- Linux-stable-mirror - lists.linaro.org

FAILED: patch "[PATCH] s390/pci: Remove redundant bus removal and disable from" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d76f9633296785343d45f85199f4138cb724b6d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062039-unnerving-tasting-63f1@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d76f9633296785343d45f85199f4138cb724b6d2 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:12 +0200 Subject: [PATCH] s390/pci: Remove redundant bus removal and disable from zpci_release_device() Remove zpci_bus_remove_device() and zpci_disable_device() calls from zpci_release_device(). These calls were done when the device transitioned into the ZPCI_FN_STATE_STANDBY state which is guaranteed to happen before it enters the ZPCI_FN_STATE_RESERVED state. When zpci_release_device() is called the device is known to be in the ZPCI_FN_STATE_RESERVED state which is also checked by a WARN_ON(). Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Reviewed-by: Julian Ruess <julianr(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 5bbdc4190b8b..9fcc6d3180f2 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -949,12 +949,6 @@ void zpci_release_device(struct kref *kref) WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); - if (zdev->zbus->bus) - zpci_bus_remove_device(zdev, false); - - if (zdev_enabled(zdev)) - zpci_disable_device(zdev); - if (zdev->has_hp_slot) zpci_exit_slot(zdev);

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] s390/pci: Remove redundant bus removal and disable from" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d76f9633296785343d45f85199f4138cb724b6d2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062038-popcorn-lure-f2f1@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d76f9633296785343d45f85199f4138cb724b6d2 Mon Sep 17 00:00:00 2001 From: Niklas Schnelle <schnelle(a)linux.ibm.com> Date: Thu, 22 May 2025 14:13:12 +0200 Subject: [PATCH] s390/pci: Remove redundant bus removal and disable from zpci_release_device() Remove zpci_bus_remove_device() and zpci_disable_device() calls from zpci_release_device(). These calls were done when the device transitioned into the ZPCI_FN_STATE_STANDBY state which is guaranteed to happen before it enters the ZPCI_FN_STATE_RESERVED state. When zpci_release_device() is called the device is known to be in the ZPCI_FN_STATE_RESERVED state which is also checked by a WARN_ON(). Cc: stable(a)vger.kernel.org Fixes: a46044a92add ("s390/pci: fix zpci_zdev_put() on reserve") Reviewed-by: Gerd Bayer <gbayer(a)linux.ibm.com> Reviewed-by: Julian Ruess <julianr(a)linux.ibm.com> Tested-by: Gerd Bayer <gbayer(a)linux.ibm.com> Signed-off-by: Niklas Schnelle <schnelle(a)linux.ibm.com> Signed-off-by: Heiko Carstens <hca(a)linux.ibm.com> diff --git a/arch/s390/pci/pci.c b/arch/s390/pci/pci.c index 5bbdc4190b8b..9fcc6d3180f2 100644 --- a/arch/s390/pci/pci.c +++ b/arch/s390/pci/pci.c @@ -949,12 +949,6 @@ void zpci_release_device(struct kref *kref) WARN_ON(zdev->state != ZPCI_FN_STATE_RESERVED); - if (zdev->zbus->bus) - zpci_bus_remove_device(zdev, false); - - if (zdev_enabled(zdev)) - zpci_disable_device(zdev); - if (zdev->has_hp_slot) zpci_exit_slot(zdev);

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_dh895xcc" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062041-mutiny-civil-2bce@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:49 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_dh895xcc During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset dh895xcc 0000:3f:00.0: qat_hal_clr_reset error dh895xcc 0000:3f:00.0: Failed to init the AEs dh895xcc 0000:3f:00.0: Failed to initialise Acceleration Engine dh895xcc 0000:3f:00.0: Resetting device qat_dev0 dh895xcc 0000:3f:00.0: probe with driver dh895xcc failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 7afa232e76ce ("crypto: qat - Intel(R) QAT DH895xcc accelerator") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c index 730147404ceb..b59e0cc49e52 100644 --- a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_DH895XCC) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_DH895XCC_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_dh895xcc" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-preaching-lance-8408@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:49 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_dh895xcc During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset dh895xcc 0000:3f:00.0: qat_hal_clr_reset error dh895xcc 0000:3f:00.0: Failed to init the AEs dh895xcc 0000:3f:00.0: Failed to initialise Acceleration Engine dh895xcc 0000:3f:00.0: Resetting device qat_dev0 dh895xcc 0000:3f:00.0: probe with driver dh895xcc failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 7afa232e76ce ("crypto: qat - Intel(R) QAT DH895xcc accelerator") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c index 730147404ceb..b59e0cc49e52 100644 --- a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_DH895XCC) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_DH895XCC_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_dh895xcc" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-twentieth-uniformed-032e@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:49 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_dh895xcc During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset dh895xcc 0000:3f:00.0: qat_hal_clr_reset error dh895xcc 0000:3f:00.0: Failed to init the AEs dh895xcc 0000:3f:00.0: Failed to initialise Acceleration Engine dh895xcc 0000:3f:00.0: Resetting device qat_dev0 dh895xcc 0000:3f:00.0: probe with driver dh895xcc failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 7afa232e76ce ("crypto: qat - Intel(R) QAT DH895xcc accelerator") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c index 730147404ceb..b59e0cc49e52 100644 --- a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_DH895XCC) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_DH895XCC_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_dh895xcc" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062039-stinging-clad-50a8@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 2c4e8b228733bfbcaf49408fdf94d220f6eb78fc Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:49 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_dh895xcc During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset dh895xcc 0000:3f:00.0: qat_hal_clr_reset error dh895xcc 0000:3f:00.0: Failed to init the AEs dh895xcc 0000:3f:00.0: Failed to initialise Acceleration Engine dh895xcc 0000:3f:00.0: Resetting device qat_dev0 dh895xcc 0000:3f:00.0: probe with driver dh895xcc failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 7afa232e76ce ("crypto: qat - Intel(R) QAT DH895xcc accelerator") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c index 730147404ceb..b59e0cc49e52 100644 --- a/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_dh895xcc/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_DH895XCC) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_DH895XCC_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c62x" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a9a6e9279b2998e2610c70b0dfc80a234f97c76c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062030-rely-movable-fb97@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9a6e9279b2998e2610c70b0dfc80a234f97c76c Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:51 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c62x During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c6xx 0000:3f:00.0: qat_hal_clr_reset error c6xx 0000:3f:00.0: Failed to init the AEs c6xx 0000:3f:00.0: Failed to initialise Acceleration Engine c6xx 0000:3f:00.0: Resetting device qat_dev0 c6xx 0000:3f:00.0: probe with driver c6xx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: a6dabee6c8ba ("crypto: qat - add support for c62x accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c index 0bac717e88d9..23ccb72b6ea2 100644 --- a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C62X) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C62X_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c62x" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a9a6e9279b2998e2610c70b0dfc80a234f97c76c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062029-crayfish-robotics-60e2@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9a6e9279b2998e2610c70b0dfc80a234f97c76c Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:51 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c62x During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c6xx 0000:3f:00.0: qat_hal_clr_reset error c6xx 0000:3f:00.0: Failed to init the AEs c6xx 0000:3f:00.0: Failed to initialise Acceleration Engine c6xx 0000:3f:00.0: Resetting device qat_dev0 c6xx 0000:3f:00.0: probe with driver c6xx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: a6dabee6c8ba ("crypto: qat - add support for c62x accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c index 0bac717e88d9..23ccb72b6ea2 100644 --- a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C62X) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C62X_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c62x" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a9a6e9279b2998e2610c70b0dfc80a234f97c76c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062028-rumble-ebony-e250@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9a6e9279b2998e2610c70b0dfc80a234f97c76c Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:51 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c62x During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c6xx 0000:3f:00.0: qat_hal_clr_reset error c6xx 0000:3f:00.0: Failed to init the AEs c6xx 0000:3f:00.0: Failed to initialise Acceleration Engine c6xx 0000:3f:00.0: Resetting device qat_dev0 c6xx 0000:3f:00.0: probe with driver c6xx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: a6dabee6c8ba ("crypto: qat - add support for c62x accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c index 0bac717e88d9..23ccb72b6ea2 100644 --- a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C62X) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C62X_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c62x" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a9a6e9279b2998e2610c70b0dfc80a234f97c76c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062028-pegboard-reaffirm-313f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a9a6e9279b2998e2610c70b0dfc80a234f97c76c Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:51 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c62x During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c6xx 0000:3f:00.0: qat_hal_clr_reset error c6xx 0000:3f:00.0: Failed to init the AEs c6xx 0000:3f:00.0: Failed to initialise Acceleration Engine c6xx 0000:3f:00.0: Resetting device qat_dev0 c6xx 0000:3f:00.0: probe with driver c6xx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: a6dabee6c8ba ("crypto: qat - add support for c62x accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c index 0bac717e88d9..23ccb72b6ea2 100644 --- a/drivers/crypto/intel/qat/qat_c62x/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c62x/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C62X) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C62X_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_4xxx" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 845bc952024dbf482c7434daeac66f764642d52d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062013-ferris-purr-2823@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 845bc952024dbf482c7434daeac66f764642d52d Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:46 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_4xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: 4xxx 0000:01:00.0: Failed to power up the device 4xxx 0000:01:00.0: Failed to initialize device 4xxx 0000:01:00.0: Resetting device qat_dev0 4xxx 0000:01:00.0: probe with driver 4xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 8c8268166e83 ("crypto: qat - add qat_4xxx driver") Link: https://lore.kernel.org/all/Z-DGQrhRj9niR9iZ@gondor.apana.org.au/ Reported-by: Randy Wright <rwright(a)hpe.com> Closes: https://issues.redhat.com/browse/RHEL-84366 Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c index 5537a9991e4e..1ac415ef3c31 100644 --- a/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c @@ -188,11 +188,19 @@ static void adf_remove(struct pci_dev *pdev) adf_cleanup_accel(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static struct pci_driver adf_driver = { .id_table = adf_pci_tbl, .name = ADF_4XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_4xxx" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 845bc952024dbf482c7434daeac66f764642d52d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062013-oversight-paced-887b@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 845bc952024dbf482c7434daeac66f764642d52d Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:46 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_4xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: 4xxx 0000:01:00.0: Failed to power up the device 4xxx 0000:01:00.0: Failed to initialize device 4xxx 0000:01:00.0: Resetting device qat_dev0 4xxx 0000:01:00.0: probe with driver 4xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 8c8268166e83 ("crypto: qat - add qat_4xxx driver") Link: https://lore.kernel.org/all/Z-DGQrhRj9niR9iZ@gondor.apana.org.au/ Reported-by: Randy Wright <rwright(a)hpe.com> Closes: https://issues.redhat.com/browse/RHEL-84366 Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c index 5537a9991e4e..1ac415ef3c31 100644 --- a/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_4xxx/adf_drv.c @@ -188,11 +188,19 @@ static void adf_remove(struct pci_dev *pdev) adf_cleanup_accel(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static struct pci_driver adf_driver = { .id_table = adf_pci_tbl, .name = ADF_4XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c3xxx" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-depress-slit-c249@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:53 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c3xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c3xxx 0000:3f:00.0: qat_hal_clr_reset error c3xxx 0000:3f:00.0: Failed to init the AEs c3xxx 0000:3f:00.0: Failed to initialise Acceleration Engine c3xxx 0000:3f:00.0: Resetting device qat_dev0 c3xxx 0000:3f:00.0: probe with driver c3xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 890c55f4dc0e ("crypto: qat - add support for c3xxx accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c index 260f34d0d541..bceb5dd8b148 100644 --- a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C3XXX) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C3XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c3xxx" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-setback-bulgur-2550@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:53 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c3xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c3xxx 0000:3f:00.0: qat_hal_clr_reset error c3xxx 0000:3f:00.0: Failed to init the AEs c3xxx 0000:3f:00.0: Failed to initialise Acceleration Engine c3xxx 0000:3f:00.0: Resetting device qat_dev0 c3xxx 0000:3f:00.0: probe with driver c3xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 890c55f4dc0e ("crypto: qat - add support for c3xxx accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c index 260f34d0d541..bceb5dd8b148 100644 --- a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C3XXX) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C3XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c3xxx" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062038-unsavory-overrun-ecbc@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:53 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c3xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c3xxx 0000:3f:00.0: qat_hal_clr_reset error c3xxx 0000:3f:00.0: Failed to init the AEs c3xxx 0000:3f:00.0: Failed to initialise Acceleration Engine c3xxx 0000:3f:00.0: Resetting device qat_dev0 c3xxx 0000:3f:00.0: probe with driver c3xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 890c55f4dc0e ("crypto: qat - add support for c3xxx accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c index 260f34d0d541..bceb5dd8b148 100644 --- a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C3XXX) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C3XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] crypto: qat - add shutdown handler to qat_c3xxx" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062039-crier-richly-f55f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 71e0cc1eab584d6f95526a5e8c69ec666ca33e1b Mon Sep 17 00:00:00 2001 From: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Date: Wed, 26 Mar 2025 15:59:53 +0000 Subject: [PATCH] crypto: qat - add shutdown handler to qat_c3xxx During a warm reset via kexec, the system bypasses the driver removal sequence, meaning that the remove() callback is not invoked. If a QAT device is not shutdown properly, the device driver will fail to load in a newly rebooted kernel. This might result in output like the following after the kexec reboot: QAT: AE0 is inactive!! QAT: failed to get device out of reset c3xxx 0000:3f:00.0: qat_hal_clr_reset error c3xxx 0000:3f:00.0: Failed to init the AEs c3xxx 0000:3f:00.0: Failed to initialise Acceleration Engine c3xxx 0000:3f:00.0: Resetting device qat_dev0 c3xxx 0000:3f:00.0: probe with driver c3xxx failed with error -14 Implement the shutdown() handler that hooks into the reboot notifier list. This brings down the QAT device and ensures it is shut down properly. Cc: <stable(a)vger.kernel.org> Fixes: 890c55f4dc0e ("crypto: qat - add support for c3xxx accel type") Reviewed-by: Ahsan Atta <ahsan.atta(a)intel.com> Reviewed-by: Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu(a)intel.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c index 260f34d0d541..bceb5dd8b148 100644 --- a/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c +++ b/drivers/crypto/intel/qat/qat_c3xxx/adf_drv.c @@ -209,6 +209,13 @@ static void adf_remove(struct pci_dev *pdev) kfree(accel_dev); } +static void adf_shutdown(struct pci_dev *pdev) +{ + struct adf_accel_dev *accel_dev = adf_devmgr_pci_to_accel_dev(pdev); + + adf_dev_down(accel_dev); +} + static const struct pci_device_id adf_pci_tbl[] = { { PCI_VDEVICE(INTEL, PCI_DEVICE_ID_INTEL_QAT_C3XXX) }, { } @@ -220,6 +227,7 @@ static struct pci_driver adf_driver = { .name = ADF_C3XXX_DEVICE_NAME, .probe = adf_probe, .remove = adf_remove, + .shutdown = adf_shutdown, .sriov_configure = adf_sriov_configure, .err_handler = &adf_err_handler, };

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] crypto: powerpc/poly1305 - add depends on BROKEN for now" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x bc8169003b41e89fe7052e408cf9fdbecb4017fe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-daylight-scrubber-8837@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bc8169003b41e89fe7052e408cf9fdbecb4017fe Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)google.com> Date: Tue, 20 May 2025 10:39:29 +0800 Subject: [PATCH] crypto: powerpc/poly1305 - add depends on BROKEN for now As discussed in the thread containing https://lore.kernel.org/linux-crypto/20250510053308.GB505731@sol/, the Power10-optimized Poly1305 code is currently not safe to call in softirq context. Disable it for now. It can be re-enabled once it is fixed. Fixes: ba8f8624fde2 ("crypto: poly1305-p10 - Glue code for optmized Poly1305 implementation for ppc64le") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/powerpc/lib/crypto/Kconfig b/arch/powerpc/lib/crypto/Kconfig index ffa541ad6d5d..3f9e1bbd9905 100644 --- a/arch/powerpc/lib/crypto/Kconfig +++ b/arch/powerpc/lib/crypto/Kconfig @@ -10,6 +10,7 @@ config CRYPTO_CHACHA20_P10 config CRYPTO_POLY1305_P10 tristate depends on PPC64 && CPU_LITTLE_ENDIAN && VSX + depends on BROKEN # Needs to be fixed to work in softirq context default CRYPTO_LIB_POLY1305 select CRYPTO_ARCH_HAVE_LIB_POLY1305 select CRYPTO_LIB_POLY1305_GENERIC

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] crypto: powerpc/poly1305 - add depends on BROKEN for now" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x bc8169003b41e89fe7052e408cf9fdbecb4017fe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-renderer-tremor-6a52@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bc8169003b41e89fe7052e408cf9fdbecb4017fe Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)google.com> Date: Tue, 20 May 2025 10:39:29 +0800 Subject: [PATCH] crypto: powerpc/poly1305 - add depends on BROKEN for now As discussed in the thread containing https://lore.kernel.org/linux-crypto/20250510053308.GB505731@sol/, the Power10-optimized Poly1305 code is currently not safe to call in softirq context. Disable it for now. It can be re-enabled once it is fixed. Fixes: ba8f8624fde2 ("crypto: poly1305-p10 - Glue code for optmized Poly1305 implementation for ppc64le") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/powerpc/lib/crypto/Kconfig b/arch/powerpc/lib/crypto/Kconfig index ffa541ad6d5d..3f9e1bbd9905 100644 --- a/arch/powerpc/lib/crypto/Kconfig +++ b/arch/powerpc/lib/crypto/Kconfig @@ -10,6 +10,7 @@ config CRYPTO_CHACHA20_P10 config CRYPTO_POLY1305_P10 tristate depends on PPC64 && CPU_LITTLE_ENDIAN && VSX + depends on BROKEN # Needs to be fixed to work in softirq context default CRYPTO_LIB_POLY1305 select CRYPTO_ARCH_HAVE_LIB_POLY1305 select CRYPTO_LIB_POLY1305_GENERIC

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] crypto: powerpc/poly1305 - add depends on BROKEN for now" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x bc8169003b41e89fe7052e408cf9fdbecb4017fe # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062040-slinging-salvaging-1638@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From bc8169003b41e89fe7052e408cf9fdbecb4017fe Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers(a)google.com> Date: Tue, 20 May 2025 10:39:29 +0800 Subject: [PATCH] crypto: powerpc/poly1305 - add depends on BROKEN for now As discussed in the thread containing https://lore.kernel.org/linux-crypto/20250510053308.GB505731@sol/, the Power10-optimized Poly1305 code is currently not safe to call in softirq context. Disable it for now. It can be re-enabled once it is fixed. Fixes: ba8f8624fde2 ("crypto: poly1305-p10 - Glue code for optmized Poly1305 implementation for ppc64le") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/arch/powerpc/lib/crypto/Kconfig b/arch/powerpc/lib/crypto/Kconfig index ffa541ad6d5d..3f9e1bbd9905 100644 --- a/arch/powerpc/lib/crypto/Kconfig +++ b/arch/powerpc/lib/crypto/Kconfig @@ -10,6 +10,7 @@ config CRYPTO_CHACHA20_P10 config CRYPTO_POLY1305_P10 tristate depends on PPC64 && CPU_LITTLE_ENDIAN && VSX + depends on BROKEN # Needs to be fixed to work in softirq context default CRYPTO_LIB_POLY1305 select CRYPTO_ARCH_HAVE_LIB_POLY1305 select CRYPTO_LIB_POLY1305_GENERIC

1 week, 3 days

1
0
0 0

FAILED: patch "[PATCH] crypto: marvell/cesa - Do not chain submitted requests" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 0413bcf0fc460a68a2a7a8354aee833293d7d693 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025062023-fidgety-landslide-5061@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0413bcf0fc460a68a2a7a8354aee833293d7d693 Mon Sep 17 00:00:00 2001 From: Herbert Xu <herbert(a)gondor.apana.org.au> Date: Thu, 8 May 2025 13:22:16 +0800 Subject: [PATCH] crypto: marvell/cesa - Do not chain submitted requests This driver tries to chain requests together before submitting them to hardware in order to reduce completion interrupts. However, it even extends chains that have already been submitted to hardware. This is dangerous because there is no way of knowing whether the hardware has already read the DMA memory in question or not. Fix this by splitting the chain list into two. One for submitted requests and one for requests that have not yet been submitted. Only extend the latter. Reported-by: Klaus Kudielka <klaus.kudielka(a)gmail.com> Fixes: 85030c5168f1 ("crypto: marvell - Add support for chaining crypto requests in TDMA mode") Cc: <stable(a)vger.kernel.org> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/crypto/marvell/cesa/cesa.c b/drivers/crypto/marvell/cesa/cesa.c index fa08f10e6f3f..9c21f5d835d2 100644 --- a/drivers/crypto/marvell/cesa/cesa.c +++ b/drivers/crypto/marvell/cesa/cesa.c @@ -94,7 +94,7 @@ static int mv_cesa_std_process(struct mv_cesa_engine *engine, u32 status) static int mv_cesa_int_process(struct mv_cesa_engine *engine, u32 status) { - if (engine->chain.first && engine->chain.last) + if (engine->chain_hw.first && engine->chain_hw.last) return mv_cesa_tdma_process(engine, status); return mv_cesa_std_process(engine, status); diff --git a/drivers/crypto/marvell/cesa/cesa.h b/drivers/crypto/marvell/cesa/cesa.h index d215a6bed6bc..50ca1039fdaa 100644 --- a/drivers/crypto/marvell/cesa/cesa.h +++ b/drivers/crypto/marvell/cesa/cesa.h @@ -440,8 +440,10 @@ struct mv_cesa_dev { * SRAM * @queue: fifo of the pending crypto requests * @load: engine load counter, useful for load balancing - * @chain: list of the current tdma descriptors being processed - * by this engine. + * @chain_hw: list of the current tdma descriptors being processed + * by the hardware. + * @chain_sw: list of the current tdma descriptors that will be + * submitted to the hardware. * @complete_queue: fifo of the processed requests by the engine * * Structure storing CESA engine information. @@ -463,7 +465,8 @@ struct mv_cesa_engine { struct gen_pool *pool; struct crypto_queue queue; atomic_t load; - struct mv_cesa_tdma_chain chain; + struct mv_cesa_tdma_chain chain_hw; + struct mv_cesa_tdma_chain chain_sw; struct list_head complete_queue; int irq; }; diff --git a/drivers/crypto/marvell/cesa/tdma.c b/drivers/crypto/marvell/cesa/tdma.c index 388a06e180d6..243305354420 100644 --- a/drivers/crypto/marvell/cesa/tdma.c +++ b/drivers/crypto/marvell/cesa/tdma.c @@ -38,6 +38,15 @@ void mv_cesa_dma_step(struct mv_cesa_req *dreq) { struct mv_cesa_engine *engine = dreq->engine; + spin_lock_bh(&engine->lock); + if (engine->chain_sw.first == dreq->chain.first) { + engine->chain_sw.first = NULL; + engine->chain_sw.last = NULL; + } + engine->chain_hw.first = dreq->chain.first; + engine->chain_hw.last = dreq->chain.last; + spin_unlock_bh(&engine->lock); + writel_relaxed(0, engine->regs + CESA_SA_CFG); mv_cesa_set_int_mask(engine, CESA_SA_INT_ACC0_IDMA_DONE); @@ -96,25 +105,27 @@ void mv_cesa_dma_prepare(struct mv_cesa_req *dreq, void mv_cesa_tdma_chain(struct mv_cesa_engine *engine, struct mv_cesa_req *dreq) { - if (engine->chain.first == NULL && engine->chain.last == NULL) { - engine->chain.first = dreq->chain.first; - engine->chain.last = dreq->chain.last; - } else { - struct mv_cesa_tdma_desc *last; + struct mv_cesa_tdma_desc *last = engine->chain_sw.last; - last = engine->chain.last; + /* + * Break the DMA chain if the request being queued needs the IV + * regs to be set before lauching the request. + */ + if (!last || dreq->chain.first->flags & CESA_TDMA_SET_STATE) + engine->chain_sw.first = dreq->chain.first; + else { last->next = dreq->chain.first; - engine->chain.last = dreq->chain.last; - - /* - * Break the DMA chain if the CESA_TDMA_BREAK_CHAIN is set on - * the last element of the current chain, or if the request - * being queued needs the IV regs to be set before lauching - * the request. - */ - if (!(last->flags & CESA_TDMA_BREAK_CHAIN) && - !(dreq->chain.first->flags & CESA_TDMA_SET_STATE)) - last->next_dma = cpu_to_le32(dreq->chain.first->cur_dma); + last->next_dma = cpu_to_le32(dreq->chain.first->cur_dma); + } + last = dreq->chain.last; + engine->chain_sw.last = last; + /* + * Break the DMA chain if the CESA_TDMA_BREAK_CHAIN is set on + * the last element of the current chain. + */ + if (last->flags & CESA_TDMA_BREAK_CHAIN) { + engine->chain_sw.first = NULL; + engine->chain_sw.last = NULL; } } @@ -127,7 +138,7 @@ int mv_cesa_tdma_process(struct mv_cesa_engine *engine, u32 status) tdma_cur = readl(engine->regs + CESA_TDMA_CUR); - for (tdma = engine->chain.first; tdma; tdma = next) { + for (tdma = engine->chain_hw.first; tdma; tdma = next) { spin_lock_bh(&engine->lock); next = tdma->next; spin_unlock_bh(&engine->lock); @@ -149,12 +160,12 @@ int mv_cesa_tdma_process(struct mv_cesa_engine *engine, u32 status) &backlog); /* Re-chaining to the next request */ - engine->chain.first = tdma->next; + engine->chain_hw.first = tdma->next; tdma->next = NULL; /* If this is the last request, clear the chain */ - if (engine->chain.first == NULL) - engine->chain.last = NULL; + if (engine->chain_hw.first == NULL) + engine->chain_hw.last = NULL; spin_unlock_bh(&engine->lock); ctx = crypto_tfm_ctx(req->tfm);

1 week, 3 days

1
0
0 0

[merged mm-hotfixes-stable] maple_tree-fix-ma_state_prealloc-flag-in-mas_preallocate.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() has been removed from the -mm tree. Its filename was maple_tree-fix-ma_state_prealloc-flag-in-mas_preallocate.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Date: Mon, 16 Jun 2025 14:45:20 -0400 Temporarily clear the preallocation flag when explicitly requesting allocations. Pre-existing allocations are already counted against the request through mas_node_count_gfp(), but the allocations will not happen if the MA_STATE_PREALLOC flag is set. This flag is meant to avoid re-allocating in bulk allocation mode, and to detect issues with preallocation calculations. The MA_STATE_PREALLOC flag should also always be set on zero allocations so that detection of underflow allocations will print a WARN_ON() during consumption. User visible effect of this flaw is a WARN_ON() followed by a null pointer dereference when subsequent requests for larger number of nodes is ignored, such as the vma merge retry in mmap_region() caused by drivers altering the vma flags (which happens in v6.6, at least) Link: https://lkml.kernel.org/r/20250616184521.3382795-3-Liam.Howlett@oracle.com Fixes: 54a611b60590 ("Maple Tree: add new data structure") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Reported-by: Hailong Liu <hailong.liu(a)oppo.com> Link: https://lore.kernel.org/all/1652f7eb-a51b-4fee-8058-c73af63bacd1@oppo.com/ Link: https://lore.kernel.org/all/20250428184058.1416274-1-Liam.Howlett@oracle.co… Link: https://lore.kernel.org/all/20250429014754.1479118-1-Liam.Howlett@oracle.co… Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Hailong Liu <hailong.liu(a)oppo.com> Cc: zhangpeng.00(a)bytedance.com <zhangpeng.00(a)bytedance.com> Cc: Steve Kang <Steve.Kang(a)unisoc.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/maple_tree.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/lib/maple_tree.c~maple_tree-fix-ma_state_prealloc-flag-in-mas_preallocate +++ a/lib/maple_tree.c @@ -5527,8 +5527,9 @@ int mas_preallocate(struct ma_state *mas mas->store_type = mas_wr_store_type(&wr_mas); request = mas_prealloc_calc(&wr_mas, entry); if (!request) - return ret; + goto set_flag; + mas->mas_flags &= ~MA_STATE_PREALLOC; mas_node_count_gfp(mas, request, gfp); if (mas_is_err(mas)) { mas_set_alloc_req(mas, 0); @@ -5538,6 +5539,7 @@ int mas_preallocate(struct ma_state *mas return ret; } +set_flag: mas->mas_flags |= MA_STATE_PREALLOC; return ret; } _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are tools-testing-radix-tree-test-maple-tree-chaining-mas_preallocate-calls.patch

1 week, 4 days

1
0
0 0

[merged mm-hotfixes-stable] bcache-remove-unnecessary-select-min_heap.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: bcache: remove unnecessary select MIN_HEAP has been removed from the -mm tree. Its filename was bcache-remove-unnecessary-select-min_heap.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Subject: bcache: remove unnecessary select MIN_HEAP Date: Sun, 15 Jun 2025 04:23:53 +0800 After reverting the transition to the generic min heap library, bcache no longer depends on MIN_HEAP. The select entry can be removed to reduce code size and shrink the kernel's attack surface. This change effectively reverts the bcache-related part of commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"). This is part of a series of changes to address a performance regression caused by the use of the generic min_heap implementation. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Link: https://lkml.kernel.org/r/20250614202353.1632957-4-visitorckw@gmail.com Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Acked-by: Coly Li <colyli(a)kernel.org> Cc: Ching-Chun (Jim) Huang <jserv(a)ccns.ncku.edu.tw> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/md/bcache/Kconfig | 1 - 1 file changed, 1 deletion(-) --- a/drivers/md/bcache/Kconfig~bcache-remove-unnecessary-select-min_heap +++ a/drivers/md/bcache/Kconfig @@ -5,7 +5,6 @@ config BCACHE select BLOCK_HOLDER_DEPRECATED if SYSFS select CRC64 select CLOSURES - select MIN_HEAP help Allows a block device to be used as cache for other devices; uses a btree for indexing and the layout is optimized for SSDs. _ Patches currently in -mm which might be from visitorckw(a)gmail.com are lib-math-gcd-use-static-key-to-select-implementation-at-runtime.patch riscv-optimize-gcd-code-size-when-config_riscv_isa_zbb-is-disabled.patch riscv-optimize-gcd-performance-on-risc-v-without-zbb-extension.patch

1 week, 4 days

1
0
0 0

[merged mm-hotfixes-stable] revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Revert "bcache: remove heap-related macros and switch to generic min_heap" has been removed from the -mm tree. Its filename was revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Subject: Revert "bcache: remove heap-related macros and switch to generic min_heap" Date: Sun, 15 Jun 2025 04:23:52 +0800 This reverts commit 866898efbb25bb44fd42848318e46db9e785973a. The generic bottom-up min_heap implementation causes performance regression in invalidate_buckets_lru(), a hot path in bcache. Before the cache is fully populated, new_bucket_prio() often returns zero, leading to many equal comparisons. In such cases, bottom-up sift_down performs up to 2 * log2(n) comparisons, while the original top-down approach completes with just O() comparisons, resulting in a measurable performance gap. The performance degradation is further worsened by the non-inlined min_heap API functions introduced in commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"), adding function call overhead to this critical path. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. This revert aims to restore bcache's original low-latency behavior. Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Link: https://lkml.kernel.org/r/20250614202353.1632957-3-visitorckw@gmail.com Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Acked-by: Coly Li <colyli(a)kernel.org> Cc: Ching-Chun (Jim) Huang <jserv(a)ccns.ncku.edu.tw> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/md/bcache/alloc.c | 64 ++++------------ drivers/md/bcache/bcache.h | 2 drivers/md/bcache/bset.c | 124 +++++++++++--------------------- drivers/md/bcache/bset.h | 42 ++++++---- drivers/md/bcache/btree.c | 69 +++++++---------- drivers/md/bcache/extents.c | 51 ++++--------- drivers/md/bcache/movinggc.c | 41 ++-------- drivers/md/bcache/super.c | 3 drivers/md/bcache/sysfs.c | 4 - drivers/md/bcache/util.h | 67 ++++++++++++++++- drivers/md/bcache/writeback.c | 13 +-- 11 files changed, 217 insertions(+), 263 deletions(-) --- a/drivers/md/bcache/alloc.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/alloc.c @@ -164,68 +164,40 @@ static void bch_invalidate_one_bucket(st * prio is worth 1/8th of what INITIAL_PRIO is worth. */ -static inline unsigned int new_bucket_prio(struct cache *ca, struct bucket *b) -{ - unsigned int min_prio = (INITIAL_PRIO - ca->set->min_prio) / 8; - - return (b->prio - ca->set->min_prio + min_prio) * GC_SECTORS_USED(b); -} - -static inline bool new_bucket_max_cmp(const void *l, const void *r, void *args) -{ - struct bucket **lhs = (struct bucket **)l; - struct bucket **rhs = (struct bucket **)r; - struct cache *ca = args; - - return new_bucket_prio(ca, *lhs) > new_bucket_prio(ca, *rhs); -} - -static inline bool new_bucket_min_cmp(const void *l, const void *r, void *args) -{ - struct bucket **lhs = (struct bucket **)l; - struct bucket **rhs = (struct bucket **)r; - struct cache *ca = args; - - return new_bucket_prio(ca, *lhs) < new_bucket_prio(ca, *rhs); -} - -static inline void new_bucket_swap(void *l, void *r, void __always_unused *args) -{ - struct bucket **lhs = l, **rhs = r; +#define bucket_prio(b) \ +({ \ + unsigned int min_prio = (INITIAL_PRIO - ca->set->min_prio) / 8; \ + \ + (b->prio - ca->set->min_prio + min_prio) * GC_SECTORS_USED(b); \ +}) - swap(*lhs, *rhs); -} +#define bucket_max_cmp(l, r) (bucket_prio(l) < bucket_prio(r)) +#define bucket_min_cmp(l, r) (bucket_prio(l) > bucket_prio(r)) static void invalidate_buckets_lru(struct cache *ca) { struct bucket *b; - const struct min_heap_callbacks bucket_max_cmp_callback = { - .less = new_bucket_max_cmp, - .swp = new_bucket_swap, - }; - const struct min_heap_callbacks bucket_min_cmp_callback = { - .less = new_bucket_min_cmp, - .swp = new_bucket_swap, - }; + ssize_t i; - ca->heap.nr = 0; + ca->heap.used = 0; for_each_bucket(b, ca) { if (!bch_can_invalidate_bucket(ca, b)) continue; - if (!min_heap_full(&ca->heap)) - min_heap_push(&ca->heap, &b, &bucket_max_cmp_callback, ca); - else if (!new_bucket_max_cmp(&b, min_heap_peek(&ca->heap), ca)) { + if (!heap_full(&ca->heap)) + heap_add(&ca->heap, b, bucket_max_cmp); + else if (bucket_max_cmp(b, heap_peek(&ca->heap))) { ca->heap.data[0] = b; - min_heap_sift_down(&ca->heap, 0, &bucket_max_cmp_callback, ca); + heap_sift(&ca->heap, 0, bucket_max_cmp); } } - min_heapify_all(&ca->heap, &bucket_min_cmp_callback, ca); + for (i = ca->heap.used / 2 - 1; i >= 0; --i) + heap_sift(&ca->heap, i, bucket_min_cmp); while (!fifo_full(&ca->free_inc)) { - if (!ca->heap.nr) { + if (!heap_pop(&ca->heap, b, bucket_min_cmp)) { /* * We don't want to be calling invalidate_buckets() * multiple times when it can't do anything @@ -234,8 +206,6 @@ static void invalidate_buckets_lru(struc wake_up_gc(ca->set); return; } - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &bucket_min_cmp_callback, ca); bch_invalidate_one_bucket(ca, b); } --- a/drivers/md/bcache/bcache.h~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/bcache.h @@ -458,7 +458,7 @@ struct cache { /* Allocation stuff: */ struct bucket *buckets; - DEFINE_MIN_HEAP(struct bucket *, cache_heap) heap; + DECLARE_HEAP(struct bucket *, heap); /* * If nonzero, we know we aren't going to find any buckets to invalidate --- a/drivers/md/bcache/bset.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/bset.c @@ -54,11 +54,9 @@ void bch_dump_bucket(struct btree_keys * int __bch_count_data(struct btree_keys *b) { unsigned int ret = 0; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - if (b->ops->is_extents) for_each_key(b, k, &iter) ret += KEY_SIZE(k); @@ -69,11 +67,9 @@ void __bch_check_keys(struct btree_keys { va_list args; struct bkey *k, *p = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; const char *err; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - for_each_key(b, k, &iter) { if (b->ops->is_extents) { err = "Keys out of order"; @@ -114,9 +110,9 @@ bug: static void bch_btree_iter_next_check(struct btree_iter *iter) { - struct bkey *k = iter->heap.data->k, *next = bkey_next(k); + struct bkey *k = iter->data->k, *next = bkey_next(k); - if (next < iter->heap.data->end && + if (next < iter->data->end && bkey_cmp(k, iter->b->ops->is_extents ? &START_KEY(next) : next) > 0) { bch_dump_bucket(iter->b); @@ -883,14 +879,12 @@ unsigned int bch_btree_insert_key(struct unsigned int status = BTREE_INSERT_STATUS_NO_INSERT; struct bset *i = bset_tree_last(b)->data; struct bkey *m, *prev = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey preceding_key_on_stack = ZERO_KEY; struct bkey *preceding_key_p = &preceding_key_on_stack; BUG_ON(b->ops->is_extents && !KEY_SIZE(k)); - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* * If k has preceding key, preceding_key_p will be set to address * of k's preceding key; otherwise preceding_key_p will be set @@ -901,9 +895,9 @@ unsigned int bch_btree_insert_key(struct else preceding_key(k, &preceding_key_p); - m = bch_btree_iter_init(b, &iter, preceding_key_p); + m = bch_btree_iter_stack_init(b, &iter, preceding_key_p); - if (b->ops->insert_fixup(b, k, &iter, replace_key)) + if (b->ops->insert_fixup(b, k, &iter.iter, replace_key)) return status; status = BTREE_INSERT_STATUS_INSERT; @@ -1083,102 +1077,79 @@ struct bkey *__bch_bset_search(struct bt /* Btree iterator */ -typedef bool (new_btree_iter_cmp_fn)(const void *, const void *, void *); - -static inline bool new_btree_iter_cmp(const void *l, const void *r, void __always_unused *args) -{ - const struct btree_iter_set *_l = l; - const struct btree_iter_set *_r = r; - - return bkey_cmp(_l->k, _r->k) <= 0; -} +typedef bool (btree_iter_cmp_fn)(struct btree_iter_set, + struct btree_iter_set); -static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +static inline bool btree_iter_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_iter1 = iter1; - struct btree_iter_set *_iter2 = iter2; - - swap(*_iter1, *_iter2); + return bkey_cmp(l.k, r.k) > 0; } static inline bool btree_iter_end(struct btree_iter *iter) { - return !iter->heap.nr; + return !iter->used; } void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, struct bkey *end) { - const struct min_heap_callbacks callbacks = { - .less = new_btree_iter_cmp, - .swp = new_btree_iter_swap, - }; - if (k != end) - BUG_ON(!min_heap_push(&iter->heap, - &((struct btree_iter_set) { k, end }), - &callbacks, - NULL)); + BUG_ON(!heap_add(iter, + ((struct btree_iter_set) { k, end }), + btree_iter_cmp)); } -static struct bkey *__bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search, - struct bset_tree *start) +static struct bkey *__bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search, + struct bset_tree *start) { struct bkey *ret = NULL; - iter->heap.size = ARRAY_SIZE(iter->heap.preallocated); - iter->heap.nr = 0; + iter->iter.size = ARRAY_SIZE(iter->stack_data); + iter->iter.used = 0; #ifdef CONFIG_BCACHE_DEBUG - iter->b = b; + iter->iter.b = b; #endif for (; start <= bset_tree_last(b); start++) { ret = bch_bset_search(b, start, search); - bch_btree_iter_push(iter, ret, bset_bkey_last(start->data)); + bch_btree_iter_push(&iter->iter, ret, bset_bkey_last(start->data)); } return ret; } -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, struct bkey *search) { - return __bch_btree_iter_init(b, iter, search, b->set); + return __bch_btree_iter_stack_init(b, iter, search, b->set); } static inline struct bkey *__bch_btree_iter_next(struct btree_iter *iter, - new_btree_iter_cmp_fn *cmp) + btree_iter_cmp_fn *cmp) { struct btree_iter_set b __maybe_unused; struct bkey *ret = NULL; - const struct min_heap_callbacks callbacks = { - .less = cmp, - .swp = new_btree_iter_swap, - }; if (!btree_iter_end(iter)) { bch_btree_iter_next_check(iter); - ret = iter->heap.data->k; - iter->heap.data->k = bkey_next(iter->heap.data->k); + ret = iter->data->k; + iter->data->k = bkey_next(iter->data->k); - if (iter->heap.data->k > iter->heap.data->end) { + if (iter->data->k > iter->data->end) { WARN_ONCE(1, "bset was corrupt!\n"); - iter->heap.data->k = iter->heap.data->end; + iter->data->k = iter->data->end; } - if (iter->heap.data->k == iter->heap.data->end) { - if (iter->heap.nr) { - b = min_heap_peek(&iter->heap)[0]; - min_heap_pop(&iter->heap, &callbacks, NULL); - } - } + if (iter->data->k == iter->data->end) + heap_pop(iter, b, cmp); else - min_heap_sift_down(&iter->heap, 0, &callbacks, NULL); + heap_sift(iter, 0, cmp); } return ret; @@ -1186,7 +1157,7 @@ static inline struct bkey *__bch_btree_i struct bkey *bch_btree_iter_next(struct btree_iter *iter) { - return __bch_btree_iter_next(iter, new_btree_iter_cmp); + return __bch_btree_iter_next(iter, btree_iter_cmp); } @@ -1224,18 +1195,16 @@ static void btree_mergesort(struct btree struct btree_iter *iter, bool fixup, bool remove_stale) { + int i; struct bkey *k, *last = NULL; BKEY_PADDED(k) tmp; bool (*bad)(struct btree_keys *, const struct bkey *) = remove_stale ? bch_ptr_bad : bch_ptr_invalid; - const struct min_heap_callbacks callbacks = { - .less = b->ops->sort_cmp, - .swp = new_btree_iter_swap, - }; /* Heapify the iterator, using our comparison function */ - min_heapify_all(&iter->heap, &callbacks, NULL); + for (i = iter->used / 2 - 1; i >= 0; --i) + heap_sift(iter, i, b->ops->sort_cmp); while (!btree_iter_end(iter)) { if (b->ops->sort_fixup && fixup) @@ -1324,11 +1293,10 @@ void bch_btree_sort_partial(struct btree struct bset_sort_state *state) { size_t order = b->page_order, keys = 0; - struct btree_iter iter; + struct btree_iter_stack iter; int oldsize = bch_count_data(b); - min_heap_init(&iter.heap, NULL, MAX_BSETS); - __bch_btree_iter_init(b, &iter, NULL, &b->set[start]); + __bch_btree_iter_stack_init(b, &iter, NULL, &b->set[start]); if (start) { unsigned int i; @@ -1339,7 +1307,7 @@ void bch_btree_sort_partial(struct btree order = get_order(__set_bytes(b->set->data, keys)); } - __btree_sort(b, &iter, start, order, false, state); + __btree_sort(b, &iter.iter, start, order, false, state); EBUG_ON(oldsize >= 0 && bch_count_data(b) != oldsize); } @@ -1355,13 +1323,11 @@ void bch_btree_sort_into(struct btree_ke struct bset_sort_state *state) { uint64_t start_time = local_clock(); - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; - bch_btree_iter_init(b, &iter, NULL); + bch_btree_iter_stack_init(b, &iter, NULL); - btree_mergesort(b, new->set->data, &iter, false, true); + btree_mergesort(b, new->set->data, &iter.iter, false, true); bch_time_stats_update(&state->time, start_time); --- a/drivers/md/bcache/bset.h~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/bset.h @@ -187,9 +187,8 @@ struct bset_tree { }; struct btree_keys_ops { - bool (*sort_cmp)(const void *l, - const void *r, - void *args); + bool (*sort_cmp)(struct btree_iter_set l, + struct btree_iter_set r); struct bkey *(*sort_fixup)(struct btree_iter *iter, struct bkey *tmp); bool (*insert_fixup)(struct btree_keys *b, @@ -313,17 +312,23 @@ enum { BTREE_INSERT_STATUS_FRONT_MERGE, }; -struct btree_iter_set { - struct bkey *k, *end; -}; - /* Btree key iteration */ struct btree_iter { + size_t size, used; #ifdef CONFIG_BCACHE_DEBUG struct btree_keys *b; #endif - MIN_HEAP_PREALLOCATED(struct btree_iter_set, btree_iter_heap, MAX_BSETS) heap; + struct btree_iter_set { + struct bkey *k, *end; + } data[]; +}; + +/* Fixed-size btree_iter that can be allocated on the stack */ + +struct btree_iter_stack { + struct btree_iter iter; + struct btree_iter_set stack_data[MAX_BSETS]; }; typedef bool (*ptr_filter_fn)(struct btree_keys *b, const struct bkey *k); @@ -335,9 +340,9 @@ struct bkey *bch_btree_iter_next_filter( void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, struct bkey *end); -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search); +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search); struct bkey *__bch_bset_search(struct btree_keys *b, struct bset_tree *t, const struct bkey *search); @@ -352,13 +357,14 @@ static inline struct bkey *bch_bset_sear return search ? __bch_bset_search(b, t, search) : t->data->start; } -#define for_each_key_filter(b, k, iter, filter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next_filter((iter), (b), filter));) - -#define for_each_key(b, k, iter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next(iter));) +#define for_each_key_filter(b, k, stack_iter, filter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next_filter(&((stack_iter)->iter), (b), \ + filter));) + +#define for_each_key(b, k, stack_iter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next(&((stack_iter)->iter)));) /* Sorting */ --- a/drivers/md/bcache/btree.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/btree.c @@ -148,19 +148,19 @@ void bch_btree_node_read_done(struct btr { const char *err = "bad btree header"; struct bset *i = btree_bset_first(b); - struct btree_iter iter; + struct btree_iter *iter; /* * c->fill_iter can allocate an iterator with more memory space * than static MAX_BSETS. * See the comment arount cache_set->fill_iter. */ - iter.heap.data = mempool_alloc(&b->c->fill_iter, GFP_NOIO); - iter.heap.size = b->c->cache->sb.bucket_size / b->c->cache->sb.block_size; - iter.heap.nr = 0; + iter = mempool_alloc(&b->c->fill_iter, GFP_NOIO); + iter->size = b->c->cache->sb.bucket_size / b->c->cache->sb.block_size; + iter->used = 0; #ifdef CONFIG_BCACHE_DEBUG - iter.b = &b->keys; + iter->b = &b->keys; #endif if (!i->seq) @@ -198,7 +198,7 @@ void bch_btree_node_read_done(struct btr if (i != b->keys.set[0].data && !i->keys) goto err; - bch_btree_iter_push(&iter, i->start, bset_bkey_last(i)); + bch_btree_iter_push(iter, i->start, bset_bkey_last(i)); b->written += set_blocks(i, block_bytes(b->c->cache)); } @@ -210,7 +210,7 @@ void bch_btree_node_read_done(struct btr if (i->seq == b->keys.set[0].data->seq) goto err; - bch_btree_sort_and_fix_extents(&b->keys, &iter, &b->c->sort); + bch_btree_sort_and_fix_extents(&b->keys, iter, &b->c->sort); i = b->keys.set[0].data; err = "short btree key"; @@ -222,7 +222,7 @@ void bch_btree_node_read_done(struct btr bch_bset_init_next(&b->keys, write_block(b), bset_magic(&b->c->cache->sb)); out: - mempool_free(iter.heap.data, &b->c->fill_iter); + mempool_free(iter, &b->c->fill_iter); return; err: set_btree_node_io_error(b); @@ -1306,11 +1306,9 @@ static bool btree_gc_mark_node(struct bt uint8_t stale = 0; unsigned int keys = 0, good_keys = 0; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct bset_tree *t; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - gc->nodes++; for_each_key_filter(&b->keys, k, &iter, bch_ptr_invalid) { @@ -1569,11 +1567,9 @@ static int btree_gc_rewrite_node(struct static unsigned int btree_gc_count_keys(struct btree *b) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; unsigned int ret = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - for_each_key_filter(&b->keys, k, &iter, bch_ptr_bad) ret += bkey_u64s(k); @@ -1612,18 +1608,18 @@ static int btree_gc_recurse(struct btree int ret = 0; bool should_rewrite; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct gc_merge_info r[GC_MERGE_NODES]; struct gc_merge_info *i, *last = r + ARRAY_SIZE(r) - 1; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, &b->c->gc_done); + bch_btree_iter_stack_init(&b->keys, &iter, &b->c->gc_done); for (i = r; i < r + ARRAY_SIZE(r); i++) i->b = ERR_PTR(-EINTR); while (1) { - k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad); + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad); if (k) { r->b = bch_btree_node_get(b->c, op, k, b->level - 1, true, b); @@ -1918,9 +1914,7 @@ static int bch_btree_check_recurse(struc { int ret = 0; struct bkey *k, *p = NULL; - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; for_each_key_filter(&b->keys, k, &iter, bch_ptr_invalid) bch_initial_mark_key(b->c, b->level, k); @@ -1928,10 +1922,10 @@ static int bch_btree_check_recurse(struc bch_initial_mark_key(b->c, b->level + 1, &b->key); if (b->level) { - bch_btree_iter_init(&b->keys, &iter, NULL); + bch_btree_iter_stack_init(&b->keys, &iter, NULL); do { - k = bch_btree_iter_next_filter(&iter, &b->keys, + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad); if (k) { btree_node_prefetch(b, k); @@ -1959,7 +1953,7 @@ static int bch_btree_check_thread(void * struct btree_check_info *info = arg; struct btree_check_state *check_state = info->state; struct cache_set *c = check_state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; @@ -1967,11 +1961,9 @@ static int bch_btree_check_thread(void * cur_idx = prev_idx = 0; ret = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* root node keys are checked before thread created */ - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -1989,7 +1981,7 @@ static int bch_btree_check_thread(void * skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -2062,11 +2054,9 @@ int bch_btree_check(struct cache_set *c) int ret = 0; int i; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct btree_check_state check_state; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* check and mark root node keys */ for_each_key_filter(&c->root->keys, k, &iter, bch_ptr_invalid) bch_initial_mark_key(c, c->root->level, k); @@ -2560,12 +2550,11 @@ static int bch_btree_map_nodes_recurse(s if (b->level) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad))) { ret = bcache_btree(map_nodes_recurse, k, b, op, from, fn, flags); @@ -2594,12 +2583,12 @@ int bch_btree_map_keys_recurse(struct bt { int ret = MAP_CONTINUE; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad))) { + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad))) { ret = !b->level ? fn(op, b, k) : bcache_btree(map_keys_recurse, k, --- a/drivers/md/bcache/extents.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/extents.c @@ -33,16 +33,15 @@ static void sort_key_next(struct btree_i i->k = bkey_next(i->k); if (i->k == i->end) - *i = iter->heap.data[--iter->heap.nr]; + *i = iter->data[--iter->used]; } -static bool new_bch_key_sort_cmp(const void *l, const void *r, void *args) +static bool bch_key_sort_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_l = (struct btree_iter_set *)l; - struct btree_iter_set *_r = (struct btree_iter_set *)r; - int64_t c = bkey_cmp(_l->k, _r->k); + int64_t c = bkey_cmp(l.k, r.k); - return !(c ? c > 0 : _l->k < _r->k); + return c ? c > 0 : l.k < r.k; } static bool __ptr_invalid(struct cache_set *c, const struct bkey *k) @@ -239,7 +238,7 @@ static bool bch_btree_ptr_insert_fixup(s } const struct btree_keys_ops bch_btree_keys_ops = { - .sort_cmp = new_bch_key_sort_cmp, + .sort_cmp = bch_key_sort_cmp, .insert_fixup = bch_btree_ptr_insert_fixup, .key_invalid = bch_btree_ptr_invalid, .key_bad = bch_btree_ptr_bad, @@ -256,36 +255,22 @@ const struct btree_keys_ops bch_btree_ke * Necessary for btree_sort_fixup() - if there are multiple keys that compare * equal in different sets, we have to process them newest to oldest. */ - -static bool new_bch_extent_sort_cmp(const void *l, const void *r, void __always_unused *args) -{ - struct btree_iter_set *_l = (struct btree_iter_set *)l; - struct btree_iter_set *_r = (struct btree_iter_set *)r; - int64_t c = bkey_cmp(&START_KEY(_l->k), &START_KEY(_r->k)); - - return !(c ? c > 0 : _l->k < _r->k); -} - -static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +static bool bch_extent_sort_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_iter1 = iter1; - struct btree_iter_set *_iter2 = iter2; + int64_t c = bkey_cmp(&START_KEY(l.k), &START_KEY(r.k)); - swap(*_iter1, *_iter2); + return c ? c > 0 : l.k < r.k; } static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, struct bkey *tmp) { - const struct min_heap_callbacks callbacks = { - .less = new_bch_extent_sort_cmp, - .swp = new_btree_iter_swap, - }; - while (iter->heap.nr > 1) { - struct btree_iter_set *top = iter->heap.data, *i = top + 1; + while (iter->used > 1) { + struct btree_iter_set *top = iter->data, *i = top + 1; - if (iter->heap.nr > 2 && - !new_bch_extent_sort_cmp(&i[0], &i[1], NULL)) + if (iter->used > 2 && + bch_extent_sort_cmp(i[0], i[1])) i++; if (bkey_cmp(top->k, &START_KEY(i->k)) <= 0) @@ -293,7 +278,7 @@ static struct bkey *bch_extent_sort_fixu if (!KEY_SIZE(i->k)) { sort_key_next(iter, i); - min_heap_sift_down(&iter->heap, i - top, &callbacks, NULL); + heap_sift(iter, i - top, bch_extent_sort_cmp); continue; } @@ -303,7 +288,7 @@ static struct bkey *bch_extent_sort_fixu else bch_cut_front(top->k, i->k); - min_heap_sift_down(&iter->heap, i - top, &callbacks, NULL); + heap_sift(iter, i - top, bch_extent_sort_cmp); } else { /* can't happen because of comparison func */ BUG_ON(!bkey_cmp(&START_KEY(top->k), &START_KEY(i->k))); @@ -313,7 +298,7 @@ static struct bkey *bch_extent_sort_fixu bch_cut_back(&START_KEY(i->k), tmp); bch_cut_front(i->k, top->k); - min_heap_sift_down(&iter->heap, 0, &callbacks, NULL); + heap_sift(iter, 0, bch_extent_sort_cmp); return tmp; } else { @@ -633,7 +618,7 @@ static bool bch_extent_merge(struct btre } const struct btree_keys_ops bch_extent_keys_ops = { - .sort_cmp = new_bch_extent_sort_cmp, + .sort_cmp = bch_extent_sort_cmp, .sort_fixup = bch_extent_sort_fixup, .insert_fixup = bch_extent_insert_fixup, .key_invalid = bch_extent_invalid, --- a/drivers/md/bcache/movinggc.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/movinggc.c @@ -182,27 +182,16 @@ err: if (!IS_ERR_OR_NULL(w->private)) closure_sync(&cl); } -static bool new_bucket_cmp(const void *l, const void *r, void __always_unused *args) +static bool bucket_cmp(struct bucket *l, struct bucket *r) { - struct bucket **_l = (struct bucket **)l; - struct bucket **_r = (struct bucket **)r; - - return GC_SECTORS_USED(*_l) >= GC_SECTORS_USED(*_r); -} - -static void new_bucket_swap(void *l, void *r, void __always_unused *args) -{ - struct bucket **_l = l; - struct bucket **_r = r; - - swap(*_l, *_r); + return GC_SECTORS_USED(l) < GC_SECTORS_USED(r); } static unsigned int bucket_heap_top(struct cache *ca) { struct bucket *b; - return (b = min_heap_peek(&ca->heap)[0]) ? GC_SECTORS_USED(b) : 0; + return (b = heap_peek(&ca->heap)) ? GC_SECTORS_USED(b) : 0; } void bch_moving_gc(struct cache_set *c) @@ -210,10 +199,6 @@ void bch_moving_gc(struct cache_set *c) struct cache *ca = c->cache; struct bucket *b; unsigned long sectors_to_move, reserve_sectors; - const struct min_heap_callbacks callbacks = { - .less = new_bucket_cmp, - .swp = new_bucket_swap, - }; if (!c->copy_gc_enabled) return; @@ -224,7 +209,7 @@ void bch_moving_gc(struct cache_set *c) reserve_sectors = ca->sb.bucket_size * fifo_used(&ca->free[RESERVE_MOVINGGC]); - ca->heap.nr = 0; + ca->heap.used = 0; for_each_bucket(b, ca) { if (GC_MARK(b) == GC_MARK_METADATA || @@ -233,31 +218,25 @@ void bch_moving_gc(struct cache_set *c) atomic_read(&b->pin)) continue; - if (!min_heap_full(&ca->heap)) { + if (!heap_full(&ca->heap)) { sectors_to_move += GC_SECTORS_USED(b); - min_heap_push(&ca->heap, &b, &callbacks, NULL); - } else if (!new_bucket_cmp(&b, min_heap_peek(&ca->heap), ca)) { + heap_add(&ca->heap, b, bucket_cmp); + } else if (bucket_cmp(b, heap_peek(&ca->heap))) { sectors_to_move -= bucket_heap_top(ca); sectors_to_move += GC_SECTORS_USED(b); ca->heap.data[0] = b; - min_heap_sift_down(&ca->heap, 0, &callbacks, NULL); + heap_sift(&ca->heap, 0, bucket_cmp); } } while (sectors_to_move > reserve_sectors) { - if (ca->heap.nr) { - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &callbacks, NULL); - } + heap_pop(&ca->heap, b, bucket_cmp); sectors_to_move -= GC_SECTORS_USED(b); } - while (ca->heap.nr) { - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &callbacks, NULL); + while (heap_pop(&ca->heap, b, bucket_cmp)) SET_GC_MOVE(b, 1); - } mutex_unlock(&c->bucket_lock); --- a/drivers/md/bcache/super.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/super.c @@ -1912,7 +1912,8 @@ struct cache_set *bch_cache_set_alloc(st INIT_LIST_HEAD(&c->btree_cache_freed); INIT_LIST_HEAD(&c->data_buckets); - iter_size = ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size) * + iter_size = sizeof(struct btree_iter) + + ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size) * sizeof(struct btree_iter_set); c->devices = kcalloc(c->nr_uuids, sizeof(void *), GFP_KERNEL); --- a/drivers/md/bcache/sysfs.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/sysfs.c @@ -660,9 +660,7 @@ static unsigned int bch_root_usage(struc unsigned int bytes = 0; struct bkey *k; struct btree *b; - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; goto lock_root; --- a/drivers/md/bcache/util.h~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/util.h @@ -9,7 +9,6 @@ #include <linux/kernel.h> #include <linux/sched/clock.h> #include <linux/llist.h> -#include <linux/min_heap.h> #include <linux/ratelimit.h> #include <linux/vmalloc.h> #include <linux/workqueue.h> @@ -31,10 +30,16 @@ struct closure; #endif +#define DECLARE_HEAP(type, name) \ + struct { \ + size_t size, used; \ + type *data; \ + } name + #define init_heap(heap, _size, gfp) \ ({ \ size_t _bytes; \ - (heap)->nr = 0; \ + (heap)->used = 0; \ (heap)->size = (_size); \ _bytes = (heap)->size * sizeof(*(heap)->data); \ (heap)->data = kvmalloc(_bytes, (gfp) & GFP_KERNEL); \ @@ -47,6 +52,64 @@ do { \ (heap)->data = NULL; \ } while (0) +#define heap_swap(h, i, j) swap((h)->data[i], (h)->data[j]) + +#define heap_sift(h, i, cmp) \ +do { \ + size_t _r, _j = i; \ + \ + for (; _j * 2 + 1 < (h)->used; _j = _r) { \ + _r = _j * 2 + 1; \ + if (_r + 1 < (h)->used && \ + cmp((h)->data[_r], (h)->data[_r + 1])) \ + _r++; \ + \ + if (cmp((h)->data[_r], (h)->data[_j])) \ + break; \ + heap_swap(h, _r, _j); \ + } \ +} while (0) + +#define heap_sift_down(h, i, cmp) \ +do { \ + while (i) { \ + size_t p = (i - 1) / 2; \ + if (cmp((h)->data[i], (h)->data[p])) \ + break; \ + heap_swap(h, i, p); \ + i = p; \ + } \ +} while (0) + +#define heap_add(h, d, cmp) \ +({ \ + bool _r = !heap_full(h); \ + if (_r) { \ + size_t _i = (h)->used++; \ + (h)->data[_i] = d; \ + \ + heap_sift_down(h, _i, cmp); \ + heap_sift(h, _i, cmp); \ + } \ + _r; \ +}) + +#define heap_pop(h, d, cmp) \ +({ \ + bool _r = (h)->used; \ + if (_r) { \ + (d) = (h)->data[0]; \ + (h)->used--; \ + heap_swap(h, 0, (h)->used); \ + heap_sift(h, 0, cmp); \ + } \ + _r; \ +}) + +#define heap_peek(h) ((h)->used ? (h)->data[0] : NULL) + +#define heap_full(h) ((h)->used == (h)->size) + #define DECLARE_FIFO(type, name) \ struct { \ size_t front, back, size, mask; \ --- a/drivers/md/bcache/writeback.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/writeback.c @@ -908,16 +908,15 @@ static int bch_dirty_init_thread(void *a struct dirty_init_thrd_info *info = arg; struct bch_dirty_init_state *state = info->state; struct cache_set *c = state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; k = p = NULL; prev_idx = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -931,7 +930,7 @@ static int bch_dirty_init_thread(void *a skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -980,13 +979,11 @@ void bch_sectors_dirty_init(struct bcach int i; struct btree *b = NULL; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct sectors_dirty_init op; struct cache_set *c = d->c; struct bch_dirty_init_state state; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - retry_lock: b = c->root; rw_lock(0, b, b->level); _ Patches currently in -mm which might be from visitorckw(a)gmail.com are lib-math-gcd-use-static-key-to-select-implementation-at-runtime.patch riscv-optimize-gcd-code-size-when-config_riscv_isa_zbb-is-disabled.patch riscv-optimize-gcd-performance-on-risc-v-without-zbb-extension.patch

1 week, 4 days

1
0
0 0

[merged mm-hotfixes-stable] revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: Revert "bcache: update min_heap_callbacks to use default builtin swap" has been removed from the -mm tree. Its filename was revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Subject: Revert "bcache: update min_heap_callbacks to use default builtin swap" Date: Sun, 15 Jun 2025 04:23:51 +0800 Patch series "bcache: Revert min_heap migration due to performance regression". This patch series reverts the migration of bcache from its original heap implementation to the generic min_heap library. While the original change aimed to simplify the code and improve maintainability, it introduced a severe performance regression in real-world scenarios. As reported by Robert, systems using bcache now suffer from periodic latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. This degrades bcache's value as a low-latency caching layer, and leads to frequent timeouts and application stalls in production environments. The primary cause of this regression is the behavior of the generic min_heap implementation's bottom-up sift_down, which performs up to 2 * log2(n) comparisons when many elements are equal. The original top-down variant used by bcache only required O(1) comparisons in such cases. The issue was further exacerbated by commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"), which introduced non-inlined versions of the min_heap API, adding function call overhead to a performance-critical hot path. This patch (of 3): This reverts commit 3d8a9a1c35227c3f1b0bd132c9f0a80dbda07b65. Although removing the custom swap function simplified the code, this change is part of a broader migration to the generic min_heap API that introduced significant performance regressions in bcache. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. This revert is part of a series of changes to restore previous performance by undoing the min_heap transition. Link: https://lkml.kernel.org/r/20250614202353.1632957-1-visitorckw@gmail.com Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Link: https://lkml.kernel.org/r/20250614202353.1632957-2-visitorckw@gmail.com Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Acked-by: Coly Li <colyli(a)kernel.org> Cc: Ching-Chun (Jim) Huang <jserv(a)ccns.ncku.edu.tw> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/md/bcache/alloc.c | 11 +++++++++-- drivers/md/bcache/bset.c | 14 +++++++++++--- drivers/md/bcache/extents.c | 10 +++++++++- drivers/md/bcache/movinggc.c | 10 +++++++++- 4 files changed, 38 insertions(+), 7 deletions(-) --- a/drivers/md/bcache/alloc.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/alloc.c @@ -189,16 +189,23 @@ static inline bool new_bucket_min_cmp(co return new_bucket_prio(ca, *lhs) < new_bucket_prio(ca, *rhs); } +static inline void new_bucket_swap(void *l, void *r, void __always_unused *args) +{ + struct bucket **lhs = l, **rhs = r; + + swap(*lhs, *rhs); +} + static void invalidate_buckets_lru(struct cache *ca) { struct bucket *b; const struct min_heap_callbacks bucket_max_cmp_callback = { .less = new_bucket_max_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; const struct min_heap_callbacks bucket_min_cmp_callback = { .less = new_bucket_min_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; ca->heap.nr = 0; --- a/drivers/md/bcache/bset.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/bset.c @@ -1093,6 +1093,14 @@ static inline bool new_btree_iter_cmp(co return bkey_cmp(_l->k, _r->k) <= 0; } +static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +{ + struct btree_iter_set *_iter1 = iter1; + struct btree_iter_set *_iter2 = iter2; + + swap(*_iter1, *_iter2); +} + static inline bool btree_iter_end(struct btree_iter *iter) { return !iter->heap.nr; @@ -1103,7 +1111,7 @@ void bch_btree_iter_push(struct btree_it { const struct min_heap_callbacks callbacks = { .less = new_btree_iter_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; if (k != end) @@ -1149,7 +1157,7 @@ static inline struct bkey *__bch_btree_i struct bkey *ret = NULL; const struct min_heap_callbacks callbacks = { .less = cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; if (!btree_iter_end(iter)) { @@ -1223,7 +1231,7 @@ static void btree_mergesort(struct btree : bch_ptr_invalid; const struct min_heap_callbacks callbacks = { .less = b->ops->sort_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; /* Heapify the iterator, using our comparison function */ --- a/drivers/md/bcache/extents.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/extents.c @@ -266,12 +266,20 @@ static bool new_bch_extent_sort_cmp(cons return !(c ? c > 0 : _l->k < _r->k); } +static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +{ + struct btree_iter_set *_iter1 = iter1; + struct btree_iter_set *_iter2 = iter2; + + swap(*_iter1, *_iter2); +} + static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, struct bkey *tmp) { const struct min_heap_callbacks callbacks = { .less = new_bch_extent_sort_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; while (iter->heap.nr > 1) { struct btree_iter_set *top = iter->heap.data, *i = top + 1; --- a/drivers/md/bcache/movinggc.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/movinggc.c @@ -190,6 +190,14 @@ static bool new_bucket_cmp(const void *l return GC_SECTORS_USED(*_l) >= GC_SECTORS_USED(*_r); } +static void new_bucket_swap(void *l, void *r, void __always_unused *args) +{ + struct bucket **_l = l; + struct bucket **_r = r; + + swap(*_l, *_r); +} + static unsigned int bucket_heap_top(struct cache *ca) { struct bucket *b; @@ -204,7 +212,7 @@ void bch_moving_gc(struct cache_set *c) unsigned long sectors_to_move, reserve_sectors; const struct min_heap_callbacks callbacks = { .less = new_bucket_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; if (!c->copy_gc_enabled) _ Patches currently in -mm which might be from visitorckw(a)gmail.com are lib-math-gcd-use-static-key-to-select-implementation-at-runtime.patch riscv-optimize-gcd-code-size-when-config_riscv_isa_zbb-is-disabled.patch riscv-optimize-gcd-performance-on-risc-v-without-zbb-extension.patch

1 week, 4 days

1
0
0 0

[merged mm-hotfixes-stable] mm-userfaultfd-fix-race-of-userfaultfd_move-and-swap-cache.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm: userfaultfd: fix race of userfaultfd_move and swap cache has been removed from the -mm tree. Its filename was mm-userfaultfd-fix-race-of-userfaultfd_move-and-swap-cache.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm: userfaultfd: fix race of userfaultfd_move and swap cache Date: Wed, 4 Jun 2025 23:10:38 +0800 This commit fixes two kinds of races, they may have different results: Barry reported a BUG_ON in commit c50f8e6053b0, we may see the same BUG_ON if the filemap lookup returned NULL and folio is added to swap cache after that. If another kind of race is triggered (folio changed after lookup) we may see RSS counter is corrupted: [ 406.893936] BUG: Bad rss-counter state mm:ffff0000c5a9ddc0 type:MM_ANONPAGES val:-1 [ 406.894071] BUG: Bad rss-counter state mm:ffff0000c5a9ddc0 type:MM_SHMEMPAGES val:1 Because the folio is being accounted to the wrong VMA. I'm not sure if there will be any data corruption though, seems no. The issues above are critical already. On seeing a swap entry PTE, userfaultfd_move does a lockless swap cache lookup, and tries to move the found folio to the faulting vma. Currently, it relies on checking the PTE value to ensure that the moved folio still belongs to the src swap entry and that no new folio has been added to the swap cache, which turns out to be unreliable. While working and reviewing the swap table series with Barry, following existing races are observed and reproduced [1]: In the example below, move_pages_pte is moving src_pte to dst_pte, where src_pte is a swap entry PTE holding swap entry S1, and S1 is not in the swap cache: CPU1 CPU2 userfaultfd_move move_pages_pte() entry = pte_to_swp_entry(orig_src_pte); // Here it got entry = S1 ... < interrupted> ... <swapin src_pte, alloc and use folio A> // folio A is a new allocated folio // and get installed into src_pte <frees swap entry S1> // src_pte now points to folio A, S1 // has swap count == 0, it can be freed // by folio_swap_swap or swap // allocator's reclaim. <try to swap out another folio B> // folio B is a folio in another VMA. <put folio B to swap cache using S1 > // S1 is freed, folio B can use it // for swap out with no problem. ... folio = filemap_get_folio(S1) // Got folio B here !!! ... < interrupted again> ... <swapin folio B and free S1> // Now S1 is free to be used again. <swapout src_pte & folio A using S1> // Now src_pte is a swap entry PTE // holding S1 again. folio_trylock(folio) move_swap_pte double_pt_lock is_pte_pages_stable // Check passed because src_pte == S1 folio_move_anon_rmap(...) // Moved invalid folio B here !!! The race window is very short and requires multiple collisions of multiple rare events, so it's very unlikely to happen, but with a deliberately constructed reproducer and increased time window, it can be reproduced easily. This can be fixed by checking if the folio returned by filemap is the valid swap cache folio after acquiring the folio lock. Another similar race is possible: filemap_get_folio may return NULL, but folio (A) could be swapped in and then swapped out again using the same swap entry after the lookup. In such a case, folio (A) may remain in the swap cache, so it must be moved too: CPU1 CPU2 userfaultfd_move move_pages_pte() entry = pte_to_swp_entry(orig_src_pte); // Here it got entry = S1, and S1 is not in swap cache folio = filemap_get_folio(S1) // Got NULL ... < interrupted again> ... <swapin folio A and free S1> <swapout folio A re-using S1> move_swap_pte double_pt_lock is_pte_pages_stable // Check passed because src_pte == S1 folio_move_anon_rmap(...) // folio A is ignored !!! Fix this by checking the swap cache again after acquiring the src_pte lock. And to avoid the filemap overhead, we check swap_map directly [2]. The SWP_SYNCHRONOUS_IO path does make the problem more complex, but so far we don't need to worry about that, since folios can only be exposed to the swap cache in the swap out path, and this is covered in this patch by checking the swap cache again after acquiring the src_pte lock. Testing with a simple C program that allocates and moves several GB of memory did not show any observable performance change. Link: https://lkml.kernel.org/r/20250604151038.21968-1-ryncsn@gmail.com Fixes: adef440691ba ("userfaultfd: UFFDIO_MOVE uABI") Signed-off-by: Kairui Song <kasong(a)tencent.com> Closes: https://lore.kernel.org/linux-mm/CAMgjq7B1K=6OOrK2OUZ0-tqCzi+EJt+2_K97TPGoS… [1] Link: https://lore.kernel.org/all/CAGsJ_4yJhJBo16XhiC-nUzSheyX-V3-nFE+tAi=8Y560K8… [2] Reviewed-by: Lokesh Gidra <lokeshgidra(a)google.com> Acked-by: Peter Xu <peterx(a)redhat.com> Reviewed-by: Suren Baghdasaryan <surenb(a)google.com> Reviewed-by: Barry Song <baohua(a)kernel.org> Reviewed-by: Chris Li <chrisl(a)kernel.org> Cc: Andrea Arcangeli <aarcange(a)redhat.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: Kairui Song <kasong(a)tencent.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/userfaultfd.c | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) --- a/mm/userfaultfd.c~mm-userfaultfd-fix-race-of-userfaultfd_move-and-swap-cache +++ a/mm/userfaultfd.c @@ -1084,8 +1084,18 @@ static int move_swap_pte(struct mm_struc pte_t orig_dst_pte, pte_t orig_src_pte, pmd_t *dst_pmd, pmd_t dst_pmdval, spinlock_t *dst_ptl, spinlock_t *src_ptl, - struct folio *src_folio) + struct folio *src_folio, + struct swap_info_struct *si, swp_entry_t entry) { + /* + * Check if the folio still belongs to the target swap entry after + * acquiring the lock. Folio can be freed in the swap cache while + * not locked. + */ + if (src_folio && unlikely(!folio_test_swapcache(src_folio) || + entry.val != src_folio->swap.val)) + return -EAGAIN; + double_pt_lock(dst_ptl, src_ptl); if (!is_pte_pages_stable(dst_pte, src_pte, orig_dst_pte, orig_src_pte, @@ -1102,6 +1112,25 @@ static int move_swap_pte(struct mm_struc if (src_folio) { folio_move_anon_rmap(src_folio, dst_vma); src_folio->index = linear_page_index(dst_vma, dst_addr); + } else { + /* + * Check if the swap entry is cached after acquiring the src_pte + * lock. Otherwise, we might miss a newly loaded swap cache folio. + * + * Check swap_map directly to minimize overhead, READ_ONCE is sufficient. + * We are trying to catch newly added swap cache, the only possible case is + * when a folio is swapped in and out again staying in swap cache, using the + * same entry before the PTE check above. The PTL is acquired and released + * twice, each time after updating the swap_map's flag. So holding + * the PTL here ensures we see the updated value. False positive is possible, + * e.g. SWP_SYNCHRONOUS_IO swapin may set the flag without touching the + * cache, or during the tiny synchronization window between swap cache and + * swap_map, but it will be gone very quickly, worst result is retry jitters. + */ + if (READ_ONCE(si->swap_map[swp_offset(entry)]) & SWAP_HAS_CACHE) { + double_pt_unlock(dst_ptl, src_ptl); + return -EAGAIN; + } } orig_src_pte = ptep_get_and_clear(mm, src_addr, src_pte); @@ -1412,7 +1441,7 @@ retry: } err = move_swap_pte(mm, dst_vma, dst_addr, src_addr, dst_pte, src_pte, orig_dst_pte, orig_src_pte, dst_pmd, dst_pmdval, - dst_ptl, src_ptl, src_folio); + dst_ptl, src_ptl, src_folio, si, entry); } out: _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-list_lru-refactor-the-locking-code.patch mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch mm-shmem-swap-avoid-redundant-xarray-lookup-during-swapin.patch mm-shmem-swap-improve-mthp-swapin-process.patch mm-shmem-swap-avoid-false-positive-swap-cache-lookup.patch

1 week, 4 days

1
0
0 0

[merged mm-hotfixes-stable] mm-gup-revert-mm-gup-fix-infinite-loop-within-__get_longterm_locked.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked" has been removed from the -mm tree. Its filename was mm-gup-revert-mm-gup-fix-infinite-loop-within-__get_longterm_locked.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/gup: revert "mm: gup: fix infinite loop within __get_longterm_locked" Date: Wed, 11 Jun 2025 15:13:14 +0200 After commit 1aaf8c122918 ("mm: gup: fix infinite loop within __get_longterm_locked") we are able to longterm pin folios that are not supposed to get longterm pinned, simply because they temporarily have the LRU flag cleared (esp. temporarily isolated). For example, two __get_longterm_locked() callers can race, or __get_longterm_locked() can race with anything else that temporarily isolates folios. The introducing commit mentions the use case of a driver that uses vm_ops->fault to insert pages allocated through cma_alloc() into the page tables, assuming they can later get longterm pinned. These pages/ folios would never have the LRU flag set and consequently cannot get isolated. There is no known in-tree user making use of that so far, fortunately. To handle that in the future -- and avoid retrying forever to isolate/migrate them -- we will need a different mechanism for the CMA area *owner* to indicate that it actually already allocated the page and is fine with longterm pinning it. The LRU flag is not suitable for that. Probably we can lookup the relevant CMA area and query the bitmap; we only have have to care about some races, probably. If already allocated, we could just allow longterm pinning) Anyhow, let's fix the "must not be longterm pinned" problem first by reverting the original commit. Link: https://lkml.kernel.org/r/20250611131314.594529-1-david@redhat.com Fixes: 1aaf8c122918 ("mm: gup: fix infinite loop within __get_longterm_locked") Signed-off-by: David Hildenbrand <david(a)redhat.com> Closes: https://lore.kernel.org/all/20250522092755.GA3277597@tiffany/ Reported-by: Hyesoo Yu <hyesoo.yu(a)samsung.com> Reviewed-by: John Hubbard <jhubbard(a)nvidia.com> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Peter Xu <peterx(a)redhat.com> Cc: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Cc: Aijun Sun <aijun.sun(a)unisoc.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/gup.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) --- a/mm/gup.c~mm-gup-revert-mm-gup-fix-infinite-loop-within-__get_longterm_locked +++ a/mm/gup.c @@ -2303,13 +2303,13 @@ static void pofs_unpin(struct pages_or_f /* * Returns the number of collected folios. Return value is always >= 0. */ -static void collect_longterm_unpinnable_folios( +static unsigned long collect_longterm_unpinnable_folios( struct list_head *movable_folio_list, struct pages_or_folios *pofs) { + unsigned long i, collected = 0; struct folio *prev_folio = NULL; bool drain_allow = true; - unsigned long i; for (i = 0; i < pofs->nr_entries; i++) { struct folio *folio = pofs_get_folio(pofs, i); @@ -2321,6 +2321,8 @@ static void collect_longterm_unpinnable_ if (folio_is_longterm_pinnable(folio)) continue; + collected++; + if (folio_is_device_coherent(folio)) continue; @@ -2342,6 +2344,8 @@ static void collect_longterm_unpinnable_ NR_ISOLATED_ANON + folio_is_file_lru(folio), folio_nr_pages(folio)); } + + return collected; } /* @@ -2418,9 +2422,11 @@ static long check_and_migrate_movable_pages_or_folios(struct pages_or_folios *pofs) { LIST_HEAD(movable_folio_list); + unsigned long collected; - collect_longterm_unpinnable_folios(&movable_folio_list, pofs); - if (list_empty(&movable_folio_list)) + collected = collect_longterm_unpinnable_folios(&movable_folio_list, + pofs); + if (!collected) return 0; return migrate_longterm_unpinnable_folios(&movable_folio_list, pofs); _ Patches currently in -mm which might be from david(a)redhat.com are fs-proc-task_mmu-fix-page_is_pfnzero-detection-for-the-huge-zero-folio.patch mm-gup-remove-vm_bug_ons.patch mm-gup-remove-vm_bug_ons-fix.patch mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch mm-huge_memory-dont-mark-refcounted-folios-special-in-vmf_insert_folio_pmd.patch mm-huge_memory-dont-mark-refcounted-folios-special-in-vmf_insert_folio_pud.patch

1 week, 4 days

1
0
0 0

[merged mm-hotfixes-stable] mm-shmem-swap-fix-softlockup-with-mthp-swapin.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: mm/shmem, swap: fix softlockup with mTHP swapin has been removed from the -mm tree. Its filename was mm-shmem-swap-fix-softlockup-with-mthp-swapin.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm/shmem, swap: fix softlockup with mTHP swapin Date: Tue, 10 Jun 2025 01:17:51 +0800 Following softlockup can be easily reproduced on my test machine with: echo always > /sys/kernel/mm/transparent_hugepage/hugepages-64kB/enabled swapon /dev/zram0 # zram0 is a 48G swap device mkdir -p /sys/fs/cgroup/memory/test echo 1G > /sys/fs/cgroup/test/memory.max echo $BASHPID > /sys/fs/cgroup/test/cgroup.procs while true; do dd if=/dev/zero of=/tmp/test.img bs=1M count=5120 cat /tmp/test.img > /dev/null rm /tmp/test.img done Then after a while: watchdog: BUG: soft lockup - CPU#0 stuck for 763s! [cat:5787] Modules linked in: zram virtiofs CPU: 0 UID: 0 PID: 5787 Comm: cat Kdump: loaded Tainted: G L 6.15.0.orig-gf3021d9246bc-dirty #118 PREEMPT(voluntary)�� Tainted: [L]=SOFTLOCKUP Hardware name: Red Hat KVM/RHEL-AV, BIOS 0.0.0 02/06/2015 RIP: 0010:mpol_shared_policy_lookup+0xd/0x70 Code: e9 b8 b4 ff ff 31 c0 c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 41 54 55 53 <48> 8b 1f 48 85 db 74 41 4c 8d 67 08 48 89 fb 48 89 f5 4c 89 e7 e8 RSP: 0018:ffffc90002b1fc28 EFLAGS: 00000202 RAX: 00000000001c20ca RBX: 0000000000724e1e RCX: 0000000000000001 RDX: ffff888118e214c8 RSI: 0000000000057d42 RDI: ffff888118e21518 RBP: 000000000002bec8 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000bf4 R11: 0000000000000000 R12: 0000000000000001 R13: 00000000001c20ca R14: 00000000001c20ca R15: 0000000000000000 FS: 00007f03f995c740(0000) GS:ffff88a07ad9a000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f03f98f1000 CR3: 0000000144626004 CR4: 0000000000770eb0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> shmem_alloc_folio+0x31/0xc0 shmem_swapin_folio+0x309/0xcf0 ? filemap_get_entry+0x117/0x1e0 ? xas_load+0xd/0xb0 ? filemap_get_entry+0x101/0x1e0 shmem_get_folio_gfp+0x2ed/0x5b0 shmem_file_read_iter+0x7f/0x2e0 vfs_read+0x252/0x330 ksys_read+0x68/0xf0 do_syscall_64+0x4c/0x1c0 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f03f9a46991 Code: 00 48 8b 15 81 14 10 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd e8 20 ad 01 00 f3 0f 1e fa 80 3d 35 97 10 00 00 74 13 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 4f c3 66 0f 1f 44 00 00 55 48 89 e5 48 83 ec RSP: 002b:00007fff3c52bd28 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 RAX: ffffffffffffffda RBX: 0000000000040000 RCX: 00007f03f9a46991 RDX: 0000000000040000 RSI: 00007f03f98ba000 RDI: 0000000000000003 RBP: 00007fff3c52bd50 R08: 0000000000000000 R09: 00007f03f9b9a380 R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000040000 R13: 00007f03f98ba000 R14: 0000000000000003 R15: 0000000000000000 </TASK> The reason is simple, readahead brought some order 0 folio in swap cache, and the swapin mTHP folio being allocated is in conflict with it, so swapcache_prepare fails and causes shmem_swap_alloc_folio to return -EEXIST, and shmem simply retries again and again causing this loop. Fix it by applying a similar fix for anon mTHP swapin. The performance change is very slight, time of swapin 10g zero folios with shmem (test for 12 times): Before: 2.47s After: 2.48s [kasong(a)tencent.com: add comment] Link: https://lkml.kernel.org/r/20250610181645.45922-1-ryncsn@gmail.com Link: https://lkml.kernel.org/r/20250610181645.45922-1-ryncsn@gmail.com Link: https://lkml.kernel.org/r/20250609171751.36305-1-ryncsn@gmail.com Fixes: 1dd44c0af4fa ("mm: shmem: skip swapcache for swapin of synchronous swap device") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: Barry Song <baohua(a)kernel.org> Acked-by: Nhat Pham <nphamcs(a)gmail.com> Reviewed-by: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Chris Li <chrisl(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kemeng Shi <shikemeng(a)huaweicloud.com> Cc: Usama Arif <usamaarif642(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 20 -------------------- mm/shmem.c | 6 +++++- mm/swap.h | 23 +++++++++++++++++++++++ 3 files changed, 28 insertions(+), 21 deletions(-) --- a/mm/memory.c~mm-shmem-swap-fix-softlockup-with-mthp-swapin +++ a/mm/memory.c @@ -4315,26 +4315,6 @@ static struct folio *__alloc_swap_folio( } #ifdef CONFIG_TRANSPARENT_HUGEPAGE -static inline int non_swapcache_batch(swp_entry_t entry, int max_nr) -{ - struct swap_info_struct *si = swp_swap_info(entry); - pgoff_t offset = swp_offset(entry); - int i; - - /* - * While allocating a large folio and doing swap_read_folio, which is - * the case the being faulted pte doesn't have swapcache. We need to - * ensure all PTEs have no cache as well, otherwise, we might go to - * swap devices while the content is in swapcache. - */ - for (i = 0; i < max_nr; i++) { - if ((si->swap_map[offset + i] & SWAP_HAS_CACHE)) - return i; - } - - return i; -} - /* * Check if the PTEs within a range are contiguous swap entries * and have consistent swapcache, zeromap. --- a/mm/shmem.c~mm-shmem-swap-fix-softlockup-with-mthp-swapin +++ a/mm/shmem.c @@ -2259,6 +2259,7 @@ static int shmem_swapin_folio(struct ino folio = swap_cache_get_folio(swap, NULL, 0); order = xa_get_order(&mapping->i_pages, index); if (!folio) { + int nr_pages = 1 << order; bool fallback_order0 = false; /* Or update major stats only when swapin succeeds?? */ @@ -2272,9 +2273,12 @@ static int shmem_swapin_folio(struct ino * If uffd is active for the vma, we need per-page fault * fidelity to maintain the uffd semantics, then fallback * to swapin order-0 folio, as well as for zswap case. + * Any existing sub folio in the swap cache also blocks + * mTHP swapin. */ if (order > 0 && ((vma && unlikely(userfaultfd_armed(vma))) || - !zswap_never_enabled())) + !zswap_never_enabled() || + non_swapcache_batch(swap, nr_pages) != nr_pages)) fallback_order0 = true; /* Skip swapcache for synchronous device. */ --- a/mm/swap.h~mm-shmem-swap-fix-softlockup-with-mthp-swapin +++ a/mm/swap.h @@ -106,6 +106,25 @@ static inline int swap_zeromap_batch(swp return find_next_bit(sis->zeromap, end, start) - start; } +static inline int non_swapcache_batch(swp_entry_t entry, int max_nr) +{ + struct swap_info_struct *si = swp_swap_info(entry); + pgoff_t offset = swp_offset(entry); + int i; + + /* + * While allocating a large folio and doing mTHP swapin, we need to + * ensure all entries are not cached, otherwise, the mTHP folio will + * be in conflict with the folio in swap cache. + */ + for (i = 0; i < max_nr; i++) { + if ((si->swap_map[offset + i] & SWAP_HAS_CACHE)) + return i; + } + + return i; +} + #else /* CONFIG_SWAP */ struct swap_iocb; static inline void swap_read_folio(struct folio *folio, struct swap_iocb **plug) @@ -199,6 +218,10 @@ static inline int swap_zeromap_batch(swp return 0; } +static inline int non_swapcache_batch(swp_entry_t entry, int max_nr) +{ + return 0; +} #endif /* CONFIG_SWAP */ /** _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-list_lru-refactor-the-locking-code.patch mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch mm-shmem-swap-avoid-redundant-xarray-lookup-during-swapin.patch mm-shmem-swap-improve-mthp-swapin-process.patch mm-shmem-swap-avoid-false-positive-swap-cache-lookup.patch

1 week, 4 days

1
0
0 0

[PATCH v6 1/4] scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out

by Karan Tilak Kumar

When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same frame twice that leads to a crash. Fix crash by allocating separate frames for RHBA and RPA, and modify ABTS logic accordingly. Tested by checking MDS for FDMI information. Tested by using instrumented driver to: Drop PLOGI response Drop RHBA response Drop RPA response Drop RHBA and RPA response Drop PLOGI response + ABTS response Drop RHBA response + ABTS response Drop RPA response + ABTS response Drop RHBA and RPA response + ABTS response for both of them Fixes: 09c1e6ab4ab2 ("scsi: fnic: Add and integrate support for FDMI") Reviewed-by: Sesidhar Baddela <sebaddel(a)cisco.com> Reviewed-by: Arulprabhu Ponnusamy <arulponn(a)cisco.com> Reviewed-by: Gian Carlo Boffa <gcboffa(a)cisco.com> Tested-by: Arun Easi <aeasi(a)cisco.com> Co-developed-by: Arun Easi <aeasi(a)cisco.com> Signed-off-by: Arun Easi <aeasi(a)cisco.com> Tested-by: Karan Tilak Kumar <kartilak(a)cisco.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Karan Tilak Kumar <kartilak(a)cisco.com> --- Changes between v5 and v6: - Incorporate review comments from John: - Rebase patches on 6.17/scsi-queue Changes between v4 and v5: - Incorporate review comments from John: - Refactor patches Changes between v3 and v4: - Incorporate review comments from Dan: - Remove comments from Cc tag Changes between v2 and v3: - Incorporate review comments from Dan: - Add Cc to stable Changes between v1 and v2: - Incorporate review comments from Dan: - Add Fixes tag --- drivers/scsi/fnic/fdls_disc.c | 113 +++++++++++++++++++++++++--------- drivers/scsi/fnic/fnic.h | 2 +- drivers/scsi/fnic/fnic_fdls.h | 1 + 3 files changed, 87 insertions(+), 29 deletions(-) diff --git a/drivers/scsi/fnic/fdls_disc.c b/drivers/scsi/fnic/fdls_disc.c index f8ab69c51dab..36b498ad55b4 100644 --- a/drivers/scsi/fnic/fdls_disc.c +++ b/drivers/scsi/fnic/fdls_disc.c @@ -763,47 +763,69 @@ static void fdls_send_fabric_abts(struct fnic_iport_s *iport) iport->fabric.timer_pending = 1; } -static void fdls_send_fdmi_abts(struct fnic_iport_s *iport) +static uint8_t *fdls_alloc_init_fdmi_abts_frame(struct fnic_iport_s *iport, + uint16_t oxid) { - uint8_t *frame; + struct fc_frame_header *pfdmi_abts; uint8_t d_id[3]; + uint8_t *frame; struct fnic *fnic = iport->fnic; - struct fc_frame_header *pfabric_abts; - unsigned long fdmi_tov; - uint16_t oxid; - uint16_t frame_size = FNIC_ETH_FCOE_HDRS_OFFSET + - sizeof(struct fc_frame_header); frame = fdls_alloc_frame(iport); if (frame == NULL) { FNIC_FCS_DBG(KERN_ERR, fnic->host, fnic->fnic_num, "Failed to allocate frame to send FDMI ABTS"); - return; + return NULL; } - pfabric_abts = (struct fc_frame_header *) (frame + FNIC_ETH_FCOE_HDRS_OFFSET); + pfdmi_abts = (struct fc_frame_header *) (frame + FNIC_ETH_FCOE_HDRS_OFFSET); fdls_init_fabric_abts_frame(frame, iport); hton24(d_id, FC_FID_MGMT_SERV); - FNIC_STD_SET_D_ID(*pfabric_abts, d_id); + FNIC_STD_SET_D_ID(*pfdmi_abts, d_id); + FNIC_STD_SET_OX_ID(*pfdmi_abts, oxid); + + return frame; +} + +static void fdls_send_fdmi_abts(struct fnic_iport_s *iport) +{ + uint8_t *frame; + unsigned long fdmi_tov; + uint16_t frame_size = FNIC_ETH_FCOE_HDRS_OFFSET + + sizeof(struct fc_frame_header); if (iport->fabric.fdmi_pending & FDLS_FDMI_PLOGI_PENDING) { - oxid = iport->active_oxid_fdmi_plogi; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_plogi); + if (frame == NULL) + return; + fnic_send_fcoe_frame(iport, frame, frame_size); } else { if (iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING) { - oxid = iport->active_oxid_fdmi_rhba; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_rhba); + if (frame == NULL) + return; + fnic_send_fcoe_frame(iport, frame, frame_size); } if (iport->fabric.fdmi_pending & FDLS_FDMI_RPA_PENDING) { - oxid = iport->active_oxid_fdmi_rpa; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_rpa); + if (frame == NULL) { + if (iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING) + goto arm_timer; + else + return; + } + fnic_send_fcoe_frame(iport, frame, frame_size); } } +arm_timer: fdmi_tov = jiffies + msecs_to_jiffies(2 * iport->e_d_tov); mod_timer(&iport->fabric.fdmi_timer, round_jiffies(fdmi_tov)); iport->fabric.fdmi_pending |= FDLS_FDMI_ABORT_PENDING; @@ -2245,6 +2267,21 @@ void fdls_fabric_timer_callback(struct timer_list *t) spin_unlock_irqrestore(&fnic->fnic_lock, flags); } +void fdls_fdmi_retry_plogi(struct fnic_iport_s *iport) +{ + struct fnic *fnic = iport->fnic; + + iport->fabric.fdmi_pending = 0; + /* If max retries not exhausted, start over from fdmi plogi */ + if (iport->fabric.fdmi_retry < FDLS_FDMI_MAX_RETRY) { + iport->fabric.fdmi_retry++; + FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, + "Retry FDMI PLOGI. FDMI retry: %d", + iport->fabric.fdmi_retry); + fdls_send_fdmi_plogi(iport); + } +} + void fdls_fdmi_timer_callback(struct timer_list *t) { struct fnic_fdls_fabric_s *fabric = timer_container_of(fabric, t, @@ -2291,14 +2328,7 @@ void fdls_fdmi_timer_callback(struct timer_list *t) FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, "fdmi timer callback : 0x%x\n", iport->fabric.fdmi_pending); - iport->fabric.fdmi_pending = 0; - /* If max retries not exhaused, start over from fdmi plogi */ - if (iport->fabric.fdmi_retry < FDLS_FDMI_MAX_RETRY) { - iport->fabric.fdmi_retry++; - FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, - "retry fdmi timer %d", iport->fabric.fdmi_retry); - fdls_send_fdmi_plogi(iport); - } + fdls_fdmi_retry_plogi(iport); FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, "fdmi timer callback : 0x%x\n", iport->fabric.fdmi_pending); spin_unlock_irqrestore(&fnic->fnic_lock, flags); @@ -3716,11 +3746,32 @@ static void fdls_process_fdmi_abts_rsp(struct fnic_iport_s *iport, switch (FNIC_FRAME_TYPE(oxid)) { case FNIC_FRAME_TYPE_FDMI_PLOGI: fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_plogi); + + iport->fabric.fdmi_pending &= ~FDLS_FDMI_PLOGI_PENDING; + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; break; case FNIC_FRAME_TYPE_FDMI_RHBA: + iport->fabric.fdmi_pending &= ~FDLS_FDMI_REG_HBA_PENDING; + + /* If RPA is still pending, don't turn off ABORT PENDING. + * We count on the timer to detect the ABTS timeout and take + * corrective action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_RPA_PENDING)) + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; + fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_rhba); break; case FNIC_FRAME_TYPE_FDMI_RPA: + iport->fabric.fdmi_pending &= ~FDLS_FDMI_RPA_PENDING; + + /* If RHBA is still pending, don't turn off ABORT PENDING. + * We count on the timer to detect the ABTS timeout and take + * corrective action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING)) + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; + fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_rpa); break; default: @@ -3730,10 +3781,16 @@ static void fdls_process_fdmi_abts_rsp(struct fnic_iport_s *iport, break; } - timer_delete_sync(&iport->fabric.fdmi_timer); - iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; - - fdls_send_fdmi_plogi(iport); + /* + * Only if ABORT PENDING is off, delete the timer, and if no other + * operations are pending, retry FDMI. + * Otherwise, let the timer pop and take the appropriate action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_ABORT_PENDING)) { + timer_delete_sync(&iport->fabric.fdmi_timer); + if (!iport->fabric.fdmi_pending) + fdls_fdmi_retry_plogi(iport); + } } static void diff --git a/drivers/scsi/fnic/fnic.h b/drivers/scsi/fnic/fnic.h index 6c5f6046b1f5..86e293ce530d 100644 --- a/drivers/scsi/fnic/fnic.h +++ b/drivers/scsi/fnic/fnic.h @@ -30,7 +30,7 @@ #define DRV_NAME "fnic" #define DRV_DESCRIPTION "Cisco FCoE HBA Driver" -#define DRV_VERSION "1.8.0.0" +#define DRV_VERSION "1.8.0.1" #define PFX DRV_NAME ": " #define DFX DRV_NAME "%d: " diff --git a/drivers/scsi/fnic/fnic_fdls.h b/drivers/scsi/fnic/fnic_fdls.h index 8e610b65ad57..531d0b37e450 100644 --- a/drivers/scsi/fnic/fnic_fdls.h +++ b/drivers/scsi/fnic/fnic_fdls.h @@ -394,6 +394,7 @@ void fdls_send_tport_abts(struct fnic_iport_s *iport, bool fdls_delete_tport(struct fnic_iport_s *iport, struct fnic_tport_s *tport); void fdls_fdmi_timer_callback(struct timer_list *t); +void fdls_fdmi_retry_plogi(struct fnic_iport_s *iport); /* fnic_fcs.c */ void fnic_fdls_init(struct fnic *fnic, int usefip); -- 2.47.1

1 week, 4 days

4
5
0 0

[PATCH] scsi: mpt3sas: drop unused variable in mpt3sas_send_mctp_passthru_req()

by André Draszik

With W=1, gcc complains correctly: mpt3sas_ctl.c: In function ‘mpt3sas_send_mctp_passthru_req’: mpt3sas_ctl.c:2917:29: error: variable ‘mpi_reply’ set but not used [-Werror=unused-but-set-variable] 2917 | MPI2DefaultReply_t *mpi_reply; | ^~~~~~~~~ Drop the unused assignment and variable. Fixes: c72be4b5bb7c ("scsi: mpt3sas: Add support for MCTP Passthrough commands") Cc: stable(a)vger.kernel.org Signed-off-by: André Draszik <andre.draszik(a)linaro.org> --- drivers/scsi/mpt3sas/mpt3sas_ctl.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/drivers/scsi/mpt3sas/mpt3sas_ctl.c b/drivers/scsi/mpt3sas/mpt3sas_ctl.c index 02fc204b9bf7b276115bf6db52746155381799fd..3b951589feeb6c13094ea44b494ca3050a309b15 100644 --- a/drivers/scsi/mpt3sas/mpt3sas_ctl.c +++ b/drivers/scsi/mpt3sas/mpt3sas_ctl.c @@ -2914,7 +2914,6 @@ int mpt3sas_send_mctp_passthru_req(struct mpt3_passthru_command *command) { struct MPT3SAS_ADAPTER *ioc; MPI2RequestHeader_t *mpi_request = NULL, *request; - MPI2DefaultReply_t *mpi_reply; Mpi26MctpPassthroughRequest_t *mctp_passthru_req; u16 smid; unsigned long timeout; @@ -3022,8 +3021,6 @@ int mpt3sas_send_mctp_passthru_req(struct mpt3_passthru_command *command) goto issue_host_reset; } - mpi_reply = ioc->ctl_cmds.reply; - /* copy out xdata to user */ if (data_in_sz) memcpy(command->data_in_buf_ptr, data_in, data_in_sz); --- base-commit: a0bea9e39035edc56a994630e6048c8a191a99d8 change-id: 20250606-mpt3sas-15563809f705 Best regards, -- André Draszik <andre.draszik(a)linaro.org>

1 week, 4 days

2
2
0 0

[PATCH] ARM: Use an absolute path to unified.h in KBUILD_AFLAGS

by Nathan Chancellor

After commit d5c8d6e0fa61 ("kbuild: Update assembler calls to use proper flags and language target"), which updated as-instr to use the 'assembler-with-cpp' language option, the Kbuild version of as-instr always fails internally for arch/arm with <command-line>: fatal error: asm/unified.h: No such file or directory compilation terminated. because '-include' flags are now taken into account by the compiler driver and as-instr does not have '$(LINUXINCLUDE)', so unified.h is not found. This went unnoticed at the time of the Kbuild change because the last use of as-instr in Kbuild that arch/arm could reach was removed in 5.7 by commit 541ad0150ca4 ("arm: Remove 32bit KVM host support") but a stable backport of the Kbuild change to before that point exposed this potential issue if one were to be reintroduced. Follow the general pattern of '-include' paths throughout the tree and make unified.h absolute using '$(srctree)' to ensure KBUILD_AFLAGS can be used independently. Cc: stable(a)vger.kernel.org Fixes: d5c8d6e0fa61 ("kbuild: Update assembler calls to use proper flags and language target") Reported-by: KernelCI bot <bot(a)kernelci.org> Closes: https://lore.kernel.org/CACo-S-1qbCX4WAVFA63dWfHtrRHZBTyyr2js8Lx=Az03XHTTHg… Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- arch/arm/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm/Makefile b/arch/arm/Makefile index 4808d3ed98e4..e31e95ffd33f 100644 --- a/arch/arm/Makefile +++ b/arch/arm/Makefile @@ -149,7 +149,7 @@ endif # Need -Uarm for gcc < 3.x KBUILD_CPPFLAGS +=$(cpp-y) KBUILD_CFLAGS +=$(CFLAGS_ABI) $(CFLAGS_ISA) $(arch-y) $(tune-y) $(call cc-option,-mshort-load-bytes,$(call cc-option,-malignment-traps,)) -msoft-float -Uarm -KBUILD_AFLAGS +=$(CFLAGS_ABI) $(AFLAGS_ISA) -Wa,$(arch-y) $(tune-y) -include asm/unified.h -msoft-float +KBUILD_AFLAGS +=$(CFLAGS_ABI) $(AFLAGS_ISA) -Wa,$(arch-y) $(tune-y) -include $(srctree)/arch/arm/include/asm/unified.h -msoft-float KBUILD_RUSTFLAGS += --target=arm-unknown-linux-gnueabi CHECKFLAGS += -D__arm__ --- base-commit: e04c78d86a9699d136910cfc0bdcf01087e3267e change-id: 20250618-arm-expand-include-unified-h-path-60e65adcda1e Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

1 week, 4 days

2
1
0 0

[PATCH 6.1/6.6] platform/x86: ideapad-laptop: add missing Ideapad Pro 5 fn keys

by WangYuli

From: Renato Caldas <renato(a)calgera.com> [ Upstream commit 36e66be874a7ea9d28fb9757629899a8449b8748 ] The scancodes for the Mic Mute and Airplane keys on the Ideapad Pro 5 (14AHP9 at least, probably the other variants too) are different and were not being picked up by the driver. This adds them to the keymap. Apart from what is already supported, the remaining fn keys are unfortunately producing windows-specific key-combos. Signed-off-by: Renato Caldas <renato(a)calgera.com> Link: https://lore.kernel.org/r/20241102183116.30142-1-renato@calgera.com Reviewed-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> Signed-off-by: WangYuli <wangyuli(a)uniontech.com> --- drivers/platform/x86/ideapad-laptop.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c index 88eefccb6ed2..50013af0537c 100644 --- a/drivers/platform/x86/ideapad-laptop.c +++ b/drivers/platform/x86/ideapad-laptop.c @@ -1101,6 +1101,9 @@ static const struct key_entry ideapad_keymap[] = { { KE_KEY, 0x27 | IDEAPAD_WMI_KEY, { KEY_HELP } }, /* Refresh Rate Toggle */ { KE_KEY, 0x0a | IDEAPAD_WMI_KEY, { KEY_DISPLAYTOGGLE } }, + /* Specific to some newer models */ + { KE_KEY, 0x3e | IDEAPAD_WMI_KEY, { KEY_MICMUTE } }, + { KE_KEY, 0x3f | IDEAPAD_WMI_KEY, { KEY_RFKILL } }, { KE_END }, }; -- 2.50.0

1 week, 4 days

2
1
0 0

FAILED: patch "[PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x fe7f7ac8e0c708446ff017453add769ffc15deed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061738-circus-skipping-ed0c@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe7f7ac8e0c708446ff017453add769ffc15deed Mon Sep 17 00:00:00 2001 From: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Date: Wed, 12 Mar 2025 15:23:31 -0700 Subject: [PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Update struct hid_descriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently does not parse any optional HID class descriptors, only the mandatory report descriptor. Update all references to member element desc[0] to rpt_desc. Add test to verify bLength and bNumDescriptors values are valid. Replace the for loop with direct access to the mandatory HID class descriptor member for the report descriptor. This eliminates the possibility of getting an out-of-bounds fault. Add a warning message if the HID descriptor contains any unsupported optional HID class descriptors. Reported-by: syzbot+c52569baf0c843f35495(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c52569baf0c843f35495 Fixes: f043bfc98c19 ("HID: usbhid: fix out-of-bounds bug") Cc: stable(a)vger.kernel.org Signed-off-by: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c index 0fb210e40a41..9eafff0b6ea4 100644 --- a/drivers/hid/hid-hyperv.c +++ b/drivers/hid/hid-hyperv.c @@ -192,7 +192,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, goto cleanup; input_device->report_desc_size = le16_to_cpu( - desc->desc[0].wDescriptorLength); + desc->rpt_desc.wDescriptorLength); if (input_device->report_desc_size == 0) { input_device->dev_info_status = -EINVAL; goto cleanup; @@ -210,7 +210,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, memcpy(input_device->report_desc, ((unsigned char *)desc) + desc->bLength, - le16_to_cpu(desc->desc[0].wDescriptorLength)); + le16_to_cpu(desc->rpt_desc.wDescriptorLength)); /* Send the ack */ memset(&ack, 0, sizeof(struct mousevsc_prt_msg)); diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c index 44c2351b870f..fc2b92dfc242 100644 --- a/drivers/hid/usbhid/hid-core.c +++ b/drivers/hid/usbhid/hid-core.c @@ -984,12 +984,11 @@ static int usbhid_parse(struct hid_device *hid) struct usb_host_interface *interface = intf->cur_altsetting; struct usb_device *dev = interface_to_usbdev (intf); struct hid_descriptor *hdesc; + struct hid_class_descriptor *hcdesc; u32 quirks = 0; unsigned int rsize = 0; char *rdesc; - int ret, n; - int num_descriptors; - size_t offset = offsetof(struct hid_descriptor, desc); + int ret; quirks = hid_lookup_quirk(hid); @@ -1011,20 +1010,19 @@ static int usbhid_parse(struct hid_device *hid) return -ENODEV; } - if (hdesc->bLength < sizeof(struct hid_descriptor)) { - dbg_hid("hid descriptor is too short\n"); + if (!hdesc->bNumDescriptors || + hdesc->bLength != sizeof(*hdesc) + + (hdesc->bNumDescriptors - 1) * sizeof(*hcdesc)) { + dbg_hid("hid descriptor invalid, bLen=%hhu bNum=%hhu\n", + hdesc->bLength, hdesc->bNumDescriptors); return -EINVAL; } hid->version = le16_to_cpu(hdesc->bcdHID); hid->country = hdesc->bCountryCode; - num_descriptors = min_t(int, hdesc->bNumDescriptors, - (hdesc->bLength - offset) / sizeof(struct hid_class_descriptor)); - - for (n = 0; n < num_descriptors; n++) - if (hdesc->desc[n].bDescriptorType == HID_DT_REPORT) - rsize = le16_to_cpu(hdesc->desc[n].wDescriptorLength); + if (hdesc->rpt_desc.bDescriptorType == HID_DT_REPORT) + rsize = le16_to_cpu(hdesc->rpt_desc.wDescriptorLength); if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) { dbg_hid("weird size of report descriptor (%u)\n", rsize); @@ -1052,6 +1050,11 @@ static int usbhid_parse(struct hid_device *hid) goto err; } + if (hdesc->bNumDescriptors > 1) + hid_warn(intf, + "%u unsupported optional hid class descriptors\n", + (int)(hdesc->bNumDescriptors - 1)); + hid->quirks |= quirks; return 0; diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c index 740311c4fa24..c7a05f842745 100644 --- a/drivers/usb/gadget/function/f_hid.c +++ b/drivers/usb/gadget/function/f_hid.c @@ -144,8 +144,8 @@ static struct hid_descriptor hidg_desc = { .bcdHID = cpu_to_le16(0x0101), .bCountryCode = 0x00, .bNumDescriptors = 0x1, - /*.desc[0].bDescriptorType = DYNAMIC */ - /*.desc[0].wDescriptorLenght = DYNAMIC */ + /*.rpt_desc.bDescriptorType = DYNAMIC */ + /*.rpt_desc.wDescriptorLength = DYNAMIC */ }; /* Super-Speed Support */ @@ -939,8 +939,8 @@ static int hidg_setup(struct usb_function *f, struct hid_descriptor hidg_desc_copy = hidg_desc; VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); - hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc_copy.desc[0].wDescriptorLength = + hidg_desc_copy.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc_copy.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); length = min_t(unsigned short, length, @@ -1210,8 +1210,8 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f) * We can use hidg_desc struct here but we should not relay * that its content won't change after returning from this function. */ - hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc.desc[0].wDescriptorLength = + hidg_desc.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); hidg_hs_in_ep_desc.bEndpointAddress = diff --git a/include/linux/hid.h b/include/linux/hid.h index ef9a90ca0fbd..daae1d6d11a7 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h @@ -740,8 +740,9 @@ struct hid_descriptor { __le16 bcdHID; __u8 bCountryCode; __u8 bNumDescriptors; + struct hid_class_descriptor rpt_desc; - struct hid_class_descriptor desc[1]; + struct hid_class_descriptor opt_descs[]; } __attribute__ ((packed)); #define HID_DEVICE(b, g, ven, prod) \

1 week, 4 days

3
2
0 0

FAILED: patch "[PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x fe7f7ac8e0c708446ff017453add769ffc15deed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061739-tiger-fritter-acf8@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe7f7ac8e0c708446ff017453add769ffc15deed Mon Sep 17 00:00:00 2001 From: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Date: Wed, 12 Mar 2025 15:23:31 -0700 Subject: [PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Update struct hid_descriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently does not parse any optional HID class descriptors, only the mandatory report descriptor. Update all references to member element desc[0] to rpt_desc. Add test to verify bLength and bNumDescriptors values are valid. Replace the for loop with direct access to the mandatory HID class descriptor member for the report descriptor. This eliminates the possibility of getting an out-of-bounds fault. Add a warning message if the HID descriptor contains any unsupported optional HID class descriptors. Reported-by: syzbot+c52569baf0c843f35495(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c52569baf0c843f35495 Fixes: f043bfc98c19 ("HID: usbhid: fix out-of-bounds bug") Cc: stable(a)vger.kernel.org Signed-off-by: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c index 0fb210e40a41..9eafff0b6ea4 100644 --- a/drivers/hid/hid-hyperv.c +++ b/drivers/hid/hid-hyperv.c @@ -192,7 +192,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, goto cleanup; input_device->report_desc_size = le16_to_cpu( - desc->desc[0].wDescriptorLength); + desc->rpt_desc.wDescriptorLength); if (input_device->report_desc_size == 0) { input_device->dev_info_status = -EINVAL; goto cleanup; @@ -210,7 +210,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, memcpy(input_device->report_desc, ((unsigned char *)desc) + desc->bLength, - le16_to_cpu(desc->desc[0].wDescriptorLength)); + le16_to_cpu(desc->rpt_desc.wDescriptorLength)); /* Send the ack */ memset(&ack, 0, sizeof(struct mousevsc_prt_msg)); diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c index 44c2351b870f..fc2b92dfc242 100644 --- a/drivers/hid/usbhid/hid-core.c +++ b/drivers/hid/usbhid/hid-core.c @@ -984,12 +984,11 @@ static int usbhid_parse(struct hid_device *hid) struct usb_host_interface *interface = intf->cur_altsetting; struct usb_device *dev = interface_to_usbdev (intf); struct hid_descriptor *hdesc; + struct hid_class_descriptor *hcdesc; u32 quirks = 0; unsigned int rsize = 0; char *rdesc; - int ret, n; - int num_descriptors; - size_t offset = offsetof(struct hid_descriptor, desc); + int ret; quirks = hid_lookup_quirk(hid); @@ -1011,20 +1010,19 @@ static int usbhid_parse(struct hid_device *hid) return -ENODEV; } - if (hdesc->bLength < sizeof(struct hid_descriptor)) { - dbg_hid("hid descriptor is too short\n"); + if (!hdesc->bNumDescriptors || + hdesc->bLength != sizeof(*hdesc) + + (hdesc->bNumDescriptors - 1) * sizeof(*hcdesc)) { + dbg_hid("hid descriptor invalid, bLen=%hhu bNum=%hhu\n", + hdesc->bLength, hdesc->bNumDescriptors); return -EINVAL; } hid->version = le16_to_cpu(hdesc->bcdHID); hid->country = hdesc->bCountryCode; - num_descriptors = min_t(int, hdesc->bNumDescriptors, - (hdesc->bLength - offset) / sizeof(struct hid_class_descriptor)); - - for (n = 0; n < num_descriptors; n++) - if (hdesc->desc[n].bDescriptorType == HID_DT_REPORT) - rsize = le16_to_cpu(hdesc->desc[n].wDescriptorLength); + if (hdesc->rpt_desc.bDescriptorType == HID_DT_REPORT) + rsize = le16_to_cpu(hdesc->rpt_desc.wDescriptorLength); if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) { dbg_hid("weird size of report descriptor (%u)\n", rsize); @@ -1052,6 +1050,11 @@ static int usbhid_parse(struct hid_device *hid) goto err; } + if (hdesc->bNumDescriptors > 1) + hid_warn(intf, + "%u unsupported optional hid class descriptors\n", + (int)(hdesc->bNumDescriptors - 1)); + hid->quirks |= quirks; return 0; diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c index 740311c4fa24..c7a05f842745 100644 --- a/drivers/usb/gadget/function/f_hid.c +++ b/drivers/usb/gadget/function/f_hid.c @@ -144,8 +144,8 @@ static struct hid_descriptor hidg_desc = { .bcdHID = cpu_to_le16(0x0101), .bCountryCode = 0x00, .bNumDescriptors = 0x1, - /*.desc[0].bDescriptorType = DYNAMIC */ - /*.desc[0].wDescriptorLenght = DYNAMIC */ + /*.rpt_desc.bDescriptorType = DYNAMIC */ + /*.rpt_desc.wDescriptorLength = DYNAMIC */ }; /* Super-Speed Support */ @@ -939,8 +939,8 @@ static int hidg_setup(struct usb_function *f, struct hid_descriptor hidg_desc_copy = hidg_desc; VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); - hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc_copy.desc[0].wDescriptorLength = + hidg_desc_copy.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc_copy.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); length = min_t(unsigned short, length, @@ -1210,8 +1210,8 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f) * We can use hidg_desc struct here but we should not relay * that its content won't change after returning from this function. */ - hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc.desc[0].wDescriptorLength = + hidg_desc.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); hidg_hs_in_ep_desc.bEndpointAddress = diff --git a/include/linux/hid.h b/include/linux/hid.h index ef9a90ca0fbd..daae1d6d11a7 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h @@ -740,8 +740,9 @@ struct hid_descriptor { __le16 bcdHID; __u8 bCountryCode; __u8 bNumDescriptors; + struct hid_class_descriptor rpt_desc; - struct hid_class_descriptor desc[1]; + struct hid_class_descriptor opt_descs[]; } __attribute__ ((packed)); #define HID_DEVICE(b, g, ven, prod) \

