Comm: swapper/111 Tainted: G W 6.0.0-rc4-rt6-[...] | Call trace: | __kmalloc+0xbc/0x1e8 | detect_cache_attributes+0x2d4/0x5f0 | update_siblings_masks+0x30/0x368 | store_cpu_topology+0x78/0xb8 | secondary_start_kernel+0xd0/0x198 | __secondary_switched+0xb0/0xb4 Pierre fixed this issue in the upstream 6.3 and the original series is follows: https://lore.kernel.org/all/167404285593.885445.6219705651301997538.b4-ty@a… We also encountered the same issue on 6.1 stable branch, and need to backport this series: cacheinfo: Use RISC-V's init_cache_level() as generic OF implementation cacheinfo: Return error code in init_of_cache_level() cacheinfo: Check 'cache-unified' property to count cache leaves ACPI: PPTT: Remove acpi_find_cache_levels() ACPI: PPTT: Update acpi_find_last_cache_level() to acpi_get_cache_info() arch_topology: Build cacheinfo from primary CPU And there was a non-trivial number of follow-on fixes for patches in this series, as pointed out by Greg in the 6.1.156-RC1 review: cacheinfo: Initialize variables in fetch_cache_info() cacheinfo: Fix LLC is not exported through sysfs drivers: base: cacheinfo: Update cpu_map_populated during CPU Hotplug Finally, Jon discovered an issue in the Tegra platform caused by these patches: https://lore.kernel.org/all/046f08cb-0610-48c9-af24-4804367df177@nvidia.com/ So we also need to backport the following patch: arm64: tegra: Update cache properties K Prateek Nayak (1): drivers: base: cacheinfo: Update cpu_map_populated during CPU Hotplug Pierre Gondois (8): cacheinfo: Use RISC-V's init_cache_level() as generic OF implementation cacheinfo: Return error code in init_of_cache_level() cacheinfo: Check 'cache-unified' property to count cache leaves ACPI: PPTT: Remove acpi_find_cache_levels() ACPI: PPTT: Update acpi_find_last_cache_level() to acpi_get_cache_info() arch_topology: Build cacheinfo from primary CPU cacheinfo: Initialize variables in fetch_cache_info() arm64: tegra: Update cache properties Yicong Yang (1): cacheinfo: Fix LLC is not exported through sysfs arch/arm64/boot/dts/nvidia/tegra194.dtsi | 15 +++ arch/arm64/boot/dts/nvidia/tegra210.dtsi | 1 + arch/arm64/boot/dts/nvidia/tegra234.dtsi | 33 +++++ arch/arm64/kernel/cacheinfo.c | 11 +- arch/riscv/kernel/cacheinfo.c | 42 ------ drivers/acpi/pptt.c | 93 ++++++++------ drivers/base/arch_topology.c | 12 +- drivers/base/cacheinfo.c | 156 +++++++++++++++++++---- include/linux/cacheinfo.h | 11 +- 9 files changed, 262 insertions(+), 112 deletions(-) -- 2.25.1

1 week

1
10
0 0

FAILED: patch "[PATCH] vfs: Don't leak disconnected dentries on umount" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 56094ad3eaa21e6621396cc33811d8f72847a834 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102038-hash-smashing-4b29@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 56094ad3eaa21e6621396cc33811d8f72847a834 Mon Sep 17 00:00:00 2001 From: Jan Kara <jack(a)suse.cz> Date: Thu, 2 Oct 2025 17:55:07 +0200 Subject: [PATCH] vfs: Don't leak disconnected dentries on umount When user calls open_by_handle_at() on some inode that is not cached, we will create disconnected dentry for it. If such dentry is a directory, exportfs_decode_fh_raw() will then try to connect this dentry to the dentry tree through reconnect_path(). It may happen for various reasons (such as corrupted fs or race with rename) that the call to lookup_one_unlocked() in reconnect_one() will fail to find the dentry we are trying to reconnect and instead create a new dentry under the parent. Now this dentry will not be marked as disconnected although the parent still may well be disconnected (at least in case this inconsistency happened because the fs is corrupted and .. doesn't point to the real parent directory). This creates inconsistency in disconnected flags but AFAICS it was mostly harmless. At least until commit f1ee616214cb ("VFS: don't keep disconnected dentries on d_anon") which removed adding of most disconnected dentries to sb->s_anon list. Thus after this commit cleanup of disconnected dentries implicitely relies on the fact that dput() will immediately reclaim such dentries. However when some leaf dentry isn't marked as disconnected, as in the scenario described above, the reclaim doesn't happen and the dentries are "leaked". Memory reclaim can eventually reclaim them but otherwise they stay in memory and if umount comes first, we hit infamous "Busy inodes after unmount" bug. Make sure all dentries created under a disconnected parent are marked as disconnected as well. Reported-by: syzbot+1d79ebe5383fc016cf07(a)syzkaller.appspotmail.com Fixes: f1ee616214cb ("VFS: don't keep disconnected dentries on d_anon") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/fs/dcache.c b/fs/dcache.c index a067fa0a965a..035cccbc9276 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -2557,6 +2557,8 @@ struct dentry *d_alloc_parallel(struct dentry *parent, spin_lock(&parent->d_lock); new->d_parent = dget_dlock(parent); hlist_add_head(&new->d_sib, &parent->d_children); + if (parent->d_flags & DCACHE_DISCONNECTED) + new->d_flags |= DCACHE_DISCONNECTED; spin_unlock(&parent->d_lock); retry:

1 week

2
2
0 0

FAILED: patch "[PATCH] ixgbevf: fix mailbox API compatibility by negotiating" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x a7075f501bd33c93570af759b6f4302ef0175168 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102050-stadium-reformer-c157@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a7075f501bd33c93570af759b6f4302ef0175168 Mon Sep 17 00:00:00 2001 From: Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> Date: Thu, 9 Oct 2025 17:03:49 -0700 Subject: [PATCH] ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfolio could easily negotiate mailbox API. This convention has been broken since introducing API 1.4. Commit 0062e7cc955e ("ixgbevf: add VF IPsec offload code") added support for IPSec which is specific only for the kernel ixgbe driver. None of the rest of the Intel 10G PF/VF drivers supports it. And actually lack of support was not included in the IPSec implementation - there were no such code paths. No possibility to negotiate support for the feature was introduced along with introduction of the feature itself. Commit 339f28964147 ("ixgbevf: Add support for new mailbox communication between PF and VF") increasing API version to 1.5 did the same - it introduced code supported specifically by the PF ESX driver. It altered API version for the VF driver in the same time not touching the version defined for the PF ixgbe driver. It led to additional discrepancies, as the code provided within API 1.6 cannot be supported for Linux ixgbe driver as it causes crashes. The issue was noticed some time ago and mitigated by Jake within the commit d0725312adf5 ("ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5"). As a result we have regression for IPsec support and after increasing API to version 1.6 ixgbevf driver stopped to support ESX MBX. To fix this mess add new mailbox op asking PF driver about supported features. Basing on a response determine whether to set support for IPSec and ESX-specific enhanced mailbox. New mailbox op, for compatibility purposes, must be added within new API revision, as API version of OOT PF & VF drivers is already increased to 1.6 and doesn't incorporate features negotiate op. Features negotiation mechanism gives possibility to be extended with new features when needed in the future. Reported-by: Jacob Keller <jacob.e.keller(a)intel.com> Closes: https://lore.kernel.org/intel-wired-lan/20241101-jk-ixgbevf-mailbox-v1-5-fi… Fixes: 0062e7cc955e ("ixgbevf: add VF IPsec offload code") Fixes: 339f28964147 ("ixgbevf: Add support for new mailbox communication between PF and VF") Reviewed-by: Jacob Keller <jacob.e.keller(a)intel.com> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Reviewed-by: Aleksandr Loktionov <aleksandr.loktionov(a)intel.com> Cc: stable(a)vger.kernel.org Signed-off-by: Jedrzej Jagielski <jedrzej.jagielski(a)intel.com> Tested-by: Rafal Romanowski <rafal.romanowski(a)intel.com> Signed-off-by: Jacob Keller <jacob.e.keller(a)intel.com> Link: https://patch.msgid.link/20251009-jk-iwl-net-2025-10-01-v3-4-ef32a425b92a@i… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/drivers/net/ethernet/intel/ixgbevf/ipsec.c b/drivers/net/ethernet/intel/ixgbevf/ipsec.c index 65580b9cb06f..fce35924ff8b 100644 --- a/drivers/net/ethernet/intel/ixgbevf/ipsec.c +++ b/drivers/net/ethernet/intel/ixgbevf/ipsec.c @@ -273,6 +273,9 @@ static int ixgbevf_ipsec_add_sa(struct net_device *dev, adapter = netdev_priv(dev); ipsec = adapter->ipsec; + if (!(adapter->pf_features & IXGBEVF_PF_SUP_IPSEC)) + return -EOPNOTSUPP; + if (xs->id.proto != IPPROTO_ESP && xs->id.proto != IPPROTO_AH) { NL_SET_ERR_MSG_MOD(extack, "Unsupported protocol for IPsec offload"); return -EINVAL; @@ -405,6 +408,9 @@ static void ixgbevf_ipsec_del_sa(struct net_device *dev, adapter = netdev_priv(dev); ipsec = adapter->ipsec; + if (!(adapter->pf_features & IXGBEVF_PF_SUP_IPSEC)) + return; + if (xs->xso.dir == XFRM_DEV_OFFLOAD_IN) { sa_idx = xs->xso.offload_handle - IXGBE_IPSEC_BASE_RX_INDEX; @@ -612,6 +618,10 @@ void ixgbevf_init_ipsec_offload(struct ixgbevf_adapter *adapter) size_t size; switch (adapter->hw.api_version) { + case ixgbe_mbox_api_17: + if (!(adapter->pf_features & IXGBEVF_PF_SUP_IPSEC)) + return; + break; case ixgbe_mbox_api_14: break; default: diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h b/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h index 3a379e6a3a2a..039187607e98 100644 --- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h +++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf.h @@ -363,6 +363,13 @@ struct ixgbevf_adapter { struct ixgbe_hw hw; u16 msg_enable; + u32 pf_features; +#define IXGBEVF_PF_SUP_IPSEC BIT(0) +#define IXGBEVF_PF_SUP_ESX_MBX BIT(1) + +#define IXGBEVF_SUPPORTED_FEATURES (IXGBEVF_PF_SUP_IPSEC | \ + IXGBEVF_PF_SUP_ESX_MBX) + struct ixgbevf_hw_stats stats; unsigned long state; diff --git a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c index 92671638b428..d5ce20f47def 100644 --- a/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c +++ b/drivers/net/ethernet/intel/ixgbevf/ixgbevf_main.c @@ -2271,10 +2271,35 @@ static void ixgbevf_init_last_counter_stats(struct ixgbevf_adapter *adapter) adapter->stats.base_vfmprc = adapter->stats.last_vfmprc; } +/** + * ixgbevf_set_features - Set features supported by PF + * @adapter: pointer to the adapter struct + * + * Negotiate with PF supported features and then set pf_features accordingly. + */ +static void ixgbevf_set_features(struct ixgbevf_adapter *adapter) +{ + u32 *pf_features = &adapter->pf_features; + struct ixgbe_hw *hw = &adapter->hw; + int err; + + err = hw->mac.ops.negotiate_features(hw, pf_features); + if (err && err != -EOPNOTSUPP) + netdev_dbg(adapter->netdev, + "PF feature negotiation failed.\n"); + + /* Address also pre API 1.7 cases */ + if (hw->api_version == ixgbe_mbox_api_14) + *pf_features |= IXGBEVF_PF_SUP_IPSEC; + else if (hw->api_version == ixgbe_mbox_api_15) + *pf_features |= IXGBEVF_PF_SUP_ESX_MBX; +} + static void ixgbevf_negotiate_api(struct ixgbevf_adapter *adapter) { struct ixgbe_hw *hw = &adapter->hw; static const int api[] = { + ixgbe_mbox_api_17, ixgbe_mbox_api_16, ixgbe_mbox_api_15, ixgbe_mbox_api_14, @@ -2295,8 +2320,9 @@ static void ixgbevf_negotiate_api(struct ixgbevf_adapter *adapter) idx++; } - /* Following is not supported by API 1.6, it is specific for 1.5 */ - if (hw->api_version == ixgbe_mbox_api_15) { + ixgbevf_set_features(adapter); + + if (adapter->pf_features & IXGBEVF_PF_SUP_ESX_MBX) { hw->mbx.ops.init_params(hw); memcpy(&hw->mbx.ops, &ixgbevf_mbx_ops, sizeof(struct ixgbe_mbx_operations)); @@ -2654,6 +2680,7 @@ static void ixgbevf_set_num_queues(struct ixgbevf_adapter *adapter) case ixgbe_mbox_api_14: case ixgbe_mbox_api_15: case ixgbe_mbox_api_16: + case ixgbe_mbox_api_17: if (adapter->xdp_prog && hw->mac.max_tx_queues == rss) rss = rss > 3 ? 2 : 1; @@ -4649,6 +4676,7 @@ static int ixgbevf_probe(struct pci_dev *pdev, const struct pci_device_id *ent) case ixgbe_mbox_api_14: case ixgbe_mbox_api_15: case ixgbe_mbox_api_16: + case ixgbe_mbox_api_17: netdev->max_mtu = IXGBE_MAX_JUMBO_FRAME_SIZE - (ETH_HLEN + ETH_FCS_LEN); break; diff --git a/drivers/net/ethernet/intel/ixgbevf/mbx.h b/drivers/net/ethernet/intel/ixgbevf/mbx.h index c1494fd1f67b..a8ed23ee66aa 100644 --- a/drivers/net/ethernet/intel/ixgbevf/mbx.h +++ b/drivers/net/ethernet/intel/ixgbevf/mbx.h @@ -67,6 +67,7 @@ enum ixgbe_pfvf_api_rev { ixgbe_mbox_api_14, /* API version 1.4, linux/freebsd VF driver */ ixgbe_mbox_api_15, /* API version 1.5, linux/freebsd VF driver */ ixgbe_mbox_api_16, /* API version 1.6, linux/freebsd VF driver */ + ixgbe_mbox_api_17, /* API version 1.7, linux/freebsd VF driver */ /* This value should always be last */ ixgbe_mbox_api_unknown, /* indicates that API version is not known */ }; @@ -106,6 +107,9 @@ enum ixgbe_pfvf_api_rev { /* mailbox API, version 1.6 VF requests */ #define IXGBE_VF_GET_PF_LINK_STATE 0x11 /* request PF to send link info */ +/* mailbox API, version 1.7 VF requests */ +#define IXGBE_VF_FEATURES_NEGOTIATE 0x12 /* get features supported by PF*/ + /* length of permanent address message returned from PF */ #define IXGBE_VF_PERMADDR_MSG_LEN 4 /* word in permanent address message with the current multicast type */ diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.c b/drivers/net/ethernet/intel/ixgbevf/vf.c index f05246fb5a74..74d320879513 100644 --- a/drivers/net/ethernet/intel/ixgbevf/vf.c +++ b/drivers/net/ethernet/intel/ixgbevf/vf.c @@ -313,6 +313,7 @@ int ixgbevf_get_reta_locked(struct ixgbe_hw *hw, u32 *reta, int num_rx_queues) * is not supported for this device type. */ switch (hw->api_version) { + case ixgbe_mbox_api_17: case ixgbe_mbox_api_16: case ixgbe_mbox_api_15: case ixgbe_mbox_api_14: @@ -383,6 +384,7 @@ int ixgbevf_get_rss_key_locked(struct ixgbe_hw *hw, u8 *rss_key) * or if the operation is not supported for this device type. */ switch (hw->api_version) { + case ixgbe_mbox_api_17: case ixgbe_mbox_api_16: case ixgbe_mbox_api_15: case ixgbe_mbox_api_14: @@ -555,6 +557,7 @@ static s32 ixgbevf_update_xcast_mode(struct ixgbe_hw *hw, int xcast_mode) case ixgbe_mbox_api_14: case ixgbe_mbox_api_15: case ixgbe_mbox_api_16: + case ixgbe_mbox_api_17: break; default: return -EOPNOTSUPP; @@ -646,6 +649,7 @@ static int ixgbevf_get_pf_link_state(struct ixgbe_hw *hw, ixgbe_link_speed *spee switch (hw->api_version) { case ixgbe_mbox_api_16: + case ixgbe_mbox_api_17: break; default: return -EOPNOTSUPP; @@ -669,6 +673,42 @@ static int ixgbevf_get_pf_link_state(struct ixgbe_hw *hw, ixgbe_link_speed *spee return err; } +/** + * ixgbevf_negotiate_features_vf - negotiate supported features with PF driver + * @hw: pointer to the HW structure + * @pf_features: bitmask of features supported by PF + * + * Return: IXGBE_ERR_MBX in the case of mailbox error, + * -EOPNOTSUPP if the op is not supported or 0 on success. + */ +static int ixgbevf_negotiate_features_vf(struct ixgbe_hw *hw, u32 *pf_features) +{ + u32 msgbuf[2] = {}; + int err; + + switch (hw->api_version) { + case ixgbe_mbox_api_17: + break; + default: + return -EOPNOTSUPP; + } + + msgbuf[0] = IXGBE_VF_FEATURES_NEGOTIATE; + msgbuf[1] = IXGBEVF_SUPPORTED_FEATURES; + + err = ixgbevf_write_msg_read_ack(hw, msgbuf, msgbuf, + ARRAY_SIZE(msgbuf)); + + if (err || (msgbuf[0] & IXGBE_VT_MSGTYPE_FAILURE)) { + err = IXGBE_ERR_MBX; + *pf_features = 0x0; + } else { + *pf_features = msgbuf[1]; + } + + return err; +} + /** * ixgbevf_set_vfta_vf - Set/Unset VLAN filter table address * @hw: pointer to the HW structure @@ -799,6 +839,7 @@ static s32 ixgbevf_check_mac_link_vf(struct ixgbe_hw *hw, bool *link_up, bool autoneg_wait_to_complete) { + struct ixgbevf_adapter *adapter = hw->back; struct ixgbe_mbx_info *mbx = &hw->mbx; struct ixgbe_mac_info *mac = &hw->mac; s32 ret_val = 0; @@ -825,7 +866,7 @@ static s32 ixgbevf_check_mac_link_vf(struct ixgbe_hw *hw, * until we are called again and don't report an error */ if (mbx->ops.read(hw, &in_msg, 1)) { - if (hw->api_version >= ixgbe_mbox_api_15) + if (adapter->pf_features & IXGBEVF_PF_SUP_ESX_MBX) mac->get_link_status = false; goto out; } @@ -1026,6 +1067,7 @@ int ixgbevf_get_queues(struct ixgbe_hw *hw, unsigned int *num_tcs, case ixgbe_mbox_api_14: case ixgbe_mbox_api_15: case ixgbe_mbox_api_16: + case ixgbe_mbox_api_17: break; default: return 0; @@ -1080,6 +1122,7 @@ static const struct ixgbe_mac_operations ixgbevf_mac_ops = { .setup_link = ixgbevf_setup_mac_link_vf, .check_link = ixgbevf_check_mac_link_vf, .negotiate_api_version = ixgbevf_negotiate_api_version_vf, + .negotiate_features = ixgbevf_negotiate_features_vf, .set_rar = ixgbevf_set_rar_vf, .update_mc_addr_list = ixgbevf_update_mc_addr_list_vf, .update_xcast_mode = ixgbevf_update_xcast_mode, diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.h b/drivers/net/ethernet/intel/ixgbevf/vf.h index 2d791bc26ae4..4f19b8900c29 100644 --- a/drivers/net/ethernet/intel/ixgbevf/vf.h +++ b/drivers/net/ethernet/intel/ixgbevf/vf.h @@ -26,6 +26,7 @@ struct ixgbe_mac_operations { s32 (*stop_adapter)(struct ixgbe_hw *); s32 (*get_bus_info)(struct ixgbe_hw *); s32 (*negotiate_api_version)(struct ixgbe_hw *hw, int api); + int (*negotiate_features)(struct ixgbe_hw *hw, u32 *pf_features); /* Link */ s32 (*setup_link)(struct ixgbe_hw *, ixgbe_link_speed, bool, bool);

1 week

2
4
0 0

FAILED: patch "[PATCH] x86/resctrl: Fix miscount of bandwidth event when" failed to apply to 6.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.17.y git checkout FETCH_HEAD git cherry-pick -x 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102047-tissue-surplus-ff35@gregkh' --subject-prefix 'PATCH 6.17.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 Mon Sep 17 00:00:00 2001 From: Babu Moger <babu.moger(a)amd.com> Date: Fri, 10 Oct 2025 12:08:35 -0500 Subject: [PATCH] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Users can create as many monitoring groups as the number of RMIDs supported by the hardware. However, on AMD systems, only a limited number of RMIDs are guaranteed to be actively tracked by the hardware. RMIDs that exceed this limit are placed in an "Unavailable" state. When a bandwidth counter is read for such an RMID, the hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62). When such an RMID starts being tracked again the hardware counter is reset to zero. MSR_IA32_QM_CTR.Unavailable remains set on first read after tracking re-starts and is clear on all subsequent reads as long as the RMID is tracked. resctrl miscounts the bandwidth events after an RMID transitions from the "Unavailable" state back to being tracked. This happens because when the hardware starts counting again after resetting the counter to zero, resctrl in turn compares the new count against the counter value stored from the previous time the RMID was tracked. This results in resctrl computing an event value that is either undercounting (when new counter is more than stored counter) or a mistaken overflow (when new counter is less than stored counter). Reset the stored value (arch_mbm_state::prev_msr) of MSR_IA32_QM_CTR to zero whenever the RMID is in the "Unavailable" state to ensure accurate counting after the RMID resets to zero when it starts to be tracked again. Example scenario that results in mistaken overflow ================================================== 1. The resctrl filesystem is mounted, and a task is assigned to a monitoring group. $mount -t resctrl resctrl /sys/fs/resctrl $mkdir /sys/fs/resctrl/mon_groups/test1/ $echo 1234 > /sys/fs/resctrl/mon_groups/test1/tasks $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 21323 <- Total bytes on domain 0 "Unavailable" <- Total bytes on domain 1 Task is running on domain 0. Counter on domain 1 is "Unavailable". 2. The task runs on domain 0 for a while and then moves to domain 1. The counter starts incrementing on domain 1. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 7345357 <- Total bytes on domain 0 4545 <- Total bytes on domain 1 3. At some point, the RMID in domain 0 transitions to the "Unavailable" state because the task is no longer executing in that domain. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes "Unavailable" <- Total bytes on domain 0 434341 <- Total bytes on domain 1 4. Since the task continues to migrate between domains, it may eventually return to domain 0. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 17592178699059 <- Overflow on domain 0 3232332 <- Total bytes on domain 1 In this case, the RMID on domain 0 transitions from "Unavailable" state to active state. The hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62) when the counter is read and begins tracking the RMID counting from 0. Subsequent reads succeed but return a value smaller than the previously saved MSR value (7345357). Consequently, the resctrl's overflow logic is triggered, it compares the previous value (7345357) with the new, smaller value and incorrectly interprets this as a counter overflow, adding a large delta. In reality, this is a false positive: the counter did not overflow but was simply reset when the RMID transitioned from "Unavailable" back to active state. Here is the text from APM [1] available from [2]. "In PQOS Version 2.0 or higher, the MBM hardware will set the U bit on the first QM_CTR read when it begins tracking an RMID that it was not previously tracking. The U bit will be zero for all subsequent reads from that RMID while it is still tracked by the hardware. Therefore, a QM_CTR read with the U bit set when that RMID is in use by a processor can be considered 0 when calculating the difference with a subsequent read." [1] AMD64 Architecture Programmer's Manual Volume 2: System Programming Publication # 24593 Revision 3.41 section 19.3.3 Monitoring L3 Memory Bandwidth (MBM). [ bp: Split commit message into smaller paragraph chunks for better consumption. ] Fixes: 4d05bf71f157d ("x86/resctrl: Introduce AMD QOS feature") Signed-off-by: Babu Moger <babu.moger(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Tested-by: Reinette Chatre <reinette.chatre(a)intel.com> Cc: stable(a)vger.kernel.org # needs adjustments for <= v6.17 Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 # [2] diff --git a/arch/x86/kernel/cpu/resctrl/monitor.c b/arch/x86/kernel/cpu/resctrl/monitor.c index c8945610d455..2cd25a0d4637 100644 --- a/arch/x86/kernel/cpu/resctrl/monitor.c +++ b/arch/x86/kernel/cpu/resctrl/monitor.c @@ -242,7 +242,9 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, u32 unused, u32 rmid, enum resctrl_event_id eventid, u64 *val, void *ignored) { + struct rdt_hw_mon_domain *hw_dom = resctrl_to_arch_mon_dom(d); int cpu = cpumask_any(&d->hdr.cpu_mask); + struct arch_mbm_state *am; u64 msr_val; u32 prmid; int ret; @@ -251,12 +253,16 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, prmid = logical_rmid_to_physical_rmid(cpu, rmid); ret = __rmid_read_phys(prmid, eventid, &msr_val); - if (ret) - return ret; - *val = get_corrected_val(r, d, rmid, eventid, msr_val); + if (!ret) { + *val = get_corrected_val(r, d, rmid, eventid, msr_val); + } else if (ret == -EINVAL) { + am = get_arch_mbm_state(hw_dom, rmid, eventid); + if (am) + am->prev_msr = 0; + } - return 0; + return ret; } static int __cntr_id_read(u32 cntr_id, u64 *val)

1 week

5
8
0 0

FAILED: patch "[PATCH] x86/resctrl: Fix miscount of bandwidth event when" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102049-machine-domestic-c4b2@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 Mon Sep 17 00:00:00 2001 From: Babu Moger <babu.moger(a)amd.com> Date: Fri, 10 Oct 2025 12:08:35 -0500 Subject: [PATCH] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Users can create as many monitoring groups as the number of RMIDs supported by the hardware. However, on AMD systems, only a limited number of RMIDs are guaranteed to be actively tracked by the hardware. RMIDs that exceed this limit are placed in an "Unavailable" state. When a bandwidth counter is read for such an RMID, the hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62). When such an RMID starts being tracked again the hardware counter is reset to zero. MSR_IA32_QM_CTR.Unavailable remains set on first read after tracking re-starts and is clear on all subsequent reads as long as the RMID is tracked. resctrl miscounts the bandwidth events after an RMID transitions from the "Unavailable" state back to being tracked. This happens because when the hardware starts counting again after resetting the counter to zero, resctrl in turn compares the new count against the counter value stored from the previous time the RMID was tracked. This results in resctrl computing an event value that is either undercounting (when new counter is more than stored counter) or a mistaken overflow (when new counter is less than stored counter). Reset the stored value (arch_mbm_state::prev_msr) of MSR_IA32_QM_CTR to zero whenever the RMID is in the "Unavailable" state to ensure accurate counting after the RMID resets to zero when it starts to be tracked again. Example scenario that results in mistaken overflow ================================================== 1. The resctrl filesystem is mounted, and a task is assigned to a monitoring group. $mount -t resctrl resctrl /sys/fs/resctrl $mkdir /sys/fs/resctrl/mon_groups/test1/ $echo 1234 > /sys/fs/resctrl/mon_groups/test1/tasks $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 21323 <- Total bytes on domain 0 "Unavailable" <- Total bytes on domain 1 Task is running on domain 0. Counter on domain 1 is "Unavailable". 2. The task runs on domain 0 for a while and then moves to domain 1. The counter starts incrementing on domain 1. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 7345357 <- Total bytes on domain 0 4545 <- Total bytes on domain 1 3. At some point, the RMID in domain 0 transitions to the "Unavailable" state because the task is no longer executing in that domain. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes "Unavailable" <- Total bytes on domain 0 434341 <- Total bytes on domain 1 4. Since the task continues to migrate between domains, it may eventually return to domain 0. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 17592178699059 <- Overflow on domain 0 3232332 <- Total bytes on domain 1 In this case, the RMID on domain 0 transitions from "Unavailable" state to active state. The hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62) when the counter is read and begins tracking the RMID counting from 0. Subsequent reads succeed but return a value smaller than the previously saved MSR value (7345357). Consequently, the resctrl's overflow logic is triggered, it compares the previous value (7345357) with the new, smaller value and incorrectly interprets this as a counter overflow, adding a large delta. In reality, this is a false positive: the counter did not overflow but was simply reset when the RMID transitioned from "Unavailable" back to active state. Here is the text from APM [1] available from [2]. "In PQOS Version 2.0 or higher, the MBM hardware will set the U bit on the first QM_CTR read when it begins tracking an RMID that it was not previously tracking. The U bit will be zero for all subsequent reads from that RMID while it is still tracked by the hardware. Therefore, a QM_CTR read with the U bit set when that RMID is in use by a processor can be considered 0 when calculating the difference with a subsequent read." [1] AMD64 Architecture Programmer's Manual Volume 2: System Programming Publication # 24593 Revision 3.41 section 19.3.3 Monitoring L3 Memory Bandwidth (MBM). [ bp: Split commit message into smaller paragraph chunks for better consumption. ] Fixes: 4d05bf71f157d ("x86/resctrl: Introduce AMD QOS feature") Signed-off-by: Babu Moger <babu.moger(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Tested-by: Reinette Chatre <reinette.chatre(a)intel.com> Cc: stable(a)vger.kernel.org # needs adjustments for <= v6.17 Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 # [2] diff --git a/arch/x86/kernel/cpu/resctrl/monitor.c b/arch/x86/kernel/cpu/resctrl/monitor.c index c8945610d455..2cd25a0d4637 100644 --- a/arch/x86/kernel/cpu/resctrl/monitor.c +++ b/arch/x86/kernel/cpu/resctrl/monitor.c @@ -242,7 +242,9 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, u32 unused, u32 rmid, enum resctrl_event_id eventid, u64 *val, void *ignored) { + struct rdt_hw_mon_domain *hw_dom = resctrl_to_arch_mon_dom(d); int cpu = cpumask_any(&d->hdr.cpu_mask); + struct arch_mbm_state *am; u64 msr_val; u32 prmid; int ret; @@ -251,12 +253,16 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, prmid = logical_rmid_to_physical_rmid(cpu, rmid); ret = __rmid_read_phys(prmid, eventid, &msr_val); - if (ret) - return ret; - *val = get_corrected_val(r, d, rmid, eventid, msr_val); + if (!ret) { + *val = get_corrected_val(r, d, rmid, eventid, msr_val); + } else if (ret == -EINVAL) { + am = get_arch_mbm_state(hw_dom, rmid, eventid); + if (am) + am->prev_msr = 0; + } - return 0; + return ret; } static int __cntr_id_read(u32 cntr_id, u64 *val)

1 week

2
2
0 0

FAILED: patch "[PATCH] KEYS: trusted_tpm1: Compare HMAC values in constant time" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x eed0e3d305530066b4fc5370107cff8ef1a0d229 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101624-attitude-destruct-3559@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From eed0e3d305530066b4fc5370107cff8ef1a0d229 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)kernel.org> Date: Sat, 9 Aug 2025 10:19:39 -0700 Subject: [PATCH] KEYS: trusted_tpm1: Compare HMAC values in constant time To prevent timing attacks, HMAC value comparison needs to be constant time. Replace the memcmp() with the correct function, crypto_memneq(). [For the Fixes commit I used the commit that introduced the memcmp(). It predates the introduction of crypto_memneq(), but it was still a bug at the time even though a helper function didn't exist yet.] Fixes: d00a1c72f7f4 ("keys: add new trusted key-type") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Reviewed-by: Jarkko Sakkinen <jarkko(a)kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c index 89c9798d1800..e73f2c6c817a 100644 --- a/security/keys/trusted-keys/trusted_tpm1.c +++ b/security/keys/trusted-keys/trusted_tpm1.c @@ -7,6 +7,7 @@ */ #include <crypto/hash_info.h> +#include <crypto/utils.h> #include <linux/init.h> #include <linux/slab.h> #include <linux/parser.h> @@ -241,7 +242,7 @@ int TSS_checkhmac1(unsigned char *buffer, if (ret < 0) goto out; - if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE)) + if (crypto_memneq(testhmac, authdata, SHA1_DIGEST_SIZE)) ret = -EINVAL; out: kfree_sensitive(sdesc); @@ -334,7 +335,7 @@ static int TSS_checkhmac2(unsigned char *buffer, TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0); if (ret < 0) goto out; - if (memcmp(testhmac1, authdata1, SHA1_DIGEST_SIZE)) { + if (crypto_memneq(testhmac1, authdata1, SHA1_DIGEST_SIZE)) { ret = -EINVAL; goto out; } @@ -343,7 +344,7 @@ static int TSS_checkhmac2(unsigned char *buffer, TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0); if (ret < 0) goto out; - if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE)) + if (crypto_memneq(testhmac2, authdata2, SHA1_DIGEST_SIZE)) ret = -EINVAL; out: kfree_sensitive(sdesc);

1 week

2
1
0 0

FAILED: patch "[PATCH] KEYS: trusted_tpm1: Compare HMAC values in constant time" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x eed0e3d305530066b4fc5370107cff8ef1a0d229 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101623-bleep-cold-406b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From eed0e3d305530066b4fc5370107cff8ef1a0d229 Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)kernel.org> Date: Sat, 9 Aug 2025 10:19:39 -0700 Subject: [PATCH] KEYS: trusted_tpm1: Compare HMAC values in constant time To prevent timing attacks, HMAC value comparison needs to be constant time. Replace the memcmp() with the correct function, crypto_memneq(). [For the Fixes commit I used the commit that introduced the memcmp(). It predates the introduction of crypto_memneq(), but it was still a bug at the time even though a helper function didn't exist yet.] Fixes: d00a1c72f7f4 ("keys: add new trusted key-type") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)kernel.org> Reviewed-by: Jarkko Sakkinen <jarkko(a)kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c index 89c9798d1800..e73f2c6c817a 100644 --- a/security/keys/trusted-keys/trusted_tpm1.c +++ b/security/keys/trusted-keys/trusted_tpm1.c @@ -7,6 +7,7 @@ */ #include <crypto/hash_info.h> +#include <crypto/utils.h> #include <linux/init.h> #include <linux/slab.h> #include <linux/parser.h> @@ -241,7 +242,7 @@ int TSS_checkhmac1(unsigned char *buffer, if (ret < 0) goto out; - if (memcmp(testhmac, authdata, SHA1_DIGEST_SIZE)) + if (crypto_memneq(testhmac, authdata, SHA1_DIGEST_SIZE)) ret = -EINVAL; out: kfree_sensitive(sdesc); @@ -334,7 +335,7 @@ static int TSS_checkhmac2(unsigned char *buffer, TPM_NONCE_SIZE, ononce, 1, continueflag1, 0, 0); if (ret < 0) goto out; - if (memcmp(testhmac1, authdata1, SHA1_DIGEST_SIZE)) { + if (crypto_memneq(testhmac1, authdata1, SHA1_DIGEST_SIZE)) { ret = -EINVAL; goto out; } @@ -343,7 +344,7 @@ static int TSS_checkhmac2(unsigned char *buffer, TPM_NONCE_SIZE, ononce, 1, continueflag2, 0, 0); if (ret < 0) goto out; - if (memcmp(testhmac2, authdata2, SHA1_DIGEST_SIZE)) + if (crypto_memneq(testhmac2, authdata2, SHA1_DIGEST_SIZE)) ret = -EINVAL; out: kfree_sensitive(sdesc);

1 week

2
1
0 0

FAILED: patch "[PATCH] mptcp: reset blackhole on success with non-loopback ifaces" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 833d4313bc1e9e194814917d23e8874d6b651649 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101604-chamber-playhouse-5278@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 833d4313bc1e9e194814917d23e8874d6b651649 Mon Sep 17 00:00:00 2001 From: "Matthieu Baerts (NGI0)" <matttbe(a)kernel.org> Date: Thu, 18 Sep 2025 10:50:18 +0200 Subject: [PATCH] mptcp: reset blackhole on success with non-loopback ifaces When a first MPTCP connection gets successfully established after a blackhole period, 'active_disable_times' was supposed to be reset when this connection was done via any non-loopback interfaces. Unfortunately, the opposite condition was checked: only reset when the connection was established via a loopback interface. Fixing this by simply looking at the opposite. This is similar to what is done with TCP FastOpen, see tcp_fastopen_active_disable_ofo_check(). This patch is a follow-up of a previous discussion linked to commit 893c49a78d9f ("mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable()."), see [1]. Fixes: 27069e7cb3d1 ("mptcp: disable active MPTCP in case of blackhole") Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/4209a283-8822-47bd-95b7-87e96d9b7ea3@kernel.org [1] Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> Reviewed-by: Simon Horman <horms(a)kernel.org> Reviewed-by: Kuniyuki Iwashima <kuniyu(a)google.com> Link: https://patch.msgid.link/20250918-net-next-mptcp-blackhole-reset-loopback-v… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/net/mptcp/ctrl.c b/net/mptcp/ctrl.c index e8ffa62ec183..d96130e49942 100644 --- a/net/mptcp/ctrl.c +++ b/net/mptcp/ctrl.c @@ -507,7 +507,7 @@ void mptcp_active_enable(struct sock *sk) rcu_read_lock(); dst = __sk_dst_get(sk); dev = dst ? dst_dev_rcu(dst) : NULL; - if (dev && (dev->flags & IFF_LOOPBACK)) + if (!(dev && (dev->flags & IFF_LOOPBACK))) atomic_set(&pernet->active_disable_times, 0); rcu_read_unlock(); }

1 week

3
9
0 0

FAILED: patch "[PATCH] PCI/sysfs: Ensure devices are powered for config reads" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 48991e4935078b05f80616c75d1ee2ea3ae18e58 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101636-tartar-brethren-067c@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 48991e4935078b05f80616c75d1ee2ea3ae18e58 Mon Sep 17 00:00:00 2001 From: Brian Norris <briannorris(a)google.com> Date: Wed, 24 Sep 2025 09:57:11 -0700 Subject: [PATCH] PCI/sysfs: Ensure devices are powered for config reads The "max_link_width", "current_link_speed", "current_link_width", "secondary_bus_number", and "subordinate_bus_number" sysfs files all access config registers, but they don't check the runtime PM state. If the device is in D3cold or a parent bridge is suspended, we may see -EINVAL, bogus values, or worse, depending on implementation details. Wrap these access in pci_config_pm_runtime_{get,put}() like most of the rest of the similar sysfs attributes. Notably, "max_link_speed" does not access config registers; it returns a cached value since d2bd39c0456b ("PCI: Store all PCIe Supported Link Speeds"). Fixes: 56c1af4606f0 ("PCI: Add sysfs max_link_speed/width, current_link_speed/width, etc") Signed-off-by: Brian Norris <briannorris(a)google.com> Signed-off-by: Brian Norris <briannorris(a)chromium.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20250924095711.v2.1.Ibb5b6ca1e2c059e04ec53140cd98a… diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c index 5eea14c1f7f5..2b231ef1dac9 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -201,8 +201,14 @@ static ssize_t max_link_width_show(struct device *dev, struct device_attribute *attr, char *buf) { struct pci_dev *pdev = to_pci_dev(dev); + ssize_t ret; - return sysfs_emit(buf, "%u\n", pcie_get_width_cap(pdev)); + /* We read PCI_EXP_LNKCAP, so we need the device to be accessible. */ + pci_config_pm_runtime_get(pdev); + ret = sysfs_emit(buf, "%u\n", pcie_get_width_cap(pdev)); + pci_config_pm_runtime_put(pdev); + + return ret; } static DEVICE_ATTR_RO(max_link_width); @@ -214,7 +220,10 @@ static ssize_t current_link_speed_show(struct device *dev, int err; enum pci_bus_speed speed; + pci_config_pm_runtime_get(pci_dev); err = pcie_capability_read_word(pci_dev, PCI_EXP_LNKSTA, &linkstat); + pci_config_pm_runtime_put(pci_dev); + if (err) return -EINVAL; @@ -231,7 +240,10 @@ static ssize_t current_link_width_show(struct device *dev, u16 linkstat; int err; + pci_config_pm_runtime_get(pci_dev); err = pcie_capability_read_word(pci_dev, PCI_EXP_LNKSTA, &linkstat); + pci_config_pm_runtime_put(pci_dev); + if (err) return -EINVAL; @@ -247,7 +259,10 @@ static ssize_t secondary_bus_number_show(struct device *dev, u8 sec_bus; int err; + pci_config_pm_runtime_get(pci_dev); err = pci_read_config_byte(pci_dev, PCI_SECONDARY_BUS, &sec_bus); + pci_config_pm_runtime_put(pci_dev); + if (err) return -EINVAL; @@ -263,7 +278,10 @@ static ssize_t subordinate_bus_number_show(struct device *dev, u8 sub_bus; int err; + pci_config_pm_runtime_get(pci_dev); err = pci_read_config_byte(pci_dev, PCI_SUBORDINATE_BUS, &sub_bus); + pci_config_pm_runtime_put(pci_dev); + if (err) return -EINVAL;

1 week

2
3
0 0

FAILED: patch "[PATCH] crypto: rockchip - Fix dma_unmap_sg() nents value" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 21140e5caf019e4a24e1ceabcaaa16bd693b393f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101647-olive-sheet-88ec@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 21140e5caf019e4a24e1ceabcaaa16bd693b393f Mon Sep 17 00:00:00 2001 From: Thomas Fourier <fourier.thomas(a)gmail.com> Date: Wed, 3 Sep 2025 10:06:46 +0200 Subject: [PATCH] crypto: rockchip - Fix dma_unmap_sg() nents value The dma_unmap_sg() functions should be called with the same nents as the dma_map_sg(), not the value the map function returned. Fixes: 57d67c6e8219 ("crypto: rockchip - rework by using crypto_engine") Cc: <stable(a)vger.kernel.org> Signed-off-by: Thomas Fourier <fourier.thomas(a)gmail.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/rockchip/rk3288_crypto_ahash.c b/drivers/crypto/rockchip/rk3288_crypto_ahash.c index d6928ebe9526..b9f5a8b42e66 100644 --- a/drivers/crypto/rockchip/rk3288_crypto_ahash.c +++ b/drivers/crypto/rockchip/rk3288_crypto_ahash.c @@ -254,7 +254,7 @@ static void rk_hash_unprepare(struct crypto_engine *engine, void *breq) struct rk_ahash_rctx *rctx = ahash_request_ctx(areq); struct rk_crypto_info *rkc = rctx->dev; - dma_unmap_sg(rkc->dev, areq->src, rctx->nrsg, DMA_TO_DEVICE); + dma_unmap_sg(rkc->dev, areq->src, sg_nents(areq->src), DMA_TO_DEVICE); } static int rk_hash_run(struct crypto_engine *engine, void *breq)

1 week

2
1
0 0

FAILED: patch "[PATCH] PCI: tegra194: Handle errors in BPMP response" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f8c9ad46b00453a8c075453f3745f8d263f44834 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101628-deflected-bruising-7def@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f8c9ad46b00453a8c075453f3745f8d263f44834 Mon Sep 17 00:00:00 2001 From: Vidya Sagar <vidyas(a)nvidia.com> Date: Mon, 22 Sep 2025 16:08:26 +0200 Subject: [PATCH] PCI: tegra194: Handle errors in BPMP response The return value from tegra_bpmp_transfer() indicates the success or failure of the IPC transaction with BPMP. If the transaction succeeded, we also need to check the actual command's result code. If we don't have error handling for tegra_bpmp_transfer(), we will set the pcie->ep_state to EP_STATE_ENABLED even when the tegra_bpmp_transfer() command fails. Thus, the pcie->ep_state will get out of sync with reality, and any further PERST# assert + deassert will be a no-op and will not trigger the hardware initialization sequence. This is because pex_ep_event_pex_rst_deassert() checks the current pcie->ep_state, and does nothing if the current state is already EP_STATE_ENABLED. Thus, it is important to have error handling for tegra_bpmp_transfer(), such that the pcie->ep_state can not get out of sync with reality, so that we will try to initialize the hardware not only during the first PERST# assert + deassert, but also during any succeeding PERST# assert + deassert. One example where this fix is needed is when using a rock5b as host. During the initial PERST# assert + deassert (triggered by the bootloader on the rock5b) pex_ep_event_pex_rst_deassert() will get called, but for some unknown reason, the tegra_bpmp_transfer() call to initialize the PHY fails. Once Linux has been loaded on the rock5b, the PCIe driver will once again assert + deassert PERST#. However, without tegra_bpmp_transfer() error handling, this second PERST# assert + deassert will not trigger the hardware initialization sequence. With tegra_bpmp_transfer() error handling, the second PERST# assert + deassert will once again trigger the hardware to be initialized and this time the tegra_bpmp_transfer() succeeds. Fixes: c57247f940e8 ("PCI: tegra: Add support for PCIe endpoint mode in Tegra194") Signed-off-by: Vidya Sagar <vidyas(a)nvidia.com> [cassel: improve commit log] Signed-off-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Manivannan Sadhasivam <mani(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Jon Hunter <jonathanh(a)nvidia.com> Acked-by: Thierry Reding <treding(a)nvidia.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20250922140822.519796-8-cassel@kernel.org diff --git a/drivers/pci/controller/dwc/pcie-tegra194.c b/drivers/pci/controller/dwc/pcie-tegra194.c index 359d92dca86a..d71053fa4365 100644 --- a/drivers/pci/controller/dwc/pcie-tegra194.c +++ b/drivers/pci/controller/dwc/pcie-tegra194.c @@ -1214,6 +1214,7 @@ static int tegra_pcie_bpmp_set_ctrl_state(struct tegra_pcie_dw *pcie, struct mrq_uphy_response resp; struct tegra_bpmp_message msg; struct mrq_uphy_request req; + int err; /* * Controller-5 doesn't need to have its state set by BPMP-FW in @@ -1236,7 +1237,13 @@ static int tegra_pcie_bpmp_set_ctrl_state(struct tegra_pcie_dw *pcie, msg.rx.data = &resp; msg.rx.size = sizeof(resp); - return tegra_bpmp_transfer(pcie->bpmp, &msg); + err = tegra_bpmp_transfer(pcie->bpmp, &msg); + if (err) + return err; + if (msg.rx.ret) + return -EINVAL; + + return 0; } static int tegra_pcie_bpmp_set_pll_state(struct tegra_pcie_dw *pcie, @@ -1245,6 +1252,7 @@ static int tegra_pcie_bpmp_set_pll_state(struct tegra_pcie_dw *pcie, struct mrq_uphy_response resp; struct tegra_bpmp_message msg; struct mrq_uphy_request req; + int err; memset(&req, 0, sizeof(req)); memset(&resp, 0, sizeof(resp)); @@ -1264,7 +1272,13 @@ static int tegra_pcie_bpmp_set_pll_state(struct tegra_pcie_dw *pcie, msg.rx.data = &resp; msg.rx.size = sizeof(resp); - return tegra_bpmp_transfer(pcie->bpmp, &msg); + err = tegra_bpmp_transfer(pcie->bpmp, &msg); + if (err) + return err; + if (msg.rx.ret) + return -EINVAL; + + return 0; } static void tegra_pcie_downstream_dev_to_D0(struct tegra_pcie_dw *pcie)

1 week

2
1
0 0

FAILED: patch "[PATCH] PCI: tegra194: Handle errors in BPMP response" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f8c9ad46b00453a8c075453f3745f8d263f44834 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101627-backwash-capably-abbe@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f8c9ad46b00453a8c075453f3745f8d263f44834 Mon Sep 17 00:00:00 2001 From: Vidya Sagar <vidyas(a)nvidia.com> Date: Mon, 22 Sep 2025 16:08:26 +0200 Subject: [PATCH] PCI: tegra194: Handle errors in BPMP response The return value from tegra_bpmp_transfer() indicates the success or failure of the IPC transaction with BPMP. If the transaction succeeded, we also need to check the actual command's result code. If we don't have error handling for tegra_bpmp_transfer(), we will set the pcie->ep_state to EP_STATE_ENABLED even when the tegra_bpmp_transfer() command fails. Thus, the pcie->ep_state will get out of sync with reality, and any further PERST# assert + deassert will be a no-op and will not trigger the hardware initialization sequence. This is because pex_ep_event_pex_rst_deassert() checks the current pcie->ep_state, and does nothing if the current state is already EP_STATE_ENABLED. Thus, it is important to have error handling for tegra_bpmp_transfer(), such that the pcie->ep_state can not get out of sync with reality, so that we will try to initialize the hardware not only during the first PERST# assert + deassert, but also during any succeeding PERST# assert + deassert. One example where this fix is needed is when using a rock5b as host. During the initial PERST# assert + deassert (triggered by the bootloader on the rock5b) pex_ep_event_pex_rst_deassert() will get called, but for some unknown reason, the tegra_bpmp_transfer() call to initialize the PHY fails. Once Linux has been loaded on the rock5b, the PCIe driver will once again assert + deassert PERST#. However, without tegra_bpmp_transfer() error handling, this second PERST# assert + deassert will not trigger the hardware initialization sequence. With tegra_bpmp_transfer() error handling, the second PERST# assert + deassert will once again trigger the hardware to be initialized and this time the tegra_bpmp_transfer() succeeds. Fixes: c57247f940e8 ("PCI: tegra: Add support for PCIe endpoint mode in Tegra194") Signed-off-by: Vidya Sagar <vidyas(a)nvidia.com> [cassel: improve commit log] Signed-off-by: Niklas Cassel <cassel(a)kernel.org> Signed-off-by: Manivannan Sadhasivam <mani(a)kernel.org> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Reviewed-by: Jon Hunter <jonathanh(a)nvidia.com> Acked-by: Thierry Reding <treding(a)nvidia.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20250922140822.519796-8-cassel@kernel.org diff --git a/drivers/pci/controller/dwc/pcie-tegra194.c b/drivers/pci/controller/dwc/pcie-tegra194.c index 359d92dca86a..d71053fa4365 100644 --- a/drivers/pci/controller/dwc/pcie-tegra194.c +++ b/drivers/pci/controller/dwc/pcie-tegra194.c @@ -1214,6 +1214,7 @@ static int tegra_pcie_bpmp_set_ctrl_state(struct tegra_pcie_dw *pcie, struct mrq_uphy_response resp; struct tegra_bpmp_message msg; struct mrq_uphy_request req; + int err; /* * Controller-5 doesn't need to have its state set by BPMP-FW in @@ -1236,7 +1237,13 @@ static int tegra_pcie_bpmp_set_ctrl_state(struct tegra_pcie_dw *pcie, msg.rx.data = &resp; msg.rx.size = sizeof(resp); - return tegra_bpmp_transfer(pcie->bpmp, &msg); + err = tegra_bpmp_transfer(pcie->bpmp, &msg); + if (err) + return err; + if (msg.rx.ret) + return -EINVAL; + + return 0; } static int tegra_pcie_bpmp_set_pll_state(struct tegra_pcie_dw *pcie, @@ -1245,6 +1252,7 @@ static int tegra_pcie_bpmp_set_pll_state(struct tegra_pcie_dw *pcie, struct mrq_uphy_response resp; struct tegra_bpmp_message msg; struct mrq_uphy_request req; + int err; memset(&req, 0, sizeof(req)); memset(&resp, 0, sizeof(resp)); @@ -1264,7 +1272,13 @@ static int tegra_pcie_bpmp_set_pll_state(struct tegra_pcie_dw *pcie, msg.rx.data = &resp; msg.rx.size = sizeof(resp); - return tegra_bpmp_transfer(pcie->bpmp, &msg); + err = tegra_bpmp_transfer(pcie->bpmp, &msg); + if (err) + return err; + if (msg.rx.ret) + return -EINVAL; + + return 0; } static void tegra_pcie_downstream_dev_to_D0(struct tegra_pcie_dw *pcie)

1 week

2
1
0 0

FAILED: patch "[PATCH] usb: gadget: f_ncm: Refactor bind path to use __free()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 75a5b8d4ddd4eb6b16cb0b475d14ff4ae64295ef # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101658-ajar-suggest-f20a@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 75a5b8d4ddd4eb6b16cb0b475d14ff4ae64295ef Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Tue, 16 Sep 2025 16:21:34 +0800 Subject: [PATCH] usb: gadget: f_ncm: Refactor bind path to use __free() After an bind/unbind cycle, the ncm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 Call trace: usb_ep_free_request+0x2c/0xec ncm_bind+0x39c/0x3dc usb_add_function+0xcc/0x1f0 configfs_composite_bind+0x468/0x588 gadget_bind_driver+0x104/0x270 really_probe+0x190/0x374 __driver_probe_device+0xa0/0x12c driver_probe_device+0x3c/0x218 __device_attach_driver+0x14c/0x188 bus_for_each_drv+0x10c/0x168 __device_attach+0xfc/0x198 device_initial_probe+0x14/0x24 bus_probe_device+0x94/0x11c device_add+0x268/0x48c usb_add_gadget+0x198/0x28c dwc3_gadget_init+0x700/0x858 __dwc3_set_mode+0x3cc/0x664 process_scheduled_works+0x1d8/0x488 worker_thread+0x244/0x334 kthread+0x114/0x1bc ret_from_fork+0x10/0x20 Fixes: 9f6ce4240a2b ("usb: gadget: f_ncm.c added") Cc: stable(a)kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250916-ready-v1-3-4997bf277548@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Link: https://lore.kernel.org/r/20250916-ready-v1-3-4997bf277548@google.com diff --git a/drivers/usb/gadget/function/f_ncm.c b/drivers/usb/gadget/function/f_ncm.c index 58b0dd575af3..0148d60926dc 100644 --- a/drivers/usb/gadget/function/f_ncm.c +++ b/drivers/usb/gadget/function/f_ncm.c @@ -11,6 +11,7 @@ * Copyright (C) 2008 Nokia Corporation */ +#include <linux/cleanup.h> #include <linux/kernel.h> #include <linux/interrupt.h> #include <linux/module.h> @@ -20,6 +21,7 @@ #include <linux/string_choices.h> #include <linux/usb/cdc.h> +#include <linux/usb/gadget.h> #include "u_ether.h" #include "u_ether_configfs.h" @@ -1436,18 +1438,18 @@ static int ncm_bind(struct usb_configuration *c, struct usb_function *f) struct usb_ep *ep; struct f_ncm_opts *ncm_opts; + struct usb_os_desc_table *os_desc_table __free(kfree) = NULL; + struct usb_request *request __free(free_usb_request) = NULL; + if (!can_support_ecm(cdev->gadget)) return -EINVAL; ncm_opts = container_of(f->fi, struct f_ncm_opts, func_inst); if (cdev->use_os_string) { - f->os_desc_table = kzalloc(sizeof(*f->os_desc_table), - GFP_KERNEL); - if (!f->os_desc_table) + os_desc_table = kzalloc(sizeof(*os_desc_table), GFP_KERNEL); + if (!os_desc_table) return -ENOMEM; - f->os_desc_n = 1; - f->os_desc_table[0].os_desc = &ncm_opts->ncm_os_desc; } mutex_lock(&ncm_opts->lock); @@ -1459,16 +1461,15 @@ static int ncm_bind(struct usb_configuration *c, struct usb_function *f) mutex_unlock(&ncm_opts->lock); if (status) - goto fail; + return status; ncm_opts->bound = true; us = usb_gstrings_attach(cdev, ncm_strings, ARRAY_SIZE(ncm_string_defs)); - if (IS_ERR(us)) { - status = PTR_ERR(us); - goto fail; - } + if (IS_ERR(us)) + return PTR_ERR(us); + ncm_control_intf.iInterface = us[STRING_CTRL_IDX].id; ncm_data_nop_intf.iInterface = us[STRING_DATA_IDX].id; ncm_data_intf.iInterface = us[STRING_DATA_IDX].id; @@ -1478,20 +1479,16 @@ static int ncm_bind(struct usb_configuration *c, struct usb_function *f) /* allocate instance-specific interface IDs */ status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; ncm->ctrl_id = status; ncm_iad_desc.bFirstInterface = status; ncm_control_intf.bInterfaceNumber = status; ncm_union_desc.bMasterInterface0 = status; - if (cdev->use_os_string) - f->os_desc_table[0].if_id = - ncm_iad_desc.bFirstInterface; - status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; ncm->data_id = status; ncm_data_nop_intf.bInterfaceNumber = status; @@ -1500,35 +1497,31 @@ static int ncm_bind(struct usb_configuration *c, struct usb_function *f) ecm_desc.wMaxSegmentSize = cpu_to_le16(ncm_opts->max_segment_size); - status = -ENODEV; - /* allocate instance-specific endpoints */ ep = usb_ep_autoconfig(cdev->gadget, &fs_ncm_in_desc); if (!ep) - goto fail; + return -ENODEV; ncm->port.in_ep = ep; ep = usb_ep_autoconfig(cdev->gadget, &fs_ncm_out_desc); if (!ep) - goto fail; + return -ENODEV; ncm->port.out_ep = ep; ep = usb_ep_autoconfig(cdev->gadget, &fs_ncm_notify_desc); if (!ep) - goto fail; + return -ENODEV; ncm->notify = ep; - status = -ENOMEM; - /* allocate notification request and buffer */ - ncm->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL); - if (!ncm->notify_req) - goto fail; - ncm->notify_req->buf = kmalloc(NCM_STATUS_BYTECOUNT, GFP_KERNEL); - if (!ncm->notify_req->buf) - goto fail; - ncm->notify_req->context = ncm; - ncm->notify_req->complete = ncm_notify_complete; + request = usb_ep_alloc_request(ep, GFP_KERNEL); + if (!request) + return -ENOMEM; + request->buf = kmalloc(NCM_STATUS_BYTECOUNT, GFP_KERNEL); + if (!request->buf) + return -ENOMEM; + request->context = ncm; + request->complete = ncm_notify_complete; /* * support all relevant hardware speeds... we expect that when @@ -1548,7 +1541,7 @@ static int ncm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_assign_descriptors(f, ncm_fs_function, ncm_hs_function, ncm_ss_function, ncm_ss_function); if (status) - goto fail; + return status; /* * NOTE: all that is done without knowing or caring about @@ -1561,23 +1554,18 @@ static int ncm_bind(struct usb_configuration *c, struct usb_function *f) hrtimer_setup(&ncm->task_timer, ncm_tx_timeout, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); + if (cdev->use_os_string) { + os_desc_table[0].os_desc = &ncm_opts->ncm_os_desc; + os_desc_table[0].if_id = ncm_iad_desc.bFirstInterface; + f->os_desc_table = no_free_ptr(os_desc_table); + f->os_desc_n = 1; + } + ncm->notify_req = no_free_ptr(request); + DBG(cdev, "CDC Network: IN/%s OUT/%s NOTIFY/%s\n", ncm->port.in_ep->name, ncm->port.out_ep->name, ncm->notify->name); return 0; - -fail: - kfree(f->os_desc_table); - f->os_desc_n = 0; - - if (ncm->notify_req) { - kfree(ncm->notify_req->buf); - usb_ep_free_request(ncm->notify, ncm->notify_req); - } - - ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); - - return status; } static inline struct f_ncm_opts *to_f_ncm_opts(struct config_item *item)

1 week

2
3
0 0

FAILED: patch "[PATCH] usb: gadget: f_acm: Refactor bind path to use __free()" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 47b2116e54b4a854600341487e8b55249e926324 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101616-unhappily-flatware-0bd2@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47b2116e54b4a854600341487e8b55249e926324 Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Tue, 16 Sep 2025 16:21:35 +0800 Subject: [PATCH] usb: gadget: f_acm: Refactor bind path to use __free() After an bind/unbind cycle, the acm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 Call trace: usb_ep_free_request+0x2c/0xec gs_free_req+0x30/0x44 acm_bind+0x1b8/0x1f4 usb_add_function+0xcc/0x1f0 configfs_composite_bind+0x468/0x588 gadget_bind_driver+0x104/0x270 really_probe+0x190/0x374 __driver_probe_device+0xa0/0x12c driver_probe_device+0x3c/0x218 __device_attach_driver+0x14c/0x188 bus_for_each_drv+0x10c/0x168 __device_attach+0xfc/0x198 device_initial_probe+0x14/0x24 bus_probe_device+0x94/0x11c device_add+0x268/0x48c usb_add_gadget+0x198/0x28c dwc3_gadget_init+0x700/0x858 __dwc3_set_mode+0x3cc/0x664 process_scheduled_works+0x1d8/0x488 worker_thread+0x244/0x334 kthread+0x114/0x1bc ret_from_fork+0x10/0x20 Fixes: 1f1ba11b6494 ("usb gadget: issue notifications from ACM function") Cc: stable(a)kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250916-ready-v1-4-4997bf277548@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Link: https://lore.kernel.org/r/20250916-ready-v1-4-4997bf277548@google.com diff --git a/drivers/usb/gadget/function/f_acm.c b/drivers/usb/gadget/function/f_acm.c index 7061720b9732..106046e17c4e 100644 --- a/drivers/usb/gadget/function/f_acm.c +++ b/drivers/usb/gadget/function/f_acm.c @@ -11,12 +11,15 @@ /* #define VERBOSE_DEBUG */ +#include <linux/cleanup.h> #include <linux/slab.h> #include <linux/kernel.h> #include <linux/module.h> #include <linux/device.h> #include <linux/err.h> +#include <linux/usb/gadget.h> + #include "u_serial.h" @@ -613,6 +616,7 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) struct usb_string *us; int status; struct usb_ep *ep; + struct usb_request *request __free(free_usb_request) = NULL; /* REVISIT might want instance-specific strings to help * distinguish instances ... @@ -630,7 +634,7 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) /* allocate instance-specific interface IDs, and patch descriptors */ status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; acm->ctrl_id = status; acm_iad_descriptor.bFirstInterface = status; @@ -639,43 +643,41 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; acm->data_id = status; acm_data_interface_desc.bInterfaceNumber = status; acm_union_desc.bSlaveInterface0 = status; acm_call_mgmt_descriptor.bDataInterface = status; - status = -ENODEV; - /* allocate instance-specific endpoints */ ep = usb_ep_autoconfig(cdev->gadget, &acm_fs_in_desc); if (!ep) - goto fail; + return -ENODEV; acm->port.in = ep; ep = usb_ep_autoconfig(cdev->gadget, &acm_fs_out_desc); if (!ep) - goto fail; + return -ENODEV; acm->port.out = ep; ep = usb_ep_autoconfig(cdev->gadget, &acm_fs_notify_desc); if (!ep) - goto fail; + return -ENODEV; acm->notify = ep; acm_iad_descriptor.bFunctionProtocol = acm->bInterfaceProtocol; acm_control_interface_desc.bInterfaceProtocol = acm->bInterfaceProtocol; /* allocate notification */ - acm->notify_req = gs_alloc_req(ep, - sizeof(struct usb_cdc_notification) + 2, - GFP_KERNEL); - if (!acm->notify_req) - goto fail; + request = gs_alloc_req(ep, + sizeof(struct usb_cdc_notification) + 2, + GFP_KERNEL); + if (!request) + return -ENODEV; - acm->notify_req->complete = acm_cdc_notify_complete; - acm->notify_req->context = acm; + request->complete = acm_cdc_notify_complete; + request->context = acm; /* support all relevant hardware speeds... we expect that when * hardware is dual speed, all bulk-capable endpoints work at @@ -692,7 +694,9 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_assign_descriptors(f, acm_fs_function, acm_hs_function, acm_ss_function, acm_ss_function); if (status) - goto fail; + return status; + + acm->notify_req = no_free_ptr(request); dev_dbg(&cdev->gadget->dev, "acm ttyGS%d: IN/%s OUT/%s NOTIFY/%s\n", @@ -700,14 +704,6 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) acm->port.in->name, acm->port.out->name, acm->notify->name); return 0; - -fail: - if (acm->notify_req) - gs_free_req(acm->notify, acm->notify_req); - - ERROR(cdev, "%s/%p: can't bind, err %d\n", f->name, f, status); - - return status; } static void acm_unbind(struct usb_configuration *c, struct usb_function *f)

1 week

2
3
0 0

FAILED: patch "[PATCH] wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 32be3ca4cf78b309dfe7ba52fe2d7cc3c23c5634 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101626-library-underfoot-da02@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 32be3ca4cf78b309dfe7ba52fe2d7cc3c23c5634 Mon Sep 17 00:00:00 2001 From: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Date: Tue, 22 Jul 2025 10:31:21 +0500 Subject: [PATCH] wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Don't deinitialize and reinitialize the HAL helpers. The dma memory is deallocated and there is high possibility that we'll not be able to get the same memory allocated from dma when there is high memory pressure. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.6 Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") Cc: stable(a)vger.kernel.org Cc: Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> Reviewed-by: Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Link: https://patch.msgid.link/20250722053121.1145001-1-usama.anjum@collabora.com Signed-off-by: Jeff Johnson <jeff.johnson(a)oss.qualcomm.com> diff --git a/drivers/net/wireless/ath/ath11k/core.c b/drivers/net/wireless/ath/ath11k/core.c index d49353b6b2e7..2810752260f2 100644 --- a/drivers/net/wireless/ath/ath11k/core.c +++ b/drivers/net/wireless/ath/ath11k/core.c @@ -2215,14 +2215,10 @@ static int ath11k_core_reconfigure_on_crash(struct ath11k_base *ab) mutex_unlock(&ab->core_lock); ath11k_dp_free(ab); - ath11k_hal_srng_deinit(ab); + ath11k_hal_srng_clear(ab); ab->free_vdev_map = (1LL << (ab->num_radios * TARGET_NUM_VDEVS(ab))) - 1; - ret = ath11k_hal_srng_init(ab); - if (ret) - return ret; - clear_bit(ATH11K_FLAG_CRASH_FLUSH, &ab->dev_flags); ret = ath11k_core_qmi_firmware_ready(ab); diff --git a/drivers/net/wireless/ath/ath11k/hal.c b/drivers/net/wireless/ath/ath11k/hal.c index 0c3ce7509ab8..0c797b8d0a27 100644 --- a/drivers/net/wireless/ath/ath11k/hal.c +++ b/drivers/net/wireless/ath/ath11k/hal.c @@ -1386,6 +1386,22 @@ void ath11k_hal_srng_deinit(struct ath11k_base *ab) } EXPORT_SYMBOL(ath11k_hal_srng_deinit); +void ath11k_hal_srng_clear(struct ath11k_base *ab) +{ + /* No need to memset rdp and wrp memory since each individual + * segment would get cleared in ath11k_hal_srng_src_hw_init() + * and ath11k_hal_srng_dst_hw_init(). + */ + memset(ab->hal.srng_list, 0, + sizeof(ab->hal.srng_list)); + memset(ab->hal.shadow_reg_addr, 0, + sizeof(ab->hal.shadow_reg_addr)); + ab->hal.avail_blk_resource = 0; + ab->hal.current_blk_index = 0; + ab->hal.num_shadow_reg_configured = 0; +} +EXPORT_SYMBOL(ath11k_hal_srng_clear); + void ath11k_hal_dump_srng_stats(struct ath11k_base *ab) { struct hal_srng *srng; diff --git a/drivers/net/wireless/ath/ath11k/hal.h b/drivers/net/wireless/ath/ath11k/hal.h index 601542410c75..839095af9267 100644 --- a/drivers/net/wireless/ath/ath11k/hal.h +++ b/drivers/net/wireless/ath/ath11k/hal.h @@ -965,6 +965,7 @@ int ath11k_hal_srng_setup(struct ath11k_base *ab, enum hal_ring_type type, struct hal_srng_params *params); int ath11k_hal_srng_init(struct ath11k_base *ath11k); void ath11k_hal_srng_deinit(struct ath11k_base *ath11k); +void ath11k_hal_srng_clear(struct ath11k_base *ab); void ath11k_hal_dump_srng_stats(struct ath11k_base *ab); void ath11k_hal_srng_get_shadow_config(struct ath11k_base *ab, u32 **cfg, u32 *len);

1 week

2
1
0 0

FAILED: patch "[PATCH] wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 32be3ca4cf78b309dfe7ba52fe2d7cc3c23c5634 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101625-phonebook-salt-0964@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 32be3ca4cf78b309dfe7ba52fe2d7cc3c23c5634 Mon Sep 17 00:00:00 2001 From: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Date: Tue, 22 Jul 2025 10:31:21 +0500 Subject: [PATCH] wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Don't deinitialize and reinitialize the HAL helpers. The dma memory is deallocated and there is high possibility that we'll not be able to get the same memory allocated from dma when there is high memory pressure. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03926.13-QCAHSPSWPL_V2_SILICONZ_CE-2.52297.6 Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") Cc: stable(a)vger.kernel.org Cc: Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> Reviewed-by: Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> Signed-off-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Link: https://patch.msgid.link/20250722053121.1145001-1-usama.anjum@collabora.com Signed-off-by: Jeff Johnson <jeff.johnson(a)oss.qualcomm.com> diff --git a/drivers/net/wireless/ath/ath11k/core.c b/drivers/net/wireless/ath/ath11k/core.c index d49353b6b2e7..2810752260f2 100644 --- a/drivers/net/wireless/ath/ath11k/core.c +++ b/drivers/net/wireless/ath/ath11k/core.c @@ -2215,14 +2215,10 @@ static int ath11k_core_reconfigure_on_crash(struct ath11k_base *ab) mutex_unlock(&ab->core_lock); ath11k_dp_free(ab); - ath11k_hal_srng_deinit(ab); + ath11k_hal_srng_clear(ab); ab->free_vdev_map = (1LL << (ab->num_radios * TARGET_NUM_VDEVS(ab))) - 1; - ret = ath11k_hal_srng_init(ab); - if (ret) - return ret; - clear_bit(ATH11K_FLAG_CRASH_FLUSH, &ab->dev_flags); ret = ath11k_core_qmi_firmware_ready(ab); diff --git a/drivers/net/wireless/ath/ath11k/hal.c b/drivers/net/wireless/ath/ath11k/hal.c index 0c3ce7509ab8..0c797b8d0a27 100644 --- a/drivers/net/wireless/ath/ath11k/hal.c +++ b/drivers/net/wireless/ath/ath11k/hal.c @@ -1386,6 +1386,22 @@ void ath11k_hal_srng_deinit(struct ath11k_base *ab) } EXPORT_SYMBOL(ath11k_hal_srng_deinit); +void ath11k_hal_srng_clear(struct ath11k_base *ab) +{ + /* No need to memset rdp and wrp memory since each individual + * segment would get cleared in ath11k_hal_srng_src_hw_init() + * and ath11k_hal_srng_dst_hw_init(). + */ + memset(ab->hal.srng_list, 0, + sizeof(ab->hal.srng_list)); + memset(ab->hal.shadow_reg_addr, 0, + sizeof(ab->hal.shadow_reg_addr)); + ab->hal.avail_blk_resource = 0; + ab->hal.current_blk_index = 0; + ab->hal.num_shadow_reg_configured = 0; +} +EXPORT_SYMBOL(ath11k_hal_srng_clear); + void ath11k_hal_dump_srng_stats(struct ath11k_base *ab) { struct hal_srng *srng; diff --git a/drivers/net/wireless/ath/ath11k/hal.h b/drivers/net/wireless/ath/ath11k/hal.h index 601542410c75..839095af9267 100644 --- a/drivers/net/wireless/ath/ath11k/hal.h +++ b/drivers/net/wireless/ath/ath11k/hal.h @@ -965,6 +965,7 @@ int ath11k_hal_srng_setup(struct ath11k_base *ab, enum hal_ring_type type, struct hal_srng_params *params); int ath11k_hal_srng_init(struct ath11k_base *ath11k); void ath11k_hal_srng_deinit(struct ath11k_base *ath11k); +void ath11k_hal_srng_clear(struct ath11k_base *ab); void ath11k_hal_dump_srng_stats(struct ath11k_base *ab); void ath11k_hal_srng_get_shadow_config(struct ath11k_base *ab, u32 **cfg, u32 *len);

1 week

2
1
0 0

FAILED: patch "[PATCH] fs: quota: create dedicated workqueue for quota_release_work" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 72b7ceca857f38a8ca7c5629feffc63769638974 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101650-tighten-fleshed-6fe0@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 72b7ceca857f38a8ca7c5629feffc63769638974 Mon Sep 17 00:00:00 2001 From: Shashank A P <shashank.ap(a)samsung.com> Date: Mon, 1 Sep 2025 14:59:00 +0530 Subject: [PATCH] fs: quota: create dedicated workqueue for quota_release_work There is a kernel panic due to WARN_ONCE when panic_on_warn is set. This issue occurs when writeback is triggered due to sync call for an opened file(ie, writeback reason is WB_REASON_SYNC). When f2fs balance is needed at sync path, flush for quota_release_work is triggered. By default quota_release_work is queued to "events_unbound" queue which does not have WQ_MEM_RECLAIM flag. During f2fs balance "writeback" workqueue tries to flush quota_release_work causing kernel panic due to MEM_RECLAIM flag mismatch errors. This patch creates dedicated workqueue with WQ_MEM_RECLAIM flag for work quota_release_work. ------------[ cut here ]------------ WARNING: CPU: 4 PID: 14867 at kernel/workqueue.c:3721 check_flush_dependency+0x13c/0x148 Call trace: check_flush_dependency+0x13c/0x148 __flush_work+0xd0/0x398 flush_delayed_work+0x44/0x5c dquot_writeback_dquots+0x54/0x318 f2fs_do_quota_sync+0xb8/0x1a8 f2fs_write_checkpoint+0x3cc/0x99c f2fs_gc+0x190/0x750 f2fs_balance_fs+0x110/0x168 f2fs_write_single_data_page+0x474/0x7dc f2fs_write_data_pages+0x7d0/0xd0c do_writepages+0xe0/0x2f4 __writeback_single_inode+0x44/0x4ac writeback_sb_inodes+0x30c/0x538 wb_writeback+0xf4/0x440 wb_workfn+0x128/0x5d4 process_scheduled_works+0x1c4/0x45c worker_thread+0x32c/0x3e8 kthread+0x11c/0x1b0 ret_from_fork+0x10/0x20 Kernel panic - not syncing: kernel: panic_on_warn set ... Fixes: ac6f420291b3 ("quota: flush quota_release_work upon quota writeback") CC: stable(a)vger.kernel.org Signed-off-by: Shashank A P <shashank.ap(a)samsung.com> Link: https://patch.msgid.link/20250901092905.2115-1-shashank.ap@samsung.com Signed-off-by: Jan Kara <jack(a)suse.cz> diff --git a/fs/quota/dquot.c b/fs/quota/dquot.c index df4a9b348769..6c4a6ee1fa2b 100644 --- a/fs/quota/dquot.c +++ b/fs/quota/dquot.c @@ -162,6 +162,9 @@ static struct quota_module_name module_names[] = INIT_QUOTA_MODULE_NAMES; /* SLAB cache for dquot structures */ static struct kmem_cache *dquot_cachep; +/* workqueue for work quota_release_work*/ +static struct workqueue_struct *quota_unbound_wq; + void register_quota_format(struct quota_format_type *fmt) { spin_lock(&dq_list_lock); @@ -881,7 +884,7 @@ void dqput(struct dquot *dquot) put_releasing_dquots(dquot); atomic_dec(&dquot->dq_count); spin_unlock(&dq_list_lock); - queue_delayed_work(system_unbound_wq, &quota_release_work, 1); + queue_delayed_work(quota_unbound_wq, &quota_release_work, 1); } EXPORT_SYMBOL(dqput); @@ -3041,6 +3044,11 @@ static int __init dquot_init(void) shrinker_register(dqcache_shrinker); + quota_unbound_wq = alloc_workqueue("quota_events_unbound", + WQ_UNBOUND | WQ_MEM_RECLAIM, WQ_MAX_ACTIVE); + if (!quota_unbound_wq) + panic("Cannot create quota_unbound_wq\n"); + return 0; } fs_initcall(dquot_init);

1 week

2
2
0 0

FAILED: patch "[PATCH] PCI: j721e: Fix programming sequence of "strap" settings" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f842d3313ba179d4005096357289c7ad09cec575 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101617-matching-native-d141@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f842d3313ba179d4005096357289c7ad09cec575 Mon Sep 17 00:00:00 2001 From: Siddharth Vadapalli <s-vadapalli(a)ti.com> Date: Mon, 8 Sep 2025 17:38:27 +0530 Subject: [PATCH] PCI: j721e: Fix programming sequence of "strap" settings The Cadence PCIe Controller integrated in the TI K3 SoCs supports both Root-Complex and Endpoint modes of operation. The Glue Layer allows "strapping" the Mode of operation of the Controller, the Link Speed and the Link Width. This is enabled by programming the "PCIEn_CTRL" register (n corresponds to the PCIe instance) within the CTRL_MMR memory-mapped register space. The "reset-values" of the registers are also different depending on the mode of operation. Since the PCIe Controller latches onto the "reset-values" immediately after being powered on, if the Glue Layer configuration is not done while the PCIe Controller is off, it will result in the PCIe Controller latching onto the wrong "reset-values". In practice, this will show up as a wrong representation of the PCIe Controller's capability structures in the PCIe Configuration Space. Some such capabilities which are supported by the PCIe Controller in the Root-Complex mode but are incorrectly latched onto as being unsupported are: - Link Bandwidth Notification - Alternate Routing ID (ARI) Forwarding Support - Next capability offset within Advanced Error Reporting (AER) capability Fix this by powering off the PCIe Controller before programming the "strap" settings and powering it on after that. The runtime PM APIs namely pm_runtime_put_sync() and pm_runtime_get_sync() will decrement and increment the usage counter respectively, causing GENPD to power off and power on the PCIe Controller. Fixes: f3e25911a430 ("PCI: j721e: Add TI J721E PCIe driver") Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> Signed-off-by: Manivannan Sadhasivam <mani(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20250908120828.1471776-1-s-vadapalli@ti.com diff --git a/drivers/pci/controller/cadence/pci-j721e.c b/drivers/pci/controller/cadence/pci-j721e.c index cfca13a4c840..5a9ae33e2b93 100644 --- a/drivers/pci/controller/cadence/pci-j721e.c +++ b/drivers/pci/controller/cadence/pci-j721e.c @@ -284,6 +284,25 @@ static int j721e_pcie_ctrl_init(struct j721e_pcie *pcie) if (!ret) offset = args.args[0]; + /* + * The PCIe Controller's registers have different "reset-values" + * depending on the "strap" settings programmed into the PCIEn_CTRL + * register within the CTRL_MMR memory-mapped register space. + * The registers latch onto a "reset-value" based on the "strap" + * settings sampled after the PCIe Controller is powered on. + * To ensure that the "reset-values" are sampled accurately, power + * off the PCIe Controller before programming the "strap" settings + * and power it on after that. The runtime PM APIs namely + * pm_runtime_put_sync() and pm_runtime_get_sync() will decrement and + * increment the usage counter respectively, causing GENPD to power off + * and power on the PCIe Controller. + */ + ret = pm_runtime_put_sync(dev); + if (ret < 0) { + dev_err(dev, "Failed to power off PCIe Controller\n"); + return ret; + } + ret = j721e_pcie_set_mode(pcie, syscon, offset); if (ret < 0) { dev_err(dev, "Failed to set pci mode\n"); @@ -302,6 +321,12 @@ static int j721e_pcie_ctrl_init(struct j721e_pcie *pcie) return ret; } + ret = pm_runtime_get_sync(dev); + if (ret < 0) { + dev_err(dev, "Failed to power on PCIe Controller\n"); + return ret; + } + /* Enable ACSPCIE refclk output if the optional property exists */ syscon = syscon_regmap_lookup_by_phandle_optional(node, "ti,syscon-acspcie-proxy-ctrl");

1 week

2
1
0 0

FAILED: patch "[PATCH] PCI: j721e: Fix programming sequence of "strap" settings" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f842d3313ba179d4005096357289c7ad09cec575 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101616-unopposed-carat-7cf4@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f842d3313ba179d4005096357289c7ad09cec575 Mon Sep 17 00:00:00 2001 From: Siddharth Vadapalli <s-vadapalli(a)ti.com> Date: Mon, 8 Sep 2025 17:38:27 +0530 Subject: [PATCH] PCI: j721e: Fix programming sequence of "strap" settings The Cadence PCIe Controller integrated in the TI K3 SoCs supports both Root-Complex and Endpoint modes of operation. The Glue Layer allows "strapping" the Mode of operation of the Controller, the Link Speed and the Link Width. This is enabled by programming the "PCIEn_CTRL" register (n corresponds to the PCIe instance) within the CTRL_MMR memory-mapped register space. The "reset-values" of the registers are also different depending on the mode of operation. Since the PCIe Controller latches onto the "reset-values" immediately after being powered on, if the Glue Layer configuration is not done while the PCIe Controller is off, it will result in the PCIe Controller latching onto the wrong "reset-values". In practice, this will show up as a wrong representation of the PCIe Controller's capability structures in the PCIe Configuration Space. Some such capabilities which are supported by the PCIe Controller in the Root-Complex mode but are incorrectly latched onto as being unsupported are: - Link Bandwidth Notification - Alternate Routing ID (ARI) Forwarding Support - Next capability offset within Advanced Error Reporting (AER) capability Fix this by powering off the PCIe Controller before programming the "strap" settings and powering it on after that. The runtime PM APIs namely pm_runtime_put_sync() and pm_runtime_get_sync() will decrement and increment the usage counter respectively, causing GENPD to power off and power on the PCIe Controller. Fixes: f3e25911a430 ("PCI: j721e: Add TI J721E PCIe driver") Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> Signed-off-by: Manivannan Sadhasivam <mani(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20250908120828.1471776-1-s-vadapalli@ti.com diff --git a/drivers/pci/controller/cadence/pci-j721e.c b/drivers/pci/controller/cadence/pci-j721e.c index cfca13a4c840..5a9ae33e2b93 100644 --- a/drivers/pci/controller/cadence/pci-j721e.c +++ b/drivers/pci/controller/cadence/pci-j721e.c @@ -284,6 +284,25 @@ static int j721e_pcie_ctrl_init(struct j721e_pcie *pcie) if (!ret) offset = args.args[0]; + /* + * The PCIe Controller's registers have different "reset-values" + * depending on the "strap" settings programmed into the PCIEn_CTRL + * register within the CTRL_MMR memory-mapped register space. + * The registers latch onto a "reset-value" based on the "strap" + * settings sampled after the PCIe Controller is powered on. + * To ensure that the "reset-values" are sampled accurately, power + * off the PCIe Controller before programming the "strap" settings + * and power it on after that. The runtime PM APIs namely + * pm_runtime_put_sync() and pm_runtime_get_sync() will decrement and + * increment the usage counter respectively, causing GENPD to power off + * and power on the PCIe Controller. + */ + ret = pm_runtime_put_sync(dev); + if (ret < 0) { + dev_err(dev, "Failed to power off PCIe Controller\n"); + return ret; + } + ret = j721e_pcie_set_mode(pcie, syscon, offset); if (ret < 0) { dev_err(dev, "Failed to set pci mode\n"); @@ -302,6 +321,12 @@ static int j721e_pcie_ctrl_init(struct j721e_pcie *pcie) return ret; } + ret = pm_runtime_get_sync(dev); + if (ret < 0) { + dev_err(dev, "Failed to power on PCIe Controller\n"); + return ret; + } + /* Enable ACSPCIE refclk output if the optional property exists */ syscon = syscon_regmap_lookup_by_phandle_optional(node, "ti,syscon-acspcie-proxy-ctrl");

1 week

2
2
0 0

FAILED: patch "[PATCH] PCI: j721e: Fix programming sequence of "strap" settings" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f842d3313ba179d4005096357289c7ad09cec575 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101615-busload-bright-ced9@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f842d3313ba179d4005096357289c7ad09cec575 Mon Sep 17 00:00:00 2001 From: Siddharth Vadapalli <s-vadapalli(a)ti.com> Date: Mon, 8 Sep 2025 17:38:27 +0530 Subject: [PATCH] PCI: j721e: Fix programming sequence of "strap" settings The Cadence PCIe Controller integrated in the TI K3 SoCs supports both Root-Complex and Endpoint modes of operation. The Glue Layer allows "strapping" the Mode of operation of the Controller, the Link Speed and the Link Width. This is enabled by programming the "PCIEn_CTRL" register (n corresponds to the PCIe instance) within the CTRL_MMR memory-mapped register space. The "reset-values" of the registers are also different depending on the mode of operation. Since the PCIe Controller latches onto the "reset-values" immediately after being powered on, if the Glue Layer configuration is not done while the PCIe Controller is off, it will result in the PCIe Controller latching onto the wrong "reset-values". In practice, this will show up as a wrong representation of the PCIe Controller's capability structures in the PCIe Configuration Space. Some such capabilities which are supported by the PCIe Controller in the Root-Complex mode but are incorrectly latched onto as being unsupported are: - Link Bandwidth Notification - Alternate Routing ID (ARI) Forwarding Support - Next capability offset within Advanced Error Reporting (AER) capability Fix this by powering off the PCIe Controller before programming the "strap" settings and powering it on after that. The runtime PM APIs namely pm_runtime_put_sync() and pm_runtime_get_sync() will decrement and increment the usage counter respectively, causing GENPD to power off and power on the PCIe Controller. Fixes: f3e25911a430 ("PCI: j721e: Add TI J721E PCIe driver") Signed-off-by: Siddharth Vadapalli <s-vadapalli(a)ti.com> Signed-off-by: Manivannan Sadhasivam <mani(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20250908120828.1471776-1-s-vadapalli@ti.com diff --git a/drivers/pci/controller/cadence/pci-j721e.c b/drivers/pci/controller/cadence/pci-j721e.c index cfca13a4c840..5a9ae33e2b93 100644 --- a/drivers/pci/controller/cadence/pci-j721e.c +++ b/drivers/pci/controller/cadence/pci-j721e.c @@ -284,6 +284,25 @@ static int j721e_pcie_ctrl_init(struct j721e_pcie *pcie) if (!ret) offset = args.args[0]; + /* + * The PCIe Controller's registers have different "reset-values" + * depending on the "strap" settings programmed into the PCIEn_CTRL + * register within the CTRL_MMR memory-mapped register space. + * The registers latch onto a "reset-value" based on the "strap" + * settings sampled after the PCIe Controller is powered on. + * To ensure that the "reset-values" are sampled accurately, power + * off the PCIe Controller before programming the "strap" settings + * and power it on after that. The runtime PM APIs namely + * pm_runtime_put_sync() and pm_runtime_get_sync() will decrement and + * increment the usage counter respectively, causing GENPD to power off + * and power on the PCIe Controller. + */ + ret = pm_runtime_put_sync(dev); + if (ret < 0) { + dev_err(dev, "Failed to power off PCIe Controller\n"); + return ret; + } + ret = j721e_pcie_set_mode(pcie, syscon, offset); if (ret < 0) { dev_err(dev, "Failed to set pci mode\n"); @@ -302,6 +321,12 @@ static int j721e_pcie_ctrl_init(struct j721e_pcie *pcie) return ret; } + ret = pm_runtime_get_sync(dev); + if (ret < 0) { + dev_err(dev, "Failed to power on PCIe Controller\n"); + return ret; + } + /* Enable ACSPCIE refclk output if the optional property exists */ syscon = syscon_regmap_lookup_by_phandle_optional(node, "ti,syscon-acspcie-proxy-ctrl");

1 week

2
2
0 0

FAILED: patch "[PATCH] arm64: mte: Do not flag the zero page as PG_mte_tagged" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f620d66af3165838bfa845dcf9f5f9b4089bf508 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101646-headroom-why-f582@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f620d66af3165838bfa845dcf9f5f9b4089bf508 Mon Sep 17 00:00:00 2001 From: Catalin Marinas <catalin.marinas(a)arm.com> Date: Wed, 24 Sep 2025 13:31:22 +0100 Subject: [PATCH] arm64: mte: Do not flag the zero page as PG_mte_tagged Commit 68d54ceeec0e ("arm64: mte: Allow PTRACE_PEEKMTETAGS access to the zero page") attempted to fix ptrace() reading of tags from the zero page by marking it as PG_mte_tagged during cpu_enable_mte(). The same commit also changed the ptrace() tag access permission check to the VM_MTE vma flag while turning the page flag test into a WARN_ON_ONCE(). Attempting to set the PG_mte_tagged flag early with CONFIG_DEFERRED_STRUCT_PAGE_INIT enabled may either hang (after commit d77e59a8fccd "arm64: mte: Lock a page for MTE tag initialisation") or have the flags cleared later during page_alloc_init_late(). In addition, pages_identical() -> memcmp_pages() will reject any comparison with the zero page as it is marked as tagged. Partially revert the above commit to avoid setting PG_mte_tagged on the zero page. Update the __access_remote_tags() warning on untagged pages to ignore the zero page since it is known to have the tags initialised. Note that all user mapping of the zero page are marked as pte_special(). The arm64 set_pte_at() will not call mte_sync_tags() on such pages, so PG_mte_tagged will remain cleared. Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> Fixes: 68d54ceeec0e ("arm64: mte: Allow PTRACE_PEEKMTETAGS access to the zero page") Reported-by: Gergely Kovacs <Gergely.Kovacs2(a)arm.com> Cc: stable(a)vger.kernel.org # 5.10.x Cc: Will Deacon <will(a)kernel.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: Lance Yang <lance.yang(a)linux.dev> Acked-by: Lance Yang <lance.yang(a)linux.dev> Reviewed-by: David Hildenbrand <david(a)redhat.com> Tested-by: Lance Yang <lance.yang(a)linux.dev> Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index ecb83ab0700e..7345987a50a0 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -2303,17 +2303,21 @@ static void bti_enable(const struct arm64_cpu_capabilities *__unused) #ifdef CONFIG_ARM64_MTE static void cpu_enable_mte(struct arm64_cpu_capabilities const *cap) { + static bool cleared_zero_page = false; + sysreg_clear_set(sctlr_el1, 0, SCTLR_ELx_ATA | SCTLR_EL1_ATA0); mte_cpu_setup(); /* * Clear the tags in the zero page. This needs to be done via the - * linear map which has the Tagged attribute. + * linear map which has the Tagged attribute. Since this page is + * always mapped as pte_special(), set_pte_at() will not attempt to + * clear the tags or set PG_mte_tagged. */ - if (try_page_mte_tagging(ZERO_PAGE(0))) { + if (!cleared_zero_page) { + cleared_zero_page = true; mte_clear_page_tags(lm_alias(empty_zero_page)); - set_page_mte_tagged(ZERO_PAGE(0)); } kasan_init_hw_tags_cpu(); diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c index e5e773844889..63aed49ac181 100644 --- a/arch/arm64/kernel/mte.c +++ b/arch/arm64/kernel/mte.c @@ -460,7 +460,7 @@ static int __access_remote_tags(struct mm_struct *mm, unsigned long addr, if (folio_test_hugetlb(folio)) WARN_ON_ONCE(!folio_test_hugetlb_mte_tagged(folio)); else - WARN_ON_ONCE(!page_mte_tagged(page)); + WARN_ON_ONCE(!page_mte_tagged(page) && !is_zero_page(page)); /* limit access to the end of the page */ offset = offset_in_page(addr);

1 week

2
1
0 0

[PATCH] media: videobuf2: forbid create_bufs/remove_bufs when legacy fileio is active

by Marek Szyprowski

create_bufs and remove_bufs ioctl calls manipulate queue internal buffer list, potentially overwriting some pointers used by the legacy fileio access mode. Simply forbid those calls when fileio is active to protect internal queue state between subsequent read/write calls. CC: stable(a)vger.kernel.org Fixes: 2d86401c2cbf ("[media] V4L: vb2: add support for buffers of different sizes on a single queue") Fixes: a3293a85381e ("media: v4l2: Add REMOVE_BUFS ioctl") Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- drivers/media/common/videobuf2/videobuf2-v4l2.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/drivers/media/common/videobuf2/videobuf2-v4l2.c b/drivers/media/common/videobuf2/videobuf2-v4l2.c index d911021c1bb0..f4104d5971dd 100644 --- a/drivers/media/common/videobuf2/videobuf2-v4l2.c +++ b/drivers/media/common/videobuf2/videobuf2-v4l2.c @@ -751,6 +751,11 @@ int vb2_create_bufs(struct vb2_queue *q, struct v4l2_create_buffers *create) int ret = vb2_verify_memory_type(q, create->memory, f->type); unsigned i; + if (vb2_fileio_is_active(q)) { + dprintk(q, 1, "file io in progress\n"); + return -EBUSY; + } + create->index = vb2_get_num_buffers(q); vb2_set_flags_and_caps(q, create->memory, &create->flags, &create->capabilities, &create->max_num_buffers); @@ -1010,6 +1015,11 @@ int vb2_ioctl_remove_bufs(struct file *file, void *priv, if (vb2_queue_is_busy(vdev->queue, file)) return -EBUSY; + if (vb2_fileio_is_active(vdev->queue)) { + dprintk(vdev->queue, 1, "file io in progress\n"); + return -EBUSY; + } + return vb2_core_remove_bufs(vdev->queue, d->index, d->count); } EXPORT_SYMBOL_GPL(vb2_ioctl_remove_bufs); -- 2.34.1

1 week

3
8
0 0

FAILED: patch "[PATCH] fuse: fix livelock in synchronous file put from fuseblk" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 26e5c67deb2e1f42a951f022fdf5b9f7eb747b01 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101629-privacy-morally-5172@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 26e5c67deb2e1f42a951f022fdf5b9f7eb747b01 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 15 Sep 2025 17:24:17 -0700 Subject: [PATCH] fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file, initiates a lot of AIO writes to that file descriptor, and closes the file descriptor before the writes complete. Unsurprisingly, the AIO exerciser threads are mostly stuck waiting for responses from the fuseblk server: # cat /proc/372265/task/372313/stack [<0>] request_wait_answer+0x1fe/0x2a0 [fuse] [<0>] __fuse_simple_request+0xd3/0x2b0 [fuse] [<0>] fuse_do_getattr+0xfc/0x1f0 [fuse] [<0>] fuse_file_read_iter+0xbe/0x1c0 [fuse] [<0>] aio_read+0x130/0x1e0 [<0>] io_submit_one+0x542/0x860 [<0>] __x64_sys_io_submit+0x98/0x1a0 [<0>] do_syscall_64+0x37/0xf0 [<0>] entry_SYSCALL_64_after_hwframe+0x4b/0x53 But the /weird/ part is that the fuseblk server threads are waiting for responses from itself: # cat /proc/372210/task/372232/stack [<0>] request_wait_answer+0x1fe/0x2a0 [fuse] [<0>] __fuse_simple_request+0xd3/0x2b0 [fuse] [<0>] fuse_file_put+0x9a/0xd0 [fuse] [<0>] fuse_release+0x36/0x50 [fuse] [<0>] __fput+0xec/0x2b0 [<0>] task_work_run+0x55/0x90 [<0>] syscall_exit_to_user_mode+0xe9/0x100 [<0>] do_syscall_64+0x43/0xf0 [<0>] entry_SYSCALL_64_after_hwframe+0x4b/0x53 The fuseblk server is fuse2fs so there's nothing all that exciting in the server itself. So why is the fuse server calling fuse_file_put? The commit message for the fstest sheds some light on that: "By closing the file descriptor before calling io_destroy, you pretty much guarantee that the last put on the ioctx will be done in interrupt context (during I/O completion). Aha. AIO fgets a new struct file from the fd when it queues the ioctx. The completion of the FUSE_WRITE command from userspace causes the fuse server to call the AIO completion function. The completion puts the struct file, queuing a delayed fput to the fuse server task. When the fuse server task returns to userspace, it has to run the delayed fput, which in the case of a fuseblk server, it does synchronously. Sending the FUSE_RELEASE command sychronously from fuse server threads is a bad idea because a client program can initiate enough simultaneous AIOs such that all the fuse server threads end up in delayed_fput, and now there aren't any threads left to handle the queued fuse commands. Fix this by only using asynchronous fputs when closing files, and leave a comment explaining why. Cc: stable(a)vger.kernel.org # v2.6.38 Fixes: 5a18ec176c934c ("fuse: fix hang of single threaded fuseblk filesystem") Signed-off-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Miklos Szeredi <mszeredi(a)redhat.com> diff --git a/fs/fuse/file.c b/fs/fuse/file.c index 54786f62a9d8..f1ef77a0be05 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -356,8 +356,14 @@ void fuse_file_release(struct inode *inode, struct fuse_file *ff, * Make the release synchronous if this is a fuseblk mount, * synchronous RELEASE is allowed (and desirable) in this case * because the server can be trusted not to screw up. + * + * Always use the asynchronous file put because the current thread + * might be the fuse server. This can happen if a process starts some + * aio and closes the fd before the aio completes. Since aio takes its + * own ref to the file, the IO completion has to drop the ref, which is + * how the fuse server can end up closing its clients' files. */ - fuse_file_put(ff, ff->fm->fc->destroy); + fuse_file_put(ff, false); } void fuse_release_common(struct file *file, bool isdir)

1 week

2
2
0 0

FAILED: patch "[PATCH] fuse: fix livelock in synchronous file put from fuseblk" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 26e5c67deb2e1f42a951f022fdf5b9f7eb747b01 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101628-exclude-hamstring-8d43@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 26e5c67deb2e1f42a951f022fdf5b9f7eb747b01 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Mon, 15 Sep 2025 17:24:17 -0700 Subject: [PATCH] fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file, initiates a lot of AIO writes to that file descriptor, and closes the file descriptor before the writes complete. Unsurprisingly, the AIO exerciser threads are mostly stuck waiting for responses from the fuseblk server: # cat /proc/372265/task/372313/stack [<0>] request_wait_answer+0x1fe/0x2a0 [fuse] [<0>] __fuse_simple_request+0xd3/0x2b0 [fuse] [<0>] fuse_do_getattr+0xfc/0x1f0 [fuse] [<0>] fuse_file_read_iter+0xbe/0x1c0 [fuse] [<0>] aio_read+0x130/0x1e0 [<0>] io_submit_one+0x542/0x860 [<0>] __x64_sys_io_submit+0x98/0x1a0 [<0>] do_syscall_64+0x37/0xf0 [<0>] entry_SYSCALL_64_after_hwframe+0x4b/0x53 But the /weird/ part is that the fuseblk server threads are waiting for responses from itself: # cat /proc/372210/task/372232/stack [<0>] request_wait_answer+0x1fe/0x2a0 [fuse] [<0>] __fuse_simple_request+0xd3/0x2b0 [fuse] [<0>] fuse_file_put+0x9a/0xd0 [fuse] [<0>] fuse_release+0x36/0x50 [fuse] [<0>] __fput+0xec/0x2b0 [<0>] task_work_run+0x55/0x90 [<0>] syscall_exit_to_user_mode+0xe9/0x100 [<0>] do_syscall_64+0x43/0xf0 [<0>] entry_SYSCALL_64_after_hwframe+0x4b/0x53 The fuseblk server is fuse2fs so there's nothing all that exciting in the server itself. So why is the fuse server calling fuse_file_put? The commit message for the fstest sheds some light on that: "By closing the file descriptor before calling io_destroy, you pretty much guarantee that the last put on the ioctx will be done in interrupt context (during I/O completion). Aha. AIO fgets a new struct file from the fd when it queues the ioctx. The completion of the FUSE_WRITE command from userspace causes the fuse server to call the AIO completion function. The completion puts the struct file, queuing a delayed fput to the fuse server task. When the fuse server task returns to userspace, it has to run the delayed fput, which in the case of a fuseblk server, it does synchronously. Sending the FUSE_RELEASE command sychronously from fuse server threads is a bad idea because a client program can initiate enough simultaneous AIOs such that all the fuse server threads end up in delayed_fput, and now there aren't any threads left to handle the queued fuse commands. Fix this by only using asynchronous fputs when closing files, and leave a comment explaining why. Cc: stable(a)vger.kernel.org # v2.6.38 Fixes: 5a18ec176c934c ("fuse: fix hang of single threaded fuseblk filesystem") Signed-off-by: Darrick J. Wong <djwong(a)kernel.org> Signed-off-by: Miklos Szeredi <mszeredi(a)redhat.com> diff --git a/fs/fuse/file.c b/fs/fuse/file.c index 54786f62a9d8..f1ef77a0be05 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -356,8 +356,14 @@ void fuse_file_release(struct inode *inode, struct fuse_file *ff, * Make the release synchronous if this is a fuseblk mount, * synchronous RELEASE is allowed (and desirable) in this case * because the server can be trusted not to screw up. + * + * Always use the asynchronous file put because the current thread + * might be the fuse server. This can happen if a process starts some + * aio and closes the fd before the aio completes. Since aio takes its + * own ref to the file, the IO completion has to drop the ref, which is + * how the fuse server can end up closing its clients' files. */ - fuse_file_put(ff, ff->fm->fc->destroy); + fuse_file_put(ff, false); } void fuse_release_common(struct file *file, bool isdir)

1 week

2
2
0 0

[PATCH 5.10.y 0/3] v5.10: fix build with GCC 15

by Matthieu Baerts (NGI0)

This kernel version doesn't build with GCC 15: In file included from include/uapi/linux/posix_types.h:5, from include/uapi/linux/types.h:14, from include/linux/types.h:6, from arch/x86/realmode/rm/wakeup.h:11, from arch/x86/realmode/rm/wakemain.c:2: include/linux/stddef.h:11:9: error: cannot use keyword 'false' as enumeration constant 11 | false = 0, | ^~~~~ include/linux/stddef.h:11:9: note: 'false' is a keyword with '-std=c23' onwards include/linux/types.h:30:33: error: 'bool' cannot be defined via 'typedef' 30 | typedef _Bool bool; | ^~~~ include/linux/types.h:30:33: note: 'bool' is a keyword with '-std=c23' onwards include/linux/types.h:30:1: warning: useless type name in empty declaration 30 | typedef _Bool bool; | ^~~~~~~ I initially fixed this by adding -std=gnu11 in arch/x86/Makefile, then I realised this fix was already done in an upstream commit, created before the GCC 15 release and not mentioning the error I had. This is the first patch. When I was investigating my error, I noticed other commits were already backported to stable versions. They were all adding -std=gnu11 in different Makefiles. In their commit message, they were mentioning 'gnu11' was picked to use the same as the one from the main Makefile. But this is not the case in this kernel version. Patch 2 fixes that. Finally, I noticed an extra warning that I didn't have in v5.15. Patch 3 fixes that. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Alexey Dobriyan (1): x86/boot: Compile boot code with -std=gnu11 too Matthieu Baerts (NGI0) (2): arch: back to -std=gnu89 in < v5.18 tracing: fix declaration-after-statement warning arch/parisc/boot/compressed/Makefile | 2 +- arch/s390/Makefile | 2 +- arch/s390/purgatory/Makefile | 2 +- arch/x86/Makefile | 2 +- arch/x86/boot/compressed/Makefile | 2 +- drivers/firmware/efi/libstub/Makefile | 2 +- kernel/trace/trace_events_synth.c | 3 ++- 7 files changed, 8 insertions(+), 7 deletions(-) --- base-commit: a32db271d59d9f35f3a937ac27fcc2db1e029cdc change-id: 20251017-v5-10-gcc-15-ad2510f784f7 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 week

3
5
0 0

[PATCH 5.4.y 0/5] v5.4: fix build with GCC 15

by Matthieu Baerts (NGI0)

Two backports linked to build issues with GCC 15 have failed in this version: - ee2ab467bddf ("x86/boot: Use '-std=gnu11' to fix build with GCC 15") - 8ba14d9f490a ("efi: libstub: Use '-std=gnu11' to fix build with GCC 15") Conflicts have been solved, and described. After that, this kernel version still didn't build with GCC 15: In file included from include/uapi/linux/posix_types.h:5, from include/uapi/linux/types.h:14, from include/linux/types.h:6, from arch/x86/realmode/rm/wakeup.h:11, from arch/x86/realmode/rm/wakemain.c:2: include/linux/stddef.h:11:9: error: cannot use keyword 'false' as enumeration constant 11 | false = 0, | ^~~~~ include/linux/stddef.h:11:9: note: 'false' is a keyword with '-std=c23' onwards include/linux/types.h:30:33: error: 'bool' cannot be defined via 'typedef' 30 | typedef _Bool bool; | ^~~~ include/linux/types.h:30:33: note: 'bool' is a keyword with '-std=c23' onwards include/linux/types.h:30:1: warning: useless type name in empty declaration 30 | typedef _Bool bool; | ^~~~~~~ I initially fixed this by adding -std=gnu11 in arch/x86/Makefile, then I realised this fix was already done in an upstream commit, created before the GCC 15 release and not mentioning the error I had. This is patch 3. When I was investigating my error, I noticed other commits were already backported to stable versions. They were all adding -std=gnu11 in different Makefiles. In their commit message, they were mentioning 'gnu11' was picked to use the same as the one from the main Makefile. But this is not the case in this kernel version. Patch 4 fixes that. Finally, I noticed extra warnings I didn't have in v5.10. Patch 5 fixes that. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Alexey Dobriyan (1): x86/boot: Compile boot code with -std=gnu11 too Matthieu Baerts (NGI0) (1): arch: back to -std=gnu89 in < v5.18 Nathan Chancellor (3): x86/boot: Use '-std=gnu11' to fix build with GCC 15 efi: libstub: Use '-std=gnu11' to fix build with GCC 15 kernel/profile.c: use cpumask_available to check for NULL cpumask arch/parisc/boot/compressed/Makefile | 2 +- arch/s390/Makefile | 2 +- arch/s390/purgatory/Makefile | 2 +- arch/x86/Makefile | 2 +- arch/x86/boot/compressed/Makefile | 1 + drivers/firmware/efi/libstub/Makefile | 2 +- kernel/profile.c | 6 +++--- 7 files changed, 9 insertions(+), 8 deletions(-) --- base-commit: cda7d335d88aa30485536aee3027540f41bf4f10 change-id: 20251017-v5-4-gcc-15-2d2ccb30432c Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 week

3
7
0 0

[PATCH 5.15.y 0/3] v5.15: fix build with GCC 15

by Matthieu Baerts (NGI0)

This kernel version doesn't build with GCC 15: In file included from include/uapi/linux/posix_types.h:5, from include/uapi/linux/types.h:14, from include/linux/types.h:6, from arch/x86/realmode/rm/wakeup.h:11, from arch/x86/realmode/rm/wakemain.c:2: include/linux/stddef.h:11:9: error: cannot use keyword 'false' as enumeration constant 11 | false = 0, | ^~~~~ include/linux/stddef.h:11:9: note: 'false' is a keyword with '-std=c23' onwards include/linux/types.h:30:33: error: 'bool' cannot be defined via 'typedef' 30 | typedef _Bool bool; | ^~~~ include/linux/types.h:30:33: note: 'bool' is a keyword with '-std=c23' onwards include/linux/types.h:30:1: warning: useless type name in empty declaration 30 | typedef _Bool bool; | ^~~~~~~ I initially fixed this by adding -std=gnu11 in arch/x86/Makefile, then I realised this fix was already done in an upstream commit, created before the GCC 15 release and not mentioning the error I had. This is the first patch. When I was investigating my error, I noticed other commits were already backported to v5.15. They were all adding -std=gnu11 in different Makefiles. In their commit message, they were mentioning 'gnu11' was picked to use the same as the one from the main Makefile. But this is not the case in this kernel version. Patch 2 fixes that. Finally, I noticed the documentation was not correct in this kernel version: this is because a commit was backported to v5.15 while it was not supposed to. Patch 3 fixes that. Signed-off-by: Matthieu Baerts (NGI0) <matttbe(a)kernel.org> --- Alexey Dobriyan (1): x86/boot: Compile boot code with -std=gnu11 too Matthieu Baerts (NGI0) (2): arch: back to -std=gnu89 in < v5.18 Revert "docs/process/howto: Replace C89 with C11" Documentation/process/howto.rst | 2 +- Documentation/translations/it_IT/process/howto.rst | 2 +- Documentation/translations/ja_JP/howto.rst | 2 +- Documentation/translations/ko_KR/howto.rst | 2 +- Documentation/translations/zh_CN/process/howto.rst | 2 +- Documentation/translations/zh_TW/process/howto.rst | 2 +- arch/parisc/boot/compressed/Makefile | 2 +- arch/s390/Makefile | 2 +- arch/s390/purgatory/Makefile | 2 +- arch/x86/Makefile | 2 +- arch/x86/boot/compressed/Makefile | 2 +- drivers/firmware/efi/libstub/Makefile | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) --- base-commit: 06cf22cc87e00b878c310d5441981b7750f04078 change-id: 20251017-v5-15-gcc-15-5ceda8ebe577 Best regards, -- Matthieu Baerts (NGI0) <matttbe(a)kernel.org>

1 week

3
5
0 0

FAILED: patch "[PATCH] xfs: use deferred intent items for reaping crosslinked blocks" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x cd32a0c0dcdf634f2e0e71f41c272e19dece6264 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101603-baggage-humming-330b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cd32a0c0dcdf634f2e0e71f41c272e19dece6264 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" <djwong(a)kernel.org> Date: Tue, 8 Apr 2025 16:14:32 -0700 Subject: [PATCH] xfs: use deferred intent items for reaping crosslinked blocks When we're removing rmap records for crosslinked blocks, use deferred intent items so that we can try to free/unmap as many of the old data structure's blocks as we can in the same transaction as the commit. Cc: <stable(a)vger.kernel.org> # v6.6 Fixes: 1c7ce115e52106 ("xfs: reap large AG metadata extents when possible") Signed-off-by: "Darrick J. Wong" <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> diff --git a/fs/xfs/scrub/reap.c b/fs/xfs/scrub/reap.c index 8703897c0a9c..86d3d104b8d9 100644 --- a/fs/xfs/scrub/reap.c +++ b/fs/xfs/scrub/reap.c @@ -416,8 +416,6 @@ xreap_agextent_iter( trace_xreap_dispose_unmap_extent(pag_group(sc->sa.pag), agbno, *aglenp); - rs->force_roll = true; - if (rs->oinfo == &XFS_RMAP_OINFO_COW) { /* * If we're unmapping CoW staging extents, remove the @@ -426,11 +424,14 @@ xreap_agextent_iter( */ xfs_refcount_free_cow_extent(sc->tp, false, fsbno, *aglenp); + rs->force_roll = true; return 0; } - return xfs_rmap_free(sc->tp, sc->sa.agf_bp, sc->sa.pag, agbno, - *aglenp, rs->oinfo); + xfs_rmap_free_extent(sc->tp, false, fsbno, *aglenp, + rs->oinfo->oi_owner); + rs->deferred++; + return 0; } trace_xreap_dispose_free_extent(pag_group(sc->sa.pag), agbno, *aglenp);

1 week

2
1
0 0

[PATCH] HID: amd_sfh: Stop sensor before starting

by Mario Limonciello (AMD)

Titas reports that the accelerometer sensor on their laptop only works after a warm boot or unloading/reloading the amd-sfh kernel module. Presumably the sensor is in a bad state on cold boot and failing to start, so explicitly stop it before starting. Cc: stable(a)vger.kernel.org Fixes: 93ce5e0231d79 ("HID: amd_sfh: Implement SFH1.1 functionality") Reported-by: Titas <novatitas366(a)gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220670 Tested-by: Titas <novatitas366(a)gmail.com> Signed-off-by: Mario Limonciello (AMD) <superm1(a)kernel.org> --- drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c b/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c index 0a9b44ce4904e..b0bab2a1ddcc5 100644 --- a/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c +++ b/drivers/hid/amd-sfh-hid/sfh1_1/amd_sfh_init.c @@ -194,6 +194,8 @@ static int amd_sfh1_1_hid_client_init(struct amd_mp2_dev *privdata) if (rc) goto cleanup; + mp2_ops->stop(privdata, cl_data->sensor_idx[i]); + amd_sfh_wait_for_response(privdata, cl_data->sensor_idx[i], DISABLE_SENSOR); writel(0, privdata->mmio + amd_get_p2c_val(privdata, 0)); mp2_ops->start(privdata, info); status = amd_sfh_wait_for_response -- 2.43.0

1 week

1
0
0 0

FAILED: patch "[PATCH] wifi: rtw89: avoid possible TX wait initialization race" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x c24248ed78f33ea299ea61d105355ba47157d49f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101643-jolt-creole-6a13@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c24248ed78f33ea299ea61d105355ba47157d49f Mon Sep 17 00:00:00 2001 From: Fedor Pchelkin <pchelkin(a)ispras.ru> Date: Sat, 20 Sep 2025 00:08:48 +0300 Subject: [PATCH] wifi: rtw89: avoid possible TX wait initialization race The value of skb_data->wait indicates whether skb is passed on to the core mac80211 stack or released by the driver itself. Make sure that by the time skb is added to txwd queue and becomes visible to the completing side, it has already allocated and initialized TX wait related data (in case it's needed). This is found by code review and addresses a possible race scenario described below: Waiting thread Completing thread rtw89_core_send_nullfunc() rtw89_core_tx_write_link() ... rtw89_pci_txwd_submit() skb_data->wait = NULL /* add skb to the queue */ skb_queue_tail(&txwd->queue, skb) /* another thread (e.g. rtw89_ops_tx) performs TX kick off for the same queue */ rtw89_pci_napi_poll() ... rtw89_pci_release_txwd_skb() /* get skb from the queue */ skb_unlink(skb, &txwd->queue) rtw89_pci_tx_status() rtw89_core_tx_wait_complete() /* use incorrect skb_data->wait */ rtw89_core_tx_kick_off_and_wait() /* assign skb_data->wait but too late */ Found by Linux Verification Center (linuxtesting.org). Fixes: 1ae5ca615285 ("wifi: rtw89: add function to wait for completion of TX skbs") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> Acked-by: Ping-Ke Shih <pkshih(a)realtek.com> Signed-off-by: Ping-Ke Shih <pkshih(a)realtek.com> Link: https://patch.msgid.link/20250919210852.823912-3-pchelkin@ispras.ru diff --git a/drivers/net/wireless/realtek/rtw89/core.c b/drivers/net/wireless/realtek/rtw89/core.c index ec467ae0e9e6..1f44c7fc1c5e 100644 --- a/drivers/net/wireless/realtek/rtw89/core.c +++ b/drivers/net/wireless/realtek/rtw89/core.c @@ -1153,25 +1153,14 @@ void rtw89_core_tx_kick_off(struct rtw89_dev *rtwdev, u8 qsel) } int rtw89_core_tx_kick_off_and_wait(struct rtw89_dev *rtwdev, struct sk_buff *skb, - int qsel, unsigned int timeout) + struct rtw89_tx_wait_info *wait, int qsel, + unsigned int timeout) { - struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb); - struct rtw89_tx_wait_info *wait; unsigned long time_left; int ret = 0; lockdep_assert_wiphy(rtwdev->hw->wiphy); - wait = kzalloc(sizeof(*wait), GFP_KERNEL); - if (!wait) { - rtw89_core_tx_kick_off(rtwdev, qsel); - return 0; - } - - init_completion(&wait->completion); - wait->skb = skb; - rcu_assign_pointer(skb_data->wait, wait); - rtw89_core_tx_kick_off(rtwdev, qsel); time_left = wait_for_completion_timeout(&wait->completion, msecs_to_jiffies(timeout)); @@ -1234,10 +1223,12 @@ int rtw89_h2c_tx(struct rtw89_dev *rtwdev, static int rtw89_core_tx_write_link(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rtwvif_link, struct rtw89_sta_link *rtwsta_link, - struct sk_buff *skb, int *qsel, bool sw_mld) + struct sk_buff *skb, int *qsel, bool sw_mld, + struct rtw89_tx_wait_info *wait) { struct ieee80211_sta *sta = rtwsta_link_to_sta_safe(rtwsta_link); struct ieee80211_vif *vif = rtwvif_link_to_vif(rtwvif_link); + struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb); struct rtw89_vif *rtwvif = rtwvif_link->rtwvif; struct rtw89_core_tx_request tx_req = {}; int ret; @@ -1254,6 +1245,8 @@ static int rtw89_core_tx_write_link(struct rtw89_dev *rtwdev, rtw89_core_tx_update_desc_info(rtwdev, &tx_req); rtw89_core_tx_wake(rtwdev, &tx_req); + rcu_assign_pointer(skb_data->wait, wait); + ret = rtw89_hci_tx_write(rtwdev, &tx_req); if (ret) { rtw89_err(rtwdev, "failed to transmit skb to HCI\n"); @@ -1290,7 +1283,8 @@ int rtw89_core_tx_write(struct rtw89_dev *rtwdev, struct ieee80211_vif *vif, } } - return rtw89_core_tx_write_link(rtwdev, rtwvif_link, rtwsta_link, skb, qsel, false); + return rtw89_core_tx_write_link(rtwdev, rtwvif_link, rtwsta_link, skb, qsel, false, + NULL); } static __le32 rtw89_build_txwd_body0(struct rtw89_tx_desc_info *desc_info) @@ -3928,6 +3922,7 @@ int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rt struct ieee80211_vif *vif = rtwvif_link_to_vif(rtwvif_link); int link_id = ieee80211_vif_is_mld(vif) ? rtwvif_link->link_id : -1; struct rtw89_sta_link *rtwsta_link; + struct rtw89_tx_wait_info *wait; struct ieee80211_sta *sta; struct ieee80211_hdr *hdr; struct rtw89_sta *rtwsta; @@ -3937,6 +3932,12 @@ int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rt if (vif->type != NL80211_IFTYPE_STATION || !vif->cfg.assoc) return 0; + wait = kzalloc(sizeof(*wait), GFP_KERNEL); + if (!wait) + return -ENOMEM; + + init_completion(&wait->completion); + rcu_read_lock(); sta = ieee80211_find_sta(vif, vif->cfg.ap_addr); if (!sta) { @@ -3951,6 +3952,8 @@ int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rt goto out; } + wait->skb = skb; + hdr = (struct ieee80211_hdr *)skb->data; if (ps) hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM); @@ -3961,7 +3964,8 @@ int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rt goto out; } - ret = rtw89_core_tx_write_link(rtwdev, rtwvif_link, rtwsta_link, skb, &qsel, true); + ret = rtw89_core_tx_write_link(rtwdev, rtwvif_link, rtwsta_link, skb, &qsel, true, + wait); if (ret) { rtw89_warn(rtwdev, "nullfunc transmit failed: %d\n", ret); dev_kfree_skb_any(skb); @@ -3970,10 +3974,11 @@ int rtw89_core_send_nullfunc(struct rtw89_dev *rtwdev, struct rtw89_vif_link *rt rcu_read_unlock(); - return rtw89_core_tx_kick_off_and_wait(rtwdev, skb, qsel, + return rtw89_core_tx_kick_off_and_wait(rtwdev, skb, wait, qsel, timeout); out: rcu_read_unlock(); + kfree(wait); return ret; } diff --git a/drivers/net/wireless/realtek/rtw89/core.h b/drivers/net/wireless/realtek/rtw89/core.h index d15fa70eb4dc..928c8c84c964 100644 --- a/drivers/net/wireless/realtek/rtw89/core.h +++ b/drivers/net/wireless/realtek/rtw89/core.h @@ -7476,7 +7476,8 @@ int rtw89_h2c_tx(struct rtw89_dev *rtwdev, struct sk_buff *skb, bool fwdl); void rtw89_core_tx_kick_off(struct rtw89_dev *rtwdev, u8 qsel); int rtw89_core_tx_kick_off_and_wait(struct rtw89_dev *rtwdev, struct sk_buff *skb, - int qsel, unsigned int timeout); + struct rtw89_tx_wait_info *wait, int qsel, + unsigned int timeout); void rtw89_core_fill_txdesc(struct rtw89_dev *rtwdev, struct rtw89_tx_desc_info *desc_info, void *txdesc); diff --git a/drivers/net/wireless/realtek/rtw89/pci.c b/drivers/net/wireless/realtek/rtw89/pci.c index 8dd91d867ea6..0ee5f8579447 100644 --- a/drivers/net/wireless/realtek/rtw89/pci.c +++ b/drivers/net/wireless/realtek/rtw89/pci.c @@ -1494,7 +1494,6 @@ static int rtw89_pci_txwd_submit(struct rtw89_dev *rtwdev, struct pci_dev *pdev = rtwpci->pdev; struct sk_buff *skb = tx_req->skb; struct rtw89_pci_tx_data *tx_data = RTW89_PCI_TX_SKB_CB(skb); - struct rtw89_tx_skb_data *skb_data = RTW89_TX_SKB_CB(skb); bool en_wd_info = desc_info->en_wd_info; u32 txwd_len; u32 txwp_len; @@ -1510,7 +1509,6 @@ static int rtw89_pci_txwd_submit(struct rtw89_dev *rtwdev, } tx_data->dma = dma; - rcu_assign_pointer(skb_data->wait, NULL); txwp_len = sizeof(*txwp_info); txwd_len = chip->txwd_body_size;

1 week

2
1
0 0

FAILED: patch "[PATCH] padata: Reset next CPU when reorder sequence wraps around" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 501302d5cee0d8e8ec2c4a5919c37e0df9abc99b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101651-kerosene-quartered-684e@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 501302d5cee0d8e8ec2c4a5919c37e0df9abc99b Mon Sep 17 00:00:00 2001 From: Xiao Liang <shaw.leon(a)gmail.com> Date: Sun, 17 Aug 2025 00:30:15 +0800 Subject: [PATCH] padata: Reset next CPU when reorder sequence wraps around When seq_nr wraps around, the next reorder job with seq 0 is hashed to the first CPU in padata_do_serial(). Correspondingly, need reset pd->cpu to the first one when pd->processed wraps around. Otherwise, if the number of used CPUs is not a power of 2, padata_find_next() will be checking a wrong list, hence deadlock. Fixes: 6fc4dbcf0276 ("padata: Replace delayed timer with immediate workqueue in padata_reorder") Cc: <stable(a)vger.kernel.org> Signed-off-by: Xiao Liang <shaw.leon(a)gmail.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/kernel/padata.c b/kernel/padata.c index f85f8bd788d0..833740d75483 100644 --- a/kernel/padata.c +++ b/kernel/padata.c @@ -291,8 +291,12 @@ static void padata_reorder(struct padata_priv *padata) struct padata_serial_queue *squeue; int cb_cpu; - cpu = cpumask_next_wrap(cpu, pd->cpumask.pcpu); processed++; + /* When sequence wraps around, reset to the first CPU. */ + if (unlikely(processed == 0)) + cpu = cpumask_first(pd->cpumask.pcpu); + else + cpu = cpumask_next_wrap(cpu, pd->cpumask.pcpu); cb_cpu = padata->cb_cpu; squeue = per_cpu_ptr(pd->squeue, cb_cpu);

1 week

2
1
0 0

FAILED: patch "[PATCH] padata: Reset next CPU when reorder sequence wraps around" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 501302d5cee0d8e8ec2c4a5919c37e0df9abc99b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101651-sizing-subfloor-8c1d@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 501302d5cee0d8e8ec2c4a5919c37e0df9abc99b Mon Sep 17 00:00:00 2001 From: Xiao Liang <shaw.leon(a)gmail.com> Date: Sun, 17 Aug 2025 00:30:15 +0800 Subject: [PATCH] padata: Reset next CPU when reorder sequence wraps around When seq_nr wraps around, the next reorder job with seq 0 is hashed to the first CPU in padata_do_serial(). Correspondingly, need reset pd->cpu to the first one when pd->processed wraps around. Otherwise, if the number of used CPUs is not a power of 2, padata_find_next() will be checking a wrong list, hence deadlock. Fixes: 6fc4dbcf0276 ("padata: Replace delayed timer with immediate workqueue in padata_reorder") Cc: <stable(a)vger.kernel.org> Signed-off-by: Xiao Liang <shaw.leon(a)gmail.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/kernel/padata.c b/kernel/padata.c index f85f8bd788d0..833740d75483 100644 --- a/kernel/padata.c +++ b/kernel/padata.c @@ -291,8 +291,12 @@ static void padata_reorder(struct padata_priv *padata) struct padata_serial_queue *squeue; int cb_cpu; - cpu = cpumask_next_wrap(cpu, pd->cpumask.pcpu); processed++; + /* When sequence wraps around, reset to the first CPU. */ + if (unlikely(processed == 0)) + cpu = cpumask_first(pd->cpumask.pcpu); + else + cpu = cpumask_next_wrap(cpu, pd->cpumask.pcpu); cb_cpu = padata->cb_cpu; squeue = per_cpu_ptr(pd->squeue, cb_cpu);

1 week

2
1
0 0

FAILED: patch "[PATCH] padata: Reset next CPU when reorder sequence wraps around" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 501302d5cee0d8e8ec2c4a5919c37e0df9abc99b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101651-unlimited-rippling-daa6@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 501302d5cee0d8e8ec2c4a5919c37e0df9abc99b Mon Sep 17 00:00:00 2001 From: Xiao Liang <shaw.leon(a)gmail.com> Date: Sun, 17 Aug 2025 00:30:15 +0800 Subject: [PATCH] padata: Reset next CPU when reorder sequence wraps around When seq_nr wraps around, the next reorder job with seq 0 is hashed to the first CPU in padata_do_serial(). Correspondingly, need reset pd->cpu to the first one when pd->processed wraps around. Otherwise, if the number of used CPUs is not a power of 2, padata_find_next() will be checking a wrong list, hence deadlock. Fixes: 6fc4dbcf0276 ("padata: Replace delayed timer with immediate workqueue in padata_reorder") Cc: <stable(a)vger.kernel.org> Signed-off-by: Xiao Liang <shaw.leon(a)gmail.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/kernel/padata.c b/kernel/padata.c index f85f8bd788d0..833740d75483 100644 --- a/kernel/padata.c +++ b/kernel/padata.c @@ -291,8 +291,12 @@ static void padata_reorder(struct padata_priv *padata) struct padata_serial_queue *squeue; int cb_cpu; - cpu = cpumask_next_wrap(cpu, pd->cpumask.pcpu); processed++; + /* When sequence wraps around, reset to the first CPU. */ + if (unlikely(processed == 0)) + cpu = cpumask_first(pd->cpumask.pcpu); + else + cpu = cpumask_next_wrap(cpu, pd->cpumask.pcpu); cb_cpu = padata->cb_cpu; squeue = per_cpu_ptr(pd->squeue, cb_cpu);

1 week

2
1
0 0

FAILED: patch "[PATCH] padata: Reset next CPU when reorder sequence wraps around" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 501302d5cee0d8e8ec2c4a5919c37e0df9abc99b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101650-dreamless-dry-49d5@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 501302d5cee0d8e8ec2c4a5919c37e0df9abc99b Mon Sep 17 00:00:00 2001 From: Xiao Liang <shaw.leon(a)gmail.com> Date: Sun, 17 Aug 2025 00:30:15 +0800 Subject: [PATCH] padata: Reset next CPU when reorder sequence wraps around When seq_nr wraps around, the next reorder job with seq 0 is hashed to the first CPU in padata_do_serial(). Correspondingly, need reset pd->cpu to the first one when pd->processed wraps around. Otherwise, if the number of used CPUs is not a power of 2, padata_find_next() will be checking a wrong list, hence deadlock. Fixes: 6fc4dbcf0276 ("padata: Replace delayed timer with immediate workqueue in padata_reorder") Cc: <stable(a)vger.kernel.org> Signed-off-by: Xiao Liang <shaw.leon(a)gmail.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/kernel/padata.c b/kernel/padata.c index f85f8bd788d0..833740d75483 100644 --- a/kernel/padata.c +++ b/kernel/padata.c @@ -291,8 +291,12 @@ static void padata_reorder(struct padata_priv *padata) struct padata_serial_queue *squeue; int cb_cpu; - cpu = cpumask_next_wrap(cpu, pd->cpumask.pcpu); processed++; + /* When sequence wraps around, reset to the first CPU. */ + if (unlikely(processed == 0)) + cpu = cpumask_first(pd->cpumask.pcpu); + else + cpu = cpumask_next_wrap(cpu, pd->cpumask.pcpu); cb_cpu = padata->cb_cpu; squeue = per_cpu_ptr(pd->squeue, cb_cpu);

1 week

2
1
0 0

FAILED: patch "[PATCH] padata: Reset next CPU when reorder sequence wraps around" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 501302d5cee0d8e8ec2c4a5919c37e0df9abc99b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101650-feline-ellipse-6256@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 501302d5cee0d8e8ec2c4a5919c37e0df9abc99b Mon Sep 17 00:00:00 2001 From: Xiao Liang <shaw.leon(a)gmail.com> Date: Sun, 17 Aug 2025 00:30:15 +0800 Subject: [PATCH] padata: Reset next CPU when reorder sequence wraps around When seq_nr wraps around, the next reorder job with seq 0 is hashed to the first CPU in padata_do_serial(). Correspondingly, need reset pd->cpu to the first one when pd->processed wraps around. Otherwise, if the number of used CPUs is not a power of 2, padata_find_next() will be checking a wrong list, hence deadlock. Fixes: 6fc4dbcf0276 ("padata: Replace delayed timer with immediate workqueue in padata_reorder") Cc: <stable(a)vger.kernel.org> Signed-off-by: Xiao Liang <shaw.leon(a)gmail.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/kernel/padata.c b/kernel/padata.c index f85f8bd788d0..833740d75483 100644 --- a/kernel/padata.c +++ b/kernel/padata.c @@ -291,8 +291,12 @@ static void padata_reorder(struct padata_priv *padata) struct padata_serial_queue *squeue; int cb_cpu; - cpu = cpumask_next_wrap(cpu, pd->cpumask.pcpu); processed++; + /* When sequence wraps around, reset to the first CPU. */ + if (unlikely(processed == 0)) + cpu = cpumask_first(pd->cpumask.pcpu); + else + cpu = cpumask_next_wrap(cpu, pd->cpumask.pcpu); cb_cpu = padata->cb_cpu; squeue = per_cpu_ptr(pd->squeue, cb_cpu);