1 week, 4 days

3
2
0 0

FAILED: patch "[PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x fe7f7ac8e0c708446ff017453add769ffc15deed # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061739-jersey-sneak-9ecf@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From fe7f7ac8e0c708446ff017453add769ffc15deed Mon Sep 17 00:00:00 2001 From: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Date: Wed, 12 Mar 2025 15:23:31 -0700 Subject: [PATCH] HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Update struct hid_descriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note: the kernel currently does not parse any optional HID class descriptors, only the mandatory report descriptor. Update all references to member element desc[0] to rpt_desc. Add test to verify bLength and bNumDescriptors values are valid. Replace the for loop with direct access to the mandatory HID class descriptor member for the report descriptor. This eliminates the possibility of getting an out-of-bounds fault. Add a warning message if the HID descriptor contains any unsupported optional HID class descriptors. Reported-by: syzbot+c52569baf0c843f35495(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c52569baf0c843f35495 Fixes: f043bfc98c19 ("HID: usbhid: fix out-of-bounds bug") Cc: stable(a)vger.kernel.org Signed-off-by: Terry Junge <linuxhid(a)cosmicgizmosystems.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Signed-off-by: Jiri Kosina <jkosina(a)suse.com> diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c index 0fb210e40a41..9eafff0b6ea4 100644 --- a/drivers/hid/hid-hyperv.c +++ b/drivers/hid/hid-hyperv.c @@ -192,7 +192,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, goto cleanup; input_device->report_desc_size = le16_to_cpu( - desc->desc[0].wDescriptorLength); + desc->rpt_desc.wDescriptorLength); if (input_device->report_desc_size == 0) { input_device->dev_info_status = -EINVAL; goto cleanup; @@ -210,7 +210,7 @@ static void mousevsc_on_receive_device_info(struct mousevsc_dev *input_device, memcpy(input_device->report_desc, ((unsigned char *)desc) + desc->bLength, - le16_to_cpu(desc->desc[0].wDescriptorLength)); + le16_to_cpu(desc->rpt_desc.wDescriptorLength)); /* Send the ack */ memset(&ack, 0, sizeof(struct mousevsc_prt_msg)); diff --git a/drivers/hid/usbhid/hid-core.c b/drivers/hid/usbhid/hid-core.c index 44c2351b870f..fc2b92dfc242 100644 --- a/drivers/hid/usbhid/hid-core.c +++ b/drivers/hid/usbhid/hid-core.c @@ -984,12 +984,11 @@ static int usbhid_parse(struct hid_device *hid) struct usb_host_interface *interface = intf->cur_altsetting; struct usb_device *dev = interface_to_usbdev (intf); struct hid_descriptor *hdesc; + struct hid_class_descriptor *hcdesc; u32 quirks = 0; unsigned int rsize = 0; char *rdesc; - int ret, n; - int num_descriptors; - size_t offset = offsetof(struct hid_descriptor, desc); + int ret; quirks = hid_lookup_quirk(hid); @@ -1011,20 +1010,19 @@ static int usbhid_parse(struct hid_device *hid) return -ENODEV; } - if (hdesc->bLength < sizeof(struct hid_descriptor)) { - dbg_hid("hid descriptor is too short\n"); + if (!hdesc->bNumDescriptors || + hdesc->bLength != sizeof(*hdesc) + + (hdesc->bNumDescriptors - 1) * sizeof(*hcdesc)) { + dbg_hid("hid descriptor invalid, bLen=%hhu bNum=%hhu\n", + hdesc->bLength, hdesc->bNumDescriptors); return -EINVAL; } hid->version = le16_to_cpu(hdesc->bcdHID); hid->country = hdesc->bCountryCode; - num_descriptors = min_t(int, hdesc->bNumDescriptors, - (hdesc->bLength - offset) / sizeof(struct hid_class_descriptor)); - - for (n = 0; n < num_descriptors; n++) - if (hdesc->desc[n].bDescriptorType == HID_DT_REPORT) - rsize = le16_to_cpu(hdesc->desc[n].wDescriptorLength); + if (hdesc->rpt_desc.bDescriptorType == HID_DT_REPORT) + rsize = le16_to_cpu(hdesc->rpt_desc.wDescriptorLength); if (!rsize || rsize > HID_MAX_DESCRIPTOR_SIZE) { dbg_hid("weird size of report descriptor (%u)\n", rsize); @@ -1052,6 +1050,11 @@ static int usbhid_parse(struct hid_device *hid) goto err; } + if (hdesc->bNumDescriptors > 1) + hid_warn(intf, + "%u unsupported optional hid class descriptors\n", + (int)(hdesc->bNumDescriptors - 1)); + hid->quirks |= quirks; return 0; diff --git a/drivers/usb/gadget/function/f_hid.c b/drivers/usb/gadget/function/f_hid.c index 740311c4fa24..c7a05f842745 100644 --- a/drivers/usb/gadget/function/f_hid.c +++ b/drivers/usb/gadget/function/f_hid.c @@ -144,8 +144,8 @@ static struct hid_descriptor hidg_desc = { .bcdHID = cpu_to_le16(0x0101), .bCountryCode = 0x00, .bNumDescriptors = 0x1, - /*.desc[0].bDescriptorType = DYNAMIC */ - /*.desc[0].wDescriptorLenght = DYNAMIC */ + /*.rpt_desc.bDescriptorType = DYNAMIC */ + /*.rpt_desc.wDescriptorLength = DYNAMIC */ }; /* Super-Speed Support */ @@ -939,8 +939,8 @@ static int hidg_setup(struct usb_function *f, struct hid_descriptor hidg_desc_copy = hidg_desc; VDBG(cdev, "USB_REQ_GET_DESCRIPTOR: HID\n"); - hidg_desc_copy.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc_copy.desc[0].wDescriptorLength = + hidg_desc_copy.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc_copy.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); length = min_t(unsigned short, length, @@ -1210,8 +1210,8 @@ static int hidg_bind(struct usb_configuration *c, struct usb_function *f) * We can use hidg_desc struct here but we should not relay * that its content won't change after returning from this function. */ - hidg_desc.desc[0].bDescriptorType = HID_DT_REPORT; - hidg_desc.desc[0].wDescriptorLength = + hidg_desc.rpt_desc.bDescriptorType = HID_DT_REPORT; + hidg_desc.rpt_desc.wDescriptorLength = cpu_to_le16(hidg->report_desc_length); hidg_hs_in_ep_desc.bEndpointAddress = diff --git a/include/linux/hid.h b/include/linux/hid.h index ef9a90ca0fbd..daae1d6d11a7 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h @@ -740,8 +740,9 @@ struct hid_descriptor { __le16 bcdHID; __u8 bCountryCode; __u8 bNumDescriptors; + struct hid_class_descriptor rpt_desc; - struct hid_class_descriptor desc[1]; + struct hid_class_descriptor opt_descs[]; } __attribute__ ((packed)); #define HID_DEVICE(b, g, ven, prod) \

1 week, 4 days

3
2
0 0

[PATCH 5.4~6.12] Input: sparcspkr - avoid unannotated fall-through

by WangYuli

[ Upstream commit 8b1d858cbd4e1800e9336404ba7892b5a721230d ] Fix follow warnings with clang-21i (and reformat for clarity): drivers/input/misc/sparcspkr.c:78:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] 78 | case SND_TONE: break; | ^ drivers/input/misc/sparcspkr.c:78:3: note: insert 'break;' to avoid fall-through 78 | case SND_TONE: break; | ^ | break; drivers/input/misc/sparcspkr.c:113:3: warning: unannotated fall-through between switch labels [-Wimplicit-fallthrough] 113 | case SND_TONE: break; | ^ drivers/input/misc/sparcspkr.c:113:3: note: insert 'break;' to avoid fall-through 113 | case SND_TONE: break; | ^ | break; 2 warnings generated. Signed-off-by: WangYuli <wangyuli(a)uniontech.com> Link: https://lore.kernel.org/r/6730E40353C76908+20250415052439.155051-1-wangyuli… Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> --- drivers/input/misc/sparcspkr.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/drivers/input/misc/sparcspkr.c b/drivers/input/misc/sparcspkr.c index 20020cbc0752..a94699f2bbc6 100644 --- a/drivers/input/misc/sparcspkr.c +++ b/drivers/input/misc/sparcspkr.c @@ -75,9 +75,14 @@ static int bbc_spkr_event(struct input_dev *dev, unsigned int type, unsigned int return -1; switch (code) { - case SND_BELL: if (value) value = 1000; - case SND_TONE: break; - default: return -1; + case SND_BELL: + if (value) + value = 1000; + break; + case SND_TONE: + break; + default: + return -1; } if (value > 20 && value < 32767) @@ -113,9 +118,14 @@ static int grover_spkr_event(struct input_dev *dev, unsigned int type, unsigned return -1; switch (code) { - case SND_BELL: if (value) value = 1000; - case SND_TONE: break; - default: return -1; + case SND_BELL: + if (value) + value = 1000; + break; + case SND_TONE: + break; + default: + return -1; } if (value > 20 && value < 32767) -- 2.50.0

1 week, 4 days

2
1
0 0

FAILED: patch "[PATCH] mm/huge_memory: fix dereferencing invalid pmd migration entry" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025051203-thrift-spool-ebc8@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 Mon Sep 17 00:00:00 2001 From: Gavin Guo <gavinguo(a)igalia.com> Date: Mon, 21 Apr 2025 19:35:36 +0800 Subject: [PATCH] mm/huge_memory: fix dereferencing invalid pmd migration entry When migrating a THP, concurrent access to the PMD migration entry during a deferred split scan can lead to an invalid address access, as illustrated below. To prevent this invalid access, it is necessary to check the PMD migration entry and return early. In this context, there is no need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify the equality of the target folio. Since the PMD migration entry is locked, it cannot be served as the target. Mailing list discussion and explanation from Hugh Dickins: "An anon_vma lookup points to a location which may contain the folio of interest, but might instead contain another folio: and weeding out those other folios is precisely what the "folio != pmd_folio((*pmd)" check (and the "risk of replacing the wrong folio" comment a few lines above it) is for." BUG: unable to handle page fault for address: ffffea60001db008 CPU: 0 UID: 0 PID: 2199114 Comm: tee Not tainted 6.14.0+ #4 NONE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:split_huge_pmd_locked+0x3b5/0x2b60 Call Trace: <TASK> try_to_migrate_one+0x28c/0x3730 rmap_walk_anon+0x4f6/0x770 unmap_folio+0x196/0x1f0 split_huge_page_to_list_to_order+0x9f6/0x1560 deferred_split_scan+0xac5/0x12a0 shrinker_debugfs_scan_write+0x376/0x470 full_proxy_write+0x15c/0x220 vfs_write+0x2fc/0xcb0 ksys_write+0x146/0x250 do_syscall_64+0x6a/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e The bug is found by syzkaller on an internal kernel, then confirmed on upstream. Link: https://lkml.kernel.org/r/20250421113536.3682201-1-gavinguo@igalia.com Link: https://lore.kernel.org/all/20250414072737.1698513-1-gavinguo@igalia.com/ Link: https://lore.kernel.org/all/20250418085802.2973519-1-gavinguo@igalia.com/ Fixes: 84c3fc4e9c56 ("mm: thp: check pmd migration entry in common path") Signed-off-by: Gavin Guo <gavinguo(a)igalia.com> Acked-by: David Hildenbrand <david(a)redhat.com> Acked-by: Hugh Dickins <hughd(a)google.com> Acked-by: Zi Yan <ziy(a)nvidia.com> Reviewed-by: Gavin Shan <gshan(a)redhat.com> Cc: Florent Revest <revest(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Miaohe Lin <linmiaohe(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/mm/huge_memory.c b/mm/huge_memory.c index 2a47682d1ab7..47d76d03ce30 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3075,6 +3075,8 @@ static void __split_huge_pmd_locked(struct vm_area_struct *vma, pmd_t *pmd, void split_huge_pmd_locked(struct vm_area_struct *vma, unsigned long address, pmd_t *pmd, bool freeze, struct folio *folio) { + bool pmd_migration = is_pmd_migration_entry(*pmd); + VM_WARN_ON_ONCE(folio && !folio_test_pmd_mappable(folio)); VM_WARN_ON_ONCE(!IS_ALIGNED(address, HPAGE_PMD_SIZE)); VM_WARN_ON_ONCE(folio && !folio_test_locked(folio)); @@ -3085,9 +3087,12 @@ void split_huge_pmd_locked(struct vm_area_struct *vma, unsigned long address, * require a folio to check the PMD against. Otherwise, there * is a risk of replacing the wrong folio. */ - if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || - is_pmd_migration_entry(*pmd)) { - if (folio && folio != pmd_folio(*pmd)) + if (pmd_trans_huge(*pmd) || pmd_devmap(*pmd) || pmd_migration) { + /* + * Do not apply pmd_folio() to a migration entry; and folio lock + * guarantees that it must be of the wrong folio anyway. + */ + if (folio && (pmd_migration || folio != pmd_folio(*pmd))) return; __split_huge_pmd_locked(vma, pmd, address, freeze); }

1 week, 4 days

4
4
0 0

[PATCH 6.6 000/356] 6.6.94-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.94 release. There are 356 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 19 Jun 2025 15:22:33 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.94-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.94-rc1 I Hsin Cheng <richard120310(a)gmail.com> drm/meson: Use 1000ULL when operating with mode->clock Oliver Neukum <oneukum(a)suse.com> net: usb: aqc111: debug info before sanitation Nícolas F. R. A. Prado <nfraprado(a)collabora.com> regulator: dt-bindings: mt6357: Drop fixed compatible requirement Eric Dumazet <edumazet(a)google.com> calipso: unlock rcu before returning -EAFNOSUPPORT Thomas Gleixner <tglx(a)linutronix.de> x86/iopl: Cure TIF_IO_BITMAP inconsistencies Stefano Stabellini <stefano.stabellini(a)amd.com> xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Amit Sunil Dhamne <amitsd(a)google.com> usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Mathias Nyman <mathias.nyman(a)linux.intel.com> usb: Flush altsetting 0 endpoints before reinitializating them after reset. Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with detecting USB 3.2 speed Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix issue with detecting command completion event Wupeng Ma <mawupeng1(a)huawei.com> VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix read_stb function and get_stb ioctl Nathan Chancellor <nathan(a)kernel.org> kbuild: Disable -Wdefault-const-init-unsafe Oleg Nesterov <oleg(a)redhat.com> posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Revert "io_uring: ensure deferred completions are posted for multishot" Jens Axboe <axboe(a)kernel.dk> io_uring/rw: fix wrong NOWAIT check in io_rw_init_file() Jens Axboe <axboe(a)kernel.dk> io_uring/rw: allow pollable non-blocking attempts for !FMODE_NOWAIT Jens Axboe <axboe(a)kernel.dk> io_uring: add io_file_can_poll() helper Terry Junge <linuxhid(a)cosmicgizmosystems.com> HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() David Heimann <d(a)dmeh.net> ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 Suleiman Souhlal <suleiman(a)google.com> tools/resolve_btfids: Fix build when cross compiling kernel with clang. Matthew Wilcox (Oracle) <willy(a)infradead.org> block: Fix bvec_set_folio() for very large folios Matthew Wilcox (Oracle) <willy(a)infradead.org> bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP Peter Zijlstra <peterz(a)infradead.org> perf: Ensure bpf_perf_link path is properly serialized Daniel Wagner <wagi(a)kernel.org> nvmet-fcloop: access fcpreq only when holding reqlock Zijun Hu <quic_zijuhu(a)quicinc.com> fs/filesystems: Fix potential unsigned integer underflow in fs_name() Eric Dumazet <edumazet(a)google.com> net_sched: ets: fix a race in ets_qdisc_change() Eric Dumazet <edumazet(a)google.com> net_sched: tbf: fix a race in tbf_change() Eric Dumazet <edumazet(a)google.com> net_sched: red: fix a race in __red_change() Eric Dumazet <edumazet(a)google.com> net_sched: prio: fix a race in prio_tune() Jianbo Liu <jianbol(a)nvidia.com> net/mlx5e: Fix leak of Geneve TLV option object Patrisious Haddad <phaddad(a)nvidia.com> net/mlx5: Fix return value when searching for existing flow group Amir Tzin <amirtz(a)nvidia.com> net/mlx5: Fix ECVF vports unload on shutdown flow Moshe Shemesh <moshe(a)nvidia.com> net/mlx5: Ensure fw pages are always allocated on same NUMA Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix sparse errors Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: Fix NULL pointer deference on eir_get_service_data Jakub Raczynski <j.raczynski(a)samsung.com> net/mdiobus: Fix potential out-of-bounds clause 45 read/write access Jakub Raczynski <j.raczynski(a)samsung.com> net/mdiobus: Fix potential out-of-bounds read/write access Carlos Fernandez <carlos.fernandez(a)technica-engineering.de> macsec: MACsec SCI assignment for ES = 0 Michal Luczaj <mhal(a)rbox.co> net: Fix TOCTOU issue in sk_is_readable() Yunhui Cui <cuiyunhui(a)bytedance.com> ACPI: CPPC: Fix NULL pointer dereference when nosmp is used Robert Malz <robert.malz(a)canonical.com> i40e: retry VFLR handling if there is ongoing VF reset Robert Malz <robert.malz(a)canonical.com> i40e: return false from i40e_reset_vf if reset is in progress Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: fix more rounding issues with 59.94Hz modes Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: use vclk_freq instead of pixel_freq in debug print Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: fix debug log statement when setting the HDMI clocks Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: use unsigned long long / Hz for frequency types Haren Myneni <haren(a)linux.ibm.com> powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap Eric Dumazet <edumazet(a)google.com> net_sched: sch_sfq: fix a potential crash on gso_skb handling Alok Tiwari <alok.a.tiwari(a)oracle.com> scsi: iscsi: Fix incorrect error path labels for flashnode operations Wojciech Slenska <wojciech.slenska(a)gmail.com> pinctrl: qcom: pinctrl-qcm2290: Add missing pins Dan Carpenter <dan.carpenter(a)linaro.org> regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() Rodrigo Gobbi <rodrigo.gobbi.7(a)gmail.com> wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: don't wait when there is no vdev started Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() Easwar Hariharan <eahariha(a)linux.microsoft.com> wifi: ath11k: convert timeouts to secs_to_jiffies() Jeff Johnson <quic_jjohnson(a)quicinc.com> wifi: ath11k: fix soc_dp_stats debugfs file permission Caleb Connolly <caleb.connolly(a)linaro.org> ath10k: snoc: fix unbalanced IRQ enable in crash recovery Jeongjun Park <aha310510(a)gmail.com> ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Protect mgmt_pending list with its own lock Dr. David Alan Gilbert <linux(a)treblig.org> Bluetooth: MGMT: Remove unused mgmt_pending_find_data Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete Pauli Virtanen <pav(a)iki.fi> Bluetooth: hci_core: fix list_for_each_entry_rcu usage Sanjeev Yadav <sanjeev.y(a)mediatek.com> scsi: core: ufs: Fix a hang in the error handler Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Clean sci_ports[0] after at earlycon exit Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Move runtime PM enable to sci_probe_single() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> serial: sh-sci: Check if TX data was written to device in .tx_empty() Yemike Abhilash Chandra <y-abhilashchandra(a)ti.com> arm64: dts: ti: k3-j721e-sk: Add DT nodes for power regulators Beleswar Padhi <b-padhi(a)ti.com> arm64: dts: ti: k3-j721e-sk: Add support for multiple CAN instances Vaishnav Achath <vaishnav.a(a)ti.com> arm64: dts: ti: k3-j721e-sk: Model CSI2RX connector mux Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 Judith Mendez <jm(a)ti.com> arm64: dts: ti: k3-am65-main: Fix sdhci node properties Andrey Konovalov <andreyknvl(a)gmail.com> kasan: use unchecked __memset internally Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: synaptics-rmi - fix crash with unsupported versions of F34 Dan Carpenter <dan.carpenter(a)linaro.org> pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() Jakob Unterwurzacher <jakobunt(a)gmail.com> net: dsa: microchip: linearize skb for tail-tagging switches Pieter Van Trappen <pieter.van.trappen(a)cern.ch> net: dsa: microchip: update tag_ksz masks for KSZ9477 family Al Viro <viro(a)zeniv.linux.org.uk> do_change_type(): refuse to operate on unmounted/not ours mounts Al Viro <viro(a)zeniv.linux.org.uk> fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) Al Viro <viro(a)zeniv.linux.org.uk> path_overmount(): avoid false negatives Yuuki NAGAO <wf.yn386(a)gmail.com> ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Verify content returned by parse_int_array() Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX Cezary Rojewski <cezary.rojewski(a)intel.com> ASoC: codecs: hda: Fix RPM usage count underflow Nitin Rawat <quic_nitirawa(a)quicinc.com> scsi: ufs: qcom: Prevent calling phy_exit() before phy_init() Ido Schimmel <idosch(a)nvidia.com> seg6: Fix validation of nexthop addresses Mirco Barone <mirco.barone(a)polito.it> wireguard: device: enable threaded NAPI Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: allow RGMII for bcm63xx RGMII ports Jonas Gorski <jonas.gorski(a)gmail.com> net: dsa: b53: do not enable RGMII delay on bcm63xx Florian Westphal <fw(a)strlen.de> netfilter: nf_nat: also check reverse tuple to obtain clashing entry Florian Westphal <fw(a)strlen.de> netfilter: nf_set_pipapo_avx2: fix initial map fill Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Ronak Doshi <ronak.doshi(a)broadcom.com> vmxnet3: correctly report gso type for UDP tunnels Jinjian Song <jinjian.song(a)fibocom.com> net: wwan: t7xx: Fix napi rx poll issue Shiming Cheng <shiming.cheng(a)mediatek.com> net: fix udp gso skb_segment after pull from frag_list Paul Chaignon <paul.chaignon(a)gmail.com> net: Fix checksum update for ILA adj-transport Alexis Lothoré <alexis.lothore(a)bootlin.com> net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping Álvaro Fernández Rojas <noltari(a)gmail.com> net: dsa: tag_brcm: legacy: fix pskb_may_pull length Michal Kubiak <michal.kubiak(a)intel.com> ice: fix rebuilding the Tx scheduler tree for large queue counts Michal Kubiak <michal.kubiak(a)intel.com> ice: create new Tx scheduler nodes for new queues only Michal Kubiak <michal.kubiak(a)intel.com> ice: fix Tx scheduler error handling in XDP callback Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Álvaro Fernández Rojas <noltari(a)gmail.com> spi: bcm63xx-hsspi: fix shared reset Álvaro Fernández Rojas <noltari(a)gmail.com> spi: bcm63xx-spi: fix shared reset Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Make sure to insert the vlan tags also in host mode Dan Carpenter <dan.carpenter(a)linaro.org> net/mlx4_en: Prevent potential integer overflow calculating Hz Yanqing Wang <ot_yanqing.wang(a)mediatek.com> driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Charalampos Mitrodimas <charmitro(a)posteo.net> net: tipc: fix refcount warning in tipc_aead_encrypt Alok Tiwari <alok.a.tiwari(a)oracle.com> gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt Quentin Schulz <quentin.schulz(a)cherry.de> net: stmmac: platform: guarantee uniqueness of bus_id Nicolas Pitre <npitre(a)baylibre.com> vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Yeoreum Yun <yeoreum.yun(a)arm.com> coresight: prevent deactivate active config while enabling the config Qasim Ijaz <qasdev00(a)gmail.com> fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() Alexander Sverdlin <alexander.sverdlin(a)siemens.com> counter: interrupt-cnt: Protect enable/disable OPs with mutex WangYuli <wangyuli(a)uniontech.com> MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> iio: adc: ad7124: Fix 3dB filter frequency reading Brian Pellegrino <bpellegrino(a)arka.org> iio: filter: admv8818: Support frequencies >= 2^32 Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: fix range calculation Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: fix integer overflow Sam Winchenbach <swinchenbach(a)arka.org> iio: filter: admv8818: fix band 4, state 15 Mario Limonciello <mario.limonciello(a)amd.com> thunderbolt: Fix a logic error in wake on connect Henry Martin <bsdhenrymartin(a)gmail.com> serial: Fix potential null-ptr-deref in mlb_usio_probe() Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> usb: renesas_usbhs: Reorder clock handling and power management in probe Liu Dalin <liudalin(a)kylinsec.com.cn> rtc: loongson: Add missing alarm notifications for ACPI RTC events Bjorn Helgaas <bhelgaas(a)google.com> PCI/DPC: Initialize aer_err_info before using it Henry Martin <bsdhenrymartin(a)gmail.com> dmaengine: ti: Add NULL check in udma_probe() Chenyuan Yang <chenyuan0y(a)gmail.com> phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug Mario Limonciello <mario.limonciello(a)amd.com> PCI: Explicitly put devices into D0 when initializing Hector Martin <marcan(a)marcan.st> PCI: apple: Use gpiod_set_value_cansleep in probe flow Hans Zhang <18255117159(a)163.com> PCI: cadence: Fix runtime atomic count underflow Wilfred Mallawa <wilfred.mallawa(a)wdc.com> PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() Wolfram Sang <wsa+renesas(a)sang-engineering.com> rtc: sh: assign correct interrupts with DT Pali Rohár <pali(a)kernel.org> cifs: Fix validation of SMB1 query reparse point response Li Lingfeng <lilingfeng3(a)huawei.com> nfs: ignore SB_RDONLY when remounting nfs Li Lingfeng <lilingfeng3(a)huawei.com> nfs: clear SB_RDONLY before getting superblock Anubhav Shelat <ashelat(a)redhat.com> perf trace: Always print return value for syscalls returning a pid Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf record: Fix incorrect --user-regs comments Leo Yan <leo.yan(a)arm.com> perf tests switch-tracking: Fix timestamp comparison Alexey Gladkov <legion(a)kernel.org> mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() Dan Carpenter <dan.carpenter(a)linaro.org> rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() Siddharth Vadapalli <s-vadapalli(a)ti.com> remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick} Dan Carpenter <dan.carpenter(a)linaro.org> remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe Adrian Hunter <adrian.hunter(a)intel.com> perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix PEBS-via-PT data_src Namhyung Kim <namhyung(a)kernel.org> perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids() Benjamin Marzinski <bmarzins(a)redhat.com> dm-flakey: make corrupting read bios work Benjamin Marzinski <bmarzins(a)redhat.com> dm-flakey: error all IOs when num_features is absent Alexei Safin <a.safin(a)rosa.ru> hwmon: (asus-ec-sensors) check sensor index in read_string() Mikhail Arkhipov <m.arhipov(a)rosa.ru> mtd: nand: ecc-mxic: Fix use of uninitialized variable ret Henry Martin <bsdhenrymartin(a)gmail.com> backlight: pm8941: Add NULL check in wled_configure() Benjamin Marzinski <bmarzins(a)redhat.com> dm: free table mempools if not used in __bind Benjamin Marzinski <bmarzins(a)redhat.com> dm: don't change md if dm_table_set_restrictions() fails Arnaldo Carvalho de Melo <acme(a)redhat.com> perf ui browser hists: Set actions->thread before calling do_zoom_thread() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf build: Warn when libdebuginfod devel files are not available Kees Cook <kees(a)kernel.org> randstruct: gcc-plugin: Fix attribute addition Kees Cook <kees(a)kernel.org> randstruct: gcc-plugin: Remove bogus void member Sergey Shtylyov <s.shtylyov(a)omp.ru> fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Henry Martin <bsdhenrymartin(a)gmail.com> soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() Su Hui <suhui(a)nfschina.com> soc: aspeed: lpc: Fix impossible judgment condition Joel Stanley <joel(a)jms.id.au> ARM: aspeed: Don't select SRAM Julien Massot <julien.massot(a)collabora.com> arm64: dts: mt6359: Rename RTC node to match binding expectations Thuan Nguyen <thuan.nguyen-hong(a)banvien.com.vn> arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups Quentin Schulz <quentin.schulz(a)cherry.de> arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou Vignesh Raman <vignesh.raman(a)collabora.com> arm64: defconfig: mediatek: enable PHY drivers Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device Dmitry Baryshkov <dmitry.baryshkov(a)oss.qualcomm.com> ARM: dts: qcom: apq8064: add missing clocks to the timer node Andre Przywara <andre.przywara(a)arm.com> dt-bindings: vendor-prefixes: Add Liontron name Ioana Ciornei <ioana.ciornei(a)nxp.com> bus: fsl-mc: fix double-free on mc_dev Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Wentao Liang <vulab(a)iscas.ac.cn> nilfs2: add pointer check for nilfs_direct_propagate() Murad Masimov <m.masimov(a)mt-integration.ru> ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery Phillip Lougher <phillip(a)squashfs.org.uk> Squashfs: check return result of sb_min_blocksize Prasanth Babu Mantena <p-mantena(a)ti.com> arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E Aaron Kling <webgeek1234(a)gmail.com> arm64: tegra: Drop remaining serial clock-names and reset-names Peter Robinson <pbrobinson(a)gmail.com> arm64: dts: rockchip: Update eMMC for NanoPi R5 series Alexey Minnekhanov <alexeymin(a)postmarketos.org> arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning Alexey Minnekhanov <alexeymin(a)postmarketos.org> arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply Julien Massot <julien.massot(a)collabora.com> arm64: dts: mt6359: Add missing 'compatible' property to regulators node Nícolas F. R. A. Prado <nfraprado(a)collabora.com> arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mp-beacon: Fix RTC capacitive load Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mn-beacon: Fix RTC capacitive load Adam Ford <aford173(a)gmail.com> arm64: dts: imx8mm-beacon: Fix RTC capacitive load Alexey Minnekhanov <alexeymin(a)postmarketos.org> arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: at91: at91sam9263: fix NAND chip selects Wolfram Sang <wsa+renesas(a)sang-engineering.com> ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select Stephan Gerhold <stephan.gerhold(a)linaro.org> arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies Xilin Wu <wuxilin123(a)gmail.com> arm64: dts: qcom: sm8250: Fix CPU7 opp table Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm8350: Reenable crypto & cryptobam Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: refactor node order Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake Dzmitry Sankouski <dsankouski(a)gmail.com> arm64: dts: qcom: sdm845-starqltechn: remove wifi Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: fix to correct check conditions in f2fs_cross_rename Zhiguo Niu <zhiguo.niu(a)unisoc.com> f2fs: use d_inode(dentry) cleanup dentry->d_inode Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames Faicker Mo <faicker.mo(a)zenlayer.com> net: openvswitch: Fix the dead loop of MPLS parse Kuniyuki Iwashima <kuniyu(a)amazon.com> calipso: Don't call calipso functions for AF_INET sk. Hariprasad Kelam <hkelam(a)marvell.com> octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback Horatiu Vultur <horatiu.vultur(a)microchip.com> net: phy: mscc: Fix memory leak when using one step timestamping Thangaraj Samynathan <thangaraj.s(a)microchip.com> net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> net: phy: fix up const issues in to_mdio_device() and to_phy_device() Wei Fang <wei.fang(a)nxp.com> net: phy: clear phydev->devlink when the link is deleted KaFai Wan <mannkafai(a)gmail.com> bpf: Avoid __bpf_prog_ret0_warn when jit fails Horatiu Vultur <horatiu.vultur(a)microchip.com> net: lan966x: Fix 1-step timestamping over ipv4 or ipv6 Jack Morgenstein <jackm(a)nvidia.com> RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> net: usb: aqc111: fix error handling of usbnet read calls Radim Krčmář <rkrcmar(a)ventanamicro.com> RISC-V: KVM: lock the correct mp_state during reset Fernando Fernandez Mancera <fmancera(a)suse.de> netfilter: nft_tunnel: fix geneve_opt dump Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: Avoid using sk_socket after free when sending Dmitry Antipov <dmantipov(a)yandex.ru> Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() Li RongQing <lirongqing(a)baidu.com> vfio/type1: Fix error unwind in migration dirty bitmap allocation Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy Shayne Chen <shayne.chen(a)mediatek.com> wifi: mt76: mt7996: fix RX buffer size of MCU event Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: set EHT max ampdu length capability Henry Martin <bsdhenrymartin(a)gmail.com> wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() Michal Koutný <mkoutny(a)suse.com> kernfs: Relax constraint in draining guard ping.gao <ping.gao(a)samsung.com> scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() Toke Høiland-Jørgensen <toke(a)toke.dk> wifi: ath9k_htc: Abort software beacon handling if disabled Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: bugfix live migration function without VF device driver Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: add eq and aeq interruption restore Longfang Liu <liulongfang(a)huawei.com> hisi_acc_vfio_pci: fix XQE dma address error Rajat Soni <quic_rajson(a)quicinc.com> wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Rolf Eike Beer <eb(a)emlix.com> iommu: remove duplicate selection of DMAR_TABLE Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Ilya Leoshkevich <iii(a)linux.ibm.com> s390/bpf: Store backchain even for leaf progs Vincent Knecht <vincent.knecht(a)mailoo.org> clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Tao Chen <chen.dylane(a)linux.dev> bpf: Fix WARN() in get_bpf_raw_tp_regs Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> pinctrl: at91: Fix possible out-of-boundary access Anton Protopopov <a.s.protopopov(a)gmail.com> libbpf: Use proper errno value in nlattr Jiayuan Chen <jiayuan.chen(a)linux.dev> ktls, sockmap: Fix missing uncharge operation Miaoqian Lin <linmq006(a)gmail.com> tracing: Fix error handling in event_trigger_parse() Steven Rostedt <rostedt(a)goodmis.org> tracing: Rename event_trigger_alloc() to trigger_data_alloc() Hans Zhang <18255117159(a)163.com> efi/libstub: Describe missing 'out' parameter in efi_load_initrd Henry Martin <bsdhenrymartin(a)gmail.com> clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs Luca Weiss <luca.weiss(a)fairphone.com> clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs Steven Rostedt <rostedt(a)goodmis.org> tracing: Move histogram trigger variables from stack to per CPU structure Anton Protopopov <a.s.protopopov(a)gmail.com> bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ Patrisious Haddad <phaddad(a)nvidia.com> RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction Zhongqiu Duan <dzq.aishenghu0(a)gmail.com> netfilter: nft_quota: match correctly when the quota just depleted Huajian Yang <huajianyang(a)asrmicro.com> netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Lorenzo Bianconi <lorenzo(a)kernel.org> bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps Anton Protopopov <a.s.protopopov(a)gmail.com> libbpf: Use proper errno value in linker Chao Yu <chao(a)kernel.org> f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() Chao Yu <chao(a)kernel.org> f2fs: clean up w/ fscrypt_is_bounce_page() Hangbin Liu <liuhangbin(a)gmail.com> bonding: assign random address if device address is same as bond Jason Gunthorpe <jgg(a)ziepe.ca> iommu: Protect against overflow in iommu_pgsize() Jonathan Wiepert <jonathan.wiepert(a)gmail.com> Use thread-safe function pointer in libbpf_print Tao Chen <chen.dylane(a)linux.dev> libbpf: Remove sample_period init in perf_buffer Yihang Li <liyihang9(a)huawei.com> scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h Maharaja Kennadyrajan <maharaja.kennadyrajan(a)oss.qualcomm.com> wifi: ath12k: fix node corruption in ar->arvifs list P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: Add MSDU length validation for TKIP MIC error Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtw88: do not ignore hardware read error during DPK Zhen XIN <zhen.xin(a)nokia-sbell.com> wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally Zhen XIN <zhen.xin(a)nokia-sbell.com> wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT Cosmin Ratiu <cratiu(a)nvidia.com> xfrm: Use xdo.dev instead of xdo.real_dev Viktor Malik <vmalik(a)redhat.com> libbpf: Fix buffer overflow in bpf_object__init_prog Hari Kalavakunta <kalavakunta.hari.prasad(a)gmail.com> net: ncsi: Fix GCPS 64-bit member variables Chao Yu <chao(a)kernel.org> f2fs: fix to do sanity check on sbi->total_valid_block_count Ramya Gnanasekar <ramya.gnanasekar(a)oss.qualcomm.com> wifi: ath12k: Fix WMI tag for EHT rate in peer assoc Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: Fix panic when calling skb_linearize Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf, sockmap: fix duplicated data transmission Jiayuan Chen <jiayuan.chen(a)linux.dev> bpf: fix ktls panic with sockmap Saket Kumar Bhaskar <skb99(a)linux.ibm.com> selftests/bpf: Fix bpf_nf selftest failure Jacob Moroni <jmoroni(a)google.com> IB/cm: use rwlock for MAD agent lock Stone Zhang <quic_stonez(a)quicinc.com> wifi: ath11k: fix node corruption in ar->arvifs list Roger Pau Monne <roger.pau(a)citrix.com> xen/x86: fix initial memory balloon target AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: Fix kobject put for component sub-drivers AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr Anand Moon <linux.amoon(a)gmail.com> perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() Kees Cook <kees(a)kernel.org> scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Do not discard modified SVE state Huang Yiwei <quic_hyiwei(a)quicinc.com> firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES Biju Das <biju.das.jz(a)bp.renesas.com> drm/tegra: rgb: Fix the unbound reference count Kees Cook <kees(a)kernel.org> drm/vkms: Adjust vkms_state->active_planes allocation type Biju Das <biju.das.jz(a)bp.renesas.com> drm: rcar-du: Fix memory leak in rcar_du_vsps_init() Neill Kapron <nkapron(a)google.com> selftests/seccomp: fix syscall_restart test for arm compat Kornel Dulęba <korneld(a)google.com> arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX Miaoqian Lin <linmq006(a)gmail.com> firmware: psci: Fix refcount leak in psci_dt_init Finn Thain <fthain(a)linux-m68k.org> m68k: mac: Fix macintosh_config for Mac II Kees Cook <kees(a)kernel.org> watchdog: exar: Shorten identity name to fit correctly Andrey Vatoropin <a.vatoropin(a)crpt.ru> fs/ntfs3: handle hdr_first_de() return value Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Fix merging of FPSIMD state during signal return Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Discard stale CPU state when handling SME traps Mark Rutland <mark.rutland(a)arm.com> arm64/fpsimd: Avoid RES0 bits in the SME trap handler Jonas Karlman <jonas(a)kwiboo.se> media: rkvdec: Fix frame size enumeration Charles Han <hanchunchao(a)inspur.com> drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table Maxime Ripard <mripard(a)kernel.org> drm/vc4: tests: Use return instead of assert Ian Forbes <ian.forbes(a)broadcom.com> drm/vmwgfx: Add seqno waiter for sync_files Martin Povišer <povik+lin(a)cutebit.org> ASoC: apple: mca: Constrain channels according to TDM mask Geert Uytterhoeven <geert+renesas(a)glider.be> spi: sh-msiof: Fix maximum DMA transfer size Armin Wolf <W_Armin(a)gmx.de> ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: sleep: Print PM debug messages during hibernation Jiaqing Zhao <jiaqing.zhao(a)linux.intel.com> x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Zijun Hu <quic_zijuhu(a)quicinc.com> PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() Kees Cook <kees(a)kernel.org> ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type Alexander Shiyan <eagle.alexander923(a)gmail.com> power: reset: at91-reset: Optimize at91_reset() Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: modify chip select (CS) deactivation Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: remove redundant error handling code Vishwaroop A <va(a)nvidia.com> spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: fix integer overflow in i{64,}toa_r() and Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0 Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/skx_common: Fix general protection fault Hector Martin <marcan(a)marcan.st> ASoC: tas2764: Enable main IRQs Jemmy Wong <jemmywong512(a)gmail.com> tools/nolibc/types.h: fix mismatched parenthesis in minor() Daniil Tatianin <d-tatianin(a)yandex-team.ru> ACPICA: exserial: don't forget to handle FFixedHW opregions for reading Tzung-Bi Shih <tzungbi(a)kernel.org> kunit: Fix wrong parameter to kunit_deactivate_static_stub() Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce - move fallback ahash_request to the end of the struct Herbert Xu <herbert(a)gondor.apana.org.au> crypto: xts - Only add ecb if it is not already there Herbert Xu <herbert(a)gondor.apana.org.au> crypto: lrw - Only add ecb if it is not already there Yongliang Gao <leonylgao(a)tencent.com> rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture Qu Wenruo <wqu(a)suse.com> btrfs: scrub: fix a wrong error type when metadata bytenr mismatches Qu Wenruo <wqu(a)suse.com> btrfs: scrub: update device stats when an error is detected Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Avoid empty transfer descriptor Herbert Xu <herbert(a)gondor.apana.org.au> crypto: marvell/cesa - Handle zero-length skcipher requests Ahmed S. Darwish <darwi(a)linutronix.de> x86/cpu: Sanitize CPUID(0x80000000) output Annie Li <jiayanli(a)google.com> x86/microcode/AMD: Do not return error when microcode update is not necessary Eddie James <eajames(a)linux.ibm.com> powerpc/crash: Fix non-smp kexec preparation Jiri Slaby (SUSE) <jirislaby(a)kernel.org> powerpc: do not build ppc_save_regs.o always Corentin Labbe <clabbe.montjoie(a)gmail.com> crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() Qing Wang <wangqing7171(a)gmail.com> perf/core: Fix broken throttling when max_samples_per_tick=1 Andreas Gruenbacher <agruenba(a)redhat.com> gfs2: gfs2_create_inode error handling fix Ovidiu Panait <ovidiu.panait.oss(a)gmail.com> crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run() Andrew Cooper <andrew.cooper3(a)citrix.com> x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() Ahmed S. Darwish <darwi(a)linutronix.de> tools/x86/kcpuid: Fix error handling Aurabindo Pillai <aurabindo.pillai(a)amd.com> Revert "drm/amd/display: more liberal vmin/vmax update for freesync" Xu Yang <xu.yang_2(a)nxp.com> dt-bindings: phy: imx8mq-usb: fix fsl,phy-tx-vboost-level-microvolt property Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> dt-bindings: usb: cypress,hx3: Add support for all variants Sergey Senozhatsky <senozhatsky(a)chromium.org> thunderbolt: Do not double dequeue a configuration request Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix timeout value in get_stb Dustin Lundquist <dustin(a)null-ptr.net> serial: jsm: fix NPE during jsm_uart_port_init Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Bluetooth: hci_qca: move the SoC type check to the right place Qasim Ijaz <qasdev00(a)gmail.com> usb: typec: ucsi: fix Clang -Wsign-conversion warning Charles Yeh <charlesyeh522(a)gmail.com> USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB Hongyu Xie <xiehongyu1(a)kylinos.cn> usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Jiayi Li <lijiayi(a)kylinos.cn> usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Alexandre Mergnat <amergnat(a)baylibre.com> rtc: Fix offset calculation for .start_secs < 0 Alexandre Mergnat <amergnat(a)baylibre.com> rtc: Make rtc_time64_to_tm() support dates before 1970 Gautham R. Shenoy <gautham.shenoy(a)amd.com> acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: set GPIO output value before setting direction Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 Pan Taixi <pantaixi(a)huaweicloud.com> tracing: Fix compilation warning on arm32 ------------- Diffstat: .../bindings/phy/fsl,imx8mq-usb-phy.yaml | 3 +- .../regulator/mediatek,mt6357-regulator.yaml | 12 +- .../devicetree/bindings/usb/cypress,hx3.yaml | 19 +- .../devicetree/bindings/vendor-prefixes.yaml | 2 + Makefile | 4 +- arch/arm/boot/dts/microchip/at91sam9263ek.dts | 2 +- arch/arm/boot/dts/microchip/tny_a9263.dts | 2 +- arch/arm/boot/dts/microchip/usb_a9263.dts | 4 +- arch/arm/boot/dts/qcom/qcom-apq8064.dtsi | 15 +- arch/arm/mach-aspeed/Kconfig | 1 - arch/arm64/Kconfig | 6 +- .../arm64/boot/dts/freescale/imx8mm-beacon-kit.dts | 1 + .../boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 + .../arm64/boot/dts/freescale/imx8mn-beacon-kit.dts | 1 + .../boot/dts/freescale/imx8mn-beacon-som.dtsi | 1 + .../boot/dts/freescale/imx8mp-beacon-som.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt6357.dtsi | 10 - arch/arm64/boot/dts/mediatek/mt6359.dtsi | 4 +- arch/arm64/boot/dts/mediatek/mt8195.dtsi | 50 ++--- arch/arm64/boot/dts/nvidia/tegra186.dtsi | 12 -- arch/arm64/boot/dts/nvidia/tegra194.dtsi | 12 -- .../dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 3 - .../arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 + .../arm64/boot/dts/qcom/sdm660-xiaomi-lavender.dts | 3 + .../boot/dts/qcom/sdm845-samsung-starqltechn.dts | 16 +- arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 +- arch/arm64/boot/dts/qcom/sm8350.dtsi | 6 +- .../r8a779g0-white-hawk-ard-audio-da7212.dtso | 2 +- .../arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 - .../arm64/boot/dts/rockchip/rk3568-nanopi-r5s.dtsi | 5 +- arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 19 +- .../boot/dts/ti/k3-j721e-common-proc-board.dts | 1 + arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 166 ++++++++++++++- arch/arm64/configs/defconfig | 3 + arch/arm64/include/asm/esr.h | 12 +- arch/arm64/include/asm/fpsimd.h | 3 + arch/arm64/kernel/entry-common.c | 46 ++++- arch/arm64/kernel/fpsimd.c | 21 +- arch/arm64/xen/hypercall.S | 21 +- arch/m68k/mac/config.c | 2 +- .../boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 + arch/powerpc/kernel/Makefile | 2 +- arch/powerpc/kexec/crash.c | 5 +- arch/powerpc/platforms/book3s/vas-api.c | 9 + arch/powerpc/platforms/powernv/memtrace.c | 8 +- arch/riscv/kvm/vcpu_sbi.c | 4 +- arch/s390/net/bpf_jit_comp.c | 12 +- arch/x86/include/asm/mwait.h | 9 +- arch/x86/kernel/cpu/common.c | 17 +- arch/x86/kernel/cpu/microcode/core.c | 2 + arch/x86/kernel/cpu/mtrr/generic.c | 2 +- arch/x86/kernel/ioport.c | 13 +- arch/x86/kernel/process.c | 15 +- crypto/lrw.c | 4 +- crypto/xts.c | 4 +- drivers/acpi/acpica/exserial.c | 6 + drivers/acpi/apei/Kconfig | 1 + drivers/acpi/apei/ghes.c | 2 +- drivers/acpi/cppc_acpi.c | 2 +- drivers/acpi/osi.c | 1 - drivers/base/power/domain.c | 2 +- drivers/base/power/main.c | 3 +- drivers/bluetooth/hci_qca.c | 14 +- drivers/bus/fsl-mc/fsl-mc-bus.c | 6 +- drivers/clk/bcm/clk-raspberrypi.c | 2 + drivers/clk/qcom/camcc-sm6350.c | 18 ++ drivers/clk/qcom/dispcc-sm6350.c | 3 + drivers/clk/qcom/gcc-msm8939.c | 4 +- drivers/clk/qcom/gcc-sm6350.c | 6 + drivers/clk/qcom/gpucc-sm6350.c | 6 + drivers/counter/interrupt-cnt.c | 9 + drivers/cpufreq/acpi-cpufreq.c | 2 +- .../crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 7 +- drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 34 +-- drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 +- .../crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 +- drivers/crypto/marvell/cesa/cipher.c | 3 + drivers/crypto/marvell/cesa/hash.c | 2 +- drivers/dma/ti/k3-udma.c | 3 +- drivers/edac/i10nm_base.c | 35 ++-- drivers/edac/skx_common.c | 1 + drivers/edac/skx_common.h | 11 +- drivers/firmware/Kconfig | 1 - drivers/firmware/arm_sdei.c | 11 +- drivers/firmware/efi/libstub/efi-stub-helper.c | 1 + drivers/firmware/psci/psci.c | 4 +- drivers/fpga/tests/fpga-mgr-test.c | 1 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 +- .../gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 8 + drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 31 ++- drivers/gpu/drm/meson/meson_drv.c | 2 +- drivers/gpu/drm/meson/meson_drv.h | 2 +- drivers/gpu/drm/meson/meson_encoder_hdmi.c | 29 +-- drivers/gpu/drm/meson/meson_vclk.c | 226 +++++++++++--------- drivers/gpu/drm/meson/meson_vclk.h | 13 +- drivers/gpu/drm/renesas/rcar-du/rcar_du_kms.c | 10 +- drivers/gpu/drm/tegra/rgb.c | 14 +- drivers/gpu/drm/vc4/tests/vc4_mock_output.c | 36 ++-- drivers/gpu/drm/vkms/vkms_crtc.c | 2 +- drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 +++ drivers/hid/hid-hyperv.c | 4 +- drivers/hid/usbhid/hid-core.c | 25 ++- drivers/hwmon/asus-ec-sensors.c | 4 + drivers/hwtracing/coresight/coresight-config.h | 2 +- drivers/hwtracing/coresight/coresight-syscfg.c | 49 +++-- drivers/iio/adc/ad7124.c | 4 +- drivers/iio/filter/admv8818.c | 230 ++++++++++++++++----- drivers/infiniband/core/cm.c | 16 +- drivers/infiniband/core/cma.c | 3 +- drivers/infiniband/hw/hns/hns_roce_ah.c | 1 - drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 - drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 + drivers/infiniband/hw/hns/hns_roce_main.c | 1 - drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 - drivers/infiniband/hw/mlx5/qpc.c | 30 ++- drivers/input/rmi4/rmi_f34.c | 133 ++++++------ drivers/iommu/Kconfig | 1 - drivers/iommu/iommu.c | 4 +- drivers/md/dm-flakey.c | 70 ++++--- drivers/md/dm.c | 30 +-- drivers/mfd/exynos-lpass.c | 1 - drivers/mfd/stmpe-spi.c | 2 +- drivers/misc/vmw_vmci/vmci_host.c | 11 +- drivers/mtd/nand/ecc-mxic.c | 2 +- drivers/net/bonding/bond_main.c | 25 ++- drivers/net/dsa/b53/b53_common.c | 23 +-- drivers/net/ethernet/google/gve/gve_main.c | 2 +- drivers/net/ethernet/google/gve/gve_tx_dqo.c | 3 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 +- drivers/net/ethernet/intel/ice/ice_main.c | 47 +++-- drivers/net/ethernet/intel/ice/ice_sched.c | 181 +++++++++++++--- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 4 +- drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 + drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 +- .../ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 21 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 +- .../net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 +- drivers/net/ethernet/microchip/lan743x_main.c | 4 +- .../net/ethernet/microchip/lan966x/lan966x_main.c | 7 + .../net/ethernet/microchip/lan966x/lan966x_main.h | 6 + .../net/ethernet/microchip/lan966x/lan966x_ptp.c | 49 +++-- .../ethernet/microchip/lan966x/lan966x_switchdev.c | 1 + .../net/ethernet/microchip/lan966x/lan966x_vlan.c | 21 ++ drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 + .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 +- drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 2 +- drivers/net/macsec.c | 40 +++- drivers/net/phy/mdio_bus.c | 12 ++ drivers/net/phy/mscc/mscc_ptp.c | 20 +- drivers/net/phy/phy_device.c | 4 +- drivers/net/usb/aqc111.c | 10 +- drivers/net/vmxnet3/vmxnet3_drv.c | 26 +++ drivers/net/wireguard/device.c | 1 + drivers/net/wireless/ath/ath10k/snoc.c | 4 +- drivers/net/wireless/ath/ath11k/core.c | 37 ++-- drivers/net/wireless/ath/ath11k/core.h | 4 +- drivers/net/wireless/ath/ath11k/debugfs.c | 62 +++--- drivers/net/wireless/ath/ath11k/mac.c | 4 +- drivers/net/wireless/ath/ath11k/wmi.c | 2 +- drivers/net/wireless/ath/ath12k/core.c | 8 +- drivers/net/wireless/ath/ath12k/dp_rx.c | 9 + drivers/net/wireless/ath/ath12k/wmi.c | 3 +- drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 + drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 6 + drivers/net/wireless/mediatek/mt76/mt7996/dma.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7996/init.c | 3 + drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 + drivers/net/wireless/realtek/rtw88/coex.c | 2 +- drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 +- drivers/net/wireless/realtek/rtw88/sdio.c | 10 +- drivers/net/wwan/t7xx/t7xx_netdev.c | 11 +- drivers/nvme/target/fcloop.c | 31 +-- drivers/pci/controller/cadence/pcie-cadence-host.c | 11 +- drivers/pci/controller/pcie-apple.c | 4 +- drivers/pci/pci-driver.c | 6 - drivers/pci/pci.c | 15 +- drivers/pci/pci.h | 1 + drivers/pci/pcie/dpc.c | 2 +- drivers/perf/amlogic/meson_ddr_pmu_core.c | 2 +- drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 6 +- drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 14 +- drivers/pinctrl/pinctrl-at91.c | 6 +- drivers/pinctrl/qcom/pinctrl-qcm2290.c | 9 + drivers/power/reset/at91-reset.c | 5 +- drivers/ptp/ptp_private.h | 12 +- drivers/regulator/max20086-regulator.c | 6 +- drivers/remoteproc/qcom_wcnss_iris.c | 2 + drivers/remoteproc/ti_k3_r5_remoteproc.c | 8 - drivers/rpmsg/qcom_smd.c | 2 +- drivers/rtc/class.c | 2 +- drivers/rtc/lib.c | 24 ++- drivers/rtc/rtc-loongson.c | 8 + drivers/rtc/rtc-sh.c | 12 +- drivers/scsi/hisi_sas/hisi_sas_main.c | 29 +-- drivers/scsi/qedf/qedf_main.c | 2 +- drivers/scsi/scsi_transport_iscsi.c | 11 +- drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 +- drivers/spi/spi-bcm63xx-hsspi.c | 2 +- drivers/spi/spi-bcm63xx.c | 2 +- drivers/spi/spi-sh-msiof.c | 13 +- drivers/spi/spi-tegra210-quad.c | 24 +-- drivers/staging/media/rkvdec/rkvdec.c | 10 +- drivers/thunderbolt/ctl.c | 5 + drivers/thunderbolt/usb4.c | 4 +- drivers/tty/serial/jsm/jsm_tty.c | 1 + drivers/tty/serial/milbeaut_usio.c | 5 +- drivers/tty/serial/sh-sci.c | 81 ++++++-- drivers/tty/vt/vt_ioctl.c | 2 - drivers/ufs/core/ufs-mcq.c | 6 - drivers/ufs/core/ufshcd.c | 7 +- drivers/ufs/host/ufs-qcom.c | 5 +- drivers/usb/cdns3/cdnsp-gadget.c | 21 +- drivers/usb/cdns3/cdnsp-gadget.h | 4 + drivers/usb/class/usbtmc.c | 21 +- drivers/usb/core/hub.c | 16 +- drivers/usb/core/quirks.c | 3 + drivers/usb/gadget/function/f_hid.c | 12 +- drivers/usb/renesas_usbhs/common.c | 50 +++-- drivers/usb/serial/pl2303.c | 2 + drivers/usb/storage/unusual_uas.h | 7 + drivers/usb/typec/tcpm/tcpci_maxim_core.c | 3 +- drivers/usb/typec/ucsi/ucsi.h | 2 +- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 79 +++++-- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 14 +- drivers/vfio/vfio_iommu_type1.c | 2 +- drivers/video/backlight/qcom-wled.c | 6 +- drivers/video/fbdev/core/fbcvt.c | 2 +- drivers/watchdog/exar_wdt.c | 2 +- drivers/xen/balloon.c | 13 +- fs/btrfs/scrub.c | 34 ++- fs/f2fs/data.c | 4 +- fs/f2fs/f2fs.h | 10 +- fs/f2fs/namei.c | 10 +- fs/f2fs/super.c | 4 +- fs/filesystems.c | 14 +- fs/gfs2/inode.c | 3 +- fs/kernfs/dir.c | 5 +- fs/kernfs/file.c | 3 +- fs/namespace.c | 25 ++- fs/nfs/super.c | 19 ++ fs/nilfs2/btree.c | 4 +- fs/nilfs2/direct.c | 3 + fs/ntfs3/index.c | 8 + fs/ocfs2/quota_local.c | 2 +- fs/smb/client/cifssmb.c | 20 +- fs/squashfs/super.c | 5 + include/linux/arm_sdei.h | 4 +- include/linux/bio.h | 2 +- include/linux/bvec.h | 7 +- include/linux/hid.h | 3 +- include/linux/io_uring_types.h | 3 + include/linux/mdio.h | 5 +- include/linux/mlx5/driver.h | 1 + include/linux/phy.h | 5 +- include/net/bluetooth/hci_core.h | 2 +- include/net/checksum.h | 2 +- include/net/sock.h | 7 +- io_uring/io_uring.c | 10 +- io_uring/io_uring.h | 12 ++ io_uring/kbuf.c | 3 +- io_uring/poll.c | 2 +- io_uring/rw.c | 26 ++- kernel/bpf/core.c | 29 +-- kernel/events/core.c | 50 +++-- kernel/power/hibernate.c | 5 + kernel/power/main.c | 3 +- kernel/power/power.h | 4 + kernel/power/wakelock.c | 3 + kernel/rcu/tree.c | 10 +- kernel/rcu/tree.h | 2 +- kernel/rcu/tree_stall.h | 4 +- kernel/time/posix-cpu-timers.c | 9 + kernel/trace/bpf_trace.c | 2 +- kernel/trace/trace.c | 2 +- kernel/trace/trace.h | 8 +- kernel/trace/trace_events_hist.c | 122 +++++++++-- kernel/trace/trace_events_trigger.c | 20 +- lib/kunit/static_stub.c | 2 +- mm/kasan/report.c | 4 +- mm/kasan/shadow.c | 2 +- net/bluetooth/eir.c | 10 +- net/bluetooth/hci_core.c | 16 +- net/bluetooth/hci_sync.c | 20 +- net/bluetooth/l2cap_core.c | 3 +- net/bluetooth/mgmt.c | 140 ++++++------- net/bluetooth/mgmt_util.c | 51 ++--- net/bluetooth/mgmt_util.h | 8 +- net/bridge/netfilter/nf_conntrack_bridge.c | 12 +- net/core/filter.c | 2 +- net/core/skmsg.c | 53 +++-- net/core/utils.c | 4 +- net/dsa/tag_brcm.c | 2 +- net/dsa/tag_ksz.c | 22 +- net/ipv4/udp_offload.c | 5 + net/ipv6/ila/ila_common.c | 6 +- net/ipv6/netfilter.c | 12 +- net/ipv6/netfilter/nft_fib_ipv6.c | 13 +- net/ipv6/seg6_local.c | 6 +- net/ncsi/internal.h | 21 +- net/ncsi/ncsi-pkt.h | 23 +-- net/ncsi/ncsi-rsp.c | 21 +- net/netfilter/nf_nat_core.c | 12 +- net/netfilter/nft_quota.c | 20 +- net/netfilter/nft_set_pipapo_avx2.c | 21 +- net/netfilter/nft_tunnel.c | 8 +- net/netlabel/netlabel_kapi.c | 5 + net/openvswitch/flow.c | 2 +- net/sched/sch_ets.c | 2 +- net/sched/sch_prio.c | 2 +- net/sched/sch_red.c | 2 +- net/sched/sch_sfq.c | 5 +- net/sched/sch_tbf.c | 2 +- net/tipc/crypto.c | 6 +- net/tls/tls_sw.c | 15 +- net/xfrm/xfrm_device.c | 2 - net/xfrm/xfrm_state.c | 2 - scripts/Makefile.extrawarn | 12 ++ scripts/gcc-plugins/gcc-common.h | 32 +++ scripts/gcc-plugins/randomize_layout_plugin.c | 40 ++-- sound/soc/apple/mca.c | 23 +++ sound/soc/codecs/hda.c | 4 +- sound/soc/codecs/tas2764.c | 2 +- sound/soc/intel/avs/debugfs.c | 6 +- sound/soc/intel/avs/ipc.c | 4 +- sound/soc/sof/ipc4-pcm.c | 3 +- sound/soc/ti/omap-hdmi.c | 7 +- sound/usb/implicit.c | 1 + tools/arch/x86/kcpuid/kcpuid.c | 47 +++-- tools/bpf/resolve_btfids/Makefile | 2 +- tools/include/nolibc/stdlib.h | 4 +- tools/include/nolibc/types.h | 2 +- tools/lib/bpf/bpf_core_read.h | 6 + tools/lib/bpf/libbpf.c | 5 +- tools/lib/bpf/linker.c | 4 +- tools/lib/bpf/nlattr.c | 15 +- tools/perf/Makefile.config | 2 + tools/perf/builtin-record.c | 2 +- tools/perf/builtin-trace.c | 5 +- tools/perf/scripts/python/exported-sql-viewer.py | 5 +- tools/perf/tests/switch-tracking.c | 2 +- tools/perf/ui/browsers/hists.c | 2 +- tools/perf/util/intel-pt.c | 205 +++++++++++++++++- tools/testing/selftests/bpf/prog_tests/bpf_nf.c | 6 + tools/testing/selftests/seccomp/seccomp_bpf.c | 7 +- 347 files changed, 3285 insertions(+), 1551 deletions(-)

1 week, 4 days

17
377
0 0

+ scripts-gdb-fix-dentry_name-lookup.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: scripts/gdb: fix dentry_name() lookup has been added to the -mm mm-hotfixes-unstable branch. Its filename is scripts-gdb-fix-dentry_name-lookup.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Florian Fainelli <florian.fainelli(a)broadcom.com> Subject: scripts/gdb: fix dentry_name() lookup Date: Thu, 19 Jun 2025 15:51:05 -0700 The "d_iname" member was replaced with "d_shortname.string" in the commit referenced in the Fixes tag. This prevented the GDB script "lx-mount" command to properly function: (gdb) lx-mounts mount super_block devname pathname fstype options 0xff11000002d21180 0xff11000002d24800 rootfs / rootfs rw 0 0 0xff11000002e18a80 0xff11000003713000 /dev/root / ext4 rw,relatime 0 0 Python Exception <class 'gdb.error'>: There is no member named d_iname. Error occurred in Python: There is no member named d_iname. Link: https://lkml.kernel.org/r/20250619225105.320729-1-florian.fainelli@broadcom… Fixes: 58cf9c383c5c ("dcache: back inline names with a struct-wrapped array of unsigned long") Signed-off-by: Florian Fainelli <florian.fainelli(a)broadcom.com> Cc: Al Viro <viro(a)zeniv.linux.org.uk> Cc: Jan Kara <jack(a)suse.cz> Cc: Jan Kiszka <jan.kiszka(a)siemens.com> Cc: Jeff Layton <jlayton(a)kernel.org> Cc: Kieran Bingham <kbingham(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- scripts/gdb/linux/vfs.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/scripts/gdb/linux/vfs.py~scripts-gdb-fix-dentry_name-lookup +++ a/scripts/gdb/linux/vfs.py @@ -22,7 +22,7 @@ def dentry_name(d): if parent == d or parent == 0: return "" p = dentry_name(d['d_parent']) + "/" - return p + d['d_iname'].string() + return p + d['d_shortname']['string'].string() class DentryName(gdb.Function): """Return string of the full path of a dentry. _ Patches currently in -mm which might be from florian.fainelli(a)broadcom.com are scripts-gdb-fix-dentry_name-lookup.patch

1 week, 4 days

1
0
0 0

+ mm-damon-sysfs-schemes-free-old-damon_sysfs_scheme_filter-memcg_path-on-write.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-damon-sysfs-schemes-free-old-damon_sysfs_scheme_filter-memcg_path-on-write.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: SeongJae Park <sj(a)kernel.org> Subject: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write Date: Thu, 19 Jun 2025 11:36:07 -0700 memcg_path_store() assigns a newly allocated memory buffer to filter->memcg_path, without deallocating the previously allocated and assigned memory buffer. As a result, users can leak kernel memory by continuously writing a data to memcg_path DAMOS sysfs file. Fix the leak by deallocating the previously set memory buffer. Link: https://lkml.kernel.org/r/20250619183608.6647-2-sj@kernel.org Fixes: 7ee161f18b5d ("mm/damon/sysfs-schemes: implement filter directory") Signed-off-by: SeongJae Park <sj(a)kernel.org> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> [6.3.x] Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/damon/sysfs-schemes.c | 1 + 1 file changed, 1 insertion(+) --- a/mm/damon/sysfs-schemes.c~mm-damon-sysfs-schemes-free-old-damon_sysfs_scheme_filter-memcg_path-on-write +++ a/mm/damon/sysfs-schemes.c @@ -472,6 +472,7 @@ static ssize_t memcg_path_store(struct k return -ENOMEM; strscpy(path, buf, count + 1); + kfree(filter->memcg_path); filter->memcg_path = path; return count; } _ Patches currently in -mm which might be from sj(a)kernel.org are mm-damon-sysfs-schemes-free-old-damon_sysfs_scheme_filter-memcg_path-on-write.patch mm-damon-introduce-damon_stat-module.patch mm-damon-introduce-damon_stat-module-fix.patch mm-damon-stat-calculate-and-expose-estimated-memory-bandwidth.patch mm-damon-stat-calculate-and-expose-idle-time-percentiles.patch docs-admin-guide-mm-damon-add-damon_stat-usage-document.patch mm-damon-paddr-use-alloc_migartion_target-with-no-migration-fallback-nodemask.patch revert-mm-rename-alloc_demote_folio-to-alloc_migrate_folio.patch revert-mm-make-alloc_demote_folio-externally-invokable-for-migration.patch selftets-damon-add-a-test-for-memcg_path-leak.patch

1 week, 4 days

1
0
0 0

+ mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung has been added to the -mm mm-new branch. Its filename is mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung Date: Fri, 20 Jun 2025 01:55:35 +0800 Patch series "mm/shmem, swap: bugfix and improvement of mTHP swap in", v2. The current mTHP swapin path have several problems. It may potentially hang, may cause redundant faults due to false positive swap cache lookup, and it will involve at least 4 Xarray tree walks (get order, get order again, confirm swap, insert folio). And for !CONFIG_TRANSPARENT_HUGEPAGE builds, it will performs some mTHP related checks. This series fixes all of the mentioned issues, and the code should be more robust and prepared for the swap table series. Now tree walks is reduced to twice (get order & confirm, insert folio) and added more sanity checks and comments. !CONFIG_TRANSPARENT_HUGEPAGE build overhead is also minimized, and comes with a sanity check now. The performance is slightly better after this series, sequential swap in of 24G data from ZRAM, using transparent_hugepage_tmpfs=always (36 samples each): Before: avg: 11.23s, stddev: 0.06 After patch 1: avg: 10.92s, stddev: 0.05 After patch 2: avg: 10.93s, stddev: 0.15 After patch 3: avg: 10.07s, stddev: 0.09 After patch 4: avg: 10.09s, stddev: 0.08 Each patch improves the performance by a little, which is about ~10% faster in total. Build kernel test showed very slightly improvement, testing with make -j24 with defconfig in a 256M memcg also using ZRAM as swap, and transparent_hugepage_tmpfs=always (6 samples each): Before: system time avg: 3945.25s After patch 1: system time avg: 3903.21s After patch 2: system time avg: 3914.76s After patch 3: system time avg: 3907.41s After patch 4: system time avg: 3876.24s Slightly better than noise level given the number of samples. This patch (of 4): The current swap-in code assumes that, when a swap entry in shmem mapping is order 0, its cached folios (if present) must be order 0 too, which turns out not always correct. The problem is shmem_split_large_entry is called before verifying the folio will eventually be swapped in, one possible race is: CPU1 CPU2 shmem_swapin_folio /* swap in of order > 0 swap entry S1 */ folio = swap_cache_get_folio /* folio = NULL */ order = xa_get_order /* order > 0 */ folio = shmem_swap_alloc_folio /* mTHP alloc failure, folio = NULL */ <... Interrupted ...> shmem_swapin_folio /* S1 is swapped in */ shmem_writeout /* S1 is swapped out, folio cached */ shmem_split_large_entry(..., S1) /* S1 is split, but the folio covering it has order > 0 now */ Now any following swapin of S1 will hang: `xa_get_order` returns 0, and folio lookup will return a folio with order > 0. The `xa_get_order(&mapping->i_pages, index) != folio_order(folio)` will always return false causing swap-in to return -EEXIST. And this looks fragile. So fix this up by allowing seeing a larger folio in swap cache, and check the whole shmem mapping range covered by the swapin have the right swap value upon inserting the folio. And drop the redundant tree walks before the insertion. This will actually improve performance, as it avoids two redundant Xarray tree walks in the hot path, and the only side effect is that in the failure path, shmem may redundantly reallocate a few folios causing temporary slight memory pressure. And worth noting, it may seems the order and value check before inserting might help reducing the lock contention, which is not true. The swap cache layer ensures raced swapin will either see a swap cache folio or failed to do a swapin (we have SWAP_HAS_CACHE bit even if swap cache is bypassed), so holding the folio lock and checking the folio flag is already good enough for avoiding the lock contention. The chance that a folio passes the swap entry value check but the shmem mapping slot has changed should be very low. Link: https://lkml.kernel.org/r/20250619175538.15799-1-ryncsn@gmail.com Link: https://lkml.kernel.org/r/20250619175538.15799-2-ryncsn@gmail.com Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Kairui Song <kasong(a)tencent.com> Reviewed-by: Kemeng Shi <shikemeng(a)huaweicloud.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Chris Li <chrisl(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) --- a/mm/shmem.c~mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung +++ a/mm/shmem.c @@ -884,7 +884,9 @@ static int shmem_add_to_page_cache(struc pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); - long nr = folio_nr_pages(folio); + unsigned long nr = folio_nr_pages(folio); + swp_entry_t iter, swap; + void *entry; VM_BUG_ON_FOLIO(index != round_down(index, nr), folio); VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); @@ -896,14 +898,24 @@ static int shmem_add_to_page_cache(struc gfp &= GFP_RECLAIM_MASK; folio_throttle_swaprate(folio, gfp); + swap = iter = radix_to_swp_entry(expected); do { xas_lock_irq(&xas); - if (expected != xas_find_conflict(&xas)) { - xas_set_err(&xas, -EEXIST); - goto unlock; + xas_for_each_conflict(&xas, entry) { + /* + * The range must either be empty, or filled with + * expected swap entries. Shmem swap entries are never + * partially freed without split of both entry and + * folio, so there shouldn't be any holes. + */ + if (!expected || entry != swp_to_radix_entry(iter)) { + xas_set_err(&xas, -EEXIST); + goto unlock; + } + iter.val += 1 << xas_get_order(&xas); } - if (expected && xas_find_conflict(&xas)) { + if (expected && iter.val - nr != swap.val) { xas_set_err(&xas, -EEXIST); goto unlock; } @@ -2323,7 +2335,7 @@ static int shmem_swapin_folio(struct ino error = -ENOMEM; goto failed; } - } else if (order != folio_order(folio)) { + } else if (order > folio_order(folio)) { /* * Swap readahead may swap in order 0 folios into swapcache * asynchronously, while the shmem mapping can still stores @@ -2348,15 +2360,15 @@ static int shmem_swapin_folio(struct ino swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); } + } else if (order < folio_order(folio)) { + swap.val = round_down(swp_type(swap), folio_order(folio)); } alloced: /* We have to do this with folio locked to prevent races */ folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || - folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap) || - xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { + folio->swap.val != swap.val) { error = -EEXIST; goto unlock; } _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-shmem-swap-fix-softlockup-with-mthp-swapin.patch mm-shmem-swap-fix-softlockup-with-mthp-swapin-v3.patch mm-userfaultfd-fix-race-of-userfaultfd_move-and-swap-cache.patch mm-list_lru-refactor-the-locking-code.patch mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch mm-shmem-swap-avoid-redundant-xarray-lookup-during-swapin.patch mm-shmem-swap-improve-mthp-swapin-process.patch mm-shmem-swap-avoid-false-positive-swap-cache-lookup.patch

1 week, 4 days

1
0
0 0

+ lib-group_cpus-fix-null-pointer-dereference-from-group_cpus_evenly.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() has been added to the -mm mm-hotfixes-unstable branch. Its filename is lib-group_cpus-fix-null-pointer-dereference-from-group_cpus_evenly.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Yu Kuai <yukuai3(a)huawei.com> Subject: lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() Date: Thu, 19 Jun 2025 21:26:55 +0800 While testing null_blk with configfs, echo 0 > poll_queues will trigger following panic: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 0000 [#1] SMP NOPTI CPU: 27 UID: 0 PID: 920 Comm: bash Not tainted 6.15.0-02023-gadbdb95c8696-dirty #1238 PREEMPT(undef) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:__bitmap_or+0x48/0x70 Call Trace: <TASK> __group_cpus_evenly+0x822/0x8c0 group_cpus_evenly+0x2d9/0x490 blk_mq_map_queues+0x1e/0x110 null_map_queues+0xc9/0x170 [null_blk] blk_mq_update_queue_map+0xdb/0x160 blk_mq_update_nr_hw_queues+0x22b/0x560 nullb_update_nr_hw_queues+0x71/0xf0 [null_blk] nullb_device_poll_queues_store+0xa4/0x130 [null_blk] configfs_write_iter+0x109/0x1d0 vfs_write+0x26e/0x6f0 ksys_write+0x79/0x180 __x64_sys_write+0x1d/0x30 x64_sys_call+0x45c4/0x45f0 do_syscall_64+0xa5/0x240 entry_SYSCALL_64_after_hwframe+0x76/0x7e Root cause is that numgrps is set to 0, and ZERO_SIZE_PTR is returned from kcalloc(), then __group_cpus_evenly() will deference the ZERO_SIZE_PTR. Fix the problem by checking numgrps first in group_cpus_evenly(), and return NULL directly if numgrps is zero. Link: https://lkml.kernel.org/r/20250619132655.3318883-1-yukuai1@huaweicloud.com Fixes: 6a6dcae8f486 ("blk-mq: Build default queue map via group_cpus_evenly()") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Reviewed-by: Ming Lei <ming.lei(a)redhat.com> Reviewed-by: Jens Axboe <axboe(a)kernel.dk> Cc: ErKun Yang <yangerkun(a)huawei.com> Cc: John Garry <john.g.garry(a)oracle.com> Cc: Thomas Gleinxer <tglx(a)linutronix.de> Cc: "zhangyi (F)" <yi.zhang(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/group_cpus.c | 3 +++ 1 file changed, 3 insertions(+) --- a/lib/group_cpus.c~lib-group_cpus-fix-null-pointer-dereference-from-group_cpus_evenly +++ a/lib/group_cpus.c @@ -352,6 +352,9 @@ struct cpumask *group_cpus_evenly(unsign int ret = -ENOMEM; struct cpumask *masks = NULL; + if (numgrps == 0) + return NULL; + if (!zalloc_cpumask_var(&nmsk, GFP_KERNEL)) return NULL; _ Patches currently in -mm which might be from yukuai3(a)huawei.com are lib-group_cpus-fix-null-pointer-dereference-from-group_cpus_evenly.patch

1 week, 4 days

1
0
0 0

[PATCH v2] thunderbolt: Fix wake on connect at runtime

by Mario Limonciello

From: Mario Limonciello <mario.limonciello(a)amd.com> commit 1a760d10ded37 ("thunderbolt: Fix a logic error in wake on connect") fixated on the USB4 port sysfs wakeup file not working properly to control policy, but it had an unintended side effect that the sysfs file controls policy both at runtime and at suspend time. The sysfs file is supposed to only control behavior while system is suspended. Pass whether programming a port for runtime into usb4_switch_set_wake() and if runtime then ignore the value in the sysfs file. Cc: stable(a)vger.kernel.org Reported-by: Alexander Kovacs <Alexander.Kovacs(a)amd.com> Tested-by: Alexander Kovacs <Alexander.Kovacs(a)amd.com> Fixes: 1a760d10ded37 ("thunderbolt: Fix a logic error in wake on connect") Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- v2: * Fix kdoc issue reported by lkp robot --- drivers/thunderbolt/switch.c | 8 ++++---- drivers/thunderbolt/tb.h | 2 +- drivers/thunderbolt/usb4.c | 10 +++++----- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c index 28febb95f8fa1..e9809fb57c354 100644 --- a/drivers/thunderbolt/switch.c +++ b/drivers/thunderbolt/switch.c @@ -3437,7 +3437,7 @@ void tb_sw_set_unplugged(struct tb_switch *sw) } } -static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags) +static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime) { if (flags) tb_sw_dbg(sw, "enabling wakeup: %#x\n", flags); @@ -3445,7 +3445,7 @@ static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags) tb_sw_dbg(sw, "disabling wakeup\n"); if (tb_switch_is_usb4(sw)) - return usb4_switch_set_wake(sw, flags); + return usb4_switch_set_wake(sw, flags, runtime); return tb_lc_set_wake(sw, flags); } @@ -3521,7 +3521,7 @@ int tb_switch_resume(struct tb_switch *sw, bool runtime) tb_switch_check_wakes(sw); /* Disable wakes */ - tb_switch_set_wake(sw, 0); + tb_switch_set_wake(sw, 0, true); err = tb_switch_tmu_init(sw); if (err) @@ -3603,7 +3603,7 @@ void tb_switch_suspend(struct tb_switch *sw, bool runtime) flags |= TB_WAKE_ON_USB4 | TB_WAKE_ON_USB3 | TB_WAKE_ON_PCIE; } - tb_switch_set_wake(sw, flags); + tb_switch_set_wake(sw, flags, runtime); if (tb_switch_is_usb4(sw)) usb4_switch_set_sleep(sw); diff --git a/drivers/thunderbolt/tb.h b/drivers/thunderbolt/tb.h index 87afd5a7c504b..f503bad864130 100644 --- a/drivers/thunderbolt/tb.h +++ b/drivers/thunderbolt/tb.h @@ -1317,7 +1317,7 @@ int usb4_switch_read_uid(struct tb_switch *sw, u64 *uid); int usb4_switch_drom_read(struct tb_switch *sw, unsigned int address, void *buf, size_t size); bool usb4_switch_lane_bonding_possible(struct tb_switch *sw); -int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags); +int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime); int usb4_switch_set_sleep(struct tb_switch *sw); int usb4_switch_nvm_sector_size(struct tb_switch *sw); int usb4_switch_nvm_read(struct tb_switch *sw, unsigned int address, void *buf, diff --git a/drivers/thunderbolt/usb4.c b/drivers/thunderbolt/usb4.c index fce3c0f2354a7..d46d9434933c4 100644 --- a/drivers/thunderbolt/usb4.c +++ b/drivers/thunderbolt/usb4.c @@ -403,10 +403,11 @@ bool usb4_switch_lane_bonding_possible(struct tb_switch *sw) * usb4_switch_set_wake() - Enabled/disable wake * @sw: USB4 router * @flags: Wakeup flags (%0 to disable) + * @runtime: Wake is being programmed during system runtime * * Enables/disables router to wake up from sleep. */ -int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags) +int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime) { struct usb4_port *usb4; struct tb_port *port; @@ -438,13 +439,12 @@ int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags) val |= PORT_CS_19_WOU4; } else { bool configured = val & PORT_CS_19_PC; + bool wakeup = runtime || device_may_wakeup(&usb4->dev); usb4 = port->usb4; - if (((flags & TB_WAKE_ON_CONNECT) && - device_may_wakeup(&usb4->dev)) && !configured) + if ((flags & TB_WAKE_ON_CONNECT) && wakeup && !configured) val |= PORT_CS_19_WOC; - if (((flags & TB_WAKE_ON_DISCONNECT) && - device_may_wakeup(&usb4->dev)) && configured) + if ((flags & TB_WAKE_ON_DISCONNECT) && wakeup && configured) val |= PORT_CS_19_WOD; if ((flags & TB_WAKE_ON_USB4) && configured) val |= PORT_CS_19_WOU4; -- 2.43.0

1 week, 4 days

2
1
0 0

[PATCH 0/2] mm/damon: fix memory leak in memcg_path sysfs file

by SeongJae Park

Users can leak memory by repeatedly writing a string to DAMOS sysfs memcg_path file. Fix it (patch 1) and add a selftest (patch 2) to avoid reoccurrance of the bug. SeongJae Park (2): mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write selftets/damon: add a test for memcg_path leak mm/damon/sysfs-schemes.c | 1 + tools/testing/selftests/damon/Makefile | 1 + .../selftests/damon/sysfs_memcg_path_leak.sh | 43 +++++++++++++++++++ 3 files changed, 45 insertions(+) create mode 100755 tools/testing/selftests/damon/sysfs_memcg_path_leak.sh base-commit: 05b89e828eb4f791f721cbdc65f36e1a8287a9d3 -- 2.39.5

1 week, 4 days

1
1
0 0

[PATCH] NFC: nci: uart: Set tty->disc_data only in success path

by Krzysztof Kozlowski

Setting tty->disc_data before opening the NCI device means we need to clean it up on error paths. This also opens some short window if device starts sending data, even before NCIUARTSETDRIVER IOCTL succeeded (broken hardware?). Close the window by exposing tty->disc_data only on the success path, when opening of the NCI device and try_module_get() succeeds. The code differs in error path in one aspect: tty->disc_data won't be ever assigned thus NULL-ified. This however should not be relevant difference, because of "tty->disc_data=NULL" in nci_uart_tty_open(). Cc: Greg KH <gregkh(a)linuxfoundation.org> Cc: Linus Torvalds <torvalds(a)linuxfoundation.org> Cc: Paolo Abeni <pabeni(a)redhat.com> Cc: Jakub Kicinski <kuba(a)kernel.org> Fixes: 9961127d4bce ("NFC: nci: add generic uart support") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- net/nfc/nci/uart.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/net/nfc/nci/uart.c b/net/nfc/nci/uart.c index ed1508a9e093..aab107727f18 100644 --- a/net/nfc/nci/uart.c +++ b/net/nfc/nci/uart.c @@ -119,22 +119,22 @@ static int nci_uart_set_driver(struct tty_struct *tty, unsigned int driver) memcpy(nu, nci_uart_drivers[driver], sizeof(struct nci_uart)); nu->tty = tty; - tty->disc_data = nu; skb_queue_head_init(&nu->tx_q); INIT_WORK(&nu->write_work, nci_uart_write_work); spin_lock_init(&nu->rx_lock); ret = nu->ops.open(nu); if (ret) { - tty->disc_data = NULL; kfree(nu); + return ret; } else if (!try_module_get(nu->owner)) { nu->ops.close(nu); - tty->disc_data = NULL; kfree(nu); return -ENOENT; } - return ret; + tty->disc_data = nu; + + return 0; } /* ------ LDISC part ------ */ -- 2.45.2

1 week, 4 days

3
2
0 0

Google's 1st page*%$!

by James Charles

Hi, I have checked your website and I feel that you need to make some improvements in your website. We can place your website on the 1st page of Google, Yahoo and a better presence on Facebook, LinkedIn, YouTube, Instagram, Pinterest etc. which you can charge me some amount. Thanks and regards

1 week, 4 days

1
0
0 0

[REGRESSION] e1000e heavy packet loss on Meteor Lake - 6.14.2

by Marek Marczykowski-Górecki

Hi, After updating to 6.14.2, the ethernet adapter is almost unusable, I get over 30% packet loss. Bisect says it's this commit: commit 85f6414167da39e0da30bf370f1ecda5a58c6f7b Author: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Date: Thu Mar 13 16:05:56 2025 +0200 e1000e: change k1 configuration on MTP and later platforms [ Upstream commit efaaf344bc2917cbfa5997633bc18a05d3aed27f ] Starting from Meteor Lake, the Kumeran interface between the integrated MAC and the I219 PHY works at a different frequency. This causes sporadic MDI errors when accessing the PHY, and in rare circumstances could lead to packet corruption. To overcome this, introduce minor changes to the Kumeran idle state (K1) parameters during device initialization. Hardware reset reverts this configuration, therefore it needs to be applied in a few places. Fixes: cc23f4f0b6b9 ("e1000e: Add support for Meteor Lake") Signed-off-by: Vitaly Lifshits <vitaly.lifshits(a)intel.com> Tested-by: Avigail Dahan <avigailx.dahan(a)intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> drivers/net/ethernet/intel/e1000e/defines.h | 3 ++ drivers/net/ethernet/intel/e1000e/ich8lan.c | 80 +++++++++++++++++++++++++++-- drivers/net/ethernet/intel/e1000e/ich8lan.h | 4 ++ 3 files changed, 82 insertions(+), 5 deletions(-) My system is Novacustom V540TU laptop with Intel Core Ultra 5 125H. And the e1000e driver is running in a Xen HVM (with PCI passthrough). Interestingly, I have also another one with Intel Core Ultra 7 155H where the issue does not happen. I don't see what is different about network adapter there, they look identical on lspci (but there are differences about other devices)... I see the commit above was already backported to other stable branches too... #regzbot introduced: 85f6414167da39e0da30bf370f1ecda5a58c6f7b -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab

1 week, 4 days

4
19
0 0

Linux 6.15.3

by Greg Kroah-Hartman

I'm announcing the release of the 6.15.3 kernel. All users of the 6.15 kernel series must upgrade. The updated 6.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/regulator/mediatek,mt6357-regulator.yaml | 12 Documentation/devicetree/bindings/soc/fsl/fsl,qman-fqd.yaml | 4 Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 Documentation/gpu/xe/index.rst | 1 Documentation/gpu/xe/xe_gt_freq.rst | 14 Documentation/misc-devices/lis3lv02d.rst | 6 Documentation/netlink/specs/rt_link.yaml | 68 + Documentation/networking/xfrm_device.rst | 10 Makefile | 2 arch/arm/boot/dts/microchip/at91sam9263ek.dts | 2 arch/arm/boot/dts/microchip/tny_a9263.dts | 2 arch/arm/boot/dts/microchip/usb_a9263.dts | 4 arch/arm/boot/dts/qcom/qcom-apq8064.dtsi | 82 +- arch/arm/mach-aspeed/Kconfig | 1 arch/arm64/Kconfig | 6 arch/arm64/boot/dts/allwinner/sun50i-a100.dtsi | 3 arch/arm64/boot/dts/freescale/imx8mm-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mp-beacon-som.dtsi | 1 arch/arm64/boot/dts/mediatek/mt6357.dtsi | 10 arch/arm64/boot/dts/mediatek/mt6359.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 10 arch/arm64/boot/dts/mediatek/mt8183.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8188.dtsi | 2 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 50 - arch/arm64/boot/dts/mediatek/mt8390-genio-common.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra186.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra194.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra210-p2180.dtsi | 1 arch/arm64/boot/dts/qcom/ipq9574-rdp-common.dtsi | 11 arch/arm64/boot/dts/qcom/ipq9574.dtsi | 16 arch/arm64/boot/dts/qcom/msm8998.dtsi | 19 arch/arm64/boot/dts/qcom/qcm2290.dtsi | 16 arch/arm64/boot/dts/qcom/qcs615.dtsi | 17 arch/arm64/boot/dts/qcom/qcs8300.dtsi | 12 arch/arm64/boot/dts/qcom/sa8775p.dtsi | 11 arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 3 arch/arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 arch/arm64/boot/dts/qcom/sdm660-xiaomi-lavender.dts | 3 arch/arm64/boot/dts/qcom/sdm845-samsung-starqltechn.dts | 16 arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 arch/arm64/boot/dts/qcom/sm8350.dtsi | 6 arch/arm64/boot/dts/qcom/sm8550.dtsi | 391 ++++++---- arch/arm64/boot/dts/qcom/sm8650.dtsi | 82 +- arch/arm64/boot/dts/qcom/sm8750.dtsi | 26 arch/arm64/boot/dts/qcom/x1e001de-devkit.dts | 44 + arch/arm64/boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 2 arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 arch/arm64/boot/dts/renesas/white-hawk-ard-audio-da7212.dtso | 2 arch/arm64/boot/dts/renesas/white-hawk-single.dtsi | 8 arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 arch/arm64/boot/dts/rockchip/rk3399-puma.dtsi | 12 arch/arm64/boot/dts/rockchip/rk3528.dtsi | 3 arch/arm64/boot/dts/rockchip/rk3566-rock-3c.dts | 1 arch/arm64/boot/dts/rockchip/rk3568-nanopi-r5s.dtsi | 5 arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 15 arch/arm64/boot/dts/ti/k3-j721e-common-proc-board.dts | 1 arch/arm64/configs/defconfig | 3 arch/arm64/include/asm/esr.h | 14 arch/arm64/kernel/fpsimd.c | 21 arch/arm64/xen/hypercall.S | 21 arch/m68k/mac/config.c | 2 arch/mips/boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 arch/powerpc/kernel/Makefile | 2 arch/powerpc/kexec/crash.c | 5 arch/powerpc/platforms/book3s/vas-api.c | 9 arch/powerpc/platforms/powernv/memtrace.c | 8 arch/powerpc/platforms/pseries/iommu.c | 2 arch/riscv/kernel/traps_misaligned.c | 4 arch/riscv/kvm/vcpu_sbi.c | 4 arch/s390/kernel/uv.c | 85 +- arch/s390/net/bpf_jit_comp.c | 12 arch/um/os-Linux/sigio.c | 3 arch/x86/events/amd/uncore.c | 36 arch/x86/hyperv/hv_init.c | 33 arch/x86/hyperv/hv_vtl.c | 44 - arch/x86/hyperv/ivm.c | 22 arch/x86/include/asm/mshyperv.h | 6 arch/x86/include/asm/mwait.h | 9 arch/x86/include/asm/sighandling.h | 22 arch/x86/kernel/cpu/common.c | 17 arch/x86/kernel/cpu/microcode/core.c | 2 arch/x86/kernel/cpu/mtrr/generic.c | 2 arch/x86/kernel/ioport.c | 13 arch/x86/kernel/irq.c | 2 arch/x86/kernel/process.c | 15 arch/x86/kernel/signal_32.c | 4 arch/x86/kernel/signal_64.c | 4 arch/x86/lib/x86-opcode-map.txt | 50 - block/blk-integrity.c | 7 block/blk-throttle.c | 22 block/blk-zoned.c | 7 block/elevator.c | 3 crypto/api.c | 13 crypto/asymmetric_keys/public_key.c | 13 crypto/ecdsa-p1363.c | 6 crypto/ecdsa-x962.c | 5 crypto/ecdsa.c | 2 crypto/ecrdsa.c | 2 crypto/krb5/rfc3961_simplified.c | 1 crypto/lrw.c | 4 crypto/rsassa-pkcs1.c | 2 crypto/sig.c | 9 crypto/xts.c | 4 drivers/accel/amdxdna/aie2_message.c | 6 drivers/accel/amdxdna/aie2_msg_priv.h | 10 drivers/accel/amdxdna/aie2_psp.c | 4 drivers/accel/ivpu/ivpu_job.c | 8 drivers/acpi/acpica/exserial.c | 6 drivers/acpi/apei/Kconfig | 1 drivers/acpi/apei/ghes.c | 2 drivers/acpi/cppc_acpi.c | 2 drivers/acpi/osi.c | 1 drivers/acpi/platform_profile.c | 3 drivers/acpi/resource.c | 2 drivers/acpi/thermal.c | 10 drivers/base/power/main.c | 3 drivers/base/power/runtime.c | 44 + drivers/block/brd.c | 11 drivers/block/loop.c | 8 drivers/bluetooth/btintel.c | 10 drivers/bluetooth/btintel_pcie.c | 31 drivers/bluetooth/btintel_pcie.h | 10 drivers/bus/fsl-mc/fsl-mc-bus.c | 12 drivers/char/Kconfig | 2 drivers/clk/bcm/clk-raspberrypi.c | 2 drivers/clk/qcom/camcc-sm6350.c | 18 drivers/clk/qcom/dispcc-sm6350.c | 3 drivers/clk/qcom/gcc-msm8939.c | 4 drivers/clk/qcom/gcc-sm6350.c | 6 drivers/clk/qcom/gpucc-sm6350.c | 6 drivers/counter/interrupt-cnt.c | 9 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 7 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c | 17 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 34 drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 drivers/crypto/intel/iaa/iaa_crypto_main.c | 6 drivers/crypto/marvell/cesa/cipher.c | 3 drivers/crypto/marvell/cesa/hash.c | 2 drivers/crypto/xilinx/zynqmp-sha.c | 18 drivers/dma/ti/k3-udma.c | 3 drivers/edac/bluefield_edac.c | 20 drivers/edac/i10nm_base.c | 35 drivers/edac/skx_common.c | 1 drivers/edac/skx_common.h | 11 drivers/firmware/Kconfig | 1 drivers/firmware/arm_sdei.c | 11 drivers/firmware/efi/libstub/efi-stub-helper.c | 1 drivers/firmware/psci/psci.c | 4 drivers/firmware/samsung/exynos-acpm-pmic.c | 16 drivers/firmware/samsung/exynos-acpm.c | 11 drivers/fpga/tests/fpga-mgr-test.c | 1 drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 drivers/gpu/drm/amd/amdgpu/gfx_v10_0_cleaner_shader.h | 6 drivers/gpu/drm/amd/amdgpu/gfx_v10_1_10_cleaner_shader.asm | 13 drivers/gpu/drm/amd/display/dc/basics/fixpt31_32.c | 5 drivers/gpu/drm/amd/display/dc/sspl/spl_fixpt31_32.c | 4 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 8 drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 58 - drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 drivers/gpu/drm/ci/gitlab-ci.yml | 19 drivers/gpu/drm/display/drm_hdmi_audio_helper.c | 3 drivers/gpu/drm/drm_panic_qr.rs | 71 + drivers/gpu/drm/i915/display/intel_dp.c | 7 drivers/gpu/drm/i915/display/intel_dp.h | 1 drivers/gpu/drm/i915/display/intel_dp_mst.c | 5 drivers/gpu/drm/i915/display/intel_psr_regs.h | 4 drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c | 16 drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 19 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 31 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 2 drivers/gpu/drm/meson/meson_vclk.c | 55 - drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 1 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_1_14_msm8937.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_1_15_msm8917.h | 1 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_1_16_msm8953.h | 2 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 16 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 16 drivers/gpu/drm/msm/dp/dp_display.c | 27 drivers/gpu/drm/msm/dp/dp_link.h | 4 drivers/gpu/drm/msm/dp/dp_panel.c | 12 drivers/gpu/drm/panel/panel-samsung-sofef00.c | 34 drivers/gpu/drm/panel/panel-simple.c | 5 drivers/gpu/drm/panthor/panthor_device.c | 8 drivers/gpu/drm/panthor/panthor_mmu.c | 1 drivers/gpu/drm/panthor/panthor_regs.h | 4 drivers/gpu/drm/renesas/rcar-du/rcar_du_kms.c | 10 drivers/gpu/drm/tegra/rgb.c | 14 drivers/gpu/drm/v3d/v3d_debugfs.c | 126 +-- drivers/gpu/drm/v3d/v3d_drv.c | 22 drivers/gpu/drm/v3d/v3d_drv.h | 11 drivers/gpu/drm/v3d/v3d_gem.c | 10 drivers/gpu/drm/v3d/v3d_irq.c | 64 + drivers/gpu/drm/v3d/v3d_perfmon.c | 4 drivers/gpu/drm/v3d/v3d_sched.c | 6 drivers/gpu/drm/vc4/tests/vc4_mock_output.c | 36 drivers/gpu/drm/vc4/tests/vc4_test_pv_muxing.c | 154 +++ drivers/gpu/drm/vc4/vc4_hdmi.c | 16 drivers/gpu/drm/vkms/vkms_crtc.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 10 drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 34 drivers/gpu/drm/xe/Kconfig | 3 drivers/gpu/drm/xe/xe_bo.c | 48 - drivers/gpu/drm/xe/xe_gt_freq.c | 5 drivers/gpu/drm/xe/xe_guc_debugfs.c | 159 ++-- drivers/gpu/drm/xe/xe_lrc.c | 24 drivers/gpu/drm/xe/xe_pci.c | 1 drivers/gpu/drm/xe/xe_pxp.c | 8 drivers/gpu/drm/xe/xe_vm.c | 19 drivers/gpu/drm/xe/xe_vm.h | 69 + drivers/gpu/drm/xe/xe_vm_types.h | 8 drivers/gpu/drm/xlnx/Kconfig | 1 drivers/hid/Kconfig | 2 drivers/hid/hid-hyperv.c | 4 drivers/hid/intel-thc-hid/intel-quicki2c/pci-quicki2c.c | 7 drivers/hid/usbhid/hid-core.c | 25 drivers/hwmon/asus-ec-sensors.c | 4 drivers/hwtracing/coresight/coresight-catu.c | 27 drivers/hwtracing/coresight/coresight-catu.h | 1 drivers/hwtracing/coresight/coresight-config.h | 2 drivers/hwtracing/coresight/coresight-core.c | 21 drivers/hwtracing/coresight/coresight-cpu-debug.c | 3 drivers/hwtracing/coresight/coresight-etm4x-core.c | 5 drivers/hwtracing/coresight/coresight-etm4x-sysfs.c | 4 drivers/hwtracing/coresight/coresight-funnel.c | 3 drivers/hwtracing/coresight/coresight-replicator.c | 3 drivers/hwtracing/coresight/coresight-stm.c | 2 drivers/hwtracing/coresight/coresight-syscfg.c | 51 - drivers/hwtracing/coresight/coresight-tmc-core.c | 2 drivers/hwtracing/coresight/coresight-tmc-etf.c | 11 drivers/hwtracing/coresight/coresight-tpiu.c | 2 drivers/iio/adc/ad4851.c | 14 drivers/iio/adc/ad7124.c | 4 drivers/iio/adc/mcp3911.c | 39 drivers/iio/adc/pac1934.c | 2 drivers/iio/dac/adi-axi-dac.c | 8 drivers/iio/filter/admv8818.c | 224 ++++- drivers/infiniband/core/cm.c | 19 drivers/infiniband/core/cma.c | 3 drivers/infiniband/hw/bnxt_re/debugfs.c | 20 drivers/infiniband/hw/hns/hns_roce_ah.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 drivers/infiniband/hw/hns/hns_roce_main.c | 1 drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 drivers/infiniband/hw/mlx5/qpc.c | 30 drivers/infiniband/sw/rxe/rxe_qp.c | 7 drivers/iommu/Kconfig | 1 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 2 drivers/iommu/io-pgtable-arm.c | 13 drivers/iommu/iommu.c | 4 drivers/iommu/ipmmu-vmsa.c | 3 drivers/mailbox/Kconfig | 4 drivers/mailbox/imx-mailbox.c | 21 drivers/mailbox/mtk-cmdq-mailbox.c | 51 - drivers/md/dm-core.h | 1 drivers/md/dm-flakey.c | 70 - drivers/md/dm-table.c | 67 + drivers/md/dm-zone.c | 86 +- drivers/md/dm.c | 36 drivers/md/dm.h | 6 drivers/md/raid1-10.c | 10 drivers/md/raid1.c | 19 drivers/md/raid10.c | 11 drivers/media/platform/synopsys/hdmirx/snps_hdmirx.c | 14 drivers/media/platform/verisilicon/hantro_postproc.c | 4 drivers/mfd/exynos-lpass.c | 31 drivers/mfd/stmpe-spi.c | 2 drivers/misc/lis3lv02d/Kconfig | 4 drivers/misc/mei/vsc-tp.c | 4 drivers/misc/vmw_vmci/vmci_host.c | 11 drivers/mtd/nand/ecc-mxic.c | 2 drivers/net/bonding/bond_main.c | 144 +-- drivers/net/dsa/b53/b53_common.c | 92 +- drivers/net/dsa/b53/b53_priv.h | 1 drivers/net/dsa/b53/b53_regs.h | 7 drivers/net/dsa/bcm_sf2.c | 1 drivers/net/ethernet/airoha/airoha_eth.c | 23 drivers/net/ethernet/airoha/airoha_eth.h | 10 drivers/net/ethernet/airoha/airoha_ppe.c | 32 drivers/net/ethernet/airoha/airoha_regs.h | 10 drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 20 drivers/net/ethernet/chelsio/inline_crypto/ch_ipsec/chcr_ipsec.c | 18 drivers/net/ethernet/google/gve/gve_main.c | 2 drivers/net/ethernet/google/gve/gve_tx_dqo.c | 3 drivers/net/ethernet/intel/e1000/e1000_main.c | 8 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 drivers/net/ethernet/intel/iavf/iavf.h | 1 drivers/net/ethernet/intel/iavf/iavf_ethtool.c | 29 drivers/net/ethernet/intel/iavf/iavf_main.c | 300 ++----- drivers/net/ethernet/intel/iavf/iavf_virtchnl.c | 17 drivers/net/ethernet/intel/ice/ice_main.c | 47 - drivers/net/ethernet/intel/ice/ice_ptp.c | 1 drivers/net/ethernet/intel/ice/ice_sched.c | 181 +++- drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c | 9 drivers/net/ethernet/intel/idpf/idpf_txrx.c | 45 - drivers/net/ethernet/intel/idpf/idpf_txrx.h | 8 drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 2 drivers/net/ethernet/intel/idpf/idpf_virtchnl.h | 1 drivers/net/ethernet/intel/ixgbe/ixgbe_ipsec.c | 41 - drivers/net/ethernet/intel/ixgbevf/ipsec.c | 21 drivers/net/ethernet/marvell/octeontx2/af/mcs_rvu_if.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_cgx.c | 2 drivers/net/ethernet/marvell/octeontx2/af/rvu_rep.c | 2 drivers/net/ethernet/marvell/octeontx2/nic/cn10k_ipsec.c | 18 drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 4 drivers/net/ethernet/marvell/octeontx2/nic/qos_sq.c | 22 drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c | 4 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 28 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 1 drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c | 5 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 21 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/action.c | 14 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/bwc.c | 55 + drivers/net/ethernet/mellanox/mlx5/core/steering/hws/bwc.h | 9 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/definer.c | 3 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/fs_hws.c | 3 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/matcher.c | 48 - drivers/net/ethernet/mellanox/mlx5/core/steering/hws/matcher.h | 4 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws.h | 6 drivers/net/ethernet/microchip/lan743x_main.c | 15 drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 7 drivers/net/ethernet/microchip/lan966x/lan966x_main.h | 6 drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c | 49 - drivers/net/ethernet/microchip/lan966x/lan966x_switchdev.c | 1 drivers/net/ethernet/microchip/lan966x/lan966x_vlan.c | 21 drivers/net/ethernet/netronome/nfp/crypto/ipsec.c | 11 drivers/net/ethernet/stmicro/stmmac/stmmac_est.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 2 drivers/net/ethernet/ti/icssg/icssg_stats.c | 8 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 6 drivers/net/macsec.c | 40 - drivers/net/mctp/mctp-usb.c | 2 drivers/net/netconsole.c | 3 drivers/net/netdevsim/ipsec.c | 15 drivers/net/netdevsim/netdev.c | 3 drivers/net/phy/mdio_bus.c | 12 drivers/net/phy/mediatek/Kconfig | 3 drivers/net/phy/mscc/mscc_ptp.c | 20 drivers/net/phy/phy_caps.c | 18 drivers/net/phy/phy_device.c | 4 drivers/net/usb/aqc111.c | 10 drivers/net/vmxnet3/vmxnet3_drv.c | 26 drivers/net/wireguard/device.c | 1 drivers/net/wireless/ath/ath10k/snoc.c | 4 drivers/net/wireless/ath/ath11k/core.c | 37 drivers/net/wireless/ath/ath11k/core.h | 4 drivers/net/wireless/ath/ath11k/debugfs.c | 148 --- drivers/net/wireless/ath/ath11k/debugfs.h | 10 drivers/net/wireless/ath/ath11k/mac.c | 92 ++ drivers/net/wireless/ath/ath11k/mac.h | 4 drivers/net/wireless/ath/ath11k/wmi.c | 47 + drivers/net/wireless/ath/ath12k/core.c | 28 drivers/net/wireless/ath/ath12k/core.h | 19 drivers/net/wireless/ath/ath12k/debugfs.c | 4 drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c | 3 drivers/net/wireless/ath/ath12k/dp.h | 2 drivers/net/wireless/ath/ath12k/dp_mon.c | 351 +++++++- drivers/net/wireless/ath/ath12k/dp_mon.h | 4 drivers/net/wireless/ath/ath12k/dp_rx.c | 234 +++-- drivers/net/wireless/ath/ath12k/dp_rx.h | 29 drivers/net/wireless/ath/ath12k/dp_tx.c | 23 drivers/net/wireless/ath/ath12k/hal.c | 103 +- drivers/net/wireless/ath/ath12k/hal.h | 64 - drivers/net/wireless/ath/ath12k/hal_desc.h | 3 drivers/net/wireless/ath/ath12k/hal_rx.h | 15 drivers/net/wireless/ath/ath12k/hw.c | 35 drivers/net/wireless/ath/ath12k/hw.h | 12 drivers/net/wireless/ath/ath12k/mac.c | 86 +- drivers/net/wireless/ath/ath12k/mhi.c | 7 drivers/net/wireless/ath/ath12k/pci.c | 17 drivers/net/wireless/ath/ath12k/pci.h | 4 drivers/net/wireless/ath/ath12k/reg.c | 4 drivers/net/wireless/ath/ath12k/wmi.c | 39 drivers/net/wireless/ath/ath12k/wmi.h | 16 drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 1 drivers/net/wireless/intel/iwlwifi/mld/mld.c | 3 drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 2 drivers/net/wireless/marvell/mwifiex/11n.c | 6 drivers/net/wireless/mediatek/mt76/channel.c | 4 drivers/net/wireless/mediatek/mt76/mac80211.c | 6 drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 6 drivers/net/wireless/mediatek/mt76/mt7925/init.c | 2 drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 21 drivers/net/wireless/mediatek/mt76/mt7996/dma.c | 4 drivers/net/wireless/mediatek/mt76/mt7996/eeprom.c | 1 drivers/net/wireless/mediatek/mt76/mt7996/init.c | 14 drivers/net/wireless/mediatek/mt76/mt7996/main.c | 23 drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 3 drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 4 drivers/net/wireless/realtek/rtw88/coex.c | 2 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 drivers/net/wireless/realtek/rtw88/sdio.c | 10 drivers/net/wireless/realtek/rtw89/fw.c | 2 drivers/net/wireless/realtek/rtw89/pci.c | 36 drivers/net/wwan/mhi_wwan_mbim.c | 9 drivers/net/wwan/t7xx/t7xx_netdev.c | 11 drivers/nvme/host/constants.c | 2 drivers/nvme/host/core.c | 1 drivers/nvme/host/ioctl.c | 2 drivers/nvme/host/pr.c | 2 drivers/nvme/target/core.c | 9 drivers/nvme/target/fcloop.c | 31 drivers/nvme/target/io-cmd-bdev.c | 9 drivers/nvmem/zynqmp_nvmem.c | 1 drivers/of/unittest.c | 10 drivers/pci/controller/cadence/pcie-cadence-host.c | 11 drivers/pci/controller/dwc/pci-imx6.c | 47 + drivers/pci/controller/dwc/pcie-rcar-gen4.c | 1 drivers/pci/controller/pcie-apple.c | 4 drivers/pci/controller/pcie-rockchip.h | 7 drivers/pci/endpoint/pci-epf-core.c | 22 drivers/pci/hotplug/pci_hotplug_core.c | 69 + drivers/pci/hotplug/pciehp.h | 1 drivers/pci/hotplug/pciehp_core.c | 29 drivers/pci/hotplug/pciehp_hpc.c | 78 + drivers/pci/pci-acpi.c | 23 drivers/pci/pci.c | 2 drivers/pci/pci.h | 3 drivers/pci/pcie/dpc.c | 68 - drivers/pci/pwrctrl/core.c | 2 drivers/perf/amlogic/meson_ddr_pmu_core.c | 2 drivers/perf/arm-ni.c | 40 - drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 6 drivers/phy/qualcomm/phy-qcom-qusb2.c | 27 drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 13 drivers/pinctrl/mediatek/mtk-eint.c | 4 drivers/pinctrl/mediatek/mtk-eint.h | 2 drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 7 drivers/pinctrl/pinctrl-at91.c | 6 drivers/pinctrl/qcom/pinctrl-qcm2290.c | 9 drivers/pinctrl/qcom/pinctrl-qcs615.c | 2 drivers/pinctrl/qcom/pinctrl-qcs8300.c | 2 drivers/pinctrl/qcom/tlmm-test.c | 1 drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 52 - drivers/pinctrl/samsung/pinctrl-exynos.c | 260 +++--- drivers/pinctrl/samsung/pinctrl-exynos.h | 8 drivers/pinctrl/samsung/pinctrl-samsung.c | 21 drivers/pinctrl/samsung/pinctrl-samsung.h | 8 drivers/pinctrl/sunxi/pinctrl-sunxi-dt.c | 8 drivers/platform/chrome/cros_ec_typec.c | 6 drivers/power/reset/at91-reset.c | 5 drivers/power/supply/max77705_charger.c | 20 drivers/ptp/ptp_private.h | 12 drivers/regulator/max20086-regulator.c | 6 drivers/remoteproc/qcom_wcnss_iris.c | 2 drivers/remoteproc/ti_k3_dsp_remoteproc.c | 8 drivers/remoteproc/ti_k3_r5_remoteproc.c | 118 +-- drivers/rpmsg/qcom_smd.c | 2 drivers/rtc/rtc-loongson.c | 8 drivers/rtc/rtc-sh.c | 12 drivers/scsi/hisi_sas/hisi_sas_main.c | 29 drivers/scsi/lpfc/lpfc_hbadisc.c | 32 drivers/scsi/mpt3sas/mpt3sas_ctl.c | 3 drivers/scsi/qedf/qedf_main.c | 2 drivers/scsi/scsi_transport_iscsi.c | 11 drivers/scsi/smartpqi/smartpqi_init.c | 4 drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 drivers/soc/qcom/smp2p.c | 2 drivers/soundwire/generic_bandwidth_allocation.c | 7 drivers/spi/atmel-quadspi.c | 17 drivers/spi/spi-bcm63xx-hsspi.c | 2 drivers/spi/spi-bcm63xx.c | 2 drivers/spi/spi-omap2-mcspi.c | 30 drivers/spi/spi-qpic-snand.c | 44 - drivers/spi/spi-sh-msiof.c | 13 drivers/spi/spi-tegra210-quad.c | 24 drivers/staging/gpib/ines/ines_gpib.c | 2 drivers/staging/gpib/uapi/gpib_user.h | 2 drivers/staging/media/rkvdec/rkvdec.c | 10 drivers/thermal/mediatek/lvts_thermal.c | 18 drivers/thunderbolt/usb4.c | 4 drivers/tty/serial/8250/8250_omap.c | 25 drivers/tty/serial/milbeaut_usio.c | 5 drivers/tty/vt/vt_ioctl.c | 2 drivers/ufs/core/ufs-mcq.c | 6 drivers/ufs/core/ufshcd.c | 7 drivers/ufs/host/ufs-qcom.c | 92 +- drivers/usb/cdns3/cdnsp-gadget.c | 21 drivers/usb/cdns3/cdnsp-gadget.h | 4 drivers/usb/class/usbtmc.c | 17 drivers/usb/core/hub.c | 16 drivers/usb/core/usb-acpi.c | 2 drivers/usb/gadget/function/f_hid.c | 12 drivers/usb/gadget/udc/core.c | 2 drivers/usb/misc/onboard_usb_dev.c | 107 ++ drivers/usb/renesas_usbhs/common.c | 50 - drivers/usb/typec/bus.c | 2 drivers/usb/typec/tcpm/tcpci_maxim_core.c | 3 drivers/usb/typec/tcpm/tcpm.c | 91 +- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 94 +- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 14 drivers/vfio/vfio_iommu_type1.c | 2 drivers/video/backlight/qcom-wled.c | 6 drivers/video/fbdev/core/fbcvt.c | 2 drivers/virtio/virtio_pci_modern.c | 13 drivers/watchdog/exar_wdt.c | 2 drivers/watchdog/lenovo_se30_wdt.c | 2 drivers/xen/balloon.c | 13 fs/9p/vfs_addr.c | 6 fs/afs/write.c | 9 fs/btrfs/extent-io-tree.c | 6 fs/btrfs/file.c | 2 fs/btrfs/inode.c | 7 fs/btrfs/scrub.c | 34 fs/btrfs/tree-log.c | 24 fs/cachefiles/io.c | 16 fs/ceph/addr.c | 6 fs/dax.c | 2 fs/erofs/fscache.c | 6 fs/erofs/super.c | 49 + fs/f2fs/data.c | 6 fs/f2fs/f2fs.h | 46 - fs/f2fs/gc.c | 3 fs/f2fs/namei.c | 10 fs/f2fs/segment.c | 12 fs/f2fs/segment.h | 45 - fs/f2fs/super.c | 45 - fs/filesystems.c | 14 fs/gfs2/aops.c | 54 - fs/gfs2/aops.h | 3 fs/gfs2/bmap.c | 3 fs/gfs2/glock.c | 3 fs/gfs2/glops.c | 4 fs/gfs2/incore.h | 9 fs/gfs2/inode.c | 98 ++ fs/gfs2/inode.h | 1 fs/gfs2/log.c | 7 fs/gfs2/meta_io.c | 2 fs/gfs2/meta_io.h | 4 fs/gfs2/ops_fstype.c | 35 fs/gfs2/super.c | 90 -- fs/gfs2/sys.c | 1 fs/gfs2/trans.c | 21 fs/gfs2/trans.h | 2 fs/gfs2/xattr.c | 11 fs/gfs2/xattr.h | 2 fs/iomap/buffered-io.c | 2 fs/kernfs/dir.c | 5 fs/kernfs/file.c | 3 fs/mount.h | 5 fs/namespace.c | 118 +-- fs/netfs/buffered_read.c | 32 fs/netfs/buffered_write.c | 2 fs/netfs/direct_read.c | 13 fs/netfs/direct_write.c | 12 fs/netfs/fscache_io.c | 10 fs/netfs/internal.h | 42 - fs/netfs/main.c | 1 fs/netfs/misc.c | 219 +++++ fs/netfs/objects.c | 48 - fs/netfs/read_collect.c | 185 ---- fs/netfs/read_pgpriv2.c | 4 fs/netfs/read_retry.c | 26 fs/netfs/read_single.c | 6 fs/netfs/write_collect.c | 81 -- fs/netfs/write_issue.c | 38 fs/netfs/write_retry.c | 19 fs/nfs/fscache.c | 1 fs/nfs/localio.c | 45 - fs/nfs/nfs4proc.c | 32 fs/nfs/super.c | 19 fs/nfs_common/nfslocalio.c | 99 +- fs/nfsd/filecache.c | 32 fs/nfsd/filecache.h | 3 fs/nfsd/localio.c | 70 + fs/nilfs2/btree.c | 4 fs/nilfs2/direct.c | 3 fs/ntfs3/index.c | 8 fs/ntfs3/inode.c | 5 fs/ocfs2/quota_local.c | 2 fs/pidfs.c | 2 fs/pnode.c | 4 fs/smb/client/cifsproto.h | 3 fs/smb/client/cifssmb.c | 24 fs/smb/client/file.c | 19 fs/smb/client/smb2pdu.c | 4 fs/squashfs/super.c | 5 fs/xfs/xfs_aops.c | 22 fs/xfs/xfs_discard.c | 17 include/crypto/sig.h | 2 include/hyperv/hvgdk_mini.h | 2 include/kunit/clk.h | 1 include/linux/arm_sdei.h | 4 include/linux/bio.h | 2 include/linux/bpf_verifier.h | 12 include/linux/bvec.h | 7 include/linux/coresight.h | 2 include/linux/exportfs.h | 10 include/linux/fscache.h | 2 include/linux/hid.h | 3 include/linux/ieee80211.h | 79 +- include/linux/iomap.h | 5 include/linux/mdio.h | 5 include/linux/mlx5/driver.h | 1 include/linux/mm.h | 58 + include/linux/mount.h | 88 +- include/linux/netdevice.h | 10 include/linux/netfs.h | 15 include/linux/nfslocalio.h | 26 include/linux/nvme.h | 2 include/linux/overflow.h | 27 include/linux/pci-epf.h | 3 include/linux/pci.h | 8 include/linux/phy.h | 5 include/linux/pm_runtime.h | 4 include/linux/poison.h | 4 include/linux/virtio_vsock.h | 1 include/net/bluetooth/hci.h | 3 include/net/bluetooth/hci_core.h | 50 - include/net/checksum.h | 2 include/net/netfilter/nft_fib.h | 9 include/net/page_pool/types.h | 6 include/net/sock.h | 7 include/net/xfrm.h | 11 include/sound/hdaudio.h | 4 include/sound/hdaudio_ext.h | 6 include/trace/events/netfs.h | 8 include/uapi/drm/xe_drm.h | 5 include/uapi/linux/bits.h | 4 include/uapi/linux/bpf.h | 4 io_uring/fdinfo.c | 12 io_uring/io_uring.c | 18 io_uring/register.c | 7 io_uring/sqpoll.c | 43 - io_uring/sqpoll.h | 8 kernel/bpf/core.c | 29 kernel/bpf/verifier.c | 18 kernel/events/core.c | 50 - kernel/power/energy_model.c | 4 kernel/power/hibernate.c | 5 kernel/power/main.c | 3 kernel/power/power.h | 4 kernel/power/wakelock.c | 3 kernel/rcu/tree.c | 10 kernel/rcu/tree.h | 2 kernel/rcu/tree_stall.h | 4 kernel/sched/core.c | 12 kernel/sched/ext_idle.c | 8 kernel/sched/fair.c | 13 kernel/time/posix-cpu-timers.c | 9 kernel/trace/bpf_trace.c | 10 kernel/trace/ring_buffer.c | 41 - kernel/trace/trace.h | 8 kernel/trace/trace_events_hist.c | 122 ++- kernel/trace/trace_events_trigger.c | 20 lib/Kconfig.ubsan | 2 lib/iov_iter.c | 2 lib/kunit/static_stub.c | 2 lib/tests/usercopy_kunit.c | 1 mm/filemap.c | 20 mm/page_alloc.c | 8 net/9p/client.c | 6 net/bluetooth/eir.c | 17 net/bluetooth/eir.h | 2 net/bluetooth/hci_conn.c | 46 - net/bluetooth/hci_core.c | 50 - net/bluetooth/hci_event.c | 40 - net/bluetooth/hci_sync.c | 88 +- net/bluetooth/iso.c | 13 net/bluetooth/l2cap_core.c | 3 net/bluetooth/mgmt.c | 146 +-- net/bluetooth/mgmt_util.c | 34 net/bluetooth/mgmt_util.h | 4 net/bridge/netfilter/nf_conntrack_bridge.c | 12 net/core/dev.c | 2 net/core/filter.c | 5 net/core/net_namespace.c | 4 net/core/netmem_priv.h | 33 net/core/page_pool.c | 108 ++ net/core/rtnetlink.c | 2 net/core/skbuff.c | 16 net/core/skmsg.c | 53 - net/core/sock.c | 8 net/core/utils.c | 4 net/core/xdp.c | 4 net/dsa/tag_brcm.c | 2 net/ethtool/ioctl.c | 3 net/ipv4/netfilter/nft_fib_ipv4.c | 11 net/ipv4/udp_offload.c | 5 net/ipv6/ila/ila_common.c | 6 net/ipv6/netfilter.c | 12 net/ipv6/netfilter/nft_fib_ipv6.c | 17 net/ipv6/seg6_local.c | 6 net/mac80211/mlme.c | 7 net/mac80211/scan.c | 11 net/ncsi/internal.h | 21 net/ncsi/ncsi-pkt.h | 23 net/ncsi/ncsi-rsp.c | 21 net/netfilter/nf_nat_core.c | 12 net/netfilter/nft_quota.c | 20 net/netfilter/nft_set_pipapo.c | 58 + net/netfilter/nft_set_pipapo_avx2.c | 21 net/netfilter/nft_tunnel.c | 8 net/netfilter/xt_TCPOPTSTRIP.c | 4 net/netfilter/xt_mark.c | 2 net/netlabel/netlabel_kapi.c | 5 net/openvswitch/flow.c | 2 net/packet/af_packet.c | 21 net/packet/internal.h | 1 net/sched/sch_ets.c | 2 net/sched/sch_prio.c | 2 net/sched/sch_red.c | 2 net/sched/sch_sfq.c | 5 net/sched/sch_tbf.c | 2 net/sunrpc/xprtrdma/svc_rdma_transport.c | 14 net/tipc/crypto.c | 6 net/tls/tls_sw.c | 15 net/vmw_vsock/virtio_transport_common.c | 26 net/wireless/scan.c | 18 net/xfrm/xfrm_device.c | 6 net/xfrm/xfrm_state.c | 16 rust/Makefile | 14 rust/kernel/alloc/kvec.rs | 3 rust/kernel/fs/file.rs | 1 rust/kernel/list/arc.rs | 2 rust/kernel/miscdevice.rs | 2 rust/kernel/pci.rs | 15 scripts/gcc-plugins/gcc-common.h | 32 scripts/gcc-plugins/randomize_layout_plugin.c | 40 - scripts/generate_rust_analyzer.py | 13 scripts/genksyms/genksyms.c | 27 sound/core/seq_device.c | 2 sound/hda/ext/hdac_ext_controller.c | 19 sound/hda/hda_bus_type.c | 6 sound/pci/hda/hda_bind.c | 4 sound/soc/apple/mca.c | 23 sound/soc/codecs/hda.c | 4 sound/soc/codecs/tas2764.c | 5 sound/soc/intel/avs/avs.h | 4 sound/soc/intel/avs/core.c | 51 - sound/soc/intel/avs/debugfs.c | 6 sound/soc/intel/avs/ipc.c | 4 sound/soc/intel/avs/loader.c | 11 sound/soc/intel/avs/path.c | 8 sound/soc/intel/avs/pcm.c | 129 ++- sound/soc/intel/avs/registers.h | 2 sound/soc/mediatek/mt8195/mt8195-mt6359.c | 4 sound/soc/sof/amd/pci-acp70.c | 1 sound/soc/sof/ipc4-pcm.c | 3 sound/soc/ti/omap-hdmi.c | 7 sound/usb/implicit.c | 1 sound/usb/midi.c | 3 tools/arch/x86/kcpuid/kcpuid.c | 47 - tools/arch/x86/lib/x86-opcode-map.txt | 50 - tools/bpf/bpftool/cgroup.c | 2 tools/bpf/resolve_btfids/Makefile | 2 tools/build/Makefile.feature | 4 tools/include/uapi/linux/bpf.h | 4 tools/lib/bpf/bpf_core_read.h | 6 tools/lib/bpf/libbpf.c | 57 - tools/lib/bpf/libbpf_internal.h | 9 tools/lib/bpf/linker.c | 6 tools/lib/bpf/nlattr.c | 15 tools/objtool/check.c | 3 tools/perf/MANIFEST | 6 tools/perf/Makefile.config | 6 tools/perf/Makefile.perf | 3 tools/perf/builtin-record.c | 2 tools/perf/builtin-trace.c | 11 tools/perf/scripts/python/exported-sql-viewer.py | 5 tools/perf/tests/shell/lib/stat_output.sh | 5 tools/perf/tests/shell/stat+json_output.sh | 5 tools/perf/tests/switch-tracking.c | 2 tools/perf/ui/browsers/hists.c | 2 tools/perf/util/intel-pt.c | 205 +++++ tools/perf/util/machine.c | 6 tools/perf/util/pmu.c | 3 tools/perf/util/symbol-minimal.c | 160 +--- tools/perf/util/thread.c | 8 tools/perf/util/thread.h | 2 tools/perf/util/tool_pmu.c | 8 tools/power/x86/turbostat/turbostat.c | 41 - tools/testing/kunit/qemu_configs/sparc.py | 2 tools/testing/selftests/Makefile | 2 tools/testing/selftests/arm64/fp/fp-ptrace.c | 14 tools/testing/selftests/bpf/prog_tests/bpf_nf.c | 6 tools/testing/selftests/bpf/prog_tests/kmem_cache_iter.c | 2 tools/testing/selftests/bpf/progs/verifier_load_acquire.c | 40 - tools/testing/selftests/bpf/progs/verifier_store_release.c | 32 tools/testing/selftests/bpf/test_loader.c | 14 tools/testing/selftests/coredump/stackdump_test.c | 10 tools/testing/selftests/cpufreq/cpufreq.sh | 3 tools/testing/selftests/drivers/net/hw/tso.py | 4 tools/testing/selftests/seccomp/seccomp_bpf.c | 13 tools/tracing/rtla/src/timerlat_bpf.c | 1 801 files changed, 9798 insertions(+), 5378 deletions(-) Aaradhana Sahu (1): wifi: ath12k: Resolve multicast packet drop by populating key_cipher in ath12k_install_key() Aaron Kling (2): arm64: tegra: Drop remaining serial clock-names and reset-names arm64: tegra: Add uartd serial alias for Jetson TX1 module Abel Vesa (2): arm64: dts: qcom: x1e001de-devkit: Describe USB retimers resets pin configs arm64: dts: qcom: x1e001de-devkit: Fix pin config for USB0 retimer vregs Adam Ford (5): arm64: dts: imx8mm-beacon: Fix RTC capacitive load arm64: dts: imx8mn-beacon: Fix RTC capacitive load arm64: dts: imx8mp-beacon: Fix RTC capacitive load arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio Aditya Kumar Singh (2): wifi: ath12k: fix SLUB BUG - Object already free in ath12k_reg_free() wifi: ath12k: fix ATH12K_FLAG_REGISTERED flag handling Adrian Hunter (2): perf intel-pt: Fix PEBS-via-PT data_src perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Ahmed S. Darwish (2): tools/x86/kcpuid: Fix error handling x86/cpu: Sanitize CPUID(0x80000000) output Ahmed Zaki (1): iavf: fix reset_task for early reset event Al Viro (8): fs/fhandle.c: fix a race in call of has_locked_children() path_overmount(): avoid false negatives finish_automount(): don't leak MNT_LOCKED from parent to child fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns do_change_type(): refuse to operate on unmounted/not ours mounts Don't propagate mounts into detached trees do_move_mount(): split the checks in subtree-of-our-ns and entire-anon cases Aleksandrs Vinarskis (3): drm/msm/dp: Fix support of LTTPR initialization drm/msm/dp: Account for LTTPRs capabilities drm/msm/dp: Prepare for link training per-segment for LTTPRs Alexander Shiyan (1): power: reset: at91-reset: Optimize at91_reset() Alexander Sverdlin (1): counter: interrupt-cnt: Protect enable/disable OPs with mutex Alexandre Ghiti (1): ACPI: platform_profile: Avoid initializing on non-ACPI platforms Alexei Safin (1): hwmon: (asus-ec-sensors) check sensor index in read_string() Alexey Gladkov (1): mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Alexey Kodanev (1): wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Alexey Minnekhanov (3): arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning Alexis Lothoré (2): net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping net: stmmac: make sure that ptp_rate is not 0 before configuring EST Alistair Popple (1): fs/dax: Fix "don't skip locked entries when scanning entries" Alok Tiwari (3): gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO scsi: iscsi: Fix incorrect error path labels for flashnode operations Amadeusz Sławiński (1): ASoC: Intel: avs: Fix paths in MODULE_FIRMWARE hints Amir Goldstein (1): exportfs: require ->fh_to_parent() to encode connectable file handles Amir Tzin (1): net/mlx5: Fix ECVF vports unload on shutdown flow Amit Sunil Dhamne (1): usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Anand Moon (1): perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() Andre Przywara (2): arm64: dts: allwinner: a100: set maximum MMC frequency dt-bindings: vendor-prefixes: Add Liontron name Andrea Righi (1): sched_ext: idle: Skip cross-node search with !CONFIG_NUMA Andreas Gruenbacher (7): gfs2: replace sd_aspace with sd_inode gfs2: gfs2_create_inode error handling fix gfs2: Move gfs2_dinode_dealloc gfs2: Move GIF_ALLOC_FAILED check out of gfs2_ea_dealloc gfs2: deallocate inodes in gfs2_create_inode gfs2: Move gfs2_trans_add_databufs gfs2: Don't start unnecessary transactions during log flush Andrew Cooper (1): x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() Andrew Price (1): gfs2: Don't clear sb->s_fs_info in gfs2_sys_fs_add Andrey Vatoropin (1): fs/ntfs3: handle hdr_first_de() return value André Draszik (2): firmware: exynos-acpm: fix reading longer results firmware: exynos-acpm: silence EPROBE_DEFER error on boot Andy Shevchenko (1): pinctrl: at91: Fix possible out-of-boundary access Angelo Dureghello (1): iio: dac: adi-axi-dac: fix bus read AngeloGioacchino Del Regno (5): thermal/drivers/mediatek/lvts: Fix debugfs unregister on failure drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr drm/mediatek: Fix kobject put for component sub-drivers drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains Annie Li (1): x86/microcode/AMD: Do not return error when microcode update is not necessary Anton Nadezhdin (1): ice/ptp: fix crosstimestamp reporting Anton Protopopov (3): libbpf: Use proper errno value in linker bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ libbpf: Use proper errno value in nlattr Antoniu Miclaus (1): iio: adc: ad4851: fix ad4858 chan pointer handling Anubhav Shelat (2): perf trace: Always print return value for syscalls returning a pid perf trace: Set errpid to false for rseq and set_robust_list Aradhya Bhatia (1): drm/xe/guc: Make creation of SLPC debugfs files conditional Armin Wolf (2): ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" ACPI: thermal: Execute _SCP before reading trip points Arnaldo Carvalho de Melo (5): tools build: Don't set libunwind as available if test-all.c build succeeds tools build: Don't show libunwind build status as it is opt-in perf build: Warn when libdebuginfod devel files are not available tools build: Don't show libbfd build status as it is opt-in perf ui browser hists: Set actions->thread before calling do_zoom_thread() Arnd Bergmann (6): drm: xlnx: zynqmp_dpsub: fix Kconfig dependencies for ASoC iommu: ipmmu-vmsa: avoid Wformat-security warning iommu/io-pgtable-arm: dynamically allocate selftest device struct drm/xe/vsec: fix CONFIG_INTEL_VSEC dependency usb: misc: onboard_usb_dev: fix build warning for CONFIG_USB_ONBOARD_DEV_USB5744=n thermal/drivers/mediatek/lvts: Remove unused lvts_debugfs_exit Badal Nilawar (1): drm/xe/d3cold: Set power state to D3Cold during s2idle/s3 Baochen Qiang (5): wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() wifi: ath11k: don't wait when there is no vdev started wifi: ath11k: move some firmware stats related functions outside of debugfs wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 Bard Liao (1): soundwire: only compute port params in specific stream states Barnabás Czémán (1): soc: qcom: smp2p: Fix fallback to qcom,ipc parse Beleswar Padhi (1): remoteproc: k3-r5: Refactor sequential core power up/down operations Bence Csókás (2): PM: runtime: Add new devm functions spi: atmel-quadspi: Fix unbalanced pm_runtime by using devm_ API Benjamin Marzinski (7): dm: don't change md if dm_table_set_restrictions() fails dm: free table mempools if not used in __bind dm: handle failures in dm_table_set_restrictions dm: fix dm_blk_report_zones dm: limit swapping tables for devices with zone write plugs dm-flakey: error all IOs when num_features is absent dm-flakey: make corrupting read bios work Benno Lossin (1): rust: list: fix path of `assert_pinned!` Benson Leung (1): platform/chrome: cros_ec_typec: Set Pin Assignment E in DP PORT VDO Biju Das (2): drm: rcar-du: Fix memory leak in rcar_du_vsps_init() drm/tegra: rgb: Fix the unbound reference count Bjorn Helgaas (2): PCI/DPC: Initialize aer_err_info before using it PCI/DPC: Log Error Source ID only when valid Boris Brezillon (4): drm/panthor: Fix GPU_COHERENCY_ACE[_LITE] definitions drm/panthor: Call panthor_gpu_coherency_init() after PM resume() drm/panthor: Update panthor_mmu::irq::mask when needed drm/panthor: Fix the panthor_gpu_coherency_init() error path Brian Norris (1): PCI/pwrctrl: Cancel outstanding rescan work when unregistering Brian Pellegrino (1): iio: filter: admv8818: Support frequencies >= 2^32 Brian Vazquez (1): idpf: fix a race in txq wakeup Bui Quang Minh (1): selftests: net: build net/lib dependency in all target Caleb Connolly (1): ath10k: snoc: fix unbalanced IRQ enable in crash recovery Caleb Sander Mateos (1): block: flip iter directions in blk_rq_integrity_map_user() Can Guo (1): scsi: ufs: qcom: Map devfreq OPP freq to UniPro Core Clock freq Carlos Fernandez (1): macsec: MACsec SCI assignment for ES = 0 Carlos Llamas (1): libbpf: Fix implicit memfd_create() for bionic Casey Connolly (1): drm/panel: samsung-sofef00: Drop s6e3fc2x01 support Cezary Rojewski (11): ASoC: codecs: hda: Fix RPM usage count underflow ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX ALSA: hda: Allow to fetch hlink by ID ASoC: Intel: avs: PCM operations for LNL-based platforms ASoC: Intel: avs: Fix PPLCxFMT calculation ASoC: Intel: avs: Fix possible null-ptr-deref when initing hw ASoC: Intel: avs: Ignore Vendor-space manipulation for ACE ASoC: Intel: avs: Read HW capabilities when possible ASoC: Intel: avs: Relocate DSP status registers ASoC: Intel: avs: Verify kcalloc() status when setting constraints ASoC: Intel: avs: Verify content returned by parse_int_array() Chandrashekar Devegowda (2): Bluetooth: btintel_pcie: Increase the tx and rx descriptor count Bluetooth: btintel_pcie: Reduce driver buffer posting to prevent race condition Chao Yu (6): f2fs: zone: fix to avoid inconsistence in between SIT and SSA f2fs: fix to do sanity check on sbi->total_valid_block_count f2fs: clean up w/ fscrypt_is_bounce_page() f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() f2fs: zone: fix to calculate first_zoned_segno correctly f2fs: fix to skip f2fs_balance_fs() if checkpoint is disabled Charalampos Mitrodimas (1): net: tipc: fix refcount warning in tipc_aead_encrypt Charles Han (3): drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table pinctrl: qcom: tlmm-test: Fix potential null dereference in tlmm kunit test wifi: mt76: mt7996: Add NULL check in mt7996_thermal_init Chen-Yu Tsai (2): arm64: dts: mediatek: mt8188: Fix IOMMU device for rdma0 pinctrl: sunxi: dt: Consider pin base when calculating bank number from pin Chenyuan Yang (2): phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink() Chin-Yen Lee (1): wifi: rtw89: fix firmware scan delay unit for WiFi 6 chips Christian Brauner (1): gfs2: pass through holder from the VFS for freeze/thaw Christian Marangi (1): net: phy: mediatek: permit to compile test GE SOC PHY driver Christian Schrefl (1): rust: miscdevice: fix typo in MiscDevice::ioctl documentation Christoph Hellwig (1): block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work Christophe JAILLET (5): drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() net: airoha: Fix an error handling path in airoha_alloc_gdm_port() mfd: exynos-lpass: Fix an error handling path in exynos_lpass_probe() mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() Chuck Lever (1): svcrdma: Reduce the number of rdma_rw contexts per-QP Chukun Pan (2): arm64: dts: rockchip: Add missing uart3 interrupt for RK3528 arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 Corentin Labbe (1): crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Cosmin Ratiu (5): net/mlx5: Avoid using xso.real_dev unnecessarily xfrm: Use xdo.dev instead of xdo.real_dev xfrm: Add explicit dev to .xdo_dev_state_{add,delete,free} bonding: Mark active offloaded xfrm_states bonding: Fix multiple long standing offload races Cristian Ciocaltea (2): phy: rockchip: samsung-hdptx: Fix clock ratio setup phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors Damon Ding (3): drm/bridge: analogix_dp: Remove the unnecessary calls to clk_disable_unprepare() during probing drm/bridge: analogix_dp: Remove CONFIG_PM related check in analogix_dp_bind()/analogix_dp_unbind() drm/bridge: analogix_dp: Add support to get panel from the DP AUX bus Dan Carpenter (8): power: supply: max77705: Fix workqueue error handling in probe wifi: ath12k: Fix buffer overflow in debugfs of: unittest: Unlock on error in unittest_data_add() wifi: mt76: mt7925: Fix logical vs bitwise typo remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() net/mlx4_en: Prevent potential integer overflow calculating Hz regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() Daniel Wagner (1): nvmet-fcloop: access fcpreq only when holding reqlock Daniele Ceraolo Spurio (2): drm/xe/pxp: Use the correct define in the set_property_funcs array drm/xe/pxp: Clarify PXP queue creation behavior if PXP is not ready Daniele Palmas (1): net: wwan: mhi_wwan_mbim: use correct mux_id for multiplexing Daniil Tatianin (1): ACPICA: exserial: don't forget to handle FFixedHW opregions for reading Danilo Krummrich (1): rust: alloc: add missing invariant in Vec::set_len() Dapeng Mi (1): perf record: Fix incorrect --user-regs comments Dave Chinner (1): xfs: don't assume perags are initialised when trimming AGs Dave Penkler (3): staging: gpib: Fix PCMCIA config identifier staging: gpib: Fix secondary address restriction usb: usbtmc: Fix read_stb function and get_stb ioctl David Gow (1): kunit: qemu_configs: Disable faulting tests on 32-bit SPARC David Heimann (1): ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 David Hildenbrand (3): s390/uv: Don't return 0 from make_hva_secure() if the operation was not successful s390/uv: Always return 0 from s390_wiggle_split_folio() if successful s390/uv: Improve splitting of large folios that cannot be split while dirty David Howells (5): crypto/krb5: Fix change to use SG miter to use offset netfs: Fix oops in write-retry from mis-resetting the subreq iterator netfs: Fix the request's work item to not require a ref netfs: Fix wait/wake to be consistent about the waitqueue used netfs: Fix undifferentiation of DIO reads from unbuffered reads David Thompson (1): EDAC/bluefield: Don't use bluefield_edac_readl() result on error Detlev Casanova (1): media: verisilicon: Free post processor buffers on error Di Shen (1): bpf: Revert "bpf: remove unnecessary rcu_read_{lock,unlock}() in multi-uprobe attach logic" Dibin Moolakadan Subrahmanian (1): drm/i915/display: Fix u32 overflow in SNPS PHY HDMI PLL setup Dmitry Antipov (4): wifi: rtw88: do not ignore hardware read error during DPK Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() Dmitry Baryshkov (9): drm/msm/dpu: enable SmartDMA on SM8150 drm/msm/dpu: enable SmartDMA on SC8180X drm/msm/dpu: remove DSC feature bit for PINGPONG on MSM8937 drm/msm/dpu: remove DSC feature bit for PINGPONG on MSM8917 drm/msm/dpu: remove DSC feature bit for PINGPONG on MSM8953 ARM: dts: qcom: apq8064: add missing clocks to the timer node ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device ARM: dts: qcom: apq8064: move replicator out of soc node arm64: dts: qcom: qcm2290: fix (some) of QUP interconnects Dong Chenchen (1): page_pool: Fix use-after-free in page_pool_recycle_in_ring Dzmitry Sankouski (4): arm64: dts: qcom: sdm845-starqltechn: remove wifi arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake arm64: dts: qcom: sdm845-starqltechn: refactor node order arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios Eddie James (1): powerpc/crash: Fix non-smp kexec preparation Emil Tantilov (1): idpf: avoid mailbox timeout delays during reset Eric Dumazet (8): net: annotate data-races around cleanup_net_task net: prevent a NULL deref in rtnl_create_link() net_sched: sch_sfq: fix a potential crash on gso_skb handling net_sched: prio: fix a race in prio_tune() net_sched: red: fix a race in __red_change() net_sched: tbf: fix a race in tbf_change() net_sched: ets: fix a race in ets_qdisc_change() calipso: unlock rcu before returning -EAFNOSUPPORT Faicker Mo (1): net: openvswitch: Fix the dead loop of MPLS parse Feng Jiang (1): wifi: mt76: scan: Fix 'mlink' dereferenced before IS_ERR_OR_NULL check Feng Yang (1): libbpf: Fix event name too long error Fernando Fernandez Mancera (1): netfilter: nft_tunnel: fix geneve_opt dump Filipe Manana (5): btrfs: fix invalid data space release when truncating block in NOCOW mode btrfs: fix wrong start offset for delalloc space release during mmap write btrfs: exit after state insertion failure at btrfs_convert_extent_bit() btrfs: fix fsync of files with no hard links not persisting deletion btrfs: exit after state split error at set_extent_bit() Finn Thain (1): m68k: mac: Fix macintosh_config for Mac II Florian Westphal (5): netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy netfilter: nf_tables: nft_fib: consistent l3mdev handling netfilter: nf_set_pipapo_avx2: fix initial map fill netfilter: nf_nat: also check reverse tuple to obtain clashing entry Francesco Dolcini (1): Revert "wifi: mwifiex: Fix HT40 bandwidth issue." Félix Piédallu (2): spi: omap2-mcspi: Disable multi mode when CS should be kept asserted after message spi: omap2-mcspi: Disable multi-mode when the previous message kept CS asserted Gabor Juhos (2): spi: spi-qpic-snand: use kmalloc() for OOB buffer allocation spi: spi-qpic-snand: validate user/chip specific ECC properties Gabriel Dalimonte (1): drm/vc4: fix infinite EPROBE_DEFER loop Gal Pressman (1): net: ethtool: Don't check if RSS context exists in case of context 0 Gary Guo (1): rust: compile libcore with edition 2024 for 1.87+ Gaurav Batra (1): powerpc/pseries/iommu: Fix kmemleak in TCE table userspace view Gautam R A (2): RDMA/bnxt_re: Fix incorrect display of inactivity_cp in debugfs output RDMA/bnxt_re: Fix missing error handling for tx_queue Gautham R. Shenoy (1): tools/power turbostat: Fix AMD package-energy reporting Geert Uytterhoeven (4): spi: sh-msiof: Fix maximum DMA transfer size arm64: dts: renesas: white-hawk-single: Improve Ethernet TSN description HID: HID_APPLETB_KBD should depend on X86 HID: HID_APPLETB_BL should depend on X86 Greg Kroah-Hartman (5): ALSA: core: fix up bus match const issues. net: phy: fix up const issues in to_mdio_device() and to_phy_device() USB: gadget: udc: fix const issue in gadget_match_driver() USB: typec: fix const issue in typec_match() Linux 6.15.3 Gustavo A. R. Silva (1): overflow: Fix direct struct member initialization in _DEFINE_FLEX() Gustavo Luiz Duarte (1): netconsole: fix appending sysdata when sysdata_fields == SYSDATA_RELEASE Hangbin Liu (1): bonding: assign random address if device address is same as bond Hans Zhang (2): efi/libstub: Describe missing 'out' parameter in efi_load_initrd PCI: cadence: Fix runtime atomic count underflow Hans de Goede (1): mei: vsc: Cast tx_buf to (__be32 *) when passed to cpu_to_be32_array() Hao Chang (1): pinctrl: mediatek: Fix the invalid conditions Haren Myneni (1): powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Hari Kalavakunta (1): net: ncsi: Fix GCPS 64-bit member variables Hariprasad Kelam (2): octeontx2-pf: QOS: Perform cache sync on send queue teardown octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback Harry Wentland (1): drm/amd/display: Don't check for NULL divisor in fixpt code Hector Martin (2): ASoC: tas2764: Enable main IRQs PCI: apple: Use gpiod_set_value_cansleep in probe flow Heiko Stuebner (1): drm/bridge: analogix_dp: Fix clk-disable removal Henry Martin (8): clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init() wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() watchdog: lenovo_se30_wdt: Fix possible devm_ioremap() NULL pointer dereference in lenovo_se30_wdt_probe() backlight: pm8941: Add NULL check in wled_configure() dmaengine: ti: Add NULL check in udma_probe() serial: Fix potential null-ptr-deref in mlb_usio_probe() Herbert Xu (7): crypto: iaa - Do not clobber req->base.data crypto: zynqmp-sha - Add locking crypto: marvell/cesa - Handle zero-length skcipher requests crypto: marvell/cesa - Avoid empty transfer descriptor crypto: lrw - Only add ecb if it is not already there crypto: xts - Only add ecb if it is not already there crypto: api - Redo lookup on EEXIST Hongbo Li (1): erofs: fix file handle encoding for 64-bit NIDs Hongbo Yao (2): perf: arm-ni: Unregister PMUs on probe failure perf: arm-ni: Fix missing platform_set_drvdata() Horatiu Vultur (4): net: lan966x: Fix 1-step timestamping over ipv4 or ipv6 net: phy: mscc: Fix memory leak when using one step timestamping net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames net: lan966x: Make sure to insert the vlan tags also in host mode Howard Hsu (1): wifi: mt76: mt7996: fix beamformee SS field Huajian Yang (1): netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Huang Yiwei (1): firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES Ian Forbes (2): drm/vmwgfx: Add seqno waiter for sync_files drm/vmwgfx: Fix dumb buffer leak Ian Rogers (5): perf tool_pmu: Fix aggregation on duration_time perf symbol-minimal: Fix double free in filename__read_build_id perf pmu: Avoid segv for missing name/alias_name in wildcarding perf symbol: Fix use-after-free in filename__read_build_id perf callchain: Always populate the addr_location map when adding IP Ido Schimmel (1): seg6: Fix validation of nexthop addresses Ilan Peer (1): wifi: iwlfiwi: mvm: Fix the rate reporting Ilya Leoshkevich (1): s390/bpf: Store backchain even for leaf progs Imre Deak (1): drm/i915/dp_mst: Use the correct connector while computing the link BPP limit on MST Ioana Ciornei (1): bus: fsl-mc: fix double-free on mc_dev Israel Rukshin (1): virtio-pci: Fix result size returned for the admin command completion Jack Morgenstein (1): RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work Jacob Moroni (1): IB/cm: use rwlock for MAD agent lock Jaegeuk Kim (1): f2fs: clean up unnecessary indentation Jakub Kicinski (5): netlink: specs: rt-link: add missing byte-order properties netlink: specs: rt-link: decode ip6gre selftests: drv-net: tso: fix the GRE device name selftests: drv-net: tso: make bkg() wait for socat to quit net: drv: netdevsim: don't napi_complete() from netpoll Jakub Raczynski (2): net/mdiobus: Fix potential out-of-bounds read/write access net/mdiobus: Fix potential out-of-bounds clause 45 read/write access James Clark (1): perf tools: Fix arm64 source package build Jason Gunthorpe (1): iommu: Protect against overflow in iommu_pgsize() Jason-JH Lin (1): mailbox: mtk-cmdq: Refine GCE_GCTL_VALUE setting Jens Axboe (3): iomap: don't lose folio dropbehind state for overwrites mm/filemap: gate dropbehind invalidate on folio !dirty && !writeback mm/filemap: use filemap_end_dropbehind() for read invalidation Jensen Huang (1): PCI: rockchip: Fix order of rockchip_pci_core_rsts Jeongjun Park (1): ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() Jeremy Kerr (1): net: mctp: start tx queue on netdev open Jerome Brunet (2): PCI: rcar-gen4: set ep BAR4 fixed size PCI: endpoint: Retain fixed-size BAR size as well as aligned size Jesus Narvaez (2): drm/i915/guc: Check if expecting reply before decrementing outstanding_submission_g2h drm/i915/guc: Handle race condition where wakeref count drops below 0 Jianbo Liu (1): net/mlx5e: Fix leak of Geneve TLV option object Jiaqing Zhao (1): x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Jiayuan Chen (5): bpf: fix ktls panic with sockmap bpf, sockmap: fix duplicated data transmission bpf, sockmap: Fix panic when calling skb_linearize ktls, sockmap: Fix missing uncharge operation bpf, sockmap: Avoid using sk_socket after free when sending Jinjian Song (1): net: wwan: t7xx: Fix napi rx poll issue Jiri Slaby (SUSE) (2): powerpc: do not build ppc_save_regs.o always tty: serial: 8250_omap: fix TX with DMA for am33xx Jocelyn Falempe (1): drm/panic: Use a decimal fifo to avoid u64 by u64 divide Joe Damato (1): e1000: Move cancel_work_sync to avoid deadlock Joel Stanley (1): ARM: aspeed: Don't select SRAM John Stultz (1): sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks Jonas Gorski (7): net: dsa: b53: do not enable EEE on bcm63xx net: dsa: b53: do not enable RGMII delay on bcm63xx net: dsa: b53: implement setting ageing time net: dsa: b53: do not configure bcm63xx's IMP port interface net: dsa: b53: allow RGMII for bcm63xx RGMII ports net: dsa: b53: do not touch DLL_IQQD on bcm53115 net: dsa: b53: fix untagged traffic sent via cpu tagged with VID 0 Jonas Karlman (1): media: rkvdec: Fix frame size enumeration Jonathan Stroud (1): usb: misc: onboard_usb_dev: Fix usb5744 initialization sequence Jonathan Wiepert (1): Use thread-safe function pointer in libbpf_print Jose Maria Casanova Crespo (2): drm/v3d: fix client obtained from axi_ids on V3D 4.1 drm/v3d: client ranges from axi_ids are different with V3D 7.1 Jouni Högander (1): drm/i915/psr: Fix using wrong mask in REG_FIELD_PREP Julien Massot (3): ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY() arm64: dts: mt6359: Add missing 'compatible' property to regulators node arm64: dts: mt6359: Rename RTC node to match binding expectations Junhao He (1): coresight: Fixes device's owner field for registered using coresight_init_driver() Junxian Huang (1): RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h Justin Tee (1): scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk Jyothi Kumar Seerapu (1): arm64: dts: qcom: sm8750: Correct clocks property for uart14 node KONDO KAZUMA(近藤　和真) (1): fs: allow clone_private_mount() for a path on real rootfs KaFai Wan (1): bpf: Avoid __bpf_prog_ret0_warn when jit fails Kalesh AP (1): RDMA/bnxt_re: Fix return code of bnxt_re_configure_cc Karol Wachowski (1): accel/ivpu: Reorder Doorbell Unregister and Command Queue Destruction Karthikeyan Periyasamy (2): wifi: ath12k: fix NULL access in assign channel context handler wifi: ath12k: Replace band define G with GHZ where appropriate Kathiravan Thirumoorthy (2): Revert "phy: qcom-qusb2: add QUSB2 support for IPQ5424" phy: qcom-qusb2: reuse the IPQ6018 settings for IPQ5424 Kees Cook (9): ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type watchdog: exar: Shorten identity name to fit correctly drm/vkms: Adjust vkms_state->active_planes allocation type scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops Bluetooth: btintel: Check dsbr size from EFI variable ubsan: integer-overflow: depend on BROKEN to keep this out of CI randstruct: gcc-plugin: Remove bogus void member randstruct: gcc-plugin: Fix attribute addition overflow: Introduce __DEFINE_FLEX for having no initializer Keisuke Nishimura (1): drm/vmwgfx: Add error path for xa_store in vmw_bo_add_detached_resource Keith Busch (2): nvme: fix command limits status code io_uring: consistently use rcu semantics with sqpoll thread Kiran K (1): Bluetooth: btintel_pcie: Fix driver not posting maximum rx buffers Konrad Dybcio (4): drm/msm/a6xx: Disable rgb565_predicator on Adreno 7c3 arm64: dts: qcom: x1e80100-romulus: Keep L12B and L15B always on arm64: dts: qcom: msm8998: Remove mdss_hdmi_phy phandle argument arm64: dts: qcom: qcs615: Fix up UFS clocks Kornel Dulęba (1): arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX Krzysztof Kozlowski (3): arm64: dts: qcom: sa8775p: Partially revert "arm64: dts: qcom: sa8775p: add QCrypto nodes" arm64: dts: qcom: qcs8300: Partially revert "arm64: dts: qcom: qcs8300: add QCrypto nodes" arm64: dts: qcom: msm8998: Use the header with DSI phy clock IDs Kuniyuki Iwashima (1): calipso: Don't call calipso functions for AF_INET sk. Lachlan Hodges (1): wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements Lad Prabhakar (1): usb: renesas_usbhs: Reorder clock handling and power management in probe Leo Yan (2): perf tests switch-tracking: Fix timestamp comparison coresight: etm4x: Fix timestamp bit field handling Li Lingfeng (2): nfs: clear SB_RDONLY before getting superblock nfs: ignore SB_RDONLY when remounting nfs Li RongQing (1): vfio/type1: Fix error unwind in migration dirty bitmap allocation Lijuan Gao (2): pinctrl: qcom: correct the ngpios entry for QCS615 pinctrl: qcom: correct the ngpios entry for QCS8300 Liu Dalin (1): rtc: loongson: Add missing alarm notifications for ACPI RTC events Lizhi Hou (2): accel/amdxdna: Fix incorrect size of ERT_START_NPU commands accel/amdxdna: Fix incorrect PSP firmware size Lizhi Xu (1): fs/ntfs3: Add missing direct_IO in ntfs_aops_cmpr Longfang Liu (5): hisi_acc_vfio_pci: fix XQE dma address error hisi_acc_vfio_pci: add eq and aeq interruption restore hisi_acc_vfio_pci: bugfix cache write-back issue hisi_acc_vfio_pci: bugfix the problem of uninstalling driver hisi_acc_vfio_pci: bugfix live migration function without VF device driver Lorenzo Bianconi (3): bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps net: airoha: Add the capability to allocate hfwd descriptors in SRAM net: airoha: Initialize PPE UPDMEM source-mac table Louis-Alexis Eyraud (1): arm64: dts: mediatek: mt8390-genio-common: Set ssusb2 default dual role mode to host Luca Weiss (6): clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs arm64: dts: qcom: sm8350: Reenable crypto & cryptobam arm64: dts: qcom: sm8650: Fix domain-idle-state for CPU2 Lucas De Marchi (1): drm/xe/lrc: Use a temporary buffer for WA BB Luis Gerhorst (1): selftests/bpf: Fix caps for __xlated/jited_unpriv Luiz Augusto von Dentz (8): Bluetooth: ISO: Fix not using SID from adv report Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete Bluetooth: MGMT: Protect mgmt_pending list with its own lock Bluetooth: Fix NULL pointer deference on eir_get_service_data Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance Bluetooth: eir: Fix possible crashes on eir_create_adv_data Bluetooth: MGMT: Fix sparse errors Lukas Wunner (4): crypto: ecdsa - Fix enc/dec size reported by KEYCTL_PKEY_QUERY crypto: ecdsa - Fix NIST P521 key size reported by KEYCTL_PKEY_QUERY PCI: pciehp: Ignore Presence Detect Changed caused by DPC PCI: pciehp: Ignore Link Down/Up caused by Secondary Bus Reset Madhavan Srinivasan (1): powerpc/kernel: Fix ppc_save_regs inclusion in build Maharaja Kennadyrajan (2): wifi: ath12k: Prevent sending WMI commands to firmware during firmware crash wifi: ath12k: fix node corruption in ar->arvifs list Manikanta Mylavarapu (1): arm64: dts: qcom: ipq9574: fix the msi interrupt numbers of pcie3 Mao Jinlong (1): coresight: tmc: fix failure to disable/enable ETF after reading Marcus Folkesson (1): iio: adc: mcp3911: fix device dependent mappings for conversion result registers Mario Limonciello (1): thunderbolt: Fix a logic error in wake on connect Marius Cristea (1): iio: adc: PAC1934: fix typo in documentation link Mark Brown (2): arm64/fpsimd: Discard stale CPU state when handling SME traps arm64/fpsimd: Don't corrupt FPMR when streaming mode changes Mark Kettenis (1): arm64: dts: qcom: x1e80100: Mark usb_2 as dma-coherent Mark Rutland (6): arm64/fpsimd: Avoid RES0 bits in the SME trap handler arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP arm64/fpsimd: Reset FPMR upon exec() arm64/fpsimd: Fix merging of FPSIMD state during signal return arm64/fpsimd: Avoid warning when sve_to_fpsimd() is unused kselftest/arm64: fp-ptrace: Fix expected FPMR value when PSTATE.SM is changed Martin Blumenstingl (3): drm/meson: fix debug log statement when setting the HDMI clocks drm/meson: use vclk_freq instead of pixel_freq in debug print drm/meson: fix more rounding issues with 59.94Hz modes Martin Povišer (2): ASoC: tas2764: Reinit cache on part reset ASoC: apple: mca: Constrain channels according to TDM mask Masami Hiramatsu (Google) (1): x86/insn: Fix opcode map (!REX2) superscript tags Mathias Nyman (1): usb: Flush altsetting 0 endpoints before reinitializating them after reset. Matthew Auld (1): drm/xe/vm: move xe_svm_init() earlier Matthew Wilcox (Oracle) (3): bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP block: Fix bvec_set_folio() for very large folios 9p: Add a migrate_folio method Maulik Shah (1): arm64: dts: qcom: sm8750: Fix cluster hierarchy for idle states Maxime Chevallier (1): net: phy: phy_caps: Don't skip better duplex macth on non-exact match Maxime Ripard (3): drm/vc4: tests: Use return instead of assert drm/vc4: tests: Stop allocating the state in test init drm/vc4: tests: Retry pv-muxing tests when EDEADLK Maíra Canal (1): drm/v3d: Associate a V3D tech revision to all supported devices Meghana Malladi (1): net: ti: icssg-prueth: Fix swapped TX stats for MII interfaces. Miaoqian Lin (2): firmware: psci: Fix refcount leak in psci_dt_init tracing: Fix error handling in event_trigger_parse() Miaoqing Pan (1): wifi: ath12k: fix uaf in ath12k_core_init() Michael Lo (1): wifi: mt76: mt7925: ensure all MCU commands wait for response Michael Petlan (1): perf tests: Fix 'perf report' tests installation Michael Walle (1): drm/panel-simple: fix the warnings for the Evervision VGG644804 Michal Koutný (1): kernfs: Relax constraint in draining guard Michal Kubiak (3): ice: fix Tx scheduler error handling in XDP callback ice: create new Tx scheduler nodes for new queues only ice: fix rebuilding the Tx scheduler tree for large queue counts Michal Luczaj (1): net: Fix TOCTOU issue in sk_is_readable() Michal Wajdeczko (2): drm/xe/guc: Refactor GuC debugfs initialization drm/xe/guc: Don't expose GuC privileged debugfs files if VF Miguel Ojeda (3): drm/panic: clean Clippy warning rust: pci: fix docs related to missing Markdown code spans objtool/rust: relax slice condition to cover more `noreturn` Rust functions Mike Yuan (1): pidfs: never refuse ppid == 0 in PIDFD_GET_INFO Mikhail Arkhipov (1): mtd: nand: ecc-mxic: Fix use of uninitialized variable ret Ming Lei (2): loop: add file_start_write() and file_end_write() block: use q->elevator with ->elevator_lock held in elv_iosched_show() Ming Yen Hsieh (2): wifi: mt76: mt7925: prevent multiple scan commands wifi: mt76: mt7925: refine the sniffer commnad Mingcong Bai (1): ACPI: resource: fix a typo for MECHREVO in irq1_edge_low_force_override[] Mirco Barone (1): wireguard: device: enable threaded NAPI Miri Korenblit (2): wifi: iwlwifi: re-add IWL_AMSDU_8K case wifi: iwlwifi: mld: avoid panic on init failure Moshe Shemesh (1): net/mlx5: Ensure fw pages are always allocated on same NUMA Murad Masimov (1): ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery Nam Cao (3): selftests: coredump: Properly initialize pointer selftests: coredump: Fix test failure for slow machines selftests: coredump: Raise timeout to 2 minutes Namhyung Kim (2): perf trace: Fix leaks of 'struct thread' in fprintf_sys_enter() perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids() Neil Armstrong (4): arm64: dts: qcom: sm8650: setup gpu thermal with higher temperatures arm64: dts: qcom: sm8550: use ICC tag for all interconnect phandles arm64: dts: qcom: sm8550: add missing cpu-cfg interconnect path in the mdss node arm64: dts: qcom: sm8650: add missing cpu-cfg interconnect path in the mdss node NeilBrown (7): nfs: fix incorrect handling of large-number NFS errors in nfs4_do_mkdir() nfs_localio: use cmpxchg() to install new nfs_file_localio nfs_localio: always hold nfsd net ref with nfsd_file ref nfs_localio: simplify interface to nfsd for getting nfsd_file nfs_localio: duplicate nfs_close_local_fh() nfs_localio: protect race between nfs_uuid_put() and nfs_close_local_fh() nfs_localio: change nfsd_file_put_local() to take a pointer to __rcu pointer Neill Kapron (1): selftests/seccomp: fix syscall_restart test for arm compat Nicolas Dufresne (2): media: synopsys: hdmirx: Renamed frame_idx to sequence media: synopsys: hdmirx: Count dropped frames Nicolas Frattaroli (1): drm/connector: only call HDMI audio helper plugged cb if non-null Nicolas Pitre (1): vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Nikita Zhandarovich (1): net: usb: aqc111: fix error handling of usbnet read calls Nitesh Shetty (1): iov_iter: use iov_offset for length calculation in iov_iter_aligned_bvec Nitin Rawat (1): scsi: ufs: qcom: Prevent calling phy_exit() before phy_init() Nylon Chen (1): riscv: misaligned: fix sleeping function called during misaligned access handling Nícolas F. R. A. Prado (3): kselftest: cpufreq: Get rid of double suspend in rtcwake case arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles regulator: dt-bindings: mt6357: Drop fixed compatible requirement Oleg Nesterov (1): posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Oliver Neukum (1): net: usb: aqc111: debug info before sanitation Ovidiu Panait (4): crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run() crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() crypto: sun8i-ce - undo runtime PM changes during driver removal crypto: sun8i-ce - move fallback ahash_request to the end of the struct P Praneesh (12): wifi: ath12k: Fix memory leak during vdev_id mismatch wifi: ath12k: Fix memory corruption during MLO multicast tx wifi: ath12k: Fix invalid memory access while forming 802.11 header wifi: ath12k: Handle error cases during extended skb allocation wifi: ath12k: Add MSDU length validation for TKIP MIC error wifi: ath12k: Add extra TLV tag parsing support in monitor Rx path wifi: ath12k: Avoid fetch Error bitmap and decap format from Rx TLV wifi: ath12k: change the status update in the monitor Rx wifi: ath12k: add rx_info to capture required field from rx descriptor wifi: ath12k: replace the usage of rx desc with rx_info wifi: ath12k: Fix invalid RSSI values in station dump wifi: ath12k: refactor ath12k_hw_regs structure Pablo Neira Ayuso (1): netfilter: nft_set_pipapo: prevent overflow in lookup table allocation Pali Rohár (1): cifs: Fix validation of SMB1 query reparse point response Patrisious Haddad (2): RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction net/mlx5: Fix return value when searching for existing flow group Paul Chaignon (3): net: Fix checksum update for ILA adj-transport bpf: Clarify the meaning of BPF_F_PSEUDO_HDR bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE Pauli Virtanen (2): Bluetooth: separate CIS_LINK and BIS_LINK link types Bluetooth: hci_core: fix list_for_each_entry_rcu usage Paulo Alcantara (2): netfs: Fix setting of transferred bytes with short DIO reads smb: client: fix perf regression with deferred closes Pavel Begunkov (2): nvme: fix implicit bool to flags conversion io_uring: fix spurious drain flushing Pawel Laszczak (2): usb: cdnsp: Fix issue with detecting command completion event usb: cdnsp: Fix issue with detecting USB 3.2 speed Peilin Ye (1): selftests/bpf: Avoid passing out-of-range values to __retval() Pekka Ristola (1): rust: file: mark `LocalFile` as `repr(transparent)` Peng Fan (1): mailbox: imx: Fix TXDB_V2 sending Penglei Jiang (1): io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() Pengyu Luo (1): arm64: dts: qcom: sm8650: add the missing l2 cache node Peter Chiu (2): wifi: mt76: mt7996: set EHT max ampdu length capability wifi: mt76: mt7996: fix invalid NSS setting when TX path differs from NSS Peter Griffin (3): pinctrl: samsung: refactor drvdata suspend & resume callbacks pinctrl: samsung: add dedicated SoC eint suspend/resume callbacks pinctrl: samsung: add gs101 specific eint suspend/resume callbacks Peter Korsgaard (1): nvmem: zynqmp_nvmem: unbreak driver after cleanup Peter Robinson (2): arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c arm64: dts: rockchip: Update eMMC for NanoPi R5 series Peter Zijlstra (2): sched: Fix trace_sched_switch(.prev_state) perf: Ensure bpf_perf_link path is properly serialized Petr Pavlu (1): genksyms: Fix enum consts from a reference affecting new values Phillip Lougher (1): Squashfs: check return result of sb_min_blocksize Pin-yen Lin (1): arm64: dts: mt8183: Add port node to mt8183.dtsi Ping-Ke Shih (2): wifi: rtw89: pci: configure manual DAC mode via PCI config API only wifi: rtw89: pci: enlarge retry times of RX tag to 1000 Prasanth Babu Mantena (1): arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E Przemek Kitszel (6): iavf: iavf_suspend(): take RTNL before netdev_lock() iavf: centralize watchdog requeueing itself iavf: simplify watchdog_task in terms of adminq task scheduling iavf: extract iavf_watchdog_step() out of iavf_watchdog_task() iavf: sprinkle netdev_assert_locked() annotations iavf: get rid of the crit lock Qasim Ijaz (4): wifi: mt76: mt7996: prevent uninit return in mt7996_mac_sta_add_links wifi: mt76: mt7996: avoid NULL pointer dereference in mt7996_set_monitor() wifi: mt76: mt7996: avoid null deref in mt7996_stop_phy() fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() Qing Wang (1): perf/core: Fix broken throttling when max_samples_per_tick=1 Qinxin Xia (1): iommu/arm-smmu-v3: Fix incorrect return in arm_smmu_attach_dev Qiuxu Zhuo (2): EDAC/skx_common: Fix general protection fault EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0 Qu Wenruo (2): btrfs: scrub: update device stats when an error is detected btrfs: scrub: fix a wrong error type when metadata bytenr mismatches Quentin Schulz (3): arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou net: stmmac: platform: guarantee uniqueness of bus_id RD Babiera (1): usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work Radim Krčmář (1): RISC-V: KVM: lock the correct mp_state during reset Rafael J. Wysocki (2): PM: sleep: Print PM debug messages during hibernation PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Raj Kumar Bhagat (1): wifi: ath12k: fix cleanup path after mhi init Rajat Soni (1): wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Ramasamy Kaliappan (1): wifi: ath12k: Fix the QoS control field offset to build QoS header Rameshkumar Sundaram (1): wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers Ramya Gnanasekar (1): wifi: ath12k: Fix WMI tag for EHT rate in peer assoc Richard Fitzgerald (1): clk: test: Forward-declare struct of_phandle_args in kunit/clk.h Richard Zhu (1): PCI: imx6: Save and restore the LUT setting during suspend/resume for i.MX95 SoC Ritesh Harjani (IBM) (1): powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap Rob Herring (Arm) (1): dt-bindings: soc: fsl,qman-fqd: Fix reserved-memory.yaml reference Robert Malz (2): i40e: return false from i40e_reset_vf if reset is in progress i40e: retry VFLR handling if there is ongoing VF reset Robin Murphy (1): bus: fsl_mc: Fix driver_managed_dma check Rodrigo Gobbi (1): wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready Rodrigo Vivi (2): drm/xe: Make xe_gt_freq part of the Documentation drm/xe: Add missing documentation of rpa_freq Roger Pau Monne (1): xen/x86: fix initial memory balloon target Rolf Eike Beer (1): iommu: remove duplicate selection of DMAR_TABLE Roman Kisel (1): x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() Ronak Doshi (1): vmxnet3: correctly report gso type for UDP tunnels Roxana Nicolescu (2): misc: lis3lv02d: Fix correct sysfs directory path for lis3lv02d char: tlclk: Fix correct sysfs directory path for tlclk Ryusuke Konishi (1): nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Saket Kumar Bhaskar (1): selftests/bpf: Fix bpf_nf selftest failure Sam Winchenbach (3): iio: filter: admv8818: fix band 4, state 15 iio: filter: admv8818: fix integer overflow iio: filter: admv8818: fix range calculation Sandipan Das (2): perf/x86/amd/uncore: Remove unused 'struct amd_uncore_ctx::node' member perf/x86/amd/uncore: Prevent UMC counters from saturating Sanjeev Yadav (1): scsi: core: ufs: Fix a hang in the error handler Sarika Sharma (1): wifi: ath12k: fix invalid access to memory Sean Christopherson (1): x86/irq: Ensure initial PIR loads are performed exactly once Sergey Shtylyov (1): fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Shahar Shitrit (1): net/mlx5e: Fix number of lanes to UNKNOWN when using data_rate_oper Shayne Chen (2): wifi: mt76: mt7996: fix RX buffer size of MCU event wifi: mt76: fix available_antennas setting Sheng Yong (1): erofs: avoid using multiple devices with different type Shiming Cheng (1): net: fix udp gso skb_segment after pull from frag_list Shivasharan S (1): scsi: mpt3sas: Fix _ctl_get_mpt_mctp_passthru_adapter() to return IOC pointer Siddharth Vadapalli (2): remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick} remoteproc: k3-dsp: Drop check performed in k3_dsp_rproc_{mbox_callback/kick} Srinivasan Shanmugam (1): drm/amdgpu: Refine Cleaner Shader MEC firmware version for GFX10.1.x GPUs Stanislav Fomichev (1): af_packet: move notifier's packet_dev_mc out of rcu critical section Stefan Wahren (1): drm/vc4: hdmi: Call HDMI hotplug helper on disconnect Stefano Garzarella (1): vsock/virtio: fix `rx_bytes` accounting for stream sockets Stefano Stabellini (1): xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Stephan Gerhold (1): arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies Stephen Brennan (1): fs: convert mount flags to enum Steven Rostedt (4): tracing: Move histogram trigger variables from stack to per CPU structure tracing: Rename event_trigger_alloc() to trigger_data_alloc() ring-buffer: Do not trigger WARN_ON() due to a commit_overrun ring-buffer: Move cpus_read_lock() outside of buffer->mutex Stone Zhang (1): wifi: ath11k: fix node corruption in ar->arvifs list Su Hui (1): soc: aspeed: lpc: Fix impossible judgment condition Subbaraya Sundeep (1): octeontx2-af: Send Link events one by one Suleiman Souhlal (1): tools/resolve_btfids: Fix build when cross compiling kernel with clang. Suraj Gupta (1): net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit T.J. Mercier (1): selftests/bpf: Fix kmem_cache iterator draining Takashi Iwai (1): ALSA: usb-audio: Kill timer properly at removal Tao Chen (4): bpf: Check link_create.flags parameter for multi_kprobe bpf: Check link_create.flags parameter for multi_uprobe libbpf: Remove sample_period init in perf_buffer bpf: Fix WARN() in get_bpf_raw_tp_regs Tengteng Yang (1): Fix sock_exceed_buf_limit not being triggered in __sk_mem_raise_allocated Terry Junge (1): HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Terry Tritton (1): selftests/seccomp: fix negative_ENOSYS tracer tests on arm32 Thangaraj Samynathan (2): net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy net: lan743x: Fix PHY reset handling during initialization and WOL Thomas Gleixner (1): x86/iopl: Cure TIF_IO_BITMAP inconsistencies Thomas Hellström (1): drm/xe: Rework eviction rejection of bound external bos Thomas Richter (1): perf tests metric-only perf stat: Fix tests 84 and 86 s390 Thomas Weißschuh (3): kunit: qemu_configs: sparc: Explicitly enable CONFIG_SPARC32=y kunit/usercopy: Disable u64 test on 32-bit SPARC uapi: bitops: use UAPI-safe variant of BITS_PER_LONG again Thorsten Blum (1): ASoC: Intel: avs: Fix kcalloc() sizes Thuan Nguyen (1): arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups Tingguo Cheng (1): arm64: dts: qcom: qcs615: remove disallowed property in spmi bus node Toke Høiland-Jørgensen (3): page_pool: Move pp_magic check into helper functions page_pool: Track DMA-mapped pages and unmap them when destroying the pool wifi: ath9k_htc: Abort software beacon handling if disabled Tomas Glozar (1): rtla: Define _GNU_SOURCE in timerlat_bpf.c Tzung-Bi Shih (1): kunit: Fix wrong parameter to kunit_deactivate_static_stub() Uwe Kleine-König (1): iio: adc: ad7124: Fix 3dB filter frequency reading Varadarajan Narayanan (1): arm64: dts: qcom: ipq9574: Fix USB vdd info Vignesh Raman (2): drm/ci: fix merge request rules arm64: defconfig: mediatek: enable PHY drivers Vijendar Mukunda (1): ASoC: SOF: amd: add missing acp descriptor field Viktor Malik (1): libbpf: Fix buffer overflow in bpf_object__init_prog Vincent Knecht (1): clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Vishwaroop A (3): spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers spi: tegra210-quad: remove redundant error handling code spi: tegra210-quad: modify chip select (CS) deactivation Vitaly Prosyak (1): drm/amdgpu/gfx10: Refine Cleaner Shader for GFX10.1.10 Vlad Dogaru (2): net/mlx5: HWS, Fix matcher action template attach net/mlx5: HWS, make sure the uplink is the last destination Vlad Dumitrescu (1): IB/cm: Drop lockdep assert and WARN when freeing old msg WangYuli (1): MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Wei Fang (1): net: phy: clear phydev->devlink when the link is deleted Wentao Guan (1): HID: intel-thc-hid: intel-quicki2c: pass correct arguments to acpi_evaluate_object Wentao Liang (1): nilfs2: add pointer check for nilfs_direct_propagate() Wilfred Mallawa (1): PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() Wojciech Slenska (1): pinctrl: qcom: pinctrl-qcm2290: Add missing pins Wolfram Sang (3): ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select ARM: dts: at91: at91sam9263: fix NAND chip selects rtc: sh: assign correct interrupts with DT Wupeng Ma (1): VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Xilin Wu (1): arm64: dts: qcom: sm8250: Fix CPU7 opp table Xin Li (Intel) (1): x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler Xuewen Yan (1): sched/fair: Fixup wake_up_sync() vs DELAYED_DEQUEUE Yabin Cui (2): coresight: catu: Introduce refcount and spinlock for enabling/disabling coresight: core: Disable helpers for devices that fail to enable Yanqing Wang (1): driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Yaxiong Tian (1): PM: EM: Fix potential division-by-zero error in em_compute_costs() Yeoreum Yun (3): coresight/etm4: fix missing disable active config coresight: holding cscfg_csdev_lock while removing cscfg from csdev coresight: prevent deactivate active config while enabling the config Yevgeny Kliteynik (1): net/mlx5: HWS, fix missing ip_version handling in definer Yi Zhang (1): scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels YiFei Zhu (1): bpftool: Fix regression of "bpftool cgroup tree" EINVAL on older kernels Yihang Li (1): scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk Yingying Tang (1): wifi: ath12k: Reorder and relocate the release of resources in ath12k_core_deinit() Yonghong Song (1): bpf: Do not include stack ptr register in precision backtracking bookkeeping Yongliang Gao (1): rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture Yongting Lin (1): um: Fix tgkill compile error on old host OSes Yu Kuai (3): brd: fix aligned_sector from brd_do_discard() brd: fix discard end sector md/raid1,raid10: don't handle IO error for REQ_RAHEAD and REQ_NOWAIT Yue Haibing (1): mailbox: mchp-ipc-sbi: Fix COMPILE_TEST build error Yunhui Cui (1): ACPI: CPPC: Fix NULL pointer dereference when nosmp is used Yuuki NAGAO (1): ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init Zhe Qiao (1): PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root() Zhen XIN (2): wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally Zhiguo Niu (2): f2fs: use d_inode(dentry) cleanup dentry->d_inode f2fs: fix to correct check conditions in f2fs_cross_rename Zhongqiu Duan (1): netfilter: nft_quota: match correctly when the quota just depleted Zhu Yanjun (1): RDMA/rxe: Fix "trying to register non-static key in rxe_qp_do_cleanup" bug Zijun Hu (2): PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() fs/filesystems: Fix potential unsigned integer underflow in fs_name() Ziqi Chen (1): scsi: ufs: qcom: Check gear against max gear in vop freq_to_gear() Zizhi Wo (1): blk-throttle: Fix wrong tg->[bytes/io]_disp update in __tg_update_carryover() ping.gao (1): scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() yohan.joung (1): f2fs: prevent the current section from being selected as a victim during GC Álvaro Fernández Rojas (3): spi: bcm63xx-spi: fix shared reset spi: bcm63xx-hsspi: fix shared reset net: dsa: tag_brcm: legacy: fix pskb_may_pull length

1 week, 4 days

1
1
0 0

Linux 6.12.34

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.34 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/pwm/adi,axi-pwmgen.yaml | 21 Documentation/devicetree/bindings/pwm/brcm,bcm7038-pwm.yaml | 8 Documentation/devicetree/bindings/pwm/brcm,kona-pwm.yaml | 8 Documentation/devicetree/bindings/regulator/mediatek,mt6357-regulator.yaml | 12 Documentation/devicetree/bindings/soc/fsl/fsl,qman-fqd.yaml | 4 Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 Documentation/gpu/xe/index.rst | 1 Documentation/gpu/xe/xe_gt_freq.rst | 14 Makefile | 2 arch/arm/boot/dts/microchip/at91sam9263ek.dts | 2 arch/arm/boot/dts/microchip/tny_a9263.dts | 2 arch/arm/boot/dts/microchip/usb_a9263.dts | 4 arch/arm/boot/dts/qcom/qcom-apq8064.dtsi | 82 +- arch/arm/mach-aspeed/Kconfig | 1 arch/arm64/Kconfig | 6 arch/arm64/boot/dts/freescale/imx8mm-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mp-beacon-som.dtsi | 1 arch/arm64/boot/dts/mediatek/mt6357.dtsi | 10 arch/arm64/boot/dts/mediatek/mt6359.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 10 arch/arm64/boot/dts/mediatek/mt8183.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 50 - arch/arm64/boot/dts/nvidia/tegra186.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra194.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra210-p2180.dtsi | 1 arch/arm64/boot/dts/qcom/ipq9574-rdp-common.dtsi | 11 arch/arm64/boot/dts/qcom/qcm2290.dtsi | 16 arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 3 arch/arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 arch/arm64/boot/dts/qcom/sdm660-xiaomi-lavender.dts | 3 arch/arm64/boot/dts/qcom/sdm845-samsung-starqltechn.dts | 16 arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 arch/arm64/boot/dts/qcom/sm8350.dtsi | 6 arch/arm64/boot/dts/qcom/sm8650.dtsi | 71 +- arch/arm64/boot/dts/qcom/x1e80100-microsoft-romulus.dtsi | 2 arch/arm64/boot/dts/qcom/x1e80100.dtsi | 299 +++++----- arch/arm64/boot/dts/renesas/r8a779g0-white-hawk-ard-audio-da7212.dtso | 2 arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 arch/arm64/boot/dts/rockchip/rk3566-rock-3c.dts | 1 arch/arm64/boot/dts/rockchip/rk3568-nanopi-r5s.dtsi | 5 arch/arm64/boot/dts/rockchip/rk3588-base.dtsi | 15 arch/arm64/boot/dts/ti/k3-j721e-common-proc-board.dts | 1 arch/arm64/configs/defconfig | 3 arch/arm64/include/asm/esr.h | 14 arch/arm64/include/asm/fpsimd.h | 3 arch/arm64/kernel/entry-common.c | 46 + arch/arm64/kernel/fpsimd.c | 36 - arch/arm64/xen/hypercall.S | 21 arch/m68k/mac/config.c | 2 arch/mips/boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 arch/powerpc/kernel/Makefile | 2 arch/powerpc/kexec/crash.c | 5 arch/powerpc/platforms/book3s/vas-api.c | 9 arch/powerpc/platforms/powernv/memtrace.c | 8 arch/powerpc/platforms/pseries/iommu.c | 2 arch/riscv/kernel/traps_misaligned.c | 4 arch/riscv/kvm/vcpu_sbi.c | 4 arch/s390/net/bpf_jit_comp.c | 12 arch/x86/events/amd/uncore.c | 36 + arch/x86/include/asm/mwait.h | 9 arch/x86/include/asm/sighandling.h | 22 arch/x86/kernel/cpu/common.c | 17 arch/x86/kernel/cpu/microcode/core.c | 2 arch/x86/kernel/cpu/mtrr/generic.c | 2 arch/x86/kernel/ioport.c | 13 arch/x86/kernel/irq.c | 2 arch/x86/kernel/process.c | 15 arch/x86/kernel/signal_32.c | 4 arch/x86/kernel/signal_64.c | 4 arch/x86/lib/x86-opcode-map.txt | 50 - block/blk-zoned.c | 7 block/elevator.c | 3 crypto/api.c | 13 crypto/lrw.c | 4 crypto/xts.c | 4 drivers/acpi/acpica/exserial.c | 6 drivers/acpi/apei/Kconfig | 1 drivers/acpi/apei/ghes.c | 2 drivers/acpi/cppc_acpi.c | 2 drivers/acpi/osi.c | 1 drivers/acpi/resource.c | 2 drivers/base/power/main.c | 3 drivers/block/brd.c | 11 drivers/block/loop.c | 8 drivers/bluetooth/btintel.c | 10 drivers/bluetooth/btintel_pcie.c | 31 - drivers/bluetooth/btintel_pcie.h | 10 drivers/bus/fsl-mc/fsl-mc-bus.c | 6 drivers/clk/bcm/clk-raspberrypi.c | 2 drivers/clk/qcom/camcc-sm6350.c | 18 drivers/clk/qcom/dispcc-sm6350.c | 3 drivers/clk/qcom/gcc-msm8939.c | 4 drivers/clk/qcom/gcc-sm6350.c | 6 drivers/clk/qcom/gpucc-sm6350.c | 6 drivers/counter/interrupt-cnt.c | 9 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 7 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-core.c | 17 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 34 - drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 drivers/crypto/marvell/cesa/cipher.c | 3 drivers/crypto/marvell/cesa/hash.c | 2 drivers/dma/ti/k3-udma.c | 3 drivers/edac/i10nm_base.c | 35 - drivers/edac/skx_common.c | 1 drivers/edac/skx_common.h | 11 drivers/firmware/Kconfig | 1 drivers/firmware/arm_sdei.c | 11 drivers/firmware/efi/libstub/efi-stub-helper.c | 1 drivers/firmware/psci/psci.c | 4 drivers/fpga/tests/fpga-mgr-test.c | 1 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 8 drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 drivers/gpu/drm/i915/display/intel_psr_regs.h | 4 drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c | 19 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 31 - drivers/gpu/drm/meson/meson_drv.c | 2 drivers/gpu/drm/meson/meson_drv.h | 2 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 29 drivers/gpu/drm/meson/meson_vclk.c | 226 ++++--- drivers/gpu/drm/meson/meson_vclk.h | 13 drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 1 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_0_sm8150.h | 16 drivers/gpu/drm/msm/disp/dpu1/catalog/dpu_5_1_sc8180x.h | 16 drivers/gpu/drm/panel/panel-samsung-sofef00.c | 34 - drivers/gpu/drm/panel/panel-simple.c | 5 drivers/gpu/drm/panthor/panthor_mmu.c | 1 drivers/gpu/drm/panthor/panthor_regs.h | 4 drivers/gpu/drm/renesas/rcar-du/rcar_du_kms.c | 10 drivers/gpu/drm/tegra/rgb.c | 14 drivers/gpu/drm/vc4/tests/vc4_mock_output.c | 36 - drivers/gpu/drm/vkms/vkms_crtc.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 10 drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 34 - drivers/gpu/drm/xe/xe_gt_freq.c | 2 drivers/gpu/drm/xe/xe_pci.c | 1 drivers/hid/hid-hyperv.c | 4 drivers/hid/usbhid/hid-core.c | 25 drivers/hwmon/asus-ec-sensors.c | 4 drivers/hwtracing/coresight/coresight-catu.c | 27 drivers/hwtracing/coresight/coresight-catu.h | 1 drivers/hwtracing/coresight/coresight-config.h | 2 drivers/hwtracing/coresight/coresight-core.c | 6 drivers/hwtracing/coresight/coresight-cpu-debug.c | 3 drivers/hwtracing/coresight/coresight-funnel.c | 3 drivers/hwtracing/coresight/coresight-replicator.c | 3 drivers/hwtracing/coresight/coresight-stm.c | 2 drivers/hwtracing/coresight/coresight-syscfg.c | 49 + drivers/hwtracing/coresight/coresight-tmc-core.c | 2 drivers/hwtracing/coresight/coresight-tpiu.c | 2 drivers/iio/adc/ad7124.c | 4 drivers/iio/adc/mcp3911.c | 39 + drivers/iio/adc/pac1934.c | 2 drivers/iio/filter/admv8818.c | 224 +++++-- drivers/infiniband/core/cm.c | 16 drivers/infiniband/core/cma.c | 3 drivers/infiniband/hw/hns/hns_roce_ah.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 drivers/infiniband/hw/hns/hns_roce_main.c | 1 drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 drivers/infiniband/hw/mlx5/qpc.c | 30 - drivers/input/rmi4/rmi_f34.c | 135 ++-- drivers/iommu/Kconfig | 1 drivers/iommu/iommu.c | 4 drivers/mailbox/imx-mailbox.c | 21 drivers/mailbox/mtk-cmdq-mailbox.c | 51 - drivers/md/dm-core.h | 1 drivers/md/dm-flakey.c | 70 +- drivers/md/dm-zone.c | 25 drivers/md/dm.c | 30 - drivers/media/platform/verisilicon/hantro_postproc.c | 4 drivers/mfd/exynos-lpass.c | 6 drivers/mfd/stmpe-spi.c | 2 drivers/misc/mei/vsc-tp.c | 4 drivers/misc/vmw_vmci/vmci_host.c | 11 drivers/mmc/host/sdhci-of-dwcmshc.c | 40 + drivers/mtd/nand/ecc-mxic.c | 2 drivers/net/bonding/bond_main.c | 25 drivers/net/dsa/b53/b53_common.c | 37 - drivers/net/ethernet/google/gve/gve_main.c | 2 drivers/net/ethernet/google/gve/gve_tx_dqo.c | 3 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 drivers/net/ethernet/intel/ice/ice_main.c | 47 + drivers/net/ethernet/intel/ice/ice_sched.c | 181 ++++-- drivers/net/ethernet/intel/idpf/idpf_lib.c | 18 drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c | 9 drivers/net/ethernet/intel/idpf/idpf_txrx.c | 45 - drivers/net/ethernet/intel/idpf/idpf_txrx.h | 8 drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 2 drivers/net/ethernet/intel/idpf/idpf_virtchnl.h | 1 drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 4 drivers/net/ethernet/marvell/octeontx2/nic/qos_sq.c | 22 drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c | 4 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 18 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.h | 1 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 21 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 drivers/net/ethernet/mellanox/mlx5/core/steering/hws/mlx5hws_definer.c | 3 drivers/net/ethernet/microchip/lan743x_main.c | 15 drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 7 drivers/net/ethernet/microchip/lan966x/lan966x_main.h | 6 drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c | 49 + drivers/net/ethernet/microchip/lan966x/lan966x_switchdev.c | 1 drivers/net/ethernet/microchip/lan966x/lan966x_vlan.c | 21 drivers/net/ethernet/stmicro/stmmac/stmmac_est.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 2 drivers/net/ethernet/ti/icssg/icssg_stats.c | 8 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 6 drivers/net/macsec.c | 40 + drivers/net/netdevsim/netdev.c | 3 drivers/net/phy/mdio_bus.c | 12 drivers/net/phy/mscc/mscc_ptp.c | 20 drivers/net/phy/phy_device.c | 4 drivers/net/usb/aqc111.c | 10 drivers/net/vmxnet3/vmxnet3_drv.c | 26 drivers/net/wireguard/device.c | 1 drivers/net/wireless/ath/ath10k/snoc.c | 4 drivers/net/wireless/ath/ath11k/core.c | 37 - drivers/net/wireless/ath/ath11k/core.h | 4 drivers/net/wireless/ath/ath11k/debugfs.c | 148 ---- drivers/net/wireless/ath/ath11k/debugfs.h | 10 drivers/net/wireless/ath/ath11k/mac.c | 92 ++- drivers/net/wireless/ath/ath11k/mac.h | 4 drivers/net/wireless/ath/ath11k/wmi.c | 47 + drivers/net/wireless/ath/ath12k/core.c | 8 drivers/net/wireless/ath/ath12k/debugfs_htt_stats.c | 3 drivers/net/wireless/ath/ath12k/dp_rx.c | 54 - drivers/net/wireless/ath/ath12k/dp_tx.c | 1 drivers/net/wireless/ath/ath12k/hal.c | 103 +-- drivers/net/wireless/ath/ath12k/hal.h | 64 +- drivers/net/wireless/ath/ath12k/hal_desc.h | 3 drivers/net/wireless/ath/ath12k/hw.c | 35 + drivers/net/wireless/ath/ath12k/hw.h | 12 drivers/net/wireless/ath/ath12k/pci.c | 12 drivers/net/wireless/ath/ath12k/pci.h | 4 drivers/net/wireless/ath/ath12k/wmi.c | 3 drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 drivers/net/wireless/intel/iwlwifi/mvm/rs.c | 2 drivers/net/wireless/marvell/mwifiex/11n.c | 6 drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 6 drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 21 drivers/net/wireless/mediatek/mt76/mt7996/dma.c | 4 drivers/net/wireless/mediatek/mt76/mt7996/init.c | 3 drivers/net/wireless/mediatek/mt76/mt7996/mmio.c | 3 drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 drivers/net/wireless/realtek/rtw88/coex.c | 2 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 drivers/net/wireless/realtek/rtw88/sdio.c | 10 drivers/net/wireless/realtek/rtw89/fw.c | 2 drivers/net/wireless/realtek/rtw89/pci.c | 2 drivers/net/wwan/mhi_wwan_mbim.c | 9 drivers/net/wwan/t7xx/t7xx_netdev.c | 11 drivers/nvme/host/constants.c | 2 drivers/nvme/host/core.c | 1 drivers/nvme/host/pr.c | 2 drivers/nvme/target/core.c | 9 drivers/nvme/target/fcloop.c | 31 - drivers/nvme/target/io-cmd-bdev.c | 9 drivers/nvmem/zynqmp_nvmem.c | 1 drivers/of/unittest.c | 10 drivers/pci/controller/cadence/pcie-cadence-host.c | 11 drivers/pci/controller/dwc/pcie-rcar-gen4.c | 1 drivers/pci/controller/pcie-apple.c | 4 drivers/pci/endpoint/pci-epf-core.c | 22 drivers/pci/pci-acpi.c | 23 drivers/pci/pci.c | 2 drivers/pci/pcie/dpc.c | 68 +- drivers/perf/amlogic/meson_ddr_pmu_core.c | 2 drivers/perf/arm-ni.c | 40 - drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 6 drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 13 drivers/pinctrl/pinctrl-at91.c | 6 drivers/pinctrl/qcom/pinctrl-qcm2290.c | 9 drivers/pinctrl/samsung/pinctrl-exynos-arm64.c | 52 - drivers/pinctrl/samsung/pinctrl-exynos.c | 260 ++++---- drivers/pinctrl/samsung/pinctrl-exynos.h | 8 drivers/pinctrl/samsung/pinctrl-samsung.c | 21 drivers/pinctrl/samsung/pinctrl-samsung.h | 8 drivers/pmdomain/core.c | 35 + drivers/power/reset/at91-reset.c | 5 drivers/ptp/ptp_private.h | 12 drivers/regulator/max20086-regulator.c | 6 drivers/remoteproc/qcom_wcnss_iris.c | 2 drivers/remoteproc/ti_k3_dsp_remoteproc.c | 8 drivers/remoteproc/ti_k3_r5_remoteproc.c | 8 drivers/rpmsg/qcom_smd.c | 2 drivers/rtc/rtc-loongson.c | 8 drivers/rtc/rtc-sh.c | 12 drivers/scsi/hisi_sas/hisi_sas_main.c | 29 drivers/scsi/qedf/qedf_main.c | 2 drivers/scsi/scsi_transport_iscsi.c | 11 drivers/scsi/smartpqi/smartpqi_init.c | 4 drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 drivers/soc/qcom/smp2p.c | 2 drivers/spi/spi-bcm63xx-hsspi.c | 2 drivers/spi/spi-bcm63xx.c | 2 drivers/spi/spi-omap2-mcspi.c | 30 - drivers/spi/spi-sh-msiof.c | 13 drivers/spi/spi-tegra210-quad.c | 24 drivers/staging/media/rkvdec/rkvdec.c | 10 drivers/thermal/mediatek/lvts_thermal.c | 18 drivers/thunderbolt/usb4.c | 4 drivers/tty/serial/8250/8250_omap.c | 25 drivers/tty/serial/milbeaut_usio.c | 5 drivers/tty/serial/sh-sci.c | 24 drivers/tty/vt/vt_ioctl.c | 2 drivers/ufs/core/ufs-mcq.c | 6 drivers/ufs/core/ufshcd.c | 7 drivers/ufs/host/ufs-qcom.c | 5 drivers/usb/cdns3/cdnsp-gadget.c | 21 drivers/usb/cdns3/cdnsp-gadget.h | 4 drivers/usb/class/usbtmc.c | 17 drivers/usb/core/hub.c | 16 drivers/usb/core/usb-acpi.c | 2 drivers/usb/gadget/function/f_hid.c | 12 drivers/usb/gadget/udc/core.c | 2 drivers/usb/misc/onboard_usb_dev.c | 107 +++ drivers/usb/renesas_usbhs/common.c | 50 + drivers/usb/typec/bus.c | 2 drivers/usb/typec/tcpm/tcpci_maxim_core.c | 3 drivers/usb/typec/tcpm/tcpm.c | 91 ++- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 79 ++ drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 14 drivers/vfio/vfio_iommu_type1.c | 2 drivers/video/backlight/qcom-wled.c | 6 drivers/video/fbdev/core/fbcvt.c | 2 drivers/watchdog/exar_wdt.c | 2 drivers/xen/balloon.c | 13 fs/9p/vfs_addr.c | 1 fs/btrfs/extent-io-tree.c | 6 fs/btrfs/inode.c | 7 fs/btrfs/scrub.c | 34 + fs/erofs/super.c | 49 + fs/f2fs/data.c | 4 fs/f2fs/f2fs.h | 10 fs/f2fs/gc.c | 3 fs/f2fs/namei.c | 10 fs/f2fs/segment.h | 45 - fs/f2fs/super.c | 4 fs/filesystems.c | 14 fs/gfs2/glock.c | 3 fs/gfs2/glops.c | 4 fs/gfs2/incore.h | 9 fs/gfs2/inode.c | 3 fs/gfs2/meta_io.c | 2 fs/gfs2/meta_io.h | 4 fs/gfs2/ops_fstype.c | 35 - fs/gfs2/super.c | 16 fs/gfs2/sys.c | 1 fs/kernfs/dir.c | 5 fs/kernfs/file.c | 3 fs/namespace.c | 25 fs/nfs/super.c | 19 fs/nilfs2/btree.c | 4 fs/nilfs2/direct.c | 3 fs/ntfs3/index.c | 8 fs/ntfs3/inode.c | 5 fs/ocfs2/quota_local.c | 2 fs/smb/client/cifssmb.c | 20 fs/squashfs/super.c | 5 fs/xfs/xfs_discard.c | 17 include/linux/arm_sdei.h | 4 include/linux/bio.h | 2 include/linux/bvec.h | 7 include/linux/coresight.h | 2 include/linux/hid.h | 3 include/linux/ieee80211.h | 79 ++ include/linux/mdio.h | 5 include/linux/mlx5/driver.h | 1 include/linux/mm.h | 58 + include/linux/nvme.h | 2 include/linux/overflow.h | 27 include/linux/pci-epf.h | 3 include/linux/phy.h | 5 include/linux/pm_domain.h | 7 include/linux/poison.h | 4 include/linux/virtio_vsock.h | 1 include/net/bluetooth/hci_core.h | 2 include/net/netfilter/nft_fib.h | 9 include/net/page_pool/types.h | 6 include/net/sock.h | 7 include/sound/hdaudio.h | 4 io_uring/fdinfo.c | 12 io_uring/io_uring.c | 4 io_uring/register.c | 7 io_uring/sqpoll.c | 43 - io_uring/sqpoll.h | 8 kernel/bpf/core.c | 29 kernel/events/core.c | 50 + kernel/power/energy_model.c | 4 kernel/power/hibernate.c | 5 kernel/power/main.c | 3 kernel/power/power.h | 4 kernel/power/wakelock.c | 3 kernel/rcu/tree.c | 10 kernel/rcu/tree.h | 2 kernel/rcu/tree_stall.h | 4 kernel/sched/core.c | 12 kernel/time/posix-cpu-timers.c | 9 kernel/trace/bpf_trace.c | 7 kernel/trace/ring_buffer.c | 41 - kernel/trace/trace.h | 8 kernel/trace/trace_events_hist.c | 122 +++- kernel/trace/trace_events_trigger.c | 20 lib/iov_iter.c | 2 lib/kunit/static_stub.c | 2 lib/usercopy_kunit.c | 1 mm/page_alloc.c | 8 net/bluetooth/eir.c | 17 net/bluetooth/eir.h | 2 net/bluetooth/hci_conn.c | 2 net/bluetooth/hci_core.c | 29 net/bluetooth/hci_event.c | 16 net/bluetooth/hci_sync.c | 74 ++ net/bluetooth/iso.c | 9 net/bluetooth/l2cap_core.c | 3 net/bluetooth/mgmt.c | 140 ++-- net/bluetooth/mgmt_util.c | 49 - net/bluetooth/mgmt_util.h | 8 net/bridge/netfilter/nf_conntrack_bridge.c | 12 net/core/netmem_priv.h | 33 + net/core/page_pool.c | 108 ++- net/core/skbuff.c | 16 net/core/skmsg.c | 53 + net/core/sock.c | 8 net/core/xdp.c | 4 net/dsa/tag_brcm.c | 2 net/ipv4/netfilter/nft_fib_ipv4.c | 11 net/ipv4/udp_offload.c | 5 net/ipv6/netfilter.c | 12 net/ipv6/netfilter/nft_fib_ipv6.c | 17 net/ipv6/seg6_local.c | 6 net/mac80211/mlme.c | 7 net/mac80211/scan.c | 11 net/ncsi/internal.h | 21 net/ncsi/ncsi-pkt.h | 23 net/ncsi/ncsi-rsp.c | 21 net/netfilter/nf_nat_core.c | 12 net/netfilter/nft_quota.c | 20 net/netfilter/nft_set_pipapo.c | 58 + net/netfilter/nft_set_pipapo_avx2.c | 21 net/netfilter/nft_tunnel.c | 8 net/netfilter/xt_TCPOPTSTRIP.c | 4 net/netfilter/xt_mark.c | 2 net/netlabel/netlabel_kapi.c | 5 net/openvswitch/flow.c | 2 net/sched/sch_ets.c | 2 net/sched/sch_prio.c | 2 net/sched/sch_red.c | 2 net/sched/sch_sfq.c | 5 net/sched/sch_tbf.c | 2 net/sunrpc/xprtrdma/svc_rdma_transport.c | 14 net/tipc/crypto.c | 6 net/tls/tls_sw.c | 15 net/vmw_vsock/virtio_transport_common.c | 26 net/wireless/scan.c | 18 net/xfrm/xfrm_device.c | 2 net/xfrm/xfrm_state.c | 2 rust/kernel/alloc/kvec.rs | 3 scripts/gcc-plugins/gcc-common.h | 32 + scripts/gcc-plugins/randomize_layout_plugin.c | 40 - sound/core/seq_device.c | 2 sound/hda/hda_bus_type.c | 6 sound/pci/hda/hda_bind.c | 4 sound/pci/hda/patch_realtek.c | 68 ++ sound/soc/apple/mca.c | 23 sound/soc/codecs/hda.c | 4 sound/soc/codecs/tas2764.c | 2 sound/soc/intel/avs/debugfs.c | 6 sound/soc/intel/avs/ipc.c | 4 sound/soc/mediatek/mt8195/mt8195-mt6359.c | 4 sound/soc/sof/amd/pci-acp70.c | 1 sound/soc/sof/ipc4-pcm.c | 3 sound/soc/ti/omap-hdmi.c | 7 sound/usb/implicit.c | 1 tools/arch/x86/kcpuid/kcpuid.c | 47 - tools/arch/x86/lib/x86-opcode-map.txt | 50 - tools/bpf/bpftool/cgroup.c | 2 tools/bpf/resolve_btfids/Makefile | 2 tools/lib/bpf/bpf_core_read.h | 6 tools/lib/bpf/libbpf.c | 48 - tools/lib/bpf/linker.c | 4 tools/lib/bpf/nlattr.c | 15 tools/objtool/check.c | 3 tools/perf/Makefile.config | 2 tools/perf/Makefile.perf | 3 tools/perf/builtin-record.c | 2 tools/perf/builtin-trace.c | 9 tools/perf/scripts/python/exported-sql-viewer.py | 5 tools/perf/tests/switch-tracking.c | 2 tools/perf/ui/browsers/hists.c | 2 tools/perf/util/intel-pt.c | 205 ++++++ tools/perf/util/machine.c | 6 tools/perf/util/symbol-minimal.c | 160 ++--- tools/perf/util/thread.c | 8 tools/perf/util/thread.h | 2 tools/power/x86/turbostat/turbostat.c | 41 + tools/testing/selftests/Makefile | 2 tools/testing/selftests/bpf/prog_tests/bpf_nf.c | 6 tools/testing/selftests/bpf/test_loader.c | 14 tools/testing/selftests/cpufreq/cpufreq.sh | 3 tools/testing/selftests/seccomp/seccomp_bpf.c | 13 515 files changed, 5502 insertions(+), 3052 deletions(-) Aaron Kling (2): arm64: tegra: Drop remaining serial clock-names and reset-names arm64: tegra: Add uartd serial alias for Jetson TX1 module Adam Ford (5): arm64: dts: imx8mm-beacon: Fix RTC capacitive load arm64: dts: imx8mn-beacon: Fix RTC capacitive load arm64: dts: imx8mp-beacon: Fix RTC capacitive load arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio Adrian Hunter (2): perf intel-pt: Fix PEBS-via-PT data_src perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Ahmed S. Darwish (2): tools/x86/kcpuid: Fix error handling x86/cpu: Sanitize CPUID(0x80000000) output Al Viro (3): path_overmount(): avoid false negatives fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) do_change_type(): refuse to operate on unmounted/not ours mounts Alexander Shiyan (1): power: reset: at91-reset: Optimize at91_reset() Alexander Sverdlin (1): counter: interrupt-cnt: Protect enable/disable OPs with mutex Alexei Safin (1): hwmon: (asus-ec-sensors) check sensor index in read_string() Alexey Gladkov (1): mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Alexey Kodanev (1): wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Alexey Minnekhanov (3): arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning Alexis Lothoré (2): net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping net: stmmac: make sure that ptp_rate is not 0 before configuring EST Alok Tiwari (3): gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO scsi: iscsi: Fix incorrect error path labels for flashnode operations Amir Tzin (1): net/mlx5: Fix ECVF vports unload on shutdown flow Amit Sunil Dhamne (1): usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Anand Moon (1): perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() Andre Przywara (1): dt-bindings: vendor-prefixes: Add Liontron name Andreas Gruenbacher (2): gfs2: replace sd_aspace with sd_inode gfs2: gfs2_create_inode error handling fix Andrew Cooper (1): x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() Andrew Price (1): gfs2: Don't clear sb->s_fs_info in gfs2_sys_fs_add Andrey Vatoropin (1): fs/ntfs3: handle hdr_first_de() return value Andy Shevchenko (1): pinctrl: at91: Fix possible out-of-boundary access AngeloGioacchino Del Regno (5): thermal/drivers/mediatek/lvts: Fix debugfs unregister on failure drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr drm/mediatek: Fix kobject put for component sub-drivers drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains Annie Li (1): x86/microcode/AMD: Do not return error when microcode update is not necessary Anton Protopopov (3): libbpf: Use proper errno value in linker bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ libbpf: Use proper errno value in nlattr Anubhav Shelat (2): perf trace: Always print return value for syscalls returning a pid perf trace: Set errpid to false for rseq and set_robust_list Armin Wolf (1): ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" Arnaldo Carvalho de Melo (2): perf build: Warn when libdebuginfod devel files are not available perf ui browser hists: Set actions->thread before calling do_zoom_thread() Arnd Bergmann (2): usb: misc: onboard_usb_dev: fix build warning for CONFIG_USB_ONBOARD_DEV_USB5744=n thermal/drivers/mediatek/lvts: Remove unused lvts_debugfs_exit Badal Nilawar (1): drm/xe/d3cold: Set power state to D3Cold during s2idle/s3 Baochen Qiang (5): wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() wifi: ath11k: don't wait when there is no vdev started wifi: ath11k: move some firmware stats related functions outside of debugfs wifi: ath12k: fix GCC_GCC_PCIE_HOT_RST definition for WCN7850 Barnabás Czémán (1): soc: qcom: smp2p: Fix fallback to qcom,ipc parse Benjamin Marzinski (5): dm: don't change md if dm_table_set_restrictions() fails dm: free table mempools if not used in __bind dm: fix dm_blk_report_zones dm-flakey: error all IOs when num_features is absent dm-flakey: make corrupting read bios work Biju Das (2): drm: rcar-du: Fix memory leak in rcar_du_vsps_init() drm/tegra: rgb: Fix the unbound reference count Bjorn Helgaas (2): PCI/DPC: Initialize aer_err_info before using it PCI/DPC: Log Error Source ID only when valid Boris Brezillon (2): drm/panthor: Fix GPU_COHERENCY_ACE[_LITE] definitions drm/panthor: Update panthor_mmu::irq::mask when needed Brian Pellegrino (1): iio: filter: admv8818: Support frequencies >= 2^32 Brian Vazquez (1): idpf: fix a race in txq wakeup Bui Quang Minh (1): selftests: net: build net/lib dependency in all target Caleb Connolly (1): ath10k: snoc: fix unbalanced IRQ enable in crash recovery Carlos Fernandez (1): macsec: MACsec SCI assignment for ES = 0 Casey Connolly (1): drm/panel: samsung-sofef00: Drop s6e3fc2x01 support Cezary Rojewski (3): ASoC: codecs: hda: Fix RPM usage count underflow ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX ASoC: Intel: avs: Verify content returned by parse_int_array() Chandrashekar Devegowda (2): Bluetooth: btintel_pcie: Increase the tx and rx descriptor count Bluetooth: btintel_pcie: Reduce driver buffer posting to prevent race condition Chao Yu (4): f2fs: zone: fix to avoid inconsistence in between SIT and SSA f2fs: fix to do sanity check on sbi->total_valid_block_count f2fs: clean up w/ fscrypt_is_bounce_page() f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() Charalampos Mitrodimas (1): net: tipc: fix refcount warning in tipc_aead_encrypt Charles Han (1): drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table Chenyuan Yang (2): phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug usb: acpi: Prevent null pointer dereference in usb_acpi_add_usb4_devlink() Chin-Yen Lee (1): wifi: rtw89: fix firmware scan delay unit for WiFi 6 chips Chris Chiu (3): ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3315 ALSA: hda/realtek: fix micmute LEDs on HP Laptops with ALC3247 ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup Christian Brauner (1): gfs2: pass through holder from the VFS for freeze/thaw Christoph Hellwig (1): block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work Christophe JAILLET (3): drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() mfd: exynos-lpass: Fix an error handling path in exynos_lpass_probe() mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() Chuck Lever (1): svcrdma: Reduce the number of rdma_rw contexts per-QP Chukun Pan (1): arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 Claudiu Beznea (1): serial: sh-sci: Move runtime PM enable to sci_probe_single() Corentin Labbe (1): crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Cosmin Ratiu (2): net/mlx5: Avoid using xso.real_dev unnecessarily xfrm: Use xdo.dev instead of xdo.real_dev Cristian Ciocaltea (2): phy: rockchip: samsung-hdptx: Fix clock ratio setup phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors Dan Carpenter (6): wifi: ath12k: Fix buffer overflow in debugfs of: unittest: Unlock on error in unittest_data_add() remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() net/mlx4_en: Prevent potential integer overflow calculating Hz regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() Daniel Wagner (1): nvmet-fcloop: access fcpreq only when holding reqlock Daniele Palmas (1): net: wwan: mhi_wwan_mbim: use correct mux_id for multiplexing Daniil Tatianin (1): ACPICA: exserial: don't forget to handle FFixedHW opregions for reading Danilo Krummrich (1): rust: alloc: add missing invariant in Vec::set_len() Dapeng Mi (1): perf record: Fix incorrect --user-regs comments Dave Chinner (1): xfs: don't assume perags are initialised when trimming AGs Dave Penkler (1): usb: usbtmc: Fix read_stb function and get_stb ioctl David Heimann (1): ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 David Lechner (1): dt-bindings: pwm: adi,axi-pwmgen: Fix clocks Detlev Casanova (1): media: verisilicon: Free post processor buffers on error Di Shen (1): bpf: Revert "bpf: remove unnecessary rcu_read_{lock,unlock}() in multi-uprobe attach logic" Dmitry Antipov (3): wifi: rtw88: do not ignore hardware read error during DPK Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() Dmitry Baryshkov (6): drm/msm/dpu: enable SmartDMA on SM8150 drm/msm/dpu: enable SmartDMA on SC8180X ARM: dts: qcom: apq8064: add missing clocks to the timer node ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device ARM: dts: qcom: apq8064: move replicator out of soc node arm64: dts: qcom: qcm2290: fix (some) of QUP interconnects Dmitry Torokhov (1): Input: synaptics-rmi - fix crash with unsupported versions of F34 Dong Chenchen (1): page_pool: Fix use-after-free in page_pool_recycle_in_ring Dr. David Alan Gilbert (1): Bluetooth: MGMT: Remove unused mgmt_pending_find_data Dzmitry Sankouski (4): arm64: dts: qcom: sdm845-starqltechn: remove wifi arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake arm64: dts: qcom: sdm845-starqltechn: refactor node order arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios Easwar Hariharan (1): wifi: ath11k: convert timeouts to secs_to_jiffies() Eddie James (1): powerpc/crash: Fix non-smp kexec preparation Emil Tantilov (1): idpf: avoid mailbox timeout delays during reset Eric Dumazet (6): net_sched: sch_sfq: fix a potential crash on gso_skb handling net_sched: prio: fix a race in prio_tune() net_sched: red: fix a race in __red_change() net_sched: tbf: fix a race in tbf_change() net_sched: ets: fix a race in ets_qdisc_change() calipso: unlock rcu before returning -EAFNOSUPPORT Faicker Mo (1): net: openvswitch: Fix the dead loop of MPLS parse Feng Yang (1): libbpf: Fix event name too long error Fernando Fernandez Mancera (1): netfilter: nft_tunnel: fix geneve_opt dump Filipe Manana (3): btrfs: fix invalid data space release when truncating block in NOCOW mode btrfs: exit after state insertion failure at btrfs_convert_extent_bit() btrfs: exit after state split error at set_extent_bit() Finn Thain (1): m68k: mac: Fix macintosh_config for Mac II Florian Westphal (5): netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy netfilter: nf_tables: nft_fib: consistent l3mdev handling netfilter: nf_set_pipapo_avx2: fix initial map fill netfilter: nf_nat: also check reverse tuple to obtain clashing entry Francesco Dolcini (1): Revert "wifi: mwifiex: Fix HT40 bandwidth issue." Félix Piédallu (2): spi: omap2-mcspi: Disable multi mode when CS should be kept asserted after message spi: omap2-mcspi: Disable multi-mode when the previous message kept CS asserted Gaurav Batra (1): powerpc/pseries/iommu: Fix kmemleak in TCE table userspace view Gautham R. Shenoy (1): tools/power turbostat: Fix AMD package-energy reporting Geert Uytterhoeven (1): spi: sh-msiof: Fix maximum DMA transfer size Greg Kroah-Hartman (5): ALSA: core: fix up bus match const issues. net: phy: fix up const issues in to_mdio_device() and to_phy_device() USB: gadget: udc: fix const issue in gadget_match_driver() USB: typec: fix const issue in typec_match() Linux 6.12.34 Gustavo A. R. Silva (1): overflow: Fix direct struct member initialization in _DEFINE_FLEX() Hangbin Liu (1): bonding: assign random address if device address is same as bond Hans Zhang (2): efi/libstub: Describe missing 'out' parameter in efi_load_initrd PCI: cadence: Fix runtime atomic count underflow Hans de Goede (1): mei: vsc: Cast tx_buf to (__be32 *) when passed to cpu_to_be32_array() Haren Myneni (1): powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Hari Kalavakunta (1): net: ncsi: Fix GCPS 64-bit member variables Hariprasad Kelam (2): octeontx2-pf: QOS: Perform cache sync on send queue teardown octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback Hector Martin (2): ASoC: tas2764: Enable main IRQs PCI: apple: Use gpiod_set_value_cansleep in probe flow Henry Martin (7): clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() wifi: mt76: mt7996: Fix null-ptr-deref in mt7996_mmio_wed_init() wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() backlight: pm8941: Add NULL check in wled_configure() dmaengine: ti: Add NULL check in udma_probe() serial: Fix potential null-ptr-deref in mlb_usio_probe() Herbert Xu (5): crypto: marvell/cesa - Handle zero-length skcipher requests crypto: marvell/cesa - Avoid empty transfer descriptor crypto: lrw - Only add ecb if it is not already there crypto: xts - Only add ecb if it is not already there crypto: api - Redo lookup on EEXIST Hongbo Li (1): erofs: fix file handle encoding for 64-bit NIDs Hongbo Yao (2): perf: arm-ni: Unregister PMUs on probe failure perf: arm-ni: Fix missing platform_set_drvdata() Horatiu Vultur (4): net: lan966x: Fix 1-step timestamping over ipv4 or ipv6 net: phy: mscc: Fix memory leak when using one step timestamping net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames net: lan966x: Make sure to insert the vlan tags also in host mode Huajian Yang (1): netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Huang Yiwei (1): firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES I Hsin Cheng (1): drm/meson: Use 1000ULL when operating with mode->clock Ian Forbes (2): drm/vmwgfx: Add seqno waiter for sync_files drm/vmwgfx: Fix dumb buffer leak Ian Rogers (3): perf symbol-minimal: Fix double free in filename__read_build_id perf symbol: Fix use-after-free in filename__read_build_id perf callchain: Always populate the addr_location map when adding IP Ido Schimmel (1): seg6: Fix validation of nexthop addresses Ilan Peer (1): wifi: iwlfiwi: mvm: Fix the rate reporting Ilya Leoshkevich (1): s390/bpf: Store backchain even for leaf progs Ioana Ciornei (1): bus: fsl-mc: fix double-free on mc_dev Jack Morgenstein (1): RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work Jacob Moroni (1): IB/cm: use rwlock for MAD agent lock Jaegeuk Kim (1): f2fs: clean up unnecessary indentation Jakub Kicinski (1): net: drv: netdevsim: don't napi_complete() from netpoll Jakub Raczynski (2): net/mdiobus: Fix potential out-of-bounds read/write access net/mdiobus: Fix potential out-of-bounds clause 45 read/write access Jason Gunthorpe (1): iommu: Protect against overflow in iommu_pgsize() Jason-JH Lin (1): mailbox: mtk-cmdq: Refine GCE_GCTL_VALUE setting Jeongjun Park (1): ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() Jerome Brunet (2): PCI: rcar-gen4: set ep BAR4 fixed size PCI: endpoint: Retain fixed-size BAR size as well as aligned size Jesus Narvaez (2): drm/i915/guc: Check if expecting reply before decrementing outstanding_submission_g2h drm/i915/guc: Handle race condition where wakeref count drops below 0 Jianbo Liu (1): net/mlx5e: Fix leak of Geneve TLV option object Jiaqing Zhao (1): x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Jiayuan Chen (5): bpf: fix ktls panic with sockmap bpf, sockmap: fix duplicated data transmission bpf, sockmap: Fix panic when calling skb_linearize ktls, sockmap: Fix missing uncharge operation bpf, sockmap: Avoid using sk_socket after free when sending Jinjian Song (1): net: wwan: t7xx: Fix napi rx poll issue Jiri Slaby (SUSE) (2): powerpc: do not build ppc_save_regs.o always tty: serial: 8250_omap: fix TX with DMA for am33xx Joel Stanley (1): ARM: aspeed: Don't select SRAM John Stultz (1): sched/core: Tweak wait_task_inactive() to force dequeue sched_delayed tasks Jonas Gorski (4): net: dsa: b53: do not enable RGMII delay on bcm63xx net: dsa: b53: allow RGMII for bcm63xx RGMII ports net: dsa: b53: do not touch DLL_IQQD on bcm53115 net: dsa: b53: fix untagged traffic sent via cpu tagged with VID 0 Jonas Karlman (1): media: rkvdec: Fix frame size enumeration Jonathan Stroud (1): usb: misc: onboard_usb_dev: Fix usb5744 initialization sequence Jonathan Wiepert (1): Use thread-safe function pointer in libbpf_print Jouni Högander (1): drm/i915/psr: Fix using wrong mask in REG_FIELD_PREP Julien Massot (3): ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY() arm64: dts: mt6359: Add missing 'compatible' property to regulators node arm64: dts: mt6359: Rename RTC node to match binding expectations Junhao He (1): coresight: Fixes device's owner field for registered using coresight_init_driver() Junxian Huang (1): RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h KaFai Wan (1): bpf: Avoid __bpf_prog_ret0_warn when jit fails Kailang Yang (1): ALSA: hda/realtek - Support mute led function for HP platform Kees Cook (8): ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type watchdog: exar: Shorten identity name to fit correctly drm/vkms: Adjust vkms_state->active_planes allocation type scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops Bluetooth: btintel: Check dsbr size from EFI variable randstruct: gcc-plugin: Remove bogus void member randstruct: gcc-plugin: Fix attribute addition overflow: Introduce __DEFINE_FLEX for having no initializer Keisuke Nishimura (1): drm/vmwgfx: Add error path for xa_store in vmw_bo_add_detached_resource Keith Busch (2): nvme: fix command limits status code io_uring: consistently use rcu semantics with sqpoll thread Kiran K (1): Bluetooth: btintel_pcie: Fix driver not posting maximum rx buffers Konrad Dybcio (2): drm/msm/a6xx: Disable rgb565_predicator on Adreno 7c3 arm64: dts: qcom: x1e80100-romulus: Keep L12B and L15B always on Kornel Dulęba (1): arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX Krzysztof Kozlowski (1): dt-bindings: pwm: Correct indentation and style in DTS example Kuniyuki Iwashima (1): calipso: Don't call calipso functions for AF_INET sk. Lachlan Hodges (1): wifi: cfg80211/mac80211: correctly parse S1G beacon optional elements Lad Prabhakar (1): usb: renesas_usbhs: Reorder clock handling and power management in probe Leo Yan (1): perf tests switch-tracking: Fix timestamp comparison Li Lingfeng (2): nfs: clear SB_RDONLY before getting superblock nfs: ignore SB_RDONLY when remounting nfs Li RongQing (1): vfio/type1: Fix error unwind in migration dirty bitmap allocation Liu Dalin (1): rtc: loongson: Add missing alarm notifications for ACPI RTC events Lizhi Xu (1): fs/ntfs3: Add missing direct_IO in ntfs_aops_cmpr Longfang Liu (3): hisi_acc_vfio_pci: fix XQE dma address error hisi_acc_vfio_pci: add eq and aeq interruption restore hisi_acc_vfio_pci: bugfix live migration function without VF device driver Lorenzo Bianconi (1): bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps Luca Weiss (5): clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs arm64: dts: qcom: sm8350: Reenable crypto & cryptobam Luis Gerhorst (1): selftests/bpf: Fix caps for __xlated/jited_unpriv Luiz Augusto von Dentz (8): Bluetooth: ISO: Fix not using SID from adv report Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete Bluetooth: MGMT: Protect mgmt_pending list with its own lock Bluetooth: Fix NULL pointer deference on eir_get_service_data Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance Bluetooth: eir: Fix possible crashes on eir_create_adv_data Bluetooth: MGMT: Fix sparse errors Maharaja Kennadyrajan (1): wifi: ath12k: fix node corruption in ar->arvifs list Marcus Folkesson (1): iio: adc: mcp3911: fix device dependent mappings for conversion result registers Mario Limonciello (1): thunderbolt: Fix a logic error in wake on connect Marius Cristea (1): iio: adc: PAC1934: fix typo in documentation link Mark Brown (2): arm64/fpsimd: Discard stale CPU state when handling SME traps arm64/fpsimd: Don't corrupt FPMR when streaming mode changes Mark Kettenis (1): arm64: dts: qcom: x1e80100: Mark usb_2 as dma-coherent Mark Rutland (6): arm64/fpsimd: Avoid RES0 bits in the SME trap handler arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP arm64/fpsimd: Reset FPMR upon exec() arm64/fpsimd: Fix merging of FPSIMD state during signal return arm64/fpsimd: Avoid warning when sve_to_fpsimd() is unused arm64/fpsimd: Do not discard modified SVE state Martin Blumenstingl (4): drm/meson: use unsigned long long / Hz for frequency types drm/meson: fix debug log statement when setting the HDMI clocks drm/meson: use vclk_freq instead of pixel_freq in debug print drm/meson: fix more rounding issues with 59.94Hz modes Martin Povišer (1): ASoC: apple: mca: Constrain channels according to TDM mask Masami Hiramatsu (Google) (1): x86/insn: Fix opcode map (!REX2) superscript tags Mathias Nyman (1): usb: Flush altsetting 0 endpoints before reinitializating them after reset. Matthew Wilcox (Oracle) (3): bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP block: Fix bvec_set_folio() for very large folios 9p: Add a migrate_folio method Maxime Ripard (1): drm/vc4: tests: Use return instead of assert Meghana Malladi (1): net: ti: icssg-prueth: Fix swapped TX stats for MII interfaces. Miaoqian Lin (2): firmware: psci: Fix refcount leak in psci_dt_init tracing: Fix error handling in event_trigger_parse() Michael Lo (1): wifi: mt76: mt7925: ensure all MCU commands wait for response Michael Petlan (1): perf tests: Fix 'perf report' tests installation Michael Walle (1): drm/panel-simple: fix the warnings for the Evervision VGG644804 Michal Koutný (1): kernfs: Relax constraint in draining guard Michal Kubiak (3): ice: fix Tx scheduler error handling in XDP callback ice: create new Tx scheduler nodes for new queues only ice: fix rebuilding the Tx scheduler tree for large queue counts Michal Luczaj (1): net: Fix TOCTOU issue in sk_is_readable() Miguel Ojeda (1): objtool/rust: relax slice condition to cover more `noreturn` Rust functions Mikhail Arkhipov (1): mtd: nand: ecc-mxic: Fix use of uninitialized variable ret Ming Lei (2): loop: add file_start_write() and file_end_write() block: use q->elevator with ->elevator_lock held in elv_iosched_show() Ming Yen Hsieh (2): wifi: mt76: mt7925: prevent multiple scan commands wifi: mt76: mt7925: refine the sniffer commnad Mingcong Bai (1): ACPI: resource: fix a typo for MECHREVO in irq1_edge_low_force_override[] Mirco Barone (1): wireguard: device: enable threaded NAPI Moshe Shemesh (1): net/mlx5: Ensure fw pages are always allocated on same NUMA Murad Masimov (1): ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery Namhyung Kim (1): perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids() Neil Armstrong (2): arm64: dts: qcom: sm8650: setup gpu thermal with higher temperatures arm64: dts: qcom: sm8650: add missing cpu-cfg interconnect path in the mdss node Neill Kapron (1): selftests/seccomp: fix syscall_restart test for arm compat Nicolas Frattaroli (1): mmc: sdhci-of-dwcmshc: add PD workaround on RK3576 Nicolas Pitre (1): vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Nikita Zhandarovich (1): net: usb: aqc111: fix error handling of usbnet read calls Nitesh Shetty (1): iov_iter: use iov_offset for length calculation in iov_iter_aligned_bvec Nitin Rawat (1): scsi: ufs: qcom: Prevent calling phy_exit() before phy_init() Nylon Chen (1): riscv: misaligned: fix sleeping function called during misaligned access handling Nícolas F. R. A. Prado (3): kselftest: cpufreq: Get rid of double suspend in rtcwake case arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles regulator: dt-bindings: mt6357: Drop fixed compatible requirement Oleg Nesterov (1): posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Oliver Neukum (1): net: usb: aqc111: debug info before sanitation Ovidiu Panait (4): crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run() crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() crypto: sun8i-ce - undo runtime PM changes during driver removal crypto: sun8i-ce - move fallback ahash_request to the end of the struct P Praneesh (4): wifi: ath12k: Fix memory leak during vdev_id mismatch wifi: ath12k: Fix invalid memory access while forming 802.11 header wifi: ath12k: Add MSDU length validation for TKIP MIC error wifi: ath12k: refactor ath12k_hw_regs structure Pablo Neira Ayuso (1): netfilter: nft_set_pipapo: prevent overflow in lookup table allocation Pali Rohár (1): cifs: Fix validation of SMB1 query reparse point response Patrisious Haddad (2): RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction net/mlx5: Fix return value when searching for existing flow group Pauli Virtanen (1): Bluetooth: hci_core: fix list_for_each_entry_rcu usage Pawel Laszczak (2): usb: cdnsp: Fix issue with detecting command completion event usb: cdnsp: Fix issue with detecting USB 3.2 speed Peng Fan (1): mailbox: imx: Fix TXDB_V2 sending Penglei Jiang (1): io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() Peter Chiu (1): wifi: mt76: mt7996: set EHT max ampdu length capability Peter Griffin (3): pinctrl: samsung: refactor drvdata suspend & resume callbacks pinctrl: samsung: add dedicated SoC eint suspend/resume callbacks pinctrl: samsung: add gs101 specific eint suspend/resume callbacks Peter Korsgaard (1): nvmem: zynqmp_nvmem: unbreak driver after cleanup Peter Robinson (2): arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c arm64: dts: rockchip: Update eMMC for NanoPi R5 series Peter Zijlstra (2): sched: Fix trace_sched_switch(.prev_state) perf: Ensure bpf_perf_link path is properly serialized Phillip Lougher (1): Squashfs: check return result of sb_min_blocksize Pin-yen Lin (1): arm64: dts: mt8183: Add port node to mt8183.dtsi Ping-Ke Shih (1): wifi: rtw89: pci: enlarge retry times of RX tag to 1000 Prasanth Babu Mantena (1): arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E Qasim Ijaz (1): fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() Qing Wang (1): perf/core: Fix broken throttling when max_samples_per_tick=1 Qiuxu Zhuo (2): EDAC/skx_common: Fix general protection fault EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0 Qu Wenruo (2): btrfs: scrub: update device stats when an error is detected btrfs: scrub: fix a wrong error type when metadata bytenr mismatches Quentin Schulz (2): arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou net: stmmac: platform: guarantee uniqueness of bus_id RD Babiera (1): usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work Radim Krčmář (1): RISC-V: KVM: lock the correct mp_state during reset Rafael J. Wysocki (2): PM: sleep: Print PM debug messages during hibernation PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Raj Kumar Bhagat (1): wifi: ath12k: fix cleanup path after mhi init Rajat Soni (1): wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Ramasamy Kaliappan (1): wifi: ath12k: Fix the QoS control field offset to build QoS header Ramya Gnanasekar (1): wifi: ath12k: Fix WMI tag for EHT rate in peer assoc Ritesh Harjani (IBM) (1): powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap Rob Herring (Arm) (1): dt-bindings: soc: fsl,qman-fqd: Fix reserved-memory.yaml reference Robert Malz (2): i40e: return false from i40e_reset_vf if reset is in progress i40e: retry VFLR handling if there is ongoing VF reset Rodrigo Gobbi (1): wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready Rodrigo Vivi (1): drm/xe: Make xe_gt_freq part of the Documentation Roger Pau Monne (1): xen/x86: fix initial memory balloon target Rolf Eike Beer (1): iommu: remove duplicate selection of DMAR_TABLE Ronak Doshi (1): vmxnet3: correctly report gso type for UDP tunnels Ryusuke Konishi (1): nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Saket Kumar Bhaskar (1): selftests/bpf: Fix bpf_nf selftest failure Sam Winchenbach (3): iio: filter: admv8818: fix band 4, state 15 iio: filter: admv8818: fix integer overflow iio: filter: admv8818: fix range calculation Sandipan Das (2): perf/x86/amd/uncore: Remove unused 'struct amd_uncore_ctx::node' member perf/x86/amd/uncore: Prevent UMC counters from saturating Sanjeev Yadav (1): scsi: core: ufs: Fix a hang in the error handler Sarika Sharma (1): wifi: ath12k: fix invalid access to memory Sean Christopherson (1): x86/irq: Ensure initial PIR loads are performed exactly once Sergey Shtylyov (1): fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Shayne Chen (1): wifi: mt76: mt7996: fix RX buffer size of MCU event Sheng Yong (1): erofs: avoid using multiple devices with different type Shiming Cheng (1): net: fix udp gso skb_segment after pull from frag_list Siddharth Vadapalli (2): remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick} remoteproc: k3-dsp: Drop check performed in k3_dsp_rproc_{mbox_callback/kick} Stefan Binding (2): ALSA: hda/realtek: Add support for various HP Laptops using CS35L41 HDA ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA Stefano Garzarella (1): vsock/virtio: fix `rx_bytes` accounting for stream sockets Stefano Stabellini (1): xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Stephan Gerhold (3): arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies arm64: dts: qcom: x1e80100: Apply consistent critical thermal shutdown arm64: dts: qcom: x1e80100: Add GPU cooling Steven Rostedt (4): tracing: Move histogram trigger variables from stack to per CPU structure tracing: Rename event_trigger_alloc() to trigger_data_alloc() ring-buffer: Do not trigger WARN_ON() due to a commit_overrun ring-buffer: Move cpus_read_lock() outside of buffer->mutex Stone Zhang (1): wifi: ath11k: fix node corruption in ar->arvifs list Su Hui (1): soc: aspeed: lpc: Fix impossible judgment condition Suleiman Souhlal (1): tools/resolve_btfids: Fix build when cross compiling kernel with clang. Suraj Gupta (1): net: xilinx: axienet: Fix Tx skb circular buffer occupancy check in dmaengine xmit Tao Chen (3): bpf: Check link_create.flags parameter for multi_kprobe libbpf: Remove sample_period init in perf_buffer bpf: Fix WARN() in get_bpf_raw_tp_regs Tengteng Yang (1): Fix sock_exceed_buf_limit not being triggered in __sk_mem_raise_allocated Terry Junge (1): HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Terry Tritton (1): selftests/seccomp: fix negative_ENOSYS tracer tests on arm32 Thangaraj Samynathan (2): net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy net: lan743x: Fix PHY reset handling during initialization and WOL Thomas Gleixner (1): x86/iopl: Cure TIF_IO_BITMAP inconsistencies Thomas Weißschuh (1): kunit/usercopy: Disable u64 test on 32-bit SPARC Thuan Nguyen (1): arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups Toke Høiland-Jørgensen (3): page_pool: Move pp_magic check into helper functions page_pool: Track DMA-mapped pages and unmap them when destroying the pool wifi: ath9k_htc: Abort software beacon handling if disabled Tzung-Bi Shih (1): kunit: Fix wrong parameter to kunit_deactivate_static_stub() Ulf Hansson (1): pmdomain: core: Introduce dev_pm_genpd_rpm_always_on() Uwe Kleine-König (2): iio: adc: ad7124: Fix 3dB filter frequency reading dt-bindings: pwm: adi,axi-pwmgen: Increase #pwm-cells to 3 Varadarajan Narayanan (1): arm64: dts: qcom: ipq9574: Fix USB vdd info Vignesh Raman (1): arm64: defconfig: mediatek: enable PHY drivers Vijendar Mukunda (1): ASoC: SOF: amd: add missing acp descriptor field Viktor Malik (1): libbpf: Fix buffer overflow in bpf_object__init_prog Vincent Knecht (1): clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Vishwaroop A (3): spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers spi: tegra210-quad: remove redundant error handling code spi: tegra210-quad: modify chip select (CS) deactivation WangYuli (1): MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Wei Fang (1): net: phy: clear phydev->devlink when the link is deleted Wentao Liang (1): nilfs2: add pointer check for nilfs_direct_propagate() Wilfred Mallawa (1): PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() Wojciech Slenska (1): pinctrl: qcom: pinctrl-qcm2290: Add missing pins Wolfram Sang (3): ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select ARM: dts: at91: at91sam9263: fix NAND chip selects rtc: sh: assign correct interrupts with DT Wupeng Ma (1): VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Xilin Wu (1): arm64: dts: qcom: sm8250: Fix CPU7 opp table Xin Li (Intel) (1): x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler Yabin Cui (1): coresight: catu: Introduce refcount and spinlock for enabling/disabling Yanqing Wang (1): driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Yaxiong Tian (1): PM: EM: Fix potential division-by-zero error in em_compute_costs() Yeoreum Yun (1): coresight: prevent deactivate active config while enabling the config Yevgeny Kliteynik (1): net/mlx5: HWS, fix missing ip_version handling in definer Yi Zhang (1): scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels YiFei Zhu (1): bpftool: Fix regression of "bpftool cgroup tree" EINVAL on older kernels Yihang Li (1): scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk Yongliang Gao (1): rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture Yu Kuai (2): brd: fix aligned_sector from brd_do_discard() brd: fix discard end sector Yunhui Cui (1): ACPI: CPPC: Fix NULL pointer dereference when nosmp is used Yuuki NAGAO (1): ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init Zhe Qiao (1): PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root() Zhen XIN (2): wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally Zhiguo Niu (2): f2fs: use d_inode(dentry) cleanup dentry->d_inode f2fs: fix to correct check conditions in f2fs_cross_rename Zhongqiu Duan (1): netfilter: nft_quota: match correctly when the quota just depleted Zijun Hu (2): PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() fs/filesystems: Fix potential unsigned integer underflow in fs_name() ping.gao (1): scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() yohan.joung (1): f2fs: prevent the current section from being selected as a victim during GC Álvaro Fernández Rojas (3): spi: bcm63xx-spi: fix shared reset spi: bcm63xx-hsspi: fix shared reset net: dsa: tag_brcm: legacy: fix pskb_may_pull length

1 week, 4 days

1
1
0 0

Linux 6.6.94

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.94 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/devicetree/bindings/phy/fsl,imx8mq-usb-phy.yaml | 3 Documentation/devicetree/bindings/regulator/mediatek,mt6357-regulator.yaml | 12 Documentation/devicetree/bindings/usb/cypress,hx3.yaml | 19 Documentation/devicetree/bindings/vendor-prefixes.yaml | 2 Makefile | 2 arch/arm/boot/dts/microchip/at91sam9263ek.dts | 2 arch/arm/boot/dts/microchip/tny_a9263.dts | 2 arch/arm/boot/dts/microchip/usb_a9263.dts | 4 arch/arm/boot/dts/qcom/qcom-apq8064.dtsi | 15 arch/arm/mach-aspeed/Kconfig | 1 arch/arm64/Kconfig | 6 arch/arm64/boot/dts/freescale/imx8mm-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mm-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-kit.dts | 1 arch/arm64/boot/dts/freescale/imx8mn-beacon-som.dtsi | 1 arch/arm64/boot/dts/freescale/imx8mp-beacon-som.dtsi | 1 arch/arm64/boot/dts/mediatek/mt6357.dtsi | 10 arch/arm64/boot/dts/mediatek/mt6359.dtsi | 4 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 50 +- arch/arm64/boot/dts/nvidia/tegra186.dtsi | 12 arch/arm64/boot/dts/nvidia/tegra194.dtsi | 12 arch/arm64/boot/dts/qcom/sc8280xp-lenovo-thinkpad-x13s.dts | 3 arch/arm64/boot/dts/qcom/sda660-inforce-ifc6560.dts | 2 arch/arm64/boot/dts/qcom/sdm660-xiaomi-lavender.dts | 3 arch/arm64/boot/dts/qcom/sdm845-samsung-starqltechn.dts | 16 arch/arm64/boot/dts/qcom/sm8250.dtsi | 2 arch/arm64/boot/dts/qcom/sm8350.dtsi | 6 arch/arm64/boot/dts/renesas/r8a779g0-white-hawk-ard-audio-da7212.dtso | 2 arch/arm64/boot/dts/rockchip/rk3399-puma-haikou.dts | 8 arch/arm64/boot/dts/rockchip/rk3568-nanopi-r5s.dtsi | 5 arch/arm64/boot/dts/ti/k3-am65-main.dtsi | 19 arch/arm64/boot/dts/ti/k3-j721e-common-proc-board.dts | 1 arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 166 +++++++ arch/arm64/configs/defconfig | 3 arch/arm64/include/asm/esr.h | 14 arch/arm64/include/asm/fpsimd.h | 3 arch/arm64/kernel/entry-common.c | 46 +- arch/arm64/kernel/fpsimd.c | 21 arch/arm64/xen/hypercall.S | 21 arch/m68k/mac/config.c | 2 arch/mips/boot/dts/loongson/loongson64c_4core_ls7a.dts | 1 arch/powerpc/kernel/Makefile | 2 arch/powerpc/kexec/crash.c | 5 arch/powerpc/platforms/book3s/vas-api.c | 9 arch/powerpc/platforms/powernv/memtrace.c | 8 arch/riscv/kvm/vcpu_sbi.c | 4 arch/s390/net/bpf_jit_comp.c | 12 arch/x86/include/asm/mwait.h | 9 arch/x86/kernel/cpu/common.c | 17 arch/x86/kernel/cpu/microcode/core.c | 2 arch/x86/kernel/cpu/mtrr/generic.c | 2 arch/x86/kernel/ioport.c | 13 arch/x86/kernel/process.c | 15 crypto/lrw.c | 4 crypto/xts.c | 4 drivers/acpi/acpica/exserial.c | 6 drivers/acpi/apei/Kconfig | 1 drivers/acpi/apei/ghes.c | 2 drivers/acpi/cppc_acpi.c | 2 drivers/acpi/osi.c | 1 drivers/base/power/domain.c | 2 drivers/base/power/main.c | 3 drivers/bluetooth/hci_qca.c | 14 drivers/bus/fsl-mc/fsl-mc-bus.c | 6 drivers/clk/bcm/clk-raspberrypi.c | 2 drivers/clk/qcom/camcc-sm6350.c | 18 drivers/clk/qcom/dispcc-sm6350.c | 3 drivers/clk/qcom/gcc-msm8939.c | 4 drivers/clk/qcom/gcc-sm6350.c | 6 drivers/clk/qcom/gpucc-sm6350.c | 6 drivers/counter/interrupt-cnt.c | 9 drivers/cpufreq/acpi-cpufreq.c | 2 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-cipher.c | 7 drivers/crypto/allwinner/sun8i-ce/sun8i-ce-hash.c | 34 - drivers/crypto/allwinner/sun8i-ce/sun8i-ce.h | 2 drivers/crypto/allwinner/sun8i-ss/sun8i-ss-cipher.c | 2 drivers/crypto/marvell/cesa/cipher.c | 3 drivers/crypto/marvell/cesa/hash.c | 2 drivers/dma/ti/k3-udma.c | 3 drivers/edac/i10nm_base.c | 35 - drivers/edac/skx_common.c | 1 drivers/edac/skx_common.h | 11 drivers/firmware/Kconfig | 1 drivers/firmware/arm_sdei.c | 11 drivers/firmware/efi/libstub/efi-stub-helper.c | 1 drivers/firmware/psci/psci.c | 4 drivers/fpga/tests/fpga-mgr-test.c | 1 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 drivers/gpu/drm/amd/pm/powerplay/hwmgr/ppatomctrl.c | 8 drivers/gpu/drm/bridge/lontium-lt9611uxc.c | 6 drivers/gpu/drm/mediatek/mtk_drm_drv.c | 31 + drivers/gpu/drm/meson/meson_drv.c | 2 drivers/gpu/drm/meson/meson_drv.h | 2 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 29 - drivers/gpu/drm/meson/meson_vclk.c | 226 +++++----- drivers/gpu/drm/meson/meson_vclk.h | 13 drivers/gpu/drm/renesas/rcar-du/rcar_du_kms.c | 10 drivers/gpu/drm/tegra/rgb.c | 14 drivers/gpu/drm/vc4/tests/vc4_mock_output.c | 36 + drivers/gpu/drm/vkms/vkms_crtc.c | 2 drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 26 + drivers/hid/hid-hyperv.c | 4 drivers/hid/usbhid/hid-core.c | 25 - drivers/hwmon/asus-ec-sensors.c | 4 drivers/hwtracing/coresight/coresight-config.h | 2 drivers/hwtracing/coresight/coresight-syscfg.c | 49 +- drivers/iio/adc/ad7124.c | 4 drivers/iio/filter/admv8818.c | 224 +++++++-- drivers/infiniband/core/cm.c | 16 drivers/infiniband/core/cma.c | 3 drivers/infiniband/hw/hns/hns_roce_ah.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 drivers/infiniband/hw/hns/hns_roce_hw_v2.h | 1 drivers/infiniband/hw/hns/hns_roce_main.c | 1 drivers/infiniband/hw/hns/hns_roce_restrack.c | 1 drivers/infiniband/hw/mlx5/qpc.c | 30 + drivers/input/rmi4/rmi_f34.c | 135 +++-- drivers/iommu/Kconfig | 1 drivers/iommu/iommu.c | 4 drivers/md/dm-flakey.c | 70 +-- drivers/md/dm.c | 30 - drivers/mfd/exynos-lpass.c | 1 drivers/mfd/stmpe-spi.c | 2 drivers/misc/vmw_vmci/vmci_host.c | 11 drivers/mtd/nand/ecc-mxic.c | 2 drivers/net/bonding/bond_main.c | 25 - drivers/net/dsa/b53/b53_common.c | 23 - drivers/net/ethernet/google/gve/gve_main.c | 2 drivers/net/ethernet/google/gve/gve_tx_dqo.c | 3 drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 11 drivers/net/ethernet/intel/ice/ice_main.c | 47 +- drivers/net/ethernet/intel/ice/ice_sched.c | 181 ++++++-- drivers/net/ethernet/marvell/octeontx2/nic/qos.c | 4 drivers/net/ethernet/mediatek/mtk_star_emac.c | 4 drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_accel/ipsec.c | 2 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 21 drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 5 drivers/net/ethernet/mellanox/mlx5/core/pagealloc.c | 2 drivers/net/ethernet/microchip/lan743x_main.c | 4 drivers/net/ethernet/microchip/lan966x/lan966x_main.c | 7 drivers/net/ethernet/microchip/lan966x/lan966x_main.h | 6 drivers/net/ethernet/microchip/lan966x/lan966x_ptp.c | 49 +- drivers/net/ethernet/microchip/lan966x/lan966x_switchdev.c | 1 drivers/net/ethernet/microchip/lan966x/lan966x_vlan.c | 21 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 5 drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 11 drivers/net/ethernet/stmicro/stmmac/stmmac_ptp.c | 2 drivers/net/macsec.c | 40 + drivers/net/phy/mdio_bus.c | 12 drivers/net/phy/mscc/mscc_ptp.c | 20 drivers/net/phy/phy_device.c | 4 drivers/net/usb/aqc111.c | 10 drivers/net/vmxnet3/vmxnet3_drv.c | 26 + drivers/net/wireguard/device.c | 1 drivers/net/wireless/ath/ath10k/snoc.c | 4 drivers/net/wireless/ath/ath11k/core.c | 37 - drivers/net/wireless/ath/ath11k/core.h | 4 drivers/net/wireless/ath/ath11k/debugfs.c | 62 +- drivers/net/wireless/ath/ath11k/mac.c | 4 drivers/net/wireless/ath/ath11k/wmi.c | 2 drivers/net/wireless/ath/ath12k/core.c | 8 drivers/net/wireless/ath/ath12k/dp_rx.c | 9 drivers/net/wireless/ath/ath12k/wmi.c | 3 drivers/net/wireless/ath/ath9k/htc_drv_beacon.c | 3 drivers/net/wireless/mediatek/mt76/mt7915/mmio.c | 6 drivers/net/wireless/mediatek/mt76/mt7996/dma.c | 4 drivers/net/wireless/mediatek/mt76/mt7996/init.c | 3 drivers/net/wireless/mediatek/mt76/mt7996/mt7996.h | 3 drivers/net/wireless/realtek/rtw88/coex.c | 2 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 3 drivers/net/wireless/realtek/rtw88/sdio.c | 10 drivers/net/wwan/t7xx/t7xx_netdev.c | 11 drivers/nvme/target/fcloop.c | 31 - drivers/pci/controller/cadence/pcie-cadence-host.c | 11 drivers/pci/controller/pcie-apple.c | 4 drivers/pci/pci.c | 2 drivers/pci/pcie/dpc.c | 2 drivers/perf/amlogic/meson_ddr_pmu_core.c | 2 drivers/phy/qualcomm/phy-qcom-qmp-usb.c | 6 drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 14 drivers/pinctrl/pinctrl-at91.c | 6 drivers/pinctrl/qcom/pinctrl-qcm2290.c | 9 drivers/power/reset/at91-reset.c | 5 drivers/ptp/ptp_private.h | 12 drivers/regulator/max20086-regulator.c | 6 drivers/remoteproc/qcom_wcnss_iris.c | 2 drivers/remoteproc/ti_k3_r5_remoteproc.c | 8 drivers/rpmsg/qcom_smd.c | 2 drivers/rtc/class.c | 2 drivers/rtc/lib.c | 24 - drivers/rtc/rtc-loongson.c | 8 drivers/rtc/rtc-sh.c | 12 drivers/scsi/hisi_sas/hisi_sas_main.c | 29 - drivers/scsi/qedf/qedf_main.c | 2 drivers/scsi/scsi_transport_iscsi.c | 11 drivers/soc/aspeed/aspeed-lpc-snoop.c | 17 drivers/spi/spi-bcm63xx-hsspi.c | 2 drivers/spi/spi-bcm63xx.c | 2 drivers/spi/spi-sh-msiof.c | 13 drivers/spi/spi-tegra210-quad.c | 24 - drivers/staging/media/rkvdec/rkvdec.c | 10 drivers/thunderbolt/ctl.c | 5 drivers/thunderbolt/usb4.c | 4 drivers/tty/serial/jsm/jsm_tty.c | 1 drivers/tty/serial/milbeaut_usio.c | 5 drivers/tty/serial/sh-sci.c | 81 ++- drivers/tty/vt/vt_ioctl.c | 2 drivers/ufs/core/ufs-mcq.c | 6 drivers/ufs/core/ufshcd.c | 7 drivers/ufs/host/ufs-qcom.c | 5 drivers/usb/cdns3/cdnsp-gadget.c | 21 drivers/usb/cdns3/cdnsp-gadget.h | 4 drivers/usb/class/usbtmc.c | 21 drivers/usb/core/hub.c | 16 drivers/usb/core/quirks.c | 3 drivers/usb/gadget/function/f_hid.c | 12 drivers/usb/renesas_usbhs/common.c | 50 +- drivers/usb/serial/pl2303.c | 2 drivers/usb/storage/unusual_uas.h | 7 drivers/usb/typec/tcpm/tcpci_maxim_core.c | 3 drivers/usb/typec/ucsi/ucsi.h | 2 drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.c | 79 ++- drivers/vfio/pci/hisilicon/hisi_acc_vfio_pci.h | 14 drivers/vfio/vfio_iommu_type1.c | 2 drivers/video/backlight/qcom-wled.c | 6 drivers/video/fbdev/core/fbcvt.c | 2 drivers/watchdog/exar_wdt.c | 2 drivers/xen/balloon.c | 13 fs/btrfs/scrub.c | 34 + fs/f2fs/data.c | 4 fs/f2fs/f2fs.h | 10 fs/f2fs/namei.c | 10 fs/f2fs/super.c | 4 fs/filesystems.c | 14 fs/gfs2/inode.c | 3 fs/kernfs/dir.c | 5 fs/kernfs/file.c | 3 fs/namespace.c | 25 - fs/nfs/super.c | 19 fs/nilfs2/btree.c | 4 fs/nilfs2/direct.c | 3 fs/ntfs3/index.c | 8 fs/ocfs2/quota_local.c | 2 fs/smb/client/cifssmb.c | 20 fs/squashfs/super.c | 5 include/linux/arm_sdei.h | 4 include/linux/bio.h | 2 include/linux/bvec.h | 7 include/linux/hid.h | 3 include/linux/io_uring_types.h | 3 include/linux/mdio.h | 5 include/linux/mlx5/driver.h | 1 include/linux/phy.h | 5 include/net/bluetooth/hci_core.h | 2 include/net/sock.h | 7 io_uring/io_uring.c | 10 io_uring/io_uring.h | 12 io_uring/kbuf.c | 3 io_uring/poll.c | 2 io_uring/rw.c | 26 - kernel/bpf/core.c | 29 - kernel/events/core.c | 50 +- kernel/power/hibernate.c | 5 kernel/power/main.c | 3 kernel/power/power.h | 4 kernel/power/wakelock.c | 3 kernel/rcu/tree.c | 10 kernel/rcu/tree.h | 2 kernel/rcu/tree_stall.h | 4 kernel/time/posix-cpu-timers.c | 9 kernel/trace/bpf_trace.c | 2 kernel/trace/trace.c | 2 kernel/trace/trace.h | 8 kernel/trace/trace_events_hist.c | 122 ++++- kernel/trace/trace_events_trigger.c | 20 lib/kunit/static_stub.c | 2 mm/kasan/report.c | 4 mm/kasan/shadow.c | 2 net/bluetooth/eir.c | 10 net/bluetooth/hci_core.c | 16 net/bluetooth/hci_sync.c | 20 net/bluetooth/l2cap_core.c | 3 net/bluetooth/mgmt.c | 140 ++---- net/bluetooth/mgmt_util.c | 49 +- net/bluetooth/mgmt_util.h | 8 net/bridge/netfilter/nf_conntrack_bridge.c | 12 net/core/skmsg.c | 53 +- net/dsa/tag_brcm.c | 2 net/ipv4/udp_offload.c | 5 net/ipv6/netfilter.c | 12 net/ipv6/netfilter/nft_fib_ipv6.c | 13 net/ipv6/seg6_local.c | 6 net/ncsi/internal.h | 21 net/ncsi/ncsi-pkt.h | 23 - net/ncsi/ncsi-rsp.c | 21 net/netfilter/nf_nat_core.c | 12 net/netfilter/nft_quota.c | 20 net/netfilter/nft_set_pipapo_avx2.c | 21 net/netfilter/nft_tunnel.c | 8 net/netlabel/netlabel_kapi.c | 5 net/openvswitch/flow.c | 2 net/sched/sch_ets.c | 2 net/sched/sch_prio.c | 2 net/sched/sch_red.c | 2 net/sched/sch_sfq.c | 5 net/sched/sch_tbf.c | 2 net/tipc/crypto.c | 6 net/tls/tls_sw.c | 15 net/xfrm/xfrm_device.c | 2 net/xfrm/xfrm_state.c | 2 scripts/Makefile.extrawarn | 12 scripts/gcc-plugins/gcc-common.h | 32 + scripts/gcc-plugins/randomize_layout_plugin.c | 40 - sound/soc/apple/mca.c | 23 + sound/soc/codecs/hda.c | 4 sound/soc/codecs/tas2764.c | 2 sound/soc/intel/avs/debugfs.c | 6 sound/soc/intel/avs/ipc.c | 4 sound/soc/sof/ipc4-pcm.c | 3 sound/soc/ti/omap-hdmi.c | 7 sound/usb/implicit.c | 1 tools/arch/x86/kcpuid/kcpuid.c | 47 +- tools/bpf/resolve_btfids/Makefile | 2 tools/lib/bpf/bpf_core_read.h | 6 tools/lib/bpf/libbpf.c | 5 tools/lib/bpf/linker.c | 4 tools/lib/bpf/nlattr.c | 15 tools/perf/Makefile.config | 2 tools/perf/builtin-record.c | 2 tools/perf/builtin-trace.c | 5 tools/perf/scripts/python/exported-sql-viewer.py | 5 tools/perf/tests/switch-tracking.c | 2 tools/perf/ui/browsers/hists.c | 2 tools/perf/util/intel-pt.c | 205 ++++++++- tools/testing/selftests/bpf/prog_tests/bpf_nf.c | 6 tools/testing/selftests/seccomp/seccomp_bpf.c | 7 338 files changed, 3244 insertions(+), 1524 deletions(-) Aaron Kling (1): arm64: tegra: Drop remaining serial clock-names and reset-names Adam Ford (5): arm64: dts: imx8mm-beacon: Fix RTC capacitive load arm64: dts: imx8mn-beacon: Fix RTC capacitive load arm64: dts: imx8mp-beacon: Fix RTC capacitive load arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI audio arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI audio Adrian Hunter (2): perf intel-pt: Fix PEBS-via-PT data_src perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 Ahmed S. Darwish (2): tools/x86/kcpuid: Fix error handling x86/cpu: Sanitize CPUID(0x80000000) output Al Viro (3): path_overmount(): avoid false negatives fix propagation graph breakage by MOVE_MOUNT_SET_GROUP move_mount(2) do_change_type(): refuse to operate on unmounted/not ours mounts Alexander Shiyan (1): power: reset: at91-reset: Optimize at91_reset() Alexander Sverdlin (1): counter: interrupt-cnt: Protect enable/disable OPs with mutex Alexandre Mergnat (2): rtc: Make rtc_time64_to_tm() support dates before 1970 rtc: Fix offset calculation for .start_secs < 0 Alexei Safin (1): hwmon: (asus-ec-sensors) check sensor index in read_string() Alexey Gladkov (1): mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE Alexey Kodanev (1): wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Alexey Minnekhanov (3): arm64: dts: qcom: sdm660-xiaomi-lavender: Add missing SD card detect GPIO arm64: dts: qcom: sdm660-lavender: Add missing USB phy supply arm64: dts: qcom: sda660-ifc6560: Fix dt-validate warning Alexis Lothoré (1): net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping Alok Tiwari (3): gve: Fix RX_BUFFERS_POSTED stat to report per-queue fill_cnt gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO scsi: iscsi: Fix incorrect error path labels for flashnode operations Amir Tzin (1): net/mlx5: Fix ECVF vports unload on shutdown flow Amit Sunil Dhamne (1): usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Anand Moon (1): perf/amlogic: Replace smp_processor_id() with raw_smp_processor_id() in meson_ddr_pmu_create() Andre Przywara (1): dt-bindings: vendor-prefixes: Add Liontron name Andreas Gruenbacher (1): gfs2: gfs2_create_inode error handling fix Andrew Cooper (1): x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() Andrey Konovalov (1): kasan: use unchecked __memset internally Andrey Vatoropin (1): fs/ntfs3: handle hdr_first_de() return value Andy Shevchenko (1): pinctrl: at91: Fix possible out-of-boundary access AngeloGioacchino Del Regno (4): drm/mediatek: mtk_drm_drv: Fix kobject put for mtk_mutex device ptr drm/mediatek: Fix kobject put for component sub-drivers drm/mediatek: mtk_drm_drv: Unbind secondary mmsys components on err arm64: dts: mediatek: mt8195: Reparent vdec1/2 and venc1 power domains Annie Li (1): x86/microcode/AMD: Do not return error when microcode update is not necessary Anton Protopopov (3): libbpf: Use proper errno value in linker bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ libbpf: Use proper errno value in nlattr Anubhav Shelat (1): perf trace: Always print return value for syscalls returning a pid Armin Wolf (1): ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" Arnaldo Carvalho de Melo (2): perf build: Warn when libdebuginfod devel files are not available perf ui browser hists: Set actions->thread before calling do_zoom_thread() Aurabindo Pillai (1): Revert "drm/amd/display: more liberal vmin/vmax update for freesync" Baochen Qiang (3): wifi: ath11k: avoid burning CPU in ath11k_debugfs_fw_stats_request() wifi: ath11k: don't use static variables in ath11k_debugfs_fw_stats_process() wifi: ath11k: don't wait when there is no vdev started Bartosz Golaszewski (1): Bluetooth: hci_qca: move the SoC type check to the right place Beleswar Padhi (1): arm64: dts: ti: k3-j721e-sk: Add support for multiple CAN instances Benjamin Marzinski (4): dm: don't change md if dm_table_set_restrictions() fails dm: free table mempools if not used in __bind dm-flakey: error all IOs when num_features is absent dm-flakey: make corrupting read bios work Biju Das (2): drm: rcar-du: Fix memory leak in rcar_du_vsps_init() drm/tegra: rgb: Fix the unbound reference count Bjorn Helgaas (1): PCI/DPC: Initialize aer_err_info before using it Brian Pellegrino (1): iio: filter: admv8818: Support frequencies >= 2^32 Caleb Connolly (1): ath10k: snoc: fix unbalanced IRQ enable in crash recovery Carlos Fernandez (1): macsec: MACsec SCI assignment for ES = 0 Cezary Rojewski (3): ASoC: codecs: hda: Fix RPM usage count underflow ASoC: Intel: avs: Fix deadlock when the failing IPC is SET_D0IX ASoC: Intel: avs: Verify content returned by parse_int_array() Chao Yu (3): f2fs: fix to do sanity check on sbi->total_valid_block_count f2fs: clean up w/ fscrypt_is_bounce_page() f2fs: fix to detect gcing page in f2fs_is_cp_guaranteed() Charalampos Mitrodimas (1): net: tipc: fix refcount warning in tipc_aead_encrypt Charles Han (1): drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table Charles Yeh (1): USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB Chenyuan Yang (1): phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug Christophe JAILLET (2): drm/bridge: lt9611uxc: Fix an error handling path in lt9611uxc_probe() mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() Claudiu Beznea (3): serial: sh-sci: Check if TX data was written to device in .tx_empty() serial: sh-sci: Move runtime PM enable to sci_probe_single() serial: sh-sci: Clean sci_ports[0] after at earlycon exit Corentin Labbe (1): crypto: sun8i-ss - do not use sg_dma_len before calling DMA functions Cosmin Ratiu (1): xfrm: Use xdo.dev instead of xdo.real_dev Dan Carpenter (5): remoteproc: qcom_wcnss_iris: Add missing put_device() on error in probe rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() net/mlx4_en: Prevent potential integer overflow calculating Hz pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() regulator: max20086: Fix refcount leak in max20086_parse_regulators_dt() Daniel Wagner (1): nvmet-fcloop: access fcpreq only when holding reqlock Daniil Tatianin (1): ACPICA: exserial: don't forget to handle FFixedHW opregions for reading Dapeng Mi (1): perf record: Fix incorrect --user-regs comments Dave Penkler (2): usb: usbtmc: Fix timeout value in get_stb usb: usbtmc: Fix read_stb function and get_stb ioctl David Heimann (1): ALSA: usb-audio: Add implicit feedback quirk for RODE AI-1 Dmitry Antipov (2): wifi: rtw88: do not ignore hardware read error during DPK Bluetooth: MGMT: iterate over mesh commands in mgmt_mesh_foreach() Dmitry Baryshkov (2): ARM: dts: qcom: apq8064: add missing clocks to the timer node ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device Dmitry Torokhov (1): Input: synaptics-rmi - fix crash with unsupported versions of F34 Dr. David Alan Gilbert (1): Bluetooth: MGMT: Remove unused mgmt_pending_find_data Dustin Lundquist (1): serial: jsm: fix NPE during jsm_uart_port_init Dzmitry Sankouski (4): arm64: dts: qcom: sdm845-starqltechn: remove wifi arm64: dts: qcom: sdm845-starqltechn: fix usb regulator mistake arm64: dts: qcom: sdm845-starqltechn: refactor node order arm64: dts: qcom: sdm845-starqltechn: remove excess reserved gpios Easwar Hariharan (1): wifi: ath11k: convert timeouts to secs_to_jiffies() Eddie James (1): powerpc/crash: Fix non-smp kexec preparation Eric Dumazet (6): net_sched: sch_sfq: fix a potential crash on gso_skb handling net_sched: prio: fix a race in prio_tune() net_sched: red: fix a race in __red_change() net_sched: tbf: fix a race in tbf_change() net_sched: ets: fix a race in ets_qdisc_change() calipso: unlock rcu before returning -EAFNOSUPPORT Faicker Mo (1): net: openvswitch: Fix the dead loop of MPLS parse Fernando Fernandez Mancera (1): netfilter: nft_tunnel: fix geneve_opt dump Finn Thain (1): m68k: mac: Fix macintosh_config for Mac II Florian Westphal (3): netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy netfilter: nf_set_pipapo_avx2: fix initial map fill netfilter: nf_nat: also check reverse tuple to obtain clashing entry Gabor Juhos (2): pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 pinctrl: armada-37xx: set GPIO output value before setting direction Gautham R. Shenoy (1): acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() Geert Uytterhoeven (1): spi: sh-msiof: Fix maximum DMA transfer size Greg Kroah-Hartman (3): net: phy: fix up const issues in to_mdio_device() and to_phy_device() Revert "io_uring: ensure deferred completions are posted for multishot" Linux 6.6.94 Hangbin Liu (1): bonding: assign random address if device address is same as bond Hans Zhang (2): efi/libstub: Describe missing 'out' parameter in efi_load_initrd PCI: cadence: Fix runtime atomic count underflow Haren Myneni (1): powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() Hari Kalavakunta (1): net: ncsi: Fix GCPS 64-bit member variables Hariprasad Kelam (1): octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback Hector Martin (2): ASoC: tas2764: Enable main IRQs PCI: apple: Use gpiod_set_value_cansleep in probe flow Henry Martin (6): clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() backlight: pm8941: Add NULL check in wled_configure() dmaengine: ti: Add NULL check in udma_probe() serial: Fix potential null-ptr-deref in mlb_usio_probe() Herbert Xu (4): crypto: marvell/cesa - Handle zero-length skcipher requests crypto: marvell/cesa - Avoid empty transfer descriptor crypto: lrw - Only add ecb if it is not already there crypto: xts - Only add ecb if it is not already there Hongyu Xie (1): usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Horatiu Vultur (4): net: lan966x: Fix 1-step timestamping over ipv4 or ipv6 net: phy: mscc: Fix memory leak when using one step timestamping net: phy: mscc: Stop clearing the the UDPv4 checksum for L2 frames net: lan966x: Make sure to insert the vlan tags also in host mode Huajian Yang (1): netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it Huang Yiwei (1): firmware: SDEI: Allow sdei initialization without ACPI_APEI_GHES I Hsin Cheng (1): drm/meson: Use 1000ULL when operating with mode->clock Ian Forbes (1): drm/vmwgfx: Add seqno waiter for sync_files Ido Schimmel (1): seg6: Fix validation of nexthop addresses Ilya Leoshkevich (1): s390/bpf: Store backchain even for leaf progs Ioana Ciornei (1): bus: fsl-mc: fix double-free on mc_dev Jack Morgenstein (1): RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work Jacob Moroni (1): IB/cm: use rwlock for MAD agent lock Jakub Raczynski (2): net/mdiobus: Fix potential out-of-bounds read/write access net/mdiobus: Fix potential out-of-bounds clause 45 read/write access Jason Gunthorpe (1): iommu: Protect against overflow in iommu_pgsize() Jeff Johnson (1): wifi: ath11k: fix soc_dp_stats debugfs file permission Jens Axboe (3): io_uring: add io_file_can_poll() helper io_uring/rw: allow pollable non-blocking attempts for !FMODE_NOWAIT io_uring/rw: fix wrong NOWAIT check in io_rw_init_file() Jeongjun Park (1): ptp: remove ptp->n_vclocks check logic in ptp_vclock_in_use() Jianbo Liu (1): net/mlx5e: Fix leak of Geneve TLV option object Jiaqing Zhao (1): x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() Jiayi Li (1): usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Jiayuan Chen (5): bpf: fix ktls panic with sockmap bpf, sockmap: fix duplicated data transmission bpf, sockmap: Fix panic when calling skb_linearize ktls, sockmap: Fix missing uncharge operation bpf, sockmap: Avoid using sk_socket after free when sending Jinjian Song (1): net: wwan: t7xx: Fix napi rx poll issue Jiri Slaby (SUSE) (1): powerpc: do not build ppc_save_regs.o always Joel Stanley (1): ARM: aspeed: Don't select SRAM Jonas Gorski (2): net: dsa: b53: do not enable RGMII delay on bcm63xx net: dsa: b53: allow RGMII for bcm63xx RGMII ports Jonas Karlman (1): media: rkvdec: Fix frame size enumeration Jonathan Wiepert (1): Use thread-safe function pointer in libbpf_print Judith Mendez (2): arm64: dts: ti: k3-am65-main: Fix sdhci node properties arm64: dts: ti: k3-am65-main: Add missing taps to sdhci0 Julien Massot (2): arm64: dts: mt6359: Add missing 'compatible' property to regulators node arm64: dts: mt6359: Rename RTC node to match binding expectations Junxian Huang (1): RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h KaFai Wan (1): bpf: Avoid __bpf_prog_ret0_warn when jit fails Kees Cook (6): ASoC: SOF: ipc4-pcm: Adjust pipeline_list->pipelines allocation type watchdog: exar: Shorten identity name to fit correctly drm/vkms: Adjust vkms_state->active_planes allocation type scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops randstruct: gcc-plugin: Remove bogus void member randstruct: gcc-plugin: Fix attribute addition Kornel Dulęba (1): arm64: Support ARM64_VA_BITS=52 when setting ARCH_MMAP_RND_BITS_MAX Kuniyuki Iwashima (1): calipso: Don't call calipso functions for AF_INET sk. Lad Prabhakar (1): usb: renesas_usbhs: Reorder clock handling and power management in probe Leo Yan (1): perf tests switch-tracking: Fix timestamp comparison Li Lingfeng (2): nfs: clear SB_RDONLY before getting superblock nfs: ignore SB_RDONLY when remounting nfs Li RongQing (1): vfio/type1: Fix error unwind in migration dirty bitmap allocation Liu Dalin (1): rtc: loongson: Add missing alarm notifications for ACPI RTC events Longfang Liu (3): hisi_acc_vfio_pci: fix XQE dma address error hisi_acc_vfio_pci: add eq and aeq interruption restore hisi_acc_vfio_pci: bugfix live migration function without VF device driver Lorenzo Bianconi (1): bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps Luca Weiss (5): clk: qcom: camcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: dispcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gcc-sm6350: Add *_wait_val values for GDSCs clk: qcom: gpucc-sm6350: Add *_wait_val values for GDSCs arm64: dts: qcom: sm8350: Reenable crypto & cryptobam Luiz Augusto von Dentz (6): Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete Bluetooth: MGMT: Protect mgmt_pending list with its own lock Bluetooth: Fix NULL pointer deference on eir_get_service_data Bluetooth: hci_sync: Fix broadcast/PA when using an existing instance Bluetooth: MGMT: Fix sparse errors Lukasz Czechowski (1): dt-bindings: usb: cypress,hx3: Add support for all variants Maharaja Kennadyrajan (1): wifi: ath12k: fix node corruption in ar->arvifs list Mario Limonciello (1): thunderbolt: Fix a logic error in wake on connect Mark Brown (1): arm64/fpsimd: Discard stale CPU state when handling SME traps Mark Rutland (3): arm64/fpsimd: Avoid RES0 bits in the SME trap handler arm64/fpsimd: Fix merging of FPSIMD state during signal return arm64/fpsimd: Do not discard modified SVE state Martin Blumenstingl (4): drm/meson: use unsigned long long / Hz for frequency types drm/meson: fix debug log statement when setting the HDMI clocks drm/meson: use vclk_freq instead of pixel_freq in debug print drm/meson: fix more rounding issues with 59.94Hz modes Martin Povišer (1): ASoC: apple: mca: Constrain channels according to TDM mask Mathias Nyman (1): usb: Flush altsetting 0 endpoints before reinitializating them after reset. Matthew Wilcox (Oracle) (2): bio: Fix bio_first_folio() for SPARSEMEM without VMEMMAP block: Fix bvec_set_folio() for very large folios Maxime Ripard (1): drm/vc4: tests: Use return instead of assert Miaoqian Lin (2): firmware: psci: Fix refcount leak in psci_dt_init tracing: Fix error handling in event_trigger_parse() Michal Koutný (1): kernfs: Relax constraint in draining guard Michal Kubiak (3): ice: fix Tx scheduler error handling in XDP callback ice: create new Tx scheduler nodes for new queues only ice: fix rebuilding the Tx scheduler tree for large queue counts Michal Luczaj (1): net: Fix TOCTOU issue in sk_is_readable() Mikhail Arkhipov (1): mtd: nand: ecc-mxic: Fix use of uninitialized variable ret Mirco Barone (1): wireguard: device: enable threaded NAPI Moshe Shemesh (1): net/mlx5: Ensure fw pages are always allocated on same NUMA Murad Masimov (1): ocfs2: fix possible memory leak in ocfs2_finish_quota_recovery Namhyung Kim (1): perf trace: Fix leaks of 'struct thread' in set_filter_loop_pids() Nathan Chancellor (1): kbuild: Disable -Wdefault-const-init-unsafe Neill Kapron (1): selftests/seccomp: fix syscall_restart test for arm compat Nicolas Pitre (1): vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() Nikita Zhandarovich (1): net: usb: aqc111: fix error handling of usbnet read calls Nitin Rawat (1): scsi: ufs: qcom: Prevent calling phy_exit() before phy_init() Nícolas F. R. A. Prado (2): arm64: dts: mediatek: mt6357: Drop regulator-fixed compatibles regulator: dt-bindings: mt6357: Drop fixed compatible requirement Oleg Nesterov (1): posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() Oliver Neukum (1): net: usb: aqc111: debug info before sanitation Ovidiu Panait (3): crypto: sun8i-ce-hash - fix error handling in sun8i_ce_hash_run() crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare() crypto: sun8i-ce - move fallback ahash_request to the end of the struct P Praneesh (1): wifi: ath12k: Add MSDU length validation for TKIP MIC error Pali Rohár (1): cifs: Fix validation of SMB1 query reparse point response Pan Taixi (1): tracing: Fix compilation warning on arm32 Patrisious Haddad (2): RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction net/mlx5: Fix return value when searching for existing flow group Pauli Virtanen (1): Bluetooth: hci_core: fix list_for_each_entry_rcu usage Pawel Laszczak (2): usb: cdnsp: Fix issue with detecting command completion event usb: cdnsp: Fix issue with detecting USB 3.2 speed Peter Chiu (1): wifi: mt76: mt7996: set EHT max ampdu length capability Peter Robinson (1): arm64: dts: rockchip: Update eMMC for NanoPi R5 series Peter Zijlstra (1): perf: Ensure bpf_perf_link path is properly serialized Phillip Lougher (1): Squashfs: check return result of sb_min_blocksize Prasanth Babu Mantena (1): arm64: dts: ti: k3-j721e-common-proc-board: Enable OSPI1 on J721E Qasim Ijaz (2): usb: typec: ucsi: fix Clang -Wsign-conversion warning fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt() Qing Wang (1): perf/core: Fix broken throttling when max_samples_per_tick=1 Qiuxu Zhuo (2): EDAC/skx_common: Fix general protection fault EDAC/{skx_common,i10nm}: Fix the loss of saved RRL for HBM pseudo channel 0 Qu Wenruo (2): btrfs: scrub: update device stats when an error is detected btrfs: scrub: fix a wrong error type when metadata bytenr mismatches Quentin Schulz (2): arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou net: stmmac: platform: guarantee uniqueness of bus_id Radim Krčmář (1): RISC-V: KVM: lock the correct mp_state during reset Rafael J. Wysocki (2): PM: sleep: Print PM debug messages during hibernation PM: sleep: Fix power.is_suspended cleanup for direct-complete devices Rajat Soni (1): wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Ramya Gnanasekar (1): wifi: ath12k: Fix WMI tag for EHT rate in peer assoc Ritesh Harjani (IBM) (1): powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap Robert Malz (2): i40e: return false from i40e_reset_vf if reset is in progress i40e: retry VFLR handling if there is ongoing VF reset Rodrigo Gobbi (1): wifi: ath11k: validate ath11k_crypto_mode on top of ath11k_core_qmi_firmware_ready Roger Pau Monne (1): xen/x86: fix initial memory balloon target Rolf Eike Beer (1): iommu: remove duplicate selection of DMAR_TABLE Ronak Doshi (1): vmxnet3: correctly report gso type for UDP tunnels Ryusuke Konishi (1): nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() Saket Kumar Bhaskar (1): selftests/bpf: Fix bpf_nf selftest failure Sam Winchenbach (3): iio: filter: admv8818: fix band 4, state 15 iio: filter: admv8818: fix integer overflow iio: filter: admv8818: fix range calculation Sanjeev Yadav (1): scsi: core: ufs: Fix a hang in the error handler Sergey Senozhatsky (1): thunderbolt: Do not double dequeue a configuration request Sergey Shtylyov (1): fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() Shayne Chen (1): wifi: mt76: mt7996: fix RX buffer size of MCU event Shiming Cheng (1): net: fix udp gso skb_segment after pull from frag_list Siddharth Vadapalli (1): remoteproc: k3-r5: Drop check performed in k3_r5_rproc_{mbox_callback/kick} Stefano Stabellini (1): xen/arm: call uaccess_ttbr0_enable for dm_op hypercall Stephan Gerhold (1): arm64: dts: qcom: sc8280xp-x13s: Drop duplicate DMIC supplies Steven Rostedt (2): tracing: Move histogram trigger variables from stack to per CPU structure tracing: Rename event_trigger_alloc() to trigger_data_alloc() Stone Zhang (1): wifi: ath11k: fix node corruption in ar->arvifs list Su Hui (1): soc: aspeed: lpc: Fix impossible judgment condition Suleiman Souhlal (1): tools/resolve_btfids: Fix build when cross compiling kernel with clang. Tao Chen (2): libbpf: Remove sample_period init in perf_buffer bpf: Fix WARN() in get_bpf_raw_tp_regs Terry Junge (1): HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Thangaraj Samynathan (1): net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy Thomas Gleixner (1): x86/iopl: Cure TIF_IO_BITMAP inconsistencies Thuan Nguyen (1): arm64: dts: renesas: white-hawk-ard-audio: Fix TPU0 groups Toke Høiland-Jørgensen (1): wifi: ath9k_htc: Abort software beacon handling if disabled Tzung-Bi Shih (1): kunit: Fix wrong parameter to kunit_deactivate_static_stub() Uwe Kleine-König (1): iio: adc: ad7124: Fix 3dB filter frequency reading Vaishnav Achath (1): arm64: dts: ti: k3-j721e-sk: Model CSI2RX connector mux Vignesh Raman (1): arm64: defconfig: mediatek: enable PHY drivers Viktor Malik (1): libbpf: Fix buffer overflow in bpf_object__init_prog Vincent Knecht (1): clk: qcom: gcc-msm8939: Fix mclk0 & mclk1 for 24 MHz Vishwaroop A (3): spi: tegra210-quad: Fix X1_X2_X4 encoding and support x4 transfers spi: tegra210-quad: remove redundant error handling code spi: tegra210-quad: modify chip select (CS) deactivation WangYuli (1): MIPS: Loongson64: Add missing '#interrupt-cells' for loongson64c_ls7a Wei Fang (1): net: phy: clear phydev->devlink when the link is deleted Wentao Liang (1): nilfs2: add pointer check for nilfs_direct_propagate() Wilfred Mallawa (1): PCI: Print the actual delay time in pci_bridge_wait_for_secondary_bus() Wojciech Slenska (1): pinctrl: qcom: pinctrl-qcm2290: Add missing pins Wolfram Sang (3): ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select ARM: dts: at91: at91sam9263: fix NAND chip selects rtc: sh: assign correct interrupts with DT Wupeng Ma (1): VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify Xilin Wu (1): arm64: dts: qcom: sm8250: Fix CPU7 opp table Xu Yang (1): dt-bindings: phy: imx8mq-usb: fix fsl,phy-tx-vboost-level-microvolt property Yanqing Wang (1): driver: net: ethernet: mtk_star_emac: fix suspend/resume issue Yemike Abhilash Chandra (1): arm64: dts: ti: k3-j721e-sk: Add DT nodes for power regulators Yeoreum Yun (1): coresight: prevent deactivate active config while enabling the config Yihang Li (1): scsi: hisi_sas: Call I_T_nexus after soft reset for SATA disk Yongliang Gao (1): rcu/cpu_stall_cputime: fix the hardirq count for x86 architecture Yunhui Cui (1): ACPI: CPPC: Fix NULL pointer dereference when nosmp is used Yuuki NAGAO (1): ASoC: ti: omap-hdmi: Re-add dai_link->platform to fix card init Zhen XIN (2): wifi: rtw88: sdio: map mgmt frames to queue TX_DESC_QSEL_MGMT wifi: rtw88: sdio: call rtw_sdio_indicate_tx_status unconditionally Zhiguo Niu (2): f2fs: use d_inode(dentry) cleanup dentry->d_inode f2fs: fix to correct check conditions in f2fs_cross_rename Zhongqiu Duan (1): netfilter: nft_quota: match correctly when the quota just depleted Zijun Hu (2): PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() fs/filesystems: Fix potential unsigned integer underflow in fs_name() ping.gao (1): scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() Álvaro Fernández Rojas (3): spi: bcm63xx-spi: fix shared reset spi: bcm63xx-hsspi: fix shared reset net: dsa: tag_brcm: legacy: fix pskb_may_pull length

1 week, 4 days

1
1
0 0

[PATCH] sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

by Jeff Layton

tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a way that SVC_GARBAGE is returned without setting the rq_accept_statp pointer, then that pointer can be dereferenced and a value stored there. If it's the first time the thread has processed an RPC, then that pointer will be set to NULL and the kernel will crash. In other cases, it could create a memory scribble. The server sunrpc code treats a SVC_GARBAGE return from svc_authenticate or pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531 says that if authentication fails that the RPC should be rejected instead with a status of AUTH_ERR. Handle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of AUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This sidesteps the whole problem of touching the rpc_accept_statp pointer in this situation and avoids the crash. Cc: stable(a)vger.kernel.org Fixes: 29cd2927fb91 ("SUNRPC: Fix encoding of accepted but unsuccessful RPC replies") Reported-by: tianshuo han <hantianshuo233(a)gmail.com> Reviewed-by: Chuck Lever <chuck.lever(a)oracle.com> Signed-off-by: Jeff Layton <jlayton(a)kernel.org> --- This should be more correct. Unfortunately, I don't know of any testcases for low-level RPC error handling. That seems like something that would be nice to do with pynfs or similar though. --- net/sunrpc/svc.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c index 939b6239df8ab6229ce34836d77d3a6b983fbbb7..99050ab1435148ac5d52b697ab1a771b9e948143 100644 --- a/net/sunrpc/svc.c +++ b/net/sunrpc/svc.c @@ -1375,7 +1375,8 @@ svc_process_common(struct svc_rqst *rqstp) case SVC_OK: break; case SVC_GARBAGE: - goto err_garbage_args; + rqstp->rq_auth_stat = rpc_autherr_badcred; + goto err_bad_auth; case SVC_SYSERR: goto err_system_err; case SVC_DENIED: @@ -1516,14 +1517,6 @@ svc_process_common(struct svc_rqst *rqstp) *rqstp->rq_accept_statp = rpc_proc_unavail; goto sendit; -err_garbage_args: - svc_printk(rqstp, "failed to decode RPC header\n"); - - if (serv->sv_stats) - serv->sv_stats->rpcbadfmt++; - *rqstp->rq_accept_statp = rpc_garbage_args; - goto sendit; - err_system_err: if (serv->sv_stats) serv->sv_stats->rpcbadfmt++; --- base-commit: 9afe652958c3ee88f24df1e4a97f298afce89407 change-id: 20250617-rpc-6-16-cc7a23e9c961 Best regards, -- Jeff Layton <jlayton(a)kernel.org>

1 week, 4 days

2
1
0 0

[PATCH v1 1/2] usb: xhci: Skip xhci_reset in xhci_resume if xhci is being removed

by Roy Luo

xhci_reset() currently returns -ENODEV if XHCI_STATE_REMOVING is set, without completing the xhci handshake, unless the reset completes exceptionally quickly. This behavior causes a regression on Synopsys DWC3 USB controllers with dual-role capabilities. Specifically, when a DWC3 controller exits host mode and removes xhci while a reset is still in progress, and then attempts to configure its hardware for device mode, the ongoing, incomplete reset leads to critical register access issues. All register reads return zero, not just within the xHCI register space (which might be expected during a reset), but across the entire DWC3 IP block. This patch addresses the issue by preventing xhci_reset() from being called in xhci_resume() and bailing out early in the reinit flow when XHCI_STATE_REMOVING is set. Cc: stable(a)vger.kernel.org Fixes: 6ccb83d6c497 ("usb: xhci: Implement xhci_handshake_check_state() helper") Suggested-by: Mathias Nyman <mathias.nyman(a)intel.com> Signed-off-by: Roy Luo <royluo(a)google.com> --- drivers/usb/host/xhci.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c index 90eb491267b5..244b12eafd95 100644 --- a/drivers/usb/host/xhci.c +++ b/drivers/usb/host/xhci.c @@ -1084,7 +1084,10 @@ int xhci_resume(struct xhci_hcd *xhci, bool power_lost, bool is_auto_resume) xhci_dbg(xhci, "Stop HCD\n"); xhci_halt(xhci); xhci_zero_64b_regs(xhci); - retval = xhci_reset(xhci, XHCI_RESET_LONG_USEC); + if (xhci->xhc_state & XHCI_STATE_REMOVING) + retval = -ENODEV; + else + retval = xhci_reset(xhci, XHCI_RESET_LONG_USEC); spin_unlock_irq(&xhci->lock); if (retval) return retval; -- 2.49.0.1204.g71687c7c1d-goog

1 week, 4 days

4
8
0 0

[PATCH 0/7] KVM: arm64: trap fixes and cleanup

by Mark Rutland

This series fixes some issues with the way KVM manages traps in VHE mode, with some cleanups/simplifications atop. Patch 1 fixes a theoretical issue with debug register manipulation, which has been around forever. This was found by inspection while working on other fixes. Patch 2 fixes an issue with NV where a host may take unexpected traps as a result of a guest hypervisor's configuration of CPTR_EL2. Patch 5 fixes an issue with NV where a guest hypervisor's configuration of CPTR_EL2 may not be taken into account when running a guest guest, incorrectly permitting usage of SVE when this should be trapped to the guest hypervisor. The other patches in the series are prepartory work and cleanup. Originally I intended to simplify/cleanup to kvm_hyp_handle_fpsimd() and kvm_hyp_save_fpsimd_host(), as discussed with Will on an earlier series: https://lore.kernel.org/linux-arm-kernel/20250210161242.GC7568@willie-the-t… https://lore.kernel.org/linux-arm-kernel/Z6owjEPNaJ55e9LM@J2N7QTR9R3/ https://lore.kernel.org/linux-arm-kernel/20250210180637.GA7926@willie-the-t… https://lore.kernel.org/linux-arm-kernel/Z6pbeIsIMWexiDta@J2N7QTR9R3/ In the process of implementing that, I realised that the CPTR trap management wasn't quite right for NV, and found the potential issue with debug register configuration. I've given the series some light testing on a fast model so far; any further testing and/or review would be much appreciated. The series is based on the 'kvmarm-fixes-6.16-2' tag from the kvmarm tree. Mark. Mark Rutland (7): KVM: arm64: VHE: Synchronize restore of host debug registers KVM: arm64: VHE: Synchronize CPTR trap deactivation KVM: arm64: Reorganise CPTR trap manipulation KVM: arm64: Remove ad-hoc CPTR manipulation from fpsimd_sve_sync() KVM: arm64: Remove ad-hoc CPTR manipulation from kvm_hyp_handle_fpsimd() KVM: arm64: Remove cpacr_clear_set() KVM: arm64: VHE: Centralize ISBs when returning to host arch/arm64/include/asm/kvm_emulate.h | 62 ---------- arch/arm64/include/asm/kvm_host.h | 6 +- arch/arm64/kvm/hyp/include/hyp/switch.h | 147 ++++++++++++++++++++++-- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 5 +- arch/arm64/kvm/hyp/nvhe/switch.c | 59 ---------- arch/arm64/kvm/hyp/vhe/switch.c | 107 +++-------------- 6 files changed, 158 insertions(+), 228 deletions(-) -- 2.30.2

1 week, 4 days

2
8
0 0

[PATCH V3 2/2] PCI: Prevent LS7A Bus Master clearing on kexec

by Huacai Chen

This is similar to commit 62b6dee1b44a ("PCI/portdrv: Prevent LS7A Bus Master clearing on shutdown"), which prevents LS7A Bus Master clearing on kexec. The key point of this is to work around the LS7A defect that clearing PCI_COMMAND_MASTER prevents MMIO requests from going downstream, and we may need to do that even after .shutdown(), e.g., to print console messages. And in this case we rely on .shutdown() for the downstream devices to disable interrupts and DMA. Only skip Bus Master clearing on bridges because endpoint devices still need it. Cc: <stable(a)vger.kernel.org> Signed-off-by: Ming Wang <wangming01(a)loongson.cn> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- drivers/pci/pci-driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index 602838416e6a..8a1e32367a06 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -517,7 +517,7 @@ static void pci_device_shutdown(struct device *dev) * If it is not a kexec reboot, firmware will hit the PCI * devices with big hammer and stop their DMA any way. */ - if (kexec_in_progress && (pci_dev->current_state <= PCI_D3hot)) + if (kexec_in_progress && !pci_is_bridge(pci_dev) && (pci_dev->current_state <= PCI_D3hot)) pci_clear_master(pci_dev); } -- 2.47.1

1 week, 4 days

3
2
0 0

[PATCH V3 1/2] PCI: Use local_pci_probe() when best selected cpu is offline

by Huacai Chen

From: Hongchen Zhang <zhanghongchen(a)loongson.cn> When the best selected CPU is offline, work_on_cpu() will stuck forever. This can be happen if a node is online while all its CPUs are offline (we can use "maxcpus=1" without "nr_cpus=1" to reproduce it), Therefore, in this case, we should call local_pci_probe() instead of work_on_cpu(). Cc: <stable(a)vger.kernel.org> Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> Signed-off-by: Hongchen Zhang <zhanghongchen(a)loongson.cn> --- drivers/pci/pci-driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pci/pci-driver.c b/drivers/pci/pci-driver.c index c8bd71a739f7..602838416e6a 100644 --- a/drivers/pci/pci-driver.c +++ b/drivers/pci/pci-driver.c @@ -386,7 +386,7 @@ static int pci_call_probe(struct pci_driver *drv, struct pci_dev *dev, free_cpumask_var(wq_domain_mask); } - if (cpu < nr_cpu_ids) + if ((cpu < nr_cpu_ids) && cpu_online(cpu)) error = work_on_cpu(cpu, local_pci_probe, &ddi); else error = local_pci_probe(&ddi); -- 2.47.1

1 week, 4 days

3
2
0 0

[PATCH 0/2] Fixes in snps-phy HDMI PLL algorithm

by Ankit Nautiyal

Fixes/improvement in snps-phy HDMI PLL algorithm. Ankit Nautiyal (2): drm/i915/snps_hdmi_pll: Fix 64-bit divisor truncation by using div64_u64 drm/i915/snps_hdmi_pll: Use clamp() instead of max(min()) drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -- 2.45.2

1 week, 4 days

4
5
0 0

[PATCH v2 6.12.y] Kunit to check the longest symbol length

by Sergio González Collado

Hello, Please consider applying the following commits for 6.12.y: c104c16073b7 ("Kunit to check the longest symbol length") 54338750578f ("x86/tools: Drop duplicate unlikely() definition in insn_decoder_test.c") They should apply cleanly. Those two commits implement a kunit test to verify that a symbol with KSYM_NAME_LEN of 512 can be read. The first commit implements the test. This commit also includes a fix for the test x86/insn_decoder_test. In the case a symbol exceeds the symbol length limit, an error will happen: arch/x86/tools/insn_decoder_test: error: malformed line 1152000: tBb_+0xf2> ..which overflowed by 10 characters reading this line: ffffffff81458193: 74 3d je ffffffff814581d2 <_RNvXse_NtNtNtCshGpAVYOtgW1_4core4iter8adapters7flattenINtB5_13FlattenCompatINtNtB7_3map3MapNtNtNtBb_3str4iter5CharsNtB1v_17CharEscapeDefaultENtNtBb_4char13EscapeDefaultENtNtBb_3fmt5Debug3fmtBb_+0xf2> The fix was proposed in [1] and initially mentioned at [2]. The second commit fixes a warning when building with clang because there was a definition of unlikely from compiler.h in tools/include/linux, which conflicted with the one in the instruction decoder selftest. [1] https://lore.kernel.org/lkml/Y9ES4UKl%2F+DtvAVS@gmail.com/ [2] https://lore.kernel.org/lkml/320c4dba-9919-404b-8a26-a8af16be1845@app.fastm… I will send something similar to 6.6.y and 6.1.y Thanks! Best regards, Sergio

1 week, 4 days

2
3
0 0

[PATCH 6.1 1/1] objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()

by Dmitriy Privalov

If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the entire amd_spi_freq array without breaking out early, causing 'i' to go beyond the array bounds. Fix that by stopping the loop when it gets to the last entry, so the low speed_hz value gets clamped up to AMD_SPI_MIN_HZ. Fixes the following warning with an UBSAN kernel: drivers/spi/spi-amd.o: error: objtool: amd_set_spi_freq() falls through to next function amd_spi_set_opcode() Fixes: 3fe26121dc3a ("spi: amd: Configure device speed") Reported-by: kernel test robot <lkp(a)intel.com> Signed-off-by: Josh Poimboeuf <jpoimboe(a)kernel.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Acked-by: Mark Brown <broonie(a)kernel.org> Cc: Raju Rangoju <Raju.Rangoju(a)amd.com> Cc: Linus Torvalds <torvalds(a)linux-foundation.org> Link: https://lore.kernel.org/r/78fef0f2434f35be9095bcc9ffa23dd8cab667b9.17428528… Closes: https://lore.kernel.org/r/202503161828.RUk9EhWx-lkp@intel.com/ Signed-off-by: Dmitriy Privalov <d.privalov(a)omp.ru> --- drivers/spi/spi-amd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/spi/spi-amd.c b/drivers/spi/spi-amd.c index bfc3ab5f39ea..b53301e563bc 100644 --- a/drivers/spi/spi-amd.c +++ b/drivers/spi/spi-amd.c @@ -243,7 +243,7 @@ static int amd_set_spi_freq(struct amd_spi *amd_spi, u32 speed_hz) if (speed_hz < AMD_SPI_MIN_HZ) return -EINVAL; - for (i = 0; i < ARRAY_SIZE(amd_spi_freq); i++) + for (i = 0; i < ARRAY_SIZE(amd_spi_freq)-1; i++) if (speed_hz >= amd_spi_freq[i].speed_hz) break; -- 2.34.1

1 week, 4 days

1
1
0 0

[PATCH v 4] usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY

by Minas Harutyunyan

For UTMI+ PHY, according to programming guide, first should be set PMUACTV bit then STOPPCLK bit. Otherwise, when the device issues Remote Wakeup, then host notices disconnect instead. For ULPI PHY, above mentioned bits must be set in reversed order: STOPPCLK then PMUACTV. Fixes: 4483ef3c1685 ("usb: dwc2: Add hibernation updates for ULPI PHY") Cc: stable(a)vger.kernel.org Reported-by: Tomasz Mon <tomasz.mon(a)nordicsemi.no> Signed-off-by: Minas Harutyunyan <Minas.Harutyunyan(a)synopsys.com> --- Changes in v4: - Rebased on top of Linux 6.15-rc6 Changes in v3: - Rebased on top of 6.15-rc4 Changes in v2: - Added Cc: stable(a)vger.kernel.org drivers/usb/dwc2/gadget.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/drivers/usb/dwc2/gadget.c b/drivers/usb/dwc2/gadget.c index 300ea4969f0c..b817002bdee0 100644 --- a/drivers/usb/dwc2/gadget.c +++ b/drivers/usb/dwc2/gadget.c @@ -5383,20 +5383,33 @@ int dwc2_gadget_enter_hibernation(struct dwc2_hsotg *hsotg) if (gusbcfg & GUSBCFG_ULPI_UTMI_SEL) { /* ULPI interface */ gpwrdn |= GPWRDN_ULPI_LATCH_EN_DURING_HIB_ENTRY; - } - dwc2_writel(hsotg, gpwrdn, GPWRDN); - udelay(10); + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); - /* Suspend the Phy Clock */ - pcgcctl = dwc2_readl(hsotg, PCGCTL); - pcgcctl |= PCGCTL_STOPPCLK; - dwc2_writel(hsotg, pcgcctl, PCGCTL); - udelay(10); + pcgcctl = dwc2_readl(hsotg, PCGCTL); + pcgcctl |= PCGCTL_STOPPCLK; + dwc2_writel(hsotg, pcgcctl, PCGCTL); + udelay(10); - gpwrdn = dwc2_readl(hsotg, GPWRDN); - gpwrdn |= GPWRDN_PMUACTV; - dwc2_writel(hsotg, gpwrdn, GPWRDN); - udelay(10); + gpwrdn = dwc2_readl(hsotg, GPWRDN); + gpwrdn |= GPWRDN_PMUACTV; + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + } else { + /* UTMI+ Interface */ + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + + gpwrdn = dwc2_readl(hsotg, GPWRDN); + gpwrdn |= GPWRDN_PMUACTV; + dwc2_writel(hsotg, gpwrdn, GPWRDN); + udelay(10); + + pcgcctl = dwc2_readl(hsotg, PCGCTL); + pcgcctl |= PCGCTL_STOPPCLK; + dwc2_writel(hsotg, pcgcctl, PCGCTL); + udelay(10); + } /* Set flag to indicate that we are in hibernation */ hsotg->hibernated = 1; -- 2.41.0

1 week, 4 days

2
1
0 0

temporary hung tasks on XFS since updating to 6.6.92

by Christian Theune

Hi, in the last week, after updating to 6.6.92, we’ve encountered a number of VMs reporting temporarily hung tasks blocking the whole system for a few minutes. They unblock by themselves and have similar tracebacks. The IO PSIs show 100% pressure for that time, but the underlying devices are still processing read and write IO (well within their capacity). I’ve eliminated the underlying storage (Ceph) as the source of problems as I couldn’t find any latency outliers or significant queuing during that time. I’ve seen somewhat similar reports on 6.6.88 and 6.6.77, but those might have been different outliers. I’m attaching 3 logs - my intuition and the data so far leads me to consider this might be a kernel bug. I haven’t found a way to reproduce this, yet. Regards, Christian -- Christian Theune · ct(a)flyingcircus.io · +49 345 219401 0 Flying Circus Internet Operations GmbH · https://flyingcircus.io Leipziger Str. 70/71 · 06108 Halle (Saale) · Deutschland HR Stendal HRB 21169 · Geschäftsführer: Christian Theune, Christian Zagrodnick

1 week, 4 days

3
12
0 0

[PATCH stable 6.1-6.12 1/2] net: Fix checksum update for ILA adj-transport

by Paul Chaignon

[ Upstream commit 6043b794c7668c19dabc4a93c75b924a19474d59 ] During ILA address translations, the L4 checksums can be handled in different ways. One of them, adj-transport, consist in parsing the transport layer and updating any found checksum. This logic relies on inet_proto_csum_replace_by_diff and produces an incorrect skb->csum when in state CHECKSUM_COMPLETE. This bug can be reproduced with a simple ILA to SIR mapping, assuming packets are received with CHECKSUM_COMPLETE: $ ip a show dev eth0 14: eth0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 62:ae:35:9e:0f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 3333:0:0:1::c078/64 scope global valid_lft forever preferred_lft forever inet6 fd00:10:244:1::c078/128 scope global nodad valid_lft forever preferred_lft forever inet6 fe80::60ae:35ff:fe9e:f8d/64 scope link proto kernel_ll valid_lft forever preferred_lft forever $ ip ila add loc_match fd00:10:244:1 loc 3333:0:0:1 \ csum-mode adj-transport ident-type luid dev eth0 Then I hit [fd00:10:244:1::c078]:8000 with a server listening only on [3333:0:0:1::c078]:8000. With the bug, the SYN packet is dropped with SKB_DROP_REASON_TCP_CSUM after inet_proto_csum_replace_by_diff changed skb->csum. The translation and drop are visible on pwru [1] traces: IFACE TUPLE FUNC eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) ipv6_rcv eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) ip6_rcv_core eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) nf_hook_slow eth0:9 [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp) inet_proto_csum_replace_by_diff eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) tcp_v6_early_demux eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_route_input eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_input eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_input_finish eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ip6_protocol_deliver_rcu eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) raw6_local_deliver eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) ipv6_raw_deliver eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) tcp_v6_rcv eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) __skb_checksum_complete eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) kfree_skb_reason(SKB_DROP_REASON_TCP_CSUM) eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) skb_release_head_state eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) skb_release_data eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) skb_free_head eth0:9 [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp) kfree_skbmem This is happening because inet_proto_csum_replace_by_diff is updating skb->csum when it shouldn't. The L4 checksum is updated such that it "cancels" the IPv6 address change in terms of checksum computation, so the impact on skb->csum is null. Note this would be different for an IPv4 packet since three fields would be updated: the IPv4 address, the IP checksum, and the L4 checksum. Two would cancel each other and skb->csum would still need to be updated to take the L4 checksum change into account. This patch fixes it by passing an ipv6 flag to inet_proto_csum_replace_by_diff, to skip the skb->csum update if we're in the IPv6 case. Note the behavior of the only other user of inet_proto_csum_replace_by_diff, the BPF subsystem, is left as is in this patch and fixed in the subsequent patch. With the fix, using the reproduction from above, I can confirm skb->csum is not touched by inet_proto_csum_replace_by_diff and the TCP SYN proceeds to the application after the ILA translation. Link: https://github.com/cilium/pwru [1] Fixes: 65d7ab8de582 ("net: Identifier Locator Addressing module") Signed-off-by: Paul Chaignon <paul.chaignon(a)gmail.com> Acked-by: Daniel Borkmann <daniel(a)iogearbox.net> Link: https://patch.msgid.link/b5539869e3550d46068504feb02d37653d939c0b.174850948… Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Paul Chaignon <paul.chaignon(a)gmail.com> --- include/net/checksum.h | 2 +- net/core/filter.c | 2 +- net/core/utils.c | 4 ++-- net/ipv6/ila/ila_common.c | 6 +++--- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/net/checksum.h b/include/net/checksum.h index 1338cb92c8e7..28b101f26636 100644 --- a/include/net/checksum.h +++ b/include/net/checksum.h @@ -158,7 +158,7 @@ void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb, const __be32 *from, const __be32 *to, bool pseudohdr); void inet_proto_csum_replace_by_diff(__sum16 *sum, struct sk_buff *skb, - __wsum diff, bool pseudohdr); + __wsum diff, bool pseudohdr, bool ipv6); static __always_inline void inet_proto_csum_replace2(__sum16 *sum, struct sk_buff *skb, diff --git a/net/core/filter.c b/net/core/filter.c index 99b23fd2f509..e0d978c1a4cd 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -1999,7 +1999,7 @@ BPF_CALL_5(bpf_l4_csum_replace, struct sk_buff *, skb, u32, offset, if (unlikely(from != 0)) return -EINVAL; - inet_proto_csum_replace_by_diff(ptr, skb, to, is_pseudo); + inet_proto_csum_replace_by_diff(ptr, skb, to, is_pseudo, false); break; case 2: inet_proto_csum_replace2(ptr, skb, from, to, is_pseudo); diff --git a/net/core/utils.c b/net/core/utils.c index 27f4cffaae05..b8c21a859e27 100644 --- a/net/core/utils.c +++ b/net/core/utils.c @@ -473,11 +473,11 @@ void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb, EXPORT_SYMBOL(inet_proto_csum_replace16); void inet_proto_csum_replace_by_diff(__sum16 *sum, struct sk_buff *skb, - __wsum diff, bool pseudohdr) + __wsum diff, bool pseudohdr, bool ipv6) { if (skb->ip_summed != CHECKSUM_PARTIAL) { csum_replace_by_diff(sum, diff); - if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr) + if (skb->ip_summed == CHECKSUM_COMPLETE && pseudohdr && !ipv6) skb->csum = ~csum_sub(diff, skb->csum); } else if (pseudohdr) { *sum = ~csum_fold(csum_add(diff, csum_unfold(*sum))); diff --git a/net/ipv6/ila/ila_common.c b/net/ipv6/ila/ila_common.c index 95e9146918cc..b8d43ed4689d 100644 --- a/net/ipv6/ila/ila_common.c +++ b/net/ipv6/ila/ila_common.c @@ -86,7 +86,7 @@ static void ila_csum_adjust_transport(struct sk_buff *skb, diff = get_csum_diff(ip6h, p); inet_proto_csum_replace_by_diff(&th->check, skb, - diff, true); + diff, true, true); } break; case NEXTHDR_UDP: @@ -97,7 +97,7 @@ static void ila_csum_adjust_transport(struct sk_buff *skb, if (uh->check || skb->ip_summed == CHECKSUM_PARTIAL) { diff = get_csum_diff(ip6h, p); inet_proto_csum_replace_by_diff(&uh->check, skb, - diff, true); + diff, true, true); if (!uh->check) uh->check = CSUM_MANGLED_0; } @@ -111,7 +111,7 @@ static void ila_csum_adjust_transport(struct sk_buff *skb, diff = get_csum_diff(ip6h, p); inet_proto_csum_replace_by_diff(&ih->icmp6_cksum, skb, - diff, true); + diff, true, true); } break; } -- 2.43.0

1 week, 4 days

2
3
0 0

[PATCH 6.1.y] scsi: pm80xx: Set phy->enable_completion only when we wait for it

by Xiangyu Chen

From: Igor Pylypiv <ipylypiv(a)google.com> [ Upstream commit e4f949ef1516c0d74745ee54a0f4882c1f6c7aea ] pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and returns. The problem arises when a phy control response comes late. After 300 ms the pm8001_phy_control() function returns and the passed enable_completion stack address is no longer valid. Late phy control response invokes complete() on a dangling enable_completion pointer which leads to a kernel crash. Signed-off-by: Igor Pylypiv <ipylypiv(a)google.com> Signed-off-by: Terrence Adams <tadamsjr(a)google.com> Link: https://lore.kernel.org/r/20240627155924.2361370-2-tadamsjr@google.com Acked-by: Jack Wang <jinpu.wang(a)ionos.com> Signed-off-by: Martin K. Petersen <martin.petersen(a)oracle.com> Signed-off-by: Xiangyu Chen <xiangyu.chen(a)windriver.com> Signed-off-by: He Zhe <zhe.he(a)windriver.com> --- Test info: Building OS: Ubuntu 22.04.5 GCC: gcc version 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04) Base Tree: https://web.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y Builds: make defconfig; make bzImage make allyesconfig; make bzImage make allmodconfig; make bzImage Boot target: Intel Basking Ridge --- drivers/scsi/pm8001/pm8001_sas.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/scsi/pm8001/pm8001_sas.c b/drivers/scsi/pm8001/pm8001_sas.c index a87c3d7e3e5c..f491edf73e23 100644 --- a/drivers/scsi/pm8001/pm8001_sas.c +++ b/drivers/scsi/pm8001/pm8001_sas.c @@ -168,7 +168,7 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, unsigned long flags; pm8001_ha = sas_phy->ha->lldd_ha; phy = &pm8001_ha->phy[phy_id]; - pm8001_ha->phy[phy_id].enable_completion = &completion; + switch (func) { case PHY_FUNC_SET_LINK_RATE: rates = funcdata; @@ -181,6 +181,7 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, rates->maximum_linkrate; } if (pm8001_ha->phy[phy_id].phy_state == PHY_LINK_DISABLE) { + pm8001_ha->phy[phy_id].enable_completion = &completion; PM8001_CHIP_DISP->phy_start_req(pm8001_ha, phy_id); wait_for_completion(&completion); } @@ -189,6 +190,7 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, break; case PHY_FUNC_HARD_RESET: if (pm8001_ha->phy[phy_id].phy_state == PHY_LINK_DISABLE) { + pm8001_ha->phy[phy_id].enable_completion = &completion; PM8001_CHIP_DISP->phy_start_req(pm8001_ha, phy_id); wait_for_completion(&completion); } @@ -197,6 +199,7 @@ int pm8001_phy_control(struct asd_sas_phy *sas_phy, enum phy_func func, break; case PHY_FUNC_LINK_RESET: if (pm8001_ha->phy[phy_id].phy_state == PHY_LINK_DISABLE) { + pm8001_ha->phy[phy_id].enable_completion = &completion; PM8001_CHIP_DISP->phy_start_req(pm8001_ha, phy_id); wait_for_completion(&completion); } -- 2.34.1

1 week, 4 days

2
1
0 0

[PATCH] drm/appletbdrm: Make appletbdrm depend on X86

by Aditya Garg

commit de5fbbe1531f645c8b56098be8d1faf31e46f7f0 upstream The appletbdrm driver is exclusively for Touch Bars on x86 Intel Macs. The M1 Macs have a separate driver. So, lets avoid compiling it for other architectures. Signed-off-by: Aditya Garg <gargaditya08(a)live.com> Reviewed-by: Alyssa Rosenzweig <alyssa(a)rosenzweig.io> Link: https://lore.kernel.org/r/PN3PR01MB95970778982F28E4A3751392B8B72@PN3PR01MB9… Signed-off-by: Alyssa Rosenzweig <alyssa(a)rosenzweig.io> --- Sending this since https://lore.kernel.org/stable/20250617152509.019353397@linuxfoundation.org/ was also backported to 6.15 drivers/gpu/drm/tiny/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/gpu/drm/tiny/Kconfig b/drivers/gpu/drm/tiny/Kconfig index 95c1457d7..d66681d0e 100644 --- a/drivers/gpu/drm/tiny/Kconfig +++ b/drivers/gpu/drm/tiny/Kconfig @@ -3,6 +3,7 @@ config DRM_APPLETBDRM tristate "DRM support for Apple Touch Bars" depends on DRM && USB && MMU + depends on X86 || COMPILE_TEST select DRM_GEM_SHMEM_HELPER select DRM_KMS_HELPER help -- 2.49.0

1 week, 4 days

3
3
0 0

[PATCH 5.15 0/2] fix LTP regression in fanotify22

by Amir Goldstein

Jan, I noticed that fanotify22, the FAN_FS_ERROR test has regressed in the 5.15.y stable tree. This is because commit d3476f3dad4a ("ext4: don't set SB_RDONLY after filesystem errors") was backported to 5.15.y and the later Fixes commit could not be cleanly applied to 5.15.y over the new mount api re-factoring. I am not sure it is critical to fix this regression, because it is mostly a regression in a test feature, but I think the backport is pretty simple, although I could be missing something. Please ACK if you agree that this backport should be applied to 5.15.y. Thanks, Amir. Amir Goldstein (2): ext4: make 'abort' mount option handling standard ext4: avoid remount errors with 'abort' mount option fs/ext4/ext4.h | 1 + fs/ext4/super.c | 15 +++++++++------ 2 files changed, 10 insertions(+), 6 deletions(-) -- 2.47.1

1 week, 4 days

3
6
0 0

FAILED: patch "[PATCH] posix-cpu-timers: fix race between handle_posix_cpu_timers()" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f90fff1e152dedf52b932240ebbd670d83330eca # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061744-precinct-rubble-45c9@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f90fff1e152dedf52b932240ebbd670d83330eca Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Fri, 13 Jun 2025 19:26:50 +0200 Subject: [PATCH] posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case. Cc: stable(a)vger.kernel.org Reported-by: Benoît Sevens <bsevens(a)google.com> Fixes: 0bdd2ed4138e ("sched: run_posix_cpu_timers: Don't check ->exit_state, use lock_task_sighand()") Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Linus Torvalds <torvalds(a)linux-foundation.org> diff --git a/kernel/time/posix-cpu-timers.c b/kernel/time/posix-cpu-timers.c index 50e8d04ab661..2e5b89d7d866 100644 --- a/kernel/time/posix-cpu-timers.c +++ b/kernel/time/posix-cpu-timers.c @@ -1405,6 +1405,15 @@ void run_posix_cpu_timers(void) lockdep_assert_irqs_disabled(); + /* + * Ensure that release_task(tsk) can't happen while + * handle_posix_cpu_timers() is running. Otherwise, a concurrent + * posix_cpu_timer_del() may fail to lock_task_sighand(tsk) and + * miss timer->it.cpu.firing != 0. + */ + if (tsk->exit_state) + return; + /* * If the actual expiry is deferred to task work context and the * work is already scheduled there is no point to do anything here.

1 week, 4 days

3
2
0 0

[PATCH 6.12.y] cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update

by jetlan9＠163.com

From: Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> [ Upstream commit 426db24d4db2e4f0d6720aeb7795eafcb9e82640 ] Check if policy is NULL before dereferencing it in amd_pstate_update. Fixes: e8f555daacd3 ("cpufreq/amd-pstate: fix setting policy current frequency value") Signed-off-by: Dhananjay Ugwekar <dhananjay.ugwekar(a)amd.com> Reviewed-by: Mario Limonciello <mario.limonciello(a)amd.com> Reviewed-by: Gautham R. Shenoy <gautham.shenoy(a)amd.com> Link: https://lore.kernel.org/r/20250205112523.201101-11-dhananjay.ugwekar@amd.com Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> [Minor context change fixed.] Signed-off-by: Wenshan Lan <jetlan9(a)163.com> --- drivers/cpufreq/amd-pstate.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/cpufreq/amd-pstate.c b/drivers/cpufreq/amd-pstate.c index 7a16d1932228..62dbc5701e99 100644 --- a/drivers/cpufreq/amd-pstate.c +++ b/drivers/cpufreq/amd-pstate.c @@ -482,6 +482,9 @@ static void amd_pstate_update(struct amd_cpudata *cpudata, u32 min_perf, u32 nominal_perf = READ_ONCE(cpudata->nominal_perf); u64 value = prev; + if (!policy) + return; + min_perf = clamp_t(unsigned long, min_perf, cpudata->min_limit_perf, cpudata->max_limit_perf); max_perf = clamp_t(unsigned long, max_perf, cpudata->min_limit_perf, -- 2.34.1

1 week, 4 days

2
1
0 0

[PATCH 2/2] mmc: core: sd: Fix and simplify SD card current limit handling

by Avri Altman

The SD spec says: "In UHS-I mode, after selecting one of SDR50, SDR104, or DDR50 mode by Function Group 1, host needs to change the Power Limit to enable the card to operate in higher performance". The driver previously determined SD card current limits incorrectly by checking capability bits before bus speed was established, and by using support bits in function group 4 (bytes 6 & 7) rather than the actual current requirement (bytes 0 & 1). This is wrong because the card responds for a given bus speed. This patch queries the card's current requirement after setting the bus speed, and uses the reported value to select the appropriate current limit. while at it, remove some unused constants and the misleading comment in the code. Fixes: d9812780a020 ("mmc: sd: limit SD card power limit according to cards capabilities") Signed-off-by: Avri Altman <avri.altman(a)sandisk.com> Cc: stable(a)vger.kernel.org --- drivers/mmc/core/sd.c | 36 +++++++++++++----------------------- include/linux/mmc/card.h | 6 ------ 2 files changed, 13 insertions(+), 29 deletions(-) diff --git a/drivers/mmc/core/sd.c b/drivers/mmc/core/sd.c index cf92c5b2059a..357edfb910df 100644 --- a/drivers/mmc/core/sd.c +++ b/drivers/mmc/core/sd.c @@ -365,7 +365,6 @@ static int mmc_read_switch(struct mmc_card *card) card->sw_caps.sd3_bus_mode = status[13]; /* Driver Strengths supported by the card */ card->sw_caps.sd3_drv_type = status[9]; - card->sw_caps.sd3_curr_limit = status[7] | status[6] << 8; } out: @@ -556,7 +555,7 @@ static int sd_set_current_limit(struct mmc_card *card, u8 *status) { int current_limit = SD_SET_CURRENT_LIMIT_200; int err; - u32 max_current; + u32 max_current, card_needs; /* * Current limit switch is only defined for SDR50, SDR104, and DDR50 @@ -575,33 +574,24 @@ static int sd_set_current_limit(struct mmc_card *card, u8 *status) max_current = sd_get_host_max_current(card->host); /* - * We only check host's capability here, if we set a limit that is - * higher than the card's maximum current, the card will be using its - * maximum current, e.g. if the card's maximum current is 300ma, and - * when we set current limit to 200ma, the card will draw 200ma, and - * when we set current limit to 400/600/800ma, the card will draw its - * maximum 300ma from the host. - * - * The above is incorrect: if we try to set a current limit that is - * not supported by the card, the card can rightfully error out the - * attempt, and remain at the default current limit. This results - * in a 300mA card being limited to 200mA even though the host - * supports 800mA. Failures seen with SanDisk 8GB UHS cards with - * an iMX6 host. --rmk + * query the card of its maximun current/power consumption given the + * bus speed mode */ - if (max_current >= 800 && - card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_800) + err = mmc_sd_switch(card, 0, 0, card->sd_bus_speed, status); + if (err) + return err; + + card_needs = status[1] | status[0] << 8; + + if (max_current >= 800 && card_needs > 600) current_limit = SD_SET_CURRENT_LIMIT_800; - else if (max_current >= 600 && - card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_600) + else if (max_current >= 600 && card_needs > 400) current_limit = SD_SET_CURRENT_LIMIT_600; - else if (max_current >= 400 && - card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_400) + else if (max_current >= 400 && card_needs > 200) current_limit = SD_SET_CURRENT_LIMIT_400; if (current_limit != SD_SET_CURRENT_LIMIT_200) { - err = mmc_sd_switch(card, SD_SWITCH_SET, 3, - current_limit, status); + err = mmc_sd_switch(card, SD_SWITCH_SET, 3, current_limit, status); if (err) return err; diff --git a/include/linux/mmc/card.h b/include/linux/mmc/card.h index e9e964c20e53..67c1386ca574 100644 --- a/include/linux/mmc/card.h +++ b/include/linux/mmc/card.h @@ -177,17 +177,11 @@ struct sd_switch_caps { #define SD_DRIVER_TYPE_A 0x02 #define SD_DRIVER_TYPE_C 0x04 #define SD_DRIVER_TYPE_D 0x08 - unsigned int sd3_curr_limit; #define SD_SET_CURRENT_LIMIT_200 0 #define SD_SET_CURRENT_LIMIT_400 1 #define SD_SET_CURRENT_LIMIT_600 2 #define SD_SET_CURRENT_LIMIT_800 3 -#define SD_MAX_CURRENT_200 (1 << SD_SET_CURRENT_LIMIT_200) -#define SD_MAX_CURRENT_400 (1 << SD_SET_CURRENT_LIMIT_400) -#define SD_MAX_CURRENT_600 (1 << SD_SET_CURRENT_LIMIT_600) -#define SD_MAX_CURRENT_800 (1 << SD_SET_CURRENT_LIMIT_800) - #define SD4_SET_POWER_LIMIT_0_72W 0 #define SD4_SET_POWER_LIMIT_1_44W 1 #define SD4_SET_POWER_LIMIT_2_16W 2 -- 2.25.1

1 week, 4 days

1
0
0 0

[PATCH 1/2] mmc: core sd: Simplify current limit logic for 200mA default

by Avri Altman

The SD current limit logic is updated to avoid explicitly setting the current limit when the maximum power is 200mA (0.72W) or less, as this is already the default value. The code now only issues a current limit switch if a higher limit is required, and the unused SD_SET_CURRENT_NO_CHANGE constant is removed. This reduces unnecessary commands and simplifies the logic. Fixes: 0aa6770000ba ("mmc: sdhci: only set 200mA support for 1.8v if 200mA is available") Signed-off-by: Avri Altman <avri.altman(a)sandisk.com> Cc: stable(a)vger.kernel.org --- drivers/mmc/core/sd.c | 7 ++----- include/linux/mmc/card.h | 1 - 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/drivers/mmc/core/sd.c b/drivers/mmc/core/sd.c index ec02067f03c5..cf92c5b2059a 100644 --- a/drivers/mmc/core/sd.c +++ b/drivers/mmc/core/sd.c @@ -554,7 +554,7 @@ static u32 sd_get_host_max_current(struct mmc_host *host) static int sd_set_current_limit(struct mmc_card *card, u8 *status) { - int current_limit = SD_SET_CURRENT_NO_CHANGE; + int current_limit = SD_SET_CURRENT_LIMIT_200; int err; u32 max_current; @@ -598,11 +598,8 @@ static int sd_set_current_limit(struct mmc_card *card, u8 *status) else if (max_current >= 400 && card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_400) current_limit = SD_SET_CURRENT_LIMIT_400; - else if (max_current >= 200 && - card->sw_caps.sd3_curr_limit & SD_MAX_CURRENT_200) - current_limit = SD_SET_CURRENT_LIMIT_200; - if (current_limit != SD_SET_CURRENT_NO_CHANGE) { + if (current_limit != SD_SET_CURRENT_LIMIT_200) { err = mmc_sd_switch(card, SD_SWITCH_SET, 3, current_limit, status); if (err) diff --git a/include/linux/mmc/card.h b/include/linux/mmc/card.h index ddcdf23d731c..e9e964c20e53 100644 --- a/include/linux/mmc/card.h +++ b/include/linux/mmc/card.h @@ -182,7 +182,6 @@ struct sd_switch_caps { #define SD_SET_CURRENT_LIMIT_400 1 #define SD_SET_CURRENT_LIMIT_600 2 #define SD_SET_CURRENT_LIMIT_800 3 -#define SD_SET_CURRENT_NO_CHANGE (-1) #define SD_MAX_CURRENT_200 (1 << SD_SET_CURRENT_LIMIT_200) #define SD_MAX_CURRENT_400 (1 << SD_SET_CURRENT_LIMIT_400) -- 2.25.1

1 week, 4 days

1
0
0 0

[PATCH] arm64/ptdump: Ensure memory hotplug is prevented during ptdump_check_wx()

by Anshuman Khandual

The arm64 page table dump code can race with concurrent modification of the kernel page tables. When a leaf entries are modified concurrently, the dump code may log stale or inconsistent information for a VA range, but this is otherwise not harmful. When intermediate levels of table are freed, the dump code will continue to use memory which has been freed and potentially reallocated for another purpose. In such cases, the dump code may dereference bogus addresses, leading to a number of potential problems. This problem was fixed for ptdump_show() earlier via commit 'bf2b59f60ee1 ("arm64/mm: Hold memory hotplug lock while walking for kernel page table dump")' but a same was missed for ptdump_check_wx() which faced the race condition as well. Let's just take the memory hotplug lock while executing ptdump_check_wx(). Cc: stable(a)vger.kernel.org Fixes: bbd6ec605c0f ("arm64/mm: Enable memory hot remove") Cc: Catalin Marinas <catalin.marinas(a)arm.com> Cc: Will Deacon <will(a)kernel.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-kernel(a)vger.kernel.org Reported-by: Dev Jain <dev.jain(a)arm.com> Signed-off-by: Anshuman Khandual <anshuman.khandual(a)arm.com> --- This patch applies on v6.16-rc1 Dev Jain found this via code inspection. arch/arm64/mm/ptdump.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/arch/arm64/mm/ptdump.c b/arch/arm64/mm/ptdump.c index 421a5de806c62..551f80d41e8d2 100644 --- a/arch/arm64/mm/ptdump.c +++ b/arch/arm64/mm/ptdump.c @@ -328,7 +328,7 @@ static struct ptdump_info kernel_ptdump_info __ro_after_init = { .mm = &init_mm, }; -bool ptdump_check_wx(void) +static bool __ptdump_check_wx(void) { struct ptdump_pg_state st = { .seq = NULL, @@ -367,6 +367,16 @@ bool ptdump_check_wx(void) } } +bool ptdump_check_wx(void) +{ + bool ret; + + get_online_mems(); + ret = __ptdump_check_wx(); + put_online_mems(); + return ret; +} + static int __init ptdump_init(void) { u64 page_offset = _PAGE_OFFSET(vabits_actual); -- 2.30.2

1 week, 4 days

5
7
0 0

[PATCH] Revert "platform/x86: alienware-wmi-wmax: Add G-Mode support to Alienware m16 R1"

by Kurt Borja

This reverts commit 5ff79cabb23a2f14d2ed29e9596aec908905a0e6. Although the Alienware m16 R1 AMD model supports G-Mode, it actually has a lower power ceiling than plain "performance" profile, which results in lower performance. Reported-by: Cihan Ozakca <cozakca(a)outlook.com> Cc: stable(a)vger.kernel.org # 6.15.x Signed-off-by: Kurt Borja <kuurtb(a)gmail.com> --- Hi all, Contrary to (my) intuition, imitating Windows behavior actually results in LOWER performance. I was having second thoughts about this revert because users will notice that "performance" not longer turns on the G-Mode key found in this laptop. Some users may think this is actually a regression, but IMO lower performance is worse. --- drivers/platform/x86/dell/alienware-wmi-wmax.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/platform/x86/dell/alienware-wmi-wmax.c b/drivers/platform/x86/dell/alienware-wmi-wmax.c index c42f9228b0b255fe962b735ac96486824e83945f..20ec122a9fe0571a1ecd2ccf630615564ab30481 100644 --- a/drivers/platform/x86/dell/alienware-wmi-wmax.c +++ b/drivers/platform/x86/dell/alienware-wmi-wmax.c @@ -119,7 +119,7 @@ static const struct dmi_system_id awcc_dmi_table[] __initconst = { DMI_MATCH(DMI_SYS_VENDOR, "Alienware"), DMI_MATCH(DMI_PRODUCT_NAME, "Alienware m16 R1 AMD"), }, - .driver_data = &g_series_quirks, + .driver_data = &generic_quirks, }, { .ident = "Alienware m16 R2", --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250611-m16-rev-8109b82dee30 -- ~ Kurt

1 week, 4 days

3
2
0 0

[PATCH] thunderbolt: Fix wake on connect at runtime

by Mario Limonciello

From: Mario Limonciello <mario.limonciello(a)amd.com> commit 1a760d10ded37 ("thunderbolt: Fix a logic error in wake on connect") fixated on the USB4 port sysfs wakeup file not working properly to control policy, but it had an unintended side effect that the sysfs file controls policy both at runtime and at suspend time. The sysfs file is supposed to only control behavior while system is suspended. Pass whether programming a port for runtime into usb4_switch_set_wake() and if runtime then ignore the value in the sysfs file. Cc: stable(a)vger.kernel.org Reported-by: Alexander Kovacs <Alexander.Kovacs(a)amd.com> Tested-by: Alexander Kovacs <Alexander.Kovacs(a)amd.com> Fixes: 1a760d10ded37 ("thunderbolt: Fix a logic error in wake on connect") Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> --- drivers/thunderbolt/switch.c | 8 ++++---- drivers/thunderbolt/tb.h | 2 +- drivers/thunderbolt/usb4.c | 9 ++++----- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/drivers/thunderbolt/switch.c b/drivers/thunderbolt/switch.c index 28febb95f8fa1..e9809fb57c354 100644 --- a/drivers/thunderbolt/switch.c +++ b/drivers/thunderbolt/switch.c @@ -3437,7 +3437,7 @@ void tb_sw_set_unplugged(struct tb_switch *sw) } } -static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags) +static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime) { if (flags) tb_sw_dbg(sw, "enabling wakeup: %#x\n", flags); @@ -3445,7 +3445,7 @@ static int tb_switch_set_wake(struct tb_switch *sw, unsigned int flags) tb_sw_dbg(sw, "disabling wakeup\n"); if (tb_switch_is_usb4(sw)) - return usb4_switch_set_wake(sw, flags); + return usb4_switch_set_wake(sw, flags, runtime); return tb_lc_set_wake(sw, flags); } @@ -3521,7 +3521,7 @@ int tb_switch_resume(struct tb_switch *sw, bool runtime) tb_switch_check_wakes(sw); /* Disable wakes */ - tb_switch_set_wake(sw, 0); + tb_switch_set_wake(sw, 0, true); err = tb_switch_tmu_init(sw); if (err) @@ -3603,7 +3603,7 @@ void tb_switch_suspend(struct tb_switch *sw, bool runtime) flags |= TB_WAKE_ON_USB4 | TB_WAKE_ON_USB3 | TB_WAKE_ON_PCIE; } - tb_switch_set_wake(sw, flags); + tb_switch_set_wake(sw, flags, runtime); if (tb_switch_is_usb4(sw)) usb4_switch_set_sleep(sw); diff --git a/drivers/thunderbolt/tb.h b/drivers/thunderbolt/tb.h index 87afd5a7c504b..f503bad864130 100644 --- a/drivers/thunderbolt/tb.h +++ b/drivers/thunderbolt/tb.h @@ -1317,7 +1317,7 @@ int usb4_switch_read_uid(struct tb_switch *sw, u64 *uid); int usb4_switch_drom_read(struct tb_switch *sw, unsigned int address, void *buf, size_t size); bool usb4_switch_lane_bonding_possible(struct tb_switch *sw); -int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags); +int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime); int usb4_switch_set_sleep(struct tb_switch *sw); int usb4_switch_nvm_sector_size(struct tb_switch *sw); int usb4_switch_nvm_read(struct tb_switch *sw, unsigned int address, void *buf, diff --git a/drivers/thunderbolt/usb4.c b/drivers/thunderbolt/usb4.c index fce3c0f2354a7..e7d8cf0c1da1b 100644 --- a/drivers/thunderbolt/usb4.c +++ b/drivers/thunderbolt/usb4.c @@ -406,7 +406,7 @@ bool usb4_switch_lane_bonding_possible(struct tb_switch *sw) * * Enables/disables router to wake up from sleep. */ -int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags) +int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags, bool runtime) { struct usb4_port *usb4; struct tb_port *port; @@ -438,13 +438,12 @@ int usb4_switch_set_wake(struct tb_switch *sw, unsigned int flags) val |= PORT_CS_19_WOU4; } else { bool configured = val & PORT_CS_19_PC; + bool wakeup = runtime || device_may_wakeup(&usb4->dev); usb4 = port->usb4; - if (((flags & TB_WAKE_ON_CONNECT) && - device_may_wakeup(&usb4->dev)) && !configured) + if ((flags & TB_WAKE_ON_CONNECT) && wakeup && !configured) val |= PORT_CS_19_WOC; - if (((flags & TB_WAKE_ON_DISCONNECT) && - device_may_wakeup(&usb4->dev)) && configured) + if ((flags & TB_WAKE_ON_DISCONNECT) && wakeup && configured) val |= PORT_CS_19_WOD; if ((flags & TB_WAKE_ON_USB4) && configured) val |= PORT_CS_19_WOU4; -- 2.43.0

1 week, 5 days

2
1
0 0

[PATCH v2] usb: cdnsp: Fix issue with CV Bad Descriptor test

by Pawel Laszczak

The SSP2 controller has extra endpoint state preserve bit (ESP) which setting causes that endpoint state will be preserved during Halt Endpoint command. It is used only for EP0. Without this bit the Command Verifier "TD 9.10 Bad Descriptor Test" failed. Setting this bit doesn't have any impact for SSP controller. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- Changelog: v2: - removed some typos - added pep variable initialization - updated TRB_ESP description drivers/usb/cdns3/cdnsp-debug.h | 5 +++-- drivers/usb/cdns3/cdnsp-ep0.c | 19 ++++++++++++++++--- drivers/usb/cdns3/cdnsp-gadget.h | 6 ++++++ drivers/usb/cdns3/cdnsp-ring.c | 3 ++- 4 files changed, 27 insertions(+), 6 deletions(-) diff --git a/drivers/usb/cdns3/cdnsp-debug.h b/drivers/usb/cdns3/cdnsp-debug.h index cd138acdcce1..86860686d836 100644 --- a/drivers/usb/cdns3/cdnsp-debug.h +++ b/drivers/usb/cdns3/cdnsp-debug.h @@ -327,12 +327,13 @@ static inline const char *cdnsp_decode_trb(char *str, size_t size, u32 field0, case TRB_RESET_EP: case TRB_HALT_ENDPOINT: ret = scnprintf(str, size, - "%s: ep%d%s(%d) ctx %08x%08x slot %ld flags %c", + "%s: ep%d%s(%d) ctx %08x%08x slot %ld flags %c %c", cdnsp_trb_type_string(type), ep_num, ep_id % 2 ? "out" : "in", TRB_TO_EP_INDEX(field3), field1, field0, TRB_TO_SLOT_ID(field3), - field3 & TRB_CYCLE ? 'C' : 'c'); + field3 & TRB_CYCLE ? 'C' : 'c', + field3 & TRB_ESP ? 'P' : 'p'); break; case TRB_STOP_RING: ret = scnprintf(str, size, diff --git a/drivers/usb/cdns3/cdnsp-ep0.c b/drivers/usb/cdns3/cdnsp-ep0.c index f317d3c84781..9280a7b97e20 100644 --- a/drivers/usb/cdns3/cdnsp-ep0.c +++ b/drivers/usb/cdns3/cdnsp-ep0.c @@ -414,6 +414,7 @@ static int cdnsp_ep0_std_request(struct cdnsp_device *pdev, void cdnsp_setup_analyze(struct cdnsp_device *pdev) { struct usb_ctrlrequest *ctrl = &pdev->setup; + struct cdnsp_ep *pep; int ret = -EINVAL; u16 len; @@ -427,10 +428,22 @@ void cdnsp_setup_analyze(struct cdnsp_device *pdev) goto out; } + pep = &pdev->eps[0]; + /* Restore the ep0 to Stopped/Running state. */ - if (pdev->eps[0].ep_state & EP_HALTED) { - trace_cdnsp_ep0_halted("Restore to normal state"); - cdnsp_halt_endpoint(pdev, &pdev->eps[0], 0); + if (pep->ep_state & EP_HALTED) { + /* + * Halt Endpoint Command for SSP2 for ep0 preserve current + * endpoint state and driver has to synchronize the + * software endpoint state with endpoint output context + * state. + */ + if (GET_EP_CTX_STATE(pep->out_ctx) == EP_STATE_HALTED) { + cdnsp_halt_endpoint(pdev, pep, 0); + } else { + pep->ep_state &= ~EP_HALTED; + pep->ep_state |= EP_STOPPED; + } } /* diff --git a/drivers/usb/cdns3/cdnsp-gadget.h b/drivers/usb/cdns3/cdnsp-gadget.h index 2afa3e558f85..b1665f9e9ee5 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.h +++ b/drivers/usb/cdns3/cdnsp-gadget.h @@ -987,6 +987,12 @@ enum cdnsp_setup_dev { #define STREAM_ID_FOR_TRB(p) ((((p)) << 16) & GENMASK(31, 16)) #define SCT_FOR_TRB(p) (((p) << 1) & 0x7) +/* + * Halt Endpoint Command TRB field. + * The ESP bit only exists in the SSP2 controller. + */ +#define TRB_ESP BIT(9) + /* Link TRB specific fields. */ #define TRB_TC BIT(1) diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index fd06cb85c4ea..d397d28efc6e 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -2483,7 +2483,8 @@ void cdnsp_queue_halt_endpoint(struct cdnsp_device *pdev, unsigned int ep_index) { cdnsp_queue_command(pdev, 0, 0, 0, TRB_TYPE(TRB_HALT_ENDPOINT) | SLOT_ID_FOR_TRB(pdev->slot_id) | - EP_ID_FOR_TRB(ep_index)); + EP_ID_FOR_TRB(ep_index) | + (!ep_index ? TRB_ESP : 0)); } void cdnsp_force_header_wakeup(struct cdnsp_device *pdev, int intf_num) -- 2.43.0

1 week, 5 days

2
1
0 0

[PATCH v1] mm/gup: Revert "mm: gup: fix infinite loop within __get_longterm_locked"

by David Hildenbrand

After commit 1aaf8c122918 ("mm: gup: fix infinite loop within __get_longterm_locked") we are able to longterm pin folios that are not supposed to get longterm pinned, simply because they temporarily have the LRU flag cleared (esp. temporarily isolated). For example, two __get_longterm_locked() callers can race, or __get_longterm_locked() can race with anything else that temporarily isolates folios. The introducing commit mentions the use case of a driver that uses vm_ops->fault to insert pages allocated through cma_alloc() into the page tables, assuming they can later get longterm pinned. These pages/ folios would never have the LRU flag set and consequently cannot get isolated. There is no known in-tree user making use of that so far, fortunately. To handle that in the future -- and avoid retrying forever to isolate/migrate them -- we will need a different mechanism for the CMA area *owner* to indicate that it actually already allocated the page and is fine with longterm pinning it. The LRU flag is not suitable for that. Probably we can lookup the relevant CMA area and query the bitmap; we only have have to care about some races, probably. If already allocated, we could just allow longterm pinning) Anyhow, let's fix the "must not be longterm pinned" problem first by reverting the original commit. Fixes: 1aaf8c122918 ("mm: gup: fix infinite loop within __get_longterm_locked") Closes: https://lore.kernel.org/all/20250522092755.GA3277597@tiffany/ Reported-by: Hyesoo Yu <hyesoo.yu(a)samsung.com> Cc: <Stable(a)vger.kernel.org> Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Cc: Peter Xu <peterx(a)redhat.com> Cc: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Cc: Aijun Sun <aijun.sun(a)unisoc.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: John Hubbard <jhubbard(a)nvidia.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- mm/gup.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/mm/gup.c b/mm/gup.c index e065a49842a87..3c39cbbeebef1 100644 --- a/mm/gup.c +++ b/mm/gup.c @@ -2303,13 +2303,13 @@ static void pofs_unpin(struct pages_or_folios *pofs) /* * Returns the number of collected folios. Return value is always >= 0. */ -static void collect_longterm_unpinnable_folios( +static unsigned long collect_longterm_unpinnable_folios( struct list_head *movable_folio_list, struct pages_or_folios *pofs) { + unsigned long i, collected = 0; struct folio *prev_folio = NULL; bool drain_allow = true; - unsigned long i; for (i = 0; i < pofs->nr_entries; i++) { struct folio *folio = pofs_get_folio(pofs, i); @@ -2321,6 +2321,8 @@ static void collect_longterm_unpinnable_folios( if (folio_is_longterm_pinnable(folio)) continue; + collected++; + if (folio_is_device_coherent(folio)) continue; @@ -2342,6 +2344,8 @@ static void collect_longterm_unpinnable_folios( NR_ISOLATED_ANON + folio_is_file_lru(folio), folio_nr_pages(folio)); } + + return collected; } /* @@ -2418,9 +2422,11 @@ static long check_and_migrate_movable_pages_or_folios(struct pages_or_folios *pofs) { LIST_HEAD(movable_folio_list); + unsigned long collected; - collect_longterm_unpinnable_folios(&movable_folio_list, pofs); - if (list_empty(&movable_folio_list)) + collected = collect_longterm_unpinnable_folios(&movable_folio_list, + pofs); + if (!collected) return 0; return migrate_longterm_unpinnable_folios(&movable_folio_list, pofs); -- 2.49.0

1 week, 5 days

2
1
0 0

[PATCH 1/1] usb: cdnsp: do not disable slot for disabled slot

by Peter Chen

It doesn't need to do it, and the related command event returns 'Slot Not Enabled Error' status. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Suggested-by: Hongliang Yang <hongliang.yang(a)cixtech.com> Reviewed-by: Fugang Duan <fugang.duan(a)cixtech.com> Signed-off-by: Peter Chen <peter.chen(a)cixtech.com> --- drivers/usb/cdns3/cdnsp-ring.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index fd06cb85c4ea..757fdd918286 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -772,7 +772,9 @@ static int cdnsp_update_port_id(struct cdnsp_device *pdev, u32 port_id) } if (port_id != old_port) { - cdnsp_disable_slot(pdev); + if (pdev->slot_id) + cdnsp_disable_slot(pdev); + pdev->active_port = port; cdnsp_enable_slot(pdev); } -- 2.25.1

1 week, 5 days

1
0
0 0

[PATCH v3] xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS

by xiehongyu1＠kylinos.cn

From: Hongyu Xie <xiehongyu1(a)kylinos.cn> Disable stream for platform xHC controller with broken stream. Fixes: 14aec589327a6 ("storage: accept some UAS devices if streams are unavailable") Cc: stable(a)vger.kernel.org # 5.4 Signed-off-by: Hongyu Xie <xiehongyu1(a)kylinos.cn> --- v3: add changelog information v2: add Fixes information and cc 5.4 lts drivers/usb/host/xhci-plat.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c index 6dab142e72789..c79d5ed48a08b 100644 --- a/drivers/usb/host/xhci-plat.c +++ b/drivers/usb/host/xhci-plat.c @@ -328,7 +328,8 @@ int xhci_plat_probe(struct platform_device *pdev, struct device *sysdev, const s } usb3_hcd = xhci_get_usb3_hcd(xhci); - if (usb3_hcd && HCC_MAX_PSA(xhci->hcc_params) >= 4) + if (usb3_hcd && HCC_MAX_PSA(xhci->hcc_params) >= 4 && + !(xhci->quirks & XHCI_BROKEN_STREAMS)) usb3_hcd->can_do_streams = 1; if (xhci->shared_hcd) { -- 2.25.1

1 week, 5 days

1
0
0 0

[PATCH v3] usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach

by RD Babiera

This patch fixes Type-C compliance test TD 4.7.6 - Try.SNK DRP Connect SNKAS. tVbusON has a limit of 275ms when entering SRC_ATTACHED. Compliance testers can interpret the TryWait.Src to Attached.Src transition after Try.Snk as being in Attached.Src the entire time, so ~170ms is lost to the debounce timer. Setting the data role can be a costly operation in host mode, and when completed after 100ms can cause Type-C compliance test check TD 4.7.5.V.4 to fail. Turn VBUS on before tcpm_set_roles to meet timing requirement. Fixes: f0690a25a140 ("staging: typec: USB Type-C Port Manager (tcpm)") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Badhri Jagan Sridharan <badhri(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- Changes since v1: * Rebased on top of usb-linus for v6.15 Changes since v2: * Restored to v1, usb-next and usb-linus are both synced to v6.16 so there is no longer a version mismatch possibility. --- drivers/usb/typec/tcpm/tcpm.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 1a1f9e1f8e4e..1f6fdfaa34bf 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -4410,17 +4410,6 @@ static int tcpm_src_attach(struct tcpm_port *port) tcpm_enable_auto_vbus_discharge(port, true); - ret = tcpm_set_roles(port, true, TYPEC_STATE_USB, - TYPEC_SOURCE, tcpm_data_role_for_source(port)); - if (ret < 0) - return ret; - - if (port->pd_supported) { - ret = port->tcpc->set_pd_rx(port->tcpc, true); - if (ret < 0) - goto out_disable_mux; - } - /* * USB Type-C specification, version 1.2, * chapter 4.5.2.2.8.1 (Attached.SRC Requirements) @@ -4430,13 +4419,24 @@ static int tcpm_src_attach(struct tcpm_port *port) (polarity == TYPEC_POLARITY_CC2 && port->cc1 == TYPEC_CC_RA)) { ret = tcpm_set_vconn(port, true); if (ret < 0) - goto out_disable_pd; + return ret; } ret = tcpm_set_vbus(port, true); if (ret < 0) goto out_disable_vconn; + ret = tcpm_set_roles(port, true, TYPEC_STATE_USB, TYPEC_SOURCE, + tcpm_data_role_for_source(port)); + if (ret < 0) + goto out_disable_vbus; + + if (port->pd_supported) { + ret = port->tcpc->set_pd_rx(port->tcpc, true); + if (ret < 0) + goto out_disable_mux; + } + port->pd_capable = false; port->partner = NULL; @@ -4447,14 +4447,14 @@ static int tcpm_src_attach(struct tcpm_port *port) return 0; -out_disable_vconn: - tcpm_set_vconn(port, false); -out_disable_pd: - if (port->pd_supported) - port->tcpc->set_pd_rx(port->tcpc, false); out_disable_mux: tcpm_mux_set(port, TYPEC_STATE_SAFE, USB_ROLE_NONE, TYPEC_ORIENTATION_NONE); +out_disable_vbus: + tcpm_set_vbus(port, false); +out_disable_vconn: + tcpm_set_vconn(port, false); + return ret; } base-commit: e04c78d86a9699d136910cfc0bdcf01087e3267e -- 2.50.0.rc2.701.gf1e915cc24-goog

1 week, 5 days

1
0
0 0

[PATCH v3 0/2] x86/traps: Fix DR6/DR7 initialization

by Xin Li (Intel)

Sohil reported seeing a split lock warning when running a test that generates userspace #DB: x86/split lock detection: #DB: sigtrap_loop_64/4614 took a bus_lock trap at address: 0x4011ae We investigated the issue and figured out: 1) The warning is a false positive. 2) It is not caused by the test itself. 3) It occurs even when Bus Lock Detection (BLD) is disabled. 4) It only happens on the first #DB on a CPU. And the root cause is, at boot time, Linux zeros DR6. This leads to different DR6 values depending on whether the CPU supports BLD: 1) On CPUs with BLD support, DR6 becomes 0xFFFF07F0 (bit 11, DR6.BLD, is cleared). 2) On CPUs without BLD, DR6 becomes 0xFFFF0FF0. Since only BLD-induced #DB exceptions clear DR6.BLD and other debug exceptions leave it unchanged, even if the first #DB is unrelated to BLD, DR6.BLD is still cleared. As a result, such a first #DB is misinterpreted as a BLD #DB, and a false warning is triggerred. Fix the bug by initializing DR6 by writing its architectural reset value at boot time. DR7 suffers from a similar issue, apply the same fix. This patch set is based on tip/x86/urgent branch as of today. Link to the previous patch set v2: https://lore.kernel.org/lkml/20250617073234.1020644-1-xin@zytor.com/ Changes in v3: *) Polish initialize_debug_regs() (PeterZ). *) Rewrite the comment for DR6_RESERVED definition (Sohil and Sean). *) Reword the patch 2's changelog using Sean's description. *) Explain the definition of DR7_FIXED_1 (Sohil). *) Collect TB, RB, AB (PeterZ, Sohil and Sean). Xin Li (Intel) (2): x86/traps: Initialize DR6 by writing its architectural reset value x86/traps: Initialize DR7 by writing its architectural reset value arch/x86/include/asm/debugreg.h | 19 ++++++++++++---- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/include/uapi/asm/debugreg.h | 21 ++++++++++++++++- arch/x86/kernel/cpu/common.c | 24 ++++++++------------ arch/x86/kernel/kgdb.c | 2 +- arch/x86/kernel/process_32.c | 2 +- arch/x86/kernel/process_64.c | 2 +- arch/x86/kernel/traps.c | 34 +++++++++++++++++----------- arch/x86/kvm/x86.c | 4 ++-- 9 files changed, 72 insertions(+), 38 deletions(-) base-commit: 2aebf5ee43bf0ed225a09a30cf515d9f2813b759 -- 2.49.0