1 week

2
1
0 0

FAILED: patch "[PATCH] padata: Reset next CPU when reorder sequence wraps around" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 501302d5cee0d8e8ec2c4a5919c37e0df9abc99b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101649-sector-ruined-1f7a@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 501302d5cee0d8e8ec2c4a5919c37e0df9abc99b Mon Sep 17 00:00:00 2001 From: Xiao Liang <shaw.leon(a)gmail.com> Date: Sun, 17 Aug 2025 00:30:15 +0800 Subject: [PATCH] padata: Reset next CPU when reorder sequence wraps around When seq_nr wraps around, the next reorder job with seq 0 is hashed to the first CPU in padata_do_serial(). Correspondingly, need reset pd->cpu to the first one when pd->processed wraps around. Otherwise, if the number of used CPUs is not a power of 2, padata_find_next() will be checking a wrong list, hence deadlock. Fixes: 6fc4dbcf0276 ("padata: Replace delayed timer with immediate workqueue in padata_reorder") Cc: <stable(a)vger.kernel.org> Signed-off-by: Xiao Liang <shaw.leon(a)gmail.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/kernel/padata.c b/kernel/padata.c index f85f8bd788d0..833740d75483 100644 --- a/kernel/padata.c +++ b/kernel/padata.c @@ -291,8 +291,12 @@ static void padata_reorder(struct padata_priv *padata) struct padata_serial_queue *squeue; int cb_cpu; - cpu = cpumask_next_wrap(cpu, pd->cpumask.pcpu); processed++; + /* When sequence wraps around, reset to the first CPU. */ + if (unlikely(processed == 0)) + cpu = cpumask_first(pd->cpumask.pcpu); + else + cpu = cpumask_next_wrap(cpu, pd->cpumask.pcpu); cb_cpu = padata->cb_cpu; squeue = per_cpu_ptr(pd->squeue, cb_cpu);

1 week

2
1
0 0

[PATCH can] can: netlink: can_changelink(): allow disabling of automatic restart

by Marc Kleine-Budde

Since the commit c1f3f9797c1f ("can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode"), the automatic restart delay can only be set for devices that implement the restart handler struct can_priv::do_set_mode. As it makes no sense to configure a automatic restart for devices that doesn't support it. However, since systemd commit 13ce5d4632e3 ("network/can: properly handle CAN.RestartSec=0") [1], systemd-networkd correctly handles a restart delay of "0" (i.e. the restart is disabled). Which means that a disabled restart is always configured in the kernel. On systems with both changes active this causes that CAN interfaces that don't implement a restart handler cannot be brought up by systemd-networkd. Solve this problem by allowing a delay of "0" to be configured, even if the device does not implement a restart handler. [1] https://github.com/systemd/systemd/commit/13ce5d4632e395521e6205c954493c7fc… Cc: stable(a)vger.kernel.org Cc: Andrei Lalaev <andrey.lalaev(a)gmail.com> Reported-by: Marc Kleine-Budde <mkl(a)pengutronix.de> Closes: https://lore.kernel.org/all/20251020-certain-arrogant-vole-of-sunshine-1418… Fixes: c1f3f9797c1f ("can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode") Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/dev/netlink.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/can/dev/netlink.c b/drivers/net/can/dev/netlink.c index 0591406b6f32..6f83b87d54fc 100644 --- a/drivers/net/can/dev/netlink.c +++ b/drivers/net/can/dev/netlink.c @@ -452,7 +452,9 @@ static int can_changelink(struct net_device *dev, struct nlattr *tb[], } if (data[IFLA_CAN_RESTART_MS]) { - if (!priv->do_set_mode) { + unsigned int restart_ms = nla_get_u32(data[IFLA_CAN_RESTART_MS]); + + if (restart_ms != 0 && !priv->do_set_mode) { NL_SET_ERR_MSG(extack, "Device doesn't support restart from Bus Off"); return -EOPNOTSUPP; @@ -461,7 +463,7 @@ static int can_changelink(struct net_device *dev, struct nlattr *tb[], /* Do not allow changing restart delay while running */ if (dev->flags & IFF_UP) return -EBUSY; - priv->restart_ms = nla_get_u32(data[IFLA_CAN_RESTART_MS]); + priv->restart_ms = restart_ms; } if (data[IFLA_CAN_RESTART]) { --- base-commit: ffff5c8fc2af2218a3332b3d5b97654599d50cde change-id: 20251020-netlink-fix-restart-6016f4d93e38 Best regards, -- Marc Kleine-Budde <mkl(a)pengutronix.de>

1 week

1
1
0 0

[PATCH net 4/4] can: netlink: can_changelink(): allow disabling of automatic restart

by Marc Kleine-Budde

Since the commit c1f3f9797c1f ("can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode"), the automatic restart delay can only be set for devices that implement the restart handler struct can_priv::do_set_mode. As it makes no sense to configure a automatic restart for devices that doesn't support it. However, since systemd commit 13ce5d4632e3 ("network/can: properly handle CAN.RestartSec=0") [1], systemd-networkd correctly handles a restart delay of "0" (i.e. the restart is disabled). Which means that a disabled restart is always configured in the kernel. On systems with both changes active this causes that CAN interfaces that don't implement a restart handler cannot be brought up by systemd-networkd. Solve this problem by allowing a delay of "0" to be configured, even if the device does not implement a restart handler. [1] https://github.com/systemd/systemd/commit/13ce5d4632e395521e6205c954493c7fc… Cc: stable(a)vger.kernel.org Cc: Andrei Lalaev <andrey.lalaev(a)gmail.com> Reported-by: Marc Kleine-Budde <mkl(a)pengutronix.de> Closes: https://lore.kernel.org/all/20251020-certain-arrogant-vole-of-sunshine-1418… Fixes: c1f3f9797c1f ("can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode") Link: https://patch.msgid.link/20251020-netlink-fix-restart-v1-1-3f53c7f8520b@pen… Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/dev/netlink.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/net/can/dev/netlink.c b/drivers/net/can/dev/netlink.c index 0591406b6f32..6f83b87d54fc 100644 --- a/drivers/net/can/dev/netlink.c +++ b/drivers/net/can/dev/netlink.c @@ -452,7 +452,9 @@ static int can_changelink(struct net_device *dev, struct nlattr *tb[], } if (data[IFLA_CAN_RESTART_MS]) { - if (!priv->do_set_mode) { + unsigned int restart_ms = nla_get_u32(data[IFLA_CAN_RESTART_MS]); + + if (restart_ms != 0 && !priv->do_set_mode) { NL_SET_ERR_MSG(extack, "Device doesn't support restart from Bus Off"); return -EOPNOTSUPP; @@ -461,7 +463,7 @@ static int can_changelink(struct net_device *dev, struct nlattr *tb[], /* Do not allow changing restart delay while running */ if (dev->flags & IFF_UP) return -EBUSY; - priv->restart_ms = nla_get_u32(data[IFLA_CAN_RESTART_MS]); + priv->restart_ms = restart_ms; } if (data[IFLA_CAN_RESTART]) { -- 2.51.0

1 week

1
0
0 0

[PATCH] regmap: slimbus: fix bus_context pointer in __devm_regmap_init_slimbus

by Alexey Klimov

Commit 4e65bda8273c ("ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data()") revealed the problem in slimbus regmap. That commit breaks audio playback, for instance, on sdm845 Thundercomm Dragonboard 845c board: Unable to handle kernel paging request at virtual address ffff8000847cbad4 Mem abort info: ESR = 0x0000000096000007 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x07: level 3 translation fault Data abort info: ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000000a1360000 [ffff8000847cbad4] pgd=0000000000000000, p4d=100000010003e403, pud=100000010003f403, pmd=10000001025cf403, pte=0000000000000000 Internal error: Oops: 0000000096000007 [#1] SMP Modules linked in: (long list of modules...) CPU: 5 UID: 0 PID: 776 Comm: aplay Not tainted 6.18.0-rc1-00028-g7ea30958b305 #11 PREEMPT Hardware name: Thundercomm Dragonboard 845c (DT) pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : slim_xfer_msg+0x24/0x1ac [slimbus] lr : slim_read+0x48/0x74 [slimbus] sp : ffff800089113330 x29: ffff800089113350 x28: 00000000000000c0 x27: 0000000000000268 x26: 0000000000000198 x25: 0000000000000001 x24: 0000000000000000 x23: 0000000000000000 x22: ffff800089113454 x21: ffff00008488e800 x20: ffff000084b4760a x19: 0000000000000001 x18: 0000000000000be2 x17: 0000000000000c19 x16: ffffbcef364cd260 x15: ffffbcef36dafb10 x14: 0000000000000d38 x13: 0000000000000cb4 x12: 0000000000000c91 x11: 1fffe0001161b6e1 x10: ffff800089113470 x9 : ffff00008b0db70c x8 : ffff000081479ee0 x7 : 0000000000000000 x6 : 0000000000000800 x5 : 0000000000000001 x4 : 0000000000000000 x3 : ffff00008263c200 x2 : 0000000000000060 x1 : ffff800089113368 x0 : ffff8000847cb7c8 Call trace: slim_xfer_msg+0x24/0x1ac [slimbus] (P) slim_read+0x48/0x74 [slimbus] regmap_slimbus_read+0x18/0x24 [regmap_slimbus] _regmap_raw_read+0xe8/0x174 _regmap_bus_read+0x44/0x80 _regmap_read+0x60/0xd8 _regmap_update_bits+0xf4/0x140 _regmap_select_page+0xa8/0x124 _regmap_raw_write_impl+0x3b8/0x65c _regmap_bus_raw_write+0x60/0x80 _regmap_write+0x58/0xc0 regmap_write+0x4c/0x80 wcd934x_hw_params+0x494/0x8b8 [snd_soc_wcd934x] snd_soc_dai_hw_params+0x3c/0x7c [snd_soc_core] __soc_pcm_hw_params+0x22c/0x634 [snd_soc_core] dpcm_be_dai_hw_params+0x1d4/0x38c [snd_soc_core] dpcm_fe_dai_hw_params+0x9c/0x17c [snd_soc_core] snd_pcm_hw_params+0x124/0x464 [snd_pcm] snd_pcm_common_ioctl+0x110c/0x1820 [snd_pcm] snd_pcm_ioctl+0x34/0x4c [snd_pcm] __arm64_sys_ioctl+0xac/0x104 invoke_syscall+0x48/0x104 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xec el0t_64_sync_handler+0xa0/0xf0 el0t_64_sync+0x198/0x19c Code: 910083fd f9423464 f9000fe4 d2800004 (394c3003) ---[ end trace 0000000000000000 ]--- The __devm_regmap_init_slimbus() started to be used instead of __regmap_init_slimbus() after the commit mentioned above and turns out the incorrect bus_context pointer (3rd argument) was used in __devm_regmap_init_slimbus(). It should be &slimbus->dev. Correct it. The wcd934x codec seems to be the only (or the first) user of devm_regmap_init_slimbus() but we should fix till the point where __devm_regmap_init_slimbus() was introduced therefore two "Fixes" tags. Fixes: 4e65bda8273c ("ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data()") Fixes: 7d6f7fb053ad ("regmap: add SLIMbus support") Cc: stable(a)vger.kernel.org Cc: Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> Cc: Ma Ke <make24(a)iscas.ac.cn> Cc: Steev Klimaszewski <steev(a)kali.org> Cc: Srinivas Kandagatla <srini(a)kernel.org> Signed-off-by: Alexey Klimov <alexey.klimov(a)linaro.org> --- The patch/fix is for the current 6.18 development cycle since it is fixes the regression introduced in 6.18.0-rc1. drivers/base/regmap/regmap-slimbus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/base/regmap/regmap-slimbus.c b/drivers/base/regmap/regmap-slimbus.c index 54eb7d227cf4..edfee18fbea1 100644 --- a/drivers/base/regmap/regmap-slimbus.c +++ b/drivers/base/regmap/regmap-slimbus.c @@ -63,7 +63,7 @@ struct regmap *__devm_regmap_init_slimbus(struct slim_device *slimbus, if (IS_ERR(bus)) return ERR_CAST(bus); - return __devm_regmap_init(&slimbus->dev, bus, &slimbus, config, + return __devm_regmap_init(&slimbus->dev, bus, &slimbus->dev, config, lock_key, lock_name); } EXPORT_SYMBOL_GPL(__devm_regmap_init_slimbus); -- 2.47.3

1 week

5
4
0 0

[PATCH 2/9] ASoC: qcom: q6adm: the the copp device only during last instance

by Srinivas Kandagatla

A matching Common object post processing instance is normally resused across multiple streams. However currently we close this on DSP eventhough there is a refcount on this copp object, this can result in below error. q6routing ab00000.remoteproc:glink-edge:apr:service@8:routing: Found Matching Copp 0x0 qcom-q6adm aprsvc:service:4:8: cmd = 0x10325 return error = 0x2 q6routing ab00000.remoteproc:glink-edge:apr:service@8:routing: DSP returned error[2] q6routing ab00000.remoteproc:glink-edge:apr:service@8:routing: Found Matching Copp 0x0 qcom-q6adm aprsvc:service:4:8: cmd = 0x10325 return error = 0x2 q6routing ab00000.remoteproc:glink-edge:apr:service@8:routing: DSP returned error[2] qcom-q6adm aprsvc:service:4:8: cmd = 0x10327 return error = 0x2 qcom-q6adm aprsvc:service:4:8: DSP returned error[2] qcom-q6adm aprsvc:service:4:8: Failed to close copp -22 qcom-q6adm aprsvc:service:4:8: cmd = 0x10327 return error = 0x2 qcom-q6adm aprsvc:service:4:8: DSP returned error[2] qcom-q6adm aprsvc:service:4:8: Failed to close copp -22 Fix this by addressing moving the adm_close to copp_kref destructor callback. Fixes: 7b20b2be51e1 ("ASoC: qdsp6: q6adm: Add q6adm driver") Cc: <Stable(a)vger.kernel.org> Reported-by: Martino Facchin <m.facchin(a)arduino.cc> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> --- sound/soc/qcom/qdsp6/q6adm.c | 146 +++++++++++++++++------------------ 1 file changed, 71 insertions(+), 75 deletions(-) diff --git a/sound/soc/qcom/qdsp6/q6adm.c b/sound/soc/qcom/qdsp6/q6adm.c index 1530e98df165..75a029a696ac 100644 --- a/sound/soc/qcom/qdsp6/q6adm.c +++ b/sound/soc/qcom/qdsp6/q6adm.c @@ -109,11 +109,75 @@ static struct q6copp *q6adm_find_copp(struct q6adm *adm, int port_idx, } +static int q6adm_apr_send_copp_pkt(struct q6adm *adm, struct q6copp *copp, + struct apr_pkt *pkt, uint32_t rsp_opcode) +{ + struct device *dev = adm->dev; + uint32_t opcode = pkt->hdr.opcode; + int ret; + + mutex_lock(&adm->lock); + copp->result.opcode = 0; + copp->result.status = 0; + ret = apr_send_pkt(adm->apr, pkt); + if (ret < 0) { + dev_err(dev, "Failed to send APR packet\n"); + ret = -EINVAL; + goto err; + } + + /* Wait for the callback with copp id */ + if (rsp_opcode) + ret = wait_event_timeout(copp->wait, + (copp->result.opcode == opcode) || + (copp->result.opcode == rsp_opcode), + msecs_to_jiffies(TIMEOUT_MS)); + else + ret = wait_event_timeout(copp->wait, + (copp->result.opcode == opcode), + msecs_to_jiffies(TIMEOUT_MS)); + + if (!ret) { + dev_err(dev, "ADM copp cmd timedout\n"); + ret = -ETIMEDOUT; + } else if (copp->result.status > 0) { + dev_err(dev, "DSP returned error[%d]\n", + copp->result.status); + ret = -EINVAL; + } + +err: + mutex_unlock(&adm->lock); + return ret; +} + +static int q6adm_device_close(struct q6adm *adm, struct q6copp *copp, + int port_id, int copp_idx) +{ + struct apr_pkt close; + + close.hdr.hdr_field = APR_HDR_FIELD(APR_MSG_TYPE_SEQ_CMD, + APR_HDR_LEN(APR_HDR_SIZE), + APR_PKT_VER); + close.hdr.pkt_size = sizeof(close); + close.hdr.src_port = port_id; + close.hdr.dest_port = copp->id; + close.hdr.token = port_id << 16 | copp_idx; + close.hdr.opcode = ADM_CMD_DEVICE_CLOSE_V5; + + return q6adm_apr_send_copp_pkt(adm, copp, &close, 0); +} + static void q6adm_free_copp(struct kref *ref) { struct q6copp *c = container_of(ref, struct q6copp, refcount); struct q6adm *adm = c->adm; unsigned long flags; + int ret; + + ret = q6adm_device_close(adm, c, c->afe_port, c->copp_idx); + if (ret < 0) + dev_err(adm->dev, "Failed to close copp %d\n", ret); spin_lock_irqsave(&adm->copps_list_lock, flags); clear_bit(c->copp_idx, &adm->copp_bitmap[c->afe_port]); @@ -155,13 +219,13 @@ static int q6adm_callback(struct apr_device *adev, struct apr_resp_pkt *data) switch (result->opcode) { case ADM_CMD_DEVICE_OPEN_V5: case ADM_CMD_DEVICE_CLOSE_V5: - copp = q6adm_find_copp(adm, port_idx, copp_idx); - if (!copp) - return 0; - - copp->result = *result; - wake_up(&copp->wait); - kref_put(&copp->refcount, q6adm_free_copp); + list_for_each_entry(copp, &adm->copps_list, node) { + if ((port_idx == copp->afe_port) && (copp_idx == copp->copp_idx)) { + copp->result = *result; + wake_up(&copp->wait); + break; + } + } break; case ADM_CMD_MATRIX_MAP_ROUTINGS_V5: adm->result = *result; @@ -234,65 +298,6 @@ static struct q6copp *q6adm_alloc_copp(struct q6adm *adm, int port_idx) return c; } -static int q6adm_apr_send_copp_pkt(struct q6adm *adm, struct q6copp *copp, - struct apr_pkt *pkt, uint32_t rsp_opcode) -{ - struct device *dev = adm->dev; - uint32_t opcode = pkt->hdr.opcode; - int ret; - - mutex_lock(&adm->lock); - copp->result.opcode = 0; - copp->result.status = 0; - ret = apr_send_pkt(adm->apr, pkt); - if (ret < 0) { - dev_err(dev, "Failed to send APR packet\n"); - ret = -EINVAL; - goto err; - } - - /* Wait for the callback with copp id */ - if (rsp_opcode) - ret = wait_event_timeout(copp->wait, - (copp->result.opcode == opcode) || - (copp->result.opcode == rsp_opcode), - msecs_to_jiffies(TIMEOUT_MS)); - else - ret = wait_event_timeout(copp->wait, - (copp->result.opcode == opcode), - msecs_to_jiffies(TIMEOUT_MS)); - - if (!ret) { - dev_err(dev, "ADM copp cmd timedout\n"); - ret = -ETIMEDOUT; - } else if (copp->result.status > 0) { - dev_err(dev, "DSP returned error[%d]\n", - copp->result.status); - ret = -EINVAL; - } - -err: - mutex_unlock(&adm->lock); - return ret; -} - -static int q6adm_device_close(struct q6adm *adm, struct q6copp *copp, - int port_id, int copp_idx) -{ - struct apr_pkt close; - - close.hdr.hdr_field = APR_HDR_FIELD(APR_MSG_TYPE_SEQ_CMD, - APR_HDR_LEN(APR_HDR_SIZE), - APR_PKT_VER); - close.hdr.pkt_size = sizeof(close); - close.hdr.src_port = port_id; - close.hdr.dest_port = copp->id; - close.hdr.token = port_id << 16 | copp_idx; - close.hdr.opcode = ADM_CMD_DEVICE_CLOSE_V5; - - return q6adm_apr_send_copp_pkt(adm, copp, &close, 0); -} - static struct q6copp *q6adm_find_matching_copp(struct q6adm *adm, int port_id, int topology, int mode, int rate, @@ -567,15 +572,6 @@ EXPORT_SYMBOL_GPL(q6adm_matrix_map); */ int q6adm_close(struct device *dev, struct q6copp *copp) { - struct q6adm *adm = dev_get_drvdata(dev->parent); - int ret = 0; - - ret = q6adm_device_close(adm, copp, copp->afe_port, copp->copp_idx); - if (ret < 0) { - dev_err(adm->dev, "Failed to close copp %d\n", ret); - return ret; - } - kref_put(&copp->refcount, q6adm_free_copp); return 0; -- 2.51.0

1 week

2
1
0 0

[PATCH 1/2] ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime

by Srinivas Kandagatla

For some reason we endedup allocating sdw_stream_runtime for every cpu dai, this has two issues. 1. we never set snd_soc_dai_set_stream for non soundwire dai, which means there is no way that we can free this, resulting in memory leak 2. startup and shutdown callbacks can be called without hw_params callback called. This combination results in memory leak because machine driver sruntime array pointer is only set in hw_params callback. Fix this by 1. adding a helper function to get sdw_runtime for substream which can be used by shutdown callback to get hold of sruntime to free. 2. only allocate sdw_runtime for soundwire dais. Fixes: d32bac9cb09c ("ASoC: qcom: Add helper for allocating Soundwire stream runtime") Cc: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Cc: <Stable(a)vger.kernel.org> Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla(a)oss.qualcomm.com> --- sound/soc/qcom/sc7280.c | 2 +- sound/soc/qcom/sc8280xp.c | 2 +- sound/soc/qcom/sdw.c | 104 +++++++++++++++++++++----------------- sound/soc/qcom/sdw.h | 1 + sound/soc/qcom/sm8250.c | 2 +- sound/soc/qcom/x1e80100.c | 2 +- 6 files changed, 63 insertions(+), 50 deletions(-) diff --git a/sound/soc/qcom/sc7280.c b/sound/soc/qcom/sc7280.c index af412bd0c89f..c444dae563c7 100644 --- a/sound/soc/qcom/sc7280.c +++ b/sound/soc/qcom/sc7280.c @@ -317,7 +317,7 @@ static void sc7280_snd_shutdown(struct snd_pcm_substream *substream) struct snd_soc_card *card = rtd->card; struct sc7280_snd_data *data = snd_soc_card_get_drvdata(card); struct snd_soc_dai *cpu_dai = snd_soc_rtd_to_cpu(rtd, 0); - struct sdw_stream_runtime *sruntime = data->sruntime[cpu_dai->id]; + struct sdw_stream_runtime *sruntime = qcom_snd_sdw_get_stream(substream); switch (cpu_dai->id) { case MI2S_PRIMARY: diff --git a/sound/soc/qcom/sc8280xp.c b/sound/soc/qcom/sc8280xp.c index 78e327bc2f07..9ba536dff667 100644 --- a/sound/soc/qcom/sc8280xp.c +++ b/sound/soc/qcom/sc8280xp.c @@ -73,7 +73,7 @@ static void sc8280xp_snd_shutdown(struct snd_pcm_substream *substream) struct snd_soc_pcm_runtime *rtd = snd_soc_substream_to_rtd(substream); struct snd_soc_dai *cpu_dai = snd_soc_rtd_to_cpu(rtd, 0); struct sc8280xp_snd_data *pdata = snd_soc_card_get_drvdata(rtd->card); - struct sdw_stream_runtime *sruntime = pdata->sruntime[cpu_dai->id]; + struct sdw_stream_runtime *sruntime = qcom_snd_sdw_get_stream(substream); pdata->sruntime[cpu_dai->id] = NULL; sdw_release_stream(sruntime); diff --git a/sound/soc/qcom/sdw.c b/sound/soc/qcom/sdw.c index 7d7981d4295b..d866fad04131 100644 --- a/sound/soc/qcom/sdw.c +++ b/sound/soc/qcom/sdw.c @@ -7,6 +7,36 @@ #include <sound/soc.h> #include "sdw.h" +static bool qcom_snd_is_sdw_dai(int id) +{ + switch (id) { + case WSA_CODEC_DMA_RX_0: + case WSA_CODEC_DMA_TX_0: + case WSA_CODEC_DMA_RX_1: + case WSA_CODEC_DMA_TX_1: + case WSA_CODEC_DMA_TX_2: + case RX_CODEC_DMA_RX_0: + case TX_CODEC_DMA_TX_0: + case RX_CODEC_DMA_RX_1: + case TX_CODEC_DMA_TX_1: + case RX_CODEC_DMA_RX_2: + case TX_CODEC_DMA_TX_2: + case RX_CODEC_DMA_RX_3: + case TX_CODEC_DMA_TX_3: + case RX_CODEC_DMA_RX_4: + case TX_CODEC_DMA_TX_4: + case RX_CODEC_DMA_RX_5: + case TX_CODEC_DMA_TX_5: + case RX_CODEC_DMA_RX_6: + case RX_CODEC_DMA_RX_7: + return true; + default: + break; + } + + return false; +} + /** * qcom_snd_sdw_startup() - Helper to start Soundwire stream for SoC audio card * @substream: The PCM substream from audio, as passed to snd_soc_ops->startup() @@ -29,6 +59,9 @@ int qcom_snd_sdw_startup(struct snd_pcm_substream *substream) u32 rx_ch_cnt = 0, tx_ch_cnt = 0; int ret, i, j; + if (!qcom_snd_is_sdw_dai(cpu_dai->id)) + return 0; + sruntime = sdw_alloc_stream(cpu_dai->name, SDW_STREAM_PCM); if (!sruntime) return -ENOMEM; @@ -89,19 +122,8 @@ int qcom_snd_sdw_prepare(struct snd_pcm_substream *substream, if (!sruntime) return 0; - switch (cpu_dai->id) { - case WSA_CODEC_DMA_RX_0: - case WSA_CODEC_DMA_RX_1: - case RX_CODEC_DMA_RX_0: - case RX_CODEC_DMA_RX_1: - case TX_CODEC_DMA_TX_0: - case TX_CODEC_DMA_TX_1: - case TX_CODEC_DMA_TX_2: - case TX_CODEC_DMA_TX_3: - break; - default: + if (!qcom_snd_is_sdw_dai(cpu_dai->id)) return 0; - } if (*stream_prepared) return 0; @@ -129,9 +151,7 @@ int qcom_snd_sdw_prepare(struct snd_pcm_substream *substream, } EXPORT_SYMBOL_GPL(qcom_snd_sdw_prepare); -int qcom_snd_sdw_hw_params(struct snd_pcm_substream *substream, - struct snd_pcm_hw_params *params, - struct sdw_stream_runtime **psruntime) +struct sdw_stream_runtime *qcom_snd_sdw_get_stream(struct snd_pcm_substream *substream) { struct snd_soc_pcm_runtime *rtd = snd_soc_substream_to_rtd(substream); struct snd_soc_dai *codec_dai; @@ -139,21 +159,23 @@ int qcom_snd_sdw_hw_params(struct snd_pcm_substream *substream, struct sdw_stream_runtime *sruntime; int i; - switch (cpu_dai->id) { - case WSA_CODEC_DMA_RX_0: - case RX_CODEC_DMA_RX_0: - case RX_CODEC_DMA_RX_1: - case TX_CODEC_DMA_TX_0: - case TX_CODEC_DMA_TX_1: - case TX_CODEC_DMA_TX_2: - case TX_CODEC_DMA_TX_3: - for_each_rtd_codec_dais(rtd, i, codec_dai) { - sruntime = snd_soc_dai_get_stream(codec_dai, substream->stream); - if (sruntime != ERR_PTR(-ENOTSUPP)) - *psruntime = sruntime; - } - break; + if (!qcom_snd_is_sdw_dai(cpu_dai->id)) + return NULL; + + for_each_rtd_codec_dais(rtd, i, codec_dai) { + sruntime = snd_soc_dai_get_stream(codec_dai, substream->stream); + if (sruntime != ERR_PTR(-ENOTSUPP)) + return sruntime; } + return NULL; +} +EXPORT_SYMBOL_GPL(qcom_snd_sdw_get_stream); + +int qcom_snd_sdw_hw_params(struct snd_pcm_substream *substream, + struct snd_pcm_hw_params *params, + struct sdw_stream_runtime **psruntime) +{ + *psruntime = qcom_snd_sdw_get_stream(substream); return 0; @@ -166,23 +188,13 @@ int qcom_snd_sdw_hw_free(struct snd_pcm_substream *substream, struct snd_soc_pcm_runtime *rtd = snd_soc_substream_to_rtd(substream); struct snd_soc_dai *cpu_dai = snd_soc_rtd_to_cpu(rtd, 0); - switch (cpu_dai->id) { - case WSA_CODEC_DMA_RX_0: - case WSA_CODEC_DMA_RX_1: - case RX_CODEC_DMA_RX_0: - case RX_CODEC_DMA_RX_1: - case TX_CODEC_DMA_TX_0: - case TX_CODEC_DMA_TX_1: - case TX_CODEC_DMA_TX_2: - case TX_CODEC_DMA_TX_3: - if (sruntime && *stream_prepared) { - sdw_disable_stream(sruntime); - sdw_deprepare_stream(sruntime); - *stream_prepared = false; - } - break; - default: - break; + if (!qcom_snd_is_sdw_dai(cpu_dai->id)) + return 0; + + if (sruntime && *stream_prepared) { + sdw_disable_stream(sruntime); + sdw_deprepare_stream(sruntime); + *stream_prepared = false; } return 0; diff --git a/sound/soc/qcom/sdw.h b/sound/soc/qcom/sdw.h index 392e3455f1b1..b8bc5beb0522 100644 --- a/sound/soc/qcom/sdw.h +++ b/sound/soc/qcom/sdw.h @@ -10,6 +10,7 @@ int qcom_snd_sdw_startup(struct snd_pcm_substream *substream); int qcom_snd_sdw_prepare(struct snd_pcm_substream *substream, struct sdw_stream_runtime *runtime, bool *stream_prepared); +struct sdw_stream_runtime *qcom_snd_sdw_get_stream(struct snd_pcm_substream *stream); int qcom_snd_sdw_hw_params(struct snd_pcm_substream *substream, struct snd_pcm_hw_params *params, struct sdw_stream_runtime **psruntime); diff --git a/sound/soc/qcom/sm8250.c b/sound/soc/qcom/sm8250.c index f5b75a06e5bd..ce5b0059207f 100644 --- a/sound/soc/qcom/sm8250.c +++ b/sound/soc/qcom/sm8250.c @@ -117,7 +117,7 @@ static void sm8250_snd_shutdown(struct snd_pcm_substream *substream) struct snd_soc_pcm_runtime *rtd = snd_soc_substream_to_rtd(substream); struct snd_soc_dai *cpu_dai = snd_soc_rtd_to_cpu(rtd, 0); struct sm8250_snd_data *data = snd_soc_card_get_drvdata(rtd->card); - struct sdw_stream_runtime *sruntime = data->sruntime[cpu_dai->id]; + struct sdw_stream_runtime *sruntime = qcom_snd_sdw_get_stream(substream); data->sruntime[cpu_dai->id] = NULL; sdw_release_stream(sruntime); diff --git a/sound/soc/qcom/x1e80100.c b/sound/soc/qcom/x1e80100.c index 444f2162889f..2e3599516aa2 100644 --- a/sound/soc/qcom/x1e80100.c +++ b/sound/soc/qcom/x1e80100.c @@ -55,7 +55,7 @@ static void x1e80100_snd_shutdown(struct snd_pcm_substream *substream) struct snd_soc_pcm_runtime *rtd = snd_soc_substream_to_rtd(substream); struct snd_soc_dai *cpu_dai = snd_soc_rtd_to_cpu(rtd, 0); struct x1e80100_snd_data *data = snd_soc_card_get_drvdata(rtd->card); - struct sdw_stream_runtime *sruntime = data->sruntime[cpu_dai->id]; + struct sdw_stream_runtime *sruntime = qcom_snd_sdw_get_stream(substream); data->sruntime[cpu_dai->id] = NULL; sdw_release_stream(sruntime); -- 2.51.0

1 week

1
1
0 0

[syzbot ci] Re: Fix stale IOTLB entries for kernel address space

by syzbot ci

syzbot ci has tested the following series [v6] Fix stale IOTLB entries for kernel address space https://lore.kernel.org/all/20251014130437.1090448-1-baolu.lu@linux.intel.c… * [PATCH v6 1/7] mm: Add a ptdesc flag to mark kernel page tables * [PATCH v6 2/7] mm: Actually mark kernel page table pages * [PATCH v6 3/7] x86/mm: Use 'ptdesc' when freeing PMD pages * [PATCH v6 4/7] mm: Introduce pure page table freeing function * [PATCH v6 5/7] x86/mm: Use pagetable_free() * [PATCH v6 6/7] mm: Introduce deferred freeing for kernel page tables * [PATCH v6 7/7] iommu/sva: Invalidate stale IOTLB entries for kernel address space and found the following issues: * KASAN: use-after-free Read in pmd_set_huge * KASAN: use-after-free Read in vmap_range_noflush * PANIC: double fault in search_extable Full report is available here: https://ci.syzbot.org/series/9d75a765-d6b2-4839-8db9-2f2e64e78cdd *** KASAN: use-after-free Read in pmd_set_huge tree: torvalds URL: https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux base: 0d97f2067c166eb495771fede9f7b73999c67f66 arch: amd64 compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 config: https://ci.syzbot.org/builds/68e38247-432a-45b2-b187-a533b7040841/config syz repro: https://ci.syzbot.org/findings/ce54ec93-1f21-4deb-b2f8-d34917bd1be2/syz_rep… ================================================================== BUG: KASAN: use-after-free in pmd_set_huge+0xd8/0x340 arch/x86/mm/pgtable.c:676 Read of size 8 at addr ffff888100efa960 by task syz.0.20/5965 CPU: 1 UID: 0 PID: 5965 Comm: syz.0.20 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xca/0x240 mm/kasan/report.c:482 kasan_report+0x118/0x150 mm/kasan/report.c:595 pmd_set_huge+0xd8/0x340 arch/x86/mm/pgtable.c:676 vmap_try_huge_pmd mm/vmalloc.c:161 [inline] vmap_pmd_range mm/vmalloc.c:177 [inline] vmap_pud_range mm/vmalloc.c:233 [inline] vmap_p4d_range mm/vmalloc.c:284 [inline] vmap_range_noflush+0x7b3/0xf80 mm/vmalloc.c:308 __vmap_pages_range_noflush+0xd31/0xf30 mm/vmalloc.c:661 vmap_pages_range_noflush mm/vmalloc.c:681 [inline] vmap_pages_range mm/vmalloc.c:701 [inline] __vmalloc_area_node mm/vmalloc.c:3766 [inline] __vmalloc_node_range_noprof+0xe8c/0x12d0 mm/vmalloc.c:3897 __kvmalloc_node_noprof+0x674/0x910 mm/slub.c:7058 nf_tables_newset+0x1330/0x2540 net/netfilter/nf_tables_api.c:5548 nfnetlink_rcv_batch net/netfilter/nfnetlink.c:526 [inline] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:649 [inline] nfnetlink_rcv+0x11d9/0x2590 net/netfilter/nfnetlink.c:667 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline] netlink_unicast+0x82f/0x9e0 net/netlink/af_netlink.c:1346 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg+0x21c/0x270 net/socket.c:742 ____sys_sendmsg+0x505/0x830 net/socket.c:2630 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2684 __sys_sendmsg net/socket.c:2716 [inline] __do_sys_sendmsg net/socket.c:2721 [inline] __se_sys_sendmsg net/socket.c:2719 [inline] __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2719 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fc5fff8eec9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fc600ecb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fc6001e5fa0 RCX: 00007fc5fff8eec9 RDX: 0000000004008100 RSI: 00002000000000c0 RDI: 0000000000000003 RBP: 00007fc600011f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fc6001e6038 R14: 00007fc6001e5fa0 R15: 00007ffed63a0428 </TASK> The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100efa flags: 0x17ff00000000000(node=0|zone=2|lastcpupid=0x7ff) raw: 017ff00000000000 ffffea0004772f88 ffff88823c6403a0 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as freed page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40100(__GFP_ZERO|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 1659724794, free_ts 71235002142 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1850 prep_new_page mm/page_alloc.c:1858 [inline] get_page_from_freelist+0x2365/0x2440 mm/page_alloc.c:3884 __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5183 alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2416 alloc_frozen_pages_noprof mm/mempolicy.c:2487 [inline] alloc_pages_noprof+0xa9/0x190 mm/mempolicy.c:2507 pagetable_alloc_noprof include/linux/mm.h:3016 [inline] pmd_alloc_one_noprof include/asm-generic/pgalloc.h:144 [inline] __pmd_alloc+0x3a/0x5d0 mm/memory.c:6573 pmd_alloc_track mm/pgalloc-track.h:37 [inline] vmap_pages_pmd_range mm/vmalloc.c:564 [inline] vmap_pages_pud_range mm/vmalloc.c:587 [inline] vmap_pages_p4d_range mm/vmalloc.c:605 [inline] vmap_small_pages_range_noflush mm/vmalloc.c:627 [inline] __vmap_pages_range_noflush+0x9cc/0xf30 mm/vmalloc.c:656 vmap_pages_range_noflush mm/vmalloc.c:681 [inline] vmap_pages_range mm/vmalloc.c:701 [inline] vmap+0x1ca/0x310 mm/vmalloc.c:3521 map_irq_stack arch/x86/kernel/irq_64.c:49 [inline] irq_init_percpu_irqstack+0x342/0x4a0 arch/x86/kernel/irq_64.c:76 init_IRQ+0x15c/0x1c0 arch/x86/kernel/irqinit.c:90 start_kernel+0x1cd/0x410 init/main.c:1016 x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310 x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:291 common_startup_64+0x13e/0x147 page last free pid 5965 tgid 5964 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1394 [inline] __free_frozen_pages+0xbc4/0xd30 mm/page_alloc.c:2906 pmd_free_pte_page+0xa1/0xc0 arch/x86/mm/pgtable.c:783 vmap_try_huge_pmd mm/vmalloc.c:158 [inline] vmap_pmd_range mm/vmalloc.c:177 [inline] vmap_pud_range mm/vmalloc.c:233 [inline] vmap_p4d_range mm/vmalloc.c:284 [inline] vmap_range_noflush+0x774/0xf80 mm/vmalloc.c:308 __vmap_pages_range_noflush+0xd31/0xf30 mm/vmalloc.c:661 vmap_pages_range_noflush mm/vmalloc.c:681 [inline] vmap_pages_range mm/vmalloc.c:701 [inline] __vmalloc_area_node mm/vmalloc.c:3766 [inline] __vmalloc_node_range_noprof+0xe8c/0x12d0 mm/vmalloc.c:3897 __kvmalloc_node_noprof+0x674/0x910 mm/slub.c:7058 nf_tables_newset+0x1330/0x2540 net/netfilter/nf_tables_api.c:5548 nfnetlink_rcv_batch net/netfilter/nfnetlink.c:526 [inline] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:649 [inline] nfnetlink_rcv+0x11d9/0x2590 net/netfilter/nfnetlink.c:667 netlink_unicast_kernel net/netlink/af_netlink.c:1320 [inline] netlink_unicast+0x82f/0x9e0 net/netlink/af_netlink.c:1346 netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1896 sock_sendmsg_nosec net/socket.c:727 [inline] __sock_sendmsg+0x21c/0x270 net/socket.c:742 ____sys_sendmsg+0x505/0x830 net/socket.c:2630 ___sys_sendmsg+0x21f/0x2a0 net/socket.c:2684 __sys_sendmsg net/socket.c:2716 [inline] __do_sys_sendmsg net/socket.c:2721 [inline] __se_sys_sendmsg net/socket.c:2719 [inline] __x64_sys_sendmsg+0x19b/0x260 net/socket.c:2719 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f Memory state around the buggy address: ffff888100efa800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff888100efa880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff888100efa900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff888100efa980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff888100efaa00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== *** KASAN: use-after-free Read in vmap_range_noflush tree: torvalds URL: https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux base: 0d97f2067c166eb495771fede9f7b73999c67f66 arch: amd64 compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 config: https://ci.syzbot.org/builds/68e38247-432a-45b2-b187-a533b7040841/config C repro: https://ci.syzbot.org/findings/b676cfe4-8c9a-435c-aa8f-7315912fa378/c_repro syz repro: https://ci.syzbot.org/findings/b676cfe4-8c9a-435c-aa8f-7315912fa378/syz_rep… ================================================================== BUG: KASAN: use-after-free in vmap_try_huge_pmd mm/vmalloc.c:158 [inline] BUG: KASAN: use-after-free in vmap_pmd_range mm/vmalloc.c:177 [inline] BUG: KASAN: use-after-free in vmap_pud_range mm/vmalloc.c:233 [inline] BUG: KASAN: use-after-free in vmap_p4d_range mm/vmalloc.c:284 [inline] BUG: KASAN: use-after-free in vmap_range_noflush+0x743/0xf80 mm/vmalloc.c:308 Read of size 8 at addr ffff888100efa128 by task syz.0.17/5955 CPU: 1 UID: 0 PID: 5955 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xca/0x240 mm/kasan/report.c:482 kasan_report+0x118/0x150 mm/kasan/report.c:595 vmap_try_huge_pmd mm/vmalloc.c:158 [inline] vmap_pmd_range mm/vmalloc.c:177 [inline] vmap_pud_range mm/vmalloc.c:233 [inline] vmap_p4d_range mm/vmalloc.c:284 [inline] vmap_range_noflush+0x743/0xf80 mm/vmalloc.c:308 __vmap_pages_range_noflush+0xd31/0xf30 mm/vmalloc.c:661 vmap_pages_range_noflush mm/vmalloc.c:681 [inline] vmap_pages_range mm/vmalloc.c:701 [inline] __vmalloc_area_node mm/vmalloc.c:3766 [inline] __vmalloc_node_range_noprof+0xe8c/0x12d0 mm/vmalloc.c:3897 __kvmalloc_node_noprof+0x674/0x910 mm/slub.c:7058 kvmalloc_array_node_noprof include/linux/slab.h:1122 [inline] bpf_uprobe_multi_link_attach+0x54b/0xee0 kernel/trace/bpf_trace.c:3228 link_create+0x673/0x850 kernel/bpf/syscall.c:5721 __sys_bpf+0x6be/0x860 kernel/bpf/syscall.c:6204 __do_sys_bpf kernel/bpf/syscall.c:6244 [inline] __se_sys_bpf kernel/bpf/syscall.c:6242 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:6242 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f3d8e78eec9 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f3d8f64c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 RAX: ffffffffffffffda RBX: 00007f3d8e9e5fa0 RCX: 00007f3d8e78eec9 RDX: 0000000000000040 RSI: 00002000000005c0 RDI: 000000000000001c RBP: 00007f3d8e811f91 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007f3d8e9e6038 R14: 00007f3d8e9e5fa0 R15: 00007ffe8caa72c8 </TASK> The buggy address belongs to the physical page: page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100efa flags: 0x17ff00000000000(node=0|zone=2|lastcpupid=0x7ff) raw: 017ff00000000000 ffffea00044109c8 ffff88823c6403a0 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as freed page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40100(__GFP_ZERO|__GFP_COMP), pid 0, tgid 0 (swapper/0), ts 1684936790, free_ts 91274246476 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x240/0x2a0 mm/page_alloc.c:1850 prep_new_page mm/page_alloc.c:1858 [inline] get_page_from_freelist+0x2365/0x2440 mm/page_alloc.c:3884 __alloc_frozen_pages_noprof+0x181/0x370 mm/page_alloc.c:5183 alloc_pages_mpol+0x232/0x4a0 mm/mempolicy.c:2416 alloc_frozen_pages_noprof mm/mempolicy.c:2487 [inline] alloc_pages_noprof+0xa9/0x190 mm/mempolicy.c:2507 pagetable_alloc_noprof include/linux/mm.h:3016 [inline] pmd_alloc_one_noprof include/asm-generic/pgalloc.h:144 [inline] __pmd_alloc+0x3a/0x5d0 mm/memory.c:6573 pmd_alloc_track mm/pgalloc-track.h:37 [inline] vmap_pages_pmd_range mm/vmalloc.c:564 [inline] vmap_pages_pud_range mm/vmalloc.c:587 [inline] vmap_pages_p4d_range mm/vmalloc.c:605 [inline] vmap_small_pages_range_noflush mm/vmalloc.c:627 [inline] __vmap_pages_range_noflush+0x9cc/0xf30 mm/vmalloc.c:656 vmap_pages_range_noflush mm/vmalloc.c:681 [inline] vmap_pages_range mm/vmalloc.c:701 [inline] vmap+0x1ca/0x310 mm/vmalloc.c:3521 map_irq_stack arch/x86/kernel/irq_64.c:49 [inline] irq_init_percpu_irqstack+0x342/0x4a0 arch/x86/kernel/irq_64.c:76 init_IRQ+0x15c/0x1c0 arch/x86/kernel/irqinit.c:90 start_kernel+0x1cd/0x410 init/main.c:1016 x86_64_start_reservations+0x24/0x30 arch/x86/kernel/head64.c:310 x86_64_start_kernel+0x143/0x1c0 arch/x86/kernel/head64.c:291 common_startup_64+0x13e/0x147 page last free pid 5892 tgid 5892 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1394 [inline] __free_frozen_pages+0xbc4/0xd30 mm/page_alloc.c:2906 __pagetable_free include/linux/mm.h:3026 [inline] kernel_pgtable_work_func+0x276/0x2e0 mm/pgtable-generic.c:436 process_one_work kernel/workqueue.c:3263 [inline] process_scheduled_works+0xae1/0x17b0 kernel/workqueue.c:3346 worker_thread+0x8a0/0xda0 kernel/workqueue.c:3427 kthread+0x711/0x8a0 kernel/kthread.c:463 ret_from_fork+0x4bc/0x870 arch/x86/kernel/process.c:158 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Memory state around the buggy address: ffff888100efa000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff888100efa080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff888100efa100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff888100efa180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff888100efa200: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== *** PANIC: double fault in search_extable tree: torvalds URL: https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux base: 0d97f2067c166eb495771fede9f7b73999c67f66 arch: amd64 compiler: Debian clang version 20.1.8 (++20250708063551+0c9f909b7976-1~exp1~20250708183702.136), Debian LLD 20.1.8 config: https://ci.syzbot.org/builds/68e38247-432a-45b2-b187-a533b7040841/config syz repro: https://ci.syzbot.org/findings/967ed946-aab2-484a-8267-954586f5962b/syz_rep… traps: PANIC: double fault, error_code: 0x0 Oops: double fault: 0000 [#1] SMP KASAN PTI CPU: 1 UID: 0 PID: 5921 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:search_extable+0x69/0xd0 lib/extable.c:115 Code: 8d 48 c7 44 24 10 20 50 40 8b 49 89 e5 49 c1 ed 03 48 b8 f1 f1 f1 f1 00 f3 f3 f3 49 bc 00 00 00 00 00 fc ff df 4b 89 44 25 00 <e8> 12 45 7f f6 48 89 5c 24 20 b9 0c 00 00 00 48 8d 7c 24 20 4c 89 RSP: 0018:ffffc90003e5f000 EFLAGS: 00010806 RAX: f3f3f300f1f1f1f1 RBX: ffffffff8b4b123e RCX: 0000000000001c56 RDX: ffffffff8b4b123e RSI: 0000000000000972 RDI: ffffffff8dc137d0 RBP: ffffc90003e5f0a0 R08: 0000000000000001 R09: 0000000000000002 R10: 0000000000000011 R11: 0000000000000000 R12: dffffc0000000000 R13: 1ffff920007cbe00 R14: 0000000000000972 R15: ffffffff8dc137d0 FS: 000055558b2ef500(0000) GS:ffff8882a9d0f000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffc90003e5eff8 CR3: 00000001ba5ea000 CR4: 00000000000006f0 Call Trace: <TASK> search_kernel_exception_table kernel/extable.c:49 [inline] search_exception_tables+0x3a/0x60 kernel/extable.c:58 fixup_exception+0xb1/0x20b0 arch/x86/mm/extable.c:319 kernelmode_fixup_or_oops+0x68/0xf0 arch/x86/mm/fault.c:726 __bad_area_nosemaphore+0x11a/0x780 arch/x86/mm/fault.c:783 handle_page_fault arch/x86/mm/fault.c:1474 [inline] exc_page_fault+0xcf/0x100 arch/x86/mm/fault.c:1532 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0010:in_irq_stack arch/x86/kernel/dumpstack_64.c:165 [inline] RIP: 0010:get_stack_info_noinstr+0xee/0x130 arch/x86/kernel/dumpstack_64.c:182 Code: 08 48 8d 90 08 80 ff ff 49 39 d7 40 0f 92 c6 49 39 cf 40 0f 93 c7 40 08 f7 75 27 41 c7 06 02 00 00 00 49 89 56 08 49 89 4e 10 <48> 8b 00 49 89 46 18 89 d8 5b 41 5c 41 5d 41 5e 41 5f e9 8b 12 03 RSP: 0018:ffffc90003e5f470 EFLAGS: 00010046 RAX: ffffc90000a08ff8 RBX: ffff88816ac1ba01 RCX: ffffc90000a09000 RDX: ffffc90000a01000 RSI: ffffffff8d837700 RDI: ffffffff8bc07500 RBP: ffffc90003e5f630 R08: ffffc90003e5f500 R09: 0000000000000000 R10: ffffc90003e5f5a0 R11: fffff520007cbeb8 R12: ffff88816ac1ba00 R13: fffffe000004f000 R14: ffffc90003e5f5a0 R15: ffffc90000a08ff8 get_stack_guard_info arch/x86/include/asm/stacktrace.h:45 [inline] page_fault_oops+0x12a/0xa10 arch/x86/mm/fault.c:663 __bad_area_nosemaphore+0x11a/0x780 arch/x86/mm/fault.c:783 handle_page_fault arch/x86/mm/fault.c:1474 [inline] exc_page_fault+0xcf/0x100 arch/x86/mm/fault.c:1532 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:623 RIP: 0010:instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1052 [inline] RIP: 0010:sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1052 Code: 00 00 48 c7 c7 c0 b4 67 8b e8 ae 23 00 00 65 c6 05 50 d7 45 07 01 48 c7 c7 a0 b4 67 8b e8 9a 23 00 00 65 4c 8b 1d 02 d7 45 07 <49> 89 23 4c 89 dc e8 77 23 39 f6 48 89 df e8 4f 2f 25 f6 e8 8a 24 RSP: 0018:ffffc90003e5f830 EFLAGS: 00010082 RAX: 0000000000000001 RBX: ffffc90003e5f848 RCX: 4d01a0d08cb75600 RDX: 0000000000000000 RSI: ffffffff8b67b4a0 RDI: ffffffff8bc07560 RBP: 0000000000000000 R08: ffffffff8f9e1177 R09: 1ffffffff1f3c22e R10: dffffc0000000000 R11: ffffc90000a08ff8 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0010:check_preemption_disabled+0x0/0x120 lib/smp_processor_id.c:13 Code: c7 00 75 c0 8b 48 c7 c6 40 75 c0 8b eb 1c 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <55> 41 57 41 56 53 48 83 ec 10 65 48 8b 05 ae b4 45 07 48 89 44 24 RSP: 0018:ffffc90003e5f8f0 EFLAGS: 00000282 RAX: 0000000000000000 RBX: 00007f5f1858e627 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: ffffffff8bc07540 RDI: ffffffff8bc07500 RBP: 0000000000000001 R08: 0000000000000022 R09: ffffffff81731d25 R10: ffffc90003e5f9b8 R11: ffffffff81abbe80 R12: ffff88816ac1ba00 R13: dffffc0000000000 R14: dffffc0000000000 R15: 1ffff920007cbf36 rcu_is_watching_curr_cpu include/linux/context_tracking.h:128 [inline] rcu_is_watching+0x15/0xb0 kernel/rcu/tree.c:751 kernel_text_address+0x80/0xe0 kernel/extable.c:113 __kernel_text_address+0xd/0x40 kernel/extable.c:79 unwind_get_return_address+0x4d/0x90 arch/x86/kernel/unwind_orc.c:369 arch_stack_walk+0xfc/0x150 arch/x86/kernel/stacktrace.c:26 stack_trace_save+0x9c/0xe0 kernel/stacktrace.c:122 ref_tracker_free+0xef/0x7d0 lib/ref_tracker.c:307 __netns_tracker_free include/net/net_namespace.h:379 [inline] put_net_track include/net/net_namespace.h:394 [inline] __sk_destruct+0x3c3/0x660 net/core/sock.c:2368 sock_put include/net/sock.h:1972 [inline] unix_release_sock+0xa7b/0xd50 net/unix/af_unix.c:732 unix_release+0x92/0xd0 net/unix/af_unix.c:1196 __sock_release net/socket.c:662 [inline] sock_close+0xc3/0x240 net/socket.c:1455 __fput+0x44c/0xa70 fs/file_table.c:468 fput_close_sync+0x119/0x200 fs/file_table.c:573 __do_sys_close fs/open.c:1589 [inline] __se_sys_close fs/open.c:1574 [inline] __x64_sys_close+0x7f/0x110 fs/open.c:1574 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0xfa/0xfa0 arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5f1858e627 Code: 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb bc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 RSP: 002b:00007ffec60e5be8 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f5f1858e627 RDX: 0000000000000000 RSI: 0000000000008933 RDI: 0000000000000005 RBP: 00007ffec60e5bf0 R08: 000000000000000a R09: 0000000000000001 R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000024 R13: 000000000000002d R14: 00007f5f19314620 R15: 0000000000000024 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:search_extable+0x69/0xd0 lib/extable.c:115 Code: 8d 48 c7 44 24 10 20 50 40 8b 49 89 e5 49 c1 ed 03 48 b8 f1 f1 f1 f1 00 f3 f3 f3 49 bc 00 00 00 00 00 fc ff df 4b 89 44 25 00 <e8> 12 45 7f f6 48 89 5c 24 20 b9 0c 00 00 00 48 8d 7c 24 20 4c 89 RSP: 0018:ffffc90003e5f000 EFLAGS: 00010806 RAX: f3f3f300f1f1f1f1 RBX: ffffffff8b4b123e RCX: 0000000000001c56 RDX: ffffffff8b4b123e RSI: 0000000000000972 RDI: ffffffff8dc137d0 RBP: ffffc90003e5f0a0 R08: 0000000000000001 R09: 0000000000000002 R10: 0000000000000011 R11: 0000000000000000 R12: dffffc0000000000 R13: 1ffff920007cbe00 R14: 0000000000000972 R15: ffffffff8dc137d0 FS: 000055558b2ef500(0000) GS:ffff8882a9d0f000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffc90003e5eff8 CR3: 00000001ba5ea000 CR4: 00000000000006f0 ---------------- Code disassembly (best guess): 0: 8d 48 c7 lea -0x39(%rax),%ecx 3: 44 24 10 rex.R and $0x10,%al 6: 20 50 40 and %dl,0x40(%rax) 9: 8b 49 89 mov -0x77(%rcx),%ecx c: e5 49 in $0x49,%eax e: c1 ed 03 shr $0x3,%ebp 11: 48 b8 f1 f1 f1 f1 00 movabs $0xf3f3f300f1f1f1f1,%rax 18: f3 f3 f3 1b: 49 bc 00 00 00 00 00 movabs $0xdffffc0000000000,%r12 22: fc ff df 25: 4b 89 44 25 00 mov %rax,0x0(%r13,%r12,1) * 2a: e8 12 45 7f f6 call 0xf67f4541 <-- trapping instruction 2f: 48 89 5c 24 20 mov %rbx,0x20(%rsp) 34: b9 0c 00 00 00 mov $0xc,%ecx 39: 48 8d 7c 24 20 lea 0x20(%rsp),%rdi 3e: 4c rex.WR 3f: 89 .byte 0x89 *** If these findings have caused you to resend the series or submit a separate fix, please add the following tag to your commit message: Tested-by: syzbot(a)syzkaller.appspotmail.com --- This report is generated by a bot. It may contain errors. syzbot ci engineers can be reached at syzkaller(a)googlegroups.com.

1 week

4
6
0 0

[DISCUSSION] Fixing bad pmd due to a race condition between change_prot_numa() and THP migration in pre-6.5 kernels.

by Harry Yoo

Hi. This is supposed to be a patch, but I think it's worth discussing how it should be backported to -stable, so I've labeled it as [DISCUSSION]. The bug described below was unintentionally fixed in v6.5 and not backported to -stable. So technically I would need to use "Option 3" [A], but since the original patch [B] did not intend to fix a bug (and it's also part of a larger patch series), it looks quite different from the patch below, and I'm not sure what the backport should look like. I think there are probably two options: 1. Provide the description of the original patch along with a very long, detailed explanation of why the patch deviates from the upstream version, or 2. Post the patch below with a clarification that it was fixed upstream by commit 670ddd8cdcbd1. Any thoughts? [A] https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html#opt… [B] https://lkml.kernel.org/r/725a42a9-91e9-c868-925-e3a5fd40bb4f@google.com (Upstream commit 670ddd8cdcbd1) In any case, no matter how we backport this, it needs some review and feedback would be appreciated. The patch applies to v6.1 and v5.15, and v5.10 but not v5.4. From cf45867ab8e48b42160b7253390db7bdecef1455 Mon Sep 17 00:00:00 2001 From: Harry Yoo <harry.yoo(a)oracle.com> Date: Thu, 11 Sep 2025 20:05:40 +0900 Subject: [PATCH] mm, numa: fix bad pmd by atomically checking is_swap_pmd() in change_prot_numa() It was observed that a bad pmd is seen when automatic NUMA balancing is marking page table entries as prot_numa: [2437548.196018] mm/pgtable-generic.c:50: bad pmd 00000000af22fc02(dffffffe71fbfe02) With some kernel modification, the call stack was dumped: [2437548.235022] Call Trace: [2437548.238234] <TASK> [2437548.241060] dump_stack_lvl+0x46/0x61 [2437548.245689] panic+0x106/0x2e5 [2437548.249497] pmd_clear_bad+0x3c/0x3c [2437548.253967] change_pmd_range.isra.0+0x34d/0x3a7 [2437548.259537] change_p4d_range+0x156/0x20e [2437548.264392] change_protection_range+0x116/0x1a9 [2437548.269976] change_prot_numa+0x15/0x37 [2437548.274774] task_numa_work+0x1b8/0x302 [2437548.279512] task_work_run+0x62/0x95 [2437548.283882] exit_to_user_mode_loop+0x1a4/0x1a9 [2437548.289277] exit_to_user_mode_prepare+0xf4/0xfc [2437548.294751] ? sysvec_apic_timer_interrupt+0x34/0x81 [2437548.300677] irqentry_exit_to_user_mode+0x5/0x25 [2437548.306153] asm_sysvec_apic_timer_interrupt+0x16/0x1b This is due to a race condition between change_prot_numa() and THP migration because the kernel doesn't check is_swap_pmd() and pmd_trans_huge() atomically: change_prot_numa() THP migration ====================================================================== - change_pmd_range() -> is_swap_pmd() returns false, meaning it's not a PMD migration entry. - do_huge_pmd_numa_page() -> migrate_misplaced_page() sets migration entries for the THP. - change_pmd_range() -> pmd_none_or_clear_bad_unless_trans_huge() -> pmd_none() and pmd_trans_huge() returns false - pmd_none_or_clear_bad_unless_trans_huge() -> pmd_bad() returns true for the migration entry! For the race condition described above to occur: 1) AutoNUMA must be unmapping a range of pages, with at least part of the range already unmapped by AutoNUMA. 2) While AutoNUMA is in the process of unmapping, a NUMA hinting fault occurs within that range, specifically when we are about to unmap the PMD entry, between the is_swap_pmd() and pmd_trans_huge() checks. So this is a really rare race condition and it's observed that it takes usually a few days of autonuma-intensive testing to trigger. A bit of history on a similar race condition in the past: In fact, a similar race condition caused by not checking pmd_trans_huge() atomically was reported [1] in 2017. However, instead of the patch [1], another patch series [3] fixed the problem [2] by not clearing the pmd entry but invaliding it instead (so that pmd_trans_huge() would still return true). Despite patch series [3], the bad pmd error continued to be reported in mainline. As a result, [1] was resurrected [4] and it landed mainline in 2020 in a hope that it would resolve the issue. However, now it turns out that [3] was not sufficient. Fix this race condition by checking is_swap_pmd() and pmd_trans_huge() atomically. With that, the kernel should see either pmd_trans_huge() == true, or is_swap_pmd() == true when another task is migrating the page concurrently. This bug was introduced when THP migration support was added. More specifically, by commit 84c3fc4e9c56 ("mm: thp: check pmd migration entry in common path")). It is unintentionally fixed since v6.5 by commit 670ddd8cdcbd1 ("mm/mprotect: delete pmd_none_or_clear_bad_unless_trans_huge()") while removing pmd_none_or_clear_bad_unless_trans_huge() function. But it's not backported to -stable because it was fixed unintentionally. Link: https://lore.kernel.org/linux-mm/20170410094825.2yfo5zehn7pchg6a@techsingul… [1] Link: https://lore.kernel.org/linux-mm/8A6309F4-DB76-48FA-BE7F-BF9536A4C4E5@cs.ru… [2] Link: https://lore.kernel.org/linux-mm/20170302151034.27829-1-kirill.shutemov@lin… [3] Link: https://lore.kernel.org/linux-mm/20200216191800.22423-1-aquini@redhat.com [4] Fixes: 84c3fc4e9c56 ("mm: thp: check pmd migration entry in common path") Signed-off-by: Harry Yoo <harry.yoo(a)oracle.com> --- mm/mprotect.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mm/mprotect.c b/mm/mprotect.c index 668bfaa6ed2a..c0e796c0f9b0 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -303,7 +303,7 @@ static inline int pmd_none_or_clear_bad_unless_trans_huge(pmd_t *pmd) if (pmd_none(pmdval)) return 1; - if (pmd_trans_huge(pmdval)) + if (is_swap_pmd(pmdval) || pmd_trans_huge(pmdval)) return 0; if (unlikely(pmd_bad(pmdval))) { pmd_clear_bad(pmd); @@ -373,7 +373,7 @@ static inline unsigned long change_pmd_range(struct mmu_gather *tlb, * Hence, it's necessary to atomically read the PMD value * for all the checks. */ - if (!is_swap_pmd(*pmd) && !pmd_devmap(*pmd) && + if (!pmd_devmap(*pmd) && pmd_none_or_clear_bad_unless_trans_huge(pmd)) goto next; -- 2.43.0

1 week

2
9
0 0

[PATCH 6.12.y] drm/amd/display: fix dmub access race condition

by Timothy Pearson

From: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Justificiation: This fixes DisplayPort lockups on Polaris GPUs during DPMS transitions, which have been a major headache on our POWER9 platforms. Backport to Debian stable kernel version. [ Upstream commit c210b757b400959577a5a17b783b5959b82baed8 ] Accessing DC from amdgpu_dm is usually preceded by acquisition of dc_lock mutex. Most of the DC API that DM calls are under a DC lock. However, there are a few that are not. Some DC API called from interrupt context end up sending DMUB commands via a DC API, while other threads were using DMUB. This was apparent from a race between calls for setting idle optimization enable/disable and the DC API to set vmin/vmax. Offload the call to dc_stream_adjust_vmin_vmax() to a thread instead of directly calling them from the interrupt handler such that it waits for dc_lock. [Timothy Pearson] Modified header file patch to apply to 6.12 Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> Signed-off-by: Aurabindo Pillai <aurabindo.pillai(a)amd.com> Signed-off-by: Roman Li <roman.li(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Timothy Pearson <tpearson(a)raptorengineering.com> --- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 55 +++++++++++++++++-- .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h | 14 +++++ 2 files changed, 63 insertions(+), 6 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index b02ff92bae0b..fd6d66832ccf 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -533,6 +533,50 @@ static void dm_pflip_high_irq(void *interrupt_params) amdgpu_crtc->crtc_id, amdgpu_crtc, vrr_active, (int)!e); } +static void dm_handle_vmin_vmax_update(struct work_struct *offload_work) +{ + struct vupdate_offload_work *work = container_of(offload_work, struct vupdate_offload_work, work); + struct amdgpu_device *adev = work->adev; + struct dc_stream_state *stream = work->stream; + struct dc_crtc_timing_adjust *adjust = work->adjust; + + mutex_lock(&adev->dm.dc_lock); + dc_stream_adjust_vmin_vmax(adev->dm.dc, stream, adjust); + mutex_unlock(&adev->dm.dc_lock); + + dc_stream_release(stream); + kfree(work->adjust); + kfree(work); +} + +static void schedule_dc_vmin_vmax(struct amdgpu_device *adev, + struct dc_stream_state *stream, + struct dc_crtc_timing_adjust *adjust) +{ + struct vupdate_offload_work *offload_work = kzalloc(sizeof(*offload_work), GFP_KERNEL); + if (!offload_work) { + drm_dbg_driver(adev_to_drm(adev), "Failed to allocate vupdate_offload_work\n"); + return; + } + + struct dc_crtc_timing_adjust *adjust_copy = kzalloc(sizeof(*adjust_copy), GFP_KERNEL); + if (!adjust_copy) { + drm_dbg_driver(adev_to_drm(adev), "Failed to allocate adjust_copy\n"); + kfree(offload_work); + return; + } + + dc_stream_retain(stream); + memcpy(adjust_copy, adjust, sizeof(*adjust_copy)); + + INIT_WORK(&offload_work->work, dm_handle_vmin_vmax_update); + offload_work->adev = adev; + offload_work->stream = stream; + offload_work->adjust = adjust_copy; + + queue_work(system_wq, &offload_work->work); +} + static void dm_vupdate_high_irq(void *interrupt_params) { struct common_irq_params *irq_params = interrupt_params; @@ -582,10 +626,9 @@ static void dm_vupdate_high_irq(void *interrupt_params) acrtc->dm_irq_params.stream, &acrtc->dm_irq_params.vrr_params); - dc_stream_adjust_vmin_vmax( - adev->dm.dc, - acrtc->dm_irq_params.stream, - &acrtc->dm_irq_params.vrr_params.adjust); + schedule_dc_vmin_vmax(adev, + acrtc->dm_irq_params.stream, + &acrtc->dm_irq_params.vrr_params.adjust); spin_unlock_irqrestore(&adev_to_drm(adev)->event_lock, flags); } } @@ -675,8 +718,8 @@ static void dm_crtc_high_irq(void *interrupt_params) acrtc->dm_irq_params.stream, &acrtc->dm_irq_params.vrr_params); - dc_stream_adjust_vmin_vmax(adev->dm.dc, acrtc->dm_irq_params.stream, - &acrtc->dm_irq_params.vrr_params.adjust); + schedule_dc_vmin_vmax(adev, acrtc->dm_irq_params.stream, + &acrtc->dm_irq_params.vrr_params.adjust); } /* diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h index 9603352ee094..aa99e226a381 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.h @@ -1012,4 +1012,18 @@ void dm_free_gpu_mem(struct amdgpu_device *adev, bool amdgpu_dm_is_headless(struct amdgpu_device *adev); +/** + * struct dm_vupdate_work - Work data for periodic action in idle + * @work: Kernel work data for the work event + * @adev: amdgpu_device back pointer + * @stream: DC stream associated with the crtc + * @adjust: DC CRTC timing adjust to be applied to the crtc + */ +struct vupdate_offload_work { + struct work_struct work; + struct amdgpu_device *adev; + struct dc_stream_state *stream; + struct dc_crtc_timing_adjust *adjust; +}; + #endif /* __AMDGPU_DM_H__ */ -- 2.47.2

1 week

2
2
0 0

[PATCH 0/3] gpio: idio-16: Fix regmap initialization errors

by William Breathitt Gray

The migration of IDIO-16 GPIO drivers to the regmap API resulted in some regressions to the gpio-104-idio-16, gpio-pci-idio-16, and gpio-idio-16 modules. Specifically, the 104-idio-16 and pci-idio-16 GPIO drivers utilize regmap caching and thus must set max_register for their regmap_config, while gpio-idio-16 requires fixed_direction_output to represent the fixed direction of the IDIO-16 GPIO lines. Fixes for these regressions are provided by this series. Link: https://lore.kernel.org/r/cover.1680618405.git.william.gray@linaro.org Link: https://lore.kernel.org/r/9b0375fd-235f-4ee1-a7fa-daca296ef6bf@nutanix.com Signed-off-by: William Breathitt Gray <wbg(a)kernel.org> --- William Breathitt Gray (3): gpio: 104-idio-16: Define maximum valid register address offset gpio: pci-idio-16: Define maximum valid register address offset gpio: idio-16: Define fixed direction of the GPIO lines drivers/gpio/gpio-104-idio-16.c | 1 + drivers/gpio/gpio-idio-16.c | 5 +++++ drivers/gpio/gpio-pci-idio-16.c | 1 + 3 files changed, 7 insertions(+) --- base-commit: eba11116f39533d2e38cc5898014f2c95f32d23a change-id: 20251017-fix-gpio-idio-16-regmap-1282cdc56a19 Best regards, -- William Breathitt Gray <wbg(a)kernel.org>

1 week

4
10
0 0

FAILED: patch "[PATCH] HID: multitouch: fix sticky fingers" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 46f781e0d151844589dc2125c8cce3300546f92a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102008-likewise-rubbing-d48b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46f781e0d151844589dc2125c8cce3300546f92a Mon Sep 17 00:00:00 2001 From: Benjamin Tissoires <bentiss(a)kernel.org> Date: Wed, 8 Oct 2025 16:06:58 +0200 Subject: [PATCH] HID: multitouch: fix sticky fingers The sticky fingers quirk (MT_QUIRK_STICKY_FINGERS) was only considering the case when slots were not released during the last report. This can be problematic if the firmware forgets to release a finger while others are still present. This was observed on the Synaptics DLL0945 touchpad found on the Dell XPS 9310 and the Dell Inspiron 5406. Fixes: 4f4001bc76fd ("HID: multitouch: fix rare Win 8 cases when the touch up event gets missing") Cc: stable(a)vger.kernel.org Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c index 513b8673ad8d..179dc316b4b5 100644 --- a/drivers/hid/hid-multitouch.c +++ b/drivers/hid/hid-multitouch.c @@ -94,9 +94,8 @@ enum report_mode { TOUCHPAD_REPORT_ALL = TOUCHPAD_REPORT_BUTTONS | TOUCHPAD_REPORT_CONTACTS, }; -#define MT_IO_FLAGS_RUNNING 0 -#define MT_IO_FLAGS_ACTIVE_SLOTS 1 -#define MT_IO_FLAGS_PENDING_SLOTS 2 +#define MT_IO_SLOTS_MASK GENMASK(7, 0) /* reserve first 8 bits for slot tracking */ +#define MT_IO_FLAGS_RUNNING 32 static const bool mtrue = true; /* default for true */ static const bool mfalse; /* default for false */ @@ -172,7 +171,11 @@ struct mt_device { struct timer_list release_timer; /* to release sticky fingers */ struct hid_haptic_device *haptic; /* haptic related configuration */ struct hid_device *hdev; /* hid_device we're attached to */ - unsigned long mt_io_flags; /* mt flags (MT_IO_FLAGS_*) */ + unsigned long mt_io_flags; /* mt flags (MT_IO_FLAGS_RUNNING) + * first 8 bits are reserved for keeping the slot + * states, this is fine because we only support up + * to 250 slots (MT_MAX_MAXCONTACT) + */ __u8 inputmode_value; /* InputMode HID feature value */ __u8 maxcontacts; bool is_buttonpad; /* is this device a button pad? */ @@ -986,6 +989,7 @@ static void mt_release_pending_palms(struct mt_device *td, for_each_set_bit(slotnum, app->pending_palm_slots, td->maxcontacts) { clear_bit(slotnum, app->pending_palm_slots); + clear_bit(slotnum, &td->mt_io_flags); input_mt_slot(input, slotnum); input_mt_report_slot_inactive(input); @@ -1019,12 +1023,6 @@ static void mt_sync_frame(struct mt_device *td, struct mt_application *app, app->left_button_state = 0; if (td->is_haptic_touchpad) hid_haptic_pressure_reset(td->haptic); - - if (test_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags)) - set_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags); - else - clear_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags); - clear_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags); } static int mt_compute_timestamp(struct mt_application *app, __s32 value) @@ -1202,7 +1200,9 @@ static int mt_process_slot(struct mt_device *td, struct input_dev *input, input_event(input, EV_ABS, ABS_MT_TOUCH_MAJOR, major); input_event(input, EV_ABS, ABS_MT_TOUCH_MINOR, minor); - set_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags); + set_bit(slotnum, &td->mt_io_flags); + } else { + clear_bit(slotnum, &td->mt_io_flags); } return 0; @@ -1337,7 +1337,7 @@ static void mt_touch_report(struct hid_device *hid, * defect. */ if (app->quirks & MT_QUIRK_STICKY_FINGERS) { - if (test_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags)) + if (td->mt_io_flags & MT_IO_SLOTS_MASK) mod_timer(&td->release_timer, jiffies + msecs_to_jiffies(100)); else @@ -1814,6 +1814,7 @@ static void mt_release_contacts(struct hid_device *hid) for (i = 0; i < mt->num_slots; i++) { input_mt_slot(input_dev, i); input_mt_report_slot_inactive(input_dev); + clear_bit(i, &td->mt_io_flags); } input_mt_sync_frame(input_dev); input_sync(input_dev); @@ -1836,7 +1837,7 @@ static void mt_expired_timeout(struct timer_list *t) */ if (test_and_set_bit_lock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags)) return; - if (test_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags)) + if (td->mt_io_flags & MT_IO_SLOTS_MASK) mt_release_contacts(hdev); clear_bit_unlock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags); }

1 week

4
3
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: Avoid configuring if already" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 466f7a2fef2a4e426f809f79845a1ec1aeb558f4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101624-legacy-gab-3e94@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 466f7a2fef2a4e426f809f79845a1ec1aeb558f4 Mon Sep 17 00:00:00 2001 From: Sean Nyekjaer <sean(a)geanix.com> Date: Mon, 1 Sep 2025 09:49:15 +0200 Subject: [PATCH] iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Do as in suspend, skip resume configuration steps if the device is already pm_runtime suspended. This avoids reconfiguring a device that is already in the correct low-power state and ensures that pm_runtime handles the power state transitions properly. Fixes: 31c24c1e93c3 ("iio: imu: inv_icm42600: add core of new inv_icm42600 driver") Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> Link: https://patch.msgid.link/20250901-icm42pmreg-v3-3-ef1336246960@geanix.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c index 41b275ecc7e2..ee780f530dc8 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c @@ -837,17 +837,15 @@ static int inv_icm42600_suspend(struct device *dev) struct device *accel_dev; bool wakeup; int accel_conf; - int ret; + int ret = 0; mutex_lock(&st->lock); st->suspended.gyro = st->conf.gyro.mode; st->suspended.accel = st->conf.accel.mode; st->suspended.temp = st->conf.temp_en; - if (pm_runtime_suspended(dev)) { - ret = 0; + if (pm_runtime_suspended(dev)) goto out_unlock; - } /* disable FIFO data streaming */ if (st->fifo.on) { @@ -900,10 +898,13 @@ static int inv_icm42600_resume(struct device *dev) struct inv_icm42600_sensor_state *accel_st = iio_priv(st->indio_accel); struct device *accel_dev; bool wakeup; - int ret; + int ret = 0; mutex_lock(&st->lock); + if (pm_runtime_suspended(dev)) + goto out_unlock; + /* check wakeup capability */ accel_dev = &st->indio_accel->dev; wakeup = st->apex.on && device_may_wakeup(accel_dev);

1 week

2
2
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: Avoid configuring if already" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 466f7a2fef2a4e426f809f79845a1ec1aeb558f4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101624-blazing-sharpener-111d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 466f7a2fef2a4e426f809f79845a1ec1aeb558f4 Mon Sep 17 00:00:00 2001 From: Sean Nyekjaer <sean(a)geanix.com> Date: Mon, 1 Sep 2025 09:49:15 +0200 Subject: [PATCH] iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Do as in suspend, skip resume configuration steps if the device is already pm_runtime suspended. This avoids reconfiguring a device that is already in the correct low-power state and ensures that pm_runtime handles the power state transitions properly. Fixes: 31c24c1e93c3 ("iio: imu: inv_icm42600: add core of new inv_icm42600 driver") Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> Link: https://patch.msgid.link/20250901-icm42pmreg-v3-3-ef1336246960@geanix.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c index 41b275ecc7e2..ee780f530dc8 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c @@ -837,17 +837,15 @@ static int inv_icm42600_suspend(struct device *dev) struct device *accel_dev; bool wakeup; int accel_conf; - int ret; + int ret = 0; mutex_lock(&st->lock); st->suspended.gyro = st->conf.gyro.mode; st->suspended.accel = st->conf.accel.mode; st->suspended.temp = st->conf.temp_en; - if (pm_runtime_suspended(dev)) { - ret = 0; + if (pm_runtime_suspended(dev)) goto out_unlock; - } /* disable FIFO data streaming */ if (st->fifo.on) { @@ -900,10 +898,13 @@ static int inv_icm42600_resume(struct device *dev) struct inv_icm42600_sensor_state *accel_st = iio_priv(st->indio_accel); struct device *accel_dev; bool wakeup; - int ret; + int ret = 0; mutex_lock(&st->lock); + if (pm_runtime_suspended(dev)) + goto out_unlock; + /* check wakeup capability */ accel_dev = &st->indio_accel->dev; wakeup = st->apex.on && device_may_wakeup(accel_dev);

1 week

2
2
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: Avoid configuring if already" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 466f7a2fef2a4e426f809f79845a1ec1aeb558f4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101623-clarify-manhood-adaa@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 466f7a2fef2a4e426f809f79845a1ec1aeb558f4 Mon Sep 17 00:00:00 2001 From: Sean Nyekjaer <sean(a)geanix.com> Date: Mon, 1 Sep 2025 09:49:15 +0200 Subject: [PATCH] iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Do as in suspend, skip resume configuration steps if the device is already pm_runtime suspended. This avoids reconfiguring a device that is already in the correct low-power state and ensures that pm_runtime handles the power state transitions properly. Fixes: 31c24c1e93c3 ("iio: imu: inv_icm42600: add core of new inv_icm42600 driver") Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> Link: https://patch.msgid.link/20250901-icm42pmreg-v3-3-ef1336246960@geanix.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c index 41b275ecc7e2..ee780f530dc8 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c @@ -837,17 +837,15 @@ static int inv_icm42600_suspend(struct device *dev) struct device *accel_dev; bool wakeup; int accel_conf; - int ret; + int ret = 0; mutex_lock(&st->lock); st->suspended.gyro = st->conf.gyro.mode; st->suspended.accel = st->conf.accel.mode; st->suspended.temp = st->conf.temp_en; - if (pm_runtime_suspended(dev)) { - ret = 0; + if (pm_runtime_suspended(dev)) goto out_unlock; - } /* disable FIFO data streaming */ if (st->fifo.on) { @@ -900,10 +898,13 @@ static int inv_icm42600_resume(struct device *dev) struct inv_icm42600_sensor_state *accel_st = iio_priv(st->indio_accel); struct device *accel_dev; bool wakeup; - int ret; + int ret = 0; mutex_lock(&st->lock); + if (pm_runtime_suspended(dev)) + goto out_unlock; + /* check wakeup capability */ accel_dev = &st->indio_accel->dev; wakeup = st->apex.on && device_may_wakeup(accel_dev);

1 week

2
2
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: Avoid configuring if already" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 466f7a2fef2a4e426f809f79845a1ec1aeb558f4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101623-dry-crummiest-15b3@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 466f7a2fef2a4e426f809f79845a1ec1aeb558f4 Mon Sep 17 00:00:00 2001 From: Sean Nyekjaer <sean(a)geanix.com> Date: Mon, 1 Sep 2025 09:49:15 +0200 Subject: [PATCH] iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Do as in suspend, skip resume configuration steps if the device is already pm_runtime suspended. This avoids reconfiguring a device that is already in the correct low-power state and ensures that pm_runtime handles the power state transitions properly. Fixes: 31c24c1e93c3 ("iio: imu: inv_icm42600: add core of new inv_icm42600 driver") Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> Link: https://patch.msgid.link/20250901-icm42pmreg-v3-3-ef1336246960@geanix.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c index 41b275ecc7e2..ee780f530dc8 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c @@ -837,17 +837,15 @@ static int inv_icm42600_suspend(struct device *dev) struct device *accel_dev; bool wakeup; int accel_conf; - int ret; + int ret = 0; mutex_lock(&st->lock); st->suspended.gyro = st->conf.gyro.mode; st->suspended.accel = st->conf.accel.mode; st->suspended.temp = st->conf.temp_en; - if (pm_runtime_suspended(dev)) { - ret = 0; + if (pm_runtime_suspended(dev)) goto out_unlock; - } /* disable FIFO data streaming */ if (st->fifo.on) { @@ -900,10 +898,13 @@ static int inv_icm42600_resume(struct device *dev) struct inv_icm42600_sensor_state *accel_st = iio_priv(st->indio_accel); struct device *accel_dev; bool wakeup; - int ret; + int ret = 0; mutex_lock(&st->lock); + if (pm_runtime_suspended(dev)) + goto out_unlock; + /* check wakeup capability */ accel_dev = &st->indio_accel->dev; wakeup = st->apex.on && device_may_wakeup(accel_dev);

1 week

2
2
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: Avoid configuring if already" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 466f7a2fef2a4e426f809f79845a1ec1aeb558f4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101623-attractor-shopper-b67e@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 466f7a2fef2a4e426f809f79845a1ec1aeb558f4 Mon Sep 17 00:00:00 2001 From: Sean Nyekjaer <sean(a)geanix.com> Date: Mon, 1 Sep 2025 09:49:15 +0200 Subject: [PATCH] iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Do as in suspend, skip resume configuration steps if the device is already pm_runtime suspended. This avoids reconfiguring a device that is already in the correct low-power state and ensures that pm_runtime handles the power state transitions properly. Fixes: 31c24c1e93c3 ("iio: imu: inv_icm42600: add core of new inv_icm42600 driver") Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> Link: https://patch.msgid.link/20250901-icm42pmreg-v3-3-ef1336246960@geanix.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c index 41b275ecc7e2..ee780f530dc8 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c @@ -837,17 +837,15 @@ static int inv_icm42600_suspend(struct device *dev) struct device *accel_dev; bool wakeup; int accel_conf; - int ret; + int ret = 0; mutex_lock(&st->lock); st->suspended.gyro = st->conf.gyro.mode; st->suspended.accel = st->conf.accel.mode; st->suspended.temp = st->conf.temp_en; - if (pm_runtime_suspended(dev)) { - ret = 0; + if (pm_runtime_suspended(dev)) goto out_unlock; - } /* disable FIFO data streaming */ if (st->fifo.on) { @@ -900,10 +898,13 @@ static int inv_icm42600_resume(struct device *dev) struct inv_icm42600_sensor_state *accel_st = iio_priv(st->indio_accel); struct device *accel_dev; bool wakeup; - int ret; + int ret = 0; mutex_lock(&st->lock); + if (pm_runtime_suspended(dev)) + goto out_unlock; + /* check wakeup capability */ accel_dev = &st->indio_accel->dev; wakeup = st->apex.on && device_may_wakeup(accel_dev);

1 week

2
1
0 0

FAILED: patch "[PATCH] md: fix mssing blktrace bio split events" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 22f166218f7313e8fe2d19213b5f4b3265f8c39e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101606-eggshell-static-9bca@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 22f166218f7313e8fe2d19213b5f4b3265f8c39e Mon Sep 17 00:00:00 2001 From: Yu Kuai <yukuai3(a)huawei.com> Date: Wed, 10 Sep 2025 14:30:44 +0800 Subject: [PATCH] md: fix mssing blktrace bio split events If bio is split by internal handling like chunksize or badblocks, the corresponding trace_block_split() is missing, resulting in blktrace inability to catch BIO split events and making it harder to analyze the BIO sequence. Cc: stable(a)vger.kernel.org Fixes: 4b1faf931650 ("block: Kill bio_pair_split()") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Reviewed-by: Damien Le Moal <dlemoal(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/drivers/md/md-linear.c b/drivers/md/md-linear.c index 5d9b08115375..59d7963c7843 100644 --- a/drivers/md/md-linear.c +++ b/drivers/md/md-linear.c @@ -266,6 +266,7 @@ static bool linear_make_request(struct mddev *mddev, struct bio *bio) } bio_chain(split, bio); + trace_block_split(split, bio->bi_iter.bi_sector); submit_bio_noacct(bio); bio = split; } diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c index f1d8811a542a..1ba7d0c090f7 100644 --- a/drivers/md/raid0.c +++ b/drivers/md/raid0.c @@ -472,7 +472,9 @@ static void raid0_handle_discard(struct mddev *mddev, struct bio *bio) bio_endio(bio); return; } + bio_chain(split, bio); + trace_block_split(split, bio->bi_iter.bi_sector); submit_bio_noacct(bio); bio = split; end = zone->zone_end; @@ -620,7 +622,9 @@ static bool raid0_make_request(struct mddev *mddev, struct bio *bio) bio_endio(bio); return true; } + bio_chain(split, bio); + trace_block_split(split, bio->bi_iter.bi_sector); raid0_map_submit_bio(mddev, bio); bio = split; } diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c index f096f4d0fca7..64a1e0b47e87 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c @@ -1384,7 +1384,9 @@ static void raid1_read_request(struct mddev *mddev, struct bio *bio, error = PTR_ERR(split); goto err_handle; } + bio_chain(split, bio); + trace_block_split(split, bio->bi_iter.bi_sector); submit_bio_noacct(bio); bio = split; r1_bio->master_bio = bio; @@ -1616,7 +1618,9 @@ static void raid1_write_request(struct mddev *mddev, struct bio *bio, error = PTR_ERR(split); goto err_handle; } + bio_chain(split, bio); + trace_block_split(split, bio->bi_iter.bi_sector); submit_bio_noacct(bio); bio = split; r1_bio->master_bio = bio; diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c index 312e8a0e93e7..3d7b24d6b4eb 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c @@ -1209,7 +1209,9 @@ static void raid10_read_request(struct mddev *mddev, struct bio *bio, error = PTR_ERR(split); goto err_handle; } + bio_chain(split, bio); + trace_block_split(split, bio->bi_iter.bi_sector); allow_barrier(conf); submit_bio_noacct(bio); wait_barrier(conf, false); @@ -1495,7 +1497,9 @@ static void raid10_write_request(struct mddev *mddev, struct bio *bio, error = PTR_ERR(split); goto err_handle; } + bio_chain(split, bio); + trace_block_split(split, bio->bi_iter.bi_sector); allow_barrier(conf); submit_bio_noacct(bio); wait_barrier(conf, false); @@ -1679,7 +1683,9 @@ static int raid10_handle_discard(struct mddev *mddev, struct bio *bio) bio_endio(bio); return 0; } + bio_chain(split, bio); + trace_block_split(split, bio->bi_iter.bi_sector); allow_barrier(conf); /* Resend the fist split part */ submit_bio_noacct(split); @@ -1694,7 +1700,9 @@ static int raid10_handle_discard(struct mddev *mddev, struct bio *bio) bio_endio(bio); return 0; } + bio_chain(split, bio); + trace_block_split(split, bio->bi_iter.bi_sector); allow_barrier(conf); /* Resend the second split part */ submit_bio_noacct(bio); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c index 5112658ef5f6..96a6d63b3d62 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c @@ -5493,8 +5493,10 @@ static struct bio *chunk_aligned_read(struct mddev *mddev, struct bio *raid_bio) if (sectors < bio_sectors(raid_bio)) { struct r5conf *conf = mddev->private; + split = bio_split(raid_bio, sectors, GFP_NOIO, &conf->bio_split); bio_chain(split, raid_bio); + trace_block_split(split, raid_bio->bi_iter.bi_sector); submit_bio_noacct(raid_bio); raid_bio = split; }

1 week

2
4
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: Simplify pm_runtime setup" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0792c1984a45ccd7a296d6b8cb78088bc99a212e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101603-magnetism-bonded-4bc7@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0792c1984a45ccd7a296d6b8cb78088bc99a212e Mon Sep 17 00:00:00 2001 From: Sean Nyekjaer <sean(a)geanix.com> Date: Mon, 1 Sep 2025 09:49:13 +0200 Subject: [PATCH] iio: imu: inv_icm42600: Simplify pm_runtime setup Rework the power management in inv_icm42600_core_probe() to use devm_pm_runtime_set_active_enabled(), which simplifies the runtime PM setup by handling activation and enabling in one step. Remove the separate inv_icm42600_disable_pm callback, as it's no longer needed with the devm-managed approach. Using devm_pm_runtime_enable() also fixes the missing disable of autosuspend. Update inv_icm42600_disable_vddio_reg() to only disable the regulator if the device is not suspended i.e. powered-down, preventing unbalanced disables. Also remove redundant error msg on regulator_disable(), the regulator framework already emits an error message when regulator_disable() fails. This simplifies the PM setup and avoids manipulating the usage counter unnecessarily. Fixes: 31c24c1e93c3 ("iio: imu: inv_icm42600: add core of new inv_icm42600 driver") Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> Link: https://patch.msgid.link/20250901-icm42pmreg-v3-1-ef1336246960@geanix.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c index a4d42e7e2180..76d8e4f14d87 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c @@ -711,20 +711,12 @@ static void inv_icm42600_disable_vdd_reg(void *_data) static void inv_icm42600_disable_vddio_reg(void *_data) { struct inv_icm42600_state *st = _data; - const struct device *dev = regmap_get_device(st->map); - int ret; + struct device *dev = regmap_get_device(st->map); - ret = regulator_disable(st->vddio_supply); - if (ret) - dev_err(dev, "failed to disable vddio error %d\n", ret); -} + if (pm_runtime_status_suspended(dev)) + return; -static void inv_icm42600_disable_pm(void *_data) -{ - struct device *dev = _data; - - pm_runtime_put_sync(dev); - pm_runtime_disable(dev); + regulator_disable(st->vddio_supply); } int inv_icm42600_core_probe(struct regmap *regmap, int chip, @@ -824,16 +816,14 @@ int inv_icm42600_core_probe(struct regmap *regmap, int chip, return ret; /* setup runtime power management */ - ret = pm_runtime_set_active(dev); + ret = devm_pm_runtime_set_active_enabled(dev); if (ret) return ret; - pm_runtime_get_noresume(dev); - pm_runtime_enable(dev); + pm_runtime_set_autosuspend_delay(dev, INV_ICM42600_SUSPEND_DELAY_MS); pm_runtime_use_autosuspend(dev); - pm_runtime_put(dev); - return devm_add_action_or_reset(dev, inv_icm42600_disable_pm, dev); + return ret; } EXPORT_SYMBOL_NS_GPL(inv_icm42600_core_probe, "IIO_ICM42600");

1 week

2
2
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: Simplify pm_runtime setup" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 0792c1984a45ccd7a296d6b8cb78088bc99a212e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101603-foster-panning-5b9a@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0792c1984a45ccd7a296d6b8cb78088bc99a212e Mon Sep 17 00:00:00 2001 From: Sean Nyekjaer <sean(a)geanix.com> Date: Mon, 1 Sep 2025 09:49:13 +0200 Subject: [PATCH] iio: imu: inv_icm42600: Simplify pm_runtime setup Rework the power management in inv_icm42600_core_probe() to use devm_pm_runtime_set_active_enabled(), which simplifies the runtime PM setup by handling activation and enabling in one step. Remove the separate inv_icm42600_disable_pm callback, as it's no longer needed with the devm-managed approach. Using devm_pm_runtime_enable() also fixes the missing disable of autosuspend. Update inv_icm42600_disable_vddio_reg() to only disable the regulator if the device is not suspended i.e. powered-down, preventing unbalanced disables. Also remove redundant error msg on regulator_disable(), the regulator framework already emits an error message when regulator_disable() fails. This simplifies the PM setup and avoids manipulating the usage counter unnecessarily. Fixes: 31c24c1e93c3 ("iio: imu: inv_icm42600: add core of new inv_icm42600 driver") Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> Link: https://patch.msgid.link/20250901-icm42pmreg-v3-1-ef1336246960@geanix.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c index a4d42e7e2180..76d8e4f14d87 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c @@ -711,20 +711,12 @@ static void inv_icm42600_disable_vdd_reg(void *_data) static void inv_icm42600_disable_vddio_reg(void *_data) { struct inv_icm42600_state *st = _data; - const struct device *dev = regmap_get_device(st->map); - int ret; + struct device *dev = regmap_get_device(st->map); - ret = regulator_disable(st->vddio_supply); - if (ret) - dev_err(dev, "failed to disable vddio error %d\n", ret); -} + if (pm_runtime_status_suspended(dev)) + return; -static void inv_icm42600_disable_pm(void *_data) -{ - struct device *dev = _data; - - pm_runtime_put_sync(dev); - pm_runtime_disable(dev); + regulator_disable(st->vddio_supply); } int inv_icm42600_core_probe(struct regmap *regmap, int chip, @@ -824,16 +816,14 @@ int inv_icm42600_core_probe(struct regmap *regmap, int chip, return ret; /* setup runtime power management */ - ret = pm_runtime_set_active(dev); + ret = devm_pm_runtime_set_active_enabled(dev); if (ret) return ret; - pm_runtime_get_noresume(dev); - pm_runtime_enable(dev); + pm_runtime_set_autosuspend_delay(dev, INV_ICM42600_SUSPEND_DELAY_MS); pm_runtime_use_autosuspend(dev); - pm_runtime_put(dev); - return devm_add_action_or_reset(dev, inv_icm42600_disable_pm, dev); + return ret; } EXPORT_SYMBOL_NS_GPL(inv_icm42600_core_probe, "IIO_ICM42600");

1 week

2
2
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: Simplify pm_runtime setup" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 0792c1984a45ccd7a296d6b8cb78088bc99a212e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101602-monogram-ferry-a69a@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0792c1984a45ccd7a296d6b8cb78088bc99a212e Mon Sep 17 00:00:00 2001 From: Sean Nyekjaer <sean(a)geanix.com> Date: Mon, 1 Sep 2025 09:49:13 +0200 Subject: [PATCH] iio: imu: inv_icm42600: Simplify pm_runtime setup Rework the power management in inv_icm42600_core_probe() to use devm_pm_runtime_set_active_enabled(), which simplifies the runtime PM setup by handling activation and enabling in one step. Remove the separate inv_icm42600_disable_pm callback, as it's no longer needed with the devm-managed approach. Using devm_pm_runtime_enable() also fixes the missing disable of autosuspend. Update inv_icm42600_disable_vddio_reg() to only disable the regulator if the device is not suspended i.e. powered-down, preventing unbalanced disables. Also remove redundant error msg on regulator_disable(), the regulator framework already emits an error message when regulator_disable() fails. This simplifies the PM setup and avoids manipulating the usage counter unnecessarily. Fixes: 31c24c1e93c3 ("iio: imu: inv_icm42600: add core of new inv_icm42600 driver") Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> Link: https://patch.msgid.link/20250901-icm42pmreg-v3-1-ef1336246960@geanix.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c index a4d42e7e2180..76d8e4f14d87 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c @@ -711,20 +711,12 @@ static void inv_icm42600_disable_vdd_reg(void *_data) static void inv_icm42600_disable_vddio_reg(void *_data) { struct inv_icm42600_state *st = _data; - const struct device *dev = regmap_get_device(st->map); - int ret; + struct device *dev = regmap_get_device(st->map); - ret = regulator_disable(st->vddio_supply); - if (ret) - dev_err(dev, "failed to disable vddio error %d\n", ret); -} + if (pm_runtime_status_suspended(dev)) + return; -static void inv_icm42600_disable_pm(void *_data) -{ - struct device *dev = _data; - - pm_runtime_put_sync(dev); - pm_runtime_disable(dev); + regulator_disable(st->vddio_supply); } int inv_icm42600_core_probe(struct regmap *regmap, int chip, @@ -824,16 +816,14 @@ int inv_icm42600_core_probe(struct regmap *regmap, int chip, return ret; /* setup runtime power management */ - ret = pm_runtime_set_active(dev); + ret = devm_pm_runtime_set_active_enabled(dev); if (ret) return ret; - pm_runtime_get_noresume(dev); - pm_runtime_enable(dev); + pm_runtime_set_autosuspend_delay(dev, INV_ICM42600_SUSPEND_DELAY_MS); pm_runtime_use_autosuspend(dev); - pm_runtime_put(dev); - return devm_add_action_or_reset(dev, inv_icm42600_disable_pm, dev); + return ret; } EXPORT_SYMBOL_NS_GPL(inv_icm42600_core_probe, "IIO_ICM42600");

1 week

2
2
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: Simplify pm_runtime setup" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 0792c1984a45ccd7a296d6b8cb78088bc99a212e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101601-document-unwound-ffc9@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0792c1984a45ccd7a296d6b8cb78088bc99a212e Mon Sep 17 00:00:00 2001 From: Sean Nyekjaer <sean(a)geanix.com> Date: Mon, 1 Sep 2025 09:49:13 +0200 Subject: [PATCH] iio: imu: inv_icm42600: Simplify pm_runtime setup Rework the power management in inv_icm42600_core_probe() to use devm_pm_runtime_set_active_enabled(), which simplifies the runtime PM setup by handling activation and enabling in one step. Remove the separate inv_icm42600_disable_pm callback, as it's no longer needed with the devm-managed approach. Using devm_pm_runtime_enable() also fixes the missing disable of autosuspend. Update inv_icm42600_disable_vddio_reg() to only disable the regulator if the device is not suspended i.e. powered-down, preventing unbalanced disables. Also remove redundant error msg on regulator_disable(), the regulator framework already emits an error message when regulator_disable() fails. This simplifies the PM setup and avoids manipulating the usage counter unnecessarily. Fixes: 31c24c1e93c3 ("iio: imu: inv_icm42600: add core of new inv_icm42600 driver") Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> Link: https://patch.msgid.link/20250901-icm42pmreg-v3-1-ef1336246960@geanix.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c index a4d42e7e2180..76d8e4f14d87 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c @@ -711,20 +711,12 @@ static void inv_icm42600_disable_vdd_reg(void *_data) static void inv_icm42600_disable_vddio_reg(void *_data) { struct inv_icm42600_state *st = _data; - const struct device *dev = regmap_get_device(st->map); - int ret; + struct device *dev = regmap_get_device(st->map); - ret = regulator_disable(st->vddio_supply); - if (ret) - dev_err(dev, "failed to disable vddio error %d\n", ret); -} + if (pm_runtime_status_suspended(dev)) + return; -static void inv_icm42600_disable_pm(void *_data) -{ - struct device *dev = _data; - - pm_runtime_put_sync(dev); - pm_runtime_disable(dev); + regulator_disable(st->vddio_supply); } int inv_icm42600_core_probe(struct regmap *regmap, int chip, @@ -824,16 +816,14 @@ int inv_icm42600_core_probe(struct regmap *regmap, int chip, return ret; /* setup runtime power management */ - ret = pm_runtime_set_active(dev); + ret = devm_pm_runtime_set_active_enabled(dev); if (ret) return ret; - pm_runtime_get_noresume(dev); - pm_runtime_enable(dev); + pm_runtime_set_autosuspend_delay(dev, INV_ICM42600_SUSPEND_DELAY_MS); pm_runtime_use_autosuspend(dev); - pm_runtime_put(dev); - return devm_add_action_or_reset(dev, inv_icm42600_disable_pm, dev); + return ret; } EXPORT_SYMBOL_NS_GPL(inv_icm42600_core_probe, "IIO_ICM42600");

1 week

2
2
0 0

FAILED: patch "[PATCH] iio: imu: inv_icm42600: Simplify pm_runtime setup" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 0792c1984a45ccd7a296d6b8cb78088bc99a212e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101601-manicure-opposite-4330@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0792c1984a45ccd7a296d6b8cb78088bc99a212e Mon Sep 17 00:00:00 2001 From: Sean Nyekjaer <sean(a)geanix.com> Date: Mon, 1 Sep 2025 09:49:13 +0200 Subject: [PATCH] iio: imu: inv_icm42600: Simplify pm_runtime setup Rework the power management in inv_icm42600_core_probe() to use devm_pm_runtime_set_active_enabled(), which simplifies the runtime PM setup by handling activation and enabling in one step. Remove the separate inv_icm42600_disable_pm callback, as it's no longer needed with the devm-managed approach. Using devm_pm_runtime_enable() also fixes the missing disable of autosuspend. Update inv_icm42600_disable_vddio_reg() to only disable the regulator if the device is not suspended i.e. powered-down, preventing unbalanced disables. Also remove redundant error msg on regulator_disable(), the regulator framework already emits an error message when regulator_disable() fails. This simplifies the PM setup and avoids manipulating the usage counter unnecessarily. Fixes: 31c24c1e93c3 ("iio: imu: inv_icm42600: add core of new inv_icm42600 driver") Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> Link: https://patch.msgid.link/20250901-icm42pmreg-v3-1-ef1336246960@geanix.com Cc: <Stable(a)vger.kernel.org> Signed-off-by: Jonathan Cameron <Jonathan.Cameron(a)huawei.com> diff --git a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c index a4d42e7e2180..76d8e4f14d87 100644 --- a/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c +++ b/drivers/iio/imu/inv_icm42600/inv_icm42600_core.c @@ -711,20 +711,12 @@ static void inv_icm42600_disable_vdd_reg(void *_data) static void inv_icm42600_disable_vddio_reg(void *_data) { struct inv_icm42600_state *st = _data; - const struct device *dev = regmap_get_device(st->map); - int ret; + struct device *dev = regmap_get_device(st->map); - ret = regulator_disable(st->vddio_supply); - if (ret) - dev_err(dev, "failed to disable vddio error %d\n", ret); -} + if (pm_runtime_status_suspended(dev)) + return; -static void inv_icm42600_disable_pm(void *_data) -{ - struct device *dev = _data; - - pm_runtime_put_sync(dev); - pm_runtime_disable(dev); + regulator_disable(st->vddio_supply); } int inv_icm42600_core_probe(struct regmap *regmap, int chip, @@ -824,16 +816,14 @@ int inv_icm42600_core_probe(struct regmap *regmap, int chip, return ret; /* setup runtime power management */ - ret = pm_runtime_set_active(dev); + ret = devm_pm_runtime_set_active_enabled(dev); if (ret) return ret; - pm_runtime_get_noresume(dev); - pm_runtime_enable(dev); + pm_runtime_set_autosuspend_delay(dev, INV_ICM42600_SUSPEND_DELAY_MS); pm_runtime_use_autosuspend(dev); - pm_runtime_put(dev); - return devm_add_action_or_reset(dev, inv_icm42600_disable_pm, dev); + return ret; } EXPORT_SYMBOL_NS_GPL(inv_icm42600_core_probe, "IIO_ICM42600");

1 week

2
2
0 0

FAILED: patch "[PATCH] phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 284fb19a3ffb1083c3ad9c00d29749d09dddb99c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101614-sphere-flagman-052d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 284fb19a3ffb1083c3ad9c00d29749d09dddb99c Mon Sep 17 00:00:00 2001 From: Devarsh Thakkar <devarsht(a)ti.com> Date: Fri, 4 Jul 2025 18:29:14 +0530 Subject: [PATCH] phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling PLL lockup and O_CMN_READY assertion can only happen after common state machine gets enabled by programming DPHY_CMN_SSM register, but driver was polling them before the common state machine was enabled which is incorrect. This is as per the DPHY initialization sequence as mentioned in J721E TRM [1] at section "12.7.2.4.1.2.1 Start-up Sequence Timing Diagram". It shows O_CMN_READY polling at the end after common configuration pin setup where the common configuration pin setup step enables state machine as referenced in "Table 12-1533. Common Configuration-Related Setup mentions state machine" To fix this : - Add new function callbacks for polling on PLL lock and O_CMN_READY assertion. - As state machine and clocks get enabled in power_on callback only, move the clock related programming part from configure callback to power_on callback and poll for the PLL lockup and O_CMN_READY assertion after state machine gets enabled. - The configure callback only saves the PLL configuration received from the client driver which will be applied later on in power_on callback. - Add checks to ensure configure is called before power_on and state machine is in disabled state before power_on callback is called. - Disable state machine in power_off so that client driver can re-configure the PLL by following up a power_off, configure, power_on sequence. [1]: https://www.ti.com/lit/zip/spruil1 Cc: stable(a)vger.kernel.org Fixes: 7a343c8bf4b5 ("phy: Add Cadence D-PHY support") Signed-off-by: Devarsh Thakkar <devarsht(a)ti.com> Tested-by: Harikrishna Shenoy <h-shenoy(a)ti.com> Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Link: https://lore.kernel.org/r/20250704125915.1224738-2-devarsht@ti.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/phy/cadence/cdns-dphy.c b/drivers/phy/cadence/cdns-dphy.c index 33a42e72362e..da8de0a9d086 100644 --- a/drivers/phy/cadence/cdns-dphy.c +++ b/drivers/phy/cadence/cdns-dphy.c @@ -92,6 +92,8 @@ struct cdns_dphy_ops { void (*set_pll_cfg)(struct cdns_dphy *dphy, const struct cdns_dphy_cfg *cfg); unsigned long (*get_wakeup_time_ns)(struct cdns_dphy *dphy); + int (*wait_for_pll_lock)(struct cdns_dphy *dphy); + int (*wait_for_cmn_ready)(struct cdns_dphy *dphy); }; struct cdns_dphy { @@ -101,6 +103,8 @@ struct cdns_dphy { struct clk *pll_ref_clk; const struct cdns_dphy_ops *ops; struct phy *phy; + bool is_configured; + bool is_powered; }; /* Order of bands is important since the index is the band number. */ @@ -186,6 +190,16 @@ static unsigned long cdns_dphy_get_wakeup_time_ns(struct cdns_dphy *dphy) return dphy->ops->get_wakeup_time_ns(dphy); } +static int cdns_dphy_wait_for_pll_lock(struct cdns_dphy *dphy) +{ + return dphy->ops->wait_for_pll_lock ? dphy->ops->wait_for_pll_lock(dphy) : 0; +} + +static int cdns_dphy_wait_for_cmn_ready(struct cdns_dphy *dphy) +{ + return dphy->ops->wait_for_cmn_ready ? dphy->ops->wait_for_cmn_ready(dphy) : 0; +} + static unsigned long cdns_dphy_ref_get_wakeup_time_ns(struct cdns_dphy *dphy) { /* Default wakeup time is 800 ns (in a simulated environment). */ @@ -227,7 +241,6 @@ static unsigned long cdns_dphy_j721e_get_wakeup_time_ns(struct cdns_dphy *dphy) static void cdns_dphy_j721e_set_pll_cfg(struct cdns_dphy *dphy, const struct cdns_dphy_cfg *cfg) { - u32 status; /* * set the PWM and PLL Byteclk divider settings to recommended values @@ -244,13 +257,6 @@ static void cdns_dphy_j721e_set_pll_cfg(struct cdns_dphy *dphy, writel(DPHY_TX_J721E_WIZ_LANE_RSTB, dphy->regs + DPHY_TX_J721E_WIZ_RST_CTRL); - - readl_poll_timeout(dphy->regs + DPHY_TX_J721E_WIZ_PLL_CTRL, status, - (status & DPHY_TX_WIZ_PLL_LOCK), 0, POLL_TIMEOUT_US); - - readl_poll_timeout(dphy->regs + DPHY_TX_J721E_WIZ_STATUS, status, - (status & DPHY_TX_WIZ_O_CMN_READY), 0, - POLL_TIMEOUT_US); } static void cdns_dphy_j721e_set_psm_div(struct cdns_dphy *dphy, u8 div) @@ -258,6 +264,23 @@ static void cdns_dphy_j721e_set_psm_div(struct cdns_dphy *dphy, u8 div) writel(div, dphy->regs + DPHY_TX_J721E_WIZ_PSM_FREQ); } +static int cdns_dphy_j721e_wait_for_pll_lock(struct cdns_dphy *dphy) +{ + u32 status; + + return readl_poll_timeout(dphy->regs + DPHY_TX_J721E_WIZ_PLL_CTRL, status, + status & DPHY_TX_WIZ_PLL_LOCK, 0, POLL_TIMEOUT_US); +} + +static int cdns_dphy_j721e_wait_for_cmn_ready(struct cdns_dphy *dphy) +{ + u32 status; + + return readl_poll_timeout(dphy->regs + DPHY_TX_J721E_WIZ_STATUS, status, + status & DPHY_TX_WIZ_O_CMN_READY, 0, + POLL_TIMEOUT_US); +} + /* * This is the reference implementation of DPHY hooks. Specific integration of * this IP may have to re-implement some of them depending on how they decided @@ -273,6 +296,8 @@ static const struct cdns_dphy_ops j721e_dphy_ops = { .get_wakeup_time_ns = cdns_dphy_j721e_get_wakeup_time_ns, .set_pll_cfg = cdns_dphy_j721e_set_pll_cfg, .set_psm_div = cdns_dphy_j721e_set_psm_div, + .wait_for_pll_lock = cdns_dphy_j721e_wait_for_pll_lock, + .wait_for_cmn_ready = cdns_dphy_j721e_wait_for_cmn_ready, }; static int cdns_dphy_config_from_opts(struct phy *phy, @@ -328,21 +353,36 @@ static int cdns_dphy_validate(struct phy *phy, enum phy_mode mode, int submode, static int cdns_dphy_configure(struct phy *phy, union phy_configure_opts *opts) { struct cdns_dphy *dphy = phy_get_drvdata(phy); - struct cdns_dphy_cfg cfg = { 0 }; - int ret, band_ctrl; - unsigned int reg; + int ret; - ret = cdns_dphy_config_from_opts(phy, &opts->mipi_dphy, &cfg); - if (ret) - return ret; + ret = cdns_dphy_config_from_opts(phy, &opts->mipi_dphy, &dphy->cfg); + if (!ret) + dphy->is_configured = true; + + return ret; +} + +static int cdns_dphy_power_on(struct phy *phy) +{ + struct cdns_dphy *dphy = phy_get_drvdata(phy); + int ret; + u32 reg; + + if (!dphy->is_configured || dphy->is_powered) + return -EINVAL; + + clk_prepare_enable(dphy->psm_clk); + clk_prepare_enable(dphy->pll_ref_clk); /* * Configure the internal PSM clk divider so that the DPHY has a * 1MHz clk (or something close). */ ret = cdns_dphy_setup_psm(dphy); - if (ret) - return ret; + if (ret) { + dev_err(&dphy->phy->dev, "Failed to setup PSM with error %d\n", ret); + goto err_power_on; + } /* * Configure attach clk lanes to data lanes: the DPHY has 2 clk lanes @@ -357,40 +397,60 @@ static int cdns_dphy_configure(struct phy *phy, union phy_configure_opts *opts) * Configure the DPHY PLL that will be used to generate the TX byte * clk. */ - cdns_dphy_set_pll_cfg(dphy, &cfg); + cdns_dphy_set_pll_cfg(dphy, &dphy->cfg); - band_ctrl = cdns_dphy_tx_get_band_ctrl(opts->mipi_dphy.hs_clk_rate); - if (band_ctrl < 0) - return band_ctrl; + ret = cdns_dphy_tx_get_band_ctrl(dphy->cfg.hs_clk_rate); + if (ret < 0) { + dev_err(&dphy->phy->dev, "Failed to get band control value with error %d\n", ret); + goto err_power_on; + } - reg = FIELD_PREP(DPHY_BAND_CFG_LEFT_BAND, band_ctrl) | - FIELD_PREP(DPHY_BAND_CFG_RIGHT_BAND, band_ctrl); + reg = FIELD_PREP(DPHY_BAND_CFG_LEFT_BAND, ret) | + FIELD_PREP(DPHY_BAND_CFG_RIGHT_BAND, ret); writel(reg, dphy->regs + DPHY_BAND_CFG); - return 0; -} - -static int cdns_dphy_power_on(struct phy *phy) -{ - struct cdns_dphy *dphy = phy_get_drvdata(phy); - - clk_prepare_enable(dphy->psm_clk); - clk_prepare_enable(dphy->pll_ref_clk); - /* Start TX state machine. */ writel(DPHY_CMN_SSM_EN | DPHY_CMN_TX_MODE_EN, dphy->regs + DPHY_CMN_SSM); + ret = cdns_dphy_wait_for_pll_lock(dphy); + if (ret) { + dev_err(&dphy->phy->dev, "Failed to lock PLL with error %d\n", ret); + goto err_power_on; + } + + ret = cdns_dphy_wait_for_cmn_ready(dphy); + if (ret) { + dev_err(&dphy->phy->dev, "O_CMN_READY signal failed to assert with error %d\n", + ret); + goto err_power_on; + } + + dphy->is_powered = true; + return 0; + +err_power_on: + clk_disable_unprepare(dphy->pll_ref_clk); + clk_disable_unprepare(dphy->psm_clk); + + return ret; } static int cdns_dphy_power_off(struct phy *phy) { struct cdns_dphy *dphy = phy_get_drvdata(phy); + u32 reg; clk_disable_unprepare(dphy->pll_ref_clk); clk_disable_unprepare(dphy->psm_clk); + /* Stop TX state machine. */ + reg = readl(dphy->regs + DPHY_CMN_SSM); + writel(reg & ~DPHY_CMN_SSM_EN, dphy->regs + DPHY_CMN_SSM); + + dphy->is_powered = false; + return 0; }

1 week

2
2
0 0

FAILED: patch "[PATCH] phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 284fb19a3ffb1083c3ad9c00d29749d09dddb99c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101614-lisp-bucktooth-cc0e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 284fb19a3ffb1083c3ad9c00d29749d09dddb99c Mon Sep 17 00:00:00 2001 From: Devarsh Thakkar <devarsht(a)ti.com> Date: Fri, 4 Jul 2025 18:29:14 +0530 Subject: [PATCH] phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling PLL lockup and O_CMN_READY assertion can only happen after common state machine gets enabled by programming DPHY_CMN_SSM register, but driver was polling them before the common state machine was enabled which is incorrect. This is as per the DPHY initialization sequence as mentioned in J721E TRM [1] at section "12.7.2.4.1.2.1 Start-up Sequence Timing Diagram". It shows O_CMN_READY polling at the end after common configuration pin setup where the common configuration pin setup step enables state machine as referenced in "Table 12-1533. Common Configuration-Related Setup mentions state machine" To fix this : - Add new function callbacks for polling on PLL lock and O_CMN_READY assertion. - As state machine and clocks get enabled in power_on callback only, move the clock related programming part from configure callback to power_on callback and poll for the PLL lockup and O_CMN_READY assertion after state machine gets enabled. - The configure callback only saves the PLL configuration received from the client driver which will be applied later on in power_on callback. - Add checks to ensure configure is called before power_on and state machine is in disabled state before power_on callback is called. - Disable state machine in power_off so that client driver can re-configure the PLL by following up a power_off, configure, power_on sequence. [1]: https://www.ti.com/lit/zip/spruil1 Cc: stable(a)vger.kernel.org Fixes: 7a343c8bf4b5 ("phy: Add Cadence D-PHY support") Signed-off-by: Devarsh Thakkar <devarsht(a)ti.com> Tested-by: Harikrishna Shenoy <h-shenoy(a)ti.com> Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Link: https://lore.kernel.org/r/20250704125915.1224738-2-devarsht@ti.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/phy/cadence/cdns-dphy.c b/drivers/phy/cadence/cdns-dphy.c index 33a42e72362e..da8de0a9d086 100644 --- a/drivers/phy/cadence/cdns-dphy.c +++ b/drivers/phy/cadence/cdns-dphy.c @@ -92,6 +92,8 @@ struct cdns_dphy_ops { void (*set_pll_cfg)(struct cdns_dphy *dphy, const struct cdns_dphy_cfg *cfg); unsigned long (*get_wakeup_time_ns)(struct cdns_dphy *dphy); + int (*wait_for_pll_lock)(struct cdns_dphy *dphy); + int (*wait_for_cmn_ready)(struct cdns_dphy *dphy); }; struct cdns_dphy { @@ -101,6 +103,8 @@ struct cdns_dphy { struct clk *pll_ref_clk; const struct cdns_dphy_ops *ops; struct phy *phy; + bool is_configured; + bool is_powered; }; /* Order of bands is important since the index is the band number. */ @@ -186,6 +190,16 @@ static unsigned long cdns_dphy_get_wakeup_time_ns(struct cdns_dphy *dphy) return dphy->ops->get_wakeup_time_ns(dphy); } +static int cdns_dphy_wait_for_pll_lock(struct cdns_dphy *dphy) +{ + return dphy->ops->wait_for_pll_lock ? dphy->ops->wait_for_pll_lock(dphy) : 0; +} + +static int cdns_dphy_wait_for_cmn_ready(struct cdns_dphy *dphy) +{ + return dphy->ops->wait_for_cmn_ready ? dphy->ops->wait_for_cmn_ready(dphy) : 0; +} + static unsigned long cdns_dphy_ref_get_wakeup_time_ns(struct cdns_dphy *dphy) { /* Default wakeup time is 800 ns (in a simulated environment). */ @@ -227,7 +241,6 @@ static unsigned long cdns_dphy_j721e_get_wakeup_time_ns(struct cdns_dphy *dphy) static void cdns_dphy_j721e_set_pll_cfg(struct cdns_dphy *dphy, const struct cdns_dphy_cfg *cfg) { - u32 status; /* * set the PWM and PLL Byteclk divider settings to recommended values @@ -244,13 +257,6 @@ static void cdns_dphy_j721e_set_pll_cfg(struct cdns_dphy *dphy, writel(DPHY_TX_J721E_WIZ_LANE_RSTB, dphy->regs + DPHY_TX_J721E_WIZ_RST_CTRL); - - readl_poll_timeout(dphy->regs + DPHY_TX_J721E_WIZ_PLL_CTRL, status, - (status & DPHY_TX_WIZ_PLL_LOCK), 0, POLL_TIMEOUT_US); - - readl_poll_timeout(dphy->regs + DPHY_TX_J721E_WIZ_STATUS, status, - (status & DPHY_TX_WIZ_O_CMN_READY), 0, - POLL_TIMEOUT_US); } static void cdns_dphy_j721e_set_psm_div(struct cdns_dphy *dphy, u8 div) @@ -258,6 +264,23 @@ static void cdns_dphy_j721e_set_psm_div(struct cdns_dphy *dphy, u8 div) writel(div, dphy->regs + DPHY_TX_J721E_WIZ_PSM_FREQ); } +static int cdns_dphy_j721e_wait_for_pll_lock(struct cdns_dphy *dphy) +{ + u32 status; + + return readl_poll_timeout(dphy->regs + DPHY_TX_J721E_WIZ_PLL_CTRL, status, + status & DPHY_TX_WIZ_PLL_LOCK, 0, POLL_TIMEOUT_US); +} + +static int cdns_dphy_j721e_wait_for_cmn_ready(struct cdns_dphy *dphy) +{ + u32 status; + + return readl_poll_timeout(dphy->regs + DPHY_TX_J721E_WIZ_STATUS, status, + status & DPHY_TX_WIZ_O_CMN_READY, 0, + POLL_TIMEOUT_US); +} + /* * This is the reference implementation of DPHY hooks. Specific integration of * this IP may have to re-implement some of them depending on how they decided @@ -273,6 +296,8 @@ static const struct cdns_dphy_ops j721e_dphy_ops = { .get_wakeup_time_ns = cdns_dphy_j721e_get_wakeup_time_ns, .set_pll_cfg = cdns_dphy_j721e_set_pll_cfg, .set_psm_div = cdns_dphy_j721e_set_psm_div, + .wait_for_pll_lock = cdns_dphy_j721e_wait_for_pll_lock, + .wait_for_cmn_ready = cdns_dphy_j721e_wait_for_cmn_ready, }; static int cdns_dphy_config_from_opts(struct phy *phy, @@ -328,21 +353,36 @@ static int cdns_dphy_validate(struct phy *phy, enum phy_mode mode, int submode, static int cdns_dphy_configure(struct phy *phy, union phy_configure_opts *opts) { struct cdns_dphy *dphy = phy_get_drvdata(phy); - struct cdns_dphy_cfg cfg = { 0 }; - int ret, band_ctrl; - unsigned int reg; + int ret; - ret = cdns_dphy_config_from_opts(phy, &opts->mipi_dphy, &cfg); - if (ret) - return ret; + ret = cdns_dphy_config_from_opts(phy, &opts->mipi_dphy, &dphy->cfg); + if (!ret) + dphy->is_configured = true; + + return ret; +} + +static int cdns_dphy_power_on(struct phy *phy) +{ + struct cdns_dphy *dphy = phy_get_drvdata(phy); + int ret; + u32 reg; + + if (!dphy->is_configured || dphy->is_powered) + return -EINVAL; + + clk_prepare_enable(dphy->psm_clk); + clk_prepare_enable(dphy->pll_ref_clk); /* * Configure the internal PSM clk divider so that the DPHY has a * 1MHz clk (or something close). */ ret = cdns_dphy_setup_psm(dphy); - if (ret) - return ret; + if (ret) { + dev_err(&dphy->phy->dev, "Failed to setup PSM with error %d\n", ret); + goto err_power_on; + } /* * Configure attach clk lanes to data lanes: the DPHY has 2 clk lanes @@ -357,40 +397,60 @@ static int cdns_dphy_configure(struct phy *phy, union phy_configure_opts *opts) * Configure the DPHY PLL that will be used to generate the TX byte * clk. */ - cdns_dphy_set_pll_cfg(dphy, &cfg); + cdns_dphy_set_pll_cfg(dphy, &dphy->cfg); - band_ctrl = cdns_dphy_tx_get_band_ctrl(opts->mipi_dphy.hs_clk_rate); - if (band_ctrl < 0) - return band_ctrl; + ret = cdns_dphy_tx_get_band_ctrl(dphy->cfg.hs_clk_rate); + if (ret < 0) { + dev_err(&dphy->phy->dev, "Failed to get band control value with error %d\n", ret); + goto err_power_on; + } - reg = FIELD_PREP(DPHY_BAND_CFG_LEFT_BAND, band_ctrl) | - FIELD_PREP(DPHY_BAND_CFG_RIGHT_BAND, band_ctrl); + reg = FIELD_PREP(DPHY_BAND_CFG_LEFT_BAND, ret) | + FIELD_PREP(DPHY_BAND_CFG_RIGHT_BAND, ret); writel(reg, dphy->regs + DPHY_BAND_CFG); - return 0; -} - -static int cdns_dphy_power_on(struct phy *phy) -{ - struct cdns_dphy *dphy = phy_get_drvdata(phy); - - clk_prepare_enable(dphy->psm_clk); - clk_prepare_enable(dphy->pll_ref_clk); - /* Start TX state machine. */ writel(DPHY_CMN_SSM_EN | DPHY_CMN_TX_MODE_EN, dphy->regs + DPHY_CMN_SSM); + ret = cdns_dphy_wait_for_pll_lock(dphy); + if (ret) { + dev_err(&dphy->phy->dev, "Failed to lock PLL with error %d\n", ret); + goto err_power_on; + } + + ret = cdns_dphy_wait_for_cmn_ready(dphy); + if (ret) { + dev_err(&dphy->phy->dev, "O_CMN_READY signal failed to assert with error %d\n", + ret); + goto err_power_on; + } + + dphy->is_powered = true; + return 0; + +err_power_on: + clk_disable_unprepare(dphy->pll_ref_clk); + clk_disable_unprepare(dphy->psm_clk); + + return ret; } static int cdns_dphy_power_off(struct phy *phy) { struct cdns_dphy *dphy = phy_get_drvdata(phy); + u32 reg; clk_disable_unprepare(dphy->pll_ref_clk); clk_disable_unprepare(dphy->psm_clk); + /* Stop TX state machine. */ + reg = readl(dphy->regs + DPHY_CMN_SSM); + writel(reg & ~DPHY_CMN_SSM_EN, dphy->regs + DPHY_CMN_SSM); + + dphy->is_powered = false; + return 0; }

1 week

2
2
0 0

FAILED: patch "[PATCH] phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 284fb19a3ffb1083c3ad9c00d29749d09dddb99c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101613-trickery-snowless-db46@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 284fb19a3ffb1083c3ad9c00d29749d09dddb99c Mon Sep 17 00:00:00 2001 From: Devarsh Thakkar <devarsht(a)ti.com> Date: Fri, 4 Jul 2025 18:29:14 +0530 Subject: [PATCH] phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling PLL lockup and O_CMN_READY assertion can only happen after common state machine gets enabled by programming DPHY_CMN_SSM register, but driver was polling them before the common state machine was enabled which is incorrect. This is as per the DPHY initialization sequence as mentioned in J721E TRM [1] at section "12.7.2.4.1.2.1 Start-up Sequence Timing Diagram". It shows O_CMN_READY polling at the end after common configuration pin setup where the common configuration pin setup step enables state machine as referenced in "Table 12-1533. Common Configuration-Related Setup mentions state machine" To fix this : - Add new function callbacks for polling on PLL lock and O_CMN_READY assertion. - As state machine and clocks get enabled in power_on callback only, move the clock related programming part from configure callback to power_on callback and poll for the PLL lockup and O_CMN_READY assertion after state machine gets enabled. - The configure callback only saves the PLL configuration received from the client driver which will be applied later on in power_on callback. - Add checks to ensure configure is called before power_on and state machine is in disabled state before power_on callback is called. - Disable state machine in power_off so that client driver can re-configure the PLL by following up a power_off, configure, power_on sequence. [1]: https://www.ti.com/lit/zip/spruil1 Cc: stable(a)vger.kernel.org Fixes: 7a343c8bf4b5 ("phy: Add Cadence D-PHY support") Signed-off-by: Devarsh Thakkar <devarsht(a)ti.com> Tested-by: Harikrishna Shenoy <h-shenoy(a)ti.com> Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Link: https://lore.kernel.org/r/20250704125915.1224738-2-devarsht@ti.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/phy/cadence/cdns-dphy.c b/drivers/phy/cadence/cdns-dphy.c index 33a42e72362e..da8de0a9d086 100644 --- a/drivers/phy/cadence/cdns-dphy.c +++ b/drivers/phy/cadence/cdns-dphy.c @@ -92,6 +92,8 @@ struct cdns_dphy_ops { void (*set_pll_cfg)(struct cdns_dphy *dphy, const struct cdns_dphy_cfg *cfg); unsigned long (*get_wakeup_time_ns)(struct cdns_dphy *dphy); + int (*wait_for_pll_lock)(struct cdns_dphy *dphy); + int (*wait_for_cmn_ready)(struct cdns_dphy *dphy); }; struct cdns_dphy { @@ -101,6 +103,8 @@ struct cdns_dphy { struct clk *pll_ref_clk; const struct cdns_dphy_ops *ops; struct phy *phy; + bool is_configured; + bool is_powered; }; /* Order of bands is important since the index is the band number. */ @@ -186,6 +190,16 @@ static unsigned long cdns_dphy_get_wakeup_time_ns(struct cdns_dphy *dphy) return dphy->ops->get_wakeup_time_ns(dphy); } +static int cdns_dphy_wait_for_pll_lock(struct cdns_dphy *dphy) +{ + return dphy->ops->wait_for_pll_lock ? dphy->ops->wait_for_pll_lock(dphy) : 0; +} + +static int cdns_dphy_wait_for_cmn_ready(struct cdns_dphy *dphy) +{ + return dphy->ops->wait_for_cmn_ready ? dphy->ops->wait_for_cmn_ready(dphy) : 0; +} + static unsigned long cdns_dphy_ref_get_wakeup_time_ns(struct cdns_dphy *dphy) { /* Default wakeup time is 800 ns (in a simulated environment). */ @@ -227,7 +241,6 @@ static unsigned long cdns_dphy_j721e_get_wakeup_time_ns(struct cdns_dphy *dphy) static void cdns_dphy_j721e_set_pll_cfg(struct cdns_dphy *dphy, const struct cdns_dphy_cfg *cfg) { - u32 status; /* * set the PWM and PLL Byteclk divider settings to recommended values @@ -244,13 +257,6 @@ static void cdns_dphy_j721e_set_pll_cfg(struct cdns_dphy *dphy, writel(DPHY_TX_J721E_WIZ_LANE_RSTB, dphy->regs + DPHY_TX_J721E_WIZ_RST_CTRL); - - readl_poll_timeout(dphy->regs + DPHY_TX_J721E_WIZ_PLL_CTRL, status, - (status & DPHY_TX_WIZ_PLL_LOCK), 0, POLL_TIMEOUT_US); - - readl_poll_timeout(dphy->regs + DPHY_TX_J721E_WIZ_STATUS, status, - (status & DPHY_TX_WIZ_O_CMN_READY), 0, - POLL_TIMEOUT_US); } static void cdns_dphy_j721e_set_psm_div(struct cdns_dphy *dphy, u8 div) @@ -258,6 +264,23 @@ static void cdns_dphy_j721e_set_psm_div(struct cdns_dphy *dphy, u8 div) writel(div, dphy->regs + DPHY_TX_J721E_WIZ_PSM_FREQ); } +static int cdns_dphy_j721e_wait_for_pll_lock(struct cdns_dphy *dphy) +{ + u32 status; + + return readl_poll_timeout(dphy->regs + DPHY_TX_J721E_WIZ_PLL_CTRL, status, + status & DPHY_TX_WIZ_PLL_LOCK, 0, POLL_TIMEOUT_US); +} + +static int cdns_dphy_j721e_wait_for_cmn_ready(struct cdns_dphy *dphy) +{ + u32 status; + + return readl_poll_timeout(dphy->regs + DPHY_TX_J721E_WIZ_STATUS, status, + status & DPHY_TX_WIZ_O_CMN_READY, 0, + POLL_TIMEOUT_US); +} + /* * This is the reference implementation of DPHY hooks. Specific integration of * this IP may have to re-implement some of them depending on how they decided @@ -273,6 +296,8 @@ static const struct cdns_dphy_ops j721e_dphy_ops = { .get_wakeup_time_ns = cdns_dphy_j721e_get_wakeup_time_ns, .set_pll_cfg = cdns_dphy_j721e_set_pll_cfg, .set_psm_div = cdns_dphy_j721e_set_psm_div, + .wait_for_pll_lock = cdns_dphy_j721e_wait_for_pll_lock, + .wait_for_cmn_ready = cdns_dphy_j721e_wait_for_cmn_ready, }; static int cdns_dphy_config_from_opts(struct phy *phy, @@ -328,21 +353,36 @@ static int cdns_dphy_validate(struct phy *phy, enum phy_mode mode, int submode, static int cdns_dphy_configure(struct phy *phy, union phy_configure_opts *opts) { struct cdns_dphy *dphy = phy_get_drvdata(phy); - struct cdns_dphy_cfg cfg = { 0 }; - int ret, band_ctrl; - unsigned int reg; + int ret; - ret = cdns_dphy_config_from_opts(phy, &opts->mipi_dphy, &cfg); - if (ret) - return ret; + ret = cdns_dphy_config_from_opts(phy, &opts->mipi_dphy, &dphy->cfg); + if (!ret) + dphy->is_configured = true; + + return ret; +} + +static int cdns_dphy_power_on(struct phy *phy) +{ + struct cdns_dphy *dphy = phy_get_drvdata(phy); + int ret; + u32 reg; + + if (!dphy->is_configured || dphy->is_powered) + return -EINVAL; + + clk_prepare_enable(dphy->psm_clk); + clk_prepare_enable(dphy->pll_ref_clk); /* * Configure the internal PSM clk divider so that the DPHY has a * 1MHz clk (or something close). */ ret = cdns_dphy_setup_psm(dphy); - if (ret) - return ret; + if (ret) { + dev_err(&dphy->phy->dev, "Failed to setup PSM with error %d\n", ret); + goto err_power_on; + } /* * Configure attach clk lanes to data lanes: the DPHY has 2 clk lanes @@ -357,40 +397,60 @@ static int cdns_dphy_configure(struct phy *phy, union phy_configure_opts *opts) * Configure the DPHY PLL that will be used to generate the TX byte * clk. */ - cdns_dphy_set_pll_cfg(dphy, &cfg); + cdns_dphy_set_pll_cfg(dphy, &dphy->cfg); - band_ctrl = cdns_dphy_tx_get_band_ctrl(opts->mipi_dphy.hs_clk_rate); - if (band_ctrl < 0) - return band_ctrl; + ret = cdns_dphy_tx_get_band_ctrl(dphy->cfg.hs_clk_rate); + if (ret < 0) { + dev_err(&dphy->phy->dev, "Failed to get band control value with error %d\n", ret); + goto err_power_on; + } - reg = FIELD_PREP(DPHY_BAND_CFG_LEFT_BAND, band_ctrl) | - FIELD_PREP(DPHY_BAND_CFG_RIGHT_BAND, band_ctrl); + reg = FIELD_PREP(DPHY_BAND_CFG_LEFT_BAND, ret) | + FIELD_PREP(DPHY_BAND_CFG_RIGHT_BAND, ret); writel(reg, dphy->regs + DPHY_BAND_CFG); - return 0; -} - -static int cdns_dphy_power_on(struct phy *phy) -{ - struct cdns_dphy *dphy = phy_get_drvdata(phy); - - clk_prepare_enable(dphy->psm_clk); - clk_prepare_enable(dphy->pll_ref_clk); - /* Start TX state machine. */ writel(DPHY_CMN_SSM_EN | DPHY_CMN_TX_MODE_EN, dphy->regs + DPHY_CMN_SSM); + ret = cdns_dphy_wait_for_pll_lock(dphy); + if (ret) { + dev_err(&dphy->phy->dev, "Failed to lock PLL with error %d\n", ret); + goto err_power_on; + } + + ret = cdns_dphy_wait_for_cmn_ready(dphy); + if (ret) { + dev_err(&dphy->phy->dev, "O_CMN_READY signal failed to assert with error %d\n", + ret); + goto err_power_on; + } + + dphy->is_powered = true; + return 0; + +err_power_on: + clk_disable_unprepare(dphy->pll_ref_clk); + clk_disable_unprepare(dphy->psm_clk); + + return ret; } static int cdns_dphy_power_off(struct phy *phy) { struct cdns_dphy *dphy = phy_get_drvdata(phy); + u32 reg; clk_disable_unprepare(dphy->pll_ref_clk); clk_disable_unprepare(dphy->psm_clk); + /* Stop TX state machine. */ + reg = readl(dphy->regs + DPHY_CMN_SSM); + writel(reg & ~DPHY_CMN_SSM_EN, dphy->regs + DPHY_CMN_SSM); + + dphy->is_powered = false; + return 0; }