1 week, 5 days

2
3
0 0

[PATCH AUTOSEL 6.15 001/110] drm/amd/display: disable DPP RCG before DPP CLK enable

by Sasha Levin

From: Charlene Liu <Charlene.Liu(a)amd.com> [ Upstream commit 1bcd679209420305a86833bc357d50021909edaf ] [why] DPP CLK enable needs to disable DPPCLK RCG first. The DPPCLK_en in dccg should always be enabled when the corresponding pipe is enabled. Reviewed-by: Hansen Dsouza <hansen.dsouza(a)amd.com> Signed-off-by: Charlene Liu <Charlene.Liu(a)amd.com> Signed-off-by: Ray Wu <ray.wu(a)amd.com> Tested-by: Daniel Wheeler <daniel.wheeler(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Based on my analysis of both the commit message and code changes, my answer is: **YES** This commit should be backported to stable kernel trees for the following reasons: ## Critical Hardware Sequencing Fix The commit addresses a fundamental hardware sequencing requirement where DPP (Display Pipes and Planes) Root Clock Gating (RCG) must be disabled before enabling the DPP clock. This is a critical timing constraint that, if violated, can cause severe system issues. ## Specific Code Evidence 1. **In `dccg35_update_dpp_dto()`**, the fix adds a crucial sequencing step: ```c + dccg35_set_dppclk_rcg(dccg, dpp_inst, false); REG_SET_2(DPPCLK_DTO_PARAM[dpp_inst], 0, DPPCLK0_DTO_PHASE, phase, DPPCLK0_DTO_MODULO, modulo); dcn35_set_dppclk_enable(dccg, dpp_inst, true); ``` This ensures RCG is disabled (false) before enabling the DPP clock. 2. **In `dcn35_enable_plane()`**, explicit clock control is added: ```c + /*make sure DPPCLK is on*/ + dccg->funcs->dccg_root_gate_disable_control(dccg, dpp->inst, true); + dpp->funcs->dpp_dppclk_control(dpp, false, true); ``` 3. **Removal of problematic init code** in `dcn35_init_hw()`: ```c - if (res_pool->dccg->funcs->dccg_root_gate_disable_control) { - for (i = 0; i < res_pool->pipe_count; i++) - res_pool->dccg->funcs->dccg_root_gate_disable_control(res_pool->dccg, i, 0); - } ``` ## Similarity to Previous Critical Fixes This commit follows the pattern of Similar Commit #1, which also addressed clock gating sequencing issues that could cause system hangs. The commit message explicitly states this is needed because "DPP CLK enable needs to disable DPPCLK RCG first." ## Impact and Risk Assessment - **Bug Fixed**: Incorrect clock sequencing that can cause system instability - **Scope**: Limited to DCN35 display hardware (recent AMD GPUs) - **Complexity**: Small, focused changes with clear purpose - **Risk**: Low risk of regression - adds proper sequencing without major architectural changes This fix meets all criteria for stable backporting: - Fixes a real bug affecting users (system stability) - Small and contained changes - No new features or architectural changes - Addresses hardware constraints that cannot be worked around The commit should be backported to all stable kernels that include DCN35 display support to ensure proper display functionality and system stability for users with affected AMD GPUs. .../amd/display/dc/dccg/dcn35/dcn35_dccg.c | 38 ++++++++++++------- .../amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 21 ++++++---- 2 files changed, 38 insertions(+), 21 deletions(-) diff --git a/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c b/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c index b363f5360818d..ad910065f463f 100644 --- a/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c +++ b/drivers/gpu/drm/amd/display/dc/dccg/dcn35/dcn35_dccg.c @@ -391,6 +391,7 @@ static void dccg35_set_dppclk_rcg(struct dccg *dccg, struct dcn_dccg *dccg_dcn = TO_DCN_DCCG(dccg); + if (!dccg->ctx->dc->debug.root_clock_optimization.bits.dpp && enable) return; @@ -411,6 +412,8 @@ static void dccg35_set_dppclk_rcg(struct dccg *dccg, BREAK_TO_DEBUGGER(); break; } + //DC_LOG_DEBUG("%s: inst(%d) DPPCLK rcg_disable: %d\n", __func__, inst, enable ? 0 : 1); + } static void dccg35_set_dpstreamclk_rcg( @@ -1112,30 +1115,24 @@ static void dcn35_set_dppclk_enable(struct dccg *dccg, { struct dcn_dccg *dccg_dcn = TO_DCN_DCCG(dccg); + switch (dpp_inst) { case 0: REG_UPDATE(DPPCLK_CTRL, DPPCLK0_EN, enable); - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK0_ROOT_GATE_DISABLE, enable); break; case 1: REG_UPDATE(DPPCLK_CTRL, DPPCLK1_EN, enable); - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK1_ROOT_GATE_DISABLE, enable); break; case 2: REG_UPDATE(DPPCLK_CTRL, DPPCLK2_EN, enable); - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK2_ROOT_GATE_DISABLE, enable); break; case 3: REG_UPDATE(DPPCLK_CTRL, DPPCLK3_EN, enable); - if (dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) - REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK3_ROOT_GATE_DISABLE, enable); break; default: break; } + //DC_LOG_DEBUG("%s: dpp_inst(%d) DPPCLK_EN = %d\n", __func__, dpp_inst, enable); } @@ -1163,14 +1160,18 @@ static void dccg35_update_dpp_dto(struct dccg *dccg, int dpp_inst, ASSERT(false); phase = 0xff; } + dccg35_set_dppclk_rcg(dccg, dpp_inst, false); REG_SET_2(DPPCLK_DTO_PARAM[dpp_inst], 0, DPPCLK0_DTO_PHASE, phase, DPPCLK0_DTO_MODULO, modulo); dcn35_set_dppclk_enable(dccg, dpp_inst, true); - } else + } else { dcn35_set_dppclk_enable(dccg, dpp_inst, false); + /*we have this in hwss: disable_plane*/ + //dccg35_set_dppclk_rcg(dccg, dpp_inst, true); + } dccg->pipe_dppclk_khz[dpp_inst] = req_dppclk; } @@ -1182,6 +1183,7 @@ static void dccg35_set_dppclk_root_clock_gating(struct dccg *dccg, if (!dccg->ctx->dc->debug.root_clock_optimization.bits.dpp) return; + switch (dpp_inst) { case 0: REG_UPDATE(DCCG_GATE_DISABLE_CNTL6, DPPCLK0_ROOT_GATE_DISABLE, enable); @@ -1198,6 +1200,8 @@ static void dccg35_set_dppclk_root_clock_gating(struct dccg *dccg, default: break; } + //DC_LOG_DEBUG("%s: dpp_inst(%d) rcg: %d\n", __func__, dpp_inst, enable); + } static void dccg35_get_pixel_rate_div( @@ -1521,28 +1525,30 @@ static void dccg35_set_physymclk_root_clock_gating( switch (phy_inst) { case 0: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYASYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYASYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; case 1: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYBSYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYBSYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; case 2: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYCSYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYCSYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; case 3: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYDSYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYDSYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; case 4: REG_UPDATE(DCCG_GATE_DISABLE_CNTL2, - PHYESYMCLK_ROOT_GATE_DISABLE, enable ? 1 : 0); + PHYESYMCLK_ROOT_GATE_DISABLE, enable ? 0 : 1); break; default: BREAK_TO_DEBUGGER(); return; } + //DC_LOG_DEBUG("%s: dpp_inst(%d) PHYESYMCLK_ROOT_GATE_DISABLE:\n", __func__, phy_inst, enable ? 0 : 1); + } static void dccg35_set_physymclk( @@ -1643,6 +1649,8 @@ static void dccg35_dpp_root_clock_control( return; if (clock_on) { + dccg35_set_dppclk_rcg(dccg, dpp_inst, false); + /* turn off the DTO and leave phase/modulo at max */ dcn35_set_dppclk_enable(dccg, dpp_inst, 1); REG_SET_2(DPPCLK_DTO_PARAM[dpp_inst], 0, @@ -1654,6 +1662,8 @@ static void dccg35_dpp_root_clock_control( REG_SET_2(DPPCLK_DTO_PARAM[dpp_inst], 0, DPPCLK0_DTO_PHASE, 0, DPPCLK0_DTO_MODULO, 1); + /*we have this in hwss: disable_plane*/ + //dccg35_set_dppclk_rcg(dccg, dpp_inst, true); } dccg->dpp_clock_gated[dpp_inst] = !clock_on; diff --git a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c index 922b8d71cf1aa..63077c1fad859 100644 --- a/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c +++ b/drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c @@ -241,11 +241,6 @@ void dcn35_init_hw(struct dc *dc) dc->res_pool->hubbub->funcs->allow_self_refresh_control(dc->res_pool->hubbub, !dc->res_pool->hubbub->ctx->dc->debug.disable_stutter); } - if (res_pool->dccg->funcs->dccg_root_gate_disable_control) { - for (i = 0; i < res_pool->pipe_count; i++) - res_pool->dccg->funcs->dccg_root_gate_disable_control(res_pool->dccg, i, 0); - } - for (i = 0; i < res_pool->audio_count; i++) { struct audio *audio = res_pool->audios[i]; @@ -901,12 +896,18 @@ void dcn35_init_pipes(struct dc *dc, struct dc_state *context) void dcn35_enable_plane(struct dc *dc, struct pipe_ctx *pipe_ctx, struct dc_state *context) { + struct dpp *dpp = pipe_ctx->plane_res.dpp; + struct dccg *dccg = dc->res_pool->dccg; + + /* enable DCFCLK current DCHUB */ pipe_ctx->plane_res.hubp->funcs->hubp_clk_cntl(pipe_ctx->plane_res.hubp, true); /* initialize HUBP on power up */ pipe_ctx->plane_res.hubp->funcs->hubp_init(pipe_ctx->plane_res.hubp); - + /*make sure DPPCLK is on*/ + dccg->funcs->dccg_root_gate_disable_control(dccg, dpp->inst, true); + dpp->funcs->dpp_dppclk_control(dpp, false, true); /* make sure OPP_PIPE_CLOCK_EN = 1 */ pipe_ctx->stream_res.opp->funcs->opp_pipe_clock_control( pipe_ctx->stream_res.opp, @@ -923,6 +924,7 @@ void dcn35_enable_plane(struct dc *dc, struct pipe_ctx *pipe_ctx, // Program system aperture settings pipe_ctx->plane_res.hubp->funcs->hubp_set_vm_system_aperture_settings(pipe_ctx->plane_res.hubp, &apt); } + //DC_LOG_DEBUG("%s: dpp_inst(%d) =\n", __func__, dpp->inst); if (!pipe_ctx->top_pipe && pipe_ctx->plane_state @@ -938,6 +940,8 @@ void dcn35_plane_atomic_disable(struct dc *dc, struct pipe_ctx *pipe_ctx) { struct hubp *hubp = pipe_ctx->plane_res.hubp; struct dpp *dpp = pipe_ctx->plane_res.dpp; + struct dccg *dccg = dc->res_pool->dccg; + dc->hwss.wait_for_mpcc_disconnect(dc, dc->res_pool, pipe_ctx); @@ -955,7 +959,8 @@ void dcn35_plane_atomic_disable(struct dc *dc, struct pipe_ctx *pipe_ctx) hubp->funcs->hubp_clk_cntl(hubp, false); dpp->funcs->dpp_dppclk_control(dpp, false, false); -/*to do, need to support both case*/ + dccg->funcs->dccg_root_gate_disable_control(dccg, dpp->inst, false); + hubp->power_gated = true; hubp->funcs->hubp_reset(hubp); @@ -967,6 +972,8 @@ void dcn35_plane_atomic_disable(struct dc *dc, struct pipe_ctx *pipe_ctx) pipe_ctx->top_pipe = NULL; pipe_ctx->bottom_pipe = NULL; pipe_ctx->plane_state = NULL; + //DC_LOG_DEBUG("%s: dpp_inst(%d)=\n", __func__, dpp->inst); + } void dcn35_disable_plane(struct dc *dc, struct dc_state *state, struct pipe_ctx *pipe_ctx) -- 2.39.5

1 week, 5 days

5
116
0 0

[PATCH v2] scsi: ufs: core: Fix clk scaling to be conditional in reset and restore

by Anvith Dosapati

From: anvithdosapati <anvithdosapati(a)google.com> In ufshcd_host_reset_and_restore, scale up clocks only when clock scaling is supported. Without this change cpu latency is voted for 0 (ufshcd_pm_qos_update) during resume unconditionally. Signed-off-by: anvithdosapati <anvithdosapati(a)google.com> Fixes: a3cd5ec55f6c7 ("scsi: ufs: add load based scaling of UFS gear") Cc: stable(a)vger.kernel.org --- v2: - Update commit message - Add Fixes and Cc stable drivers/ufs/core/ufshcd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 4410e7d93b7d..fac381ea2b3a 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -7802,7 +7802,8 @@ static int ufshcd_host_reset_and_restore(struct ufs_hba *hba) hba->silence_err_logs = false; /* scale up clocks to max frequency before full reinitialization */ - ufshcd_scale_clks(hba, ULONG_MAX, true); + if (ufshcd_is_clkscaling_supported(hba)) + ufshcd_scale_clks(hba, ULONG_MAX, true); err = ufshcd_hba_enable(hba); -- 2.50.0.rc1.591.g9c95f17f64-goog

1 week, 5 days

2
1
0 0

[PATCH v2 2/2] usb: gadget: u_serial: Fix race condition in TTY wakeup

by Kuen-Han Tsai

A race condition occurs when gs_start_io() calls either gs_start_rx() or gs_start_tx(), as those functions briefly drop the port_lock for usb_ep_queue(). This allows gs_close() and gserial_disconnect() to clear port.tty and port_usb, respectively. Use the null-safe TTY Port helper function to wake up TTY. Example CPU1: CPU2: gserial_connect() // lock gs_close() // await lock gs_start_rx() // unlock usb_ep_queue() gs_close() // lock, reset port.tty and unlock gs_start_rx() // lock tty_wakeup() // NPE Fixes: 35f95fd7f234 ("TTY: usb/u_serial, use tty from tty_port") Cc: stable(a)vger.kernel.org Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> --- v2: - Move the example up to the changelog Traces: [ 51.494375][ T278] ttyGS1: shutdown [ 51.494817][ T269] android_work: sent uevent USB_STATE=DISCONNECTED [ 52.115792][ T1508] usb: [dm_bind] generic ttyGS1: super speed IN/ep1in OUT/ep1out [ 52.516288][ T1026] android_work: sent uevent USB_STATE=CONNECTED [ 52.551667][ T1533] gserial_connect: start ttyGS1 [ 52.565634][ T1533] [khtsai] enter gs_start_io, ttyGS1, port->port.tty=0000000046bd4060 [ 52.565671][ T1533] [khtsai] gs_start_rx, unlock port ttyGS1 [ 52.591552][ T1533] [khtsai] gs_start_rx, lock port ttyGS1 [ 52.619901][ T1533] [khtsai] gs_start_rx, unlock port ttyGS1 [ 52.638659][ T1325] [khtsai] gs_close, lock port ttyGS1 [ 52.656842][ T1325] gs_close: ttyGS1 (0000000046bd4060,00000000be9750a5) ... [ 52.683005][ T1325] [khtsai] gs_close, clear ttyGS1 [ 52.683007][ T1325] gs_close: ttyGS1 (0000000046bd4060,00000000be9750a5) done! [ 52.708643][ T1325] [khtsai] gs_close, unlock port ttyGS1 [ 52.747592][ T1533] [khtsai] gs_start_rx, lock port ttyGS1 [ 52.747616][ T1533] [khtsai] gs_start_io, ttyGS1, going to call tty_wakeup(), port->port.tty=0000000000000000 [ 52.747629][ T1533] Unable to handle kernel NULL pointer dereference at virtual address 00000000000001f8 --- drivers/usb/gadget/function/u_serial.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index c043bdc30d8a..540dc5ab96fc 100644 --- a/drivers/usb/gadget/function/u_serial.c +++ b/drivers/usb/gadget/function/u_serial.c @@ -295,8 +295,8 @@ __acquires(&port->port_lock) break; } - if (do_tty_wake && port->port.tty) - tty_wakeup(port->port.tty); + if (do_tty_wake) + tty_port_tty_wakeup(&port->port); return status; } @@ -574,7 +574,7 @@ static int gs_start_io(struct gs_port *port) gs_start_tx(port); /* Unblock any pending writes into our circular buffer, in case * we didn't in gs_start_tx() */ - tty_wakeup(port->port.tty); + tty_port_tty_wakeup(&port->port); } else { /* Free reqs only if we are still connected */ if (port->port_usb) { -- 2.50.0.rc2.692.g299adb8693-goog

1 week, 5 days

2
2
0 0

[REGRESSION][BISECTED] intel iGPU with HDMI PLL stopped working at 1080p@120Hz 1efd5384

by Vas Novikov

Hi dear LKML and community, this is my first post here, so I'd appreciate any guidance or redirection if it's due. Starting from commit https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?…, HDMI handling for certain refresh rates on my intel iGPU is broken. The error is still present in 6.16rc1. Specifically, this is the command that disambiguates the newer broken kernels: xrandr --output HDMI-1 --auto --scale 1x1 --mode 1920x1080 --rate 120 --pos 0x0 --output eDP-1 --off The important parts are 1920x1080 and 120Hz. When run on commits prior to the bisected above, it behaves as expected, delivering 1920x1080 @ 120Hz. When run on kernel builds with the above commit included (that commit or later), the monitor goes completely blank. After about 30 seconds, it shuts down entirely (which I assume means that from the monitor's perspective, HDMI got "disconnected"). On this link you can see my original report in the ArchLinux community, where Christian Heusel (@gromit) kindly guided me through the bisection process and built the bisection images for me to try: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/14… This link also contains the bisection history. Additional info: * The monitor and the notebook are connected via an HDMI cable, the monitor itself is a 4k@120Hz monitor. * According to `lsmod | grep -E "(i915|Xe)"`, I'm using the i915 kernel driver for the GPU. * The GPU is an iGPU from intel, specifically `Intel Core Ultra 7 155H`. * One symptom that disambiguates the working and non-working kernels, besides whether they actually have the bug, is that the broken kernels cause xrandr to additionally report the 144.05 refresh rate as possible for the monitor, whereas the non-broken kernels consistently cause xrandr to only list refresh rate 120 and below as possible. I'm only ever testing the refresh rate of 120, but the presence of the 144.05 rate is correlated. If any other information or anything is needed, please write. Thank you, Vas ---- #regzbot introduced: 1efd5384277eb71fce20922579061cd3acdb07cf #regzbot title: intel iGPU with HDMI PLL stopped working at 1080p@120Hz 1efd5384 #regzbot link: https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/issues/145

1 week, 5 days

3
4
0 0

[PATCH 1/1] usb: cdnsp: do not disable slot for disabled slot

by Peter Chen

It doesn't need to do it, and the related command event returns 'Slot Not Enabled Error' status. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Suggested-by: Hongliang Yang <hongliang.yang(a)cixtech.com> Signed-off-by: Peter Chen <peter.chen(a)cixtech.com> --- drivers/usb/cdns3/cdnsp-ring.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index fd06cb85c4ea..757fdd918286 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -772,7 +772,9 @@ static int cdnsp_update_port_id(struct cdnsp_device *pdev, u32 port_id) } if (port_id != old_port) { - cdnsp_disable_slot(pdev); + if (pdev->slot_id) + cdnsp_disable_slot(pdev); + pdev->active_port = port; cdnsp_enable_slot(pdev); } -- 2.25.1

1 week, 5 days

2
1
0 0

[PATCH] pinctrl: nuvoton: Fix boot on ma35dx platforms

by Miquel Raynal

As part of a wider cleanup trying to get rid of OF specific APIs, an incorrect (and partially unrelated) cleanup was introduced. The goal was to replace a device_for_each_chil_node() loop including an additional condition inside by a macro doing both the loop and the check on a single line. The snippet: device_for_each_child_node(dev, child) if (fwnode_property_present(child, "gpio-controller")) continue; was replaced by: for_each_gpiochip_node(dev, child) which expands into: device_for_each_child_node(dev, child) for_each_if(fwnode_property_present(child, "gpio-controller")) This change is actually doing the opposite of what was initially expected, breaking the probe of this driver, breaking at the same time the whole boot of Nuvoton platforms (no more console, the kernel WARN()). Revert these two changes to roll back to the correct behavior. Fixes: 693c9ecd8326 ("pinctrl: nuvoton: Reduce use of OF-specific APIs") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/pinctrl/nuvoton/pinctrl-ma35.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/pinctrl/nuvoton/pinctrl-ma35.c b/drivers/pinctrl/nuvoton/pinctrl-ma35.c index 06ae1fe8b8c5..b51704bafd81 100644 --- a/drivers/pinctrl/nuvoton/pinctrl-ma35.c +++ b/drivers/pinctrl/nuvoton/pinctrl-ma35.c @@ -1074,7 +1074,10 @@ static int ma35_pinctrl_probe_dt(struct platform_device *pdev, struct ma35_pinct u32 idx = 0; int ret; - for_each_gpiochip_node(dev, child) { + device_for_each_child_node(dev, child) { + if (fwnode_property_present(child, "gpio-controller")) + continue; + npctl->nfunctions++; npctl->ngroups += of_get_child_count(to_of_node(child)); } @@ -1092,7 +1095,10 @@ static int ma35_pinctrl_probe_dt(struct platform_device *pdev, struct ma35_pinct if (!npctl->groups) return -ENOMEM; - for_each_gpiochip_node(dev, child) { + device_for_each_child_node(dev, child) { + if (fwnode_property_present(child, "gpio-controller")) + continue; + ret = ma35_pinctrl_parse_functions(child, npctl, idx++); if (ret) { fwnode_handle_put(child); -- 2.48.1

1 week, 5 days

3
3
0 0

[PATCH v2] pinctrl: qcom: msm: mark certain pins as invalid for interrupts

by Bartosz Golaszewski

From: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> On some platforms, the UFS-reset pin has no interrupt logic in TLMM but is nevertheless registered as a GPIO in the kernel. This enables the user-space to trigger a BUG() in the pinctrl-msm driver by running, for example: `gpiomon -c 0 113` on RB2. The exact culprit is requesting pins whose intr_detection_width setting is not 1 or 2 for interrupts. This hits a BUG() in msm_gpio_irq_set_type(). Potentially crashing the kernel due to an invalid request from user-space is not optimal, so let's go through the pins and mark those that would fail the check as invalid for the irq chip as we should not even register them as available irqs. This function can be extended if we determine that there are more corner-cases like this. Fixes: f365be092572 ("pinctrl: Add Qualcomm TLMM driver") Cc: stable(a)vger.kernel.org Reviewed-by: Bjorn Andersson <andersson(a)kernel.org> Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> --- Changes in v2: - expand the commit message, describing the underlying code issue in detail - added a newline for better readability drivers/pinctrl/qcom/pinctrl-msm.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/drivers/pinctrl/qcom/pinctrl-msm.c b/drivers/pinctrl/qcom/pinctrl-msm.c index f012ea88aa22c..1ff84e8c176d4 100644 --- a/drivers/pinctrl/qcom/pinctrl-msm.c +++ b/drivers/pinctrl/qcom/pinctrl-msm.c @@ -1038,6 +1038,25 @@ static bool msm_gpio_needs_dual_edge_parent_workaround(struct irq_data *d, test_bit(d->hwirq, pctrl->skip_wake_irqs); } +static void msm_gpio_irq_init_valid_mask(struct gpio_chip *gc, + unsigned long *valid_mask, + unsigned int ngpios) +{ + struct msm_pinctrl *pctrl = gpiochip_get_data(gc); + const struct msm_pingroup *g; + int i; + + bitmap_fill(valid_mask, ngpios); + + for (i = 0; i < ngpios; i++) { + g = &pctrl->soc->groups[i]; + + if (g->intr_detection_width != 1 && + g->intr_detection_width != 2) + clear_bit(i, valid_mask); + } +} + static int msm_gpio_irq_set_type(struct irq_data *d, unsigned int type) { struct gpio_chip *gc = irq_data_get_irq_chip_data(d); @@ -1441,6 +1460,7 @@ static int msm_gpio_init(struct msm_pinctrl *pctrl) girq->default_type = IRQ_TYPE_NONE; girq->handler = handle_bad_irq; girq->parents[0] = pctrl->irq; + girq->init_valid_mask = msm_gpio_irq_init_valid_mask; ret = gpiochip_add_data(&pctrl->chip, pctrl); if (ret) { -- 2.48.1

1 week, 5 days

2
1
0 0

[PATCH v2] xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS

by xiehongyu1＠kylinos.cn

From: Hongyu Xie <xiehongyu1(a)kylinos.cn> Disable stream for platform xHC controller with broken stream. Fixes: 14aec589327a6 ("storage: accept some UAS devices if streams are unavailable") Cc: stable(a)vger.kernel.org # 5.4 Signed-off-by: Hongyu Xie <xiehongyu1(a)kylinos.cn> --- drivers/usb/host/xhci-plat.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/host/xhci-plat.c b/drivers/usb/host/xhci-plat.c index 6dab142e72789..c79d5ed48a08b 100644 --- a/drivers/usb/host/xhci-plat.c +++ b/drivers/usb/host/xhci-plat.c @@ -328,7 +328,8 @@ int xhci_plat_probe(struct platform_device *pdev, struct device *sysdev, const s } usb3_hcd = xhci_get_usb3_hcd(xhci); - if (usb3_hcd && HCC_MAX_PSA(xhci->hcc_params) >= 4) + if (usb3_hcd && HCC_MAX_PSA(xhci->hcc_params) >= 4 && + !(xhci->quirks & XHCI_BROKEN_STREAMS)) usb3_hcd->can_do_streams = 1; if (xhci->shared_hcd) { -- 2.25.1

1 week, 5 days

2
1
0 0

RE: [PATCH v5] virtio_blk: Fix disk deletion hang on device surprise removal

by Parav Pandit

Hi Michael, Stefan, > From: Parav Pandit <parav(a)nvidia.com> > Sent: 02 June 2025 08:15 AM > To: mst(a)redhat.com; stefanha(a)redhat.com; axboe(a)kernel.dk; > virtualization(a)lists.linux.dev; linux-block(a)vger.kernel.org > Cc: stable(a)vger.kernel.org; NBU-Contact-Li Rongqing (EXTERNAL) > <lirongqing(a)baidu.com>; Chaitanya Kulkarni <kch(a)nvidia.com>; > xuanzhuo(a)linux.alibaba.com; pbonzini(a)redhat.com; > jasowang(a)redhat.com; alok.a.tiwari(a)oracle.com; Parav Pandit > <parav(a)nvidia.com>; Max Gurtovoy <mgurtovoy(a)nvidia.com>; Israel > Rukshin <israelr(a)nvidia.com> > Subject: [PATCH v5] virtio_blk: Fix disk deletion hang on device surprise > removal > > When the PCI device is surprise removed, requests may not complete the > device as the VQ is marked as broken. Due to this, the disk deletion hangs. > > Fix it by aborting the requests when the VQ is broken. > > With this fix now fio completes swiftly. > An alternative of IO timeout has been considered, however when the driver > knows about unresponsive block device, swiftly clearing them enables users > and upper layers to react quickly. > > Verified with multiple device unplug iterations with pending requests in virtio > used ring and some pending with the device. > > Fixes: 43bb40c5b926 ("virtio_pci: Support surprise removal of virtio pci > device") > Cc: stable(a)vger.kernel.org > Reported-by: Li RongQing <lirongqing(a)baidu.com> > Closes: > https://lore.kernel.org/virtualization/c45dd68698cd47238c55fb73ca9b4741 > @baidu.com/ > Reviewed-by: Max Gurtovoy <mgurtovoy(a)nvidia.com> > Reviewed-by: Israel Rukshin <israelr(a)nvidia.com> > Signed-off-by: Parav Pandit <parav(a)nvidia.com> > > --- > v4->v5: > - fixed comment style where comment to start with one empty line at start > - Addressed comments from Alok > - fixed typo in broken vq check Did you get a chance to review this version where I fixed all the comments you proposed? [..]

1 week, 5 days

1
0
0 0

[PATCH v2 1/3] mtd: spinand: winbond: Fix W35N number of planes/LUN

by Miquel Raynal

There's been a mistake when extracting the geometry of the W35N02 and W35N04 chips from the datasheet. There is a single plane, however there are respectively 2 and 4 LUNs. They are actually referred in the datasheet as dies (equivalent of target), but as there is no die select operation and the chips only feature a single configuration register for the entire chip (instead of one per die), we can reasonably assume we are talking about LUNs and not dies. Reported-by: Andreas Dannenberg <dannenberg(a)ti.com> Suggested-by: Vignesh Raghavendra <vigneshr(a)ti.com> Fixes: 25e08bf66660 ("mtd: spinand: winbond: Add support for W35N02JW and W35N04JW chips") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/mtd/nand/spi/winbond.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/mtd/nand/spi/winbond.c b/drivers/mtd/nand/spi/winbond.c index 19f8dd4a6370..2808bbd7a16e 100644 --- a/drivers/mtd/nand/spi/winbond.c +++ b/drivers/mtd/nand/spi/winbond.c @@ -289,7 +289,7 @@ static const struct spinand_info winbond_spinand_table[] = { SPINAND_ECCINFO(&w35n01jw_ooblayout, NULL)), SPINAND_INFO("W35N02JW", /* 1.8V */ SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0xdf, 0x22), - NAND_MEMORG(1, 4096, 128, 64, 512, 10, 2, 1, 1), + NAND_MEMORG(1, 4096, 128, 64, 512, 10, 1, 2, 1), NAND_ECCREQ(1, 512), SPINAND_INFO_OP_VARIANTS(&read_cache_octal_variants, &write_cache_octal_variants, @@ -298,7 +298,7 @@ static const struct spinand_info winbond_spinand_table[] = { SPINAND_ECCINFO(&w35n01jw_ooblayout, NULL)), SPINAND_INFO("W35N04JW", /* 1.8V */ SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0xdf, 0x23), - NAND_MEMORG(1, 4096, 128, 64, 512, 10, 4, 1, 1), + NAND_MEMORG(1, 4096, 128, 64, 512, 10, 1, 4, 1), NAND_ECCREQ(1, 512), SPINAND_INFO_OP_VARIANTS(&read_cache_octal_variants, &write_cache_octal_variants, -- 2.48.1

1 week, 5 days

1
0
0 0

RE:Custom Bags factory 2025/6/18 16:02:14

by Steven Xiu

Hi linux-stable-mirror , This is Steven from China, I would like to introduce my company - Xiamen Oready Industry & Trade Co.,Ltd. to you. My company is specialized in manufacturing & exporting all kinds of bags, backpacks, cases, etc with more than 13 years. OEM & ODM orders are welcome. If you're looking for a reliable supplier of bags, you can contact me directly. I'm at your disposal all the time. Looking forward to hearing from you. Kind regards, Steven Xiu Xiamen Oready Industry & Trade Co.,Ltd. If you no longer wish to receive these emails, please unsubscribe here. because kids have to be able to get to school. And that's what we have to do ,00:40,(Laughter) ,00:42,And my idea is this -- all these men and women should be free to decide whether they do or do not want to conceive a child

1 week, 5 days

1
0
0 0

[RFC PATCH 5.10 00/16] ITS mitigation for 5.10

by Pawan Gupta

This is the backport for Indirect Target Selection(ITS) mitigation for 5.10. This is only boot tested, so sending it as an RFC for now. I hope some bot picks this up for some at-scale testing. Meanwhile I am doing basic tests around ITS mitigation. In addition to commits in 5.15 ITS backport, below commits are required to make the ITS mitigation work on 5.10. These are the prime target of scrutiny: x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions x86/alternatives: Introduce int3_emulate_jcc() x86/bhi: Define SPEC_CTRL_BHI_DIS_S --- Borislav Petkov (AMD) (1): x86/alternative: Optimize returns patching Daniel Sneddon (1): x86/bhi: Define SPEC_CTRL_BHI_DIS_S Eric Biggers (1): x86/its: Fix build errors when CONFIG_MODULES=n Josh Poimboeuf (1): x86/alternatives: Remove faulty optimization Pawan Gupta (7): Documentation: x86/bugs/its: Add ITS documentation x86/its: Enumerate Indirect Target Selection (ITS) bug x86/its: Add support for ITS-safe indirect thunk x86/its: Add support for ITS-safe return thunk x86/its: Fix undefined reference to cpu_wants_rethunk_at() x86/its: Enable Indirect Target Selection mitigation x86/its: Add "vmexit" option to skip mitigation on some CPUs Peter Zijlstra (4): x86/alternatives: Introduce int3_emulate_jcc() x86/alternatives: Teach text_poke_bp() to patch Jcc.d32 instructions x86/its: Use dynamic thunks for indirect branches x86/its: FineIBT-paranoid vs ITS Thomas Gleixner (1): x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() Documentation/ABI/testing/sysfs-devices-system-cpu | 1 + Documentation/admin-guide/hw-vuln/index.rst | 1 + .../hw-vuln/indirect-target-selection.rst | 156 +++++++++++ Documentation/admin-guide/kernel-parameters.txt | 15 + arch/x86/Kconfig | 11 + arch/x86/include/asm/alternative.h | 26 ++ arch/x86/include/asm/cpufeatures.h | 6 +- arch/x86/include/asm/msr-index.h | 13 +- arch/x86/include/asm/nospec-branch.h | 11 + arch/x86/include/asm/text-patching.h | 31 +++ arch/x86/kernel/alternative.c | 308 ++++++++++++++++++++- arch/x86/kernel/cpu/bugs.c | 139 +++++++++- arch/x86/kernel/cpu/common.c | 63 ++++- arch/x86/kernel/cpu/scattered.c | 1 + arch/x86/kernel/ftrace.c | 4 +- arch/x86/kernel/kprobes/core.c | 39 +-- arch/x86/kernel/module.c | 14 +- arch/x86/kernel/static_call.c | 2 +- arch/x86/kernel/vmlinux.lds.S | 8 + arch/x86/kvm/x86.c | 4 +- arch/x86/lib/retpoline.S | 39 +++ arch/x86/net/bpf_jit_comp.c | 8 +- drivers/base/cpu.c | 8 + include/linux/cpu.h | 2 + include/linux/module.h | 5 + 25 files changed, 842 insertions(+), 73 deletions(-) --- base-commit: 01e7e36b8606e5d4fddf795938010f7bfa3aa277 change-id: 20250609-its-5-10-a656ce2e08ce Best regards, -- Pawan

1 week, 5 days

3
19
0 0

[PATCH 1/4] mm/shmem, swap: improve cached mTHP handling and fix potential hung

by Kairui Song

From: Kairui Song <kasong(a)tencent.com> The current swap-in code assumes that, when a swap entry in shmem mapping is order 0, its cached folios (if present) must be order 0 too, which turns out not always correct. The problem is shmem_split_large_entry is called before verifying the folio will eventually be swapped in, one possible race is: CPU1 CPU2 shmem_swapin_folio /* swap in of order > 0 swap entry S1 */ folio = swap_cache_get_folio /* folio = NULL */ order = xa_get_order /* order > 0 */ folio = shmem_swap_alloc_folio /* mTHP alloc failure, folio = NULL */ <... Interrupted ...> shmem_swapin_folio /* S1 is swapped in */ shmem_writeout /* S1 is swapped out, folio cached */ shmem_split_large_entry(..., S1) /* S1 is split, but the folio covering it has order > 0 now */ Now any following swapin of S1 will hang: `xa_get_order` returns 0, and folio lookup will return a folio with order > 0. The `xa_get_order(&mapping->i_pages, index) != folio_order(folio)` will always return false causing swap-in to return -EEXIST. And this looks fragile. So fix this up by allowing seeing a larger folio in swap cache, and check the whole shmem mapping range covered by the swapin have the right swap value upon inserting the folio. And drop the redundant tree walks before the insertion. This will actually improve the performance, as it avoided two redundant Xarray tree walks in the hot path, and the only side effect is that in the failure path, shmem may redundantly reallocate a few folios causing temporary slight memory pressure. And worth noting, it may seems the order and value check before inserting might help reducing the lock contention, which is not true. The swap cache layer ensures raced swapin will either see a swap cache folio or failed to do a swapin (we have SWAP_HAS_CACHE bit even if swap cache is bypassed), so holding the folio lock and checking the folio flag is already good enough for avoiding the lock contention. The chance that a folio passes the swap entry value check but the shmem mapping slot has changed should be very low. Cc: stable(a)vger.kernel.org Fixes: 058313515d5a ("mm: shmem: fix potential data corruption during shmem swapin") Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Kairui Song <kasong(a)tencent.com> --- mm/shmem.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/mm/shmem.c b/mm/shmem.c index eda35be2a8d9..4e7ef343a29b 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -884,7 +884,9 @@ static int shmem_add_to_page_cache(struct folio *folio, pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); - long nr = folio_nr_pages(folio); + unsigned long nr = folio_nr_pages(folio); + swp_entry_t iter, swap; + void *entry; VM_BUG_ON_FOLIO(index != round_down(index, nr), folio); VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); @@ -896,14 +898,24 @@ static int shmem_add_to_page_cache(struct folio *folio, gfp &= GFP_RECLAIM_MASK; folio_throttle_swaprate(folio, gfp); + swap = iter = radix_to_swp_entry(expected); do { xas_lock_irq(&xas); - if (expected != xas_find_conflict(&xas)) { - xas_set_err(&xas, -EEXIST); - goto unlock; + xas_for_each_conflict(&xas, entry) { + /* + * The range must either be empty, or filled with + * expected swap entries. Shmem swap entries are never + * partially freed without split of both entry and + * folio, so there shouldn't be any holes. + */ + if (!expected || entry != swp_to_radix_entry(iter)) { + xas_set_err(&xas, -EEXIST); + goto unlock; + } + iter.val += 1 << xas_get_order(&xas); } - if (expected && xas_find_conflict(&xas)) { + if (expected && iter.val - nr != swap.val) { xas_set_err(&xas, -EEXIST); goto unlock; } @@ -2323,7 +2335,7 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, error = -ENOMEM; goto failed; } - } else if (order != folio_order(folio)) { + } else if (order > folio_order(folio)) { /* * Swap readahead may swap in order 0 folios into swapcache * asynchronously, while the shmem mapping can still stores @@ -2348,15 +2360,15 @@ static int shmem_swapin_folio(struct inode *inode, pgoff_t index, swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); } + } else if (order < folio_order(folio)) { + swap.val = round_down(swp_type(swap), folio_order(folio)); } alloced: /* We have to do this with folio locked to prevent races */ folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || - folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap) || - xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { + folio->swap.val != swap.val) { error = -EEXIST; goto unlock; } -- 2.50.0

1 week, 6 days

3
3
0 0

+ ocfs2-reset-folio-to-null-when-get-folio-fails.patch added to mm-nonmm-unstable branch

by Andrew Morton

The patch titled Subject: ocfs2: reset folio to NULL when get folio fails has been added to the -mm mm-nonmm-unstable branch. Its filename is ocfs2-reset-folio-to-null-when-get-folio-fails.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-nonmm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Lizhi Xu <lizhi.xu(a)windriver.com> Subject: ocfs2: reset folio to NULL when get folio fails Date: Mon, 16 Jun 2025 09:31:40 +0800 The reproducer uses FAULT_INJECTION to make memory allocation fail, which causes __filemap_get_folio() to fail, when initializing w_folios[i] in ocfs2_grab_folios_for_write(), it only returns an error code and the value of w_folios[i] is the error code, which causes ocfs2_unlock_and_free_folios() to recycle the invalid w_folios[i] when releasing folios. Link: https://lkml.kernel.org/r/20250616013140.3602219-1-lizhi.xu@windriver.com Reported-by: syzbot+c2ea94ae47cd7e3881ec(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=c2ea94ae47cd7e3881ec Signed-off-by: Lizhi Xu <lizhi.xu(a)windriver.com> Reviewed-by: Joseph Qi <joseph.qi(a)linux.alibaba.com> Cc: Mark Fasheh <mark(a)fasheh.com> Cc: Joel Becker <jlbec(a)evilplan.org> Cc: Junxiao Bi <junxiao.bi(a)oracle.com> Cc: Changwei Ge <gechangwei(a)live.cn> Cc: Jun Piao <piaojun(a)huawei.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/ocfs2/aops.c | 1 + 1 file changed, 1 insertion(+) --- a/fs/ocfs2/aops.c~ocfs2-reset-folio-to-null-when-get-folio-fails +++ a/fs/ocfs2/aops.c @@ -1071,6 +1071,7 @@ static int ocfs2_grab_folios_for_write(s if (IS_ERR(wc->w_folios[i])) { ret = PTR_ERR(wc->w_folios[i]); mlog_errno(ret); + wc->w_folios[i] = NULL; goto out; } } _ Patches currently in -mm which might be from lizhi.xu(a)windriver.com are ocfs2-reset-folio-to-null-when-get-folio-fails.patch

1 week, 6 days

1
0
0 0

[PATCH 5.15] xfs: allow inode inactivation during a ro mount log recovery

by Amir Goldstein

From: "Darrick J. Wong" <djwong(a)kernel.org> [ Upstream commit 76e589013fec672c3587d6314f2d1f0aeddc26d9 ] In the next patch, we're going to prohibit log recovery if the primary superblock contains an unrecognized rocompat feature bit even on readonly mounts. This requires removing all the code in the log mounting process that temporarily disables the readonly state. Unfortunately, inode inactivation disables itself on readonly mounts. Clearing the iunlinked lists after log recovery needs inactivation to run to free the unreferenced inodes, which (AFAICT) is the only reason why log mounting plays games with the readonly state in the first place. Therefore, change the inactivation predicates to allow inactivation during log recovery of a readonly mount. Signed-off-by: Darrick J. Wong <djwong(a)kernel.org> Reviewed-by: Dave Chinner <dchinner(a)redhat.com> Stable-dep-of: 74ad4693b647 ("xfs: fix log recovery when unknown rocompat bits are set") Signed-off-by: Amir Goldstein <amir73il(a)gmail.com> --- Sasha, This 5.15 backport is needed to fix a regression introduced to test generic/417 in kernel v5.15.176. With this backport, kernel v5.15.185 passed the fstests quick run. As you may have noticed, 5.15.y (and 5.10.y) are not being actively maintained by xfs stable maintainer who moved their focus to 6.*.y LTS kernels. The $SUBJECT commit is a dependency of commit 74ad4693b647, as hinted by the wording: "In the next patch, we're going to... This requires...". Indeed, Leah has backported commit 74ad4693b647 to 6.1.y along with its dependency, yet somehow, commit 74ad4693b647 found its way to v5.15.176, without the dependency and without the xfs stable review process. Judging by the line: Stable-dep-of: 652f03db897b ("xfs: remove unknown compat feature check in superblock write validation") that exists only in the 5.15.y tree, I deduce that your bot has auto selected this patch in the process of backporting the commit 652f03db897b, which was explicitly marked for stable v4.19+ [1]. I don't know if there is a lesson to be learned from this incident. Applying xfs backports without running fstests regression is always going to be a gamble. I will leave it up to you to decide if anything in the process of applying xfs patches to <= v5.15.y needs to change. Thanks, Amir. [1] https://lore.kernel.org/linux-xfs/ZzFon-0VbKscbGMT@localhost.localdomain/ fs/xfs/xfs_inode.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index 3b36d5569d15..98955cd0de40 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c @@ -32,6 +32,7 @@ #include "xfs_symlink.h" #include "xfs_trans_priv.h" #include "xfs_log.h" +#include "xfs_log_priv.h" #include "xfs_bmap_btree.h" #include "xfs_reflink.h" #include "xfs_ag.h" @@ -1678,8 +1679,11 @@ xfs_inode_needs_inactive( if (VFS_I(ip)->i_mode == 0) return false; - /* If this is a read-only mount, don't do this (would generate I/O) */ - if (xfs_is_readonly(mp)) + /* + * If this is a read-only mount, don't do this (would generate I/O) + * unless we're in log recovery and cleaning the iunlinked list. + */ + if (xfs_is_readonly(mp) && !xlog_recovery_needed(mp->m_log)) return false; /* If the log isn't running, push inodes straight to reclaim. */ @@ -1739,8 +1743,11 @@ xfs_inactive( mp = ip->i_mount; ASSERT(!xfs_iflags_test(ip, XFS_IRECOVERY)); - /* If this is a read-only mount, don't do this (would generate I/O) */ - if (xfs_is_readonly(mp)) + /* + * If this is a read-only mount, don't do this (would generate I/O) + * unless we're in log recovery and cleaning the iunlinked list. + */ + if (xfs_is_readonly(mp) && !xlog_recovery_needed(mp->m_log)) goto out; /* Metadata inodes require explicit resource cleanup. */ -- 2.47.1

1 week, 6 days

2
1
0 0

[PATCH] usb: cdnsp: Fix issue with CV Bad Descriptor test

by Pawel Laszczak

The SSP2 controller has extra endpoint state preserve bit (ESP) which setting causes that endpoint state will be preserved during Halt Endpoint command. It is used only for EP0. Without this bit the Command Verifier "TD 9.10 Bad Descriptor Test" failed. Setting this bit doesn't have any impact for SSP controller. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") cc: stable(a)vger.kernel.org Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> --- drivers/usb/cdns3/cdnsp-debug.h | 5 +++-- drivers/usb/cdns3/cdnsp-ep0.c | 17 ++++++++++++++--- drivers/usb/cdns3/cdnsp-gadget.h | 3 +++ drivers/usb/cdns3/cdnsp-ring.c | 3 ++- 4 files changed, 22 insertions(+), 6 deletions(-) diff --git a/drivers/usb/cdns3/cdnsp-debug.h b/drivers/usb/cdns3/cdnsp-debug.h index cd138acdcce1..86860686d836 100644 --- a/drivers/usb/cdns3/cdnsp-debug.h +++ b/drivers/usb/cdns3/cdnsp-debug.h @@ -327,12 +327,13 @@ static inline const char *cdnsp_decode_trb(char *str, size_t size, u32 field0, case TRB_RESET_EP: case TRB_HALT_ENDPOINT: ret = scnprintf(str, size, - "%s: ep%d%s(%d) ctx %08x%08x slot %ld flags %c", + "%s: ep%d%s(%d) ctx %08x%08x slot %ld flags %c %c", cdnsp_trb_type_string(type), ep_num, ep_id % 2 ? "out" : "in", TRB_TO_EP_INDEX(field3), field1, field0, TRB_TO_SLOT_ID(field3), - field3 & TRB_CYCLE ? 'C' : 'c'); + field3 & TRB_CYCLE ? 'C' : 'c', + field3 & TRB_ESP ? 'P' : 'p'); break; case TRB_STOP_RING: ret = scnprintf(str, size, diff --git a/drivers/usb/cdns3/cdnsp-ep0.c b/drivers/usb/cdns3/cdnsp-ep0.c index f317d3c84781..567ccfdecded 100644 --- a/drivers/usb/cdns3/cdnsp-ep0.c +++ b/drivers/usb/cdns3/cdnsp-ep0.c @@ -414,6 +414,7 @@ static int cdnsp_ep0_std_request(struct cdnsp_device *pdev, void cdnsp_setup_analyze(struct cdnsp_device *pdev) { struct usb_ctrlrequest *ctrl = &pdev->setup; + struct cdnsp_ep *pep; int ret = -EINVAL; u16 len; @@ -428,9 +429,19 @@ void cdnsp_setup_analyze(struct cdnsp_device *pdev) } /* Restore the ep0 to Stopped/Running state. */ - if (pdev->eps[0].ep_state & EP_HALTED) { - trace_cdnsp_ep0_halted("Restore to normal state"); - cdnsp_halt_endpoint(pdev, &pdev->eps[0], 0); + if (pep->ep_state & EP_HALTED) { + /* + * Halt Endpoint Command for SSP2 for ep0 preserve current + * endpoint state and driver has to synchronise the + * software endpointp state with endpoint output context + * state. + */ + if (GET_EP_CTX_STATE(pep->out_ctx) == EP_STATE_HALTED) { + cdnsp_halt_endpoint(pdev, pep, 0); + } else { + pep->ep_state &= ~EP_HALTED; + pep->ep_state |= EP_STOPPED; + } } /* diff --git a/drivers/usb/cdns3/cdnsp-gadget.h b/drivers/usb/cdns3/cdnsp-gadget.h index 2afa3e558f85..c26abef6e1c9 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.h +++ b/drivers/usb/cdns3/cdnsp-gadget.h @@ -987,6 +987,9 @@ enum cdnsp_setup_dev { #define STREAM_ID_FOR_TRB(p) ((((p)) << 16) & GENMASK(31, 16)) #define SCT_FOR_TRB(p) (((p) << 1) & 0x7) +/* Halt Endpoint Command TRB field. */ +#define TRB_ESP BIT(9) + /* Link TRB specific fields. */ #define TRB_TC BIT(1) diff --git a/drivers/usb/cdns3/cdnsp-ring.c b/drivers/usb/cdns3/cdnsp-ring.c index fd06cb85c4ea..d397d28efc6e 100644 --- a/drivers/usb/cdns3/cdnsp-ring.c +++ b/drivers/usb/cdns3/cdnsp-ring.c @@ -2483,7 +2483,8 @@ void cdnsp_queue_halt_endpoint(struct cdnsp_device *pdev, unsigned int ep_index) { cdnsp_queue_command(pdev, 0, 0, 0, TRB_TYPE(TRB_HALT_ENDPOINT) | SLOT_ID_FOR_TRB(pdev->slot_id) | - EP_ID_FOR_TRB(ep_index)); + EP_ID_FOR_TRB(ep_index) | + (!ep_index ? TRB_ESP : 0)); } void cdnsp_force_header_wakeup(struct cdnsp_device *pdev, int intf_num) -- 2.43.0

1 week, 6 days

3
2
0 0

+ fs-proc-task_mmu-fix-page_is_pfnzero-detection-for-the-huge-zero-folio.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: fs/proc/task_mmu: fix PAGE_IS_PFNZERO detection for the huge zero folio has been added to the -mm mm-hotfixes-unstable branch. Its filename is fs-proc-task_mmu-fix-page_is_pfnzero-detection-for-the-huge-zero-folio.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: fs/proc/task_mmu: fix PAGE_IS_PFNZERO detection for the huge zero folio Date: Tue, 17 Jun 2025 16:35:32 +0200 is_zero_pfn() does not work for the huge zero folio. Fix it by using is_huge_zero_pmd(). This can cause the PAGEMAP_SCAN ioctl against /proc/pid/pagemap to omit pages. Found by code inspection. Link: https://lkml.kernel.org/r/20250617143532.2375383-1-david@redhat.com Fixes: 52526ca7fdb9 ("fs/proc/task_mmu: implement IOCTL to get and optionally clear info about PTEs") Signed-off-by: David Hildenbrand <david(a)redhat.com> Cc: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/proc/task_mmu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/proc/task_mmu.c~fs-proc-task_mmu-fix-page_is_pfnzero-detection-for-the-huge-zero-folio +++ a/fs/proc/task_mmu.c @@ -2182,7 +2182,7 @@ static unsigned long pagemap_thp_categor categories |= PAGE_IS_FILE; } - if (is_zero_pfn(pmd_pfn(pmd))) + if (is_huge_zero_pmd(pmd)) categories |= PAGE_IS_PFNZERO; if (pmd_soft_dirty(pmd)) categories |= PAGE_IS_SOFT_DIRTY; _ Patches currently in -mm which might be from david(a)redhat.com are mm-gup-revert-mm-gup-fix-infinite-loop-within-__get_longterm_locked.patch fs-proc-task_mmu-fix-page_is_pfnzero-detection-for-the-huge-zero-folio.patch mm-gup-remove-vm_bug_ons.patch mm-gup-remove-vm_bug_ons-fix.patch mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch mm-huge_memory-dont-mark-refcounted-folios-special-in-vmf_insert_folio_pmd.patch mm-huge_memory-dont-mark-refcounted-folios-special-in-vmf_insert_folio_pud.patch

1 week, 6 days

1
0
0 0

FAILED: patch "[PATCH] kbuild: hdrcheck: fix cross build with clang" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 02e9a22ceef0227175e391902d8760425fa072c6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061706-stylishly-ravioli-ffa1@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 02e9a22ceef0227175e391902d8760425fa072c6 Mon Sep 17 00:00:00 2001 From: Arnd Bergmann <arnd(a)arndb.de> Date: Tue, 25 Feb 2025 11:00:31 +0100 Subject: [PATCH] kbuild: hdrcheck: fix cross build with clang The headercheck tries to call clang with a mix of compiler arguments that don't include the target architecture. When building e.g. x86 headers on arm64, this produces a warning like clang: warning: unknown platform, assuming -mfloat-abi=soft Add in the KBUILD_CPPFLAGS, which contain the target, in order to make it build properly. See also 1b71c2fb04e7 ("kbuild: userprogs: fix bitsize and target detection on clang"). Reviewed-by: Nathan Chancellor <nathan(a)kernel.org> Fixes: feb843a469fb ("kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS") Signed-off-by: Arnd Bergmann <arnd(a)arndb.de> diff --git a/usr/include/Makefile b/usr/include/Makefile index 6c6de1b1622b..e3d6b03527fe 100644 --- a/usr/include/Makefile +++ b/usr/include/Makefile @@ -10,7 +10,7 @@ UAPI_CFLAGS := -std=c90 -Wall -Werror=implicit-function-declaration # In theory, we do not care -m32 or -m64 for header compile tests. # It is here just because CONFIG_CC_CAN_LINK is tested with -m32 or -m64. -UAPI_CFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CFLAGS)) +UAPI_CFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS)) # USERCFLAGS might contain sysroot location for CC. UAPI_CFLAGS += $(USERCFLAGS)

1 week, 6 days

2
1
0 0

FAILED: patch "[PATCH] kbuild: userprogs: fix bitsize and target detection on clang" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1b71c2fb04e7a713abc6edde4a412416ff3158f2 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061733-fineness-scale-bebf@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1b71c2fb04e7a713abc6edde4a412416ff3158f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Wei=C3=9Fschuh?= <thomas.weissschuh(a)linutronix.de> Date: Thu, 13 Feb 2025 15:55:17 +0100 Subject: [PATCH] kbuild: userprogs: fix bitsize and target detection on clang MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit scripts/Makefile.clang was changed in the linked commit to move --target from KBUILD_CFLAGS to KBUILD_CPPFLAGS, as that generally has a broader scope. However that variable is not inspected by the userprogs logic, breaking cross compilation on clang. Use both variables to detect bitsize and target arguments for userprogs. Fixes: feb843a469fb ("kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS") Cc: stable(a)vger.kernel.org Signed-off-by: Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> Reviewed-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> diff --git a/Makefile b/Makefile index 52207bcb1a9d..272db408be5c 100644 --- a/Makefile +++ b/Makefile @@ -1120,8 +1120,8 @@ LDFLAGS_vmlinux += --orphan-handling=$(CONFIG_LD_ORPHAN_WARN_LEVEL) endif # Align the bit size of userspace programs with the kernel -KBUILD_USERCFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CFLAGS)) -KBUILD_USERLDFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CFLAGS)) +KBUILD_USERCFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS)) +KBUILD_USERLDFLAGS += $(filter -m32 -m64 --target=%, $(KBUILD_CPPFLAGS) $(KBUILD_CFLAGS)) # make the checker run with the right architecture CHECKFLAGS += --arch=$(ARCH)

1 week, 6 days

2
1
0 0

+ mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch added to mm-new branch

by Andrew Morton

The patch titled Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung has been added to the -mm mm-new branch. Its filename is mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-new branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Note, mm-new is a provisional staging ground for work-in-progress patches, and acceptance into mm-new is a notification for others take notice and to finish up reviews. Please do not hesitate to respond to review feedback and post updated versions to replace or incrementally fixup patches in mm-new. Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kairui Song <kasong(a)tencent.com> Subject: mm/shmem, swap: improve cached mTHP handling and fix potential hung Date: Wed, 18 Jun 2025 02:35:00 +0800 Patch series "mm/shmem, swap: bugfix and improvement of mTHP swap in". The current mTHP swapin path have several problems. It may potentially hang, may cause redundant faults due to false positive swap cache lookup, and it will involve at least 4 Xarray tree walks (get order, get order again, confirm swap, insert folio). And for !CONFIG_TRANSPARENT_HUGEPAGE builds, it will performs some mTHP related checks. This series fixes all of the mentioned issues, and the code should be more robust and prepared for the swap table series. Now tree walks is reduced to twice (get order & confirm, insert folio) and added more sanity checks and comments. !CONFIG_TRANSPARENT_HUGEPAGE build overhead is also minimized, and comes with a sanity check now. The performance is slightly better after this series, sequential swap in of 24G data from ZRAM, using transparent_hugepage_tmpfs=always (36 samples each): Before: avg: 11.23s, stddev: 0.06 After patch 1: avg: 10.92s, stddev: 0.05 After patch 2: avg: 10.93s, stddev: 0.15 After patch 3: avg: 10.07s, stddev: 0.09 After patch 4: avg: 10.09s, stddev: 0.08 Each patch improves the performance by a little, which is about ~10% faster in total. Build kernel test showed very slightly improvement, testing with make -j24 with defconfig in a 256M memcg also using ZRAM as swap, and transparent_hugepage_tmpfs=always (6 samples each): Before: system time avg: 3945.25s After patch 1: system time avg: 3903.21s After patch 2: system time avg: 3914.76s After patch 3: system time avg: 3907.41s After patch 4: system time avg: 3876.24s Slightly better than noise level given the number of samples. Two of the patches in this series come from the swap table series [1], and it is worth noting that the performance gain of this series is independent of the swap table series, we'll see another bigger performance gain and reduction of memory usage after the swap table series. I found these issues while trying to split the shmem changes out of the swap table series for easier reviewing, and found several more issues while doing stress tests for performance comparision. Barry also mentioned that CONFIG_TRANSPARENT_HUGEPAGE may have redundant checks [2] and I managed to clean them up properly too. No issue is found with a few days of stress testing. This patch (of 4): The current swap-in code assumes that, when a swap entry in shmem mapping is order 0, its cached folios (if present) must be order 0 too, which turns out not always correct. The problem is shmem_split_large_entry is called before verifying the folio will eventually be swapped in, one possible race is: CPU1 CPU2 shmem_swapin_folio /* swap in of order > 0 swap entry S1 */ folio = swap_cache_get_folio /* folio = NULL */ order = xa_get_order /* order > 0 */ folio = shmem_swap_alloc_folio /* mTHP alloc failure, folio = NULL */ <... Interrupted ...> shmem_swapin_folio /* S1 is swapped in */ shmem_writeout /* S1 is swapped out, folio cached */ shmem_split_large_entry(..., S1) /* S1 is split, but the folio covering it has order > 0 now */ Now any following swapin of S1 will hang: `xa_get_order` returns 0, and folio lookup will return a folio with order > 0. The `xa_get_order(&mapping->i_pages, index) != folio_order(folio)` will always return false causing swap-in to return -EEXIST. And this looks fragile. So fix this up by allowing seeing a larger folio in swap cache, and check the whole shmem mapping range covered by the swapin have the right swap value upon inserting the folio. And drop the redundant tree walks before the insertion. This will actually improve the performance, as it avoided two redundant Xarray tree walks in the hot path, and the only side effect is that in the failure path, shmem may redundantly reallocate a few folios causing temporary slight memory pressure. And worth noting, it may seems the order and value check before inserting might help reducing the lock contention, which is not true. The swap cache layer ensures raced swapin will either see a swap cache folio or failed to do a swapin (we have SWAP_HAS_CACHE bit even if swap cache is bypassed), so holding the folio lock and checking the folio flag is already good enough for avoiding the lock contention. The chance that a folio passes the swap entry value check but the shmem mapping slot has changed should be very low. Link: https://lkml.kernel.org/r/20250617183503.10527-1-ryncsn@gmail.com Link: https://lore.kernel.org/linux-mm/20250514201729.48420-1-ryncsn@gmail.com/ [1] Link: https://lore.kernel.org/linux-mm/CAMgjq7AsKFz7UN+seR5atznE_RBTDC9qjDmwN5saM… [2] Link: https://lkml.kernel.org/r/20250617183503.10527-2-ryncsn@gmail.com Fixes: 058313515d5a ("mm: shmem: fix potential data corruption during shmem swapin") Fixes: 809bc86517cc ("mm: shmem: support large folio swap out") Signed-off-by: Kairui Song <kasong(a)tencent.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Baoquan He <bhe(a)redhat.com> Cc: Barry Song <baohua(a)kernel.org> Cc: Chris Li <chrisl(a)kernel.org> Cc: Hugh Dickins <hughd(a)google.com> Cc: Kemeng Shi <shikemeng(a)huaweicloud.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Nhat Pham <nphamcs(a)gmail.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/shmem.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) --- a/mm/shmem.c~mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung +++ a/mm/shmem.c @@ -884,7 +884,9 @@ static int shmem_add_to_page_cache(struc pgoff_t index, void *expected, gfp_t gfp) { XA_STATE_ORDER(xas, &mapping->i_pages, index, folio_order(folio)); - long nr = folio_nr_pages(folio); + unsigned long nr = folio_nr_pages(folio); + swp_entry_t iter, swap; + void *entry; VM_BUG_ON_FOLIO(index != round_down(index, nr), folio); VM_BUG_ON_FOLIO(!folio_test_locked(folio), folio); @@ -896,14 +898,24 @@ static int shmem_add_to_page_cache(struc gfp &= GFP_RECLAIM_MASK; folio_throttle_swaprate(folio, gfp); + swap = iter = radix_to_swp_entry(expected); do { xas_lock_irq(&xas); - if (expected != xas_find_conflict(&xas)) { - xas_set_err(&xas, -EEXIST); - goto unlock; + xas_for_each_conflict(&xas, entry) { + /* + * The range must either be empty, or filled with + * expected swap entries. Shmem swap entries are never + * partially freed without split of both entry and + * folio, so there shouldn't be any holes. + */ + if (!expected || entry != swp_to_radix_entry(iter)) { + xas_set_err(&xas, -EEXIST); + goto unlock; + } + iter.val += 1 << xas_get_order(&xas); } - if (expected && xas_find_conflict(&xas)) { + if (expected && iter.val - nr != swap.val) { xas_set_err(&xas, -EEXIST); goto unlock; } @@ -2323,7 +2335,7 @@ static int shmem_swapin_folio(struct ino error = -ENOMEM; goto failed; } - } else if (order != folio_order(folio)) { + } else if (order > folio_order(folio)) { /* * Swap readahead may swap in order 0 folios into swapcache * asynchronously, while the shmem mapping can still stores @@ -2348,15 +2360,15 @@ static int shmem_swapin_folio(struct ino swap = swp_entry(swp_type(swap), swp_offset(swap) + offset); } + } else if (order < folio_order(folio)) { + swap.val = round_down(swp_type(swap), folio_order(folio)); } alloced: /* We have to do this with folio locked to prevent races */ folio_lock(folio); if ((!skip_swapcache && !folio_test_swapcache(folio)) || - folio->swap.val != swap.val || - !shmem_confirm_swap(mapping, index, swap) || - xa_get_order(&mapping->i_pages, index) != folio_order(folio)) { + folio->swap.val != swap.val) { error = -EEXIST; goto unlock; } _ Patches currently in -mm which might be from kasong(a)tencent.com are mm-shmem-swap-fix-softlockup-with-mthp-swapin.patch mm-shmem-swap-fix-softlockup-with-mthp-swapin-v3.patch mm-userfaultfd-fix-race-of-userfaultfd_move-and-swap-cache.patch mm-list_lru-refactor-the-locking-code.patch mm-shmem-swap-improve-cached-mthp-handling-and-fix-potential-hung.patch mm-shmem-swap-avoid-redundant-xarray-lookup-during-swapin.patch mm-shmem-swap-improve-mthp-swapin-process.patch mm-shmem-swap-avoid-false-positive-swap-cache-lookup.patch

1 week, 6 days

1
0
0 0

[PATCH net] can: tcan4x5x: fix power regulator retrieval during probe

by Marc Kleine-Budde

From: Brett Werling <brett.werling(a)garmin.com> Fixes the power regulator retrieval in tcan4x5x_can_probe() by ensuring the regulator pointer is not set to NULL in the successful return from devm_regulator_get_optional(). Fixes: 3814ca3a10be ("can: tcan4x5x: tcan4x5x_can_probe(): turn on the power before parsing the config") Signed-off-by: Brett Werling <brett.werling(a)garmin.com> Link: https://patch.msgid.link/20250612191825.3646364-1-brett.werling@garmin.com Cc: stable(a)vger.kernel.org Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/m_can/tcan4x5x-core.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/net/can/m_can/tcan4x5x-core.c b/drivers/net/can/m_can/tcan4x5x-core.c index e5c162f8c589..8edaa339d590 100644 --- a/drivers/net/can/m_can/tcan4x5x-core.c +++ b/drivers/net/can/m_can/tcan4x5x-core.c @@ -411,10 +411,11 @@ static int tcan4x5x_can_probe(struct spi_device *spi) priv = cdev_to_priv(mcan_class); priv->power = devm_regulator_get_optional(&spi->dev, "vsup"); - if (PTR_ERR(priv->power) == -EPROBE_DEFER) { - ret = -EPROBE_DEFER; - goto out_m_can_class_free_dev; - } else { + if (IS_ERR(priv->power)) { + if (PTR_ERR(priv->power) == -EPROBE_DEFER) { + ret = -EPROBE_DEFER; + goto out_m_can_class_free_dev; + } priv->power = NULL; } base-commit: 7b4ac12cc929e281cf7edc22203e0533790ebc2b -- 2.47.2

1 week, 6 days

2
1
0 0

[tip: x86/urgent] x86/mm: Disable INVLPGB when PTI is enabled

by tip-bot2 for Dave Hansen

The following commit has been merged into the x86/urgent branch of tip: Commit-ID: 94a17f2dc90bc7eae36c0f478515d4bd1c23e877 Gitweb: https://git.kernel.org/tip/94a17f2dc90bc7eae36c0f478515d4bd1c23e877 Author: Dave Hansen <dave.hansen(a)linux.intel.com> AuthorDate: Tue, 10 Jun 2025 15:24:20 -07:00 Committer: Dave Hansen <dave.hansen(a)linux.intel.com> CommitterDate: Tue, 17 Jun 2025 15:36:57 -07:00 x86/mm: Disable INVLPGB when PTI is enabled PTI uses separate ASIDs (aka. PCIDs) for kernel and user address spaces. When the kernel needs to flush the user address space, it just sets a bit in a bitmap and then flushes the entire PCID on the next switch to userspace. This bitmap is a single 'unsigned long' which is plenty for all 6 dynamic ASIDs. But, unfortunately, the INVLPGB support brings along a bunch more user ASIDs, as many as ~2k more. The bitmap can't address that many. Fortunately, the bitmap is only needed for PTI and all the CPUs with INVLPGB are AMD CPUs that aren't vulnerable to Meltdown and don't need PTI. The only way someone can run into an issue in practice is by booting with pti=on on a newer AMD CPU. Disable INVLPGB if PTI is enabled. Avoid overrunning the small bitmap. Note: this will be fixed up properly by making the bitmap bigger. For now, just avoid the mostly theoretical bug. Fixes: 4afeb0ed1753 ("x86/mm: Enable broadcast TLB invalidation for multi-threaded processes") Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Acked-by: Rik van Riel <riel(a)surriel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/20250610222420.E8CBF472%40davehans-spike.ostc.i… --- arch/x86/mm/pti.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c index 1902998..c0c40b6 100644 --- a/arch/x86/mm/pti.c +++ b/arch/x86/mm/pti.c @@ -98,6 +98,11 @@ void __init pti_check_boottime_disable(void) return; setup_force_cpu_cap(X86_FEATURE_PTI); + + if (cpu_feature_enabled(X86_FEATURE_INVLPGB)) { + pr_debug("PTI enabled, disabling INVLPGB\n"); + setup_clear_cpu_cap(X86_FEATURE_INVLPGB); + } } static int __init pti_parse_cmdline(char *arg)

1 week, 6 days

1
0
0 0

[PATCH v2 0/3] soc: qcom: mdt_loader: Validation and cleanup fixes

by Bjorn Andersson

Signed-off-by: Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com> --- Changes in v2: - Validate e_phentsize and and e_shentsize as well --- Bjorn Andersson (3): soc: qcom: mdt_loader: Ensure we don't read past the ELF header soc: qcom: mdt_loader: Rename mdt_phdr_valid() soc: qcom: mdt_loader: Actually use the e_phoff drivers/soc/qcom/mdt_loader.c | 63 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 53 insertions(+), 10 deletions(-) --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250604-mdt-loader-validation-and-fixes-5c3267f5b19f Best regards, -- Bjorn Andersson <bjorn.andersson(a)oss.qualcomm.com>

1 week, 6 days

3
3
0 0

[REGRESSION] stable-rc/linux-6.12.y: (build) ‘lvts_debugfs_exit’ defined but not used [-Werror=unused-function]...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.12.y: --- ‘lvts_debugfs_exit’ defined but not used [-Werror=unused-function] in drivers/thermal/mediatek/lvts_thermal.o (drivers/thermal/mediatek/lvts_thermal.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:fb8aae5340da55b6254442f0858147bf5f0b39dc - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 519e0647630e07972733e99a0dc82065a65736ea Log excerpt: ===================================================== drivers/thermal/mediatek/lvts_thermal.c:262:13: error: ‘lvts_debugfs_exit’ defined but not used [-Werror=unused-function] 262 | static void lvts_debugfs_exit(struct lvts_domain *lvts_td) { } | ^~~~~~~~~~~~~~~~~ CC [M] drivers/watchdog/softdog.o cc1: all warnings being treated as errors ===================================================== # Builds where the incident occurred: ## cros://chromeos-6.6/arm64/chromiumos-mediatek.flavour.config+lab-setup+arm64-chromebook+CONFIG_MODULE_COMPRESS=n+CONFIG_MODULE_COMPRESS_NONE=y on (arm64): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:685194ac5c2cf25042b9c1a8 #kernelci issue maestro:fb8aae5340da55b6254442f0858147bf5f0b39dc Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 week, 6 days

1
0
0 0

Request for backport of 358de8b4f201 to LTS kernels

by Chuck Lever

Hi Greg & Sasha ! I ran into some trouble in my nightly CI systems that test v6.6.y and v6.1.y. Using "make binrpm-pkg" followed by "rpm -iv ..." results in the test systems being unbootable because the vmlinuz file is never copied to /boot. The test systems are imaged with Fedora 39. I found a related Fedora bug: https://bugzilla.redhat.com/show_bug.cgi?id=2239008 It appears there is a missing fix in LTS kernels. I bisected the kernel fix to: 358de8b4f201 ("kbuild: rpm-pkg: simplify installkernel %post") which includes a "Cc: stable" tag but does not appear in origin/linux-6.6.y, origin/linux-6.1.y, or origin/5.15.y (I did not look further back than that). Would it be appropriate to apply 358de8b4f201 to LTS kernels? -- Chuck Lever

1 week, 6 days

2
3
0 0

[PATCH v2] sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

by Jeff Layton

tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC reply fails in such a way that SVC_GARBAGE is returned without setting the rq_accept_statp pointer, then that pointer can be dereferenced and a value stored there. If it's the first time the thread has processed an RPC, then that pointer will be set to NULL and the kernel will crash. In other cases, it could create a memory scribble. The server sunrpc code treats a SVC_GARBAGE return from svc_authenticate or pg_authenticate as if it should send a GARBAGE_ARGS reply. RFC 5531 says that if authentication fails that the RPC should be rejected instead with a status of AUTH_ERR. Handle a SVC_GARBAGE return as an AUTH_ERROR, with a reason of AUTH_BADCRED instead of returning GARBAGE_ARGS in that case. This sidesteps the whole problem of touching the rpc_accept_statp pointer in this situation and avoids the crash. Cc: stable(a)vger.kernel.org # v6.9+ Fixes: 29cd2927fb91 ("SUNRPC: Fix encoding of accepted but unsuccessful RPC replies") Reported-by: tianshuo han <hantianshuo233(a)gmail.com> Signed-off-by: Jeff Layton <jlayton(a)kernel.org> --- This should be more correct. Unfortunately, I don't know of any testcases for low-level RPC error handling. That seems like something that would be nice to do with pynfs or similar though. --- Changes in v2: - Fix endianness of rq_accept_statp assignment - Better describe the way the crash happens and how this fixes it - point Fixes: tag at correct patch - add Cc: stable tag --- net/sunrpc/svc.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c index 939b6239df8ab6229ce34836d77d3a6b983fbbb7..99050ab1435148ac5d52b697ab1a771b9e948143 100644 --- a/net/sunrpc/svc.c +++ b/net/sunrpc/svc.c @@ -1375,7 +1375,8 @@ svc_process_common(struct svc_rqst *rqstp) case SVC_OK: break; case SVC_GARBAGE: - goto err_garbage_args; + rqstp->rq_auth_stat = rpc_autherr_badcred; + goto err_bad_auth; case SVC_SYSERR: goto err_system_err; case SVC_DENIED: @@ -1516,14 +1517,6 @@ svc_process_common(struct svc_rqst *rqstp) *rqstp->rq_accept_statp = rpc_proc_unavail; goto sendit; -err_garbage_args: - svc_printk(rqstp, "failed to decode RPC header\n"); - - if (serv->sv_stats) - serv->sv_stats->rpcbadfmt++; - *rqstp->rq_accept_statp = rpc_garbage_args; - goto sendit; - err_system_err: if (serv->sv_stats) serv->sv_stats->rpcbadfmt++; --- base-commit: 9afe652958c3ee88f24df1e4a97f298afce89407 change-id: 20250617-rpc-6-16-cc7a23e9c961 Best regards, -- Jeff Layton <jlayton(a)kernel.org>

1 week, 6 days

2
1
0 0

FAILED: patch "[PATCH] rust: compile libcore with edition 2024 for 1.87+" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x f4daa80d6be7d3c55ca72a8e560afc4e21f886aa # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061734-shale-reliably-8969@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f4daa80d6be7d3c55ca72a8e560afc4e21f886aa Mon Sep 17 00:00:00 2001 From: Gary Guo <gary(a)garyguo.net> Date: Sat, 17 May 2025 09:55:59 +0100 Subject: [PATCH] rust: compile libcore with edition 2024 for 1.87+ Rust 1.87 (released on 2025-05-15) compiles core library with edition 2024 instead of 2021 [1]. Ensure that the edition matches libcore's expectation to avoid potential breakage. [ J3m3 reported in Zulip [2] that the `rust-analyzer` target was broken after this patch -- indeed, we need to avoid `core-cfgs` since those are passed to the `rust-analyzer` target. So, instead, I tweaked the patch to create a new `core-edition` variable and explicitly mention the `--edition` flag instead of reusing `core-cfg`s. In addition, pass a new argument using this new variable to `generate_rust_analyzer.py` so that we set the right edition there. By the way, for future reference: the `filter-out` change is needed for Rust < 1.87, since otherwise we would skip the `--edition=2021` we just added, ending up with no edition flag, and thus the compiler would default to the 2015 one. [2] https://rust-for-linux.zulipchat.com/#narrow/channel/291565/topic/x/near/52… - Miguel ] Cc: stable(a)vger.kernel.org # Needed in 6.12.y and later (Rust is pinned in older LTSs). Link: https://github.com/rust-lang/rust/pull/138162 [1] Reported-by: est31 <est31(a)protonmail.com> Closes: https://github.com/Rust-for-Linux/linux/issues/1163 Signed-off-by: Gary Guo <gary(a)garyguo.net> Link: https://lore.kernel.org/r/20250517085600.2857460-1-gary@garyguo.net Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> diff --git a/rust/Makefile b/rust/Makefile index f207ba0ed466..d62b58d0a55c 100644 --- a/rust/Makefile +++ b/rust/Makefile @@ -60,6 +60,8 @@ endif core-cfgs = \ --cfg no_fp_fmt_parse +core-edition := $(if $(call rustc-min-version,108700),2024,2021) + # `rustc` recognizes `--remap-path-prefix` since 1.26.0, but `rustdoc` only # since Rust 1.81.0. Moreover, `rustdoc` ICEs on out-of-tree builds since Rust # 1.82.0 (https://github.com/rust-lang/rust/issues/138520). Thus workaround both @@ -106,8 +108,8 @@ rustdoc-macros: $(src)/macros/lib.rs FORCE # Starting with Rust 1.82.0, skipping `-Wrustdoc::unescaped_backticks` should # not be needed -- see https://github.com/rust-lang/rust/pull/128307. -rustdoc-core: private skip_flags = -Wrustdoc::unescaped_backticks -rustdoc-core: private rustc_target_flags = $(core-cfgs) +rustdoc-core: private skip_flags = --edition=2021 -Wrustdoc::unescaped_backticks +rustdoc-core: private rustc_target_flags = --edition=$(core-edition) $(core-cfgs) rustdoc-core: $(RUST_LIB_SRC)/core/src/lib.rs FORCE +$(call if_changed,rustdoc) @@ -416,7 +418,7 @@ quiet_cmd_rustc_library = $(if $(skip_clippy),RUSTC,$(RUSTC_OR_CLIPPY_QUIET)) L cmd_rustc_library = \ OBJTREE=$(abspath $(objtree)) \ $(if $(skip_clippy),$(RUSTC),$(RUSTC_OR_CLIPPY)) \ - $(filter-out $(skip_flags),$(rust_flags) $(rustc_target_flags)) \ + $(filter-out $(skip_flags),$(rust_flags)) $(rustc_target_flags) \ --emit=dep-info=$(depfile) --emit=obj=$@ \ --emit=metadata=$(dir $@)$(patsubst %.o,lib%.rmeta,$(notdir $@)) \ --crate-type rlib -L$(objtree)/$(obj) \ @@ -427,7 +429,7 @@ quiet_cmd_rustc_library = $(if $(skip_clippy),RUSTC,$(RUSTC_OR_CLIPPY_QUIET)) L rust-analyzer: $(Q)MAKEFLAGS= $(srctree)/scripts/generate_rust_analyzer.py \ - --cfgs='core=$(core-cfgs)' \ + --cfgs='core=$(core-cfgs)' $(core-edition) \ $(realpath $(srctree)) $(realpath $(objtree)) \ $(rustc_sysroot) $(RUST_LIB_SRC) $(if $(KBUILD_EXTMOD),$(srcroot)) \ > rust-project.json @@ -483,9 +485,9 @@ $(obj)/helpers/helpers.o: $(src)/helpers/helpers.c $(recordmcount_source) FORCE $(obj)/exports.o: private skip_gendwarfksyms = 1 $(obj)/core.o: private skip_clippy = 1 -$(obj)/core.o: private skip_flags = -Wunreachable_pub +$(obj)/core.o: private skip_flags = --edition=2021 -Wunreachable_pub $(obj)/core.o: private rustc_objcopy = $(foreach sym,$(redirect-intrinsics),--redefine-sym $(sym)=__rust$(sym)) -$(obj)/core.o: private rustc_target_flags = $(core-cfgs) +$(obj)/core.o: private rustc_target_flags = --edition=$(core-edition) $(core-cfgs) $(obj)/core.o: $(RUST_LIB_SRC)/core/src/lib.rs \ $(wildcard $(objtree)/include/config/RUSTC_VERSION_TEXT) FORCE +$(call if_changed_rule,rustc_library) diff --git a/scripts/generate_rust_analyzer.py b/scripts/generate_rust_analyzer.py index fe663dd0c43b..7c3ea2b55041 100755 --- a/scripts/generate_rust_analyzer.py +++ b/scripts/generate_rust_analyzer.py @@ -19,7 +19,7 @@ def args_crates_cfgs(cfgs): return crates_cfgs -def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs): +def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs, core_edition): # Generate the configuration list. cfg = [] with open(objtree / "include" / "generated" / "rustc_cfg") as fd: @@ -35,7 +35,7 @@ def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs): crates_indexes = {} crates_cfgs = args_crates_cfgs(cfgs) - def append_crate(display_name, root_module, deps, cfg=[], is_workspace_member=True, is_proc_macro=False): + def append_crate(display_name, root_module, deps, cfg=[], is_workspace_member=True, is_proc_macro=False, edition="2021"): crate = { "display_name": display_name, "root_module": str(root_module), @@ -43,7 +43,7 @@ def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs): "is_proc_macro": is_proc_macro, "deps": [{"crate": crates_indexes[dep], "name": dep} for dep in deps], "cfg": cfg, - "edition": "2021", + "edition": edition, "env": { "RUST_MODFILE": "This is only for rust-analyzer" } @@ -61,6 +61,7 @@ def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs): display_name, deps, cfg=[], + edition="2021", ): append_crate( display_name, @@ -68,12 +69,13 @@ def generate_crates(srctree, objtree, sysroot_src, external_src, cfgs): deps, cfg, is_workspace_member=False, + edition=edition, ) # NB: sysroot crates reexport items from one another so setting up our transitive dependencies # here is important for ensuring that rust-analyzer can resolve symbols. The sources of truth # for this dependency graph are `(sysroot_src / crate / "Cargo.toml" for crate in crates)`. - append_sysroot_crate("core", [], cfg=crates_cfgs.get("core", [])) + append_sysroot_crate("core", [], cfg=crates_cfgs.get("core", []), edition=core_edition) append_sysroot_crate("alloc", ["core"]) append_sysroot_crate("std", ["alloc", "core"]) append_sysroot_crate("proc_macro", ["core", "std"]) @@ -177,6 +179,7 @@ def main(): parser = argparse.ArgumentParser() parser.add_argument('--verbose', '-v', action='store_true') parser.add_argument('--cfgs', action='append', default=[]) + parser.add_argument("core_edition") parser.add_argument("srctree", type=pathlib.Path) parser.add_argument("objtree", type=pathlib.Path) parser.add_argument("sysroot", type=pathlib.Path) @@ -193,7 +196,7 @@ def main(): assert args.sysroot in args.sysroot_src.parents rust_project = { - "crates": generate_crates(args.srctree, args.objtree, args.sysroot_src, args.exttree, args.cfgs), + "crates": generate_crates(args.srctree, args.objtree, args.sysroot_src, args.exttree, args.cfgs, args.core_edition), "sysroot": str(args.sysroot), }

1 week, 6 days

3
3
0 0

[REGRESSION] stable-rc/linux-5.4.y: (build) clang: error: assembler command failed with exit code 1 (use -v to...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.4.y: --- clang: error: assembler command failed with exit code 1 (use -v to see invocation) in drivers/firmware/qcom_scm-32.o (scripts/Makefile.build:262) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:e1ce6e2cb61e68ec7bf14991570487d713f77e0a - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: e2f5a2e75b315706dd2d1d50a4313e5785eb189d Log excerpt: ===================================================== CC drivers/firmware/qcom_scm-32.o CC lib/idr.o CC drivers/gpu/host1x/debug.o CC drivers/clk/rockchip/clk-rk3328.o CC drivers/clk/rockchip/clk-rk3368.o CC lib/ioremap.o CC drivers/gpu/drm/drm_probe_helper.o CC drivers/clk/rockchip/clk-rk3399.o /tmp/qcom_scm-32-2d4d72.s: Assembler messages: /tmp/qcom_scm-32-2d4d72.s:56: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:69: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:173: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:394: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:545: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:930: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:1070: Error: selected processor does not support `smc #0' in ARM mode /tmp/qcom_scm-32-2d4d72.s:1117: Error: selected processor does not support `smc #0' in ARM mode clang: error: assembler command failed with exit code 1 (use -v to see invocation) ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:685191885c2cf25042b9bb39 ## multi_v7_defconfig on (arm): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:685191845c2cf25042b9bb35 #kernelci issue maestro:e1ce6e2cb61e68ec7bf14991570487d713f77e0a Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 week, 6 days

1
0
0 0

[REGRESSION] stable-rc/linux-6.1.y: (build) stack frame size (2488) exceeds limit (2048) in 'dml31_ModeSupport...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-6.1.y: --- stack frame size (2488) exceeds limit (2048) in 'dml31_ModeSupportAndSystemConfigurationFull' [-Werror,-Wframe-larger-than] in drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn31/display_mode_vba_31.o (drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn31/display_mode_vba_31.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:69fb66ef80a96ff4750a9dacf73be24a7cbe888e - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: 2c86adab41e98d103953bf8c447202c9147150ab Log excerpt: ===================================================== drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn31/display_mode_vba_31.c:3795:6: error: stack frame size (2488) exceeds limit (2048) in 'dml31_ModeSupportAndSystemConfigurationFull' [-Werror,-Wframe-larger-than] 3795 | void dml31_ModeSupportAndSystemConfigurationFull(struct display_mode_lib *mode_lib) | ^ CC drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn303/dcn303_fpu.o 1 error generated. CC drivers/gpu/drm/amd/amdgpu/../display/dc/dml/dcn314/dcn314_fpu.o ===================================================== # Builds where the incident occurred: ## x86_64_defconfig+kselftest+x86-board on (x86_64): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:685193725c2cf25042b9bcc9 #kernelci issue maestro:69fb66ef80a96ff4750a9dacf73be24a7cbe888e Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 week, 6 days

1
0
0 0

[REGRESSION] stable-rc/linux-5.4.y: (build) in drivers/firmware/qcom_scm-32.o (scripts/Makefile.build:262) [lo...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.4.y: --- in drivers/firmware/qcom_scm-32.o (scripts/Makefile.build:262) [logspec:kbuild,kbuild.compiler] --- - dashboard: https://d.kernelci.org/i/maestro:04c1ce2921a16b59c7329a6026c59ea7942ef691 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: e2f5a2e75b315706dd2d1d50a4313e5785eb189d Log excerpt: ===================================================== CC drivers/firmware/qcom_scm-32.o CC drivers/firmware/trusted_foundations.o CC drivers/clk/qcom/clk-regmap.o CC drivers/gpio/gpio-pl061.o CC kernel/resource.o CC kernel/sysctl.o /tmp/ccsKkK07.s: Assembler messages: /tmp/ccsKkK07.s:45: Error: selected processor does not support `smc #0' in ARM mode /tmp/ccsKkK07.s:94: Error: selected processor does not support `smc #0' in ARM mode /tmp/ccsKkK07.s:160: Error: selected processor does not support `smc #0' in ARM mode /tmp/ccsKkK07.s:296: Error: selected processor does not support `smc #0' in ARM mode ===================================================== # Builds where the incident occurred: ## multi_v7_defconfig on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:685191a35c2cf25042b9bb4f ## multi_v7_defconfig+kselftest on (arm): - compiler: gcc-12 - dashboard: https://d.kernelci.org/build/maestro:685191ab5c2cf25042b9bb56 #kernelci issue maestro:04c1ce2921a16b59c7329a6026c59ea7942ef691 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 week, 6 days

1
0
0 0

[REGRESSION] stable-rc/linux-5.15.y: (build) integer literal is too large to be represented in type 'long', int...

by KernelCI bot

Hello, New build issue found on stable-rc/linux-5.15.y: --- integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] in drivers/gpu/drm/meson/meson_vclk.o (drivers/gpu/drm/meson/meson_vclk.c) [logspec:kbuild,kbuild.compiler.error] --- - dashboard: https://d.kernelci.org/i/maestro:ae3b0334acd91200d6ced325a381bafac2d46493 - giturl: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git - commit HEAD: d99cd6f3a570e2f93e8f966b8ca772ef3da54fe2 Log excerpt: ===================================================== drivers/gpu/drm/meson/meson_vclk.c:399:15: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 399 | .pll_freq = 2970000000, | ^ drivers/gpu/drm/meson/meson_vclk.c:411:15: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 411 | .pll_freq = 2970000000, | ^ drivers/gpu/drm/meson/meson_vclk.c:423:15: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 423 | .pll_freq = 2970000000, | ^ drivers/gpu/drm/meson/meson_vclk.c:436:15: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 436 | .phy_freq = 2970000000, | ^ drivers/gpu/drm/meson/meson_vclk.c:460:15: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 460 | .phy_freq = 2970000000, | ^ CC [M] net/dccp/feat.o drivers/gpu/drm/meson/meson_vclk.c:850:8: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 850 | case 2970000000: | ^ drivers/gpu/drm/meson/meson_vclk.c:868:8: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 868 | case 2970000000: | ^ drivers/gpu/drm/meson/meson_vclk.c:885:8: error: integer literal is too large to be represented in type 'long', interpreting as 'unsigned long' per C89; this literal will have type 'long long' in C99 onwards [-Werror,-Wc99-compat] 885 | case 2970000000: | ^ 8 errors generated. ===================================================== # Builds where the incident occurred: ## defconfig+allmodconfig+CONFIG_FRAME_WARN=2048 on (arm): - compiler: clang-17 - dashboard: https://d.kernelci.org/build/maestro:685192b15c2cf25042b9bc2e #kernelci issue maestro:ae3b0334acd91200d6ced325a381bafac2d46493 Reported-by: kernelci.org bot <bot(a)kernelci.org> -- This is an experimental report format. Please send feedback in! Talk to us at kernelci(a)lists.linux.dev Made with love by the KernelCI team - https://kernelci.org

1 week, 6 days

1
0
0 0

[PATCH v2] serial: core: restore of_node information in sysfs

by Aidan Stewart

Since in v6.8-rc1, the of_node symlink under tty devices is missing. This breaks any udev rules relying on this information. Link the of_node information in the serial controller device with the parent defined in the device tree. This will also apply to the serial device which takes the serial controller as a parent device. Fixes: b286f4e87e32 ("serial: core: Move tty and serdev to be children of serial core port device") Cc: stable(a)vger.kernel.org Signed-off-by: Aidan Stewart <astewart(a)tektelic.com> --- v1 -> v2: - v1: https://lore.kernel.org/linux-serial/20250616162154.9057-1-astewart@tekteli… - Remove IS_ENABLED(CONFIG_OF) check. --- drivers/tty/serial/serial_base_bus.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/tty/serial/serial_base_bus.c b/drivers/tty/serial/serial_base_bus.c index 5d1677f1b651..cb3b127b06b6 100644 --- a/drivers/tty/serial/serial_base_bus.c +++ b/drivers/tty/serial/serial_base_bus.c @@ -72,6 +72,7 @@ static int serial_base_device_init(struct uart_port *port, dev->parent = parent_dev; dev->bus = &serial_base_bus_type; dev->release = release; + device_set_of_node_from_dev(dev, parent_dev); if (!serial_base_initialized) { dev_dbg(port->dev, "uart_add_one_port() called before arch_initcall()?\n"); -- 2.49.0

1 week, 6 days

1
0
0 0

[PATCH 6.12.y 0/2] Kunit to check the longest symbol length

by Sergio González Collado

The longest length of a symbol (KSYM_NAME_LEN) was increased to 512 in the reference [1]. Because in Rust symbols can become quite long due to namespacing introduced by modules, types, traits, generics, etc. This patch series presents two commits that implement a test to verify that a symbol with KSYM_NAME_LEN of 512 can be read. The first commit: To check that symbol length was valid, the commit implements a kunit test that verifies that a symbol of 512 length can be read. The second commit: There was a warning when building with clang because there was a definition of unlikely from compiler.h in tools/include/linux, which conflicted with the one in the instruction decoder selftest. [1] https://lore.kernel.org/lkml/20220802015052.10452-6-ojeda@kernel.org/ --- Nathan Chancellor (1): x86/tools: Drop duplicate unlikely() definition in insn_decoder_test.c Sergio González Collado (1): Kunit to check the longest symbol length arch/x86/tools/insn_decoder_test.c | 5 +- lib/Kconfig.debug | 9 ++++ lib/Makefile | 2 + lib/longest_symbol_kunit.c | 82 ++++++++++++++++++++++++++++++ 4 files changed, 95 insertions(+), 3 deletions(-) create mode 100644 lib/longest_symbol_kunit.c base-commit: ba9210b8c96355a16b78e1b890dce78f284d6f31 -- 2.39.2

1 week, 6 days

4
11
0 0

[PATCH] serial: core: restore of_node information in sysfs

by Aidan Stewart

Since in v6.8-rc1, the of_node symlink under tty devices is missing. This breaks any udev rules relying on this information. Link the of_node information in the serial controller device with the parent defined in the device tree. This will also apply to the serial device which takes the serial controller as a parent device. Fixes: b286f4e87e32 ("serial: core: Move tty and serdev to be children of serial core port device") Cc: stable(a)vger.kernel.org Signed-off-by: Aidan Stewart <astewart(a)tektelic.com> --- drivers/tty/serial/serial_base_bus.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/tty/serial/serial_base_bus.c b/drivers/tty/serial/serial_base_bus.c index 5d1677f1b651..0e4bf7a3e775 100644 --- a/drivers/tty/serial/serial_base_bus.c +++ b/drivers/tty/serial/serial_base_bus.c @@ -73,6 +73,10 @@ static int serial_base_device_init(struct uart_port *port, dev->bus = &serial_base_bus_type; dev->release = release; + if (IS_ENABLED(CONFIG_OF)) { + device_set_of_node_from_dev(dev, parent_dev); + } + if (!serial_base_initialized) { dev_dbg(port->dev, "uart_add_one_port() called before arch_initcall()?\n"); return -EPROBE_DEFER; -- 2.49.0

1 week, 6 days

2
3
0 0

FAILED: patch "[PATCH] usb: cdnsp: Fix issue with detecting command completion event" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x f4ecdc352646f7d23f348e5c544dbe3212c94fc8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061708-cameo-caring-38a0@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f4ecdc352646f7d23f348e5c544dbe3212c94fc8 Mon Sep 17 00:00:00 2001 From: Pawel Laszczak <pawell(a)cadence.com> Date: Tue, 13 May 2025 05:30:09 +0000 Subject: [PATCH] usb: cdnsp: Fix issue with detecting command completion event In some cases, there is a small-time gap in which CMD_RING_BUSY can be cleared by controller but adding command completion event to event ring will be delayed. As the result driver will return error code. This behavior has been detected on usbtest driver (test 9) with configuration including ep1in/ep1out bulk and ep2in/ep2out isoc endpoint. Probably this gap occurred because controller was busy with adding some other events to event ring. The CMD_RING_BUSY is cleared to '0' when the Command Descriptor has been executed and not when command completion event has been added to event ring. To fix this issue for this test the small delay is sufficient less than 10us) but to make sure the problem doesn't happen again in the future the patch introduces 10 retries to check with delay about 20us before returning error code. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") Cc: stable <stable(a)kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> Acked-by: Peter Chen <peter.chen(a)kernel.org> Link: https://lore.kernel.org/r/PH7PR07MB9538AA45362ACCF1B94EE9B7DD96A@PH7PR07MB9… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/cdns3/cdnsp-gadget.c b/drivers/usb/cdns3/cdnsp-gadget.c index cd1e00daf43f..55f95f41b3b4 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.c +++ b/drivers/usb/cdns3/cdnsp-gadget.c @@ -548,6 +548,7 @@ int cdnsp_wait_for_cmd_compl(struct cdnsp_device *pdev) dma_addr_t cmd_deq_dma; union cdnsp_trb *event; u32 cycle_state; + u32 retry = 10; int ret, val; u64 cmd_dma; u32 flags; @@ -579,8 +580,23 @@ int cdnsp_wait_for_cmd_compl(struct cdnsp_device *pdev) flags = le32_to_cpu(event->event_cmd.flags); /* Check the owner of the TRB. */ - if ((flags & TRB_CYCLE) != cycle_state) + if ((flags & TRB_CYCLE) != cycle_state) { + /* + * Give some extra time to get chance controller + * to finish command before returning error code. + * Checking CMD_RING_BUSY is not sufficient because + * this bit is cleared to '0' when the Command + * Descriptor has been executed by controller + * and not when command completion event has + * be added to event ring. + */ + if (retry--) { + udelay(20); + continue; + } + return -EINVAL; + } cmd_dma = le64_to_cpu(event->event_cmd.cmd_trb);

1 week, 6 days

2
1
0 0

[PATCH v7 0/5] media: uvcvideo: Introduce V4L2_META_FMT_UVC_MSXU_1_5 + other meta fixes

by Ricardo Ribalda

This series introduces a new metadata format for UVC cameras and adds a couple of improvements to the UVC metadata handling. The new metadata format can be enabled in runtime with quirks. Signed-off-by: Ricardo Ribalda <ribalda(a)chromium.org> --- Changes in v7: - Add patch: Introduce dev->meta_formats - Link to v6: https://lore.kernel.org/r/20250604-uvc-meta-v6-0-7141d48c322c@chromium.org Changes in v6 (Thanks Laurent): - Fix typo in metafmt-uvc.rst - Improve metafmt-uvc-msxu-1-5.rst - uvc_meta_v4l2_try_format() block MSXU format unless the quirk is active - Refactor uvc_enable_msxu - Document uvc_meta_detect_msxu - Rebase series - Add R-b - Link to v5: https://lore.kernel.org/r/20250404-uvc-meta-v5-0-f79974fc2d20@chromium.org Changes in v5: - Fix codestyle and kerneldoc warnings reported by media-ci - Link to v4: https://lore.kernel.org/r/20250403-uvc-meta-v4-0-877aa6475975@chromium.org Changes in v4: - Rename format to V4L2_META_FMT_UVC_MSXU_1_5 (Thanks Mauro) - Flag the new format with a quirk. - Autodetect MSXU devices. - Link to v3: https://lore.kernel.org/linux-media/20250313-uvc-metadata-v3-0-c467af869c60… Changes in v3: - Fix doc syntax errors. - Link to v2: https://lore.kernel.org/r/20250306-uvc-metadata-v2-0-7e939857cad5@chromium.… Changes in v2: - Add metadata invalid fix - Move doc note to a separate patch - Introduce V4L2_META_FMT_UVC_CUSTOM (thanks HdG!). - Link to v1: https://lore.kernel.org/r/20250226-uvc-metadata-v1-1-6cd6fe5ec2cb@chromium.… --- Ricardo Ribalda (5): media: uvcvideo: Do not mark valid metadata as invalid media: Documentation: Add note about UVCH length field media: uvcvideo: Introduce dev->meta_formats media: uvcvideo: Introduce V4L2_META_FMT_UVC_MSXU_1_5 media: uvcvideo: Auto-set UVC_QUIRK_MSXU_META .../userspace-api/media/v4l/meta-formats.rst | 1 + .../media/v4l/metafmt-uvc-msxu-1-5.rst | 23 ++++ .../userspace-api/media/v4l/metafmt-uvc.rst | 4 +- MAINTAINERS | 1 + drivers/media/usb/uvc/uvc_driver.c | 7 ++ drivers/media/usb/uvc/uvc_metadata.c | 133 +++++++++++++++++++-- drivers/media/usb/uvc/uvc_video.c | 12 +- drivers/media/usb/uvc/uvcvideo.h | 3 + drivers/media/v4l2-core/v4l2-ioctl.c | 1 + include/linux/usb/uvc.h | 3 + include/uapi/linux/videodev2.h | 1 + 11 files changed, 175 insertions(+), 14 deletions(-) --- base-commit: c3021d6a80ff05034dfee494115ec71f1954e311 change-id: 20250403-uvc-meta-e556773d12ae Best regards, -- Ricardo Ribalda <ribalda(a)chromium.org>

1 week, 6 days

1
1
0 0

Re: Patch "tcp: reorganize tcp_in_ack_event() and tcp_count_delivered()" has been added to the 6.6-stable tree

by Eric Dumazet

On Thu, May 22, 2025 at 3:44 PM Sasha Levin <sashal(a)kernel.org> wrote: > > This is a note to let you know that I've just added the patch titled > > tcp: reorganize tcp_in_ack_event() and tcp_count_delivered() > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > tcp-reorganize-tcp_in_ack_event-and-tcp_count_delive.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > May I ask why this patch was backported to stable versions ? This is causing a packetdrill test to fail. Ilpo, can you take a look ? # packetdrill --ip_version=ipv6 --mtu=1520 dctcp-plb-simple.pkt dctcp-plb-simple.pkt:49: error handling packet: inconsistent flowlabels for this packet: expected: 0x1c50c vs actual: 0xb867c script packet: 0.032224 P.W 5001:6001(1000) ack 1 <nop,nop,TS val 100 ecr 100> actual packet: 0.032209 P.W 5001:6001(1000) ack 1 win 255 <nop,nop,TS val 124 ecr 100> $ cat dctcp-plb-simple.pkt // DCTCP PLB Test // Check that DCTCP rehashes based on PLB congestion conditions `sysctl -qw net/ipv4/tcp_ecn=1 \ net/ipv4/tcp_congestion_control=dctcp \ net/ipv4/tcp_plb_enabled=1 \ net/ipv4/tcp_rmem="4096 131072 15000000"` // Initialize connection 0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3 +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 +0 bind(3, ..., ...) = 0 +0 listen(3, 1) = 0 // ECN handshake: send EW flags in SYN packet, E flag in SYN-ACK response +0 < SEW 0:0(0) win 32792 <mss 1460,sackOK,TS val 100 ecr 100,nop,wscale 6> +0 > (flowlabel 0x1) SE. 0:0(0) ack 1 <mss 1460,sackOK,TS val 100 ecr 100,nop,wscale 8> +0 < . 1:1(0) ack 1 win 257 +0 accept(3, ..., ...) = 4 +0 getsockopt(4, IPPROTO_TCP, TCP_CONGESTION, "dctcp", [5]) = 0 +0 write(4, ..., 1000) = 1000 +0 > (flowlabel 0x1) P. 1:1001(1000) ack 1 <nop,nop,TS val 100 ecr 100> +0 < . 1:1(0) ack 1001 win 1000 <nop,nop,TS val 100 ecr 100> // no ECN mark, flowlabel won't change. +0 write(4, ..., 1000) = 1000 +0 > (flowlabel 0x1) P. 1001:2001(1000) ack 1 <nop,nop,TS val 100 ecr 100> +0 < . 1:1(0) ack 2001 win 1000 <nop,nop,TS val 100 ecr 100> // No packets ECN-marked. +0 write(4, ..., 1000) = 1000 +0 > (flowlabel 0x1) P. 2001:3001(1000) ack 1 <nop,nop,TS val 100 ecr 100> +0 < E. 1:1(0) ack 3001 win 1000 <nop,nop,TS val 100 ecr 100> // ECN-marked. 1 congested round. +0 write(4, ..., 1000) = 1000 +0 > (flowlabel 0x1) PW. 3001:4001(1000) ack 1 <nop,nop,TS val 100 ecr 100> +0 < E. 1:1(0) ack 4001 win 1000 <nop,nop,TS val 100 ecr 100> // ECN-marked. 2 congested round. +0 write(4, ..., 1000) = 1000 +0 > (flowlabel 0x1) PW. 4001:5001(1000) ack 1 <nop,nop,TS val 100 ecr 100> +0 < E. 1:1(0) ack 5001 win 1000 <nop,nop,TS val 100 ecr 100> // ECN-marked. 3 congested round. +0 write(4, ..., 1000) = 1000 // Flowlabel will change next round +0 > (flowlabel 0x1) PW. 5001:6001(1000) ack 1 <nop,nop,TS val 100 ecr 100> +0 < . 1:1(0) ack 6001 win 1000 <nop,nop,TS val 100 ecr 100> // No packets ECN-marked. 0 congested round. +0 write(4, ..., 1000) = 1000 +0 > (flowlabel 0x2) P. 6001:7001(1000) ack 1 <nop,nop,TS val 100 ecr 100> +0 < . 1:1(0) ack 7001 win 1000 <nop,nop,TS val 100 ecr 100> // No packets ECN-marked. Verify new flowlabel +0 write(4, ..., 1000) = 1000 +0 > (flowlabel 0x2) P. 7001:8001(1000) ack 1 <nop,nop,TS val 100 ecr 100> +0 < . 1:1(0) ack 8001 win 1000 <nop,nop,TS val 100 ecr 100> // No packets ECN-marked. New flowlabel should stick > > commit c39f5ebea6713c908f64e4682c26d144d9a659de > Author: Ilpo Järvinen <ij(a)kernel.org> > Date: Wed Mar 5 23:38:41 2025 +0100 > > tcp: reorganize tcp_in_ack_event() and tcp_count_delivered() > > [ Upstream commit 149dfb31615e22271d2525f078c95ea49bc4db24 ] > > - Move tcp_count_delivered() earlier and split tcp_count_delivered_ce() > out of it > - Move tcp_in_ack_event() later > - While at it, remove the inline from tcp_in_ack_event() and let > the compiler to decide > > Accurate ECN's heuristics does not know if there is going > to be ACE field based CE counter increase or not until after > rtx queue has been processed. Only then the number of ACKed > bytes/pkts is available. As CE or not affects presence of > FLAG_ECE, that information for tcp_in_ack_event is not yet > available in the old location of the call to tcp_in_ack_event(). > > Signed-off-by: Ilpo Järvinen <ij(a)kernel.org> > Signed-off-by: Chia-Yu Chang <chia-yu.chang(a)nokia-bell-labs.com> > Signed-off-by: David S. Miller <davem(a)davemloft.net> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c > index 10d38ec0ff5ac..a172248b66783 100644 > --- a/net/ipv4/tcp_input.c > +++ b/net/ipv4/tcp_input.c > @@ -425,6 +425,20 @@ static bool tcp_ecn_rcv_ecn_echo(const struct tcp_sock *tp, const struct tcphdr > return false; > } > > +static void tcp_count_delivered_ce(struct tcp_sock *tp, u32 ecn_count) > +{ > + tp->delivered_ce += ecn_count; > +} > + > +/* Updates the delivered and delivered_ce counts */ > +static void tcp_count_delivered(struct tcp_sock *tp, u32 delivered, > + bool ece_ack) > +{ > + tp->delivered += delivered; > + if (ece_ack) > + tcp_count_delivered_ce(tp, delivered); > +} > + > /* Buffer size and advertised window tuning. > * > * 1. Tuning sk->sk_sndbuf, when connection enters established state. > @@ -1137,15 +1151,6 @@ void tcp_mark_skb_lost(struct sock *sk, struct sk_buff *skb) > } > } > > -/* Updates the delivered and delivered_ce counts */ > -static void tcp_count_delivered(struct tcp_sock *tp, u32 delivered, > - bool ece_ack) > -{ > - tp->delivered += delivered; > - if (ece_ack) > - tp->delivered_ce += delivered; > -} > - > /* This procedure tags the retransmission queue when SACKs arrive. > * > * We have three tag bits: SACKED(S), RETRANS(R) and LOST(L). > @@ -3816,12 +3821,23 @@ static void tcp_process_tlp_ack(struct sock *sk, u32 ack, int flag) > } > } > > -static inline void tcp_in_ack_event(struct sock *sk, u32 flags) > +static void tcp_in_ack_event(struct sock *sk, int flag) > { > const struct inet_connection_sock *icsk = inet_csk(sk); > > - if (icsk->icsk_ca_ops->in_ack_event) > - icsk->icsk_ca_ops->in_ack_event(sk, flags); > + if (icsk->icsk_ca_ops->in_ack_event) { > + u32 ack_ev_flags = 0; > + > + if (flag & FLAG_WIN_UPDATE) > + ack_ev_flags |= CA_ACK_WIN_UPDATE; > + if (flag & FLAG_SLOWPATH) { > + ack_ev_flags |= CA_ACK_SLOWPATH; > + if (flag & FLAG_ECE) > + ack_ev_flags |= CA_ACK_ECE; > + } > + > + icsk->icsk_ca_ops->in_ack_event(sk, ack_ev_flags); > + } > } > > /* Congestion control has updated the cwnd already. So if we're in > @@ -3938,12 +3954,8 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) > tcp_snd_una_update(tp, ack); > flag |= FLAG_WIN_UPDATE; > > - tcp_in_ack_event(sk, CA_ACK_WIN_UPDATE); > - > NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPHPACKS); > } else { > - u32 ack_ev_flags = CA_ACK_SLOWPATH; > - > if (ack_seq != TCP_SKB_CB(skb)->end_seq) > flag |= FLAG_DATA; > else > @@ -3955,19 +3967,12 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) > flag |= tcp_sacktag_write_queue(sk, skb, prior_snd_una, > &sack_state); > > - if (tcp_ecn_rcv_ecn_echo(tp, tcp_hdr(skb))) { > + if (tcp_ecn_rcv_ecn_echo(tp, tcp_hdr(skb))) > flag |= FLAG_ECE; > - ack_ev_flags |= CA_ACK_ECE; > - } > > if (sack_state.sack_delivered) > tcp_count_delivered(tp, sack_state.sack_delivered, > flag & FLAG_ECE); > - > - if (flag & FLAG_WIN_UPDATE) > - ack_ev_flags |= CA_ACK_WIN_UPDATE; > - > - tcp_in_ack_event(sk, ack_ev_flags); > } > > /* This is a deviation from RFC3168 since it states that: > @@ -3994,6 +3999,8 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) > > tcp_rack_update_reo_wnd(sk, &rs); > > + tcp_in_ack_event(sk, flag); > + > if (tp->tlp_high_seq) > tcp_process_tlp_ack(sk, ack, flag); > > @@ -4025,6 +4032,7 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) > return 1; > > no_queue: > + tcp_in_ack_event(sk, flag); > /* If data was DSACKed, see if we can undo a cwnd reduction. */ > if (flag & FLAG_DSACKING_ACK) { > tcp_fastretrans_alert(sk, prior_snd_una, num_dupack, &flag,

1 week, 6 days

5
5
0 0

Revert of a commit in 6.6-stable

by Jens Axboe

Hi Greg and crew, Can you revert: commit 746e7d285dcb96caa1845fbbb62b14bf4010cdfb Author: Jens Axboe <axboe(a)kernel.dk> Date: Wed May 7 08:07:09 2025 -0600 io_uring: ensure deferred completions are posted for multishot in 6.6-stable? There's some missing dependencies that makes this not work right, I'll bring it back in a series instead. -- Jens Axboe

1 week, 6 days

2
3
0 0

FAILED: patch "[PATCH] x86/hyperv: Fix APIC ID and VP index confusion in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 86c48271e0d60c82665e9fd61277002391efcef7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061757-refusing-outmatch-70b7@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 86c48271e0d60c82665e9fd61277002391efcef7 Mon Sep 17 00:00:00 2001 From: Roman Kisel <romank(a)linux.microsoft.com> Date: Wed, 7 May 2025 11:22:25 -0700 Subject: [PATCH] x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() To start an application processor in SNP-isolated guest, a hypercall is used that takes a virtual processor index. The hv_snp_boot_ap() function uses that START_VP hypercall but passes as VP index to it what it receives as a wakeup_secondary_cpu_64 callback: the APIC ID. As those two aren't generally interchangeable, that may lead to hung APs if the VP index and the APIC ID don't match up. Update the parameter names to avoid confusion as to what the parameter is. Use the APIC ID to the VP index conversion to provide the correct input to the hypercall. Cc: stable(a)vger.kernel.org Fixes: 44676bb9d566 ("x86/hyperv: Add smp support for SEV-SNP guest") Signed-off-by: Roman Kisel <romank(a)linux.microsoft.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Link: https://lore.kernel.org/r/20250507182227.7421-2-romank@linux.microsoft.com Signed-off-by: Wei Liu <wei.liu(a)kernel.org> Message-ID: <20250507182227.7421-2-romank(a)linux.microsoft.com> diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c index 3b569291dfed..9a8fc144e195 100644 --- a/arch/x86/hyperv/hv_init.c +++ b/arch/x86/hyperv/hv_init.c @@ -672,3 +672,36 @@ bool hv_is_hyperv_initialized(void) return hypercall_msr.enable; } EXPORT_SYMBOL_GPL(hv_is_hyperv_initialized); + +int hv_apicid_to_vp_index(u32 apic_id) +{ + u64 control; + u64 status; + unsigned long irq_flags; + struct hv_get_vp_from_apic_id_in *input; + u32 *output, ret; + + local_irq_save(irq_flags); + + input = *this_cpu_ptr(hyperv_pcpu_input_arg); + memset(input, 0, sizeof(*input)); + input->partition_id = HV_PARTITION_ID_SELF; + input->apic_ids[0] = apic_id; + + output = *this_cpu_ptr(hyperv_pcpu_output_arg); + + control = HV_HYPERCALL_REP_COMP_1 | HVCALL_GET_VP_INDEX_FROM_APIC_ID; + status = hv_do_hypercall(control, input, output); + ret = output[0]; + + local_irq_restore(irq_flags); + + if (!hv_result_success(status)) { + pr_err("failed to get vp index from apic id %d, status %#llx\n", + apic_id, status); + return -EINVAL; + } + + return ret; +} +EXPORT_SYMBOL_GPL(hv_apicid_to_vp_index); diff --git a/arch/x86/hyperv/hv_vtl.c b/arch/x86/hyperv/hv_vtl.c index ac3d27a766d5..2f32ac1ae40e 100644 --- a/arch/x86/hyperv/hv_vtl.c +++ b/arch/x86/hyperv/hv_vtl.c @@ -211,41 +211,9 @@ static int hv_vtl_bringup_vcpu(u32 target_vp_index, int cpu, u64 eip_ignored) return ret; } -static int hv_vtl_apicid_to_vp_id(u32 apic_id) -{ - u64 control; - u64 status; - unsigned long irq_flags; - struct hv_get_vp_from_apic_id_in *input; - u32 *output, ret; - - local_irq_save(irq_flags); - - input = *this_cpu_ptr(hyperv_pcpu_input_arg); - memset(input, 0, sizeof(*input)); - input->partition_id = HV_PARTITION_ID_SELF; - input->apic_ids[0] = apic_id; - - output = *this_cpu_ptr(hyperv_pcpu_output_arg); - - control = HV_HYPERCALL_REP_COMP_1 | HVCALL_GET_VP_ID_FROM_APIC_ID; - status = hv_do_hypercall(control, input, output); - ret = output[0]; - - local_irq_restore(irq_flags); - - if (!hv_result_success(status)) { - pr_err("failed to get vp id from apic id %d, status %#llx\n", - apic_id, status); - return -EINVAL; - } - - return ret; -} - static int hv_vtl_wakeup_secondary_cpu(u32 apicid, unsigned long start_eip) { - int vp_id, cpu; + int vp_index, cpu; /* Find the logical CPU for the APIC ID */ for_each_present_cpu(cpu) { @@ -256,18 +224,18 @@ static int hv_vtl_wakeup_secondary_cpu(u32 apicid, unsigned long start_eip) return -EINVAL; pr_debug("Bringing up CPU with APIC ID %d in VTL2...\n", apicid); - vp_id = hv_vtl_apicid_to_vp_id(apicid); + vp_index = hv_apicid_to_vp_index(apicid); - if (vp_id < 0) { + if (vp_index < 0) { pr_err("Couldn't find CPU with APIC ID %d\n", apicid); return -EINVAL; } - if (vp_id > ms_hyperv.max_vp_index) { - pr_err("Invalid CPU id %d for APIC ID %d\n", vp_id, apicid); + if (vp_index > ms_hyperv.max_vp_index) { + pr_err("Invalid CPU id %d for APIC ID %d\n", vp_index, apicid); return -EINVAL; } - return hv_vtl_bringup_vcpu(vp_id, cpu, start_eip); + return hv_vtl_bringup_vcpu(vp_index, cpu, start_eip); } int __init hv_vtl_early_init(void) diff --git a/arch/x86/hyperv/ivm.c b/arch/x86/hyperv/ivm.c index 77bf05f06b9e..0cc239cdb4da 100644 --- a/arch/x86/hyperv/ivm.c +++ b/arch/x86/hyperv/ivm.c @@ -9,6 +9,7 @@ #include <linux/bitfield.h> #include <linux/types.h> #include <linux/slab.h> +#include <linux/cpu.h> #include <asm/svm.h> #include <asm/sev.h> #include <asm/io.h> @@ -288,7 +289,7 @@ static void snp_cleanup_vmsa(struct sev_es_save_area *vmsa) free_page((unsigned long)vmsa); } -int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) +int hv_snp_boot_ap(u32 apic_id, unsigned long start_ip) { struct sev_es_save_area *vmsa = (struct sev_es_save_area *) __get_free_page(GFP_KERNEL | __GFP_ZERO); @@ -297,10 +298,27 @@ int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) u64 ret, retry = 5; struct hv_enable_vp_vtl *start_vp_input; unsigned long flags; + int cpu, vp_index; if (!vmsa) return -ENOMEM; + /* Find the Hyper-V VP index which might be not the same as APIC ID */ + vp_index = hv_apicid_to_vp_index(apic_id); + if (vp_index < 0 || vp_index > ms_hyperv.max_vp_index) + return -EINVAL; + + /* + * Find the Linux CPU number for addressing the per-CPU data, and it + * might not be the same as APIC ID. + */ + for_each_present_cpu(cpu) { + if (arch_match_cpu_phys_id(cpu, apic_id)) + break; + } + if (cpu >= nr_cpu_ids) + return -EINVAL; + native_store_gdt(&gdtr); vmsa->gdtr.base = gdtr.address; @@ -348,7 +366,7 @@ int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) start_vp_input = (struct hv_enable_vp_vtl *)ap_start_input_arg; memset(start_vp_input, 0, sizeof(*start_vp_input)); start_vp_input->partition_id = -1; - start_vp_input->vp_index = cpu; + start_vp_input->vp_index = vp_index; start_vp_input->target_vtl.target_vtl = ms_hyperv.vtl; *(u64 *)&start_vp_input->vp_context = __pa(vmsa) | 1; diff --git a/arch/x86/include/asm/mshyperv.h b/arch/x86/include/asm/mshyperv.h index bab5ccfc60a7..0b9a3a307d06 100644 --- a/arch/x86/include/asm/mshyperv.h +++ b/arch/x86/include/asm/mshyperv.h @@ -268,11 +268,11 @@ int hv_unmap_ioapic_interrupt(int ioapic_id, struct hv_interrupt_entry *entry); #ifdef CONFIG_AMD_MEM_ENCRYPT bool hv_ghcb_negotiate_protocol(void); void __noreturn hv_ghcb_terminate(unsigned int set, unsigned int reason); -int hv_snp_boot_ap(u32 cpu, unsigned long start_ip); +int hv_snp_boot_ap(u32 apic_id, unsigned long start_ip); #else static inline bool hv_ghcb_negotiate_protocol(void) { return false; } static inline void hv_ghcb_terminate(unsigned int set, unsigned int reason) {} -static inline int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) { return 0; } +static inline int hv_snp_boot_ap(u32 apic_id, unsigned long start_ip) { return 0; } #endif #if defined(CONFIG_AMD_MEM_ENCRYPT) || defined(CONFIG_INTEL_TDX_GUEST) @@ -306,6 +306,7 @@ static __always_inline u64 hv_raw_get_msr(unsigned int reg) { return __rdmsr(reg); } +int hv_apicid_to_vp_index(u32 apic_id); #else /* CONFIG_HYPERV */ static inline void hyperv_init(void) {} @@ -327,6 +328,7 @@ static inline void hv_set_msr(unsigned int reg, u64 value) { } static inline u64 hv_get_msr(unsigned int reg) { return 0; } static inline void hv_set_non_nested_msr(unsigned int reg, u64 value) { } static inline u64 hv_get_non_nested_msr(unsigned int reg) { return 0; } +static inline int hv_apicid_to_vp_index(u32 apic_id) { return -EINVAL; } #endif /* CONFIG_HYPERV */ diff --git a/include/hyperv/hvgdk_mini.h b/include/hyperv/hvgdk_mini.h index cf0923dc727d..2d431b53f587 100644 --- a/include/hyperv/hvgdk_mini.h +++ b/include/hyperv/hvgdk_mini.h @@ -475,7 +475,7 @@ union hv_vp_assist_msr_contents { /* HV_REGISTER_VP_ASSIST_PAGE */ #define HVCALL_CREATE_PORT 0x0095 #define HVCALL_CONNECT_PORT 0x0096 #define HVCALL_START_VP 0x0099 -#define HVCALL_GET_VP_ID_FROM_APIC_ID 0x009a +#define HVCALL_GET_VP_INDEX_FROM_APIC_ID 0x009a #define HVCALL_FLUSH_GUEST_PHYSICAL_ADDRESS_SPACE 0x00af #define HVCALL_FLUSH_GUEST_PHYSICAL_ADDRESS_LIST 0x00b0 #define HVCALL_SIGNAL_EVENT_DIRECT 0x00c0

1 week, 6 days

1
0
0 0

FAILED: patch "[PATCH] x86/hyperv: Fix APIC ID and VP index confusion in" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 86c48271e0d60c82665e9fd61277002391efcef7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061756-shale-squiggly-9c9a@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 86c48271e0d60c82665e9fd61277002391efcef7 Mon Sep 17 00:00:00 2001 From: Roman Kisel <romank(a)linux.microsoft.com> Date: Wed, 7 May 2025 11:22:25 -0700 Subject: [PATCH] x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() To start an application processor in SNP-isolated guest, a hypercall is used that takes a virtual processor index. The hv_snp_boot_ap() function uses that START_VP hypercall but passes as VP index to it what it receives as a wakeup_secondary_cpu_64 callback: the APIC ID. As those two aren't generally interchangeable, that may lead to hung APs if the VP index and the APIC ID don't match up. Update the parameter names to avoid confusion as to what the parameter is. Use the APIC ID to the VP index conversion to provide the correct input to the hypercall. Cc: stable(a)vger.kernel.org Fixes: 44676bb9d566 ("x86/hyperv: Add smp support for SEV-SNP guest") Signed-off-by: Roman Kisel <romank(a)linux.microsoft.com> Reviewed-by: Michael Kelley <mhklinux(a)outlook.com> Link: https://lore.kernel.org/r/20250507182227.7421-2-romank@linux.microsoft.com Signed-off-by: Wei Liu <wei.liu(a)kernel.org> Message-ID: <20250507182227.7421-2-romank(a)linux.microsoft.com> diff --git a/arch/x86/hyperv/hv_init.c b/arch/x86/hyperv/hv_init.c index 3b569291dfed..9a8fc144e195 100644 --- a/arch/x86/hyperv/hv_init.c +++ b/arch/x86/hyperv/hv_init.c @@ -672,3 +672,36 @@ bool hv_is_hyperv_initialized(void) return hypercall_msr.enable; } EXPORT_SYMBOL_GPL(hv_is_hyperv_initialized); + +int hv_apicid_to_vp_index(u32 apic_id) +{ + u64 control; + u64 status; + unsigned long irq_flags; + struct hv_get_vp_from_apic_id_in *input; + u32 *output, ret; + + local_irq_save(irq_flags); + + input = *this_cpu_ptr(hyperv_pcpu_input_arg); + memset(input, 0, sizeof(*input)); + input->partition_id = HV_PARTITION_ID_SELF; + input->apic_ids[0] = apic_id; + + output = *this_cpu_ptr(hyperv_pcpu_output_arg); + + control = HV_HYPERCALL_REP_COMP_1 | HVCALL_GET_VP_INDEX_FROM_APIC_ID; + status = hv_do_hypercall(control, input, output); + ret = output[0]; + + local_irq_restore(irq_flags); + + if (!hv_result_success(status)) { + pr_err("failed to get vp index from apic id %d, status %#llx\n", + apic_id, status); + return -EINVAL; + } + + return ret; +} +EXPORT_SYMBOL_GPL(hv_apicid_to_vp_index); diff --git a/arch/x86/hyperv/hv_vtl.c b/arch/x86/hyperv/hv_vtl.c index ac3d27a766d5..2f32ac1ae40e 100644 --- a/arch/x86/hyperv/hv_vtl.c +++ b/arch/x86/hyperv/hv_vtl.c @@ -211,41 +211,9 @@ static int hv_vtl_bringup_vcpu(u32 target_vp_index, int cpu, u64 eip_ignored) return ret; } -static int hv_vtl_apicid_to_vp_id(u32 apic_id) -{ - u64 control; - u64 status; - unsigned long irq_flags; - struct hv_get_vp_from_apic_id_in *input; - u32 *output, ret; - - local_irq_save(irq_flags); - - input = *this_cpu_ptr(hyperv_pcpu_input_arg); - memset(input, 0, sizeof(*input)); - input->partition_id = HV_PARTITION_ID_SELF; - input->apic_ids[0] = apic_id; - - output = *this_cpu_ptr(hyperv_pcpu_output_arg); - - control = HV_HYPERCALL_REP_COMP_1 | HVCALL_GET_VP_ID_FROM_APIC_ID; - status = hv_do_hypercall(control, input, output); - ret = output[0]; - - local_irq_restore(irq_flags); - - if (!hv_result_success(status)) { - pr_err("failed to get vp id from apic id %d, status %#llx\n", - apic_id, status); - return -EINVAL; - } - - return ret; -} - static int hv_vtl_wakeup_secondary_cpu(u32 apicid, unsigned long start_eip) { - int vp_id, cpu; + int vp_index, cpu; /* Find the logical CPU for the APIC ID */ for_each_present_cpu(cpu) { @@ -256,18 +224,18 @@ static int hv_vtl_wakeup_secondary_cpu(u32 apicid, unsigned long start_eip) return -EINVAL; pr_debug("Bringing up CPU with APIC ID %d in VTL2...\n", apicid); - vp_id = hv_vtl_apicid_to_vp_id(apicid); + vp_index = hv_apicid_to_vp_index(apicid); - if (vp_id < 0) { + if (vp_index < 0) { pr_err("Couldn't find CPU with APIC ID %d\n", apicid); return -EINVAL; } - if (vp_id > ms_hyperv.max_vp_index) { - pr_err("Invalid CPU id %d for APIC ID %d\n", vp_id, apicid); + if (vp_index > ms_hyperv.max_vp_index) { + pr_err("Invalid CPU id %d for APIC ID %d\n", vp_index, apicid); return -EINVAL; } - return hv_vtl_bringup_vcpu(vp_id, cpu, start_eip); + return hv_vtl_bringup_vcpu(vp_index, cpu, start_eip); } int __init hv_vtl_early_init(void) diff --git a/arch/x86/hyperv/ivm.c b/arch/x86/hyperv/ivm.c index 77bf05f06b9e..0cc239cdb4da 100644 --- a/arch/x86/hyperv/ivm.c +++ b/arch/x86/hyperv/ivm.c @@ -9,6 +9,7 @@ #include <linux/bitfield.h> #include <linux/types.h> #include <linux/slab.h> +#include <linux/cpu.h> #include <asm/svm.h> #include <asm/sev.h> #include <asm/io.h> @@ -288,7 +289,7 @@ static void snp_cleanup_vmsa(struct sev_es_save_area *vmsa) free_page((unsigned long)vmsa); } -int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) +int hv_snp_boot_ap(u32 apic_id, unsigned long start_ip) { struct sev_es_save_area *vmsa = (struct sev_es_save_area *) __get_free_page(GFP_KERNEL | __GFP_ZERO); @@ -297,10 +298,27 @@ int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) u64 ret, retry = 5; struct hv_enable_vp_vtl *start_vp_input; unsigned long flags; + int cpu, vp_index; if (!vmsa) return -ENOMEM; + /* Find the Hyper-V VP index which might be not the same as APIC ID */ + vp_index = hv_apicid_to_vp_index(apic_id); + if (vp_index < 0 || vp_index > ms_hyperv.max_vp_index) + return -EINVAL; + + /* + * Find the Linux CPU number for addressing the per-CPU data, and it + * might not be the same as APIC ID. + */ + for_each_present_cpu(cpu) { + if (arch_match_cpu_phys_id(cpu, apic_id)) + break; + } + if (cpu >= nr_cpu_ids) + return -EINVAL; + native_store_gdt(&gdtr); vmsa->gdtr.base = gdtr.address; @@ -348,7 +366,7 @@ int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) start_vp_input = (struct hv_enable_vp_vtl *)ap_start_input_arg; memset(start_vp_input, 0, sizeof(*start_vp_input)); start_vp_input->partition_id = -1; - start_vp_input->vp_index = cpu; + start_vp_input->vp_index = vp_index; start_vp_input->target_vtl.target_vtl = ms_hyperv.vtl; *(u64 *)&start_vp_input->vp_context = __pa(vmsa) | 1; diff --git a/arch/x86/include/asm/mshyperv.h b/arch/x86/include/asm/mshyperv.h index bab5ccfc60a7..0b9a3a307d06 100644 --- a/arch/x86/include/asm/mshyperv.h +++ b/arch/x86/include/asm/mshyperv.h @@ -268,11 +268,11 @@ int hv_unmap_ioapic_interrupt(int ioapic_id, struct hv_interrupt_entry *entry); #ifdef CONFIG_AMD_MEM_ENCRYPT bool hv_ghcb_negotiate_protocol(void); void __noreturn hv_ghcb_terminate(unsigned int set, unsigned int reason); -int hv_snp_boot_ap(u32 cpu, unsigned long start_ip); +int hv_snp_boot_ap(u32 apic_id, unsigned long start_ip); #else static inline bool hv_ghcb_negotiate_protocol(void) { return false; } static inline void hv_ghcb_terminate(unsigned int set, unsigned int reason) {} -static inline int hv_snp_boot_ap(u32 cpu, unsigned long start_ip) { return 0; } +static inline int hv_snp_boot_ap(u32 apic_id, unsigned long start_ip) { return 0; } #endif #if defined(CONFIG_AMD_MEM_ENCRYPT) || defined(CONFIG_INTEL_TDX_GUEST) @@ -306,6 +306,7 @@ static __always_inline u64 hv_raw_get_msr(unsigned int reg) { return __rdmsr(reg); } +int hv_apicid_to_vp_index(u32 apic_id); #else /* CONFIG_HYPERV */ static inline void hyperv_init(void) {} @@ -327,6 +328,7 @@ static inline void hv_set_msr(unsigned int reg, u64 value) { } static inline u64 hv_get_msr(unsigned int reg) { return 0; } static inline void hv_set_non_nested_msr(unsigned int reg, u64 value) { } static inline u64 hv_get_non_nested_msr(unsigned int reg) { return 0; } +static inline int hv_apicid_to_vp_index(u32 apic_id) { return -EINVAL; } #endif /* CONFIG_HYPERV */ diff --git a/include/hyperv/hvgdk_mini.h b/include/hyperv/hvgdk_mini.h index cf0923dc727d..2d431b53f587 100644 --- a/include/hyperv/hvgdk_mini.h +++ b/include/hyperv/hvgdk_mini.h @@ -475,7 +475,7 @@ union hv_vp_assist_msr_contents { /* HV_REGISTER_VP_ASSIST_PAGE */ #define HVCALL_CREATE_PORT 0x0095 #define HVCALL_CONNECT_PORT 0x0096 #define HVCALL_START_VP 0x0099 -#define HVCALL_GET_VP_ID_FROM_APIC_ID 0x009a +#define HVCALL_GET_VP_INDEX_FROM_APIC_ID 0x009a #define HVCALL_FLUSH_GUEST_PHYSICAL_ADDRESS_SPACE 0x00af #define HVCALL_FLUSH_GUEST_PHYSICAL_ADDRESS_LIST 0x00b0 #define HVCALL_SIGNAL_EVENT_DIRECT 0x00c0

1 week, 6 days

1
0
0 0

FAILED: patch "[PATCH] xfs: don't assume perags are initialised when trimming AGs" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 23be716b1c4f3f3a6c00ee38d51a57ef7db9ef7d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061709-overboard-duplicate-5035@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 23be716b1c4f3f3a6c00ee38d51a57ef7db9ef7d Mon Sep 17 00:00:00 2001 From: Dave Chinner <dchinner(a)redhat.com> Date: Thu, 1 May 2025 09:27:24 +1000 Subject: [PATCH] xfs: don't assume perags are initialised when trimming AGs When running fstrim immediately after mounting a V4 filesystem, the fstrim fails to trim all the free space in the filesystem. It only trims the first extent in the by-size free space tree in each AG and then returns. If a second fstrim is then run, it runs correctly and the entire free space in the filesystem is iterated and discarded correctly. The problem lies in the setup of the trim cursor - it assumes that pag->pagf_longest is valid without either reading the AGF first or checking if xfs_perag_initialised_agf(pag) is true or not. As a result, when a filesystem is mounted without reading the AGF (e.g. a clean mount on a v4 filesystem) and the first operation is a fstrim call, pag->pagf_longest is zero and so the free extent search starts at the wrong end of the by-size btree and exits after discarding the first record in the tree. Fix this by deferring the initialisation of tcur->count to after we have locked the AGF and guaranteed that the perag is properly initialised. We trigger this on tcur->count == 0 after locking the AGF, as this will only occur on the first call to xfs_trim_gather_extents() for each AG. If we need to iterate, tcur->count will be set to the length of the record we need to restart at, so we can use this to ensure we only sample a valid pag->pagf_longest value for the iteration. Signed-off-by: Dave Chinner <dchinner(a)redhat.com> Reviewed-by: Bill O'Donnell <bodonnel(a)redhat.com> Reviewed-by: Darrick J. Wong <djwong(a)kernel.org> Fixes: 89cfa899608f ("xfs: reduce AGF hold times during fstrim operations") Cc: <stable(a)vger.kernel.org> # v6.6 Signed-off-by: Carlos Maiolino <cem(a)kernel.org> diff --git a/fs/xfs/xfs_discard.c b/fs/xfs/xfs_discard.c index c1a306268ae4..94d0873bcd62 100644 --- a/fs/xfs/xfs_discard.c +++ b/fs/xfs/xfs_discard.c @@ -167,6 +167,14 @@ xfs_discard_extents( return error; } +/* + * Care must be taken setting up the trim cursor as the perags may not have been + * initialised when the cursor is initialised. e.g. a clean mount which hasn't + * read in AGFs and the first operation run on the mounted fs is a trim. This + * can result in perag fields that aren't initialised until + * xfs_trim_gather_extents() calls xfs_alloc_read_agf() to lock down the AG for + * the free space search. + */ struct xfs_trim_cur { xfs_agblock_t start; xfs_extlen_t count; @@ -204,6 +212,14 @@ xfs_trim_gather_extents( if (error) goto out_trans_cancel; + /* + * First time through tcur->count will not have been initialised as + * pag->pagf_longest is not guaranteed to be valid before we read + * the AGF buffer above. + */ + if (!tcur->count) + tcur->count = pag->pagf_longest; + if (tcur->by_bno) { /* sub-AG discard request always starts at tcur->start */ cur = xfs_bnobt_init_cursor(mp, tp, agbp, pag); @@ -350,7 +366,6 @@ xfs_trim_perag_extents( { struct xfs_trim_cur tcur = { .start = start, - .count = pag->pagf_longest, .end = end, .minlen = minlen, };

1 week, 6 days

1
0
0 0

FAILED: patch "[PATCH] usb: typec: tcpm/tcpci_maxim: Fix bounds check in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0736299d090f5c6a1032678705c4bc0a9511a3db # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061709-nacho-bronchial-18a8@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0736299d090f5c6a1032678705c4bc0a9511a3db Mon Sep 17 00:00:00 2001 From: Amit Sunil Dhamne <amitsd(a)google.com> Date: Fri, 2 May 2025 16:57:03 -0700 Subject: [PATCH] usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx() Register read of TCPC_RX_BYTE_CNT returns the total size consisting of: PD message (pending read) size + 1 Byte for Frame Type (SOP*) This is validated against the max PD message (`struct pd_message`) size without accounting for the extra byte for the frame type. Note that the struct pd_message does not contain a field for the frame_type. This results in false negatives when the "PD message (pending read)" is equal to the max PD message size. Fixes: 6f413b559f86 ("usb: typec: tcpci_maxim: Chip level TCPC driver") Signed-off-by: Amit Sunil Dhamne <amitsd(a)google.com> Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> Reviewed-by: Kyle Tso <kyletso(a)google.com> Cc: stable <stable(a)kernel.org> Link: https://lore.kernel.org/stable/20250502-b4-new-fix-pd-rx-count-v1-1-e5711ed… Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Link: https://lore.kernel.org/r/20250502-b4-new-fix-pd-rx-count-v1-1-e5711ed09b3d… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/typec/tcpm/tcpci_maxim_core.c b/drivers/usb/typec/tcpm/tcpci_maxim_core.c index 29a4aa89d1a1..b5a5ed40faea 100644 --- a/drivers/usb/typec/tcpm/tcpci_maxim_core.c +++ b/drivers/usb/typec/tcpm/tcpci_maxim_core.c @@ -166,7 +166,8 @@ static void process_rx(struct max_tcpci_chip *chip, u16 status) return; } - if (count > sizeof(struct pd_message) || count + 1 > TCPC_RECEIVE_BUFFER_LEN) { + if (count > sizeof(struct pd_message) + 1 || + count + 1 > TCPC_RECEIVE_BUFFER_LEN) { dev_err(chip->dev, "Invalid TCPC_RX_BYTE_CNT %d\n", count); return; }

1 week, 6 days

1
0
0 0

[PATCH v8 0/4] media: pisp-be: Split jobs creation and scheduling

by Jacopo Mondi

Currently the 'pispbe_schedule()' function does two things: 1) Tries to assemble a job by inspecting all the video node queues to make sure all the required buffers are available 2) Submit the job to the hardware The pispbe_schedule() function is called at: - video device start_streaming() time - video device qbuf() time - irq handler As assembling a job requires inspecting all queues, it is a rather time consuming operation which is better not run in IRQ context. To avoid executing the time consuming job creation in interrupt context, split the job creation and job scheduling in two distinct operations. When a well-formed job is created, append it to the newly introduced 'pispbe->job_queue' where it will be dequeued from by the scheduling routine. At start_streaming() and qbuf() time immediately try to schedule a job if one has been created as the irq handler routine is only called when a job has completed, and we can't solely rely on it for scheduling new jobs. Signed-off-by: Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> --- Changes in v8: - Use automatic release of *job in pispbe_prepare_job() - Use temporary list to release jobs without holding the main driver lock - Collect tags - Rebased on rpi-6.6.y: https://github.com/raspberrypi/linux/pull/6905 - Link to v7: https://lore.kernel.org/r/20250606-pispbe-mainline-split-jobs-handling-v6-v… Changes in v7: - Rebased on media-committers/next - Fix lockdep warning by using the proper spinlock_irq() primitive in pispbe_prepare_job() which can race with the IRQ handler - Link to v6: https://lore.kernel.org/r/20240930-pispbe-mainline-split-jobs-handling-v6-v… v5->v6: - Make the driver depend on PM - Simplify the probe() routine by using pm_runtime_ - Remove suspend call from remove() v4->v5: - Use appropriate locking constructs: - spin_lock_irq() for pispbe_prepare_job() called from non irq context - spin_lock_irqsave() for pispbe_schedule() called from irq context - Remove hw_lock from ready_queue accesses in stop_streaming and start_streaming - Fix trivial indentation mistake in 4/4 v3->v4: - Expand commit message in 2/4 to explain why removing validation in schedule() is safe - Drop ready_lock spinlock - Use non _irqsave version of safe_guard(spinlock - Support !CONFIG_PM in 4/4 by calling the enable/disable routines directly and adjust pm_runtime usage as suggested by Laurent v2->v3: - Mark pispbe_runtime_resume() as __maybe_unused - Add fixes tags where appropriate v1->v2: - Add two patches to address Laurent's comments separately - use scoped_guard() when possible - Add patch to fix runtime_pm imbalance --- Jacopo Mondi (4): media: pisp_be: Drop reference to non-existing function media: pisp_be: Remove config validation from schedule() media: pisp_be: Split jobs creation and scheduling media: pisp_be: Fix pm_runtime underrun in probe drivers/media/platform/raspberrypi/pisp_be/Kconfig | 1 + .../media/platform/raspberrypi/pisp_be/pisp_be.c | 196 ++++++++++----------- 2 files changed, 98 insertions(+), 99 deletions(-) --- base-commit: ce5cac69b2edac3e3246fee03e8f4c2a1075238b change-id: 20240930-pispbe-mainline-split-jobs-handling-v6-15dc16e11e3a Best regards, -- Jacopo Mondi <jacopo.mondi(a)ideasonboard.com>

1 week, 6 days

2
2
0 0

FAILED: patch "[PATCH] usb: cdnsp: Fix issue with detecting command completion event" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x f4ecdc352646f7d23f348e5c544dbe3212c94fc8 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061707-putt-mutable-5fb5@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f4ecdc352646f7d23f348e5c544dbe3212c94fc8 Mon Sep 17 00:00:00 2001 From: Pawel Laszczak <pawell(a)cadence.com> Date: Tue, 13 May 2025 05:30:09 +0000 Subject: [PATCH] usb: cdnsp: Fix issue with detecting command completion event In some cases, there is a small-time gap in which CMD_RING_BUSY can be cleared by controller but adding command completion event to event ring will be delayed. As the result driver will return error code. This behavior has been detected on usbtest driver (test 9) with configuration including ep1in/ep1out bulk and ep2in/ep2out isoc endpoint. Probably this gap occurred because controller was busy with adding some other events to event ring. The CMD_RING_BUSY is cleared to '0' when the Command Descriptor has been executed and not when command completion event has been added to event ring. To fix this issue for this test the small delay is sufficient less than 10us) but to make sure the problem doesn't happen again in the future the patch introduces 10 retries to check with delay about 20us before returning error code. Fixes: 3d82904559f4 ("usb: cdnsp: cdns3 Add main part of Cadence USBSSP DRD Driver") Cc: stable <stable(a)kernel.org> Signed-off-by: Pawel Laszczak <pawell(a)cadence.com> Acked-by: Peter Chen <peter.chen(a)kernel.org> Link: https://lore.kernel.org/r/PH7PR07MB9538AA45362ACCF1B94EE9B7DD96A@PH7PR07MB9… Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/cdns3/cdnsp-gadget.c b/drivers/usb/cdns3/cdnsp-gadget.c index cd1e00daf43f..55f95f41b3b4 100644 --- a/drivers/usb/cdns3/cdnsp-gadget.c +++ b/drivers/usb/cdns3/cdnsp-gadget.c @@ -548,6 +548,7 @@ int cdnsp_wait_for_cmd_compl(struct cdnsp_device *pdev) dma_addr_t cmd_deq_dma; union cdnsp_trb *event; u32 cycle_state; + u32 retry = 10; int ret, val; u64 cmd_dma; u32 flags; @@ -579,8 +580,23 @@ int cdnsp_wait_for_cmd_compl(struct cdnsp_device *pdev) flags = le32_to_cpu(event->event_cmd.flags); /* Check the owner of the TRB. */ - if ((flags & TRB_CYCLE) != cycle_state) + if ((flags & TRB_CYCLE) != cycle_state) { + /* + * Give some extra time to get chance controller + * to finish command before returning error code. + * Checking CMD_RING_BUSY is not sufficient because + * this bit is cleared to '0' when the Command + * Descriptor has been executed by controller + * and not when command completion event has + * be added to event ring. + */ + if (retry--) { + udelay(20); + continue; + } + return -EINVAL; + } cmd_dma = le64_to_cpu(event->event_cmd.cmd_trb);

1 week, 6 days

1
0
0 0

FAILED: patch "[PATCH] VMCI: fix race between vmci_host_setup_notify and" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1bd6406fb5f36c2bb1e96e27d4c3e9f4d09edde4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061733-scarring-crevice-7648@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1bd6406fb5f36c2bb1e96e27d4c3e9f4d09edde4 Mon Sep 17 00:00:00 2001 From: Wupeng Ma <mawupeng1(a)huawei.com> Date: Sat, 10 May 2025 11:30:40 +0800 Subject: [PATCH] VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify During our test, it is found that a warning can be trigger in try_grab_folio as follow: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1678 at mm/gup.c:147 try_grab_folio+0x106/0x130 Modules linked in: CPU: 0 UID: 0 PID: 1678 Comm: syz.3.31 Not tainted 6.15.0-rc5 #163 PREEMPT(undef) RIP: 0010:try_grab_folio+0x106/0x130 Call Trace: <TASK> follow_huge_pmd+0x240/0x8e0 follow_pmd_mask.constprop.0.isra.0+0x40b/0x5c0 follow_pud_mask.constprop.0.isra.0+0x14a/0x170 follow_page_mask+0x1c2/0x1f0 __get_user_pages+0x176/0x950 __gup_longterm_locked+0x15b/0x1060 ? gup_fast+0x120/0x1f0 gup_fast_fallback+0x17e/0x230 get_user_pages_fast+0x5f/0x80 vmci_host_unlocked_ioctl+0x21c/0xf80 RIP: 0033:0x54d2cd ---[ end trace 0000000000000000 ]--- Digging into the source, context->notify_page may init by get_user_pages_fast and can be seen in vmci_ctx_unset_notify which will try to put_page. However get_user_pages_fast is not finished here and lead to following try_grab_folio warning. The race condition is shown as follow: cpu0 cpu1 vmci_host_do_set_notify vmci_host_setup_notify get_user_pages_fast(uva, 1, FOLL_WRITE, &context->notify_page); lockless_pages_from_mm gup_pgd_range gup_huge_pmd // update &context->notify_page vmci_host_do_set_notify vmci_ctx_unset_notify notify_page = context->notify_page; if (notify_page) put_page(notify_page); // page is freed __gup_longterm_locked __get_user_pages follow_trans_huge_pmd try_grab_folio // warn here To slove this, use local variable page to make notify_page can be seen after finish get_user_pages_fast. Fixes: a1d88436d53a ("VMCI: Fix two UVA mapping bugs") Cc: stable <stable(a)kernel.org> Closes: https://lore.kernel.org/all/e91da589-ad57-3969-d979-879bbd10dddd@huawei.com/ Signed-off-by: Wupeng Ma <mawupeng1(a)huawei.com> Link: https://lore.kernel.org/r/20250510033040.901582-1-mawupeng1@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/misc/vmw_vmci/vmci_host.c b/drivers/misc/vmw_vmci/vmci_host.c index abe79f6fd2a7..b64944367ac5 100644 --- a/drivers/misc/vmw_vmci/vmci_host.c +++ b/drivers/misc/vmw_vmci/vmci_host.c @@ -227,6 +227,7 @@ static int drv_cp_harray_to_user(void __user *user_buf_uva, static int vmci_host_setup_notify(struct vmci_ctx *context, unsigned long uva) { + struct page *page; int retval; if (context->notify_page) { @@ -243,13 +244,11 @@ static int vmci_host_setup_notify(struct vmci_ctx *context, /* * Lock physical page backing a given user VA. */ - retval = get_user_pages_fast(uva, 1, FOLL_WRITE, &context->notify_page); - if (retval != 1) { - context->notify_page = NULL; + retval = get_user_pages_fast(uva, 1, FOLL_WRITE, &page); + if (retval != 1) return VMCI_ERROR_GENERIC; - } - if (context->notify_page == NULL) - return VMCI_ERROR_UNAVAILABLE; + + context->notify_page = page; /* * Map the locked page and set up notify pointer.

1 week, 6 days

1
0
0 0

FAILED: patch "[PATCH] VMCI: fix race between vmci_host_setup_notify and" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1bd6406fb5f36c2bb1e96e27d4c3e9f4d09edde4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061722-shaded-throwback-5dda@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1bd6406fb5f36c2bb1e96e27d4c3e9f4d09edde4 Mon Sep 17 00:00:00 2001 From: Wupeng Ma <mawupeng1(a)huawei.com> Date: Sat, 10 May 2025 11:30:40 +0800 Subject: [PATCH] VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify During our test, it is found that a warning can be trigger in try_grab_folio as follow: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1678 at mm/gup.c:147 try_grab_folio+0x106/0x130 Modules linked in: CPU: 0 UID: 0 PID: 1678 Comm: syz.3.31 Not tainted 6.15.0-rc5 #163 PREEMPT(undef) RIP: 0010:try_grab_folio+0x106/0x130 Call Trace: <TASK> follow_huge_pmd+0x240/0x8e0 follow_pmd_mask.constprop.0.isra.0+0x40b/0x5c0 follow_pud_mask.constprop.0.isra.0+0x14a/0x170 follow_page_mask+0x1c2/0x1f0 __get_user_pages+0x176/0x950 __gup_longterm_locked+0x15b/0x1060 ? gup_fast+0x120/0x1f0 gup_fast_fallback+0x17e/0x230 get_user_pages_fast+0x5f/0x80 vmci_host_unlocked_ioctl+0x21c/0xf80 RIP: 0033:0x54d2cd ---[ end trace 0000000000000000 ]--- Digging into the source, context->notify_page may init by get_user_pages_fast and can be seen in vmci_ctx_unset_notify which will try to put_page. However get_user_pages_fast is not finished here and lead to following try_grab_folio warning. The race condition is shown as follow: cpu0 cpu1 vmci_host_do_set_notify vmci_host_setup_notify get_user_pages_fast(uva, 1, FOLL_WRITE, &context->notify_page); lockless_pages_from_mm gup_pgd_range gup_huge_pmd // update &context->notify_page vmci_host_do_set_notify vmci_ctx_unset_notify notify_page = context->notify_page; if (notify_page) put_page(notify_page); // page is freed __gup_longterm_locked __get_user_pages follow_trans_huge_pmd try_grab_folio // warn here To slove this, use local variable page to make notify_page can be seen after finish get_user_pages_fast. Fixes: a1d88436d53a ("VMCI: Fix two UVA mapping bugs") Cc: stable <stable(a)kernel.org> Closes: https://lore.kernel.org/all/e91da589-ad57-3969-d979-879bbd10dddd@huawei.com/ Signed-off-by: Wupeng Ma <mawupeng1(a)huawei.com> Link: https://lore.kernel.org/r/20250510033040.901582-1-mawupeng1@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/misc/vmw_vmci/vmci_host.c b/drivers/misc/vmw_vmci/vmci_host.c index abe79f6fd2a7..b64944367ac5 100644 --- a/drivers/misc/vmw_vmci/vmci_host.c +++ b/drivers/misc/vmw_vmci/vmci_host.c @@ -227,6 +227,7 @@ static int drv_cp_harray_to_user(void __user *user_buf_uva, static int vmci_host_setup_notify(struct vmci_ctx *context, unsigned long uva) { + struct page *page; int retval; if (context->notify_page) { @@ -243,13 +244,11 @@ static int vmci_host_setup_notify(struct vmci_ctx *context, /* * Lock physical page backing a given user VA. */ - retval = get_user_pages_fast(uva, 1, FOLL_WRITE, &context->notify_page); - if (retval != 1) { - context->notify_page = NULL; + retval = get_user_pages_fast(uva, 1, FOLL_WRITE, &page); + if (retval != 1) return VMCI_ERROR_GENERIC; - } - if (context->notify_page == NULL) - return VMCI_ERROR_UNAVAILABLE; + + context->notify_page = page; /* * Map the locked page and set up notify pointer.

1 week, 6 days

1
0
0 0

FAILED: patch "[PATCH] usb: usbtmc: Fix read_stb function and get_stb ioctl" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x acb3dac2805d3342ded7dbbd164add32bbfdf21c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061708-chaperone-fantasy-02f0@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From acb3dac2805d3342ded7dbbd164add32bbfdf21c Mon Sep 17 00:00:00 2001 From: Dave Penkler <dpenkler(a)gmail.com> Date: Wed, 21 May 2025 14:16:55 +0200 Subject: [PATCH] usb: usbtmc: Fix read_stb function and get_stb ioctl The usbtmc488_ioctl_read_stb function relied on a positive return from usbtmc_get_stb to reset the srq condition in the driver. The USBTMC_IOCTL_GET_STB case tested for a positive return to return the stb to the user. Commit: <cac01bd178d6> ("usb: usbtmc: Fix erroneous get_stb ioctl error returns") changed the return value of usbtmc_get_stb to 0 on success instead of returning the value of usb_control_msg which is positive in the normal case. This change caused the function usbtmc488_ioctl_read_stb and the USBTMC_IOCTL_GET_STB ioctl to no longer function correctly. Change the test in usbtmc488_ioctl_read_stb to test for failure first and return the failure code immediately. Change the test for the USBTMC_IOCTL_GET_STB ioctl to test for 0 instead of a positive value. Fixes: cac01bd178d6 ("usb: usbtmc: Fix erroneous get_stb ioctl error returns") Cc: stable(a)vger.kernel.org Signed-off-by: Dave Penkler <dpenkler(a)gmail.com> Link: https://lore.kernel.org/r/20250521121656.18174-3-dpenkler@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/class/usbtmc.c b/drivers/usb/class/usbtmc.c index 740d2d2b19fb..08511442a27f 100644 --- a/drivers/usb/class/usbtmc.c +++ b/drivers/usb/class/usbtmc.c @@ -563,14 +563,15 @@ static int usbtmc488_ioctl_read_stb(struct usbtmc_file_data *file_data, rv = usbtmc_get_stb(file_data, &stb); - if (rv > 0) { - srq_asserted = atomic_xchg(&file_data->srq_asserted, - srq_asserted); - if (srq_asserted) - stb |= 0x40; /* Set RQS bit */ + if (rv < 0) + return rv; + + srq_asserted = atomic_xchg(&file_data->srq_asserted, srq_asserted); + if (srq_asserted) + stb |= 0x40; /* Set RQS bit */ + + rv = put_user(stb, (__u8 __user *)arg); - rv = put_user(stb, (__u8 __user *)arg); - } return rv; } @@ -2199,7 +2200,7 @@ static long usbtmc_ioctl(struct file *file, unsigned int cmd, unsigned long arg) case USBTMC_IOCTL_GET_STB: retval = usbtmc_get_stb(file_data, &tmp_byte); - if (retval > 0) + if (!retval) retval = put_user(tmp_byte, (__u8 __user *)arg); break;

1 week, 6 days

1
0
0 0

FAILED: patch "[PATCH] usb: usbtmc: Fix read_stb function and get_stb ioctl" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x acb3dac2805d3342ded7dbbd164add32bbfdf21c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061707-conceded-outwit-2f2f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From acb3dac2805d3342ded7dbbd164add32bbfdf21c Mon Sep 17 00:00:00 2001 From: Dave Penkler <dpenkler(a)gmail.com> Date: Wed, 21 May 2025 14:16:55 +0200 Subject: [PATCH] usb: usbtmc: Fix read_stb function and get_stb ioctl The usbtmc488_ioctl_read_stb function relied on a positive return from usbtmc_get_stb to reset the srq condition in the driver. The USBTMC_IOCTL_GET_STB case tested for a positive return to return the stb to the user. Commit: <cac01bd178d6> ("usb: usbtmc: Fix erroneous get_stb ioctl error returns") changed the return value of usbtmc_get_stb to 0 on success instead of returning the value of usb_control_msg which is positive in the normal case. This change caused the function usbtmc488_ioctl_read_stb and the USBTMC_IOCTL_GET_STB ioctl to no longer function correctly. Change the test in usbtmc488_ioctl_read_stb to test for failure first and return the failure code immediately. Change the test for the USBTMC_IOCTL_GET_STB ioctl to test for 0 instead of a positive value. Fixes: cac01bd178d6 ("usb: usbtmc: Fix erroneous get_stb ioctl error returns") Cc: stable(a)vger.kernel.org Signed-off-by: Dave Penkler <dpenkler(a)gmail.com> Link: https://lore.kernel.org/r/20250521121656.18174-3-dpenkler@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/usb/class/usbtmc.c b/drivers/usb/class/usbtmc.c index 740d2d2b19fb..08511442a27f 100644 --- a/drivers/usb/class/usbtmc.c +++ b/drivers/usb/class/usbtmc.c @@ -563,14 +563,15 @@ static int usbtmc488_ioctl_read_stb(struct usbtmc_file_data *file_data, rv = usbtmc_get_stb(file_data, &stb); - if (rv > 0) { - srq_asserted = atomic_xchg(&file_data->srq_asserted, - srq_asserted); - if (srq_asserted) - stb |= 0x40; /* Set RQS bit */ + if (rv < 0) + return rv; + + srq_asserted = atomic_xchg(&file_data->srq_asserted, srq_asserted); + if (srq_asserted) + stb |= 0x40; /* Set RQS bit */ + + rv = put_user(stb, (__u8 __user *)arg); - rv = put_user(stb, (__u8 __user *)arg); - } return rv; } @@ -2199,7 +2200,7 @@ static long usbtmc_ioctl(struct file *file, unsigned int cmd, unsigned long arg) case USBTMC_IOCTL_GET_STB: retval = usbtmc_get_stb(file_data, &tmp_byte); - if (retval > 0) + if (!retval) retval = put_user(tmp_byte, (__u8 __user *)arg); break;

1 week, 6 days

1
0
0 0

Backports of d0afcfeb9e3810ec89d1ffde1a0e36621bb75dca for 6.6 and older

by Nathan Chancellor

Hi Greg and Sasha, Please find attached backports of commit d0afcfeb9e38 ("kbuild: Disable -Wdefault-const-init-unsafe") for 6.6 and older, which is needed for tip of tree versions of LLVM. Please let me know if there are any questions. Cheers, Nathan

1 week, 6 days

2
3
0 0

Re: Patch "net: sch_ets: Add a new Qdisc" has been added to the 5.4-stable tree

by Petr Machata

Sasha Levin <sashal(a)kernel.org> writes: > This is a note to let you know that I've just added the patch titled > > net: sch_ets: Add a new Qdisc > > to the 5.4-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > net-sch_ets-add-a-new-qdisc.patch > and it can be found in the queue-5.4 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Not sure what the motivation is to include a pure added feature to a stable tree. But if you truly want the patch, then there were a couple follow up fixes over the years. At least the following look like patches to code that would be problematic in 5.4.y as well: cd9b50adc6bb ("net/sched: ets: fix crash when flipping from 'strict' to 'quantum'") 454d3e1ae057 ("net/sched: sch_ets: properly init all active DRR list handles") de6d25924c2a ("net/sched: sch_ets: don't peek at classes beyond 'nbands'") c062f2a0b04d ("net/sched: sch_ets: don't remove idle classes from the round-robin list") d62b04fca434 ("net: sched: fix ets qdisc OOB Indexing") 1a6d0c00fa07 ("net_sched: ets: Fix double list add in class with netem as child qdisc")

1 week, 6 days

3
2
0 0

Re: Patch "powerpc: do not build ppc_save_regs.o always" has been added to the 6.15-stable tree

by Jiri Slaby

On 10. 06. 25, 13:56, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > powerpc: do not build ppc_save_regs.o always > > to the 6.15-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… Please drop this from all trees. It was correctly broken. The whole if was removed later by 93bd4a80efeb521314485a06d8c21157240497bb. > The filename of the patch is: > powerpc-do-not-build-ppc_save_regs.o-always.patch > and it can be found in the queue-6.15 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. > > > > commit 242c2ba3f16d92cd81c309725550f6c723833ae3 > Author: Jiri Slaby (SUSE) <jirislaby(a)kernel.org> > Date: Thu Apr 17 12:53:05 2025 +0200 > > powerpc: do not build ppc_save_regs.o always > > [ Upstream commit 497b7794aef03d525a5be05ae78dd7137c6861a5 ] > > The Fixes commit below tried to add CONFIG_PPC_BOOK3S to one of the > conditions to enable the build of ppc_save_regs.o. But it failed to do > so, in fact. The commit omitted to add a dollar sign. > > Therefore, ppc_save_regs.o is built always these days (as > "(CONFIG_PPC_BOOK3S)" is never an empty string). > > Fix this by adding the missing dollar sign. > > Signed-off-by: Jiri Slaby (SUSE) <jirislaby(a)kernel.org> > Fixes: fc2a5a6161a2 ("powerpc/64s: ppc_save_regs is now needed for all 64s builds") > Acked-by: Stephen Rothwell <sfr(a)canb.auug.org.au> > Signed-off-by: Madhavan Srinivasan <maddy(a)linux.ibm.com> > Link: https://patch.msgid.link/20250417105305.397128-1-jirislaby@kernel.org > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/arch/powerpc/kernel/Makefile b/arch/powerpc/kernel/Makefile > index 6ac621155ec3c..0c26b2412d173 100644 > --- a/arch/powerpc/kernel/Makefile > +++ b/arch/powerpc/kernel/Makefile > @@ -160,7 +160,7 @@ endif > > obj64-$(CONFIG_PPC_TRANSACTIONAL_MEM) += tm.o > > -ifneq ($(CONFIG_XMON)$(CONFIG_KEXEC_CORE)(CONFIG_PPC_BOOK3S),) > +ifneq ($(CONFIG_XMON)$(CONFIG_KEXEC_CORE)$(CONFIG_PPC_BOOK3S),) > obj-y += ppc_save_regs.o > endif > -- js suse labs

1 week, 6 days

3
3
0 0

RE: Patch "Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests" has been added to the 6.15-stable tree

by Michael Kelley

From: Sasha Levin <sashal(a)kernel.org> > > This is a note to let you know that I've just added the patch titled > > Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests > > to the 6.15-stable tree which can be found at: > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git > > The filename of the patch is: > drivers-hv-always-select-config_sysfb-for-hyper-v-gu.patch > and it can be found in the queue-6.15 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Please DO NOT backport this patch to ANY stable trees, at least not at the moment. It is causing a config problem that we're trying to work out. Once the resolution is decided upon, we can figure out what to backport. Thanks, Michael Kelley > > > > commit 9766859ee9884c35dde0411df167a06452fee3ce > Author: Michael Kelley <mhklinux(a)outlook.com> > Date: Mon May 19 21:01:43 2025 -0700 > > Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests > > [ Upstream commit 96959283a58d91ae20d025546f00e16f0a555208 ] > > The Hyper-V host provides guest VMs with a range of MMIO addresses > that guest VMBus drivers can use. The VMBus driver in Linux manages > that MMIO space, and allocates portions to drivers upon request. As > part of managing that MMIO space in a Generation 2 VM, the VMBus > driver must reserve the portion of the MMIO space that Hyper-V has > designated for the synthetic frame buffer, and not allocate this > space to VMBus drivers other than graphics framebuffer drivers. The > synthetic frame buffer MMIO area is described by the screen_info data > structure that is passed to the Linux kernel at boot time, so the > VMBus driver must access screen_info for Generation 2 VMs. (In > Generation 1 VMs, the framebuffer MMIO space is communicated to > the guest via a PCI pseudo-device, and access to screen_info is > not needed.) > > In commit a07b50d80ab6 ("hyperv: avoid dependency on screen_info") > the VMBus driver's access to screen_info is restricted to when > CONFIG_SYSFB is enabled. CONFIG_SYSFB is typically enabled in kernels > built for Hyper-V by virtue of having at least one of CONFIG_FB_EFI, > CONFIG_FB_VESA, or CONFIG_SYSFB_SIMPLEFB enabled, so the restriction > doesn't usually affect anything. But it's valid to have none of these > enabled, in which case CONFIG_SYSFB is not enabled, and the VMBus driver > is unable to properly reserve the framebuffer MMIO space for graphics > framebuffer drivers. The framebuffer MMIO space may be assigned to > some other VMBus driver, with undefined results. As an example, if > a VM is using a PCI pass-thru NVMe controller to host the OS disk, > the PCI NVMe controller is probed before any graphics devices, and the > NVMe controller is assigned a portion of the framebuffer MMIO space. > Hyper-V reports an error to Linux during the probe, and the OS disk > fails to get setup. Then Linux fails to boot in the VM. > > Fix this by having CONFIG_HYPERV always select SYSFB. Then the > VMBus driver in a Gen 2 VM can always reserve the MMIO space for the > graphics framebuffer driver, and prevent the undefined behavior. But > don't select SYSFB when building for HYPERV_VTL_MODE as VTLs other > than VTL 0 don't have a framebuffer and aren't subject to the issue. > Adding SYSFB in such cases is harmless, but would increase the image > size for no purpose. > > Fixes: a07b50d80ab6 ("hyperv: avoid dependency on screen_info") > Signed-off-by: Michael Kelley <mhklinux(a)outlook.com> > Reviewed-by: Saurabh Sengar <ssengar(a)linux.microsoft.com> > Link: > https://lore.kernel.org/st > able%2F20250520040143.6964-1- > mhklinux%2540outlook.com&data=05%7C02%7C%7C516ef64661c145eb315d08dda81861 > 51%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638851544842065319%7CUn > known%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXa > W4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=FZnrM9REMICWp > JqW88gD7CxeTwcztS2y8%2B8GqHNtF3E%3D&reserved=0 > Link: > https://lore.kernel.org/r%25 > 2F20250520040143.6964-1- > mhklinux%40outlook.com&data=05%7C02%7C%7C516ef64661c145eb315d08dda8186151 > %7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638851544842081386%7CUnkn > own%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4 > zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=j%2F5AvOlxwTKfVUL > vmNr%2FZliwRVrd9rSlVECyFGqFErE%3D&reserved=0 > Signed-off-by: Wei Liu <wei.liu(a)kernel.org> > Message-ID: <20250520040143.6964-1-mhklinux(a)outlook.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/hv/Kconfig b/drivers/hv/Kconfig > index 6c1416167bd2e..724fc08a73e70 100644 > --- a/drivers/hv/Kconfig > +++ b/drivers/hv/Kconfig > @@ -9,6 +9,7 @@ config HYPERV > select PARAVIRT > select X86_HV_CALLBACK_VECTOR if X86 > select OF_EARLY_FLATTREE if OF > + select SYSFB if !HYPERV_VTL_MODE > help > Select this option to run Linux as a Hyper-V client operating > system.

1 week, 6 days

2
1
0 0

6.6-stable inclusion request

by Jens Axboe

Hi, Can you add these three patches to 6.6-stable? It fixes a behavioral change with 6.6-stable that Rom reported, affecting OpenBMC. Other stable versions not affected, as they got the required fixes on top backported already. Thanks, -- Jens Axboe

1 week, 6 days

2
1
0 0

[PATCH AUTOSEL 5.4 1/5] ALSA: hda: Ignore unsol events for cards being shut down

by Sasha Levin

From: Cezary Rojewski <cezary.rojewski(a)intel.com> [ Upstream commit 3f100f524e75586537e337b34d18c8d604b398e7 ] For the classic snd_hda_intel driver, codec->card and bus->card point to the exact same thing. When snd_card_diconnect() fires, bus->shutdown is set thanks to azx_dev_disconnect(). card->shutdown is already set when that happens but both provide basically the same functionality. For the DSP snd_soc_avs driver where multiple codecs are located on multiple cards, bus->shutdown 'shortcut' is not sufficient. One codec card may be unregistered while other codecs are still operational. Proper check in form of card->shutdown must be used to verify whether the codec's card is being shut down. Reviewed-by: Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> Signed-off-by: Cezary Rojewski <cezary.rojewski(a)intel.com> Link: https://patch.msgid.link/20250530141309.2943404-1-cezary.rojewski@intel.com Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Technical Analysis ### Core Problem Being Fixed The commit addresses a **shutdown race condition** in multi-codec HDA systems, specifically in DSP/AVS drivers where multiple HDA codecs exist on the same sound card but with separate bus instances. The change modifies line 47 in `sound/pci/hda/hda_bind.c`: **Before:** ```c if (codec->bus->shutdown) return; ``` **After:** ```c if (codec->card->shutdown || codec->bus->shutdown) return; ``` ### Why This is a Good Backport Candidate **1. Bug Fix Nature - Small and Contained** - This is a clear **bug fix** addressing a specific shutdown race condition - The change is **minimal** (adding one condition check) and **well- contained** - No architectural changes or new features introduced - Low risk of introducing regressions **2. Critical Subsystem Impact** - Affects **HD-audio subsystem** which is critical for audio functionality - Could prevent system crashes or hangs during shutdown in multi-codec scenarios - Improves system stability during shutdown sequences **3. Technical Correctness** The fix addresses a **fundamental timing issue**: - In multi-codec systems, `card->shutdown` is set at the ALSA core level during `snd_card_disconnect()` - `bus->shutdown` is set later at the HDA controller level during individual codec shutdown - **Gap exists** where unsol events could be processed after card shutdown but before bus shutdown - This can cause codec operations on an already-disconnected sound card **4. Follows Stable Tree Criteria** - **Important bug fix**: Prevents potential system instability during shutdown - **Minimal risk**: Only adds an additional safety check, doesn't change existing logic - **Well-understood**: The change is straightforward and follows existing patterns seen in similar commits - **Confined to subsystem**: Only affects HDA audio subsystem **5. Consistency with Similar Backported Commits** This follows the exact same pattern as the historical commits that were successfully backported: - **Similar Commit #1**: Added `bus->shutdown` check to prevent unsol events during shutdown - **Backported (YES)** - **Similar Commit #2**: Added suspend/resume state check to unsol handler - **Backported (YES)** - **Similar Commit #3**: Added jack disconnection during codec unbind - **Backported (YES)** - **Similar Commit #4**: Added bus_probing flag to serialize codec registration - **Backported (YES)** All these commits follow the same pattern: **small, targeted fixes to prevent race conditions in HDA shutdown/initialization sequences**. **6. Real-World Impact** - Affects **DSP/AVS audio systems** which are increasingly common in modern hardware - Without this fix, systems with multiple audio codecs could experience: - Kernel oops during shutdown - System hangs - Audio subsystem corruption - Unpredictable behavior during reboot sequences ### Risk Assessment **Very Low Risk:** - The change only **adds** a safety check, doesn't remove existing functionality - `card->shutdown` check is used extensively throughout the ALSA subsystem already - Maintains **backward compatibility** completely - If `card->shutdown` is false, behavior is identical to before - No changes to data structures, APIs, or functional logic ### Conclusion This commit represents a **textbook stable backport candidate**: it's a small, well-understood bug fix that addresses a real stability issue in a critical subsystem with minimal risk of regression. The pattern matches multiple previously successful backports in the same subsystem, and the technical merit is clear. sound/pci/hda/hda_bind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/pci/hda/hda_bind.c b/sound/pci/hda/hda_bind.c index 17a25e453f60c..047fe6cca7f1a 100644 --- a/sound/pci/hda/hda_bind.c +++ b/sound/pci/hda/hda_bind.c @@ -44,7 +44,7 @@ static void hda_codec_unsol_event(struct hdac_device *dev, unsigned int ev) struct hda_codec *codec = container_of(dev, struct hda_codec, core); /* ignore unsol events during shutdown */ - if (codec->bus->shutdown) + if (codec->card->shutdown || codec->bus->shutdown) return; /* ignore unsol events during system suspend/resume */ -- 2.39.5

1 week, 6 days

1
4
0 0

[PATCH AUTOSEL 5.10 1/6] ALSA: hda: Ignore unsol events for cards being shut down

by Sasha Levin

From: Cezary Rojewski <cezary.rojewski(a)intel.com> [ Upstream commit 3f100f524e75586537e337b34d18c8d604b398e7 ] For the classic snd_hda_intel driver, codec->card and bus->card point to the exact same thing. When snd_card_diconnect() fires, bus->shutdown is set thanks to azx_dev_disconnect(). card->shutdown is already set when that happens but both provide basically the same functionality. For the DSP snd_soc_avs driver where multiple codecs are located on multiple cards, bus->shutdown 'shortcut' is not sufficient. One codec card may be unregistered while other codecs are still operational. Proper check in form of card->shutdown must be used to verify whether the codec's card is being shut down. Reviewed-by: Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> Signed-off-by: Cezary Rojewski <cezary.rojewski(a)intel.com> Link: https://patch.msgid.link/20250530141309.2943404-1-cezary.rojewski@intel.com Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Technical Analysis ### Core Problem Being Fixed The commit addresses a **shutdown race condition** in multi-codec HDA systems, specifically in DSP/AVS drivers where multiple HDA codecs exist on the same sound card but with separate bus instances. The change modifies line 47 in `sound/pci/hda/hda_bind.c`: **Before:** ```c if (codec->bus->shutdown) return; ``` **After:** ```c if (codec->card->shutdown || codec->bus->shutdown) return; ``` ### Why This is a Good Backport Candidate **1. Bug Fix Nature - Small and Contained** - This is a clear **bug fix** addressing a specific shutdown race condition - The change is **minimal** (adding one condition check) and **well- contained** - No architectural changes or new features introduced - Low risk of introducing regressions **2. Critical Subsystem Impact** - Affects **HD-audio subsystem** which is critical for audio functionality - Could prevent system crashes or hangs during shutdown in multi-codec scenarios - Improves system stability during shutdown sequences **3. Technical Correctness** The fix addresses a **fundamental timing issue**: - In multi-codec systems, `card->shutdown` is set at the ALSA core level during `snd_card_disconnect()` - `bus->shutdown` is set later at the HDA controller level during individual codec shutdown - **Gap exists** where unsol events could be processed after card shutdown but before bus shutdown - This can cause codec operations on an already-disconnected sound card **4. Follows Stable Tree Criteria** - **Important bug fix**: Prevents potential system instability during shutdown - **Minimal risk**: Only adds an additional safety check, doesn't change existing logic - **Well-understood**: The change is straightforward and follows existing patterns seen in similar commits - **Confined to subsystem**: Only affects HDA audio subsystem **5. Consistency with Similar Backported Commits** This follows the exact same pattern as the historical commits that were successfully backported: - **Similar Commit #1**: Added `bus->shutdown` check to prevent unsol events during shutdown - **Backported (YES)** - **Similar Commit #2**: Added suspend/resume state check to unsol handler - **Backported (YES)** - **Similar Commit #3**: Added jack disconnection during codec unbind - **Backported (YES)** - **Similar Commit #4**: Added bus_probing flag to serialize codec registration - **Backported (YES)** All these commits follow the same pattern: **small, targeted fixes to prevent race conditions in HDA shutdown/initialization sequences**. **6. Real-World Impact** - Affects **DSP/AVS audio systems** which are increasingly common in modern hardware - Without this fix, systems with multiple audio codecs could experience: - Kernel oops during shutdown - System hangs - Audio subsystem corruption - Unpredictable behavior during reboot sequences ### Risk Assessment **Very Low Risk:** - The change only **adds** a safety check, doesn't remove existing functionality - `card->shutdown` check is used extensively throughout the ALSA subsystem already - Maintains **backward compatibility** completely - If `card->shutdown` is false, behavior is identical to before - No changes to data structures, APIs, or functional logic ### Conclusion This commit represents a **textbook stable backport candidate**: it's a small, well-understood bug fix that addresses a real stability issue in a critical subsystem with minimal risk of regression. The pattern matches multiple previously successful backports in the same subsystem, and the technical merit is clear. sound/pci/hda/hda_bind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/pci/hda/hda_bind.c b/sound/pci/hda/hda_bind.c index 0a83afa5f373c..6625643f333e8 100644 --- a/sound/pci/hda/hda_bind.c +++ b/sound/pci/hda/hda_bind.c @@ -44,7 +44,7 @@ static void hda_codec_unsol_event(struct hdac_device *dev, unsigned int ev) struct hda_codec *codec = container_of(dev, struct hda_codec, core); /* ignore unsol events during shutdown */ - if (codec->bus->shutdown) + if (codec->card->shutdown || codec->bus->shutdown) return; /* ignore unsol events during system suspend/resume */ -- 2.39.5

1 week, 6 days

1
5
0 0

[PATCH AUTOSEL 5.15 1/8] ALSA: hda: Ignore unsol events for cards being shut down

by Sasha Levin

From: Cezary Rojewski <cezary.rojewski(a)intel.com> [ Upstream commit 3f100f524e75586537e337b34d18c8d604b398e7 ] For the classic snd_hda_intel driver, codec->card and bus->card point to the exact same thing. When snd_card_diconnect() fires, bus->shutdown is set thanks to azx_dev_disconnect(). card->shutdown is already set when that happens but both provide basically the same functionality. For the DSP snd_soc_avs driver where multiple codecs are located on multiple cards, bus->shutdown 'shortcut' is not sufficient. One codec card may be unregistered while other codecs are still operational. Proper check in form of card->shutdown must be used to verify whether the codec's card is being shut down. Reviewed-by: Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> Signed-off-by: Cezary Rojewski <cezary.rojewski(a)intel.com> Link: https://patch.msgid.link/20250530141309.2943404-1-cezary.rojewski@intel.com Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Technical Analysis ### Core Problem Being Fixed The commit addresses a **shutdown race condition** in multi-codec HDA systems, specifically in DSP/AVS drivers where multiple HDA codecs exist on the same sound card but with separate bus instances. The change modifies line 47 in `sound/pci/hda/hda_bind.c`: **Before:** ```c if (codec->bus->shutdown) return; ``` **After:** ```c if (codec->card->shutdown || codec->bus->shutdown) return; ``` ### Why This is a Good Backport Candidate **1. Bug Fix Nature - Small and Contained** - This is a clear **bug fix** addressing a specific shutdown race condition - The change is **minimal** (adding one condition check) and **well- contained** - No architectural changes or new features introduced - Low risk of introducing regressions **2. Critical Subsystem Impact** - Affects **HD-audio subsystem** which is critical for audio functionality - Could prevent system crashes or hangs during shutdown in multi-codec scenarios - Improves system stability during shutdown sequences **3. Technical Correctness** The fix addresses a **fundamental timing issue**: - In multi-codec systems, `card->shutdown` is set at the ALSA core level during `snd_card_disconnect()` - `bus->shutdown` is set later at the HDA controller level during individual codec shutdown - **Gap exists** where unsol events could be processed after card shutdown but before bus shutdown - This can cause codec operations on an already-disconnected sound card **4. Follows Stable Tree Criteria** - **Important bug fix**: Prevents potential system instability during shutdown - **Minimal risk**: Only adds an additional safety check, doesn't change existing logic - **Well-understood**: The change is straightforward and follows existing patterns seen in similar commits - **Confined to subsystem**: Only affects HDA audio subsystem **5. Consistency with Similar Backported Commits** This follows the exact same pattern as the historical commits that were successfully backported: - **Similar Commit #1**: Added `bus->shutdown` check to prevent unsol events during shutdown - **Backported (YES)** - **Similar Commit #2**: Added suspend/resume state check to unsol handler - **Backported (YES)** - **Similar Commit #3**: Added jack disconnection during codec unbind - **Backported (YES)** - **Similar Commit #4**: Added bus_probing flag to serialize codec registration - **Backported (YES)** All these commits follow the same pattern: **small, targeted fixes to prevent race conditions in HDA shutdown/initialization sequences**. **6. Real-World Impact** - Affects **DSP/AVS audio systems** which are increasingly common in modern hardware - Without this fix, systems with multiple audio codecs could experience: - Kernel oops during shutdown - System hangs - Audio subsystem corruption - Unpredictable behavior during reboot sequences ### Risk Assessment **Very Low Risk:** - The change only **adds** a safety check, doesn't remove existing functionality - `card->shutdown` check is used extensively throughout the ALSA subsystem already - Maintains **backward compatibility** completely - If `card->shutdown` is false, behavior is identical to before - No changes to data structures, APIs, or functional logic ### Conclusion This commit represents a **textbook stable backport candidate**: it's a small, well-understood bug fix that addresses a real stability issue in a critical subsystem with minimal risk of regression. The pattern matches multiple previously successful backports in the same subsystem, and the technical merit is clear. sound/pci/hda/hda_bind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/pci/hda/hda_bind.c b/sound/pci/hda/hda_bind.c index 8e35009ec25cb..a22f723ab3ab6 100644 --- a/sound/pci/hda/hda_bind.c +++ b/sound/pci/hda/hda_bind.c @@ -45,7 +45,7 @@ static void hda_codec_unsol_event(struct hdac_device *dev, unsigned int ev) struct hda_codec *codec = container_of(dev, struct hda_codec, core); /* ignore unsol events during shutdown */ - if (codec->bus->shutdown) + if (codec->card->shutdown || codec->bus->shutdown) return; /* ignore unsol events during system suspend/resume */ -- 2.39.5

1 week, 6 days

1
7
0 0

[PATCH AUTOSEL 6.1 1/8] ALSA: hda: Ignore unsol events for cards being shut down

by Sasha Levin

From: Cezary Rojewski <cezary.rojewski(a)intel.com> [ Upstream commit 3f100f524e75586537e337b34d18c8d604b398e7 ] For the classic snd_hda_intel driver, codec->card and bus->card point to the exact same thing. When snd_card_diconnect() fires, bus->shutdown is set thanks to azx_dev_disconnect(). card->shutdown is already set when that happens but both provide basically the same functionality. For the DSP snd_soc_avs driver where multiple codecs are located on multiple cards, bus->shutdown 'shortcut' is not sufficient. One codec card may be unregistered while other codecs are still operational. Proper check in form of card->shutdown must be used to verify whether the codec's card is being shut down. Reviewed-by: Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> Signed-off-by: Cezary Rojewski <cezary.rojewski(a)intel.com> Link: https://patch.msgid.link/20250530141309.2943404-1-cezary.rojewski@intel.com Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Technical Analysis ### Core Problem Being Fixed The commit addresses a **shutdown race condition** in multi-codec HDA systems, specifically in DSP/AVS drivers where multiple HDA codecs exist on the same sound card but with separate bus instances. The change modifies line 47 in `sound/pci/hda/hda_bind.c`: **Before:** ```c if (codec->bus->shutdown) return; ``` **After:** ```c if (codec->card->shutdown || codec->bus->shutdown) return; ``` ### Why This is a Good Backport Candidate **1. Bug Fix Nature - Small and Contained** - This is a clear **bug fix** addressing a specific shutdown race condition - The change is **minimal** (adding one condition check) and **well- contained** - No architectural changes or new features introduced - Low risk of introducing regressions **2. Critical Subsystem Impact** - Affects **HD-audio subsystem** which is critical for audio functionality - Could prevent system crashes or hangs during shutdown in multi-codec scenarios - Improves system stability during shutdown sequences **3. Technical Correctness** The fix addresses a **fundamental timing issue**: - In multi-codec systems, `card->shutdown` is set at the ALSA core level during `snd_card_disconnect()` - `bus->shutdown` is set later at the HDA controller level during individual codec shutdown - **Gap exists** where unsol events could be processed after card shutdown but before bus shutdown - This can cause codec operations on an already-disconnected sound card **4. Follows Stable Tree Criteria** - **Important bug fix**: Prevents potential system instability during shutdown - **Minimal risk**: Only adds an additional safety check, doesn't change existing logic - **Well-understood**: The change is straightforward and follows existing patterns seen in similar commits - **Confined to subsystem**: Only affects HDA audio subsystem **5. Consistency with Similar Backported Commits** This follows the exact same pattern as the historical commits that were successfully backported: - **Similar Commit #1**: Added `bus->shutdown` check to prevent unsol events during shutdown - **Backported (YES)** - **Similar Commit #2**: Added suspend/resume state check to unsol handler - **Backported (YES)** - **Similar Commit #3**: Added jack disconnection during codec unbind - **Backported (YES)** - **Similar Commit #4**: Added bus_probing flag to serialize codec registration - **Backported (YES)** All these commits follow the same pattern: **small, targeted fixes to prevent race conditions in HDA shutdown/initialization sequences**. **6. Real-World Impact** - Affects **DSP/AVS audio systems** which are increasingly common in modern hardware - Without this fix, systems with multiple audio codecs could experience: - Kernel oops during shutdown - System hangs - Audio subsystem corruption - Unpredictable behavior during reboot sequences ### Risk Assessment **Very Low Risk:** - The change only **adds** a safety check, doesn't remove existing functionality - `card->shutdown` check is used extensively throughout the ALSA subsystem already - Maintains **backward compatibility** completely - If `card->shutdown` is false, behavior is identical to before - No changes to data structures, APIs, or functional logic ### Conclusion This commit represents a **textbook stable backport candidate**: it's a small, well-understood bug fix that addresses a real stability issue in a critical subsystem with minimal risk of regression. The pattern matches multiple previously successful backports in the same subsystem, and the technical merit is clear. sound/pci/hda/hda_bind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/pci/hda/hda_bind.c b/sound/pci/hda/hda_bind.c index 890c2f7c33fc2..4c7355a0814d1 100644 --- a/sound/pci/hda/hda_bind.c +++ b/sound/pci/hda/hda_bind.c @@ -45,7 +45,7 @@ static void hda_codec_unsol_event(struct hdac_device *dev, unsigned int ev) struct hda_codec *codec = container_of(dev, struct hda_codec, core); /* ignore unsol events during shutdown */ - if (codec->bus->shutdown) + if (codec->card->shutdown || codec->bus->shutdown) return; /* ignore unsol events during system suspend/resume */ -- 2.39.5

1 week, 6 days

1
7
0 0

[PATCH AUTOSEL 6.6 1/9] ALSA: hda: Ignore unsol events for cards being shut down

by Sasha Levin

From: Cezary Rojewski <cezary.rojewski(a)intel.com> [ Upstream commit 3f100f524e75586537e337b34d18c8d604b398e7 ] For the classic snd_hda_intel driver, codec->card and bus->card point to the exact same thing. When snd_card_diconnect() fires, bus->shutdown is set thanks to azx_dev_disconnect(). card->shutdown is already set when that happens but both provide basically the same functionality. For the DSP snd_soc_avs driver where multiple codecs are located on multiple cards, bus->shutdown 'shortcut' is not sufficient. One codec card may be unregistered while other codecs are still operational. Proper check in form of card->shutdown must be used to verify whether the codec's card is being shut down. Reviewed-by: Amadeusz Sławiński <amadeuszx.slawinski(a)linux.intel.com> Signed-off-by: Cezary Rojewski <cezary.rojewski(a)intel.com> Link: https://patch.msgid.link/20250530141309.2943404-1-cezary.rojewski@intel.com Signed-off-by: Takashi Iwai <tiwai(a)suse.de> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Technical Analysis ### Core Problem Being Fixed The commit addresses a **shutdown race condition** in multi-codec HDA systems, specifically in DSP/AVS drivers where multiple HDA codecs exist on the same sound card but with separate bus instances. The change modifies line 47 in `sound/pci/hda/hda_bind.c`: **Before:** ```c if (codec->bus->shutdown) return; ``` **After:** ```c if (codec->card->shutdown || codec->bus->shutdown) return; ``` ### Why This is a Good Backport Candidate **1. Bug Fix Nature - Small and Contained** - This is a clear **bug fix** addressing a specific shutdown race condition - The change is **minimal** (adding one condition check) and **well- contained** - No architectural changes or new features introduced - Low risk of introducing regressions **2. Critical Subsystem Impact** - Affects **HD-audio subsystem** which is critical for audio functionality - Could prevent system crashes or hangs during shutdown in multi-codec scenarios - Improves system stability during shutdown sequences **3. Technical Correctness** The fix addresses a **fundamental timing issue**: - In multi-codec systems, `card->shutdown` is set at the ALSA core level during `snd_card_disconnect()` - `bus->shutdown` is set later at the HDA controller level during individual codec shutdown - **Gap exists** where unsol events could be processed after card shutdown but before bus shutdown - This can cause codec operations on an already-disconnected sound card **4. Follows Stable Tree Criteria** - **Important bug fix**: Prevents potential system instability during shutdown - **Minimal risk**: Only adds an additional safety check, doesn't change existing logic - **Well-understood**: The change is straightforward and follows existing patterns seen in similar commits - **Confined to subsystem**: Only affects HDA audio subsystem **5. Consistency with Similar Backported Commits** This follows the exact same pattern as the historical commits that were successfully backported: - **Similar Commit #1**: Added `bus->shutdown` check to prevent unsol events during shutdown - **Backported (YES)** - **Similar Commit #2**: Added suspend/resume state check to unsol handler - **Backported (YES)** - **Similar Commit #3**: Added jack disconnection during codec unbind - **Backported (YES)** - **Similar Commit #4**: Added bus_probing flag to serialize codec registration - **Backported (YES)** All these commits follow the same pattern: **small, targeted fixes to prevent race conditions in HDA shutdown/initialization sequences**. **6. Real-World Impact** - Affects **DSP/AVS audio systems** which are increasingly common in modern hardware - Without this fix, systems with multiple audio codecs could experience: - Kernel oops during shutdown - System hangs - Audio subsystem corruption - Unpredictable behavior during reboot sequences ### Risk Assessment **Very Low Risk:** - The change only **adds** a safety check, doesn't remove existing functionality - `card->shutdown` check is used extensively throughout the ALSA subsystem already - Maintains **backward compatibility** completely - If `card->shutdown` is false, behavior is identical to before - No changes to data structures, APIs, or functional logic ### Conclusion This commit represents a **textbook stable backport candidate**: it's a small, well-understood bug fix that addresses a real stability issue in a critical subsystem with minimal risk of regression. The pattern matches multiple previously successful backports in the same subsystem, and the technical merit is clear. sound/pci/hda/hda_bind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/pci/hda/hda_bind.c b/sound/pci/hda/hda_bind.c index b7ca2a83fbb08..95786bdadfe6a 100644 --- a/sound/pci/hda/hda_bind.c +++ b/sound/pci/hda/hda_bind.c @@ -44,7 +44,7 @@ static void hda_codec_unsol_event(struct hdac_device *dev, unsigned int ev) struct hda_codec *codec = container_of(dev, struct hda_codec, core); /* ignore unsol events during shutdown */ - if (codec->bus->shutdown) + if (codec->card->shutdown || codec->bus->shutdown) return; /* ignore unsol events during system suspend/resume */ -- 2.39.5

1 week, 6 days

1
8
0 0

[PATCH AUTOSEL 6.12 01/12] riscv: add a data fence for CMODX in the kernel mode

by Sasha Levin

From: Andy Chiu <andybnac(a)gmail.com> [ Upstream commit ca358692de41b273468e625f96926fa53e13bd8c ] RISC-V spec explicitly calls out that a local fence.i is not enough for the code modification to be visble from a remote hart. In fact, it states: To make a store to instruction memory visible to all RISC-V harts, the writing hart also has to execute a data FENCE before requesting that all remote RISC-V harts execute a FENCE.I. Although current riscv drivers for IPI use ordered MMIO when sending IPIs in order to synchronize the action between previous csd writes, riscv does not restrict itself to any particular flavor of IPI. Any driver or firmware implementation that does not order data writes before the IPI may pose a risk for code-modifying race. Thus, add a fence here to order data writes before making the IPI. Signed-off-by: Andy Chiu <andybnac(a)gmail.com> Reviewed-by: Björn Töpel <bjorn(a)rivosinc.com> Link: https://lore.kernel.org/r/20250407180838.42877-8-andybnac@gmail.com Signed-off-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Signed-off-by: Palmer Dabbelt <palmer(a)dabbelt.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Based on my analysis of the commit and the RISC-V kernel codebase, here is my assessment: **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Code Analysis The commit adds a critical memory fence (`RISCV_FENCE(w, o)`) before sending IPIs in the `flush_icache_all()` function in `arch/riscv/mm/cacheflush.c`. Specifically, it: 1. **Adds a data fence before IPI**: The `RISCV_FENCE(w, o)` instruction ensures that all previous memory writes (w) are ordered before device output operations (o), which includes MMIO writes for sending IPIs. 2. **Addresses RISC-V specification requirement**: The commit message explicitly references the RISC-V Platform Specification Section 2.1, which requires a data FENCE before requesting remote FENCE.I operations to ensure code modifications are visible across harts (hardware threads). 3. **Fixes a potential race condition**: Without this fence, there's a risk that code modifications made by one hart might not be visible to other harts when they receive the IPI to flush their instruction caches. ## Why This Should Be Backported ### 1. **Critical Correctness Issue** This fixes a fundamental correctness issue in code modification (CMODX) operations on RISC-V multiprocessor systems. The lack of proper ordering can lead to: - Stale instruction execution on remote cores - Race conditions in dynamic code modification scenarios - Potential security vulnerabilities in JIT compilers, kernel modules, and other code-patching mechanisms ### 2. **Specification Compliance** The fix ensures compliance with the RISC-V specification requirements. The spec explicitly states that a data fence is required before remote fence.i operations, making this a standards compliance fix rather than an optimization. ### 3. **Small and Contained Change** The change is minimal and surgical: - Adds only one fence instruction (`RISCV_FENCE(w, o)`) - No functional logic changes - Affects only the `flush_icache_all()` path - Low risk of introducing regressions ### 4. **Wide Impact on Code Modification** The `flush_icache_all()` function is used by: - Kernel module loading/unloading - JIT compilers (eBPF, etc.) - Dynamic code patching - Debugging infrastructure (kprobes, uprobes) - Any code that modifies executable instructions ### 5. **Similarity to Accepted Backports** Looking at similar commit #1 in the reference examples (irqchip fence ordering), which was marked as backportable, this commit addresses the same class of memory ordering issues that are critical for correctness on RISC-V systems. ### 6. **Platform Independence** The fix applies to all RISC-V implementations, as it addresses a fundamental architectural requirement rather than a specific hardware bug. ## Risk Assessment **Low Risk**: The fence instruction is a standard RISC-V barrier that: - Does not change control flow - Only adds necessary ordering constraints - Is already used extensively throughout the RISC-V kernel code - Has predictable performance impact (minimal additional latency) ## Comparison with Reference Commits This commit is most similar to reference commit #1 (irqchip memory ordering fix), which was correctly marked for backporting. Both commits: - Fix memory ordering issues in IPI/interrupt subsystems - Address RISC-V specification requirements - Have minimal code changes with high correctness impact - Fix potential race conditions in multi-hart systems The commit fixes a critical specification compliance issue that could lead to correctness problems in code modification scenarios across all RISC-V multiprocessor systems, making it an excellent candidate for stable backporting. arch/riscv/mm/cacheflush.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/arch/riscv/mm/cacheflush.c b/arch/riscv/mm/cacheflush.c index b816727298872..b2e4b81763f88 100644 --- a/arch/riscv/mm/cacheflush.c +++ b/arch/riscv/mm/cacheflush.c @@ -24,7 +24,20 @@ void flush_icache_all(void) if (num_online_cpus() < 2) return; - else if (riscv_use_sbi_for_rfence()) + + /* + * Make sure all previous writes to the D$ are ordered before making + * the IPI. The RISC-V spec states that a hart must execute a data fence + * before triggering a remote fence.i in order to make the modification + * visable for remote harts. + * + * IPIs on RISC-V are triggered by MMIO writes to either CLINT or + * S-IMSIC, so the fence ensures previous data writes "happen before" + * the MMIO. + */ + RISCV_FENCE(w, o); + + if (riscv_use_sbi_for_rfence()) sbi_remote_fence_i(NULL); else on_each_cpu(ipi_remote_fence_i, NULL, 1); -- 2.39.5

1 week, 6 days

1
11
0 0

[PATCH AUTOSEL 6.15 01/15] riscv: add a data fence for CMODX in the kernel mode

by Sasha Levin

From: Andy Chiu <andybnac(a)gmail.com> [ Upstream commit ca358692de41b273468e625f96926fa53e13bd8c ] RISC-V spec explicitly calls out that a local fence.i is not enough for the code modification to be visble from a remote hart. In fact, it states: To make a store to instruction memory visible to all RISC-V harts, the writing hart also has to execute a data FENCE before requesting that all remote RISC-V harts execute a FENCE.I. Although current riscv drivers for IPI use ordered MMIO when sending IPIs in order to synchronize the action between previous csd writes, riscv does not restrict itself to any particular flavor of IPI. Any driver or firmware implementation that does not order data writes before the IPI may pose a risk for code-modifying race. Thus, add a fence here to order data writes before making the IPI. Signed-off-by: Andy Chiu <andybnac(a)gmail.com> Reviewed-by: Björn Töpel <bjorn(a)rivosinc.com> Link: https://lore.kernel.org/r/20250407180838.42877-8-andybnac@gmail.com Signed-off-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Signed-off-by: Palmer Dabbelt <palmer(a)dabbelt.com> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Based on my analysis of the commit and the RISC-V kernel codebase, here is my assessment: **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Code Analysis The commit adds a critical memory fence (`RISCV_FENCE(w, o)`) before sending IPIs in the `flush_icache_all()` function in `arch/riscv/mm/cacheflush.c`. Specifically, it: 1. **Adds a data fence before IPI**: The `RISCV_FENCE(w, o)` instruction ensures that all previous memory writes (w) are ordered before device output operations (o), which includes MMIO writes for sending IPIs. 2. **Addresses RISC-V specification requirement**: The commit message explicitly references the RISC-V Platform Specification Section 2.1, which requires a data FENCE before requesting remote FENCE.I operations to ensure code modifications are visible across harts (hardware threads). 3. **Fixes a potential race condition**: Without this fence, there's a risk that code modifications made by one hart might not be visible to other harts when they receive the IPI to flush their instruction caches. ## Why This Should Be Backported ### 1. **Critical Correctness Issue** This fixes a fundamental correctness issue in code modification (CMODX) operations on RISC-V multiprocessor systems. The lack of proper ordering can lead to: - Stale instruction execution on remote cores - Race conditions in dynamic code modification scenarios - Potential security vulnerabilities in JIT compilers, kernel modules, and other code-patching mechanisms ### 2. **Specification Compliance** The fix ensures compliance with the RISC-V specification requirements. The spec explicitly states that a data fence is required before remote fence.i operations, making this a standards compliance fix rather than an optimization. ### 3. **Small and Contained Change** The change is minimal and surgical: - Adds only one fence instruction (`RISCV_FENCE(w, o)`) - No functional logic changes - Affects only the `flush_icache_all()` path - Low risk of introducing regressions ### 4. **Wide Impact on Code Modification** The `flush_icache_all()` function is used by: - Kernel module loading/unloading - JIT compilers (eBPF, etc.) - Dynamic code patching - Debugging infrastructure (kprobes, uprobes) - Any code that modifies executable instructions ### 5. **Similarity to Accepted Backports** Looking at similar commit #1 in the reference examples (irqchip fence ordering), which was marked as backportable, this commit addresses the same class of memory ordering issues that are critical for correctness on RISC-V systems. ### 6. **Platform Independence** The fix applies to all RISC-V implementations, as it addresses a fundamental architectural requirement rather than a specific hardware bug. ## Risk Assessment **Low Risk**: The fence instruction is a standard RISC-V barrier that: - Does not change control flow - Only adds necessary ordering constraints - Is already used extensively throughout the RISC-V kernel code - Has predictable performance impact (minimal additional latency) ## Comparison with Reference Commits This commit is most similar to reference commit #1 (irqchip memory ordering fix), which was correctly marked for backporting. Both commits: - Fix memory ordering issues in IPI/interrupt subsystems - Address RISC-V specification requirements - Have minimal code changes with high correctness impact - Fix potential race conditions in multi-hart systems The commit fixes a critical specification compliance issue that could lead to correctness problems in code modification scenarios across all RISC-V multiprocessor systems, making it an excellent candidate for stable backporting. arch/riscv/mm/cacheflush.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/arch/riscv/mm/cacheflush.c b/arch/riscv/mm/cacheflush.c index b816727298872..b2e4b81763f88 100644 --- a/arch/riscv/mm/cacheflush.c +++ b/arch/riscv/mm/cacheflush.c @@ -24,7 +24,20 @@ void flush_icache_all(void) if (num_online_cpus() < 2) return; - else if (riscv_use_sbi_for_rfence()) + + /* + * Make sure all previous writes to the D$ are ordered before making + * the IPI. The RISC-V spec states that a hart must execute a data fence + * before triggering a remote fence.i in order to make the modification + * visable for remote harts. + * + * IPIs on RISC-V are triggered by MMIO writes to either CLINT or + * S-IMSIC, so the fence ensures previous data writes "happen before" + * the MMIO. + */ + RISCV_FENCE(w, o); + + if (riscv_use_sbi_for_rfence()) sbi_remote_fence_i(NULL); else on_each_cpu(ipi_remote_fence_i, NULL, 1); -- 2.39.5

1 week, 6 days

1
14
0 0

FAILED: patch "[PATCH] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x ed5915cfce2abb9a553c3737badebd4a11d6c9c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061755-peso-ravage-c101@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed5915cfce2abb9a553c3737badebd4a11d6c9c7 Mon Sep 17 00:00:00 2001 From: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Date: Thu, 22 May 2025 09:41:27 +0300 Subject: [PATCH] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit d6e020819612a4a06207af858e0978be4d3e3140. The IS_DGFX check was put in place because error capture of buffer objects is expected to be broken on devices with VRAM. Userspace fix[1] to the impacted media driver has been submitted, merged and a new driver release is out as 25.2.3 where the capture flag is dropped on DG1 thus unblocking the usage of media driver on DG1. [1] https://github.com/intel/media-driver/commit/93c07d9b4b96a78bab21f6acd4eb86… Cc: stable(a)vger.kernel.org # v6.0+ Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Tvrtko Ursulin <tursulin(a)ursulin.net> Acked-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://lore.kernel.org/r/20250522064127.24293-1-joonas.lahtinen@linux.inte… [Joonas: Update message to point out the merged userspace fix] Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> (cherry picked from commit d2dc30e0aa252830f908c8e793d3139d51321370) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c index ea9d5063ce78..ca7e9216934a 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c @@ -2013,7 +2013,7 @@ static int eb_capture_stage(struct i915_execbuffer *eb) continue; if (i915_gem_context_is_recoverable(eb->gem_context) && - GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 10)) + (IS_DGFX(eb->i915) || GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 0))) return -EINVAL; for_each_batch_create_order(eb, j) {

1 week, 6 days

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x ed5915cfce2abb9a553c3737badebd4a11d6c9c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061754-motive-astride-cdfd@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed5915cfce2abb9a553c3737badebd4a11d6c9c7 Mon Sep 17 00:00:00 2001 From: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Date: Thu, 22 May 2025 09:41:27 +0300 Subject: [PATCH] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit d6e020819612a4a06207af858e0978be4d3e3140. The IS_DGFX check was put in place because error capture of buffer objects is expected to be broken on devices with VRAM. Userspace fix[1] to the impacted media driver has been submitted, merged and a new driver release is out as 25.2.3 where the capture flag is dropped on DG1 thus unblocking the usage of media driver on DG1. [1] https://github.com/intel/media-driver/commit/93c07d9b4b96a78bab21f6acd4eb86… Cc: stable(a)vger.kernel.org # v6.0+ Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Tvrtko Ursulin <tursulin(a)ursulin.net> Acked-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://lore.kernel.org/r/20250522064127.24293-1-joonas.lahtinen@linux.inte… [Joonas: Update message to point out the merged userspace fix] Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> (cherry picked from commit d2dc30e0aa252830f908c8e793d3139d51321370) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c index ea9d5063ce78..ca7e9216934a 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c @@ -2013,7 +2013,7 @@ static int eb_capture_stage(struct i915_execbuffer *eb) continue; if (i915_gem_context_is_recoverable(eb->gem_context) && - GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 10)) + (IS_DGFX(eb->i915) || GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 0))) return -EINVAL; for_each_batch_create_order(eb, j) {

1 week, 6 days

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x ed5915cfce2abb9a553c3737badebd4a11d6c9c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061754-sensitive-pointed-5663@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed5915cfce2abb9a553c3737badebd4a11d6c9c7 Mon Sep 17 00:00:00 2001 From: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Date: Thu, 22 May 2025 09:41:27 +0300 Subject: [PATCH] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit d6e020819612a4a06207af858e0978be4d3e3140. The IS_DGFX check was put in place because error capture of buffer objects is expected to be broken on devices with VRAM. Userspace fix[1] to the impacted media driver has been submitted, merged and a new driver release is out as 25.2.3 where the capture flag is dropped on DG1 thus unblocking the usage of media driver on DG1. [1] https://github.com/intel/media-driver/commit/93c07d9b4b96a78bab21f6acd4eb86… Cc: stable(a)vger.kernel.org # v6.0+ Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Tvrtko Ursulin <tursulin(a)ursulin.net> Acked-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://lore.kernel.org/r/20250522064127.24293-1-joonas.lahtinen@linux.inte… [Joonas: Update message to point out the merged userspace fix] Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> (cherry picked from commit d2dc30e0aa252830f908c8e793d3139d51321370) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c index ea9d5063ce78..ca7e9216934a 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c @@ -2013,7 +2013,7 @@ static int eb_capture_stage(struct i915_execbuffer *eb) continue; if (i915_gem_context_is_recoverable(eb->gem_context) && - GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 10)) + (IS_DGFX(eb->i915) || GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 0))) return -EINVAL; for_each_batch_create_order(eb, j) {

1 week, 6 days

1
0
0 0

FAILED: patch "[PATCH] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable" failed to apply to 6.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.15.y git checkout FETCH_HEAD git cherry-pick -x ed5915cfce2abb9a553c3737badebd4a11d6c9c7 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025061753-unsubtle-afterlife-33f7@gregkh' --subject-prefix 'PATCH 6.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ed5915cfce2abb9a553c3737badebd4a11d6c9c7 Mon Sep 17 00:00:00 2001 From: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> Date: Thu, 22 May 2025 09:41:27 +0300 Subject: [PATCH] Revert "drm/i915/gem: Allow EXEC_CAPTURE on recoverable contexts on DG1" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit d6e020819612a4a06207af858e0978be4d3e3140. The IS_DGFX check was put in place because error capture of buffer objects is expected to be broken on devices with VRAM. Userspace fix[1] to the impacted media driver has been submitted, merged and a new driver release is out as 25.2.3 where the capture flag is dropped on DG1 thus unblocking the usage of media driver on DG1. [1] https://github.com/intel/media-driver/commit/93c07d9b4b96a78bab21f6acd4eb86… Cc: stable(a)vger.kernel.org # v6.0+ Cc: Ville Syrjälä <ville.syrjala(a)linux.intel.com> Cc: Andi Shyti <andi.shyti(a)linux.intel.com> Cc: Matthew Auld <matthew.auld(a)intel.com> Cc: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> Cc: Tvrtko Ursulin <tursulin(a)ursulin.net> Acked-by: Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> Reviewed-by: Andi Shyti <andi.shyti(a)linux.intel.com> Link: https://lore.kernel.org/r/20250522064127.24293-1-joonas.lahtinen@linux.inte… [Joonas: Update message to point out the merged userspace fix] Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> (cherry picked from commit d2dc30e0aa252830f908c8e793d3139d51321370) Signed-off-by: Joonas Lahtinen <joonas.lahtinen(a)linux.intel.com> diff --git a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c index ea9d5063ce78..ca7e9216934a 100644 --- a/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/gem/i915_gem_execbuffer.c @@ -2013,7 +2013,7 @@ static int eb_capture_stage(struct i915_execbuffer *eb) continue; if (i915_gem_context_is_recoverable(eb->gem_context) && - GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 10)) + (IS_DGFX(eb->i915) || GRAPHICS_VER_FULL(eb->i915) > IP_VER(12, 0))) return -EINVAL; for_each_batch_create_order(eb, j) {

1 week, 6 days

1
0
0 0

stable@vger.kernel.org

by vicky685kg＠gmail.com

Hi there, Market trend is changing rapidly. Paid ads are not delivering much better results. You must have to plan to move to organic marketing. If you would be interested, I can send complete marketing plan. Cheers! Sendy

1 week, 6 days

1
0
0 0

[PATCH] platform/x86: ideapad-laptop: use usleep_range() for EC polling

by Rong Zhang

It was reported that ideapad-laptop sometimes causes some recent (since 2024) Lenovo ThinkBook models shut down when: - suspending/resuming - closing/opening the lid - (dis)connecting a charger - reading/writing some sysfs properties, e.g., fan_mode, touchpad - pressing down some Fn keys, e.g., Brightness Up/Down (Fn+F5/F6) - (seldom) loading the kmod The issue has existed since the launch day of such models, and there have been some out-of-tree workarounds (see Link:) for the issue. One disables some functionalities, while another one simply shortens IDEAPAD_EC_TIMEOUT. The disabled functionalities have read_ec_data() in their call chains, which calls schedule() between each poll. It turns out that these models suffer from the indeterminacy of schedule() because of their low tolerance for being polled too frequently. Sometimes schedule() returns too soon due to the lack of ready tasks, causing the margin between two polls to be too short. In this case, the command is somehow aborted, and too many subsequent polls (they poll for "nothing!") may eventually break the state machine in the EC, resulting in a hard shutdown. This explains why shortening IDEAPAD_EC_TIMEOUT works around the issue - it reduces the total number of polls sent to the EC. Even when it doesn't lead to a shutdown, frequent polls may also disturb the ongoing operation and notably delay (+ 10-20ms) the availability of EC response. This phenomenon is unlikely to be exclusive to the models mentioned above, so dropping the schedule() manner should also slightly improve the responsiveness of various models. Fix these issues by migrating to usleep_range(150, 300). The interval is chosen to add some margin to the minimal 50us and considering EC responses are usually available after 150-2500us based on my test. It should be enough to fix these issues on all models subject to the EC bug without introducing latency on other models. Tested on ThinkBook 14 G7+ ASP and solved both issues. No regression was introduced in the test on a model without the EC bug (ThinkBook X IMH, thanks Eric). Link: https://github.com/ty2/ideapad-laptop-tb2024g6plus/commit/6c5db18c9e8109873… Link: https://github.com/ferstar/ideapad-laptop-tb/commit/42d1e68e5009529d31bd23f… Closes: https://bugzilla.kernel.org/show_bug.cgi?id=218771 Fixes: 6a09f21dd1e2 ("ideapad: add ACPI helpers") Cc: stable(a)vger.kernel.org Tested-by: Eric Long <i(a)hack3r.moe> Signed-off-by: Rong Zhang <i(a)rong.moe> --- drivers/platform/x86/ideapad-laptop.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/drivers/platform/x86/ideapad-laptop.c b/drivers/platform/x86/ideapad-laptop.c index ede483573fe0..b5e4da6a6779 100644 --- a/drivers/platform/x86/ideapad-laptop.c +++ b/drivers/platform/x86/ideapad-laptop.c @@ -15,6 +15,7 @@ #include <linux/bug.h> #include <linux/cleanup.h> #include <linux/debugfs.h> +#include <linux/delay.h> #include <linux/device.h> #include <linux/dmi.h> #include <linux/i8042.h> @@ -267,6 +268,20 @@ static void ideapad_shared_exit(struct ideapad_private *priv) */ #define IDEAPAD_EC_TIMEOUT 200 /* in ms */ +/* + * Some models (e.g., ThinkBook since 2024) have a low tolerance for being + * polled too frequently. Doing so may break the state machine in the EC, + * resulting in a hard shutdown. + * + * It is also observed that frequent polls may disturb the ongoing operation + * and notably delay the availability of EC response. + * + * These values are used as the delay before the first poll and the interval + * between subsequent polls to solve the above issues. + */ +#define IDEAPAD_EC_POLL_MIN_US 150 +#define IDEAPAD_EC_POLL_MAX_US 300 + static int eval_int(acpi_handle handle, const char *name, unsigned long *res) { unsigned long long result; @@ -383,7 +398,7 @@ static int read_ec_data(acpi_handle handle, unsigned long cmd, unsigned long *da end_jiffies = jiffies + msecs_to_jiffies(IDEAPAD_EC_TIMEOUT) + 1; while (time_before(jiffies, end_jiffies)) { - schedule(); + usleep_range(IDEAPAD_EC_POLL_MIN_US, IDEAPAD_EC_POLL_MAX_US); err = eval_vpcr(handle, 1, &val); if (err) @@ -414,7 +429,7 @@ static int write_ec_cmd(acpi_handle handle, unsigned long cmd, unsigned long dat end_jiffies = jiffies + msecs_to_jiffies(IDEAPAD_EC_TIMEOUT) + 1; while (time_before(jiffies, end_jiffies)) { - schedule(); + usleep_range(IDEAPAD_EC_POLL_MIN_US, IDEAPAD_EC_POLL_MAX_US); err = eval_vpcr(handle, 1, &val); if (err) base-commit: a5806cd506af5a7c19bcd596e4708b5c464bfd21 -- 2.49.0

1 week, 6 days

7
6
0 0

Unplayable framerates in game but specific kernel versions work, maybe amdgpu problem

by machion＠disroot.org

Hello kernel/driver developers, I hope, with my information it's possible to find a bug/problem in the kernel. Otherwise I am sorry, that I disturbed you. I only use LTS kernels, but I can narrow it down to a hand full of them, where it works. The PC: Manjaro Stable/Cinnamon/X11/AMD Ryzen 5 2600/Radeon HD 7790/8GB RAM I already asked the Manjaro community, but with no luck. The game: Hellpoint (GOG Linux latest version, Unity3D-Engine v2021), uses vulkan --- I came a long road of kernels. I had many versions of 5.4, 5.10, 5.15, 6.1 and 6.6 and and the game was always unplayable, because the frames where around 1fps (performance of PC is not the problem). I asked the mesa and cinnamon team for help in the past, but also with no luck. It never worked, till on 2025-03-29 when I installed 6.12.19 for the first time and it worked! But it only worked with 6.12.19, 6.12.20 and 6.12.21 When I updated to 6.12.25, it was back to unplayable. For testing I installed 6.14.4 with the same result. It doesn't work. I also compared file /proc/config.gz of both kernels (6.12.21 <> 6.14.4), but can't seem to see drastic changes to the graphical part. I presume it has something to do with amdgpu. If you need more information, I would be happy to help. Kind regards, Marion

1 week, 6 days

2
4
0 0

[PATCH 0/2] media: qcom: camss: Fix two bugs in mainline

by Bryan O'Donoghue

Two bug fixes here. First up SDM630/SDM660 hasn't been probing because moving the CSIPHY gen2 init sequence into a common location also moved the default case of the switch statement which rejects non-gen2 devices. Second is a fix for a very longstanding bug which is a race-condition between fully enumerating /dev/videoX devices along with all of their dependent data-structures and gating user-space access to those devices. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> --- Bryan O'Donoghue (2): media: qcom: camss: csiphy-3ph: Fix inadvertent dropping of SDM660/SDM670 phy init media: qcom: camss: vfe: Fix registration sequencing bug drivers/media/platform/qcom/camss/camss-csiphy-3ph-1-0.c | 3 +-- drivers/media/platform/qcom/camss/camss-vfe.c | 8 ++++++++ drivers/media/platform/qcom/camss/camss-vfe.h | 1 + 3 files changed, 10 insertions(+), 2 deletions(-) --- base-commit: 8666245114d979b963dc23894a03c74ecab8a7a6 change-id: 20250610-linux-next-25-05-30-daily-reviews-47ef54eee7ea Best regards, -- Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>

1 week, 6 days

3
8
0 0

[PATCH v2 1/4] wifi: ath12k: fix dest ring-buffer corruption

by Johan Hovold

Add the missing memory barrier to make sure that destination ring descriptors are read after the head pointers to avoid using stale data on weakly ordered architectures like aarch64. The barrier is added to the ath12k_hal_srng_access_begin() helper for symmetry with follow-on fixes for source ring buffer corruption which will add barriers to ath12k_hal_srng_access_end(). Note that this may fix the empty descriptor issue recently worked around by commit 51ad34a47e9f ("wifi: ath12k: Add drop descriptor handling for monitor ring"). Tested-on: WCN7850 hw2.0 WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 Fixes: d889913205cf ("wifi: ath12k: driver for Qualcomm Wi-Fi 7 devices") Cc: stable(a)vger.kernel.org # 6.3 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/net/wireless/ath/ath12k/ce.c | 3 --- drivers/net/wireless/ath/ath12k/hal.c | 17 ++++++++++++++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/drivers/net/wireless/ath/ath12k/ce.c b/drivers/net/wireless/ath/ath12k/ce.c index 740586fe49d1..b66d23d6b2bd 100644 --- a/drivers/net/wireless/ath/ath12k/ce.c +++ b/drivers/net/wireless/ath/ath12k/ce.c @@ -343,9 +343,6 @@ static int ath12k_ce_completed_recv_next(struct ath12k_ce_pipe *pipe, goto err; } - /* Make sure descriptor is read after the head pointer. */ - dma_rmb(); - *nbytes = ath12k_hal_ce_dst_status_get_length(desc); *skb = pipe->dest_ring->skb[sw_index]; diff --git a/drivers/net/wireless/ath/ath12k/hal.c b/drivers/net/wireless/ath/ath12k/hal.c index 91d5126ca149..9eea13ed5565 100644 --- a/drivers/net/wireless/ath/ath12k/hal.c +++ b/drivers/net/wireless/ath/ath12k/hal.c @@ -2126,13 +2126,24 @@ void *ath12k_hal_srng_src_get_next_reaped(struct ath12k_base *ab, void ath12k_hal_srng_access_begin(struct ath12k_base *ab, struct hal_srng *srng) { + u32 hp; + lockdep_assert_held(&srng->lock); - if (srng->ring_dir == HAL_SRNG_DIR_SRC) + if (srng->ring_dir == HAL_SRNG_DIR_SRC) { srng->u.src_ring.cached_tp = *(volatile u32 *)srng->u.src_ring.tp_addr; - else - srng->u.dst_ring.cached_hp = READ_ONCE(*srng->u.dst_ring.hp_addr); + } else { + hp = READ_ONCE(*srng->u.dst_ring.hp_addr); + + if (hp != srng->u.dst_ring.cached_hp) { + srng->u.dst_ring.cached_hp = hp; + /* Make sure descriptor is read after the head + * pointer. + */ + dma_rmb(); + } + } } /* Update cached ring head/tail pointers to HW. ath12k_hal_srng_access_begin() -- 2.49.0

1 week, 6 days

4
6
0 0

[PATCH] erofs: remove unused trace event erofs_destroy_inode

by Gao Xiang

The trace event `erofs_destroy_inode` was added but remains unused. This unused event contributes approximately 5KB to the kernel module size. Reported-by: Steven Rostedt <rostedt(a)goodmis.org> Closes: https://lore.kernel.org/r/20250612224906.15000244@batman.local.home Fixes: 13f06f48f7bf ("staging: erofs: support tracepoint") Cc: stable(a)vger.kernel.org Signed-off-by: Gao Xiang <hsiangkao(a)linux.alibaba.com> --- include/trace/events/erofs.h | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/include/trace/events/erofs.h b/include/trace/events/erofs.h index a5f4b9234f46..dad7360f42f9 100644 --- a/include/trace/events/erofs.h +++ b/include/trace/events/erofs.h @@ -211,24 +211,6 @@ TRACE_EVENT(erofs_map_blocks_exit, show_mflags(__entry->mflags), __entry->ret) ); -TRACE_EVENT(erofs_destroy_inode, - TP_PROTO(struct inode *inode), - - TP_ARGS(inode), - - TP_STRUCT__entry( - __field( dev_t, dev ) - __field( erofs_nid_t, nid ) - ), - - TP_fast_assign( - __entry->dev = inode->i_sb->s_dev; - __entry->nid = EROFS_I(inode)->nid; - ), - - TP_printk("dev = (%d,%d), nid = %llu", show_dev_nid(__entry)) -); - #endif /* _TRACE_EROFS_H */ /* This part must be outside protection */ -- 2.43.5

1 week, 6 days

1
0
0 0

[PATCH] net/9p: Fix buffer overflow in USB transport layer

by Yuhao Jiang

A buffer overflow vulnerability exists in the USB 9pfs transport layer where inconsistent size validation between packet header parsing and actual data copying allows a malicious USB host to overflow heap buffers. The issue occurs because: - usb9pfs_rx_header() validates only the declared size in packet header - usb9pfs_rx_complete() uses req->actual (actual received bytes) for memcpy This allows an attacker to craft packets with small declared size (bypassing validation) but large actual payload (triggering overflow in memcpy). Add validation in usb9pfs_rx_complete() to ensure req->actual does not exceed the buffer capacity before copying data. Reported-by: Yuhao Jiang <danisjiang(a)gmail.com> Fixes: a3be076dc174 ("net/9p/usbg: Add new usb gadget function transport") Cc: stable(a)vger.kernel.org Signed-off-by: Yuhao Jiang <danisjiang(a)gmail.com> --- net/9p/trans_usbg.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/9p/trans_usbg.c b/net/9p/trans_usbg.c index 6b694f117aef..047a2862fc84 100644 --- a/net/9p/trans_usbg.c +++ b/net/9p/trans_usbg.c @@ -242,6 +242,15 @@ static void usb9pfs_rx_complete(struct usb_ep *ep, struct usb_request *req) if (!p9_rx_req) return; + /* Validate actual received size against buffer capacity */ + if (req->actual > p9_rx_req->rc.capacity) { + dev_err(&cdev->gadget->dev, + "received data size %u exceeds buffer capacity %zu\n", + req->actual, p9_rx_req->rc.capacity); + p9_req_put(usb9pfs->client, p9_rx_req); + return; + } + memcpy(p9_rx_req->rc.sdata, req->buf, req->actual); p9_rx_req->rc.size = req->actual; -- 2.43.0

2 weeks

3
4
0 0

[PATCH 1/2] Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io"

by Kuen-Han Tsai

This reverts commit ffd603f214237e250271162a5b325c6199a65382. Commit ffd603f21423 ("usb: gadget: u_serial: Add null pointer check in gs_start_io") adds null pointer checks at the beginning of the gs_start_io() function to prevent a null pointer dereference. However, these checks are redundant because the function's comment already requires callers to hold the port_lock and ensure port.tty and port_usb are not null. All existing callers already follow these rules. The true cause of the null pointer dereference is a race condition. When gs_start_io() calls either gs_start_rx() or gs_start_tx(), the port_lock is temporarily released for usb_ep_queue(). This allows port.tty and port_usb to be cleared. Cc: stable(a)vger.kernel.org Fixes: ffd603f21423 ("usb: gadget: u_serial: Add null pointer check in gs_start_io") Signed-off-by: Kuen-Han Tsai <khtsai(a)google.com> --- drivers/usb/gadget/function/u_serial.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/drivers/usb/gadget/function/u_serial.c b/drivers/usb/gadget/function/u_serial.c index ab544f6824be..c043bdc30d8a 100644 --- a/drivers/usb/gadget/function/u_serial.c +++ b/drivers/usb/gadget/function/u_serial.c @@ -544,20 +544,16 @@ static int gs_alloc_requests(struct usb_ep *ep, struct list_head *head, static int gs_start_io(struct gs_port *port) { struct list_head *head = &port->read_pool; - struct usb_ep *ep; + struct usb_ep *ep = port->port_usb->out; int status; unsigned started; - if (!port->port_usb || !port->port.tty) - return -EIO; - /* Allocate RX and TX I/O buffers. We can't easily do this much * earlier (with GFP_KERNEL) because the requests are coupled to * endpoints, as are the packet sizes we'll be using. Different * configurations may use different endpoints with a given port; * and high speed vs full speed changes packet sizes too. */ - ep = port->port_usb->out; status = gs_alloc_requests(ep, head, gs_read_complete, &port->read_allocated); if (status) -- 2.50.0.rc2.692.g299adb8693-goog

2 weeks

2
5
0 0

[PATCH] drm/etnaviv: Protect the scheduler's pending list with its lock

by Maíra Canal

Commit 704d3d60fec4 ("drm/etnaviv: don't block scheduler when GPU is still active") ensured that active jobs are returned to the pending list when extending the timeout. However, it didn't use the pending list's lock to manipulate the list, which causes a race condition as the scheduler's workqueues are running. Hold the lock while manipulating the scheduler's pending list to prevent a race. Cc: stable(a)vger.kernel.org Fixes: 704d3d60fec4 ("drm/etnaviv: don't block scheduler when GPU is still active") Signed-off-by: Maíra Canal <mcanal(a)igalia.com> --- Hi, I'm proposing this workaround patch to address the race-condition caused by manipulating the pending list without using its lock. Although I understand this isn't a complete solution (see [1]), it's not reasonable to backport the new DRM stat series [2] to the stable branches. Therefore, I believe the best solution is backporting this fix to the stable branches, which will fix the race and will keep adding the job back to the pending list (which will avoid most memory leaks). [1] https://lore.kernel.org/dri-devel/bcc0ed477f8a6f3bb06665b1756bcb98fb7af871.… [2] https://lore.kernel.org/dri-devel/20250530-sched-skip-reset-v2-0-c40a8d2d8d… Best Regards, - Maíra --- drivers/gpu/drm/etnaviv/etnaviv_sched.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/etnaviv/etnaviv_sched.c b/drivers/gpu/drm/etnaviv/etnaviv_sched.c index 76a3a3e517d8..71e2e6b9d713 100644 --- a/drivers/gpu/drm/etnaviv/etnaviv_sched.c +++ b/drivers/gpu/drm/etnaviv/etnaviv_sched.c @@ -35,6 +35,7 @@ static enum drm_gpu_sched_stat etnaviv_sched_timedout_job(struct drm_sched_job *sched_job) { struct etnaviv_gem_submit *submit = to_etnaviv_submit(sched_job); + struct drm_gpu_scheduler *sched = sched_job->sched; struct etnaviv_gpu *gpu = submit->gpu; u32 dma_addr, primid = 0; int change; @@ -89,7 +90,9 @@ static enum drm_gpu_sched_stat etnaviv_sched_timedout_job(struct drm_sched_job return DRM_GPU_SCHED_STAT_NOMINAL; out_no_timeout: - list_add(&sched_job->list, &sched_job->sched->pending_list); + spin_lock(&sched->job_list_lock); + list_add(&sched_job->list, &sched->pending_list); + spin_unlock(&sched->job_list_lock); return DRM_GPU_SCHED_STAT_NOMINAL; } -- 2.49.0

2 weeks

3
3
0 0

+ maple_tree-fix-ma_state_prealloc-flag-in-mas_preallocate.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() has been added to the -mm mm-hotfixes-unstable branch. Its filename is maple_tree-fix-ma_state_prealloc-flag-in-mas_preallocate.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: "Liam R. Howlett" <Liam.Howlett(a)oracle.com> Subject: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Date: Mon, 16 Jun 2025 14:45:20 -0400 Temporarily clear the preallocation flag when explicitly requesting allocations. Pre-existing allocations are already counted against the request through mas_node_count_gfp(), but the allocations will not happen if the MA_STATE_PREALLOC flag is set. This flag is meant to avoid re-allocating in bulk allocation mode, and to detect issues with preallocation calculations. The MA_STATE_PREALLOC flag should also always be set on zero allocations so that detection of underflow allocations will print a WARN_ON() during consumption. User visible effect of this flaw is a WARN_ON() followed by a null pointer dereference when subsequent requests for larger number of nodes is ignored, such as the vma merge retry in mmap_region() caused by drivers altering the vma flags (which happens in v6.6, at least) Link: https://lkml.kernel.org/r/20250616184521.3382795-3-Liam.Howlett@oracle.com Fixes: 54a611b605901 ("Maple Tree: add new data structure") Signed-off-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Reported-by: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> Reported-by: Hailong Liu <hailong.liu(a)oppo.com> Link: https://lore.kernel.org/all/1652f7eb-a51b-4fee-8058-c73af63bacd1@oppo.com/ Link: https://lore.kernel.org/all/20250428184058.1416274-1-Liam.Howlett@oracle.co… Link: https://lore.kernel.org/all/20250429014754.1479118-1-Liam.Howlett@oracle.co… Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Hailong Liu <hailong.liu(a)oppo.com> Cc: zhangpeng.00(a)bytedance.com <zhangpeng.00(a)bytedance.com> Cc: Steve Kang <Steve.Kang(a)unisoc.com> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: Sidhartha Kumar <sidhartha.kumar(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- lib/maple_tree.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/lib/maple_tree.c~maple_tree-fix-ma_state_prealloc-flag-in-mas_preallocate +++ a/lib/maple_tree.c @@ -5527,8 +5527,9 @@ int mas_preallocate(struct ma_state *mas mas->store_type = mas_wr_store_type(&wr_mas); request = mas_prealloc_calc(&wr_mas, entry); if (!request) - return ret; + goto set_flag; + mas->mas_flags &= ~MA_STATE_PREALLOC; mas_node_count_gfp(mas, request, gfp); if (mas_is_err(mas)) { mas_set_alloc_req(mas, 0); @@ -5538,6 +5539,7 @@ int mas_preallocate(struct ma_state *mas return ret; } +set_flag: mas->mas_flags |= MA_STATE_PREALLOC; return ret; } _ Patches currently in -mm which might be from Liam.Howlett(a)oracle.com are maple_tree-fix-ma_state_prealloc-flag-in-mas_preallocate.patch testing-raix-tree-maple-increase-readers-and-reduce-delay-for-faster-machines.patch

2 weeks

1
0
0 0

[PATCH] drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()`

by Maíra Canal

The following kernel Oops was recently reported by Mesa CI: [ 800.139824] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000588 [ 800.148619] Mem abort info: [ 800.151402] ESR = 0x0000000096000005 [ 800.155141] EC = 0x25: DABT (current EL), IL = 32 bits [ 800.160444] SET = 0, FnV = 0 [ 800.163488] EA = 0, S1PTW = 0 [ 800.166619] FSC = 0x05: level 1 translation fault [ 800.171487] Data abort info: [ 800.174357] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 800.179832] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 800.184873] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 800.190176] user pgtable: 4k pages, 39-bit VAs, pgdp=00000001014c2000 [ 800.196607] [0000000000000588] pgd=0000000000000000, p4d=0000000000000000, pud=0000000000000000 [ 800.205305] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP [ 800.211564] Modules linked in: vc4 snd_soc_hdmi_codec drm_display_helper v3d cec gpu_sched drm_dma_helper drm_shmem_helper drm_kms_helper drm drm_panel_orientation_quirks snd_soc_core snd_compress snd_pcm_dmaengine snd_pcm i2c_brcmstb snd_timer snd backlight [ 800.234448] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.25+rpt-rpi-v8 #1 Debian 1:6.12.25-1+rpt1 [ 800.244182] Hardware name: Raspberry Pi 4 Model B Rev 1.4 (DT) [ 800.250005] pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 800.256959] pc : v3d_job_update_stats+0x60/0x130 [v3d] [ 800.262112] lr : v3d_job_update_stats+0x48/0x130 [v3d] [ 800.267251] sp : ffffffc080003e60 [ 800.270555] x29: ffffffc080003e60 x28: ffffffd842784980 x27: 0224012000000000 [ 800.277687] x26: ffffffd84277f630 x25: ffffff81012fd800 x24: 0000000000000020 [ 800.284818] x23: ffffff8040238b08 x22: 0000000000000570 x21: 0000000000000158 [ 800.291948] x20: 0000000000000000 x19: ffffff8040238000 x18: 0000000000000000 [ 800.299078] x17: ffffffa8c1bd2000 x16: ffffffc080000000 x15: 0000000000000000 [ 800.306208] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 [ 800.313338] x11: 0000000000000040 x10: 0000000000001a40 x9 : ffffffd83b39757c [ 800.320468] x8 : ffffffd842786420 x7 : 7fffffffffffffff x6 : 0000000000ef32b0 [ 800.327598] x5 : 00ffffffffffffff x4 : 0000000000000015 x3 : ffffffd842784980 [ 800.334728] x2 : 0000000000000004 x1 : 0000000000010002 x0 : 000000ba4c0ca382 [ 800.341859] Call trace: [ 800.344294] v3d_job_update_stats+0x60/0x130 [v3d] [ 800.349086] v3d_irq+0x124/0x2e0 [v3d] [ 800.352835] __handle_irq_event_percpu+0x58/0x218 [ 800.357539] handle_irq_event+0x54/0xb8 [ 800.361369] handle_fasteoi_irq+0xac/0x240 [ 800.365458] handle_irq_desc+0x48/0x68 [ 800.369200] generic_handle_domain_irq+0x24/0x38 [ 800.373810] gic_handle_irq+0x48/0xd8 [ 800.377464] call_on_irq_stack+0x24/0x58 [ 800.381379] do_interrupt_handler+0x88/0x98 [ 800.385554] el1_interrupt+0x34/0x68 [ 800.389123] el1h_64_irq_handler+0x18/0x28 [ 800.393211] el1h_64_irq+0x64/0x68 [ 800.396603] default_idle_call+0x3c/0x168 [ 800.400606] do_idle+0x1fc/0x230 [ 800.403827] cpu_startup_entry+0x40/0x50 [ 800.407742] rest_init+0xe4/0xf0 [ 800.410962] start_kernel+0x5e8/0x790 [ 800.414616] __primary_switched+0x80/0x90 [ 800.418622] Code: 8b170277 8b160296 11000421 b9000861 (b9401ac1) [ 800.424707] ---[ end trace 0000000000000000 ]--- [ 800.457313] ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]--- This issue happens when the file descriptor is closed before the jobs submitted by it are completed. When the job completes, we update the global GPU stats and the per-fd GPU stats, which are exposed through fdinfo. If the file descriptor was closed, then the struct `v3d_file_priv` and its stats were already freed and we can't update the per-fd stats. Therefore, if the file descriptor was already closed, don't update the per-fd GPU stats, only update the global ones. Cc: stable(a)vger.kernel.org # v6.12+ Signed-off-by: Maíra Canal <mcanal(a)igalia.com> --- drivers/gpu/drm/v3d/v3d_sched.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/v3d/v3d_sched.c b/drivers/gpu/drm/v3d/v3d_sched.c index 466d28ceee28..5ed676304964 100644 --- a/drivers/gpu/drm/v3d/v3d_sched.c +++ b/drivers/gpu/drm/v3d/v3d_sched.c @@ -199,7 +199,6 @@ v3d_job_update_stats(struct v3d_job *job, enum v3d_queue queue) struct v3d_dev *v3d = job->v3d; struct v3d_file_priv *file = job->file->driver_priv; struct v3d_stats *global_stats = &v3d->queue[queue].stats; - struct v3d_stats *local_stats = &file->stats[queue]; u64 now = local_clock(); unsigned long flags; @@ -209,7 +208,12 @@ v3d_job_update_stats(struct v3d_job *job, enum v3d_queue queue) else preempt_disable(); - v3d_stats_update(local_stats, now); + /* Don't update the local stats if the file context has already closed */ + if (file) + v3d_stats_update(&file->stats[queue], now); + else + drm_dbg(&v3d->drm, "The file descriptor was closed before job completion\n"); + v3d_stats_update(global_stats, now); if (IS_ENABLED(CONFIG_LOCKDEP)) -- 2.49.0