1 week

2
2
0 0

FAILED: patch "[PATCH] phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling" failed to apply to 6.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.17.y git checkout FETCH_HEAD git cherry-pick -x 284fb19a3ffb1083c3ad9c00d29749d09dddb99c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101612-arguable-crushed-0b89@gregkh' --subject-prefix 'PATCH 6.17.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 284fb19a3ffb1083c3ad9c00d29749d09dddb99c Mon Sep 17 00:00:00 2001 From: Devarsh Thakkar <devarsht(a)ti.com> Date: Fri, 4 Jul 2025 18:29:14 +0530 Subject: [PATCH] phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling PLL lockup and O_CMN_READY assertion can only happen after common state machine gets enabled by programming DPHY_CMN_SSM register, but driver was polling them before the common state machine was enabled which is incorrect. This is as per the DPHY initialization sequence as mentioned in J721E TRM [1] at section "12.7.2.4.1.2.1 Start-up Sequence Timing Diagram". It shows O_CMN_READY polling at the end after common configuration pin setup where the common configuration pin setup step enables state machine as referenced in "Table 12-1533. Common Configuration-Related Setup mentions state machine" To fix this : - Add new function callbacks for polling on PLL lock and O_CMN_READY assertion. - As state machine and clocks get enabled in power_on callback only, move the clock related programming part from configure callback to power_on callback and poll for the PLL lockup and O_CMN_READY assertion after state machine gets enabled. - The configure callback only saves the PLL configuration received from the client driver which will be applied later on in power_on callback. - Add checks to ensure configure is called before power_on and state machine is in disabled state before power_on callback is called. - Disable state machine in power_off so that client driver can re-configure the PLL by following up a power_off, configure, power_on sequence. [1]: https://www.ti.com/lit/zip/spruil1 Cc: stable(a)vger.kernel.org Fixes: 7a343c8bf4b5 ("phy: Add Cadence D-PHY support") Signed-off-by: Devarsh Thakkar <devarsht(a)ti.com> Tested-by: Harikrishna Shenoy <h-shenoy(a)ti.com> Reviewed-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> Link: https://lore.kernel.org/r/20250704125915.1224738-2-devarsht@ti.com Signed-off-by: Vinod Koul <vkoul(a)kernel.org> diff --git a/drivers/phy/cadence/cdns-dphy.c b/drivers/phy/cadence/cdns-dphy.c index 33a42e72362e..da8de0a9d086 100644 --- a/drivers/phy/cadence/cdns-dphy.c +++ b/drivers/phy/cadence/cdns-dphy.c @@ -92,6 +92,8 @@ struct cdns_dphy_ops { void (*set_pll_cfg)(struct cdns_dphy *dphy, const struct cdns_dphy_cfg *cfg); unsigned long (*get_wakeup_time_ns)(struct cdns_dphy *dphy); + int (*wait_for_pll_lock)(struct cdns_dphy *dphy); + int (*wait_for_cmn_ready)(struct cdns_dphy *dphy); }; struct cdns_dphy { @@ -101,6 +103,8 @@ struct cdns_dphy { struct clk *pll_ref_clk; const struct cdns_dphy_ops *ops; struct phy *phy; + bool is_configured; + bool is_powered; }; /* Order of bands is important since the index is the band number. */ @@ -186,6 +190,16 @@ static unsigned long cdns_dphy_get_wakeup_time_ns(struct cdns_dphy *dphy) return dphy->ops->get_wakeup_time_ns(dphy); } +static int cdns_dphy_wait_for_pll_lock(struct cdns_dphy *dphy) +{ + return dphy->ops->wait_for_pll_lock ? dphy->ops->wait_for_pll_lock(dphy) : 0; +} + +static int cdns_dphy_wait_for_cmn_ready(struct cdns_dphy *dphy) +{ + return dphy->ops->wait_for_cmn_ready ? dphy->ops->wait_for_cmn_ready(dphy) : 0; +} + static unsigned long cdns_dphy_ref_get_wakeup_time_ns(struct cdns_dphy *dphy) { /* Default wakeup time is 800 ns (in a simulated environment). */ @@ -227,7 +241,6 @@ static unsigned long cdns_dphy_j721e_get_wakeup_time_ns(struct cdns_dphy *dphy) static void cdns_dphy_j721e_set_pll_cfg(struct cdns_dphy *dphy, const struct cdns_dphy_cfg *cfg) { - u32 status; /* * set the PWM and PLL Byteclk divider settings to recommended values @@ -244,13 +257,6 @@ static void cdns_dphy_j721e_set_pll_cfg(struct cdns_dphy *dphy, writel(DPHY_TX_J721E_WIZ_LANE_RSTB, dphy->regs + DPHY_TX_J721E_WIZ_RST_CTRL); - - readl_poll_timeout(dphy->regs + DPHY_TX_J721E_WIZ_PLL_CTRL, status, - (status & DPHY_TX_WIZ_PLL_LOCK), 0, POLL_TIMEOUT_US); - - readl_poll_timeout(dphy->regs + DPHY_TX_J721E_WIZ_STATUS, status, - (status & DPHY_TX_WIZ_O_CMN_READY), 0, - POLL_TIMEOUT_US); } static void cdns_dphy_j721e_set_psm_div(struct cdns_dphy *dphy, u8 div) @@ -258,6 +264,23 @@ static void cdns_dphy_j721e_set_psm_div(struct cdns_dphy *dphy, u8 div) writel(div, dphy->regs + DPHY_TX_J721E_WIZ_PSM_FREQ); } +static int cdns_dphy_j721e_wait_for_pll_lock(struct cdns_dphy *dphy) +{ + u32 status; + + return readl_poll_timeout(dphy->regs + DPHY_TX_J721E_WIZ_PLL_CTRL, status, + status & DPHY_TX_WIZ_PLL_LOCK, 0, POLL_TIMEOUT_US); +} + +static int cdns_dphy_j721e_wait_for_cmn_ready(struct cdns_dphy *dphy) +{ + u32 status; + + return readl_poll_timeout(dphy->regs + DPHY_TX_J721E_WIZ_STATUS, status, + status & DPHY_TX_WIZ_O_CMN_READY, 0, + POLL_TIMEOUT_US); +} + /* * This is the reference implementation of DPHY hooks. Specific integration of * this IP may have to re-implement some of them depending on how they decided @@ -273,6 +296,8 @@ static const struct cdns_dphy_ops j721e_dphy_ops = { .get_wakeup_time_ns = cdns_dphy_j721e_get_wakeup_time_ns, .set_pll_cfg = cdns_dphy_j721e_set_pll_cfg, .set_psm_div = cdns_dphy_j721e_set_psm_div, + .wait_for_pll_lock = cdns_dphy_j721e_wait_for_pll_lock, + .wait_for_cmn_ready = cdns_dphy_j721e_wait_for_cmn_ready, }; static int cdns_dphy_config_from_opts(struct phy *phy, @@ -328,21 +353,36 @@ static int cdns_dphy_validate(struct phy *phy, enum phy_mode mode, int submode, static int cdns_dphy_configure(struct phy *phy, union phy_configure_opts *opts) { struct cdns_dphy *dphy = phy_get_drvdata(phy); - struct cdns_dphy_cfg cfg = { 0 }; - int ret, band_ctrl; - unsigned int reg; + int ret; - ret = cdns_dphy_config_from_opts(phy, &opts->mipi_dphy, &cfg); - if (ret) - return ret; + ret = cdns_dphy_config_from_opts(phy, &opts->mipi_dphy, &dphy->cfg); + if (!ret) + dphy->is_configured = true; + + return ret; +} + +static int cdns_dphy_power_on(struct phy *phy) +{ + struct cdns_dphy *dphy = phy_get_drvdata(phy); + int ret; + u32 reg; + + if (!dphy->is_configured || dphy->is_powered) + return -EINVAL; + + clk_prepare_enable(dphy->psm_clk); + clk_prepare_enable(dphy->pll_ref_clk); /* * Configure the internal PSM clk divider so that the DPHY has a * 1MHz clk (or something close). */ ret = cdns_dphy_setup_psm(dphy); - if (ret) - return ret; + if (ret) { + dev_err(&dphy->phy->dev, "Failed to setup PSM with error %d\n", ret); + goto err_power_on; + } /* * Configure attach clk lanes to data lanes: the DPHY has 2 clk lanes @@ -357,40 +397,60 @@ static int cdns_dphy_configure(struct phy *phy, union phy_configure_opts *opts) * Configure the DPHY PLL that will be used to generate the TX byte * clk. */ - cdns_dphy_set_pll_cfg(dphy, &cfg); + cdns_dphy_set_pll_cfg(dphy, &dphy->cfg); - band_ctrl = cdns_dphy_tx_get_band_ctrl(opts->mipi_dphy.hs_clk_rate); - if (band_ctrl < 0) - return band_ctrl; + ret = cdns_dphy_tx_get_band_ctrl(dphy->cfg.hs_clk_rate); + if (ret < 0) { + dev_err(&dphy->phy->dev, "Failed to get band control value with error %d\n", ret); + goto err_power_on; + } - reg = FIELD_PREP(DPHY_BAND_CFG_LEFT_BAND, band_ctrl) | - FIELD_PREP(DPHY_BAND_CFG_RIGHT_BAND, band_ctrl); + reg = FIELD_PREP(DPHY_BAND_CFG_LEFT_BAND, ret) | + FIELD_PREP(DPHY_BAND_CFG_RIGHT_BAND, ret); writel(reg, dphy->regs + DPHY_BAND_CFG); - return 0; -} - -static int cdns_dphy_power_on(struct phy *phy) -{ - struct cdns_dphy *dphy = phy_get_drvdata(phy); - - clk_prepare_enable(dphy->psm_clk); - clk_prepare_enable(dphy->pll_ref_clk); - /* Start TX state machine. */ writel(DPHY_CMN_SSM_EN | DPHY_CMN_TX_MODE_EN, dphy->regs + DPHY_CMN_SSM); + ret = cdns_dphy_wait_for_pll_lock(dphy); + if (ret) { + dev_err(&dphy->phy->dev, "Failed to lock PLL with error %d\n", ret); + goto err_power_on; + } + + ret = cdns_dphy_wait_for_cmn_ready(dphy); + if (ret) { + dev_err(&dphy->phy->dev, "O_CMN_READY signal failed to assert with error %d\n", + ret); + goto err_power_on; + } + + dphy->is_powered = true; + return 0; + +err_power_on: + clk_disable_unprepare(dphy->pll_ref_clk); + clk_disable_unprepare(dphy->psm_clk); + + return ret; } static int cdns_dphy_power_off(struct phy *phy) { struct cdns_dphy *dphy = phy_get_drvdata(phy); + u32 reg; clk_disable_unprepare(dphy->pll_ref_clk); clk_disable_unprepare(dphy->psm_clk); + /* Stop TX state machine. */ + reg = readl(dphy->regs + DPHY_CMN_SSM); + writel(reg & ~DPHY_CMN_SSM_EN, dphy->regs + DPHY_CMN_SSM); + + dphy->is_powered = false; + return 0; }

1 week

2
2
0 0

FAILED: patch "[PATCH] NFSD: Fix last write offset handling in layoutcommit" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x d68886bae76a4b9b3484d23e5b7df086f940fa38 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101600-daintily-walk-9f1a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d68886bae76a4b9b3484d23e5b7df086f940fa38 Mon Sep 17 00:00:00 2001 From: Sergey Bashirov <sergeybashirov(a)gmail.com> Date: Mon, 21 Jul 2025 21:40:56 +0300 Subject: [PATCH] NFSD: Fix last write offset handling in layoutcommit The data type of loca_last_write_offset is newoffset4 and is switched on a boolean value, no_newoffset, that indicates if a previous write occurred or not. If no_newoffset is FALSE, an offset is not given. This means that client does not try to update the file size. Thus, server should not try to calculate new file size and check if it fits into the segment range. See RFC 8881, section 12.5.4.2. Sometimes the current incorrect logic may cause clients to hang when trying to sync an inode. If layoutcommit fails, the client marks the inode as dirty again. Fixes: 9cf514ccfacb ("nfsd: implement pNFS operations") Cc: stable(a)vger.kernel.org Co-developed-by: Konstantin Evtushenko <koevtushenko(a)yandex.com> Signed-off-by: Konstantin Evtushenko <koevtushenko(a)yandex.com> Signed-off-by: Sergey Bashirov <sergeybashirov(a)gmail.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/blocklayout.c b/fs/nfsd/blocklayout.c index 4c936132eb44..0822d8a119c6 100644 --- a/fs/nfsd/blocklayout.c +++ b/fs/nfsd/blocklayout.c @@ -118,7 +118,6 @@ nfsd4_block_commit_blocks(struct inode *inode, struct nfsd4_layoutcommit *lcp, struct iomap *iomaps, int nr_iomaps) { struct timespec64 mtime = inode_get_mtime(inode); - loff_t new_size = lcp->lc_last_wr + 1; struct iattr iattr = { .ia_valid = 0 }; int error; @@ -128,9 +127,9 @@ nfsd4_block_commit_blocks(struct inode *inode, struct nfsd4_layoutcommit *lcp, iattr.ia_valid |= ATTR_ATIME | ATTR_CTIME | ATTR_MTIME; iattr.ia_atime = iattr.ia_ctime = iattr.ia_mtime = lcp->lc_mtime; - if (new_size > i_size_read(inode)) { + if (lcp->lc_size_chg) { iattr.ia_valid |= ATTR_SIZE; - iattr.ia_size = new_size; + iattr.ia_size = lcp->lc_newsize; } error = inode->i_sb->s_export_op->commit_blocks(inode, iomaps, diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 656b2e7d8840..7043fc475458 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -2475,7 +2475,6 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, const struct nfsd4_layout_seg *seg = &lcp->lc_seg; struct svc_fh *current_fh = &cstate->current_fh; const struct nfsd4_layout_ops *ops; - loff_t new_size = lcp->lc_last_wr + 1; struct inode *inode; struct nfs4_layout_stateid *ls; __be32 nfserr; @@ -2491,13 +2490,21 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, goto out; inode = d_inode(current_fh->fh_dentry); - nfserr = nfserr_inval; - if (new_size <= seg->offset) - goto out; - if (new_size > seg->offset + seg->length) - goto out; - if (!lcp->lc_newoffset && new_size > i_size_read(inode)) - goto out; + lcp->lc_size_chg = false; + if (lcp->lc_newoffset) { + loff_t new_size = lcp->lc_last_wr + 1; + + nfserr = nfserr_inval; + if (new_size <= seg->offset) + goto out; + if (new_size > seg->offset + seg->length) + goto out; + + if (new_size > i_size_read(inode)) { + lcp->lc_size_chg = true; + lcp->lc_newsize = new_size; + } + } nfserr = nfsd4_preprocess_layout_stateid(rqstp, cstate, &lcp->lc_sid, false, lcp->lc_layout_type, @@ -2513,13 +2520,6 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, /* LAYOUTCOMMIT does not require any serialization */ mutex_unlock(&ls->ls_mutex); - if (new_size > i_size_read(inode)) { - lcp->lc_size_chg = true; - lcp->lc_newsize = new_size; - } else { - lcp->lc_size_chg = false; - } - nfserr = ops->proc_layoutcommit(inode, rqstp, lcp); nfs4_put_stid(&ls->ls_stid); out:

1 week

2
2
0 0

FAILED: patch "[PATCH] NFSD: Fix last write offset handling in layoutcommit" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d68886bae76a4b9b3484d23e5b7df086f940fa38 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101659-wing-paltry-7e9d@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d68886bae76a4b9b3484d23e5b7df086f940fa38 Mon Sep 17 00:00:00 2001 From: Sergey Bashirov <sergeybashirov(a)gmail.com> Date: Mon, 21 Jul 2025 21:40:56 +0300 Subject: [PATCH] NFSD: Fix last write offset handling in layoutcommit The data type of loca_last_write_offset is newoffset4 and is switched on a boolean value, no_newoffset, that indicates if a previous write occurred or not. If no_newoffset is FALSE, an offset is not given. This means that client does not try to update the file size. Thus, server should not try to calculate new file size and check if it fits into the segment range. See RFC 8881, section 12.5.4.2. Sometimes the current incorrect logic may cause clients to hang when trying to sync an inode. If layoutcommit fails, the client marks the inode as dirty again. Fixes: 9cf514ccfacb ("nfsd: implement pNFS operations") Cc: stable(a)vger.kernel.org Co-developed-by: Konstantin Evtushenko <koevtushenko(a)yandex.com> Signed-off-by: Konstantin Evtushenko <koevtushenko(a)yandex.com> Signed-off-by: Sergey Bashirov <sergeybashirov(a)gmail.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/blocklayout.c b/fs/nfsd/blocklayout.c index 4c936132eb44..0822d8a119c6 100644 --- a/fs/nfsd/blocklayout.c +++ b/fs/nfsd/blocklayout.c @@ -118,7 +118,6 @@ nfsd4_block_commit_blocks(struct inode *inode, struct nfsd4_layoutcommit *lcp, struct iomap *iomaps, int nr_iomaps) { struct timespec64 mtime = inode_get_mtime(inode); - loff_t new_size = lcp->lc_last_wr + 1; struct iattr iattr = { .ia_valid = 0 }; int error; @@ -128,9 +127,9 @@ nfsd4_block_commit_blocks(struct inode *inode, struct nfsd4_layoutcommit *lcp, iattr.ia_valid |= ATTR_ATIME | ATTR_CTIME | ATTR_MTIME; iattr.ia_atime = iattr.ia_ctime = iattr.ia_mtime = lcp->lc_mtime; - if (new_size > i_size_read(inode)) { + if (lcp->lc_size_chg) { iattr.ia_valid |= ATTR_SIZE; - iattr.ia_size = new_size; + iattr.ia_size = lcp->lc_newsize; } error = inode->i_sb->s_export_op->commit_blocks(inode, iomaps, diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 656b2e7d8840..7043fc475458 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -2475,7 +2475,6 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, const struct nfsd4_layout_seg *seg = &lcp->lc_seg; struct svc_fh *current_fh = &cstate->current_fh; const struct nfsd4_layout_ops *ops; - loff_t new_size = lcp->lc_last_wr + 1; struct inode *inode; struct nfs4_layout_stateid *ls; __be32 nfserr; @@ -2491,13 +2490,21 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, goto out; inode = d_inode(current_fh->fh_dentry); - nfserr = nfserr_inval; - if (new_size <= seg->offset) - goto out; - if (new_size > seg->offset + seg->length) - goto out; - if (!lcp->lc_newoffset && new_size > i_size_read(inode)) - goto out; + lcp->lc_size_chg = false; + if (lcp->lc_newoffset) { + loff_t new_size = lcp->lc_last_wr + 1; + + nfserr = nfserr_inval; + if (new_size <= seg->offset) + goto out; + if (new_size > seg->offset + seg->length) + goto out; + + if (new_size > i_size_read(inode)) { + lcp->lc_size_chg = true; + lcp->lc_newsize = new_size; + } + } nfserr = nfsd4_preprocess_layout_stateid(rqstp, cstate, &lcp->lc_sid, false, lcp->lc_layout_type, @@ -2513,13 +2520,6 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, /* LAYOUTCOMMIT does not require any serialization */ mutex_unlock(&ls->ls_mutex); - if (new_size > i_size_read(inode)) { - lcp->lc_size_chg = true; - lcp->lc_newsize = new_size; - } else { - lcp->lc_size_chg = false; - } - nfserr = ops->proc_layoutcommit(inode, rqstp, lcp); nfs4_put_stid(&ls->ls_stid); out:

1 week

2
3
0 0

FAILED: patch "[PATCH] NFSD: Fix last write offset handling in layoutcommit" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x d68886bae76a4b9b3484d23e5b7df086f940fa38 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101659-tightly-grandma-7323@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d68886bae76a4b9b3484d23e5b7df086f940fa38 Mon Sep 17 00:00:00 2001 From: Sergey Bashirov <sergeybashirov(a)gmail.com> Date: Mon, 21 Jul 2025 21:40:56 +0300 Subject: [PATCH] NFSD: Fix last write offset handling in layoutcommit The data type of loca_last_write_offset is newoffset4 and is switched on a boolean value, no_newoffset, that indicates if a previous write occurred or not. If no_newoffset is FALSE, an offset is not given. This means that client does not try to update the file size. Thus, server should not try to calculate new file size and check if it fits into the segment range. See RFC 8881, section 12.5.4.2. Sometimes the current incorrect logic may cause clients to hang when trying to sync an inode. If layoutcommit fails, the client marks the inode as dirty again. Fixes: 9cf514ccfacb ("nfsd: implement pNFS operations") Cc: stable(a)vger.kernel.org Co-developed-by: Konstantin Evtushenko <koevtushenko(a)yandex.com> Signed-off-by: Konstantin Evtushenko <koevtushenko(a)yandex.com> Signed-off-by: Sergey Bashirov <sergeybashirov(a)gmail.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/blocklayout.c b/fs/nfsd/blocklayout.c index 4c936132eb44..0822d8a119c6 100644 --- a/fs/nfsd/blocklayout.c +++ b/fs/nfsd/blocklayout.c @@ -118,7 +118,6 @@ nfsd4_block_commit_blocks(struct inode *inode, struct nfsd4_layoutcommit *lcp, struct iomap *iomaps, int nr_iomaps) { struct timespec64 mtime = inode_get_mtime(inode); - loff_t new_size = lcp->lc_last_wr + 1; struct iattr iattr = { .ia_valid = 0 }; int error; @@ -128,9 +127,9 @@ nfsd4_block_commit_blocks(struct inode *inode, struct nfsd4_layoutcommit *lcp, iattr.ia_valid |= ATTR_ATIME | ATTR_CTIME | ATTR_MTIME; iattr.ia_atime = iattr.ia_ctime = iattr.ia_mtime = lcp->lc_mtime; - if (new_size > i_size_read(inode)) { + if (lcp->lc_size_chg) { iattr.ia_valid |= ATTR_SIZE; - iattr.ia_size = new_size; + iattr.ia_size = lcp->lc_newsize; } error = inode->i_sb->s_export_op->commit_blocks(inode, iomaps, diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 656b2e7d8840..7043fc475458 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -2475,7 +2475,6 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, const struct nfsd4_layout_seg *seg = &lcp->lc_seg; struct svc_fh *current_fh = &cstate->current_fh; const struct nfsd4_layout_ops *ops; - loff_t new_size = lcp->lc_last_wr + 1; struct inode *inode; struct nfs4_layout_stateid *ls; __be32 nfserr; @@ -2491,13 +2490,21 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, goto out; inode = d_inode(current_fh->fh_dentry); - nfserr = nfserr_inval; - if (new_size <= seg->offset) - goto out; - if (new_size > seg->offset + seg->length) - goto out; - if (!lcp->lc_newoffset && new_size > i_size_read(inode)) - goto out; + lcp->lc_size_chg = false; + if (lcp->lc_newoffset) { + loff_t new_size = lcp->lc_last_wr + 1; + + nfserr = nfserr_inval; + if (new_size <= seg->offset) + goto out; + if (new_size > seg->offset + seg->length) + goto out; + + if (new_size > i_size_read(inode)) { + lcp->lc_size_chg = true; + lcp->lc_newsize = new_size; + } + } nfserr = nfsd4_preprocess_layout_stateid(rqstp, cstate, &lcp->lc_sid, false, lcp->lc_layout_type, @@ -2513,13 +2520,6 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, /* LAYOUTCOMMIT does not require any serialization */ mutex_unlock(&ls->ls_mutex); - if (new_size > i_size_read(inode)) { - lcp->lc_size_chg = true; - lcp->lc_newsize = new_size; - } else { - lcp->lc_size_chg = false; - } - nfserr = ops->proc_layoutcommit(inode, rqstp, lcp); nfs4_put_stid(&ls->ls_stid); out:

1 week

2
3
0 0

FAILED: patch "[PATCH] NFSD: Fix last write offset handling in layoutcommit" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d68886bae76a4b9b3484d23e5b7df086f940fa38 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101658-county-probation-13a9@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d68886bae76a4b9b3484d23e5b7df086f940fa38 Mon Sep 17 00:00:00 2001 From: Sergey Bashirov <sergeybashirov(a)gmail.com> Date: Mon, 21 Jul 2025 21:40:56 +0300 Subject: [PATCH] NFSD: Fix last write offset handling in layoutcommit The data type of loca_last_write_offset is newoffset4 and is switched on a boolean value, no_newoffset, that indicates if a previous write occurred or not. If no_newoffset is FALSE, an offset is not given. This means that client does not try to update the file size. Thus, server should not try to calculate new file size and check if it fits into the segment range. See RFC 8881, section 12.5.4.2. Sometimes the current incorrect logic may cause clients to hang when trying to sync an inode. If layoutcommit fails, the client marks the inode as dirty again. Fixes: 9cf514ccfacb ("nfsd: implement pNFS operations") Cc: stable(a)vger.kernel.org Co-developed-by: Konstantin Evtushenko <koevtushenko(a)yandex.com> Signed-off-by: Konstantin Evtushenko <koevtushenko(a)yandex.com> Signed-off-by: Sergey Bashirov <sergeybashirov(a)gmail.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/blocklayout.c b/fs/nfsd/blocklayout.c index 4c936132eb44..0822d8a119c6 100644 --- a/fs/nfsd/blocklayout.c +++ b/fs/nfsd/blocklayout.c @@ -118,7 +118,6 @@ nfsd4_block_commit_blocks(struct inode *inode, struct nfsd4_layoutcommit *lcp, struct iomap *iomaps, int nr_iomaps) { struct timespec64 mtime = inode_get_mtime(inode); - loff_t new_size = lcp->lc_last_wr + 1; struct iattr iattr = { .ia_valid = 0 }; int error; @@ -128,9 +127,9 @@ nfsd4_block_commit_blocks(struct inode *inode, struct nfsd4_layoutcommit *lcp, iattr.ia_valid |= ATTR_ATIME | ATTR_CTIME | ATTR_MTIME; iattr.ia_atime = iattr.ia_ctime = iattr.ia_mtime = lcp->lc_mtime; - if (new_size > i_size_read(inode)) { + if (lcp->lc_size_chg) { iattr.ia_valid |= ATTR_SIZE; - iattr.ia_size = new_size; + iattr.ia_size = lcp->lc_newsize; } error = inode->i_sb->s_export_op->commit_blocks(inode, iomaps, diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 656b2e7d8840..7043fc475458 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -2475,7 +2475,6 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, const struct nfsd4_layout_seg *seg = &lcp->lc_seg; struct svc_fh *current_fh = &cstate->current_fh; const struct nfsd4_layout_ops *ops; - loff_t new_size = lcp->lc_last_wr + 1; struct inode *inode; struct nfs4_layout_stateid *ls; __be32 nfserr; @@ -2491,13 +2490,21 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, goto out; inode = d_inode(current_fh->fh_dentry); - nfserr = nfserr_inval; - if (new_size <= seg->offset) - goto out; - if (new_size > seg->offset + seg->length) - goto out; - if (!lcp->lc_newoffset && new_size > i_size_read(inode)) - goto out; + lcp->lc_size_chg = false; + if (lcp->lc_newoffset) { + loff_t new_size = lcp->lc_last_wr + 1; + + nfserr = nfserr_inval; + if (new_size <= seg->offset) + goto out; + if (new_size > seg->offset + seg->length) + goto out; + + if (new_size > i_size_read(inode)) { + lcp->lc_size_chg = true; + lcp->lc_newsize = new_size; + } + } nfserr = nfsd4_preprocess_layout_stateid(rqstp, cstate, &lcp->lc_sid, false, lcp->lc_layout_type, @@ -2513,13 +2520,6 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, /* LAYOUTCOMMIT does not require any serialization */ mutex_unlock(&ls->ls_mutex); - if (new_size > i_size_read(inode)) { - lcp->lc_size_chg = true; - lcp->lc_newsize = new_size; - } else { - lcp->lc_size_chg = false; - } - nfserr = ops->proc_layoutcommit(inode, rqstp, lcp); nfs4_put_stid(&ls->ls_stid); out:

1 week

2
3
0 0

FAILED: patch "[PATCH] NFSD: Fix last write offset handling in layoutcommit" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d68886bae76a4b9b3484d23e5b7df086f940fa38 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101657-sandpaper-shelter-26f2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d68886bae76a4b9b3484d23e5b7df086f940fa38 Mon Sep 17 00:00:00 2001 From: Sergey Bashirov <sergeybashirov(a)gmail.com> Date: Mon, 21 Jul 2025 21:40:56 +0300 Subject: [PATCH] NFSD: Fix last write offset handling in layoutcommit The data type of loca_last_write_offset is newoffset4 and is switched on a boolean value, no_newoffset, that indicates if a previous write occurred or not. If no_newoffset is FALSE, an offset is not given. This means that client does not try to update the file size. Thus, server should not try to calculate new file size and check if it fits into the segment range. See RFC 8881, section 12.5.4.2. Sometimes the current incorrect logic may cause clients to hang when trying to sync an inode. If layoutcommit fails, the client marks the inode as dirty again. Fixes: 9cf514ccfacb ("nfsd: implement pNFS operations") Cc: stable(a)vger.kernel.org Co-developed-by: Konstantin Evtushenko <koevtushenko(a)yandex.com> Signed-off-by: Konstantin Evtushenko <koevtushenko(a)yandex.com> Signed-off-by: Sergey Bashirov <sergeybashirov(a)gmail.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/blocklayout.c b/fs/nfsd/blocklayout.c index 4c936132eb44..0822d8a119c6 100644 --- a/fs/nfsd/blocklayout.c +++ b/fs/nfsd/blocklayout.c @@ -118,7 +118,6 @@ nfsd4_block_commit_blocks(struct inode *inode, struct nfsd4_layoutcommit *lcp, struct iomap *iomaps, int nr_iomaps) { struct timespec64 mtime = inode_get_mtime(inode); - loff_t new_size = lcp->lc_last_wr + 1; struct iattr iattr = { .ia_valid = 0 }; int error; @@ -128,9 +127,9 @@ nfsd4_block_commit_blocks(struct inode *inode, struct nfsd4_layoutcommit *lcp, iattr.ia_valid |= ATTR_ATIME | ATTR_CTIME | ATTR_MTIME; iattr.ia_atime = iattr.ia_ctime = iattr.ia_mtime = lcp->lc_mtime; - if (new_size > i_size_read(inode)) { + if (lcp->lc_size_chg) { iattr.ia_valid |= ATTR_SIZE; - iattr.ia_size = new_size; + iattr.ia_size = lcp->lc_newsize; } error = inode->i_sb->s_export_op->commit_blocks(inode, iomaps, diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 656b2e7d8840..7043fc475458 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -2475,7 +2475,6 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, const struct nfsd4_layout_seg *seg = &lcp->lc_seg; struct svc_fh *current_fh = &cstate->current_fh; const struct nfsd4_layout_ops *ops; - loff_t new_size = lcp->lc_last_wr + 1; struct inode *inode; struct nfs4_layout_stateid *ls; __be32 nfserr; @@ -2491,13 +2490,21 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, goto out; inode = d_inode(current_fh->fh_dentry); - nfserr = nfserr_inval; - if (new_size <= seg->offset) - goto out; - if (new_size > seg->offset + seg->length) - goto out; - if (!lcp->lc_newoffset && new_size > i_size_read(inode)) - goto out; + lcp->lc_size_chg = false; + if (lcp->lc_newoffset) { + loff_t new_size = lcp->lc_last_wr + 1; + + nfserr = nfserr_inval; + if (new_size <= seg->offset) + goto out; + if (new_size > seg->offset + seg->length) + goto out; + + if (new_size > i_size_read(inode)) { + lcp->lc_size_chg = true; + lcp->lc_newsize = new_size; + } + } nfserr = nfsd4_preprocess_layout_stateid(rqstp, cstate, &lcp->lc_sid, false, lcp->lc_layout_type, @@ -2513,13 +2520,6 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, /* LAYOUTCOMMIT does not require any serialization */ mutex_unlock(&ls->ls_mutex); - if (new_size > i_size_read(inode)) { - lcp->lc_size_chg = true; - lcp->lc_newsize = new_size; - } else { - lcp->lc_size_chg = false; - } - nfserr = ops->proc_layoutcommit(inode, rqstp, lcp); nfs4_put_stid(&ls->ls_stid); out:

1 week

2
3
0 0

FAILED: patch "[PATCH] NFSD: Fix last write offset handling in layoutcommit" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x d68886bae76a4b9b3484d23e5b7df086f940fa38 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101657-preseason-garnish-c1e0@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d68886bae76a4b9b3484d23e5b7df086f940fa38 Mon Sep 17 00:00:00 2001 From: Sergey Bashirov <sergeybashirov(a)gmail.com> Date: Mon, 21 Jul 2025 21:40:56 +0300 Subject: [PATCH] NFSD: Fix last write offset handling in layoutcommit The data type of loca_last_write_offset is newoffset4 and is switched on a boolean value, no_newoffset, that indicates if a previous write occurred or not. If no_newoffset is FALSE, an offset is not given. This means that client does not try to update the file size. Thus, server should not try to calculate new file size and check if it fits into the segment range. See RFC 8881, section 12.5.4.2. Sometimes the current incorrect logic may cause clients to hang when trying to sync an inode. If layoutcommit fails, the client marks the inode as dirty again. Fixes: 9cf514ccfacb ("nfsd: implement pNFS operations") Cc: stable(a)vger.kernel.org Co-developed-by: Konstantin Evtushenko <koevtushenko(a)yandex.com> Signed-off-by: Konstantin Evtushenko <koevtushenko(a)yandex.com> Signed-off-by: Sergey Bashirov <sergeybashirov(a)gmail.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/blocklayout.c b/fs/nfsd/blocklayout.c index 4c936132eb44..0822d8a119c6 100644 --- a/fs/nfsd/blocklayout.c +++ b/fs/nfsd/blocklayout.c @@ -118,7 +118,6 @@ nfsd4_block_commit_blocks(struct inode *inode, struct nfsd4_layoutcommit *lcp, struct iomap *iomaps, int nr_iomaps) { struct timespec64 mtime = inode_get_mtime(inode); - loff_t new_size = lcp->lc_last_wr + 1; struct iattr iattr = { .ia_valid = 0 }; int error; @@ -128,9 +127,9 @@ nfsd4_block_commit_blocks(struct inode *inode, struct nfsd4_layoutcommit *lcp, iattr.ia_valid |= ATTR_ATIME | ATTR_CTIME | ATTR_MTIME; iattr.ia_atime = iattr.ia_ctime = iattr.ia_mtime = lcp->lc_mtime; - if (new_size > i_size_read(inode)) { + if (lcp->lc_size_chg) { iattr.ia_valid |= ATTR_SIZE; - iattr.ia_size = new_size; + iattr.ia_size = lcp->lc_newsize; } error = inode->i_sb->s_export_op->commit_blocks(inode, iomaps, diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 656b2e7d8840..7043fc475458 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -2475,7 +2475,6 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, const struct nfsd4_layout_seg *seg = &lcp->lc_seg; struct svc_fh *current_fh = &cstate->current_fh; const struct nfsd4_layout_ops *ops; - loff_t new_size = lcp->lc_last_wr + 1; struct inode *inode; struct nfs4_layout_stateid *ls; __be32 nfserr; @@ -2491,13 +2490,21 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, goto out; inode = d_inode(current_fh->fh_dentry); - nfserr = nfserr_inval; - if (new_size <= seg->offset) - goto out; - if (new_size > seg->offset + seg->length) - goto out; - if (!lcp->lc_newoffset && new_size > i_size_read(inode)) - goto out; + lcp->lc_size_chg = false; + if (lcp->lc_newoffset) { + loff_t new_size = lcp->lc_last_wr + 1; + + nfserr = nfserr_inval; + if (new_size <= seg->offset) + goto out; + if (new_size > seg->offset + seg->length) + goto out; + + if (new_size > i_size_read(inode)) { + lcp->lc_size_chg = true; + lcp->lc_newsize = new_size; + } + } nfserr = nfsd4_preprocess_layout_stateid(rqstp, cstate, &lcp->lc_sid, false, lcp->lc_layout_type, @@ -2513,13 +2520,6 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, /* LAYOUTCOMMIT does not require any serialization */ mutex_unlock(&ls->ls_mutex); - if (new_size > i_size_read(inode)) { - lcp->lc_size_chg = true; - lcp->lc_newsize = new_size; - } else { - lcp->lc_size_chg = false; - } - nfserr = ops->proc_layoutcommit(inode, rqstp, lcp); nfs4_put_stid(&ls->ls_stid); out:

1 week

2
7
0 0

FAILED: patch "[PATCH] NFSD: Fix last write offset handling in layoutcommit" failed to apply to 6.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.17.y git checkout FETCH_HEAD git cherry-pick -x d68886bae76a4b9b3484d23e5b7df086f940fa38 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101656-unfrosted-rasping-f7dc@gregkh' --subject-prefix 'PATCH 6.17.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d68886bae76a4b9b3484d23e5b7df086f940fa38 Mon Sep 17 00:00:00 2001 From: Sergey Bashirov <sergeybashirov(a)gmail.com> Date: Mon, 21 Jul 2025 21:40:56 +0300 Subject: [PATCH] NFSD: Fix last write offset handling in layoutcommit The data type of loca_last_write_offset is newoffset4 and is switched on a boolean value, no_newoffset, that indicates if a previous write occurred or not. If no_newoffset is FALSE, an offset is not given. This means that client does not try to update the file size. Thus, server should not try to calculate new file size and check if it fits into the segment range. See RFC 8881, section 12.5.4.2. Sometimes the current incorrect logic may cause clients to hang when trying to sync an inode. If layoutcommit fails, the client marks the inode as dirty again. Fixes: 9cf514ccfacb ("nfsd: implement pNFS operations") Cc: stable(a)vger.kernel.org Co-developed-by: Konstantin Evtushenko <koevtushenko(a)yandex.com> Signed-off-by: Konstantin Evtushenko <koevtushenko(a)yandex.com> Signed-off-by: Sergey Bashirov <sergeybashirov(a)gmail.com> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Jeff Layton <jlayton(a)kernel.org> Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> diff --git a/fs/nfsd/blocklayout.c b/fs/nfsd/blocklayout.c index 4c936132eb44..0822d8a119c6 100644 --- a/fs/nfsd/blocklayout.c +++ b/fs/nfsd/blocklayout.c @@ -118,7 +118,6 @@ nfsd4_block_commit_blocks(struct inode *inode, struct nfsd4_layoutcommit *lcp, struct iomap *iomaps, int nr_iomaps) { struct timespec64 mtime = inode_get_mtime(inode); - loff_t new_size = lcp->lc_last_wr + 1; struct iattr iattr = { .ia_valid = 0 }; int error; @@ -128,9 +127,9 @@ nfsd4_block_commit_blocks(struct inode *inode, struct nfsd4_layoutcommit *lcp, iattr.ia_valid |= ATTR_ATIME | ATTR_CTIME | ATTR_MTIME; iattr.ia_atime = iattr.ia_ctime = iattr.ia_mtime = lcp->lc_mtime; - if (new_size > i_size_read(inode)) { + if (lcp->lc_size_chg) { iattr.ia_valid |= ATTR_SIZE; - iattr.ia_size = new_size; + iattr.ia_size = lcp->lc_newsize; } error = inode->i_sb->s_export_op->commit_blocks(inode, iomaps, diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c index 656b2e7d8840..7043fc475458 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -2475,7 +2475,6 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, const struct nfsd4_layout_seg *seg = &lcp->lc_seg; struct svc_fh *current_fh = &cstate->current_fh; const struct nfsd4_layout_ops *ops; - loff_t new_size = lcp->lc_last_wr + 1; struct inode *inode; struct nfs4_layout_stateid *ls; __be32 nfserr; @@ -2491,13 +2490,21 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, goto out; inode = d_inode(current_fh->fh_dentry); - nfserr = nfserr_inval; - if (new_size <= seg->offset) - goto out; - if (new_size > seg->offset + seg->length) - goto out; - if (!lcp->lc_newoffset && new_size > i_size_read(inode)) - goto out; + lcp->lc_size_chg = false; + if (lcp->lc_newoffset) { + loff_t new_size = lcp->lc_last_wr + 1; + + nfserr = nfserr_inval; + if (new_size <= seg->offset) + goto out; + if (new_size > seg->offset + seg->length) + goto out; + + if (new_size > i_size_read(inode)) { + lcp->lc_size_chg = true; + lcp->lc_newsize = new_size; + } + } nfserr = nfsd4_preprocess_layout_stateid(rqstp, cstate, &lcp->lc_sid, false, lcp->lc_layout_type, @@ -2513,13 +2520,6 @@ nfsd4_layoutcommit(struct svc_rqst *rqstp, /* LAYOUTCOMMIT does not require any serialization */ mutex_unlock(&ls->ls_mutex); - if (new_size > i_size_read(inode)) { - lcp->lc_size_chg = true; - lcp->lc_newsize = new_size; - } else { - lcp->lc_size_chg = false; - } - nfserr = ops->proc_layoutcommit(inode, rqstp, lcp); nfs4_put_stid(&ls->ls_stid); out:

1 week

2
4
0 0

FAILED: patch "[PATCH] xfs: fix log CRC mismatches between i386 and other" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e747883c7d7306acb4d683038d881528fbfbe749 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101616-negligee-wrongness-0478@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e747883c7d7306acb4d683038d881528fbfbe749 Mon Sep 17 00:00:00 2001 From: Christoph Hellwig <hch(a)lst.de> Date: Mon, 15 Sep 2025 06:20:30 -0700 Subject: [PATCH] xfs: fix log CRC mismatches between i386 and other architectures When mounting file systems with a log that was dirtied on i386 on other architectures or vice versa, log recovery is unhappy: [ 11.068052] XFS (vdb): Torn write (CRC failure) detected at log block 0x2. Truncating head block from 0xc. This is because the CRCs generated by i386 and other architectures always diff. The reason for that is that sizeof(struct xlog_rec_header) returns different values for i386 vs the rest (324 vs 328), because the struct is not sizeof(uint64_t) aligned, and i386 has odd struct size alignment rules. This issue goes back to commit 13cdc853c519 ("Add log versioning, and new super block field for the log stripe") in the xfs-import tree, which adds log v2 support and the h_size field that causes the unaligned size. At that time it only mattered for the crude debug only log header checksum, but with commit 0e446be44806 ("xfs: add CRC checks to the log") it became a real issue for v5 file system, because now there is a proper CRC, and regular builds actually expect it match. Fix this by allowing checksums with and without the padding. Fixes: 0e446be44806 ("xfs: add CRC checks to the log") Cc: <stable(a)vger.kernel.org> # v3.8 Signed-off-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Carlos Maiolino <cem(a)kernel.org> diff --git a/fs/xfs/libxfs/xfs_log_format.h b/fs/xfs/libxfs/xfs_log_format.h index a42a83211724..fd00b77af32b 100644 --- a/fs/xfs/libxfs/xfs_log_format.h +++ b/fs/xfs/libxfs/xfs_log_format.h @@ -173,12 +173,40 @@ typedef struct xlog_rec_header { __be32 h_prev_block; /* block number to previous LR : 4 */ __be32 h_num_logops; /* number of log operations in this LR : 4 */ __be32 h_cycle_data[XLOG_HEADER_CYCLE_SIZE / BBSIZE]; - /* new fields */ + + /* fields added by the Linux port: */ __be32 h_fmt; /* format of log record : 4 */ uuid_t h_fs_uuid; /* uuid of FS : 16 */ + + /* fields added for log v2: */ __be32 h_size; /* iclog size : 4 */ + + /* + * When h_size added for log v2 support, it caused structure to have + * a different size on i386 vs all other architectures because the + * sum of the size ofthe member is not aligned by that of the largest + * __be64-sized member, and i386 has really odd struct alignment rules. + * + * Due to the way the log headers are placed out on-disk that alone is + * not a problem becaue the xlog_rec_header always sits alone in a + * BBSIZEs area, and the rest of that area is padded with zeroes. + * But xlog_cksum used to calculate the checksum based on the structure + * size, and thus gives different checksums for i386 vs the rest. + * We now do two checksum validation passes for both sizes to allow + * moving v5 file systems with unclean logs between i386 and other + * (little-endian) architectures. + */ + __u32 h_pad0; } xlog_rec_header_t; +#ifdef __i386__ +#define XLOG_REC_SIZE offsetofend(struct xlog_rec_header, h_size) +#define XLOG_REC_SIZE_OTHER sizeof(struct xlog_rec_header) +#else +#define XLOG_REC_SIZE sizeof(struct xlog_rec_header) +#define XLOG_REC_SIZE_OTHER offsetofend(struct xlog_rec_header, h_size) +#endif /* __i386__ */ + typedef struct xlog_rec_ext_header { __be32 xh_cycle; /* write cycle of log : 4 */ __be32 xh_cycle_data[XLOG_HEADER_CYCLE_SIZE / BBSIZE]; /* : 256 */ diff --git a/fs/xfs/libxfs/xfs_ondisk.h b/fs/xfs/libxfs/xfs_ondisk.h index 5ed44fdf7491..7bfa3242e2c5 100644 --- a/fs/xfs/libxfs/xfs_ondisk.h +++ b/fs/xfs/libxfs/xfs_ondisk.h @@ -174,6 +174,8 @@ xfs_check_ondisk_structs(void) XFS_CHECK_STRUCT_SIZE(struct xfs_rud_log_format, 16); XFS_CHECK_STRUCT_SIZE(struct xfs_map_extent, 32); XFS_CHECK_STRUCT_SIZE(struct xfs_phys_extent, 16); + XFS_CHECK_STRUCT_SIZE(struct xlog_rec_header, 328); + XFS_CHECK_STRUCT_SIZE(struct xlog_rec_ext_header, 260); XFS_CHECK_OFFSET(struct xfs_bui_log_format, bui_extents, 16); XFS_CHECK_OFFSET(struct xfs_cui_log_format, cui_extents, 16); diff --git a/fs/xfs/xfs_log.c b/fs/xfs/xfs_log.c index 7c590ecdf865..2978de9da38e 100644 --- a/fs/xfs/xfs_log.c +++ b/fs/xfs/xfs_log.c @@ -1568,13 +1568,13 @@ xlog_cksum( struct xlog *log, struct xlog_rec_header *rhead, char *dp, - int size) + unsigned int hdrsize, + unsigned int size) { uint32_t crc; /* first generate the crc for the record header ... */ - crc = xfs_start_cksum_update((char *)rhead, - sizeof(struct xlog_rec_header), + crc = xfs_start_cksum_update((char *)rhead, hdrsize, offsetof(struct xlog_rec_header, h_crc)); /* ... then for additional cycle data for v2 logs ... */ @@ -1818,7 +1818,7 @@ xlog_sync( /* calculcate the checksum */ iclog->ic_header.h_crc = xlog_cksum(log, &iclog->ic_header, - iclog->ic_datap, size); + iclog->ic_datap, XLOG_REC_SIZE, size); /* * Intentionally corrupt the log record CRC based on the error injection * frequency, if defined. This facilitates testing log recovery in the diff --git a/fs/xfs/xfs_log_priv.h b/fs/xfs/xfs_log_priv.h index a9a7a271c15b..0cfc654d8e87 100644 --- a/fs/xfs/xfs_log_priv.h +++ b/fs/xfs/xfs_log_priv.h @@ -499,8 +499,8 @@ xlog_recover_finish( extern void xlog_recover_cancel(struct xlog *); -extern __le32 xlog_cksum(struct xlog *log, struct xlog_rec_header *rhead, - char *dp, int size); +__le32 xlog_cksum(struct xlog *log, struct xlog_rec_header *rhead, + char *dp, unsigned int hdrsize, unsigned int size); extern struct kmem_cache *xfs_log_ticket_cache; struct xlog_ticket *xlog_ticket_alloc(struct xlog *log, int unit_bytes, diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c index 0a4db8efd903..549d60959aee 100644 --- a/fs/xfs/xfs_log_recover.c +++ b/fs/xfs/xfs_log_recover.c @@ -2894,9 +2894,24 @@ xlog_recover_process( int pass, struct list_head *buffer_list) { - __le32 expected_crc = rhead->h_crc, crc; + __le32 expected_crc = rhead->h_crc, crc, other_crc; - crc = xlog_cksum(log, rhead, dp, be32_to_cpu(rhead->h_len)); + crc = xlog_cksum(log, rhead, dp, XLOG_REC_SIZE, + be32_to_cpu(rhead->h_len)); + + /* + * Look at the end of the struct xlog_rec_header definition in + * xfs_log_format.h for the glory details. + */ + if (expected_crc && crc != expected_crc) { + other_crc = xlog_cksum(log, rhead, dp, XLOG_REC_SIZE_OTHER, + be32_to_cpu(rhead->h_len)); + if (other_crc == expected_crc) { + xfs_notice_once(log->l_mp, + "Fixing up incorrect CRC due to padding."); + crc = other_crc; + } + } /* * Nothing else to do if this is a CRC verification pass. Just return

1 week

2
2
0 0

FAILED: patch "[PATCH] xfs: fix log CRC mismatches between i386 and other" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x e747883c7d7306acb4d683038d881528fbfbe749 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101615-delirious-unicycle-3115@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e747883c7d7306acb4d683038d881528fbfbe749 Mon Sep 17 00:00:00 2001 From: Christoph Hellwig <hch(a)lst.de> Date: Mon, 15 Sep 2025 06:20:30 -0700 Subject: [PATCH] xfs: fix log CRC mismatches between i386 and other architectures When mounting file systems with a log that was dirtied on i386 on other architectures or vice versa, log recovery is unhappy: [ 11.068052] XFS (vdb): Torn write (CRC failure) detected at log block 0x2. Truncating head block from 0xc. This is because the CRCs generated by i386 and other architectures always diff. The reason for that is that sizeof(struct xlog_rec_header) returns different values for i386 vs the rest (324 vs 328), because the struct is not sizeof(uint64_t) aligned, and i386 has odd struct size alignment rules. This issue goes back to commit 13cdc853c519 ("Add log versioning, and new super block field for the log stripe") in the xfs-import tree, which adds log v2 support and the h_size field that causes the unaligned size. At that time it only mattered for the crude debug only log header checksum, but with commit 0e446be44806 ("xfs: add CRC checks to the log") it became a real issue for v5 file system, because now there is a proper CRC, and regular builds actually expect it match. Fix this by allowing checksums with and without the padding. Fixes: 0e446be44806 ("xfs: add CRC checks to the log") Cc: <stable(a)vger.kernel.org> # v3.8 Signed-off-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Carlos Maiolino <cem(a)kernel.org> diff --git a/fs/xfs/libxfs/xfs_log_format.h b/fs/xfs/libxfs/xfs_log_format.h index a42a83211724..fd00b77af32b 100644 --- a/fs/xfs/libxfs/xfs_log_format.h +++ b/fs/xfs/libxfs/xfs_log_format.h @@ -173,12 +173,40 @@ typedef struct xlog_rec_header { __be32 h_prev_block; /* block number to previous LR : 4 */ __be32 h_num_logops; /* number of log operations in this LR : 4 */ __be32 h_cycle_data[XLOG_HEADER_CYCLE_SIZE / BBSIZE]; - /* new fields */ + + /* fields added by the Linux port: */ __be32 h_fmt; /* format of log record : 4 */ uuid_t h_fs_uuid; /* uuid of FS : 16 */ + + /* fields added for log v2: */ __be32 h_size; /* iclog size : 4 */ + + /* + * When h_size added for log v2 support, it caused structure to have + * a different size on i386 vs all other architectures because the + * sum of the size ofthe member is not aligned by that of the largest + * __be64-sized member, and i386 has really odd struct alignment rules. + * + * Due to the way the log headers are placed out on-disk that alone is + * not a problem becaue the xlog_rec_header always sits alone in a + * BBSIZEs area, and the rest of that area is padded with zeroes. + * But xlog_cksum used to calculate the checksum based on the structure + * size, and thus gives different checksums for i386 vs the rest. + * We now do two checksum validation passes for both sizes to allow + * moving v5 file systems with unclean logs between i386 and other + * (little-endian) architectures. + */ + __u32 h_pad0; } xlog_rec_header_t; +#ifdef __i386__ +#define XLOG_REC_SIZE offsetofend(struct xlog_rec_header, h_size) +#define XLOG_REC_SIZE_OTHER sizeof(struct xlog_rec_header) +#else +#define XLOG_REC_SIZE sizeof(struct xlog_rec_header) +#define XLOG_REC_SIZE_OTHER offsetofend(struct xlog_rec_header, h_size) +#endif /* __i386__ */ + typedef struct xlog_rec_ext_header { __be32 xh_cycle; /* write cycle of log : 4 */ __be32 xh_cycle_data[XLOG_HEADER_CYCLE_SIZE / BBSIZE]; /* : 256 */ diff --git a/fs/xfs/libxfs/xfs_ondisk.h b/fs/xfs/libxfs/xfs_ondisk.h index 5ed44fdf7491..7bfa3242e2c5 100644 --- a/fs/xfs/libxfs/xfs_ondisk.h +++ b/fs/xfs/libxfs/xfs_ondisk.h @@ -174,6 +174,8 @@ xfs_check_ondisk_structs(void) XFS_CHECK_STRUCT_SIZE(struct xfs_rud_log_format, 16); XFS_CHECK_STRUCT_SIZE(struct xfs_map_extent, 32); XFS_CHECK_STRUCT_SIZE(struct xfs_phys_extent, 16); + XFS_CHECK_STRUCT_SIZE(struct xlog_rec_header, 328); + XFS_CHECK_STRUCT_SIZE(struct xlog_rec_ext_header, 260); XFS_CHECK_OFFSET(struct xfs_bui_log_format, bui_extents, 16); XFS_CHECK_OFFSET(struct xfs_cui_log_format, cui_extents, 16); diff --git a/fs/xfs/xfs_log.c b/fs/xfs/xfs_log.c index 7c590ecdf865..2978de9da38e 100644 --- a/fs/xfs/xfs_log.c +++ b/fs/xfs/xfs_log.c @@ -1568,13 +1568,13 @@ xlog_cksum( struct xlog *log, struct xlog_rec_header *rhead, char *dp, - int size) + unsigned int hdrsize, + unsigned int size) { uint32_t crc; /* first generate the crc for the record header ... */ - crc = xfs_start_cksum_update((char *)rhead, - sizeof(struct xlog_rec_header), + crc = xfs_start_cksum_update((char *)rhead, hdrsize, offsetof(struct xlog_rec_header, h_crc)); /* ... then for additional cycle data for v2 logs ... */ @@ -1818,7 +1818,7 @@ xlog_sync( /* calculcate the checksum */ iclog->ic_header.h_crc = xlog_cksum(log, &iclog->ic_header, - iclog->ic_datap, size); + iclog->ic_datap, XLOG_REC_SIZE, size); /* * Intentionally corrupt the log record CRC based on the error injection * frequency, if defined. This facilitates testing log recovery in the diff --git a/fs/xfs/xfs_log_priv.h b/fs/xfs/xfs_log_priv.h index a9a7a271c15b..0cfc654d8e87 100644 --- a/fs/xfs/xfs_log_priv.h +++ b/fs/xfs/xfs_log_priv.h @@ -499,8 +499,8 @@ xlog_recover_finish( extern void xlog_recover_cancel(struct xlog *); -extern __le32 xlog_cksum(struct xlog *log, struct xlog_rec_header *rhead, - char *dp, int size); +__le32 xlog_cksum(struct xlog *log, struct xlog_rec_header *rhead, + char *dp, unsigned int hdrsize, unsigned int size); extern struct kmem_cache *xfs_log_ticket_cache; struct xlog_ticket *xlog_ticket_alloc(struct xlog *log, int unit_bytes, diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c index 0a4db8efd903..549d60959aee 100644 --- a/fs/xfs/xfs_log_recover.c +++ b/fs/xfs/xfs_log_recover.c @@ -2894,9 +2894,24 @@ xlog_recover_process( int pass, struct list_head *buffer_list) { - __le32 expected_crc = rhead->h_crc, crc; + __le32 expected_crc = rhead->h_crc, crc, other_crc; - crc = xlog_cksum(log, rhead, dp, be32_to_cpu(rhead->h_len)); + crc = xlog_cksum(log, rhead, dp, XLOG_REC_SIZE, + be32_to_cpu(rhead->h_len)); + + /* + * Look at the end of the struct xlog_rec_header definition in + * xfs_log_format.h for the glory details. + */ + if (expected_crc && crc != expected_crc) { + other_crc = xlog_cksum(log, rhead, dp, XLOG_REC_SIZE_OTHER, + be32_to_cpu(rhead->h_len)); + if (other_crc == expected_crc) { + xfs_notice_once(log->l_mp, + "Fixing up incorrect CRC due to padding."); + crc = other_crc; + } + } /* * Nothing else to do if this is a CRC verification pass. Just return

1 week

2
2
0 0

FAILED: patch "[PATCH] xfs: fix log CRC mismatches between i386 and other" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x e747883c7d7306acb4d683038d881528fbfbe749 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101615-hunter-bonfire-f320@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e747883c7d7306acb4d683038d881528fbfbe749 Mon Sep 17 00:00:00 2001 From: Christoph Hellwig <hch(a)lst.de> Date: Mon, 15 Sep 2025 06:20:30 -0700 Subject: [PATCH] xfs: fix log CRC mismatches between i386 and other architectures When mounting file systems with a log that was dirtied on i386 on other architectures or vice versa, log recovery is unhappy: [ 11.068052] XFS (vdb): Torn write (CRC failure) detected at log block 0x2. Truncating head block from 0xc. This is because the CRCs generated by i386 and other architectures always diff. The reason for that is that sizeof(struct xlog_rec_header) returns different values for i386 vs the rest (324 vs 328), because the struct is not sizeof(uint64_t) aligned, and i386 has odd struct size alignment rules. This issue goes back to commit 13cdc853c519 ("Add log versioning, and new super block field for the log stripe") in the xfs-import tree, which adds log v2 support and the h_size field that causes the unaligned size. At that time it only mattered for the crude debug only log header checksum, but with commit 0e446be44806 ("xfs: add CRC checks to the log") it became a real issue for v5 file system, because now there is a proper CRC, and regular builds actually expect it match. Fix this by allowing checksums with and without the padding. Fixes: 0e446be44806 ("xfs: add CRC checks to the log") Cc: <stable(a)vger.kernel.org> # v3.8 Signed-off-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Carlos Maiolino <cem(a)kernel.org> diff --git a/fs/xfs/libxfs/xfs_log_format.h b/fs/xfs/libxfs/xfs_log_format.h index a42a83211724..fd00b77af32b 100644 --- a/fs/xfs/libxfs/xfs_log_format.h +++ b/fs/xfs/libxfs/xfs_log_format.h @@ -173,12 +173,40 @@ typedef struct xlog_rec_header { __be32 h_prev_block; /* block number to previous LR : 4 */ __be32 h_num_logops; /* number of log operations in this LR : 4 */ __be32 h_cycle_data[XLOG_HEADER_CYCLE_SIZE / BBSIZE]; - /* new fields */ + + /* fields added by the Linux port: */ __be32 h_fmt; /* format of log record : 4 */ uuid_t h_fs_uuid; /* uuid of FS : 16 */ + + /* fields added for log v2: */ __be32 h_size; /* iclog size : 4 */ + + /* + * When h_size added for log v2 support, it caused structure to have + * a different size on i386 vs all other architectures because the + * sum of the size ofthe member is not aligned by that of the largest + * __be64-sized member, and i386 has really odd struct alignment rules. + * + * Due to the way the log headers are placed out on-disk that alone is + * not a problem becaue the xlog_rec_header always sits alone in a + * BBSIZEs area, and the rest of that area is padded with zeroes. + * But xlog_cksum used to calculate the checksum based on the structure + * size, and thus gives different checksums for i386 vs the rest. + * We now do two checksum validation passes for both sizes to allow + * moving v5 file systems with unclean logs between i386 and other + * (little-endian) architectures. + */ + __u32 h_pad0; } xlog_rec_header_t; +#ifdef __i386__ +#define XLOG_REC_SIZE offsetofend(struct xlog_rec_header, h_size) +#define XLOG_REC_SIZE_OTHER sizeof(struct xlog_rec_header) +#else +#define XLOG_REC_SIZE sizeof(struct xlog_rec_header) +#define XLOG_REC_SIZE_OTHER offsetofend(struct xlog_rec_header, h_size) +#endif /* __i386__ */ + typedef struct xlog_rec_ext_header { __be32 xh_cycle; /* write cycle of log : 4 */ __be32 xh_cycle_data[XLOG_HEADER_CYCLE_SIZE / BBSIZE]; /* : 256 */ diff --git a/fs/xfs/libxfs/xfs_ondisk.h b/fs/xfs/libxfs/xfs_ondisk.h index 5ed44fdf7491..7bfa3242e2c5 100644 --- a/fs/xfs/libxfs/xfs_ondisk.h +++ b/fs/xfs/libxfs/xfs_ondisk.h @@ -174,6 +174,8 @@ xfs_check_ondisk_structs(void) XFS_CHECK_STRUCT_SIZE(struct xfs_rud_log_format, 16); XFS_CHECK_STRUCT_SIZE(struct xfs_map_extent, 32); XFS_CHECK_STRUCT_SIZE(struct xfs_phys_extent, 16); + XFS_CHECK_STRUCT_SIZE(struct xlog_rec_header, 328); + XFS_CHECK_STRUCT_SIZE(struct xlog_rec_ext_header, 260); XFS_CHECK_OFFSET(struct xfs_bui_log_format, bui_extents, 16); XFS_CHECK_OFFSET(struct xfs_cui_log_format, cui_extents, 16); diff --git a/fs/xfs/xfs_log.c b/fs/xfs/xfs_log.c index 7c590ecdf865..2978de9da38e 100644 --- a/fs/xfs/xfs_log.c +++ b/fs/xfs/xfs_log.c @@ -1568,13 +1568,13 @@ xlog_cksum( struct xlog *log, struct xlog_rec_header *rhead, char *dp, - int size) + unsigned int hdrsize, + unsigned int size) { uint32_t crc; /* first generate the crc for the record header ... */ - crc = xfs_start_cksum_update((char *)rhead, - sizeof(struct xlog_rec_header), + crc = xfs_start_cksum_update((char *)rhead, hdrsize, offsetof(struct xlog_rec_header, h_crc)); /* ... then for additional cycle data for v2 logs ... */ @@ -1818,7 +1818,7 @@ xlog_sync( /* calculcate the checksum */ iclog->ic_header.h_crc = xlog_cksum(log, &iclog->ic_header, - iclog->ic_datap, size); + iclog->ic_datap, XLOG_REC_SIZE, size); /* * Intentionally corrupt the log record CRC based on the error injection * frequency, if defined. This facilitates testing log recovery in the diff --git a/fs/xfs/xfs_log_priv.h b/fs/xfs/xfs_log_priv.h index a9a7a271c15b..0cfc654d8e87 100644 --- a/fs/xfs/xfs_log_priv.h +++ b/fs/xfs/xfs_log_priv.h @@ -499,8 +499,8 @@ xlog_recover_finish( extern void xlog_recover_cancel(struct xlog *); -extern __le32 xlog_cksum(struct xlog *log, struct xlog_rec_header *rhead, - char *dp, int size); +__le32 xlog_cksum(struct xlog *log, struct xlog_rec_header *rhead, + char *dp, unsigned int hdrsize, unsigned int size); extern struct kmem_cache *xfs_log_ticket_cache; struct xlog_ticket *xlog_ticket_alloc(struct xlog *log, int unit_bytes, diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c index 0a4db8efd903..549d60959aee 100644 --- a/fs/xfs/xfs_log_recover.c +++ b/fs/xfs/xfs_log_recover.c @@ -2894,9 +2894,24 @@ xlog_recover_process( int pass, struct list_head *buffer_list) { - __le32 expected_crc = rhead->h_crc, crc; + __le32 expected_crc = rhead->h_crc, crc, other_crc; - crc = xlog_cksum(log, rhead, dp, be32_to_cpu(rhead->h_len)); + crc = xlog_cksum(log, rhead, dp, XLOG_REC_SIZE, + be32_to_cpu(rhead->h_len)); + + /* + * Look at the end of the struct xlog_rec_header definition in + * xfs_log_format.h for the glory details. + */ + if (expected_crc && crc != expected_crc) { + other_crc = xlog_cksum(log, rhead, dp, XLOG_REC_SIZE_OTHER, + be32_to_cpu(rhead->h_len)); + if (other_crc == expected_crc) { + xfs_notice_once(log->l_mp, + "Fixing up incorrect CRC due to padding."); + crc = other_crc; + } + } /* * Nothing else to do if this is a CRC verification pass. Just return

1 week

2
2
0 0

FAILED: patch "[PATCH] xfs: fix log CRC mismatches between i386 and other" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x e747883c7d7306acb4d683038d881528fbfbe749 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101614-down-dicing-0c7e@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e747883c7d7306acb4d683038d881528fbfbe749 Mon Sep 17 00:00:00 2001 From: Christoph Hellwig <hch(a)lst.de> Date: Mon, 15 Sep 2025 06:20:30 -0700 Subject: [PATCH] xfs: fix log CRC mismatches between i386 and other architectures When mounting file systems with a log that was dirtied on i386 on other architectures or vice versa, log recovery is unhappy: [ 11.068052] XFS (vdb): Torn write (CRC failure) detected at log block 0x2. Truncating head block from 0xc. This is because the CRCs generated by i386 and other architectures always diff. The reason for that is that sizeof(struct xlog_rec_header) returns different values for i386 vs the rest (324 vs 328), because the struct is not sizeof(uint64_t) aligned, and i386 has odd struct size alignment rules. This issue goes back to commit 13cdc853c519 ("Add log versioning, and new super block field for the log stripe") in the xfs-import tree, which adds log v2 support and the h_size field that causes the unaligned size. At that time it only mattered for the crude debug only log header checksum, but with commit 0e446be44806 ("xfs: add CRC checks to the log") it became a real issue for v5 file system, because now there is a proper CRC, and regular builds actually expect it match. Fix this by allowing checksums with and without the padding. Fixes: 0e446be44806 ("xfs: add CRC checks to the log") Cc: <stable(a)vger.kernel.org> # v3.8 Signed-off-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Carlos Maiolino <cem(a)kernel.org> diff --git a/fs/xfs/libxfs/xfs_log_format.h b/fs/xfs/libxfs/xfs_log_format.h index a42a83211724..fd00b77af32b 100644 --- a/fs/xfs/libxfs/xfs_log_format.h +++ b/fs/xfs/libxfs/xfs_log_format.h @@ -173,12 +173,40 @@ typedef struct xlog_rec_header { __be32 h_prev_block; /* block number to previous LR : 4 */ __be32 h_num_logops; /* number of log operations in this LR : 4 */ __be32 h_cycle_data[XLOG_HEADER_CYCLE_SIZE / BBSIZE]; - /* new fields */ + + /* fields added by the Linux port: */ __be32 h_fmt; /* format of log record : 4 */ uuid_t h_fs_uuid; /* uuid of FS : 16 */ + + /* fields added for log v2: */ __be32 h_size; /* iclog size : 4 */ + + /* + * When h_size added for log v2 support, it caused structure to have + * a different size on i386 vs all other architectures because the + * sum of the size ofthe member is not aligned by that of the largest + * __be64-sized member, and i386 has really odd struct alignment rules. + * + * Due to the way the log headers are placed out on-disk that alone is + * not a problem becaue the xlog_rec_header always sits alone in a + * BBSIZEs area, and the rest of that area is padded with zeroes. + * But xlog_cksum used to calculate the checksum based on the structure + * size, and thus gives different checksums for i386 vs the rest. + * We now do two checksum validation passes for both sizes to allow + * moving v5 file systems with unclean logs between i386 and other + * (little-endian) architectures. + */ + __u32 h_pad0; } xlog_rec_header_t; +#ifdef __i386__ +#define XLOG_REC_SIZE offsetofend(struct xlog_rec_header, h_size) +#define XLOG_REC_SIZE_OTHER sizeof(struct xlog_rec_header) +#else +#define XLOG_REC_SIZE sizeof(struct xlog_rec_header) +#define XLOG_REC_SIZE_OTHER offsetofend(struct xlog_rec_header, h_size) +#endif /* __i386__ */ + typedef struct xlog_rec_ext_header { __be32 xh_cycle; /* write cycle of log : 4 */ __be32 xh_cycle_data[XLOG_HEADER_CYCLE_SIZE / BBSIZE]; /* : 256 */ diff --git a/fs/xfs/libxfs/xfs_ondisk.h b/fs/xfs/libxfs/xfs_ondisk.h index 5ed44fdf7491..7bfa3242e2c5 100644 --- a/fs/xfs/libxfs/xfs_ondisk.h +++ b/fs/xfs/libxfs/xfs_ondisk.h @@ -174,6 +174,8 @@ xfs_check_ondisk_structs(void) XFS_CHECK_STRUCT_SIZE(struct xfs_rud_log_format, 16); XFS_CHECK_STRUCT_SIZE(struct xfs_map_extent, 32); XFS_CHECK_STRUCT_SIZE(struct xfs_phys_extent, 16); + XFS_CHECK_STRUCT_SIZE(struct xlog_rec_header, 328); + XFS_CHECK_STRUCT_SIZE(struct xlog_rec_ext_header, 260); XFS_CHECK_OFFSET(struct xfs_bui_log_format, bui_extents, 16); XFS_CHECK_OFFSET(struct xfs_cui_log_format, cui_extents, 16); diff --git a/fs/xfs/xfs_log.c b/fs/xfs/xfs_log.c index 7c590ecdf865..2978de9da38e 100644 --- a/fs/xfs/xfs_log.c +++ b/fs/xfs/xfs_log.c @@ -1568,13 +1568,13 @@ xlog_cksum( struct xlog *log, struct xlog_rec_header *rhead, char *dp, - int size) + unsigned int hdrsize, + unsigned int size) { uint32_t crc; /* first generate the crc for the record header ... */ - crc = xfs_start_cksum_update((char *)rhead, - sizeof(struct xlog_rec_header), + crc = xfs_start_cksum_update((char *)rhead, hdrsize, offsetof(struct xlog_rec_header, h_crc)); /* ... then for additional cycle data for v2 logs ... */ @@ -1818,7 +1818,7 @@ xlog_sync( /* calculcate the checksum */ iclog->ic_header.h_crc = xlog_cksum(log, &iclog->ic_header, - iclog->ic_datap, size); + iclog->ic_datap, XLOG_REC_SIZE, size); /* * Intentionally corrupt the log record CRC based on the error injection * frequency, if defined. This facilitates testing log recovery in the diff --git a/fs/xfs/xfs_log_priv.h b/fs/xfs/xfs_log_priv.h index a9a7a271c15b..0cfc654d8e87 100644 --- a/fs/xfs/xfs_log_priv.h +++ b/fs/xfs/xfs_log_priv.h @@ -499,8 +499,8 @@ xlog_recover_finish( extern void xlog_recover_cancel(struct xlog *); -extern __le32 xlog_cksum(struct xlog *log, struct xlog_rec_header *rhead, - char *dp, int size); +__le32 xlog_cksum(struct xlog *log, struct xlog_rec_header *rhead, + char *dp, unsigned int hdrsize, unsigned int size); extern struct kmem_cache *xfs_log_ticket_cache; struct xlog_ticket *xlog_ticket_alloc(struct xlog *log, int unit_bytes, diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c index 0a4db8efd903..549d60959aee 100644 --- a/fs/xfs/xfs_log_recover.c +++ b/fs/xfs/xfs_log_recover.c @@ -2894,9 +2894,24 @@ xlog_recover_process( int pass, struct list_head *buffer_list) { - __le32 expected_crc = rhead->h_crc, crc; + __le32 expected_crc = rhead->h_crc, crc, other_crc; - crc = xlog_cksum(log, rhead, dp, be32_to_cpu(rhead->h_len)); + crc = xlog_cksum(log, rhead, dp, XLOG_REC_SIZE, + be32_to_cpu(rhead->h_len)); + + /* + * Look at the end of the struct xlog_rec_header definition in + * xfs_log_format.h for the glory details. + */ + if (expected_crc && crc != expected_crc) { + other_crc = xlog_cksum(log, rhead, dp, XLOG_REC_SIZE_OTHER, + be32_to_cpu(rhead->h_len)); + if (other_crc == expected_crc) { + xfs_notice_once(log->l_mp, + "Fixing up incorrect CRC due to padding."); + crc = other_crc; + } + } /* * Nothing else to do if this is a CRC verification pass. Just return

1 week

2
2
0 0

FAILED: patch "[PATCH] xfs: fix log CRC mismatches between i386 and other" failed to apply to 6.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.17.y git checkout FETCH_HEAD git cherry-pick -x e747883c7d7306acb4d683038d881528fbfbe749 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101613-unworldly-lumpiness-b4a6@gregkh' --subject-prefix 'PATCH 6.17.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e747883c7d7306acb4d683038d881528fbfbe749 Mon Sep 17 00:00:00 2001 From: Christoph Hellwig <hch(a)lst.de> Date: Mon, 15 Sep 2025 06:20:30 -0700 Subject: [PATCH] xfs: fix log CRC mismatches between i386 and other architectures When mounting file systems with a log that was dirtied on i386 on other architectures or vice versa, log recovery is unhappy: [ 11.068052] XFS (vdb): Torn write (CRC failure) detected at log block 0x2. Truncating head block from 0xc. This is because the CRCs generated by i386 and other architectures always diff. The reason for that is that sizeof(struct xlog_rec_header) returns different values for i386 vs the rest (324 vs 328), because the struct is not sizeof(uint64_t) aligned, and i386 has odd struct size alignment rules. This issue goes back to commit 13cdc853c519 ("Add log versioning, and new super block field for the log stripe") in the xfs-import tree, which adds log v2 support and the h_size field that causes the unaligned size. At that time it only mattered for the crude debug only log header checksum, but with commit 0e446be44806 ("xfs: add CRC checks to the log") it became a real issue for v5 file system, because now there is a proper CRC, and regular builds actually expect it match. Fix this by allowing checksums with and without the padding. Fixes: 0e446be44806 ("xfs: add CRC checks to the log") Cc: <stable(a)vger.kernel.org> # v3.8 Signed-off-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Carlos Maiolino <cem(a)kernel.org> diff --git a/fs/xfs/libxfs/xfs_log_format.h b/fs/xfs/libxfs/xfs_log_format.h index a42a83211724..fd00b77af32b 100644 --- a/fs/xfs/libxfs/xfs_log_format.h +++ b/fs/xfs/libxfs/xfs_log_format.h @@ -173,12 +173,40 @@ typedef struct xlog_rec_header { __be32 h_prev_block; /* block number to previous LR : 4 */ __be32 h_num_logops; /* number of log operations in this LR : 4 */ __be32 h_cycle_data[XLOG_HEADER_CYCLE_SIZE / BBSIZE]; - /* new fields */ + + /* fields added by the Linux port: */ __be32 h_fmt; /* format of log record : 4 */ uuid_t h_fs_uuid; /* uuid of FS : 16 */ + + /* fields added for log v2: */ __be32 h_size; /* iclog size : 4 */ + + /* + * When h_size added for log v2 support, it caused structure to have + * a different size on i386 vs all other architectures because the + * sum of the size ofthe member is not aligned by that of the largest + * __be64-sized member, and i386 has really odd struct alignment rules. + * + * Due to the way the log headers are placed out on-disk that alone is + * not a problem becaue the xlog_rec_header always sits alone in a + * BBSIZEs area, and the rest of that area is padded with zeroes. + * But xlog_cksum used to calculate the checksum based on the structure + * size, and thus gives different checksums for i386 vs the rest. + * We now do two checksum validation passes for both sizes to allow + * moving v5 file systems with unclean logs between i386 and other + * (little-endian) architectures. + */ + __u32 h_pad0; } xlog_rec_header_t; +#ifdef __i386__ +#define XLOG_REC_SIZE offsetofend(struct xlog_rec_header, h_size) +#define XLOG_REC_SIZE_OTHER sizeof(struct xlog_rec_header) +#else +#define XLOG_REC_SIZE sizeof(struct xlog_rec_header) +#define XLOG_REC_SIZE_OTHER offsetofend(struct xlog_rec_header, h_size) +#endif /* __i386__ */ + typedef struct xlog_rec_ext_header { __be32 xh_cycle; /* write cycle of log : 4 */ __be32 xh_cycle_data[XLOG_HEADER_CYCLE_SIZE / BBSIZE]; /* : 256 */ diff --git a/fs/xfs/libxfs/xfs_ondisk.h b/fs/xfs/libxfs/xfs_ondisk.h index 5ed44fdf7491..7bfa3242e2c5 100644 --- a/fs/xfs/libxfs/xfs_ondisk.h +++ b/fs/xfs/libxfs/xfs_ondisk.h @@ -174,6 +174,8 @@ xfs_check_ondisk_structs(void) XFS_CHECK_STRUCT_SIZE(struct xfs_rud_log_format, 16); XFS_CHECK_STRUCT_SIZE(struct xfs_map_extent, 32); XFS_CHECK_STRUCT_SIZE(struct xfs_phys_extent, 16); + XFS_CHECK_STRUCT_SIZE(struct xlog_rec_header, 328); + XFS_CHECK_STRUCT_SIZE(struct xlog_rec_ext_header, 260); XFS_CHECK_OFFSET(struct xfs_bui_log_format, bui_extents, 16); XFS_CHECK_OFFSET(struct xfs_cui_log_format, cui_extents, 16); diff --git a/fs/xfs/xfs_log.c b/fs/xfs/xfs_log.c index 7c590ecdf865..2978de9da38e 100644 --- a/fs/xfs/xfs_log.c +++ b/fs/xfs/xfs_log.c @@ -1568,13 +1568,13 @@ xlog_cksum( struct xlog *log, struct xlog_rec_header *rhead, char *dp, - int size) + unsigned int hdrsize, + unsigned int size) { uint32_t crc; /* first generate the crc for the record header ... */ - crc = xfs_start_cksum_update((char *)rhead, - sizeof(struct xlog_rec_header), + crc = xfs_start_cksum_update((char *)rhead, hdrsize, offsetof(struct xlog_rec_header, h_crc)); /* ... then for additional cycle data for v2 logs ... */ @@ -1818,7 +1818,7 @@ xlog_sync( /* calculcate the checksum */ iclog->ic_header.h_crc = xlog_cksum(log, &iclog->ic_header, - iclog->ic_datap, size); + iclog->ic_datap, XLOG_REC_SIZE, size); /* * Intentionally corrupt the log record CRC based on the error injection * frequency, if defined. This facilitates testing log recovery in the diff --git a/fs/xfs/xfs_log_priv.h b/fs/xfs/xfs_log_priv.h index a9a7a271c15b..0cfc654d8e87 100644 --- a/fs/xfs/xfs_log_priv.h +++ b/fs/xfs/xfs_log_priv.h @@ -499,8 +499,8 @@ xlog_recover_finish( extern void xlog_recover_cancel(struct xlog *); -extern __le32 xlog_cksum(struct xlog *log, struct xlog_rec_header *rhead, - char *dp, int size); +__le32 xlog_cksum(struct xlog *log, struct xlog_rec_header *rhead, + char *dp, unsigned int hdrsize, unsigned int size); extern struct kmem_cache *xfs_log_ticket_cache; struct xlog_ticket *xlog_ticket_alloc(struct xlog *log, int unit_bytes, diff --git a/fs/xfs/xfs_log_recover.c b/fs/xfs/xfs_log_recover.c index 0a4db8efd903..549d60959aee 100644 --- a/fs/xfs/xfs_log_recover.c +++ b/fs/xfs/xfs_log_recover.c @@ -2894,9 +2894,24 @@ xlog_recover_process( int pass, struct list_head *buffer_list) { - __le32 expected_crc = rhead->h_crc, crc; + __le32 expected_crc = rhead->h_crc, crc, other_crc; - crc = xlog_cksum(log, rhead, dp, be32_to_cpu(rhead->h_len)); + crc = xlog_cksum(log, rhead, dp, XLOG_REC_SIZE, + be32_to_cpu(rhead->h_len)); + + /* + * Look at the end of the struct xlog_rec_header definition in + * xfs_log_format.h for the glory details. + */ + if (expected_crc && crc != expected_crc) { + other_crc = xlog_cksum(log, rhead, dp, XLOG_REC_SIZE_OTHER, + be32_to_cpu(rhead->h_len)); + if (other_crc == expected_crc) { + xfs_notice_once(log->l_mp, + "Fixing up incorrect CRC due to padding."); + crc = other_crc; + } + } /* * Nothing else to do if this is a CRC verification pass. Just return

1 week

2
2
0 0

[PATCH 6.6 1/2] block: fix race between set_blocksize and read paths

by Mahmoud Adam

From: "Darrick J. Wong" <djwong(a)kernel.org> commit c0e473a0d226479e8e925d5ba93f751d8df628e9 upstream. With the new large sector size support, it's now the case that set_blocksize can change i_blksize and the folio order in a manner that conflicts with a concurrent reader and causes a kernel crash. Specifically, let's say that udev-worker calls libblkid to detect the labels on a block device. The read call can create an order-0 folio to read the first 4096 bytes from the disk. But then udev is preempted. Next, someone tries to mount an 8k-sectorsize filesystem from the same block device. The filesystem calls set_blksize, which sets i_blksize to 8192 and the minimum folio order to 1. Now udev resumes, still holding the order-0 folio it allocated. It then tries to schedule a read bio and do_mpage_readahead tries to create bufferheads for the folio. Unfortunately, blocks_per_folio == 0 because the page size is 4096 but the blocksize is 8192 so no bufferheads are attached and the bh walk never sets bdev. We then submit the bio with a NULL block device and crash. Therefore, truncate the page cache after flushing but before updating i_blksize. However, that's not enough -- we also need to lock out file IO and page faults during the update. Take both the i_rwsem and the invalidate_lock in exclusive mode for invalidations, and in shared mode for read/write operations. I don't know if this is the correct fix, but xfs/259 found it. Signed-off-by: Darrick J. Wong <djwong(a)kernel.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Reviewed-by: Luis Chamberlain <mcgrof(a)kernel.org> Tested-by: Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> Link: https://lore.kernel.org/r/174543795699.4139148.2086129139322431423.stgit@fr… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> [use bdev->bd_inode instead] Signed-off-by: Mahmoud Adam <mngyadam(a)amazon.de> --- Fixes CVE-2025-38073. block/bdev.c | 17 +++++++++++++++++ block/blk-zoned.c | 5 ++++- block/fops.c | 16 ++++++++++++++++ block/ioctl.c | 6 ++++++ 4 files changed, 43 insertions(+), 1 deletion(-) diff --git a/block/bdev.c b/block/bdev.c index 5a54977518eeae..a8357b72a27b86 100644 --- a/block/bdev.c +++ b/block/bdev.c @@ -147,9 +147,26 @@ int set_blocksize(struct block_device *bdev, int size) /* Don't change the size if it is same as current */ if (bdev->bd_inode->i_blkbits != blksize_bits(size)) { + /* + * Flush and truncate the pagecache before we reconfigure the + * mapping geometry because folio sizes are variable now. If a + * reader has already allocated a folio whose size is smaller + * than the new min_order but invokes readahead after the new + * min_order becomes visible, readahead will think there are + * "zero" blocks per folio and crash. Take the inode and + * invalidation locks to avoid racing with + * read/write/fallocate. + */ + inode_lock(bdev->bd_inode); + filemap_invalidate_lock(bdev->bd_inode->i_mapping); + sync_blockdev(bdev); + kill_bdev(bdev); + bdev->bd_inode->i_blkbits = blksize_bits(size); kill_bdev(bdev); + filemap_invalidate_unlock(bdev->bd_inode->i_mapping); + inode_unlock(bdev->bd_inode); } return 0; } diff --git a/block/blk-zoned.c b/block/blk-zoned.c index 619ee41a51cc8c..644bfa1f6753ea 100644 --- a/block/blk-zoned.c +++ b/block/blk-zoned.c @@ -401,6 +401,7 @@ int blkdev_zone_mgmt_ioctl(struct block_device *bdev, blk_mode_t mode, op = REQ_OP_ZONE_RESET; /* Invalidate the page cache, including dirty pages. */ + inode_lock(bdev->bd_inode); filemap_invalidate_lock(bdev->bd_inode->i_mapping); ret = blkdev_truncate_zone_range(bdev, mode, &zrange); if (ret) @@ -423,8 +424,10 @@ int blkdev_zone_mgmt_ioctl(struct block_device *bdev, blk_mode_t mode, GFP_KERNEL); fail: - if (cmd == BLKRESETZONE) + if (cmd == BLKRESETZONE) { filemap_invalidate_unlock(bdev->bd_inode->i_mapping); + inode_unlock(bdev->bd_inode); + } return ret; } diff --git a/block/fops.c b/block/fops.c index 7c257eb3564d0c..088143fa9ac9e1 100644 --- a/block/fops.c +++ b/block/fops.c @@ -681,7 +681,14 @@ static ssize_t blkdev_write_iter(struct kiocb *iocb, struct iov_iter *from) ret = direct_write_fallback(iocb, from, ret, blkdev_buffered_write(iocb, from)); } else { + /* + * Take i_rwsem and invalidate_lock to avoid racing with + * set_blocksize changing i_blkbits/folio order and punching + * out the pagecache. + */ + inode_lock_shared(bd_inode); ret = blkdev_buffered_write(iocb, from); + inode_unlock_shared(bd_inode); } if (ret > 0) @@ -693,6 +700,7 @@ static ssize_t blkdev_write_iter(struct kiocb *iocb, struct iov_iter *from) static ssize_t blkdev_read_iter(struct kiocb *iocb, struct iov_iter *to) { struct block_device *bdev = I_BDEV(iocb->ki_filp->f_mapping->host); + struct inode *bd_inode = bdev->bd_inode; loff_t size = bdev_nr_bytes(bdev); loff_t pos = iocb->ki_pos; size_t shorted = 0; @@ -728,7 +736,13 @@ static ssize_t blkdev_read_iter(struct kiocb *iocb, struct iov_iter *to) goto reexpand; } + /* + * Take i_rwsem and invalidate_lock to avoid racing with set_blocksize + * changing i_blkbits/folio order and punching out the pagecache. + */ + inode_lock_shared(bd_inode); ret = filemap_read(iocb, to, ret); + inode_unlock_shared(bd_inode); reexpand: if (unlikely(shorted)) @@ -771,6 +785,7 @@ static long blkdev_fallocate(struct file *file, int mode, loff_t start, if ((start | len) & (bdev_logical_block_size(bdev) - 1)) return -EINVAL; + inode_lock(inode); filemap_invalidate_lock(inode->i_mapping); /* @@ -811,6 +826,7 @@ static long blkdev_fallocate(struct file *file, int mode, loff_t start, fail: filemap_invalidate_unlock(inode->i_mapping); + inode_unlock(inode); return error; } diff --git a/block/ioctl.c b/block/ioctl.c index 231537f79a8cb4..024767fa1e52d5 100644 --- a/block/ioctl.c +++ b/block/ioctl.c @@ -114,6 +114,7 @@ static int blk_ioctl_discard(struct block_device *bdev, blk_mode_t mode, end > bdev_nr_bytes(bdev)) return -EINVAL; + inode_lock(inode); filemap_invalidate_lock(inode->i_mapping); err = truncate_bdev_range(bdev, mode, start, end - 1); if (err) @@ -121,6 +122,7 @@ static int blk_ioctl_discard(struct block_device *bdev, blk_mode_t mode, err = blkdev_issue_discard(bdev, start >> 9, len >> 9, GFP_KERNEL); fail: filemap_invalidate_unlock(inode->i_mapping); + inode_unlock(inode); return err; } @@ -146,12 +148,14 @@ static int blk_ioctl_secure_erase(struct block_device *bdev, blk_mode_t mode, end > bdev_nr_bytes(bdev)) return -EINVAL; + inode_lock(bdev->bd_inode); filemap_invalidate_lock(bdev->bd_inode->i_mapping); err = truncate_bdev_range(bdev, mode, start, end - 1); if (!err) err = blkdev_issue_secure_erase(bdev, start >> 9, len >> 9, GFP_KERNEL); filemap_invalidate_unlock(bdev->bd_inode->i_mapping); + inode_unlock(bdev->bd_inode); return err; } @@ -184,6 +188,7 @@ static int blk_ioctl_zeroout(struct block_device *bdev, blk_mode_t mode, return -EINVAL; /* Invalidate the page cache, including dirty pages */ + inode_lock(inode); filemap_invalidate_lock(inode->i_mapping); err = truncate_bdev_range(bdev, mode, start, end); if (err) @@ -194,6 +199,7 @@ static int blk_ioctl_zeroout(struct block_device *bdev, blk_mode_t mode, fail: filemap_invalidate_unlock(inode->i_mapping); + inode_unlock(inode); return err; } -- 2.47.3 Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christian Schlaeger Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

1 week

1
1
0 0

FAILED: patch "[PATCH] Revert "io_uring/rw: drop -EOPNOTSUPP check in" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 927069c4ac2cd1a37efa468596fb5b8f86db9df0 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102039-bonelike-vocation-0372@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 927069c4ac2cd1a37efa468596fb5b8f86db9df0 Mon Sep 17 00:00:00 2001 From: Jens Axboe <axboe(a)kernel.dk> Date: Mon, 13 Oct 2025 12:05:31 -0600 Subject: [PATCH] Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" This reverts commit 90bfb28d5fa8127a113a140c9791ea0b40ab156a. Kevin reports that this commit causes an issue for him with LVM snapshots, most likely because of turning off NOWAIT support while a snapshot is being created. This makes -EOPNOTSUPP bubble back through the completion handler, where io_uring read/write handling should just retry it. Reinstate the previous check removed by the referenced commit. Cc: stable(a)vger.kernel.org Fixes: 90bfb28d5fa8 ("io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()") Reported-by: Salvatore Bonaccorso <carnil(a)debian.org> Reported-by: Kevin Lumik <kevin(a)xf.ee> Link: https://lore.kernel.org/io-uring/cceb723c-051b-4de2-9a4c-4aa82e1619ee@kerne… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/rw.c b/io_uring/rw.c index 08882648d569..a0f9d2021e3f 100644 --- a/io_uring/rw.c +++ b/io_uring/rw.c @@ -542,7 +542,7 @@ static void __io_complete_rw_common(struct io_kiocb *req, long res) { if (res == req->cqe.res) return; - if (res == -EAGAIN && io_rw_should_reissue(req)) { + if ((res == -EOPNOTSUPP || res == -EAGAIN) && io_rw_should_reissue(req)) { req->flags |= REQ_F_REISSUE | REQ_F_BL_NO_RECYCLE; } else { req_set_fail(req);

1 week

3
2
0 0

[PATCH v3 1/5] mm: fix off-by-one error in VMA count limit checks

by Kalesh Singh

The VMA count limit check in do_mmap() and do_brk_flags() uses a strict inequality (>), which allows a process's VMA count to exceed the configured sysctl_max_map_count limit by one. A process with mm->map_count == sysctl_max_map_count will incorrectly pass this check and then exceed the limit upon allocation of a new VMA when its map_count is incremented. Other VMA allocation paths, such as split_vma(), already use the correct, inclusive (>=) comparison. Fix this bug by changing the comparison to be inclusive in do_mmap() and do_brk_flags(), bringing them in line with the correct behavior of other allocation paths. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: <stable(a)vger.kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: David Hildenbrand <david(a)redhat.com> Cc: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Minchan Kim <minchan(a)kernel.org> Cc: Pedro Falcato <pfalcato(a)suse.de> Reviewed-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Pedro Falcato <pfalcato(a)suse.de> Acked-by: SeongJae Park <sj(a)kernel.org> Signed-off-by: Kalesh Singh <kaleshsingh(a)google.com> --- Changes in v3: - Collect Reviewed-by and Acked-by tags. Changes in v2: - Fix mmap check, per Pedro mm/mmap.c | 2 +- mm/vma.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mm/mmap.c b/mm/mmap.c index 644f02071a41..da2cbdc0f87b 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -374,7 +374,7 @@ unsigned long do_mmap(struct file *file, unsigned long addr, return -EOVERFLOW; /* Too many mappings? */ - if (mm->map_count > sysctl_max_map_count) + if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; /* diff --git a/mm/vma.c b/mm/vma.c index a2e1ae954662..fba68f13e628 100644 --- a/mm/vma.c +++ b/mm/vma.c @@ -2797,7 +2797,7 @@ int do_brk_flags(struct vma_iterator *vmi, struct vm_area_struct *vma, if (!may_expand_vm(mm, vm_flags, len >> PAGE_SHIFT)) return -ENOMEM; - if (mm->map_count > sysctl_max_map_count) + if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; if (security_vm_enough_memory_mm(mm, len >> PAGE_SHIFT)) -- 2.51.0.760.g7b8bcc2412-goog

1 week

5
11
0 0

[PATCH 6.1.y 00/12] timers: Provide timer_shutdown[_sync]()

by Jeongjun Park

The "timers: Provide timer_shutdown[_sync]()" patch series implemented a useful feature that addresses various bugs caused by attempts to rearm shutdown timers. https://lore.kernel.org/all/20221123201306.823305113@linutronix.de/ However, this patch series was not fully backported to versions prior to 6.2, requiring separate patches for older kernels if these bugs were encountered. The biggest problem with this is that even if these bugs were discovered and patched in the upstream kernel, if the maintainer or author didn't create a separate backport patch for versions prior to 6.2, the bugs would remain untouched in older kernels. Therefore, to reduce the hassle of having to write a separate patch, we should backport the remaining unbackported commits from the "timers: Provide timer_shutdown[_sync]()" patch series to versions prior to 6.2. --- Documentation/RCU/Design/Requirements/Requirements.rst | 2 +- Documentation/core-api/local_ops.rst | 2 +- Documentation/kernel-hacking/locking.rst | 17 ++++--- Documentation/timers/hrtimers.rst | 2 +- Documentation/translations/it_IT/kernel-hacking/locking.rst | 14 +++-- Documentation/translations/zh_CN/core-api/local_ops.rst | 2 +- arch/arm/mach-spear/time.c | 8 +-- drivers/bluetooth/hci_qca.c | 10 +++- drivers/clocksource/arm_arch_timer.c | 12 ++--- drivers/clocksource/timer-sp804.c | 6 +-- include/linux/timer.h | 2 + kernel/time/timer.c | 311 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------- 12 files changed, 299 insertions(+), 89 deletions(-)

1 week

2
13
0 0

[PATCH v3 05/14] iommu/mediatek: fix device leak on of_xlate()

by Johan Hovold

Make sure to drop the reference taken to the iommu platform device when looking up its driver data during of_xlate(). Fixes: 0df4fabe208d ("iommu/mediatek: Add mt8173 IOMMU driver") Cc: stable(a)vger.kernel.org # 4.6 Acked-by: Robin Murphy <robin.murphy(a)arm.com> Reviewed-by: Yong Wu <yong.wu(a)mediatek.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/iommu/mtk_iommu.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iommu/mtk_iommu.c b/drivers/iommu/mtk_iommu.c index 0e0285348d2b..8d8e85186188 100644 --- a/drivers/iommu/mtk_iommu.c +++ b/drivers/iommu/mtk_iommu.c @@ -974,6 +974,8 @@ static int mtk_iommu_of_xlate(struct device *dev, return -EINVAL; dev_iommu_priv_set(dev, platform_get_drvdata(m4updev)); + + put_device(&m4updev->dev); } return iommu_fwspec_add_ids(dev, args->args, 1); -- 2.49.1

1 week

2
1
0 0

[PATCH v3 08/14] iommu/mediatek-v1: fix device leak on probe_device()

by Johan Hovold

Make sure to drop the reference taken to the iommu platform device when looking up its driver data during probe_device(). Fixes: b17336c55d89 ("iommu/mediatek: add support for mtk iommu generation one HW") Cc: stable(a)vger.kernel.org # 4.8 Cc: Honghui Zhang <honghui.zhang(a)mediatek.com> Acked-by: Robin Murphy <robin.murphy(a)arm.com> Reviewed-by: Yong Wu <yong.wu(a)mediatek.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/iommu/mtk_iommu_v1.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iommu/mtk_iommu_v1.c b/drivers/iommu/mtk_iommu_v1.c index 10cc0b1197e8..de9153c0a82f 100644 --- a/drivers/iommu/mtk_iommu_v1.c +++ b/drivers/iommu/mtk_iommu_v1.c @@ -435,6 +435,8 @@ static int mtk_iommu_v1_create_mapping(struct device *dev, return -EINVAL; dev_iommu_priv_set(dev, platform_get_drvdata(m4updev)); + + put_device(&m4updev->dev); } ret = iommu_fwspec_add_ids(dev, args->args, 1); -- 2.49.1

1 week

2
1
0 0

[PATCH v3 09/14] iommu/mediatek-v1: fix device leaks on probe()

by Johan Hovold

Make sure to drop the references taken to the larb devices during probe on probe failure (e.g. probe deferral) and on driver unbind. Fixes: b17336c55d89 ("iommu/mediatek: add support for mtk iommu generation one HW") Cc: stable(a)vger.kernel.org # 4.8 Cc: Honghui Zhang <honghui.zhang(a)mediatek.com> Acked-by: Robin Murphy <robin.murphy(a)arm.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/iommu/mtk_iommu_v1.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/drivers/iommu/mtk_iommu_v1.c b/drivers/iommu/mtk_iommu_v1.c index de9153c0a82f..44b965a2db92 100644 --- a/drivers/iommu/mtk_iommu_v1.c +++ b/drivers/iommu/mtk_iommu_v1.c @@ -648,8 +648,10 @@ static int mtk_iommu_v1_probe(struct platform_device *pdev) struct platform_device *plarbdev; larbnode = of_parse_phandle(dev->of_node, "mediatek,larbs", i); - if (!larbnode) - return -EINVAL; + if (!larbnode) { + ret = -EINVAL; + goto out_put_larbs; + } if (!of_device_is_available(larbnode)) { of_node_put(larbnode); @@ -659,11 +661,14 @@ static int mtk_iommu_v1_probe(struct platform_device *pdev) plarbdev = of_find_device_by_node(larbnode); if (!plarbdev) { of_node_put(larbnode); - return -ENODEV; + ret = -ENODEV; + goto out_put_larbs; } if (!plarbdev->dev.driver) { of_node_put(larbnode); - return -EPROBE_DEFER; + put_device(&plarbdev->dev); + ret = -EPROBE_DEFER; + goto out_put_larbs; } data->larb_imu[i].dev = &plarbdev->dev; @@ -675,7 +680,7 @@ static int mtk_iommu_v1_probe(struct platform_device *pdev) ret = mtk_iommu_v1_hw_init(data); if (ret) - return ret; + goto out_put_larbs; ret = iommu_device_sysfs_add(&data->iommu, &pdev->dev, NULL, dev_name(&pdev->dev)); @@ -697,12 +702,17 @@ static int mtk_iommu_v1_probe(struct platform_device *pdev) iommu_device_sysfs_remove(&data->iommu); out_clk_unprepare: clk_disable_unprepare(data->bclk); +out_put_larbs: + for (i = 0; i < MTK_LARB_NR_MAX; i++) + put_device(data->larb_imu[i].dev); + return ret; } static void mtk_iommu_v1_remove(struct platform_device *pdev) { struct mtk_iommu_v1_data *data = platform_get_drvdata(pdev); + int i; iommu_device_sysfs_remove(&data->iommu); iommu_device_unregister(&data->iommu); @@ -710,6 +720,9 @@ static void mtk_iommu_v1_remove(struct platform_device *pdev) clk_disable_unprepare(data->bclk); devm_free_irq(&pdev->dev, data->irq, data); component_master_del(&pdev->dev, &mtk_iommu_v1_com_ops); + + for (i = 0; i < MTK_LARB_NR_MAX; i++) + put_device(data->larb_imu[i].dev); } static int __maybe_unused mtk_iommu_v1_suspend(struct device *dev) -- 2.49.1

1 week

2
1
0 0

[PATCH 0/4] drm/amd: Check whether secure display TA loaded successfully

by Adrian Yip

Hi everyone, This is a patch series of backports from a upstream commit: c760bcda8357 ("drm/amd: Check whether secure display TA loaded successfully") to the following stable kernel trees: * 6.17.y * 6.12.y * 6.6.y * 6.1.y Each patch applied without conflicts. Compiling tests will be done for patches as I send them in. I have not tested backports personally, but Shuah khan has Kindly offered to test them. This is my first patch, please do let me know if there are any corrections or criticisms, I will take them to heart. Thank you so much Shuah for providing this opportunity! I'm very grateful for it! Respectfully, Adrian Yip Mario Limonciello (1): drm/amd: Check whether secure display TA loaded successfully drivers/gpu/drm/amd/amdgpu/amdgpu_psp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.51.0

1 week

2
7
0 0

FAILED: patch "[PATCH] arm64: debug: always unmask interrupts in el0_softstp()" failed to apply to 6.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.17.y git checkout FETCH_HEAD git cherry-pick -x ea0d55ae4b3207c33691a73da3443b1fd379f1d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102040-gopher-dipping-a96a@gregkh' --subject-prefix 'PATCH 6.17.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ea0d55ae4b3207c33691a73da3443b1fd379f1d2 Mon Sep 17 00:00:00 2001 From: Ada Couprie Diaz <ada.coupriediaz(a)arm.com> Date: Tue, 14 Oct 2025 10:25:36 +0100 Subject: [PATCH] arm64: debug: always unmask interrupts in el0_softstp() We intend that EL0 exception handlers unmask all DAIF exceptions before calling exit_to_user_mode(). When completing single-step of a suspended breakpoint, we do not call local_daif_restore(DAIF_PROCCTX) before calling exit_to_user_mode(), leaving all DAIF exceptions masked. When pseudo-NMIs are not in use this is benign. When pseudo-NMIs are in use, this is unsound. At this point interrupts are masked by both DAIF.IF and PMR_EL1, and subsequent irq flag manipulation may not work correctly. For example, a subsequent local_irq_enable() within exit_to_user_mode_loop() will only unmask interrupts via PMR_EL1 (leaving those masked via DAIF.IF), and anything depending on interrupts being unmasked (e.g. delivery of signals) will not work correctly. This was detected by CONFIG_ARM64_DEBUG_PRIORITY_MASKING. Move the call to `try_step_suspended_breakpoints()` outside of the check so that interrupts can be unmasked even if we don't call the step handler. Fixes: 0ac7584c08ce ("arm64: debug: split single stepping exception entry") Cc: <stable(a)vger.kernel.org> # 6.17 Signed-off-by: Ada Couprie Diaz <ada.coupriediaz(a)arm.com> Acked-by: Mark Rutland <mark.rutland(a)arm.com> [catalin.marinas(a)arm.com: added Mark's rewritten commit log and some whitespace] Signed-off-by: Catalin Marinas <catalin.marinas(a)arm.com> diff --git a/arch/arm64/kernel/entry-common.c b/arch/arm64/kernel/entry-common.c index f546a914f041..a9c81715ce59 100644 --- a/arch/arm64/kernel/entry-common.c +++ b/arch/arm64/kernel/entry-common.c @@ -697,6 +697,8 @@ static void noinstr el0_breakpt(struct pt_regs *regs, unsigned long esr) static void noinstr el0_softstp(struct pt_regs *regs, unsigned long esr) { + bool step_done; + if (!is_ttbr0_addr(regs->pc)) arm64_apply_bp_hardening(); @@ -707,10 +709,10 @@ static void noinstr el0_softstp(struct pt_regs *regs, unsigned long esr) * If we are stepping a suspended breakpoint there's nothing more to do: * the single-step is complete. */ - if (!try_step_suspended_breakpoints(regs)) { - local_daif_restore(DAIF_PROCCTX); + step_done = try_step_suspended_breakpoints(regs); + local_daif_restore(DAIF_PROCCTX); + if (!step_done) do_el0_softstep(esr, regs); - } arm64_exit_to_user_mode(regs); }

1 week

2
1
0 0

FAILED: patch "[PATCH] HID: multitouch: fix sticky fingers" failed to apply to 6.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.17.y git checkout FETCH_HEAD git cherry-pick -x 46f781e0d151844589dc2125c8cce3300546f92a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102007-puma-shawl-4634@gregkh' --subject-prefix 'PATCH 6.17.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46f781e0d151844589dc2125c8cce3300546f92a Mon Sep 17 00:00:00 2001 From: Benjamin Tissoires <bentiss(a)kernel.org> Date: Wed, 8 Oct 2025 16:06:58 +0200 Subject: [PATCH] HID: multitouch: fix sticky fingers The sticky fingers quirk (MT_QUIRK_STICKY_FINGERS) was only considering the case when slots were not released during the last report. This can be problematic if the firmware forgets to release a finger while others are still present. This was observed on the Synaptics DLL0945 touchpad found on the Dell XPS 9310 and the Dell Inspiron 5406. Fixes: 4f4001bc76fd ("HID: multitouch: fix rare Win 8 cases when the touch up event gets missing") Cc: stable(a)vger.kernel.org Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c index 513b8673ad8d..179dc316b4b5 100644 --- a/drivers/hid/hid-multitouch.c +++ b/drivers/hid/hid-multitouch.c @@ -94,9 +94,8 @@ enum report_mode { TOUCHPAD_REPORT_ALL = TOUCHPAD_REPORT_BUTTONS | TOUCHPAD_REPORT_CONTACTS, }; -#define MT_IO_FLAGS_RUNNING 0 -#define MT_IO_FLAGS_ACTIVE_SLOTS 1 -#define MT_IO_FLAGS_PENDING_SLOTS 2 +#define MT_IO_SLOTS_MASK GENMASK(7, 0) /* reserve first 8 bits for slot tracking */ +#define MT_IO_FLAGS_RUNNING 32 static const bool mtrue = true; /* default for true */ static const bool mfalse; /* default for false */ @@ -172,7 +171,11 @@ struct mt_device { struct timer_list release_timer; /* to release sticky fingers */ struct hid_haptic_device *haptic; /* haptic related configuration */ struct hid_device *hdev; /* hid_device we're attached to */ - unsigned long mt_io_flags; /* mt flags (MT_IO_FLAGS_*) */ + unsigned long mt_io_flags; /* mt flags (MT_IO_FLAGS_RUNNING) + * first 8 bits are reserved for keeping the slot + * states, this is fine because we only support up + * to 250 slots (MT_MAX_MAXCONTACT) + */ __u8 inputmode_value; /* InputMode HID feature value */ __u8 maxcontacts; bool is_buttonpad; /* is this device a button pad? */ @@ -986,6 +989,7 @@ static void mt_release_pending_palms(struct mt_device *td, for_each_set_bit(slotnum, app->pending_palm_slots, td->maxcontacts) { clear_bit(slotnum, app->pending_palm_slots); + clear_bit(slotnum, &td->mt_io_flags); input_mt_slot(input, slotnum); input_mt_report_slot_inactive(input); @@ -1019,12 +1023,6 @@ static void mt_sync_frame(struct mt_device *td, struct mt_application *app, app->left_button_state = 0; if (td->is_haptic_touchpad) hid_haptic_pressure_reset(td->haptic); - - if (test_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags)) - set_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags); - else - clear_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags); - clear_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags); } static int mt_compute_timestamp(struct mt_application *app, __s32 value) @@ -1202,7 +1200,9 @@ static int mt_process_slot(struct mt_device *td, struct input_dev *input, input_event(input, EV_ABS, ABS_MT_TOUCH_MAJOR, major); input_event(input, EV_ABS, ABS_MT_TOUCH_MINOR, minor); - set_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags); + set_bit(slotnum, &td->mt_io_flags); + } else { + clear_bit(slotnum, &td->mt_io_flags); } return 0; @@ -1337,7 +1337,7 @@ static void mt_touch_report(struct hid_device *hid, * defect. */ if (app->quirks & MT_QUIRK_STICKY_FINGERS) { - if (test_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags)) + if (td->mt_io_flags & MT_IO_SLOTS_MASK) mod_timer(&td->release_timer, jiffies + msecs_to_jiffies(100)); else @@ -1814,6 +1814,7 @@ static void mt_release_contacts(struct hid_device *hid) for (i = 0; i < mt->num_slots; i++) { input_mt_slot(input_dev, i); input_mt_report_slot_inactive(input_dev); + clear_bit(i, &td->mt_io_flags); } input_mt_sync_frame(input_dev); input_sync(input_dev); @@ -1836,7 +1837,7 @@ static void mt_expired_timeout(struct timer_list *t) */ if (test_and_set_bit_lock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags)) return; - if (test_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags)) + if (td->mt_io_flags & MT_IO_SLOTS_MASK) mt_release_contacts(hdev); clear_bit_unlock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags); }

1 week

2
1
0 0

[PATCH] clocksource/drivers/stm: Fix section mismatches

by Johan Hovold

Platform drivers can be probed after their init sections have been discarded (e.g. on probe deferral or manual rebind through sysfs) so the probe function must not live in init. Device managed resource actions similarly cannot be discarded. The "_probe" suffix of the driver structure name prevents modpost from warning about this so replace it to catch any similar future issues. Fixes: cec32ac75827 ("clocksource/drivers/nxp-timer: Add the System Timer Module for the s32gx platforms") Cc: stable(a)vger.kernel.org # 6.16 Cc: Daniel Lezcano <daniel.lezcano(a)linaro.org> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/clocksource/timer-nxp-stm.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/drivers/clocksource/timer-nxp-stm.c b/drivers/clocksource/timer-nxp-stm.c index bbc40623728f..ce10bdcfc76b 100644 --- a/drivers/clocksource/timer-nxp-stm.c +++ b/drivers/clocksource/timer-nxp-stm.c @@ -177,15 +177,15 @@ static void nxp_stm_clocksource_resume(struct clocksource *cs) nxp_stm_clocksource_enable(cs); } -static void __init devm_clocksource_unregister(void *data) +static void devm_clocksource_unregister(void *data) { struct stm_timer *stm_timer = data; clocksource_unregister(&stm_timer->cs); } -static int __init nxp_stm_clocksource_init(struct device *dev, struct stm_timer *stm_timer, - const char *name, void __iomem *base, struct clk *clk) +static int nxp_stm_clocksource_init(struct device *dev, struct stm_timer *stm_timer, + const char *name, void __iomem *base, struct clk *clk) { int ret; @@ -298,9 +298,9 @@ static void nxp_stm_clockevent_resume(struct clock_event_device *ced) nxp_stm_module_get(stm_timer); } -static int __init nxp_stm_clockevent_per_cpu_init(struct device *dev, struct stm_timer *stm_timer, - const char *name, void __iomem *base, int irq, - struct clk *clk, int cpu) +static int nxp_stm_clockevent_per_cpu_init(struct device *dev, struct stm_timer *stm_timer, + const char *name, void __iomem *base, int irq, + struct clk *clk, int cpu) { stm_timer->base = base; stm_timer->rate = clk_get_rate(clk); @@ -388,7 +388,7 @@ static irqreturn_t nxp_stm_module_interrupt(int irq, void *dev_id) return IRQ_HANDLED; } -static int __init nxp_stm_timer_probe(struct platform_device *pdev) +static int nxp_stm_timer_probe(struct platform_device *pdev) { struct stm_timer *stm_timer; struct device *dev = &pdev->dev; @@ -484,14 +484,14 @@ static const struct of_device_id nxp_stm_of_match[] = { }; MODULE_DEVICE_TABLE(of, nxp_stm_of_match); -static struct platform_driver nxp_stm_probe = { +static struct platform_driver nxp_stm_driver = { .probe = nxp_stm_timer_probe, .driver = { .name = "nxp-stm", .of_match_table = nxp_stm_of_match, }, }; -module_platform_driver(nxp_stm_probe); +module_platform_driver(nxp_stm_driver); MODULE_DESCRIPTION("NXP System Timer Module driver"); MODULE_LICENSE("GPL"); -- 2.49.1

1 week

2
3
0 0

[RESEND PATCH 6.16-6.17 0/2] arm64: errata: Apply workarounds for Neoverse-V3AE

by Ryan Roberts

Hi All, This series is a backport that applies to stable kernels 6.16 and 6.17, of the recent errata workarounds for Neoverse-V3AE, which were originally posted at: https://lore.kernel.org/all/20250919145832.4035534-1-ryan.roberts@arm.com/ ... and were originally merged upstream in v6.18-rc1. Thanks, Ryan Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Documentation/arch/arm64/silicon-errata.rst | 2 ++ arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cputype.h | 2 ++ arch/arm64/kernel/cpu_errata.c | 1 + 4 files changed, 6 insertions(+) -- 2.43.0

1 week

1
2
0 0

[PATCH 6.16-6.17 0/2] arm64: errata: Apply workarounds for Neoverse-V3AE

by Ryan Roberts

Hi All, This series is a backport that applies to stable kernels 6.16 and 6.17, of the recent errata workarounds for Neoverse-V3AE, which were originally posted at: https://lore.kernel.org/all/20250919145832.4035534-1-ryan.roberts@arm.com/ ... and were originally merged upstream in v6.18-rc1. Thanks, Ryan Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Documentation/arch/arm64/silicon-errata.rst | 2 ++ arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cputype.h | 2 ++ arch/arm64/kernel/cpu_errata.c | 1 + 4 files changed, 6 insertions(+) -- 2.43.0

1 week

2
4
0 0

[PATCH mt76 v3] wifi: mt76: Fix DTS power-limits on little endian systems

by Sven Eckelmann (Plasma Cloud)

The power-limits for ru and mcs and stored in the devicetree as bytewise array (often with sizes which are not a multiple of 4). These arrays have a prefix which defines for how many modes a line is applied. This prefix is also only a byte - but the code still tried to fix the endianness of this byte with a be32 operation. As result, loading was mostly failing or was sending completely unexpected values to the firmware. Since the other rates are also stored in the devicetree as bytewise arrays, just drop the u32 access + be32_to_cpu conversion and directly access them as bytes arrays. Cc: stable(a)vger.kernel.org Fixes: 22b980badc0f ("mt76: add functions for parsing rate power limits from DT") Fixes: a9627d992b5e ("mt76: extend DT rate power limits to support 11ax devices") Signed-off-by: Sven Eckelmann (Plasma Cloud) <se(a)simonwunderlich.de> --- Changes in v3: - add "mt76" as addition prefix after "PATCH" as requested by Zhi-Jun You - Link to v2: https://lore.kernel.org/r/20250926-fix-power-limits-v2-1-c2bc7881eb6d@simon… Changes in v2: - Fix second Fixes line, thanks Zhi-Jun You - Link to v1: https://lore.kernel.org/r/20250917-fix-power-limits-v1-1-616e859a9881@simon… --- drivers/net/wireless/mediatek/mt76/eeprom.c | 37 +++++++++++++++++++---------- 1 file changed, 24 insertions(+), 13 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/eeprom.c b/drivers/net/wireless/mediatek/mt76/eeprom.c index a987c5e4eff6..6ce8e4af18fe 100644 --- a/drivers/net/wireless/mediatek/mt76/eeprom.c +++ b/drivers/net/wireless/mediatek/mt76/eeprom.c @@ -253,6 +253,19 @@ mt76_get_of_array(struct device_node *np, char *name, size_t *len, int min) return prop->value; } +static const s8 * +mt76_get_of_array_s8(struct device_node *np, char *name, size_t *len, int min) +{ + struct property *prop = of_find_property(np, name, NULL); + + if (!prop || !prop->value || prop->length < min) + return NULL; + + *len = prop->length; + + return prop->value; +} + struct device_node * mt76_find_channel_node(struct device_node *np, struct ieee80211_channel *chan) { @@ -294,7 +307,7 @@ mt76_get_txs_delta(struct device_node *np, u8 nss) } static void -mt76_apply_array_limit(s8 *pwr, size_t pwr_len, const __be32 *data, +mt76_apply_array_limit(s8 *pwr, size_t pwr_len, const s8 *data, s8 target_power, s8 nss_delta, s8 *max_power) { int i; @@ -303,15 +316,14 @@ mt76_apply_array_limit(s8 *pwr, size_t pwr_len, const __be32 *data, return; for (i = 0; i < pwr_len; i++) { - pwr[i] = min_t(s8, target_power, - be32_to_cpu(data[i]) + nss_delta); + pwr[i] = min_t(s8, target_power, data[i] + nss_delta); *max_power = max(*max_power, pwr[i]); } } static void mt76_apply_multi_array_limit(s8 *pwr, size_t pwr_len, s8 pwr_num, - const __be32 *data, size_t len, s8 target_power, + const s8 *data, size_t len, s8 target_power, s8 nss_delta, s8 *max_power) { int i, cur; @@ -319,8 +331,7 @@ mt76_apply_multi_array_limit(s8 *pwr, size_t pwr_len, s8 pwr_num, if (!data) return; - len /= 4; - cur = be32_to_cpu(data[0]); + cur = data[0]; for (i = 0; i < pwr_num; i++) { if (len < pwr_len + 1) break; @@ -335,7 +346,7 @@ mt76_apply_multi_array_limit(s8 *pwr, size_t pwr_len, s8 pwr_num, if (!len) break; - cur = be32_to_cpu(data[0]); + cur = data[0]; } } @@ -346,7 +357,7 @@ s8 mt76_get_rate_power_limits(struct mt76_phy *phy, { struct mt76_dev *dev = phy->dev; struct device_node *np; - const __be32 *val; + const s8 *val; char name[16]; u32 mcs_rates = dev->drv->mcs_rates; u32 ru_rates = ARRAY_SIZE(dest->ru[0]); @@ -392,21 +403,21 @@ s8 mt76_get_rate_power_limits(struct mt76_phy *phy, txs_delta = mt76_get_txs_delta(np, hweight16(phy->chainmask)); - val = mt76_get_of_array(np, "rates-cck", &len, ARRAY_SIZE(dest->cck)); + val = mt76_get_of_array_s8(np, "rates-cck", &len, ARRAY_SIZE(dest->cck)); mt76_apply_array_limit(dest->cck, ARRAY_SIZE(dest->cck), val, target_power, txs_delta, &max_power); - val = mt76_get_of_array(np, "rates-ofdm", - &len, ARRAY_SIZE(dest->ofdm)); + val = mt76_get_of_array_s8(np, "rates-ofdm", + &len, ARRAY_SIZE(dest->ofdm)); mt76_apply_array_limit(dest->ofdm, ARRAY_SIZE(dest->ofdm), val, target_power, txs_delta, &max_power); - val = mt76_get_of_array(np, "rates-mcs", &len, mcs_rates + 1); + val = mt76_get_of_array_s8(np, "rates-mcs", &len, mcs_rates + 1); mt76_apply_multi_array_limit(dest->mcs[0], ARRAY_SIZE(dest->mcs[0]), ARRAY_SIZE(dest->mcs), val, len, target_power, txs_delta, &max_power); - val = mt76_get_of_array(np, "rates-ru", &len, ru_rates + 1); + val = mt76_get_of_array_s8(np, "rates-ru", &len, ru_rates + 1); mt76_apply_multi_array_limit(dest->ru[0], ARRAY_SIZE(dest->ru[0]), ARRAY_SIZE(dest->ru), val, len, target_power, txs_delta, &max_power); --- base-commit: b36d55610215a976267197ddc914902c494705d7 change-id: 20250917-fix-power-limits-5ce07b993681 Best regards, -- Sven Eckelmann (Plasma Cloud) <se(a)simonwunderlich.de>

1 week

2
1
0 0

[PATCH 6.6-6.12 0/2] arm64: errata: Apply workarounds for Neoverse-V3AE

by Ryan Roberts

Hi All, This series is a backport that applies to stable kernels 6.6 and 6.12, of the recent errata workarounds for Neoverse-V3AE, which were originally posted at: https://lore.kernel.org/all/20250919145832.4035534-1-ryan.roberts@arm.com/ ... and were originally merged upstream in v6.18-rc1. Thanks, Ryan Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Documentation/arch/arm64/silicon-errata.rst | 2 ++ arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cputype.h | 2 ++ arch/arm64/kernel/cpu_errata.c | 1 + 4 files changed, 6 insertions(+) -- 2.43.0

1 week

1
2
0 0

[PATCH 5.15-6.1 0/2] arm64: errata: Apply workarounds for Neoverse-V3AE

by Ryan Roberts

Hi All, This series is a backport that applies to stable kernels 5.15 and 6.1, of the recent errata workarounds for Neoverse-V3AE, which were originally posted at: https://lore.kernel.org/all/20250919145832.4035534-1-ryan.roberts@arm.com/ ... and were originally merged upstream in v6.18-rc1. Thanks, Ryan Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Documentation/arm64/silicon-errata.rst | 2 ++ arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cputype.h | 2 ++ arch/arm64/kernel/cpu_errata.c | 1 + 4 files changed, 6 insertions(+) -- 2.43.0

1 week

1
2
0 0

[PATCH 5.4-5.10 0/2] arm64: errata: Apply workarounds for Neoverse-V3AE

by Ryan Roberts

Hi All, This series is a backport that applies to stable kernels 5.4 and 5.10, of the recent errata workarounds for Neoverse-V3AE, which were originally posted at: https://lore.kernel.org/all/20250919145832.4035534-1-ryan.roberts@arm.com/ ... and were originally merged upstream in v6.18-rc1. Thanks, Ryan Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Documentation/arm64/silicon-errata.rst | 2 ++ arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cputype.h | 2 ++ arch/arm64/kernel/cpu_errata.c | 1 + 4 files changed, 6 insertions(+) -- 2.43.0

1 week

1
2
0 0

FAILED: patch "[PATCH] media: s5p-mfc: remove an unused/uninitialized variable" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 7fa37ba25a1dfc084e24ea9acc14bf1fad8af14c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101646-overtake-starch-c0ab@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7fa37ba25a1dfc084e24ea9acc14bf1fad8af14c Mon Sep 17 00:00:00 2001 From: Arnd Bergmann <arnd(a)arndb.de> Date: Thu, 7 Aug 2025 22:54:15 +0200 Subject: [PATCH] media: s5p-mfc: remove an unused/uninitialized variable The s5p_mfc_cmd_args structure in the v6 driver is never used, not initialized to anything other than zero, but as of clang-21 this causes a warning: drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c:45:7: error: variable 'h2r_args' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] 45 | &h2r_args); | ^~~~~~~~ Just remove this for simplicity. Since the function is also called through a callback, this does require adding a trivial wrapper with the correct prototype. Fixes: f96f3cfa0bb8 ("[media] s5p-mfc: Update MFC v4l2 driver to support MFC6.x") Cc: stable(a)vger.kernel.org Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Hans Verkuil <hverkuil+cisco(a)kernel.org> diff --git a/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c b/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c index 47bc3014b5d8..f7c682fca645 100644 --- a/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c +++ b/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c @@ -14,8 +14,7 @@ #include "s5p_mfc_opr.h" #include "s5p_mfc_cmd_v6.h" -static int s5p_mfc_cmd_host2risc_v6(struct s5p_mfc_dev *dev, int cmd, - const struct s5p_mfc_cmd_args *args) +static int s5p_mfc_cmd_host2risc_v6(struct s5p_mfc_dev *dev, int cmd) { mfc_debug(2, "Issue the command: %d\n", cmd); @@ -31,7 +30,6 @@ static int s5p_mfc_cmd_host2risc_v6(struct s5p_mfc_dev *dev, int cmd, static int s5p_mfc_sys_init_cmd_v6(struct s5p_mfc_dev *dev) { - struct s5p_mfc_cmd_args h2r_args; const struct s5p_mfc_buf_size_v6 *buf_size = dev->variant->buf_size->priv; int ret; @@ -41,33 +39,23 @@ static int s5p_mfc_sys_init_cmd_v6(struct s5p_mfc_dev *dev) mfc_write(dev, dev->ctx_buf.dma, S5P_FIMV_CONTEXT_MEM_ADDR_V6); mfc_write(dev, buf_size->dev_ctx, S5P_FIMV_CONTEXT_MEM_SIZE_V6); - return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SYS_INIT_V6, - &h2r_args); + return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SYS_INIT_V6); } static int s5p_mfc_sleep_cmd_v6(struct s5p_mfc_dev *dev) { - struct s5p_mfc_cmd_args h2r_args; - - memset(&h2r_args, 0, sizeof(struct s5p_mfc_cmd_args)); - return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SLEEP_V6, - &h2r_args); + return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SLEEP_V6); } static int s5p_mfc_wakeup_cmd_v6(struct s5p_mfc_dev *dev) { - struct s5p_mfc_cmd_args h2r_args; - - memset(&h2r_args, 0, sizeof(struct s5p_mfc_cmd_args)); - return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_WAKEUP_V6, - &h2r_args); + return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_WAKEUP_V6); } /* Open a new instance and get its number */ static int s5p_mfc_open_inst_cmd_v6(struct s5p_mfc_ctx *ctx) { struct s5p_mfc_dev *dev = ctx->dev; - struct s5p_mfc_cmd_args h2r_args; int codec_type; mfc_debug(2, "Requested codec mode: %d\n", ctx->codec_mode); @@ -129,23 +117,20 @@ static int s5p_mfc_open_inst_cmd_v6(struct s5p_mfc_ctx *ctx) mfc_write(dev, ctx->ctx.size, S5P_FIMV_CONTEXT_MEM_SIZE_V6); mfc_write(dev, 0, S5P_FIMV_D_CRC_CTRL_V6); /* no crc */ - return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_OPEN_INSTANCE_V6, - &h2r_args); + return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_OPEN_INSTANCE_V6); } /* Close instance */ static int s5p_mfc_close_inst_cmd_v6(struct s5p_mfc_ctx *ctx) { struct s5p_mfc_dev *dev = ctx->dev; - struct s5p_mfc_cmd_args h2r_args; int ret = 0; dev->curr_ctx = ctx->num; if (ctx->state != MFCINST_FREE) { mfc_write(dev, ctx->inst_no, S5P_FIMV_INSTANCE_ID_V6); ret = s5p_mfc_cmd_host2risc_v6(dev, - S5P_FIMV_H2R_CMD_CLOSE_INSTANCE_V6, - &h2r_args); + S5P_FIMV_H2R_CMD_CLOSE_INSTANCE_V6); } else { ret = -EINVAL; } @@ -153,9 +138,15 @@ static int s5p_mfc_close_inst_cmd_v6(struct s5p_mfc_ctx *ctx) return ret; } +static int s5p_mfc_cmd_host2risc_v6_args(struct s5p_mfc_dev *dev, int cmd, + const struct s5p_mfc_cmd_args *ignored) +{ + return s5p_mfc_cmd_host2risc_v6(dev, cmd); +} + /* Initialize cmd function pointers for MFC v6 */ static const struct s5p_mfc_hw_cmds s5p_mfc_cmds_v6 = { - .cmd_host2risc = s5p_mfc_cmd_host2risc_v6, + .cmd_host2risc = s5p_mfc_cmd_host2risc_v6_args, .sys_init_cmd = s5p_mfc_sys_init_cmd_v6, .sleep_cmd = s5p_mfc_sleep_cmd_v6, .wakeup_cmd = s5p_mfc_wakeup_cmd_v6,