2 weeks

2
2
0 0

[PATCH 2/2] dmaengine: qcom_hidma: fix handoff FIFO memory leak on driver removal

by Qasim Ijaz

hidma_ll_init() allocates a handoff FIFO, but the matching hidma_ll_uninit() function (which is invoked in remove()) never releases it, leaking memory. To fix this call kfifo_free in hidma_ll_uninit(). Fixes: d1615ca2e085 ("dmaengine: qcom_hidma: implement lower level hardware interface") Cc: stable(a)vger.kernel.org Signed-off-by: Qasim Ijaz <qasdev00(a)gmail.com> --- drivers/dma/qcom/hidma_ll.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/dma/qcom/hidma_ll.c b/drivers/dma/qcom/hidma_ll.c index fee448499777..0c2bae46746c 100644 --- a/drivers/dma/qcom/hidma_ll.c +++ b/drivers/dma/qcom/hidma_ll.c @@ -816,6 +816,7 @@ int hidma_ll_uninit(struct hidma_lldev *lldev) required_bytes = sizeof(struct hidma_tre) * lldev->nr_tres; tasklet_kill(&lldev->task); + kfifo_free(&lldev->handoff_fifo); memset(lldev->trepool, 0, required_bytes); lldev->trepool = NULL; atomic_set(&lldev->pending_tre_count, 0); -- 2.39.5

2 weeks

3
4
0 0

[PATCH v3] crypto: ccp: Fix SNP panic notifier unregistration

by Ashish Kalra

From: Ashish Kalra <ashish.kalra(a)amd.com> Panic notifiers are invoked with RCU read lock held and when the SNP panic notifier tries to unregister itself from the panic notifier callback itself it causes a deadlock as notifier unregistration does RCU synchronization. Code flow for SNP panic notifier: snp_shutdown_on_panic() -> __sev_firmware_shutdown() -> __sev_snp_shutdown_locked() -> atomic_notifier_chain_unregister(.., &snp_panic_notifier) Fix SNP panic notifier to unregister itself during SNP shutdown only if panic is not in progress. Reviewed-by: Tom Lendacky <thomas.lendacky(a)amd.com> Fixes: 19860c3274fb ("crypto: ccp - Register SNP panic notifier only if SNP is enabled") Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com> --- drivers/crypto/ccp/sev-dev.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 8fb94c5f006a..17edc6bf5622 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1787,8 +1787,14 @@ static int __sev_snp_shutdown_locked(int *error, bool panic) sev->snp_initialized = false; dev_dbg(sev->dev, "SEV-SNP firmware shutdown\n"); - atomic_notifier_chain_unregister(&panic_notifier_list, - &snp_panic_notifier); + /* + * __sev_snp_shutdown_locked() deadlocks when it tries to unregister + * itself during panic as the panic notifier is called with RCU read + * lock held and notifier unregistration does RCU synchronization. + */ + if (!panic) + atomic_notifier_chain_unregister(&panic_notifier_list, + &snp_panic_notifier); /* Reset TMR size back to default */ sev_es_tmr_size = SEV_TMR_SIZE; -- 2.34.1

2 weeks

2
1
0 0

[PATCH v4 4/5] scsi: fnic: Turn off FDMI ACTIVE flags on link down

by Karan Tilak Kumar

When the link goes down and comes up, FDMI requests are not sent out anymore. Fix bug by turning off FNIC_FDMI_ACTIVE when the link goes down. Fixes: 09c1e6ab4ab2 ("scsi: fnic: Add and integrate support for FDMI") Reviewed-by: Sesidhar Baddela <sebaddel(a)cisco.com> Reviewed-by: Arulprabhu Ponnusamy <arulponn(a)cisco.com> Reviewed-by: Gian Carlo Boffa <gcboffa(a)cisco.com> Reviewed-by: Arun Easi <aeasi(a)cisco.com> Tested-by: Karan Tilak Kumar <kartilak(a)cisco.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Karan Tilak Kumar <kartilak(a)cisco.com> --- Changes between v3 and v4: - Incorporate review comments from Dan: - Remove comments from Cc tag Changes between v2 and v3: - Incorporate review comments from Dan: - Add Cc to stable Changes between v1 and v2: - Incorporate review comments from Dan: - Add Fixes tag --- drivers/scsi/fnic/fdls_disc.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/drivers/scsi/fnic/fdls_disc.c b/drivers/scsi/fnic/fdls_disc.c index 9e9939d41fa8..14691db4d5f9 100644 --- a/drivers/scsi/fnic/fdls_disc.c +++ b/drivers/scsi/fnic/fdls_disc.c @@ -5078,9 +5078,12 @@ void fnic_fdls_link_down(struct fnic_iport_s *iport) fdls_delete_tport(iport, tport); } - if ((fnic_fdmi_support == 1) && (iport->fabric.fdmi_pending > 0)) { - timer_delete_sync(&iport->fabric.fdmi_timer); - iport->fabric.fdmi_pending = 0; + if (fnic_fdmi_support == 1) { + if (iport->fabric.fdmi_pending > 0) { + timer_delete_sync(&iport->fabric.fdmi_timer); + iport->fabric.fdmi_pending = 0; + } + iport->flags &= ~FNIC_FDMI_ACTIVE; } FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, -- 2.47.1

2 weeks

3
4
0 0

[PATCH v5 1/4] scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out

by Karan Tilak Kumar

When both the RHBA and RPA FDMI requests time out, fnic reuses a frame to send ABTS for each of them. On send completion, this causes an attempt to free the same frame twice that leads to a crash. Fix crash by allocating separate frames for RHBA and RPA, and modify ABTS logic accordingly. Tested by checking MDS for FDMI information. Tested by using instrumented driver to: Drop PLOGI response Drop RHBA response Drop RPA response Drop RHBA and RPA response Drop PLOGI response + ABTS response Drop RHBA response + ABTS response Drop RPA response + ABTS response Drop RHBA and RPA response + ABTS response for both of them Fixes: 09c1e6ab4ab2 ("scsi: fnic: Add and integrate support for FDMI") Reviewed-by: Sesidhar Baddela <sebaddel(a)cisco.com> Reviewed-by: Arulprabhu Ponnusamy <arulponn(a)cisco.com> Reviewed-by: Gian Carlo Boffa <gcboffa(a)cisco.com> Tested-by: Arun Easi <aeasi(a)cisco.com> Co-developed-by: Arun Easi <aeasi(a)cisco.com> Signed-off-by: Arun Easi <aeasi(a)cisco.com> Tested-by: Karan Tilak Kumar <kartilak(a)cisco.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Karan Tilak Kumar <kartilak(a)cisco.com> --- Changes between v4 and v5: - Incorporate review comments from John: - Refactor patches Changes between v3 and v4: - Incorporate review comments from Dan: - Remove comments from Cc tag Changes between v2 and v3: - Incorporate review comments from Dan: - Add Cc to stable Changes between v1 and v2: - Incorporate review comments from Dan: - Add Fixes tag --- drivers/scsi/fnic/fdls_disc.c | 113 +++++++++++++++++++++++++--------- drivers/scsi/fnic/fnic.h | 2 +- drivers/scsi/fnic/fnic_fdls.h | 1 + 3 files changed, 87 insertions(+), 29 deletions(-) diff --git a/drivers/scsi/fnic/fdls_disc.c b/drivers/scsi/fnic/fdls_disc.c index c2b6f4eb338e..0ee1b74967b9 100644 --- a/drivers/scsi/fnic/fdls_disc.c +++ b/drivers/scsi/fnic/fdls_disc.c @@ -763,47 +763,69 @@ static void fdls_send_fabric_abts(struct fnic_iport_s *iport) iport->fabric.timer_pending = 1; } -static void fdls_send_fdmi_abts(struct fnic_iport_s *iport) +static uint8_t *fdls_alloc_init_fdmi_abts_frame(struct fnic_iport_s *iport, + uint16_t oxid) { - uint8_t *frame; + struct fc_frame_header *pfdmi_abts; uint8_t d_id[3]; + uint8_t *frame; struct fnic *fnic = iport->fnic; - struct fc_frame_header *pfabric_abts; - unsigned long fdmi_tov; - uint16_t oxid; - uint16_t frame_size = FNIC_ETH_FCOE_HDRS_OFFSET + - sizeof(struct fc_frame_header); frame = fdls_alloc_frame(iport); if (frame == NULL) { FNIC_FCS_DBG(KERN_ERR, fnic->host, fnic->fnic_num, "Failed to allocate frame to send FDMI ABTS"); - return; + return NULL; } - pfabric_abts = (struct fc_frame_header *) (frame + FNIC_ETH_FCOE_HDRS_OFFSET); + pfdmi_abts = (struct fc_frame_header *) (frame + FNIC_ETH_FCOE_HDRS_OFFSET); fdls_init_fabric_abts_frame(frame, iport); hton24(d_id, FC_FID_MGMT_SERV); - FNIC_STD_SET_D_ID(*pfabric_abts, d_id); + FNIC_STD_SET_D_ID(*pfdmi_abts, d_id); + FNIC_STD_SET_OX_ID(*pfdmi_abts, oxid); + + return frame; +} + +static void fdls_send_fdmi_abts(struct fnic_iport_s *iport) +{ + uint8_t *frame; + unsigned long fdmi_tov; + uint16_t frame_size = FNIC_ETH_FCOE_HDRS_OFFSET + + sizeof(struct fc_frame_header); if (iport->fabric.fdmi_pending & FDLS_FDMI_PLOGI_PENDING) { - oxid = iport->active_oxid_fdmi_plogi; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_plogi); + if (frame == NULL) + return; + fnic_send_fcoe_frame(iport, frame, frame_size); } else { if (iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING) { - oxid = iport->active_oxid_fdmi_rhba; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_rhba); + if (frame == NULL) + return; + fnic_send_fcoe_frame(iport, frame, frame_size); } if (iport->fabric.fdmi_pending & FDLS_FDMI_RPA_PENDING) { - oxid = iport->active_oxid_fdmi_rpa; - FNIC_STD_SET_OX_ID(*pfabric_abts, oxid); + frame = fdls_alloc_init_fdmi_abts_frame(iport, + iport->active_oxid_fdmi_rpa); + if (frame == NULL) { + if (iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING) + goto arm_timer; + else + return; + } + fnic_send_fcoe_frame(iport, frame, frame_size); } } +arm_timer: fdmi_tov = jiffies + msecs_to_jiffies(2 * iport->e_d_tov); mod_timer(&iport->fabric.fdmi_timer, round_jiffies(fdmi_tov)); iport->fabric.fdmi_pending |= FDLS_FDMI_ABORT_PENDING; @@ -2244,6 +2266,21 @@ void fdls_fabric_timer_callback(struct timer_list *t) spin_unlock_irqrestore(&fnic->fnic_lock, flags); } +void fdls_fdmi_retry_plogi(struct fnic_iport_s *iport) +{ + struct fnic *fnic = iport->fnic; + + iport->fabric.fdmi_pending = 0; + /* If max retries not exhausted, start over from fdmi plogi */ + if (iport->fabric.fdmi_retry < FDLS_FDMI_MAX_RETRY) { + iport->fabric.fdmi_retry++; + FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, + "Retry FDMI PLOGI. FDMI retry: %d", + iport->fabric.fdmi_retry); + fdls_send_fdmi_plogi(iport); + } +} + void fdls_fdmi_timer_callback(struct timer_list *t) { struct fnic_fdls_fabric_s *fabric = from_timer(fabric, t, fdmi_timer); @@ -2289,14 +2326,7 @@ void fdls_fdmi_timer_callback(struct timer_list *t) FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, "fdmi timer callback : 0x%x\n", iport->fabric.fdmi_pending); - iport->fabric.fdmi_pending = 0; - /* If max retries not exhaused, start over from fdmi plogi */ - if (iport->fabric.fdmi_retry < FDLS_FDMI_MAX_RETRY) { - iport->fabric.fdmi_retry++; - FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, - "retry fdmi timer %d", iport->fabric.fdmi_retry); - fdls_send_fdmi_plogi(iport); - } + fdls_fdmi_retry_plogi(iport); FNIC_FCS_DBG(KERN_INFO, fnic->host, fnic->fnic_num, "fdmi timer callback : 0x%x\n", iport->fabric.fdmi_pending); spin_unlock_irqrestore(&fnic->fnic_lock, flags); @@ -3714,11 +3744,32 @@ static void fdls_process_fdmi_abts_rsp(struct fnic_iport_s *iport, switch (FNIC_FRAME_TYPE(oxid)) { case FNIC_FRAME_TYPE_FDMI_PLOGI: fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_plogi); + + iport->fabric.fdmi_pending &= ~FDLS_FDMI_PLOGI_PENDING; + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; break; case FNIC_FRAME_TYPE_FDMI_RHBA: + iport->fabric.fdmi_pending &= ~FDLS_FDMI_REG_HBA_PENDING; + + /* If RPA is still pending, don't turn off ABORT PENDING. + * We count on the timer to detect the ABTS timeout and take + * corrective action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_RPA_PENDING)) + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; + fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_rhba); break; case FNIC_FRAME_TYPE_FDMI_RPA: + iport->fabric.fdmi_pending &= ~FDLS_FDMI_RPA_PENDING; + + /* If RHBA is still pending, don't turn off ABORT PENDING. + * We count on the timer to detect the ABTS timeout and take + * corrective action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_REG_HBA_PENDING)) + iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; + fdls_free_oxid(iport, oxid, &iport->active_oxid_fdmi_rpa); break; default: @@ -3728,10 +3779,16 @@ static void fdls_process_fdmi_abts_rsp(struct fnic_iport_s *iport, break; } - timer_delete_sync(&iport->fabric.fdmi_timer); - iport->fabric.fdmi_pending &= ~FDLS_FDMI_ABORT_PENDING; - - fdls_send_fdmi_plogi(iport); + /* + * Only if ABORT PENDING is off, delete the timer, and if no other + * operations are pending, retry FDMI. + * Otherwise, let the timer pop and take the appropriate action. + */ + if (!(iport->fabric.fdmi_pending & FDLS_FDMI_ABORT_PENDING)) { + timer_delete_sync(&iport->fabric.fdmi_timer); + if (!iport->fabric.fdmi_pending) + fdls_fdmi_retry_plogi(iport); + } } static void diff --git a/drivers/scsi/fnic/fnic.h b/drivers/scsi/fnic/fnic.h index 6c5f6046b1f5..86e293ce530d 100644 --- a/drivers/scsi/fnic/fnic.h +++ b/drivers/scsi/fnic/fnic.h @@ -30,7 +30,7 @@ #define DRV_NAME "fnic" #define DRV_DESCRIPTION "Cisco FCoE HBA Driver" -#define DRV_VERSION "1.8.0.0" +#define DRV_VERSION "1.8.0.1" #define PFX DRV_NAME ": " #define DFX DRV_NAME "%d: " diff --git a/drivers/scsi/fnic/fnic_fdls.h b/drivers/scsi/fnic/fnic_fdls.h index 8e610b65ad57..531d0b37e450 100644 --- a/drivers/scsi/fnic/fnic_fdls.h +++ b/drivers/scsi/fnic/fnic_fdls.h @@ -394,6 +394,7 @@ void fdls_send_tport_abts(struct fnic_iport_s *iport, bool fdls_delete_tport(struct fnic_iport_s *iport, struct fnic_tport_s *tport); void fdls_fdmi_timer_callback(struct timer_list *t); +void fdls_fdmi_retry_plogi(struct fnic_iport_s *iport); /* fnic_fcs.c */ void fnic_fdls_init(struct fnic *fnic, int usefip); -- 2.47.1

2 weeks

1
1
0 0

Design Automation Conference 2025 Updated Attendee's List!

by Delilah Murray

Hi, We’re pleased to offer you exclusive access to the “Design Automation Conference 2025” Visitor Contact List—a powerful resource to connect directly with key industry professionals. Event Recap:- Date: 22 - 25 Jun 2025 Location: San Francisco, USA Registrants Counts: 6,286 Visitors Contacts Data Fields Available: Individual Email Address, Cell Phone Number, Contact Name, Job Title, Company Name, Website, Physical Address, LinkedIn Profile, and more. This list gives you a direct line to your ideal audience—no gatekeepers, no guesswork. Want pricing or a sample? Just reply: “Send me pricing” or “Sample please.” Best regards, Delilah Murray Sr. Marketing Manager Prefer not to receive these emails? Just reply “NOT INTERESTED”.

2 weeks

1
0
0 0

[PATCH 6.1] Mm/uffd: fix vma operation where start addr cuts part of vma

by Jakub Acs

commit 270aa010620697fb27b8f892cc4e194bc2b7d134 upstream. Patch series "mm/uffd: Fix vma merge/split", v2. This series contains two patches that fix vma merge/split for userfaultfd on two separate issues. Patch 1 fixes a regression since 6.1+ due to something we overlooked when converting to maple tree apis. The plan is we use patch 1 to replace the commit "2f628010799e (mm: userfaultfd: avoid passing an invalid range to vma_merge())" in mm-hostfixes-unstable tree if possible, so as to bring uffd vma operations back aligned with the rest code again. Patch 2 fixes a long standing issue that vma can be left unmerged even if we can for either uffd register or unregister. Many thanks to Lorenzo on either noticing this issue from the assert movement patch, looking at this problem, and also provided a reproducer on the unmerged vma issue [1]. [1] https://gist.github.com/lorenzo-stoakes/a11a10f5f479e7a977fc456331266e0e This patch (of 2): It seems vma merging with uffd paths is broken with either register/unregister, where right now we can feed wrong parameters to vma_merge() and it's found by recent patch which moved asserts upwards in vma_merge() by Lorenzo Stoakes: https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/ It's possible that "start" is contained within vma but not clamped to its start. We need to convert this into either "cannot merge" case or "can merge" case 4 which permits subdivision of prev by assigning vma to prev. As we loop, each subsequent VMA will be clamped to the start. This patch will eliminate the report and make sure vma_merge() calls will become legal again. One thing to mention is that the "Fixes: 29417d292bd0" below is there only to help explain where the warning can start to trigger, the real commit to fix should be 69dbe6daf104. Commit 29417d292bd0 helps us to identify the issue, but unfortunately we may want to keep it in Fixes too just to ease kernel backporters for easier tracking. Link: https://lkml.kernel.org/r/20230517190916.3429499-1-peterx@redhat.com Link: https://lkml.kernel.org/r/20230517190916.3429499-2-peterx@redhat.com Fixes: 69dbe6daf104 ("userfaultfd: use maple tree iterator to iterate VMAs") Signed-off-by: Peter Xu <peterx(a)redhat.com> Reported-by: Mark Rutland <mark.rutland(a)arm.com> Reviewed-by: Lorenzo Stoakes <lstoakes(a)gmail.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Closes: https://lore.kernel.org/all/ZFunF7DmMdK05MoF@FVFF77S0Q05N.cambridge.arm.com/ Cc: Lorenzo Stoakes <lstoakes(a)gmail.com> Cc: Mike Rapoport (IBM) <rppt(a)kernel.org> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> Signed-off-by: Jakub Acs <acsjakub(a)amazon.com> [acsjakub: contextual change - keep call to mas_next()] Cc: linux-mm(a)kvack.org --- This backport fixes a security issue - dangling pointer to a VMA in maple tree. Omitting details in this message to be brief, but happy to provide if requested. Since the envelope mentions series fixes 2 separate issues I hope the patch is acceptable on its own? fs/userfaultfd.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index 82101a2cf933..fcf96f52b2e9 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1426,6 +1426,9 @@ static int userfaultfd_register(struct userfaultfd_ctx *ctx, if (prev != vma) mas_next(&mas, ULONG_MAX); + if (vma->vm_start < start) + prev = vma; + ret = 0; do { cond_resched(); @@ -1603,6 +1606,9 @@ static int userfaultfd_unregister(struct userfaultfd_ctx *ctx, if (prev != vma) mas_next(&mas, ULONG_MAX); + if (vma->vm_start < start) + prev = vma; + ret = 0; do { cond_resched(); -- 2.47.1 Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

2 weeks

3
2
0 0

[PATCH v7 0/4] media: pisp-be: Split jobs creation and scheduling

by Jacopo Mondi

Currently the 'pispbe_schedule()' function does two things: 1) Tries to assemble a job by inspecting all the video node queues to make sure all the required buffers are available 2) Submit the job to the hardware The pispbe_schedule() function is called at: - video device start_streaming() time - video device qbuf() time - irq handler As assembling a job requires inspecting all queues, it is a rather time consuming operation which is better not run in IRQ context. To avoid executing the time consuming job creation in interrupt context, split the job creation and job scheduling in two distinct operations. When a well-formed job is created, append it to the newly introduced 'pispbe->job_queue' where it will be dequeued from by the scheduling routine. At start_streaming() and qbuf() time immediately try to schedule a job if one has been created as the irq handler routine is only called when a job has completed, and we can't solely rely on it for scheduling new jobs. Signed-off-by: Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> --- Changes in v7: - Rebased on media-committers/next - Fix lockdep warning by using the proper spinlock_irq() primitive in pispbe_prepare_job() which can race with the IRQ handler - Link to v6: https://lore.kernel.org/r/20240930-pispbe-mainline-split-jobs-handling-v6-v… v5->v6: - Make the driver depend on PM - Simplify the probe() routine by using pm_runtime_ - Remove suspend call from remove() v4->v5: - Use appropriate locking constructs: - spin_lock_irq() for pispbe_prepare_job() called from non irq context - spin_lock_irqsave() for pispbe_schedule() called from irq context - Remove hw_lock from ready_queue accesses in stop_streaming and start_streaming - Fix trivial indentation mistake in 4/4 v3->v4: - Expand commit message in 2/4 to explain why removing validation in schedule() is safe - Drop ready_lock spinlock - Use non _irqsave version of safe_guard(spinlock - Support !CONFIG_PM in 4/4 by calling the enable/disable routines directly and adjust pm_runtime usage as suggested by Laurent v2->v3: - Mark pispbe_runtime_resume() as __maybe_unused - Add fixes tags where appropriate v1->v2: - Add two patches to address Laurent's comments separately - use scoped_guard() when possible - Add patch to fix runtime_pm imbalance --- Jacopo Mondi (4): media: pisp_be: Drop reference to non-existing function media: pisp_be: Remove config validation from schedule() media: pisp_be: Split jobs creation and scheduling media: pisp_be: Fix pm_runtime underrun in probe drivers/media/platform/raspberrypi/pisp_be/Kconfig | 1 + .../media/platform/raspberrypi/pisp_be/pisp_be.c | 187 ++++++++++----------- 2 files changed, 90 insertions(+), 98 deletions(-) --- base-commit: 5e1ff2314797bf53636468a97719a8222deca9ae change-id: 20240930-pispbe-mainline-split-jobs-handling-v6-15dc16e11e3a Best regards, -- Jacopo Mondi <jacopo.mondi(a)ideasonboard.com>

2 weeks

2
2
0 0

[PATCH] net/9p: Fix buffer overflow in USB transport layer

by Yuhao Jiang

A buffer overflow vulnerability exists in the USB 9pfs transport layer where inconsistent size validation between packet header parsing and actual data copying allows a malicious USB host to overflow heap buffers. The issue occurs because: - usb9pfs_rx_header() validates only the declared size in packet header - usb9pfs_rx_complete() uses req->actual (actual received bytes) for memcpy This allows an attacker to craft packets with small declared size (bypassing validation) but large actual payload (triggering overflow in memcpy). Add validation in usb9pfs_rx_complete() to ensure req->actual does not exceed the buffer capacity before copying data. Reported-by: Yuhao Jiang <danisjiang(a)gmail.com> Fixes: a3be076dc174 ("net/9p/usbg: Add new usb gadget function transport") Cc: stable(a)vger.kernel.org Signed-off-by: Yuhao Jiang <danisjiang(a)gmail.com> --- net/9p/trans_usbg.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/net/9p/trans_usbg.c b/net/9p/trans_usbg.c index 6b694f117aef..047a2862fc84 100644 --- a/net/9p/trans_usbg.c +++ b/net/9p/trans_usbg.c @@ -242,6 +242,15 @@ static void usb9pfs_rx_complete(struct usb_ep *ep, struct usb_request *req) if (!p9_rx_req) return; + /* Validate actual received size against buffer capacity */ + if (req->actual > p9_rx_req->rc.capacity) { + dev_err(&cdev->gadget->dev, + "received data size %u exceeds buffer capacity %zu\n", + req->actual, p9_rx_req->rc.capacity); + p9_req_put(usb9pfs->client, p9_rx_req); + return; + } + memcpy(p9_rx_req->rc.sdata, req->buf, req->actual); p9_rx_req->rc.size = req->actual; -- 2.43.0

2 weeks

1
0
0 0

[PATCH v2 00/10] soc: aspeed: lpc-snoop: Miscellaneous fixes

by Andrew Jeffery

Henry's bug[1] and fix[2] prompted some further inspection by Jean. This series provides fixes for the remaining issues Jean identified, as well as reworking the channel paths to reduce cleanup required in error paths. It is based on v6.16-rc1. Lightly tested under qemu and on an AST2600 EVB. Further testing on platforms designed around the snoop device appreciated. [1]: https://bugzilla.kernel.org/show_bug.cgi?id=219934 [2]: https://lore.kernel.org/all/20250401074647.21300-1-bsdhenrymartin@gmail.com/ Signed-off-by: Andrew Jeffery <andrew(a)codeconstruct.com.au> --- Changes in v2: - Address comments on v1 from Jean - Implement channel indexing using enums to avoid unnecessary tests - Switch to devm_clk_get_enabled() - Use dev_err_probe() where possible - Link to v1: https://patch.msgid.link/20250411-aspeed-lpc-snoop-fixes-v1-0-64f522e3ad6f@… --- Andrew Jeffery (10): soc: aspeed: lpc-snoop: Cleanup resources in stack-order soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled soc: aspeed: lpc-snoop: Ensure model_data is valid soc: aspeed: lpc-snoop: Constrain parameters in channel paths soc: aspeed: lpc-snoop: Rename 'channel' to 'index' in channel paths soc: aspeed: lpc-snoop: Rearrange channel paths soc: aspeed: lpc-snoop: Switch to devm_clk_get_enabled() soc: aspeed: lpc-snoop: Use dev_err_probe() where possible soc: aspeed: lpc-snoop: Consolidate channel initialisation soc: aspeed: lpc-snoop: Lift channel config to const structs drivers/soc/aspeed/aspeed-lpc-snoop.c | 224 +++++++++++++++++----------------- 1 file changed, 110 insertions(+), 114 deletions(-) --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250401-aspeed-lpc-snoop-fixes-e5d2883da3a3 Best regards, -- Andrew Jeffery <andrew(a)codeconstruct.com.au>

2 weeks

1
2
0 0

[PATCH v2] zynq_fpga: use sgtable-based scatterlist wrappers

by Marek Szyprowski

Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of statterlists related calls. dma_unmap_sg() function has to be called with the number of elements originally passed to the dma_map_sg() function, not the one returned in sgtable's nents. CC: stable(a)vger.kernel.org Fixes: 425902f5c8e3 ("fpga zynq: Use the scatterlist interface") Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- v2: - fixed build break (missing flags parameter) --- drivers/fpga/zynq-fpga.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git drivers/fpga/zynq-fpga.c drivers/fpga/zynq-fpga.c index f7e08f7ea9ef..0be0d569589d 100644 --- drivers/fpga/zynq-fpga.c +++ drivers/fpga/zynq-fpga.c @@ -406,7 +406,7 @@ static int zynq_fpga_ops_write(struct fpga_manager *mgr, struct sg_table *sgt) } priv->dma_nelms = - dma_map_sg(mgr->dev.parent, sgt->sgl, sgt->nents, DMA_TO_DEVICE); + dma_map_sgtable(mgr->dev.parent, sgt, DMA_TO_DEVICE, 0); if (priv->dma_nelms == 0) { dev_err(&mgr->dev, "Unable to DMA map (TO_DEVICE)\n"); return -ENOMEM; @@ -478,7 +478,7 @@ static int zynq_fpga_ops_write(struct fpga_manager *mgr, struct sg_table *sgt) clk_disable(priv->clk); out_free: - dma_unmap_sg(mgr->dev.parent, sgt->sgl, sgt->nents, DMA_TO_DEVICE); + dma_unmap_sgtable(mgr->dev.parent, sgt, DMA_TO_DEVICE, 0); return err; } -- 2.34.1

2 weeks

1
0
0 0

Re: [PATCH] drm/i915/snps_hdmi_pll: Fix 64-bit divisor truncation by using div64_u64

by Jani Nikula

On Sun, 15 Jun 2025, "Nautiyal, Ankit K" <ankit.k.nautiyal(a)intel.com> wrote: > On 6/13/2025 3:06 PM, Jani Nikula wrote: >> On Fri, 13 Jun 2025, Ankit Nautiyal<ankit.k.nautiyal(a)intel.com> wrote: >>> *ana_cp_int = max(1, min(ana_cp_int_temp, 127)); >> Unrelated to this patch, but this should be: >> >> *ana_cp_int = clamp(ana_cp_int_temp, 1, 127); >> >> There's a similar issue with ana_cp_prop also in the file. >> > Agreed. Should there be a separate patch for this? Yes. That's why I emphasized "unrelated to this patch". ;) BR, Jani. -- Jani Nikula, Intel

2 weeks

1
0
0 0

[PATCH] fpga: zynq-fpga: use sgtable-based scatterlist wrappers

by Marek Szyprowski

Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of statterlists related calls. dma_unmap_sg() function has to be called with the number of elements originally passed to the dma_map_sg() function, not the one returned in sgtable's nents. CC: stable(a)vger.kernel.org Fixes: 425902f5c8e3 ("fpga zynq: Use the scatterlist interface") Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- drivers/fpga/zynq-fpga.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/fpga/zynq-fpga.c b/drivers/fpga/zynq-fpga.c index f7e08f7ea9ef..9bd39d1d4048 100644 --- a/drivers/fpga/zynq-fpga.c +++ b/drivers/fpga/zynq-fpga.c @@ -406,7 +406,7 @@ static int zynq_fpga_ops_write(struct fpga_manager *mgr, struct sg_table *sgt) } priv->dma_nelms = - dma_map_sg(mgr->dev.parent, sgt->sgl, sgt->nents, DMA_TO_DEVICE); + dma_map_sgtable(mgr->dev.parent, sgt, DMA_TO_DEVICE); if (priv->dma_nelms == 0) { dev_err(&mgr->dev, "Unable to DMA map (TO_DEVICE)\n"); return -ENOMEM; @@ -478,7 +478,7 @@ static int zynq_fpga_ops_write(struct fpga_manager *mgr, struct sg_table *sgt) clk_disable(priv->clk); out_free: - dma_unmap_sg(mgr->dev.parent, sgt->sgl, sgt->nents, DMA_TO_DEVICE); + dma_unmap_sgtable(mgr->dev.parent, sgt, DMA_TO_DEVICE); return err; } -- 2.34.1

2 weeks

3
3
0 0

[PATCH] wifi: mt76: mt7925: fix incorrect scan probe IE handling for hw_scan

by Mingyen Hsieh

From: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> The IEs should be processed and filled into the command tlv separately according to each band. Cc: stable(a)vger.kernel.org Fixes: c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips") Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> --- .../net/wireless/mediatek/mt76/mt7925/main.c | 2 +- .../net/wireless/mediatek/mt76/mt7925/mcu.c | 75 +++++++++++++++---- .../net/wireless/mediatek/mt76/mt7925/mcu.h | 5 +- 3 files changed, 63 insertions(+), 19 deletions(-) diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/main.c b/drivers/net/wireless/mediatek/mt76/mt7925/main.c index 555ef302ae97..506387b4ce13 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/main.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/main.c @@ -1540,7 +1540,7 @@ mt7925_start_sched_scan(struct ieee80211_hw *hw, struct ieee80211_vif *vif, mt792x_mutex_acquire(dev); - err = mt7925_mcu_sched_scan_req(mphy, vif, req); + err = mt7925_mcu_sched_scan_req(mphy, vif, req, ies); if (err < 0) goto out; diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c index ef1d42af96f7..9993d47e643c 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.c @@ -192,6 +192,7 @@ mt7925_connac_mcu_set_wow_ctrl(struct mt76_phy *phy, struct ieee80211_vif *vif, bool suspend, struct cfg80211_wowlan *wowlan) { struct mt76_vif_link *mvif = (struct mt76_vif_link *)vif->drv_priv; + struct ieee80211_scan_ies ies = {}; struct mt76_dev *dev = phy->dev; struct { struct { @@ -227,7 +228,7 @@ mt7925_connac_mcu_set_wow_ctrl(struct mt76_phy *phy, struct ieee80211_vif *vif, req.wow_ctrl_tlv.trigger |= (UNI_WOW_DETECT_TYPE_DISCONNECT | UNI_WOW_DETECT_TYPE_BCN_LOST); if (wowlan->nd_config) { - mt7925_mcu_sched_scan_req(phy, vif, wowlan->nd_config); + mt7925_mcu_sched_scan_req(phy, vif, wowlan->nd_config, &ies); req.wow_ctrl_tlv.trigger |= UNI_WOW_DETECT_TYPE_SCH_SCAN_HIT; mt7925_mcu_sched_scan_enable(phy, vif, suspend); } @@ -3085,6 +3086,54 @@ int mt7925_mcu_set_dbdc(struct mt76_phy *phy, bool enable) return err; } +static void +mt7925_mcu_build_scan_ie_tlv(struct mt76_dev *mdev, + struct sk_buff *skb, + struct ieee80211_scan_ies *scan_ies) +{ + u32 max_len = sizeof(struct scan_ie_tlv) + MT76_CONNAC_SCAN_IE_LEN; + struct scan_ie_tlv *ie; + enum nl80211_band i; + struct tlv *tlv; + const u8 *ies; + u16 ies_len; + + for (i = 0; i <= NL80211_BAND_6GHZ; i++) { + if (i == NL80211_BAND_60GHZ) + continue; + + ies = scan_ies->ies[i]; + ies_len = scan_ies->len[i]; + + if (!ies || !ies_len) + continue; + + if (ies_len > max_len) + return; + + tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_IE, + sizeof(*ie) + ies_len); + ie = (struct scan_ie_tlv *)tlv; + + memcpy(ie->ies, ies, ies_len); + ie->ies_len = cpu_to_le16(ies_len); + + switch (i) { + case NL80211_BAND_2GHZ: + ie->band = 1; + break; + case NL80211_BAND_6GHZ: + ie->band = 3; + break; + default: + ie->band = 2; + break; + } + + max_len -= (sizeof(*ie) + ies_len); + } +} + int mt7925_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif, struct ieee80211_scan_request *scan_req) { @@ -3110,7 +3159,8 @@ int mt7925_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif, max_len = sizeof(*hdr) + sizeof(*req) + sizeof(*ssid) + sizeof(*bssid) * MT7925_RNR_SCAN_MAX_BSSIDS + - sizeof(*chan_info) + sizeof(*misc) + sizeof(*ie); + sizeof(*chan_info) + sizeof(*misc) + sizeof(*ie) + + MT76_CONNAC_SCAN_IE_LEN; skb = mt76_mcu_msg_alloc(mdev, NULL, max_len); if (!skb) @@ -3192,13 +3242,6 @@ int mt7925_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif, } chan_info->channel_type = sreq->n_channels ? 4 : 0; - tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_IE, sizeof(*ie)); - ie = (struct scan_ie_tlv *)tlv; - if (sreq->ie_len > 0) { - memcpy(ie->ies, sreq->ie, sreq->ie_len); - ie->ies_len = cpu_to_le16(sreq->ie_len); - } - req->scan_func |= SCAN_FUNC_SPLIT_SCAN; tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_MISC, sizeof(*misc)); @@ -3209,6 +3252,9 @@ int mt7925_mcu_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif, req->scan_func |= SCAN_FUNC_RANDOM_MAC; } + /* Append scan probe IEs as the last tlv */ + mt7925_mcu_build_scan_ie_tlv(mdev, skb, &scan_req->ies); + err = mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SCAN_REQ), true); if (err < 0) @@ -3220,7 +3266,8 @@ EXPORT_SYMBOL_GPL(mt7925_mcu_hw_scan); int mt7925_mcu_sched_scan_req(struct mt76_phy *phy, struct ieee80211_vif *vif, - struct cfg80211_sched_scan_request *sreq) + struct cfg80211_sched_scan_request *sreq, + struct ieee80211_scan_ies *ies) { struct mt76_vif_link *mvif = (struct mt76_vif_link *)vif->drv_priv; struct ieee80211_channel **scan_list = sreq->channels; @@ -3308,12 +3355,8 @@ int mt7925_mcu_sched_scan_req(struct mt76_phy *phy, } chan_info->channel_type = sreq->n_channels ? 4 : 0; - tlv = mt76_connac_mcu_add_tlv(skb, UNI_SCAN_IE, sizeof(*ie)); - ie = (struct scan_ie_tlv *)tlv; - if (sreq->ie_len > 0) { - memcpy(ie->ies, sreq->ie, sreq->ie_len); - ie->ies_len = cpu_to_le16(sreq->ie_len); - } + /* Append scan probe IEs as the last tlv */ + mt7925_mcu_build_scan_ie_tlv(mdev, skb, ies); return mt76_mcu_skb_send_msg(mdev, skb, MCU_UNI_CMD(SCAN_REQ), true); diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.h b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.h index 3dddadb7457b..c34b28769782 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mcu.h +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mcu.h @@ -269,7 +269,7 @@ struct scan_ie_tlv { __le16 ies_len; u8 band; u8 pad; - u8 ies[MT76_CONNAC_SCAN_IE_LEN]; + u8 ies[]; }; struct scan_misc_tlv { @@ -674,7 +674,8 @@ int mt7925_mcu_cancel_hw_scan(struct mt76_phy *phy, struct ieee80211_vif *vif); int mt7925_mcu_sched_scan_req(struct mt76_phy *phy, struct ieee80211_vif *vif, - struct cfg80211_sched_scan_request *sreq); + struct cfg80211_sched_scan_request *sreq, + struct ieee80211_scan_ies *ies); int mt7925_mcu_sched_scan_enable(struct mt76_phy *phy, struct ieee80211_vif *vif, bool enable); -- 2.34.1

2 weeks

1
0
0 0

[PATCH v2 0/5] drm/xe: enable driver usage on non-4KiB kernels

by Mingcong Bai via B4 Relay

This patch series attempts to enable the use of xe DRM driver on non-4KiB kernel page platforms. This involves fixing the ttm/bo interface, as well as parts of the userspace API to make use of kernel `PAGE_SIZE' for alignment instead of the assumed `SZ_4K', it also fixes incorrect usage of `PAGE_SIZE' in the GuC and ring buffer interface code to make sure all instructions/commands were aligned to 4KiB barriers (per the Programmer's Manual for the GPUs covered by this DRM driver). This issue was first discovered and reported by members of the LoongArch user communities, whose hardware commonly ran on 16KiB-page kernels. The patch series began on an unassuming branch of a downstream kernel tree maintained by Shang Yatsen.[^1] It worked well but remained sparsely documented, a lot of the work done here relied on Shang Yatsen's original patch. AOSC OS then picked it up[^2] to provide Intel Xe/Arc support for users of its LoongArch port, for which I worked extensively on. After months of positive user feedback and from encouragement from Kexy Biscuit, my colleague at the community, I decided to examine its potential for upstreaming, cross-reference kernel and Intel documentation to better document and revise this patch. Now that this series has been tested good (for boot up, OpenGL, and playback of a standardised set of video samples[^3] on the following platforms (motherboard + GPU model): - x86-64, 4KiB kernel page: - MS-7D42 + Intel Arc A580 - COLORFIRE B760M-MEOW WIFI D5 + Intel Arc B580 - LoongArch, 16KiB kernel page: - XA61200 + GUNNIR DG1 Blue Halberd (Intel DG1) - XA61200 + GUNNIR Iris Xe Index 4 (Intel DG1) - XA61200 + GUNNIR Intel Iris Xe Max Index V2 (Intel DG1) - XA61200 + GUNNIR Intel Arc A380 Index 6G (Intel Arc A380) - XA61200 + ASRock Arc A380 Challenger ITX OC (Intel Arc A380) - XA61200 + Intel Arc A580 - XA61200 + GUNNIR Intel Arc A750 Photon 8G OC (Intel Arc A750) - XA61200 + Intel Arc B580 - XB612B0 + GUNNIR Intel Iris Xe Max Index V2 (Intel DG1) - XB612B0 + GUNNIR Intel Arc A380 Index 6G (Intel Arc A380) - ASUS XC-LS3A6M + GUNNIR Intel Arc B580 INDEX 12G (Intel Arc B580) On these platforms, basic functionalities tested good but the driver was unstable with occasional resets (I do suspect however, that this platform suffers from PCIe coherence issues, as instability only occurs under heavy VRAM I/O load): - AArch64, 4KiB/64KiB kernel pages: - ERUN-FD3000 (Phytium D3000) + GUNNIR Intel Iris Xe Max Index V2 (Intel DG1) - ERUN-FD3000 (Phytium D3000) + GUNNIR Intel Arc A380 Index 6G (Intel Arc A380) - ERUN-FD3000 (Phytium D3000) + GUNNIR Intel Arc A750 Photon 8G OC (Intel Arc A750) I think that this patch series is now ready for your comment and review. Please forgive me if I made any simple mistake or used wrong terminologies, but I have never worked on a patch for the DRM subsystem and my experience is still quite thin. But anyway, just letting you all know that Intel Xe/Arc works on non-4KiB kernel page platforms (and honestly, it's great to use, especially for games and media playback)! [^1]: https://github.com/FanFansfan/loongson-linux/tree/loongarch-xe [^2]: We maintained Shang Yatsen's patch until our v6.13.3 tree, until we decided to test and send this series upstream, https://github.com/AOSC-Tracking/linux/tree/aosc/v6.13.3 [^3]: Delicious hot pot! https://repo.aosc.io/ahvl/sample-videos-20250223.tar.zst --- Matthew(s), Lucas, and Francois: Thanks again for your patience and review. I recently had a job change and it put me off this series for months, but I'm back (and should be a lot more responsive now) - sorry! Let's get this ball rolling again. I was unfortunately unable to revise 1/5 from v1 as you requested, neither of your suggestions to allow allocation of VRAM smaller than page size worked... So I kept that part as is. As for the your comment in 5/5, I'm not sure about what the right approach to implement a SZ_64K >= PAGE_SIZE assert was, as there are many other instances of similar ternary conditional operators in the xe code. Correct me if I'm wrong but I felt that it might be better handled in a separate patch series? --- Changes in v2: - Define `GUC_ALIGN' and use them in GuC code to improve clarity. - Update documentation on `DRM_XE_QUERY_CONFIG_MIN_ALIGNMENT'. - Rebase, and other minor changes. - Link to v1: https://lore.kernel.org/all/20250226-xe-non-4k-fix-v1-0-80f23b5ee40e@aosc.i… To: Lucas De Marchi <lucas.demarchi(a)intel.com> To: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> To: Rodrigo Vivi <rodrigo.vivi(a)intel.com> To: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> To: Maxime Ripard <mripard(a)kernel.org> To: Thomas Zimmermann <tzimmermann(a)suse.de> To: David Airlie <airlied(a)gmail.com> To: Simona Vetter <simona(a)ffwll.ch> To: José Roberto de Souza <jose.souza(a)intel.com> To: Francois Dugast <francois.dugast(a)intel.com> To: Matthew Brost <matthew.brost(a)intel.com> To: Alan Previn <alan.previn.teres.alexis(a)intel.com> To: Zhanjun Dong <zhanjun.dong(a)intel.com> To: Matt Roper <matthew.d.roper(a)intel.com> To: Mateusz Naklicki <mateusz.naklicki(a)intel.com> Cc: Mauro Carvalho Chehab <mauro.chehab(a)linux.intel.com> Cc: Zbigniew Kempczyński <zbigniew.kempczynski(a)intel.com> Cc: intel-xe(a)lists.freedesktop.org Cc: dri-devel(a)lists.freedesktop.org Cc: linux-kernel(a)vger.kernel.org Suggested-by: Kexy Biscuit <kexybiscuit(a)aosc.io> Co-developed-by: Shang Yatsen <429839446(a)qq.com> Signed-off-by: Shang Yatsen <429839446(a)qq.com> Signed-off-by: Mingcong Bai <jeffbai(a)aosc.io> --- Mingcong Bai (5): drm/xe/bo: fix alignment with non-4KiB kernel page sizes drm/xe/guc: use GUC_SIZE (SZ_4K) for alignment drm/xe/regs: fix RING_CTL_SIZE(size) calculation drm/xe: use 4KiB alignment for cursor jumps drm/xe/query: use PAGE_SIZE as the minimum page alignment drivers/gpu/drm/xe/regs/xe_engine_regs.h | 2 +- drivers/gpu/drm/xe/xe_bo.c | 8 ++++---- drivers/gpu/drm/xe/xe_guc.c | 4 ++-- drivers/gpu/drm/xe/xe_guc.h | 3 +++ drivers/gpu/drm/xe/xe_guc_ads.c | 32 ++++++++++++++++---------------- drivers/gpu/drm/xe/xe_guc_capture.c | 8 ++++---- drivers/gpu/drm/xe/xe_guc_ct.c | 2 +- drivers/gpu/drm/xe/xe_guc_log.c | 5 +++-- drivers/gpu/drm/xe/xe_guc_pc.c | 4 ++-- drivers/gpu/drm/xe/xe_migrate.c | 4 ++-- drivers/gpu/drm/xe/xe_query.c | 2 +- include/uapi/drm/xe_drm.h | 7 +++++-- 12 files changed, 44 insertions(+), 37 deletions(-) --- base-commit: 546b1c9e93c2bb8cf5ed24e0be1c86bb089b3253 change-id: 20250603-upstream-xe-non-4k-v2-4acf253c9bfd Best regards, -- Mingcong Bai <jeffbai(a)aosc.io>

2 weeks

2
6
0 0

+ bcache-remove-unnecessary-select-min_heap.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: bcache: remove unnecessary select MIN_HEAP has been added to the -mm mm-hotfixes-unstable branch. Its filename is bcache-remove-unnecessary-select-min_heap.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Subject: bcache: remove unnecessary select MIN_HEAP Date: Sun, 15 Jun 2025 04:23:53 +0800 After reverting the transition to the generic min heap library, bcache no longer depends on MIN_HEAP. The select entry can be removed to reduce code size and shrink the kernel's attack surface. This change effectively reverts the bcache-related part of commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"). This is part of a series of changes to address a performance regression caused by the use of the generic min_heap implementation. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Link: https://lkml.kernel.org/r/20250614202353.1632957-4-visitorckw@gmail.com Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Acked-by: Coly Li <colyli(a)kernel.org> Cc: Ching-Chun (Jim) Huang <jserv(a)ccns.ncku.edu.tw> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/md/bcache/Kconfig | 1 - 1 file changed, 1 deletion(-) --- a/drivers/md/bcache/Kconfig~bcache-remove-unnecessary-select-min_heap +++ a/drivers/md/bcache/Kconfig @@ -5,7 +5,6 @@ config BCACHE select BLOCK_HOLDER_DEPRECATED if SYSFS select CRC64 select CLOSURES - select MIN_HEAP help Allows a block device to be used as cache for other devices; uses a btree for indexing and the layout is optimized for SSDs. _ Patches currently in -mm which might be from visitorckw(a)gmail.com are revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap.patch revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap.patch bcache-remove-unnecessary-select-min_heap.patch lib-math-gcd-use-static-key-to-select-implementation-at-runtime.patch riscv-optimize-gcd-code-size-when-config_riscv_isa_zbb-is-disabled.patch riscv-optimize-gcd-performance-on-risc-v-without-zbb-extension.patch

2 weeks, 1 day

1
0
0 0

+ revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: Revert "bcache: remove heap-related macros and switch to generic min_heap" has been added to the -mm mm-hotfixes-unstable branch. Its filename is revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Subject: Revert "bcache: remove heap-related macros and switch to generic min_heap" Date: Sun, 15 Jun 2025 04:23:52 +0800 This reverts commit 866898efbb25bb44fd42848318e46db9e785973a. The generic bottom-up min_heap implementation causes performance regression in invalidate_buckets_lru(), a hot path in bcache. Before the cache is fully populated, new_bucket_prio() often returns zero, leading to many equal comparisons. In such cases, bottom-up sift_down performs up to 2 * log2(n) comparisons, while the original top-down approach completes with just O() comparisons, resulting in a measurable performance gap. The performance degradation is further worsened by the non-inlined min_heap API functions introduced in commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"), adding function call overhead to this critical path. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. This revert aims to restore bcache's original low-latency behavior. Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Link: https://lkml.kernel.org/r/20250614202353.1632957-3-visitorckw@gmail.com Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Acked-by: Coly Li <colyli(a)kernel.org> Cc: Ching-Chun (Jim) Huang <jserv(a)ccns.ncku.edu.tw> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/md/bcache/alloc.c | 64 ++++------------ drivers/md/bcache/bcache.h | 2 drivers/md/bcache/bset.c | 124 +++++++++++--------------------- drivers/md/bcache/bset.h | 42 ++++++---- drivers/md/bcache/btree.c | 69 +++++++---------- drivers/md/bcache/extents.c | 51 ++++--------- drivers/md/bcache/movinggc.c | 41 ++-------- drivers/md/bcache/super.c | 3 drivers/md/bcache/sysfs.c | 4 - drivers/md/bcache/util.h | 67 ++++++++++++++++- drivers/md/bcache/writeback.c | 13 +-- 11 files changed, 217 insertions(+), 263 deletions(-) --- a/drivers/md/bcache/alloc.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/alloc.c @@ -164,68 +164,40 @@ static void bch_invalidate_one_bucket(st * prio is worth 1/8th of what INITIAL_PRIO is worth. */ -static inline unsigned int new_bucket_prio(struct cache *ca, struct bucket *b) -{ - unsigned int min_prio = (INITIAL_PRIO - ca->set->min_prio) / 8; - - return (b->prio - ca->set->min_prio + min_prio) * GC_SECTORS_USED(b); -} - -static inline bool new_bucket_max_cmp(const void *l, const void *r, void *args) -{ - struct bucket **lhs = (struct bucket **)l; - struct bucket **rhs = (struct bucket **)r; - struct cache *ca = args; - - return new_bucket_prio(ca, *lhs) > new_bucket_prio(ca, *rhs); -} - -static inline bool new_bucket_min_cmp(const void *l, const void *r, void *args) -{ - struct bucket **lhs = (struct bucket **)l; - struct bucket **rhs = (struct bucket **)r; - struct cache *ca = args; - - return new_bucket_prio(ca, *lhs) < new_bucket_prio(ca, *rhs); -} - -static inline void new_bucket_swap(void *l, void *r, void __always_unused *args) -{ - struct bucket **lhs = l, **rhs = r; +#define bucket_prio(b) \ +({ \ + unsigned int min_prio = (INITIAL_PRIO - ca->set->min_prio) / 8; \ + \ + (b->prio - ca->set->min_prio + min_prio) * GC_SECTORS_USED(b); \ +}) - swap(*lhs, *rhs); -} +#define bucket_max_cmp(l, r) (bucket_prio(l) < bucket_prio(r)) +#define bucket_min_cmp(l, r) (bucket_prio(l) > bucket_prio(r)) static void invalidate_buckets_lru(struct cache *ca) { struct bucket *b; - const struct min_heap_callbacks bucket_max_cmp_callback = { - .less = new_bucket_max_cmp, - .swp = new_bucket_swap, - }; - const struct min_heap_callbacks bucket_min_cmp_callback = { - .less = new_bucket_min_cmp, - .swp = new_bucket_swap, - }; + ssize_t i; - ca->heap.nr = 0; + ca->heap.used = 0; for_each_bucket(b, ca) { if (!bch_can_invalidate_bucket(ca, b)) continue; - if (!min_heap_full(&ca->heap)) - min_heap_push(&ca->heap, &b, &bucket_max_cmp_callback, ca); - else if (!new_bucket_max_cmp(&b, min_heap_peek(&ca->heap), ca)) { + if (!heap_full(&ca->heap)) + heap_add(&ca->heap, b, bucket_max_cmp); + else if (bucket_max_cmp(b, heap_peek(&ca->heap))) { ca->heap.data[0] = b; - min_heap_sift_down(&ca->heap, 0, &bucket_max_cmp_callback, ca); + heap_sift(&ca->heap, 0, bucket_max_cmp); } } - min_heapify_all(&ca->heap, &bucket_min_cmp_callback, ca); + for (i = ca->heap.used / 2 - 1; i >= 0; --i) + heap_sift(&ca->heap, i, bucket_min_cmp); while (!fifo_full(&ca->free_inc)) { - if (!ca->heap.nr) { + if (!heap_pop(&ca->heap, b, bucket_min_cmp)) { /* * We don't want to be calling invalidate_buckets() * multiple times when it can't do anything @@ -234,8 +206,6 @@ static void invalidate_buckets_lru(struc wake_up_gc(ca->set); return; } - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &bucket_min_cmp_callback, ca); bch_invalidate_one_bucket(ca, b); } --- a/drivers/md/bcache/bcache.h~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/bcache.h @@ -458,7 +458,7 @@ struct cache { /* Allocation stuff: */ struct bucket *buckets; - DEFINE_MIN_HEAP(struct bucket *, cache_heap) heap; + DECLARE_HEAP(struct bucket *, heap); /* * If nonzero, we know we aren't going to find any buckets to invalidate --- a/drivers/md/bcache/bset.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/bset.c @@ -54,11 +54,9 @@ void bch_dump_bucket(struct btree_keys * int __bch_count_data(struct btree_keys *b) { unsigned int ret = 0; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - if (b->ops->is_extents) for_each_key(b, k, &iter) ret += KEY_SIZE(k); @@ -69,11 +67,9 @@ void __bch_check_keys(struct btree_keys { va_list args; struct bkey *k, *p = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; const char *err; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - for_each_key(b, k, &iter) { if (b->ops->is_extents) { err = "Keys out of order"; @@ -114,9 +110,9 @@ bug: static void bch_btree_iter_next_check(struct btree_iter *iter) { - struct bkey *k = iter->heap.data->k, *next = bkey_next(k); + struct bkey *k = iter->data->k, *next = bkey_next(k); - if (next < iter->heap.data->end && + if (next < iter->data->end && bkey_cmp(k, iter->b->ops->is_extents ? &START_KEY(next) : next) > 0) { bch_dump_bucket(iter->b); @@ -883,14 +879,12 @@ unsigned int bch_btree_insert_key(struct unsigned int status = BTREE_INSERT_STATUS_NO_INSERT; struct bset *i = bset_tree_last(b)->data; struct bkey *m, *prev = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey preceding_key_on_stack = ZERO_KEY; struct bkey *preceding_key_p = &preceding_key_on_stack; BUG_ON(b->ops->is_extents && !KEY_SIZE(k)); - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* * If k has preceding key, preceding_key_p will be set to address * of k's preceding key; otherwise preceding_key_p will be set @@ -901,9 +895,9 @@ unsigned int bch_btree_insert_key(struct else preceding_key(k, &preceding_key_p); - m = bch_btree_iter_init(b, &iter, preceding_key_p); + m = bch_btree_iter_stack_init(b, &iter, preceding_key_p); - if (b->ops->insert_fixup(b, k, &iter, replace_key)) + if (b->ops->insert_fixup(b, k, &iter.iter, replace_key)) return status; status = BTREE_INSERT_STATUS_INSERT; @@ -1083,102 +1077,79 @@ struct bkey *__bch_bset_search(struct bt /* Btree iterator */ -typedef bool (new_btree_iter_cmp_fn)(const void *, const void *, void *); - -static inline bool new_btree_iter_cmp(const void *l, const void *r, void __always_unused *args) -{ - const struct btree_iter_set *_l = l; - const struct btree_iter_set *_r = r; - - return bkey_cmp(_l->k, _r->k) <= 0; -} +typedef bool (btree_iter_cmp_fn)(struct btree_iter_set, + struct btree_iter_set); -static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +static inline bool btree_iter_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_iter1 = iter1; - struct btree_iter_set *_iter2 = iter2; - - swap(*_iter1, *_iter2); + return bkey_cmp(l.k, r.k) > 0; } static inline bool btree_iter_end(struct btree_iter *iter) { - return !iter->heap.nr; + return !iter->used; } void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, struct bkey *end) { - const struct min_heap_callbacks callbacks = { - .less = new_btree_iter_cmp, - .swp = new_btree_iter_swap, - }; - if (k != end) - BUG_ON(!min_heap_push(&iter->heap, - &((struct btree_iter_set) { k, end }), - &callbacks, - NULL)); + BUG_ON(!heap_add(iter, + ((struct btree_iter_set) { k, end }), + btree_iter_cmp)); } -static struct bkey *__bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search, - struct bset_tree *start) +static struct bkey *__bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search, + struct bset_tree *start) { struct bkey *ret = NULL; - iter->heap.size = ARRAY_SIZE(iter->heap.preallocated); - iter->heap.nr = 0; + iter->iter.size = ARRAY_SIZE(iter->stack_data); + iter->iter.used = 0; #ifdef CONFIG_BCACHE_DEBUG - iter->b = b; + iter->iter.b = b; #endif for (; start <= bset_tree_last(b); start++) { ret = bch_bset_search(b, start, search); - bch_btree_iter_push(iter, ret, bset_bkey_last(start->data)); + bch_btree_iter_push(&iter->iter, ret, bset_bkey_last(start->data)); } return ret; } -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, struct bkey *search) { - return __bch_btree_iter_init(b, iter, search, b->set); + return __bch_btree_iter_stack_init(b, iter, search, b->set); } static inline struct bkey *__bch_btree_iter_next(struct btree_iter *iter, - new_btree_iter_cmp_fn *cmp) + btree_iter_cmp_fn *cmp) { struct btree_iter_set b __maybe_unused; struct bkey *ret = NULL; - const struct min_heap_callbacks callbacks = { - .less = cmp, - .swp = new_btree_iter_swap, - }; if (!btree_iter_end(iter)) { bch_btree_iter_next_check(iter); - ret = iter->heap.data->k; - iter->heap.data->k = bkey_next(iter->heap.data->k); + ret = iter->data->k; + iter->data->k = bkey_next(iter->data->k); - if (iter->heap.data->k > iter->heap.data->end) { + if (iter->data->k > iter->data->end) { WARN_ONCE(1, "bset was corrupt!\n"); - iter->heap.data->k = iter->heap.data->end; + iter->data->k = iter->data->end; } - if (iter->heap.data->k == iter->heap.data->end) { - if (iter->heap.nr) { - b = min_heap_peek(&iter->heap)[0]; - min_heap_pop(&iter->heap, &callbacks, NULL); - } - } + if (iter->data->k == iter->data->end) + heap_pop(iter, b, cmp); else - min_heap_sift_down(&iter->heap, 0, &callbacks, NULL); + heap_sift(iter, 0, cmp); } return ret; @@ -1186,7 +1157,7 @@ static inline struct bkey *__bch_btree_i struct bkey *bch_btree_iter_next(struct btree_iter *iter) { - return __bch_btree_iter_next(iter, new_btree_iter_cmp); + return __bch_btree_iter_next(iter, btree_iter_cmp); } @@ -1224,18 +1195,16 @@ static void btree_mergesort(struct btree struct btree_iter *iter, bool fixup, bool remove_stale) { + int i; struct bkey *k, *last = NULL; BKEY_PADDED(k) tmp; bool (*bad)(struct btree_keys *, const struct bkey *) = remove_stale ? bch_ptr_bad : bch_ptr_invalid; - const struct min_heap_callbacks callbacks = { - .less = b->ops->sort_cmp, - .swp = new_btree_iter_swap, - }; /* Heapify the iterator, using our comparison function */ - min_heapify_all(&iter->heap, &callbacks, NULL); + for (i = iter->used / 2 - 1; i >= 0; --i) + heap_sift(iter, i, b->ops->sort_cmp); while (!btree_iter_end(iter)) { if (b->ops->sort_fixup && fixup) @@ -1324,11 +1293,10 @@ void bch_btree_sort_partial(struct btree struct bset_sort_state *state) { size_t order = b->page_order, keys = 0; - struct btree_iter iter; + struct btree_iter_stack iter; int oldsize = bch_count_data(b); - min_heap_init(&iter.heap, NULL, MAX_BSETS); - __bch_btree_iter_init(b, &iter, NULL, &b->set[start]); + __bch_btree_iter_stack_init(b, &iter, NULL, &b->set[start]); if (start) { unsigned int i; @@ -1339,7 +1307,7 @@ void bch_btree_sort_partial(struct btree order = get_order(__set_bytes(b->set->data, keys)); } - __btree_sort(b, &iter, start, order, false, state); + __btree_sort(b, &iter.iter, start, order, false, state); EBUG_ON(oldsize >= 0 && bch_count_data(b) != oldsize); } @@ -1355,13 +1323,11 @@ void bch_btree_sort_into(struct btree_ke struct bset_sort_state *state) { uint64_t start_time = local_clock(); - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; - bch_btree_iter_init(b, &iter, NULL); + bch_btree_iter_stack_init(b, &iter, NULL); - btree_mergesort(b, new->set->data, &iter, false, true); + btree_mergesort(b, new->set->data, &iter.iter, false, true); bch_time_stats_update(&state->time, start_time); --- a/drivers/md/bcache/bset.h~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/bset.h @@ -187,9 +187,8 @@ struct bset_tree { }; struct btree_keys_ops { - bool (*sort_cmp)(const void *l, - const void *r, - void *args); + bool (*sort_cmp)(struct btree_iter_set l, + struct btree_iter_set r); struct bkey *(*sort_fixup)(struct btree_iter *iter, struct bkey *tmp); bool (*insert_fixup)(struct btree_keys *b, @@ -313,17 +312,23 @@ enum { BTREE_INSERT_STATUS_FRONT_MERGE, }; -struct btree_iter_set { - struct bkey *k, *end; -}; - /* Btree key iteration */ struct btree_iter { + size_t size, used; #ifdef CONFIG_BCACHE_DEBUG struct btree_keys *b; #endif - MIN_HEAP_PREALLOCATED(struct btree_iter_set, btree_iter_heap, MAX_BSETS) heap; + struct btree_iter_set { + struct bkey *k, *end; + } data[]; +}; + +/* Fixed-size btree_iter that can be allocated on the stack */ + +struct btree_iter_stack { + struct btree_iter iter; + struct btree_iter_set stack_data[MAX_BSETS]; }; typedef bool (*ptr_filter_fn)(struct btree_keys *b, const struct bkey *k); @@ -335,9 +340,9 @@ struct bkey *bch_btree_iter_next_filter( void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, struct bkey *end); -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search); +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search); struct bkey *__bch_bset_search(struct btree_keys *b, struct bset_tree *t, const struct bkey *search); @@ -352,13 +357,14 @@ static inline struct bkey *bch_bset_sear return search ? __bch_bset_search(b, t, search) : t->data->start; } -#define for_each_key_filter(b, k, iter, filter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next_filter((iter), (b), filter));) - -#define for_each_key(b, k, iter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next(iter));) +#define for_each_key_filter(b, k, stack_iter, filter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next_filter(&((stack_iter)->iter), (b), \ + filter));) + +#define for_each_key(b, k, stack_iter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next(&((stack_iter)->iter)));) /* Sorting */ --- a/drivers/md/bcache/btree.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/btree.c @@ -148,19 +148,19 @@ void bch_btree_node_read_done(struct btr { const char *err = "bad btree header"; struct bset *i = btree_bset_first(b); - struct btree_iter iter; + struct btree_iter *iter; /* * c->fill_iter can allocate an iterator with more memory space * than static MAX_BSETS. * See the comment arount cache_set->fill_iter. */ - iter.heap.data = mempool_alloc(&b->c->fill_iter, GFP_NOIO); - iter.heap.size = b->c->cache->sb.bucket_size / b->c->cache->sb.block_size; - iter.heap.nr = 0; + iter = mempool_alloc(&b->c->fill_iter, GFP_NOIO); + iter->size = b->c->cache->sb.bucket_size / b->c->cache->sb.block_size; + iter->used = 0; #ifdef CONFIG_BCACHE_DEBUG - iter.b = &b->keys; + iter->b = &b->keys; #endif if (!i->seq) @@ -198,7 +198,7 @@ void bch_btree_node_read_done(struct btr if (i != b->keys.set[0].data && !i->keys) goto err; - bch_btree_iter_push(&iter, i->start, bset_bkey_last(i)); + bch_btree_iter_push(iter, i->start, bset_bkey_last(i)); b->written += set_blocks(i, block_bytes(b->c->cache)); } @@ -210,7 +210,7 @@ void bch_btree_node_read_done(struct btr if (i->seq == b->keys.set[0].data->seq) goto err; - bch_btree_sort_and_fix_extents(&b->keys, &iter, &b->c->sort); + bch_btree_sort_and_fix_extents(&b->keys, iter, &b->c->sort); i = b->keys.set[0].data; err = "short btree key"; @@ -222,7 +222,7 @@ void bch_btree_node_read_done(struct btr bch_bset_init_next(&b->keys, write_block(b), bset_magic(&b->c->cache->sb)); out: - mempool_free(iter.heap.data, &b->c->fill_iter); + mempool_free(iter, &b->c->fill_iter); return; err: set_btree_node_io_error(b); @@ -1306,11 +1306,9 @@ static bool btree_gc_mark_node(struct bt uint8_t stale = 0; unsigned int keys = 0, good_keys = 0; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct bset_tree *t; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - gc->nodes++; for_each_key_filter(&b->keys, k, &iter, bch_ptr_invalid) { @@ -1569,11 +1567,9 @@ static int btree_gc_rewrite_node(struct static unsigned int btree_gc_count_keys(struct btree *b) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; unsigned int ret = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - for_each_key_filter(&b->keys, k, &iter, bch_ptr_bad) ret += bkey_u64s(k); @@ -1612,18 +1608,18 @@ static int btree_gc_recurse(struct btree int ret = 0; bool should_rewrite; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct gc_merge_info r[GC_MERGE_NODES]; struct gc_merge_info *i, *last = r + ARRAY_SIZE(r) - 1; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, &b->c->gc_done); + bch_btree_iter_stack_init(&b->keys, &iter, &b->c->gc_done); for (i = r; i < r + ARRAY_SIZE(r); i++) i->b = ERR_PTR(-EINTR); while (1) { - k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad); + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad); if (k) { r->b = bch_btree_node_get(b->c, op, k, b->level - 1, true, b); @@ -1918,9 +1914,7 @@ static int bch_btree_check_recurse(struc { int ret = 0; struct bkey *k, *p = NULL; - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; for_each_key_filter(&b->keys, k, &iter, bch_ptr_invalid) bch_initial_mark_key(b->c, b->level, k); @@ -1928,10 +1922,10 @@ static int bch_btree_check_recurse(struc bch_initial_mark_key(b->c, b->level + 1, &b->key); if (b->level) { - bch_btree_iter_init(&b->keys, &iter, NULL); + bch_btree_iter_stack_init(&b->keys, &iter, NULL); do { - k = bch_btree_iter_next_filter(&iter, &b->keys, + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad); if (k) { btree_node_prefetch(b, k); @@ -1959,7 +1953,7 @@ static int bch_btree_check_thread(void * struct btree_check_info *info = arg; struct btree_check_state *check_state = info->state; struct cache_set *c = check_state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; @@ -1967,11 +1961,9 @@ static int bch_btree_check_thread(void * cur_idx = prev_idx = 0; ret = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* root node keys are checked before thread created */ - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -1989,7 +1981,7 @@ static int bch_btree_check_thread(void * skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -2062,11 +2054,9 @@ int bch_btree_check(struct cache_set *c) int ret = 0; int i; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct btree_check_state check_state; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* check and mark root node keys */ for_each_key_filter(&c->root->keys, k, &iter, bch_ptr_invalid) bch_initial_mark_key(c, c->root->level, k); @@ -2560,12 +2550,11 @@ static int bch_btree_map_nodes_recurse(s if (b->level) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad))) { ret = bcache_btree(map_nodes_recurse, k, b, op, from, fn, flags); @@ -2594,12 +2583,12 @@ int bch_btree_map_keys_recurse(struct bt { int ret = MAP_CONTINUE; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad))) { + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad))) { ret = !b->level ? fn(op, b, k) : bcache_btree(map_keys_recurse, k, --- a/drivers/md/bcache/extents.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/extents.c @@ -33,16 +33,15 @@ static void sort_key_next(struct btree_i i->k = bkey_next(i->k); if (i->k == i->end) - *i = iter->heap.data[--iter->heap.nr]; + *i = iter->data[--iter->used]; } -static bool new_bch_key_sort_cmp(const void *l, const void *r, void *args) +static bool bch_key_sort_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_l = (struct btree_iter_set *)l; - struct btree_iter_set *_r = (struct btree_iter_set *)r; - int64_t c = bkey_cmp(_l->k, _r->k); + int64_t c = bkey_cmp(l.k, r.k); - return !(c ? c > 0 : _l->k < _r->k); + return c ? c > 0 : l.k < r.k; } static bool __ptr_invalid(struct cache_set *c, const struct bkey *k) @@ -239,7 +238,7 @@ static bool bch_btree_ptr_insert_fixup(s } const struct btree_keys_ops bch_btree_keys_ops = { - .sort_cmp = new_bch_key_sort_cmp, + .sort_cmp = bch_key_sort_cmp, .insert_fixup = bch_btree_ptr_insert_fixup, .key_invalid = bch_btree_ptr_invalid, .key_bad = bch_btree_ptr_bad, @@ -256,36 +255,22 @@ const struct btree_keys_ops bch_btree_ke * Necessary for btree_sort_fixup() - if there are multiple keys that compare * equal in different sets, we have to process them newest to oldest. */ - -static bool new_bch_extent_sort_cmp(const void *l, const void *r, void __always_unused *args) -{ - struct btree_iter_set *_l = (struct btree_iter_set *)l; - struct btree_iter_set *_r = (struct btree_iter_set *)r; - int64_t c = bkey_cmp(&START_KEY(_l->k), &START_KEY(_r->k)); - - return !(c ? c > 0 : _l->k < _r->k); -} - -static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +static bool bch_extent_sort_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_iter1 = iter1; - struct btree_iter_set *_iter2 = iter2; + int64_t c = bkey_cmp(&START_KEY(l.k), &START_KEY(r.k)); - swap(*_iter1, *_iter2); + return c ? c > 0 : l.k < r.k; } static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, struct bkey *tmp) { - const struct min_heap_callbacks callbacks = { - .less = new_bch_extent_sort_cmp, - .swp = new_btree_iter_swap, - }; - while (iter->heap.nr > 1) { - struct btree_iter_set *top = iter->heap.data, *i = top + 1; + while (iter->used > 1) { + struct btree_iter_set *top = iter->data, *i = top + 1; - if (iter->heap.nr > 2 && - !new_bch_extent_sort_cmp(&i[0], &i[1], NULL)) + if (iter->used > 2 && + bch_extent_sort_cmp(i[0], i[1])) i++; if (bkey_cmp(top->k, &START_KEY(i->k)) <= 0) @@ -293,7 +278,7 @@ static struct bkey *bch_extent_sort_fixu if (!KEY_SIZE(i->k)) { sort_key_next(iter, i); - min_heap_sift_down(&iter->heap, i - top, &callbacks, NULL); + heap_sift(iter, i - top, bch_extent_sort_cmp); continue; } @@ -303,7 +288,7 @@ static struct bkey *bch_extent_sort_fixu else bch_cut_front(top->k, i->k); - min_heap_sift_down(&iter->heap, i - top, &callbacks, NULL); + heap_sift(iter, i - top, bch_extent_sort_cmp); } else { /* can't happen because of comparison func */ BUG_ON(!bkey_cmp(&START_KEY(top->k), &START_KEY(i->k))); @@ -313,7 +298,7 @@ static struct bkey *bch_extent_sort_fixu bch_cut_back(&START_KEY(i->k), tmp); bch_cut_front(i->k, top->k); - min_heap_sift_down(&iter->heap, 0, &callbacks, NULL); + heap_sift(iter, 0, bch_extent_sort_cmp); return tmp; } else { @@ -633,7 +618,7 @@ static bool bch_extent_merge(struct btre } const struct btree_keys_ops bch_extent_keys_ops = { - .sort_cmp = new_bch_extent_sort_cmp, + .sort_cmp = bch_extent_sort_cmp, .sort_fixup = bch_extent_sort_fixup, .insert_fixup = bch_extent_insert_fixup, .key_invalid = bch_extent_invalid, --- a/drivers/md/bcache/movinggc.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/movinggc.c @@ -182,27 +182,16 @@ err: if (!IS_ERR_OR_NULL(w->private)) closure_sync(&cl); } -static bool new_bucket_cmp(const void *l, const void *r, void __always_unused *args) +static bool bucket_cmp(struct bucket *l, struct bucket *r) { - struct bucket **_l = (struct bucket **)l; - struct bucket **_r = (struct bucket **)r; - - return GC_SECTORS_USED(*_l) >= GC_SECTORS_USED(*_r); -} - -static void new_bucket_swap(void *l, void *r, void __always_unused *args) -{ - struct bucket **_l = l; - struct bucket **_r = r; - - swap(*_l, *_r); + return GC_SECTORS_USED(l) < GC_SECTORS_USED(r); } static unsigned int bucket_heap_top(struct cache *ca) { struct bucket *b; - return (b = min_heap_peek(&ca->heap)[0]) ? GC_SECTORS_USED(b) : 0; + return (b = heap_peek(&ca->heap)) ? GC_SECTORS_USED(b) : 0; } void bch_moving_gc(struct cache_set *c) @@ -210,10 +199,6 @@ void bch_moving_gc(struct cache_set *c) struct cache *ca = c->cache; struct bucket *b; unsigned long sectors_to_move, reserve_sectors; - const struct min_heap_callbacks callbacks = { - .less = new_bucket_cmp, - .swp = new_bucket_swap, - }; if (!c->copy_gc_enabled) return; @@ -224,7 +209,7 @@ void bch_moving_gc(struct cache_set *c) reserve_sectors = ca->sb.bucket_size * fifo_used(&ca->free[RESERVE_MOVINGGC]); - ca->heap.nr = 0; + ca->heap.used = 0; for_each_bucket(b, ca) { if (GC_MARK(b) == GC_MARK_METADATA || @@ -233,31 +218,25 @@ void bch_moving_gc(struct cache_set *c) atomic_read(&b->pin)) continue; - if (!min_heap_full(&ca->heap)) { + if (!heap_full(&ca->heap)) { sectors_to_move += GC_SECTORS_USED(b); - min_heap_push(&ca->heap, &b, &callbacks, NULL); - } else if (!new_bucket_cmp(&b, min_heap_peek(&ca->heap), ca)) { + heap_add(&ca->heap, b, bucket_cmp); + } else if (bucket_cmp(b, heap_peek(&ca->heap))) { sectors_to_move -= bucket_heap_top(ca); sectors_to_move += GC_SECTORS_USED(b); ca->heap.data[0] = b; - min_heap_sift_down(&ca->heap, 0, &callbacks, NULL); + heap_sift(&ca->heap, 0, bucket_cmp); } } while (sectors_to_move > reserve_sectors) { - if (ca->heap.nr) { - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &callbacks, NULL); - } + heap_pop(&ca->heap, b, bucket_cmp); sectors_to_move -= GC_SECTORS_USED(b); } - while (ca->heap.nr) { - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &callbacks, NULL); + while (heap_pop(&ca->heap, b, bucket_cmp)) SET_GC_MOVE(b, 1); - } mutex_unlock(&c->bucket_lock); --- a/drivers/md/bcache/super.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/super.c @@ -1912,7 +1912,8 @@ struct cache_set *bch_cache_set_alloc(st INIT_LIST_HEAD(&c->btree_cache_freed); INIT_LIST_HEAD(&c->data_buckets); - iter_size = ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size) * + iter_size = sizeof(struct btree_iter) + + ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size) * sizeof(struct btree_iter_set); c->devices = kcalloc(c->nr_uuids, sizeof(void *), GFP_KERNEL); --- a/drivers/md/bcache/sysfs.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/sysfs.c @@ -660,9 +660,7 @@ static unsigned int bch_root_usage(struc unsigned int bytes = 0; struct bkey *k; struct btree *b; - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; goto lock_root; --- a/drivers/md/bcache/util.h~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/util.h @@ -9,7 +9,6 @@ #include <linux/kernel.h> #include <linux/sched/clock.h> #include <linux/llist.h> -#include <linux/min_heap.h> #include <linux/ratelimit.h> #include <linux/vmalloc.h> #include <linux/workqueue.h> @@ -31,10 +30,16 @@ struct closure; #endif +#define DECLARE_HEAP(type, name) \ + struct { \ + size_t size, used; \ + type *data; \ + } name + #define init_heap(heap, _size, gfp) \ ({ \ size_t _bytes; \ - (heap)->nr = 0; \ + (heap)->used = 0; \ (heap)->size = (_size); \ _bytes = (heap)->size * sizeof(*(heap)->data); \ (heap)->data = kvmalloc(_bytes, (gfp) & GFP_KERNEL); \ @@ -47,6 +52,64 @@ do { \ (heap)->data = NULL; \ } while (0) +#define heap_swap(h, i, j) swap((h)->data[i], (h)->data[j]) + +#define heap_sift(h, i, cmp) \ +do { \ + size_t _r, _j = i; \ + \ + for (; _j * 2 + 1 < (h)->used; _j = _r) { \ + _r = _j * 2 + 1; \ + if (_r + 1 < (h)->used && \ + cmp((h)->data[_r], (h)->data[_r + 1])) \ + _r++; \ + \ + if (cmp((h)->data[_r], (h)->data[_j])) \ + break; \ + heap_swap(h, _r, _j); \ + } \ +} while (0) + +#define heap_sift_down(h, i, cmp) \ +do { \ + while (i) { \ + size_t p = (i - 1) / 2; \ + if (cmp((h)->data[i], (h)->data[p])) \ + break; \ + heap_swap(h, i, p); \ + i = p; \ + } \ +} while (0) + +#define heap_add(h, d, cmp) \ +({ \ + bool _r = !heap_full(h); \ + if (_r) { \ + size_t _i = (h)->used++; \ + (h)->data[_i] = d; \ + \ + heap_sift_down(h, _i, cmp); \ + heap_sift(h, _i, cmp); \ + } \ + _r; \ +}) + +#define heap_pop(h, d, cmp) \ +({ \ + bool _r = (h)->used; \ + if (_r) { \ + (d) = (h)->data[0]; \ + (h)->used--; \ + heap_swap(h, 0, (h)->used); \ + heap_sift(h, 0, cmp); \ + } \ + _r; \ +}) + +#define heap_peek(h) ((h)->used ? (h)->data[0] : NULL) + +#define heap_full(h) ((h)->used == (h)->size) + #define DECLARE_FIFO(type, name) \ struct { \ size_t front, back, size, mask; \ --- a/drivers/md/bcache/writeback.c~revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap +++ a/drivers/md/bcache/writeback.c @@ -908,16 +908,15 @@ static int bch_dirty_init_thread(void *a struct dirty_init_thrd_info *info = arg; struct bch_dirty_init_state *state = info->state; struct cache_set *c = state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; k = p = NULL; prev_idx = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -931,7 +930,7 @@ static int bch_dirty_init_thread(void *a skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -980,13 +979,11 @@ void bch_sectors_dirty_init(struct bcach int i; struct btree *b = NULL; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct sectors_dirty_init op; struct cache_set *c = d->c; struct bch_dirty_init_state state; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - retry_lock: b = c->root; rw_lock(0, b, b->level); _ Patches currently in -mm which might be from visitorckw(a)gmail.com are revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap.patch revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap.patch bcache-remove-unnecessary-select-min_heap.patch lib-math-gcd-use-static-key-to-select-implementation-at-runtime.patch riscv-optimize-gcd-code-size-when-config_riscv_isa_zbb-is-disabled.patch riscv-optimize-gcd-performance-on-risc-v-without-zbb-extension.patch

2 weeks, 1 day

1
0
0 0

+ revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: Revert "bcache: update min_heap_callbacks to use default builtin swap" has been added to the -mm mm-hotfixes-unstable branch. Its filename is revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Kuan-Wei Chiu <visitorckw(a)gmail.com> Subject: Revert "bcache: update min_heap_callbacks to use default builtin swap" Date: Sun, 15 Jun 2025 04:23:51 +0800 Patch series "bcache: Revert min_heap migration due to performance regression". This patch series reverts the migration of bcache from its original heap implementation to the generic min_heap library. While the original change aimed to simplify the code and improve maintainability, it introduced a severe performance regression in real-world scenarios. As reported by Robert, systems using bcache now suffer from periodic latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. This degrades bcache's value as a low-latency caching layer, and leads to frequent timeouts and application stalls in production environments. The primary cause of this regression is the behavior of the generic min_heap implementation's bottom-up sift_down, which performs up to 2 * log2(n) comparisons when many elements are equal. The original top-down variant used by bcache only required O(1) comparisons in such cases. The issue was further exacerbated by commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"), which introduced non-inlined versions of the min_heap API, adding function call overhead to a performance-critical hot path. This patch (of 3): This reverts commit 3d8a9a1c35227c3f1b0bd132c9f0a80dbda07b65. Although removing the custom swap function simplified the code, this change is part of a broader migration to the generic min_heap API that introduced significant performance regressions in bcache. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. This revert is part of a series of changes to restore previous performance by undoing the min_heap transition. Link: https://lkml.kernel.org/r/20250614202353.1632957-1-visitorckw@gmail.com Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Link: https://lkml.kernel.org/r/20250614202353.1632957-2-visitorckw@gmail.com Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Acked-by: Coly Li <colyli(a)kernel.org> Cc: Ching-Chun (Jim) Huang <jserv(a)ccns.ncku.edu.tw> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/md/bcache/alloc.c | 11 +++++++++-- drivers/md/bcache/bset.c | 14 +++++++++++--- drivers/md/bcache/extents.c | 10 +++++++++- drivers/md/bcache/movinggc.c | 10 +++++++++- 4 files changed, 38 insertions(+), 7 deletions(-) --- a/drivers/md/bcache/alloc.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/alloc.c @@ -189,16 +189,23 @@ static inline bool new_bucket_min_cmp(co return new_bucket_prio(ca, *lhs) < new_bucket_prio(ca, *rhs); } +static inline void new_bucket_swap(void *l, void *r, void __always_unused *args) +{ + struct bucket **lhs = l, **rhs = r; + + swap(*lhs, *rhs); +} + static void invalidate_buckets_lru(struct cache *ca) { struct bucket *b; const struct min_heap_callbacks bucket_max_cmp_callback = { .less = new_bucket_max_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; const struct min_heap_callbacks bucket_min_cmp_callback = { .less = new_bucket_min_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; ca->heap.nr = 0; --- a/drivers/md/bcache/bset.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/bset.c @@ -1093,6 +1093,14 @@ static inline bool new_btree_iter_cmp(co return bkey_cmp(_l->k, _r->k) <= 0; } +static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +{ + struct btree_iter_set *_iter1 = iter1; + struct btree_iter_set *_iter2 = iter2; + + swap(*_iter1, *_iter2); +} + static inline bool btree_iter_end(struct btree_iter *iter) { return !iter->heap.nr; @@ -1103,7 +1111,7 @@ void bch_btree_iter_push(struct btree_it { const struct min_heap_callbacks callbacks = { .less = new_btree_iter_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; if (k != end) @@ -1149,7 +1157,7 @@ static inline struct bkey *__bch_btree_i struct bkey *ret = NULL; const struct min_heap_callbacks callbacks = { .less = cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; if (!btree_iter_end(iter)) { @@ -1223,7 +1231,7 @@ static void btree_mergesort(struct btree : bch_ptr_invalid; const struct min_heap_callbacks callbacks = { .less = b->ops->sort_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; /* Heapify the iterator, using our comparison function */ --- a/drivers/md/bcache/extents.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/extents.c @@ -266,12 +266,20 @@ static bool new_bch_extent_sort_cmp(cons return !(c ? c > 0 : _l->k < _r->k); } +static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +{ + struct btree_iter_set *_iter1 = iter1; + struct btree_iter_set *_iter2 = iter2; + + swap(*_iter1, *_iter2); +} + static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, struct bkey *tmp) { const struct min_heap_callbacks callbacks = { .less = new_bch_extent_sort_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; while (iter->heap.nr > 1) { struct btree_iter_set *top = iter->heap.data, *i = top + 1; --- a/drivers/md/bcache/movinggc.c~revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap +++ a/drivers/md/bcache/movinggc.c @@ -190,6 +190,14 @@ static bool new_bucket_cmp(const void *l return GC_SECTORS_USED(*_l) >= GC_SECTORS_USED(*_r); } +static void new_bucket_swap(void *l, void *r, void __always_unused *args) +{ + struct bucket **_l = l; + struct bucket **_r = r; + + swap(*_l, *_r); +} + static unsigned int bucket_heap_top(struct cache *ca) { struct bucket *b; @@ -204,7 +212,7 @@ void bch_moving_gc(struct cache_set *c) unsigned long sectors_to_move, reserve_sectors; const struct min_heap_callbacks callbacks = { .less = new_bucket_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; if (!c->copy_gc_enabled) _ Patches currently in -mm which might be from visitorckw(a)gmail.com are revert-bcache-update-min_heap_callbacks-to-use-default-builtin-swap.patch revert-bcache-remove-heap-related-macros-and-switch-to-generic-min_heap.patch bcache-remove-unnecessary-select-min_heap.patch lib-math-gcd-use-static-key-to-select-implementation-at-runtime.patch riscv-optimize-gcd-code-size-when-config_riscv_isa_zbb-is-disabled.patch riscv-optimize-gcd-performance-on-risc-v-without-zbb-extension.patch

2 weeks, 1 day

1
0
0 0

[PATCH] kallsyms: fix build without execinfo

by Achill Gilgenast

Signed-off-by: Achill Gilgenast <fossdd(a)pwned.life> Cc: stable(a)vger.kernel.org --- tools/include/linux/kallsyms.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/include/linux/kallsyms.h b/tools/include/linux/kallsyms.h index 5a37ccbec54f..f61a01dd7eb7 100644 --- a/tools/include/linux/kallsyms.h +++ b/tools/include/linux/kallsyms.h @@ -18,6 +18,7 @@ static inline const char *kallsyms_lookup(unsigned long addr, return NULL; } +#ifdef HAVE_BACKTRACE_SUPPORT #include <execinfo.h> #include <stdlib.h> static inline void print_ip_sym(const char *loglvl, unsigned long ip) @@ -30,5 +31,8 @@ static inline void print_ip_sym(const char *loglvl, unsigned long ip) free(name); } +#else +static inline void print_ip_sym(const char *loglvl, unsigned long ip) {} +#endif #endif -- 2.49.0

2 weeks, 1 day

3
2
0 0

[PATCH v2] kallsyms: fix build without execinfo

by Achill Gilgenast

Some libc's like musl libc don't provide execinfo.h since it's not part of POSIX. In order to fix compilation on musl, only include execinfo.h if available (HAVE_BACKTRACE_SUPPORT) This was discovered with c104c16073b7 ("Kunit to check the longest symbol length") which starts to include linux/kallsyms.h with Alpine Linux' configs. Signed-off-by: Achill Gilgenast <fossdd(a)pwned.life> Cc: stable(a)vger.kernel.org --- tools/include/linux/kallsyms.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/include/linux/kallsyms.h b/tools/include/linux/kallsyms.h index 5a37ccbec54f..f61a01dd7eb7 100644 --- a/tools/include/linux/kallsyms.h +++ b/tools/include/linux/kallsyms.h @@ -18,6 +18,7 @@ static inline const char *kallsyms_lookup(unsigned long addr, return NULL; } +#ifdef HAVE_BACKTRACE_SUPPORT #include <execinfo.h> #include <stdlib.h> static inline void print_ip_sym(const char *loglvl, unsigned long ip) @@ -30,5 +31,8 @@ static inline void print_ip_sym(const char *loglvl, unsigned long ip) free(name); } +#else +static inline void print_ip_sym(const char *loglvl, unsigned long ip) {} +#endif #endif -- 2.50.0.rc2

2 weeks, 1 day

1
0
0 0

[PATCH 5.10.y 0/5] Backport few sfq fixes

by Harshit Mogalapalli

commit: 10685681bafc ("net_sched: sch_sfq: don't allow 1 packet limit") fixes CVE-2024-57996 and commit: b3bf8f63e617 ("net_sched: sch_sfq: move the limit validation") fixes CVE-2025-37752. Patches 3 and 5 are CVE fixes for above mentioned CVEs. Patch 1,2 and 4 are pulled in as stable-deps. Testing performed on the patched 5.10.238 kernel with the above 5 patches: (Used latest upstream kselftests for tc-testing) # uname -a Linux hamogala-vm-6 5.10.238+ #2 SMP Sun Jun 15 17:27:54 GMT 2025 x86_64 x86_64 x86_64 GNU/Linux # ./tdc.py -f tc-tests/qdiscs/sfq.json -- ns/SubPlugin.__init__ Test 7482: Create SFQ with default setting Test c186: Create SFQ with limit setting Test ae23: Create SFQ with perturb setting Test a430: Create SFQ with quantum setting Test 4539: Create SFQ with divisor setting Test b089: Create SFQ with flows setting Test 99a0: Create SFQ with depth setting Test 7389: Create SFQ with headdrop setting Test 6472: Create SFQ with redflowlimit setting Test 8929: Show SFQ class Test 4d6f: Check that limit of 1 is rejected Test 7f8f: Check that a derived limit of 1 is rejected (limit 2 depth 1 flows 1) Test 5168: Check that a derived limit of 1 is rejected (limit 2 depth 1 divisor 1) All test results: 1..13 ok 1 7482 - Create SFQ with default setting ok 2 c186 - Create SFQ with limit setting ok 3 ae23 - Create SFQ with perturb setting ok 4 a430 - Create SFQ with quantum setting ok 5 4539 - Create SFQ with divisor setting ok 6 b089 - Create SFQ with flows setting ok 7 99a0 - Create SFQ with depth setting ok 8 7389 - Create SFQ with headdrop setting ok 9 6472 - Create SFQ with redflowlimit setting ok 10 8929 - Show SFQ class ok 11 4d6f - Check that limit of 1 is rejected ok 12 7f8f - Check that a derived limit of 1 is rejected (limit 2 depth 1 flows 1) ok 13 5168 - Check that a derived limit of 1 is rejected (limit 2 depth 1 divisor 1) Thanks, Harshit Eric Dumazet (2): net_sched: sch_sfq: annotate data-races around q->perturb_period net_sched: sch_sfq: handle bigger packets Octavian Purdila (3): net_sched: sch_sfq: don't allow 1 packet limit net_sched: sch_sfq: use a temporary work area for validating configuration net_sched: sch_sfq: move the limit validation net/sched/sch_sfq.c | 112 ++++++++++++++++++++++++++++---------------- 1 file changed, 71 insertions(+), 41 deletions(-) -- 2.47.1

2 weeks, 1 day

1
5
0 0

[PATCH 1/1] phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode

by Wayne Chang

When transitioning from USB_ROLE_DEVICE to USB_ROLE_NONE, the code assumed that the regulator should be disabled. However, if the regulator is marked as always-on, regulator_is_enabled() continues to return true, leading to an incorrect attempt to disable a regulator which is not enabled. This can result in warnings such as: [ 250.155624] WARNING: CPU: 1 PID: 7326 at drivers/regulator/core.c:3004 _regulator_disable+0xe4/0x1a0 [ 250.155652] unbalanced disables for VIN_SYS_5V0 To fix this, we move the regulator control logic into tegra186_xusb_padctl_id_override() function since it's directly related to the ID override state. The regulator is now only disabled when the role transitions from USB_ROLE_HOST to USB_ROLE_NONE, by checking the VBUS_ID register. This ensures that regulator enable/disable operations are properly balanced and only occur when actually transitioning to/from host mode. Fixes: 49d46e3c7e59 ("phy: tegra: xusb: Add set_mode support for UTMI phy on Tegra186") Cc: stable(a)vger.kernel.org Signed-off-by: Wayne Chang <waynec(a)nvidia.com> --- drivers/phy/tegra/xusb-tegra186.c | 59 +++++++++++++++++++------------ 1 file changed, 37 insertions(+), 22 deletions(-) diff --git a/drivers/phy/tegra/xusb-tegra186.c b/drivers/phy/tegra/xusb-tegra186.c index fae6242aa730..1b35d50821f7 100644 --- a/drivers/phy/tegra/xusb-tegra186.c +++ b/drivers/phy/tegra/xusb-tegra186.c @@ -774,13 +774,15 @@ static int tegra186_xusb_padctl_vbus_override(struct tegra_xusb_padctl *padctl, } static int tegra186_xusb_padctl_id_override(struct tegra_xusb_padctl *padctl, - bool status) + struct tegra_xusb_usb2_port *port, bool status) { - u32 value; + u32 value, id_override; + int err = 0; dev_dbg(padctl->dev, "%s id override\n", status ? "set" : "clear"); value = padctl_readl(padctl, USB2_VBUS_ID); + id_override = value & ID_OVERRIDE(~0); if (status) { if (value & VBUS_OVERRIDE) { @@ -791,15 +793,35 @@ static int tegra186_xusb_padctl_id_override(struct tegra_xusb_padctl *padctl, value = padctl_readl(padctl, USB2_VBUS_ID); } - value &= ~ID_OVERRIDE(~0); - value |= ID_OVERRIDE_GROUNDED; + if (id_override != ID_OVERRIDE_GROUNDED) { + value &= ~ID_OVERRIDE(~0); + value |= ID_OVERRIDE_GROUNDED; + padctl_writel(padctl, value, USB2_VBUS_ID); + + err = regulator_enable(port->supply); + if (err) { + dev_err(padctl->dev, "Failed to enable regulator: %d\n", err); + return err; + } + } } else { - value &= ~ID_OVERRIDE(~0); - value |= ID_OVERRIDE_FLOATING; + if (id_override == ID_OVERRIDE_GROUNDED) { + /* + * The regulator is disabled only when the role transitions + * from USB_ROLE_HOST to USB_ROLE_NONE. + */ + err = regulator_disable(port->supply); + if (err) { + dev_err(padctl->dev, "Failed to disable regulator: %d\n", err); + return err; + } + + value &= ~ID_OVERRIDE(~0); + value |= ID_OVERRIDE_FLOATING; + padctl_writel(padctl, value, USB2_VBUS_ID); + } } - padctl_writel(padctl, value, USB2_VBUS_ID); - return 0; } @@ -818,27 +840,20 @@ static int tegra186_utmi_phy_set_mode(struct phy *phy, enum phy_mode mode, if (mode == PHY_MODE_USB_OTG) { if (submode == USB_ROLE_HOST) { - tegra186_xusb_padctl_id_override(padctl, true); - - err = regulator_enable(port->supply); + err = tegra186_xusb_padctl_id_override(padctl, port, true); + if (err) + goto out; } else if (submode == USB_ROLE_DEVICE) { tegra186_xusb_padctl_vbus_override(padctl, true); } else if (submode == USB_ROLE_NONE) { - /* - * When port is peripheral only or role transitions to - * USB_ROLE_NONE from USB_ROLE_DEVICE, regulator is not - * enabled. - */ - if (regulator_is_enabled(port->supply)) - regulator_disable(port->supply); - - tegra186_xusb_padctl_id_override(padctl, false); + err = tegra186_xusb_padctl_id_override(padctl, port, false); + if (err) + goto out; tegra186_xusb_padctl_vbus_override(padctl, false); } } - +out: mutex_unlock(&padctl->lock); - return err; } -- 2.25.1

2 weeks, 1 day

3
3
0 0

Re: Patch "Bluetooth: MGMT: Remove unused mgmt_pending_find_data" has been added to the 6.12-stable tree

by Dr. David Alan Gilbert

* Sasha Levin (sashal(a)kernel.org) wrote: > This is a note to let you know that I've just added the patch titled > > Bluetooth: MGMT: Remove unused mgmt_pending_find_data > > to the 6.12-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > bluetooth-mgmt-remove-unused-mgmt_pending_find_data.patch > and it can be found in the queue-6.12 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. It's a cleanup only, so I wouldn't backport it unless it makes backporting a useful patch easier. Dave > > > commit 17d285fbdeb9dabee6c6c348a528ac81ca65a6da > Author: Dr. David Alan Gilbert <linux(a)treblig.org> > Date: Mon Jan 27 21:37:15 2025 +0000 > > Bluetooth: MGMT: Remove unused mgmt_pending_find_data > > [ Upstream commit 276af34d82f13bda0b2a4d9786c90b8bbf1cd064 ] > > mgmt_pending_find_data() last use was removed in 2021 by > commit 5a7501374664 ("Bluetooth: hci_sync: Convert MGMT_OP_GET_CLOCK_INFO") > > Remove it. > > Signed-off-by: Dr. David Alan Gilbert <linux(a)treblig.org> > Reviewed-by: Simon Horman <horms(a)kernel.org> > Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> > Stable-dep-of: 6fe26f694c82 ("Bluetooth: MGMT: Protect mgmt_pending list with its own lock") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/net/bluetooth/mgmt_util.c b/net/bluetooth/mgmt_util.c > index 67db32a60c6a9..3713ff490c65d 100644 > --- a/net/bluetooth/mgmt_util.c > +++ b/net/bluetooth/mgmt_util.c > @@ -229,23 +229,6 @@ struct mgmt_pending_cmd *mgmt_pending_find(unsigned short channel, u16 opcode, > return NULL; > } > > -struct mgmt_pending_cmd *mgmt_pending_find_data(unsigned short channel, > - u16 opcode, > - struct hci_dev *hdev, > - const void *data) > -{ > - struct mgmt_pending_cmd *cmd; > - > - list_for_each_entry(cmd, &hdev->mgmt_pending, list) { > - if (cmd->user_data != data) > - continue; > - if (cmd->opcode == opcode) > - return cmd; > - } > - > - return NULL; > -} > - > void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev, > void (*cb)(struct mgmt_pending_cmd *cmd, void *data), > void *data) > diff --git a/net/bluetooth/mgmt_util.h b/net/bluetooth/mgmt_util.h > index bdf978605d5a8..f2ba994ab1d84 100644 > --- a/net/bluetooth/mgmt_util.h > +++ b/net/bluetooth/mgmt_util.h > @@ -54,10 +54,6 @@ int mgmt_cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status, > > struct mgmt_pending_cmd *mgmt_pending_find(unsigned short channel, u16 opcode, > struct hci_dev *hdev); > -struct mgmt_pending_cmd *mgmt_pending_find_data(unsigned short channel, > - u16 opcode, > - struct hci_dev *hdev, > - const void *data); > void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev, > void (*cb)(struct mgmt_pending_cmd *cmd, void *data), > void *data); -- -----Open up your eyes, open up your mind, open up your code ------- / Dr. David Alan Gilbert | Running GNU/Linux | Happy \ \ dave @ treblig.org | | In Hex / \ _________________________|_____ http://www.treblig.org |_______/

2 weeks, 1 day

2
2
0 0

Re: Patch "Bluetooth: MGMT: Remove unused mgmt_pending_find_data" has been added to the 6.6-stable tree

by Dr. David Alan Gilbert

* Sasha Levin (sashal(a)kernel.org) wrote: > This is a note to let you know that I've just added the patch titled > > Bluetooth: MGMT: Remove unused mgmt_pending_find_data > > to the 6.6-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > bluetooth-mgmt-remove-unused-mgmt_pending_find_data.patch > and it can be found in the queue-6.6 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. <rewinds, copies same message I did for 6.12 - please take this to mean all of them> It's a cleanup only, so I wouldn't backport it unless it makes backporting a useful patch easier. Dave > > > > commit af31788b431f56d9b304d32701f1f9143aae8f95 > Author: Dr. David Alan Gilbert <linux(a)treblig.org> > Date: Mon Jan 27 21:37:15 2025 +0000 > > Bluetooth: MGMT: Remove unused mgmt_pending_find_data > > [ Upstream commit 276af34d82f13bda0b2a4d9786c90b8bbf1cd064 ] > > mgmt_pending_find_data() last use was removed in 2021 by > commit 5a7501374664 ("Bluetooth: hci_sync: Convert MGMT_OP_GET_CLOCK_INFO") > > Remove it. > > Signed-off-by: Dr. David Alan Gilbert <linux(a)treblig.org> > Reviewed-by: Simon Horman <horms(a)kernel.org> > Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> > Stable-dep-of: 6fe26f694c82 ("Bluetooth: MGMT: Protect mgmt_pending list with its own lock") > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/net/bluetooth/mgmt_util.c b/net/bluetooth/mgmt_util.c > index 17e32605d9b00..dba6a0d66500f 100644 > --- a/net/bluetooth/mgmt_util.c > +++ b/net/bluetooth/mgmt_util.c > @@ -229,23 +229,6 @@ struct mgmt_pending_cmd *mgmt_pending_find(unsigned short channel, u16 opcode, > return NULL; > } > > -struct mgmt_pending_cmd *mgmt_pending_find_data(unsigned short channel, > - u16 opcode, > - struct hci_dev *hdev, > - const void *data) > -{ > - struct mgmt_pending_cmd *cmd; > - > - list_for_each_entry(cmd, &hdev->mgmt_pending, list) { > - if (cmd->user_data != data) > - continue; > - if (cmd->opcode == opcode) > - return cmd; > - } > - > - return NULL; > -} > - > void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev, > void (*cb)(struct mgmt_pending_cmd *cmd, void *data), > void *data) > diff --git a/net/bluetooth/mgmt_util.h b/net/bluetooth/mgmt_util.h > index bdf978605d5a8..f2ba994ab1d84 100644 > --- a/net/bluetooth/mgmt_util.h > +++ b/net/bluetooth/mgmt_util.h > @@ -54,10 +54,6 @@ int mgmt_cmd_complete(struct sock *sk, u16 index, u16 cmd, u8 status, > > struct mgmt_pending_cmd *mgmt_pending_find(unsigned short channel, u16 opcode, > struct hci_dev *hdev); > -struct mgmt_pending_cmd *mgmt_pending_find_data(unsigned short channel, > - u16 opcode, > - struct hci_dev *hdev, > - const void *data); > void mgmt_pending_foreach(u16 opcode, struct hci_dev *hdev, > void (*cb)(struct mgmt_pending_cmd *cmd, void *data), > void *data); -- -----Open up your eyes, open up your mind, open up your code ------- / Dr. David Alan Gilbert | Running GNU/Linux | Happy \ \ dave @ treblig.org | | In Hex / \ _________________________|_____ http://www.treblig.org |_______/

2 weeks, 1 day

1
0
0 0

[PATCH v2 3/3] bcache: Remove unnecessary select MIN_HEAP

by Kuan-Wei Chiu

After reverting the transition to the generic min heap library, bcache no longer depends on MIN_HEAP. The select entry can be removed to reduce code size and shrink the kernel's attack surface. This change effectively reverts the bcache-related part of commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"). This is part of a series of changes to address a performance regression caused by the use of the generic min_heap implementation. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Cc: stable(a)vger.kernel.org Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> --- drivers/md/bcache/Kconfig | 1 - 1 file changed, 1 deletion(-) diff --git a/drivers/md/bcache/Kconfig b/drivers/md/bcache/Kconfig index d4697e79d5a3..b2d10063d35f 100644 --- a/drivers/md/bcache/Kconfig +++ b/drivers/md/bcache/Kconfig @@ -5,7 +5,6 @@ config BCACHE select BLOCK_HOLDER_DEPRECATED if SYSFS select CRC64 select CLOSURES - select MIN_HEAP help Allows a block device to be used as cache for other devices; uses a btree for indexing and the layout is optimized for SSDs. -- 2.34.1