1 week

3
6
0 0

FAILED: patch "[PATCH] media: s5p-mfc: remove an unused/uninitialized variable" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 7fa37ba25a1dfc084e24ea9acc14bf1fad8af14c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101646-unfunded-bootlace-0264@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7fa37ba25a1dfc084e24ea9acc14bf1fad8af14c Mon Sep 17 00:00:00 2001 From: Arnd Bergmann <arnd(a)arndb.de> Date: Thu, 7 Aug 2025 22:54:15 +0200 Subject: [PATCH] media: s5p-mfc: remove an unused/uninitialized variable The s5p_mfc_cmd_args structure in the v6 driver is never used, not initialized to anything other than zero, but as of clang-21 this causes a warning: drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c:45:7: error: variable 'h2r_args' is uninitialized when passed as a const pointer argument here [-Werror,-Wuninitialized-const-pointer] 45 | &h2r_args); | ^~~~~~~~ Just remove this for simplicity. Since the function is also called through a callback, this does require adding a trivial wrapper with the correct prototype. Fixes: f96f3cfa0bb8 ("[media] s5p-mfc: Update MFC v4l2 driver to support MFC6.x") Cc: stable(a)vger.kernel.org Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> Signed-off-by: Hans Verkuil <hverkuil+cisco(a)kernel.org> diff --git a/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c b/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c index 47bc3014b5d8..f7c682fca645 100644 --- a/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c +++ b/drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c @@ -14,8 +14,7 @@ #include "s5p_mfc_opr.h" #include "s5p_mfc_cmd_v6.h" -static int s5p_mfc_cmd_host2risc_v6(struct s5p_mfc_dev *dev, int cmd, - const struct s5p_mfc_cmd_args *args) +static int s5p_mfc_cmd_host2risc_v6(struct s5p_mfc_dev *dev, int cmd) { mfc_debug(2, "Issue the command: %d\n", cmd); @@ -31,7 +30,6 @@ static int s5p_mfc_cmd_host2risc_v6(struct s5p_mfc_dev *dev, int cmd, static int s5p_mfc_sys_init_cmd_v6(struct s5p_mfc_dev *dev) { - struct s5p_mfc_cmd_args h2r_args; const struct s5p_mfc_buf_size_v6 *buf_size = dev->variant->buf_size->priv; int ret; @@ -41,33 +39,23 @@ static int s5p_mfc_sys_init_cmd_v6(struct s5p_mfc_dev *dev) mfc_write(dev, dev->ctx_buf.dma, S5P_FIMV_CONTEXT_MEM_ADDR_V6); mfc_write(dev, buf_size->dev_ctx, S5P_FIMV_CONTEXT_MEM_SIZE_V6); - return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SYS_INIT_V6, - &h2r_args); + return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SYS_INIT_V6); } static int s5p_mfc_sleep_cmd_v6(struct s5p_mfc_dev *dev) { - struct s5p_mfc_cmd_args h2r_args; - - memset(&h2r_args, 0, sizeof(struct s5p_mfc_cmd_args)); - return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SLEEP_V6, - &h2r_args); + return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_SLEEP_V6); } static int s5p_mfc_wakeup_cmd_v6(struct s5p_mfc_dev *dev) { - struct s5p_mfc_cmd_args h2r_args; - - memset(&h2r_args, 0, sizeof(struct s5p_mfc_cmd_args)); - return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_WAKEUP_V6, - &h2r_args); + return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_WAKEUP_V6); } /* Open a new instance and get its number */ static int s5p_mfc_open_inst_cmd_v6(struct s5p_mfc_ctx *ctx) { struct s5p_mfc_dev *dev = ctx->dev; - struct s5p_mfc_cmd_args h2r_args; int codec_type; mfc_debug(2, "Requested codec mode: %d\n", ctx->codec_mode); @@ -129,23 +117,20 @@ static int s5p_mfc_open_inst_cmd_v6(struct s5p_mfc_ctx *ctx) mfc_write(dev, ctx->ctx.size, S5P_FIMV_CONTEXT_MEM_SIZE_V6); mfc_write(dev, 0, S5P_FIMV_D_CRC_CTRL_V6); /* no crc */ - return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_OPEN_INSTANCE_V6, - &h2r_args); + return s5p_mfc_cmd_host2risc_v6(dev, S5P_FIMV_H2R_CMD_OPEN_INSTANCE_V6); } /* Close instance */ static int s5p_mfc_close_inst_cmd_v6(struct s5p_mfc_ctx *ctx) { struct s5p_mfc_dev *dev = ctx->dev; - struct s5p_mfc_cmd_args h2r_args; int ret = 0; dev->curr_ctx = ctx->num; if (ctx->state != MFCINST_FREE) { mfc_write(dev, ctx->inst_no, S5P_FIMV_INSTANCE_ID_V6); ret = s5p_mfc_cmd_host2risc_v6(dev, - S5P_FIMV_H2R_CMD_CLOSE_INSTANCE_V6, - &h2r_args); + S5P_FIMV_H2R_CMD_CLOSE_INSTANCE_V6); } else { ret = -EINVAL; } @@ -153,9 +138,15 @@ static int s5p_mfc_close_inst_cmd_v6(struct s5p_mfc_ctx *ctx) return ret; } +static int s5p_mfc_cmd_host2risc_v6_args(struct s5p_mfc_dev *dev, int cmd, + const struct s5p_mfc_cmd_args *ignored) +{ + return s5p_mfc_cmd_host2risc_v6(dev, cmd); +} + /* Initialize cmd function pointers for MFC v6 */ static const struct s5p_mfc_hw_cmds s5p_mfc_cmds_v6 = { - .cmd_host2risc = s5p_mfc_cmd_host2risc_v6, + .cmd_host2risc = s5p_mfc_cmd_host2risc_v6_args, .sys_init_cmd = s5p_mfc_sys_init_cmd_v6, .sleep_cmd = s5p_mfc_sleep_cmd_v6, .wakeup_cmd = s5p_mfc_wakeup_cmd_v6,

1 week

3
6
0 0

[PATCH v2] tcpm: switch check for role_sw device with fw_node

by Michael Grzeschik

When there is no port entry in the tcpci entry itself, the driver will trigger an error message "OF: graph: no port node found in /...../typec" . It is documented that the dts node should contain an connector entry with ports and several port pointing to devices with usb-role-switch property set. Only when those connector entry is missing, it should check for port entries in the main node. We switch the search order for looking after ports, which will avoid the failure message while there are explicit connector entries. Fixes: d56de8c9a17d ("usb: typec: tcpm: try to get role switch from tcpc fwnode") Cc: stable(a)vger.kernel.org Signed-off-by: Michael Grzeschik <m.grzeschik(a)pengutronix.de> --- Changes in v2: - fixed typos in the description - added fixes tag - added Cc: stable(a)vger.kernel.org - Link to v1: https://lore.kernel.org/r/20251003-b4-ml-topic-tcpm-v1-1-3cdd05588acb@pengu… --- drivers/usb/typec/tcpm/tcpm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index b2a568a5bc9b0ba5c50b7031d8e21ee09cefa349..cc78770509dbc6460d75816f544173d6ab4ef873 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -7876,9 +7876,9 @@ struct tcpm_port *tcpm_register_port(struct device *dev, struct tcpc_dev *tcpc) port->partner_desc.identity = &port->partner_ident; - port->role_sw = usb_role_switch_get(port->dev); + port->role_sw = fwnode_usb_role_switch_get(tcpc->fwnode); if (!port->role_sw) - port->role_sw = fwnode_usb_role_switch_get(tcpc->fwnode); + port->role_sw = usb_role_switch_get(port->dev); if (IS_ERR(port->role_sw)) { err = PTR_ERR(port->role_sw); goto out_destroy_wq; --- base-commit: e406d57be7bd2a4e73ea512c1ae36a40a44e499e change-id: 20251003-b4-ml-topic-tcpm-27146727d76a Best regards, -- Michael Grzeschik <m.grzeschik(a)pengutronix.de>

1 week

3
2
0 0

[PATCH 5.4-6.17 0/2] arm64: errata: Apply workarounds for Neoverse-V3AE

by Ryan Roberts

Hi All, This series is a backport intended for all supported stable kernels (5.4-6.17) of the recent errata workarounds for Neoverse-V3AE, which were originally posted at: https://lore.kernel.org/all/20250919145832.4035534-1-ryan.roberts@arm.com/ ... and were originally merged upstream in v6.18-rc1. I've tested that these patches apply to 5.4-6.12 without issue, but there is a trivial conflict to resolve in silicon-errata.rst for it to apply to 6.16 and 6.17. Are you happy to deal with that or should I send a separate series? Thanks, Ryan Mark Rutland (2): arm64: cputype: Add Neoverse-V3AE definitions arm64: errata: Apply workarounds for Neoverse-V3AE Documentation/arch/arm64/silicon-errata.rst | 2 ++ arch/arm64/Kconfig | 1 + arch/arm64/include/asm/cputype.h | 2 ++ arch/arm64/kernel/cpu_errata.c | 1 + 4 files changed, 6 insertions(+) -- 2.43.0

1 week

2
4
0 0

[PATCH 6.17 000/371] 6.17.4-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.17.4 release. There are 371 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 19 Oct 2025 14:50:59 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.17.4-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.17.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.17.4-rc1 Christian Brauner <brauner(a)kernel.org> mount: handle NULL values in mnt_ns_release() Christian Brauner <brauner(a)kernel.org> pidfs: validate extensible ioctls Darrick J. Wong <djwong(a)kernel.org> iomap: error out on file IO when there is no inline_data buffer Jan Kara <jack(a)suse.cz> writeback: Avoid excessively long inode switching times Jan Kara <jack(a)suse.cz> writeback: Avoid softlockup when switching many inodes Al Viro <viro(a)zeniv.linux.org.uk> mnt_ns_tree_remove(): DTRT if mnt_ns had never been added to mnt_ns_list Christian Brauner <brauner(a)kernel.org> nsfs: validate extensible ioctls Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> cramfs: Verify inode mode when loading from disk Lichen Liu <lichliu(a)redhat.com> fs: Add 'initramfs_options' to set initramfs mount options Oleg Nesterov <oleg(a)redhat.com> pid: make __task_pid_nr_ns(ns => NULL) safe for zombie callers gaoxiang17 <gaoxiang17(a)xiaomi.com> pid: Add a judgment for ns null in pid_nr_ns Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> minixfs: Verify inode mode when loading from disk Miklos Szeredi <mszeredi(a)redhat.com> copy_file_range: limit size if in compat mode Lucas Zampieri <lzampier(a)redhat.com> irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: property: Do not pass NULL handles to acpi_attach_data() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: property: Add code comments explaining what is going on Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: property: Disregard references in data-only subnode lists Viken Dadhaniya <viken.dadhaniya(a)oss.qualcomm.com> arm64: dts: qcom: qcs615: add missing dt property in QUP SEs Edward Adam Davis <eadavis(a)qq.com> media: mc: Clear minor number before put device Donet Tom <donettom(a)linux.ibm.com> mm/ksm: fix incorrect KSM counter handling in mm_struct during fork Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: reject negative file sizes in squashfs_read_inode() Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: add additional inode sanity checking Guenter Roeck <linux(a)roeck-us.net> ipmi: Fix handling of messages with provided receive message pointer Jan Kara <jack(a)suse.cz> ext4: free orphan info with kvfree Huacai Chen <chenhuacai(a)kernel.org> ACPICA: Allow to skip Global Lock initialization Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: validate ea_ino and size in check_xattrs Ahmet Eray Karadag <eraykrdg1(a)gmail.com> ext4: guard against EA inode refcount underflow in xattr update Zhang Yi <yi.zhang(a)huawei.com> ext4: fix an off-by-one issue during moving extents Theodore Ts'o <tytso(a)mit.edu> ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: correctly handle queries for metadata mappings Yongjian Sun <sunyongjian1(a)huawei.com> ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Jan Kara <jack(a)suse.cz> ext4: verify orphan file size is not too big Jan Kara <jack(a)suse.cz> ext4: fail unaligned direct IO write with EINVAL Baokun Li <libaokun1(a)huawei.com> ext4: add ext4_sb_bread_nofail() helper function for ext4_free_branches() Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Allow stop on firmware only if start was issued. Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Fix format check for CAPTURE plane in try_fmt Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Fix missing LAST flag handling during drain Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Send dummy buffer address for all codecs during drain Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Update vbuf flags before v4l2_m2m_buf_done Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Simplify session stop logic by relying on vb2 checks Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Always destroy internal buffers on firmware release response Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Allow substate transition to load resources during output streaming Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Fix buffer count reporting in internal buffer check Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: Fix port streaming handling Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: iris: vpu3x: Add MNoC low power handshake during hardware power-off Neil Armstrong <neil.armstrong(a)linaro.org> media: iris: fix module removal if firmware download failed Stephan Gerhold <stephan.gerhold(a)linaro.org> media: iris: Fix firmware reference leak and unmap memory after load Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> media: iris: Call correct power off callback in cleanup path Olga Kornievskaia <okorniev(a)redhat.com> nfsd: nfserr_jukebox in nlm_fopen should lead to a retry Thorsten Blum <thorsten.blum(a)linux.dev> NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() Scott Mayhew <smayhew(a)redhat.com> nfsd: decouple the xprtsec policy check from check_nfsd_access() SeongJae Park <sj(a)kernel.org> mm/damon/lru_sort: use param_ctx for damon_attrs staging SeongJae Park <sj(a)kernel.org> mm/damon/vaddr: do not repeat pte_offset_map_lock() until success Li RongQing <lirongqing(a)baidu.com> mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations Lance Yang <lance.yang(a)linux.dev> mm/rmap: fix soft-dirty and uffd-wp bit loss when remapping zero-filled mTHP subpage to shared zeropage Lance Yang <lance.yang(a)linux.dev> mm/thp: fix MTE tag mismatch when replacing zero-filled subpages Nick Morrow <morrownr(a)gmail.com> wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 Nick Morrow <morrownr(a)gmail.com> wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 Fedor Pchelkin <pchelkin(a)ispras.ru> wifi: rtw89: avoid possible TX wait initialization race Miaoqian Lin <linmq006(a)gmail.com> wifi: iwlwifi: Fix dentry reference leak in iwl_mld_add_link_debugfs Muhammad Usama Anjum <usama.anjum(a)collabora.com> wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Suren Baghdasaryan <surenb(a)google.com> slab: mark slab->obj_exts allocation failures unconditionally Suren Baghdasaryan <surenb(a)google.com> slab: prevent warnings when slab obj_exts vector allocation fails Heiko Carstens <hca(a)linux.ibm.com> s390: Add -Wno-pointer-sign to KBUILD_CFLAGS_DECOMPRESSOR Jaehoon Kim <jhkim(a)linux.ibm.com> s390/dasd: Return BLK_STS_INVAL for EINVAL from do_dasd_request Jaehoon Kim <jhkim(a)linux.ibm.com> s390/dasd: enforce dma_alignment to ensure proper buffer validation Heiko Carstens <hca(a)linux.ibm.com> s390/cio/ioasm: Fix __xsch() condition code handling Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: validate C-flag + def limit Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: reset blackhole on success with non-loopback ifaces Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: in-kernel: usable client side with C-flag Sean Christopherson <seanjc(a)google.com> x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) Sean Christopherson <seanjc(a)google.com> x86/umip: Check that the instruction opcode is at least two bytes Xin Li (Intel) <xin(a)zytor.com> x86/fred: Remove ENDBR64 from FRED entry points Darrick J. Wong <djwong(a)kernel.org> xfs: use deferred intent items for reaping crosslinked blocks Santhosh Kumar K <s-k6(a)ti.com> spi: cadence-quadspi: Fix cqspi_setup_flash() Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before DAC access Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before INDAC access Johan Hovold <johan+linaro(a)kernel.org> PCI/pwrctrl: Fix device leak at device stop Johan Hovold <johan+linaro(a)kernel.org> PCI/pwrctrl: Fix device and OF node leak at bus scan Johan Hovold <johan+linaro(a)kernel.org> PCI/pwrctrl: Fix device leak at registration Niklas Cassel <cassel(a)kernel.org> PCI: tegra194: Reset BARs when running in PCIe endpoint mode Vidya Sagar <vidyas(a)nvidia.com> PCI: tegra194: Handle errors in BPMP response Niklas Cassel <cassel(a)kernel.org> PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-host: Drop PMSR spinlock Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-gen4: Fix PHY initialization Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Fix programming sequence of "strap" settings Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Fix module autoloading Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix failure detection during resource resize Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Ensure relaxed tail alignment does not increase min_align Lukas Wunner <lukas(a)wunner.de> PCI/AER: Support errors introduced by PCIe r6.0 Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/AER: Fix missing uevent on recovery when a reset is requested Lukas Wunner <lukas(a)wunner.de> PCI/ERR: Fix uevent on failure to recover Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV Brian Norris <briannorris(a)google.com> PCI/sysfs: Ensure devices are powered for config reads Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock Jani Nurminen <jani.nurminen(a)windriver.com> PCI: xilinx-nwl: Fix ECAM programming Sean Christopherson <seanjc(a)google.com> rseq/selftests: Use weak symbol reference, not definition, to link with glibc Esben Haabendal <esben(a)geanix.com> rtc: interface: Fix long-standing race when setting alarm Esben Haabendal <esben(a)geanix.com> rtc: interface: Ensure alarm irq is enabled when UIE is enabled Patrice Chotard <patrice.chotard(a)foss.st.com> memory: stm32_omm: Fix req2ack update test Zhen Ni <zhen.ni(a)easystack.cn> memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe Rex Chen <rex.chen_1(a)nxp.com> mmc: mmc_spi: multiple block read remove read crc ack Rex Chen <rex.chen_1(a)nxp.com> mmc: core: SPI mode remove cmd7 Maarten Zanders <maarten(a)zanders.be> mtd: nand: raw: gpmi: fix clocks when CONFIG_PM=N Linus Walleij <linus.walleij(a)linaro.org> mtd: rawnand: fsmc: Default to autodetect buswidth Alexander Lobakin <aleksander.lobakin(a)intel.com> xsk: Harden userspace-supplied xdp_desc validation Miaoqian Lin <linmq006(a)gmail.com> xtensa: simdisk: add input size check in proc_write_simdisk Ma Ke <make24(a)iscas.ac.cn> sparc: fix error handling in scan_one_device() Anthony Yznaga <anthony.yznaga(a)oracle.com> sparc64: fix hugetlb for sun4u Bharath SM <bharathsm(a)microsoft.com> smb client: fix bug with newly created file in cached dir Eric Biggers <ebiggers(a)kernel.org> sctp: Fix MAC comparison to be constant-time Abinash Singh <abinashsinghlalotra(a)gmail.com> scsi: sd: Fix build warning in sd_revalidate_disk() Thorsten Blum <thorsten.blum(a)linux.dev> scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() Harshit Agarwal <harshit(a)nutanix.com> sched/deadline: Fix race in push_dl_task() Alexandre Ghiti <alexghiti(a)rivosinc.com> riscv: use an atomic xchg in pudp_huge_get_and_clear() Corey Minyard <corey(a)minyard.net> Revert "ipmi: fix msg stack when IPMI is disconnected" Colin Ian King <colin.i.king(a)gmail.com> pwm: Fix incorrect variable used in error message Jisheng Zhang <jszhang(a)kernel.org> pwm: berlin: Fix wrong register in suspend/resume Nam Cao <namcao(a)linutronix.de> powerpc/pseries/msi: Fix potential underflow and leak issue Nam Cao <namcao(a)linutronix.de> powerpc/powernv/pci: Fix underflow and leak issue Dzmitry Sankouski <dsankouski(a)gmail.com> power: supply: max77976_charger: fix constant current reporting Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: hibernate: Restrict GFP mask in power_down() Mario Limonciello (AMD) <superm1(a)kernel.org> PM: hibernate: Fix hybrid-sleep Christian Loehle <christian.loehle(a)arm.com> PM: EM: Fix late boot with holes in CPU topology Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> pinctrl: samsung: Drop unused S3C24xx driver data Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk John David Anglin <dave.anglin(a)bell.net> parisc: Remove spurious if statement from raw_copy_from_user() Sam James <sam(a)gentoo.org> parisc: don't reference obsolete termio struct for TC* constants Xiao Liang <shaw.leon(a)gmail.com> padata: Reset next CPU when reorder sequence wraps around Askar Safin <safinaskar(a)zohomail.com> openat2: don't trigger automounts with RESOLVE_NO_XDEV Ma Ke <make24(a)iscas.ac.cn> of: unittest: Fix device reference count leak in of_unittest_pci_node_verify Yu Kuai <yukuai3(a)huawei.com> md: fix mssing blktrace bio split events Li Chen <me(a)linux.beauty> loop: fix backing file reference leak on validation error Johan Hovold <johan(a)kernel.org> lib/genalloc: fix device leak in of_gen_pool_get() Pratyush Yadav <pratyush(a)kernel.org> kho: only fill kimage if KHO is finalized Eric Biggers <ebiggers(a)kernel.org> KEYS: trusted_tpm1: Compare HMAC values in constant time Oleg Nesterov <oleg(a)redhat.com> kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths Corey Minyard <corey(a)minyard.net> ipmi:msghandler:Change seq_lock to a mutex Corey Minyard <corey(a)minyard.net> ipmi: Rework user message limit handling Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: PRS isn't usable if PDS isn't supported Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Simplify pm_runtime setup Huacai Chen <chenhuacai(a)kernel.org> init: handle bootloader identifier in kernel parameters Sean Anderson <sean.anderson(a)linux.dev> iio: xilinx-ams: Unmask interrupts after updating alarms Sean Anderson <sean.anderson(a)linux.dev> iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix prescaler usage. Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5421: use int type to store negative error codes Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5360: use int type to store negative error codes Aleksandar Gerasimovski <aleksandar.gerasimovski(a)belden.com> iio/adc/pac1934: fix channel disable configuration Jarkko Nikula <jarkko.nikula(a)linux.intel.com> i3c: Fix default I2C adapter timeout value Conor Dooley <conor.dooley(a)microchip.com> gpio: mpfs: fix setting gpio direction to output Darrick J. Wong <djwong(a)kernel.org> fuse: fix livelock in synchronous file put from fuseblk workers Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix possibly missing fuse_copy_finish() call in fuse_notify() Ryan Roberts <ryan.roberts(a)arm.com> fsnotify: pass correct offset to fsnotify_mmap_perm() Shashank A P <shashank.ap(a)samsung.com> fs: quota: create dedicated workqueue for quota_release_work Haoxiang Li <haoxiang_li2024(a)163.com> fs/ntfs3: Fix a resource leak bug in wnd_extend() Finn Thain <fthain(a)linux-m68k.org> fbdev: Fix logic error in "offb" name match Nam Cao <namcao(a)linutronix.de> eventpoll: Replace rwlock with spinlock Thomas Fourier <fourier.thomas(a)gmail.com> crypto: rockchip - Fix dma_unmap_sg() nents value Thomas Fourier <fourier.thomas(a)gmail.com> crypto: atmel - Fix dma_unmap_sg() direction Thomas Fourier <fourier.thomas(a)gmail.com> crypto: aspeed - Fix dma_unmap_sg() direction Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay Simon Schuster <schuster.simon(a)siemens-energy.com> copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) Denzeel Oliva <wachiturroxd150(a)gmail.com> clk: samsung: exynos990: Replace bogus divs with fixed-factor clocks Denzeel Oliva <wachiturroxd150(a)gmail.com> clk: samsung: exynos990: Fix CMU_TOP mux/div bit widths Denzeel Oliva <wachiturroxd150(a)gmail.com> clk: samsung: exynos990: Use PLL_CON0 for PLL parent muxes Abel Vesa <abel.vesa(a)linaro.org> clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk Miaoqian Lin <linmq006(a)gmail.com> cdx: Fix device node reference leak in cdx_msi_domain_init Adam Xue <zxue(a)semtech.com> bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() Sumit Kumar <sumit.kumar(a)oss.qualcomm.com> bus: mhi: ep: Fix chained transfer handling in read path Anderson Nascimento <anderson(a)allelesecurity.com> btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Yu Kuai <yukuai3(a)huawei.com> blk-crypto: fix missing blktrace bio split events Ard Biesheuvel <ardb(a)kernel.org> drm/amd/display: Fix unsafe uses of kernel mode FPU Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Enable Dynamic DTBCLK Switch Jesse Agate <jesse.agate(a)amd.com> drm/amd/display: Incorrect Mirror Cositing Matthew Auld <matthew.auld(a)intel.com> drm/xe/uapi: loosen used tracking restriction Shuhao Fu <sfual(a)cse.ust.hk> drm/nouveau: fix bad ret code in nouveau_bo_move_prep Marek Vasut <marek.vasut+renesas(a)mailbox.org> drm/rcar-du: dsi: Fix 1/2/3 lane support Akhil P Oommen <akhilpo(a)oss.qualcomm.com> drm/msm/a6xx: Fix PDC sleep sequence Jann Horn <jannh(a)google.com> drm/panthor: Fix memory leak in panthor_ioctl_group_create() Kaustabh Chakraborty <kauschluss(a)disroot.org> drm/exynos: exynos7_drm_decon: remove ctx->suspended Ma Ke <make24(a)iscas.ac.cn> media: lirc: Fix error handling in lirc_register() Jai Luthra <jai.luthra(a)ideasonboard.com> media: ti: j721e-csi2rx: Fix source subdev link creation Jai Luthra <jai.luthra(a)ideasonboard.com> media: ti: j721e-csi2rx: Use devm_of_platform_populate Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: vsp1: Export missing vsp1_isp_free_buffer symbol Hans Verkuil <hverkuil+cisco(a)kernel.org> media: vivid: fix disappearing <Vendor Command With ID> messages Renjiang Han <quic_renjiang(a)quicinc.com> media: venus: pm_helpers: add fallback for the opp-table Stephan Gerhold <stephan.gerhold(a)linaro.org> media: venus: firmware: Use correct reset sequence for IRIS2 Desnes Nunes <desnesn(a)redhat.com> media: uvcvideo: Avoid variable shadowing in uvc_ctrl_cleanup_fh Bingbu Cao <bingbu.cao(a)intel.com> media: staging/ipu7: fix isys device runtime PM usage in firmware closing Arnd Bergmann <arnd(a)arndb.de> media: s5p-mfc: remove an unused/uninitialized variable Nícolas F. R. A. Prado <nfraprado(a)collabora.com> media: platform: mtk-mdp3: Add missing MT8188 compatible to comp_dt_ids David Lechner <dlechner(a)baylibre.com> media: pci: mg4b: fix uninitialized iio scan data Thomas Fourier <fourier.thomas(a)gmail.com> media: pci: ivtv: Add missing check after DMA map Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Fix MUST_CONNECT handling for pads with no links Qianfeng Rong <rongqianfeng(a)vivo.com> media: i2c: mt9v111: fix incorrect type for ret Hans Verkuil <hverkuil+cisco(a)kernel.org> media: i2c: mt9p031: fix mbus code initialization Thomas Fourier <fourier.thomas(a)gmail.com> media: cx18: Add missing check after DMA map Randy Dunlap <rdunlap(a)infradead.org> media: cec: extron-da-hd-4k-plus: drop external-module make commands Johan Hovold <johan(a)kernel.org> firmware: meson_sm: fix device leak at probe Tudor Ambarus <tudor.ambarus(a)linaro.org> firmware: exynos-acpm: fix PMIC returned errno Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Update virq_to_irq on migration Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Return -EEXIST for bound VIRQs Lukas Wunner <lukas(a)wunner.de> xen/manage: Fix suspend error path Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Cleanup find_virq() return codes Marek Marczykowski-Górecki <marmarek(a)invisiblethingslab.com> xen: take system_transition_mutex on suspend Michael Riesch <michael.riesch(a)collabora.com> dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required Tony Lindgren <tony.lindgren(a)linux.intel.com> KVM: TDX: Fix uninitialized error code for __tdx_bringup() Hou Wenlong <houwenlong.hwl(a)antgroup.com> KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest Sean Christopherson <seanjc(a)google.com> x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP Fuad Tabba <tabba(a)google.com> KVM: arm64: Fix page leak in user_mem_abort() Ben Horgan <ben.horgan(a)arm.com> KVM: arm64: Fix debug checking for np-guests using huge mappings Gautam Gala <ggala(a)linux.ibm.com> KVM: s390: Fix to clear PTE when discarding a swapped page Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Fix CMN S3 DTM offset Johan Hovold <johan(a)kernel.org> firmware: arm_scmi: quirk: Prevent writes to string constants Miaoqian Lin <linmq006(a)gmail.com> ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init Alexander Sverdlin <alexander.sverdlin(a)gmail.com> ARM: AM33xx: Implement TI advisory 1.0.36 (EMU0/EMU1 pins state on reset) Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not flag the zero page as PG_mte_tagged Yang Shi <yang(a)os.amperecomputing.com> arm64: kprobes: call set_memory_rox() for kprobe page Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am62p: Fix supported hardware for 1GHz OPP Vibhore Vardhan <vibhore(a)ti.com> arm64: dts: ti: k3-am62a-main: Fix main padcfg length Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> arm64: dts: qcom: x1e80100-pmics: Disable pm8010 by default Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: msm8939: Add missing MDSS reset Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: msm8916: Add missing MDSS reset Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: battery: Add synchronization between interface updates Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> ACPI: debug: fix signedness issues in read/write helpers Ahmed Salem <x0rw3ll(a)gmail.com> ACPICA: Debugger: drop ACPI_NONSTRING attribute from name_seg Daniel Tang <danielzgtg.opensource(a)gmail.com> ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: property: Fix buffer properties extraction for subnodes Ahmed Salem <x0rw3ll(a)gmail.com> ACPICA: acpidump: drop ACPI_NONSTRING attribute from file_name Nathan Chancellor <nathan(a)kernel.org> s390/vmlinux.lds.S: Move .vmlinux.info to end of allocatable sections Alexey Gladkov <legion(a)kernel.org> s390: vmlinux.lds.S: Reorder sections Nathan Chancellor <nathan(a)kernel.org> kbuild: Add '.rel.*' strip pattern for vmlinux Nathan Chancellor <nathan(a)kernel.org> kbuild: Restore pattern to avoid stripping .rela.dyn from vmlinux Masahiro Yamada <masahiroy(a)kernel.org> kbuild: keep .modinfo section in vmlinux.unstripped Masahiro Yamada <masahiroy(a)kernel.org> kbuild: always create intermediate vmlinux.unstripped KaFai Wan <kafai.wan(a)linux.dev> bpf: Avoid RCU context warning when unpinning htab with internal structs Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: wcd934x: mark the GPIO controller as sleeping Gunnar Kudrjavets <gunnarku(a)amazon.com> tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single Pali Rohár <pali(a)kernel.org> cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points Esben Haabendal <esben(a)geanix.com> rtc: isl12022: Fix initial enable_irq/disable_irq balance Paulo Alcantara <pc(a)manguebit.org> smb: client: fix missing timestamp updates after utime(2) Fushuai Wang <wangfushuai(a)baidu.com> cifs: Fix copy_to_iter return value check Lorenzo Bianconi <lorenzo(a)kernel.org> net: airoha: Fix loopback mode configuration for GDM2 port Herbert Xu <herbert(a)gondor.apana.org.au> crypto: essiv - Check ssize for decryption and in-place encryption Pavel Begunkov <asml.silence(a)gmail.com> io_uring/zcrx: increment fallback loop src offset Florian Westphal <fw(a)strlen.de> selftests: netfilter: query conntrack state to check for port clash resolution Florian Westphal <fw(a)strlen.de> selftests: netfilter: nft_fib.sh: fix spurious test failures Eric Woudstra <ericwouds(a)gmail.com> bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nft_objref: validate objref and objrefmap expressions T Pratham <t-pratham(a)ti.com> crypto: skcipher - Fix reqsize handling Thomas Wismer <thomas.wismer(a)scs.ch> net: pse-pd: tps23881: Fix current measurement scaling Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix kfd process ref leaking when userptr unmapping Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Disable scaling on DCE6 for now Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Properly disable scaling on DCE6 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: Add additional DCE6 SCL registers Jason-JH Lin <jason-jh.lin(a)mediatek.com> mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() Carolina Jubran <cjubran(a)nvidia.com> net/mlx5e: Prevent tunnel reformat when tunnel mode not allowed Carolina Jubran <cjubran(a)nvidia.com> net/mlx5: Prevent tunnel mode conflicts between FDB and NIC IPsec tables Daniel Machon <daniel.machon(a)microchip.com> net: sparx5/lan969x: fix flooding configuration on bridge join/leave Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: mdio: mdio-i2c: Hold the i2c bus lock during smbus transactions Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Fix SGI cleanup on unbind Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call Vincent Minet <v.minet(a)criteo.com> perf tools: Fix arm64 libjvmti build by generating unistd_64.h Eric Dumazet <edumazet(a)google.com> tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat() Leo Yan <leo.yan(a)arm.com> perf python: split Clang options when invoking Popen Leo Yan <leo.yan(a)arm.com> tools build: Align warning options with perf Erick Karanja <karanja99erick(a)gmail.com> net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Haotian Zhang <vulab(a)iscas.ac.cn> ice: ice_adapter: release xa entry on adapter allocation failure Sidharth Seela <sidharthseela(a)gmail.com> selftest: net: ovpn: Fix uninit return values Duoming Zhou <duoming(a)zju.edu.cn> net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work Kuniyuki Iwashima <kuniyu(a)google.com> tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). Alexandr Sapozhnikov <alsp705(a)gmail.com> net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix copy-paste typo in validation Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Use-after-free in validation Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix a null-ptr access in the cursor snooper Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: Update purge function to unregister the unused subchannels Raag Jadav <raag.jadav(a)intel.com> drm/xe/i2c: Don't rely on d3cold.allowed flag in system PM path Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe/hw_engine_group: Fix double write lock release in error path Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() Bhanu Seshu Kumar Valluri <bhanuseshukumar(a)gmail.com> net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Init acpi_gbl_use_global_lock to false Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Fix build error for LTO with LLVM-18 Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Add cflag -fno-isolate-erroneous-paths-dereference Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size Ian Rogers <irogers(a)google.com> perf bpf_counter: Fix handling of cpumap fixing hybrid Sean Christopherson <seanjc(a)google.com> mshv: Handle NEED_RESCHED_LAZY before transferring to guest Daniel Lee <chullee(a)google.com> scsi: ufs: sysfs: Make HID attributes visible Ian Rogers <irogers(a)google.com> perf bpf-filter: Fix opts declaration on older libbpfs Duoming Zhou <duoming(a)zju.edu.cn> scsi: mvsas: Fix use-after-free bugs in mvs_work_queue Aaron Kling <webgeek1234(a)gmail.com> cpufreq: tegra186: Set target frequency for all cpus in policy Pin-yen Lin <treapking(a)chromium.org> PM: sleep: Do not wait on SYNC_STATE_ONLY device links Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: core: Add two macros for walking device links Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: core: Annotate loops walking device links as _srcu Feng Yang <yangfeng(a)kylinos.cn> tracing: Fix the bug where bpf_get_stackid returns -EFAULT on the ARM64 Jeff Layton <jlayton(a)kernel.org> nfsd: fix timestamp updates in CB_GETATTR Jeff Layton <jlayton(a)kernel.org> nfsd: fix SETATTR updates for delegated timestamps Jeff Layton <jlayton(a)kernel.org> nfsd: track original timestamps in nfs4_delegation Jeff Layton <jlayton(a)kernel.org> nfsd: use ATTR_CTIME_SET for delegated ctime updates Jeff Layton <jlayton(a)kernel.org> vfs: add ATTR_CTIME_SET flag Jeff Layton <jlayton(a)kernel.org> nfsd: ignore ATTR_DELEG when checking ia_valid before notify_change() Jeff Layton <jlayton(a)kernel.org> nfsd: fix assignment of ia_ctime.tv_nsec on delegated mtime update Fedor Pchelkin <pchelkin(a)ispras.ru> clk: tegra: do not overallocate memory for bpmp clocks Alok Tiwari <alok.a.tiwari(a)oracle.com> clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Brian Masney <bmasney(a)redhat.com> clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Chen-Yu Tsai <wenst(a)chromium.org> clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m Ian Rogers <irogers(a)google.com> perf build-id: Ensure snprintf string is empty when size is 0 Ian Rogers <irogers(a)google.com> perf evsel: Ensure the fallback message is always written to Ian Rogers <irogers(a)google.com> perf test: Avoid uncore_imc/clockticks in uniquification test Ian Rogers <irogers(a)google.com> perf evsel: Fix uniquification when PMU given without suffix Ian Rogers <irogers(a)google.com> perf test: Don't leak workload gopipe in PERF_RECORD_* Leo Yan <leo.yan(a)arm.com> perf session: Fix handling when buffer exceeds 2 GiB Fushuai Wang <wangfushuai(a)baidu.com> perf trace: Fix IS_ERR() vs NULL check bug Ian Rogers <irogers(a)google.com> perf test shell lbr: Avoid failures with perf event paranoia Ian Rogers <irogers(a)google.com> perf test: AMD IBS swfilt skip kernel tests if paranoia is >1 Ilkka Koskinen <ilkka(a)os.amperecomputing.com> perf vendor events arm64 AmpereOneX: Fix typo - should be l1d_cache_access_prefetches Leo Yan <leo.yan(a)arm.com> perf arm_spe: Correct memory level for remote access Leo Yan <leo.yan(a)arm.com> perf arm_spe: Correct setting remote access Clément Le Goffic <clement.legoffic(a)foss.st.com> rtc: optee: fix memory leak on driver removal Rob Herring (Arm) <robh(a)kernel.org> rtc: x1205: Fix Xicor X1205 vendor prefix Yunseong Kim <ysk(a)kzalloc.com> perf util: Fix compression checks returning -1 as bool GuoHan Zhao <zhaoguohan(a)kylinos.cn> perf drm_pmu: Fix fd_dir leaks in for_each_drm_fdinfo_in_dir() Christophe Leroy <christophe.leroy(a)csgroup.eu> perf: Completely remove possibility to override MAX_NR_CPUS Yuan CHen <chenyuan(a)kylinos.cn> clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() Brian Masney <bmasney(a)redhat.com> clk: at91: peripheral: fix return value Ian Rogers <irogers(a)google.com> perf parse-events: Handle fake PMUs in CPU terms Lukas Bulwahn <lukas.bulwahn(a)redhat.com> clk: qcom: Select the intended config in QCS_DISPCC_615 Dan Carpenter <dan.carpenter(a)linaro.org> clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() Ian Rogers <irogers(a)google.com> libperf event: Ensure tracing data is multiple of 8 sized Ian Rogers <irogers(a)google.com> perf evsel: Avoid container_of on a NULL leader Ian Rogers <irogers(a)google.com> perf test trace_btf_enum: Skip if permissions are insufficient Ian Rogers <irogers(a)google.com> perf disasm: Avoid undefined behavior in incrementing NULL Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: r9a08g045: Add MSTOP for GPIO Michal Wilczynski <m.wilczynski(a)samsung.com> clk: thead: Correct parent for DPU pixel clocks Icenowy Zheng <uwu(a)icenowy.me> clk: thead: th1520-ap: fix parent of padctrl0 clock Icenowy Zheng <uwu(a)icenowy.me> clk: thead: th1520-ap: describe gate clocks with clk_gate Arnd Bergmann <arnd(a)arndb.de> clk: npcm: select CONFIG_AUXILIARY_BUS Varad Gautam <varadgautam(a)google.com> asm-generic/io.h: Skip trace helpers if rwmmio events are disabled Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE Sean Christopherson <seanjc(a)google.com> KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 Hou Wenlong <houwenlong.hwl(a)antgroup.com> KVM: x86: Add helper to retrieve current value of user return MSR Olga Kornievskaia <okorniev(a)redhat.com> nfsd: unregister with rpcbind when deleting a transport Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency Petr Tesarik <ptesarik(a)suse.com> dma-mapping: fix direction in dma_alloc direction traces Brian Norris <briannorris(a)chromium.org> PM: runtime: Update kerneldoc return codes Toke Høiland-Jørgensen <toke(a)redhat.com> page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches Shakeel Butt <shakeel.butt(a)linux.dev> memcg: skip cgroup_file_notify if spinning is not allowed Zhen Ni <zhen.ni(a)easystack.cn> clocksource/drivers/clps711x: Fix resource leaks in error paths Christian Brauner <brauner(a)kernel.org> listmount: don't call path_put() under namespace semaphore Christian Brauner <brauner(a)kernel.org> statmount: don't call path_put() under namespace semaphore Thomas Gleixner <tglx(a)linutronix.de> rseq: Protect event mask against membarrier IPI Omar Sandoval <osandov(a)fb.com> arm64: map [_text, _stext) virtual address range non-executable+read-only Qu Wenruo <wqu(a)suse.com> btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() Aleksa Sarai <cyphar(a)cyphar.com> fscontext: do not consume log entries when returning -EMSGSIZE Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> fs: always return zero on success from replace_fd() ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 3 + .../bindings/phy/rockchip-inno-csi-dphy.yaml | 15 +- Makefile | 4 +- arch/arm/mach-omap2/am33xx-restart.c | 36 ++ arch/arm/mach-omap2/pm33xx-core.c | 6 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 + arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 + arch/arm64/boot/dts/qcom/qcs615.dtsi | 6 + arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 +- arch/arm64/boot/dts/qcom/x1e80100-pmics.dtsi | 2 + arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 2 +- arch/arm64/boot/dts/ti/k3-am62p5.dtsi | 2 +- arch/arm64/include/asm/ftrace.h | 1 + arch/arm64/kernel/cpufeature.c | 10 +- arch/arm64/kernel/mte.c | 2 +- arch/arm64/kernel/pi/map_kernel.c | 6 + arch/arm64/kernel/probes/kprobes.c | 12 + arch/arm64/kernel/setup.c | 4 +- arch/arm64/kvm/hyp/nvhe/mem_protect.c | 9 +- arch/arm64/kvm/mmu.c | 9 +- arch/arm64/mm/init.c | 2 +- arch/arm64/mm/mmu.c | 14 +- arch/loongarch/Makefile | 4 +- arch/loongarch/kernel/setup.c | 1 + arch/parisc/include/uapi/asm/ioctls.h | 8 +- arch/parisc/lib/memcpy.c | 1 - arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- arch/powerpc/platforms/pseries/msi.c | 2 +- arch/riscv/include/asm/pgtable.h | 11 + arch/s390/Makefile | 1 + arch/s390/include/asm/pgtable.h | 22 + arch/s390/kernel/vmlinux.lds.S | 54 +-- arch/s390/mm/gmap_helpers.c | 12 +- arch/s390/mm/pgtable.c | 23 +- arch/sparc/kernel/of_device_32.c | 1 + arch/sparc/kernel/of_device_64.c | 1 + arch/sparc/mm/hugetlbpage.c | 20 + arch/x86/entry/entry_64_fred.S | 2 +- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/include/asm/msr-index.h | 1 + arch/x86/kernel/kvm.c | 21 +- arch/x86/kernel/umip.c | 15 +- arch/x86/kvm/pmu.c | 5 + arch/x86/kvm/svm/pmu.c | 1 + arch/x86/kvm/svm/sev.c | 10 + arch/x86/kvm/svm/svm.c | 25 +- arch/x86/kvm/svm/svm.h | 2 + arch/x86/kvm/vmx/tdx.c | 10 +- arch/x86/kvm/x86.c | 8 + arch/xtensa/platforms/iss/simdisk.c | 6 +- block/blk-crypto-fallback.c | 3 + crypto/essiv.c | 14 +- crypto/skcipher.c | 2 + drivers/acpi/acpi_dbg.c | 26 +- drivers/acpi/acpi_tad.c | 3 + drivers/acpi/acpica/acdebug.h | 2 +- drivers/acpi/acpica/evglock.c | 4 + drivers/acpi/battery.c | 43 +- drivers/acpi/property.c | 139 +++--- drivers/base/base.h | 9 + drivers/base/core.c | 2 +- drivers/base/power/main.c | 24 +- drivers/base/power/runtime.c | 3 +- drivers/block/loop.c | 8 +- drivers/bus/mhi/ep/main.c | 37 +- drivers/bus/mhi/host/init.c | 5 +- drivers/cdx/cdx_msi.c | 1 + drivers/char/ipmi/ipmi_kcs_sm.c | 16 +- drivers/char/ipmi/ipmi_msghandler.c | 490 ++++++++++----------- drivers/char/tpm/tpm_tis_core.c | 4 +- drivers/clk/Kconfig | 1 + drivers/clk/at91/clk-peripheral.c | 7 +- drivers/clk/mediatek/clk-mt8195-infra_ao.c | 2 +- drivers/clk/mediatek/clk-mux.c | 4 +- drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 +- drivers/clk/qcom/Kconfig | 2 +- drivers/clk/qcom/common.c | 4 +- drivers/clk/qcom/tcsrcc-x1e80100.c | 4 + drivers/clk/renesas/r9a08g045-cpg.c | 3 +- drivers/clk/renesas/renesas-cpg-mssr.c | 7 +- drivers/clk/samsung/clk-exynos990.c | 52 ++- drivers/clk/tegra/clk-bpmp.c | 2 +- drivers/clk/thead/clk-th1520-ap.c | 390 ++++++++-------- drivers/clocksource/clps711x-timer.c | 23 +- drivers/cpufreq/cppc_cpufreq.c | 14 +- drivers/cpufreq/cpufreq-dt.c | 2 +- drivers/cpufreq/imx6q-cpufreq.c | 2 +- drivers/cpufreq/intel_pstate.c | 8 +- drivers/cpufreq/mediatek-cpufreq-hw.c | 2 +- drivers/cpufreq/rcpufreq_dt.rs | 2 +- drivers/cpufreq/scmi-cpufreq.c | 2 +- drivers/cpufreq/scpi-cpufreq.c | 2 +- drivers/cpufreq/spear-cpufreq.c | 2 +- drivers/cpufreq/tegra186-cpufreq.c | 8 +- drivers/crypto/aspeed/aspeed-hace-crypto.c | 2 +- drivers/crypto/atmel-tdes.c | 2 +- drivers/crypto/rockchip/rk3288_crypto_ahash.c | 2 +- drivers/firmware/arm_scmi/quirks.c | 15 +- drivers/firmware/meson/meson_sm.c | 7 +- drivers/firmware/samsung/exynos-acpm-pmic.c | 25 +- drivers/gpio/gpio-mpfs.c | 2 +- drivers/gpio/gpio-wcd934x.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 9 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 4 + drivers/gpu/drm/amd/display/dc/dce/dce_transform.c | 21 +- drivers/gpu/drm/amd/display/dc/dce/dce_transform.h | 4 + .../gpu/drm/amd/display/dc/dml/dcn31/dcn31_fpu.c | 4 + .../gpu/drm/amd/display/dc/dml/dcn35/dcn35_fpu.c | 6 +- .../gpu/drm/amd/display/dc/dml/dcn351/dcn351_fpu.c | 4 +- .../amd/display/dc/resource/dce60/dce60_resource.c | 4 +- .../amd/display/dc/resource/dcn35/dcn35_resource.c | 16 +- .../display/dc/resource/dcn351/dcn351_resource.c | 17 +- .../amd/display/dc/resource/dcn36/dcn36_resource.c | 16 +- drivers/gpu/drm/amd/display/dc/sspl/dc_spl.c | 10 +- .../gpu/drm/amd/include/asic_reg/dce/dce_6_0_d.h | 7 + .../drm/amd/include/asic_reg/dce/dce_6_0_sh_mask.h | 2 + drivers/gpu/drm/exynos/exynos7_drm_decon.c | 36 -- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 28 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.h | 6 + drivers/gpu/drm/nouveau/nouveau_bo.c | 2 +- drivers/gpu/drm/panthor/panthor_drv.c | 11 +- drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c | 5 +- .../gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 8 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 17 +- drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 6 +- drivers/gpu/drm/xe/xe_hw_engine_group.c | 6 +- drivers/gpu/drm/xe/xe_pm.c | 2 +- drivers/gpu/drm/xe/xe_query.c | 15 +- drivers/hv/mshv_common.c | 2 +- drivers/hv/mshv_root_main.c | 3 +- drivers/i3c/master.c | 2 +- drivers/iio/adc/pac1934.c | 20 +- drivers/iio/adc/xilinx-ams.c | 47 +- drivers/iio/dac/ad5360.c | 2 +- drivers/iio/dac/ad5421.c | 2 +- drivers/iio/frequency/adf4350.c | 20 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 39 +- drivers/iommu/intel/iommu.c | 2 +- drivers/irqchip/irq-sifive-plic.c | 6 +- drivers/mailbox/mtk-cmdq-mailbox.c | 12 +- drivers/mailbox/zynqmp-ipi-mailbox.c | 24 +- drivers/md/md-linear.c | 1 + drivers/md/raid0.c | 4 + drivers/md/raid1.c | 4 + drivers/md/raid10.c | 8 + drivers/md/raid5.c | 2 + .../media/cec/usb/extron-da-hd-4k-plus/Makefile | 6 - drivers/media/i2c/mt9p031.c | 4 +- drivers/media/i2c/mt9v111.c | 2 +- drivers/media/mc/mc-devnode.c | 6 +- drivers/media/mc/mc-entity.c | 2 +- drivers/media/pci/cx18/cx18-queue.c | 13 +- drivers/media/pci/ivtv/ivtv-irq.c | 2 +- drivers/media/pci/ivtv/ivtv-yuv.c | 8 +- drivers/media/pci/mgb4/mgb4_trigger.c | 2 +- .../media/platform/mediatek/mdp3/mtk-mdp3-comp.c | 3 + drivers/media/platform/qcom/iris/iris_buffer.c | 31 +- drivers/media/platform/qcom/iris/iris_buffer.h | 1 + drivers/media/platform/qcom/iris/iris_core.c | 10 +- drivers/media/platform/qcom/iris/iris_firmware.c | 15 +- .../platform/qcom/iris/iris_hfi_gen1_command.c | 45 +- .../platform/qcom/iris/iris_hfi_gen1_response.c | 4 +- .../platform/qcom/iris/iris_hfi_gen2_response.c | 5 +- drivers/media/platform/qcom/iris/iris_state.c | 5 +- drivers/media/platform/qcom/iris/iris_state.h | 1 + drivers/media/platform/qcom/iris/iris_vb2.c | 8 +- drivers/media/platform/qcom/iris/iris_vdec.c | 2 +- drivers/media/platform/qcom/iris/iris_vidc.c | 1 + drivers/media/platform/qcom/iris/iris_vpu3x.c | 32 +- drivers/media/platform/qcom/iris/iris_vpu_common.c | 2 +- drivers/media/platform/qcom/venus/firmware.c | 8 +- drivers/media/platform/qcom/venus/pm_helpers.c | 9 +- drivers/media/platform/renesas/vsp1/vsp1_vspx.c | 1 + .../platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c | 35 +- .../media/platform/ti/j721e-csi2rx/j721e-csi2rx.c | 9 +- drivers/media/rc/lirc_dev.c | 9 +- drivers/media/test-drivers/vivid/vivid-cec.c | 12 +- drivers/media/usb/uvc/uvc_ctrl.c | 3 +- drivers/memory/samsung/exynos-srom.c | 10 +- drivers/memory/stm32_omm.c | 2 +- drivers/mmc/core/sdio.c | 6 +- drivers/mmc/host/mmc_spi.c | 2 +- drivers/mtd/nand/raw/fsmc_nand.c | 6 +- drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c | 14 +- drivers/net/ethernet/airoha/airoha_eth.c | 4 +- drivers/net/ethernet/airoha/airoha_regs.h | 3 + drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 + drivers/net/ethernet/intel/ice/ice_adapter.c | 10 +- drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 +- .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 38 +- .../ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 2 +- .../mellanox/mlx5/core/en_accel/ipsec_fs.c | 32 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | 5 +- .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 18 +- .../net/ethernet/microchip/sparx5/sparx5_main.c | 5 + .../ethernet/microchip/sparx5/sparx5_switchdev.c | 12 + .../net/ethernet/microchip/sparx5/sparx5_vlan.c | 10 - drivers/net/ethernet/mscc/ocelot_stats.c | 2 +- drivers/net/mdio/mdio-i2c.c | 39 +- drivers/net/pse-pd/tps23881.c | 2 +- drivers/net/usb/lan78xx.c | 11 +- drivers/net/wireless/ath/ath11k/core.c | 6 +- drivers/net/wireless/ath/ath11k/hal.c | 16 + drivers/net/wireless/ath/ath11k/hal.h | 1 + drivers/net/wireless/intel/iwlwifi/mld/debugfs.c | 6 +- drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 3 + drivers/net/wireless/mediatek/mt76/mt7925/usb.c | 3 + drivers/net/wireless/realtek/rtw89/core.c | 39 +- drivers/net/wireless/realtek/rtw89/core.h | 3 +- drivers/net/wireless/realtek/rtw89/pci.c | 2 - drivers/nvme/host/pci.c | 2 + drivers/of/unittest.c | 1 + drivers/pci/bus.c | 14 +- drivers/pci/controller/cadence/pci-j721e.c | 26 ++ drivers/pci/controller/dwc/pci-keystone.c | 4 +- drivers/pci/controller/dwc/pcie-rcar-gen4.c | 2 +- drivers/pci/controller/dwc/pcie-tegra194.c | 32 +- drivers/pci/controller/pci-tegra.c | 27 +- drivers/pci/controller/pcie-rcar-host.c | 40 +- drivers/pci/controller/pcie-xilinx-nwl.c | 7 +- drivers/pci/iov.c | 5 + drivers/pci/pci-driver.c | 1 + drivers/pci/pci-sysfs.c | 20 +- drivers/pci/pcie/aer.c | 12 +- drivers/pci/pcie/err.c | 8 +- drivers/pci/probe.c | 19 +- drivers/pci/remove.c | 2 + drivers/pci/setup-bus.c | 37 +- drivers/perf/arm-cmn.c | 9 +- drivers/pinctrl/samsung/pinctrl-samsung.h | 4 - drivers/power/supply/max77976_charger.c | 12 +- drivers/pwm/core.c | 2 +- drivers/pwm/pwm-berlin.c | 4 +- drivers/rtc/interface.c | 27 ++ drivers/rtc/rtc-isl12022.c | 1 + drivers/rtc/rtc-optee.c | 1 + drivers/rtc/rtc-x1205.c | 2 +- drivers/s390/block/dasd.c | 17 +- drivers/s390/cio/device.c | 37 +- drivers/s390/cio/ioasm.c | 7 +- drivers/scsi/hpsa.c | 21 +- drivers/scsi/mvsas/mv_init.c | 2 +- drivers/scsi/sd.c | 50 ++- drivers/spi/spi-cadence-quadspi.c | 18 +- drivers/staging/media/ipu7/ipu7-isys-video.c | 1 + drivers/ufs/core/ufs-sysfs.c | 2 +- drivers/ufs/core/ufs-sysfs.h | 1 + drivers/ufs/core/ufshcd.c | 2 + drivers/video/fbdev/core/fb_cmdline.c | 2 +- drivers/xen/events/events_base.c | 37 +- drivers/xen/manage.c | 14 +- fs/attr.c | 44 +- fs/btrfs/export.c | 8 +- fs/btrfs/extent_io.c | 14 +- fs/cramfs/inode.c | 11 +- fs/eventpoll.c | 139 ++---- fs/ext4/ext4.h | 2 + fs/ext4/fsmap.c | 14 +- fs/ext4/indirect.c | 2 +- fs/ext4/inode.c | 45 +- fs/ext4/move_extent.c | 2 +- fs/ext4/orphan.c | 17 +- fs/ext4/super.c | 26 +- fs/ext4/xattr.c | 19 +- fs/file.c | 5 +- fs/fs-writeback.c | 32 +- fs/fsopen.c | 70 +-- fs/fuse/dev.c | 2 +- fs/fuse/file.c | 8 +- fs/iomap/buffered-io.c | 15 +- fs/iomap/direct-io.c | 3 + fs/minix/inode.c | 8 +- fs/namei.c | 8 + fs/namespace.c | 110 +++-- fs/nfsd/export.c | 82 ++-- fs/nfsd/export.h | 3 + fs/nfsd/lockd.c | 15 + fs/nfsd/nfs4proc.c | 33 +- fs/nfsd/nfs4state.c | 44 +- fs/nfsd/nfs4xdr.c | 5 +- fs/nfsd/nfsfh.c | 24 +- fs/nfsd/state.h | 8 + fs/nfsd/vfs.c | 2 +- fs/nsfs.c | 4 +- fs/ntfs3/bitmap.c | 1 + fs/pidfs.c | 2 +- fs/quota/dquot.c | 10 +- fs/read_write.c | 14 +- fs/smb/client/dir.c | 1 + fs/smb/client/smb1ops.c | 62 ++- fs/smb/client/smb2inode.c | 22 +- fs/smb/client/smb2ops.c | 10 +- fs/squashfs/inode.c | 24 +- fs/xfs/scrub/reap.c | 9 +- include/acpi/acpixf.h | 6 + include/asm-generic/io.h | 98 +++-- include/asm-generic/vmlinux.lds.h | 2 +- include/linux/cpufreq.h | 3 + include/linux/fs.h | 15 + include/linux/iio/frequency/adf4350.h | 2 +- include/linux/ksm.h | 8 +- include/linux/memcontrol.h | 26 +- include/linux/mm.h | 22 +- include/linux/pm_runtime.h | 56 +-- include/linux/rseq.h | 11 +- include/linux/sunrpc/svc_xprt.h | 3 + include/media/v4l2-subdev.h | 30 +- include/trace/events/dma.h | 1 + init/main.c | 12 + io_uring/zcrx.c | 1 + kernel/bpf/inode.c | 4 +- kernel/fork.c | 2 +- kernel/kexec_handover.c | 2 +- kernel/padata.c | 6 +- kernel/pid.c | 5 +- kernel/power/energy_model.c | 11 +- kernel/power/hibernate.c | 6 + kernel/rseq.c | 10 +- kernel/sched/deadline.c | 73 ++- kernel/sys.c | 22 +- lib/genalloc.c | 5 +- mm/damon/lru_sort.c | 2 +- mm/damon/vaddr.c | 8 +- mm/huge_memory.c | 15 +- mm/hugetlb.c | 3 + mm/memcontrol.c | 7 +- mm/migrate.c | 23 +- mm/page_alloc.c | 2 +- mm/slab.h | 8 +- mm/slub.c | 3 +- mm/util.c | 3 +- net/bridge/br_vlan.c | 2 +- net/core/filter.c | 2 + net/core/page_pool.c | 76 +++- net/ipv4/tcp.c | 5 +- net/ipv4/tcp_input.c | 1 - net/mptcp/ctrl.c | 2 +- net/mptcp/pm.c | 7 +- net/mptcp/pm_kernel.c | 50 ++- net/mptcp/protocol.h | 8 + net/netfilter/nft_objref.c | 39 ++ net/sctp/sm_make_chunk.c | 3 +- net/sctp/sm_statefuns.c | 6 +- net/sunrpc/svc_xprt.c | 13 + net/sunrpc/svcsock.c | 2 + net/xdp/xsk_queue.h | 45 +- rust/kernel/cpufreq.rs | 7 +- scripts/Makefile.vmlinux | 51 ++- scripts/mksysmap | 3 + security/keys/trusted-keys/trusted_tpm1.c | 7 +- sound/soc/sof/intel/hda-pcm.c | 29 +- sound/soc/sof/intel/hda-stream.c | 29 +- sound/soc/sof/ipc4-topology.c | 9 +- sound/soc/sof/ipc4-topology.h | 7 +- tools/build/feature/Makefile | 4 +- tools/lib/perf/include/perf/event.h | 1 + tools/perf/Makefile.perf | 2 +- tools/perf/builtin-trace.c | 4 +- tools/perf/perf.h | 2 - .../arch/arm64/ampere/ampereonex/metrics.json | 10 +- tools/perf/tests/perf-record.c | 4 + tools/perf/tests/shell/amd-ibs-swfilt.sh | 51 ++- tools/perf/tests/shell/record_lbr.sh | 26 +- tools/perf/tests/shell/stat+event_uniquifying.sh | 113 +++-- tools/perf/tests/shell/trace_btf_enum.sh | 11 + tools/perf/util/arm-spe.c | 6 +- tools/perf/util/bpf-filter.c | 8 + tools/perf/util/bpf_counter.c | 26 +- tools/perf/util/bpf_counter_cgroup.c | 3 +- tools/perf/util/bpf_skel/kwork_top.bpf.c | 2 - tools/perf/util/build-id.c | 7 + tools/perf/util/disasm.c | 7 +- tools/perf/util/drm_pmu.c | 4 +- tools/perf/util/evsel.c | 44 +- tools/perf/util/lzma.c | 2 +- tools/perf/util/parse-events.c | 116 ++--- tools/perf/util/session.c | 2 +- tools/perf/util/setup.py | 5 +- tools/perf/util/zlib.c | 2 +- tools/power/acpi/tools/acpidump/apfiles.c | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 11 + .../selftests/net/netfilter/nf_nat_edemux.sh | 58 ++- tools/testing/selftests/net/netfilter/nft_fib.sh | 13 +- tools/testing/selftests/net/ovpn/ovpn-cli.c | 2 + tools/testing/selftests/rseq/rseq.c | 8 +- 385 files changed, 3704 insertions(+), 2240 deletions(-)

1 week

16
388
0 0

FAILED: patch "[PATCH] pwm: berlin: Fix wrong register in suspend/resume" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 3a4b9d027e4061766f618292df91760ea64a1fcc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101613-nullify-embolism-0853@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3a4b9d027e4061766f618292df91760ea64a1fcc Mon Sep 17 00:00:00 2001 From: Jisheng Zhang <jszhang(a)kernel.org> Date: Tue, 19 Aug 2025 19:42:24 +0800 Subject: [PATCH] pwm: berlin: Fix wrong register in suspend/resume MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The 'enable' register should be BERLIN_PWM_EN rather than BERLIN_PWM_ENABLE, otherwise, the driver accesses wrong address, there will be cpu exception then kernel panic during suspend/resume. Fixes: bbf0722c1c66 ("pwm: berlin: Add suspend/resume support") Signed-off-by: Jisheng Zhang <jszhang(a)kernel.org> Link: https://lore.kernel.org/r/20250819114224.31825-1-jszhang@kernel.org Cc: stable(a)vger.kernel.org Signed-off-by: Uwe Kleine-König <ukleinek(a)kernel.org> diff --git a/drivers/pwm/pwm-berlin.c b/drivers/pwm/pwm-berlin.c index 831aed228caf..858d36991374 100644 --- a/drivers/pwm/pwm-berlin.c +++ b/drivers/pwm/pwm-berlin.c @@ -234,7 +234,7 @@ static int berlin_pwm_suspend(struct device *dev) for (i = 0; i < chip->npwm; i++) { struct berlin_pwm_channel *channel = &bpc->channel[i]; - channel->enable = berlin_pwm_readl(bpc, i, BERLIN_PWM_ENABLE); + channel->enable = berlin_pwm_readl(bpc, i, BERLIN_PWM_EN); channel->ctrl = berlin_pwm_readl(bpc, i, BERLIN_PWM_CONTROL); channel->duty = berlin_pwm_readl(bpc, i, BERLIN_PWM_DUTY); channel->tcnt = berlin_pwm_readl(bpc, i, BERLIN_PWM_TCNT); @@ -262,7 +262,7 @@ static int berlin_pwm_resume(struct device *dev) berlin_pwm_writel(bpc, i, channel->ctrl, BERLIN_PWM_CONTROL); berlin_pwm_writel(bpc, i, channel->duty, BERLIN_PWM_DUTY); berlin_pwm_writel(bpc, i, channel->tcnt, BERLIN_PWM_TCNT); - berlin_pwm_writel(bpc, i, channel->enable, BERLIN_PWM_ENABLE); + berlin_pwm_writel(bpc, i, channel->enable, BERLIN_PWM_EN); } return 0;

1 week

2
1
0 0

FAILED: patch "[PATCH] drm/xe: Move rebar to be done earlier" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x d30203739be798d3de5c84db3060e96f00c54e82 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102056-repent-designate-4c6c@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d30203739be798d3de5c84db3060e96f00c54e82 Mon Sep 17 00:00:00 2001 From: Lucas De Marchi <lucas.demarchi(a)intel.com> Date: Thu, 18 Sep 2025 13:58:57 -0700 Subject: [PATCH] drm/xe: Move rebar to be done earlier MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There may be cases in which the BAR0 also needs to move to accommodate the bigger BAR2. However if it's not released, the BAR2 resize fails. During the vram probe it can't be released as it's already in use by xe_mmio for early register access. Add a new function in xe_vram and let xe_pci call it directly before even early device probe. This allows the BAR2 to resize in cases BAR0 also needs to move, assuming there aren't other reasons to hold that move: [] xe 0000:03:00.0: vgaarb: deactivate vga console [] xe 0000:03:00.0: [drm] Attempting to resize bar from 8192MiB -> 16384MiB [] xe 0000:03:00.0: BAR 0 [mem 0x83000000-0x83ffffff 64bit]: releasing [] xe 0000:03:00.0: BAR 2 [mem 0x4000000000-0x41ffffffff 64bit pref]: releasing [] pcieport 0000:02:01.0: bridge window [mem 0x4000000000-0x41ffffffff 64bit pref]: releasing [] pcieport 0000:01:00.0: bridge window [mem 0x4000000000-0x41ffffffff 64bit pref]: releasing [] pcieport 0000:01:00.0: bridge window [mem 0x4000000000-0x43ffffffff 64bit pref]: assigned [] pcieport 0000:02:01.0: bridge window [mem 0x4000000000-0x43ffffffff 64bit pref]: assigned [] xe 0000:03:00.0: BAR 2 [mem 0x4000000000-0x43ffffffff 64bit pref]: assigned [] xe 0000:03:00.0: BAR 0 [mem 0x83000000-0x83ffffff 64bit]: assigned [] pcieport 0000:00:01.0: PCI bridge to [bus 01-04] [] pcieport 0000:00:01.0: bridge window [mem 0x83000000-0x840fffff] [] pcieport 0000:00:01.0: bridge window [mem 0x4000000000-0x44007fffff 64bit pref] [] pcieport 0000:01:00.0: PCI bridge to [bus 02-04] [] pcieport 0000:01:00.0: bridge window [mem 0x83000000-0x840fffff] [] pcieport 0000:01:00.0: bridge window [mem 0x4000000000-0x43ffffffff 64bit pref] [] pcieport 0000:02:01.0: PCI bridge to [bus 03] [] pcieport 0000:02:01.0: bridge window [mem 0x83000000-0x83ffffff] [] pcieport 0000:02:01.0: bridge window [mem 0x4000000000-0x43ffffffff 64bit pref] [] xe 0000:03:00.0: [drm] BAR2 resized to 16384M [] xe 0000:03:00.0: [drm:xe_pci_probe [xe]] BATTLEMAGE e221:0000 dgfx:1 gfx:Xe2_HPG (20.02) ... For BMG there are additional fix needed in the PCI side, but this helps getting it to a working resize. All the rebar logic is more pci-specific than xe-specific and can be done very early in the probe sequence. In future it would be good to move it out of xe_vram.c, but this refactor is left for later. Cc: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Cc: stable(a)vger.kernel.org # 6.12+ Link: https://lore.kernel.org/intel-xe/fafda2a3-fc63-ce97-d22b-803f771a4d19@linux… Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Link: https://lore.kernel.org/r/20250918-xe-pci-rebar-2-v1-2-6c094702a074@intel.c… Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> (cherry picked from commit 45e33f220fd625492c11e15733d8e9b4f9db82a4) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_pci.c b/drivers/gpu/drm/xe/xe_pci.c index be91343829dd..9a6df79fc5b6 100644 --- a/drivers/gpu/drm/xe/xe_pci.c +++ b/drivers/gpu/drm/xe/xe_pci.c @@ -867,6 +867,8 @@ static int xe_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) if (err) return err; + xe_vram_resize_bar(xe); + err = xe_device_probe_early(xe); /* * In Boot Survivability mode, no drm card is exposed and driver diff --git a/drivers/gpu/drm/xe/xe_vram.c b/drivers/gpu/drm/xe/xe_vram.c index b44ebf50fedb..652df7a5f4f6 100644 --- a/drivers/gpu/drm/xe/xe_vram.c +++ b/drivers/gpu/drm/xe/xe_vram.c @@ -26,15 +26,35 @@ #define BAR_SIZE_SHIFT 20 -static void -_resize_bar(struct xe_device *xe, int resno, resource_size_t size) +/* + * Release all the BARs that could influence/block LMEMBAR resizing, i.e. + * assigned IORESOURCE_MEM_64 BARs + */ +static void release_bars(struct pci_dev *pdev) +{ + struct resource *res; + int i; + + pci_dev_for_each_resource(pdev, res, i) { + /* Resource already un-assigned, do not reset it */ + if (!res->parent) + continue; + + /* No need to release unrelated BARs */ + if (!(res->flags & IORESOURCE_MEM_64)) + continue; + + pci_release_resource(pdev, i); + } +} + +static void resize_bar(struct xe_device *xe, int resno, resource_size_t size) { struct pci_dev *pdev = to_pci_dev(xe->drm.dev); int bar_size = pci_rebar_bytes_to_size(size); int ret; - if (pci_resource_len(pdev, resno)) - pci_release_resource(pdev, resno); + release_bars(pdev); ret = pci_resize_resource(pdev, resno, bar_size); if (ret) { @@ -50,7 +70,7 @@ _resize_bar(struct xe_device *xe, int resno, resource_size_t size) * if force_vram_bar_size is set, attempt to set to the requested size * else set to maximum possible size */ -static void resize_vram_bar(struct xe_device *xe) +void xe_vram_resize_bar(struct xe_device *xe) { int force_vram_bar_size = xe_modparam.force_vram_bar_size; struct pci_dev *pdev = to_pci_dev(xe->drm.dev); @@ -119,7 +139,7 @@ static void resize_vram_bar(struct xe_device *xe) pci_read_config_dword(pdev, PCI_COMMAND, &pci_cmd); pci_write_config_dword(pdev, PCI_COMMAND, pci_cmd & ~PCI_COMMAND_MEMORY); - _resize_bar(xe, LMEM_BAR, rebar_size); + resize_bar(xe, LMEM_BAR, rebar_size); pci_assign_unassigned_bus_resources(pdev->bus); pci_write_config_dword(pdev, PCI_COMMAND, pci_cmd); @@ -148,8 +168,6 @@ static int determine_lmem_bar_size(struct xe_device *xe, struct xe_vram_region * return -ENXIO; } - resize_vram_bar(xe); - lmem_bar->io_start = pci_resource_start(pdev, LMEM_BAR); lmem_bar->io_size = pci_resource_len(pdev, LMEM_BAR); if (!lmem_bar->io_size) diff --git a/drivers/gpu/drm/xe/xe_vram.h b/drivers/gpu/drm/xe/xe_vram.h index 72860f714fc6..13505cfb184d 100644 --- a/drivers/gpu/drm/xe/xe_vram.h +++ b/drivers/gpu/drm/xe/xe_vram.h @@ -11,6 +11,7 @@ struct xe_device; struct xe_vram_region; +void xe_vram_resize_bar(struct xe_device *xe); int xe_vram_probe(struct xe_device *xe); struct xe_vram_region *xe_vram_region_alloc(struct xe_device *xe, u8 id, u32 placement);

1 week

1
0
0 0

FAILED: patch "[PATCH] drm/xe: Don't allow evicting of BOs in same VM in array of VM" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 7ac74613e5f2ef3450f44fd2127198662c2563a9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102049-poet-heavily-4fc1@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7ac74613e5f2ef3450f44fd2127198662c2563a9 Mon Sep 17 00:00:00 2001 From: Matthew Brost <matthew.brost(a)intel.com> Date: Thu, 9 Oct 2025 04:06:18 -0700 Subject: [PATCH] drm/xe: Don't allow evicting of BOs in same VM in array of VM binds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit An array of VM binds can potentially evict other buffer objects (BOs) within the same VM under certain conditions, which may lead to NULL pointer dereferences later in the bind pipeline. To prevent this, clear the allow_res_evict flag in the xe_bo_validate call. v2: - Invert polarity of no_res_evict (Thomas) - Add comment in code explaining issue (Thomas) Cc: stable(a)vger.kernel.org Reported-by: Paulo Zanoni <paulo.r.zanoni(a)intel.com> Closes: https://gitlab.freedesktop.org/drm/xe/kernel/-/issues/6268 Fixes: 774b5fa509a9 ("drm/xe: Avoid evicting object of the same vm in none fault mode") Fixes: 77f2ef3f16f5 ("drm/xe: Lock all gpuva ops during VM bind IOCTL") Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> Tested-by: Paulo Zanoni <paulo.r.zanoni(a)intel.com> Reviewed-by: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Link: https://lore.kernel.org/r/20251009110618.3481870-1-matthew.brost@intel.com (cherry picked from commit 8b9ba8d6d95fe75fed6b0480bb03da4b321bea08) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_vm.c b/drivers/gpu/drm/xe/xe_vm.c index 027e6ce648c5..f602b874e054 100644 --- a/drivers/gpu/drm/xe/xe_vm.c +++ b/drivers/gpu/drm/xe/xe_vm.c @@ -2832,7 +2832,7 @@ static void vm_bind_ioctl_ops_unwind(struct xe_vm *vm, } static int vma_lock_and_validate(struct drm_exec *exec, struct xe_vma *vma, - bool validate) + bool res_evict, bool validate) { struct xe_bo *bo = xe_vma_bo(vma); struct xe_vm *vm = xe_vma_vm(vma); @@ -2843,7 +2843,8 @@ static int vma_lock_and_validate(struct drm_exec *exec, struct xe_vma *vma, err = drm_exec_lock_obj(exec, &bo->ttm.base); if (!err && validate) err = xe_bo_validate(bo, vm, - !xe_vm_in_preempt_fence_mode(vm), exec); + !xe_vm_in_preempt_fence_mode(vm) && + res_evict, exec); } return err; @@ -2913,14 +2914,23 @@ static int prefetch_ranges(struct xe_vm *vm, struct xe_vma_op *op) } static int op_lock_and_prep(struct drm_exec *exec, struct xe_vm *vm, - struct xe_vma_op *op) + struct xe_vma_ops *vops, struct xe_vma_op *op) { int err = 0; + bool res_evict; + + /* + * We only allow evicting a BO within the VM if it is not part of an + * array of binds, as an array of binds can evict another BO within the + * bind. + */ + res_evict = !(vops->flags & XE_VMA_OPS_ARRAY_OF_BINDS); switch (op->base.op) { case DRM_GPUVA_OP_MAP: if (!op->map.invalidate_on_bind) err = vma_lock_and_validate(exec, op->map.vma, + res_evict, !xe_vm_in_fault_mode(vm) || op->map.immediate); break; @@ -2931,11 +2941,13 @@ static int op_lock_and_prep(struct drm_exec *exec, struct xe_vm *vm, err = vma_lock_and_validate(exec, gpuva_to_vma(op->base.remap.unmap->va), - false); + res_evict, false); if (!err && op->remap.prev) - err = vma_lock_and_validate(exec, op->remap.prev, true); + err = vma_lock_and_validate(exec, op->remap.prev, + res_evict, true); if (!err && op->remap.next) - err = vma_lock_and_validate(exec, op->remap.next, true); + err = vma_lock_and_validate(exec, op->remap.next, + res_evict, true); break; case DRM_GPUVA_OP_UNMAP: err = check_ufence(gpuva_to_vma(op->base.unmap.va)); @@ -2944,7 +2956,7 @@ static int op_lock_and_prep(struct drm_exec *exec, struct xe_vm *vm, err = vma_lock_and_validate(exec, gpuva_to_vma(op->base.unmap.va), - false); + res_evict, false); break; case DRM_GPUVA_OP_PREFETCH: { @@ -2959,7 +2971,7 @@ static int op_lock_and_prep(struct drm_exec *exec, struct xe_vm *vm, err = vma_lock_and_validate(exec, gpuva_to_vma(op->base.prefetch.va), - false); + res_evict, false); if (!err && !xe_vma_has_no_bo(vma)) err = xe_bo_migrate(xe_vma_bo(vma), region_to_mem_type[region], @@ -3005,7 +3017,7 @@ static int vm_bind_ioctl_ops_lock_and_prep(struct drm_exec *exec, return err; list_for_each_entry(op, &vops->list, link) { - err = op_lock_and_prep(exec, vm, op); + err = op_lock_and_prep(exec, vm, vops, op); if (err) return err; } @@ -3638,6 +3650,8 @@ int xe_vm_bind_ioctl(struct drm_device *dev, void *data, struct drm_file *file) } xe_vma_ops_init(&vops, vm, q, syncs, num_syncs); + if (args->num_binds > 1) + vops.flags |= XE_VMA_OPS_ARRAY_OF_BINDS; for (i = 0; i < args->num_binds; ++i) { u64 range = bind_ops[i].range; u64 addr = bind_ops[i].addr; diff --git a/drivers/gpu/drm/xe/xe_vm_types.h b/drivers/gpu/drm/xe/xe_vm_types.h index da39940501d8..413353e1c225 100644 --- a/drivers/gpu/drm/xe/xe_vm_types.h +++ b/drivers/gpu/drm/xe/xe_vm_types.h @@ -476,6 +476,7 @@ struct xe_vma_ops { /** @flag: signify the properties within xe_vma_ops*/ #define XE_VMA_OPS_FLAG_HAS_SVM_PREFETCH BIT(0) #define XE_VMA_OPS_FLAG_MADVISE BIT(1) +#define XE_VMA_OPS_ARRAY_OF_BINDS BIT(2) u32 flags; #ifdef TEST_VM_OPS_ERROR /** @inject_error: inject error to test error handling */

1 week

1
0
0 0

FAILED: patch "[PATCH] HID: multitouch: fix sticky fingers" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 46f781e0d151844589dc2125c8cce3300546f92a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102012-undercook-hurricane-81df@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46f781e0d151844589dc2125c8cce3300546f92a Mon Sep 17 00:00:00 2001 From: Benjamin Tissoires <bentiss(a)kernel.org> Date: Wed, 8 Oct 2025 16:06:58 +0200 Subject: [PATCH] HID: multitouch: fix sticky fingers The sticky fingers quirk (MT_QUIRK_STICKY_FINGERS) was only considering the case when slots were not released during the last report. This can be problematic if the firmware forgets to release a finger while others are still present. This was observed on the Synaptics DLL0945 touchpad found on the Dell XPS 9310 and the Dell Inspiron 5406. Fixes: 4f4001bc76fd ("HID: multitouch: fix rare Win 8 cases when the touch up event gets missing") Cc: stable(a)vger.kernel.org Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c index 513b8673ad8d..179dc316b4b5 100644 --- a/drivers/hid/hid-multitouch.c +++ b/drivers/hid/hid-multitouch.c @@ -94,9 +94,8 @@ enum report_mode { TOUCHPAD_REPORT_ALL = TOUCHPAD_REPORT_BUTTONS | TOUCHPAD_REPORT_CONTACTS, }; -#define MT_IO_FLAGS_RUNNING 0 -#define MT_IO_FLAGS_ACTIVE_SLOTS 1 -#define MT_IO_FLAGS_PENDING_SLOTS 2 +#define MT_IO_SLOTS_MASK GENMASK(7, 0) /* reserve first 8 bits for slot tracking */ +#define MT_IO_FLAGS_RUNNING 32 static const bool mtrue = true; /* default for true */ static const bool mfalse; /* default for false */ @@ -172,7 +171,11 @@ struct mt_device { struct timer_list release_timer; /* to release sticky fingers */ struct hid_haptic_device *haptic; /* haptic related configuration */ struct hid_device *hdev; /* hid_device we're attached to */ - unsigned long mt_io_flags; /* mt flags (MT_IO_FLAGS_*) */ + unsigned long mt_io_flags; /* mt flags (MT_IO_FLAGS_RUNNING) + * first 8 bits are reserved for keeping the slot + * states, this is fine because we only support up + * to 250 slots (MT_MAX_MAXCONTACT) + */ __u8 inputmode_value; /* InputMode HID feature value */ __u8 maxcontacts; bool is_buttonpad; /* is this device a button pad? */ @@ -986,6 +989,7 @@ static void mt_release_pending_palms(struct mt_device *td, for_each_set_bit(slotnum, app->pending_palm_slots, td->maxcontacts) { clear_bit(slotnum, app->pending_palm_slots); + clear_bit(slotnum, &td->mt_io_flags); input_mt_slot(input, slotnum); input_mt_report_slot_inactive(input); @@ -1019,12 +1023,6 @@ static void mt_sync_frame(struct mt_device *td, struct mt_application *app, app->left_button_state = 0; if (td->is_haptic_touchpad) hid_haptic_pressure_reset(td->haptic); - - if (test_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags)) - set_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags); - else - clear_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags); - clear_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags); } static int mt_compute_timestamp(struct mt_application *app, __s32 value) @@ -1202,7 +1200,9 @@ static int mt_process_slot(struct mt_device *td, struct input_dev *input, input_event(input, EV_ABS, ABS_MT_TOUCH_MAJOR, major); input_event(input, EV_ABS, ABS_MT_TOUCH_MINOR, minor); - set_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags); + set_bit(slotnum, &td->mt_io_flags); + } else { + clear_bit(slotnum, &td->mt_io_flags); } return 0; @@ -1337,7 +1337,7 @@ static void mt_touch_report(struct hid_device *hid, * defect. */ if (app->quirks & MT_QUIRK_STICKY_FINGERS) { - if (test_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags)) + if (td->mt_io_flags & MT_IO_SLOTS_MASK) mod_timer(&td->release_timer, jiffies + msecs_to_jiffies(100)); else @@ -1814,6 +1814,7 @@ static void mt_release_contacts(struct hid_device *hid) for (i = 0; i < mt->num_slots; i++) { input_mt_slot(input_dev, i); input_mt_report_slot_inactive(input_dev); + clear_bit(i, &td->mt_io_flags); } input_mt_sync_frame(input_dev); input_sync(input_dev); @@ -1836,7 +1837,7 @@ static void mt_expired_timeout(struct timer_list *t) */ if (test_and_set_bit_lock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags)) return; - if (test_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags)) + if (td->mt_io_flags & MT_IO_SLOTS_MASK) mt_release_contacts(hdev); clear_bit_unlock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags); }

1 week

1
0
0 0

FAILED: patch "[PATCH] HID: multitouch: fix sticky fingers" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 46f781e0d151844589dc2125c8cce3300546f92a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102011-aghast-mollusk-eec6@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46f781e0d151844589dc2125c8cce3300546f92a Mon Sep 17 00:00:00 2001 From: Benjamin Tissoires <bentiss(a)kernel.org> Date: Wed, 8 Oct 2025 16:06:58 +0200 Subject: [PATCH] HID: multitouch: fix sticky fingers The sticky fingers quirk (MT_QUIRK_STICKY_FINGERS) was only considering the case when slots were not released during the last report. This can be problematic if the firmware forgets to release a finger while others are still present. This was observed on the Synaptics DLL0945 touchpad found on the Dell XPS 9310 and the Dell Inspiron 5406. Fixes: 4f4001bc76fd ("HID: multitouch: fix rare Win 8 cases when the touch up event gets missing") Cc: stable(a)vger.kernel.org Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c index 513b8673ad8d..179dc316b4b5 100644 --- a/drivers/hid/hid-multitouch.c +++ b/drivers/hid/hid-multitouch.c @@ -94,9 +94,8 @@ enum report_mode { TOUCHPAD_REPORT_ALL = TOUCHPAD_REPORT_BUTTONS | TOUCHPAD_REPORT_CONTACTS, }; -#define MT_IO_FLAGS_RUNNING 0 -#define MT_IO_FLAGS_ACTIVE_SLOTS 1 -#define MT_IO_FLAGS_PENDING_SLOTS 2 +#define MT_IO_SLOTS_MASK GENMASK(7, 0) /* reserve first 8 bits for slot tracking */ +#define MT_IO_FLAGS_RUNNING 32 static const bool mtrue = true; /* default for true */ static const bool mfalse; /* default for false */ @@ -172,7 +171,11 @@ struct mt_device { struct timer_list release_timer; /* to release sticky fingers */ struct hid_haptic_device *haptic; /* haptic related configuration */ struct hid_device *hdev; /* hid_device we're attached to */ - unsigned long mt_io_flags; /* mt flags (MT_IO_FLAGS_*) */ + unsigned long mt_io_flags; /* mt flags (MT_IO_FLAGS_RUNNING) + * first 8 bits are reserved for keeping the slot + * states, this is fine because we only support up + * to 250 slots (MT_MAX_MAXCONTACT) + */ __u8 inputmode_value; /* InputMode HID feature value */ __u8 maxcontacts; bool is_buttonpad; /* is this device a button pad? */ @@ -986,6 +989,7 @@ static void mt_release_pending_palms(struct mt_device *td, for_each_set_bit(slotnum, app->pending_palm_slots, td->maxcontacts) { clear_bit(slotnum, app->pending_palm_slots); + clear_bit(slotnum, &td->mt_io_flags); input_mt_slot(input, slotnum); input_mt_report_slot_inactive(input); @@ -1019,12 +1023,6 @@ static void mt_sync_frame(struct mt_device *td, struct mt_application *app, app->left_button_state = 0; if (td->is_haptic_touchpad) hid_haptic_pressure_reset(td->haptic); - - if (test_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags)) - set_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags); - else - clear_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags); - clear_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags); } static int mt_compute_timestamp(struct mt_application *app, __s32 value) @@ -1202,7 +1200,9 @@ static int mt_process_slot(struct mt_device *td, struct input_dev *input, input_event(input, EV_ABS, ABS_MT_TOUCH_MAJOR, major); input_event(input, EV_ABS, ABS_MT_TOUCH_MINOR, minor); - set_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags); + set_bit(slotnum, &td->mt_io_flags); + } else { + clear_bit(slotnum, &td->mt_io_flags); } return 0; @@ -1337,7 +1337,7 @@ static void mt_touch_report(struct hid_device *hid, * defect. */ if (app->quirks & MT_QUIRK_STICKY_FINGERS) { - if (test_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags)) + if (td->mt_io_flags & MT_IO_SLOTS_MASK) mod_timer(&td->release_timer, jiffies + msecs_to_jiffies(100)); else @@ -1814,6 +1814,7 @@ static void mt_release_contacts(struct hid_device *hid) for (i = 0; i < mt->num_slots; i++) { input_mt_slot(input_dev, i); input_mt_report_slot_inactive(input_dev); + clear_bit(i, &td->mt_io_flags); } input_mt_sync_frame(input_dev); input_sync(input_dev); @@ -1836,7 +1837,7 @@ static void mt_expired_timeout(struct timer_list *t) */ if (test_and_set_bit_lock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags)) return; - if (test_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags)) + if (td->mt_io_flags & MT_IO_SLOTS_MASK) mt_release_contacts(hdev); clear_bit_unlock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags); }

1 week

1
0
0 0

FAILED: patch "[PATCH] HID: multitouch: fix sticky fingers" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 46f781e0d151844589dc2125c8cce3300546f92a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102010-botch-underling-438f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46f781e0d151844589dc2125c8cce3300546f92a Mon Sep 17 00:00:00 2001 From: Benjamin Tissoires <bentiss(a)kernel.org> Date: Wed, 8 Oct 2025 16:06:58 +0200 Subject: [PATCH] HID: multitouch: fix sticky fingers The sticky fingers quirk (MT_QUIRK_STICKY_FINGERS) was only considering the case when slots were not released during the last report. This can be problematic if the firmware forgets to release a finger while others are still present. This was observed on the Synaptics DLL0945 touchpad found on the Dell XPS 9310 and the Dell Inspiron 5406. Fixes: 4f4001bc76fd ("HID: multitouch: fix rare Win 8 cases when the touch up event gets missing") Cc: stable(a)vger.kernel.org Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c index 513b8673ad8d..179dc316b4b5 100644 --- a/drivers/hid/hid-multitouch.c +++ b/drivers/hid/hid-multitouch.c @@ -94,9 +94,8 @@ enum report_mode { TOUCHPAD_REPORT_ALL = TOUCHPAD_REPORT_BUTTONS | TOUCHPAD_REPORT_CONTACTS, }; -#define MT_IO_FLAGS_RUNNING 0 -#define MT_IO_FLAGS_ACTIVE_SLOTS 1 -#define MT_IO_FLAGS_PENDING_SLOTS 2 +#define MT_IO_SLOTS_MASK GENMASK(7, 0) /* reserve first 8 bits for slot tracking */ +#define MT_IO_FLAGS_RUNNING 32 static const bool mtrue = true; /* default for true */ static const bool mfalse; /* default for false */ @@ -172,7 +171,11 @@ struct mt_device { struct timer_list release_timer; /* to release sticky fingers */ struct hid_haptic_device *haptic; /* haptic related configuration */ struct hid_device *hdev; /* hid_device we're attached to */ - unsigned long mt_io_flags; /* mt flags (MT_IO_FLAGS_*) */ + unsigned long mt_io_flags; /* mt flags (MT_IO_FLAGS_RUNNING) + * first 8 bits are reserved for keeping the slot + * states, this is fine because we only support up + * to 250 slots (MT_MAX_MAXCONTACT) + */ __u8 inputmode_value; /* InputMode HID feature value */ __u8 maxcontacts; bool is_buttonpad; /* is this device a button pad? */ @@ -986,6 +989,7 @@ static void mt_release_pending_palms(struct mt_device *td, for_each_set_bit(slotnum, app->pending_palm_slots, td->maxcontacts) { clear_bit(slotnum, app->pending_palm_slots); + clear_bit(slotnum, &td->mt_io_flags); input_mt_slot(input, slotnum); input_mt_report_slot_inactive(input); @@ -1019,12 +1023,6 @@ static void mt_sync_frame(struct mt_device *td, struct mt_application *app, app->left_button_state = 0; if (td->is_haptic_touchpad) hid_haptic_pressure_reset(td->haptic); - - if (test_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags)) - set_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags); - else - clear_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags); - clear_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags); } static int mt_compute_timestamp(struct mt_application *app, __s32 value) @@ -1202,7 +1200,9 @@ static int mt_process_slot(struct mt_device *td, struct input_dev *input, input_event(input, EV_ABS, ABS_MT_TOUCH_MAJOR, major); input_event(input, EV_ABS, ABS_MT_TOUCH_MINOR, minor); - set_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags); + set_bit(slotnum, &td->mt_io_flags); + } else { + clear_bit(slotnum, &td->mt_io_flags); } return 0; @@ -1337,7 +1337,7 @@ static void mt_touch_report(struct hid_device *hid, * defect. */ if (app->quirks & MT_QUIRK_STICKY_FINGERS) { - if (test_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags)) + if (td->mt_io_flags & MT_IO_SLOTS_MASK) mod_timer(&td->release_timer, jiffies + msecs_to_jiffies(100)); else @@ -1814,6 +1814,7 @@ static void mt_release_contacts(struct hid_device *hid) for (i = 0; i < mt->num_slots; i++) { input_mt_slot(input_dev, i); input_mt_report_slot_inactive(input_dev); + clear_bit(i, &td->mt_io_flags); } input_mt_sync_frame(input_dev); input_sync(input_dev); @@ -1836,7 +1837,7 @@ static void mt_expired_timeout(struct timer_list *t) */ if (test_and_set_bit_lock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags)) return; - if (test_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags)) + if (td->mt_io_flags & MT_IO_SLOTS_MASK) mt_release_contacts(hdev); clear_bit_unlock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags); }

1 week

1
0
0 0

FAILED: patch "[PATCH] HID: multitouch: fix sticky fingers" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 46f781e0d151844589dc2125c8cce3300546f92a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102009-stinky-vaguely-dd0e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46f781e0d151844589dc2125c8cce3300546f92a Mon Sep 17 00:00:00 2001 From: Benjamin Tissoires <bentiss(a)kernel.org> Date: Wed, 8 Oct 2025 16:06:58 +0200 Subject: [PATCH] HID: multitouch: fix sticky fingers The sticky fingers quirk (MT_QUIRK_STICKY_FINGERS) was only considering the case when slots were not released during the last report. This can be problematic if the firmware forgets to release a finger while others are still present. This was observed on the Synaptics DLL0945 touchpad found on the Dell XPS 9310 and the Dell Inspiron 5406. Fixes: 4f4001bc76fd ("HID: multitouch: fix rare Win 8 cases when the touch up event gets missing") Cc: stable(a)vger.kernel.org Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c index 513b8673ad8d..179dc316b4b5 100644 --- a/drivers/hid/hid-multitouch.c +++ b/drivers/hid/hid-multitouch.c @@ -94,9 +94,8 @@ enum report_mode { TOUCHPAD_REPORT_ALL = TOUCHPAD_REPORT_BUTTONS | TOUCHPAD_REPORT_CONTACTS, }; -#define MT_IO_FLAGS_RUNNING 0 -#define MT_IO_FLAGS_ACTIVE_SLOTS 1 -#define MT_IO_FLAGS_PENDING_SLOTS 2 +#define MT_IO_SLOTS_MASK GENMASK(7, 0) /* reserve first 8 bits for slot tracking */ +#define MT_IO_FLAGS_RUNNING 32 static const bool mtrue = true; /* default for true */ static const bool mfalse; /* default for false */ @@ -172,7 +171,11 @@ struct mt_device { struct timer_list release_timer; /* to release sticky fingers */ struct hid_haptic_device *haptic; /* haptic related configuration */ struct hid_device *hdev; /* hid_device we're attached to */ - unsigned long mt_io_flags; /* mt flags (MT_IO_FLAGS_*) */ + unsigned long mt_io_flags; /* mt flags (MT_IO_FLAGS_RUNNING) + * first 8 bits are reserved for keeping the slot + * states, this is fine because we only support up + * to 250 slots (MT_MAX_MAXCONTACT) + */ __u8 inputmode_value; /* InputMode HID feature value */ __u8 maxcontacts; bool is_buttonpad; /* is this device a button pad? */ @@ -986,6 +989,7 @@ static void mt_release_pending_palms(struct mt_device *td, for_each_set_bit(slotnum, app->pending_palm_slots, td->maxcontacts) { clear_bit(slotnum, app->pending_palm_slots); + clear_bit(slotnum, &td->mt_io_flags); input_mt_slot(input, slotnum); input_mt_report_slot_inactive(input); @@ -1019,12 +1023,6 @@ static void mt_sync_frame(struct mt_device *td, struct mt_application *app, app->left_button_state = 0; if (td->is_haptic_touchpad) hid_haptic_pressure_reset(td->haptic); - - if (test_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags)) - set_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags); - else - clear_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags); - clear_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags); } static int mt_compute_timestamp(struct mt_application *app, __s32 value) @@ -1202,7 +1200,9 @@ static int mt_process_slot(struct mt_device *td, struct input_dev *input, input_event(input, EV_ABS, ABS_MT_TOUCH_MAJOR, major); input_event(input, EV_ABS, ABS_MT_TOUCH_MINOR, minor); - set_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags); + set_bit(slotnum, &td->mt_io_flags); + } else { + clear_bit(slotnum, &td->mt_io_flags); } return 0; @@ -1337,7 +1337,7 @@ static void mt_touch_report(struct hid_device *hid, * defect. */ if (app->quirks & MT_QUIRK_STICKY_FINGERS) { - if (test_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags)) + if (td->mt_io_flags & MT_IO_SLOTS_MASK) mod_timer(&td->release_timer, jiffies + msecs_to_jiffies(100)); else @@ -1814,6 +1814,7 @@ static void mt_release_contacts(struct hid_device *hid) for (i = 0; i < mt->num_slots; i++) { input_mt_slot(input_dev, i); input_mt_report_slot_inactive(input_dev); + clear_bit(i, &td->mt_io_flags); } input_mt_sync_frame(input_dev); input_sync(input_dev); @@ -1836,7 +1837,7 @@ static void mt_expired_timeout(struct timer_list *t) */ if (test_and_set_bit_lock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags)) return; - if (test_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags)) + if (td->mt_io_flags & MT_IO_SLOTS_MASK) mt_release_contacts(hdev); clear_bit_unlock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags); }

1 week

1
0
0 0

FAILED: patch "[PATCH] HID: multitouch: fix sticky fingers" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 46f781e0d151844589dc2125c8cce3300546f92a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102009-grandma-joylessly-f9c7@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 46f781e0d151844589dc2125c8cce3300546f92a Mon Sep 17 00:00:00 2001 From: Benjamin Tissoires <bentiss(a)kernel.org> Date: Wed, 8 Oct 2025 16:06:58 +0200 Subject: [PATCH] HID: multitouch: fix sticky fingers The sticky fingers quirk (MT_QUIRK_STICKY_FINGERS) was only considering the case when slots were not released during the last report. This can be problematic if the firmware forgets to release a finger while others are still present. This was observed on the Synaptics DLL0945 touchpad found on the Dell XPS 9310 and the Dell Inspiron 5406. Fixes: 4f4001bc76fd ("HID: multitouch: fix rare Win 8 cases when the touch up event gets missing") Cc: stable(a)vger.kernel.org Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c index 513b8673ad8d..179dc316b4b5 100644 --- a/drivers/hid/hid-multitouch.c +++ b/drivers/hid/hid-multitouch.c @@ -94,9 +94,8 @@ enum report_mode { TOUCHPAD_REPORT_ALL = TOUCHPAD_REPORT_BUTTONS | TOUCHPAD_REPORT_CONTACTS, }; -#define MT_IO_FLAGS_RUNNING 0 -#define MT_IO_FLAGS_ACTIVE_SLOTS 1 -#define MT_IO_FLAGS_PENDING_SLOTS 2 +#define MT_IO_SLOTS_MASK GENMASK(7, 0) /* reserve first 8 bits for slot tracking */ +#define MT_IO_FLAGS_RUNNING 32 static const bool mtrue = true; /* default for true */ static const bool mfalse; /* default for false */ @@ -172,7 +171,11 @@ struct mt_device { struct timer_list release_timer; /* to release sticky fingers */ struct hid_haptic_device *haptic; /* haptic related configuration */ struct hid_device *hdev; /* hid_device we're attached to */ - unsigned long mt_io_flags; /* mt flags (MT_IO_FLAGS_*) */ + unsigned long mt_io_flags; /* mt flags (MT_IO_FLAGS_RUNNING) + * first 8 bits are reserved for keeping the slot + * states, this is fine because we only support up + * to 250 slots (MT_MAX_MAXCONTACT) + */ __u8 inputmode_value; /* InputMode HID feature value */ __u8 maxcontacts; bool is_buttonpad; /* is this device a button pad? */ @@ -986,6 +989,7 @@ static void mt_release_pending_palms(struct mt_device *td, for_each_set_bit(slotnum, app->pending_palm_slots, td->maxcontacts) { clear_bit(slotnum, app->pending_palm_slots); + clear_bit(slotnum, &td->mt_io_flags); input_mt_slot(input, slotnum); input_mt_report_slot_inactive(input); @@ -1019,12 +1023,6 @@ static void mt_sync_frame(struct mt_device *td, struct mt_application *app, app->left_button_state = 0; if (td->is_haptic_touchpad) hid_haptic_pressure_reset(td->haptic); - - if (test_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags)) - set_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags); - else - clear_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags); - clear_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags); } static int mt_compute_timestamp(struct mt_application *app, __s32 value) @@ -1202,7 +1200,9 @@ static int mt_process_slot(struct mt_device *td, struct input_dev *input, input_event(input, EV_ABS, ABS_MT_TOUCH_MAJOR, major); input_event(input, EV_ABS, ABS_MT_TOUCH_MINOR, minor); - set_bit(MT_IO_FLAGS_ACTIVE_SLOTS, &td->mt_io_flags); + set_bit(slotnum, &td->mt_io_flags); + } else { + clear_bit(slotnum, &td->mt_io_flags); } return 0; @@ -1337,7 +1337,7 @@ static void mt_touch_report(struct hid_device *hid, * defect. */ if (app->quirks & MT_QUIRK_STICKY_FINGERS) { - if (test_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags)) + if (td->mt_io_flags & MT_IO_SLOTS_MASK) mod_timer(&td->release_timer, jiffies + msecs_to_jiffies(100)); else @@ -1814,6 +1814,7 @@ static void mt_release_contacts(struct hid_device *hid) for (i = 0; i < mt->num_slots; i++) { input_mt_slot(input_dev, i); input_mt_report_slot_inactive(input_dev); + clear_bit(i, &td->mt_io_flags); } input_mt_sync_frame(input_dev); input_sync(input_dev); @@ -1836,7 +1837,7 @@ static void mt_expired_timeout(struct timer_list *t) */ if (test_and_set_bit_lock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags)) return; - if (test_bit(MT_IO_FLAGS_PENDING_SLOTS, &td->mt_io_flags)) + if (td->mt_io_flags & MT_IO_SLOTS_MASK) mt_release_contacts(hdev); clear_bit_unlock(MT_IO_FLAGS_RUNNING, &td->mt_io_flags); }

1 week

1
0
0 0

FAILED: patch "[PATCH] KVM: arm64: Prevent access to vCPU events before init" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 0aa1b76fe1429629215a7c79820e4b96233ac4a3 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102045-swimmer-bagel-53c2@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0aa1b76fe1429629215a7c79820e4b96233ac4a3 Mon Sep 17 00:00:00 2001 From: Oliver Upton <oliver.upton(a)linux.dev> Date: Tue, 30 Sep 2025 01:52:37 -0700 Subject: [PATCH] KVM: arm64: Prevent access to vCPU events before init Another day, another syzkaller bug. KVM erroneously allows userspace to pend vCPU events for a vCPU that hasn't been initialized yet, leading to KVM interpreting a bunch of uninitialized garbage for routing / injecting the exception. In one case the injection code and the hyp disagree on whether the vCPU has a 32bit EL1 and put the vCPU into an illegal mode for AArch64, tripping the BUG() in exception_target_el() during the next injection: kernel BUG at arch/arm64/kvm/inject_fault.c:40! Internal error: Oops - BUG: 00000000f2000800 [#1] SMP CPU: 3 UID: 0 PID: 318 Comm: repro Not tainted 6.17.0-rc4-00104-g10fd0285305d #6 PREEMPT Hardware name: linux,dummy-virt (DT) pstate: 21402009 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) pc : exception_target_el+0x88/0x8c lr : pend_serror_exception+0x18/0x13c sp : ffff800082f03a10 x29: ffff800082f03a10 x28: ffff0000cb132280 x27: 0000000000000000 x26: 0000000000000000 x25: ffff0000c2a99c20 x24: 0000000000000000 x23: 0000000000008000 x22: 0000000000000002 x21: 0000000000000004 x20: 0000000000008000 x19: ffff0000c2a99c20 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 00000000200000c0 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : ffff800082f03af8 x7 : 0000000000000000 x6 : 0000000000000000 x5 : ffff800080f621f0 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 000000000040009b x1 : 0000000000000003 x0 : ffff0000c2a99c20 Call trace: exception_target_el+0x88/0x8c (P) kvm_inject_serror_esr+0x40/0x3b4 __kvm_arm_vcpu_set_events+0xf0/0x100 kvm_arch_vcpu_ioctl+0x180/0x9d4 kvm_vcpu_ioctl+0x60c/0x9f4 __arm64_sys_ioctl+0xac/0x104 invoke_syscall+0x48/0x110 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xf0 el0t_64_sync_handler+0xa0/0xe4 el0t_64_sync+0x198/0x19c Code: f946bc01 b4fffe61 9101e020 17fffff2 (d4210000) Reject the ioctls outright as no sane VMM would call these before KVM_ARM_VCPU_INIT anyway. Even if it did the exception would've been thrown away by the eventual reset of the vCPU's state. Cc: stable(a)vger.kernel.org # 6.17 Fixes: b7b27facc7b5 ("arm/arm64: KVM: Add KVM_GET/SET_VCPU_EVENTS") Signed-off-by: Oliver Upton <oliver.upton(a)linux.dev> Signed-off-by: Marc Zyngier <maz(a)kernel.org> diff --git a/arch/arm64/kvm/arm.c b/arch/arm64/kvm/arm.c index f21d1b7f20f8..f01cacb669cf 100644 --- a/arch/arm64/kvm/arm.c +++ b/arch/arm64/kvm/arm.c @@ -1794,6 +1794,9 @@ long kvm_arch_vcpu_ioctl(struct file *filp, case KVM_GET_VCPU_EVENTS: { struct kvm_vcpu_events events; + if (!kvm_vcpu_initialized(vcpu)) + return -ENOEXEC; + if (kvm_arm_vcpu_get_events(vcpu, &events)) return -EINVAL; @@ -1805,6 +1808,9 @@ long kvm_arch_vcpu_ioctl(struct file *filp, case KVM_SET_VCPU_EVENTS: { struct kvm_vcpu_events events; + if (!kvm_vcpu_initialized(vcpu)) + return -ENOEXEC; + if (copy_from_user(&events, argp, sizeof(events))) return -EFAULT;

1 week

1
0
0 0

[PATCH v2 0/3] ASoC: SOF: ipc4/Intel: Fix the host buffer constraint

by Peter Ujfalusi

Hi, Changes since v1: - SHAs for Fixes tag corrected (sorry) The size of the DSP host buffer was incorrectly defined as 2ms while it is 4ms and the ChainDMA PCMs are using 5ms as host facing buffer. The constraint will be set against the period time rather than the buffer time to make sure that application will not face with xruns when the DMA bursts to refill the host buffer. The minimal period size will be also used by Pipewire in case of SOF cards to set the headroom to a length which will avoid the cases when the hw_ptr jumps over the appl_ptr because of a burst. Iow, it will make Pipewire to keep a safe distance from the hw_ptr. https://github.com/thesofproject/linux/issues/5284 https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/740 https://gitlab.freedesktop.org/pipewire/pipewire/-/merge_requests/2548 Regards, Peter --- Peter Ujfalusi (3): ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time sound/soc/sof/intel/hda-pcm.c | 29 +++++++++++++++++++++-------- sound/soc/sof/ipc4-topology.c | 9 +++++++-- sound/soc/sof/ipc4-topology.h | 7 +++++-- 3 files changed, 33 insertions(+), 12 deletions(-) -- 2.51.0

1 week

3
9
0 0

FAILED: patch "[PATCH] x86/resctrl: Fix miscount of bandwidth event when" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102058-citadel-crinkly-125f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 Mon Sep 17 00:00:00 2001 From: Babu Moger <babu.moger(a)amd.com> Date: Fri, 10 Oct 2025 12:08:35 -0500 Subject: [PATCH] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Users can create as many monitoring groups as the number of RMIDs supported by the hardware. However, on AMD systems, only a limited number of RMIDs are guaranteed to be actively tracked by the hardware. RMIDs that exceed this limit are placed in an "Unavailable" state. When a bandwidth counter is read for such an RMID, the hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62). When such an RMID starts being tracked again the hardware counter is reset to zero. MSR_IA32_QM_CTR.Unavailable remains set on first read after tracking re-starts and is clear on all subsequent reads as long as the RMID is tracked. resctrl miscounts the bandwidth events after an RMID transitions from the "Unavailable" state back to being tracked. This happens because when the hardware starts counting again after resetting the counter to zero, resctrl in turn compares the new count against the counter value stored from the previous time the RMID was tracked. This results in resctrl computing an event value that is either undercounting (when new counter is more than stored counter) or a mistaken overflow (when new counter is less than stored counter). Reset the stored value (arch_mbm_state::prev_msr) of MSR_IA32_QM_CTR to zero whenever the RMID is in the "Unavailable" state to ensure accurate counting after the RMID resets to zero when it starts to be tracked again. Example scenario that results in mistaken overflow ================================================== 1. The resctrl filesystem is mounted, and a task is assigned to a monitoring group. $mount -t resctrl resctrl /sys/fs/resctrl $mkdir /sys/fs/resctrl/mon_groups/test1/ $echo 1234 > /sys/fs/resctrl/mon_groups/test1/tasks $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 21323 <- Total bytes on domain 0 "Unavailable" <- Total bytes on domain 1 Task is running on domain 0. Counter on domain 1 is "Unavailable". 2. The task runs on domain 0 for a while and then moves to domain 1. The counter starts incrementing on domain 1. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 7345357 <- Total bytes on domain 0 4545 <- Total bytes on domain 1 3. At some point, the RMID in domain 0 transitions to the "Unavailable" state because the task is no longer executing in that domain. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes "Unavailable" <- Total bytes on domain 0 434341 <- Total bytes on domain 1 4. Since the task continues to migrate between domains, it may eventually return to domain 0. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 17592178699059 <- Overflow on domain 0 3232332 <- Total bytes on domain 1 In this case, the RMID on domain 0 transitions from "Unavailable" state to active state. The hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62) when the counter is read and begins tracking the RMID counting from 0. Subsequent reads succeed but return a value smaller than the previously saved MSR value (7345357). Consequently, the resctrl's overflow logic is triggered, it compares the previous value (7345357) with the new, smaller value and incorrectly interprets this as a counter overflow, adding a large delta. In reality, this is a false positive: the counter did not overflow but was simply reset when the RMID transitioned from "Unavailable" back to active state. Here is the text from APM [1] available from [2]. "In PQOS Version 2.0 or higher, the MBM hardware will set the U bit on the first QM_CTR read when it begins tracking an RMID that it was not previously tracking. The U bit will be zero for all subsequent reads from that RMID while it is still tracked by the hardware. Therefore, a QM_CTR read with the U bit set when that RMID is in use by a processor can be considered 0 when calculating the difference with a subsequent read." [1] AMD64 Architecture Programmer's Manual Volume 2: System Programming Publication # 24593 Revision 3.41 section 19.3.3 Monitoring L3 Memory Bandwidth (MBM). [ bp: Split commit message into smaller paragraph chunks for better consumption. ] Fixes: 4d05bf71f157d ("x86/resctrl: Introduce AMD QOS feature") Signed-off-by: Babu Moger <babu.moger(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Tested-by: Reinette Chatre <reinette.chatre(a)intel.com> Cc: stable(a)vger.kernel.org # needs adjustments for <= v6.17 Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 # [2] diff --git a/arch/x86/kernel/cpu/resctrl/monitor.c b/arch/x86/kernel/cpu/resctrl/monitor.c index c8945610d455..2cd25a0d4637 100644 --- a/arch/x86/kernel/cpu/resctrl/monitor.c +++ b/arch/x86/kernel/cpu/resctrl/monitor.c @@ -242,7 +242,9 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, u32 unused, u32 rmid, enum resctrl_event_id eventid, u64 *val, void *ignored) { + struct rdt_hw_mon_domain *hw_dom = resctrl_to_arch_mon_dom(d); int cpu = cpumask_any(&d->hdr.cpu_mask); + struct arch_mbm_state *am; u64 msr_val; u32 prmid; int ret; @@ -251,12 +253,16 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, prmid = logical_rmid_to_physical_rmid(cpu, rmid); ret = __rmid_read_phys(prmid, eventid, &msr_val); - if (ret) - return ret; - *val = get_corrected_val(r, d, rmid, eventid, msr_val); + if (!ret) { + *val = get_corrected_val(r, d, rmid, eventid, msr_val); + } else if (ret == -EINVAL) { + am = get_arch_mbm_state(hw_dom, rmid, eventid); + if (am) + am->prev_msr = 0; + } - return 0; + return ret; } static int __cntr_id_read(u32 cntr_id, u64 *val)

1 week

1
0
0 0

FAILED: patch "[PATCH] x86/resctrl: Fix miscount of bandwidth event when" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102056-qualify-unopposed-be08@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 Mon Sep 17 00:00:00 2001 From: Babu Moger <babu.moger(a)amd.com> Date: Fri, 10 Oct 2025 12:08:35 -0500 Subject: [PATCH] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Users can create as many monitoring groups as the number of RMIDs supported by the hardware. However, on AMD systems, only a limited number of RMIDs are guaranteed to be actively tracked by the hardware. RMIDs that exceed this limit are placed in an "Unavailable" state. When a bandwidth counter is read for such an RMID, the hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62). When such an RMID starts being tracked again the hardware counter is reset to zero. MSR_IA32_QM_CTR.Unavailable remains set on first read after tracking re-starts and is clear on all subsequent reads as long as the RMID is tracked. resctrl miscounts the bandwidth events after an RMID transitions from the "Unavailable" state back to being tracked. This happens because when the hardware starts counting again after resetting the counter to zero, resctrl in turn compares the new count against the counter value stored from the previous time the RMID was tracked. This results in resctrl computing an event value that is either undercounting (when new counter is more than stored counter) or a mistaken overflow (when new counter is less than stored counter). Reset the stored value (arch_mbm_state::prev_msr) of MSR_IA32_QM_CTR to zero whenever the RMID is in the "Unavailable" state to ensure accurate counting after the RMID resets to zero when it starts to be tracked again. Example scenario that results in mistaken overflow ================================================== 1. The resctrl filesystem is mounted, and a task is assigned to a monitoring group. $mount -t resctrl resctrl /sys/fs/resctrl $mkdir /sys/fs/resctrl/mon_groups/test1/ $echo 1234 > /sys/fs/resctrl/mon_groups/test1/tasks $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 21323 <- Total bytes on domain 0 "Unavailable" <- Total bytes on domain 1 Task is running on domain 0. Counter on domain 1 is "Unavailable". 2. The task runs on domain 0 for a while and then moves to domain 1. The counter starts incrementing on domain 1. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 7345357 <- Total bytes on domain 0 4545 <- Total bytes on domain 1 3. At some point, the RMID in domain 0 transitions to the "Unavailable" state because the task is no longer executing in that domain. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes "Unavailable" <- Total bytes on domain 0 434341 <- Total bytes on domain 1 4. Since the task continues to migrate between domains, it may eventually return to domain 0. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 17592178699059 <- Overflow on domain 0 3232332 <- Total bytes on domain 1 In this case, the RMID on domain 0 transitions from "Unavailable" state to active state. The hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62) when the counter is read and begins tracking the RMID counting from 0. Subsequent reads succeed but return a value smaller than the previously saved MSR value (7345357). Consequently, the resctrl's overflow logic is triggered, it compares the previous value (7345357) with the new, smaller value and incorrectly interprets this as a counter overflow, adding a large delta. In reality, this is a false positive: the counter did not overflow but was simply reset when the RMID transitioned from "Unavailable" back to active state. Here is the text from APM [1] available from [2]. "In PQOS Version 2.0 or higher, the MBM hardware will set the U bit on the first QM_CTR read when it begins tracking an RMID that it was not previously tracking. The U bit will be zero for all subsequent reads from that RMID while it is still tracked by the hardware. Therefore, a QM_CTR read with the U bit set when that RMID is in use by a processor can be considered 0 when calculating the difference with a subsequent read." [1] AMD64 Architecture Programmer's Manual Volume 2: System Programming Publication # 24593 Revision 3.41 section 19.3.3 Monitoring L3 Memory Bandwidth (MBM). [ bp: Split commit message into smaller paragraph chunks for better consumption. ] Fixes: 4d05bf71f157d ("x86/resctrl: Introduce AMD QOS feature") Signed-off-by: Babu Moger <babu.moger(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Tested-by: Reinette Chatre <reinette.chatre(a)intel.com> Cc: stable(a)vger.kernel.org # needs adjustments for <= v6.17 Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 # [2] diff --git a/arch/x86/kernel/cpu/resctrl/monitor.c b/arch/x86/kernel/cpu/resctrl/monitor.c index c8945610d455..2cd25a0d4637 100644 --- a/arch/x86/kernel/cpu/resctrl/monitor.c +++ b/arch/x86/kernel/cpu/resctrl/monitor.c @@ -242,7 +242,9 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, u32 unused, u32 rmid, enum resctrl_event_id eventid, u64 *val, void *ignored) { + struct rdt_hw_mon_domain *hw_dom = resctrl_to_arch_mon_dom(d); int cpu = cpumask_any(&d->hdr.cpu_mask); + struct arch_mbm_state *am; u64 msr_val; u32 prmid; int ret; @@ -251,12 +253,16 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, prmid = logical_rmid_to_physical_rmid(cpu, rmid); ret = __rmid_read_phys(prmid, eventid, &msr_val); - if (ret) - return ret; - *val = get_corrected_val(r, d, rmid, eventid, msr_val); + if (!ret) { + *val = get_corrected_val(r, d, rmid, eventid, msr_val); + } else if (ret == -EINVAL) { + am = get_arch_mbm_state(hw_dom, rmid, eventid); + if (am) + am->prev_msr = 0; + } - return 0; + return ret; } static int __cntr_id_read(u32 cntr_id, u64 *val)

1 week

1
0
0 0

FAILED: patch "[PATCH] x86/resctrl: Fix miscount of bandwidth event when" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025102054-slacks-ambush-f774@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 15292f1b4c55a3a7c940dbcb6cb8793871ed3d92 Mon Sep 17 00:00:00 2001 From: Babu Moger <babu.moger(a)amd.com> Date: Fri, 10 Oct 2025 12:08:35 -0500 Subject: [PATCH] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID Users can create as many monitoring groups as the number of RMIDs supported by the hardware. However, on AMD systems, only a limited number of RMIDs are guaranteed to be actively tracked by the hardware. RMIDs that exceed this limit are placed in an "Unavailable" state. When a bandwidth counter is read for such an RMID, the hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62). When such an RMID starts being tracked again the hardware counter is reset to zero. MSR_IA32_QM_CTR.Unavailable remains set on first read after tracking re-starts and is clear on all subsequent reads as long as the RMID is tracked. resctrl miscounts the bandwidth events after an RMID transitions from the "Unavailable" state back to being tracked. This happens because when the hardware starts counting again after resetting the counter to zero, resctrl in turn compares the new count against the counter value stored from the previous time the RMID was tracked. This results in resctrl computing an event value that is either undercounting (when new counter is more than stored counter) or a mistaken overflow (when new counter is less than stored counter). Reset the stored value (arch_mbm_state::prev_msr) of MSR_IA32_QM_CTR to zero whenever the RMID is in the "Unavailable" state to ensure accurate counting after the RMID resets to zero when it starts to be tracked again. Example scenario that results in mistaken overflow ================================================== 1. The resctrl filesystem is mounted, and a task is assigned to a monitoring group. $mount -t resctrl resctrl /sys/fs/resctrl $mkdir /sys/fs/resctrl/mon_groups/test1/ $echo 1234 > /sys/fs/resctrl/mon_groups/test1/tasks $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 21323 <- Total bytes on domain 0 "Unavailable" <- Total bytes on domain 1 Task is running on domain 0. Counter on domain 1 is "Unavailable". 2. The task runs on domain 0 for a while and then moves to domain 1. The counter starts incrementing on domain 1. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 7345357 <- Total bytes on domain 0 4545 <- Total bytes on domain 1 3. At some point, the RMID in domain 0 transitions to the "Unavailable" state because the task is no longer executing in that domain. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes "Unavailable" <- Total bytes on domain 0 434341 <- Total bytes on domain 1 4. Since the task continues to migrate between domains, it may eventually return to domain 0. $cat /sys/fs/resctrl/mon_groups/test1/mon_data/mon_L3_*/mbm_total_bytes 17592178699059 <- Overflow on domain 0 3232332 <- Total bytes on domain 1 In this case, the RMID on domain 0 transitions from "Unavailable" state to active state. The hardware sets MSR_IA32_QM_CTR.Unavailable (bit 62) when the counter is read and begins tracking the RMID counting from 0. Subsequent reads succeed but return a value smaller than the previously saved MSR value (7345357). Consequently, the resctrl's overflow logic is triggered, it compares the previous value (7345357) with the new, smaller value and incorrectly interprets this as a counter overflow, adding a large delta. In reality, this is a false positive: the counter did not overflow but was simply reset when the RMID transitioned from "Unavailable" back to active state. Here is the text from APM [1] available from [2]. "In PQOS Version 2.0 or higher, the MBM hardware will set the U bit on the first QM_CTR read when it begins tracking an RMID that it was not previously tracking. The U bit will be zero for all subsequent reads from that RMID while it is still tracked by the hardware. Therefore, a QM_CTR read with the U bit set when that RMID is in use by a processor can be considered 0 when calculating the difference with a subsequent read." [1] AMD64 Architecture Programmer's Manual Volume 2: System Programming Publication # 24593 Revision 3.41 section 19.3.3 Monitoring L3 Memory Bandwidth (MBM). [ bp: Split commit message into smaller paragraph chunks for better consumption. ] Fixes: 4d05bf71f157d ("x86/resctrl: Introduce AMD QOS feature") Signed-off-by: Babu Moger <babu.moger(a)amd.com> Signed-off-by: Borislav Petkov (AMD) <bp(a)alien8.de> Reviewed-by: Reinette Chatre <reinette.chatre(a)intel.com> Tested-by: Reinette Chatre <reinette.chatre(a)intel.com> Cc: stable(a)vger.kernel.org # needs adjustments for <= v6.17 Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537 # [2] diff --git a/arch/x86/kernel/cpu/resctrl/monitor.c b/arch/x86/kernel/cpu/resctrl/monitor.c index c8945610d455..2cd25a0d4637 100644 --- a/arch/x86/kernel/cpu/resctrl/monitor.c +++ b/arch/x86/kernel/cpu/resctrl/monitor.c @@ -242,7 +242,9 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, u32 unused, u32 rmid, enum resctrl_event_id eventid, u64 *val, void *ignored) { + struct rdt_hw_mon_domain *hw_dom = resctrl_to_arch_mon_dom(d); int cpu = cpumask_any(&d->hdr.cpu_mask); + struct arch_mbm_state *am; u64 msr_val; u32 prmid; int ret; @@ -251,12 +253,16 @@ int resctrl_arch_rmid_read(struct rdt_resource *r, struct rdt_mon_domain *d, prmid = logical_rmid_to_physical_rmid(cpu, rmid); ret = __rmid_read_phys(prmid, eventid, &msr_val); - if (ret) - return ret; - *val = get_corrected_val(r, d, rmid, eventid, msr_val); + if (!ret) { + *val = get_corrected_val(r, d, rmid, eventid, msr_val); + } else if (ret == -EINVAL) { + am = get_arch_mbm_state(hw_dom, rmid, eventid); + if (am) + am->prev_msr = 0; + } - return 0; + return ret; } static int __cntr_id_read(u32 cntr_id, u64 *val)

1 week

1
0
0 0

[PATCH 5.10] comedi: Make insn_rw_emulate_bits() do insn->n samples

by Andrey Troshin

From: Ian Abbott <abbotti(a)mev.co.uk> commit 7afba9221f70d4cbce0f417c558879cba0eb5e66 upstream. The `insn_rw_emulate_bits()` function is used as a default handler for `INSN_READ` instructions for subdevices that have a handler for `INSN_BITS` but not for `INSN_READ`. Similarly, it is used as a default handler for `INSN_WRITE` instructions for subdevices that have a handler for `INSN_BITS` but not for `INSN_WRITE`. It works by emulating the `INSN_READ` or `INSN_WRITE` instruction handling with a constructed `INSN_BITS` instruction. However, `INSN_READ` and `INSN_WRITE` instructions are supposed to be able read or write multiple samples, indicated by the `insn->n` value, but `insn_rw_emulate_bits()` currently only handles a single sample. For `INSN_READ`, the comedi core will copy `insn->n` samples back to user-space. (That triggered KASAN kernel-infoleak errors when `insn->n` was greater than 1, but that is being fixed more generally elsewhere in the comedi core.) Make `insn_rw_emulate_bits()` either handle `insn->n` samples, or return an error, to conform to the general expectation for `INSN_READ` and `INSN_WRITE` handlers. Fixes: ed9eccbe8970 ("Staging: add comedi core") Cc: stable <stable(a)kernel.org> # 5.13+ Signed-off-by: Ian Abbott <abbotti(a)mev.co.uk> Link: https://lore.kernel.org/r/20250725141034.87297-1-abbotti@mev.co.uk Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Andrey Troshin: backport fix from drivers/comedi/drivers.c to drivers/staging/comedi/drivers.c.] Signed-off-by: Andrey Troshin <drtrosh(a)yandex-team.ru> --- Backport fix for CVE-2025-39686 Link: https://nvd.nist.gov/vuln/detail/CVE-2025-39686 --- drivers/staging/comedi/drivers.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/drivers/staging/comedi/drivers.c b/drivers/staging/comedi/drivers.c index fd098e62a308..816225d1e1a4 100644 --- a/drivers/staging/comedi/drivers.c +++ b/drivers/staging/comedi/drivers.c @@ -620,11 +620,9 @@ static int insn_rw_emulate_bits(struct comedi_device *dev, unsigned int chan = CR_CHAN(insn->chanspec); unsigned int base_chan = (chan < 32) ? 0 : chan; unsigned int _data[2]; + unsigned int i; int ret; - if (insn->n == 0) - return 0; - memset(_data, 0, sizeof(_data)); memset(&_insn, 0, sizeof(_insn)); _insn.insn = INSN_BITS; @@ -635,18 +633,21 @@ static int insn_rw_emulate_bits(struct comedi_device *dev, if (insn->insn == INSN_WRITE) { if (!(s->subdev_flags & SDF_WRITABLE)) return -EINVAL; - _data[0] = 1U << (chan - base_chan); /* mask */ - _data[1] = data[0] ? (1U << (chan - base_chan)) : 0; /* bits */ + _data[0] = 1U << (chan - base_chan); /* mask */ } + for (i = 0; i < insn->n; i++) { + if (insn->insn == INSN_WRITE) + _data[1] = data[i] ? _data[0] : 0; /* bits */ - ret = s->insn_bits(dev, s, &_insn, _data); - if (ret < 0) - return ret; + ret = s->insn_bits(dev, s, &_insn, _data); + if (ret < 0) + return ret; - if (insn->insn == INSN_READ) - data[0] = (_data[1] >> (chan - base_chan)) & 1; + if (insn->insn == INSN_READ) + data[i] = (_data[1] >> (chan - base_chan)) & 1; + } - return 1; + return insn->n; } static int __comedi_device_postconfig_async(struct comedi_device *dev, -- 2.34.1

1 week

1
0
0 0

[PATCH v2 06/14] iommu/mediatek: fix device leaks on probe()

by Johan Hovold

Make sure to drop the references taken to the larb devices during probe on probe failure (e.g. probe deferral) and on driver unbind. Note that commit 26593928564c ("iommu/mediatek: Add error path for loop of mm_dts_parse") fixed the leaks in a couple of error paths, but the references are still leaking on success and late failures. Fixes: 0df4fabe208d ("iommu/mediatek: Add mt8173 IOMMU driver") Cc: stable(a)vger.kernel.org # 4.6 Cc: Yong Wu <yong.wu(a)mediatek.com> Acked-by: Robin Murphy <robin.murphy(a)arm.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/iommu/mtk_iommu.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/drivers/iommu/mtk_iommu.c b/drivers/iommu/mtk_iommu.c index 8d8e85186188..20a5ba80f983 100644 --- a/drivers/iommu/mtk_iommu.c +++ b/drivers/iommu/mtk_iommu.c @@ -1216,13 +1216,17 @@ static int mtk_iommu_mm_dts_parse(struct device *dev, struct component_match **m platform_device_put(plarbdev); } - if (!frst_avail_smicomm_node) - return -EINVAL; + if (!frst_avail_smicomm_node) { + ret = -EINVAL; + goto err_larbdev_put; + } pcommdev = of_find_device_by_node(frst_avail_smicomm_node); of_node_put(frst_avail_smicomm_node); - if (!pcommdev) - return -ENODEV; + if (!pcommdev) { + ret = -ENODEV; + goto err_larbdev_put; + } data->smicomm_dev = &pcommdev->dev; link = device_link_add(data->smicomm_dev, dev, @@ -1230,7 +1234,8 @@ static int mtk_iommu_mm_dts_parse(struct device *dev, struct component_match **m platform_device_put(pcommdev); if (!link) { dev_err(dev, "Unable to link %s.\n", dev_name(data->smicomm_dev)); - return -EINVAL; + ret = -EINVAL; + goto err_larbdev_put; } return 0; @@ -1402,8 +1407,12 @@ static int mtk_iommu_probe(struct platform_device *pdev) iommu_device_sysfs_remove(&data->iommu); out_list_del: list_del(&data->list); - if (MTK_IOMMU_IS_TYPE(data->plat_data, MTK_IOMMU_TYPE_MM)) + if (MTK_IOMMU_IS_TYPE(data->plat_data, MTK_IOMMU_TYPE_MM)) { device_link_remove(data->smicomm_dev, dev); + + for (i = 0; i < MTK_LARB_NR_MAX; i++) + put_device(data->larb_imu[i].dev); + } out_runtime_disable: pm_runtime_disable(dev); return ret; @@ -1423,6 +1432,9 @@ static void mtk_iommu_remove(struct platform_device *pdev) if (MTK_IOMMU_IS_TYPE(data->plat_data, MTK_IOMMU_TYPE_MM)) { device_link_remove(data->smicomm_dev, &pdev->dev); component_master_del(&pdev->dev, &mtk_iommu_com_ops); + + for (i = 0; i < MTK_LARB_NR_MAX; i++) + put_device(data->larb_imu[i].dev); } pm_runtime_disable(&pdev->dev); for (i = 0; i < data->plat_data->banks_num; i++) { -- 2.49.1

1 week

2
2
0 0

[PATCH v3 14/14] iommu/tegra: fix device leak on probe_device()

by Johan Hovold

Make sure to drop the reference taken to the iommu platform device when looking up its driver data during probe_device(). Note that commit 9826e393e4a8 ("iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find") fixed the leak in an error path, but the reference is still leaking on success. Fixes: 891846516317 ("memory: Add NVIDIA Tegra memory controller support") Cc: stable(a)vger.kernel.org # 3.19: 9826e393e4a8 Cc: Miaoqian Lin <linmq006(a)gmail.com> Acked-by: Robin Murphy <robin.murphy(a)arm.com> Acked-by: Thierry Reding <treding(a)nvidia.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/iommu/tegra-smmu.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/iommu/tegra-smmu.c b/drivers/iommu/tegra-smmu.c index 36cdd5fbab07..f6f26a072820 100644 --- a/drivers/iommu/tegra-smmu.c +++ b/drivers/iommu/tegra-smmu.c @@ -830,10 +830,9 @@ static struct tegra_smmu *tegra_smmu_find(struct device_node *np) return NULL; mc = platform_get_drvdata(pdev); - if (!mc) { - put_device(&pdev->dev); + put_device(&pdev->dev); + if (!mc) return NULL; - } return mc->smmu; } -- 2.49.1

1 week

1
0
0 0

[PATCH v3 13/14] iommu/sun50i: fix device leak on of_xlate()

by Johan Hovold

Make sure to drop the reference taken to the iommu platform device when looking up its driver data during of_xlate(). Fixes: 4100b8c229b3 ("iommu: Add Allwinner H6 IOMMU driver") Cc: stable(a)vger.kernel.org # 5.8 Cc: Maxime Ripard <mripard(a)kernel.org> Acked-by: Robin Murphy <robin.murphy(a)arm.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/iommu/sun50i-iommu.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iommu/sun50i-iommu.c b/drivers/iommu/sun50i-iommu.c index de10b569d9a9..6306570d57db 100644 --- a/drivers/iommu/sun50i-iommu.c +++ b/drivers/iommu/sun50i-iommu.c @@ -839,6 +839,8 @@ static int sun50i_iommu_of_xlate(struct device *dev, dev_iommu_priv_set(dev, platform_get_drvdata(iommu_pdev)); + put_device(&iommu_pdev->dev); + return iommu_fwspec_add_ids(dev, &id, 1); } -- 2.49.1

1 week

1
0
0 0

[PATCH v3 11/14] iommu/omap: fix device leaks on probe_device()

by Johan Hovold

Make sure to drop the references taken to the iommu platform devices when looking up their driver data during probe_device(). Note that the arch data device pointer added by commit 604629bcb505 ("iommu/omap: add support for late attachment of iommu devices") has never been used. Remove it to underline that the references are not needed. Fixes: 9d5018deec86 ("iommu/omap: Add support to program multiple iommus") Fixes: 7d6827748d54 ("iommu/omap: Fix iommu archdata name for DT-based devices") Cc: stable(a)vger.kernel.org # 3.18 Cc: Suman Anna <s-anna(a)ti.com> Acked-by: Robin Murphy <robin.murphy(a)arm.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/iommu/omap-iommu.c | 2 +- drivers/iommu/omap-iommu.h | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/iommu/omap-iommu.c b/drivers/iommu/omap-iommu.c index 5c6f5943f44b..c0315c86cd18 100644 --- a/drivers/iommu/omap-iommu.c +++ b/drivers/iommu/omap-iommu.c @@ -1675,6 +1675,7 @@ static struct iommu_device *omap_iommu_probe_device(struct device *dev) } oiommu = platform_get_drvdata(pdev); + put_device(&pdev->dev); if (!oiommu) { of_node_put(np); kfree(arch_data); @@ -1682,7 +1683,6 @@ static struct iommu_device *omap_iommu_probe_device(struct device *dev) } tmp->iommu_dev = oiommu; - tmp->dev = &pdev->dev; of_node_put(np); } diff --git a/drivers/iommu/omap-iommu.h b/drivers/iommu/omap-iommu.h index 27697109ec79..50b39be61abc 100644 --- a/drivers/iommu/omap-iommu.h +++ b/drivers/iommu/omap-iommu.h @@ -88,7 +88,6 @@ struct omap_iommu { /** * struct omap_iommu_arch_data - omap iommu private data * @iommu_dev: handle of the OMAP iommu device - * @dev: handle of the iommu device * * This is an omap iommu private data object, which binds an iommu user * to its iommu device. This object should be placed at the iommu user's @@ -97,7 +96,6 @@ struct omap_iommu { */ struct omap_iommu_arch_data { struct omap_iommu *iommu_dev; - struct device *dev; }; struct cr_regs { -- 2.49.1

1 week

1
0
0 0

[PATCH v3 04/14] iommu/ipmmu-vmsa: fix device leak on of_xlate()

by Johan Hovold

Make sure to drop the reference taken to the iommu platform device when looking up its driver data during of_xlate(). Fixes: 7b2d59611fef ("iommu/ipmmu-vmsa: Replace local utlb code with fwspec ids") Cc: stable(a)vger.kernel.org # 4.14 Cc: Magnus Damm <damm+renesas(a)opensource.se> Acked-by: Robin Murphy <robin.murphy(a)arm.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/iommu/ipmmu-vmsa.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iommu/ipmmu-vmsa.c b/drivers/iommu/ipmmu-vmsa.c index ffa892f65714..02a2a55ffa0a 100644 --- a/drivers/iommu/ipmmu-vmsa.c +++ b/drivers/iommu/ipmmu-vmsa.c @@ -720,6 +720,8 @@ static int ipmmu_init_platform_device(struct device *dev, dev_iommu_priv_set(dev, platform_get_drvdata(ipmmu_pdev)); + put_device(&ipmmu_pdev->dev); + return 0; } -- 2.49.1

1 week

1
0
0 0

[PATCH v3 03/14] iommu/exynos: fix device leak on of_xlate()

by Johan Hovold

Make sure to drop the reference taken to the iommu platform device when looking up its driver data during of_xlate(). Note that commit 1a26044954a6 ("iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate()") fixed the leak in a couple of error paths, but the reference is still leaking on success. Fixes: aa759fd376fb ("iommu/exynos: Add callback for initializing devices from device tree") Cc: stable(a)vger.kernel.org # 4.2: 1a26044954a6 Cc: Yu Kuai <yukuai3(a)huawei.com> Acked-by: Robin Murphy <robin.murphy(a)arm.com> Acked-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/iommu/exynos-iommu.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/drivers/iommu/exynos-iommu.c b/drivers/iommu/exynos-iommu.c index b6edd178fe25..ce9e935cb84c 100644 --- a/drivers/iommu/exynos-iommu.c +++ b/drivers/iommu/exynos-iommu.c @@ -1446,17 +1446,14 @@ static int exynos_iommu_of_xlate(struct device *dev, return -ENODEV; data = platform_get_drvdata(sysmmu); - if (!data) { - put_device(&sysmmu->dev); + put_device(&sysmmu->dev); + if (!data) return -ENODEV; - } if (!owner) { owner = kzalloc(sizeof(*owner), GFP_KERNEL); - if (!owner) { - put_device(&sysmmu->dev); + if (!owner) return -ENOMEM; - } INIT_LIST_HEAD(&owner->controllers); mutex_init(&owner->rpm_lock); -- 2.49.1

1 week

1
0
0 0

[PATCH v3 02/14] iommu/qcom: fix device leak on of_xlate()

by Johan Hovold

Make sure to drop the reference taken to the iommu platform device when looking up its driver data during of_xlate(). Note that commit e2eae09939a8 ("iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate()") fixed the leak in a couple of error paths, but the reference is still leaking on success and late failures. Fixes: 0ae349a0f33f ("iommu/qcom: Add qcom_iommu") Cc: stable(a)vger.kernel.org # 4.14: e2eae09939a8 Cc: Rob Clark <robin.clark(a)oss.qualcomm.com> Cc: Yu Kuai <yukuai3(a)huawei.com> Acked-by: Robin Murphy <robin.murphy(a)arm.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/iommu/arm/arm-smmu/qcom_iommu.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/drivers/iommu/arm/arm-smmu/qcom_iommu.c b/drivers/iommu/arm/arm-smmu/qcom_iommu.c index c5be95e56031..9c1166a3af6c 100644 --- a/drivers/iommu/arm/arm-smmu/qcom_iommu.c +++ b/drivers/iommu/arm/arm-smmu/qcom_iommu.c @@ -565,14 +565,14 @@ static int qcom_iommu_of_xlate(struct device *dev, qcom_iommu = platform_get_drvdata(iommu_pdev); + put_device(&iommu_pdev->dev); + /* make sure the asid specified in dt is valid, so we don't have * to sanity check this elsewhere: */ if (WARN_ON(asid > qcom_iommu->max_asid) || - WARN_ON(qcom_iommu->ctxs[asid] == NULL)) { - put_device(&iommu_pdev->dev); + WARN_ON(qcom_iommu->ctxs[asid] == NULL)) return -EINVAL; - } if (!dev_iommu_priv_get(dev)) { dev_iommu_priv_set(dev, qcom_iommu); @@ -581,10 +581,8 @@ static int qcom_iommu_of_xlate(struct device *dev, * multiple different iommu devices. Multiple context * banks are ok, but multiple devices are not: */ - if (WARN_ON(qcom_iommu != dev_iommu_priv_get(dev))) { - put_device(&iommu_pdev->dev); + if (WARN_ON(qcom_iommu != dev_iommu_priv_get(dev))) return -EINVAL; - } } return iommu_fwspec_add_ids(dev, &asid, 1); -- 2.49.1

1 week

1
0
0 0

[PATCH v3 01/14] iommu/apple-dart: fix device leak on of_xlate()

by Johan Hovold

Make sure to drop the reference taken to the iommu platform device when looking up its driver data during of_xlate(). Fixes: 46d1fb072e76 ("iommu/dart: Add DART iommu driver") Cc: stable(a)vger.kernel.org # 5.15 Cc: Sven Peter <sven(a)kernel.org> Acked-by: Robin Murphy <robin.murphy(a)arm.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/iommu/apple-dart.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iommu/apple-dart.c b/drivers/iommu/apple-dart.c index 95a4e62b8f63..9804022c7f59 100644 --- a/drivers/iommu/apple-dart.c +++ b/drivers/iommu/apple-dart.c @@ -802,6 +802,8 @@ static int apple_dart_of_xlate(struct device *dev, struct apple_dart *cfg_dart; int i, sid; + put_device(&iommu_pdev->dev); + if (args->args_count != 1) return -EINVAL; sid = args->args[0]; -- 2.49.1

1 week

1
0
0 0

ORDER 8745631

by Mrs. Diana Owen

Greetings, I hope this email finds you well. I am Mrs. Diana Owen contacting you from Reality Trading Group Ltd India. . As a new growing company, we are looking for reliable company of your product as seen in your website for urgent purchase order basis. Could you please give me more details and specification of your products. We also need your products catalog, MOQ, Production Lead Time and Unit price? Best Regards, Mrs. Diana Owen Purchase Manager Company: Reality Trading Group Ltd

1 week

1
0
0 0

Re: [PATCH v4 15/19] lib/crc32: make crc32c() go directly to lib

by Askar Safin

Eric Biggers <ebiggers(a)kernel.org>: > Now that the lower level __crc32c_le() library function is optimized for This patch (i. e. 38a9a5121c3b ("lib/crc32: make crc32c() go directly to lib")) solves actual bug I found in practice. So, please, backport it to stable kernels. I did bisect. It is possible to apply this patch on top of v6.12.48 without conflicts. The bug actually prevents me for using my system (more details below). Here is steps to reproduce bug I noticed. Build kernel so: $ cat /tmp/mini CONFIG_64BIT=y CONFIG_PRINTK=y CONFIG_SERIAL_8250=y CONFIG_TTY=y CONFIG_SERIAL_8250_CONSOLE=y CONFIG_BLK_DEV_INITRD=y CONFIG_RD_GZIP=y CONFIG_BINFMT_ELF=y CONFIG_BINFMT_SCRIPT=y CONFIG_PROC_FS=y CONFIG_SYSFS=y CONFIG_DEVTMPFS=y CONFIG_MODULES=y CONFIG_BTRFS_FS=m CONFIG_MODULE_COMPRESS=y CONFIG_MODULE_COMPRESS_XZ=y CONFIG_MODULE_COMPRESS_ALL=y CONFIG_MODULE_DECOMPRESS=y CONFIG_PRINTK_TIME=y $ make allnoconfig KCONFIG_ALLCONFIG=/tmp/mini $ make Then create initramfs, which contains statically built busybox (I used busybox v1.37.0 (Debian 1:1.37.0-6+b3)) and modules we just created. Then run Qemu using command line similar to this: qemu-system-x86_64 -kernel arch/x86/boot/bzImage -initrd i.gz -append 'console=ttyS0 panic=1 rdinit=/bin/busybox sh' -m 256 -no-reboot -enable-kvm -serial stdio -display none Then in busybox shell type this: # mkdir /proc # busybox mount -t proc proc /proc # modprobe btrfs On buggy kernels I get this output: # modprobe btrfs [ 19.614228] raid6: skipped pq benchmark and selected sse2x4 [ 19.614638] raid6: using intx1 recovery algorithm [ 19.616569] xor: measuring software checksum speed [ 19.616937] prefetch64-sse : 42616 MB/sec [ 19.617270] generic_sse : 41320 MB/sec [ 19.617531] xor: using function: prefetch64-sse (42616 MB/sec) [ 19.619731] Invalid ELF header magic: != ELF modprobe: can't load module libcrc32c (kernel/lib/libcrc32c.ko.xz): unknown symbol in module, or unknown parameter The bug is reproducible on all kernels from v6.12 until this commit. And it is not reproducible on all kernels, which contain this commit. I found this using bisect. This bug actually breaks my workflow. I have btrfs as root filesystem. Initramfs, generated by Debian, doesn't suit my needs. So I'm going to create my own initramfs from scratch. (Note that I use Debian Trixie, which has v6.12.48 kernel.) During testing this initramfs in Qemu I noticed that command "modprobe btrfs" fails with error given above. (I not yet tried to test this initramfs on real hardware.) So, this bug actually breaks my workflow. So, please backport this patch (i. e. 38a9a5121c3b ("lib/crc32: make crc32c() go directly to lib")) to stable kernels. I tested that this patch can be applied without conflicts on top of v6.12.48, and this patch indeed fixes the bug for v6.12.48. If you want, I can give more info. It is possible that this is in fact bug in busybox, not in Linux. But still I think that backporting this patch is good idea. This busybox thread my be related: https://lists.busybox.net/pipermail/busybox/2023-May/090309.html -- Askar Safin

1 week, 1 day

2
2
0 0

Alliance Ad

by Almus

1 week, 1 day

1
0
0 0

[PATCH 6.12 000/277] 6.12.54-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.54 release. There are 277 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 19 Oct 2025 14:50:59 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.54-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.54-rc1 Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ASoC: SOF: ipc4-pcm: fix start offset calculation for chain DMA Olga Kornievskaia <okorniev(a)redhat.com> nfsd: fix access checking for NLM under XPRTSEC policies Olga Kornievskaia <okorniev(a)redhat.com> nfsd: fix __fh_verify for localio Ian Rogers <irogers(a)google.com> perf test stat: Avoid hybrid assumption when virtualized K Prateek Nayak <kprateek.nayak(a)amd.com> sched/fair: Block delayed tasks on throttled hierarchy during dequeue Jan Kara <jack(a)suse.cz> writeback: Avoid excessively long inode switching times Jan Kara <jack(a)suse.cz> writeback: Avoid softlockup when switching many inodes Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> cramfs: Verify inode mode when loading from disk Lichen Liu <lichliu(a)redhat.com> fs: Add 'initramfs_options' to set initramfs mount options Oleg Nesterov <oleg(a)redhat.com> pid: make __task_pid_nr_ns(ns => NULL) safe for zombie callers gaoxiang17 <gaoxiang17(a)xiaomi.com> pid: Add a judgment for ns null in pid_nr_ns Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> minixfs: Verify inode mode when loading from disk Miklos Szeredi <mszeredi(a)redhat.com> copy_file_range: limit size if in compat mode Lucas Zampieri <lzampier(a)redhat.com> irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume Hongbo Li <lihongbo22(a)huawei.com> irqchip/sifive-plic: Make use of __assign_bit() Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Write back tail call counter for BPF_PSEUDO_CALL Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Describe the frame using a struct instead of constants Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Centralize frame offset calculations Lance Yang <lance.yang(a)linux.dev> mm/rmap: fix soft-dirty and uffd-wp bit loss when remapping zero-filled mTHP subpage to shared zeropage Guenter Roeck <linux(a)roeck-us.net> ipmi: Fix handling of messages with provided receive message pointer Corey Minyard <corey(a)minyard.net> ipmi: Rework user message limit handling Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: in-kernel: usable client side with C-flag Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: property: Do not pass NULL handles to acpi_attach_data() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: property: Add code comments explaining what is going on Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: property: Disregard references in data-only subnode lists Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: battery: Add synchronization between interface updates Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: battery: Check for error code from devm_mutex_init() call Thomas Weißschuh <linux(a)weissschuh.net> ACPI: battery: initialize mutexes through devm_ APIs Thomas Weißschuh <linux(a)weissschuh.net> ACPI: battery: allocate driver data through devm_ APIs Olga Kornievskaia <okorniev(a)redhat.com> nfsd: unregister with rpcbind when deleting a transport NeilBrown <neilb(a)suse.de> nfsd: don't use sv_nrthreads in connection limiting calculations. NeilBrown <neilb(a)suse.de> nfsd: refine and rename NFSD_MAY_LOCK Chuck Lever <chuck.lever(a)oracle.com> NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock() Pali Rohár <pali(a)kernel.org> nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT Sean Christopherson <seanjc(a)google.com> x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not flag the zero page as PG_mte_tagged Christian Brauner <brauner(a)kernel.org> statmount: don't call path_put() under namespace semaphore Borislav Petkov (AMD) <bp(a)alien8.de> KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency Qu Wenruo <wqu(a)suse.com> btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() Hans de Goede <hansg(a)kernel.org> mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type Hans de Goede <hdegoede(a)redhat.com> mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ASoC: SOF: ipc4-pcm: fix delay calculation when DSP resamples Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-pcm: Enable delay reporting for ChainDMA streams Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release Wang Jiang <jiangwang(a)kylinos.cn> PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() Donet Tom <donettom(a)linux.ibm.com> mm/ksm: fix incorrect KSM counter handling in mm_struct during fork Yuan Chen <chenyuan(a)kylinos.cn> tracing: Fix race condition in kprobe initialization causing NULL pointer dereference Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: reject negative file sizes in squashfs_read_inode() Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: add additional inode sanity checking Edward Adam Davis <eadavis(a)qq.com> media: mc: Clear minor number before put device Lance Yang <lance.yang(a)linux.dev> selftests/mm: skip soft-dirty tests when CONFIG_MEM_SOFT_DIRTY is disabled Nathan Chancellor <nathan(a)kernel.org> lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older Jan Kara <jack(a)suse.cz> ext4: free orphan info with kvfree Huacai Chen <chenhuacai(a)kernel.org> ACPICA: Allow to skip Global Lock initialization Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: validate ea_ino and size in check_xattrs Ahmet Eray Karadag <eraykrdg1(a)gmail.com> ext4: guard against EA inode refcount underflow in xattr update Zhang Yi <yi.zhang(a)huawei.com> ext4: fix an off-by-one issue during moving extents Theodore Ts'o <tytso(a)mit.edu> ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: correctly handle queries for metadata mappings Yongjian Sun <sunyongjian1(a)huawei.com> ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Jan Kara <jack(a)suse.cz> ext4: verify orphan file size is not too big Baokun Li <libaokun1(a)huawei.com> ext4: add ext4_sb_bread_nofail() helper function for ext4_free_branches() Olga Kornievskaia <okorniev(a)redhat.com> nfsd: nfserr_jukebox in nlm_fopen should lead to a retry Thorsten Blum <thorsten.blum(a)linux.dev> NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() SeongJae Park <sj(a)kernel.org> mm/damon/lru_sort: use param_ctx for damon_attrs staging SeongJae Park <sj(a)kernel.org> mm/damon/vaddr: do not repeat pte_offset_map_lock() until success Li RongQing <lirongqing(a)baidu.com> mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations Lance Yang <lance.yang(a)linux.dev> mm/thp: fix MTE tag mismatch when replacing zero-filled subpages Nick Morrow <morrownr(a)gmail.com> wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 Nick Morrow <morrownr(a)gmail.com> wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 Muhammad Usama Anjum <usama.anjum(a)collabora.com> wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Suren Baghdasaryan <surenb(a)google.com> slab: mark slab->obj_exts allocation failures unconditionally Suren Baghdasaryan <surenb(a)google.com> slab: prevent warnings when slab obj_exts vector allocation fails Heiko Carstens <hca(a)linux.ibm.com> s390: Add -Wno-pointer-sign to KBUILD_CFLAGS_DECOMPRESSOR Jaehoon Kim <jhkim(a)linux.ibm.com> s390/dasd: Return BLK_STS_INVAL for EINVAL from do_dasd_request Jaehoon Kim <jhkim(a)linux.ibm.com> s390/dasd: enforce dma_alignment to ensure proper buffer validation Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: validate C-flag + def limit Sean Christopherson <seanjc(a)google.com> x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) Sean Christopherson <seanjc(a)google.com> x86/umip: Check that the instruction opcode is at least two bytes Xin Li (Intel) <xin(a)zytor.com> x86/fred: Remove ENDBR64 from FRED entry points Santhosh Kumar K <s-k6(a)ti.com> spi: cadence-quadspi: Fix cqspi_setup_flash() Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before DAC access Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before INDAC access Niklas Cassel <cassel(a)kernel.org> PCI: tegra194: Reset BARs when running in PCIe endpoint mode Vidya Sagar <vidyas(a)nvidia.com> PCI: tegra194: Handle errors in BPMP response Niklas Cassel <cassel(a)kernel.org> PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-host: Drop PMSR spinlock Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-gen4: Fix PHY initialization Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: j721e: Fix programming sequence of "strap" settings Lukas Wunner <lukas(a)wunner.de> PCI/AER: Support errors introduced by PCIe r6.0 Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/AER: Fix missing uevent on recovery when a reset is requested Lukas Wunner <lukas(a)wunner.de> PCI/ERR: Fix uevent on failure to recover Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV Brian Norris <briannorris(a)google.com> PCI/sysfs: Ensure devices are powered for config reads Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock Jani Nurminen <jani.nurminen(a)windriver.com> PCI: xilinx-nwl: Fix ECAM programming Sean Christopherson <seanjc(a)google.com> rseq/selftests: Use weak symbol reference, not definition, to link with glibc Esben Haabendal <esben(a)geanix.com> rtc: interface: Fix long-standing race when setting alarm Esben Haabendal <esben(a)geanix.com> rtc: interface: Ensure alarm irq is enabled when UIE is enabled Zhen Ni <zhen.ni(a)easystack.cn> memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe Rex Chen <rex.chen_1(a)nxp.com> mmc: mmc_spi: multiple block read remove read crc ack Rex Chen <rex.chen_1(a)nxp.com> mmc: core: SPI mode remove cmd7 Linus Walleij <linus.walleij(a)linaro.org> mtd: rawnand: fsmc: Default to autodetect buswidth Alexander Lobakin <aleksander.lobakin(a)intel.com> xsk: Harden userspace-supplied xdp_desc validation Miaoqian Lin <linmq006(a)gmail.com> xtensa: simdisk: add input size check in proc_write_simdisk Ma Ke <make24(a)iscas.ac.cn> sparc: fix error handling in scan_one_device() Anthony Yznaga <anthony.yznaga(a)oracle.com> sparc64: fix hugetlb for sun4u Eric Biggers <ebiggers(a)kernel.org> sctp: Fix MAC comparison to be constant-time Abinash Singh <abinashsinghlalotra(a)gmail.com> scsi: sd: Fix build warning in sd_revalidate_disk() Thorsten Blum <thorsten.blum(a)linux.dev> scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() Harshit Agarwal <harshit(a)nutanix.com> sched/deadline: Fix race in push_dl_task() Corey Minyard <corey(a)minyard.net> Revert "ipmi: fix msg stack when IPMI is disconnected" Jisheng Zhang <jszhang(a)kernel.org> pwm: berlin: Fix wrong register in suspend/resume Nam Cao <namcao(a)linutronix.de> powerpc/pseries/msi: Fix potential underflow and leak issue Nam Cao <namcao(a)linutronix.de> powerpc/powernv/pci: Fix underflow and leak issue Dzmitry Sankouski <dsankouski(a)gmail.com> power: supply: max77976_charger: fix constant current reporting Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> pinctrl: samsung: Drop unused S3C24xx driver data Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk John David Anglin <dave.anglin(a)bell.net> parisc: Remove spurious if statement from raw_copy_from_user() Sam James <sam(a)gentoo.org> parisc: don't reference obsolete termio struct for TC* constants Askar Safin <safinaskar(a)zohomail.com> openat2: don't trigger automounts with RESOLVE_NO_XDEV Ma Ke <make24(a)iscas.ac.cn> of: unittest: Fix device reference count leak in of_unittest_pci_node_verify Li Chen <me(a)linux.beauty> loop: fix backing file reference leak on validation error Johan Hovold <johan(a)kernel.org> lib/genalloc: fix device leak in of_gen_pool_get() Eric Biggers <ebiggers(a)kernel.org> KEYS: trusted_tpm1: Compare HMAC values in constant time Oleg Nesterov <oleg(a)redhat.com> kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: PRS isn't usable if PDS isn't supported Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume Huacai Chen <chenhuacai(a)kernel.org> init: handle bootloader identifier in kernel parameters Sean Anderson <sean.anderson(a)linux.dev> iio: xilinx-ams: Unmask interrupts after updating alarms Sean Anderson <sean.anderson(a)linux.dev> iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix prescaler usage. Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5421: use int type to store negative error codes Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5360: use int type to store negative error codes Aleksandar Gerasimovski <aleksandar.gerasimovski(a)belden.com> iio/adc/pac1934: fix channel disable configuration Darrick J. Wong <djwong(a)kernel.org> fuse: fix livelock in synchronous file put from fuseblk workers Miklos Szeredi <mszeredi(a)redhat.com> fuse: fix possibly missing fuse_copy_finish() call in fuse_notify() Shashank A P <shashank.ap(a)samsung.com> fs: quota: create dedicated workqueue for quota_release_work Haoxiang Li <haoxiang_li2024(a)163.com> fs/ntfs3: Fix a resource leak bug in wnd_extend() Finn Thain <fthain(a)linux-m68k.org> fbdev: Fix logic error in "offb" name match Nam Cao <namcao(a)linutronix.de> eventpoll: Replace rwlock with spinlock Thomas Fourier <fourier.thomas(a)gmail.com> crypto: rockchip - Fix dma_unmap_sg() nents value Thomas Fourier <fourier.thomas(a)gmail.com> crypto: atmel - Fix dma_unmap_sg() direction Thomas Fourier <fourier.thomas(a)gmail.com> crypto: aspeed - Fix dma_unmap_sg() direction Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() Simon Schuster <schuster.simon(a)siemens-energy.com> copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) Abel Vesa <abel.vesa(a)linaro.org> clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk Adam Xue <zxue(a)semtech.com> bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() Sumit Kumar <sumit.kumar(a)oss.qualcomm.com> bus: mhi: ep: Fix chained transfer handling in read path Anderson Nascimento <anderson(a)allelesecurity.com> btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Yu Kuai <yukuai3(a)huawei.com> blk-crypto: fix missing blktrace bio split events Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Enable Dynamic DTBCLK Switch Matthew Auld <matthew.auld(a)intel.com> drm/xe/uapi: loosen used tracking restriction Shuhao Fu <sfual(a)cse.ust.hk> drm/nouveau: fix bad ret code in nouveau_bo_move_prep Marek Vasut <marek.vasut+renesas(a)mailbox.org> drm/rcar-du: dsi: Fix 1/2/3 lane support Jann Horn <jannh(a)google.com> drm/panthor: Fix memory leak in panthor_ioctl_group_create() Ma Ke <make24(a)iscas.ac.cn> media: lirc: Fix error handling in lirc_register() Jai Luthra <jai.luthra(a)ideasonboard.com> media: ti: j721e-csi2rx: Fix source subdev link creation Jai Luthra <jai.luthra(a)ideasonboard.com> media: ti: j721e-csi2rx: Use devm_of_platform_populate Hans Verkuil <hverkuil+cisco(a)kernel.org> media: vivid: fix disappearing <Vendor Command With ID> messages Stephan Gerhold <stephan.gerhold(a)linaro.org> media: venus: firmware: Use correct reset sequence for IRIS2 Arnd Bergmann <arnd(a)arndb.de> media: s5p-mfc: remove an unused/uninitialized variable David Lechner <dlechner(a)baylibre.com> media: pci: mg4b: fix uninitialized iio scan data Thomas Fourier <fourier.thomas(a)gmail.com> media: pci: ivtv: Add missing check after DMA map Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Fix MUST_CONNECT handling for pads with no links Qianfeng Rong <rongqianfeng(a)vivo.com> media: i2c: mt9v111: fix incorrect type for ret Thomas Fourier <fourier.thomas(a)gmail.com> media: cx18: Add missing check after DMA map Randy Dunlap <rdunlap(a)infradead.org> media: cec: extron-da-hd-4k-plus: drop external-module make commands Johan Hovold <johan(a)kernel.org> firmware: meson_sm: fix device leak at probe Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Update virq_to_irq on migration Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Return -EEXIST for bound VIRQs Lukas Wunner <lukas(a)wunner.de> xen/manage: Fix suspend error path Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Cleanup find_virq() return codes Michael Riesch <michael.riesch(a)collabora.com> dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Fix CMN S3 DTM offset Miaoqian Lin <linmq006(a)gmail.com> ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init Alexander Sverdlin <alexander.sverdlin(a)siemens.com> ARM: AM33xx: Implement TI advisory 1.0.36 (EMU0/EMU1 pins state on reset) Yang Shi <yang(a)os.amperecomputing.com> arm64: kprobes: call set_memory_rox() for kprobe page Vibhore Vardhan <vibhore(a)ti.com> arm64: dts: ti: k3-am62a-main: Fix main padcfg length Aleksandrs Vinarskis <alex.vinarskis(a)gmail.com> arm64: dts: qcom: x1e80100-pmics: Disable pm8010 by default Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: msm8939: Add missing MDSS reset Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: msm8916: Add missing MDSS reset Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> ACPI: debug: fix signedness issues in read/write helpers Daniel Tang <danielzgtg.opensource(a)gmail.com> ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: property: Fix buffer properties extraction for subnodes Nathan Chancellor <nathan(a)kernel.org> s390/vmlinux.lds.S: Move .vmlinux.info to end of allocatable sections Alexey Gladkov <legion(a)kernel.org> s390: vmlinux.lds.S: Reorder sections KaFai Wan <kafai.wan(a)linux.dev> bpf: Avoid RCU context warning when unpinning htab with internal structs Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: wcd934x: mark the GPIO controller as sleeping Gunnar Kudrjavets <gunnarku(a)amazon.com> tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single Pali Rohár <pali(a)kernel.org> cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points Paulo Alcantara <pc(a)manguebit.org> smb: client: fix missing timestamp updates after utime(2) Fushuai Wang <wangfushuai(a)baidu.com> cifs: Fix copy_to_iter return value check Herbert Xu <herbert(a)gondor.apana.org.au> crypto: essiv - Check ssize for decryption and in-place encryption Florian Westphal <fw(a)strlen.de> selftests: netfilter: query conntrack state to check for port clash resolution Eric Woudstra <ericwouds(a)gmail.com> bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nft_objref: validate objref and objrefmap expressions Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Properly disable scaling on DCE6 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: Add additional DCE6 SCL registers Jason-JH Lin <jason-jh.lin(a)mediatek.com> mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() Sakari Ailus <sakari.ailus(a)linux.intel.com> mailbox: mtk-cmdq: Switch to pm_runtime_put_autosuspend() Sakari Ailus <sakari.ailus(a)linux.intel.com> mailbox: mtk-cmdq-mailbox: Switch to __pm_runtime_put_autosuspend() Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Fix SGI cleanup on unbind Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call Eric Dumazet <edumazet(a)google.com> tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat() Leo Yan <leo.yan(a)arm.com> perf python: split Clang options when invoking Popen Leo Yan <leo.yan(a)arm.com> tools build: Align warning options with perf Erick Karanja <karanja99erick(a)gmail.com> net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Haotian Zhang <vulab(a)iscas.ac.cn> ice: ice_adapter: release xa entry on adapter allocation failure Duoming Zhou <duoming(a)zju.edu.cn> net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work Kuniyuki Iwashima <kuniyu(a)google.com> tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). Alexandr Sapozhnikov <alsp705(a)gmail.com> net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix copy-paste typo in validation Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Use-after-free in validation Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix a null-ptr access in the cursor snooper Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: Update purge function to unregister the unused subchannels Shuicheng Lin <shuicheng.lin(a)intel.com> drm/xe/hw_engine_group: Fix double write lock release in error path Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Init acpi_gbl_use_global_lock to false Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Add cflag -fno-isolate-erroneous-paths-dereference Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size Duoming Zhou <duoming(a)zju.edu.cn> scsi: mvsas: Fix use-after-free bugs in mvs_work_queue Aaron Kling <webgeek1234(a)gmail.com> cpufreq: tegra186: Set target frequency for all cpus in policy Fedor Pchelkin <pchelkin(a)ispras.ru> clk: tegra: do not overallocate memory for bpmp clocks Alok Tiwari <alok.a.tiwari(a)oracle.com> clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Brian Masney <bmasney(a)redhat.com> clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Chen-Yu Tsai <wenst(a)chromium.org> clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m Ian Rogers <irogers(a)google.com> perf evsel: Ensure the fallback message is always written to Namhyung Kim <namhyung(a)kernel.org> perf tools: Add fallback for exclude_guest James Clark <james.clark(a)linaro.org> perf test: Add a test for default perf stat command Ian Rogers <irogers(a)google.com> perf test: Don't leak workload gopipe in PERF_RECORD_* Leo Yan <leo.yan(a)arm.com> perf session: Fix handling when buffer exceeds 2 GiB Ian Rogers <irogers(a)google.com> perf test shell lbr: Avoid failures with perf event paranoia Namhyung Kim <namhyung(a)kernel.org> perf test: Update sysfs path for core PMU caps Ilkka Koskinen <ilkka(a)os.amperecomputing.com> perf vendor events arm64 AmpereOneX: Fix typo - should be l1d_cache_access_prefetches Leo Yan <leo.yan(a)arm.com> perf arm_spe: Correct memory level for remote access Leo Yan <leo.yan(a)arm.com> perf arm-spe: Rename the common data source encoding Leo Yan <leo.yan(a)arm.com> perf arm_spe: Correct setting remote access Clément Le Goffic <clement.legoffic(a)foss.st.com> rtc: optee: fix memory leak on driver removal Rob Herring (Arm) <robh(a)kernel.org> rtc: x1205: Fix Xicor X1205 vendor prefix Yunseong Kim <ysk(a)kzalloc.com> perf util: Fix compression checks returning -1 as bool Yuan CHen <chenyuan(a)kylinos.cn> clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() Brian Masney <bmasney(a)redhat.com> clk: at91: peripheral: fix return value Dan Carpenter <dan.carpenter(a)linaro.org> clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() Ian Rogers <irogers(a)google.com> libperf event: Ensure tracing data is multiple of 8 sized Ian Rogers <irogers(a)google.com> perf evsel: Avoid container_of on a NULL leader Ian Rogers <irogers(a)google.com> perf test trace_btf_enum: Skip if permissions are insufficient Ian Rogers <irogers(a)google.com> perf disasm: Avoid undefined behavior in incrementing NULL Varad Gautam <varadgautam(a)google.com> asm-generic/io.h: Skip trace helpers if rwmmio events are disabled Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE Sean Christopherson <seanjc(a)google.com> KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 Petr Tesarik <ptesarik(a)suse.com> dma-mapping: fix direction in dma_alloc direction traces Toke Høiland-Jørgensen <toke(a)redhat.com> page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches Zhen Ni <zhen.ni(a)easystack.cn> clocksource/drivers/clps711x: Fix resource leaks in error paths Christian Brauner <brauner(a)kernel.org> listmount: don't call path_put() under namespace semaphore Thomas Gleixner <tglx(a)linutronix.de> rseq: Protect event mask against membarrier IPI Omar Sandoval <osandov(a)fb.com> arm64: map [_text, _stext) virtual address range non-executable+read-only Aleksa Sarai <cyphar(a)cyphar.com> fscontext: do not consume log entries when returning -EMSGSIZE Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> fs: always return zero on success from replace_fd() ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 3 + .../bindings/phy/rockchip-inno-csi-dphy.yaml | 15 +- Makefile | 4 +- arch/arm/mach-omap2/am33xx-restart.c | 36 ++ arch/arm/mach-omap2/pm33xx-core.c | 6 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 + arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 + arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 +- arch/arm64/boot/dts/qcom/x1e80100-pmics.dtsi | 2 + arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 2 +- arch/arm64/kernel/cpufeature.c | 10 +- arch/arm64/kernel/mte.c | 3 +- arch/arm64/kernel/pi/map_kernel.c | 6 + arch/arm64/kernel/probes/kprobes.c | 12 + arch/arm64/kernel/setup.c | 4 +- arch/arm64/mm/init.c | 2 +- arch/arm64/mm/mmu.c | 14 +- arch/loongarch/Makefile | 2 +- arch/loongarch/kernel/setup.c | 1 + arch/parisc/include/uapi/asm/ioctls.h | 8 +- arch/parisc/lib/memcpy.c | 1 - arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- arch/powerpc/platforms/pseries/msi.c | 2 +- arch/s390/Makefile | 1 + arch/s390/kernel/vmlinux.lds.S | 54 +-- arch/s390/net/bpf_jit.h | 55 --- arch/s390/net/bpf_jit_comp.c | 139 ++++--- arch/sparc/kernel/of_device_32.c | 1 + arch/sparc/kernel/of_device_64.c | 1 + arch/sparc/mm/hugetlbpage.c | 20 + arch/x86/entry/entry_64_fred.S | 2 +- arch/x86/hyperv/ivm.c | 2 +- arch/x86/include/asm/msr-index.h | 1 + arch/x86/include/asm/mtrr.h | 10 +- arch/x86/kernel/cpu/mtrr/generic.c | 6 +- arch/x86/kernel/cpu/mtrr/mtrr.c | 2 +- arch/x86/kernel/kvm.c | 21 +- arch/x86/kernel/umip.c | 15 +- arch/x86/kvm/cpuid.c | 2 +- arch/x86/kvm/pmu.c | 5 + arch/x86/kvm/svm/pmu.c | 1 + arch/x86/kvm/x86.c | 2 + arch/x86/xen/enlighten_pv.c | 4 +- arch/xtensa/platforms/iss/simdisk.c | 6 +- block/blk-crypto-fallback.c | 3 + crypto/essiv.c | 14 +- drivers/acpi/acpi_dbg.c | 26 +- drivers/acpi/acpi_tad.c | 3 + drivers/acpi/acpica/evglock.c | 4 + drivers/acpi/battery.c | 60 +-- drivers/acpi/property.c | 139 ++++--- drivers/block/loop.c | 8 +- drivers/bus/mhi/ep/main.c | 37 +- drivers/bus/mhi/host/init.c | 5 +- drivers/char/ipmi/ipmi_kcs_sm.c | 16 +- drivers/char/ipmi/ipmi_msghandler.c | 422 ++++++++++----------- drivers/char/tpm/tpm_tis_core.c | 4 +- drivers/clk/at91/clk-peripheral.c | 7 +- drivers/clk/mediatek/clk-mt8195-infra_ao.c | 2 +- drivers/clk/mediatek/clk-mux.c | 4 +- drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 +- drivers/clk/qcom/common.c | 4 +- drivers/clk/qcom/tcsrcc-x1e80100.c | 4 + drivers/clk/renesas/renesas-cpg-mssr.c | 7 +- drivers/clk/tegra/clk-bpmp.c | 2 +- drivers/clocksource/clps711x-timer.c | 23 +- drivers/cpufreq/cpufreq-dt.c | 2 +- drivers/cpufreq/imx6q-cpufreq.c | 2 +- drivers/cpufreq/intel_pstate.c | 8 +- drivers/cpufreq/mediatek-cpufreq-hw.c | 2 +- drivers/cpufreq/scmi-cpufreq.c | 2 +- drivers/cpufreq/scpi-cpufreq.c | 2 +- drivers/cpufreq/spear-cpufreq.c | 2 +- drivers/cpufreq/tegra186-cpufreq.c | 8 +- drivers/crypto/aspeed/aspeed-hace-crypto.c | 2 +- drivers/crypto/atmel-tdes.c | 2 +- drivers/crypto/rockchip/rk3288_crypto_ahash.c | 2 +- drivers/firmware/meson/meson_sm.c | 7 +- drivers/gpio/gpio-wcd934x.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 4 + drivers/gpu/drm/amd/display/dc/dce/dce_transform.c | 21 +- drivers/gpu/drm/amd/display/dc/dce/dce_transform.h | 4 + .../gpu/drm/amd/include/asic_reg/dce/dce_6_0_d.h | 7 + .../drm/amd/include/asic_reg/dce/dce_6_0_sh_mask.h | 2 + drivers/gpu/drm/nouveau/nouveau_bo.c | 2 +- drivers/gpu/drm/panthor/panthor_drv.c | 11 +- drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c | 5 +- .../gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 8 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 17 +- drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 6 +- drivers/gpu/drm/xe/xe_hw_engine_group.c | 6 +- drivers/gpu/drm/xe/xe_query.c | 15 +- drivers/iio/adc/pac1934.c | 20 +- drivers/iio/adc/xilinx-ams.c | 47 ++- drivers/iio/dac/ad5360.c | 2 +- drivers/iio/dac/ad5421.c | 2 +- drivers/iio/frequency/adf4350.c | 20 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 4 - drivers/iommu/intel/iommu.c | 2 +- drivers/irqchip/irq-sifive-plic.c | 13 +- drivers/mailbox/mtk-cmdq-mailbox.c | 12 +- drivers/mailbox/zynqmp-ipi-mailbox.c | 24 +- .../media/cec/usb/extron-da-hd-4k-plus/Makefile | 6 - drivers/media/i2c/mt9v111.c | 2 +- drivers/media/mc/mc-devnode.c | 6 +- drivers/media/mc/mc-entity.c | 2 +- drivers/media/pci/cx18/cx18-queue.c | 13 +- drivers/media/pci/ivtv/ivtv-irq.c | 2 +- drivers/media/pci/ivtv/ivtv-yuv.c | 8 +- drivers/media/pci/mgb4/mgb4_trigger.c | 2 +- drivers/media/platform/qcom/venus/firmware.c | 8 +- .../platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c | 35 +- .../media/platform/ti/j721e-csi2rx/j721e-csi2rx.c | 9 +- drivers/media/rc/lirc_dev.c | 9 +- drivers/media/test-drivers/vivid/vivid-cec.c | 12 +- drivers/memory/samsung/exynos-srom.c | 10 +- drivers/mfd/intel_soc_pmic_chtdc_ti.c | 5 +- drivers/mmc/core/sdio.c | 6 +- drivers/mmc/host/mmc_spi.c | 2 +- drivers/mtd/nand/raw/fsmc_nand.c | 6 +- drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 + drivers/net/ethernet/intel/ice/ice_adapter.c | 10 +- drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 +- drivers/net/ethernet/mscc/ocelot_stats.c | 2 +- drivers/net/wireless/ath/ath11k/core.c | 6 +- drivers/net/wireless/ath/ath11k/hal.c | 16 + drivers/net/wireless/ath/ath11k/hal.h | 1 + drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 3 + drivers/net/wireless/mediatek/mt76/mt7925/usb.c | 3 + drivers/nvme/host/pci.c | 2 + drivers/of/unittest.c | 1 + drivers/pci/controller/cadence/pci-j721e.c | 25 ++ drivers/pci/controller/dwc/pci-keystone.c | 4 +- drivers/pci/controller/dwc/pcie-rcar-gen4.c | 2 +- drivers/pci/controller/dwc/pcie-tegra194.c | 32 +- drivers/pci/controller/pci-tegra.c | 27 +- drivers/pci/controller/pcie-rcar-host.c | 40 +- drivers/pci/controller/pcie-xilinx-nwl.c | 7 +- drivers/pci/endpoint/functions/pci-epf-test.c | 19 +- drivers/pci/iov.c | 5 + drivers/pci/pci-driver.c | 1 + drivers/pci/pci-sysfs.c | 20 +- drivers/pci/pcie/aer.c | 12 +- drivers/pci/pcie/err.c | 8 +- drivers/perf/arm-cmn.c | 9 +- drivers/pinctrl/samsung/pinctrl-samsung.h | 4 - drivers/power/supply/max77976_charger.c | 12 +- drivers/pwm/pwm-berlin.c | 4 +- drivers/rtc/interface.c | 27 ++ drivers/rtc/rtc-optee.c | 1 + drivers/rtc/rtc-x1205.c | 2 +- drivers/s390/block/dasd.c | 17 +- drivers/s390/cio/device.c | 37 +- drivers/scsi/hpsa.c | 21 +- drivers/scsi/mvsas/mv_init.c | 2 +- drivers/scsi/sd.c | 50 +-- drivers/spi/spi-cadence-quadspi.c | 18 +- drivers/video/fbdev/core/fb_cmdline.c | 2 +- drivers/xen/events/events_base.c | 37 +- drivers/xen/manage.c | 3 +- fs/btrfs/export.c | 8 +- fs/btrfs/extent_io.c | 14 +- fs/cramfs/inode.c | 11 +- fs/eventpoll.c | 139 ++----- fs/ext4/ext4.h | 2 + fs/ext4/fsmap.c | 14 +- fs/ext4/indirect.c | 2 +- fs/ext4/inode.c | 10 +- fs/ext4/move_extent.c | 2 +- fs/ext4/orphan.c | 17 +- fs/ext4/super.c | 26 +- fs/ext4/xattr.c | 19 +- fs/file.c | 5 +- fs/fs-writeback.c | 32 +- fs/fsopen.c | 70 ++-- fs/fuse/dev.c | 2 +- fs/fuse/file.c | 8 +- fs/minix/inode.c | 8 +- fs/namei.c | 8 + fs/namespace.c | 106 ++++-- fs/nfs/callback.c | 4 - fs/nfs/callback_xdr.c | 1 + fs/nfsd/export.c | 24 +- fs/nfsd/export.h | 3 +- fs/nfsd/lockd.c | 28 +- fs/nfsd/netns.h | 4 +- fs/nfsd/nfs4proc.c | 4 +- fs/nfsd/nfs4state.c | 6 +- fs/nfsd/nfs4xdr.c | 2 +- fs/nfsd/nfsfh.c | 22 +- fs/nfsd/trace.h | 2 +- fs/nfsd/vfs.c | 14 +- fs/nfsd/vfs.h | 2 +- fs/ntfs3/bitmap.c | 1 + fs/quota/dquot.c | 10 +- fs/read_write.c | 14 +- fs/smb/client/smb1ops.c | 62 ++- fs/smb/client/smb2inode.c | 22 +- fs/smb/client/smb2ops.c | 10 +- fs/squashfs/inode.c | 24 +- include/acpi/acpixf.h | 6 + include/asm-generic/io.h | 98 +++-- include/linux/cpufreq.h | 3 + include/linux/iio/frequency/adf4350.h | 2 +- include/linux/ksm.h | 8 +- include/linux/mm.h | 22 +- include/linux/rseq.h | 11 +- include/linux/sunrpc/svc.h | 2 +- include/linux/sunrpc/svc_xprt.h | 19 + include/media/v4l2-subdev.h | 30 +- include/trace/events/dma.h | 1 + init/main.c | 12 + kernel/bpf/inode.c | 4 +- kernel/fork.c | 2 +- kernel/pid.c | 5 +- kernel/rseq.c | 10 +- kernel/sched/deadline.c | 73 ++-- kernel/sched/fair.c | 9 +- kernel/sys.c | 22 +- kernel/trace/trace_fprobe.c | 11 +- kernel/trace/trace_kprobe.c | 11 +- kernel/trace/trace_probe.h | 9 +- kernel/trace/trace_uprobe.c | 12 +- lib/crypto/Makefile | 4 + lib/genalloc.c | 5 +- mm/damon/lru_sort.c | 2 +- mm/damon/vaddr.c | 8 +- mm/huge_memory.c | 15 +- mm/hugetlb.c | 3 + mm/migrate.c | 23 +- mm/page_alloc.c | 2 +- mm/slab.h | 8 +- mm/slub.c | 3 +- net/bridge/br_vlan.c | 2 +- net/core/filter.c | 2 + net/core/page_pool.c | 76 ++-- net/ipv4/tcp.c | 5 +- net/ipv4/tcp_input.c | 1 - net/mptcp/pm.c | 7 +- net/mptcp/pm_netlink.c | 50 ++- net/mptcp/protocol.h | 8 + net/netfilter/nft_objref.c | 39 ++ net/sctp/sm_make_chunk.c | 3 +- net/sctp/sm_statefuns.c | 6 +- net/sunrpc/svc_xprt.c | 45 ++- net/sunrpc/svcsock.c | 2 + net/xdp/xsk_queue.h | 45 ++- security/keys/trusted-keys/trusted_tpm1.c | 7 +- sound/soc/sof/intel/hda-pcm.c | 29 +- sound/soc/sof/intel/hda-stream.c | 29 +- sound/soc/sof/ipc4-pcm.c | 138 +++++-- sound/soc/sof/ipc4-topology.c | 16 +- sound/soc/sof/ipc4-topology.h | 10 +- tools/build/feature/Makefile | 4 +- tools/lib/perf/include/perf/event.h | 1 + tools/perf/builtin-stat.c | 18 +- .../arch/arm64/ampere/ampereonex/metrics.json | 10 +- tools/perf/tests/perf-record.c | 4 + tools/perf/tests/shell/record_lbr.sh | 29 +- tools/perf/tests/shell/stat.sh | 29 ++ tools/perf/tests/shell/trace_btf_enum.sh | 11 + tools/perf/util/arm-spe-decoder/arm-spe-decoder.h | 18 +- tools/perf/util/arm-spe.c | 34 +- tools/perf/util/disasm.c | 7 +- tools/perf/util/evsel.c | 31 +- tools/perf/util/lzma.c | 2 +- tools/perf/util/session.c | 2 +- tools/perf/util/setup.py | 5 +- tools/perf/util/zlib.c | 2 +- tools/testing/selftests/mm/madv_populate.c | 21 +- tools/testing/selftests/mm/soft-dirty.c | 5 +- tools/testing/selftests/mm/vm_util.c | 77 ++++ tools/testing/selftests/mm/vm_util.h | 1 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 11 + .../selftests/net/netfilter/nf_nat_edemux.sh | 58 ++- tools/testing/selftests/rseq/rseq.c | 8 +- 276 files changed, 2812 insertions(+), 1556 deletions(-)

1 week, 1 day

16
298
0 0

[PATCH v2] x86/amd: Disable RDSEED on AMD Zen5 because of an error.

by Gregory Price

Under unknown conditions, Zen5 chips running rdseed can produce (val=0,CF=1) over 10% of the time (when rdseed is successful). CF=1 indicates success, while val=0 is typically only produced when rdseed fails (CF=0). This suggests there is a bug which causes rdseed to silently fail. This was reproduced reliably by launching 2-threads per available core, 1-thread per for hamming on RDSEED, and 1-thread per core collectively eating and hammering on ~90% of memory. This was observed on more than 1 Zen5 model, so it should be disabled for all of Zen5 until/unless a comprehensive blacklist can be built. Cc: stable(a)vger.kernel.org Signed-off-by: Gregory Price <gourry(a)gourry.net> --- arch/x86/kernel/cpu/amd.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 5398db4dedb4..1af30518d3e7 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -1037,6 +1037,10 @@ static void init_amd_zen4(struct cpuinfo_x86 *c) static void init_amd_zen5(struct cpuinfo_x86 *c) { + /* Disable RDSEED on AMD Turin because of an error. */ + clear_cpu_cap(c, X86_FEATURE_RDSEED); + msr_clear_bit(MSR_AMD64_CPUID_FN_7, 18); + pr_emerg("RDSEED is not reliable on this platform; disabling.\n"); } static void init_amd(struct cpuinfo_x86 *c) -- 2.51.0

1 week, 1 day

3
4
0 0

Linux 6.17.4

by Greg Kroah-Hartman

I'm announcing the release of the 6.17.4 kernel. All users of the 6.17 kernel series must upgrade. The updated 6.17.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.17.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 3 Documentation/devicetree/bindings/phy/rockchip-inno-csi-dphy.yaml | 15 Makefile | 2 arch/arm/mach-omap2/am33xx-restart.c | 36 arch/arm/mach-omap2/pm33xx-core.c | 6 arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 arch/arm64/boot/dts/qcom/qcs615.dtsi | 6 arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 arch/arm64/boot/dts/qcom/x1e80100-pmics.dtsi | 2 arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 2 arch/arm64/boot/dts/ti/k3-am62p5.dtsi | 2 arch/arm64/include/asm/ftrace.h | 1 arch/arm64/kernel/cpufeature.c | 10 arch/arm64/kernel/mte.c | 2 arch/arm64/kernel/pi/map_kernel.c | 6 arch/arm64/kernel/probes/kprobes.c | 12 arch/arm64/kernel/setup.c | 4 arch/arm64/kvm/hyp/nvhe/mem_protect.c | 9 arch/arm64/kvm/mmu.c | 9 arch/arm64/mm/init.c | 2 arch/arm64/mm/mmu.c | 14 arch/loongarch/Makefile | 4 arch/loongarch/kernel/setup.c | 1 arch/parisc/include/uapi/asm/ioctls.h | 8 arch/parisc/lib/memcpy.c | 1 arch/powerpc/platforms/powernv/pci-ioda.c | 2 arch/powerpc/platforms/pseries/msi.c | 2 arch/s390/Makefile | 1 arch/s390/include/asm/pgtable.h | 22 arch/s390/kernel/vmlinux.lds.S | 54 - arch/s390/mm/gmap_helpers.c | 12 arch/s390/mm/pgtable.c | 23 arch/sparc/kernel/of_device_32.c | 1 arch/sparc/kernel/of_device_64.c | 1 arch/sparc/mm/hugetlbpage.c | 20 arch/x86/entry/entry_64_fred.S | 2 arch/x86/include/asm/kvm_host.h | 1 arch/x86/include/asm/msr-index.h | 1 arch/x86/kernel/kvm.c | 21 arch/x86/kernel/umip.c | 15 arch/x86/kvm/pmu.c | 5 arch/x86/kvm/svm/pmu.c | 1 arch/x86/kvm/svm/sev.c | 10 arch/x86/kvm/svm/svm.c | 25 arch/x86/kvm/svm/svm.h | 2 arch/x86/kvm/vmx/tdx.c | 10 arch/x86/kvm/x86.c | 8 arch/xtensa/platforms/iss/simdisk.c | 6 block/blk-crypto-fallback.c | 3 crypto/essiv.c | 14 crypto/skcipher.c | 2 drivers/acpi/acpi_dbg.c | 26 drivers/acpi/acpi_tad.c | 3 drivers/acpi/acpica/acdebug.h | 2 drivers/acpi/acpica/evglock.c | 4 drivers/acpi/battery.c | 43 drivers/acpi/property.c | 137 +- drivers/base/base.h | 9 drivers/base/core.c | 2 drivers/base/power/main.c | 24 drivers/base/power/runtime.c | 3 drivers/block/loop.c | 8 drivers/bus/mhi/ep/main.c | 37 drivers/bus/mhi/host/init.c | 5 drivers/cdx/cdx_msi.c | 1 drivers/char/ipmi/ipmi_kcs_sm.c | 16 drivers/char/ipmi/ipmi_msghandler.c | 484 ++++------ drivers/char/tpm/tpm_tis_core.c | 4 drivers/clk/Kconfig | 1 drivers/clk/at91/clk-peripheral.c | 7 drivers/clk/mediatek/clk-mt8195-infra_ao.c | 2 drivers/clk/mediatek/clk-mux.c | 4 drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 drivers/clk/qcom/Kconfig | 2 drivers/clk/qcom/common.c | 4 drivers/clk/qcom/tcsrcc-x1e80100.c | 4 drivers/clk/renesas/r9a08g045-cpg.c | 3 drivers/clk/renesas/renesas-cpg-mssr.c | 7 drivers/clk/samsung/clk-exynos990.c | 52 - drivers/clk/tegra/clk-bpmp.c | 2 drivers/clk/thead/clk-th1520-ap.c | 394 ++++---- drivers/clocksource/clps711x-timer.c | 23 drivers/cpufreq/cppc_cpufreq.c | 14 drivers/cpufreq/cpufreq-dt.c | 2 drivers/cpufreq/imx6q-cpufreq.c | 2 drivers/cpufreq/intel_pstate.c | 8 drivers/cpufreq/mediatek-cpufreq-hw.c | 2 drivers/cpufreq/rcpufreq_dt.rs | 2 drivers/cpufreq/scmi-cpufreq.c | 2 drivers/cpufreq/scpi-cpufreq.c | 2 drivers/cpufreq/spear-cpufreq.c | 2 drivers/cpufreq/tegra186-cpufreq.c | 8 drivers/crypto/aspeed/aspeed-hace-crypto.c | 2 drivers/crypto/atmel-tdes.c | 2 drivers/crypto/rockchip/rk3288_crypto_ahash.c | 2 drivers/firmware/arm_scmi/quirks.c | 15 drivers/firmware/meson/meson_sm.c | 7 drivers/firmware/samsung/exynos-acpm-pmic.c | 25 drivers/gpio/gpio-mpfs.c | 2 drivers/gpio/gpio-wcd934x.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 9 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 4 drivers/gpu/drm/amd/display/dc/dce/dce_transform.c | 21 drivers/gpu/drm/amd/display/dc/dce/dce_transform.h | 4 drivers/gpu/drm/amd/display/dc/dml/dcn31/dcn31_fpu.c | 4 drivers/gpu/drm/amd/display/dc/dml/dcn35/dcn35_fpu.c | 6 drivers/gpu/drm/amd/display/dc/dml/dcn351/dcn351_fpu.c | 4 drivers/gpu/drm/amd/display/dc/resource/dce60/dce60_resource.c | 4 drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c | 16 drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c | 17 drivers/gpu/drm/amd/display/dc/resource/dcn36/dcn36_resource.c | 16 drivers/gpu/drm/amd/display/dc/sspl/dc_spl.c | 10 drivers/gpu/drm/amd/include/asic_reg/dce/dce_6_0_d.h | 7 drivers/gpu/drm/amd/include/asic_reg/dce/dce_6_0_sh_mask.h | 2 drivers/gpu/drm/exynos/exynos7_drm_decon.c | 36 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 28 drivers/gpu/drm/msm/adreno/a6xx_gmu.h | 6 drivers/gpu/drm/nouveau/nouveau_bo.c | 2 drivers/gpu/drm/panthor/panthor_drv.c | 11 drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c | 5 drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 8 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 17 drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 6 drivers/gpu/drm/xe/xe_hw_engine_group.c | 6 drivers/gpu/drm/xe/xe_pm.c | 2 drivers/gpu/drm/xe/xe_query.c | 15 drivers/hv/mshv_common.c | 2 drivers/hv/mshv_root_main.c | 3 drivers/i3c/master.c | 2 drivers/iio/adc/pac1934.c | 20 drivers/iio/adc/xilinx-ams.c | 47 drivers/iio/dac/ad5360.c | 2 drivers/iio/dac/ad5421.c | 2 drivers/iio/frequency/adf4350.c | 20 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 39 drivers/iommu/intel/iommu.c | 2 drivers/irqchip/irq-sifive-plic.c | 6 drivers/mailbox/mtk-cmdq-mailbox.c | 12 drivers/mailbox/zynqmp-ipi-mailbox.c | 24 drivers/md/md-linear.c | 1 drivers/md/raid0.c | 4 drivers/md/raid1.c | 4 drivers/md/raid10.c | 8 drivers/md/raid5.c | 2 drivers/media/cec/usb/extron-da-hd-4k-plus/Makefile | 6 drivers/media/i2c/mt9p031.c | 4 drivers/media/i2c/mt9v111.c | 2 drivers/media/mc/mc-devnode.c | 6 drivers/media/mc/mc-entity.c | 2 drivers/media/pci/cx18/cx18-queue.c | 13 drivers/media/pci/ivtv/ivtv-irq.c | 2 drivers/media/pci/ivtv/ivtv-yuv.c | 8 drivers/media/pci/mgb4/mgb4_trigger.c | 2 drivers/media/platform/mediatek/mdp3/mtk-mdp3-comp.c | 3 drivers/media/platform/qcom/iris/iris_buffer.c | 31 drivers/media/platform/qcom/iris/iris_buffer.h | 1 drivers/media/platform/qcom/iris/iris_core.c | 10 drivers/media/platform/qcom/iris/iris_firmware.c | 15 drivers/media/platform/qcom/iris/iris_hfi_gen1_command.c | 45 drivers/media/platform/qcom/iris/iris_hfi_gen1_response.c | 4 drivers/media/platform/qcom/iris/iris_hfi_gen2_response.c | 5 drivers/media/platform/qcom/iris/iris_state.c | 5 drivers/media/platform/qcom/iris/iris_state.h | 1 drivers/media/platform/qcom/iris/iris_vb2.c | 8 drivers/media/platform/qcom/iris/iris_vdec.c | 2 drivers/media/platform/qcom/iris/iris_vidc.c | 1 drivers/media/platform/qcom/iris/iris_vpu3x.c | 32 drivers/media/platform/qcom/iris/iris_vpu_common.c | 2 drivers/media/platform/qcom/venus/firmware.c | 8 drivers/media/platform/qcom/venus/pm_helpers.c | 9 drivers/media/platform/renesas/vsp1/vsp1_vspx.c | 1 drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c | 35 drivers/media/platform/ti/j721e-csi2rx/j721e-csi2rx.c | 9 drivers/media/rc/lirc_dev.c | 9 drivers/media/test-drivers/vivid/vivid-cec.c | 12 drivers/media/usb/uvc/uvc_ctrl.c | 3 drivers/memory/samsung/exynos-srom.c | 10 drivers/memory/stm32_omm.c | 2 drivers/mmc/core/sdio.c | 6 drivers/mmc/host/mmc_spi.c | 2 drivers/mtd/nand/raw/fsmc_nand.c | 6 drivers/mtd/nand/raw/gpmi-nand/gpmi-nand.c | 14 drivers/net/ethernet/airoha/airoha_eth.c | 4 drivers/net/ethernet/airoha/airoha_regs.h | 3 drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 drivers/net/ethernet/intel/ice/ice_adapter.c | 10 drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 38 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 2 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec_fs.c | 32 drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | 5 drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 18 drivers/net/ethernet/microchip/sparx5/sparx5_main.c | 5 drivers/net/ethernet/microchip/sparx5/sparx5_switchdev.c | 12 drivers/net/ethernet/microchip/sparx5/sparx5_vlan.c | 10 drivers/net/ethernet/mscc/ocelot_stats.c | 2 drivers/net/mdio/mdio-i2c.c | 39 drivers/net/pse-pd/tps23881.c | 2 drivers/net/usb/lan78xx.c | 11 drivers/net/wireless/ath/ath11k/core.c | 6 drivers/net/wireless/ath/ath11k/hal.c | 16 drivers/net/wireless/ath/ath11k/hal.h | 1 drivers/net/wireless/intel/iwlwifi/mld/debugfs.c | 6 drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 3 drivers/net/wireless/mediatek/mt76/mt7925/usb.c | 3 drivers/net/wireless/realtek/rtw89/core.c | 39 drivers/net/wireless/realtek/rtw89/core.h | 3 drivers/net/wireless/realtek/rtw89/pci.c | 2 drivers/nvme/host/pci.c | 2 drivers/of/unittest.c | 1 drivers/pci/bus.c | 14 drivers/pci/controller/cadence/pci-j721e.c | 26 drivers/pci/controller/dwc/pci-keystone.c | 4 drivers/pci/controller/dwc/pcie-rcar-gen4.c | 2 drivers/pci/controller/dwc/pcie-tegra194.c | 32 drivers/pci/controller/pci-tegra.c | 27 drivers/pci/controller/pcie-rcar-host.c | 40 drivers/pci/controller/pcie-xilinx-nwl.c | 7 drivers/pci/iov.c | 5 drivers/pci/pci-driver.c | 1 drivers/pci/pci-sysfs.c | 20 drivers/pci/pcie/aer.c | 12 drivers/pci/pcie/err.c | 8 drivers/pci/probe.c | 19 drivers/pci/remove.c | 2 drivers/pci/setup-bus.c | 37 drivers/perf/arm-cmn.c | 9 drivers/pinctrl/samsung/pinctrl-samsung.h | 4 drivers/power/supply/max77976_charger.c | 12 drivers/pwm/core.c | 2 drivers/pwm/pwm-berlin.c | 4 drivers/rtc/interface.c | 27 drivers/rtc/rtc-isl12022.c | 1 drivers/rtc/rtc-optee.c | 1 drivers/rtc/rtc-x1205.c | 2 drivers/s390/block/dasd.c | 17 drivers/s390/cio/device.c | 37 drivers/s390/cio/ioasm.c | 7 drivers/scsi/hpsa.c | 21 drivers/scsi/mvsas/mv_init.c | 2 drivers/scsi/sd.c | 50 - drivers/spi/spi-cadence-quadspi.c | 18 drivers/staging/media/ipu7/ipu7-isys-video.c | 1 drivers/ufs/core/ufs-sysfs.c | 2 drivers/ufs/core/ufs-sysfs.h | 1 drivers/ufs/core/ufshcd.c | 2 drivers/video/fbdev/core/fb_cmdline.c | 2 drivers/xen/events/events_base.c | 37 drivers/xen/manage.c | 14 fs/attr.c | 44 fs/btrfs/export.c | 8 fs/btrfs/extent_io.c | 14 fs/cramfs/inode.c | 11 fs/eventpoll.c | 139 -- fs/ext4/ext4.h | 2 fs/ext4/fsmap.c | 14 fs/ext4/indirect.c | 2 fs/ext4/inode.c | 45 fs/ext4/move_extent.c | 2 fs/ext4/orphan.c | 17 fs/ext4/super.c | 26 fs/ext4/xattr.c | 19 fs/file.c | 5 fs/fs-writeback.c | 32 fs/fsopen.c | 70 - fs/fuse/dev.c | 2 fs/fuse/file.c | 8 fs/iomap/buffered-io.c | 15 fs/iomap/direct-io.c | 3 fs/minix/inode.c | 8 fs/namei.c | 8 fs/namespace.c | 110 +- fs/nfsd/export.c | 82 + fs/nfsd/export.h | 3 fs/nfsd/lockd.c | 15 fs/nfsd/nfs4proc.c | 33 fs/nfsd/nfs4state.c | 44 fs/nfsd/nfs4xdr.c | 5 fs/nfsd/nfsfh.c | 24 fs/nfsd/state.h | 8 fs/nfsd/vfs.c | 2 fs/nsfs.c | 4 fs/ntfs3/bitmap.c | 1 fs/pidfs.c | 2 fs/quota/dquot.c | 10 fs/read_write.c | 14 fs/smb/client/dir.c | 1 fs/smb/client/smb1ops.c | 62 + fs/smb/client/smb2inode.c | 22 fs/smb/client/smb2ops.c | 10 fs/squashfs/inode.c | 24 fs/xfs/scrub/reap.c | 9 include/acpi/acpixf.h | 6 include/asm-generic/io.h | 98 +- include/asm-generic/vmlinux.lds.h | 2 include/linux/cpufreq.h | 3 include/linux/fs.h | 15 include/linux/iio/frequency/adf4350.h | 2 include/linux/ksm.h | 8 include/linux/memcontrol.h | 26 include/linux/mm.h | 22 include/linux/pm_runtime.h | 56 - include/linux/rseq.h | 11 include/linux/sunrpc/svc_xprt.h | 3 include/media/v4l2-subdev.h | 30 include/trace/events/dma.h | 1 init/main.c | 12 io_uring/zcrx.c | 1 kernel/bpf/inode.c | 4 kernel/fork.c | 2 kernel/kexec_handover.c | 2 kernel/padata.c | 6 kernel/pid.c | 2 kernel/power/energy_model.c | 11 kernel/power/hibernate.c | 6 kernel/rseq.c | 10 kernel/sched/deadline.c | 73 + kernel/sys.c | 22 lib/genalloc.c | 5 mm/damon/lru_sort.c | 2 mm/damon/vaddr.c | 8 mm/huge_memory.c | 15 mm/hugetlb.c | 3 mm/memcontrol.c | 7 mm/migrate.c | 23 mm/page_alloc.c | 2 mm/slab.h | 8 mm/slub.c | 3 mm/util.c | 3 net/bridge/br_vlan.c | 2 net/core/filter.c | 2 net/core/page_pool.c | 76 + net/ipv4/tcp.c | 5 net/ipv4/tcp_input.c | 1 net/mptcp/ctrl.c | 2 net/mptcp/pm.c | 7 net/mptcp/pm_kernel.c | 50 + net/mptcp/protocol.h | 8 net/netfilter/nft_objref.c | 39 net/sctp/sm_make_chunk.c | 3 net/sctp/sm_statefuns.c | 6 net/sunrpc/svc_xprt.c | 13 net/sunrpc/svcsock.c | 2 net/xdp/xsk_queue.h | 45 rust/kernel/cpufreq.rs | 7 scripts/Makefile.vmlinux | 51 - scripts/mksysmap | 3 security/keys/trusted-keys/trusted_tpm1.c | 7 sound/soc/sof/intel/hda-pcm.c | 29 sound/soc/sof/intel/hda-stream.c | 29 sound/soc/sof/ipc4-topology.c | 9 sound/soc/sof/ipc4-topology.h | 7 tools/build/feature/Makefile | 4 tools/lib/perf/include/perf/event.h | 1 tools/perf/Makefile.perf | 2 tools/perf/builtin-trace.c | 4 tools/perf/perf.h | 2 tools/perf/pmu-events/arch/arm64/ampere/ampereonex/metrics.json | 10 tools/perf/tests/perf-record.c | 4 tools/perf/tests/shell/amd-ibs-swfilt.sh | 51 - tools/perf/tests/shell/record_lbr.sh | 26 tools/perf/tests/shell/stat+event_uniquifying.sh | 109 +- tools/perf/tests/shell/trace_btf_enum.sh | 11 tools/perf/util/arm-spe.c | 6 tools/perf/util/bpf-filter.c | 8 tools/perf/util/bpf_counter.c | 26 tools/perf/util/bpf_counter_cgroup.c | 3 tools/perf/util/bpf_skel/kwork_top.bpf.c | 2 tools/perf/util/build-id.c | 7 tools/perf/util/disasm.c | 7 tools/perf/util/drm_pmu.c | 4 tools/perf/util/evsel.c | 42 tools/perf/util/lzma.c | 2 tools/perf/util/parse-events.c | 116 +- tools/perf/util/session.c | 2 tools/perf/util/setup.py | 5 tools/perf/util/zlib.c | 2 tools/power/acpi/tools/acpidump/apfiles.c | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 11 tools/testing/selftests/net/netfilter/nf_nat_edemux.sh | 58 - tools/testing/selftests/net/netfilter/nft_fib.sh | 13 tools/testing/selftests/net/ovpn/ovpn-cli.c | 2 tools/testing/selftests/rseq/rseq.c | 8 384 files changed, 3685 insertions(+), 2233 deletions(-) Aaron Kling (1): cpufreq: tegra186: Set target frequency for all cpus in policy Abel Vesa (1): clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk Abinash Singh (1): scsi: sd: Fix build warning in sd_revalidate_disk() Adam Xue (1): bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() Ahmed Salem (2): ACPICA: acpidump: drop ACPI_NONSTRING attribute from file_name ACPICA: Debugger: drop ACPI_NONSTRING attribute from name_seg Ahmet Eray Karadag (1): ext4: guard against EA inode refcount underflow in xattr update Akhil P Oommen (1): drm/msm/a6xx: Fix PDC sleep sequence Al Viro (1): mnt_ns_tree_remove(): DTRT if mnt_ns had never been added to mnt_ns_list Aleksa Sarai (1): fscontext: do not consume log entries when returning -EMSGSIZE Aleksandar Gerasimovski (1): iio/adc/pac1934: fix channel disable configuration Aleksandrs Vinarskis (1): arm64: dts: qcom: x1e80100-pmics: Disable pm8010 by default Alex Deucher (1): drm/amdgpu: Add additional DCE6 SCL registers Alexander Lobakin (1): xsk: Harden userspace-supplied xdp_desc validation Alexander Sverdlin (1): ARM: AM33xx: Implement TI advisory 1.0.36 (EMU0/EMU1 pins state on reset) Alexandr Sapozhnikov (1): net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Alexey Gladkov (1): s390: vmlinux.lds.S: Reorder sections Alok Tiwari (1): clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Amir Mohammad Jahangirzad (1): ACPI: debug: fix signedness issues in read/write helpers Anderson Nascimento (1): btrfs: avoid potential out-of-bounds in btrfs_encode_fh() AngeloGioacchino Del Regno (1): clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m Anthony Yznaga (1): sparc64: fix hugetlb for sun4u Ard Biesheuvel (1): drm/amd/display: Fix unsafe uses of kernel mode FPU Arnd Bergmann (2): clk: npcm: select CONFIG_AUXILIARY_BUS media: s5p-mfc: remove an unused/uninitialized variable Askar Safin (1): openat2: don't trigger automounts with RESOLVE_NO_XDEV Baokun Li (1): ext4: add ext4_sb_bread_nofail() helper function for ext4_free_branches() Bartosz Golaszewski (1): gpio: wcd934x: mark the GPIO controller as sleeping Ben Horgan (1): KVM: arm64: Fix debug checking for np-guests using huge mappings Bhanu Seshu Kumar Valluri (1): net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom Bharath SM (1): smb client: fix bug with newly created file in cached dir Bingbu Cao (1): media: staging/ipu7: fix isys device runtime PM usage in firmware closing Brian Masney (2): clk: at91: peripheral: fix return value clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Brian Norris (2): PM: runtime: Update kerneldoc return codes PCI/sysfs: Ensure devices are powered for config reads Carolina Jubran (2): net/mlx5: Prevent tunnel mode conflicts between FDB and NIC IPsec tables net/mlx5e: Prevent tunnel reformat when tunnel mode not allowed Catalin Marinas (1): arm64: mte: Do not flag the zero page as PG_mte_tagged Chen-Yu Tsai (1): clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() Christian Brauner (5): statmount: don't call path_put() under namespace semaphore listmount: don't call path_put() under namespace semaphore nsfs: validate extensible ioctls pidfs: validate extensible ioctls mount: handle NULL values in mnt_ns_release() Christian Loehle (1): PM: EM: Fix late boot with holes in CPU topology Christophe Leroy (1): perf: Completely remove possibility to override MAX_NR_CPUS Claudiu Beznea (1): clk: renesas: r9a08g045: Add MSTOP for GPIO Clément Le Goffic (1): rtc: optee: fix memory leak on driver removal Colin Ian King (1): pwm: Fix incorrect variable used in error message Conor Dooley (1): gpio: mpfs: fix setting gpio direction to output Corey Minyard (3): ipmi: Rework user message limit handling ipmi:msghandler:Change seq_lock to a mutex Revert "ipmi: fix msg stack when IPMI is disconnected" Dan Carpenter (2): clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() Daniel Borkmann (1): bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Daniel Lee (1): scsi: ufs: sysfs: Make HID attributes visible Daniel Machon (1): net: sparx5/lan969x: fix flooding configuration on bridge join/leave Daniel Tang (1): ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT Darrick J. Wong (3): fuse: fix livelock in synchronous file put from fuseblk workers xfs: use deferred intent items for reaping crosslinked blocks iomap: error out on file IO when there is no inline_data buffer David Lechner (1): media: pci: mg4b: fix uninitialized iio scan data Deepanshu Kartikey (1): ext4: validate ea_ino and size in check_xattrs Denzeel Oliva (3): clk: samsung: exynos990: Use PLL_CON0 for PLL parent muxes clk: samsung: exynos990: Fix CMU_TOP mux/div bit widths clk: samsung: exynos990: Replace bogus divs with fixed-factor clocks Desnes Nunes (1): media: uvcvideo: Avoid variable shadowing in uvc_ctrl_cleanup_fh Dikshita Agarwal (11): media: iris: vpu3x: Add MNoC low power handshake during hardware power-off media: iris: Fix port streaming handling media: iris: Fix buffer count reporting in internal buffer check media: iris: Allow substate transition to load resources during output streaming media: iris: Always destroy internal buffers on firmware release response media: iris: Simplify session stop logic by relying on vb2 checks media: iris: Update vbuf flags before v4l2_m2m_buf_done media: iris: Send dummy buffer address for all codecs during drain media: iris: Fix missing LAST flag handling during drain media: iris: Fix format check for CAPTURE plane in try_fmt media: iris: Allow stop on firmware only if start was issued. Donet Tom (1): mm/ksm: fix incorrect KSM counter handling in mm_struct during fork Duoming Zhou (2): scsi: mvsas: Fix use-after-free bugs in mvs_work_queue net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work Dzmitry Sankouski (1): power: supply: max77976_charger: fix constant current reporting Edward Adam Davis (1): media: mc: Clear minor number before put device Eric Biggers (2): KEYS: trusted_tpm1: Compare HMAC values in constant time sctp: Fix MAC comparison to be constant-time Eric Dumazet (1): tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat() Eric Woudstra (1): bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() Erick Karanja (1): net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Esben Haabendal (3): rtc: isl12022: Fix initial enable_irq/disable_irq balance rtc: interface: Ensure alarm irq is enabled when UIE is enabled rtc: interface: Fix long-standing race when setting alarm Fangzhi Zuo (1): drm/amd/display: Enable Dynamic DTBCLK Switch Fedor Pchelkin (2): clk: tegra: do not overallocate memory for bpmp clocks wifi: rtw89: avoid possible TX wait initialization race Feng Yang (1): tracing: Fix the bug where bpf_get_stackid returns -EFAULT on the ARM64 Fernando Fernandez Mancera (1): netfilter: nft_objref: validate objref and objrefmap expressions Finn Thain (1): fbdev: Fix logic error in "offb" name match Florian Westphal (2): selftests: netfilter: nft_fib.sh: fix spurious test failures selftests: netfilter: query conntrack state to check for port clash resolution Fuad Tabba (1): KVM: arm64: Fix page leak in user_mem_abort() Fushuai Wang (2): perf trace: Fix IS_ERR() vs NULL check bug cifs: Fix copy_to_iter return value check Gautam Gala (1): KVM: s390: Fix to clear PTE when discarding a swapped page Georg Gottleuber (1): nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk Greg Kroah-Hartman (1): Linux 6.17.4 Guenter Roeck (1): ipmi: Fix handling of messages with provided receive message pointer Gunnar Kudrjavets (1): tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single GuoHan Zhao (1): perf drm_pmu: Fix fd_dir leaks in for_each_drm_fdinfo_in_dir() Hans Verkuil (2): media: i2c: mt9p031: fix mbus code initialization media: vivid: fix disappearing <Vendor Command With ID> messages Haotian Zhang (1): ice: ice_adapter: release xa entry on adapter allocation failure Haoxiang Li (1): fs/ntfs3: Fix a resource leak bug in wnd_extend() Harini T (4): mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop mailbox: zynqmp-ipi: Fix SGI cleanup on unbind Harshit Agarwal (1): sched/deadline: Fix race in push_dl_task() Heiko Carstens (2): s390/cio/ioasm: Fix __xsch() condition code handling s390: Add -Wno-pointer-sign to KBUILD_CFLAGS_DECOMPRESSOR Herbert Xu (1): crypto: essiv - Check ssize for decryption and in-place encryption Hou Wenlong (2): KVM: x86: Add helper to retrieve current value of user return MSR KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest Huacai Chen (4): LoongArch: Fix build error for LTO with LLVM-18 LoongArch: Init acpi_gbl_use_global_lock to false init: handle bootloader identifier in kernel parameters ACPICA: Allow to skip Global Lock initialization Ian Forbes (2): drm/vmwgfx: Fix Use-after-free in validation drm/vmwgfx: Fix copy-paste typo in validation Ian Rogers (14): perf disasm: Avoid undefined behavior in incrementing NULL perf test trace_btf_enum: Skip if permissions are insufficient perf evsel: Avoid container_of on a NULL leader libperf event: Ensure tracing data is multiple of 8 sized perf parse-events: Handle fake PMUs in CPU terms perf test: AMD IBS swfilt skip kernel tests if paranoia is >1 perf test shell lbr: Avoid failures with perf event paranoia perf test: Don't leak workload gopipe in PERF_RECORD_* perf evsel: Fix uniquification when PMU given without suffix perf test: Avoid uncore_imc/clockticks in uniquification test perf evsel: Ensure the fallback message is always written to perf build-id: Ensure snprintf string is empty when size is 0 perf bpf-filter: Fix opts declaration on older libbpfs perf bpf_counter: Fix handling of cpumap fixing hybrid Icenowy Zheng (2): clk: thead: th1520-ap: describe gate clocks with clk_gate clk: thead: th1520-ap: fix parent of padctrl0 clock Ilkka Koskinen (1): perf vendor events arm64 AmpereOneX: Fix typo - should be l1d_cache_access_prefetches Ilpo Järvinen (2): PCI: Ensure relaxed tail alignment does not increase min_align PCI: Fix failure detection during resource resize Jaehoon Kim (2): s390/dasd: enforce dma_alignment to ensure proper buffer validation s390/dasd: Return BLK_STS_INVAL for EINVAL from do_dasd_request Jai Luthra (2): media: ti: j721e-csi2rx: Use devm_of_platform_populate media: ti: j721e-csi2rx: Fix source subdev link creation Jan Kara (5): ext4: fail unaligned direct IO write with EINVAL ext4: verify orphan file size is not too big ext4: free orphan info with kvfree writeback: Avoid softlockup when switching many inodes writeback: Avoid excessively long inode switching times Jani Nurminen (1): PCI: xilinx-nwl: Fix ECAM programming Jann Horn (1): drm/panthor: Fix memory leak in panthor_ioctl_group_create() Jarkko Nikula (1): i3c: Fix default I2C adapter timeout value Jason Andryuk (3): xen/events: Cleanup find_virq() return codes xen/events: Return -EEXIST for bound VIRQs xen/events: Update virq_to_irq on migration Jason-JH Lin (1): mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() Jeff Layton (7): nfsd: fix assignment of ia_ctime.tv_nsec on delegated mtime update nfsd: ignore ATTR_DELEG when checking ia_valid before notify_change() vfs: add ATTR_CTIME_SET flag nfsd: use ATTR_CTIME_SET for delegated ctime updates nfsd: track original timestamps in nfs4_delegation nfsd: fix SETATTR updates for delegated timestamps nfsd: fix timestamp updates in CB_GETATTR Jesse Agate (1): drm/amd/display: Incorrect Mirror Cositing Jisheng Zhang (1): pwm: berlin: Fix wrong register in suspend/resume Johan Hovold (6): firmware: arm_scmi: quirk: Prevent writes to string constants firmware: meson_sm: fix device leak at probe lib/genalloc: fix device leak in of_gen_pool_get() PCI/pwrctrl: Fix device leak at registration PCI/pwrctrl: Fix device and OF node leak at bus scan PCI/pwrctrl: Fix device leak at device stop John David Anglin (1): parisc: Remove spurious if statement from raw_copy_from_user() Judith Mendez (1): arm64: dts: ti: k3-am62p: Fix supported hardware for 1GHz OPP KaFai Wan (1): bpf: Avoid RCU context warning when unpinning htab with internal structs Kaustabh Chakraborty (1): drm/exynos: exynos7_drm_decon: remove ctx->suspended Krzysztof Kozlowski (2): pinctrl: samsung: Drop unused S3C24xx driver data media: iris: Call correct power off callback in cleanup path Kuniyuki Iwashima (1): tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). Lance Yang (2): mm/thp: fix MTE tag mismatch when replacing zero-filled subpages mm/rmap: fix soft-dirty and uffd-wp bit loss when remapping zero-filled mTHP subpage to shared zeropage Laurent Pinchart (2): media: mc: Fix MUST_CONNECT handling for pads with no links media: vsp1: Export missing vsp1_isp_free_buffer symbol Leo Yan (5): perf arm_spe: Correct setting remote access perf arm_spe: Correct memory level for remote access perf session: Fix handling when buffer exceeds 2 GiB tools build: Align warning options with perf perf python: split Clang options when invoking Popen Li Chen (1): loop: fix backing file reference leak on validation error Li RongQing (1): mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 Lichen Liu (1): fs: Add 'initramfs_options' to set initramfs mount options Linus Walleij (1): mtd: rawnand: fsmc: Default to autodetect buswidth Lorenzo Bianconi (1): net: airoha: Fix loopback mode configuration for GDM2 port Lu Baolu (1): iommu/vt-d: PRS isn't usable if PDS isn't supported Lucas Zampieri (1): irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume Lukas Bulwahn (1): clk: qcom: Select the intended config in QCS_DISPCC_615 Lukas Wunner (3): xen/manage: Fix suspend error path PCI/ERR: Fix uevent on failure to recover PCI/AER: Support errors introduced by PCIe r6.0 Ma Ke (3): media: lirc: Fix error handling in lirc_register() of: unittest: Fix device reference count leak in of_unittest_pci_node_verify sparc: fix error handling in scan_one_device() Maarten Zanders (1): mtd: nand: raw: gpmi: fix clocks when CONFIG_PM=N Marek Marczykowski-Górecki (1): xen: take system_transition_mutex on suspend Marek Vasut (5): drm/rcar-du: dsi: Fix 1/2/3 lane support PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock PCI: rcar-gen4: Fix PHY initialization PCI: rcar-host: Drop PMSR spinlock PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock Mario Limonciello (AMD) (1): PM: hibernate: Fix hybrid-sleep Masahiro Yamada (2): kbuild: always create intermediate vmlinux.unstripped kbuild: keep .modinfo section in vmlinux.unstripped Matthew Auld (1): drm/xe/uapi: loosen used tracking restriction Matthieu Baerts (NGI0) (3): mptcp: pm: in-kernel: usable client side with C-flag mptcp: reset blackhole on success with non-loopback ifaces selftests: mptcp: join: validate C-flag + def limit Maxime Chevallier (1): net: mdio: mdio-i2c: Hold the i2c bus lock during smbus transactions Miaoqian Lin (4): ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init cdx: Fix device node reference leak in cdx_msi_domain_init xtensa: simdisk: add input size check in proc_write_simdisk wifi: iwlwifi: Fix dentry reference leak in iwl_mld_add_link_debugfs Michael Hennerich (2): iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE iio: frequency: adf4350: Fix prescaler usage. Michael Riesch (1): dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required Michal Wilczynski (1): clk: thead: Correct parent for DPU pixel clocks Miklos Szeredi (2): fuse: fix possibly missing fuse_copy_finish() call in fuse_notify() copy_file_range: limit size if in compat mode Muhammad Usama Anjum (1): wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Nam Cao (3): eventpoll: Replace rwlock with spinlock powerpc/powernv/pci: Fix underflow and leak issue powerpc/pseries/msi: Fix potential underflow and leak issue Nathan Chancellor (3): kbuild: Restore pattern to avoid stripping .rela.dyn from vmlinux kbuild: Add '.rel.*' strip pattern for vmlinux s390/vmlinux.lds.S: Move .vmlinux.info to end of allocatable sections Neil Armstrong (1): media: iris: fix module removal if firmware download failed Nick Morrow (2): wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 Niklas Cassel (2): PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() PCI: tegra194: Reset BARs when running in PCIe endpoint mode Niklas Schnelle (2): PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV PCI/AER: Fix missing uevent on recovery when a reset is requested Nícolas F. R. A. Prado (1): media: platform: mtk-mdp3: Add missing MT8188 compatible to comp_dt_ids Ojaswin Mujoo (1): ext4: correctly handle queries for metadata mappings Oleg Nesterov (1): kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths Olga Kornievskaia (2): nfsd: unregister with rpcbind when deleting a transport nfsd: nfserr_jukebox in nlm_fopen should lead to a retry Omar Sandoval (1): arm64: map [_text, _stext) virtual address range non-executable+read-only Pali Rohár (1): cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points Patrice Chotard (1): memory: stm32_omm: Fix req2ack update test Paulo Alcantara (1): smb: client: fix missing timestamp updates after utime(2) Pavel Begunkov (1): io_uring/zcrx: increment fallback loop src offset Peter Ujfalusi (4): ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel Petr Tesarik (1): dma-mapping: fix direction in dma_alloc direction traces Philip Yang (1): drm/amdkfd: Fix kfd process ref leaking when userptr unmapping Phillip Lougher (2): Squashfs: add additional inode sanity checking Squashfs: reject negative file sizes in squashfs_read_inode() Pin-yen Lin (1): PM: sleep: Do not wait on SYNC_STATE_ONLY device links Pratyush Yadav (3): kho: only fill kimage if KHO is finalized spi: cadence-quadspi: Flush posted register writes before INDAC access spi: cadence-quadspi: Flush posted register writes before DAC access Qianfeng Rong (3): media: i2c: mt9v111: fix incorrect type for ret iio: dac: ad5360: use int type to store negative error codes iio: dac: ad5421: use int type to store negative error codes Qu Wenruo (1): btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() Raag Jadav (1): drm/xe/i2c: Don't rely on d3cold.allowed flag in system PM path Rafael J. Wysocki (11): cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency PM: core: Annotate loops walking device links as _srcu PM: core: Add two macros for walking device links ACPI: property: Fix buffer properties extraction for subnodes ACPI: battery: Add synchronization between interface updates cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() PM: hibernate: Restrict GFP mask in power_down() ACPI: property: Disregard references in data-only subnode lists ACPI: property: Add code comments explaining what is going on ACPI: property: Do not pass NULL handles to acpi_attach_data() Randy Dunlap (1): media: cec: extron-da-hd-4k-plus: drop external-module make commands Renjiang Han (1): media: venus: pm_helpers: add fallback for the opp-table Rex Chen (2): mmc: core: SPI mode remove cmd7 mmc: mmc_spi: multiple block read remove read crc ack Rob Herring (Arm) (1): rtc: x1205: Fix Xicor X1205 vendor prefix Robin Murphy (1): perf/arm-cmn: Fix CMN S3 DTM offset Ryan Roberts (1): fsnotify: pass correct offset to fsnotify_mmap_perm() Sam James (1): parisc: don't reference obsolete termio struct for TC* constants Santhosh Kumar K (1): spi: cadence-quadspi: Fix cqspi_setup_flash() Scott Mayhew (1): nfsd: decouple the xprtsec policy check from check_nfsd_access() Sean Anderson (2): iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK iio: xilinx-ams: Unmask interrupts after updating alarms Sean Christopherson (6): KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 mshv: Handle NEED_RESCHED_LAZY before transferring to guest x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP rseq/selftests: Use weak symbol reference, not definition, to link with glibc x86/umip: Check that the instruction opcode is at least two bytes x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) Sean Nyekjaer (3): iio: imu: inv_icm42600: Simplify pm_runtime setup iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended SeongJae Park (2): mm/damon/vaddr: do not repeat pte_offset_map_lock() until success mm/damon/lru_sort: use param_ctx for damon_attrs staging Shakeel Butt (1): memcg: skip cgroup_file_notify if spinning is not allowed Shashank A P (1): fs: quota: create dedicated workqueue for quota_release_work Shuhao Fu (1): drm/nouveau: fix bad ret code in nouveau_bo_move_prep Shuicheng Lin (1): drm/xe/hw_engine_group: Fix double write lock release in error path Siddharth Vadapalli (3): PCI: j721e: Fix module autoloading PCI: j721e: Fix programming sequence of "strap" settings PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit Sidharth Seela (1): selftest: net: ovpn: Fix uninit return values Simon Schuster (1): copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) Stephan Gerhold (5): arm64: dts: qcom: msm8916: Add missing MDSS reset arm64: dts: qcom: msm8939: Add missing MDSS reset arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees media: venus: firmware: Use correct reset sequence for IRIS2 media: iris: Fix firmware reference leak and unmap memory after load Sumit Kumar (1): bus: mhi: ep: Fix chained transfer handling in read path Suren Baghdasaryan (2): slab: prevent warnings when slab obj_exts vector allocation fails slab: mark slab->obj_exts allocation failures unconditionally T Pratham (1): crypto: skcipher - Fix reqsize handling Tetsuo Handa (2): minixfs: Verify inode mode when loading from disk cramfs: Verify inode mode when loading from disk Thadeu Lima de Souza Cascardo (1): mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations Theodore Ts'o (1): ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Thomas Fourier (5): media: cx18: Add missing check after DMA map media: pci: ivtv: Add missing check after DMA map crypto: aspeed - Fix dma_unmap_sg() direction crypto: atmel - Fix dma_unmap_sg() direction crypto: rockchip - Fix dma_unmap_sg() nents value Thomas Gleixner (1): rseq: Protect event mask against membarrier IPI Thomas Weißschuh (1): fs: always return zero on success from replace_fd() Thomas Wismer (1): net: pse-pd: tps23881: Fix current measurement scaling Thorsten Blum (2): scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() Tiezhu Yang (1): LoongArch: Add cflag -fno-isolate-erroneous-paths-dereference Timur Kristóf (4): drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 drm/amd/display: Properly disable scaling on DCE6 drm/amd/display: Disable scaling on DCE6 for now Toke Høiland-Jørgensen (1): page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches Tomi Valkeinen (1): media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() Tony Lindgren (1): KVM: TDX: Fix uninitialized error code for __tdx_bringup() Tudor Ambarus (1): firmware: exynos-acpm: fix PMIC returned errno Varad Gautam (1): asm-generic/io.h: Skip trace helpers if rwmmio events are disabled Vibhore Vardhan (1): arm64: dts: ti: k3-am62a-main: Fix main padcfg length Vidya Sagar (1): PCI: tegra194: Handle errors in BPMP response Viken Dadhaniya (1): arm64: dts: qcom: qcs615: add missing dt property in QUP SEs Vincent Minet (1): perf tools: Fix arm64 libjvmti build by generating unistd_64.h Vineeth Vijayan (1): s390/cio: Update purge function to unregister the unused subchannels Xiao Liang (1): padata: Reset next CPU when reorder sequence wraps around Xin Li (Intel) (1): x86/fred: Remove ENDBR64 from FRED entry points Yang Shi (1): arm64: kprobes: call set_memory_rox() for kprobe page Yongjian Sun (1): ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Yu Kuai (2): blk-crypto: fix missing blktrace bio split events md: fix mssing blktrace bio split events Yuan CHen (1): clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() Yunseong Kim (1): perf util: Fix compression checks returning -1 as bool Zack Rusin (1): drm/vmwgfx: Fix a null-ptr access in the cursor snooper Zhang Yi (1): ext4: fix an off-by-one issue during moving extents Zhen Ni (2): clocksource/drivers/clps711x: Fix resource leaks in error paths memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe gaoxiang17 (1): pid: Add a judgment for ns null in pid_nr_ns

1 week, 1 day

1
1
0 0

Linux 6.12.54

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.54 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 3 Documentation/devicetree/bindings/phy/rockchip-inno-csi-dphy.yaml | 15 Makefile | 2 arch/arm/mach-omap2/am33xx-restart.c | 36 arch/arm/mach-omap2/pm33xx-core.c | 6 arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 arch/arm64/boot/dts/qcom/x1e80100-pmics.dtsi | 2 arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 2 arch/arm64/kernel/cpufeature.c | 10 arch/arm64/kernel/mte.c | 3 arch/arm64/kernel/pi/map_kernel.c | 6 arch/arm64/kernel/probes/kprobes.c | 12 arch/arm64/kernel/setup.c | 4 arch/arm64/mm/init.c | 2 arch/arm64/mm/mmu.c | 14 arch/loongarch/Makefile | 2 arch/loongarch/kernel/setup.c | 1 arch/parisc/include/uapi/asm/ioctls.h | 8 arch/parisc/lib/memcpy.c | 1 arch/powerpc/platforms/powernv/pci-ioda.c | 2 arch/powerpc/platforms/pseries/msi.c | 2 arch/s390/Makefile | 1 arch/s390/kernel/vmlinux.lds.S | 54 - arch/s390/net/bpf_jit.h | 55 - arch/s390/net/bpf_jit_comp.c | 139 ++- arch/sparc/kernel/of_device_32.c | 1 arch/sparc/kernel/of_device_64.c | 1 arch/sparc/mm/hugetlbpage.c | 20 arch/x86/entry/entry_64_fred.S | 2 arch/x86/hyperv/ivm.c | 2 arch/x86/include/asm/msr-index.h | 1 arch/x86/include/asm/mtrr.h | 10 arch/x86/kernel/cpu/mtrr/generic.c | 6 arch/x86/kernel/cpu/mtrr/mtrr.c | 2 arch/x86/kernel/kvm.c | 21 arch/x86/kernel/umip.c | 15 arch/x86/kvm/cpuid.c | 2 arch/x86/kvm/pmu.c | 5 arch/x86/kvm/svm/pmu.c | 1 arch/x86/kvm/x86.c | 2 arch/x86/xen/enlighten_pv.c | 4 arch/xtensa/platforms/iss/simdisk.c | 6 block/blk-crypto-fallback.c | 3 crypto/essiv.c | 14 drivers/acpi/acpi_dbg.c | 26 drivers/acpi/acpi_tad.c | 3 drivers/acpi/acpica/evglock.c | 4 drivers/acpi/battery.c | 60 - drivers/acpi/property.c | 137 ++- drivers/block/loop.c | 8 drivers/bus/mhi/ep/main.c | 37 drivers/bus/mhi/host/init.c | 5 drivers/char/ipmi/ipmi_kcs_sm.c | 16 drivers/char/ipmi/ipmi_msghandler.c | 416 ++++------ drivers/char/tpm/tpm_tis_core.c | 4 drivers/clk/at91/clk-peripheral.c | 7 drivers/clk/mediatek/clk-mt8195-infra_ao.c | 2 drivers/clk/mediatek/clk-mux.c | 4 drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 drivers/clk/qcom/common.c | 4 drivers/clk/qcom/tcsrcc-x1e80100.c | 4 drivers/clk/renesas/renesas-cpg-mssr.c | 7 drivers/clk/tegra/clk-bpmp.c | 2 drivers/clocksource/clps711x-timer.c | 23 drivers/cpufreq/cpufreq-dt.c | 2 drivers/cpufreq/imx6q-cpufreq.c | 2 drivers/cpufreq/intel_pstate.c | 8 drivers/cpufreq/mediatek-cpufreq-hw.c | 2 drivers/cpufreq/scmi-cpufreq.c | 2 drivers/cpufreq/scpi-cpufreq.c | 2 drivers/cpufreq/spear-cpufreq.c | 2 drivers/cpufreq/tegra186-cpufreq.c | 8 drivers/crypto/aspeed/aspeed-hace-crypto.c | 2 drivers/crypto/atmel-tdes.c | 2 drivers/crypto/rockchip/rk3288_crypto_ahash.c | 2 drivers/firmware/meson/meson_sm.c | 7 drivers/gpio/gpio-wcd934x.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 4 drivers/gpu/drm/amd/display/dc/dce/dce_transform.c | 21 drivers/gpu/drm/amd/display/dc/dce/dce_transform.h | 4 drivers/gpu/drm/amd/include/asic_reg/dce/dce_6_0_d.h | 7 drivers/gpu/drm/amd/include/asic_reg/dce/dce_6_0_sh_mask.h | 2 drivers/gpu/drm/nouveau/nouveau_bo.c | 2 drivers/gpu/drm/panthor/panthor_drv.c | 11 drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c | 5 drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 8 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 17 drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 6 drivers/gpu/drm/xe/xe_hw_engine_group.c | 6 drivers/gpu/drm/xe/xe_query.c | 15 drivers/iio/adc/pac1934.c | 20 drivers/iio/adc/xilinx-ams.c | 47 - drivers/iio/dac/ad5360.c | 2 drivers/iio/dac/ad5421.c | 2 drivers/iio/frequency/adf4350.c | 20 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 4 drivers/iommu/intel/iommu.c | 2 drivers/irqchip/irq-sifive-plic.c | 13 drivers/mailbox/mtk-cmdq-mailbox.c | 12 drivers/mailbox/zynqmp-ipi-mailbox.c | 24 drivers/media/cec/usb/extron-da-hd-4k-plus/Makefile | 6 drivers/media/i2c/mt9v111.c | 2 drivers/media/mc/mc-devnode.c | 6 drivers/media/mc/mc-entity.c | 2 drivers/media/pci/cx18/cx18-queue.c | 13 drivers/media/pci/ivtv/ivtv-irq.c | 2 drivers/media/pci/ivtv/ivtv-yuv.c | 8 drivers/media/pci/mgb4/mgb4_trigger.c | 2 drivers/media/platform/qcom/venus/firmware.c | 8 drivers/media/platform/samsung/s5p-mfc/s5p_mfc_cmd_v6.c | 35 drivers/media/platform/ti/j721e-csi2rx/j721e-csi2rx.c | 9 drivers/media/rc/lirc_dev.c | 9 drivers/media/test-drivers/vivid/vivid-cec.c | 12 drivers/memory/samsung/exynos-srom.c | 10 drivers/mfd/intel_soc_pmic_chtdc_ti.c | 5 drivers/mmc/core/sdio.c | 6 drivers/mmc/host/mmc_spi.c | 2 drivers/mtd/nand/raw/fsmc_nand.c | 6 drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 drivers/net/ethernet/intel/ice/ice_adapter.c | 10 drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 drivers/net/ethernet/mscc/ocelot_stats.c | 2 drivers/net/wireless/ath/ath11k/core.c | 6 drivers/net/wireless/ath/ath11k/hal.c | 16 drivers/net/wireless/ath/ath11k/hal.h | 1 drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 3 drivers/net/wireless/mediatek/mt76/mt7925/usb.c | 3 drivers/nvme/host/pci.c | 2 drivers/of/unittest.c | 1 drivers/pci/controller/cadence/pci-j721e.c | 25 drivers/pci/controller/dwc/pci-keystone.c | 4 drivers/pci/controller/dwc/pcie-rcar-gen4.c | 2 drivers/pci/controller/dwc/pcie-tegra194.c | 32 drivers/pci/controller/pci-tegra.c | 27 drivers/pci/controller/pcie-rcar-host.c | 40 drivers/pci/controller/pcie-xilinx-nwl.c | 7 drivers/pci/endpoint/functions/pci-epf-test.c | 19 drivers/pci/iov.c | 5 drivers/pci/pci-driver.c | 1 drivers/pci/pci-sysfs.c | 20 drivers/pci/pcie/aer.c | 12 drivers/pci/pcie/err.c | 8 drivers/perf/arm-cmn.c | 9 drivers/pinctrl/samsung/pinctrl-samsung.h | 4 drivers/power/supply/max77976_charger.c | 12 drivers/pwm/pwm-berlin.c | 4 drivers/rtc/interface.c | 27 drivers/rtc/rtc-optee.c | 1 drivers/rtc/rtc-x1205.c | 2 drivers/s390/block/dasd.c | 17 drivers/s390/cio/device.c | 37 drivers/scsi/hpsa.c | 21 drivers/scsi/mvsas/mv_init.c | 2 drivers/scsi/sd.c | 50 - drivers/spi/spi-cadence-quadspi.c | 18 drivers/video/fbdev/core/fb_cmdline.c | 2 drivers/xen/events/events_base.c | 37 drivers/xen/manage.c | 3 fs/btrfs/export.c | 8 fs/btrfs/extent_io.c | 14 fs/cramfs/inode.c | 11 fs/eventpoll.c | 139 --- fs/ext4/ext4.h | 2 fs/ext4/fsmap.c | 14 fs/ext4/indirect.c | 2 fs/ext4/inode.c | 10 fs/ext4/move_extent.c | 2 fs/ext4/orphan.c | 17 fs/ext4/super.c | 26 fs/ext4/xattr.c | 19 fs/file.c | 5 fs/fs-writeback.c | 32 fs/fsopen.c | 70 - fs/fuse/dev.c | 2 fs/fuse/file.c | 8 fs/minix/inode.c | 8 fs/namei.c | 8 fs/namespace.c | 108 +- fs/nfs/callback.c | 4 fs/nfs/callback_xdr.c | 1 fs/nfsd/export.c | 96 +- fs/nfsd/export.h | 6 fs/nfsd/lockd.c | 28 fs/nfsd/netns.h | 4 fs/nfsd/nfs4proc.c | 4 fs/nfsd/nfs4state.c | 6 fs/nfsd/nfs4xdr.c | 2 fs/nfsd/nfsfh.c | 40 fs/nfsd/trace.h | 2 fs/nfsd/vfs.c | 14 fs/nfsd/vfs.h | 2 fs/ntfs3/bitmap.c | 1 fs/quota/dquot.c | 10 fs/read_write.c | 14 fs/smb/client/smb1ops.c | 62 + fs/smb/client/smb2inode.c | 22 fs/smb/client/smb2ops.c | 10 fs/squashfs/inode.c | 24 include/acpi/acpixf.h | 6 include/asm-generic/io.h | 98 +- include/linux/cpufreq.h | 3 include/linux/iio/frequency/adf4350.h | 2 include/linux/ksm.h | 8 include/linux/mm.h | 22 include/linux/rseq.h | 11 include/linux/sunrpc/svc.h | 2 include/linux/sunrpc/svc_xprt.h | 19 include/media/v4l2-subdev.h | 30 include/trace/events/dma.h | 1 init/main.c | 12 kernel/bpf/inode.c | 4 kernel/fork.c | 2 kernel/pid.c | 2 kernel/rseq.c | 10 kernel/sched/deadline.c | 73 + kernel/sched/fair.c | 9 kernel/sys.c | 22 kernel/trace/trace_fprobe.c | 11 kernel/trace/trace_kprobe.c | 11 kernel/trace/trace_probe.h | 9 kernel/trace/trace_uprobe.c | 12 lib/crypto/Makefile | 4 lib/genalloc.c | 5 mm/damon/lru_sort.c | 2 mm/damon/vaddr.c | 8 mm/huge_memory.c | 15 mm/hugetlb.c | 3 mm/migrate.c | 23 mm/page_alloc.c | 2 mm/slab.h | 8 mm/slub.c | 3 net/bridge/br_vlan.c | 2 net/core/filter.c | 2 net/core/page_pool.c | 76 + net/ipv4/tcp.c | 5 net/ipv4/tcp_input.c | 1 net/mptcp/pm.c | 7 net/mptcp/pm_netlink.c | 50 + net/mptcp/protocol.h | 8 net/netfilter/nft_objref.c | 39 net/sctp/sm_make_chunk.c | 3 net/sctp/sm_statefuns.c | 6 net/sunrpc/svc_xprt.c | 45 - net/sunrpc/svcsock.c | 2 net/xdp/xsk_queue.h | 45 - security/keys/trusted-keys/trusted_tpm1.c | 7 sound/soc/sof/intel/hda-pcm.c | 29 sound/soc/sof/intel/hda-stream.c | 29 sound/soc/sof/ipc4-pcm.c | 138 ++- sound/soc/sof/ipc4-topology.c | 16 sound/soc/sof/ipc4-topology.h | 10 tools/build/feature/Makefile | 4 tools/lib/perf/include/perf/event.h | 1 tools/perf/builtin-stat.c | 18 tools/perf/pmu-events/arch/arm64/ampere/ampereonex/metrics.json | 10 tools/perf/tests/perf-record.c | 4 tools/perf/tests/shell/record_lbr.sh | 29 tools/perf/tests/shell/stat.sh | 29 tools/perf/tests/shell/trace_btf_enum.sh | 11 tools/perf/util/arm-spe-decoder/arm-spe-decoder.h | 18 tools/perf/util/arm-spe.c | 34 tools/perf/util/disasm.c | 7 tools/perf/util/evsel.c | 31 tools/perf/util/lzma.c | 2 tools/perf/util/session.c | 2 tools/perf/util/setup.py | 5 tools/perf/util/zlib.c | 2 tools/testing/selftests/mm/madv_populate.c | 21 tools/testing/selftests/mm/soft-dirty.c | 5 tools/testing/selftests/mm/vm_util.c | 77 + tools/testing/selftests/mm/vm_util.h | 1 tools/testing/selftests/net/mptcp/mptcp_join.sh | 11 tools/testing/selftests/net/netfilter/nf_nat_edemux.sh | 58 - tools/testing/selftests/rseq/rseq.c | 8 276 files changed, 2881 insertions(+), 1569 deletions(-) Aaron Kling (1): cpufreq: tegra186: Set target frequency for all cpus in policy Abel Vesa (1): clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk Abinash Singh (1): scsi: sd: Fix build warning in sd_revalidate_disk() Adam Xue (1): bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() Ahmet Eray Karadag (1): ext4: guard against EA inode refcount underflow in xattr update Aleksa Sarai (1): fscontext: do not consume log entries when returning -EMSGSIZE Aleksandar Gerasimovski (1): iio/adc/pac1934: fix channel disable configuration Aleksandrs Vinarskis (1): arm64: dts: qcom: x1e80100-pmics: Disable pm8010 by default Alex Deucher (1): drm/amdgpu: Add additional DCE6 SCL registers Alexander Lobakin (1): xsk: Harden userspace-supplied xdp_desc validation Alexander Sverdlin (1): ARM: AM33xx: Implement TI advisory 1.0.36 (EMU0/EMU1 pins state on reset) Alexandr Sapozhnikov (1): net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Alexey Gladkov (1): s390: vmlinux.lds.S: Reorder sections Alok Tiwari (1): clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Amir Mohammad Jahangirzad (1): ACPI: debug: fix signedness issues in read/write helpers Anderson Nascimento (1): btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Andy Shevchenko (2): mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type ACPI: battery: Check for error code from devm_mutex_init() call AngeloGioacchino Del Regno (1): clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m Anthony Yznaga (1): sparc64: fix hugetlb for sun4u Arnd Bergmann (1): media: s5p-mfc: remove an unused/uninitialized variable Askar Safin (1): openat2: don't trigger automounts with RESOLVE_NO_XDEV Baokun Li (1): ext4: add ext4_sb_bread_nofail() helper function for ext4_free_branches() Bartosz Golaszewski (1): gpio: wcd934x: mark the GPIO controller as sleeping Borislav Petkov (AMD) (1): KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace Brian Masney (2): clk: at91: peripheral: fix return value clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Brian Norris (1): PCI/sysfs: Ensure devices are powered for config reads Catalin Marinas (1): arm64: mte: Do not flag the zero page as PG_mte_tagged Chen-Yu Tsai (1): clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() Christian Brauner (3): listmount: don't call path_put() under namespace semaphore statmount: don't call path_put() under namespace semaphore mount: handle NULL values in mnt_ns_release() Chuck Lever (1): NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock() Clément Le Goffic (1): rtc: optee: fix memory leak on driver removal Corey Minyard (2): Revert "ipmi: fix msg stack when IPMI is disconnected" ipmi: Rework user message limit handling Dan Carpenter (2): clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() Daniel Borkmann (1): bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Daniel Tang (1): ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT Darrick J. Wong (1): fuse: fix livelock in synchronous file put from fuseblk workers David Lechner (1): media: pci: mg4b: fix uninitialized iio scan data Deepanshu Kartikey (1): ext4: validate ea_ino and size in check_xattrs Donet Tom (1): mm/ksm: fix incorrect KSM counter handling in mm_struct during fork Duoming Zhou (2): scsi: mvsas: Fix use-after-free bugs in mvs_work_queue net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work Dzmitry Sankouski (1): power: supply: max77976_charger: fix constant current reporting Edward Adam Davis (1): media: mc: Clear minor number before put device Eric Biggers (2): KEYS: trusted_tpm1: Compare HMAC values in constant time sctp: Fix MAC comparison to be constant-time Eric Dumazet (1): tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat() Eric Woudstra (1): bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() Erick Karanja (1): net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Esben Haabendal (2): rtc: interface: Ensure alarm irq is enabled when UIE is enabled rtc: interface: Fix long-standing race when setting alarm Fangzhi Zuo (1): drm/amd/display: Enable Dynamic DTBCLK Switch Fedor Pchelkin (1): clk: tegra: do not overallocate memory for bpmp clocks Fernando Fernandez Mancera (1): netfilter: nft_objref: validate objref and objrefmap expressions Finn Thain (1): fbdev: Fix logic error in "offb" name match Florian Westphal (1): selftests: netfilter: query conntrack state to check for port clash resolution Fushuai Wang (1): cifs: Fix copy_to_iter return value check Georg Gottleuber (1): nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk Greg Kroah-Hartman (1): Linux 6.12.54 Guenter Roeck (1): ipmi: Fix handling of messages with provided receive message pointer Gunnar Kudrjavets (1): tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single Hans Verkuil (1): media: vivid: fix disappearing <Vendor Command With ID> messages Hans de Goede (2): mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag Haotian Zhang (1): ice: ice_adapter: release xa entry on adapter allocation failure Haoxiang Li (1): fs/ntfs3: Fix a resource leak bug in wnd_extend() Harini T (4): mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop mailbox: zynqmp-ipi: Fix SGI cleanup on unbind Harshit Agarwal (1): sched/deadline: Fix race in push_dl_task() Heiko Carstens (1): s390: Add -Wno-pointer-sign to KBUILD_CFLAGS_DECOMPRESSOR Herbert Xu (1): crypto: essiv - Check ssize for decryption and in-place encryption Hongbo Li (1): irqchip/sifive-plic: Make use of __assign_bit() Huacai Chen (3): LoongArch: Init acpi_gbl_use_global_lock to false init: handle bootloader identifier in kernel parameters ACPICA: Allow to skip Global Lock initialization Ian Forbes (2): drm/vmwgfx: Fix Use-after-free in validation drm/vmwgfx: Fix copy-paste typo in validation Ian Rogers (8): perf disasm: Avoid undefined behavior in incrementing NULL perf test trace_btf_enum: Skip if permissions are insufficient perf evsel: Avoid container_of on a NULL leader libperf event: Ensure tracing data is multiple of 8 sized perf test shell lbr: Avoid failures with perf event paranoia perf test: Don't leak workload gopipe in PERF_RECORD_* perf evsel: Ensure the fallback message is always written to perf test stat: Avoid hybrid assumption when virtualized Ilkka Koskinen (1): perf vendor events arm64 AmpereOneX: Fix typo - should be l1d_cache_access_prefetches Ilya Leoshkevich (4): s390/bpf: Centralize frame offset calculations s390/bpf: Describe the frame using a struct instead of constants s390/bpf: Write back tail call counter for BPF_PSEUDO_CALL s390/bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG Jaehoon Kim (2): s390/dasd: enforce dma_alignment to ensure proper buffer validation s390/dasd: Return BLK_STS_INVAL for EINVAL from do_dasd_request Jai Luthra (2): media: ti: j721e-csi2rx: Use devm_of_platform_populate media: ti: j721e-csi2rx: Fix source subdev link creation James Clark (1): perf test: Add a test for default perf stat command Jan Kara (4): ext4: verify orphan file size is not too big ext4: free orphan info with kvfree writeback: Avoid softlockup when switching many inodes writeback: Avoid excessively long inode switching times Jani Nurminen (1): PCI: xilinx-nwl: Fix ECAM programming Jann Horn (1): drm/panthor: Fix memory leak in panthor_ioctl_group_create() Jason Andryuk (3): xen/events: Cleanup find_virq() return codes xen/events: Return -EEXIST for bound VIRQs xen/events: Update virq_to_irq on migration Jason-JH Lin (1): mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() Jisheng Zhang (1): pwm: berlin: Fix wrong register in suspend/resume Johan Hovold (2): firmware: meson_sm: fix device leak at probe lib/genalloc: fix device leak in of_gen_pool_get() John David Anglin (1): parisc: Remove spurious if statement from raw_copy_from_user() K Prateek Nayak (1): sched/fair: Block delayed tasks on throttled hierarchy during dequeue KaFai Wan (1): bpf: Avoid RCU context warning when unpinning htab with internal structs Kai Vehmanen (2): ASoC: SOF: ipc4-pcm: fix delay calculation when DSP resamples ASoC: SOF: ipc4-pcm: fix start offset calculation for chain DMA Kirill A. Shutemov (1): x86/mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() Krzysztof Kozlowski (1): pinctrl: samsung: Drop unused S3C24xx driver data Kuniyuki Iwashima (1): tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). Lance Yang (3): mm/thp: fix MTE tag mismatch when replacing zero-filled subpages selftests/mm: skip soft-dirty tests when CONFIG_MEM_SOFT_DIRTY is disabled mm/rmap: fix soft-dirty and uffd-wp bit loss when remapping zero-filled mTHP subpage to shared zeropage Laurent Pinchart (1): media: mc: Fix MUST_CONNECT handling for pads with no links Leo Yan (6): perf arm_spe: Correct setting remote access perf arm-spe: Rename the common data source encoding perf arm_spe: Correct memory level for remote access perf session: Fix handling when buffer exceeds 2 GiB tools build: Align warning options with perf perf python: split Clang options when invoking Popen Li Chen (1): loop: fix backing file reference leak on validation error Li RongQing (1): mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 Lichen Liu (1): fs: Add 'initramfs_options' to set initramfs mount options Linus Walleij (1): mtd: rawnand: fsmc: Default to autodetect buswidth Lu Baolu (1): iommu/vt-d: PRS isn't usable if PDS isn't supported Lucas Zampieri (1): irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume Lukas Wunner (3): xen/manage: Fix suspend error path PCI/ERR: Fix uevent on failure to recover PCI/AER: Support errors introduced by PCIe r6.0 Ma Ke (3): media: lirc: Fix error handling in lirc_register() of: unittest: Fix device reference count leak in of_unittest_pci_node_verify sparc: fix error handling in scan_one_device() Marek Vasut (5): drm/rcar-du: dsi: Fix 1/2/3 lane support PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock PCI: rcar-gen4: Fix PHY initialization PCI: rcar-host: Drop PMSR spinlock PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock Matthew Auld (1): drm/xe/uapi: loosen used tracking restriction Matthieu Baerts (NGI0) (2): selftests: mptcp: join: validate C-flag + def limit mptcp: pm: in-kernel: usable client side with C-flag Miaoqian Lin (2): ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init xtensa: simdisk: add input size check in proc_write_simdisk Michael Hennerich (2): iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE iio: frequency: adf4350: Fix prescaler usage. Michael Riesch (1): dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required Miklos Szeredi (2): fuse: fix possibly missing fuse_copy_finish() call in fuse_notify() copy_file_range: limit size if in compat mode Muhammad Usama Anjum (1): wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Nam Cao (3): eventpoll: Replace rwlock with spinlock powerpc/powernv/pci: Fix underflow and leak issue powerpc/pseries/msi: Fix potential underflow and leak issue Namhyung Kim (2): perf test: Update sysfs path for core PMU caps perf tools: Add fallback for exclude_guest Nathan Chancellor (2): s390/vmlinux.lds.S: Move .vmlinux.info to end of allocatable sections lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older NeilBrown (2): nfsd: refine and rename NFSD_MAY_LOCK nfsd: don't use sv_nrthreads in connection limiting calculations. Nick Morrow (2): wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 Niklas Cassel (2): PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() PCI: tegra194: Reset BARs when running in PCIe endpoint mode Niklas Schnelle (2): PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV PCI/AER: Fix missing uevent on recovery when a reset is requested Ojaswin Mujoo (1): ext4: correctly handle queries for metadata mappings Oleg Nesterov (1): kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths Olga Kornievskaia (4): nfsd: nfserr_jukebox in nlm_fopen should lead to a retry nfsd: unregister with rpcbind when deleting a transport nfsd: fix __fh_verify for localio nfsd: fix access checking for NLM under XPRTSEC policies Omar Sandoval (1): arm64: map [_text, _stext) virtual address range non-executable+read-only Pali Rohár (2): cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT Paulo Alcantara (1): smb: client: fix missing timestamp updates after utime(2) Peter Ujfalusi (5): ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel ASoC: SOF: ipc4-pcm: Enable delay reporting for ChainDMA streams Petr Tesarik (1): dma-mapping: fix direction in dma_alloc direction traces Phillip Lougher (2): Squashfs: add additional inode sanity checking Squashfs: reject negative file sizes in squashfs_read_inode() Pratyush Yadav (2): spi: cadence-quadspi: Flush posted register writes before INDAC access spi: cadence-quadspi: Flush posted register writes before DAC access Qianfeng Rong (3): media: i2c: mt9v111: fix incorrect type for ret iio: dac: ad5360: use int type to store negative error codes iio: dac: ad5421: use int type to store negative error codes Qu Wenruo (1): btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() Rafael J. Wysocki (7): ACPI: property: Fix buffer properties extraction for subnodes cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency ACPI: battery: Add synchronization between interface updates ACPI: property: Disregard references in data-only subnode lists ACPI: property: Add code comments explaining what is going on ACPI: property: Do not pass NULL handles to acpi_attach_data() Randy Dunlap (1): media: cec: extron-da-hd-4k-plus: drop external-module make commands Rex Chen (2): mmc: core: SPI mode remove cmd7 mmc: mmc_spi: multiple block read remove read crc ack Rob Herring (Arm) (1): rtc: x1205: Fix Xicor X1205 vendor prefix Robin Murphy (1): perf/arm-cmn: Fix CMN S3 DTM offset Sakari Ailus (2): mailbox: mtk-cmdq-mailbox: Switch to __pm_runtime_put_autosuspend() mailbox: mtk-cmdq: Switch to pm_runtime_put_autosuspend() Sam James (1): parisc: don't reference obsolete termio struct for TC* constants Santhosh Kumar K (1): spi: cadence-quadspi: Fix cqspi_setup_flash() Scott Mayhew (1): nfsd: decouple the xprtsec policy check from check_nfsd_access() Sean Anderson (2): iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK iio: xilinx-ams: Unmask interrupts after updating alarms Sean Christopherson (5): KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 rseq/selftests: Use weak symbol reference, not definition, to link with glibc x86/umip: Check that the instruction opcode is at least two bytes x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP Sean Nyekjaer (1): iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume SeongJae Park (2): mm/damon/vaddr: do not repeat pte_offset_map_lock() until success mm/damon/lru_sort: use param_ctx for damon_attrs staging Shashank A P (1): fs: quota: create dedicated workqueue for quota_release_work Shin'ichiro Kawasaki (1): PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release Shuhao Fu (1): drm/nouveau: fix bad ret code in nouveau_bo_move_prep Shuicheng Lin (1): drm/xe/hw_engine_group: Fix double write lock release in error path Siddharth Vadapalli (2): PCI: j721e: Fix programming sequence of "strap" settings PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit Simon Schuster (1): copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) Stephan Gerhold (4): arm64: dts: qcom: msm8916: Add missing MDSS reset arm64: dts: qcom: msm8939: Add missing MDSS reset arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees media: venus: firmware: Use correct reset sequence for IRIS2 Sumit Kumar (1): bus: mhi: ep: Fix chained transfer handling in read path Suren Baghdasaryan (2): slab: prevent warnings when slab obj_exts vector allocation fails slab: mark slab->obj_exts allocation failures unconditionally Tetsuo Handa (2): minixfs: Verify inode mode when loading from disk cramfs: Verify inode mode when loading from disk Thadeu Lima de Souza Cascardo (1): mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations Theodore Ts'o (1): ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Thomas Fourier (5): media: cx18: Add missing check after DMA map media: pci: ivtv: Add missing check after DMA map crypto: aspeed - Fix dma_unmap_sg() direction crypto: atmel - Fix dma_unmap_sg() direction crypto: rockchip - Fix dma_unmap_sg() nents value Thomas Gleixner (1): rseq: Protect event mask against membarrier IPI Thomas Weißschuh (3): fs: always return zero on success from replace_fd() ACPI: battery: allocate driver data through devm_ APIs ACPI: battery: initialize mutexes through devm_ APIs Thorsten Blum (2): scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() Tiezhu Yang (1): LoongArch: Add cflag -fno-isolate-erroneous-paths-dereference Timur Kristóf (3): drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 drm/amd/display: Properly disable scaling on DCE6 Toke Høiland-Jørgensen (1): page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches Tomi Valkeinen (1): media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() Varad Gautam (1): asm-generic/io.h: Skip trace helpers if rwmmio events are disabled Vibhore Vardhan (1): arm64: dts: ti: k3-am62a-main: Fix main padcfg length Vidya Sagar (1): PCI: tegra194: Handle errors in BPMP response Vineeth Vijayan (1): s390/cio: Update purge function to unregister the unused subchannels Wang Jiang (1): PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() Xin Li (Intel) (1): x86/fred: Remove ENDBR64 from FRED entry points Yang Shi (1): arm64: kprobes: call set_memory_rox() for kprobe page Yongjian Sun (1): ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Yu Kuai (1): blk-crypto: fix missing blktrace bio split events Yuan CHen (1): clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() Yuan Chen (1): tracing: Fix race condition in kprobe initialization causing NULL pointer dereference Yunseong Kim (1): perf util: Fix compression checks returning -1 as bool Zack Rusin (1): drm/vmwgfx: Fix a null-ptr access in the cursor snooper Zhang Yi (1): ext4: fix an off-by-one issue during moving extents Zhen Ni (2): clocksource/drivers/clps711x: Fix resource leaks in error paths memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe gaoxiang17 (1): pid: Add a judgment for ns null in pid_nr_ns