2 weeks, 1 day

2
1
0 0

[PATCH v2 2/3] Revert "bcache: remove heap-related macros and switch to generic min_heap"

by Kuan-Wei Chiu

This reverts commit 866898efbb25bb44fd42848318e46db9e785973a. The generic bottom-up min_heap implementation causes performance regression in invalidate_buckets_lru(), a hot path in bcache. Before the cache is fully populated, new_bucket_prio() often returns zero, leading to many equal comparisons. In such cases, bottom-up sift_down performs up to 2 * log2(n) comparisons, while the original top-down approach completes with just O() comparisons, resulting in a measurable performance gap. The performance degradation is further worsened by the non-inlined min_heap API functions introduced in commit 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions"), adding function call overhead to this critical path. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. This revert aims to restore bcache's original low-latency behavior. Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Cc: stable(a)vger.kernel.org Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> --- drivers/md/bcache/alloc.c | 64 +++++------------- drivers/md/bcache/bcache.h | 2 +- drivers/md/bcache/bset.c | 124 ++++++++++++---------------------- drivers/md/bcache/bset.h | 40 ++++++----- drivers/md/bcache/btree.c | 69 ++++++++----------- drivers/md/bcache/extents.c | 53 ++++++--------- drivers/md/bcache/movinggc.c | 41 +++-------- drivers/md/bcache/super.c | 3 +- drivers/md/bcache/sysfs.c | 4 +- drivers/md/bcache/util.h | 67 +++++++++++++++++- drivers/md/bcache/writeback.c | 13 ++-- 11 files changed, 217 insertions(+), 263 deletions(-) diff --git a/drivers/md/bcache/alloc.c b/drivers/md/bcache/alloc.c index da50f6661bae..48ce750bf70a 100644 --- a/drivers/md/bcache/alloc.c +++ b/drivers/md/bcache/alloc.c @@ -164,68 +164,40 @@ static void bch_invalidate_one_bucket(struct cache *ca, struct bucket *b) * prio is worth 1/8th of what INITIAL_PRIO is worth. */ -static inline unsigned int new_bucket_prio(struct cache *ca, struct bucket *b) -{ - unsigned int min_prio = (INITIAL_PRIO - ca->set->min_prio) / 8; - - return (b->prio - ca->set->min_prio + min_prio) * GC_SECTORS_USED(b); -} - -static inline bool new_bucket_max_cmp(const void *l, const void *r, void *args) -{ - struct bucket **lhs = (struct bucket **)l; - struct bucket **rhs = (struct bucket **)r; - struct cache *ca = args; - - return new_bucket_prio(ca, *lhs) > new_bucket_prio(ca, *rhs); -} - -static inline bool new_bucket_min_cmp(const void *l, const void *r, void *args) -{ - struct bucket **lhs = (struct bucket **)l; - struct bucket **rhs = (struct bucket **)r; - struct cache *ca = args; - - return new_bucket_prio(ca, *lhs) < new_bucket_prio(ca, *rhs); -} - -static inline void new_bucket_swap(void *l, void *r, void __always_unused *args) -{ - struct bucket **lhs = l, **rhs = r; +#define bucket_prio(b) \ +({ \ + unsigned int min_prio = (INITIAL_PRIO - ca->set->min_prio) / 8; \ + \ + (b->prio - ca->set->min_prio + min_prio) * GC_SECTORS_USED(b); \ +}) - swap(*lhs, *rhs); -} +#define bucket_max_cmp(l, r) (bucket_prio(l) < bucket_prio(r)) +#define bucket_min_cmp(l, r) (bucket_prio(l) > bucket_prio(r)) static void invalidate_buckets_lru(struct cache *ca) { struct bucket *b; - const struct min_heap_callbacks bucket_max_cmp_callback = { - .less = new_bucket_max_cmp, - .swp = new_bucket_swap, - }; - const struct min_heap_callbacks bucket_min_cmp_callback = { - .less = new_bucket_min_cmp, - .swp = new_bucket_swap, - }; + ssize_t i; - ca->heap.nr = 0; + ca->heap.used = 0; for_each_bucket(b, ca) { if (!bch_can_invalidate_bucket(ca, b)) continue; - if (!min_heap_full(&ca->heap)) - min_heap_push(&ca->heap, &b, &bucket_max_cmp_callback, ca); - else if (!new_bucket_max_cmp(&b, min_heap_peek(&ca->heap), ca)) { + if (!heap_full(&ca->heap)) + heap_add(&ca->heap, b, bucket_max_cmp); + else if (bucket_max_cmp(b, heap_peek(&ca->heap))) { ca->heap.data[0] = b; - min_heap_sift_down(&ca->heap, 0, &bucket_max_cmp_callback, ca); + heap_sift(&ca->heap, 0, bucket_max_cmp); } } - min_heapify_all(&ca->heap, &bucket_min_cmp_callback, ca); + for (i = ca->heap.used / 2 - 1; i >= 0; --i) + heap_sift(&ca->heap, i, bucket_min_cmp); while (!fifo_full(&ca->free_inc)) { - if (!ca->heap.nr) { + if (!heap_pop(&ca->heap, b, bucket_min_cmp)) { /* * We don't want to be calling invalidate_buckets() * multiple times when it can't do anything @@ -234,8 +206,6 @@ static void invalidate_buckets_lru(struct cache *ca) wake_up_gc(ca->set); return; } - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &bucket_min_cmp_callback, ca); bch_invalidate_one_bucket(ca, b); } diff --git a/drivers/md/bcache/bcache.h b/drivers/md/bcache/bcache.h index 785b0d9008fa..1d33e40d26ea 100644 --- a/drivers/md/bcache/bcache.h +++ b/drivers/md/bcache/bcache.h @@ -458,7 +458,7 @@ struct cache { /* Allocation stuff: */ struct bucket *buckets; - DEFINE_MIN_HEAP(struct bucket *, cache_heap) heap; + DECLARE_HEAP(struct bucket *, heap); /* * If nonzero, we know we aren't going to find any buckets to invalidate diff --git a/drivers/md/bcache/bset.c b/drivers/md/bcache/bset.c index bd97d8626887..463eb13bd0b2 100644 --- a/drivers/md/bcache/bset.c +++ b/drivers/md/bcache/bset.c @@ -54,11 +54,9 @@ void bch_dump_bucket(struct btree_keys *b) int __bch_count_data(struct btree_keys *b) { unsigned int ret = 0; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - if (b->ops->is_extents) for_each_key(b, k, &iter) ret += KEY_SIZE(k); @@ -69,11 +67,9 @@ void __bch_check_keys(struct btree_keys *b, const char *fmt, ...) { va_list args; struct bkey *k, *p = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; const char *err; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - for_each_key(b, k, &iter) { if (b->ops->is_extents) { err = "Keys out of order"; @@ -114,9 +110,9 @@ void __bch_check_keys(struct btree_keys *b, const char *fmt, ...) static void bch_btree_iter_next_check(struct btree_iter *iter) { - struct bkey *k = iter->heap.data->k, *next = bkey_next(k); + struct bkey *k = iter->data->k, *next = bkey_next(k); - if (next < iter->heap.data->end && + if (next < iter->data->end && bkey_cmp(k, iter->b->ops->is_extents ? &START_KEY(next) : next) > 0) { bch_dump_bucket(iter->b); @@ -883,14 +879,12 @@ unsigned int bch_btree_insert_key(struct btree_keys *b, struct bkey *k, unsigned int status = BTREE_INSERT_STATUS_NO_INSERT; struct bset *i = bset_tree_last(b)->data; struct bkey *m, *prev = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey preceding_key_on_stack = ZERO_KEY; struct bkey *preceding_key_p = &preceding_key_on_stack; BUG_ON(b->ops->is_extents && !KEY_SIZE(k)); - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* * If k has preceding key, preceding_key_p will be set to address * of k's preceding key; otherwise preceding_key_p will be set @@ -901,9 +895,9 @@ unsigned int bch_btree_insert_key(struct btree_keys *b, struct bkey *k, else preceding_key(k, &preceding_key_p); - m = bch_btree_iter_init(b, &iter, preceding_key_p); + m = bch_btree_iter_stack_init(b, &iter, preceding_key_p); - if (b->ops->insert_fixup(b, k, &iter, replace_key)) + if (b->ops->insert_fixup(b, k, &iter.iter, replace_key)) return status; status = BTREE_INSERT_STATUS_INSERT; @@ -1083,102 +1077,79 @@ struct bkey *__bch_bset_search(struct btree_keys *b, struct bset_tree *t, /* Btree iterator */ -typedef bool (new_btree_iter_cmp_fn)(const void *, const void *, void *); - -static inline bool new_btree_iter_cmp(const void *l, const void *r, void __always_unused *args) -{ - const struct btree_iter_set *_l = l; - const struct btree_iter_set *_r = r; - - return bkey_cmp(_l->k, _r->k) <= 0; -} +typedef bool (btree_iter_cmp_fn)(struct btree_iter_set, + struct btree_iter_set); -static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +static inline bool btree_iter_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_iter1 = iter1; - struct btree_iter_set *_iter2 = iter2; - - swap(*_iter1, *_iter2); + return bkey_cmp(l.k, r.k) > 0; } static inline bool btree_iter_end(struct btree_iter *iter) { - return !iter->heap.nr; + return !iter->used; } void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, struct bkey *end) { - const struct min_heap_callbacks callbacks = { - .less = new_btree_iter_cmp, - .swp = new_btree_iter_swap, - }; - if (k != end) - BUG_ON(!min_heap_push(&iter->heap, - &((struct btree_iter_set) { k, end }), - &callbacks, - NULL)); + BUG_ON(!heap_add(iter, + ((struct btree_iter_set) { k, end }), + btree_iter_cmp)); } -static struct bkey *__bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search, - struct bset_tree *start) +static struct bkey *__bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search, + struct bset_tree *start) { struct bkey *ret = NULL; - iter->heap.size = ARRAY_SIZE(iter->heap.preallocated); - iter->heap.nr = 0; + iter->iter.size = ARRAY_SIZE(iter->stack_data); + iter->iter.used = 0; #ifdef CONFIG_BCACHE_DEBUG - iter->b = b; + iter->iter.b = b; #endif for (; start <= bset_tree_last(b); start++) { ret = bch_bset_search(b, start, search); - bch_btree_iter_push(iter, ret, bset_bkey_last(start->data)); + bch_btree_iter_push(&iter->iter, ret, bset_bkey_last(start->data)); } return ret; } -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, struct bkey *search) { - return __bch_btree_iter_init(b, iter, search, b->set); + return __bch_btree_iter_stack_init(b, iter, search, b->set); } static inline struct bkey *__bch_btree_iter_next(struct btree_iter *iter, - new_btree_iter_cmp_fn *cmp) + btree_iter_cmp_fn *cmp) { struct btree_iter_set b __maybe_unused; struct bkey *ret = NULL; - const struct min_heap_callbacks callbacks = { - .less = cmp, - .swp = new_btree_iter_swap, - }; if (!btree_iter_end(iter)) { bch_btree_iter_next_check(iter); - ret = iter->heap.data->k; - iter->heap.data->k = bkey_next(iter->heap.data->k); + ret = iter->data->k; + iter->data->k = bkey_next(iter->data->k); - if (iter->heap.data->k > iter->heap.data->end) { + if (iter->data->k > iter->data->end) { WARN_ONCE(1, "bset was corrupt!\n"); - iter->heap.data->k = iter->heap.data->end; + iter->data->k = iter->data->end; } - if (iter->heap.data->k == iter->heap.data->end) { - if (iter->heap.nr) { - b = min_heap_peek(&iter->heap)[0]; - min_heap_pop(&iter->heap, &callbacks, NULL); - } - } + if (iter->data->k == iter->data->end) + heap_pop(iter, b, cmp); else - min_heap_sift_down(&iter->heap, 0, &callbacks, NULL); + heap_sift(iter, 0, cmp); } return ret; @@ -1186,7 +1157,7 @@ static inline struct bkey *__bch_btree_iter_next(struct btree_iter *iter, struct bkey *bch_btree_iter_next(struct btree_iter *iter) { - return __bch_btree_iter_next(iter, new_btree_iter_cmp); + return __bch_btree_iter_next(iter, btree_iter_cmp); } @@ -1224,18 +1195,16 @@ static void btree_mergesort(struct btree_keys *b, struct bset *out, struct btree_iter *iter, bool fixup, bool remove_stale) { + int i; struct bkey *k, *last = NULL; BKEY_PADDED(k) tmp; bool (*bad)(struct btree_keys *, const struct bkey *) = remove_stale ? bch_ptr_bad : bch_ptr_invalid; - const struct min_heap_callbacks callbacks = { - .less = b->ops->sort_cmp, - .swp = new_btree_iter_swap, - }; /* Heapify the iterator, using our comparison function */ - min_heapify_all(&iter->heap, &callbacks, NULL); + for (i = iter->used / 2 - 1; i >= 0; --i) + heap_sift(iter, i, b->ops->sort_cmp); while (!btree_iter_end(iter)) { if (b->ops->sort_fixup && fixup) @@ -1324,11 +1293,10 @@ void bch_btree_sort_partial(struct btree_keys *b, unsigned int start, struct bset_sort_state *state) { size_t order = b->page_order, keys = 0; - struct btree_iter iter; + struct btree_iter_stack iter; int oldsize = bch_count_data(b); - min_heap_init(&iter.heap, NULL, MAX_BSETS); - __bch_btree_iter_init(b, &iter, NULL, &b->set[start]); + __bch_btree_iter_stack_init(b, &iter, NULL, &b->set[start]); if (start) { unsigned int i; @@ -1339,7 +1307,7 @@ void bch_btree_sort_partial(struct btree_keys *b, unsigned int start, order = get_order(__set_bytes(b->set->data, keys)); } - __btree_sort(b, &iter, start, order, false, state); + __btree_sort(b, &iter.iter, start, order, false, state); EBUG_ON(oldsize >= 0 && bch_count_data(b) != oldsize); } @@ -1355,13 +1323,11 @@ void bch_btree_sort_into(struct btree_keys *b, struct btree_keys *new, struct bset_sort_state *state) { uint64_t start_time = local_clock(); - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; - bch_btree_iter_init(b, &iter, NULL); + bch_btree_iter_stack_init(b, &iter, NULL); - btree_mergesort(b, new->set->data, &iter, false, true); + btree_mergesort(b, new->set->data, &iter.iter, false, true); bch_time_stats_update(&state->time, start_time); diff --git a/drivers/md/bcache/bset.h b/drivers/md/bcache/bset.h index f79441acd4c1..011f6062c4c0 100644 --- a/drivers/md/bcache/bset.h +++ b/drivers/md/bcache/bset.h @@ -187,9 +187,8 @@ struct bset_tree { }; struct btree_keys_ops { - bool (*sort_cmp)(const void *l, - const void *r, - void *args); + bool (*sort_cmp)(struct btree_iter_set l, + struct btree_iter_set r); struct bkey *(*sort_fixup)(struct btree_iter *iter, struct bkey *tmp); bool (*insert_fixup)(struct btree_keys *b, @@ -313,17 +312,23 @@ enum { BTREE_INSERT_STATUS_FRONT_MERGE, }; -struct btree_iter_set { - struct bkey *k, *end; -}; - /* Btree key iteration */ struct btree_iter { + size_t size, used; #ifdef CONFIG_BCACHE_DEBUG struct btree_keys *b; #endif - MIN_HEAP_PREALLOCATED(struct btree_iter_set, btree_iter_heap, MAX_BSETS) heap; + struct btree_iter_set { + struct bkey *k, *end; + } data[]; +}; + +/* Fixed-size btree_iter that can be allocated on the stack */ + +struct btree_iter_stack { + struct btree_iter iter; + struct btree_iter_set stack_data[MAX_BSETS]; }; typedef bool (*ptr_filter_fn)(struct btree_keys *b, const struct bkey *k); @@ -335,9 +340,9 @@ struct bkey *bch_btree_iter_next_filter(struct btree_iter *iter, void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, struct bkey *end); -struct bkey *bch_btree_iter_init(struct btree_keys *b, - struct btree_iter *iter, - struct bkey *search); +struct bkey *bch_btree_iter_stack_init(struct btree_keys *b, + struct btree_iter_stack *iter, + struct bkey *search); struct bkey *__bch_bset_search(struct btree_keys *b, struct bset_tree *t, const struct bkey *search); @@ -352,13 +357,14 @@ static inline struct bkey *bch_bset_search(struct btree_keys *b, return search ? __bch_bset_search(b, t, search) : t->data->start; } -#define for_each_key_filter(b, k, iter, filter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next_filter((iter), (b), filter));) +#define for_each_key_filter(b, k, stack_iter, filter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next_filter(&((stack_iter)->iter), (b), \ + filter));) -#define for_each_key(b, k, iter) \ - for (bch_btree_iter_init((b), (iter), NULL); \ - ((k) = bch_btree_iter_next(iter));) +#define for_each_key(b, k, stack_iter) \ + for (bch_btree_iter_stack_init((b), (stack_iter), NULL); \ + ((k) = bch_btree_iter_next(&((stack_iter)->iter)));) /* Sorting */ diff --git a/drivers/md/bcache/btree.c b/drivers/md/bcache/btree.c index 1d0100677357..210b59007d98 100644 --- a/drivers/md/bcache/btree.c +++ b/drivers/md/bcache/btree.c @@ -148,19 +148,19 @@ void bch_btree_node_read_done(struct btree *b) { const char *err = "bad btree header"; struct bset *i = btree_bset_first(b); - struct btree_iter iter; + struct btree_iter *iter; /* * c->fill_iter can allocate an iterator with more memory space * than static MAX_BSETS. * See the comment arount cache_set->fill_iter. */ - iter.heap.data = mempool_alloc(&b->c->fill_iter, GFP_NOIO); - iter.heap.size = b->c->cache->sb.bucket_size / b->c->cache->sb.block_size; - iter.heap.nr = 0; + iter = mempool_alloc(&b->c->fill_iter, GFP_NOIO); + iter->size = b->c->cache->sb.bucket_size / b->c->cache->sb.block_size; + iter->used = 0; #ifdef CONFIG_BCACHE_DEBUG - iter.b = &b->keys; + iter->b = &b->keys; #endif if (!i->seq) @@ -198,7 +198,7 @@ void bch_btree_node_read_done(struct btree *b) if (i != b->keys.set[0].data && !i->keys) goto err; - bch_btree_iter_push(&iter, i->start, bset_bkey_last(i)); + bch_btree_iter_push(iter, i->start, bset_bkey_last(i)); b->written += set_blocks(i, block_bytes(b->c->cache)); } @@ -210,7 +210,7 @@ void bch_btree_node_read_done(struct btree *b) if (i->seq == b->keys.set[0].data->seq) goto err; - bch_btree_sort_and_fix_extents(&b->keys, &iter, &b->c->sort); + bch_btree_sort_and_fix_extents(&b->keys, iter, &b->c->sort); i = b->keys.set[0].data; err = "short btree key"; @@ -222,7 +222,7 @@ void bch_btree_node_read_done(struct btree *b) bch_bset_init_next(&b->keys, write_block(b), bset_magic(&b->c->cache->sb)); out: - mempool_free(iter.heap.data, &b->c->fill_iter); + mempool_free(iter, &b->c->fill_iter); return; err: set_btree_node_io_error(b); @@ -1306,11 +1306,9 @@ static bool btree_gc_mark_node(struct btree *b, struct gc_stat *gc) uint8_t stale = 0; unsigned int keys = 0, good_keys = 0; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct bset_tree *t; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - gc->nodes++; for_each_key_filter(&b->keys, k, &iter, bch_ptr_invalid) { @@ -1569,11 +1567,9 @@ static int btree_gc_rewrite_node(struct btree *b, struct btree_op *op, static unsigned int btree_gc_count_keys(struct btree *b) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; unsigned int ret = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - for_each_key_filter(&b->keys, k, &iter, bch_ptr_bad) ret += bkey_u64s(k); @@ -1612,18 +1608,18 @@ static int btree_gc_recurse(struct btree *b, struct btree_op *op, int ret = 0; bool should_rewrite; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; struct gc_merge_info r[GC_MERGE_NODES]; struct gc_merge_info *i, *last = r + ARRAY_SIZE(r) - 1; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, &b->c->gc_done); + bch_btree_iter_stack_init(&b->keys, &iter, &b->c->gc_done); for (i = r; i < r + ARRAY_SIZE(r); i++) i->b = ERR_PTR(-EINTR); while (1) { - k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad); + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad); if (k) { r->b = bch_btree_node_get(b->c, op, k, b->level - 1, true, b); @@ -1918,9 +1914,7 @@ static int bch_btree_check_recurse(struct btree *b, struct btree_op *op) { int ret = 0; struct bkey *k, *p = NULL; - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; for_each_key_filter(&b->keys, k, &iter, bch_ptr_invalid) bch_initial_mark_key(b->c, b->level, k); @@ -1928,10 +1922,10 @@ static int bch_btree_check_recurse(struct btree *b, struct btree_op *op) bch_initial_mark_key(b->c, b->level + 1, &b->key); if (b->level) { - bch_btree_iter_init(&b->keys, &iter, NULL); + bch_btree_iter_stack_init(&b->keys, &iter, NULL); do { - k = bch_btree_iter_next_filter(&iter, &b->keys, + k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad); if (k) { btree_node_prefetch(b, k); @@ -1959,7 +1953,7 @@ static int bch_btree_check_thread(void *arg) struct btree_check_info *info = arg; struct btree_check_state *check_state = info->state; struct cache_set *c = check_state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; @@ -1967,11 +1961,9 @@ static int bch_btree_check_thread(void *arg) cur_idx = prev_idx = 0; ret = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* root node keys are checked before thread created */ - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -1989,7 +1981,7 @@ static int bch_btree_check_thread(void *arg) skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -2062,11 +2054,9 @@ int bch_btree_check(struct cache_set *c) int ret = 0; int i; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct btree_check_state check_state; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - /* check and mark root node keys */ for_each_key_filter(&c->root->keys, k, &iter, bch_ptr_invalid) bch_initial_mark_key(c, c->root->level, k); @@ -2560,12 +2550,11 @@ static int bch_btree_map_nodes_recurse(struct btree *b, struct btree_op *op, if (b->level) { struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, bch_ptr_bad))) { ret = bcache_btree(map_nodes_recurse, k, b, op, from, fn, flags); @@ -2594,12 +2583,12 @@ int bch_btree_map_keys_recurse(struct btree *b, struct btree_op *op, { int ret = MAP_CONTINUE; struct bkey *k; - struct btree_iter iter; + struct btree_iter_stack iter; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&b->keys, &iter, from); + bch_btree_iter_stack_init(&b->keys, &iter, from); - while ((k = bch_btree_iter_next_filter(&iter, &b->keys, bch_ptr_bad))) { + while ((k = bch_btree_iter_next_filter(&iter.iter, &b->keys, + bch_ptr_bad))) { ret = !b->level ? fn(op, b, k) : bcache_btree(map_keys_recurse, k, diff --git a/drivers/md/bcache/extents.c b/drivers/md/bcache/extents.c index a7221e5dbe81..d626ffcbecb9 100644 --- a/drivers/md/bcache/extents.c +++ b/drivers/md/bcache/extents.c @@ -33,16 +33,15 @@ static void sort_key_next(struct btree_iter *iter, i->k = bkey_next(i->k); if (i->k == i->end) - *i = iter->heap.data[--iter->heap.nr]; + *i = iter->data[--iter->used]; } -static bool new_bch_key_sort_cmp(const void *l, const void *r, void *args) +static bool bch_key_sort_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_l = (struct btree_iter_set *)l; - struct btree_iter_set *_r = (struct btree_iter_set *)r; - int64_t c = bkey_cmp(_l->k, _r->k); + int64_t c = bkey_cmp(l.k, r.k); - return !(c ? c > 0 : _l->k < _r->k); + return c ? c > 0 : l.k < r.k; } static bool __ptr_invalid(struct cache_set *c, const struct bkey *k) @@ -239,7 +238,7 @@ static bool bch_btree_ptr_insert_fixup(struct btree_keys *bk, } const struct btree_keys_ops bch_btree_keys_ops = { - .sort_cmp = new_bch_key_sort_cmp, + .sort_cmp = bch_key_sort_cmp, .insert_fixup = bch_btree_ptr_insert_fixup, .key_invalid = bch_btree_ptr_invalid, .key_bad = bch_btree_ptr_bad, @@ -256,36 +255,22 @@ const struct btree_keys_ops bch_btree_keys_ops = { * Necessary for btree_sort_fixup() - if there are multiple keys that compare * equal in different sets, we have to process them newest to oldest. */ - -static bool new_bch_extent_sort_cmp(const void *l, const void *r, void __always_unused *args) -{ - struct btree_iter_set *_l = (struct btree_iter_set *)l; - struct btree_iter_set *_r = (struct btree_iter_set *)r; - int64_t c = bkey_cmp(&START_KEY(_l->k), &START_KEY(_r->k)); - - return !(c ? c > 0 : _l->k < _r->k); -} - -static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +static bool bch_extent_sort_cmp(struct btree_iter_set l, + struct btree_iter_set r) { - struct btree_iter_set *_iter1 = iter1; - struct btree_iter_set *_iter2 = iter2; + int64_t c = bkey_cmp(&START_KEY(l.k), &START_KEY(r.k)); - swap(*_iter1, *_iter2); + return c ? c > 0 : l.k < r.k; } static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, struct bkey *tmp) { - const struct min_heap_callbacks callbacks = { - .less = new_bch_extent_sort_cmp, - .swp = new_btree_iter_swap, - }; - while (iter->heap.nr > 1) { - struct btree_iter_set *top = iter->heap.data, *i = top + 1; - - if (iter->heap.nr > 2 && - !new_bch_extent_sort_cmp(&i[0], &i[1], NULL)) + while (iter->used > 1) { + struct btree_iter_set *top = iter->data, *i = top + 1; + + if (iter->used > 2 && + bch_extent_sort_cmp(i[0], i[1])) i++; if (bkey_cmp(top->k, &START_KEY(i->k)) <= 0) @@ -293,7 +278,7 @@ static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, if (!KEY_SIZE(i->k)) { sort_key_next(iter, i); - min_heap_sift_down(&iter->heap, i - top, &callbacks, NULL); + heap_sift(iter, i - top, bch_extent_sort_cmp); continue; } @@ -303,7 +288,7 @@ static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, else bch_cut_front(top->k, i->k); - min_heap_sift_down(&iter->heap, i - top, &callbacks, NULL); + heap_sift(iter, i - top, bch_extent_sort_cmp); } else { /* can't happen because of comparison func */ BUG_ON(!bkey_cmp(&START_KEY(top->k), &START_KEY(i->k))); @@ -313,7 +298,7 @@ static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, bch_cut_back(&START_KEY(i->k), tmp); bch_cut_front(i->k, top->k); - min_heap_sift_down(&iter->heap, 0, &callbacks, NULL); + heap_sift(iter, 0, bch_extent_sort_cmp); return tmp; } else { @@ -633,7 +618,7 @@ static bool bch_extent_merge(struct btree_keys *bk, } const struct btree_keys_ops bch_extent_keys_ops = { - .sort_cmp = new_bch_extent_sort_cmp, + .sort_cmp = bch_extent_sort_cmp, .sort_fixup = bch_extent_sort_fixup, .insert_fixup = bch_extent_insert_fixup, .key_invalid = bch_extent_invalid, diff --git a/drivers/md/bcache/movinggc.c b/drivers/md/bcache/movinggc.c index d6c73dd8eb2b..26a6a535ec32 100644 --- a/drivers/md/bcache/movinggc.c +++ b/drivers/md/bcache/movinggc.c @@ -182,27 +182,16 @@ err: if (!IS_ERR_OR_NULL(w->private)) closure_sync(&cl); } -static bool new_bucket_cmp(const void *l, const void *r, void __always_unused *args) +static bool bucket_cmp(struct bucket *l, struct bucket *r) { - struct bucket **_l = (struct bucket **)l; - struct bucket **_r = (struct bucket **)r; - - return GC_SECTORS_USED(*_l) >= GC_SECTORS_USED(*_r); -} - -static void new_bucket_swap(void *l, void *r, void __always_unused *args) -{ - struct bucket **_l = l; - struct bucket **_r = r; - - swap(*_l, *_r); + return GC_SECTORS_USED(l) < GC_SECTORS_USED(r); } static unsigned int bucket_heap_top(struct cache *ca) { struct bucket *b; - return (b = min_heap_peek(&ca->heap)[0]) ? GC_SECTORS_USED(b) : 0; + return (b = heap_peek(&ca->heap)) ? GC_SECTORS_USED(b) : 0; } void bch_moving_gc(struct cache_set *c) @@ -210,10 +199,6 @@ void bch_moving_gc(struct cache_set *c) struct cache *ca = c->cache; struct bucket *b; unsigned long sectors_to_move, reserve_sectors; - const struct min_heap_callbacks callbacks = { - .less = new_bucket_cmp, - .swp = new_bucket_swap, - }; if (!c->copy_gc_enabled) return; @@ -224,7 +209,7 @@ void bch_moving_gc(struct cache_set *c) reserve_sectors = ca->sb.bucket_size * fifo_used(&ca->free[RESERVE_MOVINGGC]); - ca->heap.nr = 0; + ca->heap.used = 0; for_each_bucket(b, ca) { if (GC_MARK(b) == GC_MARK_METADATA || @@ -233,31 +218,25 @@ void bch_moving_gc(struct cache_set *c) atomic_read(&b->pin)) continue; - if (!min_heap_full(&ca->heap)) { + if (!heap_full(&ca->heap)) { sectors_to_move += GC_SECTORS_USED(b); - min_heap_push(&ca->heap, &b, &callbacks, NULL); - } else if (!new_bucket_cmp(&b, min_heap_peek(&ca->heap), ca)) { + heap_add(&ca->heap, b, bucket_cmp); + } else if (bucket_cmp(b, heap_peek(&ca->heap))) { sectors_to_move -= bucket_heap_top(ca); sectors_to_move += GC_SECTORS_USED(b); ca->heap.data[0] = b; - min_heap_sift_down(&ca->heap, 0, &callbacks, NULL); + heap_sift(&ca->heap, 0, bucket_cmp); } } while (sectors_to_move > reserve_sectors) { - if (ca->heap.nr) { - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &callbacks, NULL); - } + heap_pop(&ca->heap, b, bucket_cmp); sectors_to_move -= GC_SECTORS_USED(b); } - while (ca->heap.nr) { - b = min_heap_peek(&ca->heap)[0]; - min_heap_pop(&ca->heap, &callbacks, NULL); + while (heap_pop(&ca->heap, b, bucket_cmp)) SET_GC_MOVE(b, 1); - } mutex_unlock(&c->bucket_lock); diff --git a/drivers/md/bcache/super.c b/drivers/md/bcache/super.c index 1efb768b2890..2ea490b9d370 100644 --- a/drivers/md/bcache/super.c +++ b/drivers/md/bcache/super.c @@ -1912,7 +1912,8 @@ struct cache_set *bch_cache_set_alloc(struct cache_sb *sb) INIT_LIST_HEAD(&c->btree_cache_freed); INIT_LIST_HEAD(&c->data_buckets); - iter_size = ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size) * + iter_size = sizeof(struct btree_iter) + + ((meta_bucket_pages(sb) * PAGE_SECTORS) / sb->block_size) * sizeof(struct btree_iter_set); c->devices = kcalloc(c->nr_uuids, sizeof(void *), GFP_KERNEL); diff --git a/drivers/md/bcache/sysfs.c b/drivers/md/bcache/sysfs.c index e8f696cb58c0..826b14cae4e5 100644 --- a/drivers/md/bcache/sysfs.c +++ b/drivers/md/bcache/sysfs.c @@ -660,9 +660,7 @@ static unsigned int bch_root_usage(struct cache_set *c) unsigned int bytes = 0; struct bkey *k; struct btree *b; - struct btree_iter iter; - - min_heap_init(&iter.heap, NULL, MAX_BSETS); + struct btree_iter_stack iter; goto lock_root; diff --git a/drivers/md/bcache/util.h b/drivers/md/bcache/util.h index 539454d8e2d0..f61ab1bada6c 100644 --- a/drivers/md/bcache/util.h +++ b/drivers/md/bcache/util.h @@ -9,7 +9,6 @@ #include <linux/kernel.h> #include <linux/sched/clock.h> #include <linux/llist.h> -#include <linux/min_heap.h> #include <linux/ratelimit.h> #include <linux/vmalloc.h> #include <linux/workqueue.h> @@ -31,10 +30,16 @@ struct closure; #endif +#define DECLARE_HEAP(type, name) \ + struct { \ + size_t size, used; \ + type *data; \ + } name + #define init_heap(heap, _size, gfp) \ ({ \ size_t _bytes; \ - (heap)->nr = 0; \ + (heap)->used = 0; \ (heap)->size = (_size); \ _bytes = (heap)->size * sizeof(*(heap)->data); \ (heap)->data = kvmalloc(_bytes, (gfp) & GFP_KERNEL); \ @@ -47,6 +52,64 @@ do { \ (heap)->data = NULL; \ } while (0) +#define heap_swap(h, i, j) swap((h)->data[i], (h)->data[j]) + +#define heap_sift(h, i, cmp) \ +do { \ + size_t _r, _j = i; \ + \ + for (; _j * 2 + 1 < (h)->used; _j = _r) { \ + _r = _j * 2 + 1; \ + if (_r + 1 < (h)->used && \ + cmp((h)->data[_r], (h)->data[_r + 1])) \ + _r++; \ + \ + if (cmp((h)->data[_r], (h)->data[_j])) \ + break; \ + heap_swap(h, _r, _j); \ + } \ +} while (0) + +#define heap_sift_down(h, i, cmp) \ +do { \ + while (i) { \ + size_t p = (i - 1) / 2; \ + if (cmp((h)->data[i], (h)->data[p])) \ + break; \ + heap_swap(h, i, p); \ + i = p; \ + } \ +} while (0) + +#define heap_add(h, d, cmp) \ +({ \ + bool _r = !heap_full(h); \ + if (_r) { \ + size_t _i = (h)->used++; \ + (h)->data[_i] = d; \ + \ + heap_sift_down(h, _i, cmp); \ + heap_sift(h, _i, cmp); \ + } \ + _r; \ +}) + +#define heap_pop(h, d, cmp) \ +({ \ + bool _r = (h)->used; \ + if (_r) { \ + (d) = (h)->data[0]; \ + (h)->used--; \ + heap_swap(h, 0, (h)->used); \ + heap_sift(h, 0, cmp); \ + } \ + _r; \ +}) + +#define heap_peek(h) ((h)->used ? (h)->data[0] : NULL) + +#define heap_full(h) ((h)->used == (h)->size) + #define DECLARE_FIFO(type, name) \ struct { \ size_t front, back, size, mask; \ diff --git a/drivers/md/bcache/writeback.c b/drivers/md/bcache/writeback.c index 453efbbdc8ee..302e75f1fc4b 100644 --- a/drivers/md/bcache/writeback.c +++ b/drivers/md/bcache/writeback.c @@ -908,16 +908,15 @@ static int bch_dirty_init_thread(void *arg) struct dirty_init_thrd_info *info = arg; struct bch_dirty_init_state *state = info->state; struct cache_set *c = state->c; - struct btree_iter iter; + struct btree_iter_stack iter; struct bkey *k, *p; int cur_idx, prev_idx, skip_nr; k = p = NULL; prev_idx = 0; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - bch_btree_iter_init(&c->root->keys, &iter, NULL); - k = bch_btree_iter_next_filter(&iter, &c->root->keys, bch_ptr_bad); + bch_btree_iter_stack_init(&c->root->keys, &iter, NULL); + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); BUG_ON(!k); p = k; @@ -931,7 +930,7 @@ static int bch_dirty_init_thread(void *arg) skip_nr = cur_idx - prev_idx; while (skip_nr) { - k = bch_btree_iter_next_filter(&iter, + k = bch_btree_iter_next_filter(&iter.iter, &c->root->keys, bch_ptr_bad); if (k) @@ -980,13 +979,11 @@ void bch_sectors_dirty_init(struct bcache_device *d) int i; struct btree *b = NULL; struct bkey *k = NULL; - struct btree_iter iter; + struct btree_iter_stack iter; struct sectors_dirty_init op; struct cache_set *c = d->c; struct bch_dirty_init_state state; - min_heap_init(&iter.heap, NULL, MAX_BSETS); - retry_lock: b = c->root; rw_lock(0, b, b->level); -- 2.34.1

2 weeks, 1 day

2
1
0 0

[PATCH v2 1/3] Revert "bcache: update min_heap_callbacks to use default builtin swap"

by Kuan-Wei Chiu

This reverts commit 3d8a9a1c35227c3f1b0bd132c9f0a80dbda07b65. Although removing the custom swap function simplified the code, this change is part of a broader migration to the generic min_heap API that introduced significant performance regressions in bcache. As reported by Robert, bcache now suffers from latency spikes, with P100 (max) latency increasing from 600 ms to 2.4 seconds every 5 minutes. These regressions degrade bcache's effectiveness as a low-latency cache layer and lead to frequent timeouts and application stalls in production environments. This revert is part of a series of changes to restore previous performance by undoing the min_heap transition. Link: https://lore.kernel.org/lkml/CAJhEC05+0S69z+3+FB2Cd0hD+pCRyWTKLEOsc8BOmH73p… Fixes: 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap") Fixes: 92a8b224b833 ("lib/min_heap: introduce non-inline versions of min heap API functions") Reported-by: Robert Pang <robertpang(a)google.com> Closes: https://lore.kernel.org/linux-bcache/CAJhEC06F_AtrPgw2-7CvCqZgeStgCtitbD-ry… Cc: stable(a)vger.kernel.org Signed-off-by: Kuan-Wei Chiu <visitorckw(a)gmail.com> --- drivers/md/bcache/alloc.c | 11 +++++++++-- drivers/md/bcache/bset.c | 14 +++++++++++--- drivers/md/bcache/extents.c | 10 +++++++++- drivers/md/bcache/movinggc.c | 10 +++++++++- 4 files changed, 38 insertions(+), 7 deletions(-) diff --git a/drivers/md/bcache/alloc.c b/drivers/md/bcache/alloc.c index 8998e61efa40..da50f6661bae 100644 --- a/drivers/md/bcache/alloc.c +++ b/drivers/md/bcache/alloc.c @@ -189,16 +189,23 @@ static inline bool new_bucket_min_cmp(const void *l, const void *r, void *args) return new_bucket_prio(ca, *lhs) < new_bucket_prio(ca, *rhs); } +static inline void new_bucket_swap(void *l, void *r, void __always_unused *args) +{ + struct bucket **lhs = l, **rhs = r; + + swap(*lhs, *rhs); +} + static void invalidate_buckets_lru(struct cache *ca) { struct bucket *b; const struct min_heap_callbacks bucket_max_cmp_callback = { .less = new_bucket_max_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; const struct min_heap_callbacks bucket_min_cmp_callback = { .less = new_bucket_min_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; ca->heap.nr = 0; diff --git a/drivers/md/bcache/bset.c b/drivers/md/bcache/bset.c index 68258a16e125..bd97d8626887 100644 --- a/drivers/md/bcache/bset.c +++ b/drivers/md/bcache/bset.c @@ -1093,6 +1093,14 @@ static inline bool new_btree_iter_cmp(const void *l, const void *r, void __alway return bkey_cmp(_l->k, _r->k) <= 0; } +static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +{ + struct btree_iter_set *_iter1 = iter1; + struct btree_iter_set *_iter2 = iter2; + + swap(*_iter1, *_iter2); +} + static inline bool btree_iter_end(struct btree_iter *iter) { return !iter->heap.nr; @@ -1103,7 +1111,7 @@ void bch_btree_iter_push(struct btree_iter *iter, struct bkey *k, { const struct min_heap_callbacks callbacks = { .less = new_btree_iter_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; if (k != end) @@ -1149,7 +1157,7 @@ static inline struct bkey *__bch_btree_iter_next(struct btree_iter *iter, struct bkey *ret = NULL; const struct min_heap_callbacks callbacks = { .less = cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; if (!btree_iter_end(iter)) { @@ -1223,7 +1231,7 @@ static void btree_mergesort(struct btree_keys *b, struct bset *out, : bch_ptr_invalid; const struct min_heap_callbacks callbacks = { .less = b->ops->sort_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; /* Heapify the iterator, using our comparison function */ diff --git a/drivers/md/bcache/extents.c b/drivers/md/bcache/extents.c index 4b84fda1530a..a7221e5dbe81 100644 --- a/drivers/md/bcache/extents.c +++ b/drivers/md/bcache/extents.c @@ -266,12 +266,20 @@ static bool new_bch_extent_sort_cmp(const void *l, const void *r, void __always_ return !(c ? c > 0 : _l->k < _r->k); } +static inline void new_btree_iter_swap(void *iter1, void *iter2, void __always_unused *args) +{ + struct btree_iter_set *_iter1 = iter1; + struct btree_iter_set *_iter2 = iter2; + + swap(*_iter1, *_iter2); +} + static struct bkey *bch_extent_sort_fixup(struct btree_iter *iter, struct bkey *tmp) { const struct min_heap_callbacks callbacks = { .less = new_bch_extent_sort_cmp, - .swp = NULL, + .swp = new_btree_iter_swap, }; while (iter->heap.nr > 1) { struct btree_iter_set *top = iter->heap.data, *i = top + 1; diff --git a/drivers/md/bcache/movinggc.c b/drivers/md/bcache/movinggc.c index 45ca134cbf02..d6c73dd8eb2b 100644 --- a/drivers/md/bcache/movinggc.c +++ b/drivers/md/bcache/movinggc.c @@ -190,6 +190,14 @@ static bool new_bucket_cmp(const void *l, const void *r, void __always_unused *a return GC_SECTORS_USED(*_l) >= GC_SECTORS_USED(*_r); } +static void new_bucket_swap(void *l, void *r, void __always_unused *args) +{ + struct bucket **_l = l; + struct bucket **_r = r; + + swap(*_l, *_r); +} + static unsigned int bucket_heap_top(struct cache *ca) { struct bucket *b; @@ -204,7 +212,7 @@ void bch_moving_gc(struct cache_set *c) unsigned long sectors_to_move, reserve_sectors; const struct min_heap_callbacks callbacks = { .less = new_bucket_cmp, - .swp = NULL, + .swp = new_bucket_swap, }; if (!c->copy_gc_enabled) -- 2.34.1

2 weeks, 1 day

2
1
0 0

[PATCH v2] fscrypt: don't use problematic non-inline crypto accelerators

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> Make fscrypt no longer use Crypto API drivers for non-inline crypto accelerators, even when the Crypto API prioritizes them over CPU-based code (which unfortunately it often does). These drivers tend to be really problematic, especially for fscrypt's synchronous workload. Specifically, exclude drivers that have CRYPTO_ALG_KERN_DRIVER_ONLY or CRYPTO_ALG_ALLOCATES_MEMORY set. (Later, CRYPTO_ALG_ASYNC should be excluded too. That's omitted for now to keep this commit backportable, since until recently some CPU-based code had CRYPTO_ALG_ASYNC set.) There are two major issues with these drivers: bugs and performance. First, these drivers tend to be buggy. They're fundamentally much more error-prone and harder to test than the CPU-based code, and they often don't get tested before kernel releases. Released drivers have en/decrypted data incorrectly. These bugs cause real issues for fscrypt users who often didn't even want to use these drivers, for example: - https://github.com/google/fscryptctl/issues/32 - https://github.com/google/fscryptctl/issues/9 - https://lore.kernel.org/r/PH0PR02MB731916ECDB6C613665863B6CFFAA2@PH0PR02MB7… These drivers have also caused issues for dm-crypt users, including data corruption and deadlocks. Since Linux v5.10, dm-crypt has disabled most of these drivers by excluding CRYPTO_ALG_ALLOCATES_MEMORY. Second, the CPU-based crypto tends to be faster, often *much* faster. This may seem counterintuitive, but benchmarks clearly show it. There's a *lot* of overhead associated with going to a hardware driver, off the CPU, and back again. Measuring synchronous AES-256-XTS encryption of 4096-byte messages (fscrypt's workload) on two platforms with non-inline crypto accelerators that I have access to: Intel Emerald Rapids server: xts-aes-vaes-avx512: 16171 MB/s [CPU-based, Vector AES] xts(ecb(aes-generic)): 305 MB/s [CPU-based, generic C code] qat_aes_xts: 289 MB/s [Offload, Intel QuickAssist] Qualcomm SM8650 HDK: xts-aes-ce: 4301 MB/s [CPU-based, ARMv8 Crypto Extensions] xts(ecb(aes-generic)): 265 MB/s [CPU-based, generic C code] xts-aes-qce: 73 MB/s [Offload, Qualcomm Crypto Engine] So, using the "accelerators" is over 50 times slower than just using the CPU. Not only that, it's even slower than the generic C code, which suggests that even on platforms whose CPUs lack AES instructions the performance benefit of any accelerator would be marginal at best. The usefulness of the accelerators could be improved with a different software architecture that allows blocks to be efficiently en/decrypted in parallel. But fscrypt does not do that today, and even the async support in the Crypto API isn't really all that efficient. And even if the accelerator was used perfectly efficiently, it seems unlikely to help on small I/O requests, for which latency is really important. As of this writing, the Crypto API prioritizes qat_aes_xts over xts-aes-vaes-avx512. Therefore, this commit greatly improves fscrypt performance on Intel servers that have QAT and the QAT driver enabled. qat_aes_xts is going to be deprioritized in the Crypto API (like I did for xts-aes-qce recently too). But as this seems to be a common pattern with all the "accelerators", fscrypt should just disable all of them. An argument that has been given in favor of non-inline crypto accelerators is that they can protect keys in hardware. But fscrypt does not take advantage of that, so it is irrelevant. (Also, it would be quite difficult for fscrypt to do that.) Note that fscrypt does support inline encryption engines, using raw or hardware-wrapped keys. These actually do work well and are widely used. These do not use the "Crypto API" and are unaffected by this commit. Fixes: b30ab0e03407 ("ext4 crypto: add ext4 encryption facilities") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- Changed in v2: - Improved commit message and comment - Dropped CRYPTO_ALG_ASYNC from the mask, to make this patch backport-friendly - Added Fixes and Cc stable fs/crypto/fscrypt_private.h | 16 ++++++++++++++++ fs/crypto/hkdf.c | 2 +- fs/crypto/keysetup.c | 3 ++- fs/crypto/keysetup_v1.c | 3 ++- 4 files changed, 21 insertions(+), 3 deletions(-) diff --git a/fs/crypto/fscrypt_private.h b/fs/crypto/fscrypt_private.h index c1d92074b65c5..0e95c7a095d49 100644 --- a/fs/crypto/fscrypt_private.h +++ b/fs/crypto/fscrypt_private.h @@ -43,10 +43,26 @@ * hardware-wrapped keys has made it misleading as it's only for raw keys. * Don't use it in kernel code; use one of the above constants instead. */ #undef FSCRYPT_MAX_KEY_SIZE +/* + * This mask is passed as the third argument to the crypto_alloc_*() functions + * to prevent fscrypt from using the Crypto API drivers for non-inline crypto + * accelerators. Those drivers have been problematic for fscrypt. fscrypt + * users have reported hangs and even incorrect en/decryption with these + * drivers. Since going to the driver, off CPU, and back again is really slow, + * such drivers can be over 50 times slower than the CPU-based code for + * fscrypt's synchronous workload. Even on platforms that lack AES instructions + * on the CPU, any performance benefit is likely to be marginal at best. + * + * Note that fscrypt also supports inline encryption engines. Those don't use + * the Crypto API and work much better than non-inline accelerators. + */ +#define FSCRYPT_CRYPTOAPI_MASK \ + (CRYPTO_ALG_ALLOCATES_MEMORY | CRYPTO_ALG_KERN_DRIVER_ONLY) + #define FSCRYPT_CONTEXT_V1 1 #define FSCRYPT_CONTEXT_V2 2 /* Keep this in sync with include/uapi/linux/fscrypt.h */ #define FSCRYPT_MODE_MAX FSCRYPT_MODE_AES_256_HCTR2 diff --git a/fs/crypto/hkdf.c b/fs/crypto/hkdf.c index 0f3028adc9c72..5b9c21cfe2b45 100644 --- a/fs/crypto/hkdf.c +++ b/fs/crypto/hkdf.c @@ -56,11 +56,11 @@ int fscrypt_init_hkdf(struct fscrypt_hkdf *hkdf, const u8 *master_key, struct crypto_shash *hmac_tfm; static const u8 default_salt[HKDF_HASHLEN]; u8 prk[HKDF_HASHLEN]; int err; - hmac_tfm = crypto_alloc_shash(HKDF_HMAC_ALG, 0, 0); + hmac_tfm = crypto_alloc_shash(HKDF_HMAC_ALG, 0, FSCRYPT_CRYPTOAPI_MASK); if (IS_ERR(hmac_tfm)) { fscrypt_err(NULL, "Error allocating " HKDF_HMAC_ALG ": %ld", PTR_ERR(hmac_tfm)); return PTR_ERR(hmac_tfm); } diff --git a/fs/crypto/keysetup.c b/fs/crypto/keysetup.c index 0d71843af9469..d8113a7196979 100644 --- a/fs/crypto/keysetup.c +++ b/fs/crypto/keysetup.c @@ -101,11 +101,12 @@ fscrypt_allocate_skcipher(struct fscrypt_mode *mode, const u8 *raw_key, const struct inode *inode) { struct crypto_skcipher *tfm; int err; - tfm = crypto_alloc_skcipher(mode->cipher_str, 0, 0); + tfm = crypto_alloc_skcipher(mode->cipher_str, 0, + FSCRYPT_CRYPTOAPI_MASK); if (IS_ERR(tfm)) { if (PTR_ERR(tfm) == -ENOENT) { fscrypt_warn(inode, "Missing crypto API support for %s (API name: \"%s\")", mode->friendly_name, mode->cipher_str); diff --git a/fs/crypto/keysetup_v1.c b/fs/crypto/keysetup_v1.c index b70521c55132b..158ceae8a5bce 100644 --- a/fs/crypto/keysetup_v1.c +++ b/fs/crypto/keysetup_v1.c @@ -50,11 +50,12 @@ static int derive_key_aes(const u8 *master_key, { int res = 0; struct skcipher_request *req = NULL; DECLARE_CRYPTO_WAIT(wait); struct scatterlist src_sg, dst_sg; - struct crypto_skcipher *tfm = crypto_alloc_skcipher("ecb(aes)", 0, 0); + struct crypto_skcipher *tfm = + crypto_alloc_skcipher("ecb(aes)", 0, FSCRYPT_CRYPTOAPI_MASK); if (IS_ERR(tfm)) { res = PTR_ERR(tfm); tfm = NULL; goto out; base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 -- 2.49.0

2 weeks, 1 day

1
0
0 0

Reply for - Mobile World Congress Shanghai 2025!

by Delilah Murray

Hi, Just wanted to check if you have received my previous email. Any update for me? Awaiting your reply. Regards, Delilah ___________________________________________________________________________________ From: Delilah Murray Subject: Attendee’s List “Mobile World Congress Shanghai 2025”. Hi, We're excited to offer exclusive access to the “Mobile World Congress Shanghai 2025” Visitor Contact List. Event Recap:- Date: 18 - 20 Jun 2025 Location: Shanghai, China Registrants Counts: 42,276 Visitors Contacts Data Fields Available: Individual Email Address, Cell Phone Number, Contact Name, Job Title, Company Name, Website, Physical Address, LinkedIn Profile, and more. This list gives you a direct line to your ideal audience—no gatekeepers, no guesswork. If you're interested in the list, just reply "Send me Pricing" or sample? Best regards, Delilah Murray Sr. Marketing Manager Prefer not to receive these emails? Just reply “NOT INTERESTED”.

2 weeks, 2 days

1
0
0 0

Re: Patch "PCI: pciehp: Ignore Link Down/Up caused by Secondary Bus Reset" has been added to the 6.15-stable tree

by Lukas Wunner

[cc += Joel Mathew Thomas] On Tue, Jun 10, 2025 at 08:16:05AM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > PCI: pciehp: Ignore Link Down/Up caused by Secondary Bus Reset > > to the 6.15-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > pci-pciehp-ignore-link-down-up-caused-by-secondary-b.patch > and it can be found in the queue-6.15 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Hi Sasha, thanks for selecting the above (which is 2af781a9edc4 upstream) as a 6.15 backport. A small feature request, could you amend the stable tooling to cc people tagged as Reported-by and Tested-by? I think they're the ones most interested in seeing something backported. Thanks! Lukas > commit 161a7237de69f65ccfe68da318343f3719149480 > Author: Lukas Wunner <lukas(a)wunner.de> > Date: Thu Apr 10 17:27:12 2025 +0200 > > PCI: pciehp: Ignore Link Down/Up caused by Secondary Bus Reset > > [ Upstream commit 2af781a9edc4ef5f6684c0710cc3542d9be48b31 ] > > When a Secondary Bus Reset is issued at a hotplug port, it causes a Data > Link Layer State Changed event as a side effect. On hotplug ports using > in-band presence detect, it additionally causes a Presence Detect Changed > event. > > These spurious events should not result in teardown and re-enumeration of > the device in the slot. Hence commit 2e35afaefe64 ("PCI: pciehp: Add > reset_slot() method") masked the Presence Detect Changed Enable bit in the > Slot Control register during a Secondary Bus Reset. Commit 06a8d89af551 > ("PCI: pciehp: Disable link notification across slot reset") additionally > masked the Data Link Layer State Changed Enable bit. > > However masking those bits only disables interrupt generation (PCIe r6.2 > sec 6.7.3.1). The events are still visible in the Slot Status register > and picked up by the IRQ handler if it runs during a Secondary Bus Reset. > This can happen if the interrupt is shared or if an unmasked hotplug event > occurs, e.g. Attention Button Pressed or Power Fault Detected. > > The likelihood of this happening used to be small, so it wasn't much of a > problem in practice. That has changed with the recent introduction of > bandwidth control in v6.13-rc1 with commit 665745f27487 ("PCI/bwctrl: > Re-add BW notification portdrv as PCIe BW controller"): > > Bandwidth control shares the interrupt with PCIe hotplug. A Secondary Bus > Reset causes a Link Bandwidth Notification, so the hotplug IRQ handler > runs, picks up the masked events and tears down the device in the slot. > > As a result, Joel reports VFIO passthrough failure of a GPU, which Ilpo > root-caused to the incorrect handling of masked hotplug events. > > Clearly, a more reliable way is needed to ignore spurious hotplug events. > > For Downstream Port Containment, a new ignore mechanism was introduced by > commit a97396c6eb13 ("PCI: pciehp: Ignore Link Down/Up caused by DPC"). > It has been working reliably for the past four years. > > Adapt it for Secondary Bus Resets. > > Introduce two helpers to annotate code sections which cause spurious link > changes: pci_hp_ignore_link_change() and pci_hp_unignore_link_change() > Use those helpers in lieu of masking interrupts in the Slot Control > register. > > Introduce a helper to check whether such a code section is executing > concurrently and if so, await it: pci_hp_spurious_link_change() > Invoke the helper in the hotplug IRQ thread pciehp_ist(). Re-use the > IRQ thread's existing code which ignores DPC-induced link changes unless > the link is unexpectedly down after reset recovery or the device was > replaced during the bus reset. > > That code block in pciehp_ist() was previously only executed if a Data > Link Layer State Changed event has occurred. Additionally execute it for > Presence Detect Changed events. That's necessary for compatibility with > PCIe r1.0 hotplug ports because Data Link Layer State Changed didn't exist > before PCIe r1.1. DPC was added with PCIe r3.1 and thus DPC-capable > hotplug ports always support Data Link Layer State Changed events. > But the same cannot be assumed for Secondary Bus Reset, which already > existed in PCIe r1.0. > > Secondary Bus Reset is only one of many causes of spurious link changes. > Others include runtime suspend to D3cold, firmware updates or FPGA > reconfiguration. The new pci_hp_{,un}ignore_link_change() helpers may be > used by all kinds of drivers to annotate such code sections, hence their > declarations are publicly visible in <linux/pci.h>. A case in point is > the Mellanox Ethernet driver which disables a firmware reset feature if > the Ethernet card is attached to a hotplug port, see commit 3d7a3f2612d7 > ("net/mlx5: Nack sync reset request when HotPlug is enabled"). Going > forward, PCIe hotplug will be able to cope gracefully with all such use > cases once the code sections are properly annotated. > > The new helpers internally use two bits in struct pci_dev's priv_flags as > well as a wait_queue. This mirrors what was done for DPC by commit > a97396c6eb13 ("PCI: pciehp: Ignore Link Down/Up caused by DPC"). That may > be insufficient if spurious link changes are caused by multiple sources > simultaneously. An example might be a Secondary Bus Reset issued by AER > during FPGA reconfiguration. If this turns out to happen in real life, > support for it can easily be added by replacing the PCI_LINK_CHANGING flag > with an atomic_t counter incremented by pci_hp_ignore_link_change() and > decremented by pci_hp_unignore_link_change(). Instead of awaiting a zero > PCI_LINK_CHANGING flag, the pci_hp_spurious_link_change() helper would > then simply await a zero counter. > > Fixes: 665745f27487 ("PCI/bwctrl: Re-add BW notification portdrv as PCIe BW controller") > Reported-by: Joel Mathew Thomas <proxy0(a)tutamail.com> > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219765 > Signed-off-by: Lukas Wunner <lukas(a)wunner.de> > Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> > Tested-by: Joel Mathew Thomas <proxy0(a)tutamail.com> > Reviewed-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> > Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> > Link: https://patch.msgid.link/d04deaf49d634a2edf42bf3c06ed81b4ca54d17b.174429823… > Signed-off-by: Sasha Levin <sashal(a)kernel.org>

2 weeks, 2 days

2
1
0 0

[PATCH 6.1 00/23] fixes from 6.11 for 6.1.y

by Leah Rumancik

Hello again, This is a series for 6.1.y for fixes from 6.11. It corresponds to the 6.6.y series here: https://lore.kernel.org/linux-xfs/20241218191725.63098-1-catherine.hoang@or… During porting, I noticed 6.1.y was missing a fix series from 6.5 that is a dependency of the fixes from 6.11 so I included those first. These were tested via the auto group on 9 configs with no regressions seen. These were also already ack'd on the xfs-stable mailing list. series from 6.5: https://lore.kernel.org/linux-xfs/168506055189.3727958.722711918040129046.s… 63ef7a35912d xfs: fix interval filtering in multi-step fsmap queries 7975aba19cba xfs: fix integer overflows in the fsmap rtbitmap and logdev backends d898137d789c xfs: fix getfsmap reporting past the last rt extent f045dd00328d xfs: clean up the rtbitmap fsmap backend a949a1c2a198 xfs: fix logdev fsmap query result filtering 3ee9351e7490 xfs: validate fsmap offsets specified in the query keys 75dc03453122 xfs: fix xfs_btree_query_range callers to initialize btree rec fully fix of 63ef7a35912dd ("xfs: fix interval filtering in multi-step fsmap queries") https://lore.kernel.org/linux-xfs/169335025661.3518128.12423331693506002020… cfa2df68b7ce xfs: fix an agbno overflow in __xfs_getfsmap_datadev 6.6 series for 6.11: https://lore.kernel.org/linux-xfs/20241218191725.63098-1-catherine.hoang@or… 85d0947db262 xfs: fix the contact address for the sysfs ABI documentation c08d03996cea xfs: verify buffer, inode, and dquot items every tx commit ff627196ddc1 xfs: use consistent uid/gid when grabbing dquots for inodes 7531c9ab2e55 xfs: declare xfs_file.c symbols in xfs_file.h c070b8802159 xfs: create a new helper to return a file's allocation unit 2e63ed9b0175 xfs: Fix xfs_flush_unmap_range() range for RT fe962ab3c4f1 xfs: Fix xfs_prepare_shift() range for RT ca96d83c9307 xfs: don't walk off the end of a directory data block 27336a327b40 xfs: remove unused parameter in macro XFS_DQUOT_LOGRES b2dcbd8a928c xfs: attr forks require attr, not attr2 4a82db7a4b73 xfs: conditionally allow FS_XFLAG_REALTIME changes if S_DAX is set 9fadc53d793c xfs: Fix the owner setting issue for rmap query in xfs fsmap 35bd108619c2 xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code 29fcb5fef608 xfs: take m_growlock when running growfsrt e5d1ae2d4d0b xfs: reset rootdir extent size hint after growfsrt [skipped for 6.1 as scrub is not supported in 6.1:] cb95cb2450e3 xfs: convert comma to semicolon 1bee32f33c0a xfs: fix file_path handling in tracepoints - Leah Christoph Hellwig (1): xfs: fix the contact address for the sysfs ABI documentation Darrick J. Wong (17): xfs: fix interval filtering in multi-step fsmap queries xfs: fix integer overflows in the fsmap rtbitmap and logdev backends xfs: fix getfsmap reporting past the last rt extent xfs: clean up the rtbitmap fsmap backend xfs: fix logdev fsmap query result filtering xfs: validate fsmap offsets specified in the query keys xfs: fix xfs_btree_query_range callers to initialize btree rec fully xfs: fix an agbno overflow in __xfs_getfsmap_datadev xfs: verify buffer, inode, and dquot items every tx commit xfs: use consistent uid/gid when grabbing dquots for inodes xfs: declare xfs_file.c symbols in xfs_file.h xfs: create a new helper to return a file's allocation unit xfs: attr forks require attr, not attr2 xfs: conditionally allow FS_XFLAG_REALTIME changes if S_DAX is set xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code xfs: take m_growlock when running growfsrt xfs: reset rootdir extent size hint after growfsrt John Garry (2): xfs: Fix xfs_flush_unmap_range() range for RT xfs: Fix xfs_prepare_shift() range for RT Julian Sun (1): xfs: remove unused parameter in macro XFS_DQUOT_LOGRES Zizhi Wo (1): xfs: Fix the owner setting issue for rmap query in xfs fsmap lei lu (1): xfs: don't walk off the end of a directory data block Documentation/ABI/testing/sysfs-fs-xfs | 8 +- fs/xfs/Kconfig | 12 ++ fs/xfs/libxfs/xfs_alloc.c | 10 +- fs/xfs/libxfs/xfs_dir2_data.c | 31 ++- fs/xfs/libxfs/xfs_dir2_priv.h | 7 + fs/xfs/libxfs/xfs_quota_defs.h | 2 +- fs/xfs/libxfs/xfs_refcount.c | 13 +- fs/xfs/libxfs/xfs_rmap.c | 10 +- fs/xfs/libxfs/xfs_trans_resv.c | 28 +-- fs/xfs/scrub/bmap.c | 8 +- fs/xfs/xfs.h | 4 + fs/xfs/xfs_bmap_util.c | 22 +- fs/xfs/xfs_buf_item.c | 32 +++ fs/xfs/xfs_dquot_item.c | 31 +++ fs/xfs/xfs_file.c | 33 ++- fs/xfs/xfs_file.h | 15 ++ fs/xfs/xfs_fsmap.c | 266 ++++++++++++++----------- fs/xfs/xfs_inode.c | 29 ++- fs/xfs/xfs_inode.h | 2 + fs/xfs/xfs_inode_item.c | 32 +++ fs/xfs/xfs_ioctl.c | 12 ++ fs/xfs/xfs_iops.c | 1 + fs/xfs/xfs_iops.h | 3 - fs/xfs/xfs_rtalloc.c | 78 ++++++-- fs/xfs/xfs_symlink.c | 8 +- fs/xfs/xfs_trace.h | 25 +++ 26 files changed, 505 insertions(+), 217 deletions(-) create mode 100644 fs/xfs/xfs_file.h -- 2.50.0.rc1.591.g9c95f17f64-goog

2 weeks, 2 days

2
24
0 0

Backport sh-sci fixes to 6.12.y

by Claudiu Beznea

Hi, stable team, Please backport the following commits to 6.12.y: 1/ 239f11209e5f ("serial: sh-sci: Move runtime PM enable to sci_probe_single()") 2/ 5f1017069933 ("serial: sh-sci: Clean sci_ports[0] after at earlycon exit") 3/ 651dee03696e ("serial: sh-sci: Increment the runtime usage counter for the earlycon device") These applies cleanly on top of 6.12.y (if applied in the order provided above) and fix the debug console on Renesas devices. Thank you, Claudiu Beznea

2 weeks, 2 days

2
3
0 0

[PATCH AUTOSEL 6.15 001/118] net: macb: Check return value of dma_set_mask_and_coherent()

by Sasha Levin

From: Sergio Perez Gonzalez <sperezglz(a)gmail.com> [ Upstream commit 3920a758800762917177a6b5ab39707d8e376fe6 ] Issue flagged by coverity. Add a safety check for the return value of dma_set_mask_and_coherent, go to a safe exit if it returns error. Link: https://scan7.scan.coverity.com/#/project-view/53936/11354?selectedIssue=16… Signed-off-by: Sergio Perez Gonzalez <sperezglz(a)gmail.com> Reviewed-by: Claudiu Beznea <claudiu.beznea(a)tuxon.dev> Link: https://patch.msgid.link/20250526032034.84900-1-sperezglz@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- Based on my analysis of the commit and the codebase context, here's my assessment: **YES** This commit should be backported to stable kernel trees. Here's my extensive analysis: ## Code Analysis The commit adds proper error checking for `dma_set_mask_and_coherent()` in the macb network driver. Looking at the specific changes: **Before the fix:** ```c if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); bp->hw_dma_cap |= HW_DMA_CAP_64B; } ``` **After the fix:** ```c if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); if (err) { dev_err(&pdev->dev, "failed to set DMA mask\n"); goto err_out_free_netdev; } bp->hw_dma_cap |= HW_DMA_CAP_64B; } ``` ## Why this should be backported: 1. **Fixes a Real Bug**: The original code ignores the return value of `dma_set_mask_and_coherent()`. If this function fails (which can happen on systems with restricted DMA capabilities), the driver would continue execution assuming 44-bit DMA addressing is available when it's not, leading to potential memory corruption or system crashes. 2. **Small, Contained Fix**: This is a minimal change that only adds proper error checking without changing any core logic or introducing new features. It follows the stable tree principle of being a small, targeted bugfix. 3. **Follows Established Patterns**: Looking at the similar commits provided, this matches exactly the pattern of commits marked "YES" for backporting (commits #1, #2, and #5) which all add proper error checking for DMA mask functions. 4. **Critical Network Driver**: The macb driver is used in production systems, and DMA-related bugs can cause data corruption or system instability, making this a high-priority fix for stable trees. 5. **Proper Error Handling Path**: The fix correctly uses the existing `err_out_free_netdev` label, which properly cleans up allocated resources (line 5373-5383 in macb_main.c), preventing resource leaks when DMA setup fails. 6. **Static Analysis Tool Flagged**: The commit message mentions this was flagged by Coverity, indicating it's a legitimate code quality issue that could manifest as a runtime bug. 7. **Matches Stable Tree Criteria**: - Important bugfix ✓ - Minimal risk of regression ✓ - No architectural changes ✓ - Confined to one driver/subsystem ✓ - Clear side effects (proper cleanup on failure) ✓ This commit addresses the same class of vulnerability as the other "YES" examples: ignoring return values of critical DMA functions that can fail and lead to undefined behavior. The fix is surgical, safe, and addresses a genuine runtime issue in a widely-used network driver. drivers/net/ethernet/cadence/macb_main.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c index e1e8bd2ec155b..d1f1ae5ea161c 100644 --- a/drivers/net/ethernet/cadence/macb_main.c +++ b/drivers/net/ethernet/cadence/macb_main.c @@ -5283,7 +5283,11 @@ static int macb_probe(struct platform_device *pdev) #ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT if (GEM_BFEXT(DAW64, gem_readl(bp, DCFG6))) { - dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); + err = dma_set_mask_and_coherent(&pdev->dev, DMA_BIT_MASK(44)); + if (err) { + dev_err(&pdev->dev, "failed to set DMA mask\n"); + goto err_out_free_netdev; + } bp->hw_dma_cap |= HW_DMA_CAP_64B; } #endif -- 2.39.5

2 weeks, 3 days

6
126
0 0

[PATCH 0/8] Fix bcache regression with equality-aware heap APIs

by Kuan-Wei Chiu

This patch series introduces equality-aware variants of the min heap API that use a top-down heapify strategy to improve performance when many elements are equal under the comparison function. It also updates the documentation accordingly and modifies bcache to use the new APIs to fix a performance regression caused by the switch to the generic min heap library. In particular, invalidate_buckets_lru() in bcache suffered from increased comparison overhead due to the bottom-up strategy introduced in commit 866898efbb25 ("bcache: remove heap-related macros and switch to generic min_heap"). The regression is addressed by switching to the equality-aware variants and using the inline versions to avoid function call overhead in this hot path. Cc: stable(a)vger.kernel.org --- To avoid duplicated effort and expedite resolution, Robert kindly agreed that I should submit my already-completed series instead. Many thanks to him for his cooperation and support. Kuan-Wei Chiu (8): lib min_heap: Add equal-elements-aware sift_down variant lib min_heap: Add typedef for sift_down function pointer lib min_heap: add eqaware variant of min_heapify_all() lib min_heap: add eqaware variant of min_heap_pop() lib min_heap: add eqaware variant of min_heap_pop_push() lib min_heap: add eqaware variant of min_heap_del() Documentation/core-api: min_heap: Document _eqaware variants of min-heap APIs bcache: Fix the tail IO latency regression by using equality-aware min heap API Documentation/core-api/min_heap.rst | 20 +++++ drivers/md/bcache/alloc.c | 15 ++-- include/linux/min_heap.h | 131 +++++++++++++++++++++++----- lib/min_heap.c | 23 +++-- 4 files changed, 154 insertions(+), 35 deletions(-) -- 2.34.1

2 weeks, 3 days

3
17
0 0

+ mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch added to mm-unstable branch

by Andrew Morton

The patch titled Subject: mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud() has been added to the -mm mm-unstable branch. Its filename is mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: David Hildenbrand <david(a)redhat.com> Subject: mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud() Date: Fri, 13 Jun 2025 11:27:00 +0200 Patch series "mm/huge_memory: vmf_insert_folio_*() and vmf_insert_pfn_pud() fixes", v3. While working on improving vm_normal_page() and friends, I stumbled over this issues: refcounted "normal" folios must not be marked using pmd_special() / pud_special(). Otherwise, we're effectively telling the system that these folios are no "normal", violating the rules we documented for vm_normal_page(). Fortunately, there are not many pmd_special()/pud_special() users yet. So far there doesn't seem to be serious damage. Tested using the ndctl tests ("ndctl:dax" suite). This patch (of 3): We set up the cache mode but ... don't forward the updated pgprot to insert_pfn_pud(). Only a problem on x86-64 PAT when mapping PFNs using PUDs that require a special cachemode. Fix it by using the proper pgprot where the cachemode was setup. It is unclear in which configurations we would get the cachemode wrong: through vfio seems possible. Getting cachemodes wrong is usually ... bad. As the fix is easy, let's backport it to stable. Identified by code inspection. Link: https://lkml.kernel.org/r/20250613092702.1943533-1-david@redhat.com Link: https://lkml.kernel.org/r/20250613092702.1943533-2-david@redhat.com Fixes: 7b806d229ef1 ("mm: remove vmf_insert_pfn_xxx_prot() for huge page-table entries") Signed-off-by: David Hildenbrand <david(a)redhat.com> Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com> Reviewed-by: Oscar Salvador <osalvador(a)suse.de> Tested-by: Dan Williams <dan.j.williams(a)intel.com> Cc: Alistair Popple <apopple(a)nvidia.com> Cc: Baolin Wang <baolin.wang(a)linux.alibaba.com> Cc: Dev Jain <dev.jain(a)arm.com> Cc: Liam Howlett <liam.howlett(a)oracle.com> Cc: Mariano Pache <npache(a)redhat.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Mike Rapoport <rppt(a)kernel.org> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Zi Yan <ziy(a)nvidia.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/huge_memory.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) --- a/mm/huge_memory.c~mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud +++ a/mm/huge_memory.c @@ -1516,10 +1516,9 @@ static pud_t maybe_pud_mkwrite(pud_t pud } static void insert_pfn_pud(struct vm_area_struct *vma, unsigned long addr, - pud_t *pud, pfn_t pfn, bool write) + pud_t *pud, pfn_t pfn, pgprot_t prot, bool write) { struct mm_struct *mm = vma->vm_mm; - pgprot_t prot = vma->vm_page_prot; pud_t entry; if (!pud_none(*pud)) { @@ -1581,7 +1580,7 @@ vm_fault_t vmf_insert_pfn_pud(struct vm_ pfnmap_setup_cachemode_pfn(pfn_t_to_pfn(pfn), &pgprot); ptl = pud_lock(vma->vm_mm, vmf->pud); - insert_pfn_pud(vma, addr, vmf->pud, pfn, write); + insert_pfn_pud(vma, addr, vmf->pud, pfn, pgprot, write); spin_unlock(ptl); return VM_FAULT_NOPAGE; @@ -1625,7 +1624,7 @@ vm_fault_t vmf_insert_folio_pud(struct v add_mm_counter(mm, mm_counter_file(folio), HPAGE_PUD_NR); } insert_pfn_pud(vma, addr, vmf->pud, pfn_to_pfn_t(folio_pfn(folio)), - write); + vma->vm_page_prot, write); spin_unlock(ptl); return VM_FAULT_NOPAGE; _ Patches currently in -mm which might be from david(a)redhat.com are mm-gup-revert-mm-gup-fix-infinite-loop-within-__get_longterm_locked.patch mm-gup-remove-vm_bug_ons.patch mm-gup-remove-vm_bug_ons-fix.patch mm-huge_memory-dont-ignore-queried-cachemode-in-vmf_insert_pfn_pud.patch mm-huge_memory-dont-mark-refcounted-folios-special-in-vmf_insert_folio_pmd.patch mm-huge_memory-dont-mark-refcounted-folios-special-in-vmf_insert_folio_pud.patch

2 weeks, 3 days

1
0
0 0

[PATCH 1/3] mtd: spinand: winbond: Fix W35N number of planes/LUN

by Miquel Raynal

There's been a mistake when extracting the geometry of the W35N02 and W35N04 chips from the datasheet. There is a single plane, however there are respectively 2 and 4 LUNs. They are actually referred in the datasheet as dies (equivalent of target), but as there is no die select operation and the chips only feature a single configuration register for the entire chip (instead of one per die), we can reasonably assume we are talking about LUNs and not dies. Reported-by: Andreas Dannenberg <dannenberg(a)ti.com> Suggested-by: Vignesh Raghavendra <vigneshr(a)ti.com> Fixes: 25e08bf66660 ("mtd: spinand: winbond: Add support for W35N02JW and W35N04JW chips") Cc: stable(a)vger.kernel.org Signed-off-by: Miquel Raynal <miquel.raynal(a)bootlin.com> --- drivers/mtd/nand/spi/winbond.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/mtd/nand/spi/winbond.c b/drivers/mtd/nand/spi/winbond.c index 19f8dd4a6370..2808bbd7a16e 100644 --- a/drivers/mtd/nand/spi/winbond.c +++ b/drivers/mtd/nand/spi/winbond.c @@ -289,7 +289,7 @@ static const struct spinand_info winbond_spinand_table[] = { SPINAND_ECCINFO(&w35n01jw_ooblayout, NULL)), SPINAND_INFO("W35N02JW", /* 1.8V */ SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0xdf, 0x22), - NAND_MEMORG(1, 4096, 128, 64, 512, 10, 2, 1, 1), + NAND_MEMORG(1, 4096, 128, 64, 512, 10, 1, 2, 1), NAND_ECCREQ(1, 512), SPINAND_INFO_OP_VARIANTS(&read_cache_octal_variants, &write_cache_octal_variants, @@ -298,7 +298,7 @@ static const struct spinand_info winbond_spinand_table[] = { SPINAND_ECCINFO(&w35n01jw_ooblayout, NULL)), SPINAND_INFO("W35N04JW", /* 1.8V */ SPINAND_ID(SPINAND_READID_METHOD_OPCODE_DUMMY, 0xdf, 0x23), - NAND_MEMORG(1, 4096, 128, 64, 512, 10, 4, 1, 1), + NAND_MEMORG(1, 4096, 128, 64, 512, 10, 1, 4, 1), NAND_ECCREQ(1, 512), SPINAND_INFO_OP_VARIANTS(&read_cache_octal_variants, &write_cache_octal_variants, -- 2.48.1

2 weeks, 3 days

1
0
0 0

[PATCH net] virtio-net: drop the multi-buffer XDP packet in zerocopy

by Bui Quang Minh

In virtio-net, we have not yet supported multi-buffer XDP packet in zerocopy mode when there is a binding XDP program. However, in that case, when receiving multi-buffer XDP packet, we skip the XDP program and return XDP_PASS. As a result, the packet is passed to normal network stack which is an incorrect behavior. This commit instead returns XDP_DROP in that case. Fixes: 99c861b44eb1 ("virtio_net: xsk: rx: support recv merge mode") Cc: stable(a)vger.kernel.org Signed-off-by: Bui Quang Minh <minhquangbui99(a)gmail.com> --- drivers/net/virtio_net.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c index e53ba600605a..4c35324d6e5b 100644 --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -1309,9 +1309,14 @@ static struct sk_buff *virtnet_receive_xsk_merge(struct net_device *dev, struct ret = XDP_PASS; rcu_read_lock(); prog = rcu_dereference(rq->xdp_prog); - /* TODO: support multi buffer. */ - if (prog && num_buf == 1) - ret = virtnet_xdp_handler(prog, xdp, dev, xdp_xmit, stats); + if (prog) { + /* TODO: support multi buffer. */ + if (num_buf == 1) + ret = virtnet_xdp_handler(prog, xdp, dev, xdp_xmit, + stats); + else + ret = XDP_DROP; + } rcu_read_unlock(); switch (ret) { -- 2.43.0

2 weeks, 3 days

6
14
0 0

[PATCH v2] leds: flash: leds-qcom-flash: Fix registry access after re-bind

by Krzysztof Kozlowski

Driver in probe() updates each of 'reg_field' with 'reg_base': for (i = 0; i < REG_MAX_COUNT; i++) regs[i].reg += reg_base; 'reg_field' array (under variable 'regs' above) is statically allocated, thus each re-bind would add another 'reg_base' leading to bogus register addresses. Constify the local 'reg_field' array and duplicate it in probe to solve this. Fixes: 96a2e242a5dc ("leds: flash: Add driver to support flash LED module in QCOM PMICs") Cc: <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- Changes in v2: 1. Fix sizeof() argument (Fenglin Wu) This is a nice example why constifying static memory is useful. --- drivers/leds/flash/leds-qcom-flash.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/leds/flash/leds-qcom-flash.c b/drivers/leds/flash/leds-qcom-flash.c index b4c19be51c4d..89cf5120f5d5 100644 --- a/drivers/leds/flash/leds-qcom-flash.c +++ b/drivers/leds/flash/leds-qcom-flash.c @@ -117,7 +117,7 @@ enum { REG_MAX_COUNT, }; -static struct reg_field mvflash_3ch_regs[REG_MAX_COUNT] = { +static const struct reg_field mvflash_3ch_regs[REG_MAX_COUNT] = { REG_FIELD(0x08, 0, 7), /* status1 */ REG_FIELD(0x09, 0, 7), /* status2 */ REG_FIELD(0x0a, 0, 7), /* status3 */ @@ -132,7 +132,7 @@ static struct reg_field mvflash_3ch_regs[REG_MAX_COUNT] = { REG_FIELD(0x58, 0, 2), /* therm_thrsh3 */ }; -static struct reg_field mvflash_4ch_regs[REG_MAX_COUNT] = { +static const struct reg_field mvflash_4ch_regs[REG_MAX_COUNT] = { REG_FIELD(0x06, 0, 7), /* status1 */ REG_FIELD(0x07, 0, 6), /* status2 */ REG_FIELD(0x09, 0, 7), /* status3 */ @@ -854,11 +854,17 @@ static int qcom_flash_led_probe(struct platform_device *pdev) if (val == FLASH_SUBTYPE_3CH_PM8150_VAL || val == FLASH_SUBTYPE_3CH_PMI8998_VAL) { flash_data->hw_type = QCOM_MVFLASH_3CH; flash_data->max_channels = 3; - regs = mvflash_3ch_regs; + regs = devm_kmemdup(dev, mvflash_3ch_regs, sizeof(mvflash_3ch_regs), + GFP_KERNEL); + if (!regs) + return -ENOMEM; } else if (val == FLASH_SUBTYPE_4CH_VAL) { flash_data->hw_type = QCOM_MVFLASH_4CH; flash_data->max_channels = 4; - regs = mvflash_4ch_regs; + regs = devm_kmemdup(dev, mvflash_4ch_regs, sizeof(mvflash_4ch_regs), + GFP_KERNEL); + if (!regs) + return -ENOMEM; rc = regmap_read(regmap, reg_base + FLASH_REVISION_REG, &val); if (rc < 0) { @@ -880,6 +886,7 @@ static int qcom_flash_led_probe(struct platform_device *pdev) dev_err(dev, "Failed to allocate regmap field, rc=%d\n", rc); return rc; } + devm_kfree(dev, regs); /* devm_regmap_field_bulk_alloc() makes copies */ platform_set_drvdata(pdev, flash_data); mutex_init(&flash_data->lock); -- 2.45.2

2 weeks, 3 days

3
2
0 0

[PATCH v2] mfd: cros_ec: Separate charge-control probing from USB-PD

by Thomas Weißschuh

The charge-control subsystem in the ChromeOS EC is not strictly tied to its USB-PD subsystem. Since commit 7613bc0d116a ("mfd: cros_ec: Don't load charger with UCSI") the presence of EC_FEATURE_UCSI_PPM would inhibit the probing of the charge-control driver. Furthermore recent versions of the EC firmware in Framework laptops hard-disable EC_FEATURE_USB_PD to avoid probing cros-usbpd-charger, which then also breaks cros-charge-control. Instead use the dedicated EC_FEATURE_CHARGER. Link: https://github.com/FrameworkComputer/EmbeddedController/commit/1d7bcf1d5013… Fixes: 555b5fcdb844 ("mfd: cros_ec: Register charge control subdevice") Cc: stable(a)vger.kernel.org Tested-by: Tom Vincent <linux(a)tlvince.com> Signed-off-by: Thomas Weißschuh <linux(a)weissschuh.net> --- Changes in v2: - Rebase onto v6.16-rc1 - Pick up tested-by from Tom - Also Cc stable@ - Link to v1: https://lore.kernel.org/r/20250521-cros-ec-mfd-chctl-probe-v1-1-6ebfe3a6efa… --- drivers/mfd/cros_ec_dev.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/mfd/cros_ec_dev.c b/drivers/mfd/cros_ec_dev.c index 9f84a52b48d6a8994d23edba999398684303ee64..dc80a272726bb16b58253418999021cd56dfd975 100644 --- a/drivers/mfd/cros_ec_dev.c +++ b/drivers/mfd/cros_ec_dev.c @@ -87,7 +87,6 @@ static const struct mfd_cell cros_ec_sensorhub_cells[] = { }; static const struct mfd_cell cros_usbpd_charger_cells[] = { - { .name = "cros-charge-control", }, { .name = "cros-usbpd-charger", }, { .name = "cros-usbpd-logger", }, }; @@ -112,6 +111,10 @@ static const struct mfd_cell cros_ec_ucsi_cells[] = { { .name = "cros_ec_ucsi", }, }; +static const struct mfd_cell cros_ec_charge_control_cells[] = { + { .name = "cros-charge-control", }, +}; + static const struct cros_feature_to_cells cros_subdevices[] = { { .id = EC_FEATURE_CEC, @@ -148,6 +151,11 @@ static const struct cros_feature_to_cells cros_subdevices[] = { .mfd_cells = cros_ec_keyboard_leds_cells, .num_cells = ARRAY_SIZE(cros_ec_keyboard_leds_cells), }, + { + .id = EC_FEATURE_CHARGER, + .mfd_cells = cros_ec_charge_control_cells, + .num_cells = ARRAY_SIZE(cros_ec_charge_control_cells), + }, }; static const struct mfd_cell cros_ec_platform_cells[] = { --- base-commit: 19272b37aa4f83ca52bdf9c16d5d81bdd1354494 change-id: 20250521-cros-ec-mfd-chctl-probe-64a63ac9c160 Best regards, -- Thomas Weißschuh <linux(a)weissschuh.net>

2 weeks, 3 days

3
2
0 0

[PATCH v3 1/3] mm/huge_memory: don't ignore queried cachemode in vmf_insert_pfn_pud()

by David Hildenbrand

We setup the cache mode but ... don't forward the updated pgprot to insert_pfn_pud(). Only a problem on x86-64 PAT when mapping PFNs using PUDs that require a special cachemode. Fix it by using the proper pgprot where the cachemode was setup. It is unclear in which configurations we would get the cachemode wrong: through vfio seems possible. Getting cachemodes wrong is usually ... bad. As the fix is easy, let's backport it to stable. Identified by code inspection. Fixes: 7b806d229ef1 ("mm: remove vmf_insert_pfn_xxx_prot() for huge page-table entries") Reviewed-by: Dan Williams <dan.j.williams(a)intel.com> Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com> Tested-by: Dan Williams <dan.j.williams(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: David Hildenbrand <david(a)redhat.com> --- mm/huge_memory.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/mm/huge_memory.c b/mm/huge_memory.c index d3e66136e41a3..49b98082c5401 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -1516,10 +1516,9 @@ static pud_t maybe_pud_mkwrite(pud_t pud, struct vm_area_struct *vma) } static void insert_pfn_pud(struct vm_area_struct *vma, unsigned long addr, - pud_t *pud, pfn_t pfn, bool write) + pud_t *pud, pfn_t pfn, pgprot_t prot, bool write) { struct mm_struct *mm = vma->vm_mm; - pgprot_t prot = vma->vm_page_prot; pud_t entry; if (!pud_none(*pud)) { @@ -1581,7 +1580,7 @@ vm_fault_t vmf_insert_pfn_pud(struct vm_fault *vmf, pfn_t pfn, bool write) pfnmap_setup_cachemode_pfn(pfn_t_to_pfn(pfn), &pgprot); ptl = pud_lock(vma->vm_mm, vmf->pud); - insert_pfn_pud(vma, addr, vmf->pud, pfn, write); + insert_pfn_pud(vma, addr, vmf->pud, pfn, pgprot, write); spin_unlock(ptl); return VM_FAULT_NOPAGE; @@ -1625,7 +1624,7 @@ vm_fault_t vmf_insert_folio_pud(struct vm_fault *vmf, struct folio *folio, add_mm_counter(mm, mm_counter_file(folio), HPAGE_PUD_NR); } insert_pfn_pud(vma, addr, vmf->pud, pfn_to_pfn_t(folio_pfn(folio)), - write); + vma->vm_page_prot, write); spin_unlock(ptl); return VM_FAULT_NOPAGE; -- 2.49.0

2 weeks, 3 days

2
1
0 0

[PATCH v3] ata: ahci: Disallow LPM for ASUSPRO-D840SA motherboard

by Niklas Cassel

A user has bisected a regression which causes graphical corruptions on his screen to commit 7627a0edef54 ("ata: ahci: Drop low power policy board type"). Simply reverting commit 7627a0edef54 ("ata: ahci: Drop low power policy board type") makes the graphical corruptions on his screen to go away. (Note: there are no visible messages in dmesg that indicates a problem with AHCI.) The user also reports that the problem occurs regardless if there is an HDD or an SSD connected via AHCI, so the problem is not device related. The devices also work fine on other motherboards, so it seems specific to the ASUSPRO-D840SA motherboard. While enabling low power modes for AHCI is not supposed to affect completely unrelated hardware, like a graphics card, it does however allow the system to enter deeper PC-states, which could expose ACPI issues that were previously not visible (because the system never entered these lower power states before). There are previous examples where enabling LPM exposed serious BIOS/ACPI bugs, see e.g. commit 240630e61870 ("ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS"). Since there hasn't been any BIOS update in years for the ASUSPRO-D840SA motherboard, disable LPM for this board, in order to avoid entering lower PC-states, which triggers graphical corruptions. Cc: stable(a)vger.kernel.org Reported-by: Andy Yang <andyybtc79(a)gmail.com> Closes: https://bugzilla.kernel.org/show_bug.cgi?id=220111 Fixes: 7627a0edef54 ("ata: ahci: Drop low power policy board type") Signed-off-by: Niklas Cassel <cassel(a)kernel.org> --- Changes since v2: -Rework how we handle the quirk so that we also quirk future BIOS versions unless a build date is explicitly added to driver_data. drivers/ata/ahci.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c index e7c8357cbc54..c8ad8ace7496 100644 --- a/drivers/ata/ahci.c +++ b/drivers/ata/ahci.c @@ -1410,8 +1410,15 @@ static bool ahci_broken_suspend(struct pci_dev *pdev) static bool ahci_broken_lpm(struct pci_dev *pdev) { + /* + * Platforms with LPM problems. + * If driver_data is NULL, there is no existing BIOS version with + * functioning LPM. + * If driver_data is non-NULL, then driver_data contains the DMI BIOS + * build date of the first BIOS version with functioning LPM (i.e. older + * BIOS versions have broken LPM). + */ static const struct dmi_system_id sysids[] = { - /* Various Lenovo 50 series have LPM issues with older BIOSen */ { .matches = { DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), @@ -1440,6 +1447,13 @@ static bool ahci_broken_lpm(struct pci_dev *pdev) }, .driver_data = "20180409", /* 2.35 */ }, + { + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), + DMI_MATCH(DMI_PRODUCT_VERSION, "ASUSPRO D840MB_M840SA"), + }, + /* 320 is broken, there is no known good version yet. */ + }, { } /* terminate list */ }; const struct dmi_system_id *dmi = dmi_first_match(sysids); @@ -1449,6 +1463,9 @@ static bool ahci_broken_lpm(struct pci_dev *pdev) if (!dmi) return false; + if (!dmi->driver_data) + return true; + dmi_get_date(DMI_BIOS_DATE, &year, &month, &date); snprintf(buf, sizeof(buf), "%04d%02d%02d", year, month, date); -- 2.49.0

2 weeks, 3 days

3
3
0 0

[PATCH] drm/i915/snps_hdmi_pll: Fix 64-bit divisor truncation by using div64_u64

by Ankit Nautiyal

DIV_ROUND_CLOSEST_ULL uses do_div(), which expects a 32-bit divisor. When passing a 64-bit constant like CURVE2_MULTIPLIER, the value is silently truncated to u32, potentially leading to incorrect results on large divisors. Replace DIV_ROUND_CLOSEST_ULL with div64_u64(), which correctly handles full 64-bit division. Since the result is clamped between 1 and 127, rounding is unnecessary and truncating division is sufficient. Fixes: 5947642004bf ("drm/i915/display: Add support for SNPS PHY HDMI PLL algorithm for DG2") Cc: Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> Cc: Suraj Kandpal <suraj.kandpal(a)intel.com> Cc: Jani Nikula <jani.nikula(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.15+ Signed-off-by: Ankit Nautiyal <ankit.k.nautiyal(a)intel.com> --- drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c b/drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c index 74bb3bedf30f..ac609bdf6653 100644 --- a/drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c +++ b/drivers/gpu/drm/i915/display/intel_snps_hdmi_pll.c @@ -103,8 +103,8 @@ static void get_ana_cp_int_prop(u64 vco_clk, DIV_ROUND_DOWN_ULL(curve_1_interpolated, CURVE0_MULTIPLIER))); ana_cp_int_temp = - DIV_ROUND_CLOSEST_ULL(DIV_ROUND_DOWN_ULL(adjusted_vco_clk1, curve_2_scaled1), - CURVE2_MULTIPLIER); + div64_u64(DIV_ROUND_DOWN_ULL(adjusted_vco_clk1, curve_2_scaled1), + CURVE2_MULTIPLIER); *ana_cp_int = max(1, min(ana_cp_int_temp, 127)); -- 2.45.2

2 weeks, 3 days

3
2
0 0

Reply Request: UITP Summit - Hamburg 2025 Attendees List

by Michelle Calara

Hi, Following up on my primary email about the visitor list. Please let me know your thoughts, and I'd be happy to give more details. Best regards, Grace Subject: UITP Summit - Hamburg 2025! Hi, I wanted to check if you’d be interested in acquiring the attendees list of UITP Summit - Hamburg 2025? Event Overview: Dates: 15 - 18 Jun 2025 Location: Hamburg, Germany Attendees: 10,126 Exhibitors: 380 Each contact contains: Contact Name, First Name, Last Name, Job Title, Company, Website Address, City, State, Zip, Country Code, Revenue, Employee Size, Email, Phone Number, and Fax Number. If you're interested in the list, just reply "Send Counts and Cost"? Best regards, Michelle Calara Senior Marketing Manager To unsubscribe, simply respond with “Not interested.”

2 weeks, 3 days

1
0
0 0

[tip: perf/urgent] perf/x86/intel: Fix crash in icl_update_topdown_event()

by tip-bot2 for Kan Liang

The following commit has been merged into the perf/urgent branch of tip: Commit-ID: b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed Gitweb: https://git.kernel.org/tip/b0823d5fbacb1c551d793cbfe7af24e0d1fa45ed Author: Kan Liang <kan.liang(a)linux.intel.com> AuthorDate: Thu, 12 Jun 2025 07:38:18 -07:00 Committer: Ingo Molnar <mingo(a)kernel.org> CommitterDate: Fri, 13 Jun 2025 09:38:06 +02:00 perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PID: 0 Comm: swapper/23 Tainted: [W]=WARN Hardware name: Dell Inc. Precision 9660/0VJ762 RIP: 0010:native_read_pmc+0x7/0x40 Code: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ... RSP: 000:fffb03100273de8 EFLAGS: 00010046 .... Call Trace: <TASK> icl_update_topdown_event+0x165/0x190 ? ktime_get+0x38/0xd0 intel_pmu_read_event+0xf9/0x210 __perf_event_read+0xf9/0x210 CPUs 16-23 are E-core CPUs that don't support the perf metrics feature. The icl_update_topdown_event() should not be invoked on these CPUs. It's a regression of commit: f9bdf1f95339 ("perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read") The bug introduced by that commit is that the is_topdown_event() function is mistakenly used to replace the is_topdown_count() call to check if the topdown functions for the perf metrics feature should be invoked. Fix it. Fixes: f9bdf1f95339 ("perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read") Closes: https://lore.kernel.org/lkml/352f0709-f026-cd45-e60c-60dfd97f73f3@maine.edu/ Reported-by: Vince Weaver <vincent.weaver(a)maine.edu> Signed-off-by: Kan Liang <kan.liang(a)linux.intel.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Signed-off-by: Ingo Molnar <mingo(a)kernel.org> Tested-by: Vince Weaver <vincent.weaver(a)maine.edu> Cc: stable(a)vger.kernel.org # v6.15+ Link: https://lore.kernel.org/r/20250612143818.2889040-1-kan.liang@linux.intel.com --- arch/x86/events/intel/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/events/intel/core.c b/arch/x86/events/intel/core.c index 741b229..c2fb729 100644 --- a/arch/x86/events/intel/core.c +++ b/arch/x86/events/intel/core.c @@ -2826,7 +2826,7 @@ static void intel_pmu_read_event(struct perf_event *event) * If the PEBS counters snapshotting is enabled, * the topdown event is available in PEBS records. */ - if (is_topdown_event(event) && !is_pebs_counter_event_group(event)) + if (is_topdown_count(event) && !is_pebs_counter_event_group(event)) static_call(intel_pmu_update_topdown_event)(event, NULL); else intel_pmu_drain_pebs_buffer();

2 weeks, 3 days

1
0
0 0

[PATCH v2 0/6] media: ti, cdns: Multiple pixel support and misc fixes

by Jai Luthra

Hi, The first four patches in this series are miscellaneous fixes and improvements in the Cadence and TI CSI-RX drivers around probing, fwnode and link creation. The last two patches add support for transmitting multiple pixels per clock on the internal bus between Cadence CSI-RX bridge and TI CSI-RX wrapper. As this internal bus is 32-bit wide, the maximum number of pixels that can be transmitted per cycle depend upon the format's bit width. Secondly, the downstream element must support unpacking of multiple pixels. Thus we export a module function that can be used by the downstream driver to negotiate the pixels per cycle on the output pixel stream of the Cadence bridge. Signed-off-by: Jai Luthra <jai.luthra(a)ideasonboard.com> --- Changes in v2: - Rebase on v6.15-rc1 - Fix lkp warnings in PATCH 5/6 missing header for FIELD_PREP - Add R-By tags from Devarsh and Changhuang - Link to v1: https://lore.kernel.org/r/20250324-probe_fixes-v1-0-5cd5b9e1cfac@ideasonboa… --- Jai Luthra (6): media: ti: j721e-csi2rx: Use devm_of_platform_populate media: ti: j721e-csi2rx: Use fwnode_get_named_child_node media: ti: j721e-csi2rx: Fix source subdev link creation media: cadence: csi2rx: Implement get_fwnode_pad op media: cadence: cdns-csi2rx: Support multiple pixels per clock cycle media: ti: j721e-csi2rx: Support multiple pixels per clock drivers/media/platform/cadence/cdns-csi2rx.c | 76 +++++++++++++++++----- drivers/media/platform/cadence/cdns-csi2rx.h | 19 ++++++ drivers/media/platform/ti/Kconfig | 3 +- .../media/platform/ti/j721e-csi2rx/j721e-csi2rx.c | 66 ++++++++++++++----- 4 files changed, 129 insertions(+), 35 deletions(-) --- base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 change-id: 20250314-probe_fixes-7e0ec33c7fee Best regards, -- Jai Luthra <jai.luthra(a)ideasonboard.com>

2 weeks, 3 days

2
3
0 0

Re: it's Seven again for PCBA One-stop Service

by Seven

Hi , What would it mean to you if your business was able to reduce Expenses by 20% (Clients: Littelfuse, Corsair, BMB, Mercedes-Benz, Fantac) We are a PCBA factory with an area of 6,000 square meters. We have been in this industry for 18 years and have an experienced team of engineers. Help you reduce BOM Expenses Fast delivery (15 days for Demo) Competitive prices (10% lower than peers) Real factory processing fees are Fees Complete quality management system (ISO9001,ISO14001,ISO13485,IATF16949,UL)Given how well our pcba service suits your needs, I think we could do some Excellent work together. Seven LeeChief Technology Officer Business Department | Shenzhen STHL Technology Co,Ltd +8618569002840 Seven(a)pcba-china.com 在2025-06-04，Seven <seven(a)ems-sthi.com> 写道:-----原始邮件----- 发件人： Seven <seven(a)ems-sthi.com> 发件时间: 2025年06月04日周三收件人： [Linux-stable-mirror <linux-stable-mirror(a)lists.linaro.org>] 主题： Re:Jordan recommend me get in touch Hi, Glad to know you and your company from Jordan. I‘m Seven CTO of STHL We are a one-stop service provider for PCBA. We can help you with production from PCB to finished product assembly. Why Partner With Us? ✅ One-Stop Expertise: From PCB fabrication, PCBA (SMT & Through-Hole), custom cable harnesses, , to final product assembly – we eliminate multi-vendor coordination risks. ✅ Cost Efficiency: 40%+ clients reduce logistics/QC costs through our integrated service model (ISO 9001:2015 certified). ✅ Speed-to-Market: Average 15% faster lead times achieved via in-house vertical integration. Recent Success Case: Helped a German IoT startup scale from prototype to 50K-unit/month production within 6 months through our: PCB Design-for-Manufacturing (DFM) optimization Automated PCBA with 99.98% first-pass yield Mechanical housing CNC machining & IP67-rated assembly Seven Marcus CTO Shenzhen STHL Technology Co,Ltd +8618569002840 Seven(a)pcba-china.com

2 weeks, 3 days

1
0
0 0

[PATCH 6.12.y] wifi: rtw89: phy: add dummy C2H event handler for report of TAS power

by Zenm Chen

From: Ping-Ke Shih <pkshih(a)realtek.com> [ Upstream commit 09489812013f9ff3850c3af9900c88012b8c1e5d ] The newer firmware, like RTL8852C version 0.27.111.0, will notify driver report of TAS (Time Averaged SAR) power by new C2H events. This is to assist in higher accurate calculation of TAS. For now, driver doesn't use the report yet, so add a dummy handler to avoid it throws info like: rtw89_8852ce 0000:03:00.0: c2h class 9 func 6 not support Also add "MAC" and "PHY" to the message to disambiguate the source of C2H event. Signed-off-by: Ping-Ke Shih <pkshih(a)realtek.com> Link: https://patch.msgid.link/20241209042127.21424-1-pkshih@realtek.com Signed-off-by: Zenm Chen <zenmchen(a)gmail.com> --- Currently the rtw89 driver in kernel 6.12.y could spam the system log with the messages below if the distro provides a newer firmware, backport this patch to 6.12.y to fix it. [ 13.207637] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 17.115171] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 19.117996] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 21.122162] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 23.123588] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 25.127008] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 31.246591] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 34.665080] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 41.064308] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 43.067127] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 45.069878] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 47.072845] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 49.265599] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 51.268512] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 53.271490] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support [ 55.274271] rtw89_8852ce 0000:02:00.0: c2h class 9 func 6 not support --- drivers/net/wireless/realtek/rtw89/mac.c | 4 ++-- drivers/net/wireless/realtek/rtw89/phy.c | 10 ++++++++-- drivers/net/wireless/realtek/rtw89/phy.h | 1 + 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/net/wireless/realtek/rtw89/mac.c b/drivers/net/wireless/realtek/rtw89/mac.c index 9b09d4b7d..2188bca89 100644 --- a/drivers/net/wireless/realtek/rtw89/mac.c +++ b/drivers/net/wireless/realtek/rtw89/mac.c @@ -5513,11 +5513,11 @@ void rtw89_mac_c2h_handle(struct rtw89_dev *rtwdev, struct sk_buff *skb, case RTW89_MAC_C2H_CLASS_FWDBG: return; default: - rtw89_info(rtwdev, "c2h class %d not support\n", class); + rtw89_info(rtwdev, "MAC c2h class %d not support\n", class); return; } if (!handler) { - rtw89_info(rtwdev, "c2h class %d func %d not support\n", class, + rtw89_info(rtwdev, "MAC c2h class %d func %d not support\n", class, func); return; } diff --git a/drivers/net/wireless/realtek/rtw89/phy.c b/drivers/net/wireless/realtek/rtw89/phy.c index 5c31639b4..355c3f58a 100644 --- a/drivers/net/wireless/realtek/rtw89/phy.c +++ b/drivers/net/wireless/realtek/rtw89/phy.c @@ -3062,10 +3062,16 @@ rtw89_phy_c2h_rfk_report_state(struct rtw89_dev *rtwdev, struct sk_buff *c2h, u3 (int)(len - sizeof(report->hdr)), &report->state); } +static void +rtw89_phy_c2h_rfk_log_tas_pwr(struct rtw89_dev *rtwdev, struct sk_buff *c2h, u32 len) +{ +} + static void (* const rtw89_phy_c2h_rfk_report_handler[])(struct rtw89_dev *rtwdev, struct sk_buff *c2h, u32 len) = { [RTW89_PHY_C2H_RFK_REPORT_FUNC_STATE] = rtw89_phy_c2h_rfk_report_state, + [RTW89_PHY_C2H_RFK_LOG_TAS_PWR] = rtw89_phy_c2h_rfk_log_tas_pwr, }; bool rtw89_phy_c2h_chk_atomic(struct rtw89_dev *rtwdev, u8 class, u8 func) @@ -3119,11 +3125,11 @@ void rtw89_phy_c2h_handle(struct rtw89_dev *rtwdev, struct sk_buff *skb, return; fallthrough; default: - rtw89_info(rtwdev, "c2h class %d not support\n", class); + rtw89_info(rtwdev, "PHY c2h class %d not support\n", class); return; } if (!handler) { - rtw89_info(rtwdev, "c2h class %d func %d not support\n", class, + rtw89_info(rtwdev, "PHY c2h class %d func %d not support\n", class, func); return; } diff --git a/drivers/net/wireless/realtek/rtw89/phy.h b/drivers/net/wireless/realtek/rtw89/phy.h index 9bb9c9c8e..961a4bacb 100644 --- a/drivers/net/wireless/realtek/rtw89/phy.h +++ b/drivers/net/wireless/realtek/rtw89/phy.h @@ -151,6 +151,7 @@ enum rtw89_phy_c2h_rfk_log_func { enum rtw89_phy_c2h_rfk_report_func { RTW89_PHY_C2H_RFK_REPORT_FUNC_STATE = 0, + RTW89_PHY_C2H_RFK_LOG_TAS_PWR = 6, }; enum rtw89_phy_c2h_dm_func { -- 2.49.0

2 weeks, 4 days

1
0
0 0

[PATCH 6.15 00/34] 6.15.2-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.15.2 release. There are 34 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Mon, 09 Jun 2025 10:07:05 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.15.2-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.15.2-rc1 Aurabindo Pillai <aurabindo.pillai(a)amd.com> Revert "drm/amd/display: more liberal vmin/vmax update for freesync" Xu Yang <xu.yang_2(a)nxp.com> dt-bindings: phy: imx8mq-usb: fix fsl,phy-tx-vboost-level-microvolt property Lukasz Czechowski <lukasz.czechowski(a)thaumatec.com> dt-bindings: usb: cypress,hx3: Add support for all variants Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: remoteproc: qcom,sm8150-pas: Add missing SC8180X compatible David Lechner <dlechner(a)baylibre.com> dt-bindings: pwm: adi,axi-pwmgen: Fix clocks Sergey Senozhatsky <senozhatsky(a)chromium.org> thunderbolt: Do not double dequeue a configuration request Carlos Llamas <cmllamas(a)google.com> binder: fix yet another UAF in binder_devices Dmitry Antipov <dmantipov(a)yandex.ru> binder: fix use-after-free in binderfs_evict_inode() Dave Penkler <dpenkler(a)gmail.com> usb: usbtmc: Fix timeout value in get_stb Arnd Bergmann <arnd(a)arndb.de> nvmem: rmem: select CONFIG_CRC32 Dustin Lundquist <dustin(a)null-ptr.net> serial: jsm: fix NPE during jsm_uart_port_init Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Bluetooth: hci_qca: move the SoC type check to the right place Qasim Ijaz <qasdev00(a)gmail.com> usb: typec: ucsi: fix Clang -Wsign-conversion warning Charles Yeh <charlesyeh522(a)gmail.com> USB: serial: pl2303: add new chip PL2303GC-Q20 and PL2303GT-2AB Hongyu Xie <xiehongyu1(a)kylinos.cn> usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device Jiayi Li <lijiayi(a)kylinos.cn> usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Fix subvol to missing root repair Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Run may_delete_deleted_inode() checks in bch2_inode_rm() Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: delete dead code from may_delete_deleted_inode() Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Repair code for directory i_size Kent Overstreet <kent.overstreet(a)linux.dev> bcachefs: Kill un-reverted directory i_size code Alexandre Mergnat <amergnat(a)baylibre.com> rtc: Fix offset calculation for .start_secs < 0 Alexandre Mergnat <amergnat(a)baylibre.com> rtc: Make rtc_time64_to_tm() support dates before 1970 Nícolas F. R. A. Prado <nfraprado(a)collabora.com> pinctrl: mediatek: eint: Fix invalid pointer dereference for v1 platforms Sakari Ailus <sakari.ailus(a)linux.intel.com> Documentation: ACPI: Use all-string data node references Gautham R. Shenoy <gautham.shenoy(a)amd.com> acpi-cpufreq: Fix nominal_freq units to KHz in get_max_boost_ratio() Pritam Manohar Sutar <pritam.sutar(a)samsung.com> clk: samsung: correct clock summary for hsi1 block Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: set GPIO output value before setting direction Gabor Juhos <j4g8y7(a)gmail.com> pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 Ahmed Salem <x0rw3ll(a)gmail.com> ACPICA: Apply ACPI_NONSTRING in more places Kees Cook <kees(a)kernel.org> ACPICA: Apply ACPI_NONSTRING Kees Cook <kees(a)kernel.org> ACPICA: Introduce ACPI_NONSTRING Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Revert "x86/smp: Eliminate mwait_play_dead_cpuid_hint()" Pan Taixi <pantaixi(a)huaweicloud.com> tracing: Fix compilation warning on arm32 ------------- Diffstat: .../bindings/phy/fsl,imx8mq-usb-phy.yaml | 3 +- .../devicetree/bindings/pwm/adi,axi-pwmgen.yaml | 13 +++- .../bindings/remoteproc/qcom,sm8150-pas.yaml | 3 + .../devicetree/bindings/usb/cypress,hx3.yaml | 19 +++++- .../acpi/dsd/data-node-references.rst | 26 ++++---- Documentation/firmware-guide/acpi/dsd/graph.rst | 11 ++-- Documentation/firmware-guide/acpi/dsd/leds.rst | 7 +- Makefile | 4 +- arch/x86/kernel/smpboot.c | 54 +++++++++++++-- drivers/acpi/acpica/acdebug.h | 2 +- drivers/acpi/acpica/aclocal.h | 4 +- drivers/acpi/acpica/nsnames.c | 2 +- drivers/acpi/acpica/nsrepair2.c | 2 +- drivers/android/binder.c | 16 ++++- drivers/android/binder_internal.h | 8 ++- drivers/android/binderfs.c | 2 +- drivers/bluetooth/hci_qca.c | 14 ++-- drivers/clk/samsung/clk-exynosautov920.c | 2 +- drivers/cpufreq/acpi-cpufreq.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 ++--- drivers/nvmem/Kconfig | 1 + drivers/pinctrl/mediatek/mtk-eint.c | 26 ++++---- drivers/pinctrl/mediatek/mtk-eint.h | 5 +- drivers/pinctrl/mediatek/pinctrl-mtk-common-v2.c | 2 +- drivers/pinctrl/mediatek/pinctrl-mtk-common.c | 2 +- drivers/pinctrl/mvebu/pinctrl-armada-37xx.c | 14 ++-- drivers/rtc/class.c | 2 +- drivers/rtc/lib.c | 24 +++++-- drivers/thunderbolt/ctl.c | 5 ++ drivers/tty/serial/jsm/jsm_tty.c | 1 + drivers/usb/class/usbtmc.c | 4 +- drivers/usb/core/quirks.c | 3 + drivers/usb/serial/pl2303.c | 2 + drivers/usb/storage/unusual_uas.h | 7 ++ drivers/usb/typec/ucsi/ucsi.h | 2 +- fs/bcachefs/dirent.c | 12 +--- fs/bcachefs/dirent.h | 4 +- fs/bcachefs/errcode.h | 2 + fs/bcachefs/fs.c | 8 ++- fs/bcachefs/fsck.c | 8 +++ fs/bcachefs/inode.c | 77 ++++++++++++++-------- fs/bcachefs/namei.c | 4 +- fs/bcachefs/sb-errors_format.h | 4 +- fs/bcachefs/subvolume.c | 19 ++++-- include/acpi/actbl.h | 6 +- include/acpi/actypes.h | 4 ++ include/acpi/platform/acgcc.h | 8 +++ kernel/trace/trace.c | 2 +- .../acpi/os_specific/service_layers/oslinuxtbl.c | 2 +- tools/power/acpi/tools/acpidump/apfiles.c | 2 +- 50 files changed, 314 insertions(+), 158 deletions(-)

2 weeks, 4 days

16
51
0 0

[PATCH v2 0/5] drm/xe: enable driver usage on non-4KiB kernels

by Mingcong Bai via B4 Relay

This patch series attempts to enable the use of xe DRM driver on non-4KiB kernel page platforms. This involves fixing the ttm/bo interface, as well as parts of the userspace API to make use of kernel `PAGE_SIZE' for alignment instead of the assumed `SZ_4K', it also fixes incorrect usage of `PAGE_SIZE' in the GuC and ring buffer interface code to make sure all instructions/commands were aligned to 4KiB barriers (per the Programmer's Manual for the GPUs covered by this DRM driver). This issue was first discovered and reported by members of the LoongArch user communities, whose hardware commonly ran on 16KiB-page kernels. The patch series began on an unassuming branch of a downstream kernel tree maintained by Shang Yatsen.[^1] It worked well but remained sparsely documented, a lot of the work done here relied on Shang Yatsen's original patch. AOSC OS then picked it up[^2] to provide Intel Xe/Arc support for users of its LoongArch port, for which I worked extensively on. After months of positive user feedback and from encouragement from Kexy Biscuit, my colleague at the community, I decided to examine its potential for upstreaming, cross-reference kernel and Intel documentation to better document and revise this patch. Now that this series has been tested good (for boot up, OpenGL, and playback of a standardised set of video samples[^3] on the following platforms (motherboard + GPU model): - x86-64, 4KiB kernel page: - MS-7D42 + Intel Arc A580 - COLORFIRE B760M-MEOW WIFI D5 + Intel Arc B580 - LoongArch, 16KiB kernel page: - XA61200 + GUNNIR DG1 Blue Halberd (Intel DG1) - XA61200 + GUNNIR Iris Xe Index 4 (Intel DG1) - XA61200 + GUNNIR Intel Iris Xe Max Index V2 (Intel DG1) - XA61200 + GUNNIR Intel Arc A380 Index 6G (Intel Arc A380) - XA61200 + ASRock Arc A380 Challenger ITX OC (Intel Arc A380) - XA61200 + Intel Arc A580 - XA61200 + GUNNIR Intel Arc A750 Photon 8G OC (Intel Arc A750) - XA61200 + Intel Arc B580 - XB612B0 + GUNNIR Intel Iris Xe Max Index V2 (Intel DG1) - XB612B0 + GUNNIR Intel Arc A380 Index 6G (Intel Arc A380) - ASUS XC-LS3A6M + GUNNIR Intel Arc B580 INDEX 12G (Intel Arc B580) On these platforms, basic functionalities tested good but the driver was unstable with occasional resets (I do suspect however, that this platform suffers from PCIe coherence issues, as instability only occurs under heavy VRAM I/O load): - AArch64, 4KiB/64KiB kernel pages: - ERUN-FD3000 (Phytium D3000) + GUNNIR Intel Iris Xe Max Index V2 (Intel DG1) - ERUN-FD3000 (Phytium D3000) + GUNNIR Intel Arc A380 Index 6G (Intel Arc A380) - ERUN-FD3000 (Phytium D3000) + GUNNIR Intel Arc A750 Photon 8G OC (Intel Arc A750) I think that this patch series is now ready for your comment and review. Please forgive me if I made any simple mistake or used wrong terminologies, but I have never worked on a patch for the DRM subsystem and my experience is still quite thin. But anyway, just letting you all know that Intel Xe/Arc works on non-4KiB kernel page platforms (and honestly, it's great to use, especially for games and media playback)! [^1]: https://github.com/FanFansfan/loongson-linux/tree/loongarch-xe [^2]: We maintained Shang Yatsen's patch until our v6.13.3 tree, until we decided to test and send this series upstream, https://github.com/AOSC-Tracking/linux/tree/aosc/v6.13.3 [^3]: Delicious hot pot! https://repo.aosc.io/ahvl/sample-videos-20250223.tar.zst --- Matthew(s), Lucas, and Francois: Thanks again for your patience and review. I recently had a job change and it put me off this series for months, but I'm back (and should be a lot more responsive now) - sorry! Let's get this ball rolling again. I was unfortunately unable to revise 1/5 from v1 as you requested, neither of your suggestions to allow allocation of VRAM smaller than page size worked... So I kept that part as is. As for the your comment in 5/5, I'm not sure about what the right approach to implement a SZ_64K >= PAGE_SIZE assert was, as there are many other instances of similar ternary conditional operators in the xe code. Correct me if I'm wrong but I felt that it might be better handled in a separate patch series? --- Changes in v2: - Define `GUC_ALIGN' and use them in GuC code to improve clarity. - Update documentation on `DRM_XE_QUERY_CONFIG_MIN_ALIGNMENT'. - Rebase, and other minor changes. - Link to v1: https://lore.kernel.org/all/20250226-xe-non-4k-fix-v1-0-80f23b5ee40e@aosc.i… To: Lucas De Marchi <lucas.demarchi(a)intel.com> To: Thomas Hellström <thomas.hellstrom(a)linux.intel.com> To: Rodrigo Vivi <rodrigo.vivi(a)intel.com> To: Maarten Lankhorst <maarten.lankhorst(a)linux.intel.com> To: Maxime Ripard <mripard(a)kernel.org> To: Thomas Zimmermann <tzimmermann(a)suse.de> To: David Airlie <airlied(a)gmail.com> To: Simona Vetter <simona(a)ffwll.ch> To: José Roberto de Souza <jose.souza(a)intel.com> To: Francois Dugast <francois.dugast(a)intel.com> To: Matthew Brost <matthew.brost(a)intel.com> To: Alan Previn <alan.previn.teres.alexis(a)intel.com> To: Zhanjun Dong <zhanjun.dong(a)intel.com> To: Matt Roper <matthew.d.roper(a)intel.com> To: Mateusz Naklicki <mateusz.naklicki(a)intel.com> Cc: Mauro Carvalho Chehab <mauro.chehab(a)linux.intel.com> Cc: Zbigniew Kempczyński <zbigniew.kempczynski(a)intel.com> Cc: intel-xe(a)lists.freedesktop.org Cc: dri-devel(a)lists.freedesktop.org Cc: linux-kernel(a)vger.kernel.org Suggested-by: Kexy Biscuit <kexybiscuit(a)aosc.io> Co-developed-by: Shang Yatsen <429839446(a)qq.com> Signed-off-by: Shang Yatsen <429839446(a)qq.com> Signed-off-by: Mingcong Bai <jeffbai(a)aosc.io> --- Mingcong Bai (5): drm/xe/bo: fix alignment with non-4KiB kernel page sizes drm/xe/guc: use GUC_SIZE (SZ_4K) for alignment drm/xe/regs: fix RING_CTL_SIZE(size) calculation drm/xe: use 4KiB alignment for cursor jumps drm/xe/query: use PAGE_SIZE as the minimum page alignment drivers/gpu/drm/xe/regs/xe_engine_regs.h | 2 +- drivers/gpu/drm/xe/xe_bo.c | 8 ++++---- drivers/gpu/drm/xe/xe_guc.c | 4 ++-- drivers/gpu/drm/xe/xe_guc.h | 3 +++ drivers/gpu/drm/xe/xe_guc_ads.c | 32 ++++++++++++++++---------------- drivers/gpu/drm/xe/xe_guc_capture.c | 8 ++++---- drivers/gpu/drm/xe/xe_guc_ct.c | 2 +- drivers/gpu/drm/xe/xe_guc_log.c | 5 +++-- drivers/gpu/drm/xe/xe_guc_pc.c | 4 ++-- drivers/gpu/drm/xe/xe_migrate.c | 4 ++-- drivers/gpu/drm/xe/xe_query.c | 2 +- include/uapi/drm/xe_drm.h | 7 +++++-- 12 files changed, 44 insertions(+), 37 deletions(-) --- base-commit: 546b1c9e93c2bb8cf5ed24e0be1c86bb089b3253 change-id: 20250603-upstream-xe-non-4k-v2-4acf253c9bfd Best regards, -- Mingcong Bai <jeffbai(a)aosc.io>

2 weeks, 4 days

3
7
0 0

[PATCH 6.6.y] wifi: rtw89: pci: use DBI function for 8852AE/8852BE/8851BE

by Zenm Chen

From: Chin-Yen Lee <timlee(a)realtek.com> [ Upstream commit 9496d62f3877bc0f97b415bc04af98d092878026 ] Sometimes driver can't use kernel API pci_read/write_config_byte to access the PCI config space of above address 0x100 due to the negotiated PCI setting. 8852AE/8852BE/8851BE provide another way called DBI function, which belongs to WiFi mac and could access all PCI config space for this case. Link: https://lore.kernel.org/linux-wireless/79fe81b7db7148b9a7da2353c16d70fb@rea… Signed-off-by: Chin-Yen Lee <timlee(a)realtek.com> Signed-off-by: Ping-Ke Shih <pkshih(a)realtek.com> Signed-off-by: Kalle Valo <kvalo(a)kernel.org> Link: https://msgid.link/20240103012346.6822-1-pkshih@realtek.com Signed-off-by: Zenm Chen <zenmchen(a)gmail.com> --- Without this patch applied, the rtw89 driver in kernel 6.6.y may fail to initialize the RTL8852BE chip and print the error messages below on some platforms [1]. [ 13.449168] rtw89_8852be_git 0000:02:00.0: [ERR]pci config read 719 [ 13.449754] rtw89_8852be_git 0000:02:00.0: [ERR] pcie autok fail -22 [ 13.450353] rtw89_8852be_git 0000:02:00.0: failed to setup chip information [ 13.455857] rtw89_8852be_git: probe of 0000:02:00.0 failed with error -22 [1] https://github.com/a5a5aa555oo/rtw89/issues/3 --- drivers/net/wireless/realtek/rtw89/pci.c | 69 +++++++++++++++++++++++- drivers/net/wireless/realtek/rtw89/pci.h | 1 + 2 files changed, 68 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/realtek/rtw89/pci.c b/drivers/net/wireless/realtek/rtw89/pci.c index 30cc6e03c..33b2543ee 100644 --- a/drivers/net/wireless/realtek/rtw89/pci.c +++ b/drivers/net/wireless/realtek/rtw89/pci.c @@ -1822,22 +1822,87 @@ static int rtw89_write16_mdio_clr(struct rtw89_dev *rtwdev, u8 addr, u16 mask, u return 0; } +static int rtw89_dbi_write8(struct rtw89_dev *rtwdev, u16 addr, u8 data) +{ + u16 addr_2lsb = addr & B_AX_DBI_2LSB; + u16 write_addr; + u8 flag; + int ret; + + write_addr = addr & B_AX_DBI_ADDR_MSK; + write_addr |= u16_encode_bits(BIT(addr_2lsb), B_AX_DBI_WREN_MSK); + rtw89_write8(rtwdev, R_AX_DBI_WDATA + addr_2lsb, data); + rtw89_write16(rtwdev, R_AX_DBI_FLAG, write_addr); + rtw89_write8(rtwdev, R_AX_DBI_FLAG + 2, B_AX_DBI_WFLAG >> 16); + + ret = read_poll_timeout_atomic(rtw89_read8, flag, !flag, 10, + 10 * RTW89_PCI_WR_RETRY_CNT, false, + rtwdev, R_AX_DBI_FLAG + 2); + if (ret) + rtw89_err(rtwdev, "failed to write DBI register, addr=0x%X\n", + addr); + + return ret; +} + +static int rtw89_dbi_read8(struct rtw89_dev *rtwdev, u16 addr, u8 *value) +{ + u16 read_addr = addr & B_AX_DBI_ADDR_MSK; + u8 flag; + int ret; + + rtw89_write16(rtwdev, R_AX_DBI_FLAG, read_addr); + rtw89_write8(rtwdev, R_AX_DBI_FLAG + 2, B_AX_DBI_RFLAG >> 16); + + ret = read_poll_timeout_atomic(rtw89_read8, flag, !flag, 10, + 10 * RTW89_PCI_WR_RETRY_CNT, false, + rtwdev, R_AX_DBI_FLAG + 2); + if (ret) { + rtw89_err(rtwdev, "failed to read DBI register, addr=0x%X\n", + addr); + return ret; + } + + read_addr = R_AX_DBI_RDATA + (addr & 3); + *value = rtw89_read8(rtwdev, read_addr); + + return 0; +} + static int rtw89_pci_write_config_byte(struct rtw89_dev *rtwdev, u16 addr, u8 data) { struct rtw89_pci *rtwpci = (struct rtw89_pci *)rtwdev->priv; + enum rtw89_core_chip_id chip_id = rtwdev->chip->chip_id; struct pci_dev *pdev = rtwpci->pdev; + int ret; + + ret = pci_write_config_byte(pdev, addr, data); + if (!ret) + return 0; - return pci_write_config_byte(pdev, addr, data); + if (chip_id == RTL8852A || chip_id == RTL8852B || chip_id == RTL8851B) + ret = rtw89_dbi_write8(rtwdev, addr, data); + + return ret; } static int rtw89_pci_read_config_byte(struct rtw89_dev *rtwdev, u16 addr, u8 *value) { struct rtw89_pci *rtwpci = (struct rtw89_pci *)rtwdev->priv; + enum rtw89_core_chip_id chip_id = rtwdev->chip->chip_id; struct pci_dev *pdev = rtwpci->pdev; + int ret; - return pci_read_config_byte(pdev, addr, value); + ret = pci_read_config_byte(pdev, addr, value); + if (!ret) + return 0; + + if (chip_id == RTL8852A || chip_id == RTL8852B || chip_id == RTL8851B) + ret = rtw89_dbi_read8(rtwdev, addr, value); + + return ret; } static int rtw89_pci_config_byte_set(struct rtw89_dev *rtwdev, u16 addr, diff --git a/drivers/net/wireless/realtek/rtw89/pci.h b/drivers/net/wireless/realtek/rtw89/pci.h index 4259b79b1..119c0608b 100644 --- a/drivers/net/wireless/realtek/rtw89/pci.h +++ b/drivers/net/wireless/realtek/rtw89/pci.h @@ -42,6 +42,7 @@ #define B_AX_DBI_WFLAG BIT(16) #define B_AX_DBI_WREN_MSK GENMASK(15, 12) #define B_AX_DBI_ADDR_MSK GENMASK(11, 2) +#define B_AX_DBI_2LSB GENMASK(1, 0) #define R_AX_DBI_WDATA 0x1094 #define R_AX_DBI_RDATA 0x1098 -- 2.49.0

2 weeks, 4 days

1
0
0 0