1 week, 1 day

1
1
0 0

Linux 6.6.113

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.113 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 3 Documentation/devicetree/bindings/phy/rockchip-inno-csi-dphy.yaml | 15 Makefile | 2 arch/arm/mach-omap2/pm33xx-core.c | 6 arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 2 arch/arm64/kernel/cpufeature.c | 10 arch/arm64/kernel/mte.c | 3 arch/arm64/kernel/probes/kprobes.c | 8 arch/loongarch/kernel/setup.c | 5 arch/parisc/include/uapi/asm/ioctls.h | 8 arch/parisc/lib/memcpy.c | 1 arch/powerpc/platforms/powernv/pci-ioda.c | 2 arch/powerpc/platforms/pseries/msi.c | 2 arch/s390/net/bpf_jit.h | 55 - arch/s390/net/bpf_jit_comp.c | 161 ++- arch/sparc/kernel/of_device_32.c | 1 arch/sparc/kernel/of_device_64.c | 1 arch/sparc/mm/hugetlbpage.c | 20 arch/x86/include/asm/msr-index.h | 1 arch/x86/kernel/umip.c | 15 arch/x86/kvm/pmu.c | 5 arch/x86/kvm/svm/pmu.c | 1 arch/x86/kvm/svm/svm.c | 13 arch/x86/kvm/x86.c | 2 arch/xtensa/platforms/iss/simdisk.c | 6 block/blk-crypto-fallback.c | 3 crypto/essiv.c | 14 drivers/acpi/acpi_dbg.c | 26 drivers/acpi/acpi_tad.c | 3 drivers/acpi/acpica/evglock.c | 4 drivers/acpi/battery.c | 60 - drivers/acpi/property.c | 137 ++- drivers/bus/mhi/ep/main.c | 37 drivers/bus/mhi/host/init.c | 5 drivers/char/ipmi/ipmi_kcs_sm.c | 16 drivers/char/ipmi/ipmi_msghandler.c | 416 ++++------ drivers/char/tpm/tpm_tis_core.c | 4 drivers/clk/at91/clk-peripheral.c | 7 drivers/clk/mediatek/clk-mt8195-infra_ao.c | 2 drivers/clk/mediatek/clk-mux.c | 4 drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 drivers/clk/tegra/clk-bpmp.c | 2 drivers/clocksource/clps711x-timer.c | 23 drivers/cpufreq/intel_pstate.c | 8 drivers/cpufreq/tegra186-cpufreq.c | 8 drivers/crypto/aspeed/aspeed-hace-crypto.c | 2 drivers/crypto/atmel-tdes.c | 2 drivers/crypto/rockchip/rk3288_crypto_ahash.c | 2 drivers/firmware/meson/meson_sm.c | 7 drivers/gpio/gpio-wcd934x.c | 2 drivers/gpu/drm/amd/display/dc/dce/dce_transform.c | 21 drivers/gpu/drm/amd/display/dc/dce/dce_transform.h | 4 drivers/gpu/drm/amd/include/asic_reg/dce/dce_6_0_d.h | 7 drivers/gpu/drm/amd/include/asic_reg/dce/dce_6_0_sh_mask.h | 2 drivers/gpu/drm/nouveau/nouveau_bo.c | 2 drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c | 5 drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 8 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 17 drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 6 drivers/iio/adc/xilinx-ams.c | 47 - drivers/iio/dac/ad5360.c | 2 drivers/iio/dac/ad5421.c | 2 drivers/iio/frequency/adf4350.c | 20 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 4 drivers/iommu/intel/iommu.c | 2 drivers/irqchip/irq-sifive-plic.c | 13 drivers/mailbox/zynqmp-ipi-mailbox.c | 7 drivers/media/i2c/mt9v111.c | 2 drivers/media/mc/mc-devnode.c | 6 drivers/media/mc/mc-entity.c | 2 drivers/media/pci/cx18/cx18-queue.c | 13 drivers/media/pci/ivtv/ivtv-irq.c | 2 drivers/media/pci/ivtv/ivtv-yuv.c | 8 drivers/media/platform/qcom/venus/firmware.c | 8 drivers/media/rc/lirc_dev.c | 9 drivers/memory/samsung/exynos-srom.c | 10 drivers/mfd/intel_soc_pmic_chtdc_ti.c | 5 drivers/misc/fastrpc.c | 37 drivers/mmc/core/sdio.c | 6 drivers/mtd/nand/raw/fsmc_nand.c | 6 drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 drivers/net/wireless/ath/ath11k/core.c | 6 drivers/net/wireless/ath/ath11k/hal.c | 16 drivers/net/wireless/ath/ath11k/hal.h | 1 drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 3 drivers/nvme/host/pci.c | 2 drivers/of/unittest.c | 1 drivers/pci/controller/dwc/pci-keystone.c | 4 drivers/pci/controller/dwc/pcie-tegra194.c | 22 drivers/pci/controller/pci-tegra.c | 27 drivers/pci/controller/pcie-rcar-host.c | 40 drivers/pci/endpoint/functions/pci-epf-test.c | 19 drivers/pci/iov.c | 5 drivers/pci/pci-driver.c | 1 drivers/pci/pci-sysfs.c | 20 drivers/pci/pcie/aer.c | 12 drivers/pci/pcie/err.c | 8 drivers/pinctrl/samsung/pinctrl-samsung.h | 4 drivers/power/supply/max77976_charger.c | 12 drivers/pwm/pwm-berlin.c | 4 drivers/rtc/interface.c | 27 drivers/rtc/rtc-optee.c | 1 drivers/rtc/rtc-x1205.c | 2 drivers/scsi/hpsa.c | 21 drivers/scsi/mvsas/mv_init.c | 2 drivers/spi/spi-cadence-quadspi.c | 5 drivers/video/fbdev/core/fb_cmdline.c | 2 drivers/xen/events/events_base.c | 37 drivers/xen/manage.c | 3 fs/btrfs/export.c | 8 fs/btrfs/extent_io.c | 14 fs/cramfs/inode.c | 11 fs/ext4/fsmap.c | 14 fs/ext4/inode.c | 10 fs/ext4/move_extent.c | 2 fs/ext4/orphan.c | 17 fs/ext4/xattr.c | 19 fs/file.c | 5 fs/fs-writeback.c | 32 fs/fsopen.c | 70 - fs/minix/inode.c | 8 fs/namei.c | 8 fs/namespace.c | 11 fs/nfsd/lockd.c | 15 fs/nfsd/nfs4proc.c | 2 fs/ntfs3/bitmap.c | 1 fs/smb/client/smb1ops.c | 62 + fs/smb/client/smb2inode.c | 22 fs/smb/server/ksmbd_netlink.h | 5 fs/smb/server/server.h | 1 fs/smb/server/transport_ipc.c | 3 fs/smb/server/transport_tcp.c | 28 fs/squashfs/inode.c | 24 include/acpi/acpixf.h | 6 include/asm-generic/io.h | 98 +- include/linux/iio/frequency/adf4350.h | 2 include/linux/ksm.h | 6 include/linux/sched.h | 11 include/media/v4l2-subdev.h | 30 include/net/netfilter/nf_tables.h | 3 include/net/netfilter/nft_fib.h | 4 include/net/netfilter/nft_meta.h | 3 include/net/netfilter/nft_reject.h | 3 init/main.c | 12 kernel/bpf/inode.c | 4 kernel/fork.c | 2 kernel/pid.c | 2 kernel/rseq.c | 10 kernel/sched/deadline.c | 73 + kernel/sys.c | 22 kernel/trace/trace_fprobe.c | 11 kernel/trace/trace_kprobe.c | 11 kernel/trace/trace_probe.h | 9 kernel/trace/trace_uprobe.c | 12 lib/crypto/Makefile | 4 lib/genalloc.c | 5 mm/damon/vaddr.c | 8 mm/hugetlb.c | 3 mm/page_alloc.c | 2 net/bridge/br_vlan.c | 2 net/bridge/netfilter/nft_meta_bridge.c | 5 net/bridge/netfilter/nft_reject_bridge.c | 3 net/core/filter.c | 2 net/ipv4/tcp.c | 5 net/ipv4/tcp_input.c | 1 net/mptcp/pm.c | 7 net/mptcp/pm_netlink.c | 52 + net/mptcp/protocol.h | 8 net/netfilter/nf_tables_api.c | 3 net/netfilter/nft_compat.c | 6 net/netfilter/nft_fib.c | 3 net/netfilter/nft_flow_offload.c | 3 net/netfilter/nft_fwd_netdev.c | 3 net/netfilter/nft_immediate.c | 3 net/netfilter/nft_lookup.c | 3 net/netfilter/nft_masq.c | 3 net/netfilter/nft_meta.c | 6 net/netfilter/nft_nat.c | 3 net/netfilter/nft_objref.c | 39 net/netfilter/nft_osf.c | 3 net/netfilter/nft_queue.c | 3 net/netfilter/nft_redir.c | 3 net/netfilter/nft_reject.c | 3 net/netfilter/nft_reject_inet.c | 3 net/netfilter/nft_reject_netdev.c | 3 net/netfilter/nft_rt.c | 3 net/netfilter/nft_socket.c | 3 net/netfilter/nft_synproxy.c | 3 net/netfilter/nft_tproxy.c | 3 net/netfilter/nft_xfrm.c | 3 net/sctp/sm_make_chunk.c | 3 net/sctp/sm_statefuns.c | 6 security/keys/trusted-keys/trusted_tpm1.c | 7 sound/soc/sof/ipc4-topology.h | 4 tools/build/feature/Makefile | 4 tools/lib/perf/include/perf/event.h | 1 tools/perf/builtin-stat.c | 18 tools/perf/tests/perf-record.c | 4 tools/perf/tests/shell/stat.sh | 29 tools/perf/util/arm-spe-decoder/arm-spe-decoder.h | 18 tools/perf/util/arm-spe.c | 34 tools/perf/util/evsel.c | 31 tools/perf/util/lzma.c | 2 tools/perf/util/session.c | 2 tools/perf/util/setup.py | 5 tools/perf/util/zlib.c | 2 tools/testing/selftests/mm/madv_populate.c | 21 tools/testing/selftests/mm/soft-dirty.c | 5 tools/testing/selftests/mm/vm_util.c | 77 + tools/testing/selftests/mm/vm_util.h | 1 tools/testing/selftests/net/mptcp/mptcp_join.sh | 11 tools/testing/selftests/rseq/rseq.c | 8 216 files changed, 1920 insertions(+), 1078 deletions(-) Aaron Kling (1): cpufreq: tegra186: Set target frequency for all cpus in policy Adam Xue (1): bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() Ahmet Eray Karadag (1): ext4: guard against EA inode refcount underflow in xattr update Aleksa Sarai (1): fscontext: do not consume log entries when returning -EMSGSIZE Alex Deucher (1): drm/amdgpu: Add additional DCE6 SCL registers Alexandr Sapozhnikov (1): net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Alok Tiwari (1): clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Amir Mohammad Jahangirzad (1): ACPI: debug: fix signedness issues in read/write helpers Anderson Nascimento (1): btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Andy Shevchenko (2): mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type ACPI: battery: Check for error code from devm_mutex_init() call AngeloGioacchino Del Regno (1): clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m Anthony Yznaga (1): sparc64: fix hugetlb for sun4u Askar Safin (1): openat2: don't trigger automounts with RESOLVE_NO_XDEV Bartosz Golaszewski (1): gpio: wcd934x: mark the GPIO controller as sleeping Brian Masney (2): clk: at91: peripheral: fix return value clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Brian Norris (1): PCI/sysfs: Ensure devices are powered for config reads Catalin Marinas (1): arm64: mte: Do not flag the zero page as PG_mte_tagged Chen-Yu Tsai (1): clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() Clément Le Goffic (1): rtc: optee: fix memory leak on driver removal Corey Minyard (2): Revert "ipmi: fix msg stack when IPMI is disconnected" ipmi: Rework user message limit handling Dan Carpenter (1): net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() Daniel Borkmann (1): bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Daniel Tang (1): ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT Deepanshu Kartikey (1): ext4: validate ea_ino and size in check_xattrs Donet Tom (1): mm/ksm: fix incorrect KSM counter handling in mm_struct during fork Duoming Zhou (1): scsi: mvsas: Fix use-after-free bugs in mvs_work_queue Dzmitry Sankouski (1): power: supply: max77976_charger: fix constant current reporting Edward Adam Davis (1): media: mc: Clear minor number before put device Ekansh Gupta (1): misc: fastrpc: Add missing dev_err newlines Eric Biggers (2): KEYS: trusted_tpm1: Compare HMAC values in constant time sctp: Fix MAC comparison to be constant-time Eric Dumazet (1): tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat() Eric Woudstra (1): bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() Erick Karanja (1): net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Esben Haabendal (2): rtc: interface: Ensure alarm irq is enabled when UIE is enabled rtc: interface: Fix long-standing race when setting alarm Fedor Pchelkin (1): clk: tegra: do not overallocate memory for bpmp clocks Fernando Fernandez Mancera (1): netfilter: nft_objref: validate objref and objrefmap expressions Finn Thain (1): fbdev: Fix logic error in "offb" name match Florian Westphal (1): netfilter: nf_tables: drop unused 3rd argument from validate callback ops Georg Gottleuber (1): nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk Greg Kroah-Hartman (1): Linux 6.6.113 Guenter Roeck (1): ipmi: Fix handling of messages with provided receive message pointer Gunnar Kudrjavets (1): tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single Hans de Goede (2): mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag Haoxiang Li (1): fs/ntfs3: Fix a resource leak bug in wnd_extend() Harini T (2): mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes Harshit Agarwal (1): sched/deadline: Fix race in push_dl_task() Herbert Xu (1): crypto: essiv - Check ssize for decryption and in-place encryption Hongbo Li (1): irqchip/sifive-plic: Make use of __assign_bit() Huacai Chen (3): LoongArch: Init acpi_gbl_use_global_lock to false init: handle bootloader identifier in kernel parameters ACPICA: Allow to skip Global Lock initialization Ian Forbes (2): drm/vmwgfx: Fix Use-after-free in validation drm/vmwgfx: Fix copy-paste typo in validation Ian Rogers (5): perf evsel: Avoid container_of on a NULL leader libperf event: Ensure tracing data is multiple of 8 sized perf test: Don't leak workload gopipe in PERF_RECORD_* perf evsel: Ensure the fallback message is always written to perf test stat: Avoid hybrid assumption when virtualized Ilya Leoshkevich (5): s390/bpf: Change seen_reg to a mask s390/bpf: Centralize frame offset calculations s390/bpf: Describe the frame using a struct instead of constants s390/bpf: Write back tail call counter for BPF_PSEUDO_CALL s390/bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG James Clark (1): perf test: Add a test for default perf stat command Jan Kara (4): ext4: verify orphan file size is not too big ext4: free orphan info with kvfree writeback: Avoid softlockup when switching many inodes writeback: Avoid excessively long inode switching times Jason Andryuk (3): xen/events: Cleanup find_virq() return codes xen/events: Return -EEXIST for bound VIRQs xen/events: Update virq_to_irq on migration Jisheng Zhang (1): pwm: berlin: Fix wrong register in suspend/resume Johan Hovold (2): firmware: meson_sm: fix device leak at probe lib/genalloc: fix device leak in of_gen_pool_get() John David Anglin (1): parisc: Remove spurious if statement from raw_copy_from_user() KaFai Wan (1): bpf: Avoid RCU context warning when unpinning htab with internal structs Krzysztof Kozlowski (1): pinctrl: samsung: Drop unused S3C24xx driver data Kuniyuki Iwashima (1): tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). Lance Yang (1): selftests/mm: skip soft-dirty tests when CONFIG_MEM_SOFT_DIRTY is disabled Laurent Pinchart (1): media: mc: Fix MUST_CONNECT handling for pads with no links Leo Yan (6): perf arm_spe: Correct setting remote access perf arm-spe: Rename the common data source encoding perf arm_spe: Correct memory level for remote access perf session: Fix handling when buffer exceeds 2 GiB tools build: Align warning options with perf perf python: split Clang options when invoking Popen Li RongQing (1): mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 Lichen Liu (1): fs: Add 'initramfs_options' to set initramfs mount options Ling Xu (1): misc: fastrpc: Save actual DMA size in fastrpc_map structure Linus Walleij (1): mtd: rawnand: fsmc: Default to autodetect buswidth Lu Baolu (1): iommu/vt-d: PRS isn't usable if PDS isn't supported Lucas Zampieri (1): irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume Lukas Wunner (3): xen/manage: Fix suspend error path PCI/ERR: Fix uevent on failure to recover PCI/AER: Support errors introduced by PCIe r6.0 Ma Ke (3): media: lirc: Fix error handling in lirc_register() of: unittest: Fix device reference count leak in of_unittest_pci_node_verify sparc: fix error handling in scan_one_device() Marek Vasut (4): drm/rcar-du: dsi: Fix 1/2/3 lane support PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock PCI: rcar-host: Drop PMSR spinlock PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock Matthieu Baerts (NGI0) (2): selftests: mptcp: join: validate C-flag + def limit mptcp: pm: in-kernel: usable client side with C-flag Miaoqian Lin (2): ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init xtensa: simdisk: add input size check in proc_write_simdisk Michael Hennerich (2): iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE iio: frequency: adf4350: Fix prescaler usage. Michael Riesch (1): dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required Muhammad Usama Anjum (1): wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Nam Cao (2): powerpc/powernv/pci: Fix underflow and leak issue powerpc/pseries/msi: Fix potential underflow and leak issue Namhyung Kim (1): perf tools: Add fallback for exclude_guest Namjae Jeon (1): ksmbd: add max ip connections parameter Nathan Chancellor (1): lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older Nick Morrow (1): wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 Niklas Cassel (1): PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() Niklas Schnelle (2): PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV PCI/AER: Fix missing uevent on recovery when a reset is requested Ojaswin Mujoo (1): ext4: correctly handle queries for metadata mappings Oleg Nesterov (1): kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths Olga Kornievskaia (1): nfsd: nfserr_jukebox in nlm_fopen should lead to a retry Pali Rohár (1): cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points Paulo Alcantara (1): smb: client: fix missing timestamp updates after utime(2) Peter Ujfalusi (1): ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size Phillip Lougher (2): Squashfs: add additional inode sanity checking Squashfs: reject negative file sizes in squashfs_read_inode() Pratyush Yadav (2): spi: cadence-quadspi: Flush posted register writes before INDAC access spi: cadence-quadspi: Flush posted register writes before DAC access Qianfeng Rong (3): media: i2c: mt9v111: fix incorrect type for ret iio: dac: ad5360: use int type to store negative error codes iio: dac: ad5421: use int type to store negative error codes Qu Wenruo (1): btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() Rafael J. Wysocki (6): ACPI: property: Fix buffer properties extraction for subnodes cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() ACPI: battery: Add synchronization between interface updates ACPI: property: Disregard references in data-only subnode lists ACPI: property: Add code comments explaining what is going on ACPI: property: Do not pass NULL handles to acpi_attach_data() Rex Chen (1): mmc: core: SPI mode remove cmd7 Rob Herring (Arm) (1): rtc: x1205: Fix Xicor X1205 vendor prefix Sam James (1): parisc: don't reference obsolete termio struct for TC* constants Sean Anderson (2): iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK iio: xilinx-ams: Unmask interrupts after updating alarms Sean Christopherson (5): rseq/selftests: Use weak symbol reference, not definition, to link with glibc x86/umip: Check that the instruction opcode is at least two bytes x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 Sean Nyekjaer (1): iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume SeongJae Park (1): mm/damon/vaddr: do not repeat pte_offset_map_lock() until success Shin'ichiro Kawasaki (1): PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release Shuhao Fu (1): drm/nouveau: fix bad ret code in nouveau_bo_move_prep Siddharth Vadapalli (1): PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit Simon Schuster (1): copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) Stephan Gerhold (4): arm64: dts: qcom: msm8916: Add missing MDSS reset arm64: dts: qcom: msm8939: Add missing MDSS reset arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees media: venus: firmware: Use correct reset sequence for IRIS2 Sumit Kumar (1): bus: mhi: ep: Fix chained transfer handling in read path Tetsuo Handa (2): minixfs: Verify inode mode when loading from disk cramfs: Verify inode mode when loading from disk Thadeu Lima de Souza Cascardo (1): mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations Thomas Fourier (5): media: cx18: Add missing check after DMA map media: pci: ivtv: Add missing check after DMA map crypto: aspeed - Fix dma_unmap_sg() direction crypto: atmel - Fix dma_unmap_sg() direction crypto: rockchip - Fix dma_unmap_sg() nents value Thomas Gleixner (1): rseq: Protect event mask against membarrier IPI Thomas Weißschuh (3): fs: always return zero on success from replace_fd() ACPI: battery: allocate driver data through devm_ APIs ACPI: battery: initialize mutexes through devm_ APIs Thorsten Blum (2): scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() Tiezhu Yang (1): LoongArch: Remove CONFIG_ACPI_TABLE_UPGRADE in platform_init() Timur Kristóf (3): drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 drm/amd/display: Properly disable scaling on DCE6 Tomi Valkeinen (1): media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() Varad Gautam (1): asm-generic/io.h: Skip trace helpers if rwmmio events are disabled Vibhore Vardhan (1): arm64: dts: ti: k3-am62a-main: Fix main padcfg length Vidya Sagar (1): PCI: tegra194: Handle errors in BPMP response Wang Jiang (1): PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() Yang Shi (1): arm64: kprobes: call set_memory_rox() for kprobe page Yongjian Sun (1): ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Yu Kuai (1): blk-crypto: fix missing blktrace bio split events Yuan Chen (1): tracing: Fix race condition in kprobe initialization causing NULL pointer dereference Yunseong Kim (1): perf util: Fix compression checks returning -1 as bool Zack Rusin (1): drm/vmwgfx: Fix a null-ptr access in the cursor snooper Zhang Yi (1): ext4: fix an off-by-one issue during moving extents Zhen Ni (2): clocksource/drivers/clps711x: Fix resource leaks in error paths memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe gaoxiang17 (1): pid: Add a judgment for ns null in pid_nr_ns

1 week, 1 day

1
1
0 0

Linux 6.1.157

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.157 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 3 Documentation/devicetree/bindings/phy/rockchip-inno-csi-dphy.yaml | 15 Makefile | 2 arch/arm/mach-omap2/pm33xx-core.c | 6 arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 2 arch/loongarch/kernel/setup.c | 5 arch/parisc/include/uapi/asm/ioctls.h | 8 arch/parisc/lib/memcpy.c | 1 arch/powerpc/platforms/powernv/pci-ioda.c | 2 arch/powerpc/platforms/pseries/msi.c | 2 arch/sparc/kernel/of_device_32.c | 1 arch/sparc/kernel/of_device_64.c | 1 arch/sparc/mm/hugetlbpage.c | 20 arch/x86/kernel/umip.c | 15 arch/x86/kvm/emulate.c | 11 arch/x86/kvm/kvm_emulate.h | 2 arch/x86/kvm/x86.c | 9 arch/xtensa/platforms/iss/simdisk.c | 6 block/blk-crypto-fallback.c | 3 crypto/essiv.c | 14 drivers/acpi/acpi_dbg.c | 26 drivers/acpi/acpi_tad.c | 3 drivers/acpi/acpica/evglock.c | 4 drivers/acpi/property.c | 137 ++- drivers/bus/mhi/host/init.c | 5 drivers/char/ipmi/ipmi_msghandler.c | 416 ++++------ drivers/char/tpm/tpm_tis_core.c | 4 drivers/clk/at91/clk-peripheral.c | 7 drivers/clk/mediatek/clk-mt8195-infra_ao.c | 2 drivers/clk/mediatek/clk-mux.c | 4 drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 drivers/clk/tegra/clk-bpmp.c | 2 drivers/clocksource/clps711x-timer.c | 23 drivers/cpufreq/intel_pstate.c | 8 drivers/cpufreq/tegra186-cpufreq.c | 8 drivers/cpuidle/governors/menu.c | 21 drivers/crypto/aspeed/aspeed-hace-crypto.c | 2 drivers/crypto/atmel-tdes.c | 2 drivers/firmware/meson/meson_sm.c | 7 drivers/gpio/gpio-wcd934x.c | 3 drivers/gpu/drm/amd/display/dc/dce/dce_transform.c | 21 drivers/gpu/drm/amd/display/dc/dce/dce_transform.h | 4 drivers/gpu/drm/amd/include/asic_reg/dce/dce_6_0_d.h | 7 drivers/gpu/drm/amd/include/asic_reg/dce/dce_6_0_sh_mask.h | 2 drivers/gpu/drm/nouveau/nouveau_bo.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 6 drivers/iio/adc/xilinx-ams.c | 47 - drivers/iio/dac/ad5360.c | 2 drivers/iio/dac/ad5421.c | 2 drivers/iio/frequency/adf4350.c | 20 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 4 drivers/iommu/intel/iommu.c | 2 drivers/mailbox/zynqmp-ipi-mailbox.c | 7 drivers/media/i2c/mt9v111.c | 2 drivers/media/mc/mc-devnode.c | 6 drivers/media/mc/mc-entity.c | 2 drivers/media/pci/cx18/cx18-queue.c | 13 drivers/media/pci/ivtv/ivtv-irq.c | 2 drivers/media/pci/ivtv/ivtv-yuv.c | 8 drivers/media/rc/lirc_dev.c | 9 drivers/memory/samsung/exynos-srom.c | 10 drivers/mfd/intel_soc_pmic_chtdc_ti.c | 5 drivers/mmc/core/sdio.c | 6 drivers/mtd/nand/raw/fsmc_nand.c | 6 drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 drivers/net/wireless/ath/ath11k/core.c | 6 drivers/net/wireless/ath/ath11k/hal.c | 16 drivers/net/wireless/ath/ath11k/hal.h | 1 drivers/nvme/host/pci.c | 2 drivers/pci/controller/dwc/pci-keystone.c | 4 drivers/pci/controller/dwc/pcie-tegra194.c | 22 drivers/pci/controller/pci-tegra.c | 27 drivers/pci/controller/pcie-rcar-host.c | 40 drivers/pci/endpoint/functions/pci-epf-test.c | 19 drivers/pci/iov.c | 5 drivers/pci/pci-driver.c | 1 drivers/pci/pci-sysfs.c | 20 drivers/pci/pcie/aer.c | 12 drivers/pci/pcie/err.c | 8 drivers/power/supply/max77976_charger.c | 12 drivers/pwm/pwm-berlin.c | 4 drivers/rtc/interface.c | 27 drivers/rtc/rtc-optee.c | 1 drivers/rtc/rtc-x1205.c | 2 drivers/scsi/hpsa.c | 21 drivers/scsi/mvsas/mv_defs.h | 1 drivers/scsi/mvsas/mv_init.c | 13 drivers/scsi/mvsas/mv_sas.c | 42 - drivers/scsi/mvsas/mv_sas.h | 8 drivers/spi/spi-cadence-quadspi.c | 5 drivers/xen/events/events_base.c | 20 drivers/xen/manage.c | 3 fs/btrfs/export.c | 8 fs/btrfs/extent_io.c | 14 fs/cramfs/inode.c | 11 fs/ext4/fsmap.c | 14 fs/ext4/inode.c | 10 fs/ext4/orphan.c | 17 fs/ext4/xattr.c | 15 fs/file.c | 5 fs/fs-writeback.c | 32 fs/fsopen.c | 70 - fs/minix/inode.c | 8 fs/namei.c | 8 fs/namespace.c | 11 fs/nfsd/lockd.c | 15 fs/nfsd/nfs4proc.c | 2 fs/ntfs3/bitmap.c | 1 fs/smb/server/ksmbd_netlink.h | 5 fs/smb/server/server.h | 1 fs/smb/server/transport_ipc.c | 3 fs/smb/server/transport_tcp.c | 27 fs/squashfs/inode.c | 24 include/acpi/acpixf.h | 6 include/asm-generic/io.h | 126 +-- include/linux/iio/frequency/adf4350.h | 2 include/linux/sched.h | 11 include/media/v4l2-subdev.h | 30 include/scsi/libsas.h | 18 include/trace/events/rwmmio.h | 43 - init/main.c | 12 kernel/bpf/inode.c | 4 kernel/fork.c | 2 kernel/pid.c | 2 kernel/rseq.c | 10 kernel/sched/deadline.c | 73 + kernel/sys.c | 22 kernel/trace/trace_kprobe.c | 11 kernel/trace/trace_probe.h | 9 kernel/trace/trace_uprobe.c | 13 lib/crypto/Makefile | 4 lib/genalloc.c | 5 lib/trace_readwrite.c | 16 mm/hugetlb.c | 3 mm/page_alloc.c | 2 net/bridge/br_vlan.c | 2 net/core/filter.c | 2 net/ipv4/tcp_input.c | 1 net/mptcp/pm.c | 7 net/mptcp/pm_netlink.c | 55 + net/mptcp/protocol.h | 8 net/sctp/sm_make_chunk.c | 3 net/sctp/sm_statefuns.c | 6 security/keys/trusted-keys/trusted_tpm1.c | 7 sound/soc/codecs/wcd934x.c | 30 tools/build/feature/Makefile | 4 tools/lib/perf/include/perf/event.h | 1 tools/perf/tests/perf-record.c | 4 tools/perf/util/arm-spe-decoder/arm-spe-decoder.c | 30 tools/perf/util/arm-spe-decoder/arm-spe-decoder.h | 65 + tools/perf/util/arm-spe.c | 42 - tools/perf/util/evsel.c | 2 tools/perf/util/lzma.c | 2 tools/perf/util/session.c | 2 tools/perf/util/zlib.c | 2 tools/testing/selftests/net/mptcp/mptcp_join.sh | 11 tools/testing/selftests/rseq/rseq.c | 8 tools/testing/selftests/vm/madv_populate.c | 9 tools/testing/selftests/vm/soft-dirty.c | 5 tools/testing/selftests/vm/vm_util.c | 77 + tools/testing/selftests/vm/vm_util.h | 2 164 files changed, 1637 insertions(+), 854 deletions(-) Aaron Kling (1): cpufreq: tegra186: Set target frequency for all cpus in policy Adam Xue (1): bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() Ahmet Eray Karadag (1): ext4: guard against EA inode refcount underflow in xattr update Aleksa Sarai (1): fscontext: do not consume log entries when returning -EMSGSIZE Alex Deucher (1): drm/amdgpu: Add additional DCE6 SCL registers Alexandr Sapozhnikov (1): net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Alok Tiwari (1): clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Amir Mohammad Jahangirzad (1): ACPI: debug: fix signedness issues in read/write helpers Anderson Nascimento (1): btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Andy Shevchenko (2): gpio: wcd934x: Remove duplicate assignment of of_gpio_n_cells mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type AngeloGioacchino Del Regno (1): clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m Anthony Yznaga (1): sparc64: fix hugetlb for sun4u Askar Safin (1): openat2: don't trigger automounts with RESOLVE_NO_XDEV Bartosz Golaszewski (1): gpio: wcd934x: mark the GPIO controller as sleeping Brian Masney (2): clk: at91: peripheral: fix return value clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Brian Norris (1): PCI/sysfs: Ensure devices are powered for config reads Chen-Yu Tsai (1): clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() Clément Le Goffic (1): rtc: optee: fix memory leak on driver removal Corey Minyard (1): ipmi: Rework user message limit handling Dan Carpenter (1): net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() Daniel Borkmann (1): bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Daniel Tang (1): ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT Duoming Zhou (1): scsi: mvsas: Fix use-after-free bugs in mvs_work_queue Dzmitry Sankouski (1): power: supply: max77976_charger: fix constant current reporting Edward Adam Davis (1): media: mc: Clear minor number before put device Eric Biggers (2): KEYS: trusted_tpm1: Compare HMAC values in constant time sctp: Fix MAC comparison to be constant-time Eric Woudstra (1): bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() Erick Karanja (1): net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Esben Haabendal (2): rtc: interface: Ensure alarm irq is enabled when UIE is enabled rtc: interface: Fix long-standing race when setting alarm Fedor Pchelkin (1): clk: tegra: do not overallocate memory for bpmp clocks Georg Gottleuber (1): nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk German Gomez (1): perf arm-spe: Refactor arm-spe to support operation packet type Greg Kroah-Hartman (1): Linux 6.1.157 Guenter Roeck (1): ipmi: Fix handling of messages with provided receive message pointer Gunnar Kudrjavets (1): tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single Hans de Goede (2): mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag Haoxiang Li (1): fs/ntfs3: Fix a resource leak bug in wnd_extend() Harini T (2): mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes Harshit Agarwal (1): sched/deadline: Fix race in push_dl_task() Herbert Xu (1): crypto: essiv - Check ssize for decryption and in-place encryption Huacai Chen (3): LoongArch: Init acpi_gbl_use_global_lock to false init: handle bootloader identifier in kernel parameters ACPICA: Allow to skip Global Lock initialization Ian Forbes (2): drm/vmwgfx: Fix Use-after-free in validation drm/vmwgfx: Fix copy-paste typo in validation Ian Rogers (3): perf evsel: Avoid container_of on a NULL leader libperf event: Ensure tracing data is multiple of 8 sized perf test: Don't leak workload gopipe in PERF_RECORD_* Jan Kara (4): ext4: verify orphan file size is not too big ext4: free orphan info with kvfree writeback: Avoid softlockup when switching many inodes writeback: Avoid excessively long inode switching times Jason Andryuk (2): xen/events: Cleanup find_virq() return codes xen/events: Update virq_to_irq on migration Jisheng Zhang (1): pwm: berlin: Fix wrong register in suspend/resume Johan Hovold (2): firmware: meson_sm: fix device leak at probe lib/genalloc: fix device leak in of_gen_pool_get() John David Anglin (1): parisc: Remove spurious if statement from raw_copy_from_user() John Garry (3): scsi: libsas: Add sas_task_find_rq() scsi: mvsas: Delete mvs_tag_init() scsi: mvsas: Use sas_task_find_rq() for tagging KaFai Wan (1): bpf: Avoid RCU context warning when unpinning htab with internal structs Krzysztof Kozlowski (1): ASoC: codecs: wcd934x: Simplify with dev_err_probe Kuniyuki Iwashima (1): tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). Lance Yang (1): selftests/mm: skip soft-dirty tests when CONFIG_MEM_SOFT_DIRTY is disabled Laurent Pinchart (1): media: mc: Fix MUST_CONNECT handling for pads with no links Leo Yan (5): perf arm_spe: Correct setting remote access perf arm-spe: Rename the common data source encoding perf arm_spe: Correct memory level for remote access perf session: Fix handling when buffer exceeds 2 GiB tools build: Align warning options with perf Li RongQing (1): mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 Lichen Liu (1): fs: Add 'initramfs_options' to set initramfs mount options Linus Walleij (1): mtd: rawnand: fsmc: Default to autodetect buswidth Lu Baolu (1): iommu/vt-d: PRS isn't usable if PDS isn't supported Lukas Wunner (3): xen/manage: Fix suspend error path PCI/ERR: Fix uevent on failure to recover PCI/AER: Support errors introduced by PCIe r6.0 Ma Ke (3): media: lirc: Fix error handling in lirc_register() sparc: fix error handling in scan_one_device() ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() Marek Vasut (3): PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock PCI: rcar-host: Drop PMSR spinlock PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock Matthieu Baerts (NGI0) (2): selftests: mptcp: join: validate C-flag + def limit mptcp: pm: in-kernel: usable client side with C-flag Miaoqian Lin (2): ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init xtensa: simdisk: add input size check in proc_write_simdisk Michael Hennerich (2): iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE iio: frequency: adf4350: Fix prescaler usage. Michael Riesch (1): dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required Muhammad Usama Anjum (1): wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Nam Cao (2): powerpc/powernv/pci: Fix underflow and leak issue powerpc/pseries/msi: Fix potential underflow and leak issue Namjae Jeon (1): ksmbd: add max ip connections parameter Nathan Chancellor (1): lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older Niklas Cassel (1): PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() Niklas Schnelle (2): PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV PCI/AER: Fix missing uevent on recovery when a reset is requested Ojaswin Mujoo (1): ext4: correctly handle queries for metadata mappings Oleg Nesterov (1): kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths Olga Kornievskaia (1): nfsd: nfserr_jukebox in nlm_fopen should lead to a retry Phillip Lougher (2): Squashfs: add additional inode sanity checking Squashfs: reject negative file sizes in squashfs_read_inode() Pratyush Yadav (2): spi: cadence-quadspi: Flush posted register writes before INDAC access spi: cadence-quadspi: Flush posted register writes before DAC access Qianfeng Rong (3): media: i2c: mt9v111: fix incorrect type for ret iio: dac: ad5360: use int type to store negative error codes iio: dac: ad5421: use int type to store negative error codes Qu Wenruo (1): btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() Rafael J. Wysocki (6): ACPI: property: Fix buffer properties extraction for subnodes cpuidle: governors: menu: Avoid using invalid recent intervals data cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() ACPI: property: Disregard references in data-only subnode lists ACPI: property: Add code comments explaining what is going on ACPI: property: Do not pass NULL handles to acpi_attach_data() Rex Chen (1): mmc: core: SPI mode remove cmd7 Rob Herring (Arm) (1): rtc: x1205: Fix Xicor X1205 vendor prefix Sai Prakash Ranjan (1): asm-generic/io: Add _RET_IP_ to MMIO trace for more accurate debug info Sam James (1): parisc: don't reference obsolete termio struct for TC* constants Sean Anderson (2): iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK iio: xilinx-ams: Unmask interrupts after updating alarms Sean Christopherson (4): rseq/selftests: Use weak symbol reference, not definition, to link with glibc x86/umip: Check that the instruction opcode is at least two bytes x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O Sean Nyekjaer (1): iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume Shin'ichiro Kawasaki (1): PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release Shuhao Fu (1): drm/nouveau: fix bad ret code in nouveau_bo_move_prep Siddharth Vadapalli (1): PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit Simon Schuster (1): copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) Stephan Gerhold (2): arm64: dts: qcom: msm8916: Add missing MDSS reset arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees Tetsuo Handa (2): minixfs: Verify inode mode when loading from disk cramfs: Verify inode mode when loading from disk Thadeu Lima de Souza Cascardo (1): mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations Thomas Fourier (4): media: cx18: Add missing check after DMA map media: pci: ivtv: Add missing check after DMA map crypto: aspeed - Fix dma_unmap_sg() direction crypto: atmel - Fix dma_unmap_sg() direction Thomas Gleixner (1): rseq: Protect event mask against membarrier IPI Thomas Weißschuh (1): fs: always return zero on success from replace_fd() Thorsten Blum (2): scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() Tiezhu Yang (1): LoongArch: Remove CONFIG_ACPI_TABLE_UPGRADE in platform_init() Timur Kristóf (3): drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 drm/amd/display: Properly disable scaling on DCE6 Tomi Valkeinen (1): media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() Varad Gautam (1): asm-generic/io.h: Skip trace helpers if rwmmio events are disabled Vibhore Vardhan (1): arm64: dts: ti: k3-am62a-main: Fix main padcfg length Vidya Sagar (1): PCI: tegra194: Handle errors in BPMP response Vladimir Oltean (1): asm-generic/io.h: suppress endianness warnings for relaxed accessors Wang Jiang (1): PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() Yongjian Sun (1): ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Yu Kuai (1): blk-crypto: fix missing blktrace bio split events Yuan Chen (1): tracing: Fix race condition in kprobe initialization causing NULL pointer dereference Yunseong Kim (1): perf util: Fix compression checks returning -1 as bool Zhen Ni (2): clocksource/drivers/clps711x: Fix resource leaks in error paths memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe gaoxiang17 (1): pid: Add a judgment for ns null in pid_nr_ns

1 week, 1 day

1
1
0 0

Linux 5.15.195

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.195 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 3 Documentation/gpu/todo.rst | 11 Documentation/trace/histogram-design.rst | 4 Makefile | 2 arch/arm/mach-at91/pm_suspend.S | 4 arch/arm/mach-omap2/pm33xx-core.c | 6 arch/arm/mm/pageattr.c | 6 arch/arm64/boot/dts/mediatek/mt8516-pumpkin.dts | 2 arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 arch/arm64/kernel/cpufeature.c | 10 arch/arm64/kernel/fpsimd.c | 8 arch/arm64/kernel/mte.c | 3 arch/parisc/include/uapi/asm/ioctls.h | 8 arch/powerpc/platforms/powernv/pci-ioda.c | 2 arch/powerpc/platforms/pseries/msi.c | 2 arch/sparc/kernel/of_device_32.c | 1 arch/sparc/kernel/of_device_64.c | 1 arch/sparc/lib/M7memcpy.S | 20 arch/sparc/lib/Memcpy_utils.S | 9 arch/sparc/lib/NG4memcpy.S | 2 arch/sparc/lib/NGmemcpy.S | 29 - arch/sparc/lib/U1memcpy.S | 19 arch/sparc/lib/U3memcpy.S | 2 arch/sparc/mm/hugetlbpage.c | 20 arch/um/drivers/mconsole_user.c | 2 arch/x86/include/asm/segment.h | 8 arch/x86/kernel/umip.c | 15 arch/x86/kvm/emulate.c | 11 arch/x86/kvm/kvm_emulate.h | 2 arch/x86/kvm/x86.c | 9 arch/x86/mm/pgtable.c | 2 block/blk-mq-sysfs.c | 6 block/blk-settings.c | 3 crypto/essiv.c | 14 crypto/rng.c | 8 drivers/acpi/acpi_dbg.c | 26 drivers/acpi/acpi_tad.c | 3 drivers/acpi/nfit/core.c | 2 drivers/acpi/processor_idle.c | 3 drivers/base/node.c | 4 drivers/base/power/main.c | 14 drivers/base/regmap/regmap.c | 2 drivers/bus/fsl-mc/fsl-mc-bus.c | 3 drivers/bus/mhi/host/init.c | 5 drivers/char/hw_random/ks-sa-rng.c | 4 drivers/char/tpm/tpm_tis_core.c | 4 drivers/clk/at91/clk-peripheral.c | 7 drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 drivers/clocksource/clps711x-timer.c | 23 drivers/cpufreq/intel_pstate.c | 8 drivers/cpufreq/scmi-cpufreq.c | 10 drivers/cpufreq/tegra186-cpufreq.c | 8 drivers/crypto/atmel-tdes.c | 2 drivers/dma/ioat/dma.c | 12 drivers/edac/sb_edac.c | 4 drivers/edac/skx_common.h | 1 drivers/firmware/meson/Kconfig | 2 drivers/firmware/meson/meson_sm.c | 7 drivers/gpio/gpio-wcd934x.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 drivers/gpu/drm/amd/amdgpu/uvd_v3_1.c | 29 - drivers/gpu/drm/amd/amdkfd/kfd_svm.c | 2 drivers/gpu/drm/amd/display/dc/dce/dce_transform.c | 21 drivers/gpu/drm/amd/display/dc/dce/dce_transform.h | 4 drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c | 2 drivers/gpu/drm/amd/include/asic_reg/dce/dce_6_0_d.h | 7 drivers/gpu/drm/amd/include/asic_reg/dce/dce_6_0_sh_mask.h | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppevvmath.h | 14 drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 2 drivers/gpu/drm/arm/display/include/malidp_utils.h | 2 drivers/gpu/drm/arm/display/komeda/komeda_pipeline_state.c | 24 drivers/gpu/drm/drm_color_mgmt.c | 2 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 6 drivers/gpu/drm/nouveau/nouveau_bo.c | 2 drivers/gpu/drm/radeon/evergreen_cs.c | 2 drivers/gpu/drm/radeon/r600_cs.c | 4 drivers/gpu/drm/vmwgfx/Makefile | 2 drivers/gpu/drm/vmwgfx/ttm_object.c | 52 - drivers/gpu/drm/vmwgfx/ttm_object.h | 3 drivers/gpu/drm/vmwgfx/vmwgfx_cmdbuf_res.c | 24 drivers/gpu/drm/vmwgfx/vmwgfx_drv.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 6 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_hashtab.c | 199 +++++++ drivers/gpu/drm/vmwgfx/vmwgfx_hashtab.h | 83 +++ drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 26 drivers/gpu/drm/vmwgfx/vmwgfx_validation.h | 7 drivers/hid/hid-mcp2221.c | 4 drivers/hwmon/adt7475.c | 24 drivers/hwtracing/coresight/coresight-trbe.c | 9 drivers/i2c/busses/i2c-designware-platdrv.c | 1 drivers/i2c/busses/i2c-mt65xx.c | 17 drivers/i3c/master/svc-i3c-master.c | 1 drivers/iio/dac/ad5360.c | 2 drivers/iio/dac/ad5421.c | 2 drivers/iio/frequency/adf4350.c | 20 drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 4 drivers/iio/inkern.c | 2 drivers/infiniband/core/addr.c | 10 drivers/infiniband/core/cm.c | 4 drivers/infiniband/core/sa_query.c | 6 drivers/infiniband/sw/siw/siw_verbs.c | 25 drivers/input/misc/uinput.c | 1 drivers/input/touchscreen/atmel_mxt_ts.c | 2 drivers/input/touchscreen/cyttsp4_core.c | 2 drivers/iommu/amd/iommu.c | 3 drivers/iommu/intel/iommu.c | 2 drivers/irqchip/irq-sun6i-r.c | 2 drivers/mailbox/zynqmp-ipi-mailbox.c | 7 drivers/md/dm-integrity.c | 6 drivers/md/dm.c | 7 drivers/media/dvb-frontends/stv0367_priv.h | 3 drivers/media/i2c/mt9v111.c | 2 drivers/media/i2c/rj54n1cb0c.c | 9 drivers/media/i2c/tc358743.c | 4 drivers/media/mc/mc-devnode.c | 6 drivers/media/pci/b2c2/flexcop-pci.c | 2 drivers/media/pci/cobalt/cobalt-driver.c | 4 drivers/media/pci/cx18/cx18-driver.c | 2 drivers/media/pci/cx18/cx18-queue.c | 20 drivers/media/pci/cx18/cx18-streams.c | 16 drivers/media/pci/ddbridge/ddbridge-main.c | 4 drivers/media/pci/intel/ipu3/ipu3-cio2-main.c | 2 drivers/media/pci/ivtv/ivtv-driver.c | 2 drivers/media/pci/ivtv/ivtv-irq.c | 2 drivers/media/pci/ivtv/ivtv-queue.c | 18 drivers/media/pci/ivtv/ivtv-streams.c | 22 drivers/media/pci/ivtv/ivtv-udma.c | 27 - drivers/media/pci/ivtv/ivtv-yuv.c | 24 drivers/media/pci/ivtv/ivtvfb.c | 6 drivers/media/pci/netup_unidvb/netup_unidvb_core.c | 2 drivers/media/pci/pluto2/pluto2.c | 20 drivers/media/pci/pt1/pt1.c | 2 drivers/media/pci/tw5864/tw5864-core.c | 2 drivers/media/rc/imon.c | 27 - drivers/media/tuners/xc5000.c | 41 - drivers/memory/samsung/exynos-srom.c | 10 drivers/mfd/intel_soc_pmic_chtdc_ti.c | 5 drivers/mfd/vexpress-sysreg.c | 6 drivers/misc/genwqe/card_ddcb.c | 2 drivers/mmc/core/sdio.c | 6 drivers/mtd/nand/raw/fsmc_nand.c | 6 drivers/net/ethernet/amazon/ena/ena_ethtool.c | 5 drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c | 18 drivers/net/ethernet/dlink/dl2k.c | 7 drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/port_buffer.h | 12 drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 17 drivers/net/ethernet/netronome/nfp/nfp_net_ethtool.c | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 drivers/net/fjes/fjes_main.c | 4 drivers/net/usb/asix_devices.c | 35 + drivers/net/usb/rtl8150.c | 2 drivers/net/wireless/ath/ath10k/wmi.c | 39 - drivers/net/wireless/marvell/mwifiex/cfg80211.c | 7 drivers/net/wireless/mediatek/mt76/mt7603/soc.c | 2 drivers/net/wireless/realtek/rtlwifi/rtl8192cu/sw.c | 1 drivers/nfc/pn544/i2c.c | 2 drivers/nvme/host/pci.c | 2 drivers/nvme/target/fc.c | 19 drivers/pci/controller/dwc/pci-keystone.c | 4 drivers/pci/controller/dwc/pcie-tegra194.c | 4 drivers/pci/controller/pci-tegra.c | 2 drivers/pci/iov.c | 5 drivers/pci/pci-driver.c | 1 drivers/pci/pci-sysfs.c | 20 drivers/pci/pcie/aer.c | 12 drivers/pci/pcie/err.c | 8 drivers/perf/arm_spe_pmu.c | 3 drivers/pinctrl/meson/pinctrl-meson-gxl.c | 10 drivers/pinctrl/pinmux.c | 2 drivers/pinctrl/renesas/pinctrl.c | 3 drivers/platform/x86/intel/int3472/discrete.c | 3 drivers/platform/x86/intel/int3472/tps68470.c | 3 drivers/platform/x86/sony-laptop.c | 1 drivers/pps/kapi.c | 5 drivers/pps/pps.c | 5 drivers/pwm/pwm-berlin.c | 4 drivers/pwm/pwm-tiehrpwm.c | 4 drivers/regulator/scmi-regulator.c | 3 drivers/remoteproc/qcom_q6v5.c | 3 drivers/rtc/interface.c | 27 + drivers/rtc/rtc-x1205.c | 2 drivers/s390/cio/device.c | 2 drivers/scsi/hpsa.c | 21 drivers/scsi/isci/init.c | 6 drivers/scsi/mpt3sas/mpt3sas_transport.c | 8 drivers/scsi/mvsas/mv_defs.h | 1 drivers/scsi/mvsas/mv_init.c | 13 drivers/scsi/mvsas/mv_sas.c | 42 - drivers/scsi/mvsas/mv_sas.h | 8 drivers/scsi/myrs.c | 8 drivers/scsi/pm8001/pm8001_sas.c | 9 drivers/scsi/qla2xxx/qla_edif.c | 4 drivers/scsi/qla2xxx/qla_init.c | 4 drivers/soc/qcom/rpmh-rsc.c | 7 drivers/spi/spi-cadence-quadspi.c | 5 drivers/staging/axis-fifo/axis-fifo.c | 32 - drivers/staging/media/atomisp/pci/hive_isp_css_include/math_support.h | 5 drivers/target/target_core_configfs.c | 2 drivers/thermal/qcom/Kconfig | 3 drivers/thermal/qcom/lmh.c | 2 drivers/tty/serial/Kconfig | 2 drivers/uio/uio_hv_generic.c | 7 drivers/usb/cdns3/cdnsp-pci.c | 5 drivers/usb/gadget/configfs.c | 2 drivers/usb/host/max3421-hcd.c | 2 drivers/usb/host/xhci-ring.c | 11 drivers/usb/phy/phy-twl6030-usb.c | 3 drivers/usb/serial/option.c | 6 drivers/usb/usbip/vhci_hcd.c | 22 drivers/virt/acrn/ioreq.c | 4 drivers/watchdog/mpc8xxx_wdt.c | 2 drivers/xen/events/events_base.c | 20 drivers/xen/manage.c | 3 fs/btrfs/export.c | 8 fs/btrfs/extent_io.c | 14 fs/btrfs/misc.h | 2 fs/btrfs/tree-checker.c | 2 fs/cramfs/inode.c | 11 fs/erofs/zdata.h | 2 fs/ext2/balloc.c | 2 fs/ext4/ext4.h | 12 fs/ext4/file.c | 2 fs/ext4/fsmap.c | 14 fs/ext4/inode.c | 12 fs/ext4/orphan.c | 23 fs/ext4/super.c | 4 fs/ext4/xattr.c | 15 fs/file.c | 5 fs/fs-writeback.c | 32 - fs/fsopen.c | 70 +- fs/ksmbd/smb2pdu.c | 3 fs/minix/inode.c | 8 fs/namei.c | 8 fs/namespace.c | 11 fs/nfs/nfs4proc.c | 2 fs/nfsd/lockd.c | 15 fs/nfsd/nfs4proc.c | 2 fs/ntfs3/bitmap.c | 1 fs/ntfs3/run.c | 12 fs/ocfs2/stack_user.c | 1 fs/squashfs/inode.c | 31 + fs/squashfs/squashfs_fs_i.h | 2 fs/udf/inode.c | 3 fs/ufs/util.h | 6 include/linux/cleanup.h | 171 ++++++ include/linux/compiler-clang.h | 9 include/linux/compiler.h | 9 include/linux/compiler_attributes.h | 6 include/linux/device.h | 10 include/linux/file.h | 6 include/linux/iio/frequency/adf4350.h | 2 include/linux/irqflags.h | 7 include/linux/minmax.h | 264 +++++++--- include/linux/mutex.h | 4 include/linux/percpu.h | 4 include/linux/preempt.h | 47 + include/linux/rcupdate.h | 3 include/linux/rwsem.h | 8 include/linux/sched/task.h | 2 include/linux/slab.h | 3 include/linux/spinlock.h | 32 + include/linux/srcu.h | 5 include/scsi/libsas.h | 18 include/trace/events/filelock.h | 3 init/main.c | 14 kernel/bpf/inode.c | 4 kernel/fork.c | 2 kernel/pid.c | 2 kernel/smp.c | 11 kernel/trace/preemptirq_delay_test.c | 2 kernel/trace/trace_kprobe.c | 11 kernel/trace/trace_probe.h | 9 kernel/trace/trace_uprobe.c | 12 lib/btree.c | 1 lib/crypto/Makefile | 4 lib/decompress_unlzma.c | 2 lib/genalloc.c | 5 lib/logic_pio.c | 3 lib/vsprintf.c | 2 lib/zstd/zstd_internal.h | 2 mm/hugetlb.c | 2 mm/page_alloc.c | 2 mm/zsmalloc.c | 1 net/9p/trans_fd.c | 8 net/bluetooth/mgmt.c | 10 net/bridge/br_vlan.c | 2 net/core/filter.c | 18 net/ipv4/proc.c | 2 net/ipv4/tcp.c | 9 net/ipv4/tcp_input.c | 1 net/ipv4/udp.c | 16 net/ipv6/proc.c | 2 net/mptcp/pm.c | 7 net/mptcp/pm_netlink.c | 49 + net/mptcp/protocol.h | 8 net/netfilter/ipset/ip_set_hash_gen.h | 8 net/netfilter/ipvs/ip_vs_ftp.c | 4 net/netfilter/nf_nat_core.c | 6 net/nfc/nci/ntf.c | 135 +++-- net/sctp/sm_make_chunk.c | 3 net/sctp/sm_statefuns.c | 6 net/tipc/core.h | 2 net/tipc/link.c | 10 scripts/checkpatch.pl | 2 security/keys/trusted-keys/trusted_tpm1.c | 7 sound/pci/lx6464es/lx_core.c | 4 sound/soc/codecs/wcd934x.c | 30 - sound/soc/intel/boards/bytcht_es8316.c | 20 sound/soc/intel/boards/bytcr_rt5640.c | 7 sound/soc/intel/boards/bytcr_rt5651.c | 26 tools/build/feature/Makefile | 4 tools/include/nolibc/std.h | 2 tools/lib/bpf/libbpf.c | 10 tools/lib/perf/include/perf/event.h | 1 tools/lib/subcmd/help.c | 3 tools/perf/tests/perf-record.c | 4 tools/perf/util/evsel.c | 2 tools/perf/util/lzma.c | 2 tools/perf/util/session.c | 2 tools/perf/util/zlib.c | 2 tools/testing/nvdimm/test/ndtest.c | 13 tools/testing/selftests/arm64/pauth/exec_target.c | 7 tools/testing/selftests/net/mptcp/mptcp_join.sh | 10 tools/testing/selftests/rseq/rseq.c | 8 tools/testing/selftests/vm/mremap_test.c | 2 tools/testing/selftests/watchdog/watchdog-test.c | 6 330 files changed, 2535 insertions(+), 1006 deletions(-) Aaron Kling (1): cpufreq: tegra186: Set target frequency for all cpus in policy Abdun Nihaal (1): wifi: mt76: fix potential memory leak in mt76_wmac_probe() Adam Xue (1): bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() Ahmet Eray Karadag (1): ext4: guard against EA inode refcount underflow in xattr update Akhilesh Patil (1): selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported Aleksa Sarai (1): fscontext: do not consume log entries when returning -EMSGSIZE Alex Deucher (1): drm/amdgpu: Add additional DCE6 SCL registers Alexandr Sapozhnikov (1): net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Alok Tiwari (2): PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Amir Mohammad Jahangirzad (1): ACPI: debug: fix signedness issues in read/write helpers Anderson Nascimento (1): btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Andy Shevchenko (3): gpio: wcd934x: Remove duplicate assignment of of_gpio_n_cells mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type minmax: deduplicate __unconst_integer_typeof() AngeloGioacchino Del Regno (1): arm64: dts: mediatek: mt8516-pumpkin: Fix machine compatible Anthony Iliopoulos (1): NFSv4.1: fix backchannel max_resp_sz verification check Anthony Yznaga (1): sparc64: fix hugetlb for sun4u Arnaud Lecomte (1): hid: fix I2C read buffer overflow in raw_event() for mcp2221 Askar Safin (1): openat2: don't trigger automounts with RESOLVE_NO_XDEV Bagas Sanjaya (1): Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram Bala-Vignesh-Reddy (1): selftests: arm64: Check fread return value in exec_target Baochen Qiang (1): wifi: ath10k: avoid unnecessary wait for service ready message Bartosz Golaszewski (3): mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() pinctrl: check the return value of pinmux_ops::get_function_name() gpio: wcd934x: mark the GPIO controller as sleeping Bernard Metzler (1): RDMA/siw: Always report immediate post SQ errors Bitterblue Smith (1): wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 Brahmajit Das (1): drm/radeon/r600_cs: clean up of dead code in r600_cs Brian Masney (2): clk: at91: peripheral: fix return value clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Brian Norris (1): PCI/sysfs: Ensure devices are powered for config reads Catalin Marinas (1): arm64: mte: Do not flag the zero page as PG_mte_tagged Christophe JAILLET (2): media: switch from 'pci_' to 'dma_' API media: pci/ivtv: switch from 'pci_' to 'dma_' API Christophe Leroy (1): watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog Colin Ian King (2): misc: genwqe: Fix incorrect cmd field being reported in error ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message Cristian Ciocaltea (1): usb: vhci-hcd: Prevent suspending virtually attached devices Da Xue (1): pinctrl: meson-gxl: add missing i2c_d pinmux Dan Carpenter (4): usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup ocfs2: fix double free in user_cluster_connect() net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() mm/slab: make __free(kfree) accept error pointers Daniel Borkmann (1): bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Daniel Tang (1): ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT Daniel Wagner (1): nvmet-fc: move lsop put work to nvmet_fc_ls_req_op David Laight (8): minmax: fix indentation of __cmp_once() and __clamp_once() minmax.h: add whitespace around operators and after commas minmax.h: update some comments minmax.h: reduce the #define expansion of min(), max() and clamp() minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() minmax.h: move all the clamp() definitions after the min/max() ones minmax.h: simplify the variants of clamp() minmax.h: remove some #defines that are only expanded once Deepak Sharma (1): net: nfc: nci: Add parameter validation for packet data Dmitry Baryshkov (2): thermal/drivers/qcom: Make LMH select QCOM_SCM thermal/drivers/qcom/lmh: Add missing IRQ includes Donet Tom (2): drivers/base/node: handle error properly in register_one_node() drivers/base/node: fix double free in register_one_node() Duoming Zhou (4): media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove media: tuner: xc5000: Fix use-after-free in xc5000_release media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe scsi: mvsas: Fix use-after-free bugs in mvs_work_queue Edward Adam Davis (1): media: mc: Clear minor number before put device Eric Biggers (2): KEYS: trusted_tpm1: Compare HMAC values in constant time sctp: Fix MAC comparison to be constant-time Eric Dumazet (1): tcp: fix __tcp_close() to only send RST when required Eric Woudstra (1): bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() Erick Karanja (1): net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Esben Haabendal (2): rtc: interface: Ensure alarm irq is enabled when UIE is enabled rtc: interface: Fix long-standing race when setting alarm Florian Fainelli (1): cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() Geert Uytterhoeven (1): regmap: Remove superfluous check for !config in __regmap_init() Georg Gottleuber (1): nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk Greg Kroah-Hartman (1): Linux 5.15.195 Guangshuo Li (1): nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() Gunnar Kudrjavets (1): tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single Hans de Goede (4): platform/x86: int3472: Check for adev == NULL iio: consumers: Fix offset handling in iio_convert_raw_to_processed() mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag Haoxiang Li (1): fs/ntfs3: Fix a resource leak bug in wnd_extend() Harini T (2): mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes Herbert Xu (2): crypto: rng - Ensure set_ent is always present crypto: essiv - Check ssize for decryption and in-place encryption Herve Codina (1): minmax: Introduce {min,max}_array() Huacai Chen (1): init: handle bootloader identifier in kernel parameters Huisong Li (1): ACPI: processor: idle: Fix memory leak when register cpuidle device failed Håkon Bugge (1): RDMA/cm: Rate limit destroy CM ID timeout error message I Viswanath (1): net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast Ian Forbes (1): drm/vmwgfx: Fix Use-after-free in validation Ian Rogers (3): perf evsel: Avoid container_of on a NULL leader libperf event: Ensure tracing data is multiple of 8 sized perf test: Don't leak workload gopipe in PERF_RECORD_* Jakub Kicinski (1): Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" Jan Kara (5): ext4: fix checks for orphan inodes ext4: verify orphan file size is not too big ext4: free orphan info with kvfree writeback: Avoid softlockup when switching many inodes writeback: Avoid excessively long inode switching times Jason Andryuk (2): xen/events: Cleanup find_virq() return codes xen/events: Update virq_to_irq on migration Jeff Layton (1): filelock: add FL_RECLAIM to show_fl_flags() macro Jisheng Zhang (1): pwm: berlin: Fix wrong register in suspend/resume Johan Hovold (3): firmware: firmware: meson-sm: fix compile-test default firmware: meson_sm: fix device leak at probe lib/genalloc: fix device leak in of_gen_pool_get() John Garry (3): scsi: libsas: Add sas_task_find_rq() scsi: mvsas: Delete mvs_tag_init() scsi: mvsas: Use sas_task_find_rq() for tagging KaFai Wan (1): bpf: Avoid RCU context warning when unpinning htab with internal structs Kohei Enju (2): nfp: fix RSS hash key size when RSS is not supported net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable Krzysztof Kozlowski (1): ASoC: codecs: wcd934x: Simplify with dev_err_probe Kunihiko Hayashi (1): i2c: designware: Add disabling clocks when probe fails Kuniyuki Iwashima (2): udp: Fix memory accounting leak. tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). Larshin Sergey (2): media: rc: fix races with imon_disconnect() fs: udf: fix OOB read in lengthAllocDescs handling Leilk.Liu (1): i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD Leo Yan (5): coresight: trbe: Prevent overflow in PERF_IDX2OFF() perf: arm_spe: Prevent overflow in PERF_IDX2OFF() coresight: trbe: Return NULL pointer for allocation failures perf session: Fix handling when buffer exceeds 2 GiB tools build: Align warning options with perf Li Nan (1): blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx Lichen Liu (1): fs: Add 'initramfs_options' to set initramfs mount options Linus Torvalds (8): minmax: avoid overly complicated constant expressions in VM code minmax: add a few more MIN_T/MAX_T users minmax: simplify and clarify min_t()/max_t() implementation minmax: make generic MIN() and MAX() macros available everywhere minmax: don't use max() in situations that want a C constant expression minmax: simplify min()/max()/clamp() implementation minmax: improve macro expansion and type checking minmax: fix up min3() and max3() too Linus Walleij (1): mtd: rawnand: fsmc: Default to autodetect buswidth Lu Baolu (1): iommu/vt-d: PRS isn't usable if PDS isn't supported Luiz Augusto von Dentz (1): Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO Lukas Wunner (3): xen/manage: Fix suspend error path PCI/ERR: Fix uevent on failure to recover PCI/AER: Support errors introduced by PCIe r6.0 Ma Ke (2): sparc: fix error handling in scan_one_device() ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() Marek Vasut (1): Input: atmel_mxt_ts - allow reset GPIO to sleep Matthew Wilcox (Oracle) (1): minmax: add in_range() macro Matthieu Baerts (NGI0) (2): mptcp: pm: in-kernel: usable client side with C-flag selftests: mptcp: join: validate C-flag + def limit Matvey Kovalev (1): ksmbd: fix error code overwriting in smb2_get_info_filesystem() Miaoqian Lin (2): usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init Michael Hennerich (2): iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE iio: frequency: adf4350: Fix prescaler usage. Michael Karcher (5): sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara sparc: fix accurate exception reporting in copy_to_user for Niagara 4 sparc: fix accurate exception reporting in copy_{from,to}_user for M7 Michal Pecio (1): Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" Mikhail Kobuk (1): media: pci: ivtv: Add check for DMA map result Mikulas Patocka (1): dm-integrity: limit MAX_TAG_SIZE to 255 Nalivayko Sergey (1): net/9p: fix double req put in p9_fd_cancelled Nam Cao (2): powerpc/powernv/pci: Fix underflow and leak issue powerpc/pseries/msi: Fix potential underflow and leak issue Naman Jain (1): uio_hv_generic: Let userspace take care of interrupt mask Nathan Chancellor (1): lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older Nicolas Ferre (1): ARM: at91: pm: fix MCKx restore routine Niklas Cassel (2): scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() Niklas Schnelle (2): PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV PCI/AER: Fix missing uevent on recovery when a reset is requested Nishanth Menon (1): hwrng: ks-sa - fix division by zero in ks_sa_rng_init Ojaswin Mujoo (1): ext4: correctly handle queries for metadata mappings Oleksij Rempel (1): net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Olga Kornievskaia (1): nfsd: nfserr_jukebox in nlm_fopen should lead to a retry Ovidiu Panait (2): staging: axis-fifo: fix maximum TX packet length check staging: axis-fifo: flush RX FIFO on read errors Parav Pandit (1): RDMA/core: Resolve MAC of next-hop device without ARP support Paul Chaignon (1): bpf: Explicitly check accesses to bpf_sock_addr Peter Zijlstra (1): locking: Introduce __cleanup() based infrastructure Phillip Lougher (3): Squashfs: fix uninit-value in squashfs_get_parent Squashfs: add additional inode sanity checking Squashfs: reject negative file sizes in squashfs_read_inode() Pratyush Yadav (2): spi: cadence-quadspi: Flush posted register writes before INDAC access spi: cadence-quadspi: Flush posted register writes before DAC access Qianfeng Rong (10): regulator: scmi: Use int type to store negative error codes block: use int to store blk_stack_limits() return value pinctrl: renesas: Use int type to store negative error codes ALSA: lx_core: use int type to store negative error codes drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() scsi: qla2xxx: edif: Fix incorrect sign of error code scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() media: i2c: mt9v111: fix incorrect type for ret iio: dac: ad5360: use int type to store negative error codes iio: dac: ad5421: use int type to store negative error codes Qu Wenruo (1): btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() Rafael J. Wysocki (4): driver core/PM: Set power.no_callbacks along with power.no_pm PM: sleep: core: Clear power.must_resume in noirq suspend error path smp: Fix up and expand the smp_call_function_many() kerneldoc cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() Ranjan Kumar (1): scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() Raphael Gallais-Pou (1): serial: stm32: allow selecting console when the driver is module Rex Chen (1): mmc: core: SPI mode remove cmd7 Ricardo Ribalda (1): media: tunner: xc5000: Refactor firmware load Rob Herring (Arm) (1): rtc: x1205: Fix Xicor X1205 vendor prefix Salah Triki (1): bus: fsl-mc: Check return value of platform_get_resource() Sam James (1): parisc: don't reference obsolete termio struct for TC* constants Sean Christopherson (4): rseq/selftests: Use weak symbol reference, not definition, to link with glibc x86/umip: Check that the instruction opcode is at least two bytes x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O Sean Nyekjaer (1): iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume Shuhao Fu (1): drm/nouveau: fix bad ret code in nouveau_bo_move_prep Siddharth Vadapalli (1): PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit Simon Schuster (1): copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) Slavin Liu (1): ipvs: Defer ip_vs_ftp unregister during netns cleanup Sneh Mankad (1): soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS Stanley Chu (1): i3c: master: svc: Recycle unused IBI slot Stefan Kerkmann (1): wifi: mwifiex: send world regulatory domain to driver Stephan Gerhold (3): remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice arm64: dts: qcom: msm8916: Add missing MDSS reset arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees Takashi Iwai (3): ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping Tetsuo Handa (2): minixfs: Verify inode mode when loading from disk cramfs: Verify inode mode when loading from disk Thadeu Lima de Souza Cascardo (1): mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations Thomas Fourier (4): scsi: myrs: Fix dma_alloc_coherent() error check crypto: atmel - Fix dma_unmap_sg() direction media: cx18: Add missing check after DMA map media: pci: ivtv: Add missing check after DMA map Thomas Weißschuh (1): fs: always return zero on success from replace_fd() Thomas Zimmermann (1): drm/vmwgfx: Copy DRM hash-table code into driver Thorsten Blum (2): scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() Timur Kristóf (4): drm/amdgpu: Power up UVD 3 for FW validation (v2) drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 drm/amd/display: Properly disable scaling on DCE6 Uros Bizjak (1): x86/vdso: Fix output operand size of RDPID Uwe Kleine-König (1): pwm: tiehrpwm: Fix corner case in clock divisor calculation Vasant Hegde (1): iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support Vineeth Vijayan (1): s390/cio: unregister the subchannel while purging Vitaly Grigoryev (1): fs: ntfs3: Fix integer overflow in run_unpack() Vlad Dumitrescu (1): IB/sa: Fix sa_local_svc_timeout_ms read race Wang Haoran (1): scsi: target: target_core_configfs: Add length check to avoid buffer overflow Wang Liang (1): pps: fix warning in pps_register_cdev when register device fail Will Deacon (1): KVM: arm64: Fix softirq masking in FPSIMD register saving sequence William Wu (1): usb: gadget: configfs: Correctly set use_os_string at bind Xiaowei Li (1): USB: serial: option: add SIMCom 8230C compositions Xichao Zhao (1): usb: phy: twl6030: Fix incorrect type for ret Yang Shi (1): mm: hugetlb: avoid soft lockup when mprotect to large memory area Yeounsu Moon (1): net: dlink: handle copy_thresh allocation failure Yongjian Sun (1): ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Yuan Chen (1): tracing: Fix race condition in kprobe initialization causing NULL pointer dereference Yunseong Kim (1): perf util: Fix compression checks returning -1 as bool Yureka Lilian (1): libbpf: Fix reuse of DEVMAP Zhang Shurong (1): media: rj54n1cb0c: Fix memleak in rj54n1_probe() Zhen Ni (4): netfilter: ipset: Remove unused htable_bits in macro ahash_region Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak clocksource/drivers/clps711x: Fix resource leaks in error paths memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe Zheng Qixing (1): dm: fix NULL pointer dereference in __dm_suspend() Zhouyi Zhou (1): tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers gaoxiang17 (1): pid: Add a judgment for ns null in pid_nr_ns hupu (1): perf subcmd: avoid crash in exclude_cmds when excludes is empty

1 week, 1 day

1
1
0 0

[PATCH v2 00/27 5.10.y] Backport minmax.h updates from v6.17-rc7

by Eliav Farber

This series backports 27 patches to update minmax.h in the 5.10.y branch, aligning it with v6.17-rc7. The ultimate goal is to synchronize all long-term branches so that they include the full set of minmax.h changes. - 6.12.y has already been backported; the changes are included in v6.12.49. - 6.6.y has already been backported; the changes are included in v6.6.109. - 6.1.y has already been backported; the changes are currently in the 6.1-stable tree. - 5.15.y has already been backported; the changes are currently in the 5.15-stable tree. The key motivation is to bring in commit d03eba99f5bf ("minmax: allow min()/max()/clamp() if the arguments have the same signedness"), which is missing in kernel 5.10.y. In mainline, this change enables min()/max()/clamp() to accept mixed argument types, provided both have the same signedness. Without it, backported patches that use these forms may trigger compiler warnings, which escalate to build failures when -Werror is enabled. The first two patches in this series were added to prevent build failures caused by changes introduced later in minmax.h. - Commit 92d23c6e9415 ("overflow, tracing: Define the is_signed_type() macro once") is needed for commit 75ca38c1960f ("minmax: allow min()/max()/clamp()"). - Commit cea628008fc8 ("btrfs: remove duplicated in_range() macro") is needed for commit f9bff0e31881 ("minmax: add in_range() macro"). The changes were tested using `make allyesconfig` and `make allmodconfig` for arm64, arm, x86_64 and i386 architectures. Changes in v2: The series was updated after initially backporting and approving the newer long-term branches. Andy Shevchenko (2): minmax: deduplicate __unconst_integer_typeof() minmax: fix header inclusions Bart Van Assche (1): overflow, tracing: Define the is_signed_type() macro once David Laight (11): minmax: allow min()/max()/clamp() if the arguments have the same signedness. minmax: fix indentation of __cmp_once() and __clamp_once() minmax: allow comparisons of 'int' against 'unsigned char/short' minmax: relax check to allow comparison between unsigned arguments and signed constants minmax.h: add whitespace around operators and after commas minmax.h: update some comments minmax.h: reduce the #define expansion of min(), max() and clamp() minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() minmax.h: move all the clamp() definitions after the min/max() ones minmax.h: simplify the variants of clamp() minmax.h: remove some #defines that are only expanded once Herve Codina (1): minmax: Introduce {min,max}_array() Jason A. Donenfeld (2): minmax: sanity check constant bounds when clamping minmax: clamp more efficiently by avoiding extra comparison Johannes Thumshirn (1): btrfs: remove duplicated in_range() macro Linus Torvalds (8): minmax: avoid overly complicated constant expressions in VM code minmax: add a few more MIN_T/MAX_T users minmax: simplify and clarify min_t()/max_t() implementation minmax: make generic MIN() and MAX() macros available everywhere minmax: don't use max() in situations that want a C constant expression minmax: simplify min()/max()/clamp() implementation minmax: improve macro expansion and type checking minmax: fix up min3() and max3() too Matthew Wilcox (Oracle) (1): minmax: add in_range() macro arch/arm/mm/pageattr.c | 6 +- arch/um/drivers/mconsole_user.c | 2 + arch/x86/mm/pgtable.c | 2 +- drivers/edac/sb_edac.c | 4 +- drivers/edac/skx_common.h | 1 - .../drm/amd/display/modules/hdcp/hdcp_ddc.c | 2 + .../drm/amd/pm/powerplay/hwmgr/ppevvmath.h | 14 +- .../drm/arm/display/include/malidp_utils.h | 2 +- .../display/komeda/komeda_pipeline_state.c | 24 +- drivers/gpu/drm/drm_color_mgmt.c | 2 +- drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 6 - drivers/gpu/drm/radeon/evergreen_cs.c | 2 + drivers/hwmon/adt7475.c | 24 +- drivers/input/touchscreen/cyttsp4_core.c | 2 +- drivers/md/dm-integrity.c | 6 +- drivers/media/dvb-frontends/stv0367_priv.h | 3 + .../net/ethernet/chelsio/cxgb3/cxgb3_main.c | 18 +- .../net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/fjes/fjes_main.c | 4 +- drivers/nfc/pn544/i2c.c | 2 - drivers/platform/x86/sony-laptop.c | 1 - drivers/scsi/isci/init.c | 6 +- .../pci/hive_isp_css_include/math_support.h | 5 - fs/btrfs/ctree.h | 2 - fs/btrfs/extent_io.c | 1 + fs/btrfs/file-item.c | 1 + fs/btrfs/misc.h | 2 - fs/btrfs/raid56.c | 1 + fs/btrfs/tree-checker.c | 2 +- fs/erofs/zdata.h | 2 +- fs/ext2/balloc.c | 2 - fs/ext4/ext4.h | 2 - fs/ufs/util.h | 6 - include/linux/compiler.h | 15 + include/linux/minmax.h | 267 ++++++++++++++---- include/linux/overflow.h | 1 - include/linux/trace_events.h | 2 - kernel/trace/preemptirq_delay_test.c | 2 - lib/btree.c | 1 - lib/decompress_unlzma.c | 2 + lib/logic_pio.c | 3 - lib/vsprintf.c | 2 +- lib/zstd/zstd_internal.h | 2 - mm/zsmalloc.c | 1 - net/ipv4/proc.c | 2 +- net/ipv6/proc.c | 2 +- net/netfilter/nf_nat_core.c | 6 +- net/tipc/core.h | 2 +- net/tipc/link.c | 10 +- 49 files changed, 312 insertions(+), 169 deletions(-) -- 2.47.3

1 week, 1 day

4
35
0 0

[PATCH 6.1 000/168] 6.1.157-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.157 release. There are 168 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 19 Oct 2025 14:50:59 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.157-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.157-rc1 Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Update virq_to_irq on migration Jan Kara <jack(a)suse.cz> writeback: Avoid excessively long inode switching times Jan Kara <jack(a)suse.cz> writeback: Avoid softlockup when switching many inodes Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> cramfs: Verify inode mode when loading from disk Lichen Liu <lichliu(a)redhat.com> fs: Add 'initramfs_options' to set initramfs mount options Oleg Nesterov <oleg(a)redhat.com> pid: make __task_pid_nr_ns(ns => NULL) safe for zombie callers gaoxiang17 <gaoxiang17(a)xiaomi.com> pid: Add a judgment for ns null in pid_nr_ns Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> minixfs: Verify inode mode when loading from disk Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: in-kernel: usable client side with C-flag Varad Gautam <varadgautam(a)google.com> asm-generic/io.h: Skip trace helpers if rwmmio events are disabled Vladimir Oltean <vladimir.oltean(a)nxp.com> asm-generic/io.h: suppress endianness warnings for relaxed accessors Sai Prakash Ranjan <quic_saipraka(a)quicinc.com> asm-generic/io: Add _RET_IP_ to MMIO trace for more accurate debug info Lance Yang <lance.yang(a)linux.dev> selftests/mm: skip soft-dirty tests when CONFIG_MEM_SOFT_DIRTY is disabled Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: property: Do not pass NULL handles to acpi_attach_data() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: property: Add code comments explaining what is going on Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: property: Disregard references in data-only subnode lists Guenter Roeck <linux(a)roeck-us.net> ipmi: Fix handling of messages with provided receive message pointer Corey Minyard <corey(a)minyard.net> ipmi: Rework user message limit handling Thomas Gleixner <tglx(a)linutronix.de> rseq: Protect event mask against membarrier IPI Qu Wenruo <wqu(a)suse.com> btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() Hans de Goede <hansg(a)kernel.org> mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type Hans de Goede <hdegoede(a)redhat.com> mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release Wang Jiang <jiangwang(a)kylinos.cn> PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add max ip connections parameter Yuan Chen <chenyuan(a)kylinos.cn> tracing: Fix race condition in kprobe initialization causing NULL pointer dereference Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: reject negative file sizes in squashfs_read_inode() Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: add additional inode sanity checking Edward Adam Davis <eadavis(a)qq.com> media: mc: Clear minor number before put device Sean Christopherson <seanjc(a)google.com> KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O Ma Ke <make24(a)iscas.ac.cn> ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: codecs: wcd934x: Simplify with dev_err_probe Nathan Chancellor <nathan(a)kernel.org> lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older Jan Kara <jack(a)suse.cz> ext4: free orphan info with kvfree Huacai Chen <chenhuacai(a)kernel.org> ACPICA: Allow to skip Global Lock initialization Ahmet Eray Karadag <eraykrdg1(a)gmail.com> ext4: guard against EA inode refcount underflow in xattr update Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: correctly handle queries for metadata mappings Yongjian Sun <sunyongjian1(a)huawei.com> ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Jan Kara <jack(a)suse.cz> ext4: verify orphan file size is not too big Olga Kornievskaia <okorniev(a)redhat.com> nfsd: nfserr_jukebox in nlm_fopen should lead to a retry Thorsten Blum <thorsten.blum(a)linux.dev> NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() Li RongQing <lirongqing(a)baidu.com> mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations Muhammad Usama Anjum <usama.anjum(a)collabora.com> wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: validate C-flag + def limit Sean Christopherson <seanjc(a)google.com> x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) Sean Christopherson <seanjc(a)google.com> x86/umip: Check that the instruction opcode is at least two bytes Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before DAC access Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before INDAC access Vidya Sagar <vidyas(a)nvidia.com> PCI: tegra194: Handle errors in BPMP response Niklas Cassel <cassel(a)kernel.org> PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-host: Drop PMSR spinlock Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit Lukas Wunner <lukas(a)wunner.de> PCI/AER: Support errors introduced by PCIe r6.0 Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/AER: Fix missing uevent on recovery when a reset is requested Lukas Wunner <lukas(a)wunner.de> PCI/ERR: Fix uevent on failure to recover Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV Brian Norris <briannorris(a)google.com> PCI/sysfs: Ensure devices are powered for config reads Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock Sean Christopherson <seanjc(a)google.com> rseq/selftests: Use weak symbol reference, not definition, to link with glibc Esben Haabendal <esben(a)geanix.com> rtc: interface: Fix long-standing race when setting alarm Esben Haabendal <esben(a)geanix.com> rtc: interface: Ensure alarm irq is enabled when UIE is enabled Zhen Ni <zhen.ni(a)easystack.cn> memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe Rex Chen <rex.chen_1(a)nxp.com> mmc: core: SPI mode remove cmd7 Linus Walleij <linus.walleij(a)linaro.org> mtd: rawnand: fsmc: Default to autodetect buswidth Miaoqian Lin <linmq006(a)gmail.com> xtensa: simdisk: add input size check in proc_write_simdisk Ma Ke <make24(a)iscas.ac.cn> sparc: fix error handling in scan_one_device() Anthony Yznaga <anthony.yznaga(a)oracle.com> sparc64: fix hugetlb for sun4u Eric Biggers <ebiggers(a)kernel.org> sctp: Fix MAC comparison to be constant-time Thorsten Blum <thorsten.blum(a)linux.dev> scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() Harshit Agarwal <harshit(a)nutanix.com> sched/deadline: Fix race in push_dl_task() Jisheng Zhang <jszhang(a)kernel.org> pwm: berlin: Fix wrong register in suspend/resume Nam Cao <namcao(a)linutronix.de> powerpc/pseries/msi: Fix potential underflow and leak issue Nam Cao <namcao(a)linutronix.de> powerpc/powernv/pci: Fix underflow and leak issue Dzmitry Sankouski <dsankouski(a)gmail.com> power: supply: max77976_charger: fix constant current reporting Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk John David Anglin <dave.anglin(a)bell.net> parisc: Remove spurious if statement from raw_copy_from_user() Sam James <sam(a)gentoo.org> parisc: don't reference obsolete termio struct for TC* constants Askar Safin <safinaskar(a)zohomail.com> openat2: don't trigger automounts with RESOLVE_NO_XDEV Johan Hovold <johan(a)kernel.org> lib/genalloc: fix device leak in of_gen_pool_get() Eric Biggers <ebiggers(a)kernel.org> KEYS: trusted_tpm1: Compare HMAC values in constant time Oleg Nesterov <oleg(a)redhat.com> kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: PRS isn't usable if PDS isn't supported Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume Huacai Chen <chenhuacai(a)kernel.org> init: handle bootloader identifier in kernel parameters Sean Anderson <sean.anderson(a)linux.dev> iio: xilinx-ams: Unmask interrupts after updating alarms Sean Anderson <sean.anderson(a)linux.dev> iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix prescaler usage. Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5421: use int type to store negative error codes Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5360: use int type to store negative error codes Haoxiang Li <haoxiang_li2024(a)163.com> fs/ntfs3: Fix a resource leak bug in wnd_extend() Thomas Fourier <fourier.thomas(a)gmail.com> crypto: atmel - Fix dma_unmap_sg() direction Thomas Fourier <fourier.thomas(a)gmail.com> crypto: aspeed - Fix dma_unmap_sg() direction Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() Simon Schuster <schuster.simon(a)siemens-energy.com> copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) Adam Xue <zxue(a)semtech.com> bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() Anderson Nascimento <anderson(a)allelesecurity.com> btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Yu Kuai <yukuai3(a)huawei.com> blk-crypto: fix missing blktrace bio split events Shuhao Fu <sfual(a)cse.ust.hk> drm/nouveau: fix bad ret code in nouveau_bo_move_prep Ma Ke <make24(a)iscas.ac.cn> media: lirc: Fix error handling in lirc_register() Thomas Fourier <fourier.thomas(a)gmail.com> media: pci: ivtv: Add missing check after DMA map Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Fix MUST_CONNECT handling for pads with no links Qianfeng Rong <rongqianfeng(a)vivo.com> media: i2c: mt9v111: fix incorrect type for ret Thomas Fourier <fourier.thomas(a)gmail.com> media: cx18: Add missing check after DMA map Johan Hovold <johan(a)kernel.org> firmware: meson_sm: fix device leak at probe Lukas Wunner <lukas(a)wunner.de> xen/manage: Fix suspend error path Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Cleanup find_virq() return codes Michael Riesch <michael.riesch(a)collabora.com> dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpuidle: governors: menu: Avoid using invalid recent intervals data Miaoqian Lin <linmq006(a)gmail.com> ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init Vibhore Vardhan <vibhore(a)ti.com> arm64: dts: ti: k3-am62a-main: Fix main padcfg length Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: msm8916: Add missing MDSS reset Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> ACPI: debug: fix signedness issues in read/write helpers Daniel Tang <danielzgtg.opensource(a)gmail.com> ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: property: Fix buffer properties extraction for subnodes KaFai Wan <kafai.wan(a)linux.dev> bpf: Avoid RCU context warning when unpinning htab with internal structs Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: wcd934x: mark the GPIO controller as sleeping Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpio: wcd934x: Remove duplicate assignment of of_gpio_n_cells Gunnar Kudrjavets <gunnarku(a)amazon.com> tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single Herbert Xu <herbert(a)gondor.apana.org.au> crypto: essiv - Check ssize for decryption and in-place encryption Eric Woudstra <ericwouds(a)gmail.com> bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Properly disable scaling on DCE6 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: Add additional DCE6 SCL registers Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call Leo Yan <leo.yan(a)arm.com> tools build: Align warning options with perf Erick Karanja <karanja99erick(a)gmail.com> net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Kuniyuki Iwashima <kuniyu(a)google.com> tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). Alexandr Sapozhnikov <alsp705(a)gmail.com> net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix copy-paste typo in validation Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Use-after-free in validation Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: Update purge function to unregister the unused subchannels Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Init acpi_gbl_use_global_lock to false Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Remove CONFIG_ACPI_TABLE_UPGRADE in platform_init() Duoming Zhou <duoming(a)zju.edu.cn> scsi: mvsas: Fix use-after-free bugs in mvs_work_queue John Garry <john.garry(a)huawei.com> scsi: mvsas: Use sas_task_find_rq() for tagging John Garry <john.garry(a)huawei.com> scsi: mvsas: Delete mvs_tag_init() John Garry <john.garry(a)huawei.com> scsi: libsas: Add sas_task_find_rq() Aaron Kling <webgeek1234(a)gmail.com> cpufreq: tegra186: Set target frequency for all cpus in policy Fedor Pchelkin <pchelkin(a)ispras.ru> clk: tegra: do not overallocate memory for bpmp clocks Alok Tiwari <alok.a.tiwari(a)oracle.com> clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Brian Masney <bmasney(a)redhat.com> clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Chen-Yu Tsai <wenst(a)chromium.org> clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m Ian Rogers <irogers(a)google.com> perf test: Don't leak workload gopipe in PERF_RECORD_* Leo Yan <leo.yan(a)arm.com> perf session: Fix handling when buffer exceeds 2 GiB Leo Yan <leo.yan(a)arm.com> perf arm_spe: Correct memory level for remote access Leo Yan <leo.yan(a)arm.com> perf arm-spe: Rename the common data source encoding German Gomez <german.gomez(a)arm.com> perf arm-spe: Refactor arm-spe to support operation packet type Leo Yan <leo.yan(a)arm.com> perf arm_spe: Correct setting remote access Clément Le Goffic <clement.legoffic(a)foss.st.com> rtc: optee: fix memory leak on driver removal Rob Herring (Arm) <robh(a)kernel.org> rtc: x1205: Fix Xicor X1205 vendor prefix Yunseong Kim <ysk(a)kzalloc.com> perf util: Fix compression checks returning -1 as bool Brian Masney <bmasney(a)redhat.com> clk: at91: peripheral: fix return value Ian Rogers <irogers(a)google.com> libperf event: Ensure tracing data is multiple of 8 sized Ian Rogers <irogers(a)google.com> perf evsel: Avoid container_of on a NULL leader Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE Zhen Ni <zhen.ni(a)easystack.cn> clocksource/drivers/clps711x: Fix resource leaks in error paths Aleksa Sarai <cyphar(a)cyphar.com> fscontext: do not consume log entries when returning -EMSGSIZE Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> fs: always return zero on success from replace_fd() ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 3 + .../bindings/phy/rockchip-inno-csi-dphy.yaml | 15 +- Makefile | 4 +- arch/arm/mach-omap2/pm33xx-core.c | 6 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 + arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 +- arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 2 +- arch/loongarch/kernel/setup.c | 5 +- arch/parisc/include/uapi/asm/ioctls.h | 8 +- arch/parisc/lib/memcpy.c | 1 - arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- arch/powerpc/platforms/pseries/msi.c | 2 +- arch/sparc/kernel/of_device_32.c | 1 + arch/sparc/kernel/of_device_64.c | 1 + arch/sparc/mm/hugetlbpage.c | 20 + arch/x86/kernel/umip.c | 15 +- arch/x86/kvm/emulate.c | 11 +- arch/x86/kvm/kvm_emulate.h | 2 +- arch/x86/kvm/x86.c | 9 +- arch/xtensa/platforms/iss/simdisk.c | 6 +- block/blk-crypto-fallback.c | 3 + crypto/essiv.c | 14 +- drivers/acpi/acpi_dbg.c | 26 +- drivers/acpi/acpi_tad.c | 3 + drivers/acpi/acpica/evglock.c | 4 + drivers/acpi/property.c | 139 ++++--- drivers/bus/mhi/host/init.c | 5 +- drivers/char/ipmi/ipmi_msghandler.c | 422 ++++++++++----------- drivers/char/tpm/tpm_tis_core.c | 4 +- drivers/clk/at91/clk-peripheral.c | 7 +- drivers/clk/mediatek/clk-mt8195-infra_ao.c | 2 +- drivers/clk/mediatek/clk-mux.c | 4 +- drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 +- drivers/clk/tegra/clk-bpmp.c | 2 +- drivers/clocksource/clps711x-timer.c | 23 +- drivers/cpufreq/intel_pstate.c | 8 +- drivers/cpufreq/tegra186-cpufreq.c | 8 +- drivers/cpuidle/governors/menu.c | 21 +- drivers/crypto/aspeed/aspeed-hace-crypto.c | 2 +- drivers/crypto/atmel-tdes.c | 2 +- drivers/firmware/meson/meson_sm.c | 7 +- drivers/gpio/gpio-wcd934x.c | 3 +- drivers/gpu/drm/amd/display/dc/dce/dce_transform.c | 21 +- drivers/gpu/drm/amd/display/dc/dce/dce_transform.h | 4 + .../gpu/drm/amd/include/asic_reg/dce/dce_6_0_d.h | 7 + .../drm/amd/include/asic_reg/dce/dce_6_0_sh_mask.h | 2 + drivers/gpu/drm/nouveau/nouveau_bo.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 6 +- drivers/iio/adc/xilinx-ams.c | 47 ++- drivers/iio/dac/ad5360.c | 2 +- drivers/iio/dac/ad5421.c | 2 +- drivers/iio/frequency/adf4350.c | 20 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 4 - drivers/iommu/intel/iommu.c | 2 +- drivers/mailbox/zynqmp-ipi-mailbox.c | 7 +- drivers/media/i2c/mt9v111.c | 2 +- drivers/media/mc/mc-devnode.c | 6 +- drivers/media/mc/mc-entity.c | 2 +- drivers/media/pci/cx18/cx18-queue.c | 13 +- drivers/media/pci/ivtv/ivtv-irq.c | 2 +- drivers/media/pci/ivtv/ivtv-yuv.c | 8 +- drivers/media/rc/lirc_dev.c | 9 +- drivers/memory/samsung/exynos-srom.c | 10 +- drivers/mfd/intel_soc_pmic_chtdc_ti.c | 5 +- drivers/mmc/core/sdio.c | 6 +- drivers/mtd/nand/raw/fsmc_nand.c | 6 +- drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 + drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 +- drivers/net/wireless/ath/ath11k/core.c | 6 +- drivers/net/wireless/ath/ath11k/hal.c | 16 + drivers/net/wireless/ath/ath11k/hal.h | 1 + drivers/nvme/host/pci.c | 2 + drivers/pci/controller/dwc/pci-keystone.c | 4 +- drivers/pci/controller/dwc/pcie-tegra194.c | 22 +- drivers/pci/controller/pci-tegra.c | 27 +- drivers/pci/controller/pcie-rcar-host.c | 40 +- drivers/pci/endpoint/functions/pci-epf-test.c | 19 +- drivers/pci/iov.c | 5 + drivers/pci/pci-driver.c | 1 + drivers/pci/pci-sysfs.c | 20 +- drivers/pci/pcie/aer.c | 12 +- drivers/pci/pcie/err.c | 8 +- drivers/power/supply/max77976_charger.c | 12 +- drivers/pwm/pwm-berlin.c | 4 +- drivers/rtc/interface.c | 27 ++ drivers/rtc/rtc-optee.c | 1 + drivers/rtc/rtc-x1205.c | 2 +- drivers/s390/cio/device.c | 37 +- drivers/scsi/hpsa.c | 21 +- drivers/scsi/mvsas/mv_defs.h | 1 + drivers/scsi/mvsas/mv_init.c | 13 +- drivers/scsi/mvsas/mv_sas.c | 42 +- drivers/scsi/mvsas/mv_sas.h | 8 +- drivers/spi/spi-cadence-quadspi.c | 5 + drivers/xen/events/events_base.c | 20 +- drivers/xen/manage.c | 3 +- fs/btrfs/export.c | 8 +- fs/btrfs/extent_io.c | 14 +- fs/cramfs/inode.c | 11 +- fs/ext4/fsmap.c | 14 +- fs/ext4/inode.c | 10 +- fs/ext4/orphan.c | 17 +- fs/ext4/xattr.c | 15 +- fs/file.c | 5 +- fs/fs-writeback.c | 32 +- fs/fsopen.c | 70 ++-- fs/minix/inode.c | 8 +- fs/namei.c | 8 + fs/namespace.c | 11 +- fs/nfsd/lockd.c | 15 + fs/nfsd/nfs4proc.c | 2 +- fs/ntfs3/bitmap.c | 1 + fs/smb/server/ksmbd_netlink.h | 5 +- fs/smb/server/server.h | 1 + fs/smb/server/transport_ipc.c | 3 + fs/smb/server/transport_tcp.c | 27 +- fs/squashfs/inode.c | 24 +- include/acpi/acpixf.h | 6 + include/asm-generic/io.h | 126 +++--- include/linux/iio/frequency/adf4350.h | 2 +- include/linux/sched.h | 11 +- include/media/v4l2-subdev.h | 30 +- include/scsi/libsas.h | 18 + include/trace/events/rwmmio.h | 43 ++- init/main.c | 12 + kernel/bpf/inode.c | 4 +- kernel/fork.c | 2 +- kernel/pid.c | 5 +- kernel/rseq.c | 10 +- kernel/sched/deadline.c | 73 ++-- kernel/sys.c | 22 +- kernel/trace/trace_kprobe.c | 11 +- kernel/trace/trace_probe.h | 9 +- kernel/trace/trace_uprobe.c | 13 +- lib/crypto/Makefile | 4 + lib/genalloc.c | 5 +- lib/trace_readwrite.c | 16 +- mm/hugetlb.c | 3 + mm/page_alloc.c | 2 +- net/bridge/br_vlan.c | 2 +- net/core/filter.c | 2 + net/ipv4/tcp_input.c | 1 - net/mptcp/pm.c | 7 +- net/mptcp/pm_netlink.c | 55 ++- net/mptcp/protocol.h | 8 + net/sctp/sm_make_chunk.c | 3 +- net/sctp/sm_statefuns.c | 6 +- security/keys/trusted-keys/trusted_tpm1.c | 7 +- sound/soc/codecs/wcd934x.c | 30 +- tools/build/feature/Makefile | 4 +- tools/lib/perf/include/perf/event.h | 1 + tools/perf/tests/perf-record.c | 4 + tools/perf/util/arm-spe-decoder/arm-spe-decoder.c | 30 +- tools/perf/util/arm-spe-decoder/arm-spe-decoder.h | 65 +++- tools/perf/util/arm-spe.c | 42 +- tools/perf/util/evsel.c | 2 + tools/perf/util/lzma.c | 2 +- tools/perf/util/session.c | 2 +- tools/perf/util/zlib.c | 2 +- tools/testing/selftests/net/mptcp/mptcp_join.sh | 11 + tools/testing/selftests/rseq/rseq.c | 8 +- tools/testing/selftests/vm/madv_populate.c | 9 +- tools/testing/selftests/vm/soft-dirty.c | 5 +- tools/testing/selftests/vm/vm_util.c | 77 ++++ tools/testing/selftests/vm/vm_util.h | 2 + 165 files changed, 1668 insertions(+), 873 deletions(-)

1 week, 1 day

11
179
0 0

FAILED: patch "[PATCH] riscv: use an atomic xchg in pudp_huge_get_and_clear()" failed to apply to 6.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.17.y git checkout FETCH_HEAD git cherry-pick -x 668208b161a0b679427e7d0f34c0a65fd7d23979 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101914-dodge-paprika-36e0@gregkh' --subject-prefix 'PATCH 6.17.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 668208b161a0b679427e7d0f34c0a65fd7d23979 Mon Sep 17 00:00:00 2001 From: Alexandre Ghiti <alexghiti(a)rivosinc.com> Date: Thu, 14 Aug 2025 12:06:14 +0000 Subject: [PATCH] riscv: use an atomic xchg in pudp_huge_get_and_clear() Make sure we return the right pud value and not a value that could have been overwritten in between by a different core. Link: https://lkml.kernel.org/r/20250814-dev-alex-thp_pud_xchg-v1-1-b4704dfae206@… Fixes: c3cc2a4a3a23 ("riscv: Add support for PUD THP") Signed-off-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Cc: Andrew Donnellan <ajd(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/arch/riscv/include/asm/pgtable.h b/arch/riscv/include/asm/pgtable.h index 91697fbf1f90..e69346307e78 100644 --- a/arch/riscv/include/asm/pgtable.h +++ b/arch/riscv/include/asm/pgtable.h @@ -942,6 +942,17 @@ static inline int pudp_test_and_clear_young(struct vm_area_struct *vma, return ptep_test_and_clear_young(vma, address, (pte_t *)pudp); } +#define __HAVE_ARCH_PUDP_HUGE_GET_AND_CLEAR +static inline pud_t pudp_huge_get_and_clear(struct mm_struct *mm, + unsigned long address, pud_t *pudp) +{ + pud_t pud = __pud(atomic_long_xchg((atomic_long_t *)pudp, 0)); + + page_table_check_pud_clear(mm, pud); + + return pud; +} + static inline int pud_young(pud_t pud) { return pte_young(pud_pte(pud));

1 week, 1 day

1
0
0 0

[PATCH v3] serial: 8250_dw: handle reset control deassert error

by Artem Shimko

Check the return value of reset_control_deassert() in the probe function to prevent continuing probe when reset deassertion fails. Previously, reset_control_deassert() was called without checking its return value, which could lead to probe continuing even when the device reset wasn't properly deasserted. The fix checks the return value and returns an error with dev_err_probe() if reset deassertion fails, providing better error handling and diagnostics. Fixes: acbdad8dd1ab ("serial: 8250_dw: simplify optional reset handling") Cc: stable(a)vger.kernel.org Signed-off-by: Artem Shimko <a.shimko.dev(a)gmail.com> --- Hi, Done. Thank you! Best regards, Artem Shimko ChangeLog: v1: * https://lore.kernel.org/all/20251009081309.2021600-1-a.shimko.dev@gmail.com… v2: * https://lore.kernel.org/all/20251019085325.250657-1-a.shimko.dev@gmail.com/ v3: * Add Cc: stable(a)vger.kernel.org drivers/tty/serial/8250/8250_dw.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/tty/serial/8250/8250_dw.c b/drivers/tty/serial/8250/8250_dw.c index a53ba04d9770..710ae4d40aec 100644 --- a/drivers/tty/serial/8250/8250_dw.c +++ b/drivers/tty/serial/8250/8250_dw.c @@ -635,7 +635,9 @@ static int dw8250_probe(struct platform_device *pdev) if (IS_ERR(data->rst)) return PTR_ERR(data->rst); - reset_control_deassert(data->rst); + err = reset_control_deassert(data->rst); + if (err) + return dev_err_probe(dev, err, "failed to deassert resets\n"); err = devm_add_action_or_reset(dev, dw8250_reset_control_assert, data->rst); if (err) -- 2.43.0

1 week, 1 day

1
0
0 0

[PATCH wireless-next v2 1/4] wifi: cfg80211: add an hrtimer based delayed work item

by Miri Korenblit

From: Benjamin Berg <benjamin.berg(a)intel.com> The normal timer mechanism assume that timeout further in the future need a lower accuracy. As an example, the granularity for a timer scheduled 4096 ms in the future on a 1000 Hz system is already 512 ms. This granularity is perfectly sufficient for e.g. timeouts, but there are other types of events that will happen at a future point in time and require a higher accuracy. Add a new wiphy_hrtimer_work type that uses an hrtimer internally. The API is almost identical to the existing wiphy_delayed_work and it can be used as a drop-in replacement after minor adjustments. The work will be scheduled relative to the current time with a slack of 1 millisecond. CC: stable(a)vger.kernel.org # 6.4+ Signed-off-by: Benjamin Berg <benjamin.berg(a)intel.com> Reviewed-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit(a)intel.com> --- include/net/cfg80211.h | 78 ++++++++++++++++++++++++++++++++++++++++++ net/wireless/core.c | 56 ++++++++++++++++++++++++++++++ net/wireless/trace.h | 21 ++++++++++++ 3 files changed, 155 insertions(+) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 781624f5913a..47c9e4981915 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -6435,6 +6435,11 @@ static inline void wiphy_delayed_work_init(struct wiphy_delayed_work *dwork, * after wiphy_lock() was called. Therefore, wiphy_cancel_work() can * use just cancel_work() instead of cancel_work_sync(), it requires * being in a section protected by wiphy_lock(). + * + * Note that these are scheduled with a timer where the accuracy + * becomes less the longer in the future the scheduled timer is. Use + * wiphy_hrtimer_work_queue() if the timer must be not be late by more + * than approximately 10 percent. */ void wiphy_delayed_work_queue(struct wiphy *wiphy, struct wiphy_delayed_work *dwork, @@ -6506,6 +6511,79 @@ void wiphy_delayed_work_flush(struct wiphy *wiphy, bool wiphy_delayed_work_pending(struct wiphy *wiphy, struct wiphy_delayed_work *dwork); +struct wiphy_hrtimer_work { + struct wiphy_work work; + struct wiphy *wiphy; + struct hrtimer timer; +}; + +enum hrtimer_restart wiphy_hrtimer_work_timer(struct hrtimer *t); + +static inline void wiphy_hrtimer_work_init(struct wiphy_hrtimer_work *hrwork, + wiphy_work_func_t func) +{ + hrtimer_setup(&hrwork->timer, wiphy_hrtimer_work_timer, + CLOCK_BOOTTIME, HRTIMER_MODE_REL); + wiphy_work_init(&hrwork->work, func); +} + +/** + * wiphy_hrtimer_work_queue - queue hrtimer work for the wiphy + * @wiphy: the wiphy to queue for + * @hrwork: the high resolution timer worker + * @delay: the delay given as a ktime_t + * + * Please refer to wiphy_delayed_work_queue(). The difference is that + * the hrtimer work uses a high resolution timer for scheduling. This + * may be needed if timeouts might be scheduled further in the future + * and the accuracy of the normal timer is not sufficient. + * + * Expect a delay of a few milliseconds as the timer is scheduled + * with some slack and some more time may pass between queueing the + * work and its start. + */ +void wiphy_hrtimer_work_queue(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork, + ktime_t delay); + +/** + * wiphy_hrtimer_work_cancel - cancel previously queued hrtimer work + * @wiphy: the wiphy, for debug purposes + * @hrwork: the hrtimer work to cancel + * + * Cancel the work *without* waiting for it, this assumes being + * called under the wiphy mutex acquired by wiphy_lock(). + */ +void wiphy_hrtimer_work_cancel(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrtimer); + +/** + * wiphy_hrtimer_work_flush - flush previously queued hrtimer work + * @wiphy: the wiphy, for debug purposes + * @hrwork: the hrtimer work to flush + * + * Flush the work (i.e. run it if pending). This must be called + * under the wiphy mutex acquired by wiphy_lock(). + */ +void wiphy_hrtimer_work_flush(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork); + +/** + * wiphy_hrtimer_work_pending - Find out whether a wiphy hrtimer + * work item is currently pending. + * + * @wiphy: the wiphy, for debug purposes + * @hrwork: the hrtimer work in question + * + * Return: true if timer is pending, false otherwise + * + * Please refer to the wiphy_delayed_work_pending() documentation as + * this is the equivalent function for hrtimer based delayed work + * items. + */ +bool wiphy_hrtimer_work_pending(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork); + /** * enum ieee80211_ap_reg_power - regulatory power for an Access Point * diff --git a/net/wireless/core.c b/net/wireless/core.c index 797f9f2004a6..54a34d8d356e 100644 --- a/net/wireless/core.c +++ b/net/wireless/core.c @@ -1787,6 +1787,62 @@ bool wiphy_delayed_work_pending(struct wiphy *wiphy, } EXPORT_SYMBOL_GPL(wiphy_delayed_work_pending); +enum hrtimer_restart wiphy_hrtimer_work_timer(struct hrtimer *t) +{ + struct wiphy_hrtimer_work *hrwork = + container_of(t, struct wiphy_hrtimer_work, timer); + + wiphy_work_queue(hrwork->wiphy, &hrwork->work); + + return HRTIMER_NORESTART; +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_timer); + +void wiphy_hrtimer_work_queue(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork, + ktime_t delay) +{ + trace_wiphy_hrtimer_work_queue(wiphy, &hrwork->work, delay); + + if (!delay) { + hrtimer_cancel(&hrwork->timer); + wiphy_work_queue(wiphy, &hrwork->work); + return; + } + + hrwork->wiphy = wiphy; + hrtimer_start_range_ns(&hrwork->timer, delay, + 1000 * NSEC_PER_USEC, HRTIMER_MODE_REL); +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_queue); + +void wiphy_hrtimer_work_cancel(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork) +{ + lockdep_assert_held(&wiphy->mtx); + + hrtimer_cancel(&hrwork->timer); + wiphy_work_cancel(wiphy, &hrwork->work); +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_cancel); + +void wiphy_hrtimer_work_flush(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork) +{ + lockdep_assert_held(&wiphy->mtx); + + hrtimer_cancel(&hrwork->timer); + wiphy_work_flush(wiphy, &hrwork->work); +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_flush); + +bool wiphy_hrtimer_work_pending(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork) +{ + return hrtimer_is_queued(&hrwork->timer); +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_pending); + static int __init cfg80211_init(void) { int err; diff --git a/net/wireless/trace.h b/net/wireless/trace.h index 8a4c34112eb5..2b71f1d867a0 100644 --- a/net/wireless/trace.h +++ b/net/wireless/trace.h @@ -304,6 +304,27 @@ TRACE_EVENT(wiphy_delayed_work_queue, __entry->delay) ); +TRACE_EVENT(wiphy_hrtimer_work_queue, + TP_PROTO(struct wiphy *wiphy, struct wiphy_work *work, + ktime_t delay), + TP_ARGS(wiphy, work, delay), + TP_STRUCT__entry( + WIPHY_ENTRY + __field(void *, instance) + __field(void *, func) + __field(ktime_t, delay) + ), + TP_fast_assign( + WIPHY_ASSIGN; + __entry->instance = work; + __entry->func = work->func; + __entry->delay = delay; + ), + TP_printk(WIPHY_PR_FMT " instance=%p func=%pS delay=%llu", + WIPHY_PR_ARG, __entry->instance, __entry->func, + __entry->delay) +); + TRACE_EVENT(wiphy_work_worker_start, TP_PROTO(struct wiphy *wiphy), TP_ARGS(wiphy), -- 2.34.1

1 week, 1 day

1
0
0 0

Verified Business Contacts – Fruit Attraction 2025

by Audrey Roberts

Hi, I hope you're doing well. We’re offering verified business contact data for the upcoming Fruit Attraction 2025 (FA), tailored for effective outreach after the event. Place: Madrid, Spain Date:SEP 30 - OCT 02, 2025 Contact Overview: 1,03,351Attendees 2,179Exhibiting Companies 6,537 Verified Exhibitor Contacts Total: 109,885 Business Contacts Each entry includes: Name, Job Title, Company, Website, Address, Phone, Official Email, LinkedIn Profile, and more. Note: The counts given above are 100% GDPR complaints, with the rules and regulations. Delivered within 48 hours – ready for your outreach, all at a minimal price. If you'd like more details, just reply: “Send me pricing” We’re offering 20% off right now! Reply with your choice from the options below to claim your discount. • Full List – All attendees • Targeted Segment – Filtered by location, job title, or industry Best regards, Audrey Roberts Sr. Marketing Manager To opt out reply “Not Interested.”

1 week, 1 day

1
0
0 0

[PATCH 1/4] wifi: cfg80211: add an hrtimer based delayed work item

by Miri Korenblit

From: Benjamin Berg <benjamin.berg(a)intel.com> The normal timer mechanism assume that timeout further in the future need a lower accuracy. As an example, the granularity for a timer scheduled 4096 ms in the future on a 1000 Hz system is already 512 ms. This granularity is perfectly sufficient for e.g. timeouts, but there are other types of events that will happen at a future point in time and require a higher accuracy. Add a new wiphy_hrtimer_work type that uses an hrtimer internally. The API is almost identical to the existing wiphy_delayed_work and it can be used as a drop-in replacement after minor adjustments. The work will be scheduled relative to the current time with a slack of 1 millisecond. CC: stable(a)vger.kernel.org # 6.4+ Signed-off-by: Benjamin Berg <benjamin.berg(a)intel.com> Reviewed-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit(a)intel.com> --- include/net/cfg80211.h | 78 ++++++++++++++++++++++++++++++++++++++++++ net/wireless/core.c | 56 ++++++++++++++++++++++++++++++ net/wireless/trace.h | 21 ++++++++++++ 3 files changed, 155 insertions(+) diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h index 781624f5913a..47c9e4981915 100644 --- a/include/net/cfg80211.h +++ b/include/net/cfg80211.h @@ -6435,6 +6435,11 @@ static inline void wiphy_delayed_work_init(struct wiphy_delayed_work *dwork, * after wiphy_lock() was called. Therefore, wiphy_cancel_work() can * use just cancel_work() instead of cancel_work_sync(), it requires * being in a section protected by wiphy_lock(). + * + * Note that these are scheduled with a timer where the accuracy + * becomes less the longer in the future the scheduled timer is. Use + * wiphy_hrtimer_work_queue() if the timer must be not be late by more + * than approximately 10 percent. */ void wiphy_delayed_work_queue(struct wiphy *wiphy, struct wiphy_delayed_work *dwork, @@ -6506,6 +6511,79 @@ void wiphy_delayed_work_flush(struct wiphy *wiphy, bool wiphy_delayed_work_pending(struct wiphy *wiphy, struct wiphy_delayed_work *dwork); +struct wiphy_hrtimer_work { + struct wiphy_work work; + struct wiphy *wiphy; + struct hrtimer timer; +}; + +enum hrtimer_restart wiphy_hrtimer_work_timer(struct hrtimer *t); + +static inline void wiphy_hrtimer_work_init(struct wiphy_hrtimer_work *hrwork, + wiphy_work_func_t func) +{ + hrtimer_setup(&hrwork->timer, wiphy_hrtimer_work_timer, + CLOCK_BOOTTIME, HRTIMER_MODE_REL); + wiphy_work_init(&hrwork->work, func); +} + +/** + * wiphy_hrtimer_work_queue - queue hrtimer work for the wiphy + * @wiphy: the wiphy to queue for + * @hrwork: the high resolution timer worker + * @delay: the delay given as a ktime_t + * + * Please refer to wiphy_delayed_work_queue(). The difference is that + * the hrtimer work uses a high resolution timer for scheduling. This + * may be needed if timeouts might be scheduled further in the future + * and the accuracy of the normal timer is not sufficient. + * + * Expect a delay of a few milliseconds as the timer is scheduled + * with some slack and some more time may pass between queueing the + * work and its start. + */ +void wiphy_hrtimer_work_queue(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork, + ktime_t delay); + +/** + * wiphy_hrtimer_work_cancel - cancel previously queued hrtimer work + * @wiphy: the wiphy, for debug purposes + * @hrwork: the hrtimer work to cancel + * + * Cancel the work *without* waiting for it, this assumes being + * called under the wiphy mutex acquired by wiphy_lock(). + */ +void wiphy_hrtimer_work_cancel(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrtimer); + +/** + * wiphy_hrtimer_work_flush - flush previously queued hrtimer work + * @wiphy: the wiphy, for debug purposes + * @hrwork: the hrtimer work to flush + * + * Flush the work (i.e. run it if pending). This must be called + * under the wiphy mutex acquired by wiphy_lock(). + */ +void wiphy_hrtimer_work_flush(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork); + +/** + * wiphy_hrtimer_work_pending - Find out whether a wiphy hrtimer + * work item is currently pending. + * + * @wiphy: the wiphy, for debug purposes + * @hrwork: the hrtimer work in question + * + * Return: true if timer is pending, false otherwise + * + * Please refer to the wiphy_delayed_work_pending() documentation as + * this is the equivalent function for hrtimer based delayed work + * items. + */ +bool wiphy_hrtimer_work_pending(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork); + /** * enum ieee80211_ap_reg_power - regulatory power for an Access Point * diff --git a/net/wireless/core.c b/net/wireless/core.c index 797f9f2004a6..54a34d8d356e 100644 --- a/net/wireless/core.c +++ b/net/wireless/core.c @@ -1787,6 +1787,62 @@ bool wiphy_delayed_work_pending(struct wiphy *wiphy, } EXPORT_SYMBOL_GPL(wiphy_delayed_work_pending); +enum hrtimer_restart wiphy_hrtimer_work_timer(struct hrtimer *t) +{ + struct wiphy_hrtimer_work *hrwork = + container_of(t, struct wiphy_hrtimer_work, timer); + + wiphy_work_queue(hrwork->wiphy, &hrwork->work); + + return HRTIMER_NORESTART; +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_timer); + +void wiphy_hrtimer_work_queue(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork, + ktime_t delay) +{ + trace_wiphy_hrtimer_work_queue(wiphy, &hrwork->work, delay); + + if (!delay) { + hrtimer_cancel(&hrwork->timer); + wiphy_work_queue(wiphy, &hrwork->work); + return; + } + + hrwork->wiphy = wiphy; + hrtimer_start_range_ns(&hrwork->timer, delay, + 1000 * NSEC_PER_USEC, HRTIMER_MODE_REL); +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_queue); + +void wiphy_hrtimer_work_cancel(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork) +{ + lockdep_assert_held(&wiphy->mtx); + + hrtimer_cancel(&hrwork->timer); + wiphy_work_cancel(wiphy, &hrwork->work); +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_cancel); + +void wiphy_hrtimer_work_flush(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork) +{ + lockdep_assert_held(&wiphy->mtx); + + hrtimer_cancel(&hrwork->timer); + wiphy_work_flush(wiphy, &hrwork->work); +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_flush); + +bool wiphy_hrtimer_work_pending(struct wiphy *wiphy, + struct wiphy_hrtimer_work *hrwork) +{ + return hrtimer_is_queued(&hrwork->timer); +} +EXPORT_SYMBOL_GPL(wiphy_hrtimer_work_pending); + static int __init cfg80211_init(void) { int err; diff --git a/net/wireless/trace.h b/net/wireless/trace.h index 8a4c34112eb5..2b71f1d867a0 100644 --- a/net/wireless/trace.h +++ b/net/wireless/trace.h @@ -304,6 +304,27 @@ TRACE_EVENT(wiphy_delayed_work_queue, __entry->delay) ); +TRACE_EVENT(wiphy_hrtimer_work_queue, + TP_PROTO(struct wiphy *wiphy, struct wiphy_work *work, + ktime_t delay), + TP_ARGS(wiphy, work, delay), + TP_STRUCT__entry( + WIPHY_ENTRY + __field(void *, instance) + __field(void *, func) + __field(ktime_t, delay) + ), + TP_fast_assign( + WIPHY_ASSIGN; + __entry->instance = work; + __entry->func = work->func; + __entry->delay = delay; + ), + TP_printk(WIPHY_PR_FMT " instance=%p func=%pS delay=%llu", + WIPHY_PR_ARG, __entry->instance, __entry->func, + __entry->delay) +); + TRACE_EVENT(wiphy_work_worker_start, TP_PROTO(struct wiphy *wiphy), TP_ARGS(wiphy), -- 2.34.1

1 week, 1 day

1
0
0 0

[PATCH 6.12 000/140] 6.12.48-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.48 release. There are 140 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 19 Sep 2025 12:32:53 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.48-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.48-rc1 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: fix a memory leak in fence cleanup when unloading Jani Nikula <jani.nikula(a)intel.com> drm/i915/power: fix size for for_each_set_bit() in abox iteration Buday Csaba <buday.csaba(a)prolan.hu> net: mdiobus: release reset_gpio in mdiobus_unregister_device() K Prateek Nayak <kprateek.nayak(a)amd.com> x86/cpu/topology: Always try cpu_parse_topology_ext() on AMD/Hygon Johan Hovold <johan(a)kernel.org> phy: ti-pipe3: fix device leak at unbind Johan Hovold <johan(a)kernel.org> phy: ti: omap-usb2: fix device leak at unbind Johan Hovold <johan(a)kernel.org> phy: tegra: xusb: fix device and OF node leak at probe Miaoqian Lin <linmq006(a)gmail.com> dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate Stephan Gerhold <stephan.gerhold(a)linaro.org> dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees Takashi Iwai <tiwai(a)suse.de> usb: gadget: midi2: Fix MIDI2 IN EP max packet size Takashi Iwai <tiwai(a)suse.de> usb: gadget: midi2: Fix missing UMP group attributes initialization RD Babiera <rdbabiera(a)google.com> usb: typec: tcpm: properly deliver cable vdms to altmode drivers Alan Stern <stern(a)rowland.harvard.edu> USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: fix memory leak regression when freeing xhci vdev devices depth first Palmer Dabbelt <palmer(a)rivosinc.com> RISC-V: Remove unnecessary include from compat.h Andreas Kemnade <akemnade(a)kernel.org> regulator: sy7636a: fix lifecycle of power good gpio Anders Roxell <anders.roxell(a)linaro.org> dmaengine: ti: edma: Fix memory allocation size for queue_priority_map Dan Carpenter <dan.carpenter(a)linaro.org> dmaengine: idxd: Fix double free in idxd_setup_wqs() Yi Sun <yi.sun(a)intel.com> dmaengine: idxd: Fix refcount underflow on module unload Yi Sun <yi.sun(a)intel.com> dmaengine: idxd: Remove improper idxd_free Pengyu Luo <mitltlatltl(a)gmail.com> phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties Hangbin Liu <liuhangbin(a)gmail.com> hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr Hangbin Liu <liuhangbin(a)gmail.com> hsr: use rtnl lock when iterating over ports Murali Karicheri <m-karicheri2(a)ti.com> net: hsr: Add VLAN CTAG filter support Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: restart set lookup on base_seq change Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: make nft_set_do_lookup available unconditionally Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: place base_seq in struct net Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Reintroduce shortened deletion notifications Florian Westphal <fw(a)strlen.de> netfilter: nft_set_rbtree: continue traversal if element is inactive Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: don't check genbit from packetpath lookups Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: don't return bogus extension pointer Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: merge pipapo_get/lookup Florian Westphal <fw(a)strlen.de> netfilter: nft_set: remove one argument from lookup and update functions Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: remove unused arguments Anssi Hannula <anssi.hannula(a)bitwise.fi> can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display: use udelay rather than fsleep Michal Schmidt <mschmidt(a)redhat.com> i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path Kohei Enju <enjuk(a)amazon.com> igb: fix link test skipping when interface is admin down Alex Tran <alex.t.tran(a)gmail.com> docs: networking: can: change bcm_msg_head frames member to support flexible array Antoine Tenart <atenart(a)kernel.org> tunnels: reset the GSO metadata before reusing the skb Petr Machata <petrm(a)nvidia.com> net: bridge: Bounce invalid boolopts Alok Tiwari <alok.a.tiwari(a)oracle.com> genetlink: fix genl_bind() invoking bind() after -EPERM Stefan Wahren <wahrenst(a)gmx.net> net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() Chia-I Wu <olvaffe(a)gmail.com> drm/panthor: validate group queue count Linus Torvalds <torvalds(a)linux-foundation.org> Disable SLUB_TINY for build testing Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions Fabio Porcedda <fabio.porcedda(a)gmail.com> USB: serial: option: add Telit Cinterion FN990A w/audio compositions Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks Hugo Villeneuve <hvilleneuve(a)dimonoff.com> serial: sc16is7xx: fix bug in flow control levels init Fabian Vogt <fvogt(a)suse.de> tty: hvc_console: Call hvc_kick in hvc_write unconditionally Paolo Abeni <pabeni(a)redhat.com> Revert "net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups" Christoffer Sandberg <cs(a)tuxedo.de> Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table Jeff LaBundy <jeff(a)labundy.com> Input: iqs7222 - avoid enabling unused interrupts Xiongfeng Wang <wangxiongfeng2(a)huawei.com> hrtimers: Unconditionally update target CPU base after offline timer migration Qu Wenruo <wqu(a)suse.com> btrfs: fix corruption reading compressed range when block size is smaller than page size Boris Burkov <boris(a)bur.io> btrfs: use readahead_expand() on compressed extents Santhosh Kumar K <s-k6(a)ti.com> mtd: spinand: winbond: Fix oob_layout for W25N01JW Jeongjun Park <aha310510(a)gmail.com> mm/hugetlb: add missing hugetlb_lock in __unmap_hugepage_range() Quanmin Yan <yanquanmin1(a)huawei.com> mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() Stanislav Fort <stanislav.fort(a)aisle.com> mm/damon/sysfs: fix use-after-free in state_show() Alex Markuze <amarkuze(a)redhat.com> ceph: fix race condition where r_parent becomes stale before sending message Alex Markuze <amarkuze(a)redhat.com> ceph: fix race condition validating r_parent before applying state Ilya Dryomov <idryomov(a)gmail.com> libceph: fix invalid accesses to ceph_connection_v1_info Chen Ridong <chenridong(a)huawei.com> kernfs: Fix UAF in polling when open file is released Matthieu Baerts (NGI0) <matttbe(a)kernel.org> netlink: specs: mptcp: fix if-idx attribute type Jakub Kicinski <kuba(a)kernel.org> netlink: specs: mptcp: replace underscores with dashes in names Matthieu Baerts (NGI0) <matttbe(a)kernel.org> netlink: specs: mptcp: clearly mention attributes Matthieu Baerts (NGI0) <matttbe(a)kernel.org> netlink: specs: mptcp: add missing 'server-side' attr David Rosca <david.rosca(a)amd.com> drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages David Rosca <david.rosca(a)amd.com> drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time Thomas Hellström <thomas.hellstrom(a)linux.intel.com> drm/xe: Attempt to bring bos back to VRAM after eviction Johan Hovold <johan(a)kernel.org> drm/mediatek: fix potential OF node use-after-free Quanmin Yan <yanquanmin1(a)huawei.com> mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() Sang-Heon Jeon <ekffu200098(a)gmail.com> mm/damon/core: set quota->charged_from to jiffies at first charge window Kyle Meyer <kyle.meyer(a)hpe.com> mm/memory-failure: fix redundant updates for already poisoned pages Miaohe Lin <linmiaohe(a)huawei.com> mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory Wei Yang <richard.weiyang(a)gmail.com> mm/khugepaged: fix the address passed to notifier on testing young Miklos Szeredi <mszeredi(a)redhat.com> fuse: prevent overflow in copy_file_range return value Miklos Szeredi <mszeredi(a)redhat.com> fuse: check if copy_file_range() returns larger than requested size Amir Goldstein <amir73il(a)gmail.com> fuse: do not allow mapping a non-regular backing file Christophe Kerello <christophe.kerello(a)foss.st.com> mtd: rawnand: stm32_fmc2: fix ECC overwrite Christophe Kerello <christophe.kerello(a)foss.st.com> mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer Alexander Sverdlin <alexander.sverdlin(a)siemens.com> mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing Oleksij Rempel <o.rempel(a)pengutronix.de> net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups Chiasheng Lee <chiasheng.lee(a)linux.intel.com> i2c: i801: Hide Intel Birch Stream SoC TCO WDT Omar Sandoval <osandov(a)fb.com> btrfs: fix subvolume deletion lockup caused by inodes xarray race Boris Burkov <boris(a)bur.io> btrfs: fix squota compressed stats leak Mark Tinguely <mark.tinguely(a)oracle.com> ocfs2: fix recursive semaphore deadlock in fiemap call Krister Johansen <kjlx(a)templeofstupid.com> mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN Nathan Chancellor <nathan(a)kernel.org> compiler-clang.h: define __SANITIZE_*__ macros only when undefined Trond Myklebust <trond.myklebust(a)hammerspace.com> Revert "SUNRPC: Don't allow waiting for exiting tasks" Salah Triki <salah.triki(a)gmail.com> EDAC/altera: Delete an inappropriate dma_free_coherent() call wangzijie <wangzijie1(a)honor.com> proc: fix type confusion in pde_set_flags() Kuniyuki Iwashima <kuniyu(a)google.com> tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. Peilin Ye <yepeilin(a)google.com> bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init() KaFai Wan <kafai.wan(a)linux.dev> bpf: Allow fall back to interpreter for programs with stack size <= 512 Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_cf: Deny all sampling events by counter PMU Thomas Richter <tmricht(a)linux.ibm.com> s390/pai: Deny all events not handled by this PMU Pu Lehui <pulehui(a)huawei.com> tracing: Silence warning when chunk allocation fails in trace_pid_write Jonathan Curley <jcurley(a)purestorage.com> NFSv4/flexfiles: Fix layout merge mirror check. Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: nfs_invalidate_folio() must observe the offset and size arguments Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.2: Serialise O_DIRECT i/o and copy range Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.2: Serialise O_DIRECT i/o and clone range Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4.2: Serialise O_DIRECT i/o and fallocate() Trond Myklebust <trond.myklebust(a)hammerspace.com> NFS: Serialise O_DIRECT i/o and truncate() Max Kellermann <max.kellermann(a)ionos.com> fs/nfs/io: make nfs_start_io_*() killable Vladimir Riabchun <ferr.lambarginio(a)gmail.com> ftrace/samples: Fix function size computation Scott Mayhew <smayhew(a)redhat.com> nfs/localio: restore creds before releasing pageio data Mike Snitzer <snitzer(a)kernel.org> nfs/localio: add direct IO enablement with sync and async IO support Mike Snitzer <snitzer(a)kernel.org> nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter Luo Gengkun <luogengkun(a)huaweicloud.com> tracing: Fix tracing_marker may trigger page fault during preempt_disable Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Clear NFS_CAP_OPEN_XOR and NFS_CAP_DELEGTIME if not supported Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set Guenter Roeck <linux(a)roeck-us.net> trace/fgraph: Fix error handling Trond Myklebust <trond.myklebust(a)hammerspace.com> NFSv4: Don't clear capabilities that won't be reset Justin Worrell <jworrell(a)gmail.com> SUNRPC: call xs_sock_process_cmsg for all cmsg Tigran Mkrtchyan <tigran.mkrtchyan(a)desy.de> flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read David Rosca <david.rosca(a)amd.com> drm/amdgpu: Add back JPEG to video caps for carrizo and newer Takashi Iwai <tiwai(a)suse.de> ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA Aurabindo Pillai <aurabindo.pillai(a)amd.com> Revert "drm/amd/display: Optimize cursor position updates" Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix error pointers in amdgpu_dm_crtc_mem_type_changed Umesh Nerlige Ramappa <umesh.nerlige.ramappa(a)intel.com> drm/i915/pmu: Fix zero delta busyness issue Theodore Ts'o <tytso(a)mit.edu> ext4: introduce linear search for dentries Huan Yang <link(a)vivo.com> Revert "udmabuf: fix vmap_udmabuf error page set" Maurizio Lombardi <mlombard(a)redhat.com> nvme-pci: skip nvme_write_sq_db on empty rqlist Fedor Pchelkin <pchelkin(a)ispras.ru> dma-debug: fix physical address calculation for struct dma_debug_entry Sean Anderson <sean.anderson(a)linux.dev> dma-mapping: fix swapped dir/flags arguments to trace_dma_alloc_sgt_err Harry Yoo <harry.yoo(a)oracle.com> mm: introduce and use {pgd,p4d}_populate_kernel() Yevgeny Kliteynik <kliteyn(a)nvidia.com> net/mlx5: HWS, change error flow on matcher disconnect Yeoreum Yun <yeoreum.yun(a)arm.com> kunit: kasan_test: disable fortify string checker on kasan_strings() test Baochen Qiang <baochen.qiang(a)oss.qualcomm.com> dma-debug: don't enforce dma mapping check on noncoherent allocations Sean Anderson <sean.anderson(a)linux.dev> dma-mapping: trace more error paths Sean Anderson <sean.anderson(a)linux.dev> dma-mapping: use trace_dma_alloc for dma_alloc* instead of using trace_dma_map Sean Anderson <sean.anderson(a)linux.dev> dma-mapping: trace dma_alloc/free direction Christoph Hellwig <hch(a)lst.de> dma-debug: store a phys_addr_t in struct dma_debug_entry Amir Goldstein <amir73il(a)gmail.com> fhandle: use more consistent rules for decoding file handle from userns ------------- Diffstat: .../bindings/serial/brcm,bcm7271-uart.yaml | 2 +- Documentation/filesystems/nfs/localio.rst | 13 ++ Documentation/netlink/specs/mptcp_pm.yaml | 52 ++--- Documentation/networking/can.rst | 2 +- Makefile | 4 +- arch/riscv/include/asm/compat.h | 1 - arch/s390/kernel/perf_cpum_cf.c | 4 +- arch/s390/kernel/perf_pai_crypto.c | 4 +- arch/s390/kernel/perf_pai_ext.c | 2 +- arch/x86/kernel/cpu/topology_amd.c | 25 +-- drivers/dma-buf/Kconfig | 1 - drivers/dma-buf/udmabuf.c | 22 +-- drivers/dma/dw/rzn1-dmamux.c | 15 +- drivers/dma/idxd/init.c | 39 ++-- drivers/dma/qcom/bam_dma.c | 8 +- drivers/dma/ti/edma.c | 4 +- drivers/edac/altera_edac.c | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 3 - drivers/gpu/drm/amd/amdgpu/vcn_v3_0.c | 12 +- drivers/gpu/drm/amd/amdgpu/vcn_v4_0.c | 60 +++--- drivers/gpu/drm/amd/amdgpu/vi.c | 7 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 5 + .../gpu/drm/amd/display/dc/dpp/dcn10/dcn10_dpp.c | 7 +- .../drm/amd/display/dc/dpp/dcn401/dcn401_dpp_cm.c | 6 +- .../gpu/drm/amd/display/dc/hubp/dcn20/dcn20_hubp.c | 8 +- .../drm/amd/display/dc/hubp/dcn401/dcn401_hubp.c | 10 +- .../drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c | 2 +- drivers/gpu/drm/i915/display/intel_display_power.c | 6 +- drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 16 ++ drivers/gpu/drm/mediatek/mtk_drm_drv.c | 11 +- drivers/gpu/drm/panthor/panthor_drv.c | 2 +- drivers/gpu/drm/xe/tests/xe_bo.c | 2 +- drivers/gpu/drm/xe/tests/xe_dma_buf.c | 10 +- drivers/gpu/drm/xe/xe_bo.c | 16 +- drivers/gpu/drm/xe/xe_bo.h | 2 +- drivers/gpu/drm/xe/xe_dma_buf.c | 2 +- drivers/i2c/busses/i2c-i801.c | 2 +- drivers/input/misc/iqs7222.c | 3 + drivers/input/serio/i8042-acpipnpio.h | 14 ++ drivers/mtd/nand/raw/atmel/nand-controller.c | 16 +- drivers/mtd/nand/raw/stm32_fmc2_nand.c | 46 ++--- drivers/mtd/nand/spi/winbond.c | 37 +++- drivers/net/can/xilinx_can.c | 16 +- drivers/net/ethernet/freescale/fec_main.c | 3 +- drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/igb/igb_ethtool.c | 5 +- .../mlx5/core/steering/hws/mlx5hws_matcher.c | 24 +-- drivers/net/phy/mdio_bus.c | 4 +- drivers/nvme/host/pci.c | 3 + drivers/phy/qualcomm/phy-qcom-eusb2-repeater.c | 4 +- drivers/phy/tegra/xusb-tegra210.c | 6 +- drivers/phy/ti/phy-omap-usb2.c | 13 ++ drivers/phy/ti/phy-ti-pipe3.c | 13 ++ drivers/regulator/sy7636a-regulator.c | 7 +- drivers/tty/hvc/hvc_console.c | 6 +- drivers/tty/serial/sc16is7xx.c | 14 +- drivers/usb/gadget/function/f_midi2.c | 11 +- drivers/usb/gadget/udc/dummy_hcd.c | 8 +- drivers/usb/host/xhci-mem.c | 2 +- drivers/usb/serial/option.c | 17 ++ drivers/usb/typec/tcpm/tcpm.c | 12 +- fs/btrfs/extent_io.c | 72 ++++++- fs/btrfs/inode.c | 12 +- fs/btrfs/qgroup.c | 6 +- fs/ceph/debugfs.c | 14 +- fs/ceph/dir.c | 17 +- fs/ceph/file.c | 24 +-- fs/ceph/inode.c | 88 +++++++-- fs/ceph/mds_client.c | 172 ++++++++++------- fs/ceph/mds_client.h | 18 +- fs/ext4/namei.c | 14 +- fs/fhandle.c | 8 + fs/fuse/file.c | 5 +- fs/fuse/passthrough.c | 5 + fs/kernfs/file.c | 58 ++++-- fs/nfs/client.c | 2 + fs/nfs/direct.c | 22 ++- fs/nfs/file.c | 21 +- fs/nfs/flexfilelayout/flexfilelayout.c | 21 +- fs/nfs/inode.c | 4 +- fs/nfs/internal.h | 17 +- fs/nfs/io.c | 55 ++++-- fs/nfs/localio.c | 125 +++++++++--- fs/nfs/nfs42proc.c | 2 + fs/nfs/nfs4file.c | 2 + fs/nfs/nfs4proc.c | 7 +- fs/nfs/write.c | 1 + fs/ocfs2/extent_map.c | 10 +- fs/proc/generic.c | 3 +- include/linux/compiler-clang.h | 31 ++- include/linux/fs.h | 10 +- include/linux/nfs_xdr.h | 1 + include/linux/pgalloc.h | 29 +++ include/linux/pgtable.h | 13 +- include/net/netfilter/nf_tables.h | 11 +- include/net/netfilter/nf_tables_core.h | 49 ++--- include/net/netns/nftables.h | 1 + include/trace/events/dma.h | 153 ++++++++++++++- include/uapi/linux/mptcp_pm.h | 50 ++--- kernel/bpf/core.c | 16 +- kernel/bpf/crypto.c | 2 +- kernel/bpf/helpers.c | 7 +- kernel/dma/debug.c | 135 ++++++++----- kernel/dma/debug.h | 20 ++ kernel/dma/mapping.c | 41 ++-- kernel/time/hrtimer.c | 11 +- kernel/trace/fgraph.c | 3 +- kernel/trace/trace.c | 10 +- mm/Kconfig | 2 +- mm/damon/core.c | 4 + mm/damon/lru_sort.c | 5 + mm/damon/reclaim.c | 5 + mm/damon/sysfs.c | 14 +- mm/hugetlb.c | 9 +- mm/kasan/init.c | 12 +- mm/kasan/kasan_test_c.c | 1 + mm/khugepaged.c | 4 +- mm/memory-failure.c | 20 +- mm/percpu.c | 6 +- mm/sparse-vmemmap.c | 6 +- net/bridge/br.c | 7 + net/can/j1939/bus.c | 5 +- net/can/j1939/socket.c | 3 + net/ceph/messenger.c | 7 +- net/hsr/hsr_device.c | 97 +++++++++- net/hsr/hsr_main.c | 4 +- net/hsr/hsr_main.h | 3 + net/ipv4/ip_tunnel_core.c | 6 + net/ipv4/tcp_bpf.c | 5 +- net/mptcp/sockopt.c | 11 +- net/netfilter/nf_tables_api.c | 123 +++++++----- net/netfilter/nft_dynset.c | 5 +- net/netfilter/nft_lookup.c | 67 +++++-- net/netfilter/nft_objref.c | 5 +- net/netfilter/nft_set_bitmap.c | 11 +- net/netfilter/nft_set_hash.c | 54 +++--- net/netfilter/nft_set_pipapo.c | 211 ++++++++------------- net/netfilter/nft_set_pipapo_avx2.c | 29 +-- net/netfilter/nft_set_rbtree.c | 46 +++-- net/netlink/genetlink.c | 3 + net/sunrpc/sched.c | 2 - net/sunrpc/xprtsock.c | 6 +- samples/ftrace/ftrace-direct-modify.c | 2 +- sound/pci/hda/patch_realtek.c | 1 + 144 files changed, 1887 insertions(+), 986 deletions(-)

1 week, 1 day

16
157
0 0

[PATCH 5.10.y] wifi: rt2x00: use explicitly signed or unsigned types

by Eliav Farber

From: "Jason A. Donenfeld" <Jason(a)zx2c4.com> commit 66063033f77e10b985258126a97573f84bb8d3b4 upstream. On some platforms, `char` is unsigned, but this driver, for the most part, assumed it was signed. In other places, it uses `char` to mean an unsigned number, but only in cases when the values are small. And in still other places, `char` is used as a boolean. Put an end to this confusion by declaring explicit types, depending on the context. Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Cc: Stanislaw Gruszka <stf_xl(a)wp.pl> Cc: Helmut Schaa <helmut.schaa(a)googlemail.com> Cc: Kalle Valo <kvalo(a)kernel.org> Signed-off-by: Jason A. Donenfeld <Jason(a)zx2c4.com> Acked-by: Stanislaw Gruszka <stf_xl(a)wp.pl> Signed-off-by: Kalle Valo <kvalo(a)kernel.org> Link: https://lore.kernel.org/r/20221019155541.3410813-1-Jason@zx2c4.com Cc: Naresh Kamboju <naresh.kamboju(a)linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Signed-off-by: Eliav Farber <farbere(a)amazon.com> --- This backport is required to fix build errors on an arm64 server when building with allmodconfig. The build failures were introduced after backporting: https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/com… The original commit in the mainline branch is: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/d… This fix already exists in 5.15.y: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/dri… …but is missing in 5.10.y. The error encountered during the build: In file included from <command-line>: In function ‘rt2800_txpower_to_dev’, inlined from ‘rt2800_config_channel’ at drivers/net/wireless/ralink/rt2x00/rt2800lib.c:4022:25: ././include/linux/compiler_types.h:309:45: error: call to ‘__compiletime_assert_1168’ declared with attribute error: clamp() low limit -7 greater than high limit 15 309 | _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) | ^ ././include/linux/compiler_types.h:290:25: note: in definition of macro ‘__compiletime_assert’ 290 | prefix ## suffix(); \ | ^~~~~~ ././include/linux/compiler_types.h:309:9: note: in expansion of macro ‘_compiletime_assert’ 309 | _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) | ^~~~~~~~~~~~~~~~~~~ ./include/linux/build_bug.h:39:37: note: in expansion of macro ‘compiletime_assert’ 39 | #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg) | ^~~~~~~~~~~~~~~~~~ ./include/linux/minmax.h:188:9: note: in expansion of macro ‘BUILD_BUG_ON_MSG’ 188 | BUILD_BUG_ON_MSG(statically_true(ulo > uhi), \ | ^~~~~~~~~~~~~~~~ ./include/linux/minmax.h:195:9: note: in expansion of macro ‘__clamp_once’ 195 | __clamp_once(type, val, lo, hi, __UNIQUE_ID(v_), __UNIQUE_ID(l_), __UNIQUE_ID(h_)) | ^~~~~~~~~~~~ ./include/linux/minmax.h:218:36: note: in expansion of macro ‘__careful_clamp’ 218 | #define clamp_t(type, val, lo, hi) __careful_clamp(type, val, lo, hi) | ^~~~~~~~~~~~~~~ drivers/net/wireless/ralink/rt2x00/rt2800lib.c:3980:24: note: in expansion of macro ‘clamp_t’ 3980 | return clamp_t(char, txpower, MIN_A_TXPOWER, MAX_A_TXPOWER); | ^~~~~~~ In function ‘rt2800_txpower_to_dev’, inlined from ‘rt2800_config_channel’ at drivers/net/wireless/ralink/rt2x00/rt2800lib.c:4024:25: ././include/linux/compiler_types.h:309:45: error: call to ‘__compiletime_assert_1168’ declared with attribute error: clamp() low limit -7 greater than high limit 15 309 | _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) | ^ ././include/linux/compiler_types.h:290:25: note: in definition of macro ‘__compiletime_assert’ 290 | prefix ## suffix(); \ | ^~~~~~ ././include/linux/compiler_types.h:309:9: note: in expansion of macro ‘_compiletime_assert’ 309 | _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) | ^~~~~~~~~~~~~~~~~~~ ./include/linux/build_bug.h:39:37: note: in expansion of macro ‘compiletime_assert’ 39 | #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg) | ^~~~~~~~~~~~~~~~~~ ./include/linux/minmax.h:188:9: note: in expansion of macro ‘BUILD_BUG_ON_MSG’ 188 | BUILD_BUG_ON_MSG(statically_true(ulo > uhi), \ | ^~~~~~~~~~~~~~~~ ./include/linux/minmax.h:195:9: note: in expansion of macro ‘__clamp_once’ 195 | __clamp_once(type, val, lo, hi, __UNIQUE_ID(v_), __UNIQUE_ID(l_), __UNIQUE_ID(h_)) | ^~~~~~~~~~~~ ./include/linux/minmax.h:218:36: note: in expansion of macro ‘__careful_clamp’ 218 | #define clamp_t(type, val, lo, hi) __careful_clamp(type, val, lo, hi) | ^~~~~~~~~~~~~~~ drivers/net/wireless/ralink/rt2x00/rt2800lib.c:3980:24: note: in expansion of macro ‘clamp_t’ 3980 | return clamp_t(char, txpower, MIN_A_TXPOWER, MAX_A_TXPOWER); | ^~~~~~~ In function ‘rt2800_txpower_to_dev’, inlined from ‘rt2800_config_channel’ at drivers/net/wireless/ralink/rt2x00/rt2800lib.c:4028:4: ././include/linux/compiler_types.h:309:45: error: call to ‘__compiletime_assert_1168’ declared with attribute error: clamp() low limit -7 greater than high limit 15 309 | _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) | ^ ././include/linux/compiler_types.h:290:25: note: in definition of macro ‘__compiletime_assert’ 290 | prefix ## suffix(); \ | ^~~~~~ ././include/linux/compiler_types.h:309:9: note: in expansion of macro ‘_compiletime_assert’ 309 | _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) | ^~~~~~~~~~~~~~~~~~~ ./include/linux/build_bug.h:39:37: note: in expansion of macro ‘compiletime_assert’ 39 | #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg) | ^~~~~~~~~~~~~~~~~~ ./include/linux/minmax.h:188:9: note: in expansion of macro ‘BUILD_BUG_ON_MSG’ 188 | BUILD_BUG_ON_MSG(statically_true(ulo > uhi), \ | ^~~~~~~~~~~~~~~~ ./include/linux/minmax.h:195:9: note: in expansion of macro ‘__clamp_once’ 195 | __clamp_once(type, val, lo, hi, __UNIQUE_ID(v_), __UNIQUE_ID(l_), __UNIQUE_ID(h_)) | ^~~~~~~~~~~~ ./include/linux/minmax.h:218:36: note: in expansion of macro ‘__careful_clamp’ 218 | #define clamp_t(type, val, lo, hi) __careful_clamp(type, val, lo, hi) | ^~~~~~~~~~~~~~~ drivers/net/wireless/ralink/rt2x00/rt2800lib.c:3980:24: note: in expansion of macro ‘clamp_t’ 3980 | return clamp_t(char, txpower, MIN_A_TXPOWER, MAX_A_TXPOWER); | ^~~~~~~ make[5]: *** [scripts/Makefile.build:286: drivers/net/wireless/ralink/rt2x00/rt2800lib.o] Error 1 make[4]: *** [scripts/Makefile.build:503: drivers/net/wireless/ralink/rt2x00] Error 2 make[3]: *** [scripts/Makefile.build:503: drivers/net/wireless/ralink] Error 2 make[2]: *** [scripts/Makefile.build:503: drivers/net/wireless] Error 2 make[1]: *** [scripts/Makefile.build:503: drivers/net] Error 2 make[1]: *** Waiting for unfinished jobs.... make: *** [Makefile:1851: drivers] Error 2 make: *** Waiting for unfinished jobs.... CC [M] kernel/kheaders.o .../net/wireless/ralink/rt2x00/rt2400pci.c | 8 ++--- .../net/wireless/ralink/rt2x00/rt2400pci.h | 2 +- .../net/wireless/ralink/rt2x00/rt2500pci.c | 8 ++--- .../net/wireless/ralink/rt2x00/rt2500pci.h | 2 +- .../net/wireless/ralink/rt2x00/rt2500usb.c | 8 ++--- .../net/wireless/ralink/rt2x00/rt2500usb.h | 2 +- .../net/wireless/ralink/rt2x00/rt2800lib.c | 36 +++++++++---------- .../net/wireless/ralink/rt2x00/rt2800lib.h | 8 ++--- .../net/wireless/ralink/rt2x00/rt2x00usb.c | 6 ++-- drivers/net/wireless/ralink/rt2x00/rt61pci.c | 4 +-- drivers/net/wireless/ralink/rt2x00/rt61pci.h | 2 +- drivers/net/wireless/ralink/rt2x00/rt73usb.c | 4 +-- drivers/net/wireless/ralink/rt2x00/rt73usb.h | 2 +- 13 files changed, 46 insertions(+), 46 deletions(-) diff --git a/drivers/net/wireless/ralink/rt2x00/rt2400pci.c b/drivers/net/wireless/ralink/rt2x00/rt2400pci.c index 8f860c14da58..1520785c3ddb 100644 --- a/drivers/net/wireless/ralink/rt2x00/rt2400pci.c +++ b/drivers/net/wireless/ralink/rt2x00/rt2400pci.c @@ -1023,9 +1023,9 @@ static int rt2400pci_set_state(struct rt2x00_dev *rt2x00dev, { u32 reg, reg2; unsigned int i; - char put_to_sleep; - char bbp_state; - char rf_state; + bool put_to_sleep; + u8 bbp_state; + u8 rf_state; put_to_sleep = (state != STATE_AWAKE); @@ -1561,7 +1561,7 @@ static int rt2400pci_probe_hw_mode(struct rt2x00_dev *rt2x00dev) { struct hw_mode_spec *spec = &rt2x00dev->spec; struct channel_info *info; - char *tx_power; + u8 *tx_power; unsigned int i; /* diff --git a/drivers/net/wireless/ralink/rt2x00/rt2400pci.h b/drivers/net/wireless/ralink/rt2x00/rt2400pci.h index b8187b6de143..979d5fd8babf 100644 --- a/drivers/net/wireless/ralink/rt2x00/rt2400pci.h +++ b/drivers/net/wireless/ralink/rt2x00/rt2400pci.h @@ -939,7 +939,7 @@ #define DEFAULT_TXPOWER 39 #define __CLAMP_TX(__txpower) \ - clamp_t(char, (__txpower), MIN_TXPOWER, MAX_TXPOWER) + clamp_t(u8, (__txpower), MIN_TXPOWER, MAX_TXPOWER) #define TXPOWER_FROM_DEV(__txpower) \ ((__CLAMP_TX(__txpower) - MAX_TXPOWER) + MIN_TXPOWER) diff --git a/drivers/net/wireless/ralink/rt2x00/rt2500pci.c b/drivers/net/wireless/ralink/rt2x00/rt2500pci.c index e940443c52ad..1be535c74917 100644 --- a/drivers/net/wireless/ralink/rt2x00/rt2500pci.c +++ b/drivers/net/wireless/ralink/rt2x00/rt2500pci.c @@ -1176,9 +1176,9 @@ static int rt2500pci_set_state(struct rt2x00_dev *rt2x00dev, { u32 reg, reg2; unsigned int i; - char put_to_sleep; - char bbp_state; - char rf_state; + bool put_to_sleep; + u8 bbp_state; + u8 rf_state; put_to_sleep = (state != STATE_AWAKE); @@ -1856,7 +1856,7 @@ static int rt2500pci_probe_hw_mode(struct rt2x00_dev *rt2x00dev) { struct hw_mode_spec *spec = &rt2x00dev->spec; struct channel_info *info; - char *tx_power; + u8 *tx_power; unsigned int i; /* diff --git a/drivers/net/wireless/ralink/rt2x00/rt2500pci.h b/drivers/net/wireless/ralink/rt2x00/rt2500pci.h index 7e64aee2a172..ba362675c52c 100644 --- a/drivers/net/wireless/ralink/rt2x00/rt2500pci.h +++ b/drivers/net/wireless/ralink/rt2x00/rt2500pci.h @@ -1219,6 +1219,6 @@ (((u8)(__txpower)) > MAX_TXPOWER) ? DEFAULT_TXPOWER : (__txpower) #define TXPOWER_TO_DEV(__txpower) \ - clamp_t(char, __txpower, MIN_TXPOWER, MAX_TXPOWER) + clamp_t(u8, __txpower, MIN_TXPOWER, MAX_TXPOWER) #endif /* RT2500PCI_H */ diff --git a/drivers/net/wireless/ralink/rt2x00/rt2500usb.c b/drivers/net/wireless/ralink/rt2x00/rt2500usb.c index fce05fc88aaf..6d12e3879a90 100644 --- a/drivers/net/wireless/ralink/rt2x00/rt2500usb.c +++ b/drivers/net/wireless/ralink/rt2x00/rt2500usb.c @@ -984,9 +984,9 @@ static int rt2500usb_set_state(struct rt2x00_dev *rt2x00dev, u16 reg; u16 reg2; unsigned int i; - char put_to_sleep; - char bbp_state; - char rf_state; + bool put_to_sleep; + u8 bbp_state; + u8 rf_state; put_to_sleep = (state != STATE_AWAKE); @@ -1663,7 +1663,7 @@ static int rt2500usb_probe_hw_mode(struct rt2x00_dev *rt2x00dev) { struct hw_mode_spec *spec = &rt2x00dev->spec; struct channel_info *info; - char *tx_power; + u8 *tx_power; unsigned int i; /* diff --git a/drivers/net/wireless/ralink/rt2x00/rt2500usb.h b/drivers/net/wireless/ralink/rt2x00/rt2500usb.h index 0c070288a140..746f0e950b76 100644 --- a/drivers/net/wireless/ralink/rt2x00/rt2500usb.h +++ b/drivers/net/wireless/ralink/rt2x00/rt2500usb.h @@ -839,6 +839,6 @@ (((u8)(__txpower)) > MAX_TXPOWER) ? DEFAULT_TXPOWER : (__txpower) #define TXPOWER_TO_DEV(__txpower) \ - clamp_t(char, __txpower, MIN_TXPOWER, MAX_TXPOWER) + clamp_t(u8, __txpower, MIN_TXPOWER, MAX_TXPOWER) #endif /* RT2500USB_H */ diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c index 4bdd3a95f2d2..adea793c6a76 100644 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c @@ -3297,10 +3297,10 @@ static void rt2800_config_channel_rf53xx(struct rt2x00_dev *rt2x00dev, if (rt2x00_has_cap_bt_coexist(rt2x00dev)) { if (rt2x00_rt_rev_gte(rt2x00dev, RT5390, REV_RT5390F)) { /* r55/r59 value array of channel 1~14 */ - static const char r55_bt_rev[] = {0x83, 0x83, + static const u8 r55_bt_rev[] = {0x83, 0x83, 0x83, 0x73, 0x73, 0x63, 0x53, 0x53, 0x53, 0x43, 0x43, 0x43, 0x43, 0x43}; - static const char r59_bt_rev[] = {0x0e, 0x0e, + static const u8 r59_bt_rev[] = {0x0e, 0x0e, 0x0e, 0x0e, 0x0e, 0x0b, 0x0a, 0x09, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07}; @@ -3309,7 +3309,7 @@ static void rt2800_config_channel_rf53xx(struct rt2x00_dev *rt2x00dev, rt2800_rfcsr_write(rt2x00dev, 59, r59_bt_rev[idx]); } else { - static const char r59_bt[] = {0x8b, 0x8b, 0x8b, + static const u8 r59_bt[] = {0x8b, 0x8b, 0x8b, 0x8b, 0x8b, 0x8b, 0x8b, 0x8a, 0x89, 0x88, 0x88, 0x86, 0x85, 0x84}; @@ -3317,10 +3317,10 @@ static void rt2800_config_channel_rf53xx(struct rt2x00_dev *rt2x00dev, } } else { if (rt2x00_rt_rev_gte(rt2x00dev, RT5390, REV_RT5390F)) { - static const char r55_nonbt_rev[] = {0x23, 0x23, + static const u8 r55_nonbt_rev[] = {0x23, 0x23, 0x23, 0x23, 0x13, 0x13, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03}; - static const char r59_nonbt_rev[] = {0x07, 0x07, + static const u8 r59_nonbt_rev[] = {0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x07, 0x06, 0x05, 0x04, 0x04}; @@ -3331,14 +3331,14 @@ static void rt2800_config_channel_rf53xx(struct rt2x00_dev *rt2x00dev, } else if (rt2x00_rt(rt2x00dev, RT5390) || rt2x00_rt(rt2x00dev, RT5392) || rt2x00_rt(rt2x00dev, RT6352)) { - static const char r59_non_bt[] = {0x8f, 0x8f, + static const u8 r59_non_bt[] = {0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8f, 0x8d, 0x8a, 0x88, 0x88, 0x87, 0x87, 0x86}; rt2800_rfcsr_write(rt2x00dev, 59, r59_non_bt[idx]); } else if (rt2x00_rt(rt2x00dev, RT5350)) { - static const char r59_non_bt[] = {0x0b, 0x0b, + static const u8 r59_non_bt[] = {0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0a, 0x0a, 0x09, 0x08, 0x07, 0x07, 0x06}; @@ -3961,23 +3961,23 @@ static void rt2800_iq_calibrate(struct rt2x00_dev *rt2x00dev, int channel) rt2800_bbp_write(rt2x00dev, 159, cal != 0xff ? cal : 0); } -static char rt2800_txpower_to_dev(struct rt2x00_dev *rt2x00dev, +static s8 rt2800_txpower_to_dev(struct rt2x00_dev *rt2x00dev, unsigned int channel, - char txpower) + s8 txpower) { if (rt2x00_rt(rt2x00dev, RT3593) || rt2x00_rt(rt2x00dev, RT3883)) txpower = rt2x00_get_field8(txpower, EEPROM_TXPOWER_ALC); if (channel <= 14) - return clamp_t(char, txpower, MIN_G_TXPOWER, MAX_G_TXPOWER); + return clamp_t(s8, txpower, MIN_G_TXPOWER, MAX_G_TXPOWER); if (rt2x00_rt(rt2x00dev, RT3593) || rt2x00_rt(rt2x00dev, RT3883)) - return clamp_t(char, txpower, MIN_A_TXPOWER_3593, + return clamp_t(s8, txpower, MIN_A_TXPOWER_3593, MAX_A_TXPOWER_3593); else - return clamp_t(char, txpower, MIN_A_TXPOWER, MAX_A_TXPOWER); + return clamp_t(s8, txpower, MIN_A_TXPOWER, MAX_A_TXPOWER); } static void rt3883_bbp_adjust(struct rt2x00_dev *rt2x00dev, @@ -8473,11 +8473,11 @@ static int rt2800_rf_lp_config(struct rt2x00_dev *rt2x00dev, bool btxcal) return 0; } -static char rt2800_lp_tx_filter_bw_cal(struct rt2x00_dev *rt2x00dev) +static s8 rt2800_lp_tx_filter_bw_cal(struct rt2x00_dev *rt2x00dev) { unsigned int cnt; u8 bbp_val; - char cal_val; + s8 cal_val; rt2800_bbp_dcoc_write(rt2x00dev, 0, 0x82); @@ -8509,7 +8509,7 @@ static void rt2800_bw_filter_calibration(struct rt2x00_dev *rt2x00dev, u8 rx_filter_target_20m = 0x27, rx_filter_target_40m = 0x31; int loop = 0, is_ht40, cnt; u8 bbp_val, rf_val; - char cal_r32_init, cal_r32_val, cal_diff; + s8 cal_r32_init, cal_r32_val, cal_diff; u8 saverfb5r00, saverfb5r01, saverfb5r03, saverfb5r04, saverfb5r05; u8 saverfb5r06, saverfb5r07; u8 saverfb5r08, saverfb5r17, saverfb5r18, saverfb5r19, saverfb5r20; @@ -9960,9 +9960,9 @@ static int rt2800_probe_hw_mode(struct rt2x00_dev *rt2x00dev) { struct hw_mode_spec *spec = &rt2x00dev->spec; struct channel_info *info; - char *default_power1; - char *default_power2; - char *default_power3; + s8 *default_power1; + s8 *default_power2; + s8 *default_power3; unsigned int i, tx_chains, rx_chains; u32 reg; diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.h b/drivers/net/wireless/ralink/rt2x00/rt2800lib.h index 1139405c0ebb..6928f352f631 100644 --- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.h +++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.h @@ -22,10 +22,10 @@ struct rt2800_drv_data { u8 calibration_bw20; u8 calibration_bw40; - char rx_calibration_bw20; - char rx_calibration_bw40; - char tx_calibration_bw20; - char tx_calibration_bw40; + s8 rx_calibration_bw20; + s8 rx_calibration_bw40; + s8 tx_calibration_bw20; + s8 tx_calibration_bw40; u8 bbp25; u8 bbp26; u8 txmixer_gain_24g; diff --git a/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c b/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c index 74c3d8cb3100..8b3c90231110 100644 --- a/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c +++ b/drivers/net/wireless/ralink/rt2x00/rt2x00usb.c @@ -117,12 +117,12 @@ int rt2x00usb_vendor_request_buff(struct rt2x00_dev *rt2x00dev, const u16 buffer_length) { int status = 0; - unsigned char *tb; + u8 *tb; u16 off, len, bsize; mutex_lock(&rt2x00dev->csr_mutex); - tb = (char *)buffer; + tb = (u8 *)buffer; off = offset; len = buffer_length; while (len && !status) { @@ -215,7 +215,7 @@ void rt2x00usb_register_read_async(struct rt2x00_dev *rt2x00dev, rd->cr.wLength = cpu_to_le16(sizeof(u32)); usb_fill_control_urb(urb, usb_dev, usb_rcvctrlpipe(usb_dev, 0), - (unsigned char *)(&rd->cr), &rd->reg, sizeof(rd->reg), + (u8 *)(&rd->cr), &rd->reg, sizeof(rd->reg), rt2x00usb_register_read_async_cb, rd); usb_anchor_urb(urb, rt2x00dev->anchor); if (usb_submit_urb(urb, GFP_ATOMIC) < 0) { diff --git a/drivers/net/wireless/ralink/rt2x00/rt61pci.c b/drivers/net/wireless/ralink/rt2x00/rt61pci.c index 02da5dd37ddd..d04761c32a5d 100644 --- a/drivers/net/wireless/ralink/rt2x00/rt61pci.c +++ b/drivers/net/wireless/ralink/rt2x00/rt61pci.c @@ -1709,7 +1709,7 @@ static int rt61pci_set_state(struct rt2x00_dev *rt2x00dev, enum dev_state state) { u32 reg, reg2; unsigned int i; - char put_to_sleep; + bool put_to_sleep; put_to_sleep = (state != STATE_AWAKE); @@ -2656,7 +2656,7 @@ static int rt61pci_probe_hw_mode(struct rt2x00_dev *rt2x00dev) { struct hw_mode_spec *spec = &rt2x00dev->spec; struct channel_info *info; - char *tx_power; + u8 *tx_power; unsigned int i; /* diff --git a/drivers/net/wireless/ralink/rt2x00/rt61pci.h b/drivers/net/wireless/ralink/rt2x00/rt61pci.h index 5f208ad509bd..d72d0ffd1127 100644 --- a/drivers/net/wireless/ralink/rt2x00/rt61pci.h +++ b/drivers/net/wireless/ralink/rt2x00/rt61pci.h @@ -1484,6 +1484,6 @@ struct hw_pairwise_ta_entry { (((u8)(__txpower)) > MAX_TXPOWER) ? DEFAULT_TXPOWER : (__txpower) #define TXPOWER_TO_DEV(__txpower) \ - clamp_t(char, __txpower, MIN_TXPOWER, MAX_TXPOWER) + clamp_t(u8, __txpower, MIN_TXPOWER, MAX_TXPOWER) #endif /* RT61PCI_H */ diff --git a/drivers/net/wireless/ralink/rt2x00/rt73usb.c b/drivers/net/wireless/ralink/rt2x00/rt73usb.c index e69793773d87..32f6d689bd36 100644 --- a/drivers/net/wireless/ralink/rt2x00/rt73usb.c +++ b/drivers/net/wireless/ralink/rt2x00/rt73usb.c @@ -1378,7 +1378,7 @@ static int rt73usb_set_state(struct rt2x00_dev *rt2x00dev, enum dev_state state) { u32 reg, reg2; unsigned int i; - char put_to_sleep; + bool put_to_sleep; put_to_sleep = (state != STATE_AWAKE); @@ -2090,7 +2090,7 @@ static int rt73usb_probe_hw_mode(struct rt2x00_dev *rt2x00dev) { struct hw_mode_spec *spec = &rt2x00dev->spec; struct channel_info *info; - char *tx_power; + u8 *tx_power; unsigned int i; /* diff --git a/drivers/net/wireless/ralink/rt2x00/rt73usb.h b/drivers/net/wireless/ralink/rt2x00/rt73usb.h index 1b56d285c34b..bb0a68516c08 100644 --- a/drivers/net/wireless/ralink/rt2x00/rt73usb.h +++ b/drivers/net/wireless/ralink/rt2x00/rt73usb.h @@ -1063,6 +1063,6 @@ struct hw_pairwise_ta_entry { (((u8)(__txpower)) > MAX_TXPOWER) ? DEFAULT_TXPOWER : (__txpower) #define TXPOWER_TO_DEV(__txpower) \ - clamp_t(char, __txpower, MIN_TXPOWER, MAX_TXPOWER) + clamp_t(u8, __txpower, MIN_TXPOWER, MAX_TXPOWER) #endif /* RT73USB_H */ -- 2.47.3

1 week, 1 day

1
0
0 0

FAILED: patch "[PATCH] crypto: rockchip - Fix dma_unmap_sg() nents value" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 21140e5caf019e4a24e1ceabcaaa16bd693b393f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101646-entitle-romp-923e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 21140e5caf019e4a24e1ceabcaaa16bd693b393f Mon Sep 17 00:00:00 2001 From: Thomas Fourier <fourier.thomas(a)gmail.com> Date: Wed, 3 Sep 2025 10:06:46 +0200 Subject: [PATCH] crypto: rockchip - Fix dma_unmap_sg() nents value The dma_unmap_sg() functions should be called with the same nents as the dma_map_sg(), not the value the map function returned. Fixes: 57d67c6e8219 ("crypto: rockchip - rework by using crypto_engine") Cc: <stable(a)vger.kernel.org> Signed-off-by: Thomas Fourier <fourier.thomas(a)gmail.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/rockchip/rk3288_crypto_ahash.c b/drivers/crypto/rockchip/rk3288_crypto_ahash.c index d6928ebe9526..b9f5a8b42e66 100644 --- a/drivers/crypto/rockchip/rk3288_crypto_ahash.c +++ b/drivers/crypto/rockchip/rk3288_crypto_ahash.c @@ -254,7 +254,7 @@ static void rk_hash_unprepare(struct crypto_engine *engine, void *breq) struct rk_ahash_rctx *rctx = ahash_request_ctx(areq); struct rk_crypto_info *rkc = rctx->dev; - dma_unmap_sg(rkc->dev, areq->src, rctx->nrsg, DMA_TO_DEVICE); + dma_unmap_sg(rkc->dev, areq->src, sg_nents(areq->src), DMA_TO_DEVICE); } static int rk_hash_run(struct crypto_engine *engine, void *breq)

1 week, 1 day

2
1
0 0

FAILED: patch "[PATCH] crypto: rockchip - Fix dma_unmap_sg() nents value" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 21140e5caf019e4a24e1ceabcaaa16bd693b393f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101646-unsent-pull-230d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 21140e5caf019e4a24e1ceabcaaa16bd693b393f Mon Sep 17 00:00:00 2001 From: Thomas Fourier <fourier.thomas(a)gmail.com> Date: Wed, 3 Sep 2025 10:06:46 +0200 Subject: [PATCH] crypto: rockchip - Fix dma_unmap_sg() nents value The dma_unmap_sg() functions should be called with the same nents as the dma_map_sg(), not the value the map function returned. Fixes: 57d67c6e8219 ("crypto: rockchip - rework by using crypto_engine") Cc: <stable(a)vger.kernel.org> Signed-off-by: Thomas Fourier <fourier.thomas(a)gmail.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/rockchip/rk3288_crypto_ahash.c b/drivers/crypto/rockchip/rk3288_crypto_ahash.c index d6928ebe9526..b9f5a8b42e66 100644 --- a/drivers/crypto/rockchip/rk3288_crypto_ahash.c +++ b/drivers/crypto/rockchip/rk3288_crypto_ahash.c @@ -254,7 +254,7 @@ static void rk_hash_unprepare(struct crypto_engine *engine, void *breq) struct rk_ahash_rctx *rctx = ahash_request_ctx(areq); struct rk_crypto_info *rkc = rctx->dev; - dma_unmap_sg(rkc->dev, areq->src, rctx->nrsg, DMA_TO_DEVICE); + dma_unmap_sg(rkc->dev, areq->src, sg_nents(areq->src), DMA_TO_DEVICE); } static int rk_hash_run(struct crypto_engine *engine, void *breq)

1 week, 1 day

2
1
0 0

FAILED: patch "[PATCH] eventpoll: Replace rwlock with spinlock" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 0c43094f8cc9d3d99d835c0ac9c4fe1ccc62babd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101614-turbofan-sufferer-957e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0c43094f8cc9d3d99d835c0ac9c4fe1ccc62babd Mon Sep 17 00:00:00 2001 From: Nam Cao <namcao(a)linutronix.de> Date: Tue, 15 Jul 2025 14:46:34 +0200 Subject: [PATCH] eventpoll: Replace rwlock with spinlock The ready event list of an epoll object is protected by read-write semaphore: - The consumer (waiter) acquires the write lock and takes items. - the producer (waker) takes the read lock and adds items. The point of this design is enabling epoll to scale well with large number of producers, as multiple producers can hold the read lock at the same time. Unfortunately, this implementation may cause scheduling priority inversion problem. Suppose the consumer has higher scheduling priority than the producer. The consumer needs to acquire the write lock, but may be blocked by the producer holding the read lock. Since read-write semaphore does not support priority-boosting for the readers (even with CONFIG_PREEMPT_RT=y), we have a case of priority inversion: a higher priority consumer is blocked by a lower priority producer. This problem was reported in [1]. Furthermore, this could also cause stall problem, as described in [2]. Fix this problem by replacing rwlock with spinlock. This reduces the event bandwidth, as the producers now have to contend with each other for the spinlock. According to the benchmark from https://github.com/rouming/test-tools/blob/master/stress-epoll.c: On 12 x86 CPUs: Before After Diff threads events/ms events/ms 8 7162 4956 -31% 16 8733 5383 -38% 32 7968 5572 -30% 64 10652 5739 -46% 128 11236 5931 -47% On 4 riscv CPUs: Before After Diff threads events/ms events/ms 8 2958 2833 -4% 16 3323 3097 -7% 32 3451 3240 -6% 64 3554 3178 -11% 128 3601 3235 -10% Although the numbers look bad, it should be noted that this benchmark creates multiple threads who do nothing except constantly generating new epoll events, thus contention on the spinlock is high. For real workload, the event rate is likely much lower, and the performance drop is not as bad. Using another benchmark (perf bench epoll wait) where spinlock contention is lower, improvement is even observed on x86: On 12 x86 CPUs: Before: Averaged 110279 operations/sec (+- 1.09%), total secs = 8 After: Averaged 114577 operations/sec (+- 2.25%), total secs = 8 On 4 riscv CPUs: Before: Averaged 175767 operations/sec (+- 0.62%), total secs = 8 After: Averaged 167396 operations/sec (+- 0.23%), total secs = 8 In conclusion, no one is likely to be upset over this change. After all, spinlock was used originally for years, and the commit which converted to rwlock didn't mention a real workload, just that the benchmark numbers are nice. This patch is not exactly the revert of commit a218cc491420 ("epoll: use rwlock in order to reduce ep_poll_callback() contention"), because git revert conflicts in some places which are not obvious on the resolution. This patch is intended to be backported, therefore go with the obvious approach: - Replace rwlock_t with spinlock_t one to one - Delete list_add_tail_lockless() and chain_epi_lockless(). These were introduced to allow producers to concurrently add items to the list. But now that spinlock no longer allows producers to touch the event list concurrently, these two functions are not necessary anymore. Fixes: a218cc491420 ("epoll: use rwlock in order to reduce ep_poll_callback() contention") Signed-off-by: Nam Cao <namcao(a)linutronix.de> Link: https://lore.kernel.org/ec92458ea357ec503c737ead0f10b2c6e4c37d47.1752581388… Tested-by: K Prateek Nayak <kprateek.nayak(a)amd.com> Cc: stable(a)vger.kernel.org Reported-by: Frederic Weisbecker <frederic(a)kernel.org> Closes: https://lore.kernel.org/linux-rt-users/20210825132754.GA895675@lothringen/ [1] Reported-by: Valentin Schneider <vschneid(a)redhat.com> Closes: https://lore.kernel.org/linux-rt-users/xhsmhttqvnall.mognet@vschneid.remote… [2] Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/fs/eventpoll.c b/fs/eventpoll.c index b22d6f819f78..ee7c4b683ec3 100644 --- a/fs/eventpoll.c +++ b/fs/eventpoll.c @@ -46,10 +46,10 @@ * * 1) epnested_mutex (mutex) * 2) ep->mtx (mutex) - * 3) ep->lock (rwlock) + * 3) ep->lock (spinlock) * * The acquire order is the one listed above, from 1 to 3. - * We need a rwlock (ep->lock) because we manipulate objects + * We need a spinlock (ep->lock) because we manipulate objects * from inside the poll callback, that might be triggered from * a wake_up() that in turn might be called from IRQ context. * So we can't sleep inside the poll callback and hence we need @@ -195,7 +195,7 @@ struct eventpoll { struct list_head rdllist; /* Lock which protects rdllist and ovflist */ - rwlock_t lock; + spinlock_t lock; /* RB tree root used to store monitored fd structs */ struct rb_root_cached rbr; @@ -741,10 +741,10 @@ static void ep_start_scan(struct eventpoll *ep, struct list_head *txlist) * in a lockless way. */ lockdep_assert_irqs_enabled(); - write_lock_irq(&ep->lock); + spin_lock_irq(&ep->lock); list_splice_init(&ep->rdllist, txlist); WRITE_ONCE(ep->ovflist, NULL); - write_unlock_irq(&ep->lock); + spin_unlock_irq(&ep->lock); } static void ep_done_scan(struct eventpoll *ep, @@ -752,7 +752,7 @@ static void ep_done_scan(struct eventpoll *ep, { struct epitem *epi, *nepi; - write_lock_irq(&ep->lock); + spin_lock_irq(&ep->lock); /* * During the time we spent inside the "sproc" callback, some * other events might have been queued by the poll callback. @@ -793,7 +793,7 @@ static void ep_done_scan(struct eventpoll *ep, wake_up(&ep->wq); } - write_unlock_irq(&ep->lock); + spin_unlock_irq(&ep->lock); } static void ep_get(struct eventpoll *ep) @@ -868,10 +868,10 @@ static bool __ep_remove(struct eventpoll *ep, struct epitem *epi, bool force) rb_erase_cached(&epi->rbn, &ep->rbr); - write_lock_irq(&ep->lock); + spin_lock_irq(&ep->lock); if (ep_is_linked(epi)) list_del_init(&epi->rdllink); - write_unlock_irq(&ep->lock); + spin_unlock_irq(&ep->lock); wakeup_source_unregister(ep_wakeup_source(epi)); /* @@ -1152,7 +1152,7 @@ static int ep_alloc(struct eventpoll **pep) return -ENOMEM; mutex_init(&ep->mtx); - rwlock_init(&ep->lock); + spin_lock_init(&ep->lock); init_waitqueue_head(&ep->wq); init_waitqueue_head(&ep->poll_wait); INIT_LIST_HEAD(&ep->rdllist); @@ -1239,100 +1239,10 @@ struct file *get_epoll_tfile_raw_ptr(struct file *file, int tfd, } #endif /* CONFIG_KCMP */ -/* - * Adds a new entry to the tail of the list in a lockless way, i.e. - * multiple CPUs are allowed to call this function concurrently. - * - * Beware: it is necessary to prevent any other modifications of the - * existing list until all changes are completed, in other words - * concurrent list_add_tail_lockless() calls should be protected - * with a read lock, where write lock acts as a barrier which - * makes sure all list_add_tail_lockless() calls are fully - * completed. - * - * Also an element can be locklessly added to the list only in one - * direction i.e. either to the tail or to the head, otherwise - * concurrent access will corrupt the list. - * - * Return: %false if element has been already added to the list, %true - * otherwise. - */ -static inline bool list_add_tail_lockless(struct list_head *new, - struct list_head *head) -{ - struct list_head *prev; - - /* - * This is simple 'new->next = head' operation, but cmpxchg() - * is used in order to detect that same element has been just - * added to the list from another CPU: the winner observes - * new->next == new. - */ - if (!try_cmpxchg(&new->next, &new, head)) - return false; - - /* - * Initially ->next of a new element must be updated with the head - * (we are inserting to the tail) and only then pointers are atomically - * exchanged. XCHG guarantees memory ordering, thus ->next should be - * updated before pointers are actually swapped and pointers are - * swapped before prev->next is updated. - */ - - prev = xchg(&head->prev, new); - - /* - * It is safe to modify prev->next and new->prev, because a new element - * is added only to the tail and new->next is updated before XCHG. - */ - - prev->next = new; - new->prev = prev; - - return true; -} - -/* - * Chains a new epi entry to the tail of the ep->ovflist in a lockless way, - * i.e. multiple CPUs are allowed to call this function concurrently. - * - * Return: %false if epi element has been already chained, %true otherwise. - */ -static inline bool chain_epi_lockless(struct epitem *epi) -{ - struct eventpoll *ep = epi->ep; - - /* Fast preliminary check */ - if (epi->next != EP_UNACTIVE_PTR) - return false; - - /* Check that the same epi has not been just chained from another CPU */ - if (cmpxchg(&epi->next, EP_UNACTIVE_PTR, NULL) != EP_UNACTIVE_PTR) - return false; - - /* Atomically exchange tail */ - epi->next = xchg(&ep->ovflist, epi); - - return true; -} - /* * This is the callback that is passed to the wait queue wakeup * mechanism. It is called by the stored file descriptors when they * have events to report. - * - * This callback takes a read lock in order not to contend with concurrent - * events from another file descriptor, thus all modifications to ->rdllist - * or ->ovflist are lockless. Read lock is paired with the write lock from - * ep_start/done_scan(), which stops all list modifications and guarantees - * that lists state is seen correctly. - * - * Another thing worth to mention is that ep_poll_callback() can be called - * concurrently for the same @epi from different CPUs if poll table was inited - * with several wait queues entries. Plural wakeup from different CPUs of a - * single wait queue is serialized by wq.lock, but the case when multiple wait - * queues are used should be detected accordingly. This is detected using - * cmpxchg() operation. */ static int ep_poll_callback(wait_queue_entry_t *wait, unsigned mode, int sync, void *key) { @@ -1343,7 +1253,7 @@ static int ep_poll_callback(wait_queue_entry_t *wait, unsigned mode, int sync, v unsigned long flags; int ewake = 0; - read_lock_irqsave(&ep->lock, flags); + spin_lock_irqsave(&ep->lock, flags); ep_set_busy_poll_napi_id(epi); @@ -1372,12 +1282,15 @@ static int ep_poll_callback(wait_queue_entry_t *wait, unsigned mode, int sync, v * chained in ep->ovflist and requeued later on. */ if (READ_ONCE(ep->ovflist) != EP_UNACTIVE_PTR) { - if (chain_epi_lockless(epi)) + if (epi->next == EP_UNACTIVE_PTR) { + epi->next = READ_ONCE(ep->ovflist); + WRITE_ONCE(ep->ovflist, epi); ep_pm_stay_awake_rcu(epi); + } } else if (!ep_is_linked(epi)) { /* In the usual case, add event to ready list. */ - if (list_add_tail_lockless(&epi->rdllink, &ep->rdllist)) - ep_pm_stay_awake_rcu(epi); + list_add_tail(&epi->rdllink, &ep->rdllist); + ep_pm_stay_awake_rcu(epi); } /* @@ -1410,7 +1323,7 @@ static int ep_poll_callback(wait_queue_entry_t *wait, unsigned mode, int sync, v pwake++; out_unlock: - read_unlock_irqrestore(&ep->lock, flags); + spin_unlock_irqrestore(&ep->lock, flags); /* We have to call this outside the lock */ if (pwake) @@ -1745,7 +1658,7 @@ static int ep_insert(struct eventpoll *ep, const struct epoll_event *event, } /* We have to drop the new item inside our item list to keep track of it */ - write_lock_irq(&ep->lock); + spin_lock_irq(&ep->lock); /* record NAPI ID of new item if present */ ep_set_busy_poll_napi_id(epi); @@ -1762,7 +1675,7 @@ static int ep_insert(struct eventpoll *ep, const struct epoll_event *event, pwake++; } - write_unlock_irq(&ep->lock); + spin_unlock_irq(&ep->lock); /* We have to call this outside the lock */ if (pwake) @@ -1826,7 +1739,7 @@ static int ep_modify(struct eventpoll *ep, struct epitem *epi, * list, push it inside. */ if (ep_item_poll(epi, &pt, 1)) { - write_lock_irq(&ep->lock); + spin_lock_irq(&ep->lock); if (!ep_is_linked(epi)) { list_add_tail(&epi->rdllink, &ep->rdllist); ep_pm_stay_awake(epi); @@ -1837,7 +1750,7 @@ static int ep_modify(struct eventpoll *ep, struct epitem *epi, if (waitqueue_active(&ep->poll_wait)) pwake++; } - write_unlock_irq(&ep->lock); + spin_unlock_irq(&ep->lock); } /* We have to call this outside the lock */ @@ -2089,7 +2002,7 @@ static int ep_poll(struct eventpoll *ep, struct epoll_event __user *events, init_wait(&wait); wait.func = ep_autoremove_wake_function; - write_lock_irq(&ep->lock); + spin_lock_irq(&ep->lock); /* * Barrierless variant, waitqueue_active() is called under * the same lock on wakeup ep_poll_callback() side, so it @@ -2108,7 +2021,7 @@ static int ep_poll(struct eventpoll *ep, struct epoll_event __user *events, if (!eavail) __add_wait_queue_exclusive(&ep->wq, &wait); - write_unlock_irq(&ep->lock); + spin_unlock_irq(&ep->lock); if (!eavail) timed_out = !ep_schedule_timeout(to) || @@ -2124,7 +2037,7 @@ static int ep_poll(struct eventpoll *ep, struct epoll_event __user *events, eavail = 1; if (!list_empty_careful(&wait.entry)) { - write_lock_irq(&ep->lock); + spin_lock_irq(&ep->lock); /* * If the thread timed out and is not on the wait queue, * it means that the thread was woken up after its @@ -2135,7 +2048,7 @@ static int ep_poll(struct eventpoll *ep, struct epoll_event __user *events, if (timed_out) eavail = list_empty(&wait.entry); __remove_wait_queue(&ep->wq, &wait); - write_unlock_irq(&ep->lock); + spin_unlock_irq(&ep->lock); } } }

1 week, 1 day

2
2
0 0

Re: [PATCH] media: videobuf2: forbid create_bufs/remove_bufs when legacy fileio is active

by Bai, Shuangpeng

Hi Marek, Thank you very much for fixing this bug and for your contribution. Since my original report was not posted to a public mailing list, I would appreciate it if you could add the following credit to this patch: Reported-by: Shuangpeng Bai <SJB7183(a)psu.edu> Thanks again! Best regards, Shuangpeng

1 week, 2 days

1
0
0 0

FAILED: patch "[PATCH] cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f965d111e68f4a993cc44d487d416e3d954eea11 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101655-grandma-populate-0fb4@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f965d111e68f4a993cc44d487d416e3d954eea11 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Fri, 26 Sep 2025 12:19:41 +0200 Subject: [PATCH] cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay If cppc_get_transition_latency() returns CPUFREQ_ETERNAL to indicate a failure to retrieve the transition latency value from the platform firmware, the CPPC cpufreq driver will use that value (converted to microseconds) as the policy transition delay, but it is way too large for any practical use. Address this by making the driver use the cpufreq's default transition latency value (in microseconds) as the transition delay if CPUFREQ_ETERNAL is returned by cppc_get_transition_latency(). Fixes: d4f3388afd48 ("cpufreq / CPPC: Set platform specific transition_delay_us") Cc: 5.19+ <stable(a)vger.kernel.org> # 5.19 Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Mario Limonciello (AMD) <superm1(a)kernel.org> Reviewed-by: Jie Zhan <zhanjie9(a)hisilicon.com> Acked-by: Viresh Kumar <viresh.kumar(a)linaro.org> Reviewed-by: Qais Yousef <qyousef(a)layalina.io> diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c index 12de0ac7bbaf..b71946937c52 100644 --- a/drivers/cpufreq/cppc_cpufreq.c +++ b/drivers/cpufreq/cppc_cpufreq.c @@ -308,6 +308,16 @@ static int cppc_verify_policy(struct cpufreq_policy_data *policy) return 0; } +static unsigned int __cppc_cpufreq_get_transition_delay_us(unsigned int cpu) +{ + unsigned int transition_latency_ns = cppc_get_transition_latency(cpu); + + if (transition_latency_ns == CPUFREQ_ETERNAL) + return CPUFREQ_DEFAULT_TRANSITION_LATENCY_NS / NSEC_PER_USEC; + + return transition_latency_ns / NSEC_PER_USEC; +} + /* * The PCC subspace describes the rate at which platform can accept commands * on the shared PCC channel (including READs which do not count towards freq @@ -330,12 +340,12 @@ static unsigned int cppc_cpufreq_get_transition_delay_us(unsigned int cpu) return 10000; } } - return cppc_get_transition_latency(cpu) / NSEC_PER_USEC; + return __cppc_cpufreq_get_transition_delay_us(cpu); } #else static unsigned int cppc_cpufreq_get_transition_delay_us(unsigned int cpu) { - return cppc_get_transition_latency(cpu) / NSEC_PER_USEC; + return __cppc_cpufreq_get_transition_delay_us(cpu); } #endif

1 week, 2 days

2
1
0 0

FAILED: patch "[PATCH] cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x f965d111e68f4a993cc44d487d416e3d954eea11 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101609-footsore-ensnare-d320@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f965d111e68f4a993cc44d487d416e3d954eea11 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Fri, 26 Sep 2025 12:19:41 +0200 Subject: [PATCH] cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay If cppc_get_transition_latency() returns CPUFREQ_ETERNAL to indicate a failure to retrieve the transition latency value from the platform firmware, the CPPC cpufreq driver will use that value (converted to microseconds) as the policy transition delay, but it is way too large for any practical use. Address this by making the driver use the cpufreq's default transition latency value (in microseconds) as the transition delay if CPUFREQ_ETERNAL is returned by cppc_get_transition_latency(). Fixes: d4f3388afd48 ("cpufreq / CPPC: Set platform specific transition_delay_us") Cc: 5.19+ <stable(a)vger.kernel.org> # 5.19 Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Mario Limonciello (AMD) <superm1(a)kernel.org> Reviewed-by: Jie Zhan <zhanjie9(a)hisilicon.com> Acked-by: Viresh Kumar <viresh.kumar(a)linaro.org> Reviewed-by: Qais Yousef <qyousef(a)layalina.io> diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c index 12de0ac7bbaf..b71946937c52 100644 --- a/drivers/cpufreq/cppc_cpufreq.c +++ b/drivers/cpufreq/cppc_cpufreq.c @@ -308,6 +308,16 @@ static int cppc_verify_policy(struct cpufreq_policy_data *policy) return 0; } +static unsigned int __cppc_cpufreq_get_transition_delay_us(unsigned int cpu) +{ + unsigned int transition_latency_ns = cppc_get_transition_latency(cpu); + + if (transition_latency_ns == CPUFREQ_ETERNAL) + return CPUFREQ_DEFAULT_TRANSITION_LATENCY_NS / NSEC_PER_USEC; + + return transition_latency_ns / NSEC_PER_USEC; +} + /* * The PCC subspace describes the rate at which platform can accept commands * on the shared PCC channel (including READs which do not count towards freq @@ -330,12 +340,12 @@ static unsigned int cppc_cpufreq_get_transition_delay_us(unsigned int cpu) return 10000; } } - return cppc_get_transition_latency(cpu) / NSEC_PER_USEC; + return __cppc_cpufreq_get_transition_delay_us(cpu); } #else static unsigned int cppc_cpufreq_get_transition_delay_us(unsigned int cpu) { - return cppc_get_transition_latency(cpu) / NSEC_PER_USEC; + return __cppc_cpufreq_get_transition_delay_us(cpu); } #endif

1 week, 2 days

2
1
0 0

FAILED: patch "[PATCH] cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f965d111e68f4a993cc44d487d416e3d954eea11 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101609-unmoved-thud-9d3a@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f965d111e68f4a993cc44d487d416e3d954eea11 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Fri, 26 Sep 2025 12:19:41 +0200 Subject: [PATCH] cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay If cppc_get_transition_latency() returns CPUFREQ_ETERNAL to indicate a failure to retrieve the transition latency value from the platform firmware, the CPPC cpufreq driver will use that value (converted to microseconds) as the policy transition delay, but it is way too large for any practical use. Address this by making the driver use the cpufreq's default transition latency value (in microseconds) as the transition delay if CPUFREQ_ETERNAL is returned by cppc_get_transition_latency(). Fixes: d4f3388afd48 ("cpufreq / CPPC: Set platform specific transition_delay_us") Cc: 5.19+ <stable(a)vger.kernel.org> # 5.19 Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Mario Limonciello (AMD) <superm1(a)kernel.org> Reviewed-by: Jie Zhan <zhanjie9(a)hisilicon.com> Acked-by: Viresh Kumar <viresh.kumar(a)linaro.org> Reviewed-by: Qais Yousef <qyousef(a)layalina.io> diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c index 12de0ac7bbaf..b71946937c52 100644 --- a/drivers/cpufreq/cppc_cpufreq.c +++ b/drivers/cpufreq/cppc_cpufreq.c @@ -308,6 +308,16 @@ static int cppc_verify_policy(struct cpufreq_policy_data *policy) return 0; } +static unsigned int __cppc_cpufreq_get_transition_delay_us(unsigned int cpu) +{ + unsigned int transition_latency_ns = cppc_get_transition_latency(cpu); + + if (transition_latency_ns == CPUFREQ_ETERNAL) + return CPUFREQ_DEFAULT_TRANSITION_LATENCY_NS / NSEC_PER_USEC; + + return transition_latency_ns / NSEC_PER_USEC; +} + /* * The PCC subspace describes the rate at which platform can accept commands * on the shared PCC channel (including READs which do not count towards freq @@ -330,12 +340,12 @@ static unsigned int cppc_cpufreq_get_transition_delay_us(unsigned int cpu) return 10000; } } - return cppc_get_transition_latency(cpu) / NSEC_PER_USEC; + return __cppc_cpufreq_get_transition_delay_us(cpu); } #else static unsigned int cppc_cpufreq_get_transition_delay_us(unsigned int cpu) { - return cppc_get_transition_latency(cpu) / NSEC_PER_USEC; + return __cppc_cpufreq_get_transition_delay_us(cpu); } #endif

1 week, 2 days

2
1
0 0

FAILED: patch "[PATCH] blk-crypto: fix missing blktrace bio split events" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 06d712d297649f48ebf1381d19bd24e942813b37 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101657-rule-straw-2a51@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 06d712d297649f48ebf1381d19bd24e942813b37 Mon Sep 17 00:00:00 2001 From: Yu Kuai <yukuai3(a)huawei.com> Date: Wed, 10 Sep 2025 14:30:45 +0800 Subject: [PATCH] blk-crypto: fix missing blktrace bio split events trace_block_split() is missing, resulting in blktrace inability to catch BIO split events and making it harder to analyze the BIO sequence. Cc: stable(a)vger.kernel.org Fixes: 488f6682c832 ("block: blk-crypto-fallback for Inline Encryption") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/blk-crypto-fallback.c b/block/blk-crypto-fallback.c index dbc2d8784dab..27fa1ec4b264 100644 --- a/block/blk-crypto-fallback.c +++ b/block/blk-crypto-fallback.c @@ -18,6 +18,7 @@ #include <linux/module.h> #include <linux/random.h> #include <linux/scatterlist.h> +#include <trace/events/block.h> #include "blk-cgroup.h" #include "blk-crypto-internal.h" @@ -230,7 +231,9 @@ static bool blk_crypto_fallback_split_bio_if_needed(struct bio **bio_ptr) bio->bi_status = BLK_STS_RESOURCE; return false; } + bio_chain(split_bio, bio); + trace_block_split(split_bio, bio->bi_iter.bi_sector); submit_bio_noacct(bio); *bio_ptr = split_bio; }

1 week, 2 days

2
1
0 0

FAILED: patch "[PATCH] cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x f965d111e68f4a993cc44d487d416e3d954eea11 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101610-twistable-shaping-5da2@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f965d111e68f4a993cc44d487d416e3d954eea11 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Fri, 26 Sep 2025 12:19:41 +0200 Subject: [PATCH] cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay If cppc_get_transition_latency() returns CPUFREQ_ETERNAL to indicate a failure to retrieve the transition latency value from the platform firmware, the CPPC cpufreq driver will use that value (converted to microseconds) as the policy transition delay, but it is way too large for any practical use. Address this by making the driver use the cpufreq's default transition latency value (in microseconds) as the transition delay if CPUFREQ_ETERNAL is returned by cppc_get_transition_latency(). Fixes: d4f3388afd48 ("cpufreq / CPPC: Set platform specific transition_delay_us") Cc: 5.19+ <stable(a)vger.kernel.org> # 5.19 Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Mario Limonciello (AMD) <superm1(a)kernel.org> Reviewed-by: Jie Zhan <zhanjie9(a)hisilicon.com> Acked-by: Viresh Kumar <viresh.kumar(a)linaro.org> Reviewed-by: Qais Yousef <qyousef(a)layalina.io> diff --git a/drivers/cpufreq/cppc_cpufreq.c b/drivers/cpufreq/cppc_cpufreq.c index 12de0ac7bbaf..b71946937c52 100644 --- a/drivers/cpufreq/cppc_cpufreq.c +++ b/drivers/cpufreq/cppc_cpufreq.c @@ -308,6 +308,16 @@ static int cppc_verify_policy(struct cpufreq_policy_data *policy) return 0; } +static unsigned int __cppc_cpufreq_get_transition_delay_us(unsigned int cpu) +{ + unsigned int transition_latency_ns = cppc_get_transition_latency(cpu); + + if (transition_latency_ns == CPUFREQ_ETERNAL) + return CPUFREQ_DEFAULT_TRANSITION_LATENCY_NS / NSEC_PER_USEC; + + return transition_latency_ns / NSEC_PER_USEC; +} + /* * The PCC subspace describes the rate at which platform can accept commands * on the shared PCC channel (including READs which do not count towards freq @@ -330,12 +340,12 @@ static unsigned int cppc_cpufreq_get_transition_delay_us(unsigned int cpu) return 10000; } } - return cppc_get_transition_latency(cpu) / NSEC_PER_USEC; + return __cppc_cpufreq_get_transition_delay_us(cpu); } #else static unsigned int cppc_cpufreq_get_transition_delay_us(unsigned int cpu) { - return cppc_get_transition_latency(cpu) / NSEC_PER_USEC; + return __cppc_cpufreq_get_transition_delay_us(cpu); } #endif

1 week, 2 days

2
1
0 0

FAILED: patch "[PATCH] btrfs: avoid potential out-of-bounds in btrfs_encode_fh()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x dff4f9ff5d7f289e4545cc936362e01ed3252742 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101644-legacy-starch-6a67@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dff4f9ff5d7f289e4545cc936362e01ed3252742 Mon Sep 17 00:00:00 2001 From: Anderson Nascimento <anderson(a)allelesecurity.com> Date: Mon, 8 Sep 2025 09:49:02 -0300 Subject: [PATCH] btrfs: avoid potential out-of-bounds in btrfs_encode_fh() The function btrfs_encode_fh() does not properly account for the three cases it handles. Before writing to the file handle (fh), the function only returns to the user BTRFS_FID_SIZE_NON_CONNECTABLE (5 dwords, 20 bytes) or BTRFS_FID_SIZE_CONNECTABLE (8 dwords, 32 bytes). However, when a parent exists and the root ID of the parent and the inode are different, the function writes BTRFS_FID_SIZE_CONNECTABLE_ROOT (10 dwords, 40 bytes). If *max_len is not large enough, this write goes out of bounds because BTRFS_FID_SIZE_CONNECTABLE_ROOT is greater than BTRFS_FID_SIZE_CONNECTABLE originally returned. This results in an 8-byte out-of-bounds write at fid->parent_root_objectid = parent_root_id. A previous attempt to fix this issue was made but was lost. https://lore.kernel.org/all/4CADAEEC020000780001B32C@vpn.id2.novell.com/ Although this issue does not seem to be easily triggerable, it is a potential memory corruption bug that should be fixed. This patch resolves the issue by ensuring the function returns the appropriate size for all three cases and validates that *max_len is large enough before writing any data. Fixes: be6e8dc0ba84 ("NFS support for btrfs - v3") CC: stable(a)vger.kernel.org # 3.0+ Signed-off-by: Anderson Nascimento <anderson(a)allelesecurity.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/export.c b/fs/btrfs/export.c index d062ac521051..230d9326b685 100644 --- a/fs/btrfs/export.c +++ b/fs/btrfs/export.c @@ -23,7 +23,11 @@ static int btrfs_encode_fh(struct inode *inode, u32 *fh, int *max_len, int type; if (parent && (len < BTRFS_FID_SIZE_CONNECTABLE)) { - *max_len = BTRFS_FID_SIZE_CONNECTABLE; + if (btrfs_root_id(BTRFS_I(inode)->root) != + btrfs_root_id(BTRFS_I(parent)->root)) + *max_len = BTRFS_FID_SIZE_CONNECTABLE_ROOT; + else + *max_len = BTRFS_FID_SIZE_CONNECTABLE; return FILEID_INVALID; } else if (len < BTRFS_FID_SIZE_NON_CONNECTABLE) { *max_len = BTRFS_FID_SIZE_NON_CONNECTABLE; @@ -45,6 +49,8 @@ static int btrfs_encode_fh(struct inode *inode, u32 *fh, int *max_len, parent_root_id = btrfs_root_id(BTRFS_I(parent)->root); if (parent_root_id != fid->root_objectid) { + if (*max_len < BTRFS_FID_SIZE_CONNECTABLE_ROOT) + return FILEID_INVALID; fid->parent_root_objectid = parent_root_id; len = BTRFS_FID_SIZE_CONNECTABLE_ROOT; type = FILEID_BTRFS_WITH_PARENT_ROOT;

1 week, 2 days

2
1
0 0

[PATCH 6.6 000/201] 6.6.113-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.113 release. There are 201 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 19 Oct 2025 14:50:59 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.113-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.113-rc1 Ian Rogers <irogers(a)google.com> perf test stat: Avoid hybrid assumption when virtualized Jan Kara <jack(a)suse.cz> writeback: Avoid excessively long inode switching times Jan Kara <jack(a)suse.cz> writeback: Avoid softlockup when switching many inodes Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> cramfs: Verify inode mode when loading from disk Lichen Liu <lichliu(a)redhat.com> fs: Add 'initramfs_options' to set initramfs mount options Oleg Nesterov <oleg(a)redhat.com> pid: make __task_pid_nr_ns(ns => NULL) safe for zombie callers gaoxiang17 <gaoxiang17(a)xiaomi.com> pid: Add a judgment for ns null in pid_nr_ns Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> minixfs: Verify inode mode when loading from disk Lucas Zampieri <lzampier(a)redhat.com> irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume Hongbo Li <lihongbo22(a)huawei.com> irqchip/sifive-plic: Make use of __assign_bit() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: pm: in-kernel: usable client side with C-flag Lance Yang <lance.yang(a)linux.dev> selftests/mm: skip soft-dirty tests when CONFIG_MEM_SOFT_DIRTY is disabled Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Write back tail call counter for BPF_PSEUDO_CALL Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Describe the frame using a struct instead of constants Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Centralize frame offset calculations Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Change seen_reg to a mask Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: property: Do not pass NULL handles to acpi_attach_data() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: property: Add code comments explaining what is going on Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: property: Disregard references in data-only subnode lists Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: battery: Add synchronization between interface updates Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> ACPI: battery: Check for error code from devm_mutex_init() call Thomas Weißschuh <linux(a)weissschuh.net> ACPI: battery: initialize mutexes through devm_ APIs Thomas Weißschuh <linux(a)weissschuh.net> ACPI: battery: allocate driver data through devm_ APIs Catalin Marinas <catalin.marinas(a)arm.com> arm64: mte: Do not flag the zero page as PG_mte_tagged Yang Shi <yang(a)os.amperecomputing.com> arm64: kprobes: call set_memory_rox() for kprobe page Guenter Roeck <linux(a)roeck-us.net> ipmi: Fix handling of messages with provided receive message pointer Corey Minyard <corey(a)minyard.net> ipmi: Rework user message limit handling Sean Christopherson <seanjc(a)google.com> KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 Thomas Gleixner <tglx(a)linutronix.de> rseq: Protect event mask against membarrier IPI Qu Wenruo <wqu(a)suse.com> btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release Wang Jiang <jiangwang(a)kylinos.cn> PCI: endpoint: Remove surplus return statement from pci_epf_test_clean_dma_chan() Ling Xu <quic_lxu5(a)quicinc.com> misc: fastrpc: Save actual DMA size in fastrpc_map structure Ekansh Gupta <quic_ekangupt(a)quicinc.com> misc: fastrpc: Add missing dev_err newlines Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add max ip connections parameter Sean Christopherson <seanjc(a)google.com> KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid Donet Tom <donettom(a)linux.ibm.com> mm/ksm: fix incorrect KSM counter handling in mm_struct during fork Yuan Chen <chenyuan(a)kylinos.cn> tracing: Fix race condition in kprobe initialization causing NULL pointer dereference Hans de Goede <hansg(a)kernel.org> mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type Hans de Goede <hdegoede(a)redhat.com> mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value Edward Adam Davis <eadavis(a)qq.com> media: mc: Clear minor number before put device Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: reject negative file sizes in squashfs_read_inode() Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: add additional inode sanity checking Nathan Chancellor <nathan(a)kernel.org> lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and older Jan Kara <jack(a)suse.cz> ext4: free orphan info with kvfree Huacai Chen <chenhuacai(a)kernel.org> ACPICA: Allow to skip Global Lock initialization Deepanshu Kartikey <kartikey406(a)gmail.com> ext4: validate ea_ino and size in check_xattrs Ahmet Eray Karadag <eraykrdg1(a)gmail.com> ext4: guard against EA inode refcount underflow in xattr update Zhang Yi <yi.zhang(a)huawei.com> ext4: fix an off-by-one issue during moving extents Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: correctly handle queries for metadata mappings Yongjian Sun <sunyongjian1(a)huawei.com> ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() Jan Kara <jack(a)suse.cz> ext4: verify orphan file size is not too big Olga Kornievskaia <okorniev(a)redhat.com> nfsd: nfserr_jukebox in nlm_fopen should lead to a retry Thorsten Blum <thorsten.blum(a)linux.dev> NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() SeongJae Park <sj(a)kernel.org> mm/damon/vaddr: do not repeat pte_offset_map_lock() until success Li RongQing <lirongqing(a)baidu.com> mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations Nick Morrow <morrownr(a)gmail.com> wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 Muhammad Usama Anjum <usama.anjum(a)collabora.com> wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again Matthieu Baerts (NGI0) <matttbe(a)kernel.org> selftests: mptcp: join: validate C-flag + def limit Sean Christopherson <seanjc(a)google.com> x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) Sean Christopherson <seanjc(a)google.com> x86/umip: Check that the instruction opcode is at least two bytes Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before DAC access Pratyush Yadav <pratyush(a)kernel.org> spi: cadence-quadspi: Flush posted register writes before INDAC access Vidya Sagar <vidyas(a)nvidia.com> PCI: tegra194: Handle errors in BPMP response Niklas Cassel <cassel(a)kernel.org> PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar-host: Drop PMSR spinlock Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit Lukas Wunner <lukas(a)wunner.de> PCI/AER: Support errors introduced by PCIe r6.0 Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/AER: Fix missing uevent on recovery when a reset is requested Lukas Wunner <lukas(a)wunner.de> PCI/ERR: Fix uevent on failure to recover Niklas Schnelle <schnelle(a)linux.ibm.com> PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV Brian Norris <briannorris(a)google.com> PCI/sysfs: Ensure devices are powered for config reads Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock Sean Christopherson <seanjc(a)google.com> rseq/selftests: Use weak symbol reference, not definition, to link with glibc Esben Haabendal <esben(a)geanix.com> rtc: interface: Fix long-standing race when setting alarm Esben Haabendal <esben(a)geanix.com> rtc: interface: Ensure alarm irq is enabled when UIE is enabled Zhen Ni <zhen.ni(a)easystack.cn> memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe Rex Chen <rex.chen_1(a)nxp.com> mmc: core: SPI mode remove cmd7 Linus Walleij <linus.walleij(a)linaro.org> mtd: rawnand: fsmc: Default to autodetect buswidth Miaoqian Lin <linmq006(a)gmail.com> xtensa: simdisk: add input size check in proc_write_simdisk Ma Ke <make24(a)iscas.ac.cn> sparc: fix error handling in scan_one_device() Anthony Yznaga <anthony.yznaga(a)oracle.com> sparc64: fix hugetlb for sun4u Eric Biggers <ebiggers(a)kernel.org> sctp: Fix MAC comparison to be constant-time Thorsten Blum <thorsten.blum(a)linux.dev> scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() Harshit Agarwal <harshit(a)nutanix.com> sched/deadline: Fix race in push_dl_task() Corey Minyard <corey(a)minyard.net> Revert "ipmi: fix msg stack when IPMI is disconnected" Jisheng Zhang <jszhang(a)kernel.org> pwm: berlin: Fix wrong register in suspend/resume Nam Cao <namcao(a)linutronix.de> powerpc/pseries/msi: Fix potential underflow and leak issue Nam Cao <namcao(a)linutronix.de> powerpc/powernv/pci: Fix underflow and leak issue Dzmitry Sankouski <dsankouski(a)gmail.com> power: supply: max77976_charger: fix constant current reporting Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> pinctrl: samsung: Drop unused S3C24xx driver data Georg Gottleuber <ggo(a)tuxedocomputers.com> nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk John David Anglin <dave.anglin(a)bell.net> parisc: Remove spurious if statement from raw_copy_from_user() Sam James <sam(a)gentoo.org> parisc: don't reference obsolete termio struct for TC* constants Askar Safin <safinaskar(a)zohomail.com> openat2: don't trigger automounts with RESOLVE_NO_XDEV Ma Ke <make24(a)iscas.ac.cn> of: unittest: Fix device reference count leak in of_unittest_pci_node_verify Johan Hovold <johan(a)kernel.org> lib/genalloc: fix device leak in of_gen_pool_get() Eric Biggers <ebiggers(a)kernel.org> KEYS: trusted_tpm1: Compare HMAC values in constant time Oleg Nesterov <oleg(a)redhat.com> kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths Lu Baolu <baolu.lu(a)linux.intel.com> iommu/vt-d: PRS isn't usable if PDS isn't supported Sean Nyekjaer <sean(a)geanix.com> iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume Huacai Chen <chenhuacai(a)kernel.org> init: handle bootloader identifier in kernel parameters Sean Anderson <sean.anderson(a)linux.dev> iio: xilinx-ams: Unmask interrupts after updating alarms Sean Anderson <sean.anderson(a)linux.dev> iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix prescaler usage. Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5421: use int type to store negative error codes Qianfeng Rong <rongqianfeng(a)vivo.com> iio: dac: ad5360: use int type to store negative error codes Haoxiang Li <haoxiang_li2024(a)163.com> fs/ntfs3: Fix a resource leak bug in wnd_extend() Finn Thain <fthain(a)linux-m68k.org> fbdev: Fix logic error in "offb" name match Thomas Fourier <fourier.thomas(a)gmail.com> crypto: rockchip - Fix dma_unmap_sg() nents value Thomas Fourier <fourier.thomas(a)gmail.com> crypto: atmel - Fix dma_unmap_sg() direction Thomas Fourier <fourier.thomas(a)gmail.com> crypto: aspeed - Fix dma_unmap_sg() direction Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() Simon Schuster <schuster.simon(a)siemens-energy.com> copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) Adam Xue <zxue(a)semtech.com> bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() Sumit Kumar <sumit.kumar(a)oss.qualcomm.com> bus: mhi: ep: Fix chained transfer handling in read path Anderson Nascimento <anderson(a)allelesecurity.com> btrfs: avoid potential out-of-bounds in btrfs_encode_fh() Yu Kuai <yukuai3(a)huawei.com> blk-crypto: fix missing blktrace bio split events Shuhao Fu <sfual(a)cse.ust.hk> drm/nouveau: fix bad ret code in nouveau_bo_move_prep Marek Vasut <marek.vasut+renesas(a)mailbox.org> drm/rcar-du: dsi: Fix 1/2/3 lane support Ma Ke <make24(a)iscas.ac.cn> media: lirc: Fix error handling in lirc_register() Stephan Gerhold <stephan.gerhold(a)linaro.org> media: venus: firmware: Use correct reset sequence for IRIS2 Thomas Fourier <fourier.thomas(a)gmail.com> media: pci: ivtv: Add missing check after DMA map Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> media: mc: Fix MUST_CONNECT handling for pads with no links Qianfeng Rong <rongqianfeng(a)vivo.com> media: i2c: mt9v111: fix incorrect type for ret Thomas Fourier <fourier.thomas(a)gmail.com> media: cx18: Add missing check after DMA map Johan Hovold <johan(a)kernel.org> firmware: meson_sm: fix device leak at probe Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Update virq_to_irq on migration Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Return -EEXIST for bound VIRQs Lukas Wunner <lukas(a)wunner.de> xen/manage: Fix suspend error path Jason Andryuk <jason.andryuk(a)amd.com> xen/events: Cleanup find_virq() return codes Michael Riesch <michael.riesch(a)collabora.com> dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required Miaoqian Lin <linmq006(a)gmail.com> ARM: OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init Vibhore Vardhan <vibhore(a)ti.com> arm64: dts: ti: k3-am62a-main: Fix main padcfg length Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sdm845: Fix slimbam num-channels/ees Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: msm8939: Add missing MDSS reset Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: msm8916: Add missing MDSS reset Amir Mohammad Jahangirzad <a.jahangirzad(a)gmail.com> ACPI: debug: fix signedness issues in read/write helpers Daniel Tang <danielzgtg.opensource(a)gmail.com> ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> ACPI: property: Fix buffer properties extraction for subnodes KaFai Wan <kafai.wan(a)linux.dev> bpf: Avoid RCU context warning when unpinning htab with internal structs Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> gpio: wcd934x: mark the GPIO controller as sleeping Gunnar Kudrjavets <gunnarku(a)amazon.com> tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single Pali Rohár <pali(a)kernel.org> cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points Paulo Alcantara <pc(a)manguebit.org> smb: client: fix missing timestamp updates after utime(2) Herbert Xu <herbert(a)gondor.apana.org.au> crypto: essiv - Check ssize for decryption and in-place encryption Eric Woudstra <ericwouds(a)gmail.com> bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nft_objref: validate objref and objrefmap expressions Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: drop unused 3rd argument from validate callback ops Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Properly disable scaling on DCE6 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 Timur Kristóf <timur.kristof(a)gmail.com> drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: Add additional DCE6 SCL registers Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes Harini T <harini.t(a)amd.com> mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call Eric Dumazet <edumazet(a)google.com> tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat() Leo Yan <leo.yan(a)arm.com> perf python: split Clang options when invoking Popen Leo Yan <leo.yan(a)arm.com> tools build: Align warning options with perf Erick Karanja <karanja99erick(a)gmail.com> net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe Kuniyuki Iwashima <kuniyu(a)google.com> tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). Alexandr Sapozhnikov <alsp705(a)gmail.com> net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix copy-paste typo in validation Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Fix Use-after-free in validation Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Fix a null-ptr access in the cursor snooper Vineeth Vijayan <vneethv(a)linux.ibm.com> s390/cio: Update purge function to unregister the unused subchannels Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Init acpi_gbl_use_global_lock to false Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Remove CONFIG_ACPI_TABLE_UPGRADE in platform_init() Peter Ujfalusi <peter.ujfalusi(a)linux.intel.com> ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size Duoming Zhou <duoming(a)zju.edu.cn> scsi: mvsas: Fix use-after-free bugs in mvs_work_queue Aaron Kling <webgeek1234(a)gmail.com> cpufreq: tegra186: Set target frequency for all cpus in policy Fedor Pchelkin <pchelkin(a)ispras.ru> clk: tegra: do not overallocate memory for bpmp clocks Alok Tiwari <alok.a.tiwari(a)oracle.com> clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver Brian Masney <bmasney(a)redhat.com> clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() Chen-Yu Tsai <wenst(a)chromium.org> clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m Ian Rogers <irogers(a)google.com> perf evsel: Ensure the fallback message is always written to Namhyung Kim <namhyung(a)kernel.org> perf tools: Add fallback for exclude_guest James Clark <james.clark(a)linaro.org> perf test: Add a test for default perf stat command Ian Rogers <irogers(a)google.com> perf test: Don't leak workload gopipe in PERF_RECORD_* Leo Yan <leo.yan(a)arm.com> perf session: Fix handling when buffer exceeds 2 GiB Leo Yan <leo.yan(a)arm.com> perf arm_spe: Correct memory level for remote access Leo Yan <leo.yan(a)arm.com> perf arm-spe: Rename the common data source encoding Leo Yan <leo.yan(a)arm.com> perf arm_spe: Correct setting remote access Clément Le Goffic <clement.legoffic(a)foss.st.com> rtc: optee: fix memory leak on driver removal Rob Herring (Arm) <robh(a)kernel.org> rtc: x1205: Fix Xicor X1205 vendor prefix Yunseong Kim <ysk(a)kzalloc.com> perf util: Fix compression checks returning -1 as bool Brian Masney <bmasney(a)redhat.com> clk: at91: peripheral: fix return value Ian Rogers <irogers(a)google.com> libperf event: Ensure tracing data is multiple of 8 sized Ian Rogers <irogers(a)google.com> perf evsel: Avoid container_of on a NULL leader Varad Gautam <varadgautam(a)google.com> asm-generic/io.h: Skip trace helpers if rwmmio events are disabled Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() Michael Hennerich <michael.hennerich(a)analog.com> iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE Zhen Ni <zhen.ni(a)easystack.cn> clocksource/drivers/clps711x: Fix resource leaks in error paths Aleksa Sarai <cyphar(a)cyphar.com> fscontext: do not consume log entries when returning -EMSGSIZE Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> fs: always return zero on success from replace_fd() ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 3 + .../bindings/phy/rockchip-inno-csi-dphy.yaml | 15 +- Makefile | 4 +- arch/arm/mach-omap2/pm33xx-core.c | 6 +- arch/arm64/boot/dts/qcom/msm8916.dtsi | 2 + arch/arm64/boot/dts/qcom/msm8939.dtsi | 2 + arch/arm64/boot/dts/qcom/sdm845.dtsi | 4 +- arch/arm64/boot/dts/ti/k3-am62a-main.dtsi | 2 +- arch/arm64/kernel/cpufeature.c | 10 +- arch/arm64/kernel/mte.c | 3 +- arch/arm64/kernel/probes/kprobes.c | 8 +- arch/loongarch/kernel/setup.c | 5 +- arch/parisc/include/uapi/asm/ioctls.h | 8 +- arch/parisc/lib/memcpy.c | 1 - arch/powerpc/platforms/powernv/pci-ioda.c | 2 +- arch/powerpc/platforms/pseries/msi.c | 2 +- arch/s390/net/bpf_jit.h | 55 --- arch/s390/net/bpf_jit_comp.c | 161 ++++---- arch/sparc/kernel/of_device_32.c | 1 + arch/sparc/kernel/of_device_64.c | 1 + arch/sparc/mm/hugetlbpage.c | 20 + arch/x86/include/asm/msr-index.h | 1 + arch/x86/kernel/umip.c | 15 +- arch/x86/kvm/pmu.c | 5 + arch/x86/kvm/svm/pmu.c | 1 + arch/x86/kvm/svm/svm.c | 13 +- arch/x86/kvm/x86.c | 2 + arch/xtensa/platforms/iss/simdisk.c | 6 +- block/blk-crypto-fallback.c | 3 + crypto/essiv.c | 14 +- drivers/acpi/acpi_dbg.c | 26 +- drivers/acpi/acpi_tad.c | 3 + drivers/acpi/acpica/evglock.c | 4 + drivers/acpi/battery.c | 60 +-- drivers/acpi/property.c | 139 ++++--- drivers/bus/mhi/ep/main.c | 37 +- drivers/bus/mhi/host/init.c | 5 +- drivers/char/ipmi/ipmi_kcs_sm.c | 16 +- drivers/char/ipmi/ipmi_msghandler.c | 422 ++++++++++----------- drivers/char/tpm/tpm_tis_core.c | 4 +- drivers/clk/at91/clk-peripheral.c | 7 +- drivers/clk/mediatek/clk-mt8195-infra_ao.c | 2 +- drivers/clk/mediatek/clk-mux.c | 4 +- drivers/clk/nxp/clk-lpc18xx-cgu.c | 20 +- drivers/clk/tegra/clk-bpmp.c | 2 +- drivers/clocksource/clps711x-timer.c | 23 +- drivers/cpufreq/intel_pstate.c | 8 +- drivers/cpufreq/tegra186-cpufreq.c | 8 +- drivers/crypto/aspeed/aspeed-hace-crypto.c | 2 +- drivers/crypto/atmel-tdes.c | 2 +- drivers/crypto/rockchip/rk3288_crypto_ahash.c | 2 +- drivers/firmware/meson/meson_sm.c | 7 +- drivers/gpio/gpio-wcd934x.c | 2 +- drivers/gpu/drm/amd/display/dc/dce/dce_transform.c | 21 +- drivers/gpu/drm/amd/display/dc/dce/dce_transform.h | 4 + .../gpu/drm/amd/include/asic_reg/dce/dce_6_0_d.h | 7 + .../drm/amd/include/asic_reg/dce/dce_6_0_sh_mask.h | 2 + drivers/gpu/drm/nouveau/nouveau_bo.c | 2 +- drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c | 5 +- .../gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h | 8 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 17 +- drivers/gpu/drm/vmwgfx/vmwgfx_validation.c | 6 +- drivers/iio/adc/xilinx-ams.c | 47 ++- drivers/iio/dac/ad5360.c | 2 +- drivers/iio/dac/ad5421.c | 2 +- drivers/iio/frequency/adf4350.c | 20 +- drivers/iio/imu/inv_icm42600/inv_icm42600_core.c | 4 - drivers/iommu/intel/iommu.c | 2 +- drivers/irqchip/irq-sifive-plic.c | 13 +- drivers/mailbox/zynqmp-ipi-mailbox.c | 7 +- drivers/media/i2c/mt9v111.c | 2 +- drivers/media/mc/mc-devnode.c | 6 +- drivers/media/mc/mc-entity.c | 2 +- drivers/media/pci/cx18/cx18-queue.c | 13 +- drivers/media/pci/ivtv/ivtv-irq.c | 2 +- drivers/media/pci/ivtv/ivtv-yuv.c | 8 +- drivers/media/platform/qcom/venus/firmware.c | 8 +- drivers/media/rc/lirc_dev.c | 9 +- drivers/memory/samsung/exynos-srom.c | 10 +- drivers/mfd/intel_soc_pmic_chtdc_ti.c | 5 +- drivers/misc/fastrpc.c | 37 +- drivers/mmc/core/sdio.c | 6 +- drivers/mtd/nand/raw/fsmc_nand.c | 6 +- drivers/net/ethernet/freescale/fsl_pq_mdio.c | 2 + drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 +- drivers/net/wireless/ath/ath11k/core.c | 6 +- drivers/net/wireless/ath/ath11k/hal.c | 16 + drivers/net/wireless/ath/ath11k/hal.h | 1 + drivers/net/wireless/mediatek/mt76/mt7921/usb.c | 3 + drivers/nvme/host/pci.c | 2 + drivers/of/unittest.c | 1 + drivers/pci/controller/dwc/pci-keystone.c | 4 +- drivers/pci/controller/dwc/pcie-tegra194.c | 22 +- drivers/pci/controller/pci-tegra.c | 27 +- drivers/pci/controller/pcie-rcar-host.c | 40 +- drivers/pci/endpoint/functions/pci-epf-test.c | 19 +- drivers/pci/iov.c | 5 + drivers/pci/pci-driver.c | 1 + drivers/pci/pci-sysfs.c | 20 +- drivers/pci/pcie/aer.c | 12 +- drivers/pci/pcie/err.c | 8 +- drivers/pinctrl/samsung/pinctrl-samsung.h | 4 - drivers/power/supply/max77976_charger.c | 12 +- drivers/pwm/pwm-berlin.c | 4 +- drivers/rtc/interface.c | 27 ++ drivers/rtc/rtc-optee.c | 1 + drivers/rtc/rtc-x1205.c | 2 +- drivers/s390/cio/device.c | 37 +- drivers/scsi/hpsa.c | 21 +- drivers/scsi/mvsas/mv_init.c | 2 +- drivers/spi/spi-cadence-quadspi.c | 5 + drivers/video/fbdev/core/fb_cmdline.c | 2 +- drivers/xen/events/events_base.c | 37 +- drivers/xen/manage.c | 3 +- fs/btrfs/export.c | 8 +- fs/btrfs/extent_io.c | 14 +- fs/cramfs/inode.c | 11 +- fs/ext4/fsmap.c | 14 +- fs/ext4/inode.c | 10 +- fs/ext4/move_extent.c | 2 +- fs/ext4/orphan.c | 17 +- fs/ext4/xattr.c | 19 +- fs/file.c | 5 +- fs/fs-writeback.c | 32 +- fs/fsopen.c | 70 ++-- fs/minix/inode.c | 8 +- fs/namei.c | 8 + fs/namespace.c | 11 +- fs/nfsd/lockd.c | 15 + fs/nfsd/nfs4proc.c | 2 +- fs/ntfs3/bitmap.c | 1 + fs/smb/client/smb1ops.c | 62 ++- fs/smb/client/smb2inode.c | 22 +- fs/smb/server/ksmbd_netlink.h | 5 +- fs/smb/server/server.h | 1 + fs/smb/server/transport_ipc.c | 3 + fs/smb/server/transport_tcp.c | 28 +- fs/squashfs/inode.c | 24 +- include/acpi/acpixf.h | 6 + include/asm-generic/io.h | 98 +++-- include/linux/iio/frequency/adf4350.h | 2 +- include/linux/ksm.h | 6 + include/linux/sched.h | 11 +- include/media/v4l2-subdev.h | 30 +- include/net/netfilter/nf_tables.h | 3 +- include/net/netfilter/nft_fib.h | 4 +- include/net/netfilter/nft_meta.h | 3 +- include/net/netfilter/nft_reject.h | 3 +- init/main.c | 12 + kernel/bpf/inode.c | 4 +- kernel/fork.c | 2 +- kernel/pid.c | 5 +- kernel/rseq.c | 10 +- kernel/sched/deadline.c | 73 ++-- kernel/sys.c | 22 +- kernel/trace/trace_fprobe.c | 11 +- kernel/trace/trace_kprobe.c | 11 +- kernel/trace/trace_probe.h | 9 +- kernel/trace/trace_uprobe.c | 12 +- lib/crypto/Makefile | 4 + lib/genalloc.c | 5 +- mm/damon/vaddr.c | 8 +- mm/hugetlb.c | 3 + mm/page_alloc.c | 2 +- net/bridge/br_vlan.c | 2 +- net/bridge/netfilter/nft_meta_bridge.c | 5 +- net/bridge/netfilter/nft_reject_bridge.c | 3 +- net/core/filter.c | 2 + net/ipv4/tcp.c | 5 +- net/ipv4/tcp_input.c | 1 - net/mptcp/pm.c | 7 +- net/mptcp/pm_netlink.c | 52 ++- net/mptcp/protocol.h | 8 + net/netfilter/nf_tables_api.c | 3 +- net/netfilter/nft_compat.c | 6 +- net/netfilter/nft_fib.c | 3 +- net/netfilter/nft_flow_offload.c | 3 +- net/netfilter/nft_fwd_netdev.c | 3 +- net/netfilter/nft_immediate.c | 3 +- net/netfilter/nft_lookup.c | 3 +- net/netfilter/nft_masq.c | 3 +- net/netfilter/nft_meta.c | 6 +- net/netfilter/nft_nat.c | 3 +- net/netfilter/nft_objref.c | 39 ++ net/netfilter/nft_osf.c | 3 +- net/netfilter/nft_queue.c | 3 +- net/netfilter/nft_redir.c | 3 +- net/netfilter/nft_reject.c | 3 +- net/netfilter/nft_reject_inet.c | 3 +- net/netfilter/nft_reject_netdev.c | 3 +- net/netfilter/nft_rt.c | 3 +- net/netfilter/nft_socket.c | 3 +- net/netfilter/nft_synproxy.c | 3 +- net/netfilter/nft_tproxy.c | 3 +- net/netfilter/nft_xfrm.c | 3 +- net/sctp/sm_make_chunk.c | 3 +- net/sctp/sm_statefuns.c | 6 +- security/keys/trusted-keys/trusted_tpm1.c | 7 +- sound/soc/sof/ipc4-topology.h | 4 +- tools/build/feature/Makefile | 4 +- tools/lib/perf/include/perf/event.h | 1 + tools/perf/builtin-stat.c | 18 +- tools/perf/tests/perf-record.c | 4 + tools/perf/tests/shell/stat.sh | 29 ++ tools/perf/util/arm-spe-decoder/arm-spe-decoder.h | 18 +- tools/perf/util/arm-spe.c | 34 +- tools/perf/util/evsel.c | 31 +- tools/perf/util/lzma.c | 2 +- tools/perf/util/session.c | 2 +- tools/perf/util/setup.py | 5 +- tools/perf/util/zlib.c | 2 +- tools/testing/selftests/mm/madv_populate.c | 21 +- tools/testing/selftests/mm/soft-dirty.c | 5 +- tools/testing/selftests/mm/vm_util.c | 77 ++++ tools/testing/selftests/mm/vm_util.h | 1 + tools/testing/selftests/net/mptcp/mptcp_join.sh | 11 + tools/testing/selftests/rseq/rseq.c | 8 +- 217 files changed, 1951 insertions(+), 1097 deletions(-)

1 week, 2 days

9
209
0 0

FAILED: patch "[PATCH] btrfs: avoid potential out-of-bounds in btrfs_encode_fh()" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x dff4f9ff5d7f289e4545cc936362e01ed3252742 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101645-ceremony-playlist-e997@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From dff4f9ff5d7f289e4545cc936362e01ed3252742 Mon Sep 17 00:00:00 2001 From: Anderson Nascimento <anderson(a)allelesecurity.com> Date: Mon, 8 Sep 2025 09:49:02 -0300 Subject: [PATCH] btrfs: avoid potential out-of-bounds in btrfs_encode_fh() The function btrfs_encode_fh() does not properly account for the three cases it handles. Before writing to the file handle (fh), the function only returns to the user BTRFS_FID_SIZE_NON_CONNECTABLE (5 dwords, 20 bytes) or BTRFS_FID_SIZE_CONNECTABLE (8 dwords, 32 bytes). However, when a parent exists and the root ID of the parent and the inode are different, the function writes BTRFS_FID_SIZE_CONNECTABLE_ROOT (10 dwords, 40 bytes). If *max_len is not large enough, this write goes out of bounds because BTRFS_FID_SIZE_CONNECTABLE_ROOT is greater than BTRFS_FID_SIZE_CONNECTABLE originally returned. This results in an 8-byte out-of-bounds write at fid->parent_root_objectid = parent_root_id. A previous attempt to fix this issue was made but was lost. https://lore.kernel.org/all/4CADAEEC020000780001B32C@vpn.id2.novell.com/ Although this issue does not seem to be easily triggerable, it is a potential memory corruption bug that should be fixed. This patch resolves the issue by ensuring the function returns the appropriate size for all three cases and validates that *max_len is large enough before writing any data. Fixes: be6e8dc0ba84 ("NFS support for btrfs - v3") CC: stable(a)vger.kernel.org # 3.0+ Signed-off-by: Anderson Nascimento <anderson(a)allelesecurity.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/export.c b/fs/btrfs/export.c index d062ac521051..230d9326b685 100644 --- a/fs/btrfs/export.c +++ b/fs/btrfs/export.c @@ -23,7 +23,11 @@ static int btrfs_encode_fh(struct inode *inode, u32 *fh, int *max_len, int type; if (parent && (len < BTRFS_FID_SIZE_CONNECTABLE)) { - *max_len = BTRFS_FID_SIZE_CONNECTABLE; + if (btrfs_root_id(BTRFS_I(inode)->root) != + btrfs_root_id(BTRFS_I(parent)->root)) + *max_len = BTRFS_FID_SIZE_CONNECTABLE_ROOT; + else + *max_len = BTRFS_FID_SIZE_CONNECTABLE; return FILEID_INVALID; } else if (len < BTRFS_FID_SIZE_NON_CONNECTABLE) { *max_len = BTRFS_FID_SIZE_NON_CONNECTABLE; @@ -45,6 +49,8 @@ static int btrfs_encode_fh(struct inode *inode, u32 *fh, int *max_len, parent_root_id = btrfs_root_id(BTRFS_I(parent)->root); if (parent_root_id != fid->root_objectid) { + if (*max_len < BTRFS_FID_SIZE_CONNECTABLE_ROOT) + return FILEID_INVALID; fid->parent_root_objectid = parent_root_id; len = BTRFS_FID_SIZE_CONNECTABLE_ROOT; type = FILEID_BTRFS_WITH_PARENT_ROOT;

1 week, 2 days

2
1
0 0

FAILED: patch "[PATCH] cdx: Fix device node reference leak in cdx_msi_domain_init" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 76254bc489d39dae9a3427f0984fe64213d20548 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101657-coaster-squall-0e3f@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 76254bc489d39dae9a3427f0984fe64213d20548 Mon Sep 17 00:00:00 2001 From: Miaoqian Lin <linmq006(a)gmail.com> Date: Tue, 2 Sep 2025 16:49:33 +0800 Subject: [PATCH] cdx: Fix device node reference leak in cdx_msi_domain_init Add missing of_node_put() call to release the device node reference obtained via of_parse_phandle(). Fixes: 0e439ba38e61 ("cdx: add MSI support for CDX bus") Cc: stable(a)vger.kernel.org Signed-off-by: Miaoqian Lin <linmq006(a)gmail.com> Acked-by: Nipun Gupta <nipun.gupta(a)amd.com> Link: https://lore.kernel.org/r/20250902084933.2418264-1-linmq006@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/cdx/cdx_msi.c b/drivers/cdx/cdx_msi.c index 3388a5d1462c..91b95422b263 100644 --- a/drivers/cdx/cdx_msi.c +++ b/drivers/cdx/cdx_msi.c @@ -174,6 +174,7 @@ struct irq_domain *cdx_msi_domain_init(struct device *dev) } parent = irq_find_matching_fwnode(of_fwnode_handle(parent_node), DOMAIN_BUS_NEXUS); + of_node_put(parent_node); if (!parent || !msi_get_domain_info(parent)) { dev_err(dev, "unable to locate ITS domain\n"); return NULL;

1 week, 2 days

2
2
0 0

FAILED: patch "[PATCH] bus: mhi: host: Do not use uninitialized 'dev' pointer in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x d0856a6dff57f95cc5d2d74e50880f01697d0cc4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101641-blooming-stiffness-1ee0@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d0856a6dff57f95cc5d2d74e50880f01697d0cc4 Mon Sep 17 00:00:00 2001 From: Adam Xue <zxue(a)semtech.com> Date: Fri, 5 Sep 2025 10:41:18 -0700 Subject: [PATCH] bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() In mhi_init_irq_setup, the device pointer used for dev_err() was not initialized. Use the pointer from mhi_cntrl instead. Fixes: b0fc0167f254 ("bus: mhi: core: Allow shared IRQ for event rings") Fixes: 3000f85b8f47 ("bus: mhi: core: Add support for basic PM operations") Signed-off-by: Adam Xue <zxue(a)semtech.com> [mani: reworded subject/description and CCed stable] Signed-off-by: Manivannan Sadhasivam <manivannan.sadhasivam(a)oss.qualcomm.com> Reviewed-by: Krishna Chaitanya Chundru <krishna.chundru(a)oss.qualcomm.com> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20250905174118.38512-1-zxue@semtech.com diff --git a/drivers/bus/mhi/host/init.c b/drivers/bus/mhi/host/init.c index 7f72aab38ce9..099be8dd1900 100644 --- a/drivers/bus/mhi/host/init.c +++ b/drivers/bus/mhi/host/init.c @@ -194,7 +194,6 @@ static void mhi_deinit_free_irq(struct mhi_controller *mhi_cntrl) static int mhi_init_irq_setup(struct mhi_controller *mhi_cntrl) { struct mhi_event *mhi_event = mhi_cntrl->mhi_event; - struct device *dev = &mhi_cntrl->mhi_dev->dev; unsigned long irq_flags = IRQF_SHARED | IRQF_NO_SUSPEND; int i, ret; @@ -221,7 +220,7 @@ static int mhi_init_irq_setup(struct mhi_controller *mhi_cntrl) continue; if (mhi_event->irq >= mhi_cntrl->nr_irqs) { - dev_err(dev, "irq %d not available for event ring\n", + dev_err(mhi_cntrl->cntrl_dev, "irq %d not available for event ring\n", mhi_event->irq); ret = -EINVAL; goto error_request; @@ -232,7 +231,7 @@ static int mhi_init_irq_setup(struct mhi_controller *mhi_cntrl) irq_flags, "mhi", mhi_event); if (ret) { - dev_err(dev, "Error requesting irq:%d for ev:%d\n", + dev_err(mhi_cntrl->cntrl_dev, "Error requesting irq:%d for ev:%d\n", mhi_cntrl->irq[mhi_event->irq], i); goto error_request; }

1 week, 2 days

2
1
0 0

FAILED: patch "[PATCH] blk-crypto: fix missing blktrace bio split events" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 06d712d297649f48ebf1381d19bd24e942813b37 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101656-curdle-duration-949d@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 06d712d297649f48ebf1381d19bd24e942813b37 Mon Sep 17 00:00:00 2001 From: Yu Kuai <yukuai3(a)huawei.com> Date: Wed, 10 Sep 2025 14:30:45 +0800 Subject: [PATCH] blk-crypto: fix missing blktrace bio split events trace_block_split() is missing, resulting in blktrace inability to catch BIO split events and making it harder to analyze the BIO sequence. Cc: stable(a)vger.kernel.org Fixes: 488f6682c832 ("block: blk-crypto-fallback for Inline Encryption") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Reviewed-by: Bart Van Assche <bvanassche(a)acm.org> Reviewed-by: Christoph Hellwig <hch(a)lst.de> Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/blk-crypto-fallback.c b/block/blk-crypto-fallback.c index dbc2d8784dab..27fa1ec4b264 100644 --- a/block/blk-crypto-fallback.c +++ b/block/blk-crypto-fallback.c @@ -18,6 +18,7 @@ #include <linux/module.h> #include <linux/random.h> #include <linux/scatterlist.h> +#include <trace/events/block.h> #include "blk-cgroup.h" #include "blk-crypto-internal.h" @@ -230,7 +231,9 @@ static bool blk_crypto_fallback_split_bio_if_needed(struct bio **bio_ptr) bio->bi_status = BLK_STS_RESOURCE; return false; } + bio_chain(split_bio, bio); + trace_block_split(split_bio, bio->bi_iter.bi_sector); submit_bio_noacct(bio); *bio_ptr = split_bio; }

1 week, 2 days

2
1
0 0

FAILED: patch "[PATCH] drm/exynos: exynos7_drm_decon: remove ctx->suspended" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x e1361a4f1be9cb69a662c6d7b5ce218007d6e82b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101641-wistful-rebuff-94b8@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e1361a4f1be9cb69a662c6d7b5ce218007d6e82b Mon Sep 17 00:00:00 2001 From: Kaustabh Chakraborty <kauschluss(a)disroot.org> Date: Sun, 6 Jul 2025 22:59:46 +0530 Subject: [PATCH] drm/exynos: exynos7_drm_decon: remove ctx->suspended Condition guards are found to be redundant, as the call flow is properly managed now, as also observed in the Exynos5433 DECON driver. Since state checking is no longer necessary, remove it. This also fixes an issue which prevented decon_commit() from decon_atomic_enable() due to an incorrect state change setting. Fixes: 96976c3d9aff ("drm/exynos: Add DECON driver") Cc: stable(a)vger.kernel.org Suggested-by: Inki Dae <inki.dae(a)samsung.com> Signed-off-by: Kaustabh Chakraborty <kauschluss(a)disroot.org> Signed-off-by: Inki Dae <inki.dae(a)samsung.com> diff --git a/drivers/gpu/drm/exynos/exynos7_drm_decon.c b/drivers/gpu/drm/exynos/exynos7_drm_decon.c index 805aa28c1723..b8d9b7251319 100644 --- a/drivers/gpu/drm/exynos/exynos7_drm_decon.c +++ b/drivers/gpu/drm/exynos/exynos7_drm_decon.c @@ -69,7 +69,6 @@ struct decon_context { void __iomem *regs; unsigned long irq_flags; bool i80_if; - bool suspended; wait_queue_head_t wait_vsync_queue; atomic_t wait_vsync_event; @@ -132,9 +131,6 @@ static void decon_shadow_protect_win(struct decon_context *ctx, static void decon_wait_for_vblank(struct decon_context *ctx) { - if (ctx->suspended) - return; - atomic_set(&ctx->wait_vsync_event, 1); /* @@ -210,9 +206,6 @@ static void decon_commit(struct exynos_drm_crtc *crtc) struct drm_display_mode *mode = &crtc->base.state->adjusted_mode; u32 val, clkdiv; - if (ctx->suspended) - return; - /* nothing to do if we haven't set the mode yet */ if (mode->htotal == 0 || mode->vtotal == 0) return; @@ -274,9 +267,6 @@ static int decon_enable_vblank(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; u32 val; - if (ctx->suspended) - return -EPERM; - if (!test_and_set_bit(0, &ctx->irq_flags)) { val = readl(ctx->regs + VIDINTCON0); @@ -299,9 +289,6 @@ static void decon_disable_vblank(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; u32 val; - if (ctx->suspended) - return; - if (test_and_clear_bit(0, &ctx->irq_flags)) { val = readl(ctx->regs + VIDINTCON0); @@ -404,9 +391,6 @@ static void decon_atomic_begin(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int i; - if (ctx->suspended) - return; - for (i = 0; i < WINDOWS_NR; i++) decon_shadow_protect_win(ctx, i, true); } @@ -427,9 +411,6 @@ static void decon_update_plane(struct exynos_drm_crtc *crtc, unsigned int pitch = fb->pitches[0]; unsigned int vidw_addr0_base = ctx->data->vidw_buf_start_base; - if (ctx->suspended) - return; - /* * SHADOWCON/PRTCON register is used for enabling timing. * @@ -517,9 +498,6 @@ static void decon_disable_plane(struct exynos_drm_crtc *crtc, unsigned int win = plane->index; u32 val; - if (ctx->suspended) - return; - /* protect windows */ decon_shadow_protect_win(ctx, win, true); @@ -538,9 +516,6 @@ static void decon_atomic_flush(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int i; - if (ctx->suspended) - return; - for (i = 0; i < WINDOWS_NR; i++) decon_shadow_protect_win(ctx, i, false); exynos_crtc_handle_event(crtc); @@ -568,9 +543,6 @@ static void decon_atomic_enable(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int ret; - if (!ctx->suspended) - return; - ret = pm_runtime_resume_and_get(ctx->dev); if (ret < 0) { DRM_DEV_ERROR(ctx->dev, "failed to enable DECON device.\n"); @@ -584,8 +556,6 @@ static void decon_atomic_enable(struct exynos_drm_crtc *crtc) decon_enable_vblank(ctx->crtc); decon_commit(ctx->crtc); - - ctx->suspended = false; } static void decon_atomic_disable(struct exynos_drm_crtc *crtc) @@ -593,9 +563,6 @@ static void decon_atomic_disable(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int i; - if (ctx->suspended) - return; - /* * We need to make sure that all windows are disabled before we * suspend that connector. Otherwise we might try to scan from @@ -605,8 +572,6 @@ static void decon_atomic_disable(struct exynos_drm_crtc *crtc) decon_disable_plane(crtc, &ctx->planes[i]); pm_runtime_put_sync(ctx->dev); - - ctx->suspended = true; } static const struct exynos_drm_crtc_ops decon_crtc_ops = { @@ -727,7 +692,6 @@ static int decon_probe(struct platform_device *pdev) return -ENOMEM; ctx->dev = dev; - ctx->suspended = true; ctx->data = of_device_get_match_data(dev); i80_if_timings = of_get_child_by_name(dev->of_node, "i80-if-timings");

1 week, 2 days

2
1
0 0

FAILED: patch "[PATCH] drm/exynos: exynos7_drm_decon: remove ctx->suspended" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x e1361a4f1be9cb69a662c6d7b5ce218007d6e82b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101641-plop-hertz-3940@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e1361a4f1be9cb69a662c6d7b5ce218007d6e82b Mon Sep 17 00:00:00 2001 From: Kaustabh Chakraborty <kauschluss(a)disroot.org> Date: Sun, 6 Jul 2025 22:59:46 +0530 Subject: [PATCH] drm/exynos: exynos7_drm_decon: remove ctx->suspended Condition guards are found to be redundant, as the call flow is properly managed now, as also observed in the Exynos5433 DECON driver. Since state checking is no longer necessary, remove it. This also fixes an issue which prevented decon_commit() from decon_atomic_enable() due to an incorrect state change setting. Fixes: 96976c3d9aff ("drm/exynos: Add DECON driver") Cc: stable(a)vger.kernel.org Suggested-by: Inki Dae <inki.dae(a)samsung.com> Signed-off-by: Kaustabh Chakraborty <kauschluss(a)disroot.org> Signed-off-by: Inki Dae <inki.dae(a)samsung.com> diff --git a/drivers/gpu/drm/exynos/exynos7_drm_decon.c b/drivers/gpu/drm/exynos/exynos7_drm_decon.c index 805aa28c1723..b8d9b7251319 100644 --- a/drivers/gpu/drm/exynos/exynos7_drm_decon.c +++ b/drivers/gpu/drm/exynos/exynos7_drm_decon.c @@ -69,7 +69,6 @@ struct decon_context { void __iomem *regs; unsigned long irq_flags; bool i80_if; - bool suspended; wait_queue_head_t wait_vsync_queue; atomic_t wait_vsync_event; @@ -132,9 +131,6 @@ static void decon_shadow_protect_win(struct decon_context *ctx, static void decon_wait_for_vblank(struct decon_context *ctx) { - if (ctx->suspended) - return; - atomic_set(&ctx->wait_vsync_event, 1); /* @@ -210,9 +206,6 @@ static void decon_commit(struct exynos_drm_crtc *crtc) struct drm_display_mode *mode = &crtc->base.state->adjusted_mode; u32 val, clkdiv; - if (ctx->suspended) - return; - /* nothing to do if we haven't set the mode yet */ if (mode->htotal == 0 || mode->vtotal == 0) return; @@ -274,9 +267,6 @@ static int decon_enable_vblank(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; u32 val; - if (ctx->suspended) - return -EPERM; - if (!test_and_set_bit(0, &ctx->irq_flags)) { val = readl(ctx->regs + VIDINTCON0); @@ -299,9 +289,6 @@ static void decon_disable_vblank(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; u32 val; - if (ctx->suspended) - return; - if (test_and_clear_bit(0, &ctx->irq_flags)) { val = readl(ctx->regs + VIDINTCON0); @@ -404,9 +391,6 @@ static void decon_atomic_begin(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int i; - if (ctx->suspended) - return; - for (i = 0; i < WINDOWS_NR; i++) decon_shadow_protect_win(ctx, i, true); } @@ -427,9 +411,6 @@ static void decon_update_plane(struct exynos_drm_crtc *crtc, unsigned int pitch = fb->pitches[0]; unsigned int vidw_addr0_base = ctx->data->vidw_buf_start_base; - if (ctx->suspended) - return; - /* * SHADOWCON/PRTCON register is used for enabling timing. * @@ -517,9 +498,6 @@ static void decon_disable_plane(struct exynos_drm_crtc *crtc, unsigned int win = plane->index; u32 val; - if (ctx->suspended) - return; - /* protect windows */ decon_shadow_protect_win(ctx, win, true); @@ -538,9 +516,6 @@ static void decon_atomic_flush(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int i; - if (ctx->suspended) - return; - for (i = 0; i < WINDOWS_NR; i++) decon_shadow_protect_win(ctx, i, false); exynos_crtc_handle_event(crtc); @@ -568,9 +543,6 @@ static void decon_atomic_enable(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int ret; - if (!ctx->suspended) - return; - ret = pm_runtime_resume_and_get(ctx->dev); if (ret < 0) { DRM_DEV_ERROR(ctx->dev, "failed to enable DECON device.\n"); @@ -584,8 +556,6 @@ static void decon_atomic_enable(struct exynos_drm_crtc *crtc) decon_enable_vblank(ctx->crtc); decon_commit(ctx->crtc); - - ctx->suspended = false; } static void decon_atomic_disable(struct exynos_drm_crtc *crtc) @@ -593,9 +563,6 @@ static void decon_atomic_disable(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int i; - if (ctx->suspended) - return; - /* * We need to make sure that all windows are disabled before we * suspend that connector. Otherwise we might try to scan from @@ -605,8 +572,6 @@ static void decon_atomic_disable(struct exynos_drm_crtc *crtc) decon_disable_plane(crtc, &ctx->planes[i]); pm_runtime_put_sync(ctx->dev); - - ctx->suspended = true; } static const struct exynos_drm_crtc_ops decon_crtc_ops = { @@ -727,7 +692,6 @@ static int decon_probe(struct platform_device *pdev) return -ENOMEM; ctx->dev = dev; - ctx->suspended = true; ctx->data = of_device_get_match_data(dev); i80_if_timings = of_get_child_by_name(dev->of_node, "i80-if-timings");

1 week, 2 days

2
1
0 0

FAILED: patch "[PATCH] drm/amd: Fix hybrid sleep" failed to apply to 6.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.17.y git checkout FETCH_HEAD git cherry-pick -x 0a6e9e098fcc318fec0f45a05a5c4743a81a60d9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101656-trailside-reabsorb-e368@gregkh' --subject-prefix 'PATCH 6.17.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0a6e9e098fcc318fec0f45a05a5c4743a81a60d9 Mon Sep 17 00:00:00 2001 From: "Mario Limonciello (AMD)" <superm1(a)kernel.org> Date: Thu, 25 Sep 2025 13:51:08 -0500 Subject: [PATCH] drm/amd: Fix hybrid sleep [Why] commit 530694f54dd5e ("drm/amdgpu: do not resume device in thaw for normal hibernation") optimized the flow for systems that are going into S4 where the power would be turned off. Basically the thaw() callback wouldn't resume the device if the hibernation image was successfully created since the system would be powered off. This however isn't the correct flow for a system entering into s0i3 after the hibernation image is created. Some of the amdgpu callbacks have different behavior depending upon the intended state of the suspend. [How] Use pm_hibernation_mode_is_suspend() as an input to decide whether to run resume during thaw() callback. Reported-by: Ionut Nechita <ionut_n2001(a)yahoo.com> Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/4573 Tested-by: Ionut Nechita <ionut_n2001(a)yahoo.com> Fixes: 530694f54dd5e ("drm/amdgpu: do not resume device in thaw for normal hibernation") Acked-by: Alex Deucher <alexander.deucher(a)amd.com> Tested-by: Kenneth Crudup <kenny(a)panix.com> Signed-off-by: Mario Limonciello (AMD) <superm1(a)kernel.org> Cc: 6.17+ <stable(a)vger.kernel.org> # 6.17+: 495c8d35035e: PM: hibernate: Add pm_hibernation_mode_is_suspend() Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c index 395c6be901ce..dcea66aadfa3 100644 --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c @@ -2665,7 +2665,7 @@ static int amdgpu_pmops_thaw(struct device *dev) struct drm_device *drm_dev = dev_get_drvdata(dev); /* do not resume device if it's normal hibernation */ - if (!pm_hibernate_is_recovering()) + if (!pm_hibernate_is_recovering() && !pm_hibernation_mode_is_suspend()) return 0; return amdgpu_device_resume(drm_dev, true);

1 week, 2 days

2
2
0 0

[PATCH v6 03/10] KEYS: trusted: Fix memory leak in tpm2_load()

by Jarkko Sakkinen

tpm2_load() allocates a blob indirectly via tpm2_key_decode() but it is not freed in all failure paths. Address this with a scope-based cleanup helper __free(). For legacy blobs, the implicit de-allocation is gets disable by no_free_ptr(). Cc: stable(a)vger.kernel.org # v5.13+ Fixes: f2219745250f ("security: keys: trusted: use ASN.1 TPM2 key format for the blobs") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v6: - A new patch in this version. --- security/keys/trusted-keys/trusted_tpm2.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c index 024be262702f..468a4a339541 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -106,9 +106,8 @@ struct tpm2_key_context { u32 priv_len; }; -static int tpm2_key_decode(struct trusted_key_payload *payload, - struct trusted_key_options *options, - u8 **buf) +static void *tpm2_key_decode(struct trusted_key_payload *payload, + struct trusted_key_options *options) { int ret; struct tpm2_key_context ctx; @@ -119,16 +118,15 @@ static int tpm2_key_decode(struct trusted_key_payload *payload, ret = asn1_ber_decoder(&tpm2key_decoder, &ctx, payload->blob, payload->blob_len); if (ret < 0) - return ret; + return ERR_PTR(ret); if (ctx.priv_len + ctx.pub_len > MAX_BLOB_SIZE) - return -EINVAL; + return ERR_PTR(-EINVAL); blob = kmalloc(ctx.priv_len + ctx.pub_len + 4, GFP_KERNEL); if (!blob) - return -ENOMEM; + return ERR_PTR(-ENOMEM); - *buf = blob; options->keyhandle = ctx.parent; memcpy(blob, ctx.priv, ctx.priv_len); @@ -136,7 +134,7 @@ static int tpm2_key_decode(struct trusted_key_payload *payload, memcpy(blob, ctx.pub, ctx.pub_len); - return 0; + return blob; } int tpm2_key_parent(void *context, size_t hdrlen, @@ -391,13 +389,14 @@ static int tpm2_load_cmd(struct tpm_chip *chip, unsigned int private_len; unsigned int public_len; unsigned int blob_len; - u8 *blob, *pub; + u8 *pub; int rc; u32 attrs; - rc = tpm2_key_decode(payload, options, &blob); - if (rc) { + u8 *blob __free(kfree) = tpm2_key_decode(payload, options); + if (IS_ERR(blob)) { /* old form */ + no_free_ptr(blob); blob = payload->blob; payload->old_format = 1; } @@ -464,8 +463,6 @@ static int tpm2_load_cmd(struct tpm_chip *chip, (__be32 *) &buf.data[TPM_HEADER_SIZE]); out: - if (blob != payload->blob) - kfree(blob); tpm_buf_destroy(&buf); if (rc > 0) -- 2.39.5

1 week, 2 days

1
0
0 0

[REGRESSION] stable-rc/linux-5.10.y: (build) call to '__compiletime_assert_1041' declared with 'error' attribut...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.10.y: --- call to '__compiletime_assert_1041' declared with 'error' attribute: clamp() low limit -7 greater than high limit 15 in drivers/net/wireless/ralink/rt2x00/rt2800lib.o (drivers/net/wireless/ralink/rt2x00/rt2800lib.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:8602a79225a0e4285a39b81bbd04352b6ec80927 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: a32db271d59d9f35f3a937ac27fcc2db1e029cdc Log excerpt: ===================================================== drivers/net/wireless/ralink/rt2x00/rt2800lib.c:3980:10: error: call to '__compiletime_assert_1041' declared with 'error' attribute: clamp() low limit -7 greater than high limit 15 3980 | return clamp_t(char, txpower, MIN_A_TXPOWER, MAX_A_TXPOWER); | ^ ./include/linux/minmax.h:218:36: note: expanded from macro 'clamp_t' 218 | #define clamp_t(type, val, lo, hi) __careful_clamp(type, val, lo, hi) | ^ ./include/linux/minmax.h:195:2: note: expanded from macro '__careful_clamp' 195 | __clamp_once(type, val, lo, hi, __UNIQUE_ID(v_), __UNIQUE_ID(l_), __UNIQUE_ID(h_)) | ^ ./include/linux/minmax.h:188:2: note: expanded from macro '__clamp_once' 188 | BUILD_BUG_ON_MSG(statically_true(ulo > uhi), \ | ^ note: (skipping 2 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) ././include/linux/compiler_types.h:297:2: note: expanded from macro '_compiletime_assert' 297 | __compiletime_assert(condition, msg, prefix, suffix) | ^ ././include/linux/compiler_types.h:290:4: note: expanded from macro '__compiletime_assert' 290 | prefix ## suffix(); \ | ^ <scratch space>:146:1: note: expanded from here 146 | __compiletime_assert_1041 | ^ drivers/net/wireless/ralink/rt2x00/rt2800lib.c:3980:10: error: call to '__compiletime_assert_1041' declared with 'error' attribute: clamp() low limit -7 greater than high limit 15 ./include/linux/minmax.h:218:36: note: expanded from macro 'clamp_t' 218 | #define clamp_t(type, val, lo, hi) __careful_clamp(type, val, lo, hi) | ^ ./include/linux/minmax.h:195:2: note: expanded from macro '__careful_clamp' 195 | __clamp_once(type, val, lo, hi, __UNIQUE_ID(v_), __UNIQUE_ID(l_), __UNIQUE_ID(h_)) | ^ ./include/linux/minmax.h:188:2: note: expanded from macro '__clamp_once' 188 | BUILD_BUG_ON_MSG(statically_true(ulo > uhi), \ | ^ note: (skipping 2 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) ././include/linux/compiler_types.h:297:2: note: expanded from macro '_compiletime_assert' 297 | __compiletime_assert(condition, msg, prefix, suffix) | ^ ././include/linux/compiler_types.h:290:4: note: expanded from macro '__compiletime_assert' 290 | prefix ## suffix(); \ | ^ <scratch space>:146:1: note: expanded from here 146 | __compiletime_assert_1041 | ^ drivers/net/wireless/ralink/rt2x00/rt2800lib.c:3980:10: error: call to '__compiletime_assert_1041' declared with 'error' attribute: clamp() low limit -7 greater than high limit 15 ./include/linux/minmax.h:218:36: note: expanded from macro 'clamp_t' 218 | #define clamp_t(type, val, lo, hi) __careful_clamp(type, val, lo, hi) | ^ ./include/linux/minmax.h:195:2: note: expanded from macro '__careful_clamp' 195 | __clamp_once(type, val, lo, hi, __UNIQUE_ID(v_), __UNIQUE_ID(l_), __UNIQUE_ID(h_)) | ^ ./include/linux/minmax.h:188:2: note: expanded from macro '__clamp_once' 188 | BUILD_BUG_ON_MSG(statically_true(ulo > uhi), \ | ^ note: (skipping 2 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) ././include/linux/compiler_types.h:297:2: note: expanded from macro '_compiletime_assert' 297 | __compiletime_assert(condition, msg, prefix, suffix) | ^ ././include/linux/compiler_types.h:290:4: note: expanded from macro '__compiletime_assert' 290 | prefix ## suffix(); \ | ^ <scratch space>:146:1: note: expanded from here 146 | __compiletime_assert_1041 | ^ CC [M] drivers/usb/gadget/function/f_mass_storage.o CC [M] drivers/net/wireless/marvell/mwifiex/uap_event.o CC [M] drivers/usb/musb/musb_virthub.o CC [M] drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadowacpi.o CC [M] drivers/gpu/drm/msm/disp/dpu1/dpu_hw_pingpong.o CC [M] drivers/usb/renesas_usbhs/mod.o CC [M] drivers/usb/gadget/epautoconf.o CC [M] drivers/usb/musb/musb_host.o CC [M] drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadowof.o CC [M] drivers/gpu/drm/msm/disp/dpu1/dpu_hw_sspp.o CC [M] drivers/usb/renesas_usbhs/pipe.o CC [M] drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadowpci.o CC [M] drivers/net/wireless/marvell/mwifiex/sta_tx.o CC [M] drivers/usb/gadget/function/storage_common.o LD [M] drivers/net/wireless/ralink/rt2x00/rt2x00lib.o CC [M] drivers/media/i2c/adv7180.o CC [M] drivers/usb/renesas_usbhs/fifo.o CC [M] drivers/gpu/drm/msm/disp/dpu1/dpu_hw_dspp.o CC [M] drivers/usb/gadget/function/f_fs.o CC [M] drivers/gpu/drm/nouveau/nvkm/subdev/bios/shadowramin.o CC [M] drivers/usb/musb/musb_gadget_ep0.o 3 errors generated. ===================================================== # Builds where the incident occurred: ## multi_v7_defconfig on (arm): - compiler: clang-17 - config: https://files.kernelci.org/kbuild-clang-17-arm-68f2e7ae5621556c1f20560c/.co… - dashboard: https://d.kernelci.org/build/maestro:68f2e7ae5621556c1f20560c #kernelci issue maestro:8602a79225a0e4285a39b81bbd04352b6ec80927 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 week, 2 days

1
0
0 0

👉 DUOONE OLED SPAN/FOLD is Coming – Reserve VIP Spot Now!

by InnLead Innovative

1 week, 2 days

1
0
0 0

【楽天ポイント】本日失効予定ポイントのお知らせ No.936084767

by 楽天会員

body { padding: 0; margin: 0 }::-webkit-scrollbar {width: 12px;height: 12px;background: transparent;}::-webkit-scrollbar-track { background: transparent;}::-webkit-scrollbar-thumb {background: transparent;border-radius: 4px;}:hover::-webkit-scrollbar {background: rgba(0, 0, 0, 0.05);}:hover::-webkit-scrollbar-track {background: rgba(0, 0, 0, 0.05);}:hover::-webkit-scrollbar-thumb {background: rgba(0, 0, 0, 0.2);}::-webkit-scrollbar:hover {background: rgba(0, 0, 0, 0.05);}::-webkit-scrollbar-track:hover {background: rgba(0, 0, 0, 0.05);}::-webkit-scrollbar-thumb:hover {background: rgba(0, 0, 0, 0.4);}::-webkit-scrollbar-thumb:active {background: rgba(0, 0, 0, 0.6);}body { padding: 0; margin: 0 }::-webkit-scrollbar {width: 12px;height: 12px;background: transparent;}::-webkit-scrollbar-track { background: transparent;}::-webkit-scrollbar-thumb {background: transparent;border-radius: 4px;}:hover::-webkit-scrollbar {background: rgba(0, 0, 0, 0.05);}:hover::-webkit-scrollbar-track {background: rgba(0, 0, 0, 0.05);}:hover::-webkit-scrollbar-thumb {background: rgba(0, 0, 0, 0.2);}::-webkit-scrollbar:hover {background: rgba(0, 0, 0, 0.05);}::-webkit-scrollbar-track:hover {background: rgba(0, 0, 0, 0.05);}::-webkit-scrollbar-thumb:hover {background: rgba(0, 0, 0, 0.4);}::-webkit-scrollbar-thumb:active {background: rgba(0, 0, 0, 0.6);}平素より楽天市場をご利用いただき誠にありがとうございます。お客さまの楽天ポイントが本日失効いたします。下記のポイントは本日中にご利用いただかない場合、自動的に失効となりますのでご注意ください。────────────────────■ 本日失効予定ポイント12,200ポイント────────────────────👉 ポイントを今すぐ使うhttps://www.rakuten.co.jp/────────────────────ポイントは以下のようにご利用いただけます。① 楽天市場でのお買い物（日用品・家電・食品などに即時利用）② カフェやコンビニで利用（例：スタバカード、キャッシュレス支払い）③ 旅行・宿泊の割引（楽天トラベルの予約に充当）────────────────────■ 対象ポイント：12,200ポイント■ 失効日：2025年10月18日（本日）■ 付与理由：キャンペーン特典付与────────────────────ポイントの有効期限を過ぎますと、自動的に失効いたします。実際の残高や利用履歴は、楽天会員ページにログインしてご確認ください。────────────────────楽天グループ株式会社〒158-0094 東京都世田谷区玉川1-14-1 楽天クリムゾンハウスhttps://www.rakuten.co.jp/© Rakuten Group, Inc. All Rights Reserved.

1 week, 2 days

1
0
0 0

[PATCH v2 08/14] iommu/mediatek-v1: fix device leak on probe_device()

by Johan Hovold

Make sure to drop the reference taken to the iommu platform device when looking up its driver data during probe_device(). Fixes: b17336c55d89 ("iommu/mediatek: add support for mtk iommu generation one HW") Cc: stable(a)vger.kernel.org # 4.8 Cc: Honghui Zhang <honghui.zhang(a)mediatek.com> Acked-by: Robin Murphy <robin.murphy(a)arm.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/iommu/mtk_iommu_v1.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iommu/mtk_iommu_v1.c b/drivers/iommu/mtk_iommu_v1.c index 10cc0b1197e8..de9153c0a82f 100644 --- a/drivers/iommu/mtk_iommu_v1.c +++ b/drivers/iommu/mtk_iommu_v1.c @@ -435,6 +435,8 @@ static int mtk_iommu_v1_create_mapping(struct device *dev, return -EINVAL; dev_iommu_priv_set(dev, platform_get_drvdata(m4updev)); + + put_device(&m4updev->dev); } ret = iommu_fwspec_add_ids(dev, args->args, 1); -- 2.49.1

1 week, 2 days

2
1
0 0

[PATCH v2 05/14] iommu/mediatek: fix device leak on of_xlate()

by Johan Hovold

Make sure to drop the reference taken to the iommu platform device when looking up its driver data during of_xlate(). Fixes: 0df4fabe208d ("iommu/mediatek: Add mt8173 IOMMU driver") Cc: stable(a)vger.kernel.org # 4.6 Cc: Yong Wu <yong.wu(a)mediatek.com> Acked-by: Robin Murphy <robin.murphy(a)arm.com> Signed-off-by: Johan Hovold <johan(a)kernel.org> --- drivers/iommu/mtk_iommu.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/iommu/mtk_iommu.c b/drivers/iommu/mtk_iommu.c index 0e0285348d2b..8d8e85186188 100644 --- a/drivers/iommu/mtk_iommu.c +++ b/drivers/iommu/mtk_iommu.c @@ -974,6 +974,8 @@ static int mtk_iommu_of_xlate(struct device *dev, return -EINVAL; dev_iommu_priv_set(dev, platform_get_drvdata(m4updev)); + + put_device(&m4updev->dev); } return iommu_fwspec_add_ids(dev, args->args, 1); -- 2.49.1

1 week, 2 days

2
1
0 0

[REGRESSION] stable-rc/linux-5.10.y: (build) call to '__compiletime_assert_1168' declared with 'error' attribut...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.10.y: --- call to '__compiletime_assert_1168' declared with 'error' attribute: clamp() low limit -7 greater than high limit 15 in drivers/net/wireless/ralink/rt2x00/rt2800lib.o (drivers/net/wireless/ralink/rt2x00/rt2800lib.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:4327def67a111c2ff8dc84e7ed537c3afc889659 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: a32db271d59d9f35f3a937ac27fcc2db1e029cdc Log excerpt: ===================================================== drivers/net/wireless/ralink/rt2x00/rt2800lib.c:3980:10: error: call to '__compiletime_assert_1168' declared with 'error' attribute: clamp() low limit -7 greater than high limit 15 3980 | return clamp_t(char, txpower, MIN_A_TXPOWER, MAX_A_TXPOWER); | ^ ./include/linux/minmax.h:218:36: note: expanded from macro 'clamp_t' 218 | #define clamp_t(type, val, lo, hi) __careful_clamp(type, val, lo, hi) | ^ ./include/linux/minmax.h:195:2: note: expanded from macro '__careful_clamp' 195 | __clamp_once(type, val, lo, hi, __UNIQUE_ID(v_), __UNIQUE_ID(l_), __UNIQUE_ID(h_)) | ^ ./include/linux/minmax.h:188:2: note: expanded from macro '__clamp_once' 188 | BUILD_BUG_ON_MSG(statically_true(ulo > uhi), \ | ^ note: (skipping 2 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) ././include/linux/compiler_types.h:297:2: note: expanded from macro '_compiletime_assert' 297 | __compiletime_assert(condition, msg, prefix, suffix) | ^ ././include/linux/compiler_types.h:290:4: note: expanded from macro '__compiletime_assert' 290 | prefix ## suffix(); \ | ^ <scratch space>:33:1: note: expanded from here 33 | __compiletime_assert_1168 | ^ drivers/net/wireless/ralink/rt2x00/rt2800lib.c:3980:10: error: call to '__compiletime_assert_1168' declared with 'error' attribute: clamp() low limit -7 greater than high limit 15 ./include/linux/minmax.h:218:36: note: expanded from macro 'clamp_t' 218 | #define clamp_t(type, val, lo, hi) __careful_clamp(type, val, lo, hi) | ^ ./include/linux/minmax.h:195:2: note: expanded from macro '__careful_clamp' 195 | __clamp_once(type, val, lo, hi, __UNIQUE_ID(v_), __UNIQUE_ID(l_), __UNIQUE_ID(h_)) | ^ ./include/linux/minmax.h:188:2: note: expanded from macro '__clamp_once' 188 | BUILD_BUG_ON_MSG(statically_true(ulo > uhi), \ | ^ note: (skipping 2 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) ././include/linux/compiler_types.h:297:2: note: expanded from macro '_compiletime_assert' 297 | __compiletime_assert(condition, msg, prefix, suffix) | ^ ././include/linux/compiler_types.h:290:4: note: expanded from macro '__compiletime_assert' 290 | prefix ## suffix(); \ | ^ <scratch space>:33:1: note: expanded from here 33 | __compiletime_assert_1168 | ^ drivers/net/wireless/ralink/rt2x00/rt2800lib.c:3980:10: error: call to '__compiletime_assert_1168' declared with 'error' attribute: clamp() low limit -7 greater than high limit 15 ./include/linux/minmax.h:218:36: note: expanded from macro 'clamp_t' 218 | #define clamp_t(type, val, lo, hi) __careful_clamp(type, val, lo, hi) | ^ ./include/linux/minmax.h:195:2: note: expanded from macro '__careful_clamp' 195 | __clamp_once(type, val, lo, hi, __UNIQUE_ID(v_), __UNIQUE_ID(l_), __UNIQUE_ID(h_)) | ^ ./include/linux/minmax.h:188:2: note: expanded from macro '__clamp_once' 188 | BUILD_BUG_ON_MSG(statically_true(ulo > uhi), \ | ^ note: (skipping 2 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) ././include/linux/compiler_types.h:297:2: note: expanded from macro '_compiletime_assert' 297 | __compiletime_assert(condition, msg, prefix, suffix) | ^ ././include/linux/compiler_types.h:290:4: note: expanded from macro '__compiletime_assert' 290 | prefix ## suffix(); \ | ^ <scratch space>:33:1: note: expanded from here 33 | __compiletime_assert_1168 | ^ CC [M] drivers/net/ethernet/sfc/mcdi.o CC [M] drivers/net/wireless/ralink/rt2x00/rt2500usb.o CC [M] drivers/mmc/host/sdhci-xenon-phy.o CC [M] drivers/net/wireless/ralink/rt2x00/rt73usb.o CC [M] drivers/net/wireless/mediatek/mt76/mt76x2/usb_main.o CC [M] drivers/media/usb/dvb-usb/usb-urb.o CC [M] drivers/media/usb/dvb-usb-v2/anysee.o LD [M] drivers/mmc/host/armmmci.o LD [M] drivers/mmc/host/sdhci-pci.o LD [M] drivers/mmc/host/thunderx-mmc.o LD [M] drivers/mmc/host/meson-mx-sdhc.o LD [M] drivers/mmc/host/sdhci-xenon-driver.o CC [M] drivers/mmc/core/core.o CC [M] drivers/net/ethernet/sfc/mcdi_port.o CC [M] drivers/net/wireless/ralink/rt2x00/rt2800usb.o CC [M] drivers/media/usb/dvb-usb/vp7045.o CC [M] drivers/net/wireless/mediatek/mt76/mt76x2/usb_mac.o CC [M] drivers/media/usb/dvb-usb-v2/au6610.o LD [M] drivers/net/wireless/ralink/rt2x00/rt2x00lib.o CC [M] drivers/media/usb/dvb-usb-v2/az6007.o CC [M] drivers/net/ethernet/sfc/mcdi_port_common.o 3 errors generated. ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig on (arm64): - compiler: clang-17 - config: https://files.kernelci.org/kbuild-clang-17-arm64-allmodconfig-68f2e7bd56215… - dashboard: https://d.kernelci.org/build/maestro:68f2e7bd5621556c1f205613 #kernelci issue maestro:4327def67a111c2ff8dc84e7ed537c3afc889659 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 week, 2 days

1
0
0 0

FAILED: patch "[PATCH] drm/msm/a6xx: Fix PDC sleep sequence" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f248d5d5159a88ded55329f0b1b463d0f4094228 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101631-punctual-jaybird-dba5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f248d5d5159a88ded55329f0b1b463d0f4094228 Mon Sep 17 00:00:00 2001 From: Akhil P Oommen <akhilpo(a)oss.qualcomm.com> Date: Mon, 8 Sep 2025 13:56:57 +0530 Subject: [PATCH] drm/msm/a6xx: Fix PDC sleep sequence Since the PDC resides out of the GPU subsystem and cannot be reset in case it enters bad state, utmost care must be taken to trigger the PDC wake/sleep routines in the correct order. The PDC wake sequence can be exercised only after a PDC sleep sequence. Additionally, GMU firmware should initialize a few registers before the KMD can trigger a PDC sleep sequence. So PDC sleep can't be done if the GMU firmware has not initialized. Track these dependencies using a new status variable and trigger PDC sleep/wake sequences appropriately. Cc: stable(a)vger.kernel.org Fixes: 4b565ca5a2cb ("drm/msm: Add A6XX device support") Signed-off-by: Akhil P Oommen <akhilpo(a)oss.qualcomm.com> Patchwork: https://patchwork.freedesktop.org/patch/673362/ Signed-off-by: Rob Clark <robin.clark(a)oss.qualcomm.com> diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gmu.c b/drivers/gpu/drm/msm/adreno/a6xx_gmu.c index e74651d5bd7a..5594499ad2d1 100644 --- a/drivers/gpu/drm/msm/adreno/a6xx_gmu.c +++ b/drivers/gpu/drm/msm/adreno/a6xx_gmu.c @@ -279,6 +279,8 @@ static int a6xx_gmu_start(struct a6xx_gmu *gmu) if (ret) DRM_DEV_ERROR(gmu->dev, "GMU firmware initialization timed out\n"); + set_bit(GMU_STATUS_FW_START, &gmu->status); + return ret; } @@ -525,6 +527,9 @@ static int a6xx_rpmh_start(struct a6xx_gmu *gmu) int ret; u32 val; + if (!test_and_clear_bit(GMU_STATUS_PDC_SLEEP, &gmu->status)) + return 0; + gmu_write(gmu, REG_A6XX_GMU_RSCC_CONTROL_REQ, BIT(1)); ret = gmu_poll_timeout(gmu, REG_A6XX_GMU_RSCC_CONTROL_ACK, val, @@ -552,6 +557,9 @@ static void a6xx_rpmh_stop(struct a6xx_gmu *gmu) int ret; u32 val; + if (test_and_clear_bit(GMU_STATUS_FW_START, &gmu->status)) + return; + gmu_write(gmu, REG_A6XX_GMU_RSCC_CONTROL_REQ, 1); ret = gmu_poll_timeout_rscc(gmu, REG_A6XX_GPU_RSCC_RSC_STATUS0_DRV0, @@ -560,6 +568,8 @@ static void a6xx_rpmh_stop(struct a6xx_gmu *gmu) DRM_DEV_ERROR(gmu->dev, "Unable to power off the GPU RSC\n"); gmu_write(gmu, REG_A6XX_GMU_RSCC_CONTROL_REQ, 0); + + set_bit(GMU_STATUS_PDC_SLEEP, &gmu->status); } static inline void pdc_write(void __iomem *ptr, u32 offset, u32 value) @@ -688,8 +698,6 @@ static void a6xx_gmu_rpmh_init(struct a6xx_gmu *gmu) /* ensure no writes happen before the uCode is fully written */ wmb(); - a6xx_rpmh_stop(gmu); - err: if (!IS_ERR_OR_NULL(pdcptr)) iounmap(pdcptr); @@ -849,19 +857,15 @@ static int a6xx_gmu_fw_start(struct a6xx_gmu *gmu, unsigned int state) else gmu_write(gmu, REG_A6XX_GMU_GENERAL_7, 1); - if (state == GMU_WARM_BOOT) { - ret = a6xx_rpmh_start(gmu); - if (ret) - return ret; - } else { + ret = a6xx_rpmh_start(gmu); + if (ret) + return ret; + + if (state == GMU_COLD_BOOT) { if (WARN(!adreno_gpu->fw[ADRENO_FW_GMU], "GMU firmware is not loaded\n")) return -ENOENT; - ret = a6xx_rpmh_start(gmu); - if (ret) - return ret; - ret = a6xx_gmu_fw_load(gmu); if (ret) return ret; @@ -1046,6 +1050,8 @@ static void a6xx_gmu_force_off(struct a6xx_gmu *gmu) /* Reset GPU core blocks */ a6xx_gpu_sw_reset(gpu, true); + + a6xx_rpmh_stop(gmu); } static void a6xx_gmu_set_initial_freq(struct msm_gpu *gpu, struct a6xx_gmu *gmu) diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gmu.h b/drivers/gpu/drm/msm/adreno/a6xx_gmu.h index d1ce11131ba6..069a8c9474e8 100644 --- a/drivers/gpu/drm/msm/adreno/a6xx_gmu.h +++ b/drivers/gpu/drm/msm/adreno/a6xx_gmu.h @@ -117,6 +117,12 @@ struct a6xx_gmu { struct qmp *qmp; struct a6xx_hfi_msg_bw_table *bw_table; + +/* To check if we can trigger sleep seq at PDC. Cleared in a6xx_rpmh_stop() */ +#define GMU_STATUS_FW_START 0 +/* To track if PDC sleep seq was done */ +#define GMU_STATUS_PDC_SLEEP 1 + unsigned long status; }; static inline u32 gmu_read(struct a6xx_gmu *gmu, u32 offset)

1 week, 2 days

2
2
0 0

FAILED: patch "[PATCH] drm/rcar-du: dsi: Fix 1/2/3 lane support" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d83f1d19c898ac1b54ae64d1c950f5beff801982 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101659-grinning-hertz-186a@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d83f1d19c898ac1b54ae64d1c950f5beff801982 Mon Sep 17 00:00:00 2001 From: Marek Vasut <marek.vasut+renesas(a)mailbox.org> Date: Wed, 13 Aug 2025 23:08:13 +0200 Subject: [PATCH] drm/rcar-du: dsi: Fix 1/2/3 lane support Remove fixed PPI lane count setup. The R-Car DSI host is capable of operating in 1..4 DSI lane mode. Remove the hard-coded 4-lane configuration from PPI register settings and instead configure the PPI lane count according to lane count information already obtained by this driver instance. Configure TXSETR register to match PPI lane count. The R-Car V4H Reference Manual R19UH0186EJ0121 Rev.1.21 section 67.2.2.3 Tx Set Register (TXSETR), field LANECNT description indicates that the TXSETR register LANECNT bitfield lane count must be configured such, that it matches lane count configuration in PPISETR register DLEN bitfield. Make sure the LANECNT and DLEN bitfields are configured to match. Fixes: 155358310f01 ("drm: rcar-du: Add R-Car DSI driver") Cc: stable(a)vger.kernel.org Signed-off-by: Marek Vasut <marek.vasut+renesas(a)mailbox.org> Reviewed-by: Tomi Valkeinen <tomi.valkeinen+renesas(a)ideasonboard.com> Link: https://lore.kernel.org/r/20250813210840.97621-1-marek.vasut+renesas@mailbo… Signed-off-by: Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> diff --git a/drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c b/drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c index 1af4c73f7a88..952c3efb74da 100644 --- a/drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c +++ b/drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi.c @@ -576,7 +576,10 @@ static int rcar_mipi_dsi_startup(struct rcar_mipi_dsi *dsi, udelay(10); rcar_mipi_dsi_clr(dsi, CLOCKSET1, CLOCKSET1_UPDATEPLL); - ppisetr = PPISETR_DLEN_3 | PPISETR_CLEN; + rcar_mipi_dsi_clr(dsi, TXSETR, TXSETR_LANECNT_MASK); + rcar_mipi_dsi_set(dsi, TXSETR, dsi->lanes - 1); + + ppisetr = ((BIT(dsi->lanes) - 1) & PPISETR_DLEN_MASK) | PPISETR_CLEN; rcar_mipi_dsi_write(dsi, PPISETR, ppisetr); rcar_mipi_dsi_set(dsi, PHYSETUP, PHYSETUP_SHUTDOWNZ); diff --git a/drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h b/drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h index a6b276f1d6ee..a54c7eb4113b 100644 --- a/drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h +++ b/drivers/gpu/drm/renesas/rcar-du/rcar_mipi_dsi_regs.h @@ -12,6 +12,9 @@ #define LINKSR_LPBUSY (1 << 1) #define LINKSR_HSBUSY (1 << 0) +#define TXSETR 0x100 +#define TXSETR_LANECNT_MASK (0x3 << 0) + /* * Video Mode Register */ @@ -80,10 +83,7 @@ * PHY-Protocol Interface (PPI) Registers */ #define PPISETR 0x700 -#define PPISETR_DLEN_0 (0x1 << 0) -#define PPISETR_DLEN_1 (0x3 << 0) -#define PPISETR_DLEN_2 (0x7 << 0) -#define PPISETR_DLEN_3 (0xf << 0) +#define PPISETR_DLEN_MASK (0xf << 0) #define PPISETR_CLEN (1 << 8) #define PPICLCR 0x710

1 week, 2 days

2
1
0 0

[REGRESSION] stable-rc/linux-5.10.y: (build) in expansion of macro ‘clamp_t’ in drivers/net/wireless/ralink/rt2...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.10.y: --- in expansion of macro ‘clamp_t’ in drivers/net/wireless/ralink/rt2x00/rt2800lib.o (drivers/net/wireless/ralink/rt2x00/rt2800lib.c) [logspec:kbuild,kbuild.compiler.note] --- - dashboard: https://d.kernelci.org/i/maestro:c03efd07fc01bc2d01554b8abdc3ecef088683b6 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: a32db271d59d9f35f3a937ac27fcc2db1e029cdc Log excerpt: ===================================================== drivers/net/wireless/ralink/rt2x00/rt2800lib.c:3980:24: note: in expansion of macro ‘clamp_t’ 3980 | return clamp_t(char, txpower, MIN_A_TXPOWER, MAX_A_TXPOWER); | ^~~~~~~ In function ‘rt2800_txpower_to_dev’, inlined from ‘rt2800_config_channel’ at drivers/net/wireless/ralink/rt2x00/rt2800lib.c:4024:25, inlined from ‘rt2800_config’ at drivers/net/wireless/ralink/rt2x00/rt2800lib.c:5560:3: ././include/linux/compiler_types.h:309:45: error: call to ‘__compiletime_assert_1041’ declared with attribute error: clamp() low limit -7 greater than high limit 15 309 | _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) | ^ ././include/linux/compiler_types.h:290:25: note: in definition of macro ‘__compiletime_assert’ 290 | prefix ## suffix(); \ | ^~~~~~ ././include/linux/compiler_types.h:309:9: note: in expansion of macro ‘_compiletime_assert’ 309 | _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) | ^~~~~~~~~~~~~~~~~~~ ./include/linux/build_bug.h:39:37: note: in expansion of macro ‘compiletime_assert’ 39 | #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg) | ^~~~~~~~~~~~~~~~~~ ./include/linux/minmax.h:188:9: note: in expansion of macro ‘BUILD_BUG_ON_MSG’ 188 | BUILD_BUG_ON_MSG(statically_true(ulo > uhi), \ | ^~~~~~~~~~~~~~~~ ./include/linux/minmax.h:195:9: note: in expansion of macro ‘__clamp_once’ 195 | __clamp_once(type, val, lo, hi, __UNIQUE_ID(v_), __UNIQUE_ID(l_), __UNIQUE_ID(h_)) | ^~~~~~~~~~~~ ./include/linux/minmax.h:218:36: note: in expansion of macro ‘__careful_clamp’ 218 | #define clamp_t(type, val, lo, hi) __careful_clamp(type, val, lo, hi) | ^~~~~~~~~~~~~~~ drivers/net/wireless/ralink/rt2x00/rt2800lib.c:3980:24: note: in expansion of macro ‘clamp_t’ 3980 | return clamp_t(char, txpower, MIN_A_TXPOWER, MAX_A_TXPOWER); | ^~~~~~~ In function ‘rt2800_txpower_to_dev’, inlined from ‘rt2800_config_channel’ at drivers/net/wireless/ralink/rt2x00/rt2800lib.c:4028:4, inlined from ‘rt2800_config’ at drivers/net/wireless/ralink/rt2x00/rt2800lib.c:5560:3: ././include/linux/compiler_types.h:309:45: error: call to ‘__compiletime_assert_1041’ declared with attribute error: clamp() low limit -7 greater than high limit 15 309 | _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) | ^ ././include/linux/compiler_types.h:290:25: note: in definition of macro ‘__compiletime_assert’ 290 | prefix ## suffix(); \ | ^~~~~~ ././include/linux/compiler_types.h:309:9: note: in expansion of macro ‘_compiletime_assert’ 309 | _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) | ^~~~~~~~~~~~~~~~~~~ ./include/linux/build_bug.h:39:37: note: in expansion of macro ‘compiletime_assert’ 39 | #define BUILD_BUG_ON_MSG(cond, msg) compiletime_assert(!(cond), msg) | ^~~~~~~~~~~~~~~~~~ ./include/linux/minmax.h:188:9: note: in expansion of macro ‘BUILD_BUG_ON_MSG’ 188 | BUILD_BUG_ON_MSG(statically_true(ulo > uhi), \ | ^~~~~~~~~~~~~~~~ ./include/linux/minmax.h:195:9: note: in expansion of macro ‘__clamp_once’ 195 | __clamp_once(type, val, lo, hi, __UNIQUE_ID(v_), __UNIQUE_ID(l_), __UNIQUE_ID(h_)) | ^~~~~~~~~~~~ ./include/linux/minmax.h:218:36: note: in expansion of macro ‘__careful_clamp’ 218 | #define clamp_t(type, val, lo, hi) __careful_clamp(type, val, lo, hi) | ^~~~~~~~~~~~~~~ drivers/net/wireless/ralink/rt2x00/rt2800lib.c:3980:24: note: in expansion of macro ‘clamp_t’ 3980 | return clamp_t(char, txpower, MIN_A_TXPOWER, MAX_A_TXPOWER); | ^~~~~~~ CC [M] drivers/gpu/drm/msm/disp/dpu1/dpu_plane.o CC [M] drivers/media/cec/platform/s5p/s5p_cec.o CC [M] drivers/gpu/drm/nouveau/nvkm/subdev/bus/nv50.o ===================================================== # Builds where the incident occurred: ## multi_v7_defconfig on (arm): - compiler: gcc-12 - config: https://files.kernelci.org/kbuild-gcc-12-arm-68f2e7db5621556c1f20565d/.conf… - dashboard: https://d.kernelci.org/build/maestro:68f2e7db5621556c1f20565d #kernelci issue maestro:c03efd07fc01bc2d01554b8abdc3ecef088683b6 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 week, 2 days

1
0
0 0

[REGRESSION] stable-rc/linux-5.10.y: (build) call to '__compiletime_assert_1093' declared with 'error' attribut...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.10.y: --- call to '__compiletime_assert_1093' declared with 'error' attribute: clamp() low limit -7 greater than high limit 15 in drivers/net/wireless/ralink/rt2x00/rt2800lib.o (drivers/net/wireless/ralink/rt2x00/rt2800lib.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:29836e043a505e7ba05b17f7c0169fdf1043b303 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: a32db271d59d9f35f3a937ac27fcc2db1e029cdc Log excerpt: ===================================================== drivers/net/wireless/ralink/rt2x00/rt2800lib.c:3980:10: error: call to '__compiletime_assert_1093' declared with 'error' attribute: clamp() low limit -7 greater than high limit 15 3980 | return clamp_t(char, txpower, MIN_A_TXPOWER, MAX_A_TXPOWER); | ^ ./include/linux/minmax.h:218:36: note: expanded from macro 'clamp_t' 218 | #define clamp_t(type, val, lo, hi) __careful_clamp(type, val, lo, hi) | ^ ./include/linux/minmax.h:195:2: note: expanded from macro '__careful_clamp' 195 | __clamp_once(type, val, lo, hi, __UNIQUE_ID(v_), __UNIQUE_ID(l_), __UNIQUE_ID(h_)) | ^ ./include/linux/minmax.h:188:2: note: expanded from macro '__clamp_once' 188 | BUILD_BUG_ON_MSG(statically_true(ulo > uhi), \ | ^ note: (skipping 2 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) ././include/linux/compiler_types.h:297:2: note: expanded from macro '_compiletime_assert' 297 | __compiletime_assert(condition, msg, prefix, suffix) | ^ ././include/linux/compiler_types.h:290:4: note: expanded from macro '__compiletime_assert' 290 | prefix ## suffix(); \ | ^ <scratch space>:112:1: note: expanded from here 112 | __compiletime_assert_1093 | ^ drivers/net/wireless/ralink/rt2x00/rt2800lib.c:3980:10: error: call to '__compiletime_assert_1093' declared with 'error' attribute: clamp() low limit -7 greater than high limit 15 ./include/linux/minmax.h:218:36: note: expanded from macro 'clamp_t' 218 | #define clamp_t(type, val, lo, hi) __careful_clamp(type, val, lo, hi) | ^ ./include/linux/minmax.h:195:2: note: expanded from macro '__careful_clamp' 195 | __clamp_once(type, val, lo, hi, __UNIQUE_ID(v_), __UNIQUE_ID(l_), __UNIQUE_ID(h_)) | ^ ./include/linux/minmax.h:188:2: note: expanded from macro '__clamp_once' 188 | BUILD_BUG_ON_MSG(statically_true(ulo > uhi), \ | ^ note: (skipping 2 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) ././include/linux/compiler_types.h:297:2: note: expanded from macro '_compiletime_assert' 297 | __compiletime_assert(condition, msg, prefix, suffix) | ^ ././include/linux/compiler_types.h:290:4: note: expanded from macro '__compiletime_assert' 290 | prefix ## suffix(); \ | ^ <scratch space>:112:1: note: expanded from here 112 | __compiletime_assert_1093 | ^ drivers/net/wireless/ralink/rt2x00/rt2800lib.c:3980:10: error: call to '__compiletime_assert_1093' declared with 'error' attribute: clamp() low limit -7 greater than high limit 15 ./include/linux/minmax.h:218:36: note: expanded from macro 'clamp_t' 218 | #define clamp_t(type, val, lo, hi) __careful_clamp(type, val, lo, hi) | ^ ./include/linux/minmax.h:195:2: note: expanded from macro '__careful_clamp' 195 | __clamp_once(type, val, lo, hi, __UNIQUE_ID(v_), __UNIQUE_ID(l_), __UNIQUE_ID(h_)) | ^ ./include/linux/minmax.h:188:2: note: expanded from macro '__clamp_once' 188 | BUILD_BUG_ON_MSG(statically_true(ulo > uhi), \ | ^ note: (skipping 2 expansions in backtrace; use -fmacro-backtrace-limit=0 to see all) ././include/linux/compiler_types.h:297:2: note: expanded from macro '_compiletime_assert' 297 | __compiletime_assert(condition, msg, prefix, suffix) | ^ ././include/linux/compiler_types.h:290:4: note: expanded from macro '__compiletime_assert' 290 | prefix ## suffix(); \ | ^ <scratch space>:112:1: note: expanded from here 112 | __compiletime_assert_1093 | ^ CC [M] drivers/media/usb/gspca/spca501.o CC [M] drivers/isdn/hardware/mISDN/speedfax.o CC [M] drivers/net/wireless/realtek/rtlwifi/rtl8192c/fw_common.o CC [M] drivers/media/pci/saa7134/saa7134-ts.o LD [M] drivers/media/test-drivers/vimc/vimc.o CC [M] drivers/media/test-drivers/vivid/vivid-core.o CC [M] drivers/gpu/drm/drm_fourcc.o CC [M] drivers/media/usb/gspca/spca505.o CC [M] drivers/isdn/hardware/mISDN/mISDNinfineon.o CC [M] drivers/gpu/drm/drm_modes.o CC [M] drivers/media/usb/gspca/spca506.o CC [M] drivers/media/test-drivers/vivid/vivid-ctrls.o CC [M] drivers/media/pci/saa7134/saa7134-tvaudio.o CC [M] drivers/net/wireless/realtek/rtlwifi/rtl8192c/phy_common.o CC [M] drivers/media/usb/gspca/spca508.o CC [M] drivers/media/test-drivers/vivid/vivid-vid-common.o CC [M] drivers/isdn/hardware/mISDN/w6692.o 3 errors generated. ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm): - compiler: clang-17 - config: https://files.kernelci.org/kbuild-clang-17-arm-allmodconfig-68f2e7b55621556… - dashboard: https://d.kernelci.org/build/maestro:68f2e7b55621556c1f205610 #kernelci issue maestro:29836e043a505e7ba05b17f7c0169fdf1043b303 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 week, 2 days

1
0
0 0

FAILED: patch "[PATCH] usb: gadget: f_rndis: Refactor bind path to use __free()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 08228941436047bdcd35a612c1aec0912a29d8cd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101656-perky-popcorn-f7b0@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 08228941436047bdcd35a612c1aec0912a29d8cd Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Tue, 16 Sep 2025 16:21:37 +0800 Subject: [PATCH] usb: gadget: f_rndis: Refactor bind path to use __free() After an bind/unbind cycle, the rndis->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Fixes: 45fe3b8e5342 ("usb ethernet gadget: split RNDIS function") Cc: stable(a)kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250916-ready-v1-6-4997bf277548@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Link: https://lore.kernel.org/r/20250916-ready-v1-6-4997bf277548@google.com diff --git a/drivers/usb/gadget/function/f_rndis.c b/drivers/usb/gadget/function/f_rndis.c index 7cec19d65fb5..7451e7cb7a85 100644 --- a/drivers/usb/gadget/function/f_rndis.c +++ b/drivers/usb/gadget/function/f_rndis.c @@ -19,6 +19,8 @@ #include <linux/atomic.h> +#include <linux/usb/gadget.h> + #include "u_ether.h" #include "u_ether_configfs.h" #include "u_rndis.h" @@ -662,6 +664,8 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) struct usb_ep *ep; struct f_rndis_opts *rndis_opts; + struct usb_os_desc_table *os_desc_table __free(kfree) = NULL; + struct usb_request *request __free(free_usb_request) = NULL; if (!can_support_rndis(c)) return -EINVAL; @@ -669,12 +673,9 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) rndis_opts = container_of(f->fi, struct f_rndis_opts, func_inst); if (cdev->use_os_string) { - f->os_desc_table = kzalloc(sizeof(*f->os_desc_table), - GFP_KERNEL); - if (!f->os_desc_table) + os_desc_table = kzalloc(sizeof(*os_desc_table), GFP_KERNEL); + if (!os_desc_table) return -ENOMEM; - f->os_desc_n = 1; - f->os_desc_table[0].os_desc = &rndis_opts->rndis_os_desc; } rndis_iad_descriptor.bFunctionClass = rndis_opts->class; @@ -692,16 +693,14 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) gether_set_gadget(rndis_opts->net, cdev->gadget); status = gether_register_netdev(rndis_opts->net); if (status) - goto fail; + return status; rndis_opts->bound = true; } us = usb_gstrings_attach(cdev, rndis_strings, ARRAY_SIZE(rndis_string_defs)); - if (IS_ERR(us)) { - status = PTR_ERR(us); - goto fail; - } + if (IS_ERR(us)) + return PTR_ERR(us); rndis_control_intf.iInterface = us[0].id; rndis_data_intf.iInterface = us[1].id; rndis_iad_descriptor.iFunction = us[2].id; @@ -709,36 +708,30 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) /* allocate instance-specific interface IDs */ status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; rndis->ctrl_id = status; rndis_iad_descriptor.bFirstInterface = status; rndis_control_intf.bInterfaceNumber = status; rndis_union_desc.bMasterInterface0 = status; - if (cdev->use_os_string) - f->os_desc_table[0].if_id = - rndis_iad_descriptor.bFirstInterface; - status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; rndis->data_id = status; rndis_data_intf.bInterfaceNumber = status; rndis_union_desc.bSlaveInterface0 = status; - status = -ENODEV; - /* allocate instance-specific endpoints */ ep = usb_ep_autoconfig(cdev->gadget, &fs_in_desc); if (!ep) - goto fail; + return -ENODEV; rndis->port.in_ep = ep; ep = usb_ep_autoconfig(cdev->gadget, &fs_out_desc); if (!ep) - goto fail; + return -ENODEV; rndis->port.out_ep = ep; /* NOTE: a status/notification endpoint is, strictly speaking, @@ -747,21 +740,19 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) */ ep = usb_ep_autoconfig(cdev->gadget, &fs_notify_desc); if (!ep) - goto fail; + return -ENODEV; rndis->notify = ep; - status = -ENOMEM; - /* allocate notification request and buffer */ - rndis->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL); - if (!rndis->notify_req) - goto fail; - rndis->notify_req->buf = kmalloc(STATUS_BYTECOUNT, GFP_KERNEL); - if (!rndis->notify_req->buf) - goto fail; - rndis->notify_req->length = STATUS_BYTECOUNT; - rndis->notify_req->context = rndis; - rndis->notify_req->complete = rndis_response_complete; + request = usb_ep_alloc_request(ep, GFP_KERNEL); + if (!request) + return -ENOMEM; + request->buf = kmalloc(STATUS_BYTECOUNT, GFP_KERNEL); + if (!request->buf) + return -ENOMEM; + request->length = STATUS_BYTECOUNT; + request->context = rndis; + request->complete = rndis_response_complete; /* support all relevant hardware speeds... we expect that when * hardware is dual speed, all bulk-capable endpoints work at @@ -778,7 +769,7 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) status = usb_assign_descriptors(f, eth_fs_function, eth_hs_function, eth_ss_function, eth_ss_function); if (status) - goto fail; + return status; rndis->port.open = rndis_open; rndis->port.close = rndis_close; @@ -789,10 +780,19 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) if (rndis->manufacturer && rndis->vendorID && rndis_set_param_vendor(rndis->params, rndis->vendorID, rndis->manufacturer)) { - status = -EINVAL; - goto fail_free_descs; + usb_free_all_descriptors(f); + return -EINVAL; } + if (cdev->use_os_string) { + os_desc_table[0].os_desc = &rndis_opts->rndis_os_desc; + os_desc_table[0].if_id = rndis_iad_descriptor.bFirstInterface; + f->os_desc_table = no_free_ptr(os_desc_table); + f->os_desc_n = 1; + + } + rndis->notify_req = no_free_ptr(request); + /* NOTE: all that is done without knowing or caring about * the network link ... which is unavailable to this code * until we're activated via set_alt(). @@ -802,21 +802,6 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) rndis->port.in_ep->name, rndis->port.out_ep->name, rndis->notify->name); return 0; - -fail_free_descs: - usb_free_all_descriptors(f); -fail: - kfree(f->os_desc_table); - f->os_desc_n = 0; - - if (rndis->notify_req) { - kfree(rndis->notify_req->buf); - usb_ep_free_request(rndis->notify, rndis->notify_req); - } - - ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); - - return status; } void rndis_borrow_net(struct usb_function_instance *f, struct net_device *net)

1 week, 2 days

2
3
0 0

FAILED: patch "[PATCH] drm/exynos: exynos7_drm_decon: remove ctx->suspended" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e1361a4f1be9cb69a662c6d7b5ce218007d6e82b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101640-enviable-movable-b2dd@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e1361a4f1be9cb69a662c6d7b5ce218007d6e82b Mon Sep 17 00:00:00 2001 From: Kaustabh Chakraborty <kauschluss(a)disroot.org> Date: Sun, 6 Jul 2025 22:59:46 +0530 Subject: [PATCH] drm/exynos: exynos7_drm_decon: remove ctx->suspended Condition guards are found to be redundant, as the call flow is properly managed now, as also observed in the Exynos5433 DECON driver. Since state checking is no longer necessary, remove it. This also fixes an issue which prevented decon_commit() from decon_atomic_enable() due to an incorrect state change setting. Fixes: 96976c3d9aff ("drm/exynos: Add DECON driver") Cc: stable(a)vger.kernel.org Suggested-by: Inki Dae <inki.dae(a)samsung.com> Signed-off-by: Kaustabh Chakraborty <kauschluss(a)disroot.org> Signed-off-by: Inki Dae <inki.dae(a)samsung.com> diff --git a/drivers/gpu/drm/exynos/exynos7_drm_decon.c b/drivers/gpu/drm/exynos/exynos7_drm_decon.c index 805aa28c1723..b8d9b7251319 100644 --- a/drivers/gpu/drm/exynos/exynos7_drm_decon.c +++ b/drivers/gpu/drm/exynos/exynos7_drm_decon.c @@ -69,7 +69,6 @@ struct decon_context { void __iomem *regs; unsigned long irq_flags; bool i80_if; - bool suspended; wait_queue_head_t wait_vsync_queue; atomic_t wait_vsync_event; @@ -132,9 +131,6 @@ static void decon_shadow_protect_win(struct decon_context *ctx, static void decon_wait_for_vblank(struct decon_context *ctx) { - if (ctx->suspended) - return; - atomic_set(&ctx->wait_vsync_event, 1); /* @@ -210,9 +206,6 @@ static void decon_commit(struct exynos_drm_crtc *crtc) struct drm_display_mode *mode = &crtc->base.state->adjusted_mode; u32 val, clkdiv; - if (ctx->suspended) - return; - /* nothing to do if we haven't set the mode yet */ if (mode->htotal == 0 || mode->vtotal == 0) return; @@ -274,9 +267,6 @@ static int decon_enable_vblank(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; u32 val; - if (ctx->suspended) - return -EPERM; - if (!test_and_set_bit(0, &ctx->irq_flags)) { val = readl(ctx->regs + VIDINTCON0); @@ -299,9 +289,6 @@ static void decon_disable_vblank(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; u32 val; - if (ctx->suspended) - return; - if (test_and_clear_bit(0, &ctx->irq_flags)) { val = readl(ctx->regs + VIDINTCON0); @@ -404,9 +391,6 @@ static void decon_atomic_begin(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int i; - if (ctx->suspended) - return; - for (i = 0; i < WINDOWS_NR; i++) decon_shadow_protect_win(ctx, i, true); } @@ -427,9 +411,6 @@ static void decon_update_plane(struct exynos_drm_crtc *crtc, unsigned int pitch = fb->pitches[0]; unsigned int vidw_addr0_base = ctx->data->vidw_buf_start_base; - if (ctx->suspended) - return; - /* * SHADOWCON/PRTCON register is used for enabling timing. * @@ -517,9 +498,6 @@ static void decon_disable_plane(struct exynos_drm_crtc *crtc, unsigned int win = plane->index; u32 val; - if (ctx->suspended) - return; - /* protect windows */ decon_shadow_protect_win(ctx, win, true); @@ -538,9 +516,6 @@ static void decon_atomic_flush(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int i; - if (ctx->suspended) - return; - for (i = 0; i < WINDOWS_NR; i++) decon_shadow_protect_win(ctx, i, false); exynos_crtc_handle_event(crtc); @@ -568,9 +543,6 @@ static void decon_atomic_enable(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int ret; - if (!ctx->suspended) - return; - ret = pm_runtime_resume_and_get(ctx->dev); if (ret < 0) { DRM_DEV_ERROR(ctx->dev, "failed to enable DECON device.\n"); @@ -584,8 +556,6 @@ static void decon_atomic_enable(struct exynos_drm_crtc *crtc) decon_enable_vblank(ctx->crtc); decon_commit(ctx->crtc); - - ctx->suspended = false; } static void decon_atomic_disable(struct exynos_drm_crtc *crtc) @@ -593,9 +563,6 @@ static void decon_atomic_disable(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int i; - if (ctx->suspended) - return; - /* * We need to make sure that all windows are disabled before we * suspend that connector. Otherwise we might try to scan from @@ -605,8 +572,6 @@ static void decon_atomic_disable(struct exynos_drm_crtc *crtc) decon_disable_plane(crtc, &ctx->planes[i]); pm_runtime_put_sync(ctx->dev); - - ctx->suspended = true; } static const struct exynos_drm_crtc_ops decon_crtc_ops = { @@ -727,7 +692,6 @@ static int decon_probe(struct platform_device *pdev) return -ENOMEM; ctx->dev = dev; - ctx->suspended = true; ctx->data = of_device_get_match_data(dev); i80_if_timings = of_get_child_by_name(dev->of_node, "i80-if-timings");

1 week, 2 days

2
3
0 0

FAILED: patch "[PATCH] drm/msm/a6xx: Fix PDC sleep sequence" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x f248d5d5159a88ded55329f0b1b463d0f4094228 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101631-neurosis-worshiper-3728@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f248d5d5159a88ded55329f0b1b463d0f4094228 Mon Sep 17 00:00:00 2001 From: Akhil P Oommen <akhilpo(a)oss.qualcomm.com> Date: Mon, 8 Sep 2025 13:56:57 +0530 Subject: [PATCH] drm/msm/a6xx: Fix PDC sleep sequence Since the PDC resides out of the GPU subsystem and cannot be reset in case it enters bad state, utmost care must be taken to trigger the PDC wake/sleep routines in the correct order. The PDC wake sequence can be exercised only after a PDC sleep sequence. Additionally, GMU firmware should initialize a few registers before the KMD can trigger a PDC sleep sequence. So PDC sleep can't be done if the GMU firmware has not initialized. Track these dependencies using a new status variable and trigger PDC sleep/wake sequences appropriately. Cc: stable(a)vger.kernel.org Fixes: 4b565ca5a2cb ("drm/msm: Add A6XX device support") Signed-off-by: Akhil P Oommen <akhilpo(a)oss.qualcomm.com> Patchwork: https://patchwork.freedesktop.org/patch/673362/ Signed-off-by: Rob Clark <robin.clark(a)oss.qualcomm.com> diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gmu.c b/drivers/gpu/drm/msm/adreno/a6xx_gmu.c index e74651d5bd7a..5594499ad2d1 100644 --- a/drivers/gpu/drm/msm/adreno/a6xx_gmu.c +++ b/drivers/gpu/drm/msm/adreno/a6xx_gmu.c @@ -279,6 +279,8 @@ static int a6xx_gmu_start(struct a6xx_gmu *gmu) if (ret) DRM_DEV_ERROR(gmu->dev, "GMU firmware initialization timed out\n"); + set_bit(GMU_STATUS_FW_START, &gmu->status); + return ret; } @@ -525,6 +527,9 @@ static int a6xx_rpmh_start(struct a6xx_gmu *gmu) int ret; u32 val; + if (!test_and_clear_bit(GMU_STATUS_PDC_SLEEP, &gmu->status)) + return 0; + gmu_write(gmu, REG_A6XX_GMU_RSCC_CONTROL_REQ, BIT(1)); ret = gmu_poll_timeout(gmu, REG_A6XX_GMU_RSCC_CONTROL_ACK, val, @@ -552,6 +557,9 @@ static void a6xx_rpmh_stop(struct a6xx_gmu *gmu) int ret; u32 val; + if (test_and_clear_bit(GMU_STATUS_FW_START, &gmu->status)) + return; + gmu_write(gmu, REG_A6XX_GMU_RSCC_CONTROL_REQ, 1); ret = gmu_poll_timeout_rscc(gmu, REG_A6XX_GPU_RSCC_RSC_STATUS0_DRV0, @@ -560,6 +568,8 @@ static void a6xx_rpmh_stop(struct a6xx_gmu *gmu) DRM_DEV_ERROR(gmu->dev, "Unable to power off the GPU RSC\n"); gmu_write(gmu, REG_A6XX_GMU_RSCC_CONTROL_REQ, 0); + + set_bit(GMU_STATUS_PDC_SLEEP, &gmu->status); } static inline void pdc_write(void __iomem *ptr, u32 offset, u32 value) @@ -688,8 +698,6 @@ static void a6xx_gmu_rpmh_init(struct a6xx_gmu *gmu) /* ensure no writes happen before the uCode is fully written */ wmb(); - a6xx_rpmh_stop(gmu); - err: if (!IS_ERR_OR_NULL(pdcptr)) iounmap(pdcptr); @@ -849,19 +857,15 @@ static int a6xx_gmu_fw_start(struct a6xx_gmu *gmu, unsigned int state) else gmu_write(gmu, REG_A6XX_GMU_GENERAL_7, 1); - if (state == GMU_WARM_BOOT) { - ret = a6xx_rpmh_start(gmu); - if (ret) - return ret; - } else { + ret = a6xx_rpmh_start(gmu); + if (ret) + return ret; + + if (state == GMU_COLD_BOOT) { if (WARN(!adreno_gpu->fw[ADRENO_FW_GMU], "GMU firmware is not loaded\n")) return -ENOENT; - ret = a6xx_rpmh_start(gmu); - if (ret) - return ret; - ret = a6xx_gmu_fw_load(gmu); if (ret) return ret; @@ -1046,6 +1050,8 @@ static void a6xx_gmu_force_off(struct a6xx_gmu *gmu) /* Reset GPU core blocks */ a6xx_gpu_sw_reset(gpu, true); + + a6xx_rpmh_stop(gmu); } static void a6xx_gmu_set_initial_freq(struct msm_gpu *gpu, struct a6xx_gmu *gmu) diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gmu.h b/drivers/gpu/drm/msm/adreno/a6xx_gmu.h index d1ce11131ba6..069a8c9474e8 100644 --- a/drivers/gpu/drm/msm/adreno/a6xx_gmu.h +++ b/drivers/gpu/drm/msm/adreno/a6xx_gmu.h @@ -117,6 +117,12 @@ struct a6xx_gmu { struct qmp *qmp; struct a6xx_hfi_msg_bw_table *bw_table; + +/* To check if we can trigger sleep seq at PDC. Cleared in a6xx_rpmh_stop() */ +#define GMU_STATUS_FW_START 0 +/* To track if PDC sleep seq was done */ +#define GMU_STATUS_PDC_SLEEP 1 + unsigned long status; }; static inline u32 gmu_read(struct a6xx_gmu *gmu, u32 offset)

1 week, 2 days

2
1
0 0

FAILED: patch "[PATCH] drm/exynos: exynos7_drm_decon: remove ctx->suspended" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x e1361a4f1be9cb69a662c6d7b5ce218007d6e82b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101640-sprig-fifth-f5a1@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e1361a4f1be9cb69a662c6d7b5ce218007d6e82b Mon Sep 17 00:00:00 2001 From: Kaustabh Chakraborty <kauschluss(a)disroot.org> Date: Sun, 6 Jul 2025 22:59:46 +0530 Subject: [PATCH] drm/exynos: exynos7_drm_decon: remove ctx->suspended Condition guards are found to be redundant, as the call flow is properly managed now, as also observed in the Exynos5433 DECON driver. Since state checking is no longer necessary, remove it. This also fixes an issue which prevented decon_commit() from decon_atomic_enable() due to an incorrect state change setting. Fixes: 96976c3d9aff ("drm/exynos: Add DECON driver") Cc: stable(a)vger.kernel.org Suggested-by: Inki Dae <inki.dae(a)samsung.com> Signed-off-by: Kaustabh Chakraborty <kauschluss(a)disroot.org> Signed-off-by: Inki Dae <inki.dae(a)samsung.com> diff --git a/drivers/gpu/drm/exynos/exynos7_drm_decon.c b/drivers/gpu/drm/exynos/exynos7_drm_decon.c index 805aa28c1723..b8d9b7251319 100644 --- a/drivers/gpu/drm/exynos/exynos7_drm_decon.c +++ b/drivers/gpu/drm/exynos/exynos7_drm_decon.c @@ -69,7 +69,6 @@ struct decon_context { void __iomem *regs; unsigned long irq_flags; bool i80_if; - bool suspended; wait_queue_head_t wait_vsync_queue; atomic_t wait_vsync_event; @@ -132,9 +131,6 @@ static void decon_shadow_protect_win(struct decon_context *ctx, static void decon_wait_for_vblank(struct decon_context *ctx) { - if (ctx->suspended) - return; - atomic_set(&ctx->wait_vsync_event, 1); /* @@ -210,9 +206,6 @@ static void decon_commit(struct exynos_drm_crtc *crtc) struct drm_display_mode *mode = &crtc->base.state->adjusted_mode; u32 val, clkdiv; - if (ctx->suspended) - return; - /* nothing to do if we haven't set the mode yet */ if (mode->htotal == 0 || mode->vtotal == 0) return; @@ -274,9 +267,6 @@ static int decon_enable_vblank(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; u32 val; - if (ctx->suspended) - return -EPERM; - if (!test_and_set_bit(0, &ctx->irq_flags)) { val = readl(ctx->regs + VIDINTCON0); @@ -299,9 +289,6 @@ static void decon_disable_vblank(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; u32 val; - if (ctx->suspended) - return; - if (test_and_clear_bit(0, &ctx->irq_flags)) { val = readl(ctx->regs + VIDINTCON0); @@ -404,9 +391,6 @@ static void decon_atomic_begin(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int i; - if (ctx->suspended) - return; - for (i = 0; i < WINDOWS_NR; i++) decon_shadow_protect_win(ctx, i, true); } @@ -427,9 +411,6 @@ static void decon_update_plane(struct exynos_drm_crtc *crtc, unsigned int pitch = fb->pitches[0]; unsigned int vidw_addr0_base = ctx->data->vidw_buf_start_base; - if (ctx->suspended) - return; - /* * SHADOWCON/PRTCON register is used for enabling timing. * @@ -517,9 +498,6 @@ static void decon_disable_plane(struct exynos_drm_crtc *crtc, unsigned int win = plane->index; u32 val; - if (ctx->suspended) - return; - /* protect windows */ decon_shadow_protect_win(ctx, win, true); @@ -538,9 +516,6 @@ static void decon_atomic_flush(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int i; - if (ctx->suspended) - return; - for (i = 0; i < WINDOWS_NR; i++) decon_shadow_protect_win(ctx, i, false); exynos_crtc_handle_event(crtc); @@ -568,9 +543,6 @@ static void decon_atomic_enable(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int ret; - if (!ctx->suspended) - return; - ret = pm_runtime_resume_and_get(ctx->dev); if (ret < 0) { DRM_DEV_ERROR(ctx->dev, "failed to enable DECON device.\n"); @@ -584,8 +556,6 @@ static void decon_atomic_enable(struct exynos_drm_crtc *crtc) decon_enable_vblank(ctx->crtc); decon_commit(ctx->crtc); - - ctx->suspended = false; } static void decon_atomic_disable(struct exynos_drm_crtc *crtc) @@ -593,9 +563,6 @@ static void decon_atomic_disable(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int i; - if (ctx->suspended) - return; - /* * We need to make sure that all windows are disabled before we * suspend that connector. Otherwise we might try to scan from @@ -605,8 +572,6 @@ static void decon_atomic_disable(struct exynos_drm_crtc *crtc) decon_disable_plane(crtc, &ctx->planes[i]); pm_runtime_put_sync(ctx->dev); - - ctx->suspended = true; } static const struct exynos_drm_crtc_ops decon_crtc_ops = { @@ -727,7 +692,6 @@ static int decon_probe(struct platform_device *pdev) return -ENOMEM; ctx->dev = dev; - ctx->suspended = true; ctx->data = of_device_get_match_data(dev); i80_if_timings = of_get_child_by_name(dev->of_node, "i80-if-timings");

1 week, 2 days

2
3
0 0

FAILED: patch "[PATCH] usb: gadget: f_rndis: Refactor bind path to use __free()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 08228941436047bdcd35a612c1aec0912a29d8cd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101631-subscript-pruning-bc19@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 08228941436047bdcd35a612c1aec0912a29d8cd Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Tue, 16 Sep 2025 16:21:37 +0800 Subject: [PATCH] usb: gadget: f_rndis: Refactor bind path to use __free() After an bind/unbind cycle, the rndis->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Fixes: 45fe3b8e5342 ("usb ethernet gadget: split RNDIS function") Cc: stable(a)kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250916-ready-v1-6-4997bf277548@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Link: https://lore.kernel.org/r/20250916-ready-v1-6-4997bf277548@google.com diff --git a/drivers/usb/gadget/function/f_rndis.c b/drivers/usb/gadget/function/f_rndis.c index 7cec19d65fb5..7451e7cb7a85 100644 --- a/drivers/usb/gadget/function/f_rndis.c +++ b/drivers/usb/gadget/function/f_rndis.c @@ -19,6 +19,8 @@ #include <linux/atomic.h> +#include <linux/usb/gadget.h> + #include "u_ether.h" #include "u_ether_configfs.h" #include "u_rndis.h" @@ -662,6 +664,8 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) struct usb_ep *ep; struct f_rndis_opts *rndis_opts; + struct usb_os_desc_table *os_desc_table __free(kfree) = NULL; + struct usb_request *request __free(free_usb_request) = NULL; if (!can_support_rndis(c)) return -EINVAL; @@ -669,12 +673,9 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) rndis_opts = container_of(f->fi, struct f_rndis_opts, func_inst); if (cdev->use_os_string) { - f->os_desc_table = kzalloc(sizeof(*f->os_desc_table), - GFP_KERNEL); - if (!f->os_desc_table) + os_desc_table = kzalloc(sizeof(*os_desc_table), GFP_KERNEL); + if (!os_desc_table) return -ENOMEM; - f->os_desc_n = 1; - f->os_desc_table[0].os_desc = &rndis_opts->rndis_os_desc; } rndis_iad_descriptor.bFunctionClass = rndis_opts->class; @@ -692,16 +693,14 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) gether_set_gadget(rndis_opts->net, cdev->gadget); status = gether_register_netdev(rndis_opts->net); if (status) - goto fail; + return status; rndis_opts->bound = true; } us = usb_gstrings_attach(cdev, rndis_strings, ARRAY_SIZE(rndis_string_defs)); - if (IS_ERR(us)) { - status = PTR_ERR(us); - goto fail; - } + if (IS_ERR(us)) + return PTR_ERR(us); rndis_control_intf.iInterface = us[0].id; rndis_data_intf.iInterface = us[1].id; rndis_iad_descriptor.iFunction = us[2].id; @@ -709,36 +708,30 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) /* allocate instance-specific interface IDs */ status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; rndis->ctrl_id = status; rndis_iad_descriptor.bFirstInterface = status; rndis_control_intf.bInterfaceNumber = status; rndis_union_desc.bMasterInterface0 = status; - if (cdev->use_os_string) - f->os_desc_table[0].if_id = - rndis_iad_descriptor.bFirstInterface; - status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; rndis->data_id = status; rndis_data_intf.bInterfaceNumber = status; rndis_union_desc.bSlaveInterface0 = status; - status = -ENODEV; - /* allocate instance-specific endpoints */ ep = usb_ep_autoconfig(cdev->gadget, &fs_in_desc); if (!ep) - goto fail; + return -ENODEV; rndis->port.in_ep = ep; ep = usb_ep_autoconfig(cdev->gadget, &fs_out_desc); if (!ep) - goto fail; + return -ENODEV; rndis->port.out_ep = ep; /* NOTE: a status/notification endpoint is, strictly speaking, @@ -747,21 +740,19 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) */ ep = usb_ep_autoconfig(cdev->gadget, &fs_notify_desc); if (!ep) - goto fail; + return -ENODEV; rndis->notify = ep; - status = -ENOMEM; - /* allocate notification request and buffer */ - rndis->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL); - if (!rndis->notify_req) - goto fail; - rndis->notify_req->buf = kmalloc(STATUS_BYTECOUNT, GFP_KERNEL); - if (!rndis->notify_req->buf) - goto fail; - rndis->notify_req->length = STATUS_BYTECOUNT; - rndis->notify_req->context = rndis; - rndis->notify_req->complete = rndis_response_complete; + request = usb_ep_alloc_request(ep, GFP_KERNEL); + if (!request) + return -ENOMEM; + request->buf = kmalloc(STATUS_BYTECOUNT, GFP_KERNEL); + if (!request->buf) + return -ENOMEM; + request->length = STATUS_BYTECOUNT; + request->context = rndis; + request->complete = rndis_response_complete; /* support all relevant hardware speeds... we expect that when * hardware is dual speed, all bulk-capable endpoints work at @@ -778,7 +769,7 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) status = usb_assign_descriptors(f, eth_fs_function, eth_hs_function, eth_ss_function, eth_ss_function); if (status) - goto fail; + return status; rndis->port.open = rndis_open; rndis->port.close = rndis_close; @@ -789,10 +780,19 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) if (rndis->manufacturer && rndis->vendorID && rndis_set_param_vendor(rndis->params, rndis->vendorID, rndis->manufacturer)) { - status = -EINVAL; - goto fail_free_descs; + usb_free_all_descriptors(f); + return -EINVAL; } + if (cdev->use_os_string) { + os_desc_table[0].os_desc = &rndis_opts->rndis_os_desc; + os_desc_table[0].if_id = rndis_iad_descriptor.bFirstInterface; + f->os_desc_table = no_free_ptr(os_desc_table); + f->os_desc_n = 1; + + } + rndis->notify_req = no_free_ptr(request); + /* NOTE: all that is done without knowing or caring about * the network link ... which is unavailable to this code * until we're activated via set_alt(). @@ -802,21 +802,6 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) rndis->port.in_ep->name, rndis->port.out_ep->name, rndis->notify->name); return 0; - -fail_free_descs: - usb_free_all_descriptors(f); -fail: - kfree(f->os_desc_table); - f->os_desc_n = 0; - - if (rndis->notify_req) { - kfree(rndis->notify_req->buf); - usb_ep_free_request(rndis->notify, rndis->notify_req); - } - - ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); - - return status; } void rndis_borrow_net(struct usb_function_instance *f, struct net_device *net)

1 week, 2 days

2
3
0 0

FAILED: patch "[PATCH] drm/exynos: exynos7_drm_decon: remove ctx->suspended" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x e1361a4f1be9cb69a662c6d7b5ce218007d6e82b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101639-sublet-lilac-775e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e1361a4f1be9cb69a662c6d7b5ce218007d6e82b Mon Sep 17 00:00:00 2001 From: Kaustabh Chakraborty <kauschluss(a)disroot.org> Date: Sun, 6 Jul 2025 22:59:46 +0530 Subject: [PATCH] drm/exynos: exynos7_drm_decon: remove ctx->suspended Condition guards are found to be redundant, as the call flow is properly managed now, as also observed in the Exynos5433 DECON driver. Since state checking is no longer necessary, remove it. This also fixes an issue which prevented decon_commit() from decon_atomic_enable() due to an incorrect state change setting. Fixes: 96976c3d9aff ("drm/exynos: Add DECON driver") Cc: stable(a)vger.kernel.org Suggested-by: Inki Dae <inki.dae(a)samsung.com> Signed-off-by: Kaustabh Chakraborty <kauschluss(a)disroot.org> Signed-off-by: Inki Dae <inki.dae(a)samsung.com> diff --git a/drivers/gpu/drm/exynos/exynos7_drm_decon.c b/drivers/gpu/drm/exynos/exynos7_drm_decon.c index 805aa28c1723..b8d9b7251319 100644 --- a/drivers/gpu/drm/exynos/exynos7_drm_decon.c +++ b/drivers/gpu/drm/exynos/exynos7_drm_decon.c @@ -69,7 +69,6 @@ struct decon_context { void __iomem *regs; unsigned long irq_flags; bool i80_if; - bool suspended; wait_queue_head_t wait_vsync_queue; atomic_t wait_vsync_event; @@ -132,9 +131,6 @@ static void decon_shadow_protect_win(struct decon_context *ctx, static void decon_wait_for_vblank(struct decon_context *ctx) { - if (ctx->suspended) - return; - atomic_set(&ctx->wait_vsync_event, 1); /* @@ -210,9 +206,6 @@ static void decon_commit(struct exynos_drm_crtc *crtc) struct drm_display_mode *mode = &crtc->base.state->adjusted_mode; u32 val, clkdiv; - if (ctx->suspended) - return; - /* nothing to do if we haven't set the mode yet */ if (mode->htotal == 0 || mode->vtotal == 0) return; @@ -274,9 +267,6 @@ static int decon_enable_vblank(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; u32 val; - if (ctx->suspended) - return -EPERM; - if (!test_and_set_bit(0, &ctx->irq_flags)) { val = readl(ctx->regs + VIDINTCON0); @@ -299,9 +289,6 @@ static void decon_disable_vblank(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; u32 val; - if (ctx->suspended) - return; - if (test_and_clear_bit(0, &ctx->irq_flags)) { val = readl(ctx->regs + VIDINTCON0); @@ -404,9 +391,6 @@ static void decon_atomic_begin(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int i; - if (ctx->suspended) - return; - for (i = 0; i < WINDOWS_NR; i++) decon_shadow_protect_win(ctx, i, true); } @@ -427,9 +411,6 @@ static void decon_update_plane(struct exynos_drm_crtc *crtc, unsigned int pitch = fb->pitches[0]; unsigned int vidw_addr0_base = ctx->data->vidw_buf_start_base; - if (ctx->suspended) - return; - /* * SHADOWCON/PRTCON register is used for enabling timing. * @@ -517,9 +498,6 @@ static void decon_disable_plane(struct exynos_drm_crtc *crtc, unsigned int win = plane->index; u32 val; - if (ctx->suspended) - return; - /* protect windows */ decon_shadow_protect_win(ctx, win, true); @@ -538,9 +516,6 @@ static void decon_atomic_flush(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int i; - if (ctx->suspended) - return; - for (i = 0; i < WINDOWS_NR; i++) decon_shadow_protect_win(ctx, i, false); exynos_crtc_handle_event(crtc); @@ -568,9 +543,6 @@ static void decon_atomic_enable(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int ret; - if (!ctx->suspended) - return; - ret = pm_runtime_resume_and_get(ctx->dev); if (ret < 0) { DRM_DEV_ERROR(ctx->dev, "failed to enable DECON device.\n"); @@ -584,8 +556,6 @@ static void decon_atomic_enable(struct exynos_drm_crtc *crtc) decon_enable_vblank(ctx->crtc); decon_commit(ctx->crtc); - - ctx->suspended = false; } static void decon_atomic_disable(struct exynos_drm_crtc *crtc) @@ -593,9 +563,6 @@ static void decon_atomic_disable(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int i; - if (ctx->suspended) - return; - /* * We need to make sure that all windows are disabled before we * suspend that connector. Otherwise we might try to scan from @@ -605,8 +572,6 @@ static void decon_atomic_disable(struct exynos_drm_crtc *crtc) decon_disable_plane(crtc, &ctx->planes[i]); pm_runtime_put_sync(ctx->dev); - - ctx->suspended = true; } static const struct exynos_drm_crtc_ops decon_crtc_ops = { @@ -727,7 +692,6 @@ static int decon_probe(struct platform_device *pdev) return -ENOMEM; ctx->dev = dev; - ctx->suspended = true; ctx->data = of_device_get_match_data(dev); i80_if_timings = of_get_child_by_name(dev->of_node, "i80-if-timings");

1 week, 2 days

2
3
0 0

FAILED: patch "[PATCH] drm/exynos: exynos7_drm_decon: remove ctx->suspended" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x e1361a4f1be9cb69a662c6d7b5ce218007d6e82b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101639-survey-affix-387d@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e1361a4f1be9cb69a662c6d7b5ce218007d6e82b Mon Sep 17 00:00:00 2001 From: Kaustabh Chakraborty <kauschluss(a)disroot.org> Date: Sun, 6 Jul 2025 22:59:46 +0530 Subject: [PATCH] drm/exynos: exynos7_drm_decon: remove ctx->suspended Condition guards are found to be redundant, as the call flow is properly managed now, as also observed in the Exynos5433 DECON driver. Since state checking is no longer necessary, remove it. This also fixes an issue which prevented decon_commit() from decon_atomic_enable() due to an incorrect state change setting. Fixes: 96976c3d9aff ("drm/exynos: Add DECON driver") Cc: stable(a)vger.kernel.org Suggested-by: Inki Dae <inki.dae(a)samsung.com> Signed-off-by: Kaustabh Chakraborty <kauschluss(a)disroot.org> Signed-off-by: Inki Dae <inki.dae(a)samsung.com> diff --git a/drivers/gpu/drm/exynos/exynos7_drm_decon.c b/drivers/gpu/drm/exynos/exynos7_drm_decon.c index 805aa28c1723..b8d9b7251319 100644 --- a/drivers/gpu/drm/exynos/exynos7_drm_decon.c +++ b/drivers/gpu/drm/exynos/exynos7_drm_decon.c @@ -69,7 +69,6 @@ struct decon_context { void __iomem *regs; unsigned long irq_flags; bool i80_if; - bool suspended; wait_queue_head_t wait_vsync_queue; atomic_t wait_vsync_event; @@ -132,9 +131,6 @@ static void decon_shadow_protect_win(struct decon_context *ctx, static void decon_wait_for_vblank(struct decon_context *ctx) { - if (ctx->suspended) - return; - atomic_set(&ctx->wait_vsync_event, 1); /* @@ -210,9 +206,6 @@ static void decon_commit(struct exynos_drm_crtc *crtc) struct drm_display_mode *mode = &crtc->base.state->adjusted_mode; u32 val, clkdiv; - if (ctx->suspended) - return; - /* nothing to do if we haven't set the mode yet */ if (mode->htotal == 0 || mode->vtotal == 0) return; @@ -274,9 +267,6 @@ static int decon_enable_vblank(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; u32 val; - if (ctx->suspended) - return -EPERM; - if (!test_and_set_bit(0, &ctx->irq_flags)) { val = readl(ctx->regs + VIDINTCON0); @@ -299,9 +289,6 @@ static void decon_disable_vblank(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; u32 val; - if (ctx->suspended) - return; - if (test_and_clear_bit(0, &ctx->irq_flags)) { val = readl(ctx->regs + VIDINTCON0); @@ -404,9 +391,6 @@ static void decon_atomic_begin(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int i; - if (ctx->suspended) - return; - for (i = 0; i < WINDOWS_NR; i++) decon_shadow_protect_win(ctx, i, true); } @@ -427,9 +411,6 @@ static void decon_update_plane(struct exynos_drm_crtc *crtc, unsigned int pitch = fb->pitches[0]; unsigned int vidw_addr0_base = ctx->data->vidw_buf_start_base; - if (ctx->suspended) - return; - /* * SHADOWCON/PRTCON register is used for enabling timing. * @@ -517,9 +498,6 @@ static void decon_disable_plane(struct exynos_drm_crtc *crtc, unsigned int win = plane->index; u32 val; - if (ctx->suspended) - return; - /* protect windows */ decon_shadow_protect_win(ctx, win, true); @@ -538,9 +516,6 @@ static void decon_atomic_flush(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int i; - if (ctx->suspended) - return; - for (i = 0; i < WINDOWS_NR; i++) decon_shadow_protect_win(ctx, i, false); exynos_crtc_handle_event(crtc); @@ -568,9 +543,6 @@ static void decon_atomic_enable(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int ret; - if (!ctx->suspended) - return; - ret = pm_runtime_resume_and_get(ctx->dev); if (ret < 0) { DRM_DEV_ERROR(ctx->dev, "failed to enable DECON device.\n"); @@ -584,8 +556,6 @@ static void decon_atomic_enable(struct exynos_drm_crtc *crtc) decon_enable_vblank(ctx->crtc); decon_commit(ctx->crtc); - - ctx->suspended = false; } static void decon_atomic_disable(struct exynos_drm_crtc *crtc) @@ -593,9 +563,6 @@ static void decon_atomic_disable(struct exynos_drm_crtc *crtc) struct decon_context *ctx = crtc->ctx; int i; - if (ctx->suspended) - return; - /* * We need to make sure that all windows are disabled before we * suspend that connector. Otherwise we might try to scan from @@ -605,8 +572,6 @@ static void decon_atomic_disable(struct exynos_drm_crtc *crtc) decon_disable_plane(crtc, &ctx->planes[i]); pm_runtime_put_sync(ctx->dev); - - ctx->suspended = true; } static const struct exynos_drm_crtc_ops decon_crtc_ops = { @@ -727,7 +692,6 @@ static int decon_probe(struct platform_device *pdev) return -ENOMEM; ctx->dev = dev; - ctx->suspended = true; ctx->data = of_device_get_match_data(dev); i80_if_timings = of_get_child_by_name(dev->of_node, "i80-if-timings");

1 week, 2 days

2
3
0 0

FAILED: patch "[PATCH] usb: gadget: f_rndis: Refactor bind path to use __free()" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 08228941436047bdcd35a612c1aec0912a29d8cd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101631-macaroni-reabsorb-72e7@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 08228941436047bdcd35a612c1aec0912a29d8cd Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Tue, 16 Sep 2025 16:21:37 +0800 Subject: [PATCH] usb: gadget: f_rndis: Refactor bind path to use __free() After an bind/unbind cycle, the rndis->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Fixes: 45fe3b8e5342 ("usb ethernet gadget: split RNDIS function") Cc: stable(a)kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250916-ready-v1-6-4997bf277548@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Link: https://lore.kernel.org/r/20250916-ready-v1-6-4997bf277548@google.com diff --git a/drivers/usb/gadget/function/f_rndis.c b/drivers/usb/gadget/function/f_rndis.c index 7cec19d65fb5..7451e7cb7a85 100644 --- a/drivers/usb/gadget/function/f_rndis.c +++ b/drivers/usb/gadget/function/f_rndis.c @@ -19,6 +19,8 @@ #include <linux/atomic.h> +#include <linux/usb/gadget.h> + #include "u_ether.h" #include "u_ether_configfs.h" #include "u_rndis.h" @@ -662,6 +664,8 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) struct usb_ep *ep; struct f_rndis_opts *rndis_opts; + struct usb_os_desc_table *os_desc_table __free(kfree) = NULL; + struct usb_request *request __free(free_usb_request) = NULL; if (!can_support_rndis(c)) return -EINVAL; @@ -669,12 +673,9 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) rndis_opts = container_of(f->fi, struct f_rndis_opts, func_inst); if (cdev->use_os_string) { - f->os_desc_table = kzalloc(sizeof(*f->os_desc_table), - GFP_KERNEL); - if (!f->os_desc_table) + os_desc_table = kzalloc(sizeof(*os_desc_table), GFP_KERNEL); + if (!os_desc_table) return -ENOMEM; - f->os_desc_n = 1; - f->os_desc_table[0].os_desc = &rndis_opts->rndis_os_desc; } rndis_iad_descriptor.bFunctionClass = rndis_opts->class; @@ -692,16 +693,14 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) gether_set_gadget(rndis_opts->net, cdev->gadget); status = gether_register_netdev(rndis_opts->net); if (status) - goto fail; + return status; rndis_opts->bound = true; } us = usb_gstrings_attach(cdev, rndis_strings, ARRAY_SIZE(rndis_string_defs)); - if (IS_ERR(us)) { - status = PTR_ERR(us); - goto fail; - } + if (IS_ERR(us)) + return PTR_ERR(us); rndis_control_intf.iInterface = us[0].id; rndis_data_intf.iInterface = us[1].id; rndis_iad_descriptor.iFunction = us[2].id; @@ -709,36 +708,30 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) /* allocate instance-specific interface IDs */ status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; rndis->ctrl_id = status; rndis_iad_descriptor.bFirstInterface = status; rndis_control_intf.bInterfaceNumber = status; rndis_union_desc.bMasterInterface0 = status; - if (cdev->use_os_string) - f->os_desc_table[0].if_id = - rndis_iad_descriptor.bFirstInterface; - status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; rndis->data_id = status; rndis_data_intf.bInterfaceNumber = status; rndis_union_desc.bSlaveInterface0 = status; - status = -ENODEV; - /* allocate instance-specific endpoints */ ep = usb_ep_autoconfig(cdev->gadget, &fs_in_desc); if (!ep) - goto fail; + return -ENODEV; rndis->port.in_ep = ep; ep = usb_ep_autoconfig(cdev->gadget, &fs_out_desc); if (!ep) - goto fail; + return -ENODEV; rndis->port.out_ep = ep; /* NOTE: a status/notification endpoint is, strictly speaking, @@ -747,21 +740,19 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) */ ep = usb_ep_autoconfig(cdev->gadget, &fs_notify_desc); if (!ep) - goto fail; + return -ENODEV; rndis->notify = ep; - status = -ENOMEM; - /* allocate notification request and buffer */ - rndis->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL); - if (!rndis->notify_req) - goto fail; - rndis->notify_req->buf = kmalloc(STATUS_BYTECOUNT, GFP_KERNEL); - if (!rndis->notify_req->buf) - goto fail; - rndis->notify_req->length = STATUS_BYTECOUNT; - rndis->notify_req->context = rndis; - rndis->notify_req->complete = rndis_response_complete; + request = usb_ep_alloc_request(ep, GFP_KERNEL); + if (!request) + return -ENOMEM; + request->buf = kmalloc(STATUS_BYTECOUNT, GFP_KERNEL); + if (!request->buf) + return -ENOMEM; + request->length = STATUS_BYTECOUNT; + request->context = rndis; + request->complete = rndis_response_complete; /* support all relevant hardware speeds... we expect that when * hardware is dual speed, all bulk-capable endpoints work at @@ -778,7 +769,7 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) status = usb_assign_descriptors(f, eth_fs_function, eth_hs_function, eth_ss_function, eth_ss_function); if (status) - goto fail; + return status; rndis->port.open = rndis_open; rndis->port.close = rndis_close; @@ -789,10 +780,19 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) if (rndis->manufacturer && rndis->vendorID && rndis_set_param_vendor(rndis->params, rndis->vendorID, rndis->manufacturer)) { - status = -EINVAL; - goto fail_free_descs; + usb_free_all_descriptors(f); + return -EINVAL; } + if (cdev->use_os_string) { + os_desc_table[0].os_desc = &rndis_opts->rndis_os_desc; + os_desc_table[0].if_id = rndis_iad_descriptor.bFirstInterface; + f->os_desc_table = no_free_ptr(os_desc_table); + f->os_desc_n = 1; + + } + rndis->notify_req = no_free_ptr(request); + /* NOTE: all that is done without knowing or caring about * the network link ... which is unavailable to this code * until we're activated via set_alt(). @@ -802,21 +802,6 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) rndis->port.in_ep->name, rndis->port.out_ep->name, rndis->notify->name); return 0; - -fail_free_descs: - usb_free_all_descriptors(f); -fail: - kfree(f->os_desc_table); - f->os_desc_n = 0; - - if (rndis->notify_req) { - kfree(rndis->notify_req->buf); - usb_ep_free_request(rndis->notify, rndis->notify_req); - } - - ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); - - return status; } void rndis_borrow_net(struct usb_function_instance *f, struct net_device *net)

1 week, 2 days

2
3
0 0

FAILED: patch "[PATCH] usb: gadget: f_rndis: Refactor bind path to use __free()" failed to apply to 6.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.17.y git checkout FETCH_HEAD git cherry-pick -x 08228941436047bdcd35a612c1aec0912a29d8cd # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101630-mundane-sixties-ade4@gregkh' --subject-prefix 'PATCH 6.17.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 08228941436047bdcd35a612c1aec0912a29d8cd Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Tue, 16 Sep 2025 16:21:37 +0800 Subject: [PATCH] usb: gadget: f_rndis: Refactor bind path to use __free() After an bind/unbind cycle, the rndis->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Fixes: 45fe3b8e5342 ("usb ethernet gadget: split RNDIS function") Cc: stable(a)kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250916-ready-v1-6-4997bf277548@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Link: https://lore.kernel.org/r/20250916-ready-v1-6-4997bf277548@google.com diff --git a/drivers/usb/gadget/function/f_rndis.c b/drivers/usb/gadget/function/f_rndis.c index 7cec19d65fb5..7451e7cb7a85 100644 --- a/drivers/usb/gadget/function/f_rndis.c +++ b/drivers/usb/gadget/function/f_rndis.c @@ -19,6 +19,8 @@ #include <linux/atomic.h> +#include <linux/usb/gadget.h> + #include "u_ether.h" #include "u_ether_configfs.h" #include "u_rndis.h" @@ -662,6 +664,8 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) struct usb_ep *ep; struct f_rndis_opts *rndis_opts; + struct usb_os_desc_table *os_desc_table __free(kfree) = NULL; + struct usb_request *request __free(free_usb_request) = NULL; if (!can_support_rndis(c)) return -EINVAL; @@ -669,12 +673,9 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) rndis_opts = container_of(f->fi, struct f_rndis_opts, func_inst); if (cdev->use_os_string) { - f->os_desc_table = kzalloc(sizeof(*f->os_desc_table), - GFP_KERNEL); - if (!f->os_desc_table) + os_desc_table = kzalloc(sizeof(*os_desc_table), GFP_KERNEL); + if (!os_desc_table) return -ENOMEM; - f->os_desc_n = 1; - f->os_desc_table[0].os_desc = &rndis_opts->rndis_os_desc; } rndis_iad_descriptor.bFunctionClass = rndis_opts->class; @@ -692,16 +693,14 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) gether_set_gadget(rndis_opts->net, cdev->gadget); status = gether_register_netdev(rndis_opts->net); if (status) - goto fail; + return status; rndis_opts->bound = true; } us = usb_gstrings_attach(cdev, rndis_strings, ARRAY_SIZE(rndis_string_defs)); - if (IS_ERR(us)) { - status = PTR_ERR(us); - goto fail; - } + if (IS_ERR(us)) + return PTR_ERR(us); rndis_control_intf.iInterface = us[0].id; rndis_data_intf.iInterface = us[1].id; rndis_iad_descriptor.iFunction = us[2].id; @@ -709,36 +708,30 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) /* allocate instance-specific interface IDs */ status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; rndis->ctrl_id = status; rndis_iad_descriptor.bFirstInterface = status; rndis_control_intf.bInterfaceNumber = status; rndis_union_desc.bMasterInterface0 = status; - if (cdev->use_os_string) - f->os_desc_table[0].if_id = - rndis_iad_descriptor.bFirstInterface; - status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; rndis->data_id = status; rndis_data_intf.bInterfaceNumber = status; rndis_union_desc.bSlaveInterface0 = status; - status = -ENODEV; - /* allocate instance-specific endpoints */ ep = usb_ep_autoconfig(cdev->gadget, &fs_in_desc); if (!ep) - goto fail; + return -ENODEV; rndis->port.in_ep = ep; ep = usb_ep_autoconfig(cdev->gadget, &fs_out_desc); if (!ep) - goto fail; + return -ENODEV; rndis->port.out_ep = ep; /* NOTE: a status/notification endpoint is, strictly speaking, @@ -747,21 +740,19 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) */ ep = usb_ep_autoconfig(cdev->gadget, &fs_notify_desc); if (!ep) - goto fail; + return -ENODEV; rndis->notify = ep; - status = -ENOMEM; - /* allocate notification request and buffer */ - rndis->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL); - if (!rndis->notify_req) - goto fail; - rndis->notify_req->buf = kmalloc(STATUS_BYTECOUNT, GFP_KERNEL); - if (!rndis->notify_req->buf) - goto fail; - rndis->notify_req->length = STATUS_BYTECOUNT; - rndis->notify_req->context = rndis; - rndis->notify_req->complete = rndis_response_complete; + request = usb_ep_alloc_request(ep, GFP_KERNEL); + if (!request) + return -ENOMEM; + request->buf = kmalloc(STATUS_BYTECOUNT, GFP_KERNEL); + if (!request->buf) + return -ENOMEM; + request->length = STATUS_BYTECOUNT; + request->context = rndis; + request->complete = rndis_response_complete; /* support all relevant hardware speeds... we expect that when * hardware is dual speed, all bulk-capable endpoints work at @@ -778,7 +769,7 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) status = usb_assign_descriptors(f, eth_fs_function, eth_hs_function, eth_ss_function, eth_ss_function); if (status) - goto fail; + return status; rndis->port.open = rndis_open; rndis->port.close = rndis_close; @@ -789,10 +780,19 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) if (rndis->manufacturer && rndis->vendorID && rndis_set_param_vendor(rndis->params, rndis->vendorID, rndis->manufacturer)) { - status = -EINVAL; - goto fail_free_descs; + usb_free_all_descriptors(f); + return -EINVAL; } + if (cdev->use_os_string) { + os_desc_table[0].os_desc = &rndis_opts->rndis_os_desc; + os_desc_table[0].if_id = rndis_iad_descriptor.bFirstInterface; + f->os_desc_table = no_free_ptr(os_desc_table); + f->os_desc_n = 1; + + } + rndis->notify_req = no_free_ptr(request); + /* NOTE: all that is done without knowing or caring about * the network link ... which is unavailable to this code * until we're activated via set_alt(). @@ -802,21 +802,6 @@ rndis_bind(struct usb_configuration *c, struct usb_function *f) rndis->port.in_ep->name, rndis->port.out_ep->name, rndis->notify->name); return 0; - -fail_free_descs: - usb_free_all_descriptors(f); -fail: - kfree(f->os_desc_table); - f->os_desc_n = 0; - - if (rndis->notify_req) { - kfree(rndis->notify_req->buf); - usb_ep_free_request(rndis->notify, rndis->notify_req); - } - - ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); - - return status; } void rndis_borrow_net(struct usb_function_instance *f, struct net_device *net)

1 week, 2 days

2
3
0 0

FAILED: patch "[PATCH] usb: gadget: f_ecm: Refactor bind path to use __free()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 42988380ac67c76bb9dff8f77d7ef3eefd50b7b5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101600-epidemic-bleak-5192@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 42988380ac67c76bb9dff8f77d7ef3eefd50b7b5 Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Tue, 16 Sep 2025 16:21:36 +0800 Subject: [PATCH] usb: gadget: f_ecm: Refactor bind path to use __free() After an bind/unbind cycle, the ecm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Fixes: da741b8c56d6 ("usb ethernet gadget: split CDC Ethernet function") Cc: stable(a)kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250916-ready-v1-5-4997bf277548@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Link: https://lore.kernel.org/r/20250916-ready-v1-5-4997bf277548@google.com diff --git a/drivers/usb/gadget/function/f_ecm.c b/drivers/usb/gadget/function/f_ecm.c index 027226325039..675d2bc538a4 100644 --- a/drivers/usb/gadget/function/f_ecm.c +++ b/drivers/usb/gadget/function/f_ecm.c @@ -8,6 +8,7 @@ /* #define VERBOSE_DEBUG */ +#include <linux/cleanup.h> #include <linux/slab.h> #include <linux/kernel.h> #include <linux/module.h> @@ -15,6 +16,8 @@ #include <linux/etherdevice.h> #include <linux/string_choices.h> +#include <linux/usb/gadget.h> + #include "u_ether.h" #include "u_ether_configfs.h" #include "u_ecm.h" @@ -678,6 +681,7 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) struct usb_ep *ep; struct f_ecm_opts *ecm_opts; + struct usb_request *request __free(free_usb_request) = NULL; if (!can_support_ecm(cdev->gadget)) return -EINVAL; @@ -711,7 +715,7 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) /* allocate instance-specific interface IDs */ status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; ecm->ctrl_id = status; ecm_iad_descriptor.bFirstInterface = status; @@ -720,24 +724,22 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; ecm->data_id = status; ecm_data_nop_intf.bInterfaceNumber = status; ecm_data_intf.bInterfaceNumber = status; ecm_union_desc.bSlaveInterface0 = status; - status = -ENODEV; - /* allocate instance-specific endpoints */ ep = usb_ep_autoconfig(cdev->gadget, &fs_ecm_in_desc); if (!ep) - goto fail; + return -ENODEV; ecm->port.in_ep = ep; ep = usb_ep_autoconfig(cdev->gadget, &fs_ecm_out_desc); if (!ep) - goto fail; + return -ENODEV; ecm->port.out_ep = ep; /* NOTE: a status/notification endpoint is *OPTIONAL* but we @@ -746,20 +748,18 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) */ ep = usb_ep_autoconfig(cdev->gadget, &fs_ecm_notify_desc); if (!ep) - goto fail; + return -ENODEV; ecm->notify = ep; - status = -ENOMEM; - /* allocate notification request and buffer */ - ecm->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL); - if (!ecm->notify_req) - goto fail; - ecm->notify_req->buf = kmalloc(ECM_STATUS_BYTECOUNT, GFP_KERNEL); - if (!ecm->notify_req->buf) - goto fail; - ecm->notify_req->context = ecm; - ecm->notify_req->complete = ecm_notify_complete; + request = usb_ep_alloc_request(ep, GFP_KERNEL); + if (!request) + return -ENOMEM; + request->buf = kmalloc(ECM_STATUS_BYTECOUNT, GFP_KERNEL); + if (!request->buf) + return -ENOMEM; + request->context = ecm; + request->complete = ecm_notify_complete; /* support all relevant hardware speeds... we expect that when * hardware is dual speed, all bulk-capable endpoints work at @@ -778,7 +778,7 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_assign_descriptors(f, ecm_fs_function, ecm_hs_function, ecm_ss_function, ecm_ss_function); if (status) - goto fail; + return status; /* NOTE: all that is done without knowing or caring about * the network link ... which is unavailable to this code @@ -788,20 +788,12 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) ecm->port.open = ecm_open; ecm->port.close = ecm_close; + ecm->notify_req = no_free_ptr(request); + DBG(cdev, "CDC Ethernet: IN/%s OUT/%s NOTIFY/%s\n", ecm->port.in_ep->name, ecm->port.out_ep->name, ecm->notify->name); return 0; - -fail: - if (ecm->notify_req) { - kfree(ecm->notify_req->buf); - usb_ep_free_request(ecm->notify, ecm->notify_req); - } - - ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); - - return status; } static inline struct f_ecm_opts *to_f_ecm_opts(struct config_item *item)

1 week, 2 days

2
3
0 0

FAILED: patch "[PATCH] usb: gadget: f_acm: Refactor bind path to use __free()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 47b2116e54b4a854600341487e8b55249e926324 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101615-womb-deskbound-19cd@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47b2116e54b4a854600341487e8b55249e926324 Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Tue, 16 Sep 2025 16:21:35 +0800 Subject: [PATCH] usb: gadget: f_acm: Refactor bind path to use __free() After an bind/unbind cycle, the acm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 Call trace: usb_ep_free_request+0x2c/0xec gs_free_req+0x30/0x44 acm_bind+0x1b8/0x1f4 usb_add_function+0xcc/0x1f0 configfs_composite_bind+0x468/0x588 gadget_bind_driver+0x104/0x270 really_probe+0x190/0x374 __driver_probe_device+0xa0/0x12c driver_probe_device+0x3c/0x218 __device_attach_driver+0x14c/0x188 bus_for_each_drv+0x10c/0x168 __device_attach+0xfc/0x198 device_initial_probe+0x14/0x24 bus_probe_device+0x94/0x11c device_add+0x268/0x48c usb_add_gadget+0x198/0x28c dwc3_gadget_init+0x700/0x858 __dwc3_set_mode+0x3cc/0x664 process_scheduled_works+0x1d8/0x488 worker_thread+0x244/0x334 kthread+0x114/0x1bc ret_from_fork+0x10/0x20 Fixes: 1f1ba11b6494 ("usb gadget: issue notifications from ACM function") Cc: stable(a)kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250916-ready-v1-4-4997bf277548@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Link: https://lore.kernel.org/r/20250916-ready-v1-4-4997bf277548@google.com diff --git a/drivers/usb/gadget/function/f_acm.c b/drivers/usb/gadget/function/f_acm.c index 7061720b9732..106046e17c4e 100644 --- a/drivers/usb/gadget/function/f_acm.c +++ b/drivers/usb/gadget/function/f_acm.c @@ -11,12 +11,15 @@ /* #define VERBOSE_DEBUG */ +#include <linux/cleanup.h> #include <linux/slab.h> #include <linux/kernel.h> #include <linux/module.h> #include <linux/device.h> #include <linux/err.h> +#include <linux/usb/gadget.h> + #include "u_serial.h" @@ -613,6 +616,7 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) struct usb_string *us; int status; struct usb_ep *ep; + struct usb_request *request __free(free_usb_request) = NULL; /* REVISIT might want instance-specific strings to help * distinguish instances ... @@ -630,7 +634,7 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) /* allocate instance-specific interface IDs, and patch descriptors */ status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; acm->ctrl_id = status; acm_iad_descriptor.bFirstInterface = status; @@ -639,43 +643,41 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; acm->data_id = status; acm_data_interface_desc.bInterfaceNumber = status; acm_union_desc.bSlaveInterface0 = status; acm_call_mgmt_descriptor.bDataInterface = status; - status = -ENODEV; - /* allocate instance-specific endpoints */ ep = usb_ep_autoconfig(cdev->gadget, &acm_fs_in_desc); if (!ep) - goto fail; + return -ENODEV; acm->port.in = ep; ep = usb_ep_autoconfig(cdev->gadget, &acm_fs_out_desc); if (!ep) - goto fail; + return -ENODEV; acm->port.out = ep; ep = usb_ep_autoconfig(cdev->gadget, &acm_fs_notify_desc); if (!ep) - goto fail; + return -ENODEV; acm->notify = ep; acm_iad_descriptor.bFunctionProtocol = acm->bInterfaceProtocol; acm_control_interface_desc.bInterfaceProtocol = acm->bInterfaceProtocol; /* allocate notification */ - acm->notify_req = gs_alloc_req(ep, - sizeof(struct usb_cdc_notification) + 2, - GFP_KERNEL); - if (!acm->notify_req) - goto fail; + request = gs_alloc_req(ep, + sizeof(struct usb_cdc_notification) + 2, + GFP_KERNEL); + if (!request) + return -ENODEV; - acm->notify_req->complete = acm_cdc_notify_complete; - acm->notify_req->context = acm; + request->complete = acm_cdc_notify_complete; + request->context = acm; /* support all relevant hardware speeds... we expect that when * hardware is dual speed, all bulk-capable endpoints work at @@ -692,7 +694,9 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_assign_descriptors(f, acm_fs_function, acm_hs_function, acm_ss_function, acm_ss_function); if (status) - goto fail; + return status; + + acm->notify_req = no_free_ptr(request); dev_dbg(&cdev->gadget->dev, "acm ttyGS%d: IN/%s OUT/%s NOTIFY/%s\n", @@ -700,14 +704,6 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) acm->port.in->name, acm->port.out->name, acm->notify->name); return 0; - -fail: - if (acm->notify_req) - gs_free_req(acm->notify, acm->notify_req); - - ERROR(cdev, "%s/%p: can't bind, err %d\n", f->name, f, status); - - return status; } static void acm_unbind(struct usb_configuration *c, struct usb_function *f)

1 week, 2 days

2
3
0 0

FAILED: patch "[PATCH] usb: gadget: f_ncm: Refactor bind path to use __free()" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 75a5b8d4ddd4eb6b16cb0b475d14ff4ae64295ef # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101658-deafening-erasable-d73e@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 75a5b8d4ddd4eb6b16cb0b475d14ff4ae64295ef Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Tue, 16 Sep 2025 16:21:34 +0800 Subject: [PATCH] usb: gadget: f_ncm: Refactor bind path to use __free() After an bind/unbind cycle, the ncm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 Call trace: usb_ep_free_request+0x2c/0xec ncm_bind+0x39c/0x3dc usb_add_function+0xcc/0x1f0 configfs_composite_bind+0x468/0x588 gadget_bind_driver+0x104/0x270 really_probe+0x190/0x374 __driver_probe_device+0xa0/0x12c driver_probe_device+0x3c/0x218 __device_attach_driver+0x14c/0x188 bus_for_each_drv+0x10c/0x168 __device_attach+0xfc/0x198 device_initial_probe+0x14/0x24 bus_probe_device+0x94/0x11c device_add+0x268/0x48c usb_add_gadget+0x198/0x28c dwc3_gadget_init+0x700/0x858 __dwc3_set_mode+0x3cc/0x664 process_scheduled_works+0x1d8/0x488 worker_thread+0x244/0x334 kthread+0x114/0x1bc ret_from_fork+0x10/0x20 Fixes: 9f6ce4240a2b ("usb: gadget: f_ncm.c added") Cc: stable(a)kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250916-ready-v1-3-4997bf277548@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Link: https://lore.kernel.org/r/20250916-ready-v1-3-4997bf277548@google.com diff --git a/drivers/usb/gadget/function/f_ncm.c b/drivers/usb/gadget/function/f_ncm.c index 58b0dd575af3..0148d60926dc 100644 --- a/drivers/usb/gadget/function/f_ncm.c +++ b/drivers/usb/gadget/function/f_ncm.c @@ -11,6 +11,7 @@ * Copyright (C) 2008 Nokia Corporation */ +#include <linux/cleanup.h> #include <linux/kernel.h> #include <linux/interrupt.h> #include <linux/module.h> @@ -20,6 +21,7 @@ #include <linux/string_choices.h> #include <linux/usb/cdc.h> +#include <linux/usb/gadget.h> #include "u_ether.h" #include "u_ether_configfs.h" @@ -1436,18 +1438,18 @@ static int ncm_bind(struct usb_configuration *c, struct usb_function *f) struct usb_ep *ep; struct f_ncm_opts *ncm_opts; + struct usb_os_desc_table *os_desc_table __free(kfree) = NULL; + struct usb_request *request __free(free_usb_request) = NULL; + if (!can_support_ecm(cdev->gadget)) return -EINVAL; ncm_opts = container_of(f->fi, struct f_ncm_opts, func_inst); if (cdev->use_os_string) { - f->os_desc_table = kzalloc(sizeof(*f->os_desc_table), - GFP_KERNEL); - if (!f->os_desc_table) + os_desc_table = kzalloc(sizeof(*os_desc_table), GFP_KERNEL); + if (!os_desc_table) return -ENOMEM; - f->os_desc_n = 1; - f->os_desc_table[0].os_desc = &ncm_opts->ncm_os_desc; } mutex_lock(&ncm_opts->lock); @@ -1459,16 +1461,15 @@ static int ncm_bind(struct usb_configuration *c, struct usb_function *f) mutex_unlock(&ncm_opts->lock); if (status) - goto fail; + return status; ncm_opts->bound = true; us = usb_gstrings_attach(cdev, ncm_strings, ARRAY_SIZE(ncm_string_defs)); - if (IS_ERR(us)) { - status = PTR_ERR(us); - goto fail; - } + if (IS_ERR(us)) + return PTR_ERR(us); + ncm_control_intf.iInterface = us[STRING_CTRL_IDX].id; ncm_data_nop_intf.iInterface = us[STRING_DATA_IDX].id; ncm_data_intf.iInterface = us[STRING_DATA_IDX].id; @@ -1478,20 +1479,16 @@ static int ncm_bind(struct usb_configuration *c, struct usb_function *f) /* allocate instance-specific interface IDs */ status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; ncm->ctrl_id = status; ncm_iad_desc.bFirstInterface = status; ncm_control_intf.bInterfaceNumber = status; ncm_union_desc.bMasterInterface0 = status; - if (cdev->use_os_string) - f->os_desc_table[0].if_id = - ncm_iad_desc.bFirstInterface; - status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; ncm->data_id = status; ncm_data_nop_intf.bInterfaceNumber = status; @@ -1500,35 +1497,31 @@ static int ncm_bind(struct usb_configuration *c, struct usb_function *f) ecm_desc.wMaxSegmentSize = cpu_to_le16(ncm_opts->max_segment_size); - status = -ENODEV; - /* allocate instance-specific endpoints */ ep = usb_ep_autoconfig(cdev->gadget, &fs_ncm_in_desc); if (!ep) - goto fail; + return -ENODEV; ncm->port.in_ep = ep; ep = usb_ep_autoconfig(cdev->gadget, &fs_ncm_out_desc); if (!ep) - goto fail; + return -ENODEV; ncm->port.out_ep = ep; ep = usb_ep_autoconfig(cdev->gadget, &fs_ncm_notify_desc); if (!ep) - goto fail; + return -ENODEV; ncm->notify = ep; - status = -ENOMEM; - /* allocate notification request and buffer */ - ncm->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL); - if (!ncm->notify_req) - goto fail; - ncm->notify_req->buf = kmalloc(NCM_STATUS_BYTECOUNT, GFP_KERNEL); - if (!ncm->notify_req->buf) - goto fail; - ncm->notify_req->context = ncm; - ncm->notify_req->complete = ncm_notify_complete; + request = usb_ep_alloc_request(ep, GFP_KERNEL); + if (!request) + return -ENOMEM; + request->buf = kmalloc(NCM_STATUS_BYTECOUNT, GFP_KERNEL); + if (!request->buf) + return -ENOMEM; + request->context = ncm; + request->complete = ncm_notify_complete; /* * support all relevant hardware speeds... we expect that when @@ -1548,7 +1541,7 @@ static int ncm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_assign_descriptors(f, ncm_fs_function, ncm_hs_function, ncm_ss_function, ncm_ss_function); if (status) - goto fail; + return status; /* * NOTE: all that is done without knowing or caring about @@ -1561,23 +1554,18 @@ static int ncm_bind(struct usb_configuration *c, struct usb_function *f) hrtimer_setup(&ncm->task_timer, ncm_tx_timeout, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); + if (cdev->use_os_string) { + os_desc_table[0].os_desc = &ncm_opts->ncm_os_desc; + os_desc_table[0].if_id = ncm_iad_desc.bFirstInterface; + f->os_desc_table = no_free_ptr(os_desc_table); + f->os_desc_n = 1; + } + ncm->notify_req = no_free_ptr(request); + DBG(cdev, "CDC Network: IN/%s OUT/%s NOTIFY/%s\n", ncm->port.in_ep->name, ncm->port.out_ep->name, ncm->notify->name); return 0; - -fail: - kfree(f->os_desc_table); - f->os_desc_n = 0; - - if (ncm->notify_req) { - kfree(ncm->notify_req->buf); - usb_ep_free_request(ncm->notify, ncm->notify_req); - } - - ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); - - return status; } static inline struct f_ncm_opts *to_f_ncm_opts(struct config_item *item)

1 week, 2 days

2
3
0 0

[PATCH] Input: pegasus-notetaker - fix out-of-bounds access vulnerability in pegasus_parse_packet() function of the pegasus driver

by pip-izony

From: Seungjin Bae <eeodqql09(a)gmail.com> In the pegasus_notetaker driver, the pegasus_probe() function allocates the URB transfer buffer using the wMaxPacketSize value from the endpoint descriptor. An attacker can use a malicious USB descriptor to force the allocation of a very small buffer. Subsequently, if the device sends an interrupt packet with a specific pattern (e.g., where the first byte is 0x80 or 0x42), the pegasus_parse_packet() function parses the packet without checking the allocated buffer size. This leads to an out-of-bounds memory access, which could result in a system panic. Fixes: 948bf18 ("Input: remove third argument of usb_maxpacket()") Signed-off-by: Seungjin Bae <eeodqql09(a)gmail.com> --- drivers/input/tablet/pegasus_notetaker.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/drivers/input/tablet/pegasus_notetaker.c b/drivers/input/tablet/pegasus_notetaker.c index 8d6b71d59793..6c4199712a4e 100644 --- a/drivers/input/tablet/pegasus_notetaker.c +++ b/drivers/input/tablet/pegasus_notetaker.c @@ -311,6 +311,11 @@ static int pegasus_probe(struct usb_interface *intf, } pegasus->data_len = usb_maxpacket(dev, pipe); + if (pegasus->data_len < 5) { + dev_err(&intf->dev, "Invalid number of wMaxPacketSize\n"); + error = -EINVAL; + goto err_free_mem; + } pegasus->data = usb_alloc_coherent(dev, pegasus->data_len, GFP_KERNEL, &pegasus->data_dma); -- 2.43.0

1 week, 2 days

4
4
0 0

FAILED: patch "[PATCH] usb: gadget: f_ecm: Refactor bind path to use __free()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 42988380ac67c76bb9dff8f77d7ef3eefd50b7b5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101641-passcode-sanitizer-19b3@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 42988380ac67c76bb9dff8f77d7ef3eefd50b7b5 Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Tue, 16 Sep 2025 16:21:36 +0800 Subject: [PATCH] usb: gadget: f_ecm: Refactor bind path to use __free() After an bind/unbind cycle, the ecm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Fixes: da741b8c56d6 ("usb ethernet gadget: split CDC Ethernet function") Cc: stable(a)kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250916-ready-v1-5-4997bf277548@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Link: https://lore.kernel.org/r/20250916-ready-v1-5-4997bf277548@google.com diff --git a/drivers/usb/gadget/function/f_ecm.c b/drivers/usb/gadget/function/f_ecm.c index 027226325039..675d2bc538a4 100644 --- a/drivers/usb/gadget/function/f_ecm.c +++ b/drivers/usb/gadget/function/f_ecm.c @@ -8,6 +8,7 @@ /* #define VERBOSE_DEBUG */ +#include <linux/cleanup.h> #include <linux/slab.h> #include <linux/kernel.h> #include <linux/module.h> @@ -15,6 +16,8 @@ #include <linux/etherdevice.h> #include <linux/string_choices.h> +#include <linux/usb/gadget.h> + #include "u_ether.h" #include "u_ether_configfs.h" #include "u_ecm.h" @@ -678,6 +681,7 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) struct usb_ep *ep; struct f_ecm_opts *ecm_opts; + struct usb_request *request __free(free_usb_request) = NULL; if (!can_support_ecm(cdev->gadget)) return -EINVAL; @@ -711,7 +715,7 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) /* allocate instance-specific interface IDs */ status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; ecm->ctrl_id = status; ecm_iad_descriptor.bFirstInterface = status; @@ -720,24 +724,22 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; ecm->data_id = status; ecm_data_nop_intf.bInterfaceNumber = status; ecm_data_intf.bInterfaceNumber = status; ecm_union_desc.bSlaveInterface0 = status; - status = -ENODEV; - /* allocate instance-specific endpoints */ ep = usb_ep_autoconfig(cdev->gadget, &fs_ecm_in_desc); if (!ep) - goto fail; + return -ENODEV; ecm->port.in_ep = ep; ep = usb_ep_autoconfig(cdev->gadget, &fs_ecm_out_desc); if (!ep) - goto fail; + return -ENODEV; ecm->port.out_ep = ep; /* NOTE: a status/notification endpoint is *OPTIONAL* but we @@ -746,20 +748,18 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) */ ep = usb_ep_autoconfig(cdev->gadget, &fs_ecm_notify_desc); if (!ep) - goto fail; + return -ENODEV; ecm->notify = ep; - status = -ENOMEM; - /* allocate notification request and buffer */ - ecm->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL); - if (!ecm->notify_req) - goto fail; - ecm->notify_req->buf = kmalloc(ECM_STATUS_BYTECOUNT, GFP_KERNEL); - if (!ecm->notify_req->buf) - goto fail; - ecm->notify_req->context = ecm; - ecm->notify_req->complete = ecm_notify_complete; + request = usb_ep_alloc_request(ep, GFP_KERNEL); + if (!request) + return -ENOMEM; + request->buf = kmalloc(ECM_STATUS_BYTECOUNT, GFP_KERNEL); + if (!request->buf) + return -ENOMEM; + request->context = ecm; + request->complete = ecm_notify_complete; /* support all relevant hardware speeds... we expect that when * hardware is dual speed, all bulk-capable endpoints work at @@ -778,7 +778,7 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_assign_descriptors(f, ecm_fs_function, ecm_hs_function, ecm_ss_function, ecm_ss_function); if (status) - goto fail; + return status; /* NOTE: all that is done without knowing or caring about * the network link ... which is unavailable to this code @@ -788,20 +788,12 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) ecm->port.open = ecm_open; ecm->port.close = ecm_close; + ecm->notify_req = no_free_ptr(request); + DBG(cdev, "CDC Ethernet: IN/%s OUT/%s NOTIFY/%s\n", ecm->port.in_ep->name, ecm->port.out_ep->name, ecm->notify->name); return 0; - -fail: - if (ecm->notify_req) { - kfree(ecm->notify_req->buf); - usb_ep_free_request(ecm->notify, ecm->notify_req); - } - - ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); - - return status; } static inline struct f_ecm_opts *to_f_ecm_opts(struct config_item *item)

1 week, 2 days

2
3
0 0

FAILED: patch "[PATCH] usb: gadget: f_ecm: Refactor bind path to use __free()" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 42988380ac67c76bb9dff8f77d7ef3eefd50b7b5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101641-spousal-accuracy-d282@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 42988380ac67c76bb9dff8f77d7ef3eefd50b7b5 Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Tue, 16 Sep 2025 16:21:36 +0800 Subject: [PATCH] usb: gadget: f_ecm: Refactor bind path to use __free() After an bind/unbind cycle, the ecm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Fixes: da741b8c56d6 ("usb ethernet gadget: split CDC Ethernet function") Cc: stable(a)kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250916-ready-v1-5-4997bf277548@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Link: https://lore.kernel.org/r/20250916-ready-v1-5-4997bf277548@google.com diff --git a/drivers/usb/gadget/function/f_ecm.c b/drivers/usb/gadget/function/f_ecm.c index 027226325039..675d2bc538a4 100644 --- a/drivers/usb/gadget/function/f_ecm.c +++ b/drivers/usb/gadget/function/f_ecm.c @@ -8,6 +8,7 @@ /* #define VERBOSE_DEBUG */ +#include <linux/cleanup.h> #include <linux/slab.h> #include <linux/kernel.h> #include <linux/module.h> @@ -15,6 +16,8 @@ #include <linux/etherdevice.h> #include <linux/string_choices.h> +#include <linux/usb/gadget.h> + #include "u_ether.h" #include "u_ether_configfs.h" #include "u_ecm.h" @@ -678,6 +681,7 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) struct usb_ep *ep; struct f_ecm_opts *ecm_opts; + struct usb_request *request __free(free_usb_request) = NULL; if (!can_support_ecm(cdev->gadget)) return -EINVAL; @@ -711,7 +715,7 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) /* allocate instance-specific interface IDs */ status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; ecm->ctrl_id = status; ecm_iad_descriptor.bFirstInterface = status; @@ -720,24 +724,22 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; ecm->data_id = status; ecm_data_nop_intf.bInterfaceNumber = status; ecm_data_intf.bInterfaceNumber = status; ecm_union_desc.bSlaveInterface0 = status; - status = -ENODEV; - /* allocate instance-specific endpoints */ ep = usb_ep_autoconfig(cdev->gadget, &fs_ecm_in_desc); if (!ep) - goto fail; + return -ENODEV; ecm->port.in_ep = ep; ep = usb_ep_autoconfig(cdev->gadget, &fs_ecm_out_desc); if (!ep) - goto fail; + return -ENODEV; ecm->port.out_ep = ep; /* NOTE: a status/notification endpoint is *OPTIONAL* but we @@ -746,20 +748,18 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) */ ep = usb_ep_autoconfig(cdev->gadget, &fs_ecm_notify_desc); if (!ep) - goto fail; + return -ENODEV; ecm->notify = ep; - status = -ENOMEM; - /* allocate notification request and buffer */ - ecm->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL); - if (!ecm->notify_req) - goto fail; - ecm->notify_req->buf = kmalloc(ECM_STATUS_BYTECOUNT, GFP_KERNEL); - if (!ecm->notify_req->buf) - goto fail; - ecm->notify_req->context = ecm; - ecm->notify_req->complete = ecm_notify_complete; + request = usb_ep_alloc_request(ep, GFP_KERNEL); + if (!request) + return -ENOMEM; + request->buf = kmalloc(ECM_STATUS_BYTECOUNT, GFP_KERNEL); + if (!request->buf) + return -ENOMEM; + request->context = ecm; + request->complete = ecm_notify_complete; /* support all relevant hardware speeds... we expect that when * hardware is dual speed, all bulk-capable endpoints work at @@ -778,7 +778,7 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_assign_descriptors(f, ecm_fs_function, ecm_hs_function, ecm_ss_function, ecm_ss_function); if (status) - goto fail; + return status; /* NOTE: all that is done without knowing or caring about * the network link ... which is unavailable to this code @@ -788,20 +788,12 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) ecm->port.open = ecm_open; ecm->port.close = ecm_close; + ecm->notify_req = no_free_ptr(request); + DBG(cdev, "CDC Ethernet: IN/%s OUT/%s NOTIFY/%s\n", ecm->port.in_ep->name, ecm->port.out_ep->name, ecm->notify->name); return 0; - -fail: - if (ecm->notify_req) { - kfree(ecm->notify_req->buf); - usb_ep_free_request(ecm->notify, ecm->notify_req); - } - - ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); - - return status; } static inline struct f_ecm_opts *to_f_ecm_opts(struct config_item *item)

1 week, 2 days

2
3
0 0

FAILED: patch "[PATCH] usb: gadget: f_acm: Refactor bind path to use __free()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 47b2116e54b4a854600341487e8b55249e926324 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101615-stiffen-concave-05cc@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47b2116e54b4a854600341487e8b55249e926324 Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Tue, 16 Sep 2025 16:21:35 +0800 Subject: [PATCH] usb: gadget: f_acm: Refactor bind path to use __free() After an bind/unbind cycle, the acm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 Call trace: usb_ep_free_request+0x2c/0xec gs_free_req+0x30/0x44 acm_bind+0x1b8/0x1f4 usb_add_function+0xcc/0x1f0 configfs_composite_bind+0x468/0x588 gadget_bind_driver+0x104/0x270 really_probe+0x190/0x374 __driver_probe_device+0xa0/0x12c driver_probe_device+0x3c/0x218 __device_attach_driver+0x14c/0x188 bus_for_each_drv+0x10c/0x168 __device_attach+0xfc/0x198 device_initial_probe+0x14/0x24 bus_probe_device+0x94/0x11c device_add+0x268/0x48c usb_add_gadget+0x198/0x28c dwc3_gadget_init+0x700/0x858 __dwc3_set_mode+0x3cc/0x664 process_scheduled_works+0x1d8/0x488 worker_thread+0x244/0x334 kthread+0x114/0x1bc ret_from_fork+0x10/0x20 Fixes: 1f1ba11b6494 ("usb gadget: issue notifications from ACM function") Cc: stable(a)kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250916-ready-v1-4-4997bf277548@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Link: https://lore.kernel.org/r/20250916-ready-v1-4-4997bf277548@google.com diff --git a/drivers/usb/gadget/function/f_acm.c b/drivers/usb/gadget/function/f_acm.c index 7061720b9732..106046e17c4e 100644 --- a/drivers/usb/gadget/function/f_acm.c +++ b/drivers/usb/gadget/function/f_acm.c @@ -11,12 +11,15 @@ /* #define VERBOSE_DEBUG */ +#include <linux/cleanup.h> #include <linux/slab.h> #include <linux/kernel.h> #include <linux/module.h> #include <linux/device.h> #include <linux/err.h> +#include <linux/usb/gadget.h> + #include "u_serial.h" @@ -613,6 +616,7 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) struct usb_string *us; int status; struct usb_ep *ep; + struct usb_request *request __free(free_usb_request) = NULL; /* REVISIT might want instance-specific strings to help * distinguish instances ... @@ -630,7 +634,7 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) /* allocate instance-specific interface IDs, and patch descriptors */ status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; acm->ctrl_id = status; acm_iad_descriptor.bFirstInterface = status; @@ -639,43 +643,41 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; acm->data_id = status; acm_data_interface_desc.bInterfaceNumber = status; acm_union_desc.bSlaveInterface0 = status; acm_call_mgmt_descriptor.bDataInterface = status; - status = -ENODEV; - /* allocate instance-specific endpoints */ ep = usb_ep_autoconfig(cdev->gadget, &acm_fs_in_desc); if (!ep) - goto fail; + return -ENODEV; acm->port.in = ep; ep = usb_ep_autoconfig(cdev->gadget, &acm_fs_out_desc); if (!ep) - goto fail; + return -ENODEV; acm->port.out = ep; ep = usb_ep_autoconfig(cdev->gadget, &acm_fs_notify_desc); if (!ep) - goto fail; + return -ENODEV; acm->notify = ep; acm_iad_descriptor.bFunctionProtocol = acm->bInterfaceProtocol; acm_control_interface_desc.bInterfaceProtocol = acm->bInterfaceProtocol; /* allocate notification */ - acm->notify_req = gs_alloc_req(ep, - sizeof(struct usb_cdc_notification) + 2, - GFP_KERNEL); - if (!acm->notify_req) - goto fail; + request = gs_alloc_req(ep, + sizeof(struct usb_cdc_notification) + 2, + GFP_KERNEL); + if (!request) + return -ENODEV; - acm->notify_req->complete = acm_cdc_notify_complete; - acm->notify_req->context = acm; + request->complete = acm_cdc_notify_complete; + request->context = acm; /* support all relevant hardware speeds... we expect that when * hardware is dual speed, all bulk-capable endpoints work at @@ -692,7 +694,9 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_assign_descriptors(f, acm_fs_function, acm_hs_function, acm_ss_function, acm_ss_function); if (status) - goto fail; + return status; + + acm->notify_req = no_free_ptr(request); dev_dbg(&cdev->gadget->dev, "acm ttyGS%d: IN/%s OUT/%s NOTIFY/%s\n", @@ -700,14 +704,6 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) acm->port.in->name, acm->port.out->name, acm->notify->name); return 0; - -fail: - if (acm->notify_req) - gs_free_req(acm->notify, acm->notify_req); - - ERROR(cdev, "%s/%p: can't bind, err %d\n", f->name, f, status); - - return status; } static void acm_unbind(struct usb_configuration *c, struct usb_function *f)

1 week, 2 days

2
3
0 0

FAILED: patch "[PATCH] usb: gadget: f_ecm: Refactor bind path to use __free()" failed to apply to 6.17-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.17-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.17.y git checkout FETCH_HEAD git cherry-pick -x 42988380ac67c76bb9dff8f77d7ef3eefd50b7b5 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101640-mastiff-grimace-b0aa@gregkh' --subject-prefix 'PATCH 6.17.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 42988380ac67c76bb9dff8f77d7ef3eefd50b7b5 Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Tue, 16 Sep 2025 16:21:36 +0800 Subject: [PATCH] usb: gadget: f_ecm: Refactor bind path to use __free() After an bind/unbind cycle, the ecm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Fixes: da741b8c56d6 ("usb ethernet gadget: split CDC Ethernet function") Cc: stable(a)kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250916-ready-v1-5-4997bf277548@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Link: https://lore.kernel.org/r/20250916-ready-v1-5-4997bf277548@google.com diff --git a/drivers/usb/gadget/function/f_ecm.c b/drivers/usb/gadget/function/f_ecm.c index 027226325039..675d2bc538a4 100644 --- a/drivers/usb/gadget/function/f_ecm.c +++ b/drivers/usb/gadget/function/f_ecm.c @@ -8,6 +8,7 @@ /* #define VERBOSE_DEBUG */ +#include <linux/cleanup.h> #include <linux/slab.h> #include <linux/kernel.h> #include <linux/module.h> @@ -15,6 +16,8 @@ #include <linux/etherdevice.h> #include <linux/string_choices.h> +#include <linux/usb/gadget.h> + #include "u_ether.h" #include "u_ether_configfs.h" #include "u_ecm.h" @@ -678,6 +681,7 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) struct usb_ep *ep; struct f_ecm_opts *ecm_opts; + struct usb_request *request __free(free_usb_request) = NULL; if (!can_support_ecm(cdev->gadget)) return -EINVAL; @@ -711,7 +715,7 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) /* allocate instance-specific interface IDs */ status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; ecm->ctrl_id = status; ecm_iad_descriptor.bFirstInterface = status; @@ -720,24 +724,22 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; ecm->data_id = status; ecm_data_nop_intf.bInterfaceNumber = status; ecm_data_intf.bInterfaceNumber = status; ecm_union_desc.bSlaveInterface0 = status; - status = -ENODEV; - /* allocate instance-specific endpoints */ ep = usb_ep_autoconfig(cdev->gadget, &fs_ecm_in_desc); if (!ep) - goto fail; + return -ENODEV; ecm->port.in_ep = ep; ep = usb_ep_autoconfig(cdev->gadget, &fs_ecm_out_desc); if (!ep) - goto fail; + return -ENODEV; ecm->port.out_ep = ep; /* NOTE: a status/notification endpoint is *OPTIONAL* but we @@ -746,20 +748,18 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) */ ep = usb_ep_autoconfig(cdev->gadget, &fs_ecm_notify_desc); if (!ep) - goto fail; + return -ENODEV; ecm->notify = ep; - status = -ENOMEM; - /* allocate notification request and buffer */ - ecm->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL); - if (!ecm->notify_req) - goto fail; - ecm->notify_req->buf = kmalloc(ECM_STATUS_BYTECOUNT, GFP_KERNEL); - if (!ecm->notify_req->buf) - goto fail; - ecm->notify_req->context = ecm; - ecm->notify_req->complete = ecm_notify_complete; + request = usb_ep_alloc_request(ep, GFP_KERNEL); + if (!request) + return -ENOMEM; + request->buf = kmalloc(ECM_STATUS_BYTECOUNT, GFP_KERNEL); + if (!request->buf) + return -ENOMEM; + request->context = ecm; + request->complete = ecm_notify_complete; /* support all relevant hardware speeds... we expect that when * hardware is dual speed, all bulk-capable endpoints work at @@ -778,7 +778,7 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_assign_descriptors(f, ecm_fs_function, ecm_hs_function, ecm_ss_function, ecm_ss_function); if (status) - goto fail; + return status; /* NOTE: all that is done without knowing or caring about * the network link ... which is unavailable to this code @@ -788,20 +788,12 @@ ecm_bind(struct usb_configuration *c, struct usb_function *f) ecm->port.open = ecm_open; ecm->port.close = ecm_close; + ecm->notify_req = no_free_ptr(request); + DBG(cdev, "CDC Ethernet: IN/%s OUT/%s NOTIFY/%s\n", ecm->port.in_ep->name, ecm->port.out_ep->name, ecm->notify->name); return 0; - -fail: - if (ecm->notify_req) { - kfree(ecm->notify_req->buf); - usb_ep_free_request(ecm->notify, ecm->notify_req); - } - - ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); - - return status; } static inline struct f_ecm_opts *to_f_ecm_opts(struct config_item *item)

1 week, 2 days

2
3
0 0

FAILED: patch "[PATCH] usb: gadget: f_acm: Refactor bind path to use __free()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 47b2116e54b4a854600341487e8b55249e926324 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101618-margarita-stunt-1be5@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 47b2116e54b4a854600341487e8b55249e926324 Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Tue, 16 Sep 2025 16:21:35 +0800 Subject: [PATCH] usb: gadget: f_acm: Refactor bind path to use __free() After an bind/unbind cycle, the acm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 Call trace: usb_ep_free_request+0x2c/0xec gs_free_req+0x30/0x44 acm_bind+0x1b8/0x1f4 usb_add_function+0xcc/0x1f0 configfs_composite_bind+0x468/0x588 gadget_bind_driver+0x104/0x270 really_probe+0x190/0x374 __driver_probe_device+0xa0/0x12c driver_probe_device+0x3c/0x218 __device_attach_driver+0x14c/0x188 bus_for_each_drv+0x10c/0x168 __device_attach+0xfc/0x198 device_initial_probe+0x14/0x24 bus_probe_device+0x94/0x11c device_add+0x268/0x48c usb_add_gadget+0x198/0x28c dwc3_gadget_init+0x700/0x858 __dwc3_set_mode+0x3cc/0x664 process_scheduled_works+0x1d8/0x488 worker_thread+0x244/0x334 kthread+0x114/0x1bc ret_from_fork+0x10/0x20 Fixes: 1f1ba11b6494 ("usb gadget: issue notifications from ACM function") Cc: stable(a)kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250916-ready-v1-4-4997bf277548@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Link: https://lore.kernel.org/r/20250916-ready-v1-4-4997bf277548@google.com diff --git a/drivers/usb/gadget/function/f_acm.c b/drivers/usb/gadget/function/f_acm.c index 7061720b9732..106046e17c4e 100644 --- a/drivers/usb/gadget/function/f_acm.c +++ b/drivers/usb/gadget/function/f_acm.c @@ -11,12 +11,15 @@ /* #define VERBOSE_DEBUG */ +#include <linux/cleanup.h> #include <linux/slab.h> #include <linux/kernel.h> #include <linux/module.h> #include <linux/device.h> #include <linux/err.h> +#include <linux/usb/gadget.h> + #include "u_serial.h" @@ -613,6 +616,7 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) struct usb_string *us; int status; struct usb_ep *ep; + struct usb_request *request __free(free_usb_request) = NULL; /* REVISIT might want instance-specific strings to help * distinguish instances ... @@ -630,7 +634,7 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) /* allocate instance-specific interface IDs, and patch descriptors */ status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; acm->ctrl_id = status; acm_iad_descriptor.bFirstInterface = status; @@ -639,43 +643,41 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; acm->data_id = status; acm_data_interface_desc.bInterfaceNumber = status; acm_union_desc.bSlaveInterface0 = status; acm_call_mgmt_descriptor.bDataInterface = status; - status = -ENODEV; - /* allocate instance-specific endpoints */ ep = usb_ep_autoconfig(cdev->gadget, &acm_fs_in_desc); if (!ep) - goto fail; + return -ENODEV; acm->port.in = ep; ep = usb_ep_autoconfig(cdev->gadget, &acm_fs_out_desc); if (!ep) - goto fail; + return -ENODEV; acm->port.out = ep; ep = usb_ep_autoconfig(cdev->gadget, &acm_fs_notify_desc); if (!ep) - goto fail; + return -ENODEV; acm->notify = ep; acm_iad_descriptor.bFunctionProtocol = acm->bInterfaceProtocol; acm_control_interface_desc.bInterfaceProtocol = acm->bInterfaceProtocol; /* allocate notification */ - acm->notify_req = gs_alloc_req(ep, - sizeof(struct usb_cdc_notification) + 2, - GFP_KERNEL); - if (!acm->notify_req) - goto fail; + request = gs_alloc_req(ep, + sizeof(struct usb_cdc_notification) + 2, + GFP_KERNEL); + if (!request) + return -ENODEV; - acm->notify_req->complete = acm_cdc_notify_complete; - acm->notify_req->context = acm; + request->complete = acm_cdc_notify_complete; + request->context = acm; /* support all relevant hardware speeds... we expect that when * hardware is dual speed, all bulk-capable endpoints work at @@ -692,7 +694,9 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_assign_descriptors(f, acm_fs_function, acm_hs_function, acm_ss_function, acm_ss_function); if (status) - goto fail; + return status; + + acm->notify_req = no_free_ptr(request); dev_dbg(&cdev->gadget->dev, "acm ttyGS%d: IN/%s OUT/%s NOTIFY/%s\n", @@ -700,14 +704,6 @@ acm_bind(struct usb_configuration *c, struct usb_function *f) acm->port.in->name, acm->port.out->name, acm->notify->name); return 0; - -fail: - if (acm->notify_req) - gs_free_req(acm->notify, acm->notify_req); - - ERROR(cdev, "%s/%p: can't bind, err %d\n", f->name, f, status); - - return status; } static void acm_unbind(struct usb_configuration *c, struct usb_function *f)

1 week, 2 days

2
3
0 0

FAILED: patch "[PATCH] usb: gadget: f_ncm: Refactor bind path to use __free()" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 75a5b8d4ddd4eb6b16cb0b475d14ff4ae64295ef # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025101602-clumsily-lived-dd4b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 75a5b8d4ddd4eb6b16cb0b475d14ff4ae64295ef Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai <khtsai(a)google.com> Date: Tue, 16 Sep 2025 16:21:34 +0800 Subject: [PATCH] usb: gadget: f_ncm: Refactor bind path to use __free() After an bind/unbind cycle, the ncm->notify_req is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer dereference when accessing ep->ops->free_request. Refactor the error handling in the bind path to use the __free() automatic cleanup mechanism. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 Call trace: usb_ep_free_request+0x2c/0xec ncm_bind+0x39c/0x3dc usb_add_function+0xcc/0x1f0 configfs_composite_bind+0x468/0x588 gadget_bind_driver+0x104/0x270 really_probe+0x190/0x374 __driver_probe_device+0xa0/0x12c driver_probe_device+0x3c/0x218 __device_attach_driver+0x14c/0x188 bus_for_each_drv+0x10c/0x168 __device_attach+0xfc/0x198 device_initial_probe+0x14/0x24 bus_probe_device+0x94/0x11c device_add+0x268/0x48c usb_add_gadget+0x198/0x28c dwc3_gadget_init+0x700/0x858 __dwc3_set_mode+0x3cc/0x664 process_scheduled_works+0x1d8/0x488 worker_thread+0x244/0x334 kthread+0x114/0x1bc ret_from_fork+0x10/0x20 Fixes: 9f6ce4240a2b ("usb: gadget: f_ncm.c added") Cc: stable(a)kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> Link: https://lore.kernel.org/r/20250916-ready-v1-3-4997bf277548@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Link: https://lore.kernel.org/r/20250916-ready-v1-3-4997bf277548@google.com diff --git a/drivers/usb/gadget/function/f_ncm.c b/drivers/usb/gadget/function/f_ncm.c index 58b0dd575af3..0148d60926dc 100644 --- a/drivers/usb/gadget/function/f_ncm.c +++ b/drivers/usb/gadget/function/f_ncm.c @@ -11,6 +11,7 @@ * Copyright (C) 2008 Nokia Corporation */ +#include <linux/cleanup.h> #include <linux/kernel.h> #include <linux/interrupt.h> #include <linux/module.h> @@ -20,6 +21,7 @@ #include <linux/string_choices.h> #include <linux/usb/cdc.h> +#include <linux/usb/gadget.h> #include "u_ether.h" #include "u_ether_configfs.h" @@ -1436,18 +1438,18 @@ static int ncm_bind(struct usb_configuration *c, struct usb_function *f) struct usb_ep *ep; struct f_ncm_opts *ncm_opts; + struct usb_os_desc_table *os_desc_table __free(kfree) = NULL; + struct usb_request *request __free(free_usb_request) = NULL; + if (!can_support_ecm(cdev->gadget)) return -EINVAL; ncm_opts = container_of(f->fi, struct f_ncm_opts, func_inst); if (cdev->use_os_string) { - f->os_desc_table = kzalloc(sizeof(*f->os_desc_table), - GFP_KERNEL); - if (!f->os_desc_table) + os_desc_table = kzalloc(sizeof(*os_desc_table), GFP_KERNEL); + if (!os_desc_table) return -ENOMEM; - f->os_desc_n = 1; - f->os_desc_table[0].os_desc = &ncm_opts->ncm_os_desc; } mutex_lock(&ncm_opts->lock); @@ -1459,16 +1461,15 @@ static int ncm_bind(struct usb_configuration *c, struct usb_function *f) mutex_unlock(&ncm_opts->lock); if (status) - goto fail; + return status; ncm_opts->bound = true; us = usb_gstrings_attach(cdev, ncm_strings, ARRAY_SIZE(ncm_string_defs)); - if (IS_ERR(us)) { - status = PTR_ERR(us); - goto fail; - } + if (IS_ERR(us)) + return PTR_ERR(us); + ncm_control_intf.iInterface = us[STRING_CTRL_IDX].id; ncm_data_nop_intf.iInterface = us[STRING_DATA_IDX].id; ncm_data_intf.iInterface = us[STRING_DATA_IDX].id; @@ -1478,20 +1479,16 @@ static int ncm_bind(struct usb_configuration *c, struct usb_function *f) /* allocate instance-specific interface IDs */ status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; ncm->ctrl_id = status; ncm_iad_desc.bFirstInterface = status; ncm_control_intf.bInterfaceNumber = status; ncm_union_desc.bMasterInterface0 = status; - if (cdev->use_os_string) - f->os_desc_table[0].if_id = - ncm_iad_desc.bFirstInterface; - status = usb_interface_id(c, f); if (status < 0) - goto fail; + return status; ncm->data_id = status; ncm_data_nop_intf.bInterfaceNumber = status; @@ -1500,35 +1497,31 @@ static int ncm_bind(struct usb_configuration *c, struct usb_function *f) ecm_desc.wMaxSegmentSize = cpu_to_le16(ncm_opts->max_segment_size); - status = -ENODEV; - /* allocate instance-specific endpoints */ ep = usb_ep_autoconfig(cdev->gadget, &fs_ncm_in_desc); if (!ep) - goto fail; + return -ENODEV; ncm->port.in_ep = ep; ep = usb_ep_autoconfig(cdev->gadget, &fs_ncm_out_desc); if (!ep) - goto fail; + return -ENODEV; ncm->port.out_ep = ep; ep = usb_ep_autoconfig(cdev->gadget, &fs_ncm_notify_desc); if (!ep) - goto fail; + return -ENODEV; ncm->notify = ep; - status = -ENOMEM; - /* allocate notification request and buffer */ - ncm->notify_req = usb_ep_alloc_request(ep, GFP_KERNEL); - if (!ncm->notify_req) - goto fail; - ncm->notify_req->buf = kmalloc(NCM_STATUS_BYTECOUNT, GFP_KERNEL); - if (!ncm->notify_req->buf) - goto fail; - ncm->notify_req->context = ncm; - ncm->notify_req->complete = ncm_notify_complete; + request = usb_ep_alloc_request(ep, GFP_KERNEL); + if (!request) + return -ENOMEM; + request->buf = kmalloc(NCM_STATUS_BYTECOUNT, GFP_KERNEL); + if (!request->buf) + return -ENOMEM; + request->context = ncm; + request->complete = ncm_notify_complete; /* * support all relevant hardware speeds... we expect that when @@ -1548,7 +1541,7 @@ static int ncm_bind(struct usb_configuration *c, struct usb_function *f) status = usb_assign_descriptors(f, ncm_fs_function, ncm_hs_function, ncm_ss_function, ncm_ss_function); if (status) - goto fail; + return status; /* * NOTE: all that is done without knowing or caring about @@ -1561,23 +1554,18 @@ static int ncm_bind(struct usb_configuration *c, struct usb_function *f) hrtimer_setup(&ncm->task_timer, ncm_tx_timeout, CLOCK_MONOTONIC, HRTIMER_MODE_REL_SOFT); + if (cdev->use_os_string) { + os_desc_table[0].os_desc = &ncm_opts->ncm_os_desc; + os_desc_table[0].if_id = ncm_iad_desc.bFirstInterface; + f->os_desc_table = no_free_ptr(os_desc_table); + f->os_desc_n = 1; + } + ncm->notify_req = no_free_ptr(request); + DBG(cdev, "CDC Network: IN/%s OUT/%s NOTIFY/%s\n", ncm->port.in_ep->name, ncm->port.out_ep->name, ncm->notify->name); return 0; - -fail: - kfree(f->os_desc_table); - f->os_desc_n = 0; - - if (ncm->notify_req) { - kfree(ncm->notify_req->buf); - usb_ep_free_request(ncm->notify, ncm->notify_req); - } - - ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); - - return status; } static inline struct f_ncm_opts *to_f_ncm_opts(struct config_item *item)

1 week, 2 days

2
3
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror