- Linux-stable-mirror - lists.linaro.org

[PATCH net] net: qede: Initialize qede_ll_ops with designated initializer

by Nathan Chancellor

After a recent change [1] in clang's randstruct implementation to randomize structures that only contain function pointers, there is an error because qede_ll_ops get randomized but does not use a designated initializer for the first member: drivers/net/ethernet/qlogic/qede/qede_main.c:206:2: error: a randomized struct can only be initialized with a designated initializer 206 | { | ^ Explicitly initialize the common member using a designated initializer to fix the build. Cc: stable(a)vger.kernel.org Fixes: 035f7f87b729 ("randstruct: Enable Clang support") Link: https://github.com/llvm/llvm-project/commit/04364fb888eea6db9811510607bed4b… [1] Signed-off-by: Nathan Chancellor <nathan(a)kernel.org> --- drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/ethernet/qlogic/qede/qede_main.c b/drivers/net/ethernet/qlogic/qede/qede_main.c index 99df00c30b8c..b5d744d2586f 100644 --- a/drivers/net/ethernet/qlogic/qede/qede_main.c +++ b/drivers/net/ethernet/qlogic/qede/qede_main.c @@ -203,7 +203,7 @@ static struct pci_driver qede_pci_driver = { }; static struct qed_eth_cb_ops qede_ll_ops = { - { + .common = { #ifdef CONFIG_RFS_ACCEL .arfs_filter_op = qede_arfs_filter_op, #endif --- base-commit: 9540984da649d46f699c47f28c68bbd3c9d99e4c change-id: 20250507-qede-fix-clang-randstruct-011a3119f5d6 Best regards, -- Nathan Chancellor <nathan(a)kernel.org>

7 months

1
0
0 0

[PATCH v3 3/3] media: omap3isp: use sgtable-based scatterlist wrappers

by Marek Szyprowski

Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of scatterlists sync calls. dma_sync_sg_for_*() functions have to be called with the number of elements originally passed to dma_map_sg_*() function, not the one returned in sgtable's nents. Fixes: d33186d0be18 ("[media] omap3isp: ccdc: Use the DMA API for LSC") Fixes: 0e24e90f2ca7 ("[media] omap3isp: stat: Use the DMA API") CC: stable(a)vger.kernel.org Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- drivers/media/platform/ti/omap3isp/ispccdc.c | 8 ++++---- drivers/media/platform/ti/omap3isp/ispstat.c | 6 ++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/drivers/media/platform/ti/omap3isp/ispccdc.c b/drivers/media/platform/ti/omap3isp/ispccdc.c index dd375c4e180d..7d0c723dcd11 100644 --- a/drivers/media/platform/ti/omap3isp/ispccdc.c +++ b/drivers/media/platform/ti/omap3isp/ispccdc.c @@ -446,8 +446,8 @@ static int ccdc_lsc_config(struct isp_ccdc_device *ccdc, if (ret < 0) goto done; - dma_sync_sg_for_cpu(isp->dev, req->table.sgt.sgl, - req->table.sgt.nents, DMA_TO_DEVICE); + dma_sync_sgtable_for_cpu(isp->dev, &req->table.sgt, + DMA_TO_DEVICE); if (copy_from_user(req->table.addr, config->lsc, req->config.size)) { @@ -455,8 +455,8 @@ static int ccdc_lsc_config(struct isp_ccdc_device *ccdc, goto done; } - dma_sync_sg_for_device(isp->dev, req->table.sgt.sgl, - req->table.sgt.nents, DMA_TO_DEVICE); + dma_sync_sgtable_for_device(isp->dev, &req->table.sgt, + DMA_TO_DEVICE); } spin_lock_irqsave(&ccdc->lsc.req_lock, flags); diff --git a/drivers/media/platform/ti/omap3isp/ispstat.c b/drivers/media/platform/ti/omap3isp/ispstat.c index 359a846205b0..d3da68408ecb 100644 --- a/drivers/media/platform/ti/omap3isp/ispstat.c +++ b/drivers/media/platform/ti/omap3isp/ispstat.c @@ -161,8 +161,7 @@ static void isp_stat_buf_sync_for_device(struct ispstat *stat, if (ISP_STAT_USES_DMAENGINE(stat)) return; - dma_sync_sg_for_device(stat->isp->dev, buf->sgt.sgl, - buf->sgt.nents, DMA_FROM_DEVICE); + dma_sync_sgtable_for_device(stat->isp->dev, &buf->sgt, DMA_FROM_DEVICE); } static void isp_stat_buf_sync_for_cpu(struct ispstat *stat, @@ -171,8 +170,7 @@ static void isp_stat_buf_sync_for_cpu(struct ispstat *stat, if (ISP_STAT_USES_DMAENGINE(stat)) return; - dma_sync_sg_for_cpu(stat->isp->dev, buf->sgt.sgl, - buf->sgt.nents, DMA_FROM_DEVICE); + dma_sync_sgtable_for_cpu(stat->isp->dev, &buf->sgt, DMA_FROM_DEVICE); } static void isp_stat_buf_clear(struct ispstat *stat) -- 2.34.1

7 months

2
1
0 0

Re: Patch "spi: tegra114: Don't fail set_cs_timing when delays are zero" has been added to the 5.15-stable tree

by Jon Hunter

On 07/05/2025 16:45, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: tegra114: Don't fail set_cs_timing when delays are zero > > to the 5.15-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-tegra114-don-t-fail-set_cs_timing-when-delays-ar.patch > and it can be found in the queue-5.15 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Please drop this from the stable queue because there is another fix pending to fix this fix. Jon -- nvpublic

7 months

1
0
0 0

[PATCH 6.14 000/311] 6.14.5-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.14.5 release. There are 311 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 01 May 2025 16:10:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.14.5-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.14.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.14.5-rc1 Herbert Xu <herbert(a)gondor.apana.org.au> crypto: Kconfig - Select LIB generic option Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Silence more KCOV warnings, part 2 Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Ignore end-of-section jumps for KCOV/GCOV Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix Short Packet handling rework ignoring errors Hannes Reinecke <hare(a)kernel.org> nvme: fixup scan failure for non-ANA multipath controllers Ming Lei <ming.lei(a)redhat.com> ublk: don't fail request for recovery & reissue in case of ubq->canceling Miguel Ojeda <ojeda(a)kernel.org> rust: kbuild: skip `--remap-path-prefix` for `rustdoc` Dimitri Fedrau <dimitri.fedrau(a)liebherr.com> net: phy: dp83822: fix transmit amplitude if CONFIG_OF_MDIO not defined Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: cm: Fix warning if MIPS_CM is disabled Dan Carpenter <dan.carpenter(a)linaro.org> media: i2c: imx214: Fix uninitialized variable in imx214_set_ctrl() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: lib/Kconfig - Hide arch options from user Ian Abbott <abbotti(a)mev.co.uk> comedi: jr3_pci: Fix synchronous deletion of timer Daniel Borkmann <daniel(a)iogearbox.net> vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp Dmitry Torokhov <dmitry.torokhov(a)gmail.com> driver core: fix potential NULL pointer dereference in dev_uevent() Dmitry Torokhov <dmitry.torokhov(a)gmail.com> driver core: introduce device_set_driver() helper Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Revert "drivers: core: synchronize really_probe() and dev_uevent()" Tamura Dai <kirinode0(a)gmail.com> spi: spi-imx: Add check for spi_imx_setupxfer() Ming Lei <ming.lei(a)redhat.com> ublk: rely on ->canceling for dealing with ublk_nosrv_dev_should_queue_io Ming Lei <ming.lei(a)redhat.com> ublk: add ublk_force_abort_dev() Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Use the right function for hdp flush Mario Limonciello <mario.limonciello(a)amd.com> drm/amd: Forbid suspending into non-default suspend states Christian König <christian.koenig(a)amd.com> drm/amdgpu: use a dummy owner for sysfs triggered cleaner shaders v4 Meir Elisha <meir.elisha(a)volumez.com> md/raid1: Add check for missing source disk in process_checks() Pi Xiange <xiange.pi(a)intel.com> x86/cpu: Add CPU model number for Bartlett Lake CPUs with Raptor Cove cores Damien Le Moal <dlemoal(a)kernel.org> nvmet: pci-epf: cleanup link state management Mostafa Saleh <smostafa(a)google.com> ubsan: Fix panic from test_ubsan_out_of_bounds Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: add rate limiting and simplify timeout error message Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING" Andrew Jones <ajones(a)ventanamicro.com> riscv: Provide all alternative macros all the time Gou Hao <gouhao(a)uniontech.com> iomap: skip unnecessary ifs_block_is_uptodate check Song Liu <song(a)kernel.org> netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Add Vexia Edu Atla 10 tablet 5V data Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Add "9v" to Vexia EDU ATLA 10 tablet symbols Fernando Fernandez Mancera <ffmancera(a)riseup.net> x86/i8253: Call clockevent_i8253_disable() with interrupts disabled Weidong Wang <wangweidong.a(a)awinic.com> ASoC: codecs: Add of_match_table for aw888081 driver Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_asrc_dma: get codec or cpu dai from backend Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy_attached to zero when device is gone Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend() Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Move phy calls to .exit() callback Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: make block validity check resistent to sb bh corruption Robin Murphy <robin.murphy(a)arm.com> iommu: Clear iommu-dma ops on cleanup Pali Rohár <pali(a)kernel.org> cifs: Fix querying of WSL CHR and BLK reparse points over SMB1 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> timekeeping: Add a lockdep override in tick_freeze() Pali Rohár <pali(a)kernel.org> cifs: Fix encoding of SMB1 Session Setup Kerberos Request in non-UNICODE mode Daniel Wagner <wagi(a)kernel.org> nvmet-fc: put ref when assoc->del_work is already scheduled Daniel Wagner <wagi(a)kernel.org> nvmet-fc: take tgtport reference only once Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on context switch with eIBRS Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Use SBPB in write_ibpb() if applicable Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> selftests/mincore: Allow read-ahead pages to reach the end of the file Roger Pau Monne <roger.pau(a)citrix.com> x86/xen: disable CPU idle and frequency drivers for PVH dom0 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: of: Move Atmel HSMCI quirk up out of the regulator comment Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Stop UNRET validation on UD2 Uday Shankar <ushankar(a)purestorage.com> nvme: multipath: fix return value of nvme_available_path Hannes Reinecke <hare(a)kernel.org> nvme: re-read ANA log page after ns scan completes Julia Filipchuk <julia.filipchuk(a)intel.com> drm/xe/xe3lpg: Apply Wa_14022293748, Wa_22019794406 Jay Cornwall <jay.cornwall(a)amd.com> drm/amdgpu: Increase KIQ invalidate_tlbs timeout Emily Deng <Emily.Deng(a)amd.com> drm/amdkfd: sriov doesn't support per queue reset Jean-Marc Eurin <jmeurin(a)google.com> ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls Mario Limonciello <mario.limonciello(a)amd.com> ACPI: EC: Set ec_no_wakeup for Lenovo Go S Hannes Reinecke <hare(a)kernel.org> nvme: requeue namespace scan on missed AENs Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: axi-pwmgen: Let .round_waveform_tohw() signal when request was rounded up Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: Let pwm_set_waveform() succeed even if lowlevel driver rounded up Jason Andryuk <jason.andryuk(a)amd.com> xen: Change xen-acpi-processor dom0 dependency Gabriel Shahrouzi <gshahrouzi(a)gmail.com> perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init Ming Lei <ming.lei(a)redhat.com> selftests: ublk: fix test_stripe_04 Waiman Long <longman(a)redhat.com> cgroup/cpuset: Don't allow creation of local partition over a remote one Xiaogang Chen <xiaogang.chen(a)amd.com> udmabuf: fix a buf size overflow issue during udmabuf creation Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> KVM: s390: Don't use %pK through debug printing Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> KVM: s390: Don't use %pK through tracepoints Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP Xi Ruoyao <xry111(a)xry111.site> kbuild: add dependency from vmlinux to sorttable Thomas Weißschuh <linux(a)weissschuh.net> kbuild, rust: use -fremap-path-prefix to make paths relative Pavel Begunkov <asml.silence(a)gmail.com> io_uring: always do atomic put from iowq Steven Rostedt <rostedt(a)goodmis.org> tracing: Enforce the persistent ring buffer to be page aligned Lukas Stockmann <lukas.stockmann(a)siemens.com> rtc: pcf85063: do a SW reset if POR failed Ignacio Encinas <ignacio(a)iencinas.com> 9p/trans_fd: mark concurrent read and writes to p9_conn->err Dominique Martinet <asmadeus(a)codewreck.org> 9p/net: fix improper handling of bogus negative read/write replies Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> ntb_hw_amd: Add NTB PCI ID for new gen CPU Arnd Bergmann <arnd(a)arndb.de> ntb: reduce stack usage in idt_scan_mws Charlie Jenkins <charlie(a)rivosinc.com> riscv: tracing: Fix __write_overflow_field in ftrace_partial_regs() Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix _another_ leak Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, lkdtm: Obfuscate the do_nothing() pointer Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, panic: Disable SMAP in __stack_chk_fail() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Silence more KCOV warnings Nicolin Chen <nicolinc(a)nvidia.com> iommu/arm-smmu-v3: Set MEV bit in nested STE for DoS mitigations Benjamin Berg <benjamin.berg(a)intel.com> um: work around sched_yield not yielding in time-travel mode Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Scan retimers after device router has been enumerated Théo Lebrun <theo.lebrun(a)bootlin.com> usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func Chenyuan Yang <chenyuan0y(a)gmail.com> usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() Andy Yan <andy.yan(a)rock-chips.com> phy: rockchip: usbdp: Avoid call hpd_event_trigger in dp_phy_init Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running Vinicius Costa Gomes <vinicius.gomes(a)intel.com> dmaengine: dmatest: Fix dmatest waiting less when interrupted Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Add support for Nuvoton npcm845 i3c Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Handle spurious events on Etron host isoc enpoints Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix isochronous Ring Underrun/Overrun event handling Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Complete 'error mid TD' transfers when handling Missed Service Stefan Wahren <wahrenst(a)gmx.net> dmaengine: bcm2835-dma: fix warning when CONFIG_PM=n John Stultz <jstultz(a)google.com> sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: dwc3: gadget: Refactor loop to avoid NULL endpoints Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size Lizhi Xu <lizhi.xu(a)windriver.com> fs/ntfs3: Keep write operations atomic Trevor Gamblin <tgamblin(a)baylibre.com> iio: adc: ad4695: make ad4695_exit_conversion_mode() more robust Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> usb: typec: ucsi: ccg: move command quirks to ucsi_ccg_sync_control() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> usb: typec: ucsi: return CCI and message from sync_control callback Alexander Stein <alexander.stein(a)mailbox.org> usb: host: max3421-hcd: Add missing spi_device_id table Dave Penkler <dpenkler(a)gmail.com> staging: gpib: Use min for calculating transfer length Sudeep Holla <sudeep.holla(a)arm.com> mailbox: pcc: Always clear the platform ack interrupt first Huisong Li <lihuisong(a)huawei.com> mailbox: pcc: Fix the possible race in updation of chan_in_use flag Yafang Shao <laoar.shao(a)gmail.com> bpf: Reject attaching fexit/fmod_ret to __noreturn functions Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage Sewon Nam <swnam0729(a)gmail.com> bpf: bpftool: Setting error code in do_loader() Feng Yang <yangfeng(a)kylinos.cn> selftests/bpf: Fix cap_enable_effective() return code Biju Das <biju.das.jz(a)bp.renesas.com> clk: renesas: rzv2h: Adjust for CPG_BUS_m_MSTOP starting from m = 1 Haoxiang Li <haoxiang_li2024(a)163.com> s390/tty: Fix a potential memory leak bug Haoxiang Li <haoxiang_li2024(a)163.com> s390/sclp: Add check for get_zeroed_page() Yu-Chun Lin <eleanor15x(a)gmail.com> parisc: PDT: Fix missing prototype warning Heiko Stuebner <heiko(a)sntech.de> clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() Alexei Starovoitov <ast(a)kernel.org> bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Yonghong Song <yonghong.song(a)linux.dev> bpf: Fix kmemleak warning for percpu hashmap Herbert Xu <herbert(a)gondor.apana.org.au> crypto: null - Use spin lock instead of mutex Herbert Xu <herbert(a)gondor.apana.org.au> crypto: lib/Kconfig - Fix lib built-in failure when arch is modular Devaraj Rangasamy <Devaraj.Rangasamy(a)amd.com> crypto: ccp - Add support for PCI device 0x1134 Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: cm: Detect CM quirks from device tree Dmitry Mastykin <mastichi(a)gmail.com> pinctrl: mcp23s08: Get rid of spurious level interrupts Chenyuan Yang <chenyuan0y(a)gmail.com> pinctrl: renesas: rza2: Fix potential NULL pointer dereference Amery Hung <ameryhung(a)gmail.com> selftests/bpf: Fix stdout race condition in traffic monitor Lukas Wunner <lukas(a)wunner.de> crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Oliver Neukum <oneukum(a)suse.com> USB: wdm: add annotation Oliver Neukum <oneukum(a)suse.com> USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context Oliver Neukum <oneukum(a)suse.com> USB: wdm: close race between wdm_open and wdm_wwan_port_stop Oliver Neukum <oneukum(a)suse.com> USB: wdm: handle IO errors in wdm_wwan_port_start Dan Carpenter <dan.carpenter(a)linaro.org> usb: typec: class: Unlocked on error in typec_register_partner() Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: class: Invalidate USB device pointers on partner unregistration Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: class: Fix NULL pointer access Oliver Neukum <oneukum(a)suse.com> USB: VLI disk crashes if LPM is used Miao Li <limiao(a)kylinos.cn> usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive Miao Li <limiao(a)kylinos.cn> usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive Mike Looijmans <mike.looijmans(a)topic.nl> usb: dwc3: xilinx: Prevent spike in reset signal Frode Isaksen <frode(a)meta.com> usb: dwc3: gadget: check that event count does not exceed event buffer length Huacai Chen <chenhuacai(a)kernel.org> USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: fix usbmisc handling Ralph Siemsen <ralph.siemsen(a)linaro.org> usb: cdns3: Fix deadlock when using NCM gadget Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix invalid pointer dereference in Etron workaround Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Limit time spent with xHC interrupts disabled during bus resume Craig Hesling <craig(a)hesling.com> USB: serial: simple: add OWON HDS200 series oscilloscope support Adam Xue <zxue(a)semtech.com> USB: serial: option: add Sierra Wireless EM9291 Michael Ehrenreich <michideep(a)gmail.com> USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe Ryo Takakura <ryotkkr98(a)gmail.com> serial: sifive: lock port in startup()/shutdown() callbacks Stephan Gerhold <stephan.gerhold(a)linaro.org> serial: msm: Configure correct working mode before starting earlycon Günther Noack <gnoack3000(a)gmail.com> tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT Mahesh Rao <mahesh.rao(a)intel.com> firmware: stratix10-svc: Add of_platform_default_populate() Rengarajan S <rengarajan.s(a)microchip.com> misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack Rengarajan S <rengarajan.s(a)microchip.com> misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> char: misc: register chrdev region with all possible minors Sean Christopherson <seanjc(a)google.com> KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer Sean Christopherson <seanjc(a)google.com> KVM: x86: Reset IRTE to host control if *new* route isn't postable Sean Christopherson <seanjc(a)google.com> KVM: x86: Explicitly treat routing entry type changes as changes Hans de Goede <hdegoede(a)redhat.com> mei: vsc: Fix fortify-panic caused by invalid counted_by() use Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add panther lake H DID Damien Le Moal <dlemoal(a)kernel.org> scsi: Improve CDL control Oliver Neukum <oneukum(a)suse.com> USB: storage: quirk for ADATA Portable HDD CH94 Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_msense_control_ata_feature() Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Improve CDL control Haoxiang Li <haoxiang_li2024(a)163.com> mcb: fix a double free bug in chameleon_parse_gdd() Smita Koralahalli <Smita.KoralahalliChannabasappa(a)amd.com> cxl/core/regs.c: Skip Memory Space Enable check for RCD and RCH Ports Sean Christopherson <seanjc(a)google.com> KVM: SVM: Allocate IR data using atomic allocation Jens Axboe <axboe(a)kernel.dk> io_uring: fix 'sync' handling of io_fallback_tw() Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fix PMU pass-through issue if VM exits to host finally Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fully clear some CSRs when VM reboot Yulong Han <wheatfox17(a)icloud.com> LoongArch: KVM: Fix multiple typos of KVM code Petr Tesarik <ptesarik(a)suse.com> LoongArch: Remove a bogus reference to ZONE_DMA Ming Wang <wangming01(a)loongson.cn> LoongArch: Return NULL from huge_pte_offset() for invalid PMD Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Handle fp, lsx, lasx and lbt assembly symbols Carlos Llamas <cmllamas(a)google.com> binder: fix offset calculation in debug log Suzuki K Poulose <suzuki.poulose(a)arm.com> irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> selftests/pcie_bwctrl: Fix test progs list Juergen Gross <jgross(a)suse.com> x86/mm: Fix _pgd_alloc() for Xen PV mode Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/insn: Fix CTEST instruction decoding Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Fix ACPI edid parsing on some Lenovo systems Roman Li <Roman.Li(a)amd.com> drm/amd/display: Force full update in gpu reset Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix gpu reset in multidisplay config Hugo Villeneuve <hvilleneuve(a)dimonoff.com> drm: panel: jd9365da: fix reset signal polarity in unprepare Christian Schrefl <chrisi.schrefl(a)gmail.com> rust: firmware: Use `ffi::c_char` type in `FwFunc` Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Fix pending I/O counter Mat Martineau <martineau(a)kernel.org> mptcp: pm: Defer freeing of MPTCP userspace path manager entries Fiona Klute <fiona.klute(a)gmx.de> net: phy: microchip: force IRQ polling mode for lan88xx Oleksij Rempel <o.rempel(a)pengutronix.de> net: selftests: initialize TCP header and skb payload with zero Alexey Nepomnyashih <sdl(a)nppct.ru> xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() Marek Behún <kabel(a)kernel.org> crypto: atmel-sha204a - Set hwrng quality to lowest possible Breno Leitao <leitao(a)debian.org> sched_ext: Use kvzalloc for large exit_dump allocation Halil Pasic <pasic(a)linux.ibm.com> virtio_console: fix missing byte order handling for cols and rows Florian Westphal <fw(a)strlen.de> netfilter: fib: avoid lookup if socket is available Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: stmmac: block PHY RXC clock-stop Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: phylink: add functions to block/unblock rx clock stop Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: stmmac: socfpga: remove phy_resume() call Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: stmmac: address non-LPI resume failures properly Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: phylink: add phylink_prepare_resume() Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: stmmac: simplify phylink_suspend() and phylink_resume() calls Omar Sandoval <osandov(a)fb.com> sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Make do_xyz() exception handlers more robust Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Make regs_irqs_disabled() more clear Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Select ARCH_USE_MEMTEST Luo Gengkun <luogengkun(a)huaweicloud.com> perf/x86: Fix non-sampling (counting) events on certain x86 platforms Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> drm/meson: use unsigned long long / Hz for frequency types Christian Hewitt <christianshewitt(a)gmail.com> Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Alexei Starovoitov <ast(a)kernel.org> bpf: Add namespace to BPF internal symbols Jan Kara <jack(a)suse.cz> fs/xattr: Fix handling of AT_FDCWD in setxattrat(2) and getxattrat(2) T.J. Mercier <tjmercier(a)google.com> splice: remove duplicate noinline from pipe_clear_nowait Ming Lei <ming.lei(a)redhat.com> ublk: call ublk_dispatch_req() for handling UBLK_U_IO_NEED_GET_DATA Caleb Sander Mateos <csander(a)purestorage.com> ublk: remove unused cmd argument to ublk_dispatch_req() Ming Lei <ming.lei(a)redhat.com> ublk: implement ->queue_rqs() Ming Lei <ming.lei(a)redhat.com> ublk: comment on ubq->canceling handling in ublk_queue_rq() Uday Shankar <ushankar(a)purestorage.com> ublk: remove io_cmds list in ublk_queue Björn Töpel <bjorn(a)rivosinc.com> riscv: uprobes: Add missing fence.i after building the XOL buffer Björn Töpel <bjorn(a)rivosinc.com> riscv: Replace function-like macro by static inline function Sean Christopherson <seanjc(a)google.com> iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE Christoph Hellwig <hch(a)lst.de> block: don't autoload drivers on stat Christoph Hellwig <hch(a)lst.de> block: remove the backing_inode variable in bdev_statx Christoph Hellwig <hch(a)lst.de> block: move blkdev_{get,put} _no_open prototypes out of blkdev.h Luis Chamberlain <mcgrof(a)kernel.org> bdev: use bdev_io_min() for statx block size Christoph Hellwig <hch(a)lst.de> block: never reduce ra_pages in blk_apply_bdi_limits Alexis Lothoré <alexis.lothore(a)bootlin.com> net: stmmac: fix multiplication overflow when reading timestamp Alexis Lothore <alexis.lothore(a)bootlin.com> net: stmmac: fix dwmac1000 ptp timestamp status offset Johannes Schneider <johannes.schneider(a)leica-geosystems.com> net: dp83822: Fix OF_MDIO config check Dimitri Fedrau <dimitri.fedrau(a)liebherr.com> net: phy: dp83822: Add support for changing the transmit amplitude voltage Dimitri Fedrau <dimitri.fedrau(a)liebherr.com> net: phy: Add helper for getting tx amplitude gain Shannon Nelson <shannon.nelson(a)amd.com> pds_core: make wait_context part of q_info Brett Creeley <brett.creeley(a)amd.com> pds_core: Remove unnecessary check in pds_client_adminq_cmd() Brett Creeley <brett.creeley(a)amd.com> pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result Brett Creeley <brett.creeley(a)amd.com> pds_core: Prevent possible adminq overflow/stuck condition Daniel Golle <daniel(a)makrotopia.org> net: dsa: mt7530: sync driver-specific behavior of MT7531 variants Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a UAF vulnerability in class handling Al Viro <viro(a)zeniv.linux.org.uk> fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: net: revise NETSYSv3 hardware configuration Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix NULL pointer dereference in tipc_mon_reinit_self() Bui Quang Minh <minhquangbui99(a)gmail.com> virtio-net: disable delayed refill when pausing rx Joe Damato <jdamato(a)fastly.com> virtio-net: Refactor napi_disable paths Joe Damato <jdamato(a)fastly.com> virtio-net: Refactor napi_enable paths Qingfang Deng <qingfang.deng(a)siflower.com.cn> net: phy: leds: fix memory leak Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: phylink: fix suspend/resume with WoL enabled and link down Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: phylink: force link down on major_config failure Justin Iurman <justin.iurman(a)uliege.be> net: lwtunnel: disable BHs when required Richard Weinberger <richard(a)nod.at> nvmet: fix out-of-bounds access in nvmet_enable_port Vladimir Oltean <vladimir.oltean(a)nxp.com> net: enetc: fix frame corruption on bpf_xdp_adjust_head/tail() and XDP_PASS Vladimir Oltean <vladimir.oltean(a)nxp.com> net: enetc: refactor bulk flipping of RX buffers to separate function Vladimir Oltean <vladimir.oltean(a)nxp.com> net: enetc: register XDP RX queues with frag_size Chenyuan Yang <chenyuan0y(a)gmail.com> scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() Anastasia Kovaleva <a.kovaleva(a)yadro.com> scsi: core: Clear flags for scsi_cmnd that did not complete Henry Martin <bsdhenrymartin(a)gmail.com> net/mlx5: Move ttc allocation after switch case to prevent leaks Henry Martin <bsdhenrymartin(a)gmail.com> net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() Dongli Zhang <dongli.zhang(a)oracle.com> vhost-scsi: Fix vhost_scsi_send_status() Dongli Zhang <dongli.zhang(a)oracle.com> vhost-scsi: Fix vhost_scsi_send_bad_target() Mike Christie <michael.christie(a)oracle.com> vhost-scsi: Add better resource allocation failure handling T.J. Mercier <tjmercier(a)google.com> cgroup/cpuset-v1: Add missing support for cpuset_v2_mode Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: return EIO on RAID1 block group write pointer mismatch Qu Wenruo <wqu(a)suse.com> btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() Johan Hovold <johan+linaro(a)kernel.org> cpufreq: fix compile-test defaults Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> cpufreq: Do not enable by default during compile testing Marc Zyngier <maz(a)kernel.org> cpufreq: cppc: Fix invalid return value in .get() callback Daniel Jurgens <danielj(a)nvidia.com> virtio_pci: Use self group type for cap commands Chenyuan Yang <chenyuan0y(a)gmail.com> scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() Arnd Bergmann <arnd(a)arndb.de> dma/contiguous: avoid warning about unused size_bytes Andre Przywara <andre.przywara(a)arm.com> cpufreq: sun50i: prevent out-of-bounds access David Howells <dhowells(a)redhat.com> ceph: Fix incorrect flush end position calculation Nathan Chancellor <nathan(a)kernel.org> lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP Niranjana Vishwanathapura <niranjana.vishwanathapura(a)intel.com> drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change Lucas De Marchi <lucas.demarchi(a)intel.com> drm/xe/rtp: Drop sentinels from arg to xe_rtp_process_to_sr() Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> drm/xe: Add performance tunings to debugfs Tejas Upadhyay <tejas.upadhyay(a)intel.com> drm/xe/xe3lpg: Add Wa_13012615864 Nirmoy Das <nirmoy.das(a)intel.com> drm/xe/ptl: Apply Wa_14023061436 Jonathan Currier <dullfire(a)yahoo.com> net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzv2h: Prevent TINT spurious interrupt Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzv2h: Add struct rzv2h_hw_info with t_offs variable Biju Das <biju.das.jz(a)bp.renesas.com> irqchip/renesas-rzv2h: Simplify rzv2h_icu_init() Jonathan Currier <dullfire(a)yahoo.com> PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads Thomas Gleixner <tglx(a)linutronix.de> PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends Roger Pau Monne <roger.pau(a)citrix.com> PCI/MSI: Convert pci_msi_ignore_mask to per MSI domain flag Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Support mmap() of PCI resources except for ISM devices Tudor Ambarus <tudor.ambarus(a)linaro.org> scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get Zijun Hu <quic_zijuhu(a)quicinc.com> of: resolver: Fix device node refcount leakage in of_resolve_phandles() Rob Herring (Arm) <robh(a)kernel.org> of: resolver: Simplify of_resolve_phandles() using __free() Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> iio: adc: ad7768-1: Fix conversion result sign Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check Hans de Goede <hdegoede(a)redhat.com> media: ov08x40: Add missing ov08x40_identify_module() call on stream-start Hans de Goede <hdegoede(a)redhat.com> media: ov08x40: Move ov08x40_identify_module() function up André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Fix link frequency validation André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Check number of lanes from device tree André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Replace register addresses with macros André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Convert to CCI register access helpers André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Simplify with dev_err_probe() André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Use subdev active state Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: EM: Address RCU-related sparse warnings Li RongQing <lirongqing(a)baidu.com> PM: EM: use kfree_rcu() to simplify the code Tudor Ambarus <tudor.ambarus(a)linaro.org> mmc: sdhci-msm: fix dev reference leaked through of_qcom_ice_get Tudor Ambarus <tudor.ambarus(a)linaro.org> soc: qcom: ice: introduce devm_of_qcom_ice_get Jinjiang Tu <tujinjiang(a)huawei.com> mm/vmscan: don't try to reclaim hwpoison folio ------------- Diffstat: Documentation/admin-guide/kernel-parameters.txt | 2 + Documentation/bpf/bpf_devel_QA.rst | 8 + Documentation/trace/debugging.rst | 2 + Makefile | 5 +- arch/arm/crypto/Kconfig | 10 +- arch/arm64/crypto/Kconfig | 6 +- arch/loongarch/Kconfig | 1 + arch/loongarch/include/asm/fpu.h | 33 +- arch/loongarch/include/asm/lbt.h | 10 +- arch/loongarch/include/asm/ptrace.h | 4 +- arch/loongarch/kernel/fpu.S | 6 + arch/loongarch/kernel/lbt.S | 4 + arch/loongarch/kernel/signal.c | 21 - arch/loongarch/kernel/traps.c | 20 +- arch/loongarch/kvm/intc/ipi.c | 4 +- arch/loongarch/kvm/main.c | 4 +- arch/loongarch/kvm/vcpu.c | 8 + arch/loongarch/mm/hugetlbpage.c | 2 +- arch/loongarch/mm/init.c | 3 - arch/mips/crypto/Kconfig | 7 +- arch/mips/include/asm/mips-cm.h | 22 + arch/mips/kernel/mips-cm.c | 14 + arch/parisc/kernel/pdt.c | 2 + arch/powerpc/crypto/Kconfig | 7 +- arch/riscv/crypto/Kconfig | 1 - arch/riscv/include/asm/alternative-macros.h | 21 +- arch/riscv/include/asm/cacheflush.h | 15 +- arch/riscv/include/asm/ftrace.h | 2 +- arch/riscv/include/asm/ptrace.h | 18 +- arch/riscv/kernel/probes/uprobes.c | 10 +- arch/s390/Kconfig | 4 +- arch/s390/crypto/Kconfig | 3 +- arch/s390/include/asm/pci.h | 3 + arch/s390/kvm/intercept.c | 2 +- arch/s390/kvm/interrupt.c | 8 +- arch/s390/kvm/kvm-s390.c | 10 +- arch/s390/kvm/trace-s390.h | 4 +- arch/s390/pci/Makefile | 2 +- arch/s390/pci/pci_fixup.c | 23 + arch/um/include/linux/time-internal.h | 2 + arch/um/kernel/skas/syscall.c | 11 + arch/x86/crypto/Kconfig | 11 +- arch/x86/entry/entry.S | 2 +- arch/x86/events/core.c | 2 +- arch/x86/include/asm/intel-family.h | 2 + arch/x86/include/asm/pgalloc.h | 19 +- arch/x86/kernel/cpu/bugs.c | 36 +- arch/x86/kernel/i8253.c | 3 +- arch/x86/kernel/machine_kexec_32.c | 4 +- arch/x86/kvm/svm/avic.c | 60 +- arch/x86/kvm/vmx/posted_intr.c | 28 +- arch/x86/kvm/x86.c | 20 +- arch/x86/lib/x86-opcode-map.txt | 4 +- arch/x86/mm/pgtable.c | 4 +- arch/x86/mm/tlb.c | 6 +- arch/x86/pci/xen.c | 8 +- arch/x86/platform/efi/efi_64.c | 4 +- arch/x86/xen/enlighten_pvh.c | 19 +- block/bdev.c | 22 +- block/blk-cgroup.c | 2 +- block/blk-settings.c | 8 +- block/blk.h | 3 + block/fops.c | 2 +- crypto/Kconfig | 3 + crypto/crypto_null.c | 37 +- crypto/ecc.c | 2 +- crypto/ecdsa-p1363.c | 2 +- crypto/ecdsa-x962.c | 4 +- drivers/acpi/ec.c | 28 + drivers/acpi/pptt.c | 4 +- drivers/android/binder.c | 2 +- drivers/ata/libata-scsi.c | 25 +- drivers/base/base.h | 17 + drivers/base/bus.c | 2 +- drivers/base/core.c | 38 +- drivers/base/dd.c | 7 +- drivers/block/ublk_drv.c | 214 +++-- drivers/char/misc.c | 2 +- drivers/char/virtio_console.c | 7 +- drivers/clk/clk.c | 4 + drivers/clk/renesas/rzv2h-cpg.c | 12 +- drivers/comedi/drivers/jr3_pci.c | 2 +- drivers/cpufreq/Kconfig.arm | 20 +- drivers/cpufreq/apple-soc-cpufreq.c | 10 +- drivers/cpufreq/cppc_cpufreq.c | 2 +- drivers/cpufreq/scmi-cpufreq.c | 10 +- drivers/cpufreq/scpi-cpufreq.c | 13 +- drivers/cpufreq/sun50i-cpufreq-nvmem.c | 18 +- drivers/crypto/atmel-sha204a.c | 6 + drivers/crypto/ccp/sp-pci.c | 1 + drivers/cxl/core/regs.c | 4 - drivers/dma-buf/udmabuf.c | 2 +- drivers/dma/bcm2835-dma.c | 2 +- drivers/dma/dmatest.c | 6 +- drivers/firmware/stratix10-svc.c | 14 +- drivers/gpio/gpiolib-of.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 19 +- drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 8 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 12 +- drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 6 +- drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/gmc_v12_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/psp_v11_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/psp_v14_0.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 9 +- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 2 +- drivers/gpu/drm/meson/meson_drv.c | 2 +- drivers/gpu/drm/meson/meson_drv.h | 2 +- drivers/gpu/drm/meson/meson_encoder_hdmi.c | 29 +- drivers/gpu/drm/meson/meson_vclk.c | 195 ++--- drivers/gpu/drm/meson/meson_vclk.h | 13 +- drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c | 4 +- drivers/gpu/drm/xe/regs/xe_gt_regs.h | 4 + drivers/gpu/drm/xe/tests/xe_rtp_test.c | 2 +- drivers/gpu/drm/xe/xe_gt.c | 4 + drivers/gpu/drm/xe/xe_gt_debugfs.c | 11 + drivers/gpu/drm/xe/xe_gt_types.h | 10 + drivers/gpu/drm/xe/xe_hw_engine.c | 18 +- drivers/gpu/drm/xe/xe_reg_whitelist.c | 4 +- drivers/gpu/drm/xe/xe_rtp.c | 6 +- drivers/gpu/drm/xe/xe_rtp.h | 2 +- drivers/gpu/drm/xe/xe_tuning.c | 71 +- drivers/gpu/drm/xe/xe_tuning.h | 3 + drivers/gpu/drm/xe/xe_wa.c | 22 +- drivers/gpu/drm/xe/xe_wa_oob.rules | 2 + drivers/i3c/master/svc-i3c-master.c | 17 +- drivers/iio/adc/ad4695.c | 34 +- drivers/iio/adc/ad7768-1.c | 5 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/amd/iommu.c | 2 +- .../iommu/arm/arm-smmu-v3/arm-smmu-v3-iommufd.c | 2 + drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 4 +- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h | 1 + drivers/iommu/iommu.c | 3 + drivers/irqchip/irq-gic-v2m.c | 2 +- drivers/irqchip/irq-renesas-rzv2h.c | 91 +- drivers/mailbox/pcc.c | 15 +- drivers/mcb/mcb-parse.c | 2 +- drivers/md/raid1.c | 26 +- drivers/media/i2c/Kconfig | 1 + drivers/media/i2c/imx214.c | 934 ++++++++++----------- drivers/media/i2c/ov08x40.c | 78 +- drivers/misc/lkdtm/perms.c | 14 +- drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c | 8 +- drivers/misc/mei/hw-me-regs.h | 1 + drivers/misc/mei/pci-me.c | 1 + drivers/misc/mei/vsc-tp.c | 26 +- drivers/mmc/host/sdhci-msm.c | 2 +- drivers/net/dsa/mt7530.c | 6 +- drivers/net/ethernet/amd/pds_core/adminq.c | 36 +- drivers/net/ethernet/amd/pds_core/auxbus.c | 3 - drivers/net/ethernet/amd/pds_core/core.c | 9 +- drivers/net/ethernet/amd/pds_core/core.h | 4 +- drivers/net/ethernet/amd/pds_core/devlink.c | 4 +- drivers/net/ethernet/freescale/enetc/enetc.c | 45 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 24 +- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 10 +- .../net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c | 26 +- .../net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 - drivers/net/ethernet/stmicro/stmmac/dwmac1000.h | 4 +- .../net/ethernet/stmicro/stmmac/dwmac1000_core.c | 2 +- .../net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 62 +- drivers/net/ethernet/sun/niu.c | 2 + drivers/net/phy/dp83822.c | 40 +- drivers/net/phy/microchip.c | 46 +- drivers/net/phy/phy_device.c | 53 +- drivers/net/phy/phy_led_triggers.c | 23 +- drivers/net/phy/phylink.c | 164 +++- drivers/net/virtio_net.c | 133 ++- drivers/net/vmxnet3/vmxnet3_xdp.c | 2 +- drivers/net/xen-netfront.c | 19 +- drivers/ntb/hw/amd/ntb_hw_amd.c | 1 + drivers/ntb/hw/idt/ntb_hw_idt.c | 18 +- drivers/nvme/host/core.c | 9 + drivers/nvme/host/multipath.c | 2 +- drivers/nvme/target/core.c | 3 + drivers/nvme/target/fc.c | 25 +- drivers/nvme/target/pci-epf.c | 14 +- drivers/of/resolver.c | 37 +- drivers/pci/msi/msi.c | 38 +- drivers/phy/rockchip/phy-rockchip-usbdp.c | 1 - drivers/pinctrl/pinctrl-mcp23s08.c | 23 +- drivers/pinctrl/renesas/pinctrl-rza2.c | 3 + drivers/platform/x86/x86-android-tablets/dmi.c | 14 +- drivers/platform/x86/x86-android-tablets/other.c | 160 ++-- .../x86/x86-android-tablets/x86-android-tablets.h | 3 +- drivers/pwm/core.c | 13 +- drivers/pwm/pwm-axi-pwmgen.c | 10 +- drivers/regulator/rk808-regulator.c | 4 +- drivers/rtc/rtc-pcf85063.c | 19 +- drivers/s390/char/sclp_con.c | 17 + drivers/s390/char/sclp_tty.c | 12 + drivers/s390/net/ism_drv.c | 1 - drivers/scsi/hisi_sas/hisi_sas_main.c | 20 + drivers/scsi/mpi3mr/mpi3mr_fw.c | 2 +- drivers/scsi/pm8001/pm8001_sas.c | 1 + drivers/scsi/scsi.c | 36 +- drivers/scsi/scsi_lib.c | 6 +- drivers/soc/qcom/ice.c | 48 ++ drivers/spi/spi-imx.c | 5 +- drivers/spi/spi-tegra210-quad.c | 6 +- .../staging/gpib/agilent_82350b/agilent_82350b.c | 10 +- drivers/thunderbolt/tb.c | 16 +- drivers/tty/serial/msm_serial.c | 6 + drivers/tty/serial/sifive.c | 6 + drivers/tty/vt/selection.c | 5 +- drivers/ufs/core/ufs-mcq.c | 12 +- drivers/ufs/core/ufshcd.c | 2 + drivers/ufs/host/ufs-exynos.c | 44 +- drivers/ufs/host/ufs-exynos.h | 1 + drivers/ufs/host/ufs-qcom.c | 2 +- drivers/usb/cdns3/cdns3-gadget.c | 2 + drivers/usb/chipidea/ci_hdrc_imx.c | 44 +- drivers/usb/class/cdc-wdm.c | 21 +- drivers/usb/core/quirks.c | 9 + drivers/usb/dwc3/dwc3-pci.c | 10 + drivers/usb/dwc3/dwc3-xilinx.c | 4 +- drivers/usb/dwc3/gadget.c | 28 +- drivers/usb/gadget/udc/aspeed-vhub/dev.c | 3 + drivers/usb/host/max3421-hcd.c | 7 + drivers/usb/host/ohci-pci.c | 23 + drivers/usb/host/xhci-hub.c | 30 +- drivers/usb/host/xhci-mvebu.c | 10 - drivers/usb/host/xhci-mvebu.h | 6 - drivers/usb/host/xhci-plat.c | 2 +- drivers/usb/host/xhci-ring.c | 75 +- drivers/usb/host/xhci.c | 4 +- drivers/usb/host/xhci.h | 4 +- drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 5 + drivers/usb/serial/option.c | 3 + drivers/usb/serial/usb-serial-simple.c | 7 + drivers/usb/storage/unusual_uas.h | 7 + drivers/usb/typec/class.c | 24 +- drivers/usb/typec/class.h | 1 + drivers/usb/typec/ucsi/cros_ec_ucsi.c | 5 +- drivers/usb/typec/ucsi/ucsi.c | 19 +- drivers/usb/typec/ucsi/ucsi.h | 6 +- drivers/usb/typec/ucsi/ucsi_acpi.c | 5 +- drivers/usb/typec/ucsi/ucsi_ccg.c | 67 +- drivers/vhost/scsi.c | 80 +- drivers/virtio/virtio_pci_modern.c | 4 +- drivers/xen/Kconfig | 2 +- fs/btrfs/file.c | 9 +- fs/btrfs/zoned.c | 1 - fs/ceph/inode.c | 2 +- fs/ext4/block_validity.c | 5 +- fs/ext4/inode.c | 7 +- fs/iomap/buffered-io.c | 2 +- fs/namespace.c | 69 +- fs/netfs/main.c | 4 + fs/ntfs3/file.c | 20 +- fs/smb/client/sess.c | 60 +- fs/smb/client/smb1ops.c | 36 + fs/smb/server/vfs_cache.c | 8 +- fs/splice.c | 2 +- fs/xattr.c | 4 +- include/linux/blkdev.h | 4 - include/linux/energy_model.h | 12 +- include/linux/math.h | 12 + include/linux/msi.h | 3 +- include/linux/pci.h | 2 + include/linux/pci_ids.h | 1 + include/linux/phy.h | 4 + include/linux/phylink.h | 4 + include/net/netfilter/nft_fib.h | 21 + include/soc/qcom/ice.h | 2 + include/uapi/linux/virtio_pci.h | 1 + init/Kconfig | 2 +- io_uring/io_uring.c | 15 +- io_uring/refs.h | 7 + kernel/bpf/bpf_cgrp_storage.c | 11 +- kernel/bpf/hashtab.c | 6 +- kernel/bpf/preload/bpf_preload_kern.c | 1 + kernel/bpf/syscall.c | 6 +- kernel/bpf/verifier.c | 32 + kernel/cgroup/cgroup.c | 29 + kernel/cgroup/cpuset-internal.h | 1 + kernel/cgroup/cpuset.c | 14 + kernel/dma/contiguous.c | 3 +- kernel/events/core.c | 6 +- kernel/irq/msi.c | 2 +- kernel/panic.c | 6 + kernel/power/energy_model.c | 47 +- kernel/sched/ext.c | 4 +- kernel/sched/fair.c | 4 +- kernel/time/tick-common.c | 22 + kernel/trace/bpf_trace.c | 7 +- kernel/trace/trace.c | 10 + lib/Kconfig.ubsan | 1 - lib/crypto/Kconfig | 37 +- lib/test_ubsan.c | 18 +- mm/vmscan.c | 7 + net/9p/client.c | 30 +- net/9p/trans_fd.c | 17 +- net/core/lwtunnel.c | 26 +- net/core/selftests.c | 18 +- net/ipv4/netfilter/nft_fib_ipv4.c | 11 +- net/ipv6/netfilter/nft_fib_ipv6.c | 19 +- net/mptcp/pm_userspace.c | 6 +- net/sched/sch_hfsc.c | 23 +- net/tipc/monitor.c | 3 +- rust/Makefile | 8 +- rust/kernel/firmware.rs | 8 +- scripts/Makefile.lib | 2 +- scripts/Makefile.vmlinux | 4 + sound/soc/codecs/aw88081.c | 10 + sound/soc/codecs/wcd934x.c | 2 +- sound/soc/fsl/fsl_asrc_dma.c | 15 +- sound/virtio/virtio_pcm.c | 21 +- tools/arch/x86/lib/x86-opcode-map.txt | 4 +- tools/bpf/bpftool/prog.c | 1 + tools/objtool/check.c | 36 +- tools/testing/selftests/bpf/cap_helpers.c | 8 +- tools/testing/selftests/bpf/cap_helpers.h | 1 + tools/testing/selftests/bpf/network_helpers.c | 33 +- tools/testing/selftests/bpf/prog_tests/verifier.c | 4 +- tools/testing/selftests/bpf/test_loader.c | 6 +- tools/testing/selftests/mincore/mincore_selftest.c | 3 - tools/testing/selftests/pcie_bwctrl/Makefile | 3 +- tools/testing/selftests/ublk/test_stripe_04.sh | 24 + 329 files changed, 3712 insertions(+), 2060 deletions(-)

7 months

19
340
0 0

[PATCH] ACPI/PPTT: fix off-by-one error

by Heyne, Maximilian

Commit 7ab4f0e37a0f ("ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls") corrects the processer entry size but unmasked a longer standing bug where the last entry in the structure can get skipped due to an off-by-one mistake if the last entry ends exactly at the end of the ACPI subtable. The error manifests for instance on EC2 Graviton Metal instances with ACPI PPTT: PPTT table found, but unable to locate core 63 (63) [...] ACPI: SPE must be homogeneous Fixes: 2bd00bcd73e5 ("ACPI/PPTT: Add Processor Properties Topology Table parsing") Cc: stable(a)vger.kernel.org Signed-off-by: Maximilian Heyne <mheyne(a)amazon.de> --- drivers/acpi/pptt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/acpi/pptt.c b/drivers/acpi/pptt.c index f73ce6e13065d..4364da90902e5 100644 --- a/drivers/acpi/pptt.c +++ b/drivers/acpi/pptt.c @@ -231,7 +231,7 @@ static int acpi_pptt_leaf_node(struct acpi_table_header *table_hdr, sizeof(struct acpi_table_pptt)); proc_sz = sizeof(struct acpi_pptt_processor); - while ((unsigned long)entry + proc_sz < table_end) { + while ((unsigned long)entry + proc_sz <= table_end) { cpu_node = (struct acpi_pptt_processor *)entry; if (entry->type == ACPI_PPTT_TYPE_PROCESSOR && cpu_node->parent == node_entry) @@ -273,7 +273,7 @@ static struct acpi_pptt_processor *acpi_find_processor_node(struct acpi_table_he proc_sz = sizeof(struct acpi_pptt_processor); /* find the processor structure associated with this cpuid */ - while ((unsigned long)entry + proc_sz < table_end) { + while ((unsigned long)entry + proc_sz <= table_end) { cpu_node = (struct acpi_pptt_processor *)entry; if (entry->length == 0) { -- 2.47.1 Amazon Web Services Development Center Germany GmbH Tamara-Danz-Str. 13 10243 Berlin Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss Eingetragen am Amtsgericht Charlottenburg unter HRB 257764 B Sitz: Berlin Ust-ID: DE 365 538 597

7 months

4
29
0 0

Re: Patch "spi: tegra114: Don't fail set_cs_timing when delays are zero" has been added to the 6.1-stable tree

by Jon Hunter

On 07/05/2025 16:43, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > spi: tegra114: Don't fail set_cs_timing when delays are zero > > to the 6.1-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > spi-tegra114-don-t-fail-set_cs_timing-when-delays-ar.patch > and it can be found in the queue-6.1 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Please don't queue this up for stable yet. This fix is not correct and there is another change pending to correct this change. Jon -- nvpublic

7 months

2
1
0 0

[PATCH v3] NFSD: Implement FATTR4_CLONE_BLKSIZE attribute

by cel＠kernel.org

From: Chuck Lever <chuck.lever(a)oracle.com> RFC 7862 states that if an NFS server implements a CLONE operation, it MUST also implement FATTR4_CLONE_BLKSIZE. NFSD implements CLONE, but does not implement FATTR4_CLONE_BLKSIZE. Note that in Section 12.2, RFC 7862 claims that FATTR4_CLONE_BLKSIZE is RECOMMENDED, not REQUIRED. Likely this is because a minor version is not permitted to add a REQUIRED attribute. Confusing. We assume this attribute reports a block size as a count of bytes, as RFC 7862 does not specify a unit. Reported-by: Roland Mainz <roland.mainz(a)nrubsig.org> Suggested-by: Christoph Hellwig <hch(a)infradead.org> Reviewed-by: Roland Mainz <roland.mainz(a)nrubsig.org> Cc: stable(a)vger.kernel.org # v6.7+ Signed-off-by: Chuck Lever <chuck.lever(a)oracle.com> --- fs/nfsd/nfs4xdr.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index e67420729ecd..9eb8e5704622 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -3391,6 +3391,23 @@ static __be32 nfsd4_encode_fattr4_suppattr_exclcreat(struct xdr_stream *xdr, return nfsd4_encode_bitmap4(xdr, supp[0], supp[1], supp[2]); } +/* + * Copied from generic_remap_checks/generic_remap_file_range_prep. + * + * These generic functions use the file system's s_blocksize, but + * individual file systems aren't required to use + * generic_remap_file_range_prep. Until there is a mechanism for + * determining a particular file system's (or file's) clone block + * size, this is the best NFSD can do. + */ +static __be32 nfsd4_encode_fattr4_clone_blksize(struct xdr_stream *xdr, + const struct nfsd4_fattr_args *args) +{ + struct inode *inode = d_inode(args->dentry); + + return nfsd4_encode_uint32_t(xdr, inode->i_sb->s_blocksize); +} + #ifdef CONFIG_NFSD_V4_SECURITY_LABEL static __be32 nfsd4_encode_fattr4_sec_label(struct xdr_stream *xdr, const struct nfsd4_fattr_args *args) @@ -3545,7 +3562,7 @@ static const nfsd4_enc_attr nfsd4_enc_fattr4_encode_ops[] = { [FATTR4_MODE_SET_MASKED] = nfsd4_encode_fattr4__noop, [FATTR4_SUPPATTR_EXCLCREAT] = nfsd4_encode_fattr4_suppattr_exclcreat, [FATTR4_FS_CHARSET_CAP] = nfsd4_encode_fattr4__noop, - [FATTR4_CLONE_BLKSIZE] = nfsd4_encode_fattr4__noop, + [FATTR4_CLONE_BLKSIZE] = nfsd4_encode_fattr4_clone_blksize, [FATTR4_SPACE_FREED] = nfsd4_encode_fattr4__noop, [FATTR4_CHANGE_ATTR_TYPE] = nfsd4_encode_fattr4__noop, -- 2.49.0

7 months

3
2
0 0

[PATCH] arm64: dts: qcom: x1e80100: Fix PCIe 3rd controller DBI size

by Abel Vesa

According to documentation, the DBI range size is 0xf20. So fix it. Cc: stable(a)vger.kernel.org # 6.14 Fixes: f8af195beeb0 ("arm64: dts: qcom: x1e80100: Add support for PCIe3 on x1e80100") Signed-off-by: Abel Vesa <abel.vesa(a)linaro.org> --- arch/arm64/boot/dts/qcom/x1e80100.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/qcom/x1e80100.dtsi b/arch/arm64/boot/dts/qcom/x1e80100.dtsi index 46b79fce92c90d969e3de48bc88e27915d1592bb..34ccabc3cc302b17e944b4343a37fab0bb6334e9 100644 --- a/arch/arm64/boot/dts/qcom/x1e80100.dtsi +++ b/arch/arm64/boot/dts/qcom/x1e80100.dtsi @@ -3126,7 +3126,7 @@ pcie3: pcie@1bd0000 { device_type = "pci"; compatible = "qcom,pcie-x1e80100"; reg = <0x0 0x01bd0000 0x0 0x3000>, - <0x0 0x78000000 0x0 0xf1d>, + <0x0 0x78000000 0x0 0xf20>, <0x0 0x78000f40 0x0 0xa8>, <0x0 0x78001000 0x0 0x1000>, <0x0 0x78100000 0x0 0x100000>, --- base-commit: bc8aa6cdadcc00862f2b5720e5de2e17f696a081 change-id: 20250422-x1e80100-dts-fix-pcie3-dbi-size-56fc110aa36d Best regards, -- Abel Vesa <abel.vesa(a)linaro.org>

7 months

3
2
0 0

[PATCH RESEND] drm/tegra: fix a possible null pointer dereference

by Qiu-ji Chen

In tegra_crtc_reset(), new memory is allocated with kzalloc(), but no check is performed. Before calling __drm_atomic_helper_crtc_reset, state should be checked to prevent possible null pointer dereference. Fixes: b7e0b04ae450 ("drm/tegra: Convert to using __drm_atomic_helper_crtc_reset() for reset.") Cc: stable(a)vger.kernel.org Signed-off-by: Qiu-ji Chen <chenqiuji666(a)gmail.com> --- drivers/gpu/drm/tegra/dc.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c index be61c9d1a4f0..1ed30853bd9e 100644 --- a/drivers/gpu/drm/tegra/dc.c +++ b/drivers/gpu/drm/tegra/dc.c @@ -1388,7 +1388,10 @@ static void tegra_crtc_reset(struct drm_crtc *crtc) if (crtc->state) tegra_crtc_atomic_destroy_state(crtc, crtc->state); - __drm_atomic_helper_crtc_reset(crtc, &state->base); + if (state) + __drm_atomic_helper_crtc_reset(crtc, &state->base); + else + __drm_atomic_helper_crtc_reset(crtc, NULL); } static struct drm_crtc_state * -- 2.34.1

7 months

2
1
0 0

[Patch v3 3/5] uio_hv_generic: Align ring size to system page

by longli＠linuxonhyperv.com

From: Long Li <longli(a)microsoft.com> Following the ring header, the ring data should align to system page boundary. Adjust the size if necessary. Cc: stable(a)vger.kernel.org Fixes: 95096f2fbd10 ("uio-hv-generic: new userspace i/o driver for VMBus") Signed-off-by: Long Li <longli(a)microsoft.com> --- drivers/uio/uio_hv_generic.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c index 08385b04c4ab..cb2e7e0e1540 100644 --- a/drivers/uio/uio_hv_generic.c +++ b/drivers/uio/uio_hv_generic.c @@ -256,6 +256,9 @@ hv_uio_probe(struct hv_device *dev, if (!ring_size) ring_size = SZ_2M; + /* Adjust ring size if necessary to have it page aligned */ + ring_size = VMBUS_RING_SIZE(ring_size); + pdata = devm_kzalloc(&dev->device, sizeof(*pdata), GFP_KERNEL); if (!pdata) return -ENOMEM; -- 2.34.1

7 months

2
1
0 0

[Patch v3 2/5] uio_hv_generic: Use correct size for interrupt and monitor pages

by longli＠linuxonhyperv.com

From: Long Li <longli(a)microsoft.com> Interrupt and monitor pages should be in Hyper-V page size (4k bytes). This can be different from the system page size. This size is read and used by the user-mode program to determine the mapped data region. An example of such user-mode program is the VMBus driver in DPDK. Cc: stable(a)vger.kernel.org Fixes: 95096f2fbd10 ("uio-hv-generic: new userspace i/o driver for VMBus") Signed-off-by: Long Li <longli(a)microsoft.com> --- drivers/uio/uio_hv_generic.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/uio/uio_hv_generic.c b/drivers/uio/uio_hv_generic.c index 1b19b5647495..08385b04c4ab 100644 --- a/drivers/uio/uio_hv_generic.c +++ b/drivers/uio/uio_hv_generic.c @@ -287,13 +287,13 @@ hv_uio_probe(struct hv_device *dev, pdata->info.mem[INT_PAGE_MAP].name = "int_page"; pdata->info.mem[INT_PAGE_MAP].addr = (uintptr_t)vmbus_connection.int_page; - pdata->info.mem[INT_PAGE_MAP].size = PAGE_SIZE; + pdata->info.mem[INT_PAGE_MAP].size = HV_HYP_PAGE_SIZE; pdata->info.mem[INT_PAGE_MAP].memtype = UIO_MEM_LOGICAL; pdata->info.mem[MON_PAGE_MAP].name = "monitor_page"; pdata->info.mem[MON_PAGE_MAP].addr = (uintptr_t)vmbus_connection.monitor_pages[1]; - pdata->info.mem[MON_PAGE_MAP].size = PAGE_SIZE; + pdata->info.mem[MON_PAGE_MAP].size = HV_HYP_PAGE_SIZE; pdata->info.mem[MON_PAGE_MAP].memtype = UIO_MEM_LOGICAL; if (channel->device_id == HV_NIC) { -- 2.34.1

7 months

2
1
0 0

[Patch v3 1/5] Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary

by longli＠linuxonhyperv.com

From: Long Li <longli(a)microsoft.com> There are use cases that interrupt and monitor pages are mapped to user-mode through UIO, so they need to be system page aligned. Some Hyper-V allocation APIs introduced earlier broke those requirements. Fix this by using page allocation functions directly for interrupt and monitor pages. Cc: stable(a)vger.kernel.org Fixes: ca48739e59df ("Drivers: hv: vmbus: Move Hyper-V page allocator to arch neutral code") Signed-off-by: Long Li <longli(a)microsoft.com> --- drivers/hv/connection.c | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/drivers/hv/connection.c b/drivers/hv/connection.c index 8351360bba16..be490c598785 100644 --- a/drivers/hv/connection.c +++ b/drivers/hv/connection.c @@ -206,11 +206,20 @@ int vmbus_connect(void) INIT_LIST_HEAD(&vmbus_connection.chn_list); mutex_init(&vmbus_connection.channel_mutex); + /* + * The following Hyper-V interrupt and monitor pages can be used by + * UIO for mapping to user-space, so they should always be allocated on + * system page boundaries. The system page size must be >= the Hyper-V + * page size. + */ + BUILD_BUG_ON(PAGE_SIZE < HV_HYP_PAGE_SIZE); + /* * Setup the vmbus event connection for channel interrupt * abstraction stuff */ - vmbus_connection.int_page = hv_alloc_hyperv_zeroed_page(); + vmbus_connection.int_page = + (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO); if (vmbus_connection.int_page == NULL) { ret = -ENOMEM; goto cleanup; @@ -225,8 +234,8 @@ int vmbus_connect(void) * Setup the monitor notification facility. The 1st page for * parent->child and the 2nd page for child->parent */ - vmbus_connection.monitor_pages[0] = hv_alloc_hyperv_page(); - vmbus_connection.monitor_pages[1] = hv_alloc_hyperv_page(); + vmbus_connection.monitor_pages[0] = (void *)__get_free_page(GFP_KERNEL); + vmbus_connection.monitor_pages[1] = (void *)__get_free_page(GFP_KERNEL); if ((vmbus_connection.monitor_pages[0] == NULL) || (vmbus_connection.monitor_pages[1] == NULL)) { ret = -ENOMEM; @@ -342,21 +351,23 @@ void vmbus_disconnect(void) destroy_workqueue(vmbus_connection.work_queue); if (vmbus_connection.int_page) { - hv_free_hyperv_page(vmbus_connection.int_page); + free_page((unsigned long)vmbus_connection.int_page); vmbus_connection.int_page = NULL; } if (vmbus_connection.monitor_pages[0]) { if (!set_memory_encrypted( (unsigned long)vmbus_connection.monitor_pages[0], 1)) - hv_free_hyperv_page(vmbus_connection.monitor_pages[0]); + free_page((unsigned long) + vmbus_connection.monitor_pages[0]); vmbus_connection.monitor_pages[0] = NULL; } if (vmbus_connection.monitor_pages[1]) { if (!set_memory_encrypted( (unsigned long)vmbus_connection.monitor_pages[1], 1)) - hv_free_hyperv_page(vmbus_connection.monitor_pages[1]); + free_page((unsigned long) + vmbus_connection.monitor_pages[1]); vmbus_connection.monitor_pages[1] = NULL; } } -- 2.34.1

7 months

2
1
0 0

[PATCH v2] drm/tegra: Assign plane type before registration

by Aaron Kling via B4 Relay

From: Thierry Reding <treding(a)nvidia.com> Changes to a plane's type after it has been registered aren't propagated to userspace automatically. This could possibly be achieved by updating the property, but since we can already determine which type this should be before the registration, passing in the right type from the start is a much better solution. Suggested-by: Aaron Kling <webgeek1234(a)gmail.com> Signed-off-by: Thierry Reding <treding(a)nvidia.com> Cc: stable(a)vger.kernel.org Fixes: 473079549f27 ("drm/tegra: dc: Add Tegra186 support") Signed-off-by: Aaron Kling <webgeek1234(a)gmail.com> --- Changes in v2: - Fixed signoff in commit message - Added fixes to commit message - Link to v1: https://lore.kernel.org/r/20250419-tegra-drm-primary-v1-1-b91054fb413f@gmai… --- drivers/gpu/drm/tegra/dc.c | 12 ++++++++---- drivers/gpu/drm/tegra/hub.c | 4 ++-- drivers/gpu/drm/tegra/hub.h | 3 ++- 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/tegra/dc.c b/drivers/gpu/drm/tegra/dc.c index 798507a8ae56d6789feb95dccdd23b2e63d9c148..56f12dbcee3e93ff5e4804e5fe9b23f160073ebf 100644 --- a/drivers/gpu/drm/tegra/dc.c +++ b/drivers/gpu/drm/tegra/dc.c @@ -1321,10 +1321,16 @@ static struct drm_plane *tegra_dc_add_shared_planes(struct drm_device *drm, if (wgrp->dc == dc->pipe) { for (j = 0; j < wgrp->num_windows; j++) { unsigned int index = wgrp->windows[j]; + enum drm_plane_type type; + + if (primary) + type = DRM_PLANE_TYPE_OVERLAY; + else + type = DRM_PLANE_TYPE_PRIMARY; plane = tegra_shared_plane_create(drm, dc, wgrp->index, - index); + index, type); if (IS_ERR(plane)) return plane; @@ -1332,10 +1338,8 @@ static struct drm_plane *tegra_dc_add_shared_planes(struct drm_device *drm, * Choose the first shared plane owned by this * head as the primary plane. */ - if (!primary) { - plane->type = DRM_PLANE_TYPE_PRIMARY; + if (!primary) primary = plane; - } } } } diff --git a/drivers/gpu/drm/tegra/hub.c b/drivers/gpu/drm/tegra/hub.c index fa6140fc37fb16df4b150e5ae9d8148f8f446cd7..8f779f23dc0904d38b14d3f3a928a07fc9e601ad 100644 --- a/drivers/gpu/drm/tegra/hub.c +++ b/drivers/gpu/drm/tegra/hub.c @@ -755,9 +755,9 @@ static const struct drm_plane_helper_funcs tegra_shared_plane_helper_funcs = { struct drm_plane *tegra_shared_plane_create(struct drm_device *drm, struct tegra_dc *dc, unsigned int wgrp, - unsigned int index) + unsigned int index, + enum drm_plane_type type) { - enum drm_plane_type type = DRM_PLANE_TYPE_OVERLAY; struct tegra_drm *tegra = drm->dev_private; struct tegra_display_hub *hub = tegra->hub; struct tegra_shared_plane *plane; diff --git a/drivers/gpu/drm/tegra/hub.h b/drivers/gpu/drm/tegra/hub.h index 23c4b2115ed1e36e8d2d6ed614a6ead97eb4c441..a66f18c4facc9df96ea8b9f54239b52f06536d12 100644 --- a/drivers/gpu/drm/tegra/hub.h +++ b/drivers/gpu/drm/tegra/hub.h @@ -80,7 +80,8 @@ void tegra_display_hub_cleanup(struct tegra_display_hub *hub); struct drm_plane *tegra_shared_plane_create(struct drm_device *drm, struct tegra_dc *dc, unsigned int wgrp, - unsigned int index); + unsigned int index, + enum drm_plane_type type); int tegra_display_hub_atomic_check(struct drm_device *drm, struct drm_atomic_state *state); --- base-commit: 119009db267415049182774196e3cce9e13b52ef change-id: 20250419-tegra-drm-primary-ce47febefdaf Best regards, -- Aaron Kling <webgeek1234(a)gmail.com>

7 months

2
1
0 0

[PATCH v2 1/3] media: videobuf2: use sgtable-based scatterlist wrappers

by Marek Szyprowski

Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of scatterlists sync calls. dma_sync_sg_for_*() functions have to be called with the number of elements originally passed to dma_map_sg_*() function, not the one returned in sgt->nents. Fixes: d4db5eb57cab ("media: videobuf2: add begin/end cpu_access callbacks to dma-sg") Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- drivers/media/common/videobuf2/videobuf2-dma-sg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/media/common/videobuf2/videobuf2-dma-sg.c b/drivers/media/common/videobuf2/videobuf2-dma-sg.c index c6ddf2357c58..b3bf2173c14e 100644 --- a/drivers/media/common/videobuf2/videobuf2-dma-sg.c +++ b/drivers/media/common/videobuf2/videobuf2-dma-sg.c @@ -469,7 +469,7 @@ vb2_dma_sg_dmabuf_ops_begin_cpu_access(struct dma_buf *dbuf, struct vb2_dma_sg_buf *buf = dbuf->priv; struct sg_table *sgt = buf->dma_sgt; - dma_sync_sg_for_cpu(buf->dev, sgt->sgl, sgt->nents, buf->dma_dir); + dma_sync_sgtable_for_cpu(buf->dev, sgt, buf->dma_dir); return 0; } @@ -480,7 +480,7 @@ vb2_dma_sg_dmabuf_ops_end_cpu_access(struct dma_buf *dbuf, struct vb2_dma_sg_buf *buf = dbuf->priv; struct sg_table *sgt = buf->dma_sgt; - dma_sync_sg_for_device(buf->dev, sgt->sgl, sgt->nents, buf->dma_dir); + dma_sync_sgtable_for_device(buf->dev, sgt, buf->dma_dir); return 0; } -- 2.34.1

7 months

2
1
0 0

[PATCH v2 2/3] udmabuf: use sgtable-based scatterlist wrappers

by Marek Szyprowski

Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of scatterlists sync calls. dma_sync_sg_for_*() functions have to be called with the number of elements originally passed to dma_map_sg_*() function, not the one returned in sgtable's nents. Fixes: 1ffe09590121 ("udmabuf: fix dma-buf cpu access") Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> Acked-by: Vivek Kasireddy <vivek.kasireddy(a)intel.com> --- drivers/dma-buf/udmabuf.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/dma-buf/udmabuf.c b/drivers/dma-buf/udmabuf.c index 7eee3eb47a8e..c9d0c68d2fcb 100644 --- a/drivers/dma-buf/udmabuf.c +++ b/drivers/dma-buf/udmabuf.c @@ -264,8 +264,7 @@ static int begin_cpu_udmabuf(struct dma_buf *buf, ubuf->sg = NULL; } } else { - dma_sync_sg_for_cpu(dev, ubuf->sg->sgl, ubuf->sg->nents, - direction); + dma_sync_sgtable_for_cpu(dev, ubuf->sg, direction); } return ret; @@ -280,7 +279,7 @@ static int end_cpu_udmabuf(struct dma_buf *buf, if (!ubuf->sg) return -EINVAL; - dma_sync_sg_for_device(dev, ubuf->sg->sgl, ubuf->sg->nents, direction); + dma_sync_sgtable_for_device(dev, ubuf->sg, direction); return 0; } -- 2.34.1

7 months

2
1
0 0

[PATCH v2 3/3] media: omap3isp: use sgtable-based scatterlist wrappers

by Marek Szyprowski

Use common wrappers operating directly on the struct sg_table objects to fix incorrect use of scatterlists sync calls. dma_sync_sg_for_*() functions have to be called with the number of elements originally passed to dma_map_sg_*() function, not the one returned in sgtable's nents. Fixes: d33186d0be18 ("[media] omap3isp: ccdc: Use the DMA API for LSC") Fixes: 0e24e90f2ca7 ("[media] omap3isp: stat: Use the DMA API") Signed-off-by: Marek Szyprowski <m.szyprowski(a)samsung.com> --- drivers/media/platform/ti/omap3isp/ispccdc.c | 8 ++++---- drivers/media/platform/ti/omap3isp/ispstat.c | 6 ++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/drivers/media/platform/ti/omap3isp/ispccdc.c b/drivers/media/platform/ti/omap3isp/ispccdc.c index dd375c4e180d..7d0c723dcd11 100644 --- a/drivers/media/platform/ti/omap3isp/ispccdc.c +++ b/drivers/media/platform/ti/omap3isp/ispccdc.c @@ -446,8 +446,8 @@ static int ccdc_lsc_config(struct isp_ccdc_device *ccdc, if (ret < 0) goto done; - dma_sync_sg_for_cpu(isp->dev, req->table.sgt.sgl, - req->table.sgt.nents, DMA_TO_DEVICE); + dma_sync_sgtable_for_cpu(isp->dev, &req->table.sgt, + DMA_TO_DEVICE); if (copy_from_user(req->table.addr, config->lsc, req->config.size)) { @@ -455,8 +455,8 @@ static int ccdc_lsc_config(struct isp_ccdc_device *ccdc, goto done; } - dma_sync_sg_for_device(isp->dev, req->table.sgt.sgl, - req->table.sgt.nents, DMA_TO_DEVICE); + dma_sync_sgtable_for_device(isp->dev, &req->table.sgt, + DMA_TO_DEVICE); } spin_lock_irqsave(&ccdc->lsc.req_lock, flags); diff --git a/drivers/media/platform/ti/omap3isp/ispstat.c b/drivers/media/platform/ti/omap3isp/ispstat.c index 359a846205b0..d3da68408ecb 100644 --- a/drivers/media/platform/ti/omap3isp/ispstat.c +++ b/drivers/media/platform/ti/omap3isp/ispstat.c @@ -161,8 +161,7 @@ static void isp_stat_buf_sync_for_device(struct ispstat *stat, if (ISP_STAT_USES_DMAENGINE(stat)) return; - dma_sync_sg_for_device(stat->isp->dev, buf->sgt.sgl, - buf->sgt.nents, DMA_FROM_DEVICE); + dma_sync_sgtable_for_device(stat->isp->dev, &buf->sgt, DMA_FROM_DEVICE); } static void isp_stat_buf_sync_for_cpu(struct ispstat *stat, @@ -171,8 +170,7 @@ static void isp_stat_buf_sync_for_cpu(struct ispstat *stat, if (ISP_STAT_USES_DMAENGINE(stat)) return; - dma_sync_sg_for_cpu(stat->isp->dev, buf->sgt.sgl, - buf->sgt.nents, DMA_FROM_DEVICE); + dma_sync_sgtable_for_cpu(stat->isp->dev, &buf->sgt, DMA_FROM_DEVICE); } static void isp_stat_buf_clear(struct ispstat *stat) -- 2.34.1

7 months

1
0
0 0

[PATCH 3/3] perf vendor events amd: Remove Zen 5 IBS fetch event

by Sandipan Das

As mentioned in Erratum 1544 from the Revision Guide for AMD Family 1Ah Models 00h-0Fh Processors available at the link below, PMCx188 reports incorrect information about valid IBS fetch samples when used with unit mask 0x10 on Zen 5 processors. Remove affected events and metrics. Link: https://bugzilla.kernel.org/attachment.cgi?id=308095 Fixes: 45c072f2537a ("perf vendor events amd: Add Zen 5 core events") Signed-off-by: Sandipan Das <sandipan.das(a)amd.com> Cc: stable(a)vger.kernel.org --- tools/perf/pmu-events/arch/x86/amdzen5/inst-cache.json | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tools/perf/pmu-events/arch/x86/amdzen5/inst-cache.json b/tools/perf/pmu-events/arch/x86/amdzen5/inst-cache.json index 4fd5e2c5432f..3b61cf8a04da 100644 --- a/tools/perf/pmu-events/arch/x86/amdzen5/inst-cache.json +++ b/tools/perf/pmu-events/arch/x86/amdzen5/inst-cache.json @@ -27,12 +27,6 @@ "BriefDescription": "Fetches discarded after being tagged by Fetch IBS due to IBS filtering.", "UMask": "0x08" }, - { - "EventName": "ic_fetch_ibs_events.sample_valid", - "EventCode": "0x188", - "BriefDescription": "Fetches tagged by Fetch IBS that result in a valid sample and an IBS interrupt.", - "UMask": "0x10" - }, { "EventName": "op_cache_hit_miss.op_cache_hit", "EventCode": "0x28f", -- 2.43.0

7 months

1
0
0 0

[PATCH 2/3] perf vendor events amd: Remove Zen 5 TLB flush event

by Sandipan Das

As mentioned in Erratum 1569 from the Revision Guide for AMD Family 1Ah Models 00h-0Fh Processors available at the link below, PMCx078 reports incorrect information about TLB flushes on Zen 5 processors. Remove affected events and metrics. Link: https://bugzilla.kernel.org/attachment.cgi?id=308095 Fixes: 45c072f2537a ("perf vendor events amd: Add Zen 5 core events") Signed-off-by: Sandipan Das <sandipan.das(a)amd.com> Cc: stable(a)vger.kernel.org --- tools/perf/pmu-events/arch/x86/amdzen5/load-store.json | 6 ------ tools/perf/pmu-events/arch/x86/amdzen5/recommended.json | 7 ------- 2 files changed, 13 deletions(-) diff --git a/tools/perf/pmu-events/arch/x86/amdzen5/load-store.json b/tools/perf/pmu-events/arch/x86/amdzen5/load-store.json index ff6627a77805..f23a92bf55ac 100644 --- a/tools/perf/pmu-events/arch/x86/amdzen5/load-store.json +++ b/tools/perf/pmu-events/arch/x86/amdzen5/load-store.json @@ -502,12 +502,6 @@ "EventCode": "0x76", "BriefDescription": "Core cycles not in halt." }, - { - "EventName": "ls_tlb_flush.all", - "EventCode": "0x78", - "BriefDescription": "All TLB Flushes.", - "UMask": "0xff" - }, { "EventName": "ls_not_halted_p0_cyc.p0_freq_cyc", "EventCode": "0x120", diff --git a/tools/perf/pmu-events/arch/x86/amdzen5/recommended.json b/tools/perf/pmu-events/arch/x86/amdzen5/recommended.json index 863f4b5dfc14..6b32308b1c3a 100644 --- a/tools/perf/pmu-events/arch/x86/amdzen5/recommended.json +++ b/tools/perf/pmu-events/arch/x86/amdzen5/recommended.json @@ -241,13 +241,6 @@ "MetricGroup": "tlb", "ScaleUnit": "1e3per_1k_instr" }, - { - "MetricName": "all_tlbs_flushed_pti", - "BriefDescription": "All TLBs flushed per thousand instructions.", - "MetricExpr": "ls_tlb_flush.all / instructions", - "MetricGroup": "tlb", - "ScaleUnit": "1e3per_1k_instr" - }, { "MetricName": "macro_ops_dispatched", "BriefDescription": "Macro-ops dispatched.", -- 2.43.0

7 months

1
0
0 0

[PATCH 1/3] perf vendor events amd: Remove Zen 5 instruction cache events

by Sandipan Das

As mentioned in Erratum 1583 from the Revision Guide for AMD Family 1Ah Models 00h-0Fh Processors available at the link below, PMCx18E reports incorrect information about instruction cache accesses on Zen 5 processors. Remove affected events and metrics. Link: https://bugzilla.kernel.org/attachment.cgi?id=308095 Fixes: 45c072f2537a ("perf vendor events amd: Add Zen 5 core events") Signed-off-by: Sandipan Das <sandipan.das(a)amd.com> Cc: stable(a)vger.kernel.org --- .../arch/x86/amdzen5/inst-cache.json | 18 ------------------ .../arch/x86/amdzen5/recommended.json | 6 ------ 2 files changed, 24 deletions(-) diff --git a/tools/perf/pmu-events/arch/x86/amdzen5/inst-cache.json b/tools/perf/pmu-events/arch/x86/amdzen5/inst-cache.json index ad75e5bf9513..4fd5e2c5432f 100644 --- a/tools/perf/pmu-events/arch/x86/amdzen5/inst-cache.json +++ b/tools/perf/pmu-events/arch/x86/amdzen5/inst-cache.json @@ -33,24 +33,6 @@ "BriefDescription": "Fetches tagged by Fetch IBS that result in a valid sample and an IBS interrupt.", "UMask": "0x10" }, - { - "EventName": "ic_tag_hit_miss.instruction_cache_hit", - "EventCode": "0x18e", - "BriefDescription": "Instruction cache hits.", - "UMask": "0x07" - }, - { - "EventName": "ic_tag_hit_miss.instruction_cache_miss", - "EventCode": "0x18e", - "BriefDescription": "Instruction cache misses.", - "UMask": "0x18" - }, - { - "EventName": "ic_tag_hit_miss.all_instruction_cache_accesses", - "EventCode": "0x18e", - "BriefDescription": "Instruction cache accesses of all types.", - "UMask": "0x1f" - }, { "EventName": "op_cache_hit_miss.op_cache_hit", "EventCode": "0x28f", diff --git a/tools/perf/pmu-events/arch/x86/amdzen5/recommended.json b/tools/perf/pmu-events/arch/x86/amdzen5/recommended.json index 635d57e3bc15..863f4b5dfc14 100644 --- a/tools/perf/pmu-events/arch/x86/amdzen5/recommended.json +++ b/tools/perf/pmu-events/arch/x86/amdzen5/recommended.json @@ -136,12 +136,6 @@ "MetricExpr": "d_ratio(op_cache_hit_miss.op_cache_miss, op_cache_hit_miss.all_op_cache_accesses)", "ScaleUnit": "100%" }, - { - "MetricName": "ic_fetch_miss_ratio", - "BriefDescription": "Instruction cache miss ratio for all fetches. An instruction cache miss will not be counted by this metric if it is an OC hit.", - "MetricExpr": "d_ratio(ic_tag_hit_miss.instruction_cache_miss, ic_tag_hit_miss.all_instruction_cache_accesses)", - "ScaleUnit": "100%" - }, { "MetricName": "l1_data_cache_fills_from_memory_pti", "BriefDescription": "L1 data cache fills from DRAM or MMIO in any NUMA node per thousand instructions.", -- 2.43.0

7 months

1
0
0 0

FAILED: patch "[PATCH] drm/xe: Ensure fixed_slice_mode gets set after ccs_mode" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 262de94a3a7ef23c326534b3d9483602b7af841e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025042256-unshackle-unwashed-bd50@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 262de94a3a7ef23c326534b3d9483602b7af841e Mon Sep 17 00:00:00 2001 From: Niranjana Vishwanathapura <niranjana.vishwanathapura(a)intel.com> Date: Thu, 27 Mar 2025 11:56:04 -0700 Subject: [PATCH] drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change The RCU_MODE_FIXED_SLICE_CCS_MODE setting is not getting invoked in the gt reset path after the ccs_mode setting by the user. Add it to engine register update list (in hw_engine_setup_default_state()) which ensures it gets set in the gt reset and engine reset paths. v2: Add register update to engine list to ensure it gets updated after engine reset also. Fixes: 0d97ecce16bd ("drm/xe: Enable Fixed CCS mode setting") Cc: stable(a)vger.kernel.org Signed-off-by: Niranjana Vishwanathapura <niranjana.vishwanathapura(a)intel.com> Reviewed-by: Matt Roper <matthew.d.roper(a)intel.com> Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> Link: https://lore.kernel.org/r/20250327185604.18230-1-niranjana.vishwanathapura@… (cherry picked from commit 12468e519f98e4d93370712e3607fab61df9dae9) Signed-off-by: Lucas De Marchi <lucas.demarchi(a)intel.com> diff --git a/drivers/gpu/drm/xe/xe_hw_engine.c b/drivers/gpu/drm/xe/xe_hw_engine.c index 8c05fd30b7df..93241fd0a4ba 100644 --- a/drivers/gpu/drm/xe/xe_hw_engine.c +++ b/drivers/gpu/drm/xe/xe_hw_engine.c @@ -389,12 +389,6 @@ xe_hw_engine_setup_default_lrc_state(struct xe_hw_engine *hwe) blit_cctl_val, XE_RTP_ACTION_FLAG(ENGINE_BASE))) }, - /* Use Fixed slice CCS mode */ - { XE_RTP_NAME("RCU_MODE_FIXED_SLICE_CCS_MODE"), - XE_RTP_RULES(FUNC(xe_hw_engine_match_fixed_cslice_mode)), - XE_RTP_ACTIONS(FIELD_SET(RCU_MODE, RCU_MODE_FIXED_SLICE_CCS_MODE, - RCU_MODE_FIXED_SLICE_CCS_MODE)) - }, /* Disable WMTP if HW doesn't support it */ { XE_RTP_NAME("DISABLE_WMTP_ON_UNSUPPORTED_HW"), XE_RTP_RULES(FUNC(xe_rtp_cfeg_wmtp_disabled)), @@ -461,6 +455,12 @@ hw_engine_setup_default_state(struct xe_hw_engine *hwe) XE_RTP_ACTIONS(SET(CSFE_CHICKEN1(0), CS_PRIORITY_MEM_READ, XE_RTP_ACTION_FLAG(ENGINE_BASE))) }, + /* Use Fixed slice CCS mode */ + { XE_RTP_NAME("RCU_MODE_FIXED_SLICE_CCS_MODE"), + XE_RTP_RULES(FUNC(xe_hw_engine_match_fixed_cslice_mode)), + XE_RTP_ACTIONS(FIELD_SET(RCU_MODE, RCU_MODE_FIXED_SLICE_CCS_MODE, + RCU_MODE_FIXED_SLICE_CCS_MODE)) + }, }; xe_rtp_process_to_sr(&ctx, engine_entries, ARRAY_SIZE(engine_entries), &hwe->reg_sr);

7 months

3
4
0 0

[PATCH v5] mm: mmap: map MAP_STACK to VM_NOHUGEPAGE only if THP is enabled

by Ignacio Moreno Gonzalez via B4 Relay

From: Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com> commit c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") maps the mmap option MAP_STACK to VM_NOHUGEPAGE. This is also done if CONFIG_TRANSPARENT_HUGEPAGE is not defined. But in that case, the VM_NOHUGEPAGE does not make sense. I discovered this issue when trying to use the tool CRIU to checkpoint and restore a container. Our running kernel is compiled without CONFIG_TRANSPARENT_HUGEPAGE. CRIU parses the output of /proc/<pid>/smaps and saves the "nh" flag. When trying to restore the container, CRIU fails to restore the "nh" mappings, since madvise() MADV_NOHUGEPAGE always returns an error because CONFIG_TRANSPARENT_HUGEPAGE is not defined. Fixes: c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") Cc: stable(a)vger.kernel.org Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Yang Shi <yang(a)os.amperecomputing.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Signed-off-by: Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com> --- I discovered this issue when trying to use the tool CRIU to checkpoint and restore a container. Our running kernel is compiled without CONFIG_TRANSPARENT_HUGEPAGE. CRIU parses the output of /proc/<pid>/smaps and saves the "nh" flag. When trying to restore the container, CRIU fails to restore the "nh" mappings, since madvise() MADV_NOHUGEPAGE always returns an error because CONFIG_TRANSPARENT_HUGEPAGE is not defined. The mapping MAP_STACK -> VM_NOHUGEPAGE was introduced by commit c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") in order to fix a regression introduced by commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries"). The change introducing the regression (efa7df3e3bb5) was limited to THP kernels, but its fix (c4608d1bf7c6) is applied without checking if THP is set. The mapping MAP_STACK -> VM_NOHUGEPAGE should only be applied if THP is enabled. --- Changes in v5: - Correct typo CONFIG_TRANSPARENT_HUGETABLES -> CONFIG_TRANSPARENT_HUGEPAGE in patch description - Link to v4: https://lore.kernel.org/r/20250507-map-map_stack-to-vm_nohugepage-only-if-t… Changes in v4: - Correct typo CONFIG_TRANSPARENT_HUGETABLES -> CONFIG_TRANSPARENT_HUGEPAGE - Copy description from cover letter to commit description - Link to v3: https://lore.kernel.org/r/20250507-map-map_stack-to-vm_nohugepage-only-if-t… Changes in v3: - Exclude non-stable patch (for huge_mm.h) from this series to avoid mixing stable and non-stable patches, as suggested by Andrew. - Extend description in cover letter. - Link to v2: https://lore.kernel.org/r/20250506-map-map_stack-to-vm_nohugepage-only-if-t… Changes in v2: - [Patch 1/2] Use '#ifdef' instead of '#if defined(...)' - [Patch 1/2] Add 'Fixes: c4608d1bf7c6...' - Create [Patch 2/2] - Link to v1: https://lore.kernel.org/r/20250502-map-map_stack-to-vm_nohugepage-only-if-t… --- include/linux/mman.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/mman.h b/include/linux/mman.h index bce214fece16b9af3791a2baaecd6063d0481938..f4c6346a8fcd29b08d43f7cd9158c3eddc3383e1 100644 --- a/include/linux/mman.h +++ b/include/linux/mman.h @@ -155,7 +155,9 @@ calc_vm_flag_bits(struct file *file, unsigned long flags) return _calc_vm_trans(flags, MAP_GROWSDOWN, VM_GROWSDOWN ) | _calc_vm_trans(flags, MAP_LOCKED, VM_LOCKED ) | _calc_vm_trans(flags, MAP_SYNC, VM_SYNC ) | +#ifdef CONFIG_TRANSPARENT_HUGEPAGE _calc_vm_trans(flags, MAP_STACK, VM_NOHUGEPAGE) | +#endif arch_calc_vm_flag_bits(file, flags); } --- base-commit: fc96b232f8e7c0a6c282f47726b2ff6a5fb341d2 change-id: 20250428-map-map_stack-to-vm_nohugepage-only-if-thp-is-enabled-ce40a1de095d Best regards, -- Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com>

7 months

2
1
0 0

[PATCH v1] drm/bridge: cdns-dsi: Replace deprecated UNIVERSAL_DEV_PM_OPS()

by Vitor Soares

From: Vitor Soares <vitor.soares(a)toradex.com> The deprecated UNIVERSAL_DEV_PM_OPS() macro uses the provided callbacks for both runtime PM and system sleep. This causes the DSI clocks to be disabled twice: once during runtime suspend and again during system suspend, resulting in a WARN message from the clock framework when attempting to disable already-disabled clocks. [ 84.384540] clk:231:5 already disabled [ 84.388314] WARNING: CPU: 2 PID: 531 at /drivers/clk/clk.c:1181 clk_core_disable+0xa4/0xac ... [ 84.579183] Call trace: [ 84.581624] clk_core_disable+0xa4/0xac [ 84.585457] clk_disable+0x30/0x4c [ 84.588857] cdns_dsi_suspend+0x20/0x58 [cdns_dsi] [ 84.593651] pm_generic_suspend+0x2c/0x44 [ 84.597661] ti_sci_pd_suspend+0xbc/0x15c [ 84.601670] dpm_run_callback+0x8c/0x14c [ 84.605588] __device_suspend+0x1a0/0x56c [ 84.609594] dpm_suspend+0x17c/0x21c [ 84.613165] dpm_suspend_start+0xa0/0xa8 [ 84.617083] suspend_devices_and_enter+0x12c/0x634 [ 84.621872] pm_suspend+0x1fc/0x368 To address this issue, replace UNIVERSAL_DEV_PM_OPS() with DEFINE_RUNTIME_DEV_PM_OPS(), which avoids redundant suspend/resume calls by checking if the device is already runtime suspended. Cc: <stable(a)vger.kernel.org> # 6.1.x Fixes: e19233955d9e ("drm/bridge: Add Cadence DSI driver") Signed-off-by: Vitor Soares <vitor.soares(a)toradex.com> --- drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c index b022dd6e6b6e..62179e55e032 100644 --- a/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c +++ b/drivers/gpu/drm/bridge/cadence/cdns-dsi-core.c @@ -1258,7 +1258,7 @@ static const struct mipi_dsi_host_ops cdns_dsi_ops = { .transfer = cdns_dsi_transfer, }; -static int __maybe_unused cdns_dsi_resume(struct device *dev) +static int cdns_dsi_resume(struct device *dev) { struct cdns_dsi *dsi = dev_get_drvdata(dev); @@ -1269,7 +1269,7 @@ static int __maybe_unused cdns_dsi_resume(struct device *dev) return 0; } -static int __maybe_unused cdns_dsi_suspend(struct device *dev) +static int cdns_dsi_suspend(struct device *dev) { struct cdns_dsi *dsi = dev_get_drvdata(dev); @@ -1279,8 +1279,8 @@ static int __maybe_unused cdns_dsi_suspend(struct device *dev) return 0; } -static UNIVERSAL_DEV_PM_OPS(cdns_dsi_pm_ops, cdns_dsi_suspend, cdns_dsi_resume, - NULL); +static DEFINE_RUNTIME_DEV_PM_OPS(cdns_dsi_pm_ops, cdns_dsi_suspend, + cdns_dsi_resume, NULL); static int cdns_dsi_drm_probe(struct platform_device *pdev) { @@ -1427,7 +1427,7 @@ static struct platform_driver cdns_dsi_platform_driver = { .driver = { .name = "cdns-dsi", .of_match_table = cdns_dsi_of_match, - .pm = &cdns_dsi_pm_ops, + .pm = pm_ptr(&cdns_dsi_pm_ops), }, }; module_platform_driver(cdns_dsi_platform_driver); -- 2.34.1

7 months

2
6
0 0

net/sched: codel: Inclusion of patchset

by Tai, Gerrard

Upstream commits: 01: 5ba8b837b522d7051ef81bacf3d95383ff8edce5 ("sch_htb: make htb_qlen_notify() idempotent") 02: df008598b3a00be02a8051fde89ca0fbc416bd55 ("sch_drr: make drr_qlen_notify() idempotent") 03: 51eb3b65544c9efd6a1026889ee5fb5aa62da3bb ("sch_hfsc: make hfsc_qlen_notify() idempotent") 04: 55f9eca4bfe30a15d8656f915922e8c98b7f0728 ("sch_qfq: make qfq_qlen_notify() idempotent") 05: a7a15f39c682ac4268624da2abdb9114bdde96d5 ("sch_ets: make est_qlen_notify() idempotent") 06: 342debc12183b51773b3345ba267e9263bdfaaef ("codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()") These patches are patch 01-06 of the original patchset ([1]) authored by Cong Wang. I have omitted patches 07-11 which are selftests. This patchset addresses a UAF vulnerability. Originally, only the last commit (06) was picked to merge into the latest round of stable queues 5.15,5.10,5.4. For 6.x stable branches, that sole commit has already been merged in a previous cycle. From my understanding, this patch depends on the previous patches to work. Without patches 01-05 which make various classful qdiscs' qlen_notify() idempotent, if an fq_codel's dequeue() routine empties the fq_codel qdisc, it will be doubly deactivated - first in the parent qlen_notify and then again in the parent dequeue. For instance, in the case of parent drr, the double deactivation will either cause a fault on an invalid address, or trigger a splat if list checks are compiled into the kernel. This is also why the original unpatched code included the qlen check in the first place. After discussion with Greg, he has helped to temporarily drop the patch from the 5.x queues ([2]). My suggestion is to include patches 01-06 of the patchset, as listed above, for the 5.x queues. For the 6.x queues that have already merged patch 06, the earlier patches 01-05 should be merged too. I'm not too familiar with the stable patch process, so I may be completely mistaken here. Cheers, Gerrard [1]: https://lore.kernel.org/netdev/174410343500.1831514.15019771038334698036.gi… [2]: https://lore.kernel.org/stable/2025050131-fragrant-famine-eb32@gregkh/

7 months

3
4
0 0

[PATCH 6.1 000/167] 6.1.136-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.136 release. There are 167 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 01 May 2025 16:10:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.136-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.136-rc1 Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Silence more KCOV warnings, part 2 Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qcom: q6afe-dai: fix Display Port Playback stream name Rob Herring <robh(a)kernel.org> PCI: Fix use-after-free in pci_bus_release_domain_nr() Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Remove pointer (asterisk) and brackets from cpumask_t field Richard Zhu <hongxing.zhu(a)nxp.com> phy: freescale: imx8m-pcie: Add one missing error return Richard Zhu <hongxing.zhu(a)nxp.com> phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check Hannes Reinecke <hare(a)kernel.org> nvme: fixup scan failure for non-ANA multipath controllers Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: cm: Fix warning if MIPS_CM is disabled Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> xdp: Reset bpf_redirect_info before running a xdp's BPF prog. Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable STU methods for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable PVT for 6321 switch Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family Jakub Kicinski <kuba(a)kernel.org> net/sched: act_mirred: don't override retval if we already lost the skb Marek Behún <kabel(a)kernel.org> crypto: atmel-sha204a - Set hwrng quality to lowest possible Ian Abbott <abbotti(a)mev.co.uk> comedi: jr3_pci: Fix synchronous deletion of timer Dave Kleikamp <dave.kleikamp(a)oracle.com> jfs: define xtree root and page independently Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: add buffer overflow check in of_modalias() Tamura Dai <kirinode0(a)gmail.com> spi: spi-imx: Add check for spi_imx_setupxfer() Meir Elisha <meir.elisha(a)volumez.com> md/raid1: Add check for missing source disk in process_checks() Mostafa Saleh <smostafa(a)google.com> ubsan: Fix panic from test_ubsan_out_of_bounds Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: add rate limiting and simplify timeout error message Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts Yunlong Xing <yunlong.xing(a)unisoc.com> loop: aio inherit the ioprio of original request Fernando Fernandez Mancera <ffmancera(a)riseup.net> x86/i8253: Call clockevent_i8253_disable() with interrupts disabled Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy_attached to zero when device is gone Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: make block validity check resistent to sb bh corruption Daniel Wagner <wagi(a)kernel.org> nvmet-fc: put ref when assoc->del_work is already scheduled Daniel Wagner <wagi(a)kernel.org> nvmet-fc: take tgtport reference only once Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on context switch with eIBRS Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Use SBPB in write_ibpb() if applicable Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> selftests/mincore: Allow read-ahead pages to reach the end of the file Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Stop UNRET validation on UD2 Hannes Reinecke <hare(a)kernel.org> nvme: re-read ANA log page after ns scan completes Jean-Marc Eurin <jmeurin(a)google.com> ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls Mario Limonciello <mario.limonciello(a)amd.com> ACPI: EC: Set ec_no_wakeup for Lenovo Go S Hannes Reinecke <hare(a)kernel.org> nvme: requeue namespace scan on missed AENs Jason Andryuk <jason.andryuk(a)amd.com> xen: Change xen-acpi-processor dom0 dependency Ming Lei <ming.lei(a)redhat.com> selftests: ublk: fix test_stripe_04 Xiaogang Chen <xiaogang.chen(a)amd.com> udmabuf: fix a buf size overflow issue during udmabuf creation Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> KVM: s390: Don't use %pK through tracepoints Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP Lukas Stockmann <lukas.stockmann(a)siemens.com> rtc: pcf85063: do a SW reset if POR failed Dominique Martinet <asmadeus(a)codewreck.org> 9p/net: fix improper handling of bogus negative read/write replies Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> ntb_hw_amd: Add NTB PCI ID for new gen CPU Arnd Bergmann <arnd(a)arndb.de> ntb: reduce stack usage in idt_scan_mws Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix _another_ leak Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, lkdtm: Obfuscate the do_nothing() pointer Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Silence more KCOV warnings Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Scan retimers after device router has been enumerated Théo Lebrun <theo.lebrun(a)bootlin.com> usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func Chenyuan Yang <chenyuan0y(a)gmail.com> usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running Vinicius Costa Gomes <vinicius.gomes(a)intel.com> dmaengine: dmatest: Fix dmatest waiting less when interrupted John Stultz <jstultz(a)google.com> sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: dwc3: gadget: Refactor loop to avoid NULL endpoints Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size Alexander Stein <alexander.stein(a)mailbox.org> usb: host: max3421-hcd: Add missing spi_device_id table Haoxiang Li <haoxiang_li2024(a)163.com> s390/tty: Fix a potential memory leak bug Haoxiang Li <haoxiang_li2024(a)163.com> s390/sclp: Add check for get_zeroed_page() Yu-Chun Lin <eleanor15x(a)gmail.com> parisc: PDT: Fix missing prototype warning Heiko Stuebner <heiko(a)sntech.de> clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() Alexei Starovoitov <ast(a)kernel.org> bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Herbert Xu <herbert(a)gondor.apana.org.au> crypto: null - Use spin lock instead of mutex Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: cm: Detect CM quirks from device tree Chenyuan Yang <chenyuan0y(a)gmail.com> pinctrl: renesas: rza2: Fix potential NULL pointer dereference Oliver Neukum <oneukum(a)suse.com> USB: wdm: add annotation Oliver Neukum <oneukum(a)suse.com> USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context Oliver Neukum <oneukum(a)suse.com> USB: wdm: close race between wdm_open and wdm_wwan_port_stop Oliver Neukum <oneukum(a)suse.com> USB: wdm: handle IO errors in wdm_wwan_port_start Oliver Neukum <oneukum(a)suse.com> USB: VLI disk crashes if LPM is used Miao Li <limiao(a)kylinos.cn> usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive Miao Li <limiao(a)kylinos.cn> usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive Mike Looijmans <mike.looijmans(a)topic.nl> usb: dwc3: xilinx: Prevent spike in reset signal Frode Isaksen <frode(a)meta.com> usb: dwc3: gadget: check that event count does not exceed event buffer length Huacai Chen <chenhuacai(a)kernel.org> USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: fix usbmisc handling Ralph Siemsen <ralph.siemsen(a)linaro.org> usb: cdns3: Fix deadlock when using NCM gadget Craig Hesling <craig(a)hesling.com> USB: serial: simple: add OWON HDS200 series oscilloscope support Adam Xue <zxue(a)semtech.com> USB: serial: option: add Sierra Wireless EM9291 Michael Ehrenreich <michideep(a)gmail.com> USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe Ryo Takakura <ryotkkr98(a)gmail.com> serial: sifive: lock port in startup()/shutdown() callbacks Stephan Gerhold <stephan.gerhold(a)linaro.org> serial: msm: Configure correct working mode before starting earlycon Rengarajan S <rengarajan.s(a)microchip.com> misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack Rengarajan S <rengarajan.s(a)microchip.com> misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration Sean Christopherson <seanjc(a)google.com> KVM: x86: Reset IRTE to host control if *new* route isn't postable Sean Christopherson <seanjc(a)google.com> KVM: x86: Explicitly treat routing entry type changes as changes Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add panther lake H DID Oliver Neukum <oneukum(a)suse.com> USB: storage: quirk for ADATA Portable HDD CH94 Haoxiang Li <haoxiang_li2024(a)163.com> mcb: fix a double free bug in chameleon_parse_gdd() Sean Christopherson <seanjc(a)google.com> KVM: SVM: Allocate IR data using atomic allocation Petr Tesarik <ptesarik(a)suse.com> LoongArch: Remove a bogus reference to ZONE_DMA Ming Wang <wangming01(a)loongson.cn> LoongArch: Return NULL from huge_pte_offset() for invalid PMD Roman Li <Roman.Li(a)amd.com> drm/amd/display: Force full update in gpu reset Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix gpu reset in multidisplay config Fiona Klute <fiona.klute(a)gmx.de> net: phy: microchip: force IRQ polling mode for lan88xx Oleksij Rempel <linux(a)rempel-privat.de> net: selftests: initialize TCP header and skb payload with zero Alexey Nepomnyashih <sdl(a)nppct.ru> xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() Halil Pasic <pasic(a)linux.ibm.com> virtio_console: fix missing byte order handling for cols and rows Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb Ping-Ke Shih <pkshih(a)realtek.com> wifi: mac80211: export ieee80211_purge_tx_queue() for drivers Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Make regs_irqs_disabled() more clear Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Select ARCH_USE_MEMTEST Luo Gengkun <luogengkun(a)huaweicloud.com> perf/x86: Fix non-sampling (counting) events on certain x86 platforms Björn Töpel <bjorn(a)rivosinc.com> riscv: uprobes: Add missing fence.i after building the XOL buffer Sean Christopherson <seanjc(a)google.com> iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE Daniel Golle <daniel(a)makrotopia.org> net: dsa: mt7530: sync driver-specific behavior of MT7531 variants Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a UAF vulnerability in class handling Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix NULL pointer dereference in tipc_mon_reinit_self() Qingfang Deng <qingfang.deng(a)siflower.com.cn> net: phy: leds: fix memory leak Justin Iurman <justin.iurman(a)uliege.be> net: lwtunnel: disable BHs when required Anastasia Kovaleva <a.kovaleva(a)yadro.com> scsi: core: Clear flags for scsi_cmnd that did not complete Qu Wenruo <wqu(a)suse.com> btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() Marc Zyngier <maz(a)kernel.org> cpufreq: cppc: Fix invalid return value in .get() callback Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() Arnd Bergmann <arnd(a)arndb.de> dma/contiguous: avoid warning about unused size_bytes Mark Brown <broonie(a)kernel.org> selftests/mm: generate a temporary mountpoint for cgroup filesystem Evgeny Pimenov <pimenoveu12(a)gmail.com> ASoC: qcom: Fix sc7280 lpass potential buffer overflow Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qcom: q6dsp: add support to more display ports Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Support mmap() of PCI resources except for ISM devices Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Report PCI error recovery results via SCLP Niklas Schnelle <schnelle(a)linux.ibm.com> s390/sclp: Allow user-space to provide PCI reports for optical modules Stefan Eichenberger <stefan.eichenberger(a)toradex.com> phy: freescale: imx8m-pcie: assert phy reset and perst in power off Richard Zhu <hongxing.zhu(a)nxp.com> phy: freescale: imx8m-pcie: Add i.MX8MP PCIe PHY support David Hildenbrand <david(a)redhat.com> s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues Halil Pasic <pasic(a)linux.ibm.com> s390/virtio_ccw: fix virtual vs physical address confusion Alexander Gordeev <agordeev(a)linux.ibm.com> s390/virtio: sort out physical vs virtual pointers usage Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_register_host_bridge() Pali Rohár <pali(a)kernel.org> PCI: Assign PCI domain IDs by ida_alloc() Zijun Hu <quic_zijuhu(a)quicinc.com> of: resolver: Fix device node refcount leakage in of_resolve_phandles() Rob Herring (Arm) <robh(a)kernel.org> of: resolver: Simplify of_resolve_phandles() using __free() Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> clk: renesas: r9a07g043: Fix HP clock source for RZ/Five Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: r9a07g04[34]: Fix typo for sel_shdi variable Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: r9a07g04[34]: Use SEL_SDHI1_STS status configuration for SD1 mux Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Refactor SD mux driver Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Remove CPG_SDHI_DSEL from generic header Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Add struct clk_hw_data Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Use u32 for flag and mux_flags Herve Codina <herve.codina(a)bootlin.com> backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> backlight: led_bl: Convert to platform remove callback returning void Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> iio: adc: ad7768-1: Fix conversion result sign Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix VTU methods for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix internal PHYs for 6320 family Alexis Lothoré <alexis.lothore(a)bootlin.com> net: dsa: mv88e6xxx: add field to specify internal phys layout Alexis Lothoré <alexis.lothore(a)bootlin.com> net: dsa: mv88e6xxx: pass directly chip structure to mv88e6xxx_phy_is_internal Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: dsa: mv88e6xxx: move link forcing to mac_prepare/mac_finish Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: dsa: add support for mac_prepare() and mac_finish() calls Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: mv88e6xxx: don't dispose of Global2 IRQ mappings from mdiobus code Haoxiang Li <haoxiang_li2024(a)163.com> auxdisplay: hd44780: Fix an API misuse in hd44780.c Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> auxdisplay: hd44780: Convert to platform remove callback returning void Steven Rostedt <rostedt(a)goodmis.org> tracing: Verify event formats that have "%*p.." Steven Rostedt <rostedt(a)goodmis.org> tracing: Add __print_dynamic_array() helper Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Add __string_len() example Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix cpumask() example typo Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Add __cpumask to denote a trace event field that is a cpumask_t Shakeel Butt <shakeel.butt(a)linux.dev> memcg: drain obj stock on cpu hotplug teardown Thorsten Leemhuis <linux(a)leemhuis.info> module: sign with sha512 instead of sha1 by default ------------- Diffstat: Makefile | 4 +- arch/loongarch/Kconfig | 1 + arch/loongarch/include/asm/ptrace.h | 4 +- arch/loongarch/mm/hugetlbpage.c | 2 +- arch/loongarch/mm/init.c | 3 - arch/mips/include/asm/mips-cm.h | 22 +++ arch/mips/kernel/mips-cm.c | 14 ++ arch/parisc/kernel/pdt.c | 2 + arch/riscv/kernel/probes/uprobes.c | 10 +- arch/s390/Kconfig | 4 +- arch/s390/include/asm/pci.h | 3 + arch/s390/include/asm/sclp.h | 33 ++++ arch/s390/kvm/trace-s390.h | 4 +- arch/s390/pci/Makefile | 2 +- arch/s390/pci/pci_event.c | 21 ++- arch/s390/pci/pci_fixup.c | 23 +++ arch/s390/pci/pci_report.c | 111 +++++++++++++ arch/s390/pci/pci_report.h | 16 ++ arch/x86/entry/entry.S | 2 +- arch/x86/events/core.c | 2 +- arch/x86/kernel/cpu/bugs.c | 36 ++--- arch/x86/kernel/i8253.c | 3 +- arch/x86/kvm/svm/avic.c | 60 +++---- arch/x86/kvm/vmx/posted_intr.c | 28 ++-- arch/x86/kvm/x86.c | 3 +- arch/x86/mm/tlb.c | 6 +- crypto/crypto_null.c | 37 +++-- drivers/acpi/ec.c | 28 ++++ drivers/acpi/pptt.c | 4 +- drivers/auxdisplay/hd44780.c | 9 +- drivers/block/loop.c | 2 +- drivers/char/virtio_console.c | 7 +- drivers/clk/clk.c | 4 + drivers/clk/renesas/r9a07g043-cpg.c | 28 +++- drivers/clk/renesas/r9a07g044-cpg.c | 21 ++- drivers/clk/renesas/rzg2l-cpg.c | 178 +++++++++++++++------ drivers/clk/renesas/rzg2l-cpg.h | 24 +-- drivers/comedi/drivers/jr3_pci.c | 17 +- drivers/cpufreq/cppc_cpufreq.c | 2 +- drivers/cpufreq/scmi-cpufreq.c | 10 +- drivers/cpufreq/scpi-cpufreq.c | 13 +- drivers/crypto/atmel-sha204a.c | 7 +- drivers/dma-buf/udmabuf.c | 2 +- drivers/dma/dmatest.c | 6 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 9 +- drivers/iio/adc/ad7768-1.c | 5 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/amd/iommu.c | 2 +- drivers/mcb/mcb-parse.c | 2 +- drivers/md/raid1.c | 26 +-- drivers/misc/lkdtm/perms.c | 14 +- drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c | 8 +- drivers/misc/mei/hw-me-regs.h | 1 + drivers/misc/mei/pci-me.c | 1 + drivers/net/dsa/mt7530.c | 6 +- drivers/net/dsa/mv88e6xxx/chip.c | 106 ++++++++---- drivers/net/dsa/mv88e6xxx/chip.h | 5 + drivers/net/dsa/mv88e6xxx/global2.c | 25 +-- drivers/net/phy/microchip.c | 46 +----- drivers/net/phy/phy_led_triggers.c | 23 +-- drivers/net/wireless/realtek/rtw88/main.c | 2 +- drivers/net/wireless/realtek/rtw88/tx.c | 2 +- drivers/net/xen-netfront.c | 19 ++- drivers/ntb/hw/amd/ntb_hw_amd.c | 1 + drivers/ntb/hw/idt/ntb_hw_idt.c | 18 +-- drivers/nvme/host/core.c | 9 ++ drivers/nvme/target/fc.c | 25 ++- drivers/of/device.c | 7 +- drivers/of/resolver.c | 37 ++--- drivers/pci/pci.c | 107 +++++++------ drivers/pci/probe.c | 16 +- drivers/pci/remove.c | 7 + drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 46 +++++- drivers/pinctrl/renesas/pinctrl-rza2.c | 3 + drivers/rtc/rtc-pcf85063.c | 19 ++- drivers/s390/char/sclp.h | 14 -- drivers/s390/char/sclp_con.c | 17 ++ drivers/s390/char/sclp_pci.c | 19 +-- drivers/s390/char/sclp_tty.c | 12 ++ drivers/s390/net/ism_drv.c | 1 - drivers/s390/virtio/virtio_ccw.c | 100 ++++++------ drivers/scsi/hisi_sas/hisi_sas_main.c | 20 +++ drivers/scsi/pm8001/pm8001_sas.c | 1 + drivers/scsi/scsi_lib.c | 6 +- drivers/spi/spi-imx.c | 5 +- drivers/spi/spi-tegra210-quad.c | 6 +- drivers/thunderbolt/tb.c | 16 +- drivers/tty/serial/msm_serial.c | 6 + drivers/tty/serial/sifive.c | 6 + drivers/ufs/host/ufs-exynos.c | 10 +- drivers/usb/cdns3/cdns3-gadget.c | 2 + drivers/usb/chipidea/ci_hdrc_imx.c | 44 +++-- drivers/usb/class/cdc-wdm.c | 21 ++- drivers/usb/core/quirks.c | 9 ++ drivers/usb/dwc3/dwc3-pci.c | 10 ++ drivers/usb/dwc3/dwc3-xilinx.c | 4 +- drivers/usb/dwc3/gadget.c | 28 +++- drivers/usb/gadget/udc/aspeed-vhub/dev.c | 3 + drivers/usb/host/max3421-hcd.c | 7 + drivers/usb/host/ohci-pci.c | 23 +++ drivers/usb/host/xhci-mvebu.c | 10 -- drivers/usb/host/xhci-mvebu.h | 6 - drivers/usb/host/xhci-plat.c | 2 +- drivers/usb/host/xhci-ring.c | 11 +- drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 5 + drivers/usb/serial/option.c | 3 + drivers/usb/serial/usb-serial-simple.c | 7 + drivers/usb/storage/unusual_uas.h | 7 + drivers/video/backlight/led_bl.c | 11 +- drivers/xen/Kconfig | 2 +- fs/btrfs/file.c | 9 +- fs/ext4/block_validity.c | 5 +- fs/ext4/inode.c | 7 +- fs/jfs/jfs_dinode.h | 2 +- fs/jfs/jfs_imap.c | 6 +- fs/jfs/jfs_incore.h | 2 +- fs/jfs/jfs_txnmgr.c | 4 +- fs/jfs/jfs_xtree.c | 4 +- fs/jfs/jfs_xtree.h | 37 +++-- fs/ntfs3/file.c | 1 + include/dt-bindings/sound/qcom,q6dsp-lpass-ports.h | 8 + include/linux/filter.h | 9 +- include/linux/pci.h | 1 + include/linux/pci_ids.h | 1 + include/net/dsa.h | 6 + include/net/mac80211.h | 13 ++ include/trace/bpf_probe.h | 6 + include/trace/perf.h | 6 + include/trace/stages/stage1_struct_define.h | 6 + include/trace/stages/stage2_data_offsets.h | 6 + include/trace/stages/stage3_trace_output.h | 14 ++ include/trace/stages/stage4_event_fields.h | 12 ++ include/trace/stages/stage5_get_offsets.h | 6 + include/trace/stages/stage6_event_callback.h | 20 +++ include/trace/stages/stage7_class_define.h | 3 + init/Kconfig | 2 +- kernel/dma/contiguous.c | 3 +- kernel/module/Kconfig | 1 + kernel/trace/bpf_trace.c | 7 +- kernel/trace/trace_events.c | 7 + lib/test_ubsan.c | 18 ++- mm/memcontrol.c | 9 ++ net/9p/client.c | 30 ++-- net/core/lwtunnel.c | 26 ++- net/core/selftests.c | 18 ++- net/dsa/port.c | 32 ++++ net/mac80211/ieee80211_i.h | 2 - net/mac80211/status.c | 1 + net/sched/act_mirred.c | 22 +-- net/sched/sch_hfsc.c | 23 ++- net/tipc/monitor.c | 3 +- samples/trace_events/trace-events-sample.c | 2 +- samples/trace_events/trace-events-sample.h | 46 +++++- scripts/Makefile.lib | 2 +- sound/soc/codecs/wcd934x.c | 2 +- sound/soc/qcom/lpass.h | 3 +- sound/soc/qcom/qdsp6/q6afe-dai.c | 2 +- sound/soc/qcom/qdsp6/q6dsp-lpass-ports.c | 43 +++-- sound/virtio/virtio_pcm.c | 21 ++- tools/objtool/check.c | 9 ++ tools/testing/selftests/mincore/mincore_selftest.c | 3 - tools/testing/selftests/ublk/test_stripe_04.sh | 24 +++ .../selftests/vm/charge_reserved_hugetlb.sh | 4 +- .../selftests/vm/hugetlb_reparenting_test.sh | 2 +- 165 files changed, 1713 insertions(+), 720 deletions(-)

7 months

16
194
0 0

[PATCH v4] mm: mmap: map MAP_STACK to VM_NOHUGEPAGE only if THP is enabled

by Ignacio Moreno Gonzalez via B4 Relay

From: Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com> commit c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") maps the mmap option MAP_STACK to VM_NOHUGEPAGE. This is also done if CONFIG_TRANSPARENT_HUGETABLES is not defined. But in that case, the VM_NOHUGEPAGE does not make sense. I discovered this issue when trying to use the tool CRIU to checkpoint and restore a container. Our running kernel is compiled without CONFIG_TRANSPARENT_HUGETABLES. CRIU parses the output of /proc/<pid>/smaps and saves the "nh" flag. When trying to restore the container, CRIU fails to restore the "nh" mappings, since madvise() MADV_NOHUGEPAGE always returns an error because CONFIG_TRANSPARENT_HUGEPAGE is not defined. Fixes: c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") Cc: stable(a)vger.kernel.org Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Yang Shi <yang(a)os.amperecomputing.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Signed-off-by: Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com> --- I discovered this issue when trying to use the tool CRIU to checkpoint and restore a container. Our running kernel is compiled without CONFIG_TRANSPARENT_HUGEPAGE. CRIU parses the output of /proc/<pid>/smaps and saves the "nh" flag. When trying to restore the container, CRIU fails to restore the "nh" mappings, since madvise() MADV_NOHUGEPAGE always returns an error because CONFIG_TRANSPARENT_HUGEPAGE is not defined. The mapping MAP_STACK -> VM_NOHUGEPAGE was introduced by commit c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") in order to fix a regression introduced by commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries"). The change introducing the regression (efa7df3e3bb5) was limited to THP kernels, but its fix (c4608d1bf7c6) is applied without checking if THP is set. The mapping MAP_STACK -> VM_NOHUGEPAGE should only be applied if THP is enabled. --- Changes in v4: - Correct typo CONFIG_TRANSPARENT_HUGETABLES -> CONFIG_TRANSPARENT_HUGEPAGE - Copy description from cover letter to commit description - Link to v3: https://lore.kernel.org/r/20250507-map-map_stack-to-vm_nohugepage-only-if-t… Changes in v3: - Exclude non-stable patch (for huge_mm.h) from this series to avoid mixing stable and non-stable patches, as suggested by Andrew. - Extend description in cover letter. - Link to v2: https://lore.kernel.org/r/20250506-map-map_stack-to-vm_nohugepage-only-if-t… Changes in v2: - [Patch 1/2] Use '#ifdef' instead of '#if defined(...)' - [Patch 1/2] Add 'Fixes: c4608d1bf7c6...' - Create [Patch 2/2] - Link to v1: https://lore.kernel.org/r/20250502-map-map_stack-to-vm_nohugepage-only-if-t… --- include/linux/mman.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/mman.h b/include/linux/mman.h index bce214fece16b9af3791a2baaecd6063d0481938..f4c6346a8fcd29b08d43f7cd9158c3eddc3383e1 100644 --- a/include/linux/mman.h +++ b/include/linux/mman.h @@ -155,7 +155,9 @@ calc_vm_flag_bits(struct file *file, unsigned long flags) return _calc_vm_trans(flags, MAP_GROWSDOWN, VM_GROWSDOWN ) | _calc_vm_trans(flags, MAP_LOCKED, VM_LOCKED ) | _calc_vm_trans(flags, MAP_SYNC, VM_SYNC ) | +#ifdef CONFIG_TRANSPARENT_HUGEPAGE _calc_vm_trans(flags, MAP_STACK, VM_NOHUGEPAGE) | +#endif arch_calc_vm_flag_bits(file, flags); } --- base-commit: fc96b232f8e7c0a6c282f47726b2ff6a5fb341d2 change-id: 20250428-map-map_stack-to-vm_nohugepage-only-if-thp-is-enabled-ce40a1de095d Best regards, -- Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com>

7 months

3
2
0 0

[PATCH v2 1/4] mm: fix VM_UFFD_MINOR == VM_SHADOW_STACK on USERFAULTFD=y && ARM64_GCS=y

by Florent Revest

On configs with CONFIG_ARM64_GCS=y, VM_SHADOW_STACK is bit 38. On configs with CONFIG_HAVE_ARCH_USERFAULTFD_MINOR=y (selected by CONFIG_ARM64 when CONFIG_USERFAULTFD=y), VM_UFFD_MINOR is _also_ bit 38. This bit being shared by two different VMA flags could lead to all sorts of unintended behaviors. Presumably, a process could maybe call into userfaultfd in a way that disables the shadow stack vma flag. I can't think of any attack where this would help (presumably, if an attacker tries to disable shadow stacks, they are trying to hijack control flow so can't arbitrarily call into userfaultfd yet anyway) but this still feels somewhat scary. Reviewed-by: Mark Brown <broonie(a)kernel.org> Fixes: ae80e1629aea ("mm: Define VM_SHADOW_STACK for arm64 when we support GCS") Cc: <stable(a)vger.kernel.org> Signed-off-by: Florent Revest <revest(a)chromium.org> --- include/linux/mm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/mm.h b/include/linux/mm.h index bf55206935c46..fdda6b16263b3 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -385,7 +385,7 @@ extern unsigned int kobjsize(const void *objp); #endif #ifdef CONFIG_HAVE_ARCH_USERFAULTFD_MINOR -# define VM_UFFD_MINOR_BIT 38 +# define VM_UFFD_MINOR_BIT 41 # define VM_UFFD_MINOR BIT(VM_UFFD_MINOR_BIT) /* UFFD minor faults */ #else /* !CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ # define VM_UFFD_MINOR VM_NONE -- 2.49.0.987.g0cc8ee98dc-goog

7 months

1
0
0 0

[PATCH RESEND v3 5/5] phy: renesas: rcar-gen3-usb2: Set timing registers only once

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> phy-rcar-gen3-usb2 driver exports 4 PHYs. The timing registers are common to all PHYs. There is no need to set them every time a PHY is initialized. Set timing register only when the 1st PHY is initialized. Fixes: f3b5a8d9b50d ("phy: rcar-gen3-usb2: Add R-Car Gen3 USB2 PHY driver") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v3: - collected tags Changes in v2: - collected tags drivers/phy/renesas/phy-rcar-gen3-usb2.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 118899efda70..9fdf17e0848a 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -467,8 +467,11 @@ static int rcar_gen3_phy_usb2_init(struct phy *p) val = readl(usb2_base + USB2_INT_ENABLE); val |= USB2_INT_ENABLE_UCOM_INTEN | rphy->int_enable_bits; writel(val, usb2_base + USB2_INT_ENABLE); - writel(USB2_SPD_RSM_TIMSET_INIT, usb2_base + USB2_SPD_RSM_TIMSET); - writel(USB2_OC_TIMSET_INIT, usb2_base + USB2_OC_TIMSET); + + if (!rcar_gen3_is_any_rphy_initialized(channel)) { + writel(USB2_SPD_RSM_TIMSET_INIT, usb2_base + USB2_SPD_RSM_TIMSET); + writel(USB2_OC_TIMSET_INIT, usb2_base + USB2_OC_TIMSET); + } /* Initialize otg part (only if we initialize a PHY with IRQs). */ if (rphy->int_enable_bits) -- 2.43.0

7 months

1
0
0 0

[PATCH RESEND v3 4/5] phy: renesas: rcar-gen3-usb2: Assert PLL reset on PHY power off

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> Assert PLL reset on PHY power off. This saves power. Fixes: f3b5a8d9b50d ("phy: rcar-gen3-usb2: Add R-Car Gen3 USB2 PHY driver") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v3: - collected tags Changes in v2: - collected tags - add an empty line after definition of val to get rid of the checkpatch.pl warning drivers/phy/renesas/phy-rcar-gen3-usb2.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 00ce564463de..118899efda70 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -537,9 +537,17 @@ static int rcar_gen3_phy_usb2_power_off(struct phy *p) struct rcar_gen3_chan *channel = rphy->ch; int ret = 0; - scoped_guard(spinlock_irqsave, &channel->lock) + scoped_guard(spinlock_irqsave, &channel->lock) { rphy->powered = false; + if (rcar_gen3_are_all_rphys_power_off(channel)) { + u32 val = readl(channel->base + USB2_USBCTR); + + val |= USB2_USBCTR_PLL_RST; + writel(val, channel->base + USB2_USBCTR); + } + } + if (channel->vbus) ret = regulator_disable(channel->vbus); -- 2.43.0

7 months

1
0
0 0

[PATCH RESEND v3 3/5] phy: renesas: rcar-gen3-usb2: Lock around hardware registers and driver data

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> The phy-rcar-gen3-usb2 driver exposes four individual PHYs that are requested and configured by PHY users. The struct phy_ops APIs access the same set of registers to configure all PHYs. Additionally, PHY settings can be modified through sysfs or an IRQ handler. While some struct phy_ops APIs are protected by a driver-wide mutex, others rely on individual PHY-specific mutexes. This approach can lead to various issues, including: 1/ the IRQ handler may interrupt PHY settings in progress, racing with hardware configuration protected by a mutex lock 2/ due to msleep(20) in rcar_gen3_init_otg(), while a configuration thread suspends to wait for the delay, another thread may try to configure another PHY (with phy_init() + phy_power_on()); re-running the phy_init() goes to the exact same configuration code, re-running the same hardware configuration on the same set of registers (and bits) which might impact the result of the msleep for the 1st configuring thread 3/ sysfs can configure the hardware (though role_store()) and it can still race with the phy_init()/phy_power_on() APIs calling into the drivers struct phy_ops To address these issues, add a spinlock to protect hardware register access and driver private data structures (e.g., calls to rcar_gen3_is_any_rphy_initialized()). Checking driver-specific data remains necessary as all PHY instances share common settings. With this change, the existing mutex protection is removed and the cleanup.h helpers are used. While at it, to keep the code simpler, do not skip regulator_enable()/regulator_disable() APIs in rcar_gen3_phy_usb2_power_on()/rcar_gen3_phy_usb2_power_off() as the regulators enable/disable operations are reference counted anyway. Fixes: f3b5a8d9b50d ("phy: rcar-gen3-usb2: Add R-Car Gen3 USB2 PHY driver") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v3: - collected tags Changes in v2: - collected tags drivers/phy/renesas/phy-rcar-gen3-usb2.c | 49 +++++++++++++----------- 1 file changed, 26 insertions(+), 23 deletions(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index bb05fd26eb7f..00ce564463de 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -9,6 +9,7 @@ * Copyright (C) 2014 Cogent Embedded, Inc. */ +#include <linux/cleanup.h> #include <linux/extcon-provider.h> #include <linux/interrupt.h> #include <linux/io.h> @@ -118,7 +119,7 @@ struct rcar_gen3_chan { struct regulator *vbus; struct reset_control *rstc; struct work_struct work; - struct mutex lock; /* protects rphys[...].powered */ + spinlock_t lock; /* protects access to hardware and driver data structure. */ enum usb_dr_mode dr_mode; u32 obint_enable_bits; bool extcon_host; @@ -348,6 +349,8 @@ static ssize_t role_store(struct device *dev, struct device_attribute *attr, bool is_b_device; enum phy_mode cur_mode, new_mode; + guard(spinlock_irqsave)(&ch->lock); + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; @@ -415,7 +418,7 @@ static void rcar_gen3_init_otg(struct rcar_gen3_chan *ch) val = readl(usb2_base + USB2_ADPCTRL); writel(val | USB2_ADPCTRL_IDPULLUP, usb2_base + USB2_ADPCTRL); } - msleep(20); + mdelay(20); writel(0xffffffff, usb2_base + USB2_OBINTSTA); writel(ch->obint_enable_bits, usb2_base + USB2_OBINTEN); @@ -436,12 +439,14 @@ static irqreturn_t rcar_gen3_phy_usb2_irq(int irq, void *_ch) if (pm_runtime_suspended(dev)) goto rpm_put; - status = readl(usb2_base + USB2_OBINTSTA); - if (status & ch->obint_enable_bits) { - dev_vdbg(dev, "%s: %08x\n", __func__, status); - writel(ch->obint_enable_bits, usb2_base + USB2_OBINTSTA); - rcar_gen3_device_recognition(ch); - ret = IRQ_HANDLED; + scoped_guard(spinlock, &ch->lock) { + status = readl(usb2_base + USB2_OBINTSTA); + if (status & ch->obint_enable_bits) { + dev_vdbg(dev, "%s: %08x\n", __func__, status); + writel(ch->obint_enable_bits, usb2_base + USB2_OBINTSTA); + rcar_gen3_device_recognition(ch); + ret = IRQ_HANDLED; + } } rpm_put: @@ -456,6 +461,8 @@ static int rcar_gen3_phy_usb2_init(struct phy *p) void __iomem *usb2_base = channel->base; u32 val; + guard(spinlock_irqsave)(&channel->lock); + /* Initialize USB2 part */ val = readl(usb2_base + USB2_INT_ENABLE); val |= USB2_INT_ENABLE_UCOM_INTEN | rphy->int_enable_bits; @@ -479,6 +486,8 @@ static int rcar_gen3_phy_usb2_exit(struct phy *p) void __iomem *usb2_base = channel->base; u32 val; + guard(spinlock_irqsave)(&channel->lock); + rphy->initialized = false; val = readl(usb2_base + USB2_INT_ENABLE); @@ -498,16 +507,17 @@ static int rcar_gen3_phy_usb2_power_on(struct phy *p) u32 val; int ret = 0; - mutex_lock(&channel->lock); - if (!rcar_gen3_are_all_rphys_power_off(channel)) - goto out; - if (channel->vbus) { ret = regulator_enable(channel->vbus); if (ret) - goto out; + return ret; } + guard(spinlock_irqsave)(&channel->lock); + + if (!rcar_gen3_are_all_rphys_power_off(channel)) + goto out; + val = readl(usb2_base + USB2_USBCTR); val |= USB2_USBCTR_PLL_RST; writel(val, usb2_base + USB2_USBCTR); @@ -517,7 +527,6 @@ static int rcar_gen3_phy_usb2_power_on(struct phy *p) out: /* The powered flag should be set for any other phys anyway */ rphy->powered = true; - mutex_unlock(&channel->lock); return 0; } @@ -528,18 +537,12 @@ static int rcar_gen3_phy_usb2_power_off(struct phy *p) struct rcar_gen3_chan *channel = rphy->ch; int ret = 0; - mutex_lock(&channel->lock); - rphy->powered = false; - - if (!rcar_gen3_are_all_rphys_power_off(channel)) - goto out; + scoped_guard(spinlock_irqsave, &channel->lock) + rphy->powered = false; if (channel->vbus) ret = regulator_disable(channel->vbus); -out: - mutex_unlock(&channel->lock); - return ret; } @@ -750,7 +753,7 @@ static int rcar_gen3_phy_usb2_probe(struct platform_device *pdev) if (phy_data->no_adp_ctrl) channel->obint_enable_bits = USB2_OBINT_IDCHG_EN; - mutex_init(&channel->lock); + spin_lock_init(&channel->lock); for (i = 0; i < NUM_OF_PHYS; i++) { channel->rphys[i].phy = devm_phy_create(dev, NULL, phy_data->phy_usb2_ops); -- 2.43.0

7 months

1
0
0 0

[PATCH RESEND v3 1/5] phy: renesas: rcar-gen3-usb2: Fix role detection on unbind/bind

by Claudiu

From: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> It has been observed on the Renesas RZ/G3S SoC that unbinding and binding the PHY driver leads to role autodetection failures. This issue occurs when PHY 3 is the first initialized PHY. PHY 3 does not have an interrupt associated with the USB2_INT_ENABLE register (as rcar_gen3_int_enable[3] = 0). As a result, rcar_gen3_init_otg() is called to initialize OTG without enabling PHY interrupts. To resolve this, add rcar_gen3_is_any_otg_rphy_initialized() and call it in role_store(), role_show(), and rcar_gen3_init_otg(). At the same time, rcar_gen3_init_otg() is only called when initialization for a PHY with interrupt bits is in progress. As a result, the struct rcar_gen3_phy::otg_initialized is no longer needed. Fixes: 549b6b55b005 ("phy: renesas: rcar-gen3-usb2: enable/disable independent irqs") Cc: stable(a)vger.kernel.org Reviewed-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh(a)renesas.com> Reviewed-by: Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> Signed-off-by: Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> --- Changes in v3: - collected tags Changes in v2: - collected tags drivers/phy/renesas/phy-rcar-gen3-usb2.c | 33 ++++++++++-------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/drivers/phy/renesas/phy-rcar-gen3-usb2.c b/drivers/phy/renesas/phy-rcar-gen3-usb2.c index 775f4f973a6c..46afba2fe0dc 100644 --- a/drivers/phy/renesas/phy-rcar-gen3-usb2.c +++ b/drivers/phy/renesas/phy-rcar-gen3-usb2.c @@ -107,7 +107,6 @@ struct rcar_gen3_phy { struct rcar_gen3_chan *ch; u32 int_enable_bits; bool initialized; - bool otg_initialized; bool powered; }; @@ -320,16 +319,15 @@ static bool rcar_gen3_is_any_rphy_initialized(struct rcar_gen3_chan *ch) return false; } -static bool rcar_gen3_needs_init_otg(struct rcar_gen3_chan *ch) +static bool rcar_gen3_is_any_otg_rphy_initialized(struct rcar_gen3_chan *ch) { - int i; - - for (i = 0; i < NUM_OF_PHYS; i++) { - if (ch->rphys[i].otg_initialized) - return false; + for (enum rcar_gen3_phy_index i = PHY_INDEX_BOTH_HC; i <= PHY_INDEX_EHCI; + i++) { + if (ch->rphys[i].initialized) + return true; } - return true; + return false; } static bool rcar_gen3_are_all_rphys_power_off(struct rcar_gen3_chan *ch) @@ -351,7 +349,7 @@ static ssize_t role_store(struct device *dev, struct device_attribute *attr, bool is_b_device; enum phy_mode cur_mode, new_mode; - if (!ch->is_otg_channel || !rcar_gen3_is_any_rphy_initialized(ch)) + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; if (sysfs_streq(buf, "host")) @@ -389,7 +387,7 @@ static ssize_t role_show(struct device *dev, struct device_attribute *attr, { struct rcar_gen3_chan *ch = dev_get_drvdata(dev); - if (!ch->is_otg_channel || !rcar_gen3_is_any_rphy_initialized(ch)) + if (!ch->is_otg_channel || !rcar_gen3_is_any_otg_rphy_initialized(ch)) return -EIO; return sprintf(buf, "%s\n", rcar_gen3_is_host(ch) ? "host" : @@ -402,6 +400,9 @@ static void rcar_gen3_init_otg(struct rcar_gen3_chan *ch) void __iomem *usb2_base = ch->base; u32 val; + if (!ch->is_otg_channel || rcar_gen3_is_any_otg_rphy_initialized(ch)) + return; + /* Should not use functions of read-modify-write a register */ val = readl(usb2_base + USB2_LINECTRL1); val = (val & ~USB2_LINECTRL1_DP_RPD) | USB2_LINECTRL1_DPRPD_EN | @@ -465,12 +466,9 @@ static int rcar_gen3_phy_usb2_init(struct phy *p) writel(USB2_SPD_RSM_TIMSET_INIT, usb2_base + USB2_SPD_RSM_TIMSET); writel(USB2_OC_TIMSET_INIT, usb2_base + USB2_OC_TIMSET); - /* Initialize otg part */ - if (channel->is_otg_channel) { - if (rcar_gen3_needs_init_otg(channel)) - rcar_gen3_init_otg(channel); - rphy->otg_initialized = true; - } + /* Initialize otg part (only if we initialize a PHY with IRQs). */ + if (rphy->int_enable_bits) + rcar_gen3_init_otg(channel); rphy->initialized = true; @@ -486,9 +484,6 @@ static int rcar_gen3_phy_usb2_exit(struct phy *p) rphy->initialized = false; - if (channel->is_otg_channel) - rphy->otg_initialized = false; - val = readl(usb2_base + USB2_INT_ENABLE); val &= ~rphy->int_enable_bits; if (!rcar_gen3_is_any_rphy_initialized(channel)) -- 2.43.0

7 months

1
0
0 0

[PATCH v2 1/2] tty: serial: 8250_omap: fix tx with dma

by Mans Rullgard

Commit 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") introduced an error in the TX DMA handling for 8250_omap. When the OMAP_DMA_TX_KICK flag is set, one byte is pulled from the kfifo and emitted directly in order to start the DMA. This is done without updating DMA tx_size which leads to uart_xmit_advance() called in the DMA complete callback advancing the kfifo by one too much. In practice, transmitting N bytes has been seen to result in the last N-1 bytes being sent repeatedly. This change fixes the problem by moving all of the dma setup after the OMAP_DMA_TX_KICK handling and using kfifo_len() instead of the dma size for the 4-byte cutoff check. This slightly changes the behaviour at buffer wraparound, but it still transmits the correct bytes somehow. At the point kfifo_dma_out_prepare_mapped is called, at least one byte is guaranteed to be in the fifo, so checking the return value is not necessary. Fixes: 1788cf6a91d9 ("tty: serial: switch from circ_buf to kfifo") Cc: stable(a)vger.kernel.org Signed-off-by: Mans Rullgard <mans(a)mansr.com> --- v2: split patch in two --- drivers/tty/serial/8250/8250_omap.c | 24 +++++++++--------------- 1 file changed, 9 insertions(+), 15 deletions(-) diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c index f1aee915bc02..180466e09605 100644 --- a/drivers/tty/serial/8250/8250_omap.c +++ b/drivers/tty/serial/8250/8250_omap.c @@ -1173,16 +1173,6 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) return 0; } - sg_init_table(&sg, 1); - ret = kfifo_dma_out_prepare_mapped(&tport->xmit_fifo, &sg, 1, - UART_XMIT_SIZE, dma->tx_addr); - if (ret != 1) { - serial8250_clear_THRI(p); - return 0; - } - - dma->tx_size = sg_dma_len(&sg); - if (priv->habit & OMAP_DMA_TX_KICK) { unsigned char c; u8 tx_lvl; @@ -1207,7 +1197,7 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) ret = -EBUSY; goto err; } - if (dma->tx_size < 4) { + if (kfifo_len(&tport->xmit_fifo) < 4) { ret = -EINVAL; goto err; } @@ -1216,11 +1206,12 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) goto err; } skip_byte = c; - /* now we need to recompute due to kfifo_get */ - kfifo_dma_out_prepare_mapped(&tport->xmit_fifo, &sg, 1, - UART_XMIT_SIZE, dma->tx_addr); } + sg_init_table(&sg, 1); + kfifo_dma_out_prepare_mapped(&tport->xmit_fifo, &sg, 1, + UART_XMIT_SIZE, dma->tx_addr); + desc = dmaengine_prep_slave_sg(dma->txchan, &sg, 1, DMA_MEM_TO_DEV, DMA_PREP_INTERRUPT | DMA_CTRL_ACK); if (!desc) { @@ -1228,6 +1219,7 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) goto err; } + dma->tx_size = sg_dma_len(&sg); dma->tx_running = 1; desc->callback = omap_8250_dma_tx_complete; @@ -1248,8 +1240,10 @@ static int omap_8250_tx_dma(struct uart_8250_port *p) err: dma->tx_err = 1; out_skip: - if (skip_byte >= 0) + if (skip_byte >= 0) { serial_out(p, UART_TX, skip_byte); + p->port.icount.tx++; + } return ret; } -- 2.49.0

7 months

3
4
0 0

[PATCH] udf: Make sure i_lenExtents is uptodate on inode eviction

by Jan Kara

UDF maintains total length of all extents in i_lenExtents. Generally we keep extent lengths (and thus i_lenExtents) block aligned because it makes the file appending logic simpler. However the standard mandates that the inode size must match the length of all extents and thus we trim the last extent when closing the file. To catch possible bugs we also verify that i_lenExtents matches i_size when evicting inode from memory. Commit b405c1e58b73 ("udf: refactor udf_next_aext() to handle error") however broke the code updating i_lenExtents and thus udf_evict_inode() ended up spewing lots of errors about incorrectly sized extents although the extents were actually sized properly. Fix the updating of i_lenExtents to silence the errors. Fixes: b405c1e58b73 ("udf: refactor udf_next_aext() to handle error") CC: stable(a)vger.kernel.org Signed-off-by: Jan Kara <jack(a)suse.cz> --- fs/udf/truncate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) I plan to merge this fix to my tree. diff --git a/fs/udf/truncate.c b/fs/udf/truncate.c index 4f33a4a48886..b4071c9cf8c9 100644 --- a/fs/udf/truncate.c +++ b/fs/udf/truncate.c @@ -115,7 +115,7 @@ void udf_truncate_tail_extent(struct inode *inode) } /* This inode entry is in-memory only and thus we don't have to mark * the inode dirty */ - if (ret == 0) + if (ret >= 0) iinfo->i_lenExtents = inode->i_size; brelse(epos.bh); } -- 2.43.0

7 months

1
0
0 0

[PATCH v3] mm: mmap: map MAP_STACK to VM_NOHUGEPAGE only if THP is enabled

by Ignacio Moreno Gonzalez via B4 Relay

From: Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com> commit c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") maps the mmap option MAP_STACK to VM_NOHUGEPAGE. This is also done if CONFIG_TRANSPARENT_HUGETABLES is not defined. But in that case, the VM_NOHUGEPAGE does not make sense. Fixes: c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") Cc: stable(a)vger.kernel.org Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Reviewed-by: Yang Shi <yang(a)os.amperecomputing.com> Reviewed-by: Liam R. Howlett <Liam.Howlett(a)oracle.com> Signed-off-by: Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com> --- I discovered this issue when trying to use the tool CRIU to checkpoint and restore a container. Our running kernel is compiled without CONFIG_TRANSPARENT_HUGETABLES. CRIU parses the output of /proc/<pid>/smaps and saves the "nh" flag. When trying to restore the container, CRIU fails to restore the "nh" mappings, since madvise() MADV_NOHUGEPAGE always returns an error because CONFIG_TRANSPARENT_HUGETABLES is not defined. The mapping MAP_STACK -> VM_NOHUGEPAGE was introduced by commit c4608d1bf7c6 ("mm: mmap: map MAP_STACK to VM_NOHUGEPAGE") in order to fix a regression introduced by commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries"). The change introducing the regression (efa7df3e3bb5) was limited to THP kernels, but its fix (c4608d1bf7c6) is applied without checking if THP is set. The mapping MAP_STACK -> VM_NOHUGEPAGE should only be applied if THP is enabled. --- Changes in v3: - Exclude non-stable patch (for huge_mm.h) from this series to avoid mixing stable and non-stable patches, as suggested by Andrew. - Extend description in cover letter. - Link to v2: https://lore.kernel.org/r/20250506-map-map_stack-to-vm_nohugepage-only-if-t… Changes in v2: - [Patch 1/2] Use '#ifdef' instead of '#if defined(...)' - [Patch 1/2] Add 'Fixes: c4608d1bf7c6...' - Create [Patch 2/2] - Link to v1: https://lore.kernel.org/r/20250502-map-map_stack-to-vm_nohugepage-only-if-t… --- include/linux/mman.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/linux/mman.h b/include/linux/mman.h index bce214fece16b9af3791a2baaecd6063d0481938..f4c6346a8fcd29b08d43f7cd9158c3eddc3383e1 100644 --- a/include/linux/mman.h +++ b/include/linux/mman.h @@ -155,7 +155,9 @@ calc_vm_flag_bits(struct file *file, unsigned long flags) return _calc_vm_trans(flags, MAP_GROWSDOWN, VM_GROWSDOWN ) | _calc_vm_trans(flags, MAP_LOCKED, VM_LOCKED ) | _calc_vm_trans(flags, MAP_SYNC, VM_SYNC ) | +#ifdef CONFIG_TRANSPARENT_HUGEPAGE _calc_vm_trans(flags, MAP_STACK, VM_NOHUGEPAGE) | +#endif arch_calc_vm_flag_bits(file, flags); } --- base-commit: fc96b232f8e7c0a6c282f47726b2ff6a5fb341d2 change-id: 20250428-map-map_stack-to-vm_nohugepage-only-if-thp-is-enabled-ce40a1de095d Best regards, -- Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com>

7 months

2
1
0 0

[PATCH] bus: firewall: Fix missing static inline annotations for stubs

by Krzysztof Kozlowski

Stubs in the header file for !CONFIG_STM32_FIREWALL case should be both static and inline, because they do not come with earlier declaration and should be inlined in every unit including the header. Cc: Patrice Chotard <patrice.chotard(a)foss.st.com> Cc: <stable(a)vger.kernel.org> Fixes: 5c9668cfc6d7 ("firewall: introduce stm32_firewall framework") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> --- include/linux/bus/stm32_firewall_device.h | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/include/linux/bus/stm32_firewall_device.h b/include/linux/bus/stm32_firewall_device.h index 5178b72bc920..eaa7a3f54450 100644 --- a/include/linux/bus/stm32_firewall_device.h +++ b/include/linux/bus/stm32_firewall_device.h @@ -114,27 +114,30 @@ void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 su #else /* CONFIG_STM32_FIREWALL */ -int stm32_firewall_get_firewall(struct device_node *np, struct stm32_firewall *firewall, - unsigned int nb_firewall) +static inline int stm32_firewall_get_firewall(struct device_node *np, + struct stm32_firewall *firewall, + unsigned int nb_firewall) { return -ENODEV; } -int stm32_firewall_grant_access(struct stm32_firewall *firewall) +static inline int stm32_firewall_grant_access(struct stm32_firewall *firewall) { return -ENODEV; } -void stm32_firewall_release_access(struct stm32_firewall *firewall) +static inline void stm32_firewall_release_access(struct stm32_firewall *firewall) { } -int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id) +static inline int stm32_firewall_grant_access_by_id(struct stm32_firewall *firewall, + u32 subsystem_id) { return -ENODEV; } -void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, u32 subsystem_id) +static inline void stm32_firewall_release_access_by_id(struct stm32_firewall *firewall, + u32 subsystem_id) { } -- 2.45.2

7 months

2
2
0 0

[PATCH 1/2] phy: tegra: xusb: Decouple CYA_TRK_CODE_UPDATE_ON_IDLE from trk_hw_mode

by Wayne Chang

The logic that drives the pad calibration values resides in the controller reset domain and so the calibration values are only being captured when the controller is out of reset. However, by clearing the CYA_TRK_CODE_UPDATE_ON_IDLE bit, the calibration values can be set while the controller is in reset. The CYA_TRK_CODE_UPDATE_ON_IDLE bit was previously cleared based on the trk_hw_mode flag, but this dependency is not necessary. Instead, introduce a new flag, trk_update_on_idle, to independently control this bit. Fixes: d8163a32ca95 ("phy: tegra: xusb: Add Tegra234 support") Cc: stable(a)vger.kernel.org Signed-off-by: Wayne Chang <waynec(a)nvidia.com> --- drivers/phy/tegra/xusb-tegra186.c | 14 ++++++++------ drivers/phy/tegra/xusb.h | 1 + 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/drivers/phy/tegra/xusb-tegra186.c b/drivers/phy/tegra/xusb-tegra186.c index fae6242aa730..dd0aaf305e90 100644 --- a/drivers/phy/tegra/xusb-tegra186.c +++ b/drivers/phy/tegra/xusb-tegra186.c @@ -650,14 +650,15 @@ static void tegra186_utmi_bias_pad_power_on(struct tegra_xusb_padctl *padctl) udelay(100); } - if (padctl->soc->trk_hw_mode) { - value = padctl_readl(padctl, XUSB_PADCTL_USB2_BIAS_PAD_CTL2); - value |= USB2_TRK_HW_MODE; + value = padctl_readl(padctl, XUSB_PADCTL_USB2_BIAS_PAD_CTL2); + if (padctl->soc->trk_update_on_idle) value &= ~CYA_TRK_CODE_UPDATE_ON_IDLE; - padctl_writel(padctl, value, XUSB_PADCTL_USB2_BIAS_PAD_CTL2); - } else { + if (padctl->soc->trk_hw_mode) + value |= USB2_TRK_HW_MODE; + padctl_writel(padctl, value, XUSB_PADCTL_USB2_BIAS_PAD_CTL2); + + if (!padctl->soc->trk_hw_mode) clk_disable_unprepare(priv->usb2_trk_clk); - } mutex_unlock(&padctl->lock); } @@ -1703,6 +1704,7 @@ const struct tegra_xusb_padctl_soc tegra234_xusb_padctl_soc = { .supports_gen2 = true, .poll_trk_completed = true, .trk_hw_mode = true, + .trk_update_on_idle = true, .supports_lp_cfg_en = true, }; EXPORT_SYMBOL_GPL(tegra234_xusb_padctl_soc); diff --git a/drivers/phy/tegra/xusb.h b/drivers/phy/tegra/xusb.h index 6e45d194c689..d2b5f9565132 100644 --- a/drivers/phy/tegra/xusb.h +++ b/drivers/phy/tegra/xusb.h @@ -434,6 +434,7 @@ struct tegra_xusb_padctl_soc { bool need_fake_usb3_port; bool poll_trk_completed; bool trk_hw_mode; + bool trk_update_on_idle; bool supports_lp_cfg_en; }; -- 2.25.1

7 months

2
1
0 0

[PATCH] parisc stable patch for kernel v6.13

by Helge Deller

Hi Greg, below is a backport for upstream patch fd87b7783802 ("net: Fix the devmem sock opts and msgs for parisc"). This upstream patch does not apply cleanly against v6.13, and backporting all intermediate changes are too big, so I created this trivial standalone patch instead. Can you please add the patch below to the stable queue for v6.13? Thanks! Helge --- From: Pranjal Shrivastava <praan(a)google.com> Date: Mon, 24 Mar 2025 07:42:27 +0000 Subject: [PATCH] net: Fix the devmem sock opts and msgs for parisc The devmem socket options and socket control message definitions introduced in the TCP devmem series[1] incorrectly continued the socket definitions for arch/parisc. The UAPI change seems safe as there are currently no drivers that declare support for devmem TCP RX via PP_FLAG_ALLOW_UNREADABLE_NETMEM. Hence, fixing this UAPI should be safe. Fix the devmem socket options and socket control message definitions to reflect the series followed by arch/parisc. [1] https://lore.kernel.org/lkml/20240910171458.219195-10-almasrymina@google.co… Patch modified for kernel 6.13 by Helge Deller. Fixes: 8f0b3cc9a4c10 ("tcp: RX path for devmem TCP") Signed-off-by: Pranjal Shrivastava <praan(a)google.com> Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git b/arch/parisc/include/uapi/asm/socket.h a/arch/parisc/include/uapi/asm/socket.h index d268d69bfcd2..96831c988606 100644 --- b/arch/parisc/include/uapi/asm/socket.h +++ a/arch/parisc/include/uapi/asm/socket.h @@ -132,13 +132,15 @@ #define SO_PASSPIDFD 0x404A #define SO_PEERPIDFD 0x404B -#define SO_DEVMEM_LINEAR 78 +#define SCM_TS_OPT_ID 0x404C + +#define SO_RCVPRIORITY 0x404D + +#define SO_DEVMEM_LINEAR 0x404E #define SCM_DEVMEM_LINEAR SO_DEVMEM_LINEAR -#define SO_DEVMEM_DMABUF 79 +#define SO_DEVMEM_DMABUF 0x404F #define SCM_DEVMEM_DMABUF SO_DEVMEM_DMABUF -#define SO_DEVMEM_DONTNEED 80 - -#define SCM_TS_OPT_ID 0x404C +#define SO_DEVMEM_DONTNEED 0x4050 #if !defined(__KERNEL__)

7 months

2
1
0 0

[PATCH v13 0/4] Add STM32MP25 SPI NOR support

by Patrice Chotard

This series adds SPI NOR support for STM32MP25 SoCs from STMicroelectronics. On STM32MP25 SoCs family, an Octo Memory Manager block manages the muxing, the memory area split, the chip select override and the time constraint between its 2 Octo SPI children. Due to these depedencies, this series adds support for: - Octo Memory Manager driver. - Octo SPI driver. - yaml schema for Octo Memory Manager and Octo SPI drivers. The device tree files adds Octo Memory Manager and its 2 associated Octo SPI chidren in stm32mp251.dtsi and adds SPI NOR support in stm32mp257f-ev1 board. Signed-off-by: Patrice Chotard <patrice.chotard(a)foss.st.com> Changes in v13: - Make firewall prototypes always exposed. - Restore STM32_OMM Kconfig dependency from v11. - Link to v12: https://lore.kernel.org/r/20250506-upstream_ospi_v6-v12-0-e3bb5a0d78fb@foss… Changes in v12: - Update Kconfig dependencies. - Link to v11: https://lore.kernel.org/r/20250428-upstream_ospi_v6-v11-0-1548736fd9d2@foss… Changes in v11: - Add stm32_omm_toggle_child_clock(dev, false) in stm32_omm_disable_child() in case of error. - Check MUXEN bit in stm32_omm_probe() to check if child clock must be disabled. - Add dev_err_probe() in stm32_omm_probe(). - Link to v10: https://lore.kernel.org/r/20250422-upstream_ospi_v6-v10-0-6f4942a04e10@foss… Changes in v10: - Add of_node_put() in stm32_omm_set_amcr(). - Link to v9: https://lore.kernel.org/r/20250410-upstream_ospi_v6-v9-0-cf119508848a@foss.… Changes in v9: - split patchset by susbsystem, current one include only OMM related patches. - Update SPDX Identifiers to "GPL-2.0-only". - Add of_node_put)() instm32_omm_set_amcr(). - Rework error path in stm32_omm_toggle_child_clock(). - Make usage of reset_control_acquire/release() in stm32_omm_disable_child() and move reset_control_get in probe(). - Rename error label in stm32_omm_configure(). - Remove child compatible check in stm32_omm_probe(). - Make usage of devm_of_platform_populate(). - Link to v8: https://lore.kernel.org/r/20250407-upstream_ospi_v6-v8-0-7b7716c1c1f6@foss.… Changes in v8: - update OMM's dt-bindings: - Remove minItems for clocks and resets properties. - Fix st,syscfg-amcr items declaration. - move power-domains property before vendor specific properties. - Update compatible check wrongly introduced during internal tests in stm32_omm.c. - Move ommanager's node outside bus@42080000's node in stm32mp251.dtsi. - Link to v7: https://lore.kernel.org/r/20250401-upstream_ospi_v6-v7-0-0ef28513ed81@foss.… Changes in v7: - update OMM's dt-bindings by updating : - clock-names and reset-names properties. - spi unit-address node. - example. - update stm32mp251.dtsi to match with OMM's bindings update. - update stm32mp257f-ev1.dts to match with OMM's bindings update. - Link to v6: https://lore.kernel.org/r/20250321-upstream_ospi_v6-v6-0-37bbcab43439@foss.… Changes in v6: - Update MAINTAINERS file. - Remove previous patch 1/8 and 2/8, merged by Mark Brown in spi git tree. - Fix Signed-off-by order for patch 3. - OMM driver: - Add dev_err_probe() in error path. - Rename stm32_omm_enable_child_clock() to stm32_omm_toggle_child_clock(). - Reorder initialised/non-initialized variable in stm32_omm_configure() and stm32_omm_probe(). - Move pm_runtime_disable() calls from stm32_omm_configure() to stm32_omm_probe(). - Update children's clocks and reset management. - Use of_platform_populate() to probe children. - Add missing pm_runtime_disable(). - Remove useless stm32_omm_check_access's first parameter. - Update OMM's dt-bindings by adding OSPI's clocks and resets. - Update stm32mp251.dtsi by adding OSPI's clock and reset in OMM's node. Changes in v5: - Add Reviewed-by Krzysztof Kozlowski for patch 1 and 3. Changes in v4: - Add default value requested by Krzysztof for st,omm-req2ack-ns, st,omm-cssel-ovr and st,omm-mux properties in st,stm32mp25-omm.yaml - Remove constraint in free form test for st,omm-mux property. - Fix drivers/memory/Kconfig by replacing TEST_COMPILE_ by COMPILE_TEST. - Fix SPDX-License-Identifier for stm32-omm.c. - Fix Kernel test robot by fixing dev_err() format in stm32-omm.c. - Add missing pm_runtime_disable() in the error handling path in stm32-omm.c. - Replace an int by an unsigned int in stm32-omm.c - Remove uneeded "," after terminator in stm32-omm.c. - Update cover letter description to explain dependecies between Octo Memory Manager and its 2 Octo SPI children. Changes in v3: - Squash defconfig patches 8 and 9. - Update STM32 Octo Memory Manager controller bindings. - Rename st,stm32-omm.yaml to st,stm32mp25-omm.yaml. - Update STM32 OSPI controller bindings. - Reorder DT properties in .dtsi and .dts files. - Replace devm_reset_control_get_optional() by devm_reset_control_get_optional_exclusive() in stm32_omm.c. - Reintroduce region-memory-names management in stm32_omm.c. - Rename stm32_ospi_tx_poll() and stm32_ospi_tx() to respectively to stm32_ospi_poll() and stm32_ospi_xfer() in spi-stm32-ospi.c. - Set SPI_CONTROLLER_HALF_DUPLEX in controller flags in spi-stm32-ospi.c. Changes in v2: - Move STM32 Octo Memory Manager controller driver and bindings from misc to memory-controllers. - Update STM32 OSPI controller bindings. - Update STM32 Octo Memory Manager controller bindings. - Update STM32 Octo Memory Manager driver to match bindings update. - Update DT to match bindings update. Signed-off-by: Patrice Chotard <patrice.chotard(a)foss.st.com> --- Patrice Chotard (4): firewall: Always expose firewall prototype dt-bindings: memory-controllers: Add STM32 Octo Memory Manager controller memory: Add STM32 Octo Memory Manager driver MAINTAINERS: add entry for STM32 OCTO MEMORY MANAGER driver .../memory-controllers/st,stm32mp25-omm.yaml | 226 ++++++++++ MAINTAINERS | 6 + drivers/memory/Kconfig | 17 + drivers/memory/Makefile | 1 + drivers/memory/stm32_omm.c | 476 +++++++++++++++++++++ include/linux/bus/stm32_firewall_device.h | 10 +- 6 files changed, 735 insertions(+), 1 deletion(-) --- base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 change-id: 20250320-upstream_ospi_v6-d432a8172105 Best regards, -- Patrice Chotard <patrice.chotard(a)foss.st.com>

7 months

3
5
0 0

[PATCH v1 0/7] ublk: Backport to 6.14-stable: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd

by Jared Holzman

This patchset backports a series of ublk fixes from upstream to 6.14-stable. Patch 7 fixes the race that can cause kernel panic when ublk server daemon is exiting. It depends on patches 1-6 which simplifies & improves IO canceling when ublk server daemon is exiting as described here: https://lore.kernel.org/linux-block/20250416035444.99569-1-ming.lei@redhat.… Ming Lei (5): ublk: add helper of ublk_need_map_io() ublk: move device reset into ublk_ch_release() ublk: remove __ublk_quiesce_dev() ublk: simplify aborting ublk request ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd Uday Shankar (2): ublk: properly serialize all FETCH_REQs ublk: improve detection and handling of ublk server exit drivers/block/ublk_drv.c | 550 +++++++++++++++++++++------------------ 1 file changed, 291 insertions(+), 259 deletions(-) -- 2.43.0

7 months

3
10
0 0

[PATCH] KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort()

by Sebastian Ott

Commit fce886a60207 ("KVM: arm64: Plumb the pKVM MMU in KVM") made the initialization of the local memcache variable in user_mem_abort() conditional, leaving a codepath where it is used uninitialized via kvm_pgtable_stage2_map(). This can fail on any path that requires a stage-2 allocation without transition via a permission fault or dirty logging. Fix this by making sure that memcache is always valid. Fixes: fce886a60207 ("KVM: arm64: Plumb the pKVM MMU in KVM") Signed-off-by: Sebastian Ott <sebott(a)redhat.com> Reviewed-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/kvmarm/3f5db4c7-ccce-fb95-595c-692fa7aad227@redhat.… --- arch/arm64/kvm/mmu.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/arch/arm64/kvm/mmu.c b/arch/arm64/kvm/mmu.c index 754f2fe0cc67..eeda92330ade 100644 --- a/arch/arm64/kvm/mmu.c +++ b/arch/arm64/kvm/mmu.c @@ -1501,6 +1501,11 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, return -EFAULT; } + if (!is_protected_kvm_enabled()) + memcache = &vcpu->arch.mmu_page_cache; + else + memcache = &vcpu->arch.pkvm_memcache; + /* * Permission faults just need to update the existing leaf entry, * and so normally don't require allocations from the memcache. The @@ -1510,13 +1515,11 @@ static int user_mem_abort(struct kvm_vcpu *vcpu, phys_addr_t fault_ipa, if (!fault_is_perm || (logging_active && write_fault)) { int min_pages = kvm_mmu_cache_min_pages(vcpu->arch.hw_mmu); - if (!is_protected_kvm_enabled()) { - memcache = &vcpu->arch.mmu_page_cache; + if (!is_protected_kvm_enabled()) ret = kvm_mmu_topup_memory_cache(memcache, min_pages); - } else { - memcache = &vcpu->arch.pkvm_memcache; + else ret = topup_hyp_memcache(memcache, min_pages); - } + if (ret) return ret; } base-commit: 92a09c47464d040866cf2b4cd052bc60555185fb -- 2.49.0

7 months

3
2
0 0

Re: [PATCH v4 00/24] Add support for HEVC and VP9 codecs in decoder

by Dikshita Agarwal

Hi All, Pls ignore this, b4 messed up. Will post a proper series soon. Thanks, Dikshita On 5/7/2025 12:10 PM, Dikshita Agarwal wrote: > Hi All, > > This patch series adds initial support for the HEVC(H.265) and VP9 > codecs in iris decoder. The objective of this work is to extend the > decoder's capabilities to handle HEVC and VP9 codec streams, > including necessary format handling and buffer management. > In addition, the series also includes a set of fixes to address issues > identified during testing of these additional codecs. > > These patches also address the comments and feedback received from the > RFC patches previously sent. I have made the necessary improvements > based on the community's suggestions. > > Changes in v4: > - Splitted patch patch 06/23 in two patches (Bryan) > - Simplified the conditional logic in patch 13/23 (Bryan) > - Fix the value of H265_NUM_TILE_ROW macro (Neil) > - Link to v3: https://lore.kernel.org/r/20250502-qcom-iris-hevc-vp9-v3-0-552158a10a7d@qui… > > Changes in v3: > - Introduced two wrappers with explicit names to handle destroy internal > buffers (Nicolas) > - Used sub state check instead of introducing new boolean (Vikash) > - Addressed other comments (Vikash) > - Reorderd patches to have all fixes patches first (Dmitry) > - Link to v2: > https://lore.kernel.org/r/20250428-qcom-iris-hevc-vp9-v2-0-3a6013ecb8a5@qui… > > Changes in v2: > - Added Changes to make sure all buffers are released in session close > (bryna) > - Added tracking for flush responses to fix a timing issue. > - Added a handling to fix timing issue in reconfig > - Splitted patch 06/20 in two patches (Bryan) > - Added missing fixes tag (bryan) > - Updated fluster report (Nicolas) > - Link to v1: > https://lore.kernel.org/r/20250408-iris-dec-hevc-vp9-v1-0-acd258778bd6@quic… > > Changes sinces RFC: > - Added additional fixes to address issues identified during further > testing. > - Moved typo fix to a seperate patch [Neil] > - Reordered the patches for better logical flow and clarity [Neil, > Dmitry] > - Added fixes tag wherever applicable [Neil, Dmitry] > - Removed the default case in the switch statement for codecs [Bryan] > - Replaced if-else statements with switch-case [Bryan] > - Added comments for mbpf [Bryan] > - RFC: > https://lore.kernel.org/linux-media/20250305104335.3629945-1-quic_dikshita@… > > This patch series depends on [1] & [2] > [1] > https://lore.kernel.org/linux-media/20250417-topic-sm8x50-iris-v10-v7-0-f02… > [2] > https://lore.kernel.org/linux-media/20250424-qcs8300_iris-v5-0-f118f505c300… > > These patches are tested on SM8250 and SM8550 with v4l2-ctl and > Gstreamer for HEVC and VP9 decoders, at the same time ensured that > the existing H264 decoder functionality remains uneffected. > > Note: 1 of the fluster compliance test is fixed with firmware [3] > [3]: > https://lore.kernel.org/linux-firmware/1a511921-446d-cdc4-0203-084c88a5dc1e… > > The result of fluster test on SM8550: > 131/147 testcases passed while testing JCT-VC-HEVC_V1 with > GStreamer-H.265-V4L2-Gst1.0. > The failing test case: > - 10 testcases failed due to unsupported 10 bit format. > - DBLK_A_MAIN10_VIXS_4 > - INITQP_B_Main10_Sony_1 > - TSUNEQBD_A_MAIN10_Technicolor_2 > - WP_A_MAIN10_Toshiba_3 > - WP_MAIN10_B_Toshiba_3 > - WPP_A_ericsson_MAIN10_2 > - WPP_B_ericsson_MAIN10_2 > - WPP_C_ericsson_MAIN10_2 > - WPP_E_ericsson_MAIN10_2 > - WPP_F_ericsson_MAIN10_2 > - 4 testcase failed due to unsupported resolution > - PICSIZE_A_Bossen_1 > - PICSIZE_B_Bossen_1 > - WPP_D_ericsson_MAIN10_2 > - WPP_D_ericsson_MAIN_2 > - 2 testcase failed due to CRC mismatch > - RAP_A_docomo_6 > - RAP_B_Bossen_2 > - BUG reported: > https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4392 > Analysis - First few frames in this discarded by firmware and are > sent to driver with 0 filled length. Driver send such buffers to > client with timestamp 0 and payload set to 0 and > make buf state to VB2_BUF_STATE_ERROR. Such buffers should be > dropped by GST. But instead, the first frame displayed as green > frame and when a valid buffer is sent to client later with same 0 > timestamp, its dropped, leading to CRC mismatch for first frame. > > 235/305 testcases passed while testing VP9-TEST-VECTORS with > GStreamer-VP9-V4L2-Gst1.0. > The failing test case: > - 64 testcases failed due to unsupported resolution > - vp90-2-02-size-08x08.webm > - vp90-2-02-size-08x10.webm > - vp90-2-02-size-08x16.webm > - vp90-2-02-size-08x18.webm > - vp90-2-02-size-08x32.webm > - vp90-2-02-size-08x34.webm > - vp90-2-02-size-08x64.webm > - vp90-2-02-size-08x66.webm > - vp90-2-02-size-10x08.webm > - vp90-2-02-size-10x10.webm > - vp90-2-02-size-10x16.webm > - vp90-2-02-size-10x18.webm > - vp90-2-02-size-10x32.webm > - vp90-2-02-size-10x34.webm > - vp90-2-02-size-10x64.webm > - vp90-2-02-size-10x66.webm > - vp90-2-02-size-16x08.webm > - vp90-2-02-size-16x10.webm > - vp90-2-02-size-16x16.webm > - vp90-2-02-size-16x18.webm > - vp90-2-02-size-16x32.webm > - vp90-2-02-size-16x34.webm > - vp90-2-02-size-16x64.webm > - vp90-2-02-size-16x66.webm > - vp90-2-02-size-18x08.webm > - vp90-2-02-size-18x10.webm > - vp90-2-02-size-18x16.webm > - vp90-2-02-size-18x18.webm > - vp90-2-02-size-18x32.webm > - vp90-2-02-size-18x34.webm > - vp90-2-02-size-18x64.webm > - vp90-2-02-size-18x66.webm > - vp90-2-02-size-32x08.webm > - vp90-2-02-size-32x10.webm > - vp90-2-02-size-32x16.webm > - vp90-2-02-size-32x18.webm > - vp90-2-02-size-32x32.webm > - vp90-2-02-size-32x34.webm > - vp90-2-02-size-32x64.webm > - vp90-2-02-size-32x66.webm > - vp90-2-02-size-34x08.webm > - vp90-2-02-size-34x10.webm > - vp90-2-02-size-34x16.webm > - vp90-2-02-size-34x18.webm > - vp90-2-02-size-34x32.webm > - vp90-2-02-size-34x34.webm > - vp90-2-02-size-34x64.webm > - vp90-2-02-size-34x66.webm > - vp90-2-02-size-64x08.webm > - vp90-2-02-size-64x10.webm > - vp90-2-02-size-64x16.webm > - vp90-2-02-size-64x18.webm > - vp90-2-02-size-64x32.webm > - vp90-2-02-size-64x34.webm > - vp90-2-02-size-64x64.webm > - vp90-2-02-size-64x66.webm > - vp90-2-02-size-66x08.webm > - vp90-2-02-size-66x10.webm > - vp90-2-02-size-66x16.webm > - vp90-2-02-size-66x18.webm > - vp90-2-02-size-66x32.webm > - vp90-2-02-size-66x34.webm > - vp90-2-02-size-66x64.webm > - vp90-2-02-size-66x66.webm > - 2 testcases failed due to unsupported format > - vp91-2-04-yuv422.webm > - vp91-2-04-yuv444.webm > - 1 testcase failed with CRC mismatch > - vp90-2-22-svc_1280x720_3.ivf > - Bug reported: > https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4371 > - 2 testcase failed due to unsupported resolution after sequence change > - vp90-2-21-resize_inter_320x180_5_1-2.webm > - vp90-2-21-resize_inter_320x180_7_1-2.webm > - 1 testcase failed due to unsupported stream > - vp90-2-16-intra-only.webm > > The result of fluster test on SM8250: > 133/147 testcases passed while testing JCT-VC-HEVC_V1 with > GStreamer-H.265-V4L2-Gst1.0. > The failing test case: > - 10 testcases failed due to unsupported 10 bit format. > - DBLK_A_MAIN10_VIXS_4 > - INITQP_B_Main10_Sony_1 > - TSUNEQBD_A_MAIN10_Technicolor_2 > - WP_A_MAIN10_Toshiba_3 > - WP_MAIN10_B_Toshiba_3 > - WPP_A_ericsson_MAIN10_2 > - WPP_B_ericsson_MAIN10_2 > - WPP_C_ericsson_MAIN10_2 > - WPP_E_ericsson_MAIN10_2 > - WPP_F_ericsson_MAIN10_2 > - 4 testcase failed due to unsupported resolution > - PICSIZE_A_Bossen_1 > - PICSIZE_B_Bossen_1 > - WPP_D_ericsson_MAIN10_2 > - WPP_D_ericsson_MAIN_2 > > 232/305 testcases passed while testing VP9-TEST-VECTORS with > GStreamer-VP9-V4L2-Gst1.0. > The failing test case: > - 64 testcases failed due to unsupported resolution > - vp90-2-02-size-08x08.webm > - vp90-2-02-size-08x10.webm > - vp90-2-02-size-08x16.webm > - vp90-2-02-size-08x18.webm > - vp90-2-02-size-08x32.webm > - vp90-2-02-size-08x34.webm > - vp90-2-02-size-08x64.webm > - vp90-2-02-size-08x66.webm > - vp90-2-02-size-10x08.webm > - vp90-2-02-size-10x10.webm > - vp90-2-02-size-10x16.webm > - vp90-2-02-size-10x18.webm > - vp90-2-02-size-10x32.webm > - vp90-2-02-size-10x34.webm > - vp90-2-02-size-10x64.webm > - vp90-2-02-size-10x66.webm > - vp90-2-02-size-16x08.webm > - vp90-2-02-size-16x10.webm > - vp90-2-02-size-16x16.webm > - vp90-2-02-size-16x18.webm > - vp90-2-02-size-16x32.webm > - vp90-2-02-size-16x34.webm > - vp90-2-02-size-16x64.webm > - vp90-2-02-size-16x66.webm > - vp90-2-02-size-18x08.webm > - vp90-2-02-size-18x10.webm > - vp90-2-02-size-18x16.webm > - vp90-2-02-size-18x18.webm > - vp90-2-02-size-18x32.webm > - vp90-2-02-size-18x34.webm > - vp90-2-02-size-18x64.webm > - vp90-2-02-size-18x66.webm > - vp90-2-02-size-32x08.webm > - vp90-2-02-size-32x10.webm > - vp90-2-02-size-32x16.webm > - vp90-2-02-size-32x18.webm > - vp90-2-02-size-32x32.webm > - vp90-2-02-size-32x34.webm > - vp90-2-02-size-32x64.webm > - vp90-2-02-size-32x66.webm > - vp90-2-02-size-34x08.webm > - vp90-2-02-size-34x10.webm > - vp90-2-02-size-34x16.webm > - vp90-2-02-size-34x18.webm > - vp90-2-02-size-34x32.webm > - vp90-2-02-size-34x34.webm > - vp90-2-02-size-34x64.webm > - vp90-2-02-size-34x66.webm > - vp90-2-02-size-64x08.webm > - vp90-2-02-size-64x10.webm > - vp90-2-02-size-64x16.webm > - vp90-2-02-size-64x18.webm > - vp90-2-02-size-64x32.webm > - vp90-2-02-size-64x34.webm > - vp90-2-02-size-64x64.webm > - vp90-2-02-size-64x66.webm > - vp90-2-02-size-66x08.webm > - vp90-2-02-size-66x10.webm > - vp90-2-02-size-66x16.webm > - vp90-2-02-size-66x18.webm > - vp90-2-02-size-66x32.webm > - vp90-2-02-size-66x34.webm > - vp90-2-02-size-66x64.webm > - vp90-2-02-size-66x66.webm > - 2 testcases failed due to unsupported format > - vp91-2-04-yuv422.webm > - vp91-2-04-yuv444.webm > - 1 testcase failed with CRC mismatch > - vp90-2-22-svc_1280x720_3.ivf > - Bug raised: > https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4371 > - 5 testcase failed due to unsupported resolution after sequence change > - vp90-2-21-resize_inter_320x180_5_1-2.webm > - vp90-2-21-resize_inter_320x180_7_1-2.webm > - vp90-2-21-resize_inter_320x240_5_1-2.webm > - vp90-2-21-resize_inter_320x240_7_1-2.webm > - vp90-2-18-resize.ivf > - 1 testcase failed with CRC mismatch > - vp90-2-16-intra-only.webm > Analysis: First few frames are marked by firmware as NO_SHOW frame. > Driver make buf state to VB2_BUF_STATE_ERROR for such frames. > Such buffers should be dropped by GST. But instead, the first frame > is being displayed and when a valid buffer is sent to client later > with same timestamp, its dropped, leading to CRC mismatch for first > frame. > > Signed-off-by: Dikshita Agarwal <dikshita(a)qti.qualcomm.com> > --- > Dikshita Agarwal (24): > media: iris: Skip destroying internal buffer if not dequeued > media: iris: Update CAPTURE format info based on OUTPUT format > media: iris: Avoid updating frame size to firmware during reconfig > media: iris: Drop port check for session property response > media: iris: Prevent HFI queue writes when core is in deinit state > media: iris: Remove error check for non-zero v4l2 controls > media: iris: Remove deprecated property setting to firmware > media: iris: Fix missing function pointer initialization > media: iris: Fix NULL pointer dereference > media: iris: Fix typo in depth variable > media: iris: Track flush responses to prevent premature completion > media: iris: Fix buffer preparation failure during resolution change > media: iris: Send V4L2_BUF_FLAG_ERROR for capture buffers with 0 filled length > media: iris: Skip flush on first sequence change > media: iris: Add handling for corrupt and drop frames > media: iris: Add handling for no show frames > media: iris: Improve last flag handling > media: iris: Remove redundant buffer count check in stream off > media: iris: Add a comment to explain usage of MBPS > media: iris: Add HEVC and VP9 formats for decoder > media: iris: Add platform capabilities for HEVC and VP9 decoders > media: iris: Set mandatory properties for HEVC and VP9 decoders. > media: iris: Add internal buffer calculation for HEVC and VP9 decoders > media: iris: Add codec specific check for VP9 decoder drain handling > > drivers/media/platform/qcom/iris/iris_buffer.c | 35 +- > drivers/media/platform/qcom/iris/iris_buffer.h | 3 +- > drivers/media/platform/qcom/iris/iris_ctrls.c | 35 +- > drivers/media/platform/qcom/iris/iris_hfi_common.h | 1 + > .../platform/qcom/iris/iris_hfi_gen1_command.c | 48 ++- > .../platform/qcom/iris/iris_hfi_gen1_defines.h | 5 +- > .../platform/qcom/iris/iris_hfi_gen1_response.c | 37 +- > .../platform/qcom/iris/iris_hfi_gen2_command.c | 143 +++++++- > .../platform/qcom/iris/iris_hfi_gen2_defines.h | 5 + > .../platform/qcom/iris/iris_hfi_gen2_response.c | 56 ++- > drivers/media/platform/qcom/iris/iris_hfi_queue.c | 2 +- > drivers/media/platform/qcom/iris/iris_instance.h | 6 + > .../platform/qcom/iris/iris_platform_common.h | 28 +- > .../media/platform/qcom/iris/iris_platform_gen2.c | 198 ++++++++-- > .../platform/qcom/iris/iris_platform_qcs8300.h | 126 +++++-- > .../platform/qcom/iris/iris_platform_sm8250.c | 15 +- > drivers/media/platform/qcom/iris/iris_state.c | 2 +- > drivers/media/platform/qcom/iris/iris_state.h | 1 + > drivers/media/platform/qcom/iris/iris_vb2.c | 18 +- > drivers/media/platform/qcom/iris/iris_vdec.c | 116 +++--- > drivers/media/platform/qcom/iris/iris_vdec.h | 11 + > drivers/media/platform/qcom/iris/iris_vidc.c | 36 +- > drivers/media/platform/qcom/iris/iris_vpu_buffer.c | 397 ++++++++++++++++++++- > drivers/media/platform/qcom/iris/iris_vpu_buffer.h | 46 ++- > 24 files changed, 1159 insertions(+), 211 deletions(-) > --- > base-commit: 398a1b33f1479af35ca915c5efc9b00d6204f8fa > change-id: 20250506-video-iris-hevc-vp9-ee13f23dd9a8 > prerequisite-message-id: <20250417-topic-sm8x50-iris-v10-v7-0-f020cb1d0e98(a)linaro.org> > prerequisite-patch-id: afffe7096c8e110a8da08c987983bc4441d39578 > prerequisite-patch-id: b93c37dc7e09d1631b75387dc1ca90e3066dce17 > prerequisite-patch-id: b7b50aa1657be59fd51c3e53d73382a1ee75a08e > prerequisite-patch-id: 30960743105a36f20b3ec4a9ff19e7bca04d6add > prerequisite-patch-id: 2bba98151ca103aa62a513a0fbd0df7ae64d9868 > prerequisite-patch-id: 0e43a6d758b5fa5ab921c6aa3c19859e312b47d0 > prerequisite-patch-id: 35f8dae1416977e88c2db7c767800c01822e266e > prerequisite-message-id: <20250501-qcs8300_iris-v7-0-b229d5347990(a)quicinc.com> > prerequisite-patch-id: e35b05c527217206ae871aef0d7b0261af0319ea > prerequisite-patch-id: 07ba0745c7d72796567e0a57f5c8e5355a8d2046 > prerequisite-patch-id: 3398937a7fabb45934bb98a530eef73252231132 > prerequisite-patch-id: 500bc3b8391940d3ebca222d2098b737414b2af4 > prerequisite-patch-id: 2e72fe4d11d264db3d42fa450427d30171303c6f > > Best regards,

7 months

1
0
0 0

[PATCH v3 0/2] Restrict devmem for confidential VMs

by Dan Williams

Changes since v2 [1]: * Drop the new x86_platform_op and just use cc_platform_has(CC_ATTR_GUEST_MEM_ENCRYPT) directly where needed (Naveen) * Make the restriction identical to lockdown and stop playing games with devmem_is_allowed() * Ensure that CONFIG_IO_STRICT_DEVMEM is enabled to avoid conflicting mappings for userspace mappings of PCI MMIO. The original response to Nikolay's report of an SEPT violation triggered by /dev/mem access to private memory was "let's just turn off /dev/mem". After some machinations of x86_platform_ops to block a subset of problematic access, spelunking the history of devmem_is_allowed() returning "2" to enable some compatibility benefits while blocking access, and discovering that userspace depends buggy kernel behavior for mmap(2) of the first 1MB of memory on x86, the proposal has circled back to "disable /dev/mem". Require both STRICT_DEVMEM and IO_STRICT_DEVMEM for x86 confidential guests to close /dev/mem hole while still allowing for userspace mapping of PCI MMIO as long as the kernel and userspace are not mapping the range at the same time. The range_is_allowed() cleanup is not strictly necessary, but might as well close a 17 year-old "TODO". --- Dan Williams (2): x86/devmem: Remove duplicate range_is_allowed() definition x86/devmem: Drop /dev/mem access for confidential guests arch/x86/Kconfig | 4 ++++ arch/x86/mm/pat/memtype.c | 31 ++++--------------------------- drivers/char/mem.c | 27 +++++++++------------------ include/linux/io.h | 21 +++++++++++++++++++++ 4 files changed, 38 insertions(+), 45 deletions(-) base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8

7 months

7
18
0 0

[PATCH] zsmalloc: don't underflow size calculation in zs_obj_write()

by Sergey Senozhatsky

Do not mix class->size and object size during offsets/sizes calculation in zs_obj_write(). Size classes can merge into clusters, based on objects-per-zspage and pages-per-zspage characteristics, so some size classes can store objects smaller than class->size. This becomes problematic when object size is much smaller than class->size - we can determine that object spans two physical pages, because we use a larger class->size for this, while the actual object is much smaller and fits one physical page, so there is nothing to write to the second page and memcpy() size calculation underflows. We always know the exact size in bytes of the object that we are about to write (store), so use it instead of class->size. Reported-by: Igor Belousov <igor.b(a)beldev.am> Cc: <stable(a)vger.kernel.org> Signed-off-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> --- mm/zsmalloc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mm/zsmalloc.c b/mm/zsmalloc.c index 70406ac94bbd..999b513c7fdf 100644 --- a/mm/zsmalloc.c +++ b/mm/zsmalloc.c @@ -1233,19 +1233,19 @@ void zs_obj_write(struct zs_pool *pool, unsigned long handle, class = zspage_class(pool, zspage); off = offset_in_page(class->size * obj_idx); - if (off + class->size <= PAGE_SIZE) { + if (!ZsHugePage(zspage)) + off += ZS_HANDLE_SIZE; + + if (off + mem_len <= PAGE_SIZE) { /* this object is contained entirely within a page */ void *dst = kmap_local_zpdesc(zpdesc); - if (!ZsHugePage(zspage)) - off += ZS_HANDLE_SIZE; memcpy(dst + off, handle_mem, mem_len); kunmap_local(dst); } else { /* this object spans two pages */ size_t sizes[2]; - off += ZS_HANDLE_SIZE; sizes[0] = PAGE_SIZE - off; sizes[1] = mem_len - sizes[0]; -- 2.49.0.906.g1f30a19c02-goog

7 months

3
4
0 0

[PATCH] dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status()

by Qiu-ji Chen

This patch fixes a potential deadlock bug. We observed that in the mtk-cqdma.c file, most functions like mtk_cqdma_issue_pending() and mtk_cqdma_free_active_desc() follow the correct locking sequence by acquiring the pc lock first before taking the vc lock when handling the vc and pc fields. However, in mtk_cqdma_tx_status(), the function incorrectly acquires the vc lock first before calling mtk_cqdma_find_active_desc(), which subsequently acquires the pc lock. This reversed lock acquisition order (vc → pc) violates the established sequence (pc → vc) and could potentially trigger deadlock scenarios. To resolve this issue, we have moved the vc lock acquisition code from mtk_cqdma_tx_status() into the mtk_cqdma_find_active_desc() function. This adjustment ensures proper lock ordering while maintaining functionality. Since mtk_cqdma_find_active_desc() is a static function with only one call site in mtk_cqdma_tx_status(), this fix effectively addresses the deadlock risk without introducing unintended side effects to other components. This possible bug is found by an experimental static analysis tool developed by our team. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. Fixes: b1f01e48df5a ("dmaengine: mediatek: Add MediaTek Command-Queue DMA controller for MT6765 SoC") Cc: stable(a)vger.kernel.org Signed-off-by: Qiu-ji Chen <chenqiuji666(a)gmail.com> --- drivers/dma/mediatek/mtk-cqdma.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/dma/mediatek/mtk-cqdma.c b/drivers/dma/mediatek/mtk-cqdma.c index d5ddb4e30e71..656354bccb44 100644 --- a/drivers/dma/mediatek/mtk-cqdma.c +++ b/drivers/dma/mediatek/mtk-cqdma.c @@ -423,11 +423,14 @@ static struct virt_dma_desc *mtk_cqdma_find_active_desc(struct dma_chan *c, unsigned long flags; spin_lock_irqsave(&cvc->pc->lock, flags); + spin_lock_irqsave(&cvc->vc.lock, flags); list_for_each_entry(vd, &cvc->pc->queue, node) if (vd->tx.cookie == cookie) { + spin_unlock_irqrestore(&cvc->vc.lock, flags); spin_unlock_irqrestore(&cvc->pc->lock, flags); return vd; } + spin_unlock_irqrestore(&cvc->vc.lock, flags); spin_unlock_irqrestore(&cvc->pc->lock, flags); list_for_each_entry(vd, &cvc->vc.desc_issued, node) @@ -452,9 +455,7 @@ static enum dma_status mtk_cqdma_tx_status(struct dma_chan *c, if (ret == DMA_COMPLETE || !txstate) return ret; - spin_lock_irqsave(&cvc->vc.lock, flags); vd = mtk_cqdma_find_active_desc(c, cookie); - spin_unlock_irqrestore(&cvc->vc.lock, flags); if (vd) { cvd = to_cqdma_vdesc(vd); -- 2.34.1

7 months

1
0
0 0

[PATCH 1/3] ASoC: amd: amd_sdw: Fix unlikely uninitialized variable use in create_sdw_dailinks()

by Vijendar Mukunda

Initialize current_be_id to 0 in AMD legacy stack(NO DSP enabled) SoundWire generic machine driver code to handle the unlikely case when there are no devices connected to a DAI. In this case create_sdw_dailink() would return without touching the passed pointer to current_be_id. Found by gcc -fanalyzer Cc: stable(a)vger.kernel.org Fixes: 2981d9b0789c4 ("ASoC: amd: acp: add soundwire machine driver for legacy stack") Signed-off-by: Vijendar Mukunda <Vijendar.Mukunda(a)amd.com> --- sound/soc/amd/acp/acp-sdw-legacy-mach.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/soc/amd/acp/acp-sdw-legacy-mach.c b/sound/soc/amd/acp/acp-sdw-legacy-mach.c index 2020c5cfb3d5..582c68aee6e5 100644 --- a/sound/soc/amd/acp/acp-sdw-legacy-mach.c +++ b/sound/soc/amd/acp/acp-sdw-legacy-mach.c @@ -272,7 +272,7 @@ static int create_sdw_dailinks(struct snd_soc_card *card, /* generate DAI links by each sdw link */ while (soc_dais->initialised) { - int current_be_id; + int current_be_id = 0; ret = create_sdw_dailink(card, soc_dais, dai_links, &current_be_id, codec_conf, sdw_platform_component); -- 2.45.2

7 months

2
2
0 0

[PATCH v2 0/4] clk: qcom: Add camera clock controller support for sc8180x

by Satya Priya Kakitapalli

This series adds support for camera clock controller base driver, bindings and DT support on sc8180x platform. Signed-off-by: Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com> --- Changes in v2: - New patch [1/4] to add all the missing gcc bindings along with the required GCC_CAMERA_AHB_CLOCK - As per Konrad's comments, add the camera AHB clock dependency in the DT and yaml bindings. - As per Vladimir's comments, update the Kconfig to add the SC8180X config in correct alphanumerical order. - Link to v1: https://lore.kernel.org/r/20250422-sc8180x-camcc-support-v1-0-691614d13f06@… --- Satya Priya Kakitapalli (4): dt-bindings: clock: qcom: Add missing bindings on gcc-sc8180x dt-bindings: clock: Add Qualcomm SC8180X Camera clock controller clk: qcom: camcc-sc8180x: Add SC8180X camera clock controller driver arm64: dts: qcom: Add camera clock controller for sc8180x .../bindings/clock/qcom,sc8180x-camcc.yaml | 67 + arch/arm64/boot/dts/qcom/sc8180x.dtsi | 14 + drivers/clk/qcom/Kconfig | 10 + drivers/clk/qcom/Makefile | 1 + drivers/clk/qcom/camcc-sc8180x.c | 2897 ++++++++++++++++++++ include/dt-bindings/clock/qcom,gcc-sc8180x.h | 12 + include/dt-bindings/clock/qcom,sc8180x-camcc.h | 181 ++ 7 files changed, 3182 insertions(+) --- base-commit: bc8aa6cdadcc00862f2b5720e5de2e17f696a081 change-id: 20250422-sc8180x-camcc-support-9a82507d2a39 Best regards, -- Satya Priya Kakitapalli <quic_skakitap(a)quicinc.com>

7 months

3
6
0 0

[PATCH 2/2] phy: tegra: xusb: Disable periodic tracking on Tegra234

by Wayne Chang

From: Haotien Hsu <haotienh(a)nvidia.com> Periodic calibration updates (~10µs) may overlap with transfers when PCIe NVMe SSD, LPDDR, and USB2 devices operate simultaneously, causing crosstalk on Tegra234 devices. Hence disable periodic calibration updates and make this a one-time calibration. Fixes: d8163a32ca95 ("phy: tegra: xusb: Add Tegra234 support") Cc: stable(a)vger.kernel.org Signed-off-by: Haotien Hsu <haotienh(a)nvidia.com> Signed-off-by: Wayne Chang <waynec(a)nvidia.com> --- drivers/phy/tegra/xusb-tegra186.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/phy/tegra/xusb-tegra186.c b/drivers/phy/tegra/xusb-tegra186.c index dd0aaf305e90..414f4eabfe9d 100644 --- a/drivers/phy/tegra/xusb-tegra186.c +++ b/drivers/phy/tegra/xusb-tegra186.c @@ -1703,7 +1703,7 @@ const struct tegra_xusb_padctl_soc tegra234_xusb_padctl_soc = { .num_supplies = ARRAY_SIZE(tegra194_xusb_padctl_supply_names), .supports_gen2 = true, .poll_trk_completed = true, - .trk_hw_mode = true, + .trk_hw_mode = false, .trk_update_on_idle = true, .supports_lp_cfg_en = true, }; -- 2.25.1

7 months

1
0
0 0

[PATCH 02/14] drm/amd/display: Correct the reply value when AUX write incomplete

by Ray Wu

From: Wayne Lin <Wayne.Lin(a)amd.com> [Why] Now forcing aux->transfer to return 0 when incomplete AUX write is inappropriate. It should return bytes have been transferred. [How] aux->transfer is asked not to change original msg except reply field of drm_dp_aux_msg structure. Copy the msg->buffer when it's write request, and overwrite the first byte when sink reply 1 byte indicating partially written byte number. Then we can return the correct value without changing the original msg. Fixes: 6285f12bc54c ("drm/amd/display: Fix wrong handling for AUX_DEFER case") Cc: stable(a)vger.kernel.org Cc: Mario Limonciello <mario.limonciello(a)amd.com> Cc: Alex Deucher <alexander.deucher(a)amd.com> Reviewed-by: Ray Wu <ray.wu(a)amd.com> Signed-off-by: Wayne Lin <Wayne.Lin(a)amd.com> Signed-off-by: Ray Wu <ray.wu(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 3 ++- .../drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 10 ++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 8984e211dd1c..36c16030fca9 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -12853,7 +12853,8 @@ int amdgpu_dm_process_dmub_aux_transfer_sync( /* The reply is stored in the top nibble of the command. */ payload->reply[0] = (adev->dm.dmub_notify->aux_reply.command >> 4) & 0xF; - if (!payload->write && p_notify->aux_reply.length) + /*write req may receive a byte indicating partially written number as well*/ + if (p_notify->aux_reply.length) memcpy(payload->data, p_notify->aux_reply.data, p_notify->aux_reply.length); diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c index d19aea595722..0d7b72c75802 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c @@ -62,6 +62,7 @@ static ssize_t dm_dp_aux_transfer(struct drm_dp_aux *aux, enum aux_return_code_type operation_result; struct amdgpu_device *adev; struct ddc_service *ddc; + uint8_t copy[16]; if (WARN_ON(msg->size > 16)) return -E2BIG; @@ -77,6 +78,11 @@ static ssize_t dm_dp_aux_transfer(struct drm_dp_aux *aux, (msg->request & DP_AUX_I2C_WRITE_STATUS_UPDATE) != 0; payload.defer_delay = 0; + if (payload.write) { + memcpy(copy, msg->buffer, msg->size); + payload.data = copy; + } + result = dc_link_aux_transfer_raw(TO_DM_AUX(aux)->ddc_service, &payload, &operation_result); @@ -100,9 +106,9 @@ static ssize_t dm_dp_aux_transfer(struct drm_dp_aux *aux, */ if (payload.write && result >= 0) { if (result) { - /*one byte indicating partially written bytes. Force 0 to retry*/ + /*one byte indicating partially written bytes*/ drm_info(adev_to_drm(adev), "amdgpu: AUX partially written\n"); - result = 0; + result = payload.data[0]; } else if (!payload.reply[0]) /*I2C_ACK|AUX_ACK*/ result = msg->size; -- 2.43.0

7 months

1
0
0 0

[REGRESSION][BISECTED][STABLE] MT7925: mDNS and IPv6 broken in kernel 6.14.3 and above

by fossben＠pm.me

Hello all, After upgrading to 6.14.3 on my PC with a MT7925 chip, I noticed that I could no longer ping *.local addresses provided by Avahi. In addition, I also noticed that I was not able to get a DHCP IPv6 address from my router, no matter how many times I rebooted the router or reconnected with NetworkManager. Reverting to 6.14.2 fixes both mDNS and IPv6 addresses immediately. Going back to 6.14.3 immediately breaks mDNS again, but the IPv6 address will stay there for a while before disappearing later, possibly because the DHCP lease expired? I am not sure exactly when it stops working. I've done a kernel bisect between 6.14.2 and 6.14.3 and found the offending commit that causes mDNS to fail: commit 80007d3f92fd018d0a052a706400e976b36e3c87 Author: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> Date: Tue Mar 4 16:08:50 2025 -0800 wifi: mt76: mt7925: integrate *mlo_sta_cmd and *sta_cmd commit cb1353ef34735ec1e5d9efa1fe966f05ff1dc1e1 upstream. Integrate *mlo_sta_cmd and *sta_cmd for the MLO firmware. Fixes: 86c051f2c418 ("wifi: mt76: mt7925: enabling MLO when the firmware supports it") drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 59 ++++------------------------------------------------------- 1 file changed, 4 insertions(+), 55 deletions(-) I do not know if this same commit is also causing the IPv6 issues as testing that requires quite a bit of time to reproduce. What I do know with certainty as of this moment is that it definitely breaks in kernel 6.14.3. I've attached my hardware info as well as dmesg logs from the last working kernel from the bisect and 6.14.4 which exhibits the issue. Please let me know if there's any other info you need. Thanks! Benjamin Xiao

7 months

3
9
0 0

[PATCH v2] usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work

by RD Babiera

A state check was previously added to tcpm_queue_vdm_unlocked to prevent a deadlock where the DisplayPort Alt Mode driver would be executing work and attempting to grab the tcpm_lock while the TCPM was holding the lock and attempting to unregister the altmode, blocking on the altmode driver's cancel_work_sync call. Because the state check isn't protected, there is a small window where the Alt Mode driver could determine that the TCPM is in a ready state and attempt to grab the lock while the TCPM grabs the lock and changes the TCPM state to one that causes the deadlock. The callstack is provided below: [110121.667392][ C7] Call trace: [110121.667396][ C7] __switch_to+0x174/0x338 [110121.667406][ C7] __schedule+0x608/0x9f0 [110121.667414][ C7] schedule+0x7c/0xe8 [110121.667423][ C7] kernfs_drain+0xb0/0x114 [110121.667431][ C7] __kernfs_remove+0x16c/0x20c [110121.667436][ C7] kernfs_remove_by_name_ns+0x74/0xe8 [110121.667442][ C7] sysfs_remove_group+0x84/0xe8 [110121.667450][ C7] sysfs_remove_groups+0x34/0x58 [110121.667458][ C7] device_remove_groups+0x10/0x20 [110121.667464][ C7] device_release_driver_internal+0x164/0x2e4 [110121.667475][ C7] device_release_driver+0x18/0x28 [110121.667484][ C7] bus_remove_device+0xec/0x118 [110121.667491][ C7] device_del+0x1e8/0x4ac [110121.667498][ C7] device_unregister+0x18/0x38 [110121.667504][ C7] typec_unregister_altmode+0x30/0x44 [110121.667515][ C7] tcpm_reset_port+0xac/0x370 [110121.667523][ C7] tcpm_snk_detach+0x84/0xb8 [110121.667529][ C7] run_state_machine+0x4c0/0x1b68 [110121.667536][ C7] tcpm_state_machine_work+0x94/0xe4 [110121.667544][ C7] kthread_worker_fn+0x10c/0x244 [110121.667552][ C7] kthread+0x104/0x1d4 [110121.667557][ C7] ret_from_fork+0x10/0x20 [110121.667689][ C7] Workqueue: events dp_altmode_work [110121.667697][ C7] Call trace: [110121.667701][ C7] __switch_to+0x174/0x338 [110121.667710][ C7] __schedule+0x608/0x9f0 [110121.667717][ C7] schedule+0x7c/0xe8 [110121.667725][ C7] schedule_preempt_disabled+0x24/0x40 [110121.667733][ C7] __mutex_lock+0x408/0xdac [110121.667741][ C7] __mutex_lock_slowpath+0x14/0x24 [110121.667748][ C7] mutex_lock+0x40/0xec [110121.667757][ C7] tcpm_altmode_enter+0x78/0xb4 [110121.667764][ C7] typec_altmode_enter+0xdc/0x10c [110121.667769][ C7] dp_altmode_work+0x68/0x164 [110121.667775][ C7] process_one_work+0x1e4/0x43c [110121.667783][ C7] worker_thread+0x25c/0x430 [110121.667789][ C7] kthread+0x104/0x1d4 [110121.667794][ C7] ret_from_fork+0x10/0x20 Change tcpm_queue_vdm_unlocked to queue for tcpm_queue_vdm_work, which can perform the state check while holding the TCPM lock while the Alt Mode lock is no longer held. This requires a new struct to hold the vdm data, altmode_vdm_event. Fixes: cdc9946ea637 ("usb: typec: tcpm: enforce ready state when queueing alt mode vdm") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> --- Changes from v1: * modified commit message to include call stack --- drivers/usb/typec/tcpm/tcpm.c | 91 +++++++++++++++++++++++++++-------- 1 file changed, 71 insertions(+), 20 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 784fa23102f9..9b8d98328ddb 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -597,6 +597,15 @@ struct pd_rx_event { enum tcpm_transmit_type rx_sop_type; }; +struct altmode_vdm_event { + struct kthread_work work; + struct tcpm_port *port; + u32 header; + u32 *data; + int cnt; + enum tcpm_transmit_type tx_sop_type; +}; + static const char * const pd_rev[] = { [PD_REV10] = "rev1", [PD_REV20] = "rev2", @@ -1610,18 +1619,68 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, mod_vdm_delayed_work(port, 0); } -static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, - const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) +static void tcpm_queue_vdm_work(struct kthread_work *work) { - if (port->state != SRC_READY && port->state != SNK_READY && - port->state != SRC_VDM_IDENTITY_REQUEST) - return; + struct altmode_vdm_event *event = container_of(work, + struct altmode_vdm_event, + work); + struct tcpm_port *port = event->port; mutex_lock(&port->lock); - tcpm_queue_vdm(port, header, data, cnt, tx_sop_type); + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) { + tcpm_log_force(port, "dropping altmode_vdm_event"); + goto port_unlock; + } + + tcpm_queue_vdm(port, event->header, event->data, event->cnt, event->tx_sop_type); + +port_unlock: + kfree(event->data); + kfree(event); mutex_unlock(&port->lock); } +static int tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, + const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) +{ + struct altmode_vdm_event *event; + u32 *data_cpy; + int ret = -ENOMEM; + + event = kzalloc(sizeof(*event), GFP_KERNEL); + if (!event) + goto err_event; + + data_cpy = kcalloc(cnt, sizeof(u32), GFP_KERNEL); + if (!data_cpy) + goto err_data; + + kthread_init_work(&event->work, tcpm_queue_vdm_work); + event->port = port; + event->header = header; + memcpy(data_cpy, data, sizeof(u32) * cnt); + event->data = data_cpy; + event->cnt = cnt; + event->tx_sop_type = tx_sop_type; + + ret = kthread_queue_work(port->wq, &event->work); + if (!ret) { + ret = -EBUSY; + goto err_queue; + } + + return 0; + +err_queue: + kfree(data_cpy); +err_data: + kfree(event); +err_event: + tcpm_log_force(port, "failed to queue altmode vdm, err:%d", ret); + return ret; +} + static void svdm_consume_identity(struct tcpm_port *port, const u32 *p, int cnt) { u32 vdo = p[VDO_INDEX_IDH]; @@ -2832,8 +2891,7 @@ static int tcpm_altmode_enter(struct typec_altmode *altmode, u32 *vdo) header = VDO(altmode->svid, vdo ? 2 : 1, svdm_version, CMD_ENTER_MODE); header |= VDO_OPOS(altmode->mode); - tcpm_queue_vdm_unlocked(port, header, vdo, vdo ? 1 : 0, TCPC_TX_SOP); - return 0; + return tcpm_queue_vdm_unlocked(port, header, vdo, vdo ? 1 : 0, TCPC_TX_SOP); } static int tcpm_altmode_exit(struct typec_altmode *altmode) @@ -2849,8 +2907,7 @@ static int tcpm_altmode_exit(struct typec_altmode *altmode) header = VDO(altmode->svid, 1, svdm_version, CMD_EXIT_MODE); header |= VDO_OPOS(altmode->mode); - tcpm_queue_vdm_unlocked(port, header, NULL, 0, TCPC_TX_SOP); - return 0; + return tcpm_queue_vdm_unlocked(port, header, NULL, 0, TCPC_TX_SOP); } static int tcpm_altmode_vdm(struct typec_altmode *altmode, @@ -2858,9 +2915,7 @@ static int tcpm_altmode_vdm(struct typec_altmode *altmode, { struct tcpm_port *port = typec_altmode_get_drvdata(altmode); - tcpm_queue_vdm_unlocked(port, header, data, count - 1, TCPC_TX_SOP); - - return 0; + return tcpm_queue_vdm_unlocked(port, header, data, count - 1, TCPC_TX_SOP); } static const struct typec_altmode_ops tcpm_altmode_ops = { @@ -2884,8 +2939,7 @@ static int tcpm_cable_altmode_enter(struct typec_altmode *altmode, enum typec_pl header = VDO(altmode->svid, vdo ? 2 : 1, svdm_version, CMD_ENTER_MODE); header |= VDO_OPOS(altmode->mode); - tcpm_queue_vdm_unlocked(port, header, vdo, vdo ? 1 : 0, TCPC_TX_SOP_PRIME); - return 0; + return tcpm_queue_vdm_unlocked(port, header, vdo, vdo ? 1 : 0, TCPC_TX_SOP_PRIME); } static int tcpm_cable_altmode_exit(struct typec_altmode *altmode, enum typec_plug_index sop) @@ -2901,8 +2955,7 @@ static int tcpm_cable_altmode_exit(struct typec_altmode *altmode, enum typec_plu header = VDO(altmode->svid, 1, svdm_version, CMD_EXIT_MODE); header |= VDO_OPOS(altmode->mode); - tcpm_queue_vdm_unlocked(port, header, NULL, 0, TCPC_TX_SOP_PRIME); - return 0; + return tcpm_queue_vdm_unlocked(port, header, NULL, 0, TCPC_TX_SOP_PRIME); } static int tcpm_cable_altmode_vdm(struct typec_altmode *altmode, enum typec_plug_index sop, @@ -2910,9 +2963,7 @@ static int tcpm_cable_altmode_vdm(struct typec_altmode *altmode, enum typec_plug { struct tcpm_port *port = typec_altmode_get_drvdata(altmode); - tcpm_queue_vdm_unlocked(port, header, data, count - 1, TCPC_TX_SOP_PRIME); - - return 0; + return tcpm_queue_vdm_unlocked(port, header, data, count - 1, TCPC_TX_SOP_PRIME); } static const struct typec_cable_ops tcpm_cable_ops = { base-commit: 588d032e9e566997db3213dee145dbe3bda297b6 -- 2.49.0.967.g6a0df3ecc3-goog

7 months

2
1
0 0

[PATCH v2 0/2] Map MAP_STACK to VM_NOHUGEPAGE only if THP is enabled

by Ignacio Moreno Gonzalez via B4 Relay

... and make setting MADV_NOHUGEPAGE with madvise() into a no-op if THP is not enabled. I discovered this issue when trying to use the tool CRIU to checkpoint and restore a container. Our running kernel is compiled without CONFIG_TRANSPARENT_HUGETABLES. CRIU parses the output of /proc/<pid>/smaps and saves the "nh" flag. When trying to restore the container, CRIU fails to restore the "nh" mappings, since madvise() MADV_NOHUGEPAGE always returns an error because CONFIG_TRANSPARENT_HUGETABLES is not defined. These patches: - Avoid mapping MAP_STACK to VM_NOHUGEPAGE if !THP - Avoid returning an error when calling madvise() with MADV_NOHUGEPAGE if !THP Signed-off-by: Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com> --- Changes in v2: - [Patch 1/2] Use '#ifdef' instead of '#if defined(...)' - [Patch 1/2] Add 'Fixes: c4608d1bf7c6...' - Create [Patch 2/2] - Link to v1: https://lore.kernel.org/r/20250502-map-map_stack-to-vm_nohugepage-only-if-t… --- Ignacio Moreno Gonzalez (2): mm: mmap: map MAP_STACK to VM_NOHUGEPAGE only if THP is enabled mm: madvise: no-op for MADV_NOHUGEPAGE if THP is disabled include/linux/huge_mm.h | 6 ++++++ include/linux/mman.h | 2 ++ 2 files changed, 8 insertions(+) --- base-commit: fc96b232f8e7c0a6c282f47726b2ff6a5fb341d2 change-id: 20250428-map-map_stack-to-vm_nohugepage-only-if-thp-is-enabled-ce40a1de095d Best regards, -- Ignacio Moreno Gonzalez <Ignacio.MorenoGonzalez(a)kuka.com>

7 months

5
6
0 0

[PATCH v1] usb: typec: tcpm: move tcpm_queue_vdm_unlocked to asynchronous work

by RD Babiera

A state check was previously added to tcpm_queue_vdm_unlocked to prevent a deadlock where the DisplayPort Alt Mode driver would be executing work and attempting to grab the tcpm_lock while the TCPM was holding the lock and attempting to unregister the altmode, blocking on the altmode driver's cancel_work_sync call. Because the state check isn't protected, there is a small window where the Alt Mode driver could determine that the TCPM is in a ready state and attempt to grab the lock while the TCPM grabs the lock and changes the TCPM state to one that causes the deadlock. Change tcpm_queue_vdm_unlocked to queue for tcpm_queue_vdm_work, which can perform the state check while holding the TCPM lock while the Alt Mode lock is no longer held. This requires a new struct to hold the vdm data, altmode_vdm_event. Fixes: cdc9946ea637 ("usb: typec: tcpm: enforce ready state when queueing alt mode vdm") Cc: stable(a)vger.kernel.org Signed-off-by: RD Babiera <rdbabiera(a)google.com> --- drivers/usb/typec/tcpm/tcpm.c | 91 +++++++++++++++++++++++++++-------- 1 file changed, 71 insertions(+), 20 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 784fa23102f9..9b8d98328ddb 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -597,6 +597,15 @@ struct pd_rx_event { enum tcpm_transmit_type rx_sop_type; }; +struct altmode_vdm_event { + struct kthread_work work; + struct tcpm_port *port; + u32 header; + u32 *data; + int cnt; + enum tcpm_transmit_type tx_sop_type; +}; + static const char * const pd_rev[] = { [PD_REV10] = "rev1", [PD_REV20] = "rev2", @@ -1610,18 +1619,68 @@ static void tcpm_queue_vdm(struct tcpm_port *port, const u32 header, mod_vdm_delayed_work(port, 0); } -static void tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, - const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) +static void tcpm_queue_vdm_work(struct kthread_work *work) { - if (port->state != SRC_READY && port->state != SNK_READY && - port->state != SRC_VDM_IDENTITY_REQUEST) - return; + struct altmode_vdm_event *event = container_of(work, + struct altmode_vdm_event, + work); + struct tcpm_port *port = event->port; mutex_lock(&port->lock); - tcpm_queue_vdm(port, header, data, cnt, tx_sop_type); + if (port->state != SRC_READY && port->state != SNK_READY && + port->state != SRC_VDM_IDENTITY_REQUEST) { + tcpm_log_force(port, "dropping altmode_vdm_event"); + goto port_unlock; + } + + tcpm_queue_vdm(port, event->header, event->data, event->cnt, event->tx_sop_type); + +port_unlock: + kfree(event->data); + kfree(event); mutex_unlock(&port->lock); } +static int tcpm_queue_vdm_unlocked(struct tcpm_port *port, const u32 header, + const u32 *data, int cnt, enum tcpm_transmit_type tx_sop_type) +{ + struct altmode_vdm_event *event; + u32 *data_cpy; + int ret = -ENOMEM; + + event = kzalloc(sizeof(*event), GFP_KERNEL); + if (!event) + goto err_event; + + data_cpy = kcalloc(cnt, sizeof(u32), GFP_KERNEL); + if (!data_cpy) + goto err_data; + + kthread_init_work(&event->work, tcpm_queue_vdm_work); + event->port = port; + event->header = header; + memcpy(data_cpy, data, sizeof(u32) * cnt); + event->data = data_cpy; + event->cnt = cnt; + event->tx_sop_type = tx_sop_type; + + ret = kthread_queue_work(port->wq, &event->work); + if (!ret) { + ret = -EBUSY; + goto err_queue; + } + + return 0; + +err_queue: + kfree(data_cpy); +err_data: + kfree(event); +err_event: + tcpm_log_force(port, "failed to queue altmode vdm, err:%d", ret); + return ret; +} + static void svdm_consume_identity(struct tcpm_port *port, const u32 *p, int cnt) { u32 vdo = p[VDO_INDEX_IDH]; @@ -2832,8 +2891,7 @@ static int tcpm_altmode_enter(struct typec_altmode *altmode, u32 *vdo) header = VDO(altmode->svid, vdo ? 2 : 1, svdm_version, CMD_ENTER_MODE); header |= VDO_OPOS(altmode->mode); - tcpm_queue_vdm_unlocked(port, header, vdo, vdo ? 1 : 0, TCPC_TX_SOP); - return 0; + return tcpm_queue_vdm_unlocked(port, header, vdo, vdo ? 1 : 0, TCPC_TX_SOP); } static int tcpm_altmode_exit(struct typec_altmode *altmode) @@ -2849,8 +2907,7 @@ static int tcpm_altmode_exit(struct typec_altmode *altmode) header = VDO(altmode->svid, 1, svdm_version, CMD_EXIT_MODE); header |= VDO_OPOS(altmode->mode); - tcpm_queue_vdm_unlocked(port, header, NULL, 0, TCPC_TX_SOP); - return 0; + return tcpm_queue_vdm_unlocked(port, header, NULL, 0, TCPC_TX_SOP); } static int tcpm_altmode_vdm(struct typec_altmode *altmode, @@ -2858,9 +2915,7 @@ static int tcpm_altmode_vdm(struct typec_altmode *altmode, { struct tcpm_port *port = typec_altmode_get_drvdata(altmode); - tcpm_queue_vdm_unlocked(port, header, data, count - 1, TCPC_TX_SOP); - - return 0; + return tcpm_queue_vdm_unlocked(port, header, data, count - 1, TCPC_TX_SOP); } static const struct typec_altmode_ops tcpm_altmode_ops = { @@ -2884,8 +2939,7 @@ static int tcpm_cable_altmode_enter(struct typec_altmode *altmode, enum typec_pl header = VDO(altmode->svid, vdo ? 2 : 1, svdm_version, CMD_ENTER_MODE); header |= VDO_OPOS(altmode->mode); - tcpm_queue_vdm_unlocked(port, header, vdo, vdo ? 1 : 0, TCPC_TX_SOP_PRIME); - return 0; + return tcpm_queue_vdm_unlocked(port, header, vdo, vdo ? 1 : 0, TCPC_TX_SOP_PRIME); } static int tcpm_cable_altmode_exit(struct typec_altmode *altmode, enum typec_plug_index sop) @@ -2901,8 +2955,7 @@ static int tcpm_cable_altmode_exit(struct typec_altmode *altmode, enum typec_plu header = VDO(altmode->svid, 1, svdm_version, CMD_EXIT_MODE); header |= VDO_OPOS(altmode->mode); - tcpm_queue_vdm_unlocked(port, header, NULL, 0, TCPC_TX_SOP_PRIME); - return 0; + return tcpm_queue_vdm_unlocked(port, header, NULL, 0, TCPC_TX_SOP_PRIME); } static int tcpm_cable_altmode_vdm(struct typec_altmode *altmode, enum typec_plug_index sop, @@ -2910,9 +2963,7 @@ static int tcpm_cable_altmode_vdm(struct typec_altmode *altmode, enum typec_plug { struct tcpm_port *port = typec_altmode_get_drvdata(altmode); - tcpm_queue_vdm_unlocked(port, header, data, count - 1, TCPC_TX_SOP_PRIME); - - return 0; + return tcpm_queue_vdm_unlocked(port, header, data, count - 1, TCPC_TX_SOP_PRIME); } static const struct typec_cable_ops tcpm_cable_ops = { base-commit: 615dca38c2eae55aff80050275931c87a812b48c -- 2.49.0.967.g6a0df3ecc3-goog

7 months

3
2
0 0

[PATCH v1 0/7] ublk: Backport to 6.14-stable: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd

by Jared Holzman

This patchset backports a series of ublk fixes from upstream to 6.14-stable. Patch 7 fixes the race that can cause kernel panic when ublk server daemon is exiting. It depends on patches 1-6 which simplifies & improves IO canceling when ublk server daemon is exiting as described here: https://lore.kernel.org/linux-block/20250416035444.99569-1-ming.lei@redhat.… Ming Lei (5): ublk: add helper of ublk_need_map_io() ublk: move device reset into ublk_ch_release() ublk: remove __ublk_quiesce_dev() ublk: simplify aborting ublk request ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd Uday Shankar (2): ublk: properly serialize all FETCH_REQs ublk: improve detection and handling of ublk server exit drivers/block/ublk_drv.c | 550 +++++++++++++++++++++------------------ 1 file changed, 291 insertions(+), 259 deletions(-) -- 2.43.0

7 months

1
1
0 0

[PATCH v1 7/7] ublk: fix race between io_uring_cmd_complete_in_task and ublk_cancel_cmd

by Jared Holzman

From: Ming Lei <ming.lei(a)redhat.com> ublk_cancel_cmd() calls io_uring_cmd_done() to complete uring_cmd, but we may have scheduled task work via io_uring_cmd_complete_in_task() for dispatching request, then kernel crash can be triggered. Fix it by not trying to canceling the command if ublk block request is started. Fixes: 216c8f5ef0f2 ("ublk: replace monitor with cancelable uring_cmd") Reported-by: Jared Holzman <jholzman(a)nvidia.com> Tested-by: Jared Holzman <jholzman(a)nvidia.com> Closes: https://lore.kernel.org/linux-block/d2179120-171b-47ba-b664-23242981ef19@nv… Signed-off-by: Ming Lei <ming.lei(a)redhat.com> Link: https://lore.kernel.org/r/20250425013742.1079549-3-ming.lei@redhat.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- drivers/block/ublk_drv.c | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c index 6000147ac2a5..348c4feb7a2d 100644 --- a/drivers/block/ublk_drv.c +++ b/drivers/block/ublk_drv.c @@ -1655,14 +1655,31 @@ static void ublk_start_cancel(struct ublk_queue *ubq) ublk_put_disk(disk); } -static void ublk_cancel_cmd(struct ublk_queue *ubq, struct ublk_io *io, +static void ublk_cancel_cmd(struct ublk_queue *ubq, unsigned tag, unsigned int issue_flags) { + struct ublk_io *io = &ubq->ios[tag]; + struct ublk_device *ub = ubq->dev; + struct request *req; bool done; if (!(io->flags & UBLK_IO_FLAG_ACTIVE)) return; + /* + * Don't try to cancel this command if the request is started for + * avoiding race between io_uring_cmd_done() and + * io_uring_cmd_complete_in_task(). + * + * Either the started request will be aborted via __ublk_abort_rq(), + * then this uring_cmd is canceled next time, or it will be done in + * task work function ublk_dispatch_req() because io_uring guarantees + * that ublk_dispatch_req() is always called + */ + req = blk_mq_tag_to_rq(ub->tag_set.tags[ubq->q_id], tag); + if (req && blk_mq_request_started(req)) + return; + spin_lock(&ubq->cancel_lock); done = !!(io->flags & UBLK_IO_FLAG_CANCELED); if (!done) @@ -1694,7 +1711,6 @@ static void ublk_uring_cmd_cancel_fn(struct io_uring_cmd *cmd, struct ublk_uring_cmd_pdu *pdu = ublk_get_uring_cmd_pdu(cmd); struct ublk_queue *ubq = pdu->ubq; struct task_struct *task; - struct ublk_io *io; if (WARN_ON_ONCE(!ubq)) return; @@ -1709,9 +1725,8 @@ static void ublk_uring_cmd_cancel_fn(struct io_uring_cmd *cmd, if (!ubq->canceling) ublk_start_cancel(ubq); - io = &ubq->ios[pdu->tag]; - WARN_ON_ONCE(io->cmd != cmd); - ublk_cancel_cmd(ubq, io, issue_flags); + WARN_ON_ONCE(ubq->ios[pdu->tag].cmd != cmd); + ublk_cancel_cmd(ubq, pdu->tag, issue_flags); } static inline bool ublk_queue_ready(struct ublk_queue *ubq) @@ -1724,7 +1739,7 @@ static void ublk_cancel_queue(struct ublk_queue *ubq) int i; for (i = 0; i < ubq->q_depth; i++) - ublk_cancel_cmd(ubq, &ubq->ios[i], IO_URING_F_UNLOCKED); + ublk_cancel_cmd(ubq, i, IO_URING_F_UNLOCKED); } /* Cancel all pending commands, must be called after del_gendisk() returns */ -- 2.43.0

7 months

1
0
0 0

[PATCH v1 6/7] ublk: simplify aborting ublk request

by Jared Holzman

From: Ming Lei <ming.lei(a)redhat.com> Now ublk_abort_queue() is moved to ublk char device release handler, meantime our request queue is "quiesced" because either ->canceling was set from uring_cmd cancel function or all IOs are inflight and can't be completed by ublk server, things becomes easy much: - all uring_cmd are done, so we needn't to mark io as UBLK_IO_FLAG_ABORTED for handling completion from uring_cmd - ublk char device is closed, no one can hold IO request reference any more, so we can simply complete this request or requeue it for ublk_nosrv_should_reissue_outstanding. Reviewed-by: Uday Shankar <ushankar(a)purestorage.com> Signed-off-by: Ming Lei <ming.lei(a)redhat.com> Link: https://lore.kernel.org/r/20250416035444.99569-8-ming.lei@redhat.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- drivers/block/ublk_drv.c | 82 ++++++++++------------------------------ 1 file changed, 20 insertions(+), 62 deletions(-) diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c index c3f576a9dbf2..6000147ac2a5 100644 --- a/drivers/block/ublk_drv.c +++ b/drivers/block/ublk_drv.c @@ -115,15 +115,6 @@ struct ublk_uring_cmd_pdu { */ #define UBLK_IO_FLAG_OWNED_BY_SRV 0x02 -/* - * IO command is aborted, so this flag is set in case of - * !UBLK_IO_FLAG_ACTIVE. - * - * After this flag is observed, any pending or new incoming request - * associated with this io command will be failed immediately - */ -#define UBLK_IO_FLAG_ABORTED 0x04 - /* * UBLK_IO_FLAG_NEED_GET_DATA is set because IO command requires * get data buffer address from ublksrv. @@ -1054,12 +1045,6 @@ static inline void __ublk_complete_rq(struct request *req) unsigned int unmapped_bytes; blk_status_t res = BLK_STS_OK; - /* called from ublk_abort_queue() code path */ - if (io->flags & UBLK_IO_FLAG_ABORTED) { - res = BLK_STS_IOERR; - goto exit; - } - /* failed read IO if nothing is read */ if (!io->res && req_op(req) == REQ_OP_READ) io->res = -EIO; @@ -1109,47 +1094,6 @@ static void ublk_complete_rq(struct kref *ref) __ublk_complete_rq(req); } -static void ublk_do_fail_rq(struct request *req) -{ - struct ublk_queue *ubq = req->mq_hctx->driver_data; - - if (ublk_nosrv_should_reissue_outstanding(ubq->dev)) - blk_mq_requeue_request(req, false); - else - __ublk_complete_rq(req); -} - -static void ublk_fail_rq_fn(struct kref *ref) -{ - struct ublk_rq_data *data = container_of(ref, struct ublk_rq_data, - ref); - struct request *req = blk_mq_rq_from_pdu(data); - - ublk_do_fail_rq(req); -} - -/* - * Since ublk_rq_task_work_cb always fails requests immediately during - * exiting, __ublk_fail_req() is only called from abort context during - * exiting. So lock is unnecessary. - * - * Also aborting may not be started yet, keep in mind that one failed - * request may be issued by block layer again. - */ -static void __ublk_fail_req(struct ublk_queue *ubq, struct ublk_io *io, - struct request *req) -{ - WARN_ON_ONCE(io->flags & UBLK_IO_FLAG_ACTIVE); - - if (ublk_need_req_ref(ubq)) { - struct ublk_rq_data *data = blk_mq_rq_to_pdu(req); - - kref_put(&data->ref, ublk_fail_rq_fn); - } else { - ublk_do_fail_rq(req); - } -} - static void ubq_complete_io_cmd(struct ublk_io *io, int res, unsigned issue_flags) { @@ -1639,10 +1583,26 @@ static void ublk_commit_completion(struct ublk_device *ub, ublk_put_req_ref(ubq, req); } +static void __ublk_fail_req(struct ublk_queue *ubq, struct ublk_io *io, + struct request *req) +{ + WARN_ON_ONCE(io->flags & UBLK_IO_FLAG_ACTIVE); + + if (ublk_nosrv_should_reissue_outstanding(ubq->dev)) + blk_mq_requeue_request(req, false); + else { + io->res = -EIO; + __ublk_complete_rq(req); + } +} + /* - * Called from ubq_daemon context via cancel fn, meantime quiesce ublk - * blk-mq queue, so we are called exclusively with blk-mq and ubq_daemon - * context, so everything is serialized. + * Called from ublk char device release handler, when any uring_cmd is + * done, meantime request queue is "quiesced" since all inflight requests + * can't be completed because ublk server is dead. + * + * So no one can hold our request IO reference any more, simply ignore the + * reference, and complete the request immediately */ static void ublk_abort_queue(struct ublk_device *ub, struct ublk_queue *ubq) { @@ -1659,10 +1619,8 @@ static void ublk_abort_queue(struct ublk_device *ub, struct ublk_queue *ubq) * will do it */ rq = blk_mq_tag_to_rq(ub->tag_set.tags[ubq->q_id], i); - if (rq && blk_mq_request_started(rq)) { - io->flags |= UBLK_IO_FLAG_ABORTED; + if (rq && blk_mq_request_started(rq)) __ublk_fail_req(ubq, io, rq); - } } } } -- 2.43.0

7 months

1
0
0 0

[PATCH v1 5/7] ublk: remove __ublk_quiesce_dev()

by Jared Holzman

From: Ming Lei <ming.lei(a)redhat.com> Remove __ublk_quiesce_dev() and open code for updating device state as QUIESCED. We needn't to drain inflight requests in __ublk_quiesce_dev() any more, because all inflight requests are aborted in ublk char device release handler. Also we needn't to set ->canceling in __ublk_quiesce_dev() any more because it is done unconditionally now in ublk_ch_release(). Reviewed-by: Uday Shankar <ushankar(a)purestorage.com> Signed-off-by: Ming Lei <ming.lei(a)redhat.com> Link: https://lore.kernel.org/r/20250416035444.99569-7-ming.lei@redhat.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- drivers/block/ublk_drv.c | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c index 652742db0396..c3f576a9dbf2 100644 --- a/drivers/block/ublk_drv.c +++ b/drivers/block/ublk_drv.c @@ -205,7 +205,6 @@ struct ublk_params_header { static void ublk_stop_dev_unlocked(struct ublk_device *ub); static void ublk_abort_queue(struct ublk_device *ub, struct ublk_queue *ubq); -static void __ublk_quiesce_dev(struct ublk_device *ub); static inline unsigned int ublk_req_build_flags(struct request *req); static inline struct ublksrv_io_desc *ublk_get_iod(struct ublk_queue *ubq, @@ -1558,7 +1557,8 @@ static int ublk_ch_release(struct inode *inode, struct file *filp) ublk_stop_dev_unlocked(ub); } else { if (ublk_nosrv_dev_should_queue_io(ub)) { - __ublk_quiesce_dev(ub); + /* ->canceling is set and all requests are aborted */ + ub->dev_info.state = UBLK_S_DEV_QUIESCED; } else { ub->dev_info.state = UBLK_S_DEV_FAIL_IO; for (i = 0; i < ub->dev_info.nr_hw_queues; i++) @@ -1804,21 +1804,6 @@ static void ublk_wait_tagset_rqs_idle(struct ublk_device *ub) } } -static void __ublk_quiesce_dev(struct ublk_device *ub) -{ - int i; - - pr_devel("%s: quiesce ub: dev_id %d state %s\n", - __func__, ub->dev_info.dev_id, - ub->dev_info.state == UBLK_S_DEV_LIVE ? - "LIVE" : "QUIESCED"); - /* mark every queue as canceling */ - for (i = 0; i < ub->dev_info.nr_hw_queues; i++) - ublk_get_queue(ub, i)->canceling = true; - ublk_wait_tagset_rqs_idle(ub); - ub->dev_info.state = UBLK_S_DEV_QUIESCED; -} - static void ublk_force_abort_dev(struct ublk_device *ub) { int i; -- 2.43.0

7 months

1
0
0 0

[PATCH v1 4/7] ublk: improve detection and handling of ublk server exit

by Jared Holzman

From: Uday Shankar <ushankar(a)purestorage.com> There are currently two ways in which ublk server exit is detected by ublk_drv: 1. uring_cmd cancellation. If there are any outstanding uring_cmds which have not been completed to the ublk server when it exits, io_uring calls the uring_cmd callback with a special cancellation flag as the issuing task is exiting. 2. I/O timeout. This is needed in addition to the above to handle the "saturated queue" case, when all I/Os for a given queue are in the ublk server, and therefore there are no outstanding uring_cmds to cancel when the ublk server exits. There are a couple of issues with this approach: - It is complex and inelegant to have two methods to detect the same condition - The second method detects ublk server exit only after a long delay (~30s, the default timeout assigned by the block layer). This delays the nosrv behavior from kicking in and potential subsequent recovery of the device. The second issue is brought to light with the new test_generic_06 which will be added in following patch. It fails before this fix: selftests: ublk: test_generic_06.sh dev id is 0 dd: error writing '/dev/ublkb0': Input/output error 1+0 records in 0+0 records out 0 bytes copied, 30.0611 s, 0.0 kB/s DEAD dd took 31 seconds to exit (>= 5s tolerance)! generic_06 : [FAIL] Fix this by instead detecting and handling ublk server exit in the character file release callback. This has several advantages: - This one place can handle both saturated and unsaturated queues. Thus, it replaces both preexisting methods of detecting ublk server exit. - It runs quickly on ublk server exit - there is no 30s delay. - It starts the process of removing task references in ublk_drv. This is needed if we want to relax restrictions in the driver like letting only one thread serve each queue There is also the disadvantage that the character file release callback can also be triggered by intentional close of the file, which is a significant behavior change. Preexisting ublk servers (libublksrv) are dependent on the ability to open/close the file multiple times. To address this, only transition to a nosrv state if the file is released while the ublk device is live. This allows for programs to open/close the file multiple times during setup. It is still a behavior change if a ublk server decides to close/reopen the file while the device is LIVE (i.e. while it is responsible for serving I/O), but that would be highly unusual. This behavior is in line with what is done by FUSE, which is very similar to ublk in that a userspace daemon is providing services traditionally provided by the kernel. With this change in, the new test (and all other selftests, and all ublksrv tests) pass: selftests: ublk: test_generic_06.sh dev id is 0 dd: error writing '/dev/ublkb0': Input/output error 1+0 records in 0+0 records out 0 bytes copied, 0.0376731 s, 0.0 kB/s DEAD generic_04 : [PASS] Signed-off-by: Uday Shankar <ushankar(a)purestorage.com> Signed-off-by: Ming Lei <ming.lei(a)redhat.com> Link: https://lore.kernel.org/r/20250416035444.99569-6-ming.lei@redhat.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- drivers/block/ublk_drv.c | 223 ++++++++++++++++++++++----------------- 1 file changed, 124 insertions(+), 99 deletions(-) diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c index c619df880c72..652742db0396 100644 --- a/drivers/block/ublk_drv.c +++ b/drivers/block/ublk_drv.c @@ -194,8 +194,6 @@ struct ublk_device { struct completion completion; unsigned int nr_queues_ready; unsigned int nr_privileged_daemon; - - struct work_struct nosrv_work; }; /* header of ublk_params */ @@ -204,7 +202,10 @@ struct ublk_params_header { __u32 types; }; -static bool ublk_abort_requests(struct ublk_device *ub, struct ublk_queue *ubq); + +static void ublk_stop_dev_unlocked(struct ublk_device *ub); +static void ublk_abort_queue(struct ublk_device *ub, struct ublk_queue *ubq); +static void __ublk_quiesce_dev(struct ublk_device *ub); static inline unsigned int ublk_req_build_flags(struct request *req); static inline struct ublksrv_io_desc *ublk_get_iod(struct ublk_queue *ubq, @@ -1306,8 +1307,6 @@ static void ublk_queue_cmd_list(struct ublk_queue *ubq, struct rq_list *l) static enum blk_eh_timer_return ublk_timeout(struct request *rq) { struct ublk_queue *ubq = rq->mq_hctx->driver_data; - unsigned int nr_inflight = 0; - int i; if (ubq->flags & UBLK_F_UNPRIVILEGED_DEV) { if (!ubq->timeout) { @@ -1318,26 +1317,6 @@ static enum blk_eh_timer_return ublk_timeout(struct request *rq) return BLK_EH_DONE; } - if (!ubq_daemon_is_dying(ubq)) - return BLK_EH_RESET_TIMER; - - for (i = 0; i < ubq->q_depth; i++) { - struct ublk_io *io = &ubq->ios[i]; - - if (!(io->flags & UBLK_IO_FLAG_ACTIVE)) - nr_inflight++; - } - - /* cancelable uring_cmd can't help us if all commands are in-flight */ - if (nr_inflight == ubq->q_depth) { - struct ublk_device *ub = ubq->dev; - - if (ublk_abort_requests(ub, ubq)) { - schedule_work(&ub->nosrv_work); - } - return BLK_EH_DONE; - } - return BLK_EH_RESET_TIMER; } @@ -1495,13 +1474,105 @@ static void ublk_reset_ch_dev(struct ublk_device *ub) ub->nr_privileged_daemon = 0; } +static struct gendisk *ublk_get_disk(struct ublk_device *ub) +{ + struct gendisk *disk; + + spin_lock(&ub->lock); + disk = ub->ub_disk; + if (disk) + get_device(disk_to_dev(disk)); + spin_unlock(&ub->lock); + + return disk; +} + +static void ublk_put_disk(struct gendisk *disk) +{ + if (disk) + put_device(disk_to_dev(disk)); +} + static int ublk_ch_release(struct inode *inode, struct file *filp) { struct ublk_device *ub = filp->private_data; + struct gendisk *disk; + int i; + + /* + * disk isn't attached yet, either device isn't live, or it has + * been removed already, so we needn't to do anything + */ + disk = ublk_get_disk(ub); + if (!disk) + goto out; + + /* + * All uring_cmd are done now, so abort any request outstanding to + * the ublk server + * + * This can be done in lockless way because ublk server has been + * gone + * + * More importantly, we have to provide forward progress guarantee + * without holding ub->mutex, otherwise control task grabbing + * ub->mutex triggers deadlock + * + * All requests may be inflight, so ->canceling may not be set, set + * it now. + */ + for (i = 0; i < ub->dev_info.nr_hw_queues; i++) { + struct ublk_queue *ubq = ublk_get_queue(ub, i); + + ubq->canceling = true; + ublk_abort_queue(ub, ubq); + } + blk_mq_kick_requeue_list(disk->queue); + + /* + * All infligh requests have been completed or requeued and any new + * request will be failed or requeued via `->canceling` now, so it is + * fine to grab ub->mutex now. + */ + mutex_lock(&ub->mutex); + + /* double check after grabbing lock */ + if (!ub->ub_disk) + goto unlock; + + /* + * Transition the device to the nosrv state. What exactly this + * means depends on the recovery flags + */ + blk_mq_quiesce_queue(disk->queue); + if (ublk_nosrv_should_stop_dev(ub)) { + /* + * Allow any pending/future I/O to pass through quickly + * with an error. This is needed because del_gendisk + * waits for all pending I/O to complete + */ + for (i = 0; i < ub->dev_info.nr_hw_queues; i++) + ublk_get_queue(ub, i)->force_abort = true; + blk_mq_unquiesce_queue(disk->queue); + + ublk_stop_dev_unlocked(ub); + } else { + if (ublk_nosrv_dev_should_queue_io(ub)) { + __ublk_quiesce_dev(ub); + } else { + ub->dev_info.state = UBLK_S_DEV_FAIL_IO; + for (i = 0; i < ub->dev_info.nr_hw_queues; i++) + ublk_get_queue(ub, i)->fail_io = true; + } + blk_mq_unquiesce_queue(disk->queue); + } +unlock: + mutex_unlock(&ub->mutex); + ublk_put_disk(disk); /* all uring_cmd has been done now, reset device & ubq */ ublk_reset_ch_dev(ub); - +out: clear_bit(UB_STATE_OPEN, &ub->state); return 0; } @@ -1597,37 +1668,22 @@ static void ublk_abort_queue(struct ublk_device *ub, struct ublk_queue *ubq) } /* Must be called when queue is frozen */ -static bool ublk_mark_queue_canceling(struct ublk_queue *ubq) +static void ublk_mark_queue_canceling(struct ublk_queue *ubq) { - bool canceled; - spin_lock(&ubq->cancel_lock); - canceled = ubq->canceling; - if (!canceled) + if (!ubq->canceling) ubq->canceling = true; spin_unlock(&ubq->cancel_lock); - - return canceled; } -static bool ublk_abort_requests(struct ublk_device *ub, struct ublk_queue *ubq) +static void ublk_start_cancel(struct ublk_queue *ubq) { - bool was_canceled = ubq->canceling; - struct gendisk *disk; - - if (was_canceled) - return false; - - spin_lock(&ub->lock); - disk = ub->ub_disk; - if (disk) - get_device(disk_to_dev(disk)); - spin_unlock(&ub->lock); + struct ublk_device *ub = ubq->dev; + struct gendisk *disk = ublk_get_disk(ub); /* Our disk has been dead */ if (!disk) - return false; - + return; /* * Now we are serialized with ublk_queue_rq() * @@ -1636,15 +1692,9 @@ static bool ublk_abort_requests(struct ublk_device *ub, struct ublk_queue *ubq) * touch completed uring_cmd */ blk_mq_quiesce_queue(disk->queue); - was_canceled = ublk_mark_queue_canceling(ubq); - if (!was_canceled) { - /* abort queue is for making forward progress */ - ublk_abort_queue(ub, ubq); - } + ublk_mark_queue_canceling(ubq); blk_mq_unquiesce_queue(disk->queue); - put_device(disk_to_dev(disk)); - - return !was_canceled; + ublk_put_disk(disk); } static void ublk_cancel_cmd(struct ublk_queue *ubq, struct ublk_io *io, @@ -1668,6 +1718,17 @@ static void ublk_cancel_cmd(struct ublk_queue *ubq, struct ublk_io *io, /* * The ublk char device won't be closed when calling cancel fn, so both * ublk device and queue are guaranteed to be live + * + * Two-stage cancel: + * + * - make every active uring_cmd done in ->cancel_fn() + * + * - aborting inflight ublk IO requests in ublk char device release handler, + * which depends on 1st stage because device can only be closed iff all + * uring_cmd are done + * + * Do _not_ try to acquire ub->mutex before all inflight requests are + * aborted, otherwise deadlock may be caused. */ static void ublk_uring_cmd_cancel_fn(struct io_uring_cmd *cmd, unsigned int issue_flags) @@ -1675,8 +1736,6 @@ static void ublk_uring_cmd_cancel_fn(struct io_uring_cmd *cmd, struct ublk_uring_cmd_pdu *pdu = ublk_get_uring_cmd_pdu(cmd); struct ublk_queue *ubq = pdu->ubq; struct task_struct *task; - struct ublk_device *ub; - bool need_schedule; struct ublk_io *io; if (WARN_ON_ONCE(!ubq)) @@ -1689,16 +1748,12 @@ static void ublk_uring_cmd_cancel_fn(struct io_uring_cmd *cmd, if (WARN_ON_ONCE(task && task != ubq->ubq_daemon)) return; - ub = ubq->dev; - need_schedule = ublk_abort_requests(ub, ubq); + if (!ubq->canceling) + ublk_start_cancel(ubq); io = &ubq->ios[pdu->tag]; WARN_ON_ONCE(io->cmd != cmd); ublk_cancel_cmd(ubq, io, issue_flags); - - if (need_schedule) { - schedule_work(&ub->nosrv_work); - } } static inline bool ublk_queue_ready(struct ublk_queue *ubq) @@ -1757,13 +1812,11 @@ static void __ublk_quiesce_dev(struct ublk_device *ub) __func__, ub->dev_info.dev_id, ub->dev_info.state == UBLK_S_DEV_LIVE ? "LIVE" : "QUIESCED"); - blk_mq_quiesce_queue(ub->ub_disk->queue); /* mark every queue as canceling */ for (i = 0; i < ub->dev_info.nr_hw_queues; i++) ublk_get_queue(ub, i)->canceling = true; ublk_wait_tagset_rqs_idle(ub); ub->dev_info.state = UBLK_S_DEV_QUIESCED; - blk_mq_unquiesce_queue(ub->ub_disk->queue); } static void ublk_force_abort_dev(struct ublk_device *ub) @@ -1800,50 +1853,25 @@ static struct gendisk *ublk_detach_disk(struct ublk_device *ub) return disk; } -static void ublk_stop_dev(struct ublk_device *ub) +static void ublk_stop_dev_unlocked(struct ublk_device *ub) + __must_hold(&ub->mutex) { struct gendisk *disk; - mutex_lock(&ub->mutex); if (ub->dev_info.state == UBLK_S_DEV_DEAD) - goto unlock; + return; + if (ublk_nosrv_dev_should_queue_io(ub)) ublk_force_abort_dev(ub); del_gendisk(ub->ub_disk); disk = ublk_detach_disk(ub); put_disk(disk); - unlock: - mutex_unlock(&ub->mutex); - ublk_cancel_dev(ub); } -static void ublk_nosrv_work(struct work_struct *work) +static void ublk_stop_dev(struct ublk_device *ub) { - struct ublk_device *ub = - container_of(work, struct ublk_device, nosrv_work); - int i; - - if (ublk_nosrv_should_stop_dev(ub)) { - ublk_stop_dev(ub); - return; - } - mutex_lock(&ub->mutex); - if (ub->dev_info.state != UBLK_S_DEV_LIVE) - goto unlock; - - if (ublk_nosrv_dev_should_queue_io(ub)) { - __ublk_quiesce_dev(ub); - } else { - blk_mq_quiesce_queue(ub->ub_disk->queue); - ub->dev_info.state = UBLK_S_DEV_FAIL_IO; - for (i = 0; i < ub->dev_info.nr_hw_queues; i++) { - ublk_get_queue(ub, i)->fail_io = true; - } - blk_mq_unquiesce_queue(ub->ub_disk->queue); - } - - unlock: + ublk_stop_dev_unlocked(ub); mutex_unlock(&ub->mutex); ublk_cancel_dev(ub); } @@ -2419,7 +2447,6 @@ static int ublk_add_tag_set(struct ublk_device *ub) static void ublk_remove(struct ublk_device *ub) { ublk_stop_dev(ub); - cancel_work_sync(&ub->nosrv_work); cdev_device_del(&ub->cdev, &ub->cdev_dev); ublk_put_device(ub); ublks_added--; @@ -2693,7 +2720,6 @@ static int ublk_ctrl_add_dev(struct io_uring_cmd *cmd) goto out_unlock; mutex_init(&ub->mutex); spin_lock_init(&ub->lock); - INIT_WORK(&ub->nosrv_work, ublk_nosrv_work); ret = ublk_alloc_dev_number(ub, header->dev_id); if (ret < 0) @@ -2828,7 +2854,6 @@ static inline void ublk_ctrl_cmd_dump(struct io_uring_cmd *cmd) static int ublk_ctrl_stop_dev(struct ublk_device *ub) { ublk_stop_dev(ub); - cancel_work_sync(&ub->nosrv_work); return 0; } -- 2.43.0

7 months

1
0
0 0

[PATCH v1 3/7] ublk: move device reset into ublk_ch_release()

by Jared Holzman

From: Ming Lei <ming.lei(a)redhat.com> ublk_ch_release() is called after ublk char device is closed, when all uring_cmd are done, so it is perfect fine to move ublk device reset to ublk_ch_release() from ublk_ctrl_start_recovery(). This way can avoid to grab the exiting daemon task_struct too long. However, reset of the following ublk IO flags has to be moved until ublk io_uring queues are ready: - ubq->canceling For requeuing IO in case of ublk_nosrv_dev_should_queue_io() before device is recovered - ubq->fail_io For failing IO in case of UBLK_F_USER_RECOVERY_FAIL_IO before device is recovered - ublk_io->flags For preventing using io->cmd With this way, recovery is simplified a lot. Signed-off-by: Ming Lei <ming.lei(a)redhat.com> Link: https://lore.kernel.org/r/20250416035444.99569-5-ming.lei@redhat.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- drivers/block/ublk_drv.c | 121 +++++++++++++++++++++++---------------- 1 file changed, 72 insertions(+), 49 deletions(-) diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c index 9345a6d8dbd8..c619df880c72 100644 --- a/drivers/block/ublk_drv.c +++ b/drivers/block/ublk_drv.c @@ -1043,7 +1043,7 @@ static inline struct ublk_uring_cmd_pdu *ublk_get_uring_cmd_pdu( static inline bool ubq_daemon_is_dying(struct ublk_queue *ubq) { - return ubq->ubq_daemon->flags & PF_EXITING; + return !ubq->ubq_daemon || ubq->ubq_daemon->flags & PF_EXITING; } /* todo: handle partial completion */ @@ -1440,6 +1440,37 @@ static const struct blk_mq_ops ublk_mq_ops = { .timeout = ublk_timeout, }; +static void ublk_queue_reinit(struct ublk_device *ub, struct ublk_queue *ubq) +{ + int i; + + /* All old ioucmds have to be completed */ + ubq->nr_io_ready = 0; + + /* + * old daemon is PF_EXITING, put it now + * + * It could be NULL in case of closing one quisced device. + */ + if (ubq->ubq_daemon) + put_task_struct(ubq->ubq_daemon); + /* We have to reset it to NULL, otherwise ub won't accept new FETCH_REQ */ + ubq->ubq_daemon = NULL; + ubq->timeout = false; + + for (i = 0; i < ubq->q_depth; i++) { + struct ublk_io *io = &ubq->ios[i]; + + /* + * UBLK_IO_FLAG_CANCELED is kept for avoiding to touch + * io->cmd + */ + io->flags &= UBLK_IO_FLAG_CANCELED; + io->cmd = NULL; + io->addr = 0; + } +} + static int ublk_ch_open(struct inode *inode, struct file *filp) { struct ublk_device *ub = container_of(inode->i_cdev, @@ -1451,10 +1482,26 @@ static int ublk_ch_open(struct inode *inode, struct file *filp) return 0; } +static void ublk_reset_ch_dev(struct ublk_device *ub) +{ + int i; + + for (i = 0; i < ub->dev_info.nr_hw_queues; i++) + ublk_queue_reinit(ub, ublk_get_queue(ub, i)); + + /* set to NULL, otherwise new ubq_daemon cannot mmap the io_cmd_buf */ + ub->mm = NULL; + ub->nr_queues_ready = 0; + ub->nr_privileged_daemon = 0; +} + static int ublk_ch_release(struct inode *inode, struct file *filp) { struct ublk_device *ub = filp->private_data; + /* all uring_cmd has been done now, reset device & ubq */ + ublk_reset_ch_dev(ub); + clear_bit(UB_STATE_OPEN, &ub->state); return 0; } @@ -1801,6 +1848,24 @@ static void ublk_nosrv_work(struct work_struct *work) ublk_cancel_dev(ub); } +/* reset ublk io_uring queue & io flags */ +static void ublk_reset_io_flags(struct ublk_device *ub) +{ + int i, j; + + for (i = 0; i < ub->dev_info.nr_hw_queues; i++) { + struct ublk_queue *ubq = ublk_get_queue(ub, i); + + /* UBLK_IO_FLAG_CANCELED can be cleared now */ + spin_lock(&ubq->cancel_lock); + for (j = 0; j < ubq->q_depth; j++) + ubq->ios[j].flags &= ~UBLK_IO_FLAG_CANCELED; + spin_unlock(&ubq->cancel_lock); + ubq->canceling = false; + ubq->fail_io = false; + } +} + /* device can only be started after all IOs are ready */ static void ublk_mark_io_ready(struct ublk_device *ub, struct ublk_queue *ubq) __must_hold(&ub->mutex) @@ -1814,8 +1879,12 @@ static void ublk_mark_io_ready(struct ublk_device *ub, struct ublk_queue *ubq) if (capable(CAP_SYS_ADMIN)) ub->nr_privileged_daemon++; } - if (ub->nr_queues_ready == ub->dev_info.nr_hw_queues) + + if (ub->nr_queues_ready == ub->dev_info.nr_hw_queues) { + /* now we are ready for handling ublk io request */ + ublk_reset_io_flags(ub); complete_all(&ub->completion); + } } static inline int ublk_check_cmd_op(u32 cmd_op) @@ -2866,42 +2935,15 @@ static int ublk_ctrl_set_params(struct ublk_device *ub, return ret; } -static void ublk_queue_reinit(struct ublk_device *ub, struct ublk_queue *ubq) -{ - int i; - - WARN_ON_ONCE(!(ubq->ubq_daemon && ubq_daemon_is_dying(ubq))); - - /* All old ioucmds have to be completed */ - ubq->nr_io_ready = 0; - /* old daemon is PF_EXITING, put it now */ - put_task_struct(ubq->ubq_daemon); - /* We have to reset it to NULL, otherwise ub won't accept new FETCH_REQ */ - ubq->ubq_daemon = NULL; - ubq->timeout = false; - - for (i = 0; i < ubq->q_depth; i++) { - struct ublk_io *io = &ubq->ios[i]; - - /* forget everything now and be ready for new FETCH_REQ */ - io->flags = 0; - io->cmd = NULL; - io->addr = 0; - } -} - static int ublk_ctrl_start_recovery(struct ublk_device *ub, struct io_uring_cmd *cmd) { const struct ublksrv_ctrl_cmd *header = io_uring_sqe_cmd(cmd->sqe); int ret = -EINVAL; - int i; mutex_lock(&ub->mutex); if (ublk_nosrv_should_stop_dev(ub)) goto out_unlock; - if (!ub->nr_queues_ready) - goto out_unlock; /* * START_RECOVERY is only allowd after: * @@ -2925,12 +2967,6 @@ static int ublk_ctrl_start_recovery(struct ublk_device *ub, goto out_unlock; } pr_devel("%s: start recovery for dev id %d.\n", __func__, header->dev_id); - for (i = 0; i < ub->dev_info.nr_hw_queues; i++) - ublk_queue_reinit(ub, ublk_get_queue(ub, i)); - /* set to NULL, otherwise new ubq_daemon cannot mmap the io_cmd_buf */ - ub->mm = NULL; - ub->nr_queues_ready = 0; - ub->nr_privileged_daemon = 0; init_completion(&ub->completion); ret = 0; out_unlock: @@ -2944,7 +2980,6 @@ static int ublk_ctrl_end_recovery(struct ublk_device *ub, const struct ublksrv_ctrl_cmd *header = io_uring_sqe_cmd(cmd->sqe); int ublksrv_pid = (int)header->data[0]; int ret = -EINVAL; - int i; pr_devel("%s: Waiting for new ubq_daemons(nr: %d) are ready, dev id %d...\n", __func__, ub->dev_info.nr_hw_queues, header->dev_id); @@ -2964,22 +2999,10 @@ static int ublk_ctrl_end_recovery(struct ublk_device *ub, goto out_unlock; } ub->dev_info.ublksrv_pid = ublksrv_pid; + ub->dev_info.state = UBLK_S_DEV_LIVE; pr_devel("%s: new ublksrv_pid %d, dev id %d\n", __func__, ublksrv_pid, header->dev_id); - - blk_mq_quiesce_queue(ub->ub_disk->queue); - ub->dev_info.state = UBLK_S_DEV_LIVE; - for (i = 0; i < ub->dev_info.nr_hw_queues; i++) { - struct ublk_queue *ubq = ublk_get_queue(ub, i); - - ubq->canceling = false; - ubq->fail_io = false; - } - blk_mq_unquiesce_queue(ub->ub_disk->queue); - pr_devel("%s: queue unquiesced, dev id %d.\n", - __func__, header->dev_id); blk_mq_kick_requeue_list(ub->ub_disk->queue); - ret = 0; out_unlock: mutex_unlock(&ub->mutex); -- 2.43.0

7 months

1
0
0 0

[PATCH v1 2/7] ublk: properly serialize all FETCH_REQs

by Jared Holzman

From: Uday Shankar <ushankar(a)purestorage.com> Most uring_cmds issued against ublk character devices are serialized because each command affects only one queue, and there is an early check which only allows a single task (the queue's ubq_daemon) to issue uring_cmds against that queue. However, this mechanism does not work for FETCH_REQs, since they are expected before ubq_daemon is set. Since FETCH_REQs are only used at initialization and not in the fast path, serialize them using the per-ublk-device mutex. This fixes a number of data races that were previously possible if a badly behaved ublk server decided to issue multiple FETCH_REQs against the same qid/tag concurrently. Reported-by: Caleb Sander Mateos <csander(a)purestorage.com> Signed-off-by: Uday Shankar <ushankar(a)purestorage.com> Signed-off-by: Ming Lei <ming.lei(a)redhat.com> Link: https://lore.kernel.org/r/20250416035444.99569-2-ming.lei@redhat.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- drivers/block/ublk_drv.c | 77 +++++++++++++++++++++++++--------------- 1 file changed, 49 insertions(+), 28 deletions(-) diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c index 4e81505179c6..9345a6d8dbd8 100644 --- a/drivers/block/ublk_drv.c +++ b/drivers/block/ublk_drv.c @@ -1803,8 +1803,8 @@ static void ublk_nosrv_work(struct work_struct *work) /* device can only be started after all IOs are ready */ static void ublk_mark_io_ready(struct ublk_device *ub, struct ublk_queue *ubq) + __must_hold(&ub->mutex) { - mutex_lock(&ub->mutex); ubq->nr_io_ready++; if (ublk_queue_ready(ubq)) { ubq->ubq_daemon = current; @@ -1816,7 +1816,6 @@ static void ublk_mark_io_ready(struct ublk_device *ub, struct ublk_queue *ubq) } if (ub->nr_queues_ready == ub->dev_info.nr_hw_queues) complete_all(&ub->completion); - mutex_unlock(&ub->mutex); } static inline int ublk_check_cmd_op(u32 cmd_op) @@ -1855,6 +1854,52 @@ static inline void ublk_prep_cancel(struct io_uring_cmd *cmd, io_uring_cmd_mark_cancelable(cmd, issue_flags); } +static int ublk_fetch(struct io_uring_cmd *cmd, struct ublk_queue *ubq, + struct ublk_io *io, __u64 buf_addr) +{ + struct ublk_device *ub = ubq->dev; + int ret = 0; + + /* + * When handling FETCH command for setting up ublk uring queue, + * ub->mutex is the innermost lock, and we won't block for handling + * FETCH, so it is fine even for IO_URING_F_NONBLOCK. + */ + mutex_lock(&ub->mutex); + /* UBLK_IO_FETCH_REQ is only allowed before queue is setup */ + if (ublk_queue_ready(ubq)) { + ret = -EBUSY; + goto out; + } + + /* allow each command to be FETCHed at most once */ + if (io->flags & UBLK_IO_FLAG_ACTIVE) { + ret = -EINVAL; + goto out; + } + + WARN_ON_ONCE(io->flags & UBLK_IO_FLAG_OWNED_BY_SRV); + + if (ublk_need_map_io(ubq)) { + /* + * FETCH_RQ has to provide IO buffer if NEED GET + * DATA is not enabled + */ + if (!buf_addr && !ublk_need_get_data(ubq)) + goto out; + } else if (buf_addr) { + /* User copy requires addr to be unset */ + ret = -EINVAL; + goto out; + } + + ublk_fill_io_cmd(io, cmd, buf_addr); + ublk_mark_io_ready(ub, ubq); +out: + mutex_unlock(&ub->mutex); + return ret; +} + static int __ublk_ch_uring_cmd(struct io_uring_cmd *cmd, unsigned int issue_flags, const struct ublksrv_io_cmd *ub_cmd) @@ -1907,33 +1952,9 @@ static int __ublk_ch_uring_cmd(struct io_uring_cmd *cmd, ret = -EINVAL; switch (_IOC_NR(cmd_op)) { case UBLK_IO_FETCH_REQ: - /* UBLK_IO_FETCH_REQ is only allowed before queue is setup */ - if (ublk_queue_ready(ubq)) { - ret = -EBUSY; - goto out; - } - /* - * The io is being handled by server, so COMMIT_RQ is expected - * instead of FETCH_REQ - */ - if (io->flags & UBLK_IO_FLAG_OWNED_BY_SRV) - goto out; - - if (ublk_need_map_io(ubq)) { - /* - * FETCH_RQ has to provide IO buffer if NEED GET - * DATA is not enabled - */ - if (!ub_cmd->addr && !ublk_need_get_data(ubq)) - goto out; - } else if (ub_cmd->addr) { - /* User copy requires addr to be unset */ - ret = -EINVAL; + ret = ublk_fetch(cmd, ubq, io, ub_cmd->addr); + if (ret) goto out; - } - - ublk_fill_io_cmd(io, cmd, ub_cmd->addr); - ublk_mark_io_ready(ub, ubq); break; case UBLK_IO_COMMIT_AND_FETCH_REQ: req = blk_mq_tag_to_rq(ub->tag_set.tags[ub_cmd->q_id], tag); -- 2.43.0

7 months

1
0
0 0

[PATCH v1 1/7] ublk: add helper of ublk_need_map_io()

by Jared Holzman

From: Ming Lei <ming.lei(a)redhat.com> ublk_need_map_io() is more readable. Reviewed-by: Caleb Sander Mateos <csander(a)purestorage.com> Signed-off-by: Ming Lei <ming.lei(a)redhat.com> Link: https://lore.kernel.org/r/20250327095123.179113-5-ming.lei@redhat.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> --- drivers/block/ublk_drv.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c index ab06a7a064fb..4e81505179c6 100644 --- a/drivers/block/ublk_drv.c +++ b/drivers/block/ublk_drv.c @@ -594,6 +594,11 @@ static inline bool ublk_support_user_copy(const struct ublk_queue *ubq) return ubq->flags & UBLK_F_USER_COPY; } +static inline bool ublk_need_map_io(const struct ublk_queue *ubq) +{ + return !ublk_support_user_copy(ubq); +} + static inline bool ublk_need_req_ref(const struct ublk_queue *ubq) { /* @@ -921,7 +926,7 @@ static int ublk_map_io(const struct ublk_queue *ubq, const struct request *req, { const unsigned int rq_bytes = blk_rq_bytes(req); - if (ublk_support_user_copy(ubq)) + if (!ublk_need_map_io(ubq)) return rq_bytes; /* @@ -945,7 +950,7 @@ static int ublk_unmap_io(const struct ublk_queue *ubq, { const unsigned int rq_bytes = blk_rq_bytes(req); - if (ublk_support_user_copy(ubq)) + if (!ublk_need_map_io(ubq)) return rq_bytes; if (ublk_need_unmap_req(req)) { @@ -1914,7 +1919,7 @@ static int __ublk_ch_uring_cmd(struct io_uring_cmd *cmd, if (io->flags & UBLK_IO_FLAG_OWNED_BY_SRV) goto out; - if (!ublk_support_user_copy(ubq)) { + if (ublk_need_map_io(ubq)) { /* * FETCH_RQ has to provide IO buffer if NEED GET * DATA is not enabled @@ -1936,7 +1941,7 @@ static int __ublk_ch_uring_cmd(struct io_uring_cmd *cmd, if (!(io->flags & UBLK_IO_FLAG_OWNED_BY_SRV)) goto out; - if (!ublk_support_user_copy(ubq)) { + if (ublk_need_map_io(ubq)) { /* * COMMIT_AND_FETCH_REQ has to provide IO buffer if * NEED GET DATA is not enabled or it is Read IO. -- 2.43.0

7 months

1
0
0 0

[PATCH AUTOSEL 5.4 1/3] pinctrl: meson: define the pull up/down resistor value as 60 kOhm

by Sasha Levin

From: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> [ Upstream commit e56088a13708757da68ad035269d69b93ac8c389 ] The public datasheets of the following Amlogic SoCs describe a typical resistor value for the built-in pull up/down resistor: - Meson8/8b/8m2: not documented - GXBB (S905): 60 kOhm - GXL (S905X): 60 kOhm - GXM (S912): 60 kOhm - G12B (S922X): 60 kOhm - SM1 (S905D3): 60 kOhm The public G12B and SM1 datasheets additionally state min and max values: - min value: 50 kOhm for both, pull-up and pull-down - max value for the pull-up: 70 kOhm - max value for the pull-down: 130 kOhm Use 60 kOhm in the pinctrl-meson driver as well so it's shown in the debugfs output. It may not be accurate for Meson8/8b/8m2 but in reality 60 kOhm is closer to the actual value than 1 Ohm. Signed-off-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/20250329190132.855196-1-martin.blumenstingl@googlem… Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pinctrl/meson/pinctrl-meson.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pinctrl/meson/pinctrl-meson.c b/drivers/pinctrl/meson/pinctrl-meson.c index aba479a1150c8..f3b381370e5ed 100644 --- a/drivers/pinctrl/meson/pinctrl-meson.c +++ b/drivers/pinctrl/meson/pinctrl-meson.c @@ -480,7 +480,7 @@ static int meson_pinconf_get(struct pinctrl_dev *pcdev, unsigned int pin, case PIN_CONFIG_BIAS_PULL_DOWN: case PIN_CONFIG_BIAS_PULL_UP: if (meson_pinconf_get_pull(pc, pin) == param) - arg = 1; + arg = 60000; else return -EINVAL; break; -- 2.39.5

7 months

1
2
0 0

[PATCH AUTOSEL 5.10 1/4] pinctrl: meson: define the pull up/down resistor value as 60 kOhm

by Sasha Levin

From: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> [ Upstream commit e56088a13708757da68ad035269d69b93ac8c389 ] The public datasheets of the following Amlogic SoCs describe a typical resistor value for the built-in pull up/down resistor: - Meson8/8b/8m2: not documented - GXBB (S905): 60 kOhm - GXL (S905X): 60 kOhm - GXM (S912): 60 kOhm - G12B (S922X): 60 kOhm - SM1 (S905D3): 60 kOhm The public G12B and SM1 datasheets additionally state min and max values: - min value: 50 kOhm for both, pull-up and pull-down - max value for the pull-up: 70 kOhm - max value for the pull-down: 130 kOhm Use 60 kOhm in the pinctrl-meson driver as well so it's shown in the debugfs output. It may not be accurate for Meson8/8b/8m2 but in reality 60 kOhm is closer to the actual value than 1 Ohm. Signed-off-by: Martin Blumenstingl <martin.blumenstingl(a)googlemail.com> Reviewed-by: Neil Armstrong <neil.armstrong(a)linaro.org> Link: https://lore.kernel.org/20250329190132.855196-1-martin.blumenstingl@googlem… Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/pinctrl/meson/pinctrl-meson.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/pinctrl/meson/pinctrl-meson.c b/drivers/pinctrl/meson/pinctrl-meson.c index 20683cd072bb0..ae72edba8a1f0 100644 --- a/drivers/pinctrl/meson/pinctrl-meson.c +++ b/drivers/pinctrl/meson/pinctrl-meson.c @@ -483,7 +483,7 @@ static int meson_pinconf_get(struct pinctrl_dev *pcdev, unsigned int pin, case PIN_CONFIG_BIAS_PULL_DOWN: case PIN_CONFIG_BIAS_PULL_UP: if (meson_pinconf_get_pull(pc, pin) == param) - arg = 1; + arg = 60000; else return -EINVAL; break; -- 2.39.5

7 months

1
3
0 0

[PATCH AUTOSEL 5.15 1/5] ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of()

by Sasha Levin

From: Chenyuan Yang <chenyuan0y(a)gmail.com> [ Upstream commit a9a69c3b38c89d7992fb53db4abb19104b531d32 ] Incorrect types are used as sizeof() arguments in devm_kcalloc(). It should be sizeof(dai_link_data) for link_data instead of sizeof(snd_soc_dai_link). This is found by our static analysis tool. Signed-off-by: Chenyuan Yang <chenyuan0y(a)gmail.com> Link: https://patch.msgid.link/20250406210854.149316-1-chenyuan0y@gmail.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/fsl/imx-card.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/soc/fsl/imx-card.c b/sound/soc/fsl/imx-card.c index 2b64c0384b6bb..9b14cda56b068 100644 --- a/sound/soc/fsl/imx-card.c +++ b/sound/soc/fsl/imx-card.c @@ -517,7 +517,7 @@ static int imx_card_parse_of(struct imx_card_data *data) if (!card->dai_link) return -ENOMEM; - data->link_data = devm_kcalloc(dev, num_links, sizeof(*link), GFP_KERNEL); + data->link_data = devm_kcalloc(dev, num_links, sizeof(*link_data), GFP_KERNEL); if (!data->link_data) return -ENOMEM; -- 2.39.5

7 months

1
4
0 0

[PATCH AUTOSEL 6.1 1/6] ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of()

by Sasha Levin

From: Chenyuan Yang <chenyuan0y(a)gmail.com> [ Upstream commit a9a69c3b38c89d7992fb53db4abb19104b531d32 ] Incorrect types are used as sizeof() arguments in devm_kcalloc(). It should be sizeof(dai_link_data) for link_data instead of sizeof(snd_soc_dai_link). This is found by our static analysis tool. Signed-off-by: Chenyuan Yang <chenyuan0y(a)gmail.com> Link: https://patch.msgid.link/20250406210854.149316-1-chenyuan0y@gmail.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/fsl/imx-card.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/soc/fsl/imx-card.c b/sound/soc/fsl/imx-card.c index c6d55b21f9496..11430f9f49968 100644 --- a/sound/soc/fsl/imx-card.c +++ b/sound/soc/fsl/imx-card.c @@ -517,7 +517,7 @@ static int imx_card_parse_of(struct imx_card_data *data) if (!card->dai_link) return -ENOMEM; - data->link_data = devm_kcalloc(dev, num_links, sizeof(*link), GFP_KERNEL); + data->link_data = devm_kcalloc(dev, num_links, sizeof(*link_data), GFP_KERNEL); if (!data->link_data) return -ENOMEM; -- 2.39.5

7 months

1
5
0 0

[PATCH AUTOSEL 6.6 01/12] ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of()

by Sasha Levin

From: Chenyuan Yang <chenyuan0y(a)gmail.com> [ Upstream commit a9a69c3b38c89d7992fb53db4abb19104b531d32 ] Incorrect types are used as sizeof() arguments in devm_kcalloc(). It should be sizeof(dai_link_data) for link_data instead of sizeof(snd_soc_dai_link). This is found by our static analysis tool. Signed-off-by: Chenyuan Yang <chenyuan0y(a)gmail.com> Link: https://patch.msgid.link/20250406210854.149316-1-chenyuan0y@gmail.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/fsl/imx-card.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/soc/fsl/imx-card.c b/sound/soc/fsl/imx-card.c index 7128bcf3a743e..bb304de5cc38a 100644 --- a/sound/soc/fsl/imx-card.c +++ b/sound/soc/fsl/imx-card.c @@ -517,7 +517,7 @@ static int imx_card_parse_of(struct imx_card_data *data) if (!card->dai_link) return -ENOMEM; - data->link_data = devm_kcalloc(dev, num_links, sizeof(*link), GFP_KERNEL); + data->link_data = devm_kcalloc(dev, num_links, sizeof(*link_data), GFP_KERNEL); if (!data->link_data) return -ENOMEM; -- 2.39.5

7 months

1
11
0 0

[PATCH AUTOSEL 6.12 01/18] ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of()

by Sasha Levin

From: Chenyuan Yang <chenyuan0y(a)gmail.com> [ Upstream commit a9a69c3b38c89d7992fb53db4abb19104b531d32 ] Incorrect types are used as sizeof() arguments in devm_kcalloc(). It should be sizeof(dai_link_data) for link_data instead of sizeof(snd_soc_dai_link). This is found by our static analysis tool. Signed-off-by: Chenyuan Yang <chenyuan0y(a)gmail.com> Link: https://patch.msgid.link/20250406210854.149316-1-chenyuan0y@gmail.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/fsl/imx-card.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/soc/fsl/imx-card.c b/sound/soc/fsl/imx-card.c index 93dbe40008c00..e5ae435171d68 100644 --- a/sound/soc/fsl/imx-card.c +++ b/sound/soc/fsl/imx-card.c @@ -516,7 +516,7 @@ static int imx_card_parse_of(struct imx_card_data *data) if (!card->dai_link) return -ENOMEM; - data->link_data = devm_kcalloc(dev, num_links, sizeof(*link), GFP_KERNEL); + data->link_data = devm_kcalloc(dev, num_links, sizeof(*link_data), GFP_KERNEL); if (!data->link_data) return -ENOMEM; -- 2.39.5

7 months

1
17
0 0

[PATCH AUTOSEL 6.14 01/20] ASoC: imx-card: Adjust over allocation of memory in imx_card_parse_of()

by Sasha Levin

From: Chenyuan Yang <chenyuan0y(a)gmail.com> [ Upstream commit a9a69c3b38c89d7992fb53db4abb19104b531d32 ] Incorrect types are used as sizeof() arguments in devm_kcalloc(). It should be sizeof(dai_link_data) for link_data instead of sizeof(snd_soc_dai_link). This is found by our static analysis tool. Signed-off-by: Chenyuan Yang <chenyuan0y(a)gmail.com> Link: https://patch.msgid.link/20250406210854.149316-1-chenyuan0y@gmail.com Signed-off-by: Mark Brown <broonie(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- sound/soc/fsl/imx-card.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/soc/fsl/imx-card.c b/sound/soc/fsl/imx-card.c index 21f617f6f9fa8..566214cb3d60c 100644 --- a/sound/soc/fsl/imx-card.c +++ b/sound/soc/fsl/imx-card.c @@ -543,7 +543,7 @@ static int imx_card_parse_of(struct imx_card_data *data) if (!card->dai_link) return -ENOMEM; - data->link_data = devm_kcalloc(dev, num_links, sizeof(*link), GFP_KERNEL); + data->link_data = devm_kcalloc(dev, num_links, sizeof(*link_data), GFP_KERNEL); if (!data->link_data) return -ENOMEM; -- 2.39.5

7 months

1
19
0 0

[PATCH] vfio/pci: Align huge faults to order

by Alex Williamson

The vfio-pci huge_fault handler doesn't make any attempt to insert a mapping containing the faulting address, it only inserts mappings if the faulting address and resulting pfn are aligned. This works in a lot of cases, particularly in conjunction with QEMU where DMA mappings linearly fault the mmap. However, there are configurations where we don't get that linear faulting and pages are faulted on-demand. The scenario reported in the bug below is such a case, where the physical address width of the CPU is greater than that of the IOMMU, resulting in a VM where guest firmware has mapped device MMIO beyond the address width of the IOMMU. In this configuration, the MMIO is faulted on demand and tracing indicates that occasionally the faults generate a VM_FAULT_OOM. Given the use case, this results in a "error: kvm run failed Bad address", killing the VM. The host is not under memory pressure in this test, therefore it's suspected that VM_FAULT_OOM is actually the result of a NULL return from __pte_offset_map_lock() in the get_locked_pte() path from insert_pfn(). This suggests a potential race inserting a pte concurrent to a pmd, and maybe indicates some deficiency in the mm layer properly handling such a case. Nevertheless, Peter noted the inconsistency of vfio-pci's huge_fault handler where our mapping granularity depends on the alignment of the faulting address relative to the order rather than aligning the faulting address to the order to more consistently insert huge mappings. This change not only uses the page tables more consistently and efficiently, but as any fault to an aligned page results in the same mapping, the race condition suspected in the VM_FAULT_OOM is avoided. Reported-by: Adolfo <adolfotregosa(a)gmail.com> Link: https://bugzilla.kernel.org/show_bug.cgi?id=220057 Fixes: 09dfc8a5f2ce ("vfio/pci: Fallback huge faults for unaligned pfn") Cc: stable(a)vger.kernel.org Tested-by: Adolfo <adolfotregosa(a)gmail.com> Co-developed-by: Peter Xu <peterx(a)redhat.com> Signed-off-by: Alex Williamson <alex.williamson(a)redhat.com> --- drivers/vfio/pci/vfio_pci_core.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/vfio/pci/vfio_pci_core.c b/drivers/vfio/pci/vfio_pci_core.c index 35f9046af315..6328c3a05bcd 100644 --- a/drivers/vfio/pci/vfio_pci_core.c +++ b/drivers/vfio/pci/vfio_pci_core.c @@ -1646,14 +1646,14 @@ static vm_fault_t vfio_pci_mmap_huge_fault(struct vm_fault *vmf, { struct vm_area_struct *vma = vmf->vma; struct vfio_pci_core_device *vdev = vma->vm_private_data; - unsigned long pfn, pgoff = vmf->pgoff - vma->vm_pgoff; + unsigned long addr = vmf->address & ~((PAGE_SIZE << order) - 1); + unsigned long pgoff = (addr - vma->vm_start) >> PAGE_SHIFT; + unsigned long pfn = vma_to_pfn(vma) + pgoff; vm_fault_t ret = VM_FAULT_SIGBUS; - pfn = vma_to_pfn(vma) + pgoff; - - if (order && (pfn & ((1 << order) - 1) || - vmf->address & ((PAGE_SIZE << order) - 1) || - vmf->address + (PAGE_SIZE << order) > vma->vm_end)) { + if (order && (addr < vma->vm_start || + addr + (PAGE_SIZE << order) > vma->vm_end || + pfn & ((1 << order) - 1))) { ret = VM_FAULT_FALLBACK; goto out; } -- 2.48.1

7 months

2
2
0 0

Re: sound/pci/hda: add quirk for HP Spectre x360 15-eb0xxx

by Takashi Iwai

On Tue, 06 May 2025 12:11:26 +0200, Ezra Khuzadi wrote: > > > Hi Takashi, Jaroslav, all maintainers, > > Could you please review it or let me know if any changes are needed? This is > my first kernel patch as a student, and I’d appreciate any feedback. I guess you submitted to a wrong address. The proper mailing list is linux-sound(a)vger.kernel.org. Please try to resubmit. And, make sure that your mailer doesn't break tabs and whitespaces. You can test sending to yourself and verify that the submitted patch is properly applicable beforehand. thanks, Takashi > > Thanks, > Ezra Khuzadi > > On Wed, Apr 30, 2025 at 1:43 AM Ezra Khuzadi <ekhuzadi(a)uci.edu> wrote: > > sound/pci/hda/patch_realtek.c: add quirk for HP Spectre x360 15-eb0xxx > > Add subsystem ID 0x86e5 for HP Spectre x360 15-eb0xxx so that > ALC285_FIXUP_HP_SPECTRE_X360_EB1 (GPIO amp-enable, mic-mute LED and > pinconfigs) is applied. > > Tested on HP Spectre x360 15-eb0043dx (Vendor 0x10ec0285, Subsys > 0x103c86e5) > with legacy HDA driver and hda-verb toggles: > > $ cat /proc/asound/card0/codec#0 \ > | sed -n -e '1,5p;/Vendor Id:/p;/Subsystem Id:/p' > Codec: Realtek ALC285 > Vendor Id: 0x10ec0285 > Subsystem Id: 0x103c86e5 > > $ dmesg | grep -i realtek > [ 5.828728] snd_hda_codec_realtek ehdaudio0D0: ALC285: picked fixup > for PCI SSID 103c:86e5 > > Signed-off-by: Ezra Khuzadi <ekhuzadi(a)uci.edu> > Cc: stable(a)vger.kernel.org > > --- > sound/pci/hda/patch_realtek.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c > index 877137cb09ac..82ad105e7fa9 100644 > --- a/sound/pci/hda/patch_realtek.c > +++ b/sound/pci/hda/patch_realtek.c > @@ -10563,6 +10563,7 @@ static const struct hda_quirk alc269_fixup_tbl[] = > { > SND_PCI_QUIRK(0x103c, 0x86c7, "HP Envy AiO 32", > ALC274_FIXUP_HP_ENVY_GPIO), > + SND_PCI_QUIRK(0x103c, 0x86e5, "HP Spectre x360 15-eb0xxx", > ALC285_FIXUP_HP_SPECTRE_X360_EB1), > SND_PCI_QUIRK(0x103c, 0x86e7, "HP Spectre x360 15-eb0xxx", > ALC285_FIXUP_HP_SPECTRE_X360_EB1), > SND_PCI_QUIRK(0x103c, 0x86e8, "HP Spectre x360 15-eb0xxx", > ALC285_FIXUP_HP_SPECTRE_X360_EB1), > SND_PCI_QUIRK(0x103c, 0x86f9, "HP Spectre x360 13-aw0xxx", > ALC285_FIXUP_HP_SPECTRE_X360_MUTE_LED), > > On Wed, Apr 30, 2025 at 1:33 AM kernel test robot <lkp(a)intel.com> wrote: > > > > Hi, > > > > Thanks for your patch. > > > > FYI: kernel test robot notices the stable kernel rule is not satisfied. > > > > The check is based on > https://urldefense.com/v3/__https://www.kernel.org/doc/html/latest/process/… > > > > Rule: add the tag "Cc: stable(a)vger.kernel.org" in the sign-off area to > have the patch automatically included in the stable tree. > > Subject: sound/pci/hda: add quirk for HP Spectre x360 15-eb0xxx > > Link: > https://urldefense.com/v3/__https://lore.kernel.org/stable/CAPXr0uxh0c_2b2-… > > > > -- > > 0-DAY CI Kernel Test Service > > > https://urldefense.com/v3/__https://github.com/intel/lkp-tests/wiki__;!!CzA… > > > > > > >

7 months

1
0
0 0

[PATCH net 5/6] can: mcan: m_can_class_unregister(): fix order of unregistration calls

by Marc Kleine-Budde

If a driver is removed, the driver framework invokes the driver's remove callback. A CAN driver's remove function calls unregister_candev(), which calls net_device_ops::ndo_stop further down in the call stack for interfaces which are in the "up" state. The removal of the module causes a warning, as can_rx_offload_del() deletes the NAPI, while it is still active, because the interface is still up. To fix the warning, first unregister the network interface, which calls net_device_ops::ndo_stop, which disables the NAPI, and then call can_rx_offload_del(). Fixes: 1be37d3b0414 ("can: m_can: fix periph RX path: use rx-offload to ensure skbs are sent from softirq context") Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20250502-can-rx-offload-del-v1-3-59a9b131589d@peng… Reviewed-by: Markus Schneider-Pargmann <msp(a)baylibre.com> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/m_can/m_can.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/can/m_can/m_can.c b/drivers/net/can/m_can/m_can.c index 326ede9d400f..c2c116ce1087 100644 --- a/drivers/net/can/m_can/m_can.c +++ b/drivers/net/can/m_can/m_can.c @@ -2463,9 +2463,9 @@ EXPORT_SYMBOL_GPL(m_can_class_register); void m_can_class_unregister(struct m_can_classdev *cdev) { + unregister_candev(cdev->net); if (cdev->is_peripheral) can_rx_offload_del(&cdev->offload); - unregister_candev(cdev->net); } EXPORT_SYMBOL_GPL(m_can_class_unregister); -- 2.47.2

7 months

2
1
0 0

[PATCH net 4/6] can: rockchip_canfd: rkcanfd_remove(): fix order of unregistration calls

by Marc Kleine-Budde

If a driver is removed, the driver framework invokes the driver's remove callback. A CAN driver's remove function calls unregister_candev(), which calls net_device_ops::ndo_stop further down in the call stack for interfaces which are in the "up" state. The removal of the module causes a warning, as can_rx_offload_del() deletes the NAPI, while it is still active, because the interface is still up. To fix the warning, first unregister the network interface, which calls net_device_ops::ndo_stop, which disables the NAPI, and then call can_rx_offload_del(). Fixes: ff60bfbaf67f ("can: rockchip_canfd: add driver for Rockchip CAN-FD controller") Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20250502-can-rx-offload-del-v1-2-59a9b131589d@peng… Reviewed-by: Markus Schneider-Pargmann <msp(a)baylibre.com> Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/rockchip/rockchip_canfd-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/can/rockchip/rockchip_canfd-core.c b/drivers/net/can/rockchip/rockchip_canfd-core.c index 7107a37da36c..c3fb3176ce42 100644 --- a/drivers/net/can/rockchip/rockchip_canfd-core.c +++ b/drivers/net/can/rockchip/rockchip_canfd-core.c @@ -937,8 +937,8 @@ static void rkcanfd_remove(struct platform_device *pdev) struct rkcanfd_priv *priv = platform_get_drvdata(pdev); struct net_device *ndev = priv->ndev; - can_rx_offload_del(&priv->offload); rkcanfd_unregister(priv); + can_rx_offload_del(&priv->offload); free_candev(ndev); } -- 2.47.2

7 months

2
1
0 0

[PATCH net 3/6] can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls

by Marc Kleine-Budde

If a driver is removed, the driver framework invokes the driver's remove callback. A CAN driver's remove function calls unregister_candev(), which calls net_device_ops::ndo_stop further down in the call stack for interfaces which are in the "up" state. With the mcp251xfd driver the removal of the module causes the following warning: | WARNING: CPU: 0 PID: 352 at net/core/dev.c:7342 __netif_napi_del_locked+0xc8/0xd8 as can_rx_offload_del() deletes the NAPI, while it is still active, because the interface is still up. To fix the warning, first unregister the network interface, which calls net_device_ops::ndo_stop, which disables the NAPI, and then call can_rx_offload_del(). Fixes: 55e5b97f003e ("can: mcp25xxfd: add driver for Microchip MCP25xxFD SPI CAN") Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20250502-can-rx-offload-del-v1-1-59a9b131589d@peng… Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c b/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c index 064d81c724f4..c30b04f8fc0d 100644 --- a/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c +++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c @@ -2198,8 +2198,8 @@ static void mcp251xfd_remove(struct spi_device *spi) struct mcp251xfd_priv *priv = spi_get_drvdata(spi); struct net_device *ndev = priv->ndev; - can_rx_offload_del(&priv->offload); mcp251xfd_unregister(priv); + can_rx_offload_del(&priv->offload); spi->max_speed_hz = priv->spi_max_speed_hz_orig; free_candev(ndev); } -- 2.47.2

7 months

2
1
0 0

[regression 6.1.y] discard/TRIM through RAID10 blocking (was: Re: Bug#1104460: linux-image-6.1.0-34-powerpc64le: Discard broken) with RAID10: BUG: kernel tried to execute user page (0) - exploit attempt?

by Salvatore Bonaccorso

Hi We got a regression report in Debian after the update from 6.1.133 to 6.1.135. Melvin is reporting that discard/trimm trhough a RAID10 array stalls idefintively. The full report is inlined below and originates from https://bugs.debian.org/1104460 . On Wed, Apr 30, 2025 at 04:46:50PM +0200, Melvin Vermeeren wrote: > Package: src:linux > Version: 6.1.135-1 > Severity: important > Tags: upstream > X-Debbugs-Cc: vermeeren(a)vermwa.re > > Dear Maintainer, > > Upgrading from linux-image-6.1.0-33-powerpc64le (6.1.133-1) to > linux-image-6.1.0-34-powerpc64le (6.1.135-1) it appears there is a > serious regression bug related to discard/TRIM through a RAID10 array. > This only affects RAID10, RAID1 array on the same SSD device is not > affected. Array in question is a fairly standard RAID10 in 2far layout. > > md127 : active raid10 dm-1[2] dm-0[0] > 1872188416 blocks super 1.2 512K chunks 2 far-copies [2/2] [UU] > bitmap: 1/1 pages [64KB], 65536KB chunk > > Any discard operation will result in quite a long kernel error. The > calling process will either segfault (swapon) or, more likely, be stuck > forever (Qemu, fstrim) in the D state per htop. The iostat utility > reports a %util of 100% for any device on top of (directly or > indirectly) of the RAID10 device, despite there being no read or write > requests to the devices or any other acitivty. > > Stuck processes cannot be terminated or killed. Attempting to reboot > normally will result in a stuck machine on shutdown, so only a > REISUB-style reboot will work via procfs sysrq. > > I have briefly diffed and inspected commits between the two kernel > versions and I suspect the commit below may be at fault. Do keep in mind > I have not verified this in any way, so I may be wrong. > > https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… > > Considering this is shipped as part of a stable security update I > consider it quite a serious bug. Affected hosts will not boot up > cleanly, may not have swap, processes will freeze upon discard and clean > reboot it also not possible. > > More logs available upon request. > > Many thanks, > > Melvin Vermeeren. > > -- Package-specific info: > ** Version: > Linux version 6.1.0-34-powerpc64le (debian-kernel(a)lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP Debian 6.1.135-1 (2025-04-25) > > ** Command line: > root=/dev/mapper/...-root ro quiet > > ** Not tainted > > ** Kernel log: > # /etc/fstab entry > /dev/.../swap none swap sw,discard=once 0 0 > > ~# swapon -va > swapon: /dev/mapper/...-swap: found signature [pagesize=65536, signature=swap] > swapon: /dev/mapper/...-swap: pagesize=65536, swapsize=17179869184, devsize=17179869184 > swapon /dev/mapper/...-swap > Segmentation fault > > ~# dmesg > ... > [ 223.017257] kernel tried to execute user page (0) - exploit attempt? (uid: 0) > [ 223.017287] BUG: Unable to handle kernel instruction fetch (NULL pointer?) > [ 223.017301] Faulting instruction address: 0x00000000 > [ 223.017326] Oops: Kernel access of bad area, sig: 11 [#1] > [ 223.017338] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV > [ 223.017365] Modules linked in: bridge stp llc binfmt_misc nft_connlimit nf_conncount ast drm_vram_helper drm_ttm_helper ofpart ipmi_powernv ttm ipmi_devintf powernv_flash at24 mtd ipmi_msghandler opal_prd regmap_i2c drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops i2c_algo_bit sg nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nf_tables nfnetlink drm loop fuse drm_panel_orientation_quirks configfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 dm_crypt dm_integrity dm_bufio dm_mod macvlan raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod sd_mod t10_pi crc64_rocksoft_generic crc64_rocksoft crc_t10dif crct10dif_generic crc64 crct10dif_common xhci_pci xts ecb xhci_hcd ctr vmx_crypto gf128mul crc32c_vpmsum tg3 mpt3sas usbcore raid_class libphy scsi_transport_sas usb_common > [ 223.017812] CPU: 8 PID: 10609 Comm: swapon Not tainted 6.1.0-34-powerpc64le #1 Debian 6.1.135-1 > [ 223.017844] Hardware name: T2P9D01 REV 1.01 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV > [ 223.017879] NIP: 0000000000000000 LR: c0000000003efe70 CTR: 0000000000000000 > [ 223.017926] REGS: c0000000276cf200 TRAP: 0400 Not tainted (6.1.0-34-powerpc64le Debian 6.1.135-1) > [ 223.017979] MSR: 900000004280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 24004480 XER: 00000004 > [ 223.018060] CFAR: c0000000003efe6c IRQMASK: 0 > GPR00: c0000000003efec4 c0000000276cf4a0 c000000001148100 0000000000092800 > GPR04: 0000000000000000 0000000000000003 0000000000000c00 c00000000296e700 > GPR08: c00000000c0e9700 00000c0000090800 0000000000000000 0000000000002000 > GPR12: 0000000000000000 c000001ffffd9800 c0000000446b8c00 0000000000000000 > GPR16: 0000000000000400 0000000000000000 0000000000000001 000000000000c812 > GPR20: 000000000000c911 c0000000170c5700 c00000000296e718 c00000000296e3f0 > GPR24: 0000000000000000 00000000000003ff 0000000000000000 0000000000000c00 > GPR28: c000200009e2dd00 c00000000296e718 00000c0000092800 0000000000092c00 > [ 223.018372] NIP [0000000000000000] 0x0 > [ 223.018397] LR [c0000000003efe70] mempool_alloc+0xa0/0x210 > [ 223.018435] Call Trace: > [ 223.018453] [c0000000276cf4a0] [c0000000003efec4] mempool_alloc+0xf4/0x210 (unreliable) > [ 223.018507] [c0000000276cf520] [c000000000743bf8] bio_alloc_bioset+0x368/0x510 > [ 223.018552] [c0000000276cf5a0] [c000000000743e74] bio_alloc_clone+0x44/0xa0 > [ 223.018601] [c0000000276cf5e0] [c008000015793adc] md_account_bio+0x54/0xb0 [md_mod] > [ 223.018655] [c0000000276cf610] [c00800001567778c] raid10_make_request+0xc54/0x1040 [raid10] > [ 223.018687] [c0000000276cf770] [c00800001579a290] md_handle_request+0x198/0x380 [md_mod] > [ 223.018735] [c0000000276cf800] [c00000000074c32c] __submit_bio+0x9c/0x250 > [ 223.018773] [c0000000276cf840] [c00000000074ca88] submit_bio_noacct_nocheck+0x178/0x3f0 > [ 223.018825] [c0000000276cf8b0] [c000000000743e08] blk_next_bio+0x68/0x90 > [ 223.018863] [c0000000276cf8e0] [c000000000758c60] __blkdev_issue_discard+0x180/0x280 > [ 223.018898] [c0000000276cf980] [c000000000758de8] blkdev_issue_discard+0x88/0x120 > [ 223.018927] [c0000000276cfa00] [c0000000004a9e8c] sys_swapon+0x11dc/0x18a0 > [ 223.018971] [c0000000276cfb50] [c00000000002b038] system_call_exception+0x138/0x260 > [ 223.019015] [c0000000276cfe10] [c00000000000c0f0] system_call_vectored_common+0xf0/0x280 > [ 223.019058] --- interrupt: 3000 at 0x7fff95146770 > [ 223.019095] NIP: 00007fff95146770 LR: 00007fff95146770 CTR: 0000000000000000 > [ 223.019132] REGS: c0000000276cfe80 TRAP: 3000 Not tainted (6.1.0-34-powerpc64le Debian 6.1.135-1) > [ 223.019182] MSR: 900000000280f033 <SF,HV,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE> CR: 48002481 XER: 00000000 > [ 223.019267] IRQMASK: 0 > GPR00: 0000000000000057 00007fffdca2ace0 00007fff95256f00 00000001220a1c20 > GPR04: 0000000000030000 000000000000001e 000000000000000a 000000000000000a > GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 > GPR12: 0000000000000000 00007fff955dcbc0 0000000000000000 0000000000000000 > GPR16: 0000000000000000 00000001104066b0 00007fffdca2afc8 000000011040cbd0 > GPR20: 000000011040cbd8 0000000000000000 0000000000010000 00007fffdca2aff0 > GPR24: 00007fffdca2afd0 0000000000000003 0000000000030000 0000000400000000 > GPR28: 00000001220a1c20 000000000000fff6 00000001220a30a0 0000000000100000 > [ 223.019542] NIP [00007fff95146770] 0x7fff95146770 > [ 223.019568] LR [00007fff95146770] 0x7fff95146770 > [ 223.019595] --- interrupt: 3000 > [ 223.019604] Instruction dump: > [ 223.019626] XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX > [ 223.019665] XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX > [ 223.019712] ---[ end trace 0000000000000000 ]--- > > [ 224.623456] note: swapon[10609] exited with irqs disabled > [ 224.623483] ------------[ cut here ]------------ > [ 224.623502] WARNING: CPU: 8 PID: 10609 at kernel/exit.c:816 do_exit+0x94/0xbc0 > [ 224.623516] Modules linked in: bridge stp llc binfmt_misc nft_connlimit nf_conncount ast drm_vram_helper drm_ttm_helper ofpart ipmi_powernv ttm ipmi_devintf powernv_flash at24 mtd ipmi_msghandler opal_prd regmap_i2c drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops i2c_algo_bit sg nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nf_tables nfnetlink drm loop fuse drm_panel_orientation_quirks configfs ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 dm_crypt dm_integrity dm_bufio dm_mod macvlan raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod sd_mod t10_pi crc64_rocksoft_generic crc64_rocksoft crc_t10dif crct10dif_generic crc64 crct10dif_common xhci_pci xts ecb xhci_hcd ctr vmx_crypto gf128mul crc32c_vpmsum tg3 mpt3sas usbcore raid_class libphy scsi_transport_sas usb_common > [ 224.623825] CPU: 8 PID: 10609 Comm: swapon Tainted: G D 6.1.0-34-powerpc64le #1 Debian 6.1.135-1 > [ 224.623860] Hardware name: T2P9D01 REV 1.01 POWER9 0x4e1202 opal:skiboot-bc106a0 PowerNV > [ 224.623892] NIP: c000000000140fa4 LR: c000000000140fa0 CTR: 0000000000000000 > [ 224.623935] REGS: c0000000276cecb0 TRAP: 0700 Tainted: G D (6.1.0-34-powerpc64le Debian 6.1.135-1) > [ 224.623969] MSR: 9000000002029033 <SF,HV,VEC,EE,ME,IR,DR,RI,LE> CR: 24004222 XER: 00000004 > [ 224.624012] CFAR: c00000000013ea68 IRQMASK: 0 > GPR00: c000000000140fa0 c0000000276cef50 c000000001148100 0000000000000000 > GPR04: 0000000000000000 c0000000276cee20 c0000000276cee18 0000001ffb000000 > GPR08: 0000000000000027 c0000000276cf9b0 0000000000000000 0000000000004000 > GPR12: 0000000031c40000 c000001ffffd9800 c0000000446b8c00 0000000000000000 > GPR16: 0000000000000400 0000000000000000 0000000000000001 000000000000c812 > GPR20: 000000000000c911 c0000000170c5700 c00000000296e718 c00000000296e3f0 > GPR24: 0000000000000000 00000000000003ff 0000000000000000 0000000000000c00 > GPR28: 000000000000000b c00000001ce25d80 c000000078409c00 c000000026529d80 > [ 224.624208] NIP [c000000000140fa4] do_exit+0x94/0xbc0 > [ 224.624239] LR [c000000000140fa0] do_exit+0x90/0xbc0 > [ 224.624269] Call Trace: > [ 224.624274] [c0000000276cef50] [c000000000140fa0] do_exit+0x90/0xbc0 (unreliable) > [ 224.624308] [c0000000276cf020] [c000000000141b80] make_task_dead+0xb0/0x1f0 > [ 224.624320] [c0000000276cf0a0] [c000000000025718] oops_end+0x188/0x1c0 > [ 224.624341] [c0000000276cf120] [c00000000007f72c] __bad_page_fault+0x18c/0x1b0 > [ 224.624375] [c0000000276cf190] [c000000000008cd4] instruction_access_common_virt+0x194/0x1a0 > [ 224.624421] --- interrupt: 400 at 0x0 > [ 224.624438] NIP: 0000000000000000 LR: c0000000003efe70 CTR: 0000000000000000 > [ 224.624471] REGS: c0000000276cf200 TRAP: 0400 Tainted: G D (6.1.0-34-powerpc64le Debian 6.1.135-1) > [ 224.624507] MSR: 900000004280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 24004480 XER: 00000004 > [ 224.624544] CFAR: c0000000003efe6c IRQMASK: 0 > GPR00: c0000000003efec4 c0000000276cf4a0 c000000001148100 0000000000092800 > GPR04: 0000000000000000 0000000000000003 0000000000000c00 c00000000296e700 > GPR08: c00000000c0e9700 00000c0000090800 0000000000000000 0000000000002000 > GPR12: 0000000000000000 c000001ffffd9800 c0000000446b8c00 0000000000000000 > GPR16: 0000000000000400 0000000000000000 0000000000000001 000000000000c812 > GPR20: 000000000000c911 c0000000170c5700 c00000000296e718 c00000000296e3f0 > GPR24: 0000000000000000 00000000000003ff 0000000000000000 0000000000000c00 > GPR28: c000200009e2dd00 c00000000296e718 00000c0000092800 0000000000092c00 > [ 224.624732] NIP [0000000000000000] 0x0 > [ 224.624749] LR [c0000000003efe70] mempool_alloc+0xa0/0x210 > [ 224.624771] --- interrupt: 400 > [ 224.624789] [c0000000276cf4a0] [c0000000003efec4] mempool_alloc+0xf4/0x210 (unreliable) > [ 224.624823] [c0000000276cf520] [c000000000743bf8] bio_alloc_bioset+0x368/0x510 > [ 224.624859] [c0000000276cf5a0] [c000000000743e74] bio_alloc_clone+0x44/0xa0 > [ 224.624892] [c0000000276cf5e0] [c008000015793adc] md_account_bio+0x54/0xb0 [md_mod] > [ 224.624930] [c0000000276cf610] [c00800001567778c] raid10_make_request+0xc54/0x1040 [raid10] > [ 224.624964] [c0000000276cf770] [c00800001579a290] md_handle_request+0x198/0x380 [md_mod] > [ 224.624997] [c0000000276cf800] [c00000000074c32c] __submit_bio+0x9c/0x250 > [ 224.625018] [c0000000276cf840] [c00000000074ca88] submit_bio_noacct_nocheck+0x178/0x3f0 > [ 224.625043] [c0000000276cf8b0] [c000000000743e08] blk_next_bio+0x68/0x90 > [ 224.625066] [c0000000276cf8e0] [c000000000758c60] __blkdev_issue_discard+0x180/0x280 > [ 224.625091] [c0000000276cf980] [c000000000758de8] blkdev_issue_discard+0x88/0x120 > [ 224.625115] [c0000000276cfa00] [c0000000004a9e8c] sys_swapon+0x11dc/0x18a0 > [ 224.625139] [c0000000276cfb50] [c00000000002b038] system_call_exception+0x138/0x260 > [ 224.625164] [c0000000276cfe10] [c00000000000c0f0] system_call_vectored_common+0xf0/0x280 > [ 224.625201] --- interrupt: 3000 at 0x7fff95146770 > [ 224.625270] NIP: 00007fff95146770 LR: 00007fff95146770 CTR: 0000000000000000 > [ 224.625367] REGS: c0000000276cfe80 TRAP: 3000 Tainted: G D (6.1.0-34-powerpc64le Debian 6.1.135-1) > [ 224.625458] MSR: 900000000000f033 <SF,HV,EE,PR,FP,ME,IR,DR,RI,LE> CR: 48002481 XER: 00000000 > [ 224.625570] IRQMASK: 0 > GPR00: 0000000000000057 00007fffdca2ace0 00007fff95256f00 00000001220a1c20 > GPR04: 0000000000030000 000000000000001e 000000000000000a 000000000000000a > GPR08: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 > GPR12: 0000000000000000 00007fff955dcbc0 0000000000000000 0000000000000000 > GPR16: 0000000000000000 00000001104066b0 00007fffdca2afc8 000000011040cbd0 > GPR20: 000000011040cbd8 0000000000000000 0000000000010000 00007fffdca2aff0 > GPR24: 00007fffdca2afd0 0000000000000003 0000000000030000 0000000400000000 > GPR28: 00000001220a1c20 000000000000fff6 00000001220a30a0 0000000000100000 > [ 224.626325] NIP [00007fff95146770] 0x7fff95146770 > [ 224.626388] LR [00007fff95146770] 0x7fff95146770 > [ 224.626522] --- interrupt: 3000 > [ 224.626568] Instruction dump: > [ 224.626587] 60000000 813f000c 3929ffff 2c090000 913f000c 40820010 813f0074 71290004 > [ 224.626680] 4182074c 7fa3eb78 4bffda7d e93e0b10 <0b090000> e87e0a48 48c7dd0d 60000000 > [ 224.626786] ---[ end trace 0000000000000000 ]--- Does this ring a bell? Melvin, the same change went as well in other stable series, 6.6.88, 6.12.25, 6.14.4, can you test e.g. 6.12.25-1 in Debian as well from unstable to see if the regression is there as well? Might you be able to bisect the upstream stable series between 6.1.133 to 6.1.135 to really confirm the mentioned commit is the one breaking? Regards, Salvatore

7 months

5
12
0 0

[PATCH v4 0/1] kasan: Avoid sleepable page allocation from atomic context

by Alexander Gordeev

Hi All, Chages since v3: - pfn_to_virt() changed to page_to_virt() due to compile error Chages since v2: - page allocation moved out of the atomic context Chages since v1: - Fixes: and -stable tags added to the patch description Thanks! Alexander Gordeev (1): kasan: Avoid sleepable page allocation from atomic context mm/kasan/shadow.c | 63 +++++++++++++++++++++++++++++++++++------------ 1 file changed, 47 insertions(+), 16 deletions(-) -- 2.45.2

7 months

1
2
0 0

[PATCH v3 0/1] kasan: Avoid sleepable page allocation from atomic context

by Alexander Gordeev

Hi All, Chages since v2: - page allocation moved out of the atomic context Chages since v1: - Fixes: and -stable tags added to the patch description Thanks! Alexander Gordeev (1): kasan: Avoid sleepable page allocation from atomic context mm/kasan/shadow.c | 65 +++++++++++++++++++++++++++++++++++------------ 1 file changed, 49 insertions(+), 16 deletions(-) -- 2.45.2

7 months

5
9
0 0

Re: G R A N T

by U N

Greetings Dear, Send your Ref: FSG2025 / Name / Phone Number / Country to Mr. Andrej Mahecic on un.grant(a)socialworker.net, +1 888 673 0430 for your £100,000.00. Sincerely Mr. C. Gunness On behalf of the UN.

7 months

1
0
0 0

[PATCH AUTOSEL 6.12 001/486] kconfig: merge_config: use an empty file as initfile

by Sasha Levin

From: Daniel Gomez <da.gomez(a)samsung.com> [ Upstream commit a26fe287eed112b4e21e854f173c8918a6a8596d ] The scripts/kconfig/merge_config.sh script requires an existing $INITFILE (or the $1 argument) as a base file for merging Kconfig fragments. However, an empty $INITFILE can serve as an initial starting point, later referenced by the KCONFIG_ALLCONFIG Makefile variable if -m is not used. This variable can point to any configuration file containing preset config symbols (the merged output) as stated in Documentation/kbuild/kconfig.rst. When -m is used $INITFILE will contain just the merge output requiring the user to run make (i.e. KCONFIG_ALLCONFIG=<$INITFILE> make <allnoconfig/alldefconfig> or make olddefconfig). Instead of failing when `$INITFILE` is missing, create an empty file and use it as the starting point for merges. Signed-off-by: Daniel Gomez <da.gomez(a)samsung.com> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- scripts/kconfig/merge_config.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/kconfig/merge_config.sh b/scripts/kconfig/merge_config.sh index 0b7952471c18f..79c09b378be81 100755 --- a/scripts/kconfig/merge_config.sh +++ b/scripts/kconfig/merge_config.sh @@ -112,8 +112,8 @@ INITFILE=$1 shift; if [ ! -r "$INITFILE" ]; then - echo "The base file '$INITFILE' does not exist. Exit." >&2 - exit 1 + echo "The base file '$INITFILE' does not exist. Creating one..." >&2 + touch "$INITFILE" fi MERGE_LIST=$* -- 2.39.5

7 months

2
486
0 0

[PATCH v6 02/20] drm/xe: Strict migration policy for atomic SVM faults

by Himal Prasad Ghimiray

From: Matthew Brost <matthew.brost(a)intel.com> Mixing GPU and CPU atomics does not work unless a strict migration policy of GPU atomics must be device memory. Enforce a policy of must be in VRAM with a retry loop of 3 attempts, if retry loop fails abort fault. Removing always_migrate_to_vram modparam as we now have real migration policy. v2: - Only retry migration on atomics - Drop alway migrate modparam v3: - Only set vram_only on DGFX (Himal) - Bail on get_pages failure if vram_only and retry count exceeded (Himal) - s/vram_only/devmem_only - Update xe_svm_range_is_valid to accept devmem_only argument v4: - Fix logic bug get_pages failure v5: - Fix commit message (Himal) - Mention removing always_migrate_to_vram in commit message (Lucas) - Fix xe_svm_range_is_valid to check for devmem pages - Bail on devmem_only && !migrate_devmem (Thomas) v6: - Add READ_ONCE barriers for opportunistic checks (Thomas) Fixes: 2f118c949160 ("drm/xe: Add SVM VRAM migration") Cc: stable(a)vger.kernel.org Signed-off-by: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> Signed-off-by: Matthew Brost <matthew.brost(a)intel.com> Acked-by: Himal Prasad Ghimiray <himal.prasad.ghimiray(a)intel.com> --- drivers/gpu/drm/xe/xe_module.c | 3 - drivers/gpu/drm/xe/xe_module.h | 1 - drivers/gpu/drm/xe/xe_svm.c | 103 ++++++++++++++++++++++++--------- drivers/gpu/drm/xe/xe_svm.h | 5 -- include/drm/drm_gpusvm.h | 40 ++++++++----- 5 files changed, 103 insertions(+), 49 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_module.c b/drivers/gpu/drm/xe/xe_module.c index 64bf46646544..e4742e27e2cd 100644 --- a/drivers/gpu/drm/xe/xe_module.c +++ b/drivers/gpu/drm/xe/xe_module.c @@ -30,9 +30,6 @@ struct xe_modparam xe_modparam = { module_param_named(svm_notifier_size, xe_modparam.svm_notifier_size, uint, 0600); MODULE_PARM_DESC(svm_notifier_size, "Set the svm notifier size(in MiB), must be power of 2"); -module_param_named(always_migrate_to_vram, xe_modparam.always_migrate_to_vram, bool, 0444); -MODULE_PARM_DESC(always_migrate_to_vram, "Always migrate to VRAM on GPU fault"); - module_param_named_unsafe(force_execlist, xe_modparam.force_execlist, bool, 0444); MODULE_PARM_DESC(force_execlist, "Force Execlist submission"); diff --git a/drivers/gpu/drm/xe/xe_module.h b/drivers/gpu/drm/xe/xe_module.h index 84339e509c80..5a3bfea8b7b4 100644 --- a/drivers/gpu/drm/xe/xe_module.h +++ b/drivers/gpu/drm/xe/xe_module.h @@ -12,7 +12,6 @@ struct xe_modparam { bool force_execlist; bool probe_display; - bool always_migrate_to_vram; u32 force_vram_bar_size; int guc_log_level; char *guc_firmware_path; diff --git a/drivers/gpu/drm/xe/xe_svm.c b/drivers/gpu/drm/xe/xe_svm.c index 890f6b2f40e9..dcc84e65ca96 100644 --- a/drivers/gpu/drm/xe/xe_svm.c +++ b/drivers/gpu/drm/xe/xe_svm.c @@ -16,8 +16,12 @@ static bool xe_svm_range_in_vram(struct xe_svm_range *range) { - /* Not reliable without notifier lock */ - return range->base.flags.has_devmem_pages; + /* Not reliable without notifier lock, opportunistic only */ + struct drm_gpusvm_range_flags flags = { + .__flags = READ_ONCE(range->base.flags.__flags), + }; + + return flags.has_devmem_pages; } static bool xe_svm_range_has_vram_binding(struct xe_svm_range *range) @@ -650,9 +654,13 @@ void xe_svm_fini(struct xe_vm *vm) } static bool xe_svm_range_is_valid(struct xe_svm_range *range, - struct xe_tile *tile) + struct xe_tile *tile, + bool devmem_only) { - return (range->tile_present & ~range->tile_invalidated) & BIT(tile->id); + /* Not reliable without notifier lock, opportunistic only */ + return ((READ_ONCE(range->tile_present) & + ~READ_ONCE(range->tile_invalidated)) & BIT(tile->id)) && + (!devmem_only || xe_svm_range_in_vram(range)); } #if IS_ENABLED(CONFIG_DRM_XE_DEVMEM_MIRROR) @@ -726,6 +734,36 @@ static int xe_svm_alloc_vram(struct xe_vm *vm, struct xe_tile *tile, } #endif +static bool supports_4K_migration(struct xe_device *xe) +{ + if (xe->info.vram_flags & XE_VRAM_FLAGS_NEED64K) + return false; + + return true; +} + +static bool xe_svm_range_needs_migrate_to_vram(struct xe_svm_range *range, + struct xe_vma *vma) +{ + struct xe_vm *vm = range_to_vm(&range->base); + u64 range_size = xe_svm_range_size(range); + + if (!range->base.flags.migrate_devmem) + return false; + + /* Not reliable without notifier lock, opportunistic only */ + if (xe_svm_range_in_vram(range)) { + drm_dbg(&vm->xe->drm, "Range is already in VRAM\n"); + return false; + } + + if (range_size <= SZ_64K && !supports_4K_migration(vm->xe)) { + drm_dbg(&vm->xe->drm, "Platform doesn't support SZ_4K range migration\n"); + return false; + } + + return true; +} /** * xe_svm_handle_pagefault() - SVM handle page fault @@ -750,12 +788,15 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, IS_ENABLED(CONFIG_DRM_XE_DEVMEM_MIRROR), .check_pages_threshold = IS_DGFX(vm->xe) && IS_ENABLED(CONFIG_DRM_XE_DEVMEM_MIRROR) ? SZ_64K : 0, + .devmem_only = atomic && IS_DGFX(vm->xe) && + IS_ENABLED(CONFIG_DRM_XE_DEVMEM_MIRROR), }; struct xe_svm_range *range; struct drm_gpusvm_range *r; struct drm_exec exec; struct dma_fence *fence; struct xe_tile *tile = gt_to_tile(gt); + int migrate_try_count = ctx.devmem_only ? 3 : 1; ktime_t end = 0; int err; @@ -776,24 +817,30 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, if (IS_ERR(r)) return PTR_ERR(r); + if (ctx.devmem_only && !r->flags.migrate_devmem) + return -EACCES; + range = to_xe_range(r); - if (xe_svm_range_is_valid(range, tile)) + if (xe_svm_range_is_valid(range, tile, ctx.devmem_only)) return 0; range_debug(range, "PAGE FAULT"); - /* XXX: Add migration policy, for now migrate range once */ - if (!range->skip_migrate && range->base.flags.migrate_devmem && - xe_svm_range_size(range) >= SZ_64K) { - range->skip_migrate = true; - + if (--migrate_try_count >= 0 && + xe_svm_range_needs_migrate_to_vram(range, vma)) { err = xe_svm_alloc_vram(vm, tile, range, &ctx); if (err) { - drm_dbg(&vm->xe->drm, - "VRAM allocation failed, falling back to " - "retrying fault, asid=%u, errno=%pe\n", - vm->usm.asid, ERR_PTR(err)); - goto retry; + if (migrate_try_count || !ctx.devmem_only) { + drm_dbg(&vm->xe->drm, + "VRAM allocation failed, falling back to retrying fault, asid=%u, errno=%pe\n", + vm->usm.asid, ERR_PTR(err)); + goto retry; + } else { + drm_err(&vm->xe->drm, + "VRAM allocation failed, retry count exceeded, asid=%u, errno=%pe\n", + vm->usm.asid, ERR_PTR(err)); + return err; + } } } @@ -801,15 +848,22 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, err = drm_gpusvm_range_get_pages(&vm->svm.gpusvm, r, &ctx); /* Corner where CPU mappings have changed */ if (err == -EOPNOTSUPP || err == -EFAULT || err == -EPERM) { - if (err == -EOPNOTSUPP) { - range_debug(range, "PAGE FAULT - EVICT PAGES"); - drm_gpusvm_range_evict(&vm->svm.gpusvm, &range->base); + if (migrate_try_count > 0 || !ctx.devmem_only) { + if (err == -EOPNOTSUPP) { + range_debug(range, "PAGE FAULT - EVICT PAGES"); + drm_gpusvm_range_evict(&vm->svm.gpusvm, + &range->base); + } + drm_dbg(&vm->xe->drm, + "Get pages failed, falling back to retrying, asid=%u, gpusvm=%p, errno=%pe\n", + vm->usm.asid, &vm->svm.gpusvm, ERR_PTR(err)); + range_debug(range, "PAGE FAULT - RETRY PAGES"); + goto retry; + } else { + drm_err(&vm->xe->drm, + "Get pages failed, retry count exceeded, asid=%u, gpusvm=%p, errno=%pe\n", + vm->usm.asid, &vm->svm.gpusvm, ERR_PTR(err)); } - drm_dbg(&vm->xe->drm, - "Get pages failed, falling back to retrying, asid=%u, gpusvm=%p, errno=%pe\n", - vm->usm.asid, &vm->svm.gpusvm, ERR_PTR(err)); - range_debug(range, "PAGE FAULT - RETRY PAGES"); - goto retry; } if (err) { range_debug(range, "PAGE FAULT - FAIL PAGE COLLECT"); @@ -843,9 +897,6 @@ int xe_svm_handle_pagefault(struct xe_vm *vm, struct xe_vma *vma, } drm_exec_fini(&exec); - if (xe_modparam.always_migrate_to_vram) - range->skip_migrate = false; - dma_fence_wait(fence, false); dma_fence_put(fence); diff --git a/drivers/gpu/drm/xe/xe_svm.h b/drivers/gpu/drm/xe/xe_svm.h index 3d441eb1f7ea..0e1f376a7471 100644 --- a/drivers/gpu/drm/xe/xe_svm.h +++ b/drivers/gpu/drm/xe/xe_svm.h @@ -39,11 +39,6 @@ struct xe_svm_range { * range. Protected by GPU SVM notifier lock. */ u8 tile_invalidated; - /** - * @skip_migrate: Skip migration to VRAM, protected by GPU fault handler - * locking. - */ - u8 skip_migrate :1; }; /** diff --git a/include/drm/drm_gpusvm.h b/include/drm/drm_gpusvm.h index 9fd25fc880a4..653d48dbe1c1 100644 --- a/include/drm/drm_gpusvm.h +++ b/include/drm/drm_gpusvm.h @@ -185,6 +185,31 @@ struct drm_gpusvm_notifier { } flags; }; +/** + * struct drm_gpusvm_range_flags - Structure representing a GPU SVM range flags + * + * @migrate_devmem: Flag indicating whether the range can be migrated to device memory + * @unmapped: Flag indicating if the range has been unmapped + * @partial_unmap: Flag indicating if the range has been partially unmapped + * @has_devmem_pages: Flag indicating if the range has devmem pages + * @has_dma_mapping: Flag indicating if the range has a DMA mapping + * @__flags: Flags for range in u16 form (used for READ_ONCE) + */ +struct drm_gpusvm_range_flags { + union { + struct { + /* All flags below must be set upon creation */ + u16 migrate_devmem : 1; + /* All flags below must be set / cleared under notifier lock */ + u16 unmapped : 1; + u16 partial_unmap : 1; + u16 has_devmem_pages : 1; + u16 has_dma_mapping : 1; + }; + u16 __flags; + }; +}; + /** * struct drm_gpusvm_range - Structure representing a GPU SVM range * @@ -198,11 +223,6 @@ struct drm_gpusvm_notifier { * @dpagemap: The struct drm_pagemap of the device pages we're dma-mapping. * Note this is assuming only one drm_pagemap per range is allowed. * @flags: Flags for range - * @flags.migrate_devmem: Flag indicating whether the range can be migrated to device memory - * @flags.unmapped: Flag indicating if the range has been unmapped - * @flags.partial_unmap: Flag indicating if the range has been partially unmapped - * @flags.has_devmem_pages: Flag indicating if the range has devmem pages - * @flags.has_dma_mapping: Flag indicating if the range has a DMA mapping * * This structure represents a GPU SVM range used for tracking memory ranges * mapped in a DRM device. @@ -216,15 +236,7 @@ struct drm_gpusvm_range { unsigned long notifier_seq; struct drm_pagemap_device_addr *dma_addr; struct drm_pagemap *dpagemap; - struct { - /* All flags below must be set upon creation */ - u16 migrate_devmem : 1; - /* All flags below must be set / cleared under notifier lock */ - u16 unmapped : 1; - u16 partial_unmap : 1; - u16 has_devmem_pages : 1; - u16 has_dma_mapping : 1; - } flags; + struct drm_gpusvm_range_flags flags; }; /** -- 2.34.1

7 months

3
4
0 0

[PATCH 1/4] mm: fix VM_UFFD_MINOR == VM_SHADOW_STACK on USERFAULTFD=y && ARM64_GCS=y

by Florent Revest

On configs with CONFIG_ARM64_GCS=y, VM_SHADOW_STACK is bit 38. On configs with CONFIG_HAVE_ARCH_USERFAULTFD_MINOR=y (selected by CONFIG_ARM64 when CONFIG_USERFAULTFD=y), VM_UFFD_MINOR is _also_ bit 38. This bit being shared by two different VMA flags could lead to all sorts of unintended behaviors. Presumably, a process could maybe call into userfaultfd in a way that disables the shadow stack vma flag. I can't think of any attack where this would help (presumably, if an attacker tries to disable shadow stacks, they are trying to hijack control flow so can't arbitrarily call into userfaultfd yet anyway) but this still feels somewhat scary. Fixes: ae80e1629aea ("mm: Define VM_SHADOW_STACK for arm64 when we support GCS") Cc: <stable(a)vger.kernel.org> Signed-off-by: Florent Revest <revest(a)chromium.org> --- include/linux/mm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/mm.h b/include/linux/mm.h index bf55206935c46..fdda6b16263b3 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -385,7 +385,7 @@ extern unsigned int kobjsize(const void *objp); #endif #ifdef CONFIG_HAVE_ARCH_USERFAULTFD_MINOR -# define VM_UFFD_MINOR_BIT 38 +# define VM_UFFD_MINOR_BIT 41 # define VM_UFFD_MINOR BIT(VM_UFFD_MINOR_BIT) /* UFFD minor faults */ #else /* !CONFIG_HAVE_ARCH_USERFAULTFD_MINOR */ # define VM_UFFD_MINOR VM_NONE -- 2.49.0.967.g6a0df3ecc3-goog

7 months

2
1
0 0

[PATCH 2/2] mm/page_alloc: Fix race condition in unaccepted memory handling

by Kirill A. Shutemov

The page allocator tracks the number of zones that have unaccepted memory using static_branch_enc/dec() and uses that static branch in hot paths to determine if it needs to deal with unaccepted memory. Borisal and Thomas pointed out that the tracking is racy operations on static_branch are not serialized against adding/removing unaccepted pages to/from the zone. The effect of this static_branch optimization is only visible on microbenchmark. Instead of adding more complexity around it, remove it altogether. Signed-off-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Fixes: dcdfdd40fa82 ("mm: Add support for unaccepted memory") Link: https://lore.kernel.org/all/20250506092445.GBaBnVXXyvnazly6iF@fat_crate.loc… Reported-by: Borislav Petkov <bp(a)alien8.de> Reported-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org # v6.5+ Cc: Andrew Morton <akpm(a)linux-foundation.org> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: Suren Baghdasaryan <surenb(a)google.com> Cc: Michal Hocko <mhocko(a)suse.com> Cc: Brendan Jackman <jackmanb(a)google.com> Cc: Johannes Weiner <hannes(a)cmpxchg.org> --- mm/internal.h | 1 - mm/mm_init.c | 1 - mm/page_alloc.c | 47 ----------------------------------------------- 3 files changed, 49 deletions(-) diff --git a/mm/internal.h b/mm/internal.h index e9695baa5922..50c2f590b2d0 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -1595,7 +1595,6 @@ unsigned long move_page_tables(struct pagetable_move_control *pmc); #ifdef CONFIG_UNACCEPTED_MEMORY void accept_page(struct page *page); -void unaccepted_cleanup_work(struct work_struct *work); #else /* CONFIG_UNACCEPTED_MEMORY */ static inline void accept_page(struct page *page) { diff --git a/mm/mm_init.c b/mm/mm_init.c index 9659689b8ace..84f14fa12d0d 100644 --- a/mm/mm_init.c +++ b/mm/mm_init.c @@ -1441,7 +1441,6 @@ static void __meminit zone_init_free_lists(struct zone *zone) #ifdef CONFIG_UNACCEPTED_MEMORY INIT_LIST_HEAD(&zone->unaccepted_pages); - INIT_WORK(&zone->unaccepted_cleanup, unaccepted_cleanup_work); #endif } diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 5fccf5fce084..a4a4df2daedb 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -7175,16 +7175,8 @@ bool has_managed_dma(void) #ifdef CONFIG_UNACCEPTED_MEMORY -/* Counts number of zones with unaccepted pages. */ -static DEFINE_STATIC_KEY_FALSE(zones_with_unaccepted_pages); - static bool lazy_accept = true; -void unaccepted_cleanup_work(struct work_struct *work) -{ - static_branch_dec(&zones_with_unaccepted_pages); -} - static int __init accept_memory_parse(char *p) { if (!strcmp(p, "lazy")) { @@ -7209,11 +7201,7 @@ static bool page_contains_unaccepted(struct page *page, unsigned int order) static void __accept_page(struct zone *zone, unsigned long *flags, struct page *page) { - bool last; - list_del(&page->lru); - last = list_empty(&zone->unaccepted_pages); - account_freepages(zone, -MAX_ORDER_NR_PAGES, MIGRATE_MOVABLE); __mod_zone_page_state(zone, NR_UNACCEPTED, -MAX_ORDER_NR_PAGES); __ClearPageUnaccepted(page); @@ -7222,28 +7210,6 @@ static void __accept_page(struct zone *zone, unsigned long *flags, accept_memory(page_to_phys(page), PAGE_SIZE << MAX_PAGE_ORDER); __free_pages_ok(page, MAX_PAGE_ORDER, FPI_TO_TAIL); - - if (last) { - /* - * There are two corner cases: - * - * - If allocation occurs during the CPU bring up, - * static_branch_dec() cannot be used directly as - * it causes a deadlock on cpu_hotplug_lock. - * - * Instead, use schedule_work() to prevent deadlock. - * - * - If allocation occurs before workqueues are initialized, - * static_branch_dec() should be called directly. - * - * Workqueues are initialized before CPU bring up, so this - * will not conflict with the first scenario. - */ - if (system_wq) - schedule_work(&zone->unaccepted_cleanup); - else - unaccepted_cleanup_work(&zone->unaccepted_cleanup); - } } void accept_page(struct page *page) @@ -7280,20 +7246,12 @@ static bool try_to_accept_memory_one(struct zone *zone) return true; } -static inline bool has_unaccepted_memory(void) -{ - return static_branch_unlikely(&zones_with_unaccepted_pages); -} - static bool cond_accept_memory(struct zone *zone, unsigned int order, int alloc_flags) { long to_accept, wmark; bool ret = false; - if (!has_unaccepted_memory()) - return false; - if (list_empty(&zone->unaccepted_pages)) return false; @@ -7331,22 +7289,17 @@ static bool __free_unaccepted(struct page *page) { struct zone *zone = page_zone(page); unsigned long flags; - bool first = false; if (!lazy_accept) return false; spin_lock_irqsave(&zone->lock, flags); - first = list_empty(&zone->unaccepted_pages); list_add_tail(&page->lru, &zone->unaccepted_pages); account_freepages(zone, MAX_ORDER_NR_PAGES, MIGRATE_MOVABLE); __mod_zone_page_state(zone, NR_UNACCEPTED, MAX_ORDER_NR_PAGES); __SetPageUnaccepted(page); spin_unlock_irqrestore(&zone->lock, flags); - if (first) - static_branch_inc(&zones_with_unaccepted_pages); - return true; } -- 2.47.2

7 months

2
2
0 0

[PATCH] usb: typec: tcpm/tcpci_maxim: Fix bounds check in process_rx()

by Amit Sunil Dhamne via B4 Relay

From: Amit Sunil Dhamne <amitsd(a)google.com> Register read of TCPC_RX_BYTE_CNT returns the total size consisting of: PD message (pending read) size + 1 Byte for Frame Type (SOP*) This is validated against the max PD message (`struct pd_message`) size without accounting for the extra byte for the frame type. Note that the struct pd_message does not contain a field for the frame_type. This results in false negatives when the "PD message (pending read)" is equal to the max PD message size. Fixes: 6f413b559f86 ("usb: typec: tcpci_maxim: Chip level TCPC driver") Signed-off-by: Amit Sunil Dhamne <amitsd(a)google.com> Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> Reviewed-by: Kyle Tso <kyletso(a)google.com> --- drivers/usb/typec/tcpm/tcpci_maxim_core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/usb/typec/tcpm/tcpci_maxim_core.c b/drivers/usb/typec/tcpm/tcpci_maxim_core.c index fd1b80593367641a6f997da2fb97a2b7238f6982..648311f5e3cf135f23b5cc0668001d2f177b9edd 100644 --- a/drivers/usb/typec/tcpm/tcpci_maxim_core.c +++ b/drivers/usb/typec/tcpm/tcpci_maxim_core.c @@ -166,7 +166,8 @@ static void process_rx(struct max_tcpci_chip *chip, u16 status) return; } - if (count > sizeof(struct pd_message) || count + 1 > TCPC_RECEIVE_BUFFER_LEN) { + if (count > sizeof(struct pd_message) + 1 || + count + 1 > TCPC_RECEIVE_BUFFER_LEN) { dev_err(chip->dev, "Invalid TCPC_RX_BYTE_CNT %d\n", count); return; } --- base-commit: ebd297a2affadb6f6f4d2e5d975c1eda18ac762d change-id: 20250421-b4-new-fix-pd-rx-count-79297ba619b7 Best regards, -- Amit Sunil Dhamne <amitsd(a)google.com>

7 months

3
2
0 0

[PATCH v2] arm64/cpufeature: annotate arm64_use_ng_mappings with ro_after_init to prevent wrong idmap generation

by Yeoreum Yun

create_init_idmap() could be called before .bss section initialization which is done in early_map_kernel(). Therefore, data/test_prot could be set incorrectly by PTE_MAYBE_NG macro. PTE_MAYBE_NG macro set NG bit according to value of "arm64_use_ng_mappings". and this variable places in .bss section. # llvm-objdump-21 --syms vmlinux-gcc | grep arm64_use_ng_mappings ffff800082f242a8 g O .bss 0000000000000001 arm64_use_ng_mappings If .bss section doesn't initialized, "arm64_use_ng_mappings" would be set with garbage value and then the text_prot or data_prot could be set incorrectly. Here is what i saw with kernel compiled via llvm-21 // create_init_idmap() ffff80008255c058: d10103ff sub sp, sp, #0x40 ffff80008255c05c: a9017bfd stp x29, x30, [sp, #0x10] ffff80008255c060: a90257f6 stp x22, x21, [sp, #0x20] ffff80008255c064: a9034ff4 stp x20, x19, [sp, #0x30] ffff80008255c068: 910043fd add x29, sp, #0x10 ffff80008255c06c: 90003fc8 adrp x8, 0xffff800082d54000 ffff80008255c070: d280e06a mov x10, #0x703 // =1795 ffff80008255c074: 91400409 add x9, x0, #0x1, lsl #12 // =0x1000 ffff80008255c078: 394a4108 ldrb w8, [x8, #0x290] ------------- (1) ffff80008255c07c: f2e00d0a movk x10, #0x68, lsl #48 ffff80008255c080: f90007e9 str x9, [sp, #0x8] ffff80008255c084: aa0103f3 mov x19, x1 ffff80008255c088: aa0003f4 mov x20, x0 ffff80008255c08c: 14000000 b 0xffff80008255c08c <__pi_create_init_idmap+0x34> ffff80008255c090: aa082d56 orr x22, x10, x8, lsl #11 -------- (2) Note, (1) is load the arm64_use_ng_mappings value in w8 and (2) is set the text or data prot with the w8 value to set PTE_NG bit. If .bss section doesn't initialized, x8 can include garbage value -- In case of some platform, x8 loaded with 0xcf -- it could generate wrong mapping. (i.e) text_prot is expected with PAGE_KERNEL_ROX(0x0040000000000F83) but with garbage x8 -- 0xcf, it sets with (0x0040000000067F83) and This makes boot failure with translation fault. This error cannot happen according to code generated by compiler. here is the case of gcc: ffff80008260a940 <__pi_create_init_idmap>: ffff80008260a940: d100c3ff sub sp, sp, #0x30 ffff80008260a944: aa0003ed mov x13, x0 ffff80008260a948: 91400400 add x0, x0, #0x1, lsl #12 // =0x1000 ffff80008260a94c: a9017bfd stp x29, x30, [sp, #0x10] ffff80008260a950: 910043fd add x29, sp, #0x10 ffff80008260a954: f90017e0 str x0, [sp, #0x28] ffff80008260a958: d00048c0 adrp x0, 0xffff800082f24000 <reset_devices> ffff80008260a95c: 394aa000 ldrb w0, [x0, #0x2a8] ffff80008260a960: 37000640 tbnz w0, #0x0, 0xffff80008260aa28 <__pi_create_init_idmap+0xe8> ---(3) ffff80008260a964: d280f060 mov x0, #0x783 // =1923 ffff80008260a968: d280e062 mov x2, #0x703 // =1795 ffff80008260a96c: f2e00800 movk x0, #0x40, lsl #48 ffff80008260a970: f2e00d02 movk x2, #0x68, lsl #48 ffff80008260a974: aa2103e4 mvn x4, x1 ffff80008260a978: 8a210049 bic x9, x2, x1 ... ffff80008260aa28: d281f060 mov x0, #0xf83 // =3971 ffff80008260aa2c: d281e062 mov x2, #0xf03 // =3843 ffff80008260aa30: f2e00800 movk x0, #0x40, lsl #48 In case of gcc, according to value of arm64_use_ng_mappings (annoated as(3)), it branches to each prot settup code. However this is also problem since it branches according to garbage value too -- idmapping with incorrect pgprot. To resolve this, annotate arm64_use_ng_mappings as ro_after_init. Fixes: 84b04d3e6bdb ("arm64: kernel: Create initial ID map from C code") Cc: <stable(a)vger.kernel.org> # 6.9.x Tested-by: Nathan Chancellor <nathan(a)kernel.org> Signed-off-by: Yeoreum Yun <yeoreum.yun(a)arm.com> --- Since v1: - add comments explaining arm64_use_ng_mappings shouldn't place .bss section - fix type on commit message - https://lore.kernel.org/all/20250502145755.3751405-1-yeoreum.yun@arm.com/ There is another way to solve this problem by setting test/data_prot with _PAGE_DEFAULT which doesn't include PTE_MAYBE_NG with constanst check in create_init_idmap() to be free from arm64_use_ng_mappings. but i think it would be better to change arm64_use_ng_mappings as ro_after_init because it doesn't change after init phase and solve this problem too. --- arch/arm64/kernel/cpufeature.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index d2104a1e7843..913ae2cead98 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -114,7 +114,18 @@ static struct arm64_cpu_capabilities const __ro_after_init *cpucap_ptrs[ARM64_NC DECLARE_BITMAP(boot_cpucaps, ARM64_NCAPS); -bool arm64_use_ng_mappings = false; +/* + * The variable arm64_use_ng_mappings should be placed in the .rodata section. + * Otherwise, it would end up in the .bss section, where it is initialized in + * early_map_kernel(). This can cause problems because the PTE_MAYBE_NG macro + * uses this variable, and create_init_idmap() — which might run before + * early_map_kernel() — could end up generating an incorrect idmap table. + * + * In other words, accessing variable placed in .bss section before + * early_map_kernel() will return garbage, + * potentially resulting in a wrong pgprot value. + */ +bool arm64_use_ng_mappings __ro_after_init = false; EXPORT_SYMBOL(arm64_use_ng_mappings); DEFINE_PER_CPU_READ_MOSTLY(const char *, this_cpu_vector) = vectors; -- LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}

7 months

4
21
0 0

[PATCH] spi: tegra114: Don't fail set_cs_timing when delays are zero

by Aaron Kling via B4 Relay

From: Aaron Kling <webgeek1234(a)gmail.com> The original code would skip null delay pointers, but when the pointers were converted to point within the spi_device struct, the check was not updated to skip delays of zero. Hence all spi devices that didn't set delays would fail to probe. Fixes: 04e6bb0d6bb1 ("spi: modify set_cs_timing parameter") Cc: stable(a)vger.kernel.org Signed-off-by: Aaron Kling <webgeek1234(a)gmail.com> --- drivers/spi/spi-tegra114.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/spi/spi-tegra114.c b/drivers/spi/spi-tegra114.c index 3822d7c8d8edb9730e937df50d1c75e095dd18ec..2a8bb798e95b954fe573f1c50445ed2e7fcbfd78 100644 --- a/drivers/spi/spi-tegra114.c +++ b/drivers/spi/spi-tegra114.c @@ -728,9 +728,9 @@ static int tegra_spi_set_hw_cs_timing(struct spi_device *spi) u32 inactive_cycles; u8 cs_state; - if (setup->unit != SPI_DELAY_UNIT_SCK || - hold->unit != SPI_DELAY_UNIT_SCK || - inactive->unit != SPI_DELAY_UNIT_SCK) { + if ((setup->unit && setup->unit != SPI_DELAY_UNIT_SCK) || + (hold->unit && hold->unit != SPI_DELAY_UNIT_SCK) || + (inactive->unit && inactive->unit != SPI_DELAY_UNIT_SCK)) { dev_err(&spi->dev, "Invalid delay unit %d, should be SPI_DELAY_UNIT_SCK\n", SPI_DELAY_UNIT_SCK); --- base-commit: a79be02bba5c31f967885c7f3bf3a756d77d11d9 change-id: 20250423-spi-tegra114-b88828c5c0f3 Best regards, -- Aaron Kling <webgeek1234(a)gmail.com>

7 months

4
6
0 0

[PATCH v3 00/23] Add support for HEVC and VP9 codecs in decoder

by Dikshita Agarwal

Hi All, This patch series adds initial support for the HEVC(H.265) and VP9 codecs in iris decoder. The objective of this work is to extend the decoder's capabilities to handle HEVC and VP9 codec streams, including necessary format handling and buffer management. In addition, the series also includes a set of fixes to address issues identified during testing of these additional codecs. These patches also address the comments and feedback received from the RFC patches previously sent. I have made the necessary improvements based on the community's suggestions. Changes in v3: - Introduced two wrappers with explicit names to handle destroy internal buffers (Nicolas) - Used sub state check instead of introducing new boolean (Vikash) - Addressed other comments (Vikash) - Reorderd patches to have all fixes patches first (Dmitry) - Link to v2: https://lore.kernel.org/r/20250428-qcom-iris-hevc-vp9-v2-0-3a6013ecb8a5@qui… Changes in v2: - Added Changes to make sure all buffers are released in session close (bryna) - Added tracking for flush responses to fix a timing issue. - Added a handling to fix timing issue in reconfig - Splitted patch 06/20 in two patches (Bryan) - Added missing fixes tag (bryan) - Updated fluster report (Nicolas) - Link to v1: https://lore.kernel.org/r/20250408-iris-dec-hevc-vp9-v1-0-acd258778bd6@quic… Changes sinces RFC: - Added additional fixes to address issues identified during further testing. - Moved typo fix to a seperate patch [Neil] - Reordered the patches for better logical flow and clarity [Neil, Dmitry] - Added fixes tag wherever applicable [Neil, Dmitry] - Removed the default case in the switch statement for codecs [Bryan] - Replaced if-else statements with switch-case [Bryan] - Added comments for mbpf [Bryan] - RFC: https://lore.kernel.org/linux-media/20250305104335.3629945-1-quic_dikshita@… This patch series depends on [1] & [2] [1] https://lore.kernel.org/linux-media/20250417-topic-sm8x50-iris-v10-v7-0-f02… [2] https://lore.kernel.org/linux-media/20250424-qcs8300_iris-v5-0-f118f505c300… These patches are tested on SM8250 and SM8550 with v4l2-ctl and Gstreamer for HEVC and VP9 decoders, at the same time ensured that the existing H264 decoder functionality remains uneffected. Note: 1 of the fluster compliance test is fixed with firmware [3] [3]: https://lore.kernel.org/linux-firmware/1a511921-446d-cdc4-0203-084c88a5dc1e… The result of fluster test on SM8550: 131/147 testcases passed while testing JCT-VC-HEVC_V1 with GStreamer-H.265-V4L2-Gst1.0. The failing test case: - 10 testcases failed due to unsupported 10 bit format. - DBLK_A_MAIN10_VIXS_4 - INITQP_B_Main10_Sony_1 - TSUNEQBD_A_MAIN10_Technicolor_2 - WP_A_MAIN10_Toshiba_3 - WP_MAIN10_B_Toshiba_3 - WPP_A_ericsson_MAIN10_2 - WPP_B_ericsson_MAIN10_2 - WPP_C_ericsson_MAIN10_2 - WPP_E_ericsson_MAIN10_2 - WPP_F_ericsson_MAIN10_2 - 4 testcase failed due to unsupported resolution - PICSIZE_A_Bossen_1 - PICSIZE_B_Bossen_1 - WPP_D_ericsson_MAIN10_2 - WPP_D_ericsson_MAIN_2 - 2 testcase failed due to CRC mismatch - RAP_A_docomo_6 - RAP_B_Bossen_2 - BUG reported: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4392 Analysis - First few frames in this discarded by firmware and are sent to driver with 0 filled length. Driver send such buffers to client with timestamp 0 and payload set to 0 and make buf state to VB2_BUF_STATE_ERROR. Such buffers should be dropped by GST. But instead, the first frame displayed as green frame and when a valid buffer is sent to client later with same 0 timestamp, its dropped, leading to CRC mismatch for first frame. 235/305 testcases passed while testing VP9-TEST-VECTORS with GStreamer-VP9-V4L2-Gst1.0. The failing test case: - 64 testcases failed due to unsupported resolution - vp90-2-02-size-08x08.webm - vp90-2-02-size-08x10.webm - vp90-2-02-size-08x16.webm - vp90-2-02-size-08x18.webm - vp90-2-02-size-08x32.webm - vp90-2-02-size-08x34.webm - vp90-2-02-size-08x64.webm - vp90-2-02-size-08x66.webm - vp90-2-02-size-10x08.webm - vp90-2-02-size-10x10.webm - vp90-2-02-size-10x16.webm - vp90-2-02-size-10x18.webm - vp90-2-02-size-10x32.webm - vp90-2-02-size-10x34.webm - vp90-2-02-size-10x64.webm - vp90-2-02-size-10x66.webm - vp90-2-02-size-16x08.webm - vp90-2-02-size-16x10.webm - vp90-2-02-size-16x16.webm - vp90-2-02-size-16x18.webm - vp90-2-02-size-16x32.webm - vp90-2-02-size-16x34.webm - vp90-2-02-size-16x64.webm - vp90-2-02-size-16x66.webm - vp90-2-02-size-18x08.webm - vp90-2-02-size-18x10.webm - vp90-2-02-size-18x16.webm - vp90-2-02-size-18x18.webm - vp90-2-02-size-18x32.webm - vp90-2-02-size-18x34.webm - vp90-2-02-size-18x64.webm - vp90-2-02-size-18x66.webm - vp90-2-02-size-32x08.webm - vp90-2-02-size-32x10.webm - vp90-2-02-size-32x16.webm - vp90-2-02-size-32x18.webm - vp90-2-02-size-32x32.webm - vp90-2-02-size-32x34.webm - vp90-2-02-size-32x64.webm - vp90-2-02-size-32x66.webm - vp90-2-02-size-34x08.webm - vp90-2-02-size-34x10.webm - vp90-2-02-size-34x16.webm - vp90-2-02-size-34x18.webm - vp90-2-02-size-34x32.webm - vp90-2-02-size-34x34.webm - vp90-2-02-size-34x64.webm - vp90-2-02-size-34x66.webm - vp90-2-02-size-64x08.webm - vp90-2-02-size-64x10.webm - vp90-2-02-size-64x16.webm - vp90-2-02-size-64x18.webm - vp90-2-02-size-64x32.webm - vp90-2-02-size-64x34.webm - vp90-2-02-size-64x64.webm - vp90-2-02-size-64x66.webm - vp90-2-02-size-66x08.webm - vp90-2-02-size-66x10.webm - vp90-2-02-size-66x16.webm - vp90-2-02-size-66x18.webm - vp90-2-02-size-66x32.webm - vp90-2-02-size-66x34.webm - vp90-2-02-size-66x64.webm - vp90-2-02-size-66x66.webm - 2 testcases failed due to unsupported format - vp91-2-04-yuv422.webm - vp91-2-04-yuv444.webm - 1 testcase failed with CRC mismatch - vp90-2-22-svc_1280x720_3.ivf - Bug reported: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4371 - 2 testcase failed due to unsupported resolution after sequence change - vp90-2-21-resize_inter_320x180_5_1-2.webm - vp90-2-21-resize_inter_320x180_7_1-2.webm - 1 testcase failed due to unsupported stream - vp90-2-16-intra-only.webm The result of fluster test on SM8250: 133/147 testcases passed while testing JCT-VC-HEVC_V1 with GStreamer-H.265-V4L2-Gst1.0. The failing test case: - 10 testcases failed due to unsupported 10 bit format. - DBLK_A_MAIN10_VIXS_4 - INITQP_B_Main10_Sony_1 - TSUNEQBD_A_MAIN10_Technicolor_2 - WP_A_MAIN10_Toshiba_3 - WP_MAIN10_B_Toshiba_3 - WPP_A_ericsson_MAIN10_2 - WPP_B_ericsson_MAIN10_2 - WPP_C_ericsson_MAIN10_2 - WPP_E_ericsson_MAIN10_2 - WPP_F_ericsson_MAIN10_2 - 4 testcase failed due to unsupported resolution - PICSIZE_A_Bossen_1 - PICSIZE_B_Bossen_1 - WPP_D_ericsson_MAIN10_2 - WPP_D_ericsson_MAIN_2 232/305 testcases passed while testing VP9-TEST-VECTORS with GStreamer-VP9-V4L2-Gst1.0. The failing test case: - 64 testcases failed due to unsupported resolution - vp90-2-02-size-08x08.webm - vp90-2-02-size-08x10.webm - vp90-2-02-size-08x16.webm - vp90-2-02-size-08x18.webm - vp90-2-02-size-08x32.webm - vp90-2-02-size-08x34.webm - vp90-2-02-size-08x64.webm - vp90-2-02-size-08x66.webm - vp90-2-02-size-10x08.webm - vp90-2-02-size-10x10.webm - vp90-2-02-size-10x16.webm - vp90-2-02-size-10x18.webm - vp90-2-02-size-10x32.webm - vp90-2-02-size-10x34.webm - vp90-2-02-size-10x64.webm - vp90-2-02-size-10x66.webm - vp90-2-02-size-16x08.webm - vp90-2-02-size-16x10.webm - vp90-2-02-size-16x16.webm - vp90-2-02-size-16x18.webm - vp90-2-02-size-16x32.webm - vp90-2-02-size-16x34.webm - vp90-2-02-size-16x64.webm - vp90-2-02-size-16x66.webm - vp90-2-02-size-18x08.webm - vp90-2-02-size-18x10.webm - vp90-2-02-size-18x16.webm - vp90-2-02-size-18x18.webm - vp90-2-02-size-18x32.webm - vp90-2-02-size-18x34.webm - vp90-2-02-size-18x64.webm - vp90-2-02-size-18x66.webm - vp90-2-02-size-32x08.webm - vp90-2-02-size-32x10.webm - vp90-2-02-size-32x16.webm - vp90-2-02-size-32x18.webm - vp90-2-02-size-32x32.webm - vp90-2-02-size-32x34.webm - vp90-2-02-size-32x64.webm - vp90-2-02-size-32x66.webm - vp90-2-02-size-34x08.webm - vp90-2-02-size-34x10.webm - vp90-2-02-size-34x16.webm - vp90-2-02-size-34x18.webm - vp90-2-02-size-34x32.webm - vp90-2-02-size-34x34.webm - vp90-2-02-size-34x64.webm - vp90-2-02-size-34x66.webm - vp90-2-02-size-64x08.webm - vp90-2-02-size-64x10.webm - vp90-2-02-size-64x16.webm - vp90-2-02-size-64x18.webm - vp90-2-02-size-64x32.webm - vp90-2-02-size-64x34.webm - vp90-2-02-size-64x64.webm - vp90-2-02-size-64x66.webm - vp90-2-02-size-66x08.webm - vp90-2-02-size-66x10.webm - vp90-2-02-size-66x16.webm - vp90-2-02-size-66x18.webm - vp90-2-02-size-66x32.webm - vp90-2-02-size-66x34.webm - vp90-2-02-size-66x64.webm - vp90-2-02-size-66x66.webm - 2 testcases failed due to unsupported format - vp91-2-04-yuv422.webm - vp91-2-04-yuv444.webm - 1 testcase failed with CRC mismatch - vp90-2-22-svc_1280x720_3.ivf - Bug raised: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/4371 - 5 testcase failed due to unsupported resolution after sequence change - vp90-2-21-resize_inter_320x180_5_1-2.webm - vp90-2-21-resize_inter_320x180_7_1-2.webm - vp90-2-21-resize_inter_320x240_5_1-2.webm - vp90-2-21-resize_inter_320x240_7_1-2.webm - vp90-2-18-resize.ivf - 1 testcase failed with CRC mismatch - vp90-2-16-intra-only.webm Analysis: First few frames are marked by firmware as NO_SHOW frame. Driver make buf state to VB2_BUF_STATE_ERROR for such frames. Such buffers should be dropped by GST. But instead, the first frame is being displayed and when a valid buffer is sent to client later with same timestamp, its dropped, leading to CRC mismatch for first frame. Signed-off-by: Dikshita Agarwal <quic_dikshita(a)quicinc.com> --- Dikshita Agarwal (23): media: iris: Skip destroying internal buffer if not dequeued media: iris: Update CAPTURE format info based on OUTPUT format media: iris: Avoid updating frame size to firmware during reconfig media: iris: Drop port check for session property response media: iris: Prevent HFI queue writes when core is in deinit state media: iris: Remove deprecated property setting to firmware media: iris: Fix missing function pointer initialization media: iris: Fix NULL pointer dereference media: iris: Fix typo in depth variable media: iris: Track flush responses to prevent premature completion media: iris: Fix buffer preparation failure during resolution change media: iris: Add handling for corrupt and drop frames media: iris: Send V4L2_BUF_FLAG_ERROR for buffers with 0 filled length media: iris: Add handling for no show frames media: iris: Improve last flag handling media: iris: Skip flush on first sequence change media: iris: Remove redundant buffer count check in stream off media: iris: Add a comment to explain usage of MBPS media: iris: Add HEVC and VP9 formats for decoder media: iris: Add platform capabilities for HEVC and VP9 decoders media: iris: Set mandatory properties for HEVC and VP9 decoders. media: iris: Add internal buffer calculation for HEVC and VP9 decoders media: iris: Add codec specific check for VP9 decoder drain handling drivers/media/platform/qcom/iris/iris_buffer.c | 35 +- drivers/media/platform/qcom/iris/iris_buffer.h | 3 +- drivers/media/platform/qcom/iris/iris_ctrls.c | 35 +- drivers/media/platform/qcom/iris/iris_hfi_common.h | 1 + .../platform/qcom/iris/iris_hfi_gen1_command.c | 48 ++- .../platform/qcom/iris/iris_hfi_gen1_defines.h | 5 +- .../platform/qcom/iris/iris_hfi_gen1_response.c | 37 +- .../platform/qcom/iris/iris_hfi_gen2_command.c | 143 +++++++- .../platform/qcom/iris/iris_hfi_gen2_defines.h | 5 + .../platform/qcom/iris/iris_hfi_gen2_response.c | 57 ++- drivers/media/platform/qcom/iris/iris_hfi_queue.c | 2 +- drivers/media/platform/qcom/iris/iris_instance.h | 6 + .../platform/qcom/iris/iris_platform_common.h | 28 +- .../media/platform/qcom/iris/iris_platform_gen2.c | 198 ++++++++-- .../platform/qcom/iris/iris_platform_qcs8300.h | 126 +++++-- .../platform/qcom/iris/iris_platform_sm8250.c | 15 +- drivers/media/platform/qcom/iris/iris_state.c | 2 +- drivers/media/platform/qcom/iris/iris_state.h | 1 + drivers/media/platform/qcom/iris/iris_vb2.c | 18 +- drivers/media/platform/qcom/iris/iris_vdec.c | 116 +++--- drivers/media/platform/qcom/iris/iris_vdec.h | 11 + drivers/media/platform/qcom/iris/iris_vidc.c | 36 +- drivers/media/platform/qcom/iris/iris_vpu_buffer.c | 397 ++++++++++++++++++++- drivers/media/platform/qcom/iris/iris_vpu_buffer.h | 46 ++- 24 files changed, 1160 insertions(+), 211 deletions(-) --- base-commit: 398a1b33f1479af35ca915c5efc9b00d6204f8fa change-id: 20250428-qcom-iris-hevc-vp9-eb31f30c3390 prerequisite-message-id: <20250417-topic-sm8x50-iris-v10-v7-0-f020cb1d0e98(a)linaro.org> prerequisite-patch-id: 35f8dae1416977e88c2db7c767800c01822e266e prerequisite-patch-id: 2bba98151ca103aa62a513a0fbd0df7ae64d9868 prerequisite-patch-id: 0e43a6d758b5fa5ab921c6aa3c19859e312b47d0 prerequisite-patch-id: b7b50aa1657be59fd51c3e53d73382a1ee75a08e prerequisite-patch-id: 30960743105a36f20b3ec4a9ff19e7bca04d6add prerequisite-patch-id: b93c37dc7e09d1631b75387dc1ca90e3066dce17 prerequisite-patch-id: afffe7096c8e110a8da08c987983bc4441d39578 prerequisite-message-id: <20250424-qcs8300_iris-v5-0-f118f505c300(a)quicinc.com> prerequisite-patch-id: 2e72fe4d11d264db3d42fa450427d30171303c6f prerequisite-patch-id: 3398937a7fabb45934bb98a530eef73252231132 prerequisite-patch-id: feda620f147ca14a958c92afdc85a1dc507701ac prerequisite-patch-id: 07ba0745c7d72796567e0a57f5c8e5355a8d2046 prerequisite-patch-id: e35b05c527217206ae871aef0d7b0261af0319ea Best regards, -- Dikshita Agarwal <quic_dikshita(a)quicinc.com>

7 months

6
33
0 0

[PATCH AUTOSEL 6.1 001/212] kconfig: merge_config: use an empty file as initfile

by Sasha Levin

From: Daniel Gomez <da.gomez(a)samsung.com> [ Upstream commit a26fe287eed112b4e21e854f173c8918a6a8596d ] The scripts/kconfig/merge_config.sh script requires an existing $INITFILE (or the $1 argument) as a base file for merging Kconfig fragments. However, an empty $INITFILE can serve as an initial starting point, later referenced by the KCONFIG_ALLCONFIG Makefile variable if -m is not used. This variable can point to any configuration file containing preset config symbols (the merged output) as stated in Documentation/kbuild/kconfig.rst. When -m is used $INITFILE will contain just the merge output requiring the user to run make (i.e. KCONFIG_ALLCONFIG=<$INITFILE> make <allnoconfig/alldefconfig> or make olddefconfig). Instead of failing when `$INITFILE` is missing, create an empty file and use it as the starting point for merges. Signed-off-by: Daniel Gomez <da.gomez(a)samsung.com> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- scripts/kconfig/merge_config.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/kconfig/merge_config.sh b/scripts/kconfig/merge_config.sh index 72da3b8d6f307..151f9938abaa7 100755 --- a/scripts/kconfig/merge_config.sh +++ b/scripts/kconfig/merge_config.sh @@ -105,8 +105,8 @@ INITFILE=$1 shift; if [ ! -r "$INITFILE" ]; then - echo "The base file '$INITFILE' does not exist. Exit." >&2 - exit 1 + echo "The base file '$INITFILE' does not exist. Creating one..." >&2 + touch "$INITFILE" fi MERGE_LIST=$* -- 2.39.5

7 months

2
212
0 0

FAILED: patch "[PATCH] drm: Select DRM_KMS_HELPER from" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 32dce6b1949a696dc7abddc04de8cbe35c260217 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050504-placate-iodize-9693@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 32dce6b1949a696dc7abddc04de8cbe35c260217 Mon Sep 17 00:00:00 2001 From: Janne Grunau <j(a)jannau.net> Date: Tue, 4 Mar 2025 20:12:14 +0100 Subject: [PATCH] drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS Using "depends on" and "select" for the same Kconfig symbol is known to cause circular dependencies (cmp. "Kconfig recursive dependency limitations" in Documentation/kbuild/kconfig-language.rst. DRM drivers are selecting drm helpers so do the same for DRM_DEBUG_DP_MST_TOPOLOGY_REFS. Fixes following circular dependency reported on x86 for the downstream Asahi Linux tree: error: recursive dependency detected! symbol DRM_KMS_HELPER is selected by DRM_GEM_SHMEM_HELPER symbol DRM_GEM_SHMEM_HELPER is selected by RUST_DRM_GEM_SHMEM_HELPER symbol RUST_DRM_GEM_SHMEM_HELPER is selected by DRM_ASAHI symbol DRM_ASAHI depends on RUST symbol RUST depends on CALL_PADDING symbol CALL_PADDING depends on OBJTOOL symbol OBJTOOL is selected by STACK_VALIDATION symbol STACK_VALIDATION depends on UNWINDER_FRAME_POINTER symbol UNWINDER_FRAME_POINTER is part of choice block at arch/x86/Kconfig.debug:224 symbol <choice> unknown is visible depending on UNWINDER_GUESS symbol UNWINDER_GUESS prompt is visible depending on STACKDEPOT symbol STACKDEPOT is selected by DRM_DEBUG_DP_MST_TOPOLOGY_REFS symbol DRM_DEBUG_DP_MST_TOPOLOGY_REFS depends on DRM_KMS_HELPER Fixes: 12a280c72868 ("drm/dp_mst: Add topology ref history tracking for debugging") Cc: stable(a)vger.kernel.org Signed-off-by: Janne Grunau <j(a)jannau.net> Acked-by: Thomas Zimmermann <tzimmermann(a)suse.de> Link: https://lore.kernel.org/r/20250304-drm_debug_dp_mst_topo_kconfig-v1-1-e16fd… Signed-off-by: Alyssa Rosenzweig <alyssa(a)rosenzweig.io> diff --git a/drivers/gpu/drm/Kconfig b/drivers/gpu/drm/Kconfig index 2cba2b6ebe1c..f01925ed8176 100644 --- a/drivers/gpu/drm/Kconfig +++ b/drivers/gpu/drm/Kconfig @@ -188,7 +188,7 @@ config DRM_DEBUG_DP_MST_TOPOLOGY_REFS bool "Enable refcount backtrace history in the DP MST helpers" depends on STACKTRACE_SUPPORT select STACKDEPOT - depends on DRM_KMS_HELPER + select DRM_KMS_HELPER depends on DEBUG_KERNEL depends on EXPERT help

7 months

4
4
0 0

Recall: Re: [PATCH v3 1/2] platform/x86: int3472: add hpd pin support

by Yan, Dongcheng

dongcheng.yan(a)intel.com would like to recall the message, "Re: [PATCH v3 1/2] platform/x86: int3472: add hpd pin support".

7 months

1
0
0 0

[PATCH AUTOSEL 5.10 1/6] pm: cpupower: bench: Prevent NULL dereference on malloc failure

by Sasha Levin

From: Zhongqiu Han <quic_zhonhan(a)quicinc.com> [ Upstream commit 208baa3ec9043a664d9acfb8174b332e6b17fb69 ] If malloc returns NULL due to low memory, 'config' pointer can be NULL. Add a check to prevent NULL dereference. Link: https://lore.kernel.org/r/20250219122715.3892223-1-quic_zhonhan@quicinc.com Signed-off-by: Zhongqiu Han <quic_zhonhan(a)quicinc.com> Signed-off-by: Shuah Khan <skhan(a)linuxfoundation.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/power/cpupower/bench/parse.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tools/power/cpupower/bench/parse.c b/tools/power/cpupower/bench/parse.c index e63dc11fa3a53..48e25be6e1635 100644 --- a/tools/power/cpupower/bench/parse.c +++ b/tools/power/cpupower/bench/parse.c @@ -120,6 +120,10 @@ FILE *prepare_output(const char *dirname) struct config *prepare_default_config() { struct config *config = malloc(sizeof(struct config)); + if (!config) { + perror("malloc"); + return NULL; + } dprintf("loading defaults\n"); -- 2.39.5

7 months

5
24
0 0

[Patch v2 1/4] Drivers: hv: Allocate interrupt and monitor pages aligned to system page boundary

by longli＠linuxonhyperv.com

From: Long Li <longli(a)microsoft.com> There are use cases that interrupt and monitor pages are mapped to user-mode through UIO, they need to be system page aligned. Some Hyper-V allocation APIs introduced earlier broke those requirements. Fix those APIs by always allocating Hyper-V page at system page boundaries. Cc: stable(a)vger.kernel.org Fixes: ca48739e59df ("Drivers: hv: vmbus: Move Hyper-V page allocator to arch neutral code") Signed-off-by: Long Li <longli(a)microsoft.com> --- drivers/hv/hv_common.c | 35 ++++++++++------------------------- 1 file changed, 10 insertions(+), 25 deletions(-) diff --git a/drivers/hv/hv_common.c b/drivers/hv/hv_common.c index a7d7494feaca..297ccd7d4997 100644 --- a/drivers/hv/hv_common.c +++ b/drivers/hv/hv_common.c @@ -106,41 +106,26 @@ void __init hv_common_free(void) } /* - * Functions for allocating and freeing memory with size and - * alignment HV_HYP_PAGE_SIZE. These functions are needed because - * the guest page size may not be the same as the Hyper-V page - * size. We depend upon kmalloc() aligning power-of-two size - * allocations to the allocation size boundary, so that the - * allocated memory appears to Hyper-V as a page of the size - * it expects. + * A Hyper-V page can be used by UIO for mapping to user-space, it should + * always be allocated on system page boundaries. */ - void *hv_alloc_hyperv_page(void) { - BUILD_BUG_ON(PAGE_SIZE < HV_HYP_PAGE_SIZE); - - if (PAGE_SIZE == HV_HYP_PAGE_SIZE) - return (void *)__get_free_page(GFP_KERNEL); - else - return kmalloc(HV_HYP_PAGE_SIZE, GFP_KERNEL); + BUILD_BUG_ON(PAGE_SIZE < HV_HYP_PAGE_SIZE); + return (void *)__get_free_page(GFP_KERNEL); } EXPORT_SYMBOL_GPL(hv_alloc_hyperv_page); void *hv_alloc_hyperv_zeroed_page(void) { - if (PAGE_SIZE == HV_HYP_PAGE_SIZE) - return (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO); - else - return kzalloc(HV_HYP_PAGE_SIZE, GFP_KERNEL); + BUILD_BUG_ON(PAGE_SIZE < HV_HYP_PAGE_SIZE); + return (void *)__get_free_page(GFP_KERNEL | __GFP_ZERO); } EXPORT_SYMBOL_GPL(hv_alloc_hyperv_zeroed_page); void hv_free_hyperv_page(void *addr) { - if (PAGE_SIZE == HV_HYP_PAGE_SIZE) - free_page((unsigned long)addr); - else - kfree(addr); + free_page((unsigned long)addr); } EXPORT_SYMBOL_GPL(hv_free_hyperv_page); @@ -272,7 +257,7 @@ static void hv_kmsg_dump_unregister(void) atomic_notifier_chain_unregister(&panic_notifier_list, &hyperv_panic_report_block); - hv_free_hyperv_page(hv_panic_page); + kfree(hv_panic_page); hv_panic_page = NULL; } @@ -280,7 +265,7 @@ static void hv_kmsg_dump_register(void) { int ret; - hv_panic_page = hv_alloc_hyperv_zeroed_page(); + hv_panic_page = kzalloc(HV_HYP_PAGE_SIZE, GFP_KERNEL); if (!hv_panic_page) { pr_err("Hyper-V: panic message page memory allocation failed\n"); return; @@ -289,7 +274,7 @@ static void hv_kmsg_dump_register(void) ret = kmsg_dump_register(&hv_kmsg_dumper); if (ret) { pr_err("Hyper-V: kmsg dump register error 0x%x\n", ret); - hv_free_hyperv_page(hv_panic_page); + kfree(hv_panic_page); hv_panic_page = NULL; } } -- 2.34.1

7 months

3
2
0 0

+ zsmalloc-dont-underflow-size-calculation-in-zs_obj_write.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: zsmalloc: don't underflow size calculation in zs_obj_write() has been added to the -mm mm-hotfixes-unstable branch. Its filename is zsmalloc-dont-underflow-size-calculation-in-zs_obj_write.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Sergey Senozhatsky <senozhatsky(a)chromium.org> Subject: zsmalloc: don't underflow size calculation in zs_obj_write() Date: Sun, 4 May 2025 20:00:22 +0900 Do not mix class->size and object size during offsets/sizes calculation in zs_obj_write(). Size classes can merge into clusters, based on objects-per-zspage and pages-per-zspage characteristics, so some size classes can store objects smaller than class->size. This becomes problematic when object size is much smaller than class->size - we can determine that object spans two physical pages, because we use a larger class->size for this, while the actual object is much smaller and fits one physical page, so there is nothing to write to the second page and memcpy() size calculation underflows. We always know the exact size in bytes of the object that we are about to write (store), so use it instead of class->size. Link: https://lkml.kernel.org/r/20250504110650.2783619-1-senozhatsky@chromium.org Signed-off-by: Sergey Senozhatsky <senozhatsky(a)chromium.org> Reported-by: Igor Belousov <igor.b(a)beldev.am> Tested-by: Igor Belousov <igor.b(a)beldev.am> Cc: Minchan Kim <minchan(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/zsmalloc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) --- a/mm/zsmalloc.c~zsmalloc-dont-underflow-size-calculation-in-zs_obj_write +++ a/mm/zsmalloc.c @@ -1243,19 +1243,19 @@ void zs_obj_write(struct zs_pool *pool, class = zspage_class(pool, zspage); off = offset_in_page(class->size * obj_idx); - if (off + class->size <= PAGE_SIZE) { + if (!ZsHugePage(zspage)) + off += ZS_HANDLE_SIZE; + + if (off + mem_len <= PAGE_SIZE) { /* this object is contained entirely within a page */ void *dst = kmap_local_zpdesc(zpdesc); - if (!ZsHugePage(zspage)) - off += ZS_HANDLE_SIZE; memcpy(dst + off, handle_mem, mem_len); kunmap_local(dst); } else { /* this object spans two pages */ size_t sizes[2]; - off += ZS_HANDLE_SIZE; sizes[0] = PAGE_SIZE - off; sizes[1] = mem_len - sizes[0]; _ Patches currently in -mm which might be from senozhatsky(a)chromium.org are zsmalloc-dont-underflow-size-calculation-in-zs_obj_write.patch zsmalloc-prefer-the-the-original-pages-node-for-compressed-data-fix.patch zram-modernize-writeback-interface.patch zram-modernize-writeback-interface-v3.patch zram-modernize-writeback-interface-v4.patch zsmalloc-cleanup-headers-includes.patch documentation-zram-update-idle-pages-tracking-documentation.patch

7 months

1
0
0 0

FAILED: patch "[PATCH] mm, slab: clean up slab->obj_exts always" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x be8250786ca94952a19ce87f98ad9906448bc9ef # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050521-provable-extent-4108@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be8250786ca94952a19ce87f98ad9906448bc9ef Mon Sep 17 00:00:00 2001 From: Zhenhua Huang <quic_zhenhuah(a)quicinc.com> Date: Mon, 21 Apr 2025 15:52:32 +0800 Subject: [PATCH] mm, slab: clean up slab->obj_exts always When memory allocation profiling is disabled at runtime or due to an error, shutdown_mem_profiling() is called: slab->obj_exts which previously allocated remains. It won't be cleared by unaccount_slab() because of mem_alloc_profiling_enabled() not true. It's incorrect, slab->obj_exts should always be cleaned up in unaccount_slab() to avoid following error: [...]BUG: Bad page state in process... .. [...]page dumped because: page still charged to cgroup [andriy.shevchenko(a)linux.intel.com: fold need_slab_obj_ext() into its only user] Fixes: 21c690a349ba ("mm: introduce slabobj_ext to support slab object extensions") Cc: stable(a)vger.kernel.org Signed-off-by: Zhenhua Huang <quic_zhenhuah(a)quicinc.com> Acked-by: David Rientjes <rientjes(a)google.com> Acked-by: Harry Yoo <harry.yoo(a)oracle.com> Tested-by: Harry Yoo <harry.yoo(a)oracle.com> Acked-by: Suren Baghdasaryan <surenb(a)google.com> Link: https://patch.msgid.link/20250421075232.2165527-1-quic_zhenhuah@quicinc.com Signed-off-by: Vlastimil Babka <vbabka(a)suse.cz> diff --git a/mm/slub.c b/mm/slub.c index dc9e729e1d26..be8b09e09d30 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -2028,8 +2028,7 @@ int alloc_slab_obj_exts(struct slab *slab, struct kmem_cache *s, return 0; } -/* Should be called only if mem_alloc_profiling_enabled() */ -static noinline void free_slab_obj_exts(struct slab *slab) +static inline void free_slab_obj_exts(struct slab *slab) { struct slabobj_ext *obj_exts; @@ -2049,18 +2048,6 @@ static noinline void free_slab_obj_exts(struct slab *slab) slab->obj_exts = 0; } -static inline bool need_slab_obj_ext(void) -{ - if (mem_alloc_profiling_enabled()) - return true; - - /* - * CONFIG_MEMCG creates vector of obj_cgroup objects conditionally - * inside memcg_slab_post_alloc_hook. No other users for now. - */ - return false; -} - #else /* CONFIG_SLAB_OBJ_EXT */ static inline void init_slab_obj_exts(struct slab *slab) @@ -2077,11 +2064,6 @@ static inline void free_slab_obj_exts(struct slab *slab) { } -static inline bool need_slab_obj_ext(void) -{ - return false; -} - #endif /* CONFIG_SLAB_OBJ_EXT */ #ifdef CONFIG_MEM_ALLOC_PROFILING @@ -2129,7 +2111,7 @@ __alloc_tagging_slab_alloc_hook(struct kmem_cache *s, void *object, gfp_t flags) static inline void alloc_tagging_slab_alloc_hook(struct kmem_cache *s, void *object, gfp_t flags) { - if (need_slab_obj_ext()) + if (mem_alloc_profiling_enabled()) __alloc_tagging_slab_alloc_hook(s, object, flags); } @@ -2601,8 +2583,12 @@ static __always_inline void account_slab(struct slab *slab, int order, static __always_inline void unaccount_slab(struct slab *slab, int order, struct kmem_cache *s) { - if (memcg_kmem_online() || need_slab_obj_ext()) - free_slab_obj_exts(slab); + /* + * The slab object extensions should now be freed regardless of + * whether mem_alloc_profiling_enabled() or not because profiling + * might have been disabled after slab->obj_exts got allocated. + */ + free_slab_obj_exts(slab); mod_node_page_state(slab_pgdat(slab), cache_vmstat_idx(s), -(PAGE_SIZE << order));

7 months

2
3
0 0

[PATCH AUTOSEL 5.10 001/114] kconfig: merge_config: use an empty file as initfile

by Sasha Levin

From: Daniel Gomez <da.gomez(a)samsung.com> [ Upstream commit a26fe287eed112b4e21e854f173c8918a6a8596d ] The scripts/kconfig/merge_config.sh script requires an existing $INITFILE (or the $1 argument) as a base file for merging Kconfig fragments. However, an empty $INITFILE can serve as an initial starting point, later referenced by the KCONFIG_ALLCONFIG Makefile variable if -m is not used. This variable can point to any configuration file containing preset config symbols (the merged output) as stated in Documentation/kbuild/kconfig.rst. When -m is used $INITFILE will contain just the merge output requiring the user to run make (i.e. KCONFIG_ALLCONFIG=<$INITFILE> make <allnoconfig/alldefconfig> or make olddefconfig). Instead of failing when `$INITFILE` is missing, create an empty file and use it as the starting point for merges. Signed-off-by: Daniel Gomez <da.gomez(a)samsung.com> Signed-off-by: Masahiro Yamada <masahiroy(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- scripts/kconfig/merge_config.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/kconfig/merge_config.sh b/scripts/kconfig/merge_config.sh index d7d5c58b8b6aa..557f37f481fdf 100755 --- a/scripts/kconfig/merge_config.sh +++ b/scripts/kconfig/merge_config.sh @@ -98,8 +98,8 @@ INITFILE=$1 shift; if [ ! -r "$INITFILE" ]; then - echo "The base file '$INITFILE' does not exist. Exit." >&2 - exit 1 + echo "The base file '$INITFILE' does not exist. Creating one..." >&2 + touch "$INITFILE" fi MERGE_LIST=$* -- 2.39.5

7 months

1
113
0 0

[PATCH v4] x86/sev: Fix making shared pages private during kdump

by Ashish Kalra

From: Ashish Kalra <ashish.kalra(a)amd.com> When the shared pages are being made private during kdump preparation there are additional checks to handle shared GHCB pages. These additional checks include handling the case of GHCB page being contained within a huge page. The check for handling the case of GHCB contained within a huge page incorrectly skips a page just below the GHCB page from being transitioned back to private during kdump preparation. This skipped page causes a 0x404 #VC exception when it is accessed later while dumping guest memory during vmcore generation via kdump. Correct the range to be checked for GHCB contained in a huge page. Also ensure that the skipped huge page containing the GHCB page is transitioned back to private by applying the correct address mask later when changing GHCBs to private at end of kdump preparation. Cc: stable(a)vger.kernel.org Fixes: 3074152e56c9 ("x86/sev: Convert shared memory back to private on kexec") Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com> --- arch/x86/coco/sev/core.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index d35fec7b164a..97e5d475b9f5 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1019,7 +1019,8 @@ static void unshare_all_memory(void) data = per_cpu(runtime_data, cpu); ghcb = (unsigned long)&data->ghcb_page; - if (addr <= ghcb && ghcb <= addr + size) { + /* Handle the case of a huge page containing the GHCB page */ + if (addr <= ghcb && ghcb < addr + size) { skipped_addr = true; break; } @@ -1131,9 +1132,8 @@ static void shutdown_all_aps(void) void snp_kexec_finish(void) { struct sev_es_runtime_data *data; + unsigned long size, mask, ghcb; unsigned int level, cpu; - unsigned long size; - struct ghcb *ghcb; pte_t *pte; if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) @@ -1157,11 +1157,14 @@ void snp_kexec_finish(void) for_each_possible_cpu(cpu) { data = per_cpu(runtime_data, cpu); - ghcb = &data->ghcb_page; - pte = lookup_address((unsigned long)ghcb, &level); + ghcb = (unsigned long)&data->ghcb_page; + pte = lookup_address(ghcb, &level); size = page_level_size(level); + mask = page_level_mask(level); + /* Handle the case of a huge page containing the GHCB page */ + ghcb &= mask; set_pte_enc(pte, level, (void *)ghcb); - snp_set_memory_private((unsigned long)ghcb, (size / PAGE_SIZE)); + snp_set_memory_private(ghcb, (size / PAGE_SIZE)); } } -- 2.34.1

7 months

3
2
0 0

[PATCH v2 1/1] PCI: Fix lock symmetry in pci_slot_unlock()

by Ilpo Järvinen

The commit a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()") made the lock function to call depend on dev->subordinate but left pci_slot_unlock() unmodified creating locking asymmetry compared with pci_slot_lock(). Because of the asymmetric lock handling, the same bridge device is unlocked twice. First pci_bus_unlock() unlocks bus->self and then pci_slot_unlock() will unconditionally unlock the same bridge device. Move pci_dev_unlock() inside an else branch to match the logic in pci_slot_lock(). Fixes: a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()") Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Cc: <stable(a)vger.kernel.org> --- v2: - Improve changelog (Lukas) - Added Cc stable drivers/pci/pci.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index 4d7c9f64ea24..26507aa906d7 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -5542,7 +5542,8 @@ static void pci_slot_unlock(struct pci_slot *slot) continue; if (dev->subordinate) pci_bus_unlock(dev->subordinate); - pci_dev_unlock(dev); + else + pci_dev_unlock(dev); } } base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 -- 2.39.5

7 months

3
2
0 0

[PATCH] parisc stable patch for kernel v6.12

by Helge Deller

Hi Greg, below is a backport for upstream patch fd87b7783802 ("net: Fix the devmem sock opts and msgs for parisc"). This upstream patch does not apply cleanly against v6.12, and backporting all intermediate changes are too big, so I created this trivial standalone patch instead. Can you please add the patc below to the stable queue for v6.12? Thanks! Helge --- From: Pranjal Shrivastava <praan(a)google.com> Date: Mon, 24 Mar 2025 07:42:27 +0000 Subject: [PATCH] net: Fix the devmem sock opts and msgs for parisc The devmem socket options and socket control message definitions introduced in the TCP devmem series[1] incorrectly continued the socket definitions for arch/parisc. The UAPI change seems safe as there are currently no drivers that declare support for devmem TCP RX via PP_FLAG_ALLOW_UNREADABLE_NETMEM. Hence, fixing this UAPI should be safe. Fix the devmem socket options and socket control message definitions to reflect the series followed by arch/parisc. [1] https://lore.kernel.org/lkml/20240910171458.219195-10-almasrymina@google.co… Patch modified for kernel 6.12 by Helge Deller. Fixes: 8f0b3cc9a4c10 ("tcp: RX path for devmem TCP") Signed-off-by: Pranjal Shrivastava <praan(a)google.com> Signed-off-by: Helge Deller <deller(a)gmx.de> diff --git b/arch/parisc/include/uapi/asm/socket.h a/arch/parisc/include/uapi/asm/socket.h index 38fc0b188e08..96831c988606 100644 --- b/arch/parisc/include/uapi/asm/socket.h +++ a/arch/parisc/include/uapi/asm/socket.h @@ -132,11 +132,15 @@ #define SO_PASSPIDFD 0x404A #define SO_PEERPIDFD 0x404B -#define SO_DEVMEM_LINEAR 78 +#define SCM_TS_OPT_ID 0x404C + +#define SO_RCVPRIORITY 0x404D + +#define SO_DEVMEM_LINEAR 0x404E #define SCM_DEVMEM_LINEAR SO_DEVMEM_LINEAR -#define SO_DEVMEM_DMABUF 79 +#define SO_DEVMEM_DMABUF 0x404F #define SCM_DEVMEM_DMABUF SO_DEVMEM_DMABUF -#define SO_DEVMEM_DONTNEED 80 +#define SO_DEVMEM_DONTNEED 0x4050 #if !defined(__KERNEL__)

7 months

1
0
0 0

[PATCH v3 0/2] iio: accel: fxls8962af: Fix temperature readings

by Sean Nyekjaer

Add the correct scale to get temperature in mili degree Celcius. Add sign component to temperature scan element. Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> --- Changes in v3: - Dropping define infavor of inline scale value - Added using constants from units.h - Tweaked commit msg to make it more assertive - Link to v2: https://lore.kernel.org/r/20250502-fxls-v2-0-e1af65f1aa6c@geanix.com Changes in v2: - Correct offset is applied before scaling component - Added sign component to temperature scan element - Link to v1: https://lore.kernel.org/r/20250501-fxls-v1-1-f54061a07099@geanix.com --- Sean Nyekjaer (2): iio: accel: fxls8962af: Fix temperature calculation iio: accel: fxls8962af: Fix temperature scan element sign drivers/iio/accel/fxls8962af-core.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) --- base-commit: 609bc31eca06c7408e6860d8b46311ebe45c1fef change-id: 20250501-fxls-307ef3d6d065 Best regards, -- Sean Nyekjaer <sean(a)geanix.com>

7 months

2
4
0 0

[PATCH v2] video: screen_info: Relocate framebuffers behind PCI bridges

by Thomas Zimmermann

Apply bridge window offsets to screen_info framebuffers during relocation. Fixes invalid access to I/O memory. Resources behind a PCI bridge can be located at a certain offset in the kernel's I/O range. The framebuffer memory range stored in screen_info refers to the offset as seen during boot (essentialy 0). During boot up, the kernel may assign a different memory offset to the bridge device and thereby relocating the framebuffer address of the PCI graphics device as seen by the kernel. The information in screen_info must be updated as well. The helper pcibios_bus_to_resource() performs the relocation of the screen_info resource. The result now matches the I/O-memory resource of the PCI graphics device. As before, we store away the information necessary to update the information in screen_info. Commit 78aa89d1dfba ("firmware/sysfb: Update screen_info for relocated EFI framebuffers") added the code for updating screen_info. It is based on similar functionality that pre-existed in efifb. Efifb uses a pointer to the PCI resource, while the newer code does a memcpy of the region. Hence efifb sees any updates to the PCI resource and avoids the issue. v2: - Fixed tags (Takashi, Ivan) - Updated information on efifb Signed-off-by: Thomas Zimmermann <tzimmermann(a)suse.de> Reported-by: "Ivan T. Ivanov" <iivanov(a)suse.de> Closes: https://bugzilla.suse.com/show_bug.cgi?id=1240696 Tested-by: "Ivan T. Ivanov" <iivanov(a)suse.de> Fixes: 78aa89d1dfba ("firmware/sysfb: Update screen_info for relocated EFI framebuffers") Cc: dri-devel(a)lists.freedesktop.org Cc: <stable(a)vger.kernel.org> # v6.9+ --- drivers/video/screen_info_pci.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/drivers/video/screen_info_pci.c b/drivers/video/screen_info_pci.c index 6c5833517141..c46c75dc3fae 100644 --- a/drivers/video/screen_info_pci.c +++ b/drivers/video/screen_info_pci.c @@ -8,7 +8,7 @@ static struct pci_dev *screen_info_lfb_pdev; static size_t screen_info_lfb_bar; static resource_size_t screen_info_lfb_offset; -static struct resource screen_info_lfb_res = DEFINE_RES_MEM(0, 0); +static struct pci_bus_region screen_info_lfb_region; static bool __screen_info_relocation_is_valid(const struct screen_info *si, struct resource *pr) { @@ -31,7 +31,7 @@ void screen_info_apply_fixups(void) if (screen_info_lfb_pdev) { struct resource *pr = &screen_info_lfb_pdev->resource[screen_info_lfb_bar]; - if (pr->start != screen_info_lfb_res.start) { + if (pr->start != screen_info_lfb_region.start) { if (__screen_info_relocation_is_valid(si, pr)) { /* * Only update base if we have an actual @@ -69,10 +69,21 @@ static void screen_info_fixup_lfb(struct pci_dev *pdev) for (i = 0; i < numres; ++i) { struct resource *r = &res[i]; + struct pci_bus_region bus_region = { + .start = r->start, + .end = r->end, + }; const struct resource *pr; if (!(r->flags & IORESOURCE_MEM)) continue; + + /* + * Translate the address to resource if the framebuffer + * is behind a PCI bridge. + */ + pcibios_bus_to_resource(pdev->bus, r, &bus_region); + pr = pci_find_resource(pdev, r); if (!pr) continue; @@ -85,7 +96,7 @@ static void screen_info_fixup_lfb(struct pci_dev *pdev) screen_info_lfb_pdev = pdev; screen_info_lfb_bar = pr - pdev->resource; screen_info_lfb_offset = r->start - pr->start; - memcpy(&screen_info_lfb_res, r, sizeof(screen_info_lfb_res)); + memcpy(&screen_info_lfb_region, &bus_region, sizeof(screen_info_lfb_region)); } } DECLARE_PCI_FIXUP_CLASS_HEADER(PCI_ANY_ID, PCI_ANY_ID, PCI_BASE_CLASS_DISPLAY, 16, -- 2.49.0

7 months

2
3
0 0

[PATCH 2/5] rust: clean Rust 1.87.0's `clippy::ptr_eq` lints

by Miguel Ojeda

Starting with Rust 1.87.0 (expected 2025-05-15) [1], Clippy may expand the `ptr_eq` lint, e.g.: error: use `core::ptr::eq` when comparing raw pointers --> rust/kernel/list.rs:438:12 | 438 | if self.first == item { | ^^^^^^^^^^^^^^^^^^ help: try: `core::ptr::eq(self.first, item)` | = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#ptr_eq = note: `-D clippy::ptr-eq` implied by `-D warnings` = help: to override `-D warnings` add `#[allow(clippy::ptr_eq)]` Thus clean the few cases we have. This patch may not be actually needed by the time Rust 1.87.0 releases since a PR to relax the lint has been beta nominated [2] due to reports of being too eager (at least by default) [3]. Cc: stable(a)vger.kernel.org # Needed in 6.12.y and later (Rust is pinned in older LTSs). Link: https://github.com/rust-lang/rust-clippy/pull/14339 [1] Link: https://github.com/rust-lang/rust-clippy/pull/14526 [2] Link: https://github.com/rust-lang/rust-clippy/issues/14525 [3] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- rust/kernel/alloc/kvec.rs | 2 +- rust/kernel/list.rs | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/rust/kernel/alloc/kvec.rs b/rust/kernel/alloc/kvec.rs index ae9d072741ce..cde911551327 100644 --- a/rust/kernel/alloc/kvec.rs +++ b/rust/kernel/alloc/kvec.rs @@ -743,7 +743,7 @@ fn into_raw_parts(self) -> (*mut T, NonNull<T>, usize, usize) { pub fn collect(self, flags: Flags) -> Vec<T, A> { let old_layout = self.layout; let (mut ptr, buf, len, mut cap) = self.into_raw_parts(); - let has_advanced = ptr != buf.as_ptr(); + let has_advanced = !core::ptr::eq(ptr, buf.as_ptr()); if has_advanced { // Copy the contents we have advanced to at the beginning of the buffer. diff --git a/rust/kernel/list.rs b/rust/kernel/list.rs index a335c3b1ff5e..c63cbeee3316 100644 --- a/rust/kernel/list.rs +++ b/rust/kernel/list.rs @@ -435,7 +435,7 @@ unsafe fn remove_internal_inner( // * If `item` was the only item in the list, then `prev == item`, and we just set // `item->next` to null, so this correctly sets `first` to null now that the list is // empty. - if self.first == item { + if core::ptr::eq(self.first, item) { // SAFETY: The `prev` pointer is the value that `item->prev` had when it was in this // list, so it must be valid. There is no race since `prev` is still in the list and we // still have exclusive access to the list. @@ -556,7 +556,7 @@ fn next(&mut self) -> Option<ArcBorrow<'a, T>> { let next = unsafe { (*current).next }; // INVARIANT: If `current` was the last element of the list, then this updates it to null. // Otherwise, we update it to the next element. - self.current = if next != self.stop { + self.current = if !core::ptr::eq(next, self.stop) { next } else { ptr::null_mut() @@ -726,7 +726,7 @@ impl<'a, T: ?Sized + ListItem<ID>, const ID: u64> Cursor<'a, T, ID> { fn prev_ptr(&self) -> *mut ListLinksFields { let mut next = self.next; let first = self.list.first; - if next == first { + if core::ptr::eq(next, first) { // We are before the first element. return core::ptr::null_mut(); } @@ -788,7 +788,7 @@ pub fn move_next(&mut self) -> bool { // access the `next` field. let mut next = unsafe { (*self.next).next }; - if next == self.list.first { + if core::ptr::eq(next, self.list.first) { next = core::ptr::null_mut(); } @@ -802,7 +802,7 @@ pub fn move_next(&mut self) -> bool { /// If the cursor is before the first element, then this call does nothing. This call returns /// `true` if the cursor's position was changed. pub fn move_prev(&mut self) -> bool { - if self.next == self.list.first { + if core::ptr::eq(self.next, self.list.first) { return false; } @@ -822,7 +822,7 @@ fn insert_inner(&mut self, item: ListArc<T, ID>) -> *mut ListLinksFields { // * `ptr` is an element in the list or null. // * if `ptr` is null, then `self.list.first` is null so the list is empty. let item = unsafe { self.list.insert_inner(item, ptr) }; - if self.next == self.list.first { + if core::ptr::eq(self.next, self.list.first) { // INVARIANT: We just inserted `item`, so it's a member of list. self.list.first = item; } -- 2.49.0

7 months

3
2
0 0

[PATCH for 6.1.y] LoongArch: Fix build error due to backport

by Huacai Chen

In 6.1 there is no pmdp_get() definition, so use *pmd directly, in order to avoid such build error due to a recently backport: arch/loongarch/mm/hugetlbpage.c: In function 'huge_pte_offset': arch/loongarch/mm/hugetlbpage.c:50:25: error: implicit declaration of function 'pmdp_get'; did you mean 'ptep_get'? [-Wimplicit-function-declaration] 50 | return pmd_none(pmdp_get(pmd)) ? NULL : (pte_t *) pmd; | ^~~~~~~~ | ptep_get Signed-off-by: Huacai Chen <chenhuacai(a)loongson.cn> --- arch/loongarch/mm/hugetlbpage.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/loongarch/mm/hugetlbpage.c b/arch/loongarch/mm/hugetlbpage.c index cf3b8785a921..70b4a51885c2 100644 --- a/arch/loongarch/mm/hugetlbpage.c +++ b/arch/loongarch/mm/hugetlbpage.c @@ -47,7 +47,7 @@ pte_t *huge_pte_offset(struct mm_struct *mm, unsigned long addr, pmd = pmd_offset(pud, addr); } } - return pmd_none(pmdp_get(pmd)) ? NULL : (pte_t *) pmd; + return pmd_none(*pmd) ? NULL : (pte_t *) pmd; } /* -- 2.47.1

7 months

3
2
0 0

[PATCH 6.1] smb: client: fix double free of TCP_Server_Info::hostname

by Pavel Paklov

From: Pavel Paklov <pavel.paklov(a)cyberprotect.ru> From: Paulo Alcantara <pc(a)manguebit.com> commit fa2f9906a7b333ba757a7dbae0713d8a5396186e upstream When shutting down the server in cifs_put_tcp_session(), cifsd thread might be reconnecting to multiple DFS targets before it realizes it should exit the loop, so @server->hostname can't be freed as long as cifsd thread isn't done. Otherwise the following can happen: RIP: 0010:__slab_free+0x223/0x3c0 Code: 5e 41 5f c3 cc cc cc cc 4c 89 de 4c 89 cf 44 89 44 24 08 4c 89 1c 24 e8 fb cf 8e 00 44 8b 44 24 08 4c 8b 1c 24 e9 5f fe ff ff <0f> 0b 41 f7 45 08 00 0d 21 00 0f 85 2d ff ff ff e9 1f ff ff ff 80 RSP: 0018:ffffb26180dbfd08 EFLAGS: 00010246 RAX: ffff8ea34728e510 RBX: ffff8ea34728e500 RCX: 0000000000800068 RDX: 0000000000800068 RSI: 0000000000000000 RDI: ffff8ea340042400 RBP: ffffe112041ca380 R08: 0000000000000001 R09: 0000000000000000 R10: 6170732e31303000 R11: 70726f632e786563 R12: ffff8ea34728e500 R13: ffff8ea340042400 R14: ffff8ea34728e500 R15: 0000000000800068 FS: 0000000000000000(0000) GS:ffff8ea66fd80000(0000) 000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc25376080 CR3: 000000012a2ba001 CR4: PKRU: 55555554 Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? show_trace_log_lvl+0x1c4/0x2df ? __reconnect_target_unlocked+0x3e/0x160 [cifs] ? __die_body.cold+0x8/0xd ? die+0x2b/0x50 ? do_trap+0xce/0x120 ? __slab_free+0x223/0x3c0 ? do_error_trap+0x65/0x80 ? __slab_free+0x223/0x3c0 ? exc_invalid_op+0x4e/0x70 ? __slab_free+0x223/0x3c0 ? asm_exc_invalid_op+0x16/0x20 ? __slab_free+0x223/0x3c0 ? extract_hostname+0x5c/0xa0 [cifs] ? extract_hostname+0x5c/0xa0 [cifs] ? __kmalloc+0x4b/0x140 __reconnect_target_unlocked+0x3e/0x160 [cifs] reconnect_dfs_server+0x145/0x430 [cifs] cifs_handle_standard+0x1ad/0x1d0 [cifs] cifs_demultiplex_thread+0x592/0x730 [cifs] ? __pfx_cifs_demultiplex_thread+0x10/0x10 [cifs] kthread+0xdd/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x29/0x50 </TASK> Fixes: 7be3248f3139 ("cifs: To match file servers, make sure the server hostname matches") Reported-by: Jay Shin <jaeshin(a)redhat.com> Signed-off-by: Paulo Alcantara (Red Hat) <pc(a)manguebit.com> Signed-off-by: Steve French <stfrench(a)microsoft.com> Signed-off-by: Pavel Paklov <pavel.paklov(a)cyberprotect.ru> --- Backport fix for CVE-2025-21673 fs/smb/client/connect.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c index 01ce81f77e89..2b0657fe2a3f 100644 --- a/fs/smb/client/connect.c +++ b/fs/smb/client/connect.c @@ -1066,6 +1066,7 @@ static void clean_demultiplex_info(struct TCP_Server_Info *server) kfree(server->origin_fullpath); kfree(server->leaf_fullpath); #endif + kfree(server->hostname); kfree(server); length = atomic_dec_return(&tcpSesAllocCount); @@ -1688,8 +1689,6 @@ cifs_put_tcp_session(struct TCP_Server_Info *server, int from_reconnect) kfree_sensitive(server->session_key.response); server->session_key.response = NULL; server->session_key.len = 0; - kfree(server->hostname); - server->hostname = NULL; task = xchg(&server->tsk, NULL); if (task) -- 2.43.0

7 months

2
1
0 0

[PATCH 6.12.y] bpf: Fix BPF_INTERNAL namespace import

by Xi Ruoyao

The commit cdd30ebb1b9f ("module: Convert symbol namespace to string literal") makes the grammar of MODULE_IMPORT_NS and EXPORT_SYMBOL_NS different between the stable branches and the mainline. But when the commit 955f9ede52b8 ("bpf: Add namespace to BPF internal symbols") was backported from mainline, only EXPORT_SYMBOL_NS instances are adapted, leaving the MODULE_IMPORT_NS instance with the "new" grammar and causing the module fails to build: ERROR: modpost: module bpf_preload uses symbol bpf_link_get_from_fd from namespace BPF_INTERNAL, but does not import it. ERROR: modpost: module bpf_preload uses symbol kern_sys_bpf from namespace BPF_INTERNAL, but does not import it. Reported-by: Mingcong Bai <jeffbai(a)aosc.io> Reported-by: Alex Davis <alex47794(a)gmail.com> Closes: https://lore.kernel.org/all/CADiockBKBQTVqjA5G+RJ9LBwnEnZ8o0odYnL=LBZ_7QN=_… Fixes: 955f9ede52b8 ("bpf: Add namespace to BPF internal symbols") Signed-off-by: Xi Ruoyao <xry111(a)xry111.site> --- kernel/bpf/preload/bpf_preload_kern.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/bpf/preload/bpf_preload_kern.c b/kernel/bpf/preload/bpf_preload_kern.c index 56a81df7a9d7..fdad0eb308fe 100644 --- a/kernel/bpf/preload/bpf_preload_kern.c +++ b/kernel/bpf/preload/bpf_preload_kern.c @@ -89,5 +89,5 @@ static void __exit fini(void) } late_initcall(load); module_exit(fini); -MODULE_IMPORT_NS("BPF_INTERNAL"); +MODULE_IMPORT_NS(BPF_INTERNAL); MODULE_LICENSE("GPL"); -- 2.49.0

7 months

3
2
0 0

Please apply to v6.14.x commit 6eab70345799 ("ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties")

by LEROY Christophe

Hi, Could you please apply commit 6eab70345799 ("ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties") to v6.14.x in order to silence warnings introduced in v6.14 by commit c141ecc3cecd ("of: Warn when of_property_read_bool() is used on non-boolean properties") Thanks Christophe

7 months

3
4
0 0

[GIT PULL] bcachefs fixes for 6.14.y

by Kent Overstreet

The following changes since commit 02a22be3c0003af08df510cba3d79d00c6495b74: bcachefs: bch2_ioctl_subvolume_destroy() fixes (2025-04-03 16:13:53 -0400) are available in the Git repository at: git://evilpiepirate.org/bcachefs.git tags/bcachefs-for-6.14-2025-05-02 for you to fetch changes up to 52b17bca7b20663e5df6dbfc24cc2030259b64b6: bcachefs: Remove incorrect __counted_by annotation (2025-05-02 21:09:51 -0400) ---------------------------------------------------------------- bcachefs fixes for 6.15 remove incorrect counted_by annotation, fixing FORTIFY_SOURCE crashes that have been hitting arch users ---------------------------------------------------------------- Alan Huang (1): bcachefs: Remove incorrect __counted_by annotation fs/bcachefs/xattr_format.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)

7 months

2
6
0 0

[6.12.y] WARNING: CPU: 0 PID: 681 at block/blk-mq-cpumap.c:90 blk_mq_map_hw_queues+0xcf/0xe0

by Wang Yugui

Hi, I noticed a WARNING in recent 6.12.y kernel. This WARNING happen on 6.12.26/6.12.25, but not happen on 6.12.20. More bisect job need to be done, but reporti it firstly. [ 13.288365] ------------[ cut here ]------------ [ 13.288366] WARNING: CPU: 0 PID: 681 at block/blk-mq-cpumap.c:90 blk_mq_map_hw_queues+0xcf/0xe0 void blk_mq_map_hw_queues(struct blk_mq_queue_map *qmap, struct device *dev, unsigned int offset) { ... ... fallback: L90： WARN_ON_ONCE(qmap->nr_queues > 1); blk_mq_clear_mq_map(qmap); } [ 13.288373] Modules linked in: ahci(+) mlxfw libahci pci_hyperv_intf bnx2x(+) i40e(+) mpi3mr(+) psample bnxt_en(+) libata mgag200(+) tls megaraid_sas(+) crc32c_intel scsi_transport_sas mdio libie i2c_algo_bit wmi dm_mirror dm_region_hash dm_log dm_mod [ 13.288386] CPU: 0 UID: 0 PID: 681 Comm: kworker/0:2 Not tainted 6.12.26-1.el7.x86_64 #1 [ 13.288388] Hardware name: Dell Inc. PowerEdge T640/0TWW5Y, BIOS 2.22.1 09/12/2024 [ 13.288390] Workqueue: events work_for_cpu_fn [ 13.288394] RIP: 0010:blk_mq_map_hw_queues+0xcf/0xe0 [ 13.288396] Code: 8b 35 85 e4 9a 02 48 63 d0 48 c7 c7 e0 e5 78 94 e8 26 0b 07 00 39 05 70 e4 9a 02 77 d3 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc <0f> 0b eb d2 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 13.288398] RSP: 0018:ffffc0e11b83bd38 EFLAGS: 00010212 [ 13.288400] RAX: 0000000000000000 RBX: ffffa0804ad58000 RCX: 0000000000000050 [ 13.288402] RDX: 0000000000000050 RSI: ffffa07f8f24d0c8 RDI: ffffa0804ad580e8 [ 13.288403] RBP: ffffa0804ad580e0 R08: 000000000000004f R09: 0000000000000000 [ 13.288404] R10: ffffc0e11b83bd78 R11: ffffa07f9039da00 R12: 0000000000000000 [ 13.288405] R13: 0000000000000001 R14: ffffa0804ad580e8 R15: 0000000000000000 [ 13.288406] FS: 0000000000000000(0000) GS:ffffa0dd3fe00000(0000) knlGS:0000000000000000 [ 13.288407] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 13.288408] CR2: 00007f1f3226ba20 CR3: 00000002f9780005 CR4: 00000000007706f0 [ 13.288409] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 13.288410] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 13.288411] PKRU: 55555554 [ 13.288412] Call Trace: [ 13.288413] <TASK> [ 13.288415] megasas_map_queues+0x49/0x90 [megaraid_sas] [ 13.288431] blk_mq_alloc_tag_set+0x150/0x3b0 [ 13.288436] scsi_add_host_with_dma+0xd0/0x350 [ 13.288440] megasas_io_attach+0x15c/0x220 [megaraid_sas] [ 13.288456] megasas_probe_one+0x1cb/0x570 [megaraid_sas] [ 13.288468] local_pci_probe+0x47/0xa0 [ 13.288474] work_for_cpu_fn+0x17/0x30 [ 13.288475] process_one_work+0x179/0x3a0 [ 13.288480] worker_thread+0x24b/0x350 [ 13.288483] ? __pfx_worker_thread+0x10/0x10 [ 13.288485] kthread+0xde/0x110 [ 13.288489] ? __pfx_kthread+0x10/0x10 [ 13.288491] ret_from_fork+0x31/0x50 [ 13.288494] ? __pfx_kthread+0x10/0x10 [ 13.288496] ret_from_fork_asm+0x1a/0x30 [ 13.288502] </TASK> [ 13.288502] ---[ end trace 0000000000000000 ]--- Best Regards Wang Yugui (wangyugui(a)e16-tech.com) 2025/05/03

7 months

6
9
0 0

[GIT PULL] bcachefs fixes for 6.12.y

by Kent Overstreet

The following changes since commit 1a7a2300e0dd8b4a73bcd3777a2947fe42a16bef: bcachefs: bch2_ioctl_subvolume_destroy() fixes (2025-03-31 13:16:15 -0400) are available in the Git repository at: git://evilpiepirate.org/bcachefs.git tags/bcachefs-for-6.12-2025-05-5 for you to fetch changes up to 3f105630c0b2e53a93713c2328e3426081f961c1: bcachefs: Remove incorrect __counted_by annotation (2025-05-05 09:41:26 -0400) ---------------------------------------------------------------- bcachefs fixes for 6.12 remove incorrect counted_by annotation, fixing FORTIFY_SOURCE crashes that have been hitting arch users ---------------------------------------------------------------- Alan Huang (1): bcachefs: Remove incorrect __counted_by annotation fs/bcachefs/xattr_format.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)

7 months

1
0
0 0

[tip: timers/urgent] clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable()

by tip-bot2 for Sebastian Andrzej Siewior

The following commit has been merged into the timers/urgent branch of tip: Commit-ID: 94cff94634e506a4a44684bee1875d2dbf782722 Gitweb: https://git.kernel.org/tip/94cff94634e506a4a44684bee1875d2dbf782722 Author: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> AuthorDate: Fri, 04 Apr 2025 15:31:16 +02:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Mon, 05 May 2025 15:34:49 +02:00 clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() On x86 during boot, clockevent_i8253_disable() can be invoked via x86_late_time_init -> hpet_time_init() -> pit_timer_init() which happens with enabled interrupts. If some of the old i8253 hardware is actually used then lockdep will notice that i8253_lock is used in hard interrupt context. This causes lockdep to complain because it observed the lock being acquired with interrupts enabled and in hard interrupt context. Make clockevent_i8253_disable() acquire the lock with raw_spinlock_irqsave() to cure this. [ tglx: Massage change log and use guard() ] Fixes: c8c4076723dac ("x86/timer: Skip PIT initialization on modern chipsets") Signed-off-by: Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20250404133116.p-XRWJXf@linutronix.de --- drivers/clocksource/i8253.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/clocksource/i8253.c b/drivers/clocksource/i8253.c index 39f7c2d..b603c25 100644 --- a/drivers/clocksource/i8253.c +++ b/drivers/clocksource/i8253.c @@ -103,7 +103,7 @@ int __init clocksource_i8253_init(void) #ifdef CONFIG_CLKEVT_I8253 void clockevent_i8253_disable(void) { - raw_spin_lock(&i8253_lock); + guard(raw_spinlock_irqsave)(&i8253_lock); /* * Writing the MODE register should stop the counter, according to @@ -132,8 +132,6 @@ void clockevent_i8253_disable(void) outb_p(0, PIT_CH0); outb_p(0x30, PIT_MODE); - - raw_spin_unlock(&i8253_lock); } static int pit_shutdown(struct clock_event_device *evt)

7 months

1
0
0 0

FAILED: patch "[PATCH] ASoC: soc-core: Stop using of_property_read_bool() for" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 6eab70345799 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050546-commute-subduing-1917@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 6eab7034579917f207ca6d8e3f4e11e85e0ab7d5 Mon Sep 17 00:00:00 2001 From: Geert Uytterhoeven <geert+renesas(a)glider.be> Date: Wed, 22 Jan 2025 09:21:27 +0100 Subject: [PATCH] ASoC: soc-core: Stop using of_property_read_bool() for non-boolean properties On R-Car: OF: /sound: Read of boolean property 'simple-audio-card,bitclock-master' with a value. OF: /sound: Read of boolean property 'simple-audio-card,frame-master' with a value. or: OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property 'bitclock-master' with a value. OF: /soc/sound@ec500000/ports/port@0/endpoint: Read of boolean property 'frame-master' with a value. The use of of_property_read_bool() for non-boolean properties is deprecated in favor of of_property_present() when testing for property presence. Replace testing for presence before calling of_property_read_u32() by testing for an -EINVAL return value from the latter, to simplify the code. Signed-off-by: Geert Uytterhoeven <geert+renesas(a)glider.be> Link: https://patch.msgid.link/db10e96fbda121e7456d70e97a013cbfc9755f4d.173753395… Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/sound/soc/soc-core.c b/sound/soc/soc-core.c index 3c6d8aef4130..26b34b688508 100644 --- a/sound/soc/soc-core.c +++ b/sound/soc/soc-core.c @@ -3046,7 +3046,7 @@ int snd_soc_of_parse_pin_switches(struct snd_soc_card *card, const char *prop) unsigned int i, nb_controls; int ret; - if (!of_property_read_bool(dev->of_node, prop)) + if (!of_property_present(dev->of_node, prop)) return 0; strings = devm_kcalloc(dev, nb_controls_max, @@ -3120,23 +3120,17 @@ int snd_soc_of_parse_tdm_slot(struct device_node *np, if (rx_mask) snd_soc_of_get_slot_mask(np, "dai-tdm-slot-rx-mask", rx_mask); - if (of_property_read_bool(np, "dai-tdm-slot-num")) { - ret = of_property_read_u32(np, "dai-tdm-slot-num", &val); - if (ret) - return ret; + ret = of_property_read_u32(np, "dai-tdm-slot-num", &val); + if (ret && ret != -EINVAL) + return ret; + if (!ret && slots) + *slots = val; - if (slots) - *slots = val; - } - - if (of_property_read_bool(np, "dai-tdm-slot-width")) { - ret = of_property_read_u32(np, "dai-tdm-slot-width", &val); - if (ret) - return ret; - - if (slot_width) - *slot_width = val; - } + ret = of_property_read_u32(np, "dai-tdm-slot-width", &val); + if (ret && ret != -EINVAL) + return ret; + if (!ret && slot_width) + *slot_width = val; return 0; } @@ -3403,12 +3397,12 @@ unsigned int snd_soc_daifmt_parse_clock_provider_raw(struct device_node *np, * check "[prefix]frame-master" */ snprintf(prop, sizeof(prop), "%sbitclock-master", prefix); - bit = of_property_read_bool(np, prop); + bit = of_property_present(np, prop); if (bit && bitclkmaster) *bitclkmaster = of_parse_phandle(np, prop, 0); snprintf(prop, sizeof(prop), "%sframe-master", prefix); - frame = of_property_read_bool(np, prop); + frame = of_property_present(np, prop); if (frame && framemaster) *framemaster = of_parse_phandle(np, prop, 0);

7 months

1
0
0 0

[PATCH 2/2] xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive.

by Mathias Nyman

Event polling delay is set to 0 if there are any pending requests in either rx or tx requests lists. Checking for pending requests does not work well for "IN" transfers as the tty driver always queues requests to the list and TRBs to the ring, preparing to receive data from the host. This causes unnecessary busylooping and cpu hogging. Only set the event polling delay to 0 if there are pending tx "write" transfers, or if it was less than 10ms since last active data transfer in any direction. Cc: Łukasz Bartosik <ukaszb(a)chromium.org> Fixes: fb18e5bb9660 ("xhci: dbc: poll at different rate depending on data transfer activity") Cc: stable(a)vger.kernel.org Signed-off-by: Mathias Nyman <mathias.nyman(a)linux.intel.com> --- drivers/usb/host/xhci-dbgcap.c | 19 ++++++++++++++++--- drivers/usb/host/xhci-dbgcap.h | 3 +++ 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/drivers/usb/host/xhci-dbgcap.c b/drivers/usb/host/xhci-dbgcap.c index fd7895b24367..0d4ce5734165 100644 --- a/drivers/usb/host/xhci-dbgcap.c +++ b/drivers/usb/host/xhci-dbgcap.c @@ -823,6 +823,7 @@ static enum evtreturn xhci_dbc_do_handle_events(struct xhci_dbc *dbc) { dma_addr_t deq; union xhci_trb *evt; + enum evtreturn ret = EVT_DONE; u32 ctrl, portsc; bool update_erdp = false; @@ -909,6 +910,7 @@ static enum evtreturn xhci_dbc_do_handle_events(struct xhci_dbc *dbc) break; case TRB_TYPE(TRB_TRANSFER): dbc_handle_xfer_event(dbc, evt); + ret = EVT_XFER_DONE; break; default: break; @@ -927,7 +929,7 @@ static enum evtreturn xhci_dbc_do_handle_events(struct xhci_dbc *dbc) lo_hi_writeq(deq, &dbc->regs->erdp); } - return EVT_DONE; + return ret; } static void xhci_dbc_handle_events(struct work_struct *work) @@ -936,6 +938,7 @@ static void xhci_dbc_handle_events(struct work_struct *work) struct xhci_dbc *dbc; unsigned long flags; unsigned int poll_interval; + unsigned long busypoll_timelimit; dbc = container_of(to_delayed_work(work), struct xhci_dbc, event_work); poll_interval = dbc->poll_interval; @@ -954,11 +957,21 @@ static void xhci_dbc_handle_events(struct work_struct *work) dbc->driver->disconnect(dbc); break; case EVT_DONE: - /* set fast poll rate if there are pending data transfers */ + /* + * Set fast poll rate if there are pending out transfers, or + * a transfer was recently processed + */ + busypoll_timelimit = dbc->xfer_timestamp + + msecs_to_jiffies(DBC_XFER_INACTIVITY_TIMEOUT); + if (!list_empty(&dbc->eps[BULK_OUT].list_pending) || - !list_empty(&dbc->eps[BULK_IN].list_pending)) + time_is_after_jiffies(busypoll_timelimit)) poll_interval = 0; break; + case EVT_XFER_DONE: + dbc->xfer_timestamp = jiffies; + poll_interval = 0; + break; default: dev_info(dbc->dev, "stop handling dbc events\n"); return; diff --git a/drivers/usb/host/xhci-dbgcap.h b/drivers/usb/host/xhci-dbgcap.h index 9dc8f4d8077c..47ac72c2286d 100644 --- a/drivers/usb/host/xhci-dbgcap.h +++ b/drivers/usb/host/xhci-dbgcap.h @@ -96,6 +96,7 @@ struct dbc_ep { #define DBC_WRITE_BUF_SIZE 8192 #define DBC_POLL_INTERVAL_DEFAULT 64 /* milliseconds */ #define DBC_POLL_INTERVAL_MAX 5000 /* milliseconds */ +#define DBC_XFER_INACTIVITY_TIMEOUT 10 /* milliseconds */ /* * Private structure for DbC hardware state: */ @@ -142,6 +143,7 @@ struct xhci_dbc { enum dbc_state state; struct delayed_work event_work; unsigned int poll_interval; /* ms */ + unsigned long xfer_timestamp; unsigned resume_required:1; struct dbc_ep eps[2]; @@ -187,6 +189,7 @@ struct dbc_request { enum evtreturn { EVT_ERR = -1, EVT_DONE, + EVT_XFER_DONE, EVT_GSER, EVT_DISC, }; -- 2.43.0

7 months

1
0
0 0

[PATCH] arm64: dts: amlogic: dreambox: fix missing clkc_audio node

by Christian Hewitt

Add the clkc_audio node to fix audio support on Dreambox One/Two. Fixes: 83a6f4c62cb1 ("arm64: dts: meson: add initial support for Dreambox One/Two") CC: <stable(a)vger.kernel.org> Suggested-by: Emanuel Strobel <emanuel.strobel(a)yahoo.com> Signed-off-by: Christian Hewitt <christianshewitt(a)gmail.com> --- arch/arm64/boot/dts/amlogic/meson-g12b-dreambox.dtsi | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/arm64/boot/dts/amlogic/meson-g12b-dreambox.dtsi b/arch/arm64/boot/dts/amlogic/meson-g12b-dreambox.dtsi index de35fa2d7a6d..8e3e3354ed67 100644 --- a/arch/arm64/boot/dts/amlogic/meson-g12b-dreambox.dtsi +++ b/arch/arm64/boot/dts/amlogic/meson-g12b-dreambox.dtsi @@ -116,6 +116,10 @@ &arb { status = "okay"; }; +&clkc_audio { + status = "okay"; +}; + &frddr_a { status = "okay"; }; -- 2.34.1

7 months

3
2
0 0

[PATCH 6.14.y] btrfs: fix the inode leak in btrfs_iget()

by Penglei Jiang

[BUG] There is a bug report that a syzbot reproducer can lead to the following busy inode at unmount time: BTRFS info (device loop1): last unmount of filesystem 1680000e-3c1e-4c46-84b6-56bd3909af50 VFS: Busy inodes after unmount of loop1 (btrfs) ------------[ cut here ]------------ kernel BUG at fs/super.c:650! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI CPU: 0 UID: 0 PID: 48168 Comm: syz-executor Not tainted 6.15.0-rc2-00471-g119009db2674 #2 PREEMPT(full) Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 RIP: 0010:generic_shutdown_super+0x2e9/0x390 fs/super.c:650 Call Trace: <TASK> kill_anon_super+0x3a/0x60 fs/super.c:1237 btrfs_kill_super+0x3b/0x50 fs/btrfs/super.c:2099 deactivate_locked_super+0xbe/0x1a0 fs/super.c:473 deactivate_super fs/super.c:506 [inline] deactivate_super+0xe2/0x100 fs/super.c:502 cleanup_mnt+0x21f/0x440 fs/namespace.c:1435 task_work_run+0x14d/0x240 kernel/task_work.c:227 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x269/0x290 kernel/entry/common.c:218 do_syscall_64+0xd4/0x250 arch/x86/entry/syscall_64.c:100 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> [CAUSE] When btrfs_alloc_path() failed, btrfs_iget() directly returned without releasing the inode already allocated by btrfs_iget_locked(). This results the above busy inode and trigger the kernel BUG. [FIX] Fix it by calling iget_failed() if btrfs_alloc_path() failed. If we hit error inside btrfs_read_locked_inode(), it will properly call iget_failed(), so nothing to worry about. Although the iget_failed() cleanup inside btrfs_read_locked_inode() is a break of the normal error handling scheme, let's fix the obvious bug and backport first, then rework the error handling later. Reported-by: Penglei Jiang <superman.xpt(a)gmail.com> Link: https://lore.kernel.org/linux-btrfs/20250421102425.44431-1-superman.xpt@gma… Fixes: 7c855e16ab72 ("btrfs: remove conditional path allocation in btrfs_read_locked_inode()") CC: stable(a)vger.kernel.org # 6.13+ Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Penglei Jiang <superman.xpt(a)gmail.com> Signed-off-by: David Sterba <dsterba(a)suse.com> (cherry picked from commit 48c1d1bb525b1c44b8bdc8e7ec5629cb6c2b9fc4) --- fs/btrfs/inode.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c index 38756f8cef46..ad7009d336fa 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c @@ -5659,8 +5659,10 @@ struct inode *btrfs_iget(u64 ino, struct btrfs_root *root) return inode; path = btrfs_alloc_path(); - if (!path) + if (!path) { + iget_failed(&inode->vfs_inode); return ERR_PTR(-ENOMEM); + } ret = btrfs_read_locked_inode(inode, path); btrfs_free_path(path); -- 2.17.1

7 months

1
0
0 0

[PATCH v2 rc] iommu: Skip PASID validation for devices without PASID capability

by Tushar Dave

Generally PASID support requires ACS settings that usually create single device groups, but there are some niche cases where we can get multi-device groups and still have working PASID support. The primary issue is that PCI switches are not required to treat PASID tagged TLPs specially so appropriate ACS settings are required to route all TLPs to the host bridge if PASID is going to work properly. pci_enable_pasid() does check that each device that will use PASID has the proper ACS settings to achieve this routing. However, no-PASID devices can be combined with PASID capable devices within the same topology using non-uniform ACS settings. In this case the no-PASID devices may not have strict route to host ACS flags and end up being grouped with the PASID devices. This configuration fails to allow use of the PASID within the iommu core code which wrongly checks if the no-PASID device supports PASID. Fix this by ignoring no-PASID devices during the PASID validation. They will never issue a PASID TLP anyhow so they can be ignored. Fixes: c404f55c26fc ("iommu: Validate the PASID in iommu_attach_device_pasid()") Cc: stable(a)vger.kernel.org Signed-off-by: Tushar Dave <tdave(a)nvidia.com> --- changes in v2: - added no-pasid check in __iommu_set_group_pasid and __iommu_remove_group_pasid drivers/iommu/iommu.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c index 60aed01e54f2..8251b07f4022 100644 --- a/drivers/iommu/iommu.c +++ b/drivers/iommu/iommu.c @@ -3329,8 +3329,9 @@ static int __iommu_set_group_pasid(struct iommu_domain *domain, int ret; for_each_group_device(group, device) { - ret = domain->ops->set_dev_pasid(domain, device->dev, - pasid, NULL); + if (device->dev->iommu->max_pasids > 0) + ret = domain->ops->set_dev_pasid(domain, device->dev, + pasid, NULL); if (ret) goto err_revert; } @@ -3342,7 +3343,8 @@ static int __iommu_set_group_pasid(struct iommu_domain *domain, for_each_group_device(group, device) { if (device == last_gdev) break; - iommu_remove_dev_pasid(device->dev, pasid, domain); + if (device->dev->iommu->max_pasids > 0) + iommu_remove_dev_pasid(device->dev, pasid, domain); } return ret; } @@ -3353,8 +3355,10 @@ static void __iommu_remove_group_pasid(struct iommu_group *group, { struct group_device *device; - for_each_group_device(group, device) - iommu_remove_dev_pasid(device->dev, pasid, domain); + for_each_group_device(group, device) { + if (device->dev->iommu->max_pasids > 0) + iommu_remove_dev_pasid(device->dev, pasid, domain); + } } /* @@ -3391,7 +3395,13 @@ int iommu_attach_device_pasid(struct iommu_domain *domain, mutex_lock(&group->mutex); for_each_group_device(group, device) { - if (pasid >= device->dev->iommu->max_pasids) { + /* + * Skip PASID validation for devices without PASID support + * (max_pasids = 0). These devices cannot issue transactions + * with PASID, so they don't affect group's PASID usage. + */ + if ((device->dev->iommu->max_pasids > 0) && + (pasid >= device->dev->iommu->max_pasids)) { ret = -EINVAL; goto out_unlock; } -- 2.34.1

7 months

3
4
0 0

[PATCH] xfs: fix diff_two_keys calculation for cnt btree

by Fedor Pchelkin

Currently the difference is computed on 32-bit unsigned values although eventually it is stored in a variable of int64_t type. This gives awkward results, e.g. when the diff _should_ be negative, it is represented as some large positive int64_t value. Perform the calculations directly in int64_t as all other diff_two_keys routines actually do. Found by Linux Verification Center (linuxtesting.org) with Svace static analysis tool. Fixes: 08438b1e386b ("xfs: plumb in needed functions for range querying of the freespace btrees") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- fs/xfs/libxfs/xfs_alloc_btree.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/fs/xfs/libxfs/xfs_alloc_btree.c b/fs/xfs/libxfs/xfs_alloc_btree.c index a4ac37ba5d51..b3c54ae90e25 100644 --- a/fs/xfs/libxfs/xfs_alloc_btree.c +++ b/fs/xfs/libxfs/xfs_alloc_btree.c @@ -238,13 +238,13 @@ xfs_cntbt_diff_two_keys( ASSERT(!mask || (mask->alloc.ar_blockcount && mask->alloc.ar_startblock)); - diff = be32_to_cpu(k1->alloc.ar_blockcount) - - be32_to_cpu(k2->alloc.ar_blockcount); + diff = (int64_t)be32_to_cpu(k1->alloc.ar_blockcount) - + be32_to_cpu(k2->alloc.ar_blockcount); if (diff) return diff; - return be32_to_cpu(k1->alloc.ar_startblock) - - be32_to_cpu(k2->alloc.ar_startblock); + return (int64_t)be32_to_cpu(k1->alloc.ar_startblock) - + be32_to_cpu(k2->alloc.ar_startblock); } static xfs_failaddr_t -- 2.49.0

7 months

3
4
0 0

[PATCH] arm64: dts: qcom: ipq5424: fix MSI base vector interrupt number

by Kathiravan Thirumoorthy

From: Vignesh Viswanathan <quic_viswanat(a)quicinc.com> As per the hardware design, MSI interrupt starts from 704. Fix the same. Cc: stable(a)vger.kernel.org Fixes: 1a91d2a6021e ("arm64: dts: qcom: add IPQ5424 SoC and rdp466 board support") Signed-off-by: Vignesh Viswanathan <quic_viswanat(a)quicinc.com> Signed-off-by: Kathiravan Thirumoorthy <kathiravan.thirumoorthy(a)oss.qualcomm.com> --- arch/arm64/boot/dts/qcom/ipq5424.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/boot/dts/qcom/ipq5424.dtsi b/arch/arm64/boot/dts/qcom/ipq5424.dtsi index 5d6ed2172b1bb0a57c593f121f387ec917f42419..7a2e5c89b26ad8010f158be6f052b307e8a32fb5 100644 --- a/arch/arm64/boot/dts/qcom/ipq5424.dtsi +++ b/arch/arm64/boot/dts/qcom/ipq5424.dtsi @@ -371,7 +371,7 @@ intc: interrupt-controller@f200000 { #redistributor-regions = <1>; redistributor-stride = <0x0 0x20000>; interrupts = <GIC_PPI 9 IRQ_TYPE_LEVEL_HIGH>; - mbi-ranges = <672 128>; + mbi-ranges = <704 128>; msi-controller; }; --- base-commit: 407f60a151df3c44397e5afc0111eb9b026c38d3 change-id: 20250505-msi-vector-f0dcd22233d9 Best regards, -- Kathiravan Thirumoorthy <kathiravan.thirumoorthy(a)oss.qualcomm.com>

7 months

1
1
0 0

[PATCH 0/7] accel/ivpu: Add context violation handling for 6.12

by Jacek Lawrynowicz

These patchset adds support for VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW message added in recent VPU firmware. Without it the driver will not be able to process any jobs after this message is received and would need to be reloaded. Most patches are as-is from upstream besides these two: - Fix locking order in ivpu_job_submit - Abort all jobs after command queue unregister Both these patches need to be rebased because of missing new CMDQ UAPI changes that should not be backported to stable. Andrew Kreimer (1): accel/ivpu: Fix a typo Andrzej Kacprowski (1): accel/ivpu: Update VPU FW API headers Karol Wachowski (4): accel/ivpu: Use xa_alloc_cyclic() instead of custom function accel/ivpu: Abort all jobs after command queue unregister accel/ivpu: Fix locking order in ivpu_job_submit accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW Tomasz Rusinowicz (1): accel/ivpu: Make DB_ID and JOB_ID allocations incremental drivers/accel/ivpu/ivpu_drv.c | 38 ++-- drivers/accel/ivpu/ivpu_drv.h | 9 + drivers/accel/ivpu/ivpu_job.c | 125 +++++++++--- drivers/accel/ivpu/ivpu_job.h | 1 + drivers/accel/ivpu/ivpu_jsm_msg.c | 3 +- drivers/accel/ivpu/ivpu_mmu.c | 3 +- drivers/accel/ivpu/ivpu_sysfs.c | 5 +- drivers/accel/ivpu/vpu_boot_api.h | 45 +++-- drivers/accel/ivpu/vpu_jsm_api.h | 303 +++++++++++++++++++++++++----- 9 files changed, 412 insertions(+), 120 deletions(-) -- 2.45.1

7 months

3
16
0 0

[PATCH v2 0/3] accel/ivpu: Add context violation handling for 6.14

by Jacek Lawrynowicz

These patchset adds support for VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW message added in recent VPU firmware. Without it the driver will not be able to process any jobs after this message is received and would need to be reloaded. The last patch in this series is as-is from upstream, but other two patches had to be rebased because of missing new CMDQ UAPI changes that should not be backported to stable. Changes since v1: - Documented deviations from the original upstream patches in commit messages Karol Wachowski (3): accel/ivpu: Abort all jobs after command queue unregister accel/ivpu: Fix locking order in ivpu_job_submit accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW drivers/accel/ivpu/ivpu_drv.c | 32 ++------- drivers/accel/ivpu/ivpu_drv.h | 2 + drivers/accel/ivpu/ivpu_job.c | 111 ++++++++++++++++++++++++++------ drivers/accel/ivpu/ivpu_job.h | 1 + drivers/accel/ivpu/ivpu_mmu.c | 3 +- drivers/accel/ivpu/ivpu_sysfs.c | 5 +- 6 files changed, 103 insertions(+), 51 deletions(-) -- 2.45.1

7 months

1
3
0 0

[PATCH] fs: minix: Fix handling of corrupted directories

by Andrey Kriulin

If the directory is corrupted and the number of nlinks is less than 2 (valid nlinks have at least 2), then when the directory is deleted, the minix_rmdir will try to reduce the nlinks(unsigned int) to a negative value. Make nlinks validity check for directory in minix_lookup. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Andrey Kriulin <kitotavrik.media(a)gmail.com> --- fs/minix/namei.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/minix/namei.c b/fs/minix/namei.c index 8938536d8..5717a56fa 100644 --- a/fs/minix/namei.c +++ b/fs/minix/namei.c @@ -28,8 +28,13 @@ static struct dentry *minix_lookup(struct inode * dir, struct dentry *dentry, un return ERR_PTR(-ENAMETOOLONG); ino = minix_inode_by_name(dentry); - if (ino) + if (ino) { inode = minix_iget(dir->i_sb, ino); + if (S_ISDIR(inode->i_mode) && inode->i_nlink < 2) { + iput(inode); + return ERR_PTR(-EIO); + } + } return d_splice_alias(inode, dentry); } -- 2.47.2

7 months

4
3
0 0

[PATCH] fs: minix: Fix handling of corrupted directories

by Andrey Kriulin

If the directory is corrupted and the number of nlinks is less than 2 (valid nlinks have at least 2), then when the directory is deleted, the minix_rmdir will try to reduce the nlinks(unsigned int) to a negative value. Make nlinks validity check for directory in minix_lookup. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable(a)vger.kernel.org Signed-off-by: Andrey Kriulin <kitotavrik.media(a)gmail.com> --- fs/minix/namei.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/minix/namei.c b/fs/minix/namei.c index 8938536d8..5717a56fa 100644 --- a/fs/minix/namei.c +++ b/fs/minix/namei.c @@ -28,8 +28,13 @@ static struct dentry *minix_lookup(struct inode * dir, struct dentry *dentry, un return ERR_PTR(-ENAMETOOLONG); ino = minix_inode_by_name(dentry); - if (ino) + if (ino) { inode = minix_iget(dir->i_sb, ino); + if (S_ISDIR(inode->i_mode) && inode->i_nlink < 2) { + iput(inode); + return ERR_PTR(-EIO); + } + } return d_splice_alias(inode, dentry); } -- 2.47.2

7 months

2
1
0 0

FAILED: patch "[PATCH] dm-bufio: don't schedule in atomic context" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a3d8f0a7f5e8b193db509c7191fefeed3533fc44 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050552-backslid-thirsting-324d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a3d8f0a7f5e8b193db509c7191fefeed3533fc44 Mon Sep 17 00:00:00 2001 From: LongPing Wei <weilongping(a)oppo.com> Date: Thu, 17 Apr 2025 11:07:38 +0800 Subject: [PATCH] dm-bufio: don't schedule in atomic context A BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP and try_verify_in_tasklet are enabled. [ 129.444685][ T934] BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2421 [ 129.444723][ T934] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 934, name: kworker/1:4 [ 129.444740][ T934] preempt_count: 201, expected: 0 [ 129.444756][ T934] RCU nest depth: 0, expected: 0 [ 129.444781][ T934] Preemption disabled at: [ 129.444789][ T934] [<ffffffd816231900>] shrink_work+0x21c/0x248 [ 129.445167][ T934] kernel BUG at kernel/sched/walt/walt_debug.c:16! [ 129.445183][ T934] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 129.445204][ T934] Skip md ftrace buffer dump for: 0x1609e0 [ 129.447348][ T934] CPU: 1 PID: 934 Comm: kworker/1:4 Tainted: G W OE 6.6.56-android15-8-o-g6f82312b30b9-debug #1 1400000003000000474e5500b3187743670464e8 [ 129.447362][ T934] Hardware name: Qualcomm Technologies, Inc. Parrot QRD, Alpha-M (DT) [ 129.447373][ T934] Workqueue: dm_bufio_cache shrink_work [ 129.447394][ T934] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 129.447406][ T934] pc : android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug] [ 129.447435][ T934] lr : __traceiter_android_rvh_schedule_bug+0x44/0x6c [ 129.447451][ T934] sp : ffffffc0843dbc90 [ 129.447459][ T934] x29: ffffffc0843dbc90 x28: ffffffffffffffff x27: 0000000000000c8b [ 129.447479][ T934] x26: 0000000000000040 x25: ffffff804b3d6260 x24: ffffffd816232b68 [ 129.447497][ T934] x23: ffffff805171c5b4 x22: 0000000000000000 x21: ffffffd816231900 [ 129.447517][ T934] x20: ffffff80306ba898 x19: 0000000000000000 x18: ffffffc084159030 [ 129.447535][ T934] x17: 00000000d2b5dd1f x16: 00000000d2b5dd1f x15: ffffffd816720358 [ 129.447554][ T934] x14: 0000000000000004 x13: ffffff89ef978000 x12: 0000000000000003 [ 129.447572][ T934] x11: ffffffd817a823c4 x10: 0000000000000202 x9 : 7e779c5735de9400 [ 129.447591][ T934] x8 : ffffffd81560d004 x7 : 205b5d3938373434 x6 : ffffffd8167397c8 [ 129.447610][ T934] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffffffc0843db9e0 [ 129.447629][ T934] x2 : 0000000000002f15 x1 : 0000000000000000 x0 : 0000000000000000 [ 129.447647][ T934] Call trace: [ 129.447655][ T934] android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug 1400000003000000474e550080cce8a8a78606b6] [ 129.447681][ T934] __might_resched+0x190/0x1a8 [ 129.447694][ T934] shrink_work+0x180/0x248 [ 129.447706][ T934] process_one_work+0x260/0x624 [ 129.447718][ T934] worker_thread+0x28c/0x454 [ 129.447729][ T934] kthread+0x118/0x158 [ 129.447742][ T934] ret_from_fork+0x10/0x20 [ 129.447761][ T934] Code: ???????? ???????? ???????? d2b5dd1f (d4210000) [ 129.447772][ T934] ---[ end trace 0000000000000000 ]--- dm_bufio_lock will call spin_lock_bh when try_verify_in_tasklet is enabled, and __scan will be called in atomic context. Fixes: 7cd326747f46 ("dm bufio: remove dm_bufio_cond_resched()") Signed-off-by: LongPing Wei <weilongping(a)oppo.com> Cc: stable(a)vger.kernel.org Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c index 9c8ed65cd87e..f0b5a6931161 100644 --- a/drivers/md/dm-bufio.c +++ b/drivers/md/dm-bufio.c @@ -68,6 +68,8 @@ #define LIST_DIRTY 1 #define LIST_SIZE 2 +#define SCAN_RESCHED_CYCLE 16 + /*--------------------------------------------------------------*/ /* @@ -2424,7 +2426,12 @@ static void __scan(struct dm_bufio_client *c) atomic_long_dec(&c->need_shrink); freed++; - cond_resched(); + + if (unlikely(freed % SCAN_RESCHED_CYCLE == 0)) { + dm_bufio_unlock(c); + cond_resched(); + dm_bufio_lock(c); + } } } }

7 months

2
1
0 0

Linux 6.12.27

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.27 kernel. This fixes a build problem in the 6.12.26 release. If you do not have a build issue with 6.12.26, there is no need to update. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- kernel/bpf/preload/bpf_preload_kern.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Greg Kroah-Hartman (1): Linux 6.12.27 Xi Ruoyao (1): bpf: Fix BPF_INTERNAL namespace import

7 months

1
1
0 0

Linux 6.1.137

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.137 kernel. This release fixes a problem building the Loongarch target in the 6.1.136 release. If you do not have build problems with the 6.1.136 release, there is no need for you to update to this release. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 +- arch/loongarch/mm/hugetlbpage.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Greg Kroah-Hartman (1): Linux 6.1.137 Huacai Chen (1): LoongArch: Fix build error due to backport

7 months

1
1
0 0

[PATCH 6.1 000/157] 6.1.136-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.136 release. There are 157 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 03 May 2025 08:08:16 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.136-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.136-rc2 Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Silence more KCOV warnings, part 2 Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qcom: q6afe-dai: fix Display Port Playback stream name Rob Herring <robh(a)kernel.org> PCI: Fix use-after-free in pci_bus_release_domain_nr() Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Remove pointer (asterisk) and brackets from cpumask_t field Richard Zhu <hongxing.zhu(a)nxp.com> phy: freescale: imx8m-pcie: Add one missing error return Richard Zhu <hongxing.zhu(a)nxp.com> phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check Hannes Reinecke <hare(a)kernel.org> nvme: fixup scan failure for non-ANA multipath controllers Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: cm: Fix warning if MIPS_CM is disabled Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> xdp: Reset bpf_redirect_info before running a xdp's BPF prog. Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable STU methods for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable PVT for 6321 switch Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family Jakub Kicinski <kuba(a)kernel.org> net/sched: act_mirred: don't override retval if we already lost the skb Marek Behún <kabel(a)kernel.org> crypto: atmel-sha204a - Set hwrng quality to lowest possible Ian Abbott <abbotti(a)mev.co.uk> comedi: jr3_pci: Fix synchronous deletion of timer Dave Kleikamp <dave.kleikamp(a)oracle.com> jfs: define xtree root and page independently Sergey Shtylyov <s.shtylyov(a)omp.ru> of: module: add buffer overflow check in of_modalias() Tamura Dai <kirinode0(a)gmail.com> spi: spi-imx: Add check for spi_imx_setupxfer() Meir Elisha <meir.elisha(a)volumez.com> md/raid1: Add check for missing source disk in process_checks() Mostafa Saleh <smostafa(a)google.com> ubsan: Fix panic from test_ubsan_out_of_bounds Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: add rate limiting and simplify timeout error message Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts Yunlong Xing <yunlong.xing(a)unisoc.com> loop: aio inherit the ioprio of original request Fernando Fernandez Mancera <ffmancera(a)riseup.net> x86/i8253: Call clockevent_i8253_disable() with interrupts disabled Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy_attached to zero when device is gone Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: make block validity check resistent to sb bh corruption Daniel Wagner <wagi(a)kernel.org> nvmet-fc: put ref when assoc->del_work is already scheduled Daniel Wagner <wagi(a)kernel.org> nvmet-fc: take tgtport reference only once Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on context switch with eIBRS Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Use SBPB in write_ibpb() if applicable Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> selftests/mincore: Allow read-ahead pages to reach the end of the file Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Stop UNRET validation on UD2 Hannes Reinecke <hare(a)kernel.org> nvme: re-read ANA log page after ns scan completes Jean-Marc Eurin <jmeurin(a)google.com> ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls Mario Limonciello <mario.limonciello(a)amd.com> ACPI: EC: Set ec_no_wakeup for Lenovo Go S Hannes Reinecke <hare(a)kernel.org> nvme: requeue namespace scan on missed AENs Jason Andryuk <jason.andryuk(a)amd.com> xen: Change xen-acpi-processor dom0 dependency Ming Lei <ming.lei(a)redhat.com> selftests: ublk: fix test_stripe_04 Xiaogang Chen <xiaogang.chen(a)amd.com> udmabuf: fix a buf size overflow issue during udmabuf creation Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> KVM: s390: Don't use %pK through tracepoints Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP Lukas Stockmann <lukas.stockmann(a)siemens.com> rtc: pcf85063: do a SW reset if POR failed Dominique Martinet <asmadeus(a)codewreck.org> 9p/net: fix improper handling of bogus negative read/write replies Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> ntb_hw_amd: Add NTB PCI ID for new gen CPU Arnd Bergmann <arnd(a)arndb.de> ntb: reduce stack usage in idt_scan_mws Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix _another_ leak Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, lkdtm: Obfuscate the do_nothing() pointer Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Silence more KCOV warnings Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Scan retimers after device router has been enumerated Théo Lebrun <theo.lebrun(a)bootlin.com> usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func Chenyuan Yang <chenyuan0y(a)gmail.com> usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running Vinicius Costa Gomes <vinicius.gomes(a)intel.com> dmaengine: dmatest: Fix dmatest waiting less when interrupted John Stultz <jstultz(a)google.com> sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: dwc3: gadget: Refactor loop to avoid NULL endpoints Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size Alexander Stein <alexander.stein(a)mailbox.org> usb: host: max3421-hcd: Add missing spi_device_id table Haoxiang Li <haoxiang_li2024(a)163.com> s390/tty: Fix a potential memory leak bug Haoxiang Li <haoxiang_li2024(a)163.com> s390/sclp: Add check for get_zeroed_page() Yu-Chun Lin <eleanor15x(a)gmail.com> parisc: PDT: Fix missing prototype warning Heiko Stuebner <heiko(a)sntech.de> clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() Alexei Starovoitov <ast(a)kernel.org> bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Herbert Xu <herbert(a)gondor.apana.org.au> crypto: null - Use spin lock instead of mutex Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: cm: Detect CM quirks from device tree Chenyuan Yang <chenyuan0y(a)gmail.com> pinctrl: renesas: rza2: Fix potential NULL pointer dereference Oliver Neukum <oneukum(a)suse.com> USB: wdm: add annotation Oliver Neukum <oneukum(a)suse.com> USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context Oliver Neukum <oneukum(a)suse.com> USB: wdm: close race between wdm_open and wdm_wwan_port_stop Oliver Neukum <oneukum(a)suse.com> USB: wdm: handle IO errors in wdm_wwan_port_start Oliver Neukum <oneukum(a)suse.com> USB: VLI disk crashes if LPM is used Miao Li <limiao(a)kylinos.cn> usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive Miao Li <limiao(a)kylinos.cn> usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive Mike Looijmans <mike.looijmans(a)topic.nl> usb: dwc3: xilinx: Prevent spike in reset signal Frode Isaksen <frode(a)meta.com> usb: dwc3: gadget: check that event count does not exceed event buffer length Huacai Chen <chenhuacai(a)kernel.org> USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: fix usbmisc handling Ralph Siemsen <ralph.siemsen(a)linaro.org> usb: cdns3: Fix deadlock when using NCM gadget Craig Hesling <craig(a)hesling.com> USB: serial: simple: add OWON HDS200 series oscilloscope support Adam Xue <zxue(a)semtech.com> USB: serial: option: add Sierra Wireless EM9291 Michael Ehrenreich <michideep(a)gmail.com> USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe Ryo Takakura <ryotkkr98(a)gmail.com> serial: sifive: lock port in startup()/shutdown() callbacks Stephan Gerhold <stephan.gerhold(a)linaro.org> serial: msm: Configure correct working mode before starting earlycon Rengarajan S <rengarajan.s(a)microchip.com> misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack Rengarajan S <rengarajan.s(a)microchip.com> misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration Sean Christopherson <seanjc(a)google.com> KVM: x86: Reset IRTE to host control if *new* route isn't postable Sean Christopherson <seanjc(a)google.com> KVM: x86: Explicitly treat routing entry type changes as changes Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add panther lake H DID Oliver Neukum <oneukum(a)suse.com> USB: storage: quirk for ADATA Portable HDD CH94 Haoxiang Li <haoxiang_li2024(a)163.com> mcb: fix a double free bug in chameleon_parse_gdd() Sean Christopherson <seanjc(a)google.com> KVM: SVM: Allocate IR data using atomic allocation Petr Tesarik <ptesarik(a)suse.com> LoongArch: Remove a bogus reference to ZONE_DMA Ming Wang <wangming01(a)loongson.cn> LoongArch: Return NULL from huge_pte_offset() for invalid PMD Roman Li <Roman.Li(a)amd.com> drm/amd/display: Force full update in gpu reset Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix gpu reset in multidisplay config Oleksij Rempel <linux(a)rempel-privat.de> net: selftests: initialize TCP header and skb payload with zero Alexey Nepomnyashih <sdl(a)nppct.ru> xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() Halil Pasic <pasic(a)linux.ibm.com> virtio_console: fix missing byte order handling for cols and rows Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb Ping-Ke Shih <pkshih(a)realtek.com> wifi: mac80211: export ieee80211_purge_tx_queue() for drivers Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Make regs_irqs_disabled() more clear Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Select ARCH_USE_MEMTEST Luo Gengkun <luogengkun(a)huaweicloud.com> perf/x86: Fix non-sampling (counting) events on certain x86 platforms Sean Christopherson <seanjc(a)google.com> iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a UAF vulnerability in class handling Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix NULL pointer dereference in tipc_mon_reinit_self() Qingfang Deng <qingfang.deng(a)siflower.com.cn> net: phy: leds: fix memory leak Justin Iurman <justin.iurman(a)uliege.be> net: lwtunnel: disable BHs when required Anastasia Kovaleva <a.kovaleva(a)yadro.com> scsi: core: Clear flags for scsi_cmnd that did not complete Qu Wenruo <wqu(a)suse.com> btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() Marc Zyngier <maz(a)kernel.org> cpufreq: cppc: Fix invalid return value in .get() callback Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() Arnd Bergmann <arnd(a)arndb.de> dma/contiguous: avoid warning about unused size_bytes Mark Brown <broonie(a)kernel.org> selftests/mm: generate a temporary mountpoint for cgroup filesystem Evgeny Pimenov <pimenoveu12(a)gmail.com> ASoC: qcom: Fix sc7280 lpass potential buffer overflow Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: qcom: q6dsp: add support to more display ports Stefan Eichenberger <stefan.eichenberger(a)toradex.com> phy: freescale: imx8m-pcie: assert phy reset and perst in power off Richard Zhu <hongxing.zhu(a)nxp.com> phy: freescale: imx8m-pcie: Add i.MX8MP PCIe PHY support Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_register_host_bridge() Pali Rohár <pali(a)kernel.org> PCI: Assign PCI domain IDs by ida_alloc() Zijun Hu <quic_zijuhu(a)quicinc.com> of: resolver: Fix device node refcount leakage in of_resolve_phandles() Rob Herring (Arm) <robh(a)kernel.org> of: resolver: Simplify of_resolve_phandles() using __free() Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> clk: renesas: r9a07g043: Fix HP clock source for RZ/Five Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: r9a07g04[34]: Fix typo for sel_shdi variable Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: r9a07g04[34]: Use SEL_SDHI1_STS status configuration for SD1 mux Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Refactor SD mux driver Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Remove CPG_SDHI_DSEL from generic header Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Add struct clk_hw_data Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Use u32 for flag and mux_flags Herve Codina <herve.codina(a)bootlin.com> backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> backlight: led_bl: Convert to platform remove callback returning void Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> iio: adc: ad7768-1: Fix conversion result sign Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix VTU methods for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix internal PHYs for 6320 family Alexis Lothoré <alexis.lothore(a)bootlin.com> net: dsa: mv88e6xxx: add field to specify internal phys layout Alexis Lothoré <alexis.lothore(a)bootlin.com> net: dsa: mv88e6xxx: pass directly chip structure to mv88e6xxx_phy_is_internal Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: dsa: mv88e6xxx: move link forcing to mac_prepare/mac_finish Russell King (Oracle) <rmk+kernel(a)armlinux.org.uk> net: dsa: add support for mac_prepare() and mac_finish() calls Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: mv88e6xxx: don't dispose of Global2 IRQ mappings from mdiobus code Haoxiang Li <haoxiang_li2024(a)163.com> auxdisplay: hd44780: Fix an API misuse in hd44780.c Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> auxdisplay: hd44780: Convert to platform remove callback returning void Steven Rostedt <rostedt(a)goodmis.org> tracing: Verify event formats that have "%*p.." Steven Rostedt <rostedt(a)goodmis.org> tracing: Add __print_dynamic_array() helper Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Add __string_len() example Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Fix cpumask() example typo Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Add __cpumask to denote a trace event field that is a cpumask_t Thorsten Leemhuis <linux(a)leemhuis.info> module: sign with sha512 instead of sha1 by default ------------- Diffstat: Makefile | 4 +- arch/loongarch/Kconfig | 1 + arch/loongarch/include/asm/ptrace.h | 4 +- arch/loongarch/mm/hugetlbpage.c | 2 +- arch/loongarch/mm/init.c | 3 - arch/mips/include/asm/mips-cm.h | 22 +++ arch/mips/kernel/mips-cm.c | 14 ++ arch/parisc/kernel/pdt.c | 2 + arch/s390/kvm/trace-s390.h | 4 +- arch/x86/entry/entry.S | 2 +- arch/x86/events/core.c | 2 +- arch/x86/kernel/cpu/bugs.c | 36 ++--- arch/x86/kernel/i8253.c | 3 +- arch/x86/kvm/svm/avic.c | 60 +++---- arch/x86/kvm/vmx/posted_intr.c | 28 ++-- arch/x86/kvm/x86.c | 3 +- arch/x86/mm/tlb.c | 6 +- crypto/crypto_null.c | 37 +++-- drivers/acpi/ec.c | 28 ++++ drivers/acpi/pptt.c | 4 +- drivers/auxdisplay/hd44780.c | 9 +- drivers/block/loop.c | 2 +- drivers/char/virtio_console.c | 7 +- drivers/clk/clk.c | 4 + drivers/clk/renesas/r9a07g043-cpg.c | 28 +++- drivers/clk/renesas/r9a07g044-cpg.c | 21 ++- drivers/clk/renesas/rzg2l-cpg.c | 178 +++++++++++++++------ drivers/clk/renesas/rzg2l-cpg.h | 24 +-- drivers/comedi/drivers/jr3_pci.c | 17 +- drivers/cpufreq/cppc_cpufreq.c | 2 +- drivers/cpufreq/scmi-cpufreq.c | 10 +- drivers/cpufreq/scpi-cpufreq.c | 13 +- drivers/crypto/atmel-sha204a.c | 7 +- drivers/dma-buf/udmabuf.c | 2 +- drivers/dma/dmatest.c | 6 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 9 +- drivers/iio/adc/ad7768-1.c | 5 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/amd/iommu.c | 2 +- drivers/mcb/mcb-parse.c | 2 +- drivers/md/raid1.c | 26 +-- drivers/misc/lkdtm/perms.c | 14 +- drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c | 8 +- drivers/misc/mei/hw-me-regs.h | 1 + drivers/misc/mei/pci-me.c | 1 + drivers/net/dsa/mv88e6xxx/chip.c | 106 ++++++++---- drivers/net/dsa/mv88e6xxx/chip.h | 5 + drivers/net/dsa/mv88e6xxx/global2.c | 25 +-- drivers/net/phy/phy_led_triggers.c | 23 +-- drivers/net/wireless/realtek/rtw88/main.c | 2 +- drivers/net/wireless/realtek/rtw88/tx.c | 2 +- drivers/net/xen-netfront.c | 19 ++- drivers/ntb/hw/amd/ntb_hw_amd.c | 1 + drivers/ntb/hw/idt/ntb_hw_idt.c | 18 +-- drivers/nvme/host/core.c | 9 ++ drivers/nvme/target/fc.c | 25 ++- drivers/of/device.c | 7 +- drivers/of/resolver.c | 37 ++--- drivers/pci/pci.c | 107 +++++++------ drivers/pci/probe.c | 16 +- drivers/pci/remove.c | 7 + drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 46 +++++- drivers/pinctrl/renesas/pinctrl-rza2.c | 3 + drivers/rtc/rtc-pcf85063.c | 19 ++- drivers/s390/char/sclp_con.c | 17 ++ drivers/s390/char/sclp_tty.c | 12 ++ drivers/scsi/hisi_sas/hisi_sas_main.c | 20 +++ drivers/scsi/pm8001/pm8001_sas.c | 1 + drivers/scsi/scsi_lib.c | 6 +- drivers/spi/spi-imx.c | 5 +- drivers/spi/spi-tegra210-quad.c | 6 +- drivers/thunderbolt/tb.c | 16 +- drivers/tty/serial/msm_serial.c | 6 + drivers/tty/serial/sifive.c | 6 + drivers/ufs/host/ufs-exynos.c | 10 +- drivers/usb/cdns3/cdns3-gadget.c | 2 + drivers/usb/chipidea/ci_hdrc_imx.c | 44 +++-- drivers/usb/class/cdc-wdm.c | 21 ++- drivers/usb/core/quirks.c | 9 ++ drivers/usb/dwc3/dwc3-pci.c | 10 ++ drivers/usb/dwc3/dwc3-xilinx.c | 4 +- drivers/usb/dwc3/gadget.c | 28 +++- drivers/usb/gadget/udc/aspeed-vhub/dev.c | 3 + drivers/usb/host/max3421-hcd.c | 7 + drivers/usb/host/ohci-pci.c | 23 +++ drivers/usb/host/xhci-mvebu.c | 10 -- drivers/usb/host/xhci-mvebu.h | 6 - drivers/usb/host/xhci-plat.c | 2 +- drivers/usb/host/xhci-ring.c | 11 +- drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 5 + drivers/usb/serial/option.c | 3 + drivers/usb/serial/usb-serial-simple.c | 7 + drivers/usb/storage/unusual_uas.h | 7 + drivers/video/backlight/led_bl.c | 11 +- drivers/xen/Kconfig | 2 +- fs/btrfs/file.c | 9 +- fs/ext4/block_validity.c | 5 +- fs/ext4/inode.c | 7 +- fs/jfs/jfs_dinode.h | 2 +- fs/jfs/jfs_imap.c | 6 +- fs/jfs/jfs_incore.h | 2 +- fs/jfs/jfs_txnmgr.c | 4 +- fs/jfs/jfs_xtree.c | 4 +- fs/jfs/jfs_xtree.h | 37 +++-- fs/ntfs3/file.c | 1 + include/dt-bindings/sound/qcom,q6dsp-lpass-ports.h | 8 + include/linux/filter.h | 9 +- include/linux/pci.h | 1 + include/net/dsa.h | 6 + include/net/mac80211.h | 13 ++ include/trace/bpf_probe.h | 6 + include/trace/perf.h | 6 + include/trace/stages/stage1_struct_define.h | 6 + include/trace/stages/stage2_data_offsets.h | 6 + include/trace/stages/stage3_trace_output.h | 14 ++ include/trace/stages/stage4_event_fields.h | 12 ++ include/trace/stages/stage5_get_offsets.h | 6 + include/trace/stages/stage6_event_callback.h | 20 +++ include/trace/stages/stage7_class_define.h | 3 + init/Kconfig | 2 +- kernel/dma/contiguous.c | 3 +- kernel/module/Kconfig | 1 + kernel/trace/bpf_trace.c | 7 +- kernel/trace/trace_events.c | 7 + lib/test_ubsan.c | 18 ++- net/9p/client.c | 30 ++-- net/core/lwtunnel.c | 26 ++- net/core/selftests.c | 18 ++- net/dsa/port.c | 32 ++++ net/mac80211/ieee80211_i.h | 2 - net/mac80211/status.c | 1 + net/sched/act_mirred.c | 22 +-- net/sched/sch_hfsc.c | 23 ++- net/tipc/monitor.c | 3 +- samples/trace_events/trace-events-sample.c | 2 +- samples/trace_events/trace-events-sample.h | 46 +++++- scripts/Makefile.lib | 2 +- sound/soc/codecs/wcd934x.c | 2 +- sound/soc/qcom/lpass.h | 3 +- sound/soc/qcom/qdsp6/q6afe-dai.c | 2 +- sound/soc/qcom/qdsp6/q6dsp-lpass-ports.c | 43 +++-- sound/virtio/virtio_pcm.c | 21 ++- tools/objtool/check.c | 9 ++ tools/testing/selftests/mincore/mincore_selftest.c | 3 - tools/testing/selftests/ublk/test_stripe_04.sh | 24 +++ .../selftests/vm/charge_reserved_hugetlb.sh | 4 +- .../selftests/vm/hugetlb_reparenting_test.sh | 2 +- 148 files changed, 1434 insertions(+), 580 deletions(-)

7 months

9
9
0 0

[PATCH 0/3] can: rx-offload: fix order of unregistration calls

by Marc Kleine-Budde

If a driver is removed, the driver framework invokes the driver's remove callback. A CAN driver's remove function calls unregister_candev(), which calls net_device_ops::ndo_stop further down in the call stack for interfaces which are in the "up" state. With the mcp251xfd driver the removal of the module causes the following warning: | WARNING: CPU: 0 PID: 352 at net/core/dev.c:7342 __netif_napi_del_locked+0xc8/0xd8 as can_rx_offload_del() deletes the NAPI, while it is still active, because the interface is still up. To fix the warning, first unregister the network interface, which calls net_device_ops::ndo_stop, which disables the NAPI, and then call can_rx_offload_del(). All other driver using the rx-offload helper have been checked and the same issue has been found in the rockchip and m_can driver. These have been fixed, but only compile time tested. On the mcp251xfd the fix was tested on hardware. Signed-off-by: Marc Kleine-Budde <mkl(a)pengutronix.de> --- Marc Kleine-Budde (3): can: mcp251xfd: mcp251xfd_remove(): fix order of unregistration calls can: rockchip_canfd: m_can_class_unregister: fix order of unregistration calls can: mcan: m_can_class_unregister: fix order of unregistration calls drivers/net/can/m_can/m_can.c | 2 +- drivers/net/can/rockchip/rockchip_canfd-core.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) --- base-commit: ebd297a2affadb6f6f4d2e5d975c1eda18ac762d change-id: 20250502-can-rx-offload-del-eb79379733dd Best regards, -- Marc Kleine-Budde <mkl(a)pengutronix.de>

7 months

2
5
0 0

FAILED: patch "[PATCH] platform/x86: alienware-wmi-wmax: Add support for Alienware" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 246f9bb62016c423972ea7f2335a8e0ed3521cde # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050500-crinkly-accent-49da@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 246f9bb62016c423972ea7f2335a8e0ed3521cde Mon Sep 17 00:00:00 2001 From: Kurt Borja <kuurtb(a)gmail.com> Date: Sat, 19 Apr 2025 12:45:29 -0300 Subject: [PATCH] platform/x86: alienware-wmi-wmax: Add support for Alienware m15 R7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Extend thermal control support to Alienware m15 R7. Cc: stable(a)vger.kernel.org Tested-by: Romain THERY <romain.thery(a)ik.me> Signed-off-by: Kurt Borja <kuurtb(a)gmail.com> Link: https://lore.kernel.org/r/20250419-m15-r7-v1-1-18c6eaa27e25@gmail.com Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/dell/alienware-wmi-wmax.c b/drivers/platform/x86/dell/alienware-wmi-wmax.c index 3f9e1e986ecf..08b82c151e07 100644 --- a/drivers/platform/x86/dell/alienware-wmi-wmax.c +++ b/drivers/platform/x86/dell/alienware-wmi-wmax.c @@ -69,6 +69,14 @@ static const struct dmi_system_id awcc_dmi_table[] __initconst = { }, .driver_data = &generic_quirks, }, + { + .ident = "Alienware m15 R7", + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Alienware"), + DMI_MATCH(DMI_PRODUCT_NAME, "Alienware m15 R7"), + }, + .driver_data = &generic_quirks, + }, { .ident = "Alienware m16 R1", .matches = {

7 months

1
0
0 0

FAILED: patch "[PATCH] platform/x86: alienware-wmi-wmax: Add support for Alienware" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 246f9bb62016c423972ea7f2335a8e0ed3521cde # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050559-nappy-trouble-9e98@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 246f9bb62016c423972ea7f2335a8e0ed3521cde Mon Sep 17 00:00:00 2001 From: Kurt Borja <kuurtb(a)gmail.com> Date: Sat, 19 Apr 2025 12:45:29 -0300 Subject: [PATCH] platform/x86: alienware-wmi-wmax: Add support for Alienware m15 R7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Extend thermal control support to Alienware m15 R7. Cc: stable(a)vger.kernel.org Tested-by: Romain THERY <romain.thery(a)ik.me> Signed-off-by: Kurt Borja <kuurtb(a)gmail.com> Link: https://lore.kernel.org/r/20250419-m15-r7-v1-1-18c6eaa27e25@gmail.com Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/dell/alienware-wmi-wmax.c b/drivers/platform/x86/dell/alienware-wmi-wmax.c index 3f9e1e986ecf..08b82c151e07 100644 --- a/drivers/platform/x86/dell/alienware-wmi-wmax.c +++ b/drivers/platform/x86/dell/alienware-wmi-wmax.c @@ -69,6 +69,14 @@ static const struct dmi_system_id awcc_dmi_table[] __initconst = { }, .driver_data = &generic_quirks, }, + { + .ident = "Alienware m15 R7", + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Alienware"), + DMI_MATCH(DMI_PRODUCT_NAME, "Alienware m15 R7"), + }, + .driver_data = &generic_quirks, + }, { .ident = "Alienware m16 R1", .matches = {

7 months

1
0
0 0

FAILED: patch "[PATCH] platform/x86: alienware-wmi-wmax: Add support for Alienware" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 246f9bb62016c423972ea7f2335a8e0ed3521cde # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050559-chirping-thievish-0b30@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 246f9bb62016c423972ea7f2335a8e0ed3521cde Mon Sep 17 00:00:00 2001 From: Kurt Borja <kuurtb(a)gmail.com> Date: Sat, 19 Apr 2025 12:45:29 -0300 Subject: [PATCH] platform/x86: alienware-wmi-wmax: Add support for Alienware m15 R7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Extend thermal control support to Alienware m15 R7. Cc: stable(a)vger.kernel.org Tested-by: Romain THERY <romain.thery(a)ik.me> Signed-off-by: Kurt Borja <kuurtb(a)gmail.com> Link: https://lore.kernel.org/r/20250419-m15-r7-v1-1-18c6eaa27e25@gmail.com Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/dell/alienware-wmi-wmax.c b/drivers/platform/x86/dell/alienware-wmi-wmax.c index 3f9e1e986ecf..08b82c151e07 100644 --- a/drivers/platform/x86/dell/alienware-wmi-wmax.c +++ b/drivers/platform/x86/dell/alienware-wmi-wmax.c @@ -69,6 +69,14 @@ static const struct dmi_system_id awcc_dmi_table[] __initconst = { }, .driver_data = &generic_quirks, }, + { + .ident = "Alienware m15 R7", + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Alienware"), + DMI_MATCH(DMI_PRODUCT_NAME, "Alienware m15 R7"), + }, + .driver_data = &generic_quirks, + }, { .ident = "Alienware m16 R1", .matches = {

7 months

1
0
0 0

FAILED: patch "[PATCH] platform/x86: alienware-wmi-wmax: Add support for Alienware" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 246f9bb62016c423972ea7f2335a8e0ed3521cde # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050558-dingo-canola-c07e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 246f9bb62016c423972ea7f2335a8e0ed3521cde Mon Sep 17 00:00:00 2001 From: Kurt Borja <kuurtb(a)gmail.com> Date: Sat, 19 Apr 2025 12:45:29 -0300 Subject: [PATCH] platform/x86: alienware-wmi-wmax: Add support for Alienware m15 R7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Extend thermal control support to Alienware m15 R7. Cc: stable(a)vger.kernel.org Tested-by: Romain THERY <romain.thery(a)ik.me> Signed-off-by: Kurt Borja <kuurtb(a)gmail.com> Link: https://lore.kernel.org/r/20250419-m15-r7-v1-1-18c6eaa27e25@gmail.com Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/dell/alienware-wmi-wmax.c b/drivers/platform/x86/dell/alienware-wmi-wmax.c index 3f9e1e986ecf..08b82c151e07 100644 --- a/drivers/platform/x86/dell/alienware-wmi-wmax.c +++ b/drivers/platform/x86/dell/alienware-wmi-wmax.c @@ -69,6 +69,14 @@ static const struct dmi_system_id awcc_dmi_table[] __initconst = { }, .driver_data = &generic_quirks, }, + { + .ident = "Alienware m15 R7", + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Alienware"), + DMI_MATCH(DMI_PRODUCT_NAME, "Alienware m15 R7"), + }, + .driver_data = &generic_quirks, + }, { .ident = "Alienware m16 R1", .matches = {

7 months

1
0
0 0

FAILED: patch "[PATCH] platform/x86: alienware-wmi-wmax: Add support for Alienware" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 246f9bb62016c423972ea7f2335a8e0ed3521cde # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050558-unissued-fructose-3d77@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 246f9bb62016c423972ea7f2335a8e0ed3521cde Mon Sep 17 00:00:00 2001 From: Kurt Borja <kuurtb(a)gmail.com> Date: Sat, 19 Apr 2025 12:45:29 -0300 Subject: [PATCH] platform/x86: alienware-wmi-wmax: Add support for Alienware m15 R7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Extend thermal control support to Alienware m15 R7. Cc: stable(a)vger.kernel.org Tested-by: Romain THERY <romain.thery(a)ik.me> Signed-off-by: Kurt Borja <kuurtb(a)gmail.com> Link: https://lore.kernel.org/r/20250419-m15-r7-v1-1-18c6eaa27e25@gmail.com Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/dell/alienware-wmi-wmax.c b/drivers/platform/x86/dell/alienware-wmi-wmax.c index 3f9e1e986ecf..08b82c151e07 100644 --- a/drivers/platform/x86/dell/alienware-wmi-wmax.c +++ b/drivers/platform/x86/dell/alienware-wmi-wmax.c @@ -69,6 +69,14 @@ static const struct dmi_system_id awcc_dmi_table[] __initconst = { }, .driver_data = &generic_quirks, }, + { + .ident = "Alienware m15 R7", + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Alienware"), + DMI_MATCH(DMI_PRODUCT_NAME, "Alienware m15 R7"), + }, + .driver_data = &generic_quirks, + }, { .ident = "Alienware m16 R1", .matches = {

7 months

1
0
0 0

FAILED: patch "[PATCH] platform/x86: alienware-wmi-wmax: Add support for Alienware" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x 246f9bb62016c423972ea7f2335a8e0ed3521cde # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050558-triumph-watch-9e5b@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 246f9bb62016c423972ea7f2335a8e0ed3521cde Mon Sep 17 00:00:00 2001 From: Kurt Borja <kuurtb(a)gmail.com> Date: Sat, 19 Apr 2025 12:45:29 -0300 Subject: [PATCH] platform/x86: alienware-wmi-wmax: Add support for Alienware m15 R7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Extend thermal control support to Alienware m15 R7. Cc: stable(a)vger.kernel.org Tested-by: Romain THERY <romain.thery(a)ik.me> Signed-off-by: Kurt Borja <kuurtb(a)gmail.com> Link: https://lore.kernel.org/r/20250419-m15-r7-v1-1-18c6eaa27e25@gmail.com Reviewed-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> Signed-off-by: Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> diff --git a/drivers/platform/x86/dell/alienware-wmi-wmax.c b/drivers/platform/x86/dell/alienware-wmi-wmax.c index 3f9e1e986ecf..08b82c151e07 100644 --- a/drivers/platform/x86/dell/alienware-wmi-wmax.c +++ b/drivers/platform/x86/dell/alienware-wmi-wmax.c @@ -69,6 +69,14 @@ static const struct dmi_system_id awcc_dmi_table[] __initconst = { }, .driver_data = &generic_quirks, }, + { + .ident = "Alienware m15 R7", + .matches = { + DMI_MATCH(DMI_SYS_VENDOR, "Alienware"), + DMI_MATCH(DMI_PRODUCT_NAME, "Alienware m15 R7"), + }, + .driver_data = &generic_quirks, + }, { .ident = "Alienware m16 R1", .matches = {

7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix slab-use-after-free in hdcp" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x be593d9d91c5a3a363d456b9aceb71029aeb3f1d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050552-definite-secrecy-8c21@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be593d9d91c5a3a363d456b9aceb71029aeb3f1d Mon Sep 17 00:00:00 2001 From: Chris Bainbridge <chris.bainbridge(a)gmail.com> Date: Thu, 17 Apr 2025 16:50:05 -0500 Subject: [PATCH] drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector objects without incrementing the kref reference counts. When using a USB-C dock, and the dock is unplugged, the corresponding amdgpu_dm_connector objects are freed, creating dangling pointers in the HDCP code. When the dock is plugged back, the dangling pointers are dereferenced, resulting in a slab-use-after-free: [ 66.775837] BUG: KASAN: slab-use-after-free in event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.776171] Read of size 4 at addr ffff888127804120 by task kworker/0:1/10 [ 66.776179] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.14.0-rc7-00180-g54505f727a38-dirty #233 [ 66.776183] Hardware name: HP HP Pavilion Aero Laptop 13-be0xxx/8916, BIOS F.17 12/18/2024 [ 66.776186] Workqueue: events event_property_validate [amdgpu] [ 66.776494] Call Trace: [ 66.776496] <TASK> [ 66.776497] dump_stack_lvl+0x70/0xa0 [ 66.776504] print_report+0x175/0x555 [ 66.776507] ? __virt_addr_valid+0x243/0x450 [ 66.776510] ? kasan_complete_mode_report_info+0x66/0x1c0 [ 66.776515] kasan_report+0xeb/0x1c0 [ 66.776518] ? event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.776819] ? event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.777121] __asan_report_load4_noabort+0x14/0x20 [ 66.777124] event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.777342] ? __lock_acquire+0x6b40/0x6b40 [ 66.777347] ? enable_assr+0x250/0x250 [amdgpu] [ 66.777571] process_one_work+0x86b/0x1510 [ 66.777575] ? pwq_dec_nr_in_flight+0xcf0/0xcf0 [ 66.777578] ? assign_work+0x16b/0x280 [ 66.777580] ? lock_is_held_type+0xa3/0x130 [ 66.777583] worker_thread+0x5c0/0xfa0 [ 66.777587] ? process_one_work+0x1510/0x1510 [ 66.777588] kthread+0x3a2/0x840 [ 66.777591] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777594] ? trace_hardirqs_on+0x4f/0x60 [ 66.777597] ? _raw_spin_unlock_irq+0x27/0x60 [ 66.777599] ? calculate_sigpending+0x77/0xa0 [ 66.777602] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777605] ret_from_fork+0x40/0x90 [ 66.777607] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777609] ret_from_fork_asm+0x11/0x20 [ 66.777614] </TASK> [ 66.777643] Allocated by task 10: [ 66.777646] kasan_save_stack+0x39/0x60 [ 66.777649] kasan_save_track+0x14/0x40 [ 66.777652] kasan_save_alloc_info+0x37/0x50 [ 66.777655] __kasan_kmalloc+0xbb/0xc0 [ 66.777658] __kmalloc_cache_noprof+0x1c8/0x4b0 [ 66.777661] dm_dp_add_mst_connector+0xdd/0x5c0 [amdgpu] [ 66.777880] drm_dp_mst_port_add_connector+0x47e/0x770 [drm_display_helper] [ 66.777892] drm_dp_send_link_address+0x1554/0x2bf0 [drm_display_helper] [ 66.777901] drm_dp_check_and_send_link_address+0x187/0x1f0 [drm_display_helper] [ 66.777909] drm_dp_mst_link_probe_work+0x2b8/0x410 [drm_display_helper] [ 66.777917] process_one_work+0x86b/0x1510 [ 66.777919] worker_thread+0x5c0/0xfa0 [ 66.777922] kthread+0x3a2/0x840 [ 66.777925] ret_from_fork+0x40/0x90 [ 66.777927] ret_from_fork_asm+0x11/0x20 [ 66.777932] Freed by task 1713: [ 66.777935] kasan_save_stack+0x39/0x60 [ 66.777938] kasan_save_track+0x14/0x40 [ 66.777940] kasan_save_free_info+0x3b/0x60 [ 66.777944] __kasan_slab_free+0x52/0x70 [ 66.777946] kfree+0x13f/0x4b0 [ 66.777949] dm_dp_mst_connector_destroy+0xfa/0x150 [amdgpu] [ 66.778179] drm_connector_free+0x7d/0xb0 [ 66.778184] drm_mode_object_put.part.0+0xee/0x160 [ 66.778188] drm_mode_object_put+0x37/0x50 [ 66.778191] drm_atomic_state_default_clear+0x220/0xd60 [ 66.778194] __drm_atomic_state_free+0x16e/0x2a0 [ 66.778197] drm_mode_atomic_ioctl+0x15ed/0x2ba0 [ 66.778200] drm_ioctl_kernel+0x17a/0x310 [ 66.778203] drm_ioctl+0x584/0xd10 [ 66.778206] amdgpu_drm_ioctl+0xd2/0x1c0 [amdgpu] [ 66.778375] __x64_sys_ioctl+0x139/0x1a0 [ 66.778378] x64_sys_call+0xee7/0xfb0 [ 66.778381] do_syscall_64+0x87/0x140 [ 66.778385] entry_SYSCALL_64_after_hwframe+0x4b/0x53 Fix this by properly incrementing and decrementing the reference counts when making and deleting copies of the amdgpu_dm_connector pointers. (Mario: rebase on current code and update fixes tag) Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/4006 Signed-off-by: Chris Bainbridge <chris.bainbridge(a)gmail.com> Fixes: da3fd7ac0bcf3 ("drm/amd/display: Update CP property based on HW query") Reviewed-by: Alex Hung <alex.hung(a)amd.com> Link: https://lore.kernel.org/r/20250417215005.37964-1-mario.limonciello@amd.com Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit d4673f3c3b3dcb74e36e53cdfc880baa7a87b330) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c index 5198a079b463..8f22ad966543 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c @@ -173,6 +173,9 @@ void hdcp_update_display(struct hdcp_workqueue *hdcp_work, unsigned int conn_index = aconnector->base.index; guard(mutex)(&hdcp_w->mutex); + drm_connector_get(&aconnector->base); + if (hdcp_w->aconnector[conn_index]) + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); hdcp_w->aconnector[conn_index] = aconnector; memset(&link_adjust, 0, sizeof(link_adjust)); @@ -220,7 +223,6 @@ static void hdcp_remove_display(struct hdcp_workqueue *hdcp_work, unsigned int conn_index = aconnector->base.index; guard(mutex)(&hdcp_w->mutex); - hdcp_w->aconnector[conn_index] = aconnector; /* the removal of display will invoke auth reset -> hdcp destroy and * we'd expect the Content Protection (CP) property changed back to @@ -236,7 +238,10 @@ static void hdcp_remove_display(struct hdcp_workqueue *hdcp_work, } mod_hdcp_remove_display(&hdcp_w->hdcp, aconnector->base.index, &hdcp_w->output); - + if (hdcp_w->aconnector[conn_index]) { + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); + hdcp_w->aconnector[conn_index] = NULL; + } process_output(hdcp_w); } @@ -254,6 +259,10 @@ void hdcp_reset_display(struct hdcp_workqueue *hdcp_work, unsigned int link_inde for (conn_index = 0; conn_index < AMDGPU_DM_MAX_DISPLAY_INDEX; conn_index++) { hdcp_w->encryption_status[conn_index] = MOD_HDCP_ENCRYPTION_STATUS_HDCP_OFF; + if (hdcp_w->aconnector[conn_index]) { + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); + hdcp_w->aconnector[conn_index] = NULL; + } } process_output(hdcp_w); @@ -488,6 +497,7 @@ static void update_config(void *handle, struct cp_psp_stream_config *config) struct hdcp_workqueue *hdcp_work = handle; struct amdgpu_dm_connector *aconnector = config->dm_stream_ctx; int link_index = aconnector->dc_link->link_index; + unsigned int conn_index = aconnector->base.index; struct mod_hdcp_display *display = &hdcp_work[link_index].display; struct mod_hdcp_link *link = &hdcp_work[link_index].link; struct hdcp_workqueue *hdcp_w = &hdcp_work[link_index]; @@ -544,7 +554,10 @@ static void update_config(void *handle, struct cp_psp_stream_config *config) guard(mutex)(&hdcp_w->mutex); mod_hdcp_add_display(&hdcp_w->hdcp, link, display, &hdcp_w->output); - + drm_connector_get(&aconnector->base); + if (hdcp_w->aconnector[conn_index]) + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); + hdcp_w->aconnector[conn_index] = aconnector; process_output(hdcp_w); }

7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix slab-use-after-free in hdcp" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x be593d9d91c5a3a363d456b9aceb71029aeb3f1d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050551-plated-craziness-6483@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be593d9d91c5a3a363d456b9aceb71029aeb3f1d Mon Sep 17 00:00:00 2001 From: Chris Bainbridge <chris.bainbridge(a)gmail.com> Date: Thu, 17 Apr 2025 16:50:05 -0500 Subject: [PATCH] drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector objects without incrementing the kref reference counts. When using a USB-C dock, and the dock is unplugged, the corresponding amdgpu_dm_connector objects are freed, creating dangling pointers in the HDCP code. When the dock is plugged back, the dangling pointers are dereferenced, resulting in a slab-use-after-free: [ 66.775837] BUG: KASAN: slab-use-after-free in event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.776171] Read of size 4 at addr ffff888127804120 by task kworker/0:1/10 [ 66.776179] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.14.0-rc7-00180-g54505f727a38-dirty #233 [ 66.776183] Hardware name: HP HP Pavilion Aero Laptop 13-be0xxx/8916, BIOS F.17 12/18/2024 [ 66.776186] Workqueue: events event_property_validate [amdgpu] [ 66.776494] Call Trace: [ 66.776496] <TASK> [ 66.776497] dump_stack_lvl+0x70/0xa0 [ 66.776504] print_report+0x175/0x555 [ 66.776507] ? __virt_addr_valid+0x243/0x450 [ 66.776510] ? kasan_complete_mode_report_info+0x66/0x1c0 [ 66.776515] kasan_report+0xeb/0x1c0 [ 66.776518] ? event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.776819] ? event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.777121] __asan_report_load4_noabort+0x14/0x20 [ 66.777124] event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.777342] ? __lock_acquire+0x6b40/0x6b40 [ 66.777347] ? enable_assr+0x250/0x250 [amdgpu] [ 66.777571] process_one_work+0x86b/0x1510 [ 66.777575] ? pwq_dec_nr_in_flight+0xcf0/0xcf0 [ 66.777578] ? assign_work+0x16b/0x280 [ 66.777580] ? lock_is_held_type+0xa3/0x130 [ 66.777583] worker_thread+0x5c0/0xfa0 [ 66.777587] ? process_one_work+0x1510/0x1510 [ 66.777588] kthread+0x3a2/0x840 [ 66.777591] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777594] ? trace_hardirqs_on+0x4f/0x60 [ 66.777597] ? _raw_spin_unlock_irq+0x27/0x60 [ 66.777599] ? calculate_sigpending+0x77/0xa0 [ 66.777602] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777605] ret_from_fork+0x40/0x90 [ 66.777607] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777609] ret_from_fork_asm+0x11/0x20 [ 66.777614] </TASK> [ 66.777643] Allocated by task 10: [ 66.777646] kasan_save_stack+0x39/0x60 [ 66.777649] kasan_save_track+0x14/0x40 [ 66.777652] kasan_save_alloc_info+0x37/0x50 [ 66.777655] __kasan_kmalloc+0xbb/0xc0 [ 66.777658] __kmalloc_cache_noprof+0x1c8/0x4b0 [ 66.777661] dm_dp_add_mst_connector+0xdd/0x5c0 [amdgpu] [ 66.777880] drm_dp_mst_port_add_connector+0x47e/0x770 [drm_display_helper] [ 66.777892] drm_dp_send_link_address+0x1554/0x2bf0 [drm_display_helper] [ 66.777901] drm_dp_check_and_send_link_address+0x187/0x1f0 [drm_display_helper] [ 66.777909] drm_dp_mst_link_probe_work+0x2b8/0x410 [drm_display_helper] [ 66.777917] process_one_work+0x86b/0x1510 [ 66.777919] worker_thread+0x5c0/0xfa0 [ 66.777922] kthread+0x3a2/0x840 [ 66.777925] ret_from_fork+0x40/0x90 [ 66.777927] ret_from_fork_asm+0x11/0x20 [ 66.777932] Freed by task 1713: [ 66.777935] kasan_save_stack+0x39/0x60 [ 66.777938] kasan_save_track+0x14/0x40 [ 66.777940] kasan_save_free_info+0x3b/0x60 [ 66.777944] __kasan_slab_free+0x52/0x70 [ 66.777946] kfree+0x13f/0x4b0 [ 66.777949] dm_dp_mst_connector_destroy+0xfa/0x150 [amdgpu] [ 66.778179] drm_connector_free+0x7d/0xb0 [ 66.778184] drm_mode_object_put.part.0+0xee/0x160 [ 66.778188] drm_mode_object_put+0x37/0x50 [ 66.778191] drm_atomic_state_default_clear+0x220/0xd60 [ 66.778194] __drm_atomic_state_free+0x16e/0x2a0 [ 66.778197] drm_mode_atomic_ioctl+0x15ed/0x2ba0 [ 66.778200] drm_ioctl_kernel+0x17a/0x310 [ 66.778203] drm_ioctl+0x584/0xd10 [ 66.778206] amdgpu_drm_ioctl+0xd2/0x1c0 [amdgpu] [ 66.778375] __x64_sys_ioctl+0x139/0x1a0 [ 66.778378] x64_sys_call+0xee7/0xfb0 [ 66.778381] do_syscall_64+0x87/0x140 [ 66.778385] entry_SYSCALL_64_after_hwframe+0x4b/0x53 Fix this by properly incrementing and decrementing the reference counts when making and deleting copies of the amdgpu_dm_connector pointers. (Mario: rebase on current code and update fixes tag) Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/4006 Signed-off-by: Chris Bainbridge <chris.bainbridge(a)gmail.com> Fixes: da3fd7ac0bcf3 ("drm/amd/display: Update CP property based on HW query") Reviewed-by: Alex Hung <alex.hung(a)amd.com> Link: https://lore.kernel.org/r/20250417215005.37964-1-mario.limonciello@amd.com Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit d4673f3c3b3dcb74e36e53cdfc880baa7a87b330) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c index 5198a079b463..8f22ad966543 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c @@ -173,6 +173,9 @@ void hdcp_update_display(struct hdcp_workqueue *hdcp_work, unsigned int conn_index = aconnector->base.index; guard(mutex)(&hdcp_w->mutex); + drm_connector_get(&aconnector->base); + if (hdcp_w->aconnector[conn_index]) + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); hdcp_w->aconnector[conn_index] = aconnector; memset(&link_adjust, 0, sizeof(link_adjust)); @@ -220,7 +223,6 @@ static void hdcp_remove_display(struct hdcp_workqueue *hdcp_work, unsigned int conn_index = aconnector->base.index; guard(mutex)(&hdcp_w->mutex); - hdcp_w->aconnector[conn_index] = aconnector; /* the removal of display will invoke auth reset -> hdcp destroy and * we'd expect the Content Protection (CP) property changed back to @@ -236,7 +238,10 @@ static void hdcp_remove_display(struct hdcp_workqueue *hdcp_work, } mod_hdcp_remove_display(&hdcp_w->hdcp, aconnector->base.index, &hdcp_w->output); - + if (hdcp_w->aconnector[conn_index]) { + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); + hdcp_w->aconnector[conn_index] = NULL; + } process_output(hdcp_w); } @@ -254,6 +259,10 @@ void hdcp_reset_display(struct hdcp_workqueue *hdcp_work, unsigned int link_inde for (conn_index = 0; conn_index < AMDGPU_DM_MAX_DISPLAY_INDEX; conn_index++) { hdcp_w->encryption_status[conn_index] = MOD_HDCP_ENCRYPTION_STATUS_HDCP_OFF; + if (hdcp_w->aconnector[conn_index]) { + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); + hdcp_w->aconnector[conn_index] = NULL; + } } process_output(hdcp_w); @@ -488,6 +497,7 @@ static void update_config(void *handle, struct cp_psp_stream_config *config) struct hdcp_workqueue *hdcp_work = handle; struct amdgpu_dm_connector *aconnector = config->dm_stream_ctx; int link_index = aconnector->dc_link->link_index; + unsigned int conn_index = aconnector->base.index; struct mod_hdcp_display *display = &hdcp_work[link_index].display; struct mod_hdcp_link *link = &hdcp_work[link_index].link; struct hdcp_workqueue *hdcp_w = &hdcp_work[link_index]; @@ -544,7 +554,10 @@ static void update_config(void *handle, struct cp_psp_stream_config *config) guard(mutex)(&hdcp_w->mutex); mod_hdcp_add_display(&hdcp_w->hdcp, link, display, &hdcp_w->output); - + drm_connector_get(&aconnector->base); + if (hdcp_w->aconnector[conn_index]) + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); + hdcp_w->aconnector[conn_index] = aconnector; process_output(hdcp_w); }

7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix slab-use-after-free in hdcp" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x be593d9d91c5a3a363d456b9aceb71029aeb3f1d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050549-destruct-nutrient-aaf4@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be593d9d91c5a3a363d456b9aceb71029aeb3f1d Mon Sep 17 00:00:00 2001 From: Chris Bainbridge <chris.bainbridge(a)gmail.com> Date: Thu, 17 Apr 2025 16:50:05 -0500 Subject: [PATCH] drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector objects without incrementing the kref reference counts. When using a USB-C dock, and the dock is unplugged, the corresponding amdgpu_dm_connector objects are freed, creating dangling pointers in the HDCP code. When the dock is plugged back, the dangling pointers are dereferenced, resulting in a slab-use-after-free: [ 66.775837] BUG: KASAN: slab-use-after-free in event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.776171] Read of size 4 at addr ffff888127804120 by task kworker/0:1/10 [ 66.776179] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.14.0-rc7-00180-g54505f727a38-dirty #233 [ 66.776183] Hardware name: HP HP Pavilion Aero Laptop 13-be0xxx/8916, BIOS F.17 12/18/2024 [ 66.776186] Workqueue: events event_property_validate [amdgpu] [ 66.776494] Call Trace: [ 66.776496] <TASK> [ 66.776497] dump_stack_lvl+0x70/0xa0 [ 66.776504] print_report+0x175/0x555 [ 66.776507] ? __virt_addr_valid+0x243/0x450 [ 66.776510] ? kasan_complete_mode_report_info+0x66/0x1c0 [ 66.776515] kasan_report+0xeb/0x1c0 [ 66.776518] ? event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.776819] ? event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.777121] __asan_report_load4_noabort+0x14/0x20 [ 66.777124] event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.777342] ? __lock_acquire+0x6b40/0x6b40 [ 66.777347] ? enable_assr+0x250/0x250 [amdgpu] [ 66.777571] process_one_work+0x86b/0x1510 [ 66.777575] ? pwq_dec_nr_in_flight+0xcf0/0xcf0 [ 66.777578] ? assign_work+0x16b/0x280 [ 66.777580] ? lock_is_held_type+0xa3/0x130 [ 66.777583] worker_thread+0x5c0/0xfa0 [ 66.777587] ? process_one_work+0x1510/0x1510 [ 66.777588] kthread+0x3a2/0x840 [ 66.777591] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777594] ? trace_hardirqs_on+0x4f/0x60 [ 66.777597] ? _raw_spin_unlock_irq+0x27/0x60 [ 66.777599] ? calculate_sigpending+0x77/0xa0 [ 66.777602] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777605] ret_from_fork+0x40/0x90 [ 66.777607] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777609] ret_from_fork_asm+0x11/0x20 [ 66.777614] </TASK> [ 66.777643] Allocated by task 10: [ 66.777646] kasan_save_stack+0x39/0x60 [ 66.777649] kasan_save_track+0x14/0x40 [ 66.777652] kasan_save_alloc_info+0x37/0x50 [ 66.777655] __kasan_kmalloc+0xbb/0xc0 [ 66.777658] __kmalloc_cache_noprof+0x1c8/0x4b0 [ 66.777661] dm_dp_add_mst_connector+0xdd/0x5c0 [amdgpu] [ 66.777880] drm_dp_mst_port_add_connector+0x47e/0x770 [drm_display_helper] [ 66.777892] drm_dp_send_link_address+0x1554/0x2bf0 [drm_display_helper] [ 66.777901] drm_dp_check_and_send_link_address+0x187/0x1f0 [drm_display_helper] [ 66.777909] drm_dp_mst_link_probe_work+0x2b8/0x410 [drm_display_helper] [ 66.777917] process_one_work+0x86b/0x1510 [ 66.777919] worker_thread+0x5c0/0xfa0 [ 66.777922] kthread+0x3a2/0x840 [ 66.777925] ret_from_fork+0x40/0x90 [ 66.777927] ret_from_fork_asm+0x11/0x20 [ 66.777932] Freed by task 1713: [ 66.777935] kasan_save_stack+0x39/0x60 [ 66.777938] kasan_save_track+0x14/0x40 [ 66.777940] kasan_save_free_info+0x3b/0x60 [ 66.777944] __kasan_slab_free+0x52/0x70 [ 66.777946] kfree+0x13f/0x4b0 [ 66.777949] dm_dp_mst_connector_destroy+0xfa/0x150 [amdgpu] [ 66.778179] drm_connector_free+0x7d/0xb0 [ 66.778184] drm_mode_object_put.part.0+0xee/0x160 [ 66.778188] drm_mode_object_put+0x37/0x50 [ 66.778191] drm_atomic_state_default_clear+0x220/0xd60 [ 66.778194] __drm_atomic_state_free+0x16e/0x2a0 [ 66.778197] drm_mode_atomic_ioctl+0x15ed/0x2ba0 [ 66.778200] drm_ioctl_kernel+0x17a/0x310 [ 66.778203] drm_ioctl+0x584/0xd10 [ 66.778206] amdgpu_drm_ioctl+0xd2/0x1c0 [amdgpu] [ 66.778375] __x64_sys_ioctl+0x139/0x1a0 [ 66.778378] x64_sys_call+0xee7/0xfb0 [ 66.778381] do_syscall_64+0x87/0x140 [ 66.778385] entry_SYSCALL_64_after_hwframe+0x4b/0x53 Fix this by properly incrementing and decrementing the reference counts when making and deleting copies of the amdgpu_dm_connector pointers. (Mario: rebase on current code and update fixes tag) Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/4006 Signed-off-by: Chris Bainbridge <chris.bainbridge(a)gmail.com> Fixes: da3fd7ac0bcf3 ("drm/amd/display: Update CP property based on HW query") Reviewed-by: Alex Hung <alex.hung(a)amd.com> Link: https://lore.kernel.org/r/20250417215005.37964-1-mario.limonciello@amd.com Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit d4673f3c3b3dcb74e36e53cdfc880baa7a87b330) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c index 5198a079b463..8f22ad966543 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c @@ -173,6 +173,9 @@ void hdcp_update_display(struct hdcp_workqueue *hdcp_work, unsigned int conn_index = aconnector->base.index; guard(mutex)(&hdcp_w->mutex); + drm_connector_get(&aconnector->base); + if (hdcp_w->aconnector[conn_index]) + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); hdcp_w->aconnector[conn_index] = aconnector; memset(&link_adjust, 0, sizeof(link_adjust)); @@ -220,7 +223,6 @@ static void hdcp_remove_display(struct hdcp_workqueue *hdcp_work, unsigned int conn_index = aconnector->base.index; guard(mutex)(&hdcp_w->mutex); - hdcp_w->aconnector[conn_index] = aconnector; /* the removal of display will invoke auth reset -> hdcp destroy and * we'd expect the Content Protection (CP) property changed back to @@ -236,7 +238,10 @@ static void hdcp_remove_display(struct hdcp_workqueue *hdcp_work, } mod_hdcp_remove_display(&hdcp_w->hdcp, aconnector->base.index, &hdcp_w->output); - + if (hdcp_w->aconnector[conn_index]) { + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); + hdcp_w->aconnector[conn_index] = NULL; + } process_output(hdcp_w); } @@ -254,6 +259,10 @@ void hdcp_reset_display(struct hdcp_workqueue *hdcp_work, unsigned int link_inde for (conn_index = 0; conn_index < AMDGPU_DM_MAX_DISPLAY_INDEX; conn_index++) { hdcp_w->encryption_status[conn_index] = MOD_HDCP_ENCRYPTION_STATUS_HDCP_OFF; + if (hdcp_w->aconnector[conn_index]) { + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); + hdcp_w->aconnector[conn_index] = NULL; + } } process_output(hdcp_w); @@ -488,6 +497,7 @@ static void update_config(void *handle, struct cp_psp_stream_config *config) struct hdcp_workqueue *hdcp_work = handle; struct amdgpu_dm_connector *aconnector = config->dm_stream_ctx; int link_index = aconnector->dc_link->link_index; + unsigned int conn_index = aconnector->base.index; struct mod_hdcp_display *display = &hdcp_work[link_index].display; struct mod_hdcp_link *link = &hdcp_work[link_index].link; struct hdcp_workqueue *hdcp_w = &hdcp_work[link_index]; @@ -544,7 +554,10 @@ static void update_config(void *handle, struct cp_psp_stream_config *config) guard(mutex)(&hdcp_w->mutex); mod_hdcp_add_display(&hdcp_w->hdcp, link, display, &hdcp_w->output); - + drm_connector_get(&aconnector->base); + if (hdcp_w->aconnector[conn_index]) + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); + hdcp_w->aconnector[conn_index] = aconnector; process_output(hdcp_w); }

7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix slab-use-after-free in hdcp" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x be593d9d91c5a3a363d456b9aceb71029aeb3f1d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050548-clench-backed-6eb2@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be593d9d91c5a3a363d456b9aceb71029aeb3f1d Mon Sep 17 00:00:00 2001 From: Chris Bainbridge <chris.bainbridge(a)gmail.com> Date: Thu, 17 Apr 2025 16:50:05 -0500 Subject: [PATCH] drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector objects without incrementing the kref reference counts. When using a USB-C dock, and the dock is unplugged, the corresponding amdgpu_dm_connector objects are freed, creating dangling pointers in the HDCP code. When the dock is plugged back, the dangling pointers are dereferenced, resulting in a slab-use-after-free: [ 66.775837] BUG: KASAN: slab-use-after-free in event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.776171] Read of size 4 at addr ffff888127804120 by task kworker/0:1/10 [ 66.776179] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.14.0-rc7-00180-g54505f727a38-dirty #233 [ 66.776183] Hardware name: HP HP Pavilion Aero Laptop 13-be0xxx/8916, BIOS F.17 12/18/2024 [ 66.776186] Workqueue: events event_property_validate [amdgpu] [ 66.776494] Call Trace: [ 66.776496] <TASK> [ 66.776497] dump_stack_lvl+0x70/0xa0 [ 66.776504] print_report+0x175/0x555 [ 66.776507] ? __virt_addr_valid+0x243/0x450 [ 66.776510] ? kasan_complete_mode_report_info+0x66/0x1c0 [ 66.776515] kasan_report+0xeb/0x1c0 [ 66.776518] ? event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.776819] ? event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.777121] __asan_report_load4_noabort+0x14/0x20 [ 66.777124] event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.777342] ? __lock_acquire+0x6b40/0x6b40 [ 66.777347] ? enable_assr+0x250/0x250 [amdgpu] [ 66.777571] process_one_work+0x86b/0x1510 [ 66.777575] ? pwq_dec_nr_in_flight+0xcf0/0xcf0 [ 66.777578] ? assign_work+0x16b/0x280 [ 66.777580] ? lock_is_held_type+0xa3/0x130 [ 66.777583] worker_thread+0x5c0/0xfa0 [ 66.777587] ? process_one_work+0x1510/0x1510 [ 66.777588] kthread+0x3a2/0x840 [ 66.777591] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777594] ? trace_hardirqs_on+0x4f/0x60 [ 66.777597] ? _raw_spin_unlock_irq+0x27/0x60 [ 66.777599] ? calculate_sigpending+0x77/0xa0 [ 66.777602] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777605] ret_from_fork+0x40/0x90 [ 66.777607] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777609] ret_from_fork_asm+0x11/0x20 [ 66.777614] </TASK> [ 66.777643] Allocated by task 10: [ 66.777646] kasan_save_stack+0x39/0x60 [ 66.777649] kasan_save_track+0x14/0x40 [ 66.777652] kasan_save_alloc_info+0x37/0x50 [ 66.777655] __kasan_kmalloc+0xbb/0xc0 [ 66.777658] __kmalloc_cache_noprof+0x1c8/0x4b0 [ 66.777661] dm_dp_add_mst_connector+0xdd/0x5c0 [amdgpu] [ 66.777880] drm_dp_mst_port_add_connector+0x47e/0x770 [drm_display_helper] [ 66.777892] drm_dp_send_link_address+0x1554/0x2bf0 [drm_display_helper] [ 66.777901] drm_dp_check_and_send_link_address+0x187/0x1f0 [drm_display_helper] [ 66.777909] drm_dp_mst_link_probe_work+0x2b8/0x410 [drm_display_helper] [ 66.777917] process_one_work+0x86b/0x1510 [ 66.777919] worker_thread+0x5c0/0xfa0 [ 66.777922] kthread+0x3a2/0x840 [ 66.777925] ret_from_fork+0x40/0x90 [ 66.777927] ret_from_fork_asm+0x11/0x20 [ 66.777932] Freed by task 1713: [ 66.777935] kasan_save_stack+0x39/0x60 [ 66.777938] kasan_save_track+0x14/0x40 [ 66.777940] kasan_save_free_info+0x3b/0x60 [ 66.777944] __kasan_slab_free+0x52/0x70 [ 66.777946] kfree+0x13f/0x4b0 [ 66.777949] dm_dp_mst_connector_destroy+0xfa/0x150 [amdgpu] [ 66.778179] drm_connector_free+0x7d/0xb0 [ 66.778184] drm_mode_object_put.part.0+0xee/0x160 [ 66.778188] drm_mode_object_put+0x37/0x50 [ 66.778191] drm_atomic_state_default_clear+0x220/0xd60 [ 66.778194] __drm_atomic_state_free+0x16e/0x2a0 [ 66.778197] drm_mode_atomic_ioctl+0x15ed/0x2ba0 [ 66.778200] drm_ioctl_kernel+0x17a/0x310 [ 66.778203] drm_ioctl+0x584/0xd10 [ 66.778206] amdgpu_drm_ioctl+0xd2/0x1c0 [amdgpu] [ 66.778375] __x64_sys_ioctl+0x139/0x1a0 [ 66.778378] x64_sys_call+0xee7/0xfb0 [ 66.778381] do_syscall_64+0x87/0x140 [ 66.778385] entry_SYSCALL_64_after_hwframe+0x4b/0x53 Fix this by properly incrementing and decrementing the reference counts when making and deleting copies of the amdgpu_dm_connector pointers. (Mario: rebase on current code and update fixes tag) Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/4006 Signed-off-by: Chris Bainbridge <chris.bainbridge(a)gmail.com> Fixes: da3fd7ac0bcf3 ("drm/amd/display: Update CP property based on HW query") Reviewed-by: Alex Hung <alex.hung(a)amd.com> Link: https://lore.kernel.org/r/20250417215005.37964-1-mario.limonciello@amd.com Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit d4673f3c3b3dcb74e36e53cdfc880baa7a87b330) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c index 5198a079b463..8f22ad966543 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c @@ -173,6 +173,9 @@ void hdcp_update_display(struct hdcp_workqueue *hdcp_work, unsigned int conn_index = aconnector->base.index; guard(mutex)(&hdcp_w->mutex); + drm_connector_get(&aconnector->base); + if (hdcp_w->aconnector[conn_index]) + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); hdcp_w->aconnector[conn_index] = aconnector; memset(&link_adjust, 0, sizeof(link_adjust)); @@ -220,7 +223,6 @@ static void hdcp_remove_display(struct hdcp_workqueue *hdcp_work, unsigned int conn_index = aconnector->base.index; guard(mutex)(&hdcp_w->mutex); - hdcp_w->aconnector[conn_index] = aconnector; /* the removal of display will invoke auth reset -> hdcp destroy and * we'd expect the Content Protection (CP) property changed back to @@ -236,7 +238,10 @@ static void hdcp_remove_display(struct hdcp_workqueue *hdcp_work, } mod_hdcp_remove_display(&hdcp_w->hdcp, aconnector->base.index, &hdcp_w->output); - + if (hdcp_w->aconnector[conn_index]) { + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); + hdcp_w->aconnector[conn_index] = NULL; + } process_output(hdcp_w); } @@ -254,6 +259,10 @@ void hdcp_reset_display(struct hdcp_workqueue *hdcp_work, unsigned int link_inde for (conn_index = 0; conn_index < AMDGPU_DM_MAX_DISPLAY_INDEX; conn_index++) { hdcp_w->encryption_status[conn_index] = MOD_HDCP_ENCRYPTION_STATUS_HDCP_OFF; + if (hdcp_w->aconnector[conn_index]) { + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); + hdcp_w->aconnector[conn_index] = NULL; + } } process_output(hdcp_w); @@ -488,6 +497,7 @@ static void update_config(void *handle, struct cp_psp_stream_config *config) struct hdcp_workqueue *hdcp_work = handle; struct amdgpu_dm_connector *aconnector = config->dm_stream_ctx; int link_index = aconnector->dc_link->link_index; + unsigned int conn_index = aconnector->base.index; struct mod_hdcp_display *display = &hdcp_work[link_index].display; struct mod_hdcp_link *link = &hdcp_work[link_index].link; struct hdcp_workqueue *hdcp_w = &hdcp_work[link_index]; @@ -544,7 +554,10 @@ static void update_config(void *handle, struct cp_psp_stream_config *config) guard(mutex)(&hdcp_w->mutex); mod_hdcp_add_display(&hdcp_w->hdcp, link, display, &hdcp_w->output); - + drm_connector_get(&aconnector->base); + if (hdcp_w->aconnector[conn_index]) + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); + hdcp_w->aconnector[conn_index] = aconnector; process_output(hdcp_w); }

7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix slab-use-after-free in hdcp" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x be593d9d91c5a3a363d456b9aceb71029aeb3f1d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050546-eligible-paving-b582@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be593d9d91c5a3a363d456b9aceb71029aeb3f1d Mon Sep 17 00:00:00 2001 From: Chris Bainbridge <chris.bainbridge(a)gmail.com> Date: Thu, 17 Apr 2025 16:50:05 -0500 Subject: [PATCH] drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector objects without incrementing the kref reference counts. When using a USB-C dock, and the dock is unplugged, the corresponding amdgpu_dm_connector objects are freed, creating dangling pointers in the HDCP code. When the dock is plugged back, the dangling pointers are dereferenced, resulting in a slab-use-after-free: [ 66.775837] BUG: KASAN: slab-use-after-free in event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.776171] Read of size 4 at addr ffff888127804120 by task kworker/0:1/10 [ 66.776179] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.14.0-rc7-00180-g54505f727a38-dirty #233 [ 66.776183] Hardware name: HP HP Pavilion Aero Laptop 13-be0xxx/8916, BIOS F.17 12/18/2024 [ 66.776186] Workqueue: events event_property_validate [amdgpu] [ 66.776494] Call Trace: [ 66.776496] <TASK> [ 66.776497] dump_stack_lvl+0x70/0xa0 [ 66.776504] print_report+0x175/0x555 [ 66.776507] ? __virt_addr_valid+0x243/0x450 [ 66.776510] ? kasan_complete_mode_report_info+0x66/0x1c0 [ 66.776515] kasan_report+0xeb/0x1c0 [ 66.776518] ? event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.776819] ? event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.777121] __asan_report_load4_noabort+0x14/0x20 [ 66.777124] event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.777342] ? __lock_acquire+0x6b40/0x6b40 [ 66.777347] ? enable_assr+0x250/0x250 [amdgpu] [ 66.777571] process_one_work+0x86b/0x1510 [ 66.777575] ? pwq_dec_nr_in_flight+0xcf0/0xcf0 [ 66.777578] ? assign_work+0x16b/0x280 [ 66.777580] ? lock_is_held_type+0xa3/0x130 [ 66.777583] worker_thread+0x5c0/0xfa0 [ 66.777587] ? process_one_work+0x1510/0x1510 [ 66.777588] kthread+0x3a2/0x840 [ 66.777591] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777594] ? trace_hardirqs_on+0x4f/0x60 [ 66.777597] ? _raw_spin_unlock_irq+0x27/0x60 [ 66.777599] ? calculate_sigpending+0x77/0xa0 [ 66.777602] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777605] ret_from_fork+0x40/0x90 [ 66.777607] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777609] ret_from_fork_asm+0x11/0x20 [ 66.777614] </TASK> [ 66.777643] Allocated by task 10: [ 66.777646] kasan_save_stack+0x39/0x60 [ 66.777649] kasan_save_track+0x14/0x40 [ 66.777652] kasan_save_alloc_info+0x37/0x50 [ 66.777655] __kasan_kmalloc+0xbb/0xc0 [ 66.777658] __kmalloc_cache_noprof+0x1c8/0x4b0 [ 66.777661] dm_dp_add_mst_connector+0xdd/0x5c0 [amdgpu] [ 66.777880] drm_dp_mst_port_add_connector+0x47e/0x770 [drm_display_helper] [ 66.777892] drm_dp_send_link_address+0x1554/0x2bf0 [drm_display_helper] [ 66.777901] drm_dp_check_and_send_link_address+0x187/0x1f0 [drm_display_helper] [ 66.777909] drm_dp_mst_link_probe_work+0x2b8/0x410 [drm_display_helper] [ 66.777917] process_one_work+0x86b/0x1510 [ 66.777919] worker_thread+0x5c0/0xfa0 [ 66.777922] kthread+0x3a2/0x840 [ 66.777925] ret_from_fork+0x40/0x90 [ 66.777927] ret_from_fork_asm+0x11/0x20 [ 66.777932] Freed by task 1713: [ 66.777935] kasan_save_stack+0x39/0x60 [ 66.777938] kasan_save_track+0x14/0x40 [ 66.777940] kasan_save_free_info+0x3b/0x60 [ 66.777944] __kasan_slab_free+0x52/0x70 [ 66.777946] kfree+0x13f/0x4b0 [ 66.777949] dm_dp_mst_connector_destroy+0xfa/0x150 [amdgpu] [ 66.778179] drm_connector_free+0x7d/0xb0 [ 66.778184] drm_mode_object_put.part.0+0xee/0x160 [ 66.778188] drm_mode_object_put+0x37/0x50 [ 66.778191] drm_atomic_state_default_clear+0x220/0xd60 [ 66.778194] __drm_atomic_state_free+0x16e/0x2a0 [ 66.778197] drm_mode_atomic_ioctl+0x15ed/0x2ba0 [ 66.778200] drm_ioctl_kernel+0x17a/0x310 [ 66.778203] drm_ioctl+0x584/0xd10 [ 66.778206] amdgpu_drm_ioctl+0xd2/0x1c0 [amdgpu] [ 66.778375] __x64_sys_ioctl+0x139/0x1a0 [ 66.778378] x64_sys_call+0xee7/0xfb0 [ 66.778381] do_syscall_64+0x87/0x140 [ 66.778385] entry_SYSCALL_64_after_hwframe+0x4b/0x53 Fix this by properly incrementing and decrementing the reference counts when making and deleting copies of the amdgpu_dm_connector pointers. (Mario: rebase on current code and update fixes tag) Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/4006 Signed-off-by: Chris Bainbridge <chris.bainbridge(a)gmail.com> Fixes: da3fd7ac0bcf3 ("drm/amd/display: Update CP property based on HW query") Reviewed-by: Alex Hung <alex.hung(a)amd.com> Link: https://lore.kernel.org/r/20250417215005.37964-1-mario.limonciello@amd.com Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit d4673f3c3b3dcb74e36e53cdfc880baa7a87b330) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c index 5198a079b463..8f22ad966543 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c @@ -173,6 +173,9 @@ void hdcp_update_display(struct hdcp_workqueue *hdcp_work, unsigned int conn_index = aconnector->base.index; guard(mutex)(&hdcp_w->mutex); + drm_connector_get(&aconnector->base); + if (hdcp_w->aconnector[conn_index]) + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); hdcp_w->aconnector[conn_index] = aconnector; memset(&link_adjust, 0, sizeof(link_adjust)); @@ -220,7 +223,6 @@ static void hdcp_remove_display(struct hdcp_workqueue *hdcp_work, unsigned int conn_index = aconnector->base.index; guard(mutex)(&hdcp_w->mutex); - hdcp_w->aconnector[conn_index] = aconnector; /* the removal of display will invoke auth reset -> hdcp destroy and * we'd expect the Content Protection (CP) property changed back to @@ -236,7 +238,10 @@ static void hdcp_remove_display(struct hdcp_workqueue *hdcp_work, } mod_hdcp_remove_display(&hdcp_w->hdcp, aconnector->base.index, &hdcp_w->output); - + if (hdcp_w->aconnector[conn_index]) { + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); + hdcp_w->aconnector[conn_index] = NULL; + } process_output(hdcp_w); } @@ -254,6 +259,10 @@ void hdcp_reset_display(struct hdcp_workqueue *hdcp_work, unsigned int link_inde for (conn_index = 0; conn_index < AMDGPU_DM_MAX_DISPLAY_INDEX; conn_index++) { hdcp_w->encryption_status[conn_index] = MOD_HDCP_ENCRYPTION_STATUS_HDCP_OFF; + if (hdcp_w->aconnector[conn_index]) { + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); + hdcp_w->aconnector[conn_index] = NULL; + } } process_output(hdcp_w); @@ -488,6 +497,7 @@ static void update_config(void *handle, struct cp_psp_stream_config *config) struct hdcp_workqueue *hdcp_work = handle; struct amdgpu_dm_connector *aconnector = config->dm_stream_ctx; int link_index = aconnector->dc_link->link_index; + unsigned int conn_index = aconnector->base.index; struct mod_hdcp_display *display = &hdcp_work[link_index].display; struct mod_hdcp_link *link = &hdcp_work[link_index].link; struct hdcp_workqueue *hdcp_w = &hdcp_work[link_index]; @@ -544,7 +554,10 @@ static void update_config(void *handle, struct cp_psp_stream_config *config) guard(mutex)(&hdcp_w->mutex); mod_hdcp_add_display(&hdcp_w->hdcp, link, display, &hdcp_w->output); - + drm_connector_get(&aconnector->base); + if (hdcp_w->aconnector[conn_index]) + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); + hdcp_w->aconnector[conn_index] = aconnector; process_output(hdcp_w); }

7 months

1
0
0 0

FAILED: patch "[PATCH] drm/amd/display: Fix slab-use-after-free in hdcp" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x be593d9d91c5a3a363d456b9aceb71029aeb3f1d # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050545-monsoon-attractor-6e31@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From be593d9d91c5a3a363d456b9aceb71029aeb3f1d Mon Sep 17 00:00:00 2001 From: Chris Bainbridge <chris.bainbridge(a)gmail.com> Date: Thu, 17 Apr 2025 16:50:05 -0500 Subject: [PATCH] drm/amd/display: Fix slab-use-after-free in hdcp The HDCP code in amdgpu_dm_hdcp.c copies pointers to amdgpu_dm_connector objects without incrementing the kref reference counts. When using a USB-C dock, and the dock is unplugged, the corresponding amdgpu_dm_connector objects are freed, creating dangling pointers in the HDCP code. When the dock is plugged back, the dangling pointers are dereferenced, resulting in a slab-use-after-free: [ 66.775837] BUG: KASAN: slab-use-after-free in event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.776171] Read of size 4 at addr ffff888127804120 by task kworker/0:1/10 [ 66.776179] CPU: 0 UID: 0 PID: 10 Comm: kworker/0:1 Not tainted 6.14.0-rc7-00180-g54505f727a38-dirty #233 [ 66.776183] Hardware name: HP HP Pavilion Aero Laptop 13-be0xxx/8916, BIOS F.17 12/18/2024 [ 66.776186] Workqueue: events event_property_validate [amdgpu] [ 66.776494] Call Trace: [ 66.776496] <TASK> [ 66.776497] dump_stack_lvl+0x70/0xa0 [ 66.776504] print_report+0x175/0x555 [ 66.776507] ? __virt_addr_valid+0x243/0x450 [ 66.776510] ? kasan_complete_mode_report_info+0x66/0x1c0 [ 66.776515] kasan_report+0xeb/0x1c0 [ 66.776518] ? event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.776819] ? event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.777121] __asan_report_load4_noabort+0x14/0x20 [ 66.777124] event_property_validate+0x42f/0x6c0 [amdgpu] [ 66.777342] ? __lock_acquire+0x6b40/0x6b40 [ 66.777347] ? enable_assr+0x250/0x250 [amdgpu] [ 66.777571] process_one_work+0x86b/0x1510 [ 66.777575] ? pwq_dec_nr_in_flight+0xcf0/0xcf0 [ 66.777578] ? assign_work+0x16b/0x280 [ 66.777580] ? lock_is_held_type+0xa3/0x130 [ 66.777583] worker_thread+0x5c0/0xfa0 [ 66.777587] ? process_one_work+0x1510/0x1510 [ 66.777588] kthread+0x3a2/0x840 [ 66.777591] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777594] ? trace_hardirqs_on+0x4f/0x60 [ 66.777597] ? _raw_spin_unlock_irq+0x27/0x60 [ 66.777599] ? calculate_sigpending+0x77/0xa0 [ 66.777602] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777605] ret_from_fork+0x40/0x90 [ 66.777607] ? kthread_is_per_cpu+0xd0/0xd0 [ 66.777609] ret_from_fork_asm+0x11/0x20 [ 66.777614] </TASK> [ 66.777643] Allocated by task 10: [ 66.777646] kasan_save_stack+0x39/0x60 [ 66.777649] kasan_save_track+0x14/0x40 [ 66.777652] kasan_save_alloc_info+0x37/0x50 [ 66.777655] __kasan_kmalloc+0xbb/0xc0 [ 66.777658] __kmalloc_cache_noprof+0x1c8/0x4b0 [ 66.777661] dm_dp_add_mst_connector+0xdd/0x5c0 [amdgpu] [ 66.777880] drm_dp_mst_port_add_connector+0x47e/0x770 [drm_display_helper] [ 66.777892] drm_dp_send_link_address+0x1554/0x2bf0 [drm_display_helper] [ 66.777901] drm_dp_check_and_send_link_address+0x187/0x1f0 [drm_display_helper] [ 66.777909] drm_dp_mst_link_probe_work+0x2b8/0x410 [drm_display_helper] [ 66.777917] process_one_work+0x86b/0x1510 [ 66.777919] worker_thread+0x5c0/0xfa0 [ 66.777922] kthread+0x3a2/0x840 [ 66.777925] ret_from_fork+0x40/0x90 [ 66.777927] ret_from_fork_asm+0x11/0x20 [ 66.777932] Freed by task 1713: [ 66.777935] kasan_save_stack+0x39/0x60 [ 66.777938] kasan_save_track+0x14/0x40 [ 66.777940] kasan_save_free_info+0x3b/0x60 [ 66.777944] __kasan_slab_free+0x52/0x70 [ 66.777946] kfree+0x13f/0x4b0 [ 66.777949] dm_dp_mst_connector_destroy+0xfa/0x150 [amdgpu] [ 66.778179] drm_connector_free+0x7d/0xb0 [ 66.778184] drm_mode_object_put.part.0+0xee/0x160 [ 66.778188] drm_mode_object_put+0x37/0x50 [ 66.778191] drm_atomic_state_default_clear+0x220/0xd60 [ 66.778194] __drm_atomic_state_free+0x16e/0x2a0 [ 66.778197] drm_mode_atomic_ioctl+0x15ed/0x2ba0 [ 66.778200] drm_ioctl_kernel+0x17a/0x310 [ 66.778203] drm_ioctl+0x584/0xd10 [ 66.778206] amdgpu_drm_ioctl+0xd2/0x1c0 [amdgpu] [ 66.778375] __x64_sys_ioctl+0x139/0x1a0 [ 66.778378] x64_sys_call+0xee7/0xfb0 [ 66.778381] do_syscall_64+0x87/0x140 [ 66.778385] entry_SYSCALL_64_after_hwframe+0x4b/0x53 Fix this by properly incrementing and decrementing the reference counts when making and deleting copies of the amdgpu_dm_connector pointers. (Mario: rebase on current code and update fixes tag) Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/4006 Signed-off-by: Chris Bainbridge <chris.bainbridge(a)gmail.com> Fixes: da3fd7ac0bcf3 ("drm/amd/display: Update CP property based on HW query") Reviewed-by: Alex Hung <alex.hung(a)amd.com> Link: https://lore.kernel.org/r/20250417215005.37964-1-mario.limonciello@amd.com Signed-off-by: Mario Limonciello <mario.limonciello(a)amd.com> Signed-off-by: Alex Deucher <alexander.deucher(a)amd.com> (cherry picked from commit d4673f3c3b3dcb74e36e53cdfc880baa7a87b330) Cc: stable(a)vger.kernel.org diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c index 5198a079b463..8f22ad966543 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_hdcp.c @@ -173,6 +173,9 @@ void hdcp_update_display(struct hdcp_workqueue *hdcp_work, unsigned int conn_index = aconnector->base.index; guard(mutex)(&hdcp_w->mutex); + drm_connector_get(&aconnector->base); + if (hdcp_w->aconnector[conn_index]) + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); hdcp_w->aconnector[conn_index] = aconnector; memset(&link_adjust, 0, sizeof(link_adjust)); @@ -220,7 +223,6 @@ static void hdcp_remove_display(struct hdcp_workqueue *hdcp_work, unsigned int conn_index = aconnector->base.index; guard(mutex)(&hdcp_w->mutex); - hdcp_w->aconnector[conn_index] = aconnector; /* the removal of display will invoke auth reset -> hdcp destroy and * we'd expect the Content Protection (CP) property changed back to @@ -236,7 +238,10 @@ static void hdcp_remove_display(struct hdcp_workqueue *hdcp_work, } mod_hdcp_remove_display(&hdcp_w->hdcp, aconnector->base.index, &hdcp_w->output); - + if (hdcp_w->aconnector[conn_index]) { + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); + hdcp_w->aconnector[conn_index] = NULL; + } process_output(hdcp_w); } @@ -254,6 +259,10 @@ void hdcp_reset_display(struct hdcp_workqueue *hdcp_work, unsigned int link_inde for (conn_index = 0; conn_index < AMDGPU_DM_MAX_DISPLAY_INDEX; conn_index++) { hdcp_w->encryption_status[conn_index] = MOD_HDCP_ENCRYPTION_STATUS_HDCP_OFF; + if (hdcp_w->aconnector[conn_index]) { + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); + hdcp_w->aconnector[conn_index] = NULL; + } } process_output(hdcp_w); @@ -488,6 +497,7 @@ static void update_config(void *handle, struct cp_psp_stream_config *config) struct hdcp_workqueue *hdcp_work = handle; struct amdgpu_dm_connector *aconnector = config->dm_stream_ctx; int link_index = aconnector->dc_link->link_index; + unsigned int conn_index = aconnector->base.index; struct mod_hdcp_display *display = &hdcp_work[link_index].display; struct mod_hdcp_link *link = &hdcp_work[link_index].link; struct hdcp_workqueue *hdcp_w = &hdcp_work[link_index]; @@ -544,7 +554,10 @@ static void update_config(void *handle, struct cp_psp_stream_config *config) guard(mutex)(&hdcp_w->mutex); mod_hdcp_add_display(&hdcp_w->hdcp, link, display, &hdcp_w->output); - + drm_connector_get(&aconnector->base); + if (hdcp_w->aconnector[conn_index]) + drm_connector_put(&hdcp_w->aconnector[conn_index]->base); + hdcp_w->aconnector[conn_index] = aconnector; process_output(hdcp_w); }

7 months

1
0
0 0

FAILED: patch "[PATCH] drm: Select DRM_KMS_HELPER from" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 32dce6b1949a696dc7abddc04de8cbe35c260217 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050556-copier-vengeful-2f43@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 32dce6b1949a696dc7abddc04de8cbe35c260217 Mon Sep 17 00:00:00 2001 From: Janne Grunau <j(a)jannau.net> Date: Tue, 4 Mar 2025 20:12:14 +0100 Subject: [PATCH] drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS Using "depends on" and "select" for the same Kconfig symbol is known to cause circular dependencies (cmp. "Kconfig recursive dependency limitations" in Documentation/kbuild/kconfig-language.rst. DRM drivers are selecting drm helpers so do the same for DRM_DEBUG_DP_MST_TOPOLOGY_REFS. Fixes following circular dependency reported on x86 for the downstream Asahi Linux tree: error: recursive dependency detected! symbol DRM_KMS_HELPER is selected by DRM_GEM_SHMEM_HELPER symbol DRM_GEM_SHMEM_HELPER is selected by RUST_DRM_GEM_SHMEM_HELPER symbol RUST_DRM_GEM_SHMEM_HELPER is selected by DRM_ASAHI symbol DRM_ASAHI depends on RUST symbol RUST depends on CALL_PADDING symbol CALL_PADDING depends on OBJTOOL symbol OBJTOOL is selected by STACK_VALIDATION symbol STACK_VALIDATION depends on UNWINDER_FRAME_POINTER symbol UNWINDER_FRAME_POINTER is part of choice block at arch/x86/Kconfig.debug:224 symbol <choice> unknown is visible depending on UNWINDER_GUESS symbol UNWINDER_GUESS prompt is visible depending on STACKDEPOT symbol STACKDEPOT is selected by DRM_DEBUG_DP_MST_TOPOLOGY_REFS symbol DRM_DEBUG_DP_MST_TOPOLOGY_REFS depends on DRM_KMS_HELPER Fixes: 12a280c72868 ("drm/dp_mst: Add topology ref history tracking for debugging") Cc: stable(a)vger.kernel.org Signed-off-by: Janne Grunau <j(a)jannau.net> Acked-by: Thomas Zimmermann <tzimmermann(a)suse.de> Link: https://lore.kernel.org/r/20250304-drm_debug_dp_mst_topo_kconfig-v1-1-e16fd… Signed-off-by: Alyssa Rosenzweig <alyssa(a)rosenzweig.io> diff --git a/drivers/gpu/drm/Kconfig b/drivers/gpu/drm/Kconfig index 2cba2b6ebe1c..f01925ed8176 100644 --- a/drivers/gpu/drm/Kconfig +++ b/drivers/gpu/drm/Kconfig @@ -188,7 +188,7 @@ config DRM_DEBUG_DP_MST_TOPOLOGY_REFS bool "Enable refcount backtrace history in the DP MST helpers" depends on STACKTRACE_SUPPORT select STACKDEPOT - depends on DRM_KMS_HELPER + select DRM_KMS_HELPER depends on DEBUG_KERNEL depends on EXPERT help

7 months

1
0
0 0

FAILED: patch "[PATCH] drm: Select DRM_KMS_HELPER from" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 32dce6b1949a696dc7abddc04de8cbe35c260217 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050556-precision-sandbank-dcf8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 32dce6b1949a696dc7abddc04de8cbe35c260217 Mon Sep 17 00:00:00 2001 From: Janne Grunau <j(a)jannau.net> Date: Tue, 4 Mar 2025 20:12:14 +0100 Subject: [PATCH] drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS Using "depends on" and "select" for the same Kconfig symbol is known to cause circular dependencies (cmp. "Kconfig recursive dependency limitations" in Documentation/kbuild/kconfig-language.rst. DRM drivers are selecting drm helpers so do the same for DRM_DEBUG_DP_MST_TOPOLOGY_REFS. Fixes following circular dependency reported on x86 for the downstream Asahi Linux tree: error: recursive dependency detected! symbol DRM_KMS_HELPER is selected by DRM_GEM_SHMEM_HELPER symbol DRM_GEM_SHMEM_HELPER is selected by RUST_DRM_GEM_SHMEM_HELPER symbol RUST_DRM_GEM_SHMEM_HELPER is selected by DRM_ASAHI symbol DRM_ASAHI depends on RUST symbol RUST depends on CALL_PADDING symbol CALL_PADDING depends on OBJTOOL symbol OBJTOOL is selected by STACK_VALIDATION symbol STACK_VALIDATION depends on UNWINDER_FRAME_POINTER symbol UNWINDER_FRAME_POINTER is part of choice block at arch/x86/Kconfig.debug:224 symbol <choice> unknown is visible depending on UNWINDER_GUESS symbol UNWINDER_GUESS prompt is visible depending on STACKDEPOT symbol STACKDEPOT is selected by DRM_DEBUG_DP_MST_TOPOLOGY_REFS symbol DRM_DEBUG_DP_MST_TOPOLOGY_REFS depends on DRM_KMS_HELPER Fixes: 12a280c72868 ("drm/dp_mst: Add topology ref history tracking for debugging") Cc: stable(a)vger.kernel.org Signed-off-by: Janne Grunau <j(a)jannau.net> Acked-by: Thomas Zimmermann <tzimmermann(a)suse.de> Link: https://lore.kernel.org/r/20250304-drm_debug_dp_mst_topo_kconfig-v1-1-e16fd… Signed-off-by: Alyssa Rosenzweig <alyssa(a)rosenzweig.io> diff --git a/drivers/gpu/drm/Kconfig b/drivers/gpu/drm/Kconfig index 2cba2b6ebe1c..f01925ed8176 100644 --- a/drivers/gpu/drm/Kconfig +++ b/drivers/gpu/drm/Kconfig @@ -188,7 +188,7 @@ config DRM_DEBUG_DP_MST_TOPOLOGY_REFS bool "Enable refcount backtrace history in the DP MST helpers" depends on STACKTRACE_SUPPORT select STACKDEPOT - depends on DRM_KMS_HELPER + select DRM_KMS_HELPER depends on DEBUG_KERNEL depends on EXPERT help

7 months

1
0
0 0

FAILED: patch "[PATCH] drm: Select DRM_KMS_HELPER from" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 32dce6b1949a696dc7abddc04de8cbe35c260217 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050555-pulse-ended-2cea@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 32dce6b1949a696dc7abddc04de8cbe35c260217 Mon Sep 17 00:00:00 2001 From: Janne Grunau <j(a)jannau.net> Date: Tue, 4 Mar 2025 20:12:14 +0100 Subject: [PATCH] drm: Select DRM_KMS_HELPER from DRM_DEBUG_DP_MST_TOPOLOGY_REFS Using "depends on" and "select" for the same Kconfig symbol is known to cause circular dependencies (cmp. "Kconfig recursive dependency limitations" in Documentation/kbuild/kconfig-language.rst. DRM drivers are selecting drm helpers so do the same for DRM_DEBUG_DP_MST_TOPOLOGY_REFS. Fixes following circular dependency reported on x86 for the downstream Asahi Linux tree: error: recursive dependency detected! symbol DRM_KMS_HELPER is selected by DRM_GEM_SHMEM_HELPER symbol DRM_GEM_SHMEM_HELPER is selected by RUST_DRM_GEM_SHMEM_HELPER symbol RUST_DRM_GEM_SHMEM_HELPER is selected by DRM_ASAHI symbol DRM_ASAHI depends on RUST symbol RUST depends on CALL_PADDING symbol CALL_PADDING depends on OBJTOOL symbol OBJTOOL is selected by STACK_VALIDATION symbol STACK_VALIDATION depends on UNWINDER_FRAME_POINTER symbol UNWINDER_FRAME_POINTER is part of choice block at arch/x86/Kconfig.debug:224 symbol <choice> unknown is visible depending on UNWINDER_GUESS symbol UNWINDER_GUESS prompt is visible depending on STACKDEPOT symbol STACKDEPOT is selected by DRM_DEBUG_DP_MST_TOPOLOGY_REFS symbol DRM_DEBUG_DP_MST_TOPOLOGY_REFS depends on DRM_KMS_HELPER Fixes: 12a280c72868 ("drm/dp_mst: Add topology ref history tracking for debugging") Cc: stable(a)vger.kernel.org Signed-off-by: Janne Grunau <j(a)jannau.net> Acked-by: Thomas Zimmermann <tzimmermann(a)suse.de> Link: https://lore.kernel.org/r/20250304-drm_debug_dp_mst_topo_kconfig-v1-1-e16fd… Signed-off-by: Alyssa Rosenzweig <alyssa(a)rosenzweig.io> diff --git a/drivers/gpu/drm/Kconfig b/drivers/gpu/drm/Kconfig index 2cba2b6ebe1c..f01925ed8176 100644 --- a/drivers/gpu/drm/Kconfig +++ b/drivers/gpu/drm/Kconfig @@ -188,7 +188,7 @@ config DRM_DEBUG_DP_MST_TOPOLOGY_REFS bool "Enable refcount backtrace history in the DP MST helpers" depends on STACKTRACE_SUPPORT select STACKDEPOT - depends on DRM_KMS_HELPER + select DRM_KMS_HELPER depends on DEBUG_KERNEL depends on EXPERT help

7 months

1
0
0 0

FAILED: patch "[PATCH] iommu/arm-smmu-v3: Fix pgsize_bit for sva domains" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 12f78021973ae422564b234136c702a305932d73 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050545-renovator-scuba-7cbb@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 12f78021973ae422564b234136c702a305932d73 Mon Sep 17 00:00:00 2001 From: Balbir Singh <balbirs(a)nvidia.com> Date: Sat, 12 Apr 2025 10:23:54 +1000 Subject: [PATCH] iommu/arm-smmu-v3: Fix pgsize_bit for sva domains UBSan caught a bug with IOMMU SVA domains, where the reported exponent value in __arm_smmu_tlb_inv_range() was >= 64. __arm_smmu_tlb_inv_range() uses the domain's pgsize_bitmap to compute the number of pages to invalidate and the invalidation range. Currently arm_smmu_sva_domain_alloc() does not setup the iommu domain's pgsize_bitmap. This leads to __ffs() on the value returning 64 and that leads to undefined behaviour w.r.t. shift operations Fix this by initializing the iommu_domain's pgsize_bitmap to PAGE_SIZE. Effectively the code needs to use the smallest page size for invalidation Cc: stable(a)vger.kernel.org Fixes: eb6c97647be2 ("iommu/arm-smmu-v3: Avoid constructing invalid range commands") Suggested-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Balbir Singh <balbirs(a)nvidia.com> Cc: Jean-Philippe Brucker <jean-philippe(a)linaro.org> Cc: Will Deacon <will(a)kernel.org> Cc: Robin Murphy <robin.murphy(a)arm.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com> Link: https://lore.kernel.org/r/20250412002354.3071449-1-balbirs@nvidia.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c index 9ba596430e7c..980cc6b33c43 100644 --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c @@ -411,6 +411,12 @@ struct iommu_domain *arm_smmu_sva_domain_alloc(struct device *dev, return ERR_CAST(smmu_domain); smmu_domain->domain.type = IOMMU_DOMAIN_SVA; smmu_domain->domain.ops = &arm_smmu_sva_domain_ops; + + /* + * Choose page_size as the leaf page size for invalidation when + * ARM_SMMU_FEAT_RANGE_INV is present + */ + smmu_domain->domain.pgsize_bitmap = PAGE_SIZE; smmu_domain->smmu = smmu; ret = xa_alloc(&arm_smmu_asid_xa, &asid, smmu_domain,

7 months

1
0
0 0

FAILED: patch "[PATCH] iommu/arm-smmu-v3: Fix pgsize_bit for sva domains" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 12f78021973ae422564b234136c702a305932d73 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050545-next-pesticide-ba2f@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 12f78021973ae422564b234136c702a305932d73 Mon Sep 17 00:00:00 2001 From: Balbir Singh <balbirs(a)nvidia.com> Date: Sat, 12 Apr 2025 10:23:54 +1000 Subject: [PATCH] iommu/arm-smmu-v3: Fix pgsize_bit for sva domains UBSan caught a bug with IOMMU SVA domains, where the reported exponent value in __arm_smmu_tlb_inv_range() was >= 64. __arm_smmu_tlb_inv_range() uses the domain's pgsize_bitmap to compute the number of pages to invalidate and the invalidation range. Currently arm_smmu_sva_domain_alloc() does not setup the iommu domain's pgsize_bitmap. This leads to __ffs() on the value returning 64 and that leads to undefined behaviour w.r.t. shift operations Fix this by initializing the iommu_domain's pgsize_bitmap to PAGE_SIZE. Effectively the code needs to use the smallest page size for invalidation Cc: stable(a)vger.kernel.org Fixes: eb6c97647be2 ("iommu/arm-smmu-v3: Avoid constructing invalid range commands") Suggested-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Balbir Singh <balbirs(a)nvidia.com> Cc: Jean-Philippe Brucker <jean-philippe(a)linaro.org> Cc: Will Deacon <will(a)kernel.org> Cc: Robin Murphy <robin.murphy(a)arm.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com> Link: https://lore.kernel.org/r/20250412002354.3071449-1-balbirs@nvidia.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c index 9ba596430e7c..980cc6b33c43 100644 --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c @@ -411,6 +411,12 @@ struct iommu_domain *arm_smmu_sva_domain_alloc(struct device *dev, return ERR_CAST(smmu_domain); smmu_domain->domain.type = IOMMU_DOMAIN_SVA; smmu_domain->domain.ops = &arm_smmu_sva_domain_ops; + + /* + * Choose page_size as the leaf page size for invalidation when + * ARM_SMMU_FEAT_RANGE_INV is present + */ + smmu_domain->domain.pgsize_bitmap = PAGE_SIZE; smmu_domain->smmu = smmu; ret = xa_alloc(&arm_smmu_asid_xa, &asid, smmu_domain,

7 months

1
0
0 0

FAILED: patch "[PATCH] iommu/arm-smmu-v3: Fix pgsize_bit for sva domains" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 12f78021973ae422564b234136c702a305932d73 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050539-scorpion-gents-a5e3@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 12f78021973ae422564b234136c702a305932d73 Mon Sep 17 00:00:00 2001 From: Balbir Singh <balbirs(a)nvidia.com> Date: Sat, 12 Apr 2025 10:23:54 +1000 Subject: [PATCH] iommu/arm-smmu-v3: Fix pgsize_bit for sva domains UBSan caught a bug with IOMMU SVA domains, where the reported exponent value in __arm_smmu_tlb_inv_range() was >= 64. __arm_smmu_tlb_inv_range() uses the domain's pgsize_bitmap to compute the number of pages to invalidate and the invalidation range. Currently arm_smmu_sva_domain_alloc() does not setup the iommu domain's pgsize_bitmap. This leads to __ffs() on the value returning 64 and that leads to undefined behaviour w.r.t. shift operations Fix this by initializing the iommu_domain's pgsize_bitmap to PAGE_SIZE. Effectively the code needs to use the smallest page size for invalidation Cc: stable(a)vger.kernel.org Fixes: eb6c97647be2 ("iommu/arm-smmu-v3: Avoid constructing invalid range commands") Suggested-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Balbir Singh <balbirs(a)nvidia.com> Cc: Jean-Philippe Brucker <jean-philippe(a)linaro.org> Cc: Will Deacon <will(a)kernel.org> Cc: Robin Murphy <robin.murphy(a)arm.com> Cc: Joerg Roedel <joro(a)8bytes.org> Cc: Jason Gunthorpe <jgg(a)ziepe.ca> Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com> Link: https://lore.kernel.org/r/20250412002354.3071449-1-balbirs@nvidia.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c index 9ba596430e7c..980cc6b33c43 100644 --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-sva.c @@ -411,6 +411,12 @@ struct iommu_domain *arm_smmu_sva_domain_alloc(struct device *dev, return ERR_CAST(smmu_domain); smmu_domain->domain.type = IOMMU_DOMAIN_SVA; smmu_domain->domain.ops = &arm_smmu_sva_domain_ops; + + /* + * Choose page_size as the leaf page size for invalidation when + * ARM_SMMU_FEAT_RANGE_INV is present + */ + smmu_domain->domain.pgsize_bitmap = PAGE_SIZE; smmu_domain->smmu = smmu; ret = xa_alloc(&arm_smmu_asid_xa, &asid, smmu_domain,

7 months

1
0
0 0

FAILED: patch "[PATCH] iommu/arm-smmu-v3: Fix iommu_device_probe bug due to" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b00d24997a11c10d3e420614f0873b83ce358a34 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050523-phonics-bankable-dd5b@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b00d24997a11c10d3e420614f0873b83ce358a34 Mon Sep 17 00:00:00 2001 From: Nicolin Chen <nicolinc(a)nvidia.com> Date: Tue, 15 Apr 2025 11:56:20 -0700 Subject: [PATCH] iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids ASPEED VGA card has two built-in devices: 0008:06:00.0 PCI bridge: ASPEED Technology, Inc. AST1150 PCI-to-PCI Bridge (rev 06) 0008:07:00.0 VGA compatible controller: ASPEED Technology, Inc. ASPEED Graphics Family (rev 52) Its toplogy looks like this: +-[0008:00]---00.0-[01-09]--+-00.0-[02-09]--+-00.0-[03]----00.0 Sandisk Corp Device 5017 | +-01.0-[04]-- | +-02.0-[05]----00.0 NVIDIA Corporation Device | +-03.0-[06-07]----00.0-[07]----00.0 ASPEED Technology, Inc. ASPEED Graphics Family | +-04.0-[08]----00.0 Renesas Technology Corp. uPD720201 USB 3.0 Host Controller | \-05.0-[09]----00.0 Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller \-00.1 PMC-Sierra Inc. Device 4028 The IORT logic populaties two identical IDs into the fwspec->ids array via DMA aliasing in iort_pci_iommu_init() called by pci_for_each_dma_alias(). Though the SMMU driver had been able to handle this situation since commit 563b5cbe334e ("iommu/arm-smmu-v3: Cope with duplicated Stream IDs"), that got broken by the later commit cdf315f907d4 ("iommu/arm-smmu-v3: Maintain a SID->device structure"), which ended up with allocating separate streams with the same stuffing. On a kernel prior to v6.15-rc1, there has been an overlooked warning: pci 0008:07:00.0: vgaarb: setting as boot VGA device pci 0008:07:00.0: vgaarb: bridge control possible pci 0008:07:00.0: vgaarb: VGA device added: decodes=io+mem,owns=none,locks=none pcieport 0008:06:00.0: Adding to iommu group 14 ast 0008:07:00.0: stream 67328 already in tree <===== WARNING ast 0008:07:00.0: enabling device (0002 -> 0003) ast 0008:07:00.0: Using default configuration ast 0008:07:00.0: AST 2600 detected ast 0008:07:00.0: [drm] Using analog VGA ast 0008:07:00.0: [drm] dram MCLK=396 Mhz type=1 bus_width=16 [drm] Initialized ast 0.1.0 for 0008:07:00.0 on minor 0 ast 0008:07:00.0: [drm] fb0: astdrmfb frame buffer device With v6.15-rc, since the commit bcb81ac6ae3c ("iommu: Get DT/ACPI parsing into the proper probe path"), the error returned with the warning is moved to the SMMU device probe flow: arm_smmu_probe_device+0x15c/0x4c0 __iommu_probe_device+0x150/0x4f8 probe_iommu_group+0x44/0x80 bus_for_each_dev+0x7c/0x100 bus_iommu_probe+0x48/0x1a8 iommu_device_register+0xb8/0x178 arm_smmu_device_probe+0x1350/0x1db0 which then fails the entire SMMU driver probe: pci 0008:06:00.0: Adding to iommu group 21 pci 0008:07:00.0: stream 67328 already in tree arm-smmu-v3 arm-smmu-v3.9.auto: Failed to register iommu arm-smmu-v3 arm-smmu-v3.9.auto: probe with driver arm-smmu-v3 failed with error -22 Since SMMU driver had been already expecting a potential duplicated Stream ID in arm_smmu_install_ste_for_dev(), change the arm_smmu_insert_master() routine to ignore a duplicated ID from the fwspec->sids array as well. Note: this has been failing the iommu_device_probe() since 2021, although a recent iommu commit in v6.15-rc1 that moves iommu_device_probe() started to fail the SMMU driver probe. Since nobody has cared about DMA Alias support, leave that as it was but fix the fundamental iommu_device_probe() breakage. Fixes: cdf315f907d4 ("iommu/arm-smmu-v3: Maintain a SID->device structure") Cc: stable(a)vger.kernel.org Suggested-by: Jason Gunthorpe <jgg(a)nvidia.com> Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Nicolin Chen <nicolinc(a)nvidia.com> Link: https://lore.kernel.org/r/20250415185620.504299-1-nicolinc@nvidia.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c index 5467f85dd463..0826b6bdf327 100644 --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c @@ -3388,6 +3388,7 @@ static int arm_smmu_insert_master(struct arm_smmu_device *smmu, mutex_lock(&smmu->streams_mutex); for (i = 0; i < fwspec->num_ids; i++) { struct arm_smmu_stream *new_stream = &master->streams[i]; + struct rb_node *existing; u32 sid = fwspec->ids[i]; new_stream->id = sid; @@ -3398,10 +3399,20 @@ static int arm_smmu_insert_master(struct arm_smmu_device *smmu, break; /* Insert into SID tree */ - if (rb_find_add(&new_stream->node, &smmu->streams, - arm_smmu_streams_cmp_node)) { - dev_warn(master->dev, "stream %u already in tree\n", - sid); + existing = rb_find_add(&new_stream->node, &smmu->streams, + arm_smmu_streams_cmp_node); + if (existing) { + struct arm_smmu_master *existing_master = + rb_entry(existing, struct arm_smmu_stream, node) + ->master; + + /* Bridged PCI devices may end up with duplicated IDs */ + if (existing_master == master) + continue; + + dev_warn(master->dev, + "stream %u already in tree from dev %s\n", sid, + dev_name(existing_master->dev)); ret = -EINVAL; break; }

7 months

1
0
0 0

FAILED: patch "[PATCH] iommu/arm-smmu-v3: Fix iommu_device_probe bug due to" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b00d24997a11c10d3e420614f0873b83ce358a34 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050522-frown-chimp-96cf@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b00d24997a11c10d3e420614f0873b83ce358a34 Mon Sep 17 00:00:00 2001 From: Nicolin Chen <nicolinc(a)nvidia.com> Date: Tue, 15 Apr 2025 11:56:20 -0700 Subject: [PATCH] iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids ASPEED VGA card has two built-in devices: 0008:06:00.0 PCI bridge: ASPEED Technology, Inc. AST1150 PCI-to-PCI Bridge (rev 06) 0008:07:00.0 VGA compatible controller: ASPEED Technology, Inc. ASPEED Graphics Family (rev 52) Its toplogy looks like this: +-[0008:00]---00.0-[01-09]--+-00.0-[02-09]--+-00.0-[03]----00.0 Sandisk Corp Device 5017 | +-01.0-[04]-- | +-02.0-[05]----00.0 NVIDIA Corporation Device | +-03.0-[06-07]----00.0-[07]----00.0 ASPEED Technology, Inc. ASPEED Graphics Family | +-04.0-[08]----00.0 Renesas Technology Corp. uPD720201 USB 3.0 Host Controller | \-05.0-[09]----00.0 Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller \-00.1 PMC-Sierra Inc. Device 4028 The IORT logic populaties two identical IDs into the fwspec->ids array via DMA aliasing in iort_pci_iommu_init() called by pci_for_each_dma_alias(). Though the SMMU driver had been able to handle this situation since commit 563b5cbe334e ("iommu/arm-smmu-v3: Cope with duplicated Stream IDs"), that got broken by the later commit cdf315f907d4 ("iommu/arm-smmu-v3: Maintain a SID->device structure"), which ended up with allocating separate streams with the same stuffing. On a kernel prior to v6.15-rc1, there has been an overlooked warning: pci 0008:07:00.0: vgaarb: setting as boot VGA device pci 0008:07:00.0: vgaarb: bridge control possible pci 0008:07:00.0: vgaarb: VGA device added: decodes=io+mem,owns=none,locks=none pcieport 0008:06:00.0: Adding to iommu group 14 ast 0008:07:00.0: stream 67328 already in tree <===== WARNING ast 0008:07:00.0: enabling device (0002 -> 0003) ast 0008:07:00.0: Using default configuration ast 0008:07:00.0: AST 2600 detected ast 0008:07:00.0: [drm] Using analog VGA ast 0008:07:00.0: [drm] dram MCLK=396 Mhz type=1 bus_width=16 [drm] Initialized ast 0.1.0 for 0008:07:00.0 on minor 0 ast 0008:07:00.0: [drm] fb0: astdrmfb frame buffer device With v6.15-rc, since the commit bcb81ac6ae3c ("iommu: Get DT/ACPI parsing into the proper probe path"), the error returned with the warning is moved to the SMMU device probe flow: arm_smmu_probe_device+0x15c/0x4c0 __iommu_probe_device+0x150/0x4f8 probe_iommu_group+0x44/0x80 bus_for_each_dev+0x7c/0x100 bus_iommu_probe+0x48/0x1a8 iommu_device_register+0xb8/0x178 arm_smmu_device_probe+0x1350/0x1db0 which then fails the entire SMMU driver probe: pci 0008:06:00.0: Adding to iommu group 21 pci 0008:07:00.0: stream 67328 already in tree arm-smmu-v3 arm-smmu-v3.9.auto: Failed to register iommu arm-smmu-v3 arm-smmu-v3.9.auto: probe with driver arm-smmu-v3 failed with error -22 Since SMMU driver had been already expecting a potential duplicated Stream ID in arm_smmu_install_ste_for_dev(), change the arm_smmu_insert_master() routine to ignore a duplicated ID from the fwspec->sids array as well. Note: this has been failing the iommu_device_probe() since 2021, although a recent iommu commit in v6.15-rc1 that moves iommu_device_probe() started to fail the SMMU driver probe. Since nobody has cared about DMA Alias support, leave that as it was but fix the fundamental iommu_device_probe() breakage. Fixes: cdf315f907d4 ("iommu/arm-smmu-v3: Maintain a SID->device structure") Cc: stable(a)vger.kernel.org Suggested-by: Jason Gunthorpe <jgg(a)nvidia.com> Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Nicolin Chen <nicolinc(a)nvidia.com> Link: https://lore.kernel.org/r/20250415185620.504299-1-nicolinc@nvidia.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c index 5467f85dd463..0826b6bdf327 100644 --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c @@ -3388,6 +3388,7 @@ static int arm_smmu_insert_master(struct arm_smmu_device *smmu, mutex_lock(&smmu->streams_mutex); for (i = 0; i < fwspec->num_ids; i++) { struct arm_smmu_stream *new_stream = &master->streams[i]; + struct rb_node *existing; u32 sid = fwspec->ids[i]; new_stream->id = sid; @@ -3398,10 +3399,20 @@ static int arm_smmu_insert_master(struct arm_smmu_device *smmu, break; /* Insert into SID tree */ - if (rb_find_add(&new_stream->node, &smmu->streams, - arm_smmu_streams_cmp_node)) { - dev_warn(master->dev, "stream %u already in tree\n", - sid); + existing = rb_find_add(&new_stream->node, &smmu->streams, + arm_smmu_streams_cmp_node); + if (existing) { + struct arm_smmu_master *existing_master = + rb_entry(existing, struct arm_smmu_stream, node) + ->master; + + /* Bridged PCI devices may end up with duplicated IDs */ + if (existing_master == master) + continue; + + dev_warn(master->dev, + "stream %u already in tree from dev %s\n", sid, + dev_name(existing_master->dev)); ret = -EINVAL; break; }

7 months

1
0
0 0

FAILED: patch "[PATCH] iommu/arm-smmu-v3: Fix iommu_device_probe bug due to" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b00d24997a11c10d3e420614f0873b83ce358a34 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050520-chastity-tasty-6f1e@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b00d24997a11c10d3e420614f0873b83ce358a34 Mon Sep 17 00:00:00 2001 From: Nicolin Chen <nicolinc(a)nvidia.com> Date: Tue, 15 Apr 2025 11:56:20 -0700 Subject: [PATCH] iommu/arm-smmu-v3: Fix iommu_device_probe bug due to duplicated stream ids ASPEED VGA card has two built-in devices: 0008:06:00.0 PCI bridge: ASPEED Technology, Inc. AST1150 PCI-to-PCI Bridge (rev 06) 0008:07:00.0 VGA compatible controller: ASPEED Technology, Inc. ASPEED Graphics Family (rev 52) Its toplogy looks like this: +-[0008:00]---00.0-[01-09]--+-00.0-[02-09]--+-00.0-[03]----00.0 Sandisk Corp Device 5017 | +-01.0-[04]-- | +-02.0-[05]----00.0 NVIDIA Corporation Device | +-03.0-[06-07]----00.0-[07]----00.0 ASPEED Technology, Inc. ASPEED Graphics Family | +-04.0-[08]----00.0 Renesas Technology Corp. uPD720201 USB 3.0 Host Controller | \-05.0-[09]----00.0 Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller \-00.1 PMC-Sierra Inc. Device 4028 The IORT logic populaties two identical IDs into the fwspec->ids array via DMA aliasing in iort_pci_iommu_init() called by pci_for_each_dma_alias(). Though the SMMU driver had been able to handle this situation since commit 563b5cbe334e ("iommu/arm-smmu-v3: Cope with duplicated Stream IDs"), that got broken by the later commit cdf315f907d4 ("iommu/arm-smmu-v3: Maintain a SID->device structure"), which ended up with allocating separate streams with the same stuffing. On a kernel prior to v6.15-rc1, there has been an overlooked warning: pci 0008:07:00.0: vgaarb: setting as boot VGA device pci 0008:07:00.0: vgaarb: bridge control possible pci 0008:07:00.0: vgaarb: VGA device added: decodes=io+mem,owns=none,locks=none pcieport 0008:06:00.0: Adding to iommu group 14 ast 0008:07:00.0: stream 67328 already in tree <===== WARNING ast 0008:07:00.0: enabling device (0002 -> 0003) ast 0008:07:00.0: Using default configuration ast 0008:07:00.0: AST 2600 detected ast 0008:07:00.0: [drm] Using analog VGA ast 0008:07:00.0: [drm] dram MCLK=396 Mhz type=1 bus_width=16 [drm] Initialized ast 0.1.0 for 0008:07:00.0 on minor 0 ast 0008:07:00.0: [drm] fb0: astdrmfb frame buffer device With v6.15-rc, since the commit bcb81ac6ae3c ("iommu: Get DT/ACPI parsing into the proper probe path"), the error returned with the warning is moved to the SMMU device probe flow: arm_smmu_probe_device+0x15c/0x4c0 __iommu_probe_device+0x150/0x4f8 probe_iommu_group+0x44/0x80 bus_for_each_dev+0x7c/0x100 bus_iommu_probe+0x48/0x1a8 iommu_device_register+0xb8/0x178 arm_smmu_device_probe+0x1350/0x1db0 which then fails the entire SMMU driver probe: pci 0008:06:00.0: Adding to iommu group 21 pci 0008:07:00.0: stream 67328 already in tree arm-smmu-v3 arm-smmu-v3.9.auto: Failed to register iommu arm-smmu-v3 arm-smmu-v3.9.auto: probe with driver arm-smmu-v3 failed with error -22 Since SMMU driver had been already expecting a potential duplicated Stream ID in arm_smmu_install_ste_for_dev(), change the arm_smmu_insert_master() routine to ignore a duplicated ID from the fwspec->sids array as well. Note: this has been failing the iommu_device_probe() since 2021, although a recent iommu commit in v6.15-rc1 that moves iommu_device_probe() started to fail the SMMU driver probe. Since nobody has cared about DMA Alias support, leave that as it was but fix the fundamental iommu_device_probe() breakage. Fixes: cdf315f907d4 ("iommu/arm-smmu-v3: Maintain a SID->device structure") Cc: stable(a)vger.kernel.org Suggested-by: Jason Gunthorpe <jgg(a)nvidia.com> Reviewed-by: Jason Gunthorpe <jgg(a)nvidia.com> Signed-off-by: Nicolin Chen <nicolinc(a)nvidia.com> Link: https://lore.kernel.org/r/20250415185620.504299-1-nicolinc@nvidia.com Signed-off-by: Will Deacon <will(a)kernel.org> diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c index 5467f85dd463..0826b6bdf327 100644 --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c @@ -3388,6 +3388,7 @@ static int arm_smmu_insert_master(struct arm_smmu_device *smmu, mutex_lock(&smmu->streams_mutex); for (i = 0; i < fwspec->num_ids; i++) { struct arm_smmu_stream *new_stream = &master->streams[i]; + struct rb_node *existing; u32 sid = fwspec->ids[i]; new_stream->id = sid; @@ -3398,10 +3399,20 @@ static int arm_smmu_insert_master(struct arm_smmu_device *smmu, break; /* Insert into SID tree */ - if (rb_find_add(&new_stream->node, &smmu->streams, - arm_smmu_streams_cmp_node)) { - dev_warn(master->dev, "stream %u already in tree\n", - sid); + existing = rb_find_add(&new_stream->node, &smmu->streams, + arm_smmu_streams_cmp_node); + if (existing) { + struct arm_smmu_master *existing_master = + rb_entry(existing, struct arm_smmu_stream, node) + ->master; + + /* Bridged PCI devices may end up with duplicated IDs */ + if (existing_master == master) + continue; + + dev_warn(master->dev, + "stream %u already in tree from dev %s\n", sid, + dev_name(existing_master->dev)); ret = -EINVAL; break; }

7 months

1
0
0 0

FAILED: patch "[PATCH] iommu/amd: Fix potential buffer overflow in" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8dee308e4c01dea48fc104d37f92d5b58c50b96c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050502-aqueduct-contented-b9f9@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8dee308e4c01dea48fc104d37f92d5b58c50b96c Mon Sep 17 00:00:00 2001 From: Pavel Paklov <Pavel.Paklov(a)cyberprotect.ru> Date: Tue, 25 Mar 2025 09:22:44 +0000 Subject: [PATCH] iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid There is a string parsing logic error which can lead to an overflow of hid or uid buffers. Comparing ACPIID_LEN against a total string length doesn't take into account the lengths of individual hid and uid buffers so the check is insufficient in some cases. For example if the length of hid string is 4 and the length of the uid string is 260, the length of str will be equal to ACPIID_LEN + 1 but uid string will overflow uid buffer which size is 256. The same applies to the hid string with length 13 and uid string with length 250. Check the length of hid and uid strings separately to prevent buffer overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: ca3bf5d47cec ("iommu/amd: Introduces ivrs_acpihid kernel parameter") Cc: stable(a)vger.kernel.org Signed-off-by: Pavel Paklov <Pavel.Paklov(a)cyberprotect.ru> Link: https://lore.kernel.org/r/20250325092259.392844-1-Pavel.Paklov@cyberprotect… Signed-off-by: Joerg Roedel <jroedel(a)suse.de> diff --git a/drivers/iommu/amd/init.c b/drivers/iommu/amd/init.c index dd9e26b7b718..14aa0d77df26 100644 --- a/drivers/iommu/amd/init.c +++ b/drivers/iommu/amd/init.c @@ -3664,6 +3664,14 @@ static int __init parse_ivrs_acpihid(char *str) while (*uid == '0' && *(uid + 1)) uid++; + if (strlen(hid) >= ACPIHID_HID_LEN) { + pr_err("Invalid command line: hid is too long\n"); + return 1; + } else if (strlen(uid) >= ACPIHID_UID_LEN) { + pr_err("Invalid command line: uid is too long\n"); + return 1; + } + i = early_acpihid_map_size++; memcpy(early_acpihid_map[i].hid, hid, strlen(hid)); memcpy(early_acpihid_map[i].uid, uid, strlen(uid));

7 months

1
0
0 0

FAILED: patch "[PATCH] drivers: base: handle module_kobject creation" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x f95bbfe18512c5c018720468959edac056a17196 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050548-pursuable-absence-aa7d@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f95bbfe18512c5c018720468959edac056a17196 Mon Sep 17 00:00:00 2001 From: Shyam Saini <shyamsaini(a)linux.microsoft.com> Date: Thu, 27 Feb 2025 10:49:30 -0800 Subject: [PATCH] drivers: base: handle module_kobject creation module_add_driver() relies on module_kset list for /sys/module/<built-in-module>/drivers directory creation. Since, commit 96a1a2412acba ("kernel/params.c: defer most of param_sysfs_init() to late_initcall time") drivers which are initialized from subsys_initcall() or any other higher precedence initcall couldn't find the related kobject entry in the module_kset list because module_kset is not fully populated by the time module_add_driver() refers it. As a consequence, module_add_driver() returns early without calling make_driver_name(). Therefore, /sys/module/<built-in-module>/drivers is never created. Fix this issue by letting module_add_driver() handle module_kobject creation itself. Fixes: 96a1a2412acb ("kernel/params.c: defer most of param_sysfs_init() to late_initcall time") Cc: stable(a)vger.kernel.org # requires all other patches from the series Suggested-by: Rasmus Villemoes <linux(a)rasmusvillemoes.dk> Signed-off-by: Shyam Saini <shyamsaini(a)linux.microsoft.com> Acked-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Link: https://lore.kernel.org/r/20250227184930.34163-5-shyamsaini@linux.microsoft… Signed-off-by: Petr Pavlu <petr.pavlu(a)suse.com> diff --git a/drivers/base/module.c b/drivers/base/module.c index 5bc71bea883a..218aaa096455 100644 --- a/drivers/base/module.c +++ b/drivers/base/module.c @@ -42,16 +42,13 @@ int module_add_driver(struct module *mod, const struct device_driver *drv) if (mod) mk = &mod->mkobj; else if (drv->mod_name) { - struct kobject *mkobj; - - /* Lookup built-in module entry in /sys/modules */ - mkobj = kset_find_obj(module_kset, drv->mod_name); - if (mkobj) { - mk = container_of(mkobj, struct module_kobject, kobj); + /* Lookup or create built-in module entry in /sys/modules */ + mk = lookup_or_create_module_kobject(drv->mod_name); + if (mk) { /* remember our module structure */ drv->p->mkobj = mk; - /* kset_find_obj took a reference */ - kobject_put(mkobj); + /* lookup_or_create_module_kobject took a reference */ + kobject_put(&mk->kobj); } }

7 months

1
0
0 0

FAILED: patch "[PATCH] drivers: base: handle module_kobject creation" failed to apply to 6.12-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.12-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.12.y git checkout FETCH_HEAD git cherry-pick -x f95bbfe18512c5c018720468959edac056a17196 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050547-conduit-flyable-e816@gregkh' --subject-prefix 'PATCH 6.12.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f95bbfe18512c5c018720468959edac056a17196 Mon Sep 17 00:00:00 2001 From: Shyam Saini <shyamsaini(a)linux.microsoft.com> Date: Thu, 27 Feb 2025 10:49:30 -0800 Subject: [PATCH] drivers: base: handle module_kobject creation module_add_driver() relies on module_kset list for /sys/module/<built-in-module>/drivers directory creation. Since, commit 96a1a2412acba ("kernel/params.c: defer most of param_sysfs_init() to late_initcall time") drivers which are initialized from subsys_initcall() or any other higher precedence initcall couldn't find the related kobject entry in the module_kset list because module_kset is not fully populated by the time module_add_driver() refers it. As a consequence, module_add_driver() returns early without calling make_driver_name(). Therefore, /sys/module/<built-in-module>/drivers is never created. Fix this issue by letting module_add_driver() handle module_kobject creation itself. Fixes: 96a1a2412acb ("kernel/params.c: defer most of param_sysfs_init() to late_initcall time") Cc: stable(a)vger.kernel.org # requires all other patches from the series Suggested-by: Rasmus Villemoes <linux(a)rasmusvillemoes.dk> Signed-off-by: Shyam Saini <shyamsaini(a)linux.microsoft.com> Acked-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Link: https://lore.kernel.org/r/20250227184930.34163-5-shyamsaini@linux.microsoft… Signed-off-by: Petr Pavlu <petr.pavlu(a)suse.com> diff --git a/drivers/base/module.c b/drivers/base/module.c index 5bc71bea883a..218aaa096455 100644 --- a/drivers/base/module.c +++ b/drivers/base/module.c @@ -42,16 +42,13 @@ int module_add_driver(struct module *mod, const struct device_driver *drv) if (mod) mk = &mod->mkobj; else if (drv->mod_name) { - struct kobject *mkobj; - - /* Lookup built-in module entry in /sys/modules */ - mkobj = kset_find_obj(module_kset, drv->mod_name); - if (mkobj) { - mk = container_of(mkobj, struct module_kobject, kobj); + /* Lookup or create built-in module entry in /sys/modules */ + mk = lookup_or_create_module_kobject(drv->mod_name); + if (mk) { /* remember our module structure */ drv->p->mkobj = mk; - /* kset_find_obj took a reference */ - kobject_put(mkobj); + /* lookup_or_create_module_kobject took a reference */ + kobject_put(&mk->kobj); } }

7 months

1
0
0 0

FAILED: patch "[PATCH] drivers: base: handle module_kobject creation" failed to apply to 6.14-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.14-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.14.y git checkout FETCH_HEAD git cherry-pick -x f95bbfe18512c5c018720468959edac056a17196 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050546-oozy-nylon-220d@gregkh' --subject-prefix 'PATCH 6.14.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f95bbfe18512c5c018720468959edac056a17196 Mon Sep 17 00:00:00 2001 From: Shyam Saini <shyamsaini(a)linux.microsoft.com> Date: Thu, 27 Feb 2025 10:49:30 -0800 Subject: [PATCH] drivers: base: handle module_kobject creation module_add_driver() relies on module_kset list for /sys/module/<built-in-module>/drivers directory creation. Since, commit 96a1a2412acba ("kernel/params.c: defer most of param_sysfs_init() to late_initcall time") drivers which are initialized from subsys_initcall() or any other higher precedence initcall couldn't find the related kobject entry in the module_kset list because module_kset is not fully populated by the time module_add_driver() refers it. As a consequence, module_add_driver() returns early without calling make_driver_name(). Therefore, /sys/module/<built-in-module>/drivers is never created. Fix this issue by letting module_add_driver() handle module_kobject creation itself. Fixes: 96a1a2412acb ("kernel/params.c: defer most of param_sysfs_init() to late_initcall time") Cc: stable(a)vger.kernel.org # requires all other patches from the series Suggested-by: Rasmus Villemoes <linux(a)rasmusvillemoes.dk> Signed-off-by: Shyam Saini <shyamsaini(a)linux.microsoft.com> Acked-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Link: https://lore.kernel.org/r/20250227184930.34163-5-shyamsaini@linux.microsoft… Signed-off-by: Petr Pavlu <petr.pavlu(a)suse.com> diff --git a/drivers/base/module.c b/drivers/base/module.c index 5bc71bea883a..218aaa096455 100644 --- a/drivers/base/module.c +++ b/drivers/base/module.c @@ -42,16 +42,13 @@ int module_add_driver(struct module *mod, const struct device_driver *drv) if (mod) mk = &mod->mkobj; else if (drv->mod_name) { - struct kobject *mkobj; - - /* Lookup built-in module entry in /sys/modules */ - mkobj = kset_find_obj(module_kset, drv->mod_name); - if (mkobj) { - mk = container_of(mkobj, struct module_kobject, kobj); + /* Lookup or create built-in module entry in /sys/modules */ + mk = lookup_or_create_module_kobject(drv->mod_name); + if (mk) { /* remember our module structure */ drv->p->mkobj = mk; - /* kset_find_obj took a reference */ - kobject_put(mkobj); + /* lookup_or_create_module_kobject took a reference */ + kobject_put(&mk->kobj); } }

7 months

1
0
0 0

FAILED: patch "[PATCH] dm-bufio: don't schedule in atomic context" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x a3d8f0a7f5e8b193db509c7191fefeed3533fc44 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050556-expose-shuffling-4d2a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a3d8f0a7f5e8b193db509c7191fefeed3533fc44 Mon Sep 17 00:00:00 2001 From: LongPing Wei <weilongping(a)oppo.com> Date: Thu, 17 Apr 2025 11:07:38 +0800 Subject: [PATCH] dm-bufio: don't schedule in atomic context A BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP and try_verify_in_tasklet are enabled. [ 129.444685][ T934] BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2421 [ 129.444723][ T934] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 934, name: kworker/1:4 [ 129.444740][ T934] preempt_count: 201, expected: 0 [ 129.444756][ T934] RCU nest depth: 0, expected: 0 [ 129.444781][ T934] Preemption disabled at: [ 129.444789][ T934] [<ffffffd816231900>] shrink_work+0x21c/0x248 [ 129.445167][ T934] kernel BUG at kernel/sched/walt/walt_debug.c:16! [ 129.445183][ T934] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 129.445204][ T934] Skip md ftrace buffer dump for: 0x1609e0 [ 129.447348][ T934] CPU: 1 PID: 934 Comm: kworker/1:4 Tainted: G W OE 6.6.56-android15-8-o-g6f82312b30b9-debug #1 1400000003000000474e5500b3187743670464e8 [ 129.447362][ T934] Hardware name: Qualcomm Technologies, Inc. Parrot QRD, Alpha-M (DT) [ 129.447373][ T934] Workqueue: dm_bufio_cache shrink_work [ 129.447394][ T934] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 129.447406][ T934] pc : android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug] [ 129.447435][ T934] lr : __traceiter_android_rvh_schedule_bug+0x44/0x6c [ 129.447451][ T934] sp : ffffffc0843dbc90 [ 129.447459][ T934] x29: ffffffc0843dbc90 x28: ffffffffffffffff x27: 0000000000000c8b [ 129.447479][ T934] x26: 0000000000000040 x25: ffffff804b3d6260 x24: ffffffd816232b68 [ 129.447497][ T934] x23: ffffff805171c5b4 x22: 0000000000000000 x21: ffffffd816231900 [ 129.447517][ T934] x20: ffffff80306ba898 x19: 0000000000000000 x18: ffffffc084159030 [ 129.447535][ T934] x17: 00000000d2b5dd1f x16: 00000000d2b5dd1f x15: ffffffd816720358 [ 129.447554][ T934] x14: 0000000000000004 x13: ffffff89ef978000 x12: 0000000000000003 [ 129.447572][ T934] x11: ffffffd817a823c4 x10: 0000000000000202 x9 : 7e779c5735de9400 [ 129.447591][ T934] x8 : ffffffd81560d004 x7 : 205b5d3938373434 x6 : ffffffd8167397c8 [ 129.447610][ T934] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffffffc0843db9e0 [ 129.447629][ T934] x2 : 0000000000002f15 x1 : 0000000000000000 x0 : 0000000000000000 [ 129.447647][ T934] Call trace: [ 129.447655][ T934] android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug 1400000003000000474e550080cce8a8a78606b6] [ 129.447681][ T934] __might_resched+0x190/0x1a8 [ 129.447694][ T934] shrink_work+0x180/0x248 [ 129.447706][ T934] process_one_work+0x260/0x624 [ 129.447718][ T934] worker_thread+0x28c/0x454 [ 129.447729][ T934] kthread+0x118/0x158 [ 129.447742][ T934] ret_from_fork+0x10/0x20 [ 129.447761][ T934] Code: ???????? ???????? ???????? d2b5dd1f (d4210000) [ 129.447772][ T934] ---[ end trace 0000000000000000 ]--- dm_bufio_lock will call spin_lock_bh when try_verify_in_tasklet is enabled, and __scan will be called in atomic context. Fixes: 7cd326747f46 ("dm bufio: remove dm_bufio_cond_resched()") Signed-off-by: LongPing Wei <weilongping(a)oppo.com> Cc: stable(a)vger.kernel.org Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c index 9c8ed65cd87e..f0b5a6931161 100644 --- a/drivers/md/dm-bufio.c +++ b/drivers/md/dm-bufio.c @@ -68,6 +68,8 @@ #define LIST_DIRTY 1 #define LIST_SIZE 2 +#define SCAN_RESCHED_CYCLE 16 + /*--------------------------------------------------------------*/ /* @@ -2424,7 +2426,12 @@ static void __scan(struct dm_bufio_client *c) atomic_long_dec(&c->need_shrink); freed++; - cond_resched(); + + if (unlikely(freed % SCAN_RESCHED_CYCLE == 0)) { + dm_bufio_unlock(c); + cond_resched(); + dm_bufio_lock(c); + } } } }

7 months

1
0
0 0

FAILED: patch "[PATCH] dm-bufio: don't schedule in atomic context" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x a3d8f0a7f5e8b193db509c7191fefeed3533fc44 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050555-kept-sixteen-bc46@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a3d8f0a7f5e8b193db509c7191fefeed3533fc44 Mon Sep 17 00:00:00 2001 From: LongPing Wei <weilongping(a)oppo.com> Date: Thu, 17 Apr 2025 11:07:38 +0800 Subject: [PATCH] dm-bufio: don't schedule in atomic context A BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP and try_verify_in_tasklet are enabled. [ 129.444685][ T934] BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2421 [ 129.444723][ T934] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 934, name: kworker/1:4 [ 129.444740][ T934] preempt_count: 201, expected: 0 [ 129.444756][ T934] RCU nest depth: 0, expected: 0 [ 129.444781][ T934] Preemption disabled at: [ 129.444789][ T934] [<ffffffd816231900>] shrink_work+0x21c/0x248 [ 129.445167][ T934] kernel BUG at kernel/sched/walt/walt_debug.c:16! [ 129.445183][ T934] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 129.445204][ T934] Skip md ftrace buffer dump for: 0x1609e0 [ 129.447348][ T934] CPU: 1 PID: 934 Comm: kworker/1:4 Tainted: G W OE 6.6.56-android15-8-o-g6f82312b30b9-debug #1 1400000003000000474e5500b3187743670464e8 [ 129.447362][ T934] Hardware name: Qualcomm Technologies, Inc. Parrot QRD, Alpha-M (DT) [ 129.447373][ T934] Workqueue: dm_bufio_cache shrink_work [ 129.447394][ T934] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 129.447406][ T934] pc : android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug] [ 129.447435][ T934] lr : __traceiter_android_rvh_schedule_bug+0x44/0x6c [ 129.447451][ T934] sp : ffffffc0843dbc90 [ 129.447459][ T934] x29: ffffffc0843dbc90 x28: ffffffffffffffff x27: 0000000000000c8b [ 129.447479][ T934] x26: 0000000000000040 x25: ffffff804b3d6260 x24: ffffffd816232b68 [ 129.447497][ T934] x23: ffffff805171c5b4 x22: 0000000000000000 x21: ffffffd816231900 [ 129.447517][ T934] x20: ffffff80306ba898 x19: 0000000000000000 x18: ffffffc084159030 [ 129.447535][ T934] x17: 00000000d2b5dd1f x16: 00000000d2b5dd1f x15: ffffffd816720358 [ 129.447554][ T934] x14: 0000000000000004 x13: ffffff89ef978000 x12: 0000000000000003 [ 129.447572][ T934] x11: ffffffd817a823c4 x10: 0000000000000202 x9 : 7e779c5735de9400 [ 129.447591][ T934] x8 : ffffffd81560d004 x7 : 205b5d3938373434 x6 : ffffffd8167397c8 [ 129.447610][ T934] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffffffc0843db9e0 [ 129.447629][ T934] x2 : 0000000000002f15 x1 : 0000000000000000 x0 : 0000000000000000 [ 129.447647][ T934] Call trace: [ 129.447655][ T934] android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug 1400000003000000474e550080cce8a8a78606b6] [ 129.447681][ T934] __might_resched+0x190/0x1a8 [ 129.447694][ T934] shrink_work+0x180/0x248 [ 129.447706][ T934] process_one_work+0x260/0x624 [ 129.447718][ T934] worker_thread+0x28c/0x454 [ 129.447729][ T934] kthread+0x118/0x158 [ 129.447742][ T934] ret_from_fork+0x10/0x20 [ 129.447761][ T934] Code: ???????? ???????? ???????? d2b5dd1f (d4210000) [ 129.447772][ T934] ---[ end trace 0000000000000000 ]--- dm_bufio_lock will call spin_lock_bh when try_verify_in_tasklet is enabled, and __scan will be called in atomic context. Fixes: 7cd326747f46 ("dm bufio: remove dm_bufio_cond_resched()") Signed-off-by: LongPing Wei <weilongping(a)oppo.com> Cc: stable(a)vger.kernel.org Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c index 9c8ed65cd87e..f0b5a6931161 100644 --- a/drivers/md/dm-bufio.c +++ b/drivers/md/dm-bufio.c @@ -68,6 +68,8 @@ #define LIST_DIRTY 1 #define LIST_SIZE 2 +#define SCAN_RESCHED_CYCLE 16 + /*--------------------------------------------------------------*/ /* @@ -2424,7 +2426,12 @@ static void __scan(struct dm_bufio_client *c) atomic_long_dec(&c->need_shrink); freed++; - cond_resched(); + + if (unlikely(freed % SCAN_RESCHED_CYCLE == 0)) { + dm_bufio_unlock(c); + cond_resched(); + dm_bufio_lock(c); + } } } }

7 months

1
0
0 0

FAILED: patch "[PATCH] dm-bufio: don't schedule in atomic context" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x a3d8f0a7f5e8b193db509c7191fefeed3533fc44 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050553-patience-catalyze-90ee@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a3d8f0a7f5e8b193db509c7191fefeed3533fc44 Mon Sep 17 00:00:00 2001 From: LongPing Wei <weilongping(a)oppo.com> Date: Thu, 17 Apr 2025 11:07:38 +0800 Subject: [PATCH] dm-bufio: don't schedule in atomic context A BUG was reported as below when CONFIG_DEBUG_ATOMIC_SLEEP and try_verify_in_tasklet are enabled. [ 129.444685][ T934] BUG: sleeping function called from invalid context at drivers/md/dm-bufio.c:2421 [ 129.444723][ T934] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 934, name: kworker/1:4 [ 129.444740][ T934] preempt_count: 201, expected: 0 [ 129.444756][ T934] RCU nest depth: 0, expected: 0 [ 129.444781][ T934] Preemption disabled at: [ 129.444789][ T934] [<ffffffd816231900>] shrink_work+0x21c/0x248 [ 129.445167][ T934] kernel BUG at kernel/sched/walt/walt_debug.c:16! [ 129.445183][ T934] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 129.445204][ T934] Skip md ftrace buffer dump for: 0x1609e0 [ 129.447348][ T934] CPU: 1 PID: 934 Comm: kworker/1:4 Tainted: G W OE 6.6.56-android15-8-o-g6f82312b30b9-debug #1 1400000003000000474e5500b3187743670464e8 [ 129.447362][ T934] Hardware name: Qualcomm Technologies, Inc. Parrot QRD, Alpha-M (DT) [ 129.447373][ T934] Workqueue: dm_bufio_cache shrink_work [ 129.447394][ T934] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 129.447406][ T934] pc : android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug] [ 129.447435][ T934] lr : __traceiter_android_rvh_schedule_bug+0x44/0x6c [ 129.447451][ T934] sp : ffffffc0843dbc90 [ 129.447459][ T934] x29: ffffffc0843dbc90 x28: ffffffffffffffff x27: 0000000000000c8b [ 129.447479][ T934] x26: 0000000000000040 x25: ffffff804b3d6260 x24: ffffffd816232b68 [ 129.447497][ T934] x23: ffffff805171c5b4 x22: 0000000000000000 x21: ffffffd816231900 [ 129.447517][ T934] x20: ffffff80306ba898 x19: 0000000000000000 x18: ffffffc084159030 [ 129.447535][ T934] x17: 00000000d2b5dd1f x16: 00000000d2b5dd1f x15: ffffffd816720358 [ 129.447554][ T934] x14: 0000000000000004 x13: ffffff89ef978000 x12: 0000000000000003 [ 129.447572][ T934] x11: ffffffd817a823c4 x10: 0000000000000202 x9 : 7e779c5735de9400 [ 129.447591][ T934] x8 : ffffffd81560d004 x7 : 205b5d3938373434 x6 : ffffffd8167397c8 [ 129.447610][ T934] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffffffc0843db9e0 [ 129.447629][ T934] x2 : 0000000000002f15 x1 : 0000000000000000 x0 : 0000000000000000 [ 129.447647][ T934] Call trace: [ 129.447655][ T934] android_rvh_schedule_bug+0x0/0x8 [sched_walt_debug 1400000003000000474e550080cce8a8a78606b6] [ 129.447681][ T934] __might_resched+0x190/0x1a8 [ 129.447694][ T934] shrink_work+0x180/0x248 [ 129.447706][ T934] process_one_work+0x260/0x624 [ 129.447718][ T934] worker_thread+0x28c/0x454 [ 129.447729][ T934] kthread+0x118/0x158 [ 129.447742][ T934] ret_from_fork+0x10/0x20 [ 129.447761][ T934] Code: ???????? ???????? ???????? d2b5dd1f (d4210000) [ 129.447772][ T934] ---[ end trace 0000000000000000 ]--- dm_bufio_lock will call spin_lock_bh when try_verify_in_tasklet is enabled, and __scan will be called in atomic context. Fixes: 7cd326747f46 ("dm bufio: remove dm_bufio_cond_resched()") Signed-off-by: LongPing Wei <weilongping(a)oppo.com> Cc: stable(a)vger.kernel.org Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c index 9c8ed65cd87e..f0b5a6931161 100644 --- a/drivers/md/dm-bufio.c +++ b/drivers/md/dm-bufio.c @@ -68,6 +68,8 @@ #define LIST_DIRTY 1 #define LIST_SIZE 2 +#define SCAN_RESCHED_CYCLE 16 + /*--------------------------------------------------------------*/ /* @@ -2424,7 +2426,12 @@ static void __scan(struct dm_bufio_client *c) atomic_long_dec(&c->need_shrink); freed++; - cond_resched(); + + if (unlikely(freed % SCAN_RESCHED_CYCLE == 0)) { + dm_bufio_unlock(c); + cond_resched(); + dm_bufio_lock(c); + } } } }

7 months

1
0
0 0

Investment H e l p

by Calib Cassim

Good Day, How are you? My name is Calib Cassim from Eskom Holdings Ltd. SA. I got your email from my personal search. I have in my position an (over-invoice / over-estimated) contract amount executed by a Foreign Contractor through my Department, which the contractor has been paid, and left the amount of $25.5M with the payment Management. So, I need your help to receive the amount as the Beneficiary on my behalf for an investment in your area, I will obtain all the needed legal documents on your name for the transfer. If you can help handle it, please reply with your phone number for more discussions and guidelines. Thanks, Mr. Calib

7 months

1
0
0 0

FAILED: patch "[PATCH] cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x ac4e04d9e378f5aa826c2406ad7871ae1b6a6fb9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050520-deprecate-skinny-0232@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ac4e04d9e378f5aa826c2406ad7871ae1b6a6fb9 Mon Sep 17 00:00:00 2001 From: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Date: Tue, 29 Apr 2025 14:07:11 -0700 Subject: [PATCH] cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode When turbo mode is unavailable on a Skylake-X system, executing the command: # echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo results in an unchecked MSR access error: WRMSR to 0x199 (attempted to write 0x0000000100001300). This issue was reproduced on an OEM (Original Equipment Manufacturer) system and is not a common problem across all Skylake-X systems. This error occurs because the MSR 0x199 Turbo Engage Bit (bit 32) is set when turbo mode is disabled. The issue arises when intel_pstate fails to detect that turbo mode is disabled. Here intel_pstate relies on MSR_IA32_MISC_ENABLE bit 38 to determine the status of turbo mode. However, on this system, bit 38 is not set even when turbo mode is disabled. According to the Intel Software Developer's Manual (SDM), the BIOS sets this bit during platform initialization to enable or disable opportunistic processor performance operations. Logically, this bit should be set in such cases. However, the SDM also specifies that "OS and applications must use CPUID leaf 06H to detect processors with opportunistic processor performance operations enabled." Therefore, in addition to checking MSR_IA32_MISC_ENABLE bit 38, verify that CPUID.06H:EAX[1] is 0 to accurately determine if turbo mode is disabled. Fixes: 4521e1a0ce17 ("cpufreq: intel_pstate: Reflect current no_turbo state correctly") Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c index f41ed0b9e610..ba9bf06f1c77 100644 --- a/drivers/cpufreq/intel_pstate.c +++ b/drivers/cpufreq/intel_pstate.c @@ -598,6 +598,9 @@ static bool turbo_is_disabled(void) { u64 misc_en; + if (!cpu_feature_enabled(X86_FEATURE_IDA)) + return true; + rdmsrl(MSR_IA32_MISC_ENABLE, misc_en); return !!(misc_en & MSR_IA32_MISC_ENABLE_TURBO_DISABLE);

7 months

1
0
0 0

FAILED: patch "[PATCH] cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x ac4e04d9e378f5aa826c2406ad7871ae1b6a6fb9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050518-excusable-payback-b0f6@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ac4e04d9e378f5aa826c2406ad7871ae1b6a6fb9 Mon Sep 17 00:00:00 2001 From: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Date: Tue, 29 Apr 2025 14:07:11 -0700 Subject: [PATCH] cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode When turbo mode is unavailable on a Skylake-X system, executing the command: # echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo results in an unchecked MSR access error: WRMSR to 0x199 (attempted to write 0x0000000100001300). This issue was reproduced on an OEM (Original Equipment Manufacturer) system and is not a common problem across all Skylake-X systems. This error occurs because the MSR 0x199 Turbo Engage Bit (bit 32) is set when turbo mode is disabled. The issue arises when intel_pstate fails to detect that turbo mode is disabled. Here intel_pstate relies on MSR_IA32_MISC_ENABLE bit 38 to determine the status of turbo mode. However, on this system, bit 38 is not set even when turbo mode is disabled. According to the Intel Software Developer's Manual (SDM), the BIOS sets this bit during platform initialization to enable or disable opportunistic processor performance operations. Logically, this bit should be set in such cases. However, the SDM also specifies that "OS and applications must use CPUID leaf 06H to detect processors with opportunistic processor performance operations enabled." Therefore, in addition to checking MSR_IA32_MISC_ENABLE bit 38, verify that CPUID.06H:EAX[1] is 0 to accurately determine if turbo mode is disabled. Fixes: 4521e1a0ce17 ("cpufreq: intel_pstate: Reflect current no_turbo state correctly") Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c index f41ed0b9e610..ba9bf06f1c77 100644 --- a/drivers/cpufreq/intel_pstate.c +++ b/drivers/cpufreq/intel_pstate.c @@ -598,6 +598,9 @@ static bool turbo_is_disabled(void) { u64 misc_en; + if (!cpu_feature_enabled(X86_FEATURE_IDA)) + return true; + rdmsrl(MSR_IA32_MISC_ENABLE, misc_en); return !!(misc_en & MSR_IA32_MISC_ENABLE_TURBO_DISABLE);

7 months

1
0
0 0

FAILED: patch "[PATCH] cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x ac4e04d9e378f5aa826c2406ad7871ae1b6a6fb9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050517-linked-numbing-6e20@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From ac4e04d9e378f5aa826c2406ad7871ae1b6a6fb9 Mon Sep 17 00:00:00 2001 From: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Date: Tue, 29 Apr 2025 14:07:11 -0700 Subject: [PATCH] cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode When turbo mode is unavailable on a Skylake-X system, executing the command: # echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo results in an unchecked MSR access error: WRMSR to 0x199 (attempted to write 0x0000000100001300). This issue was reproduced on an OEM (Original Equipment Manufacturer) system and is not a common problem across all Skylake-X systems. This error occurs because the MSR 0x199 Turbo Engage Bit (bit 32) is set when turbo mode is disabled. The issue arises when intel_pstate fails to detect that turbo mode is disabled. Here intel_pstate relies on MSR_IA32_MISC_ENABLE bit 38 to determine the status of turbo mode. However, on this system, bit 38 is not set even when turbo mode is disabled. According to the Intel Software Developer's Manual (SDM), the BIOS sets this bit during platform initialization to enable or disable opportunistic processor performance operations. Logically, this bit should be set in such cases. However, the SDM also specifies that "OS and applications must use CPUID leaf 06H to detect processors with opportunistic processor performance operations enabled." Therefore, in addition to checking MSR_IA32_MISC_ENABLE bit 38, verify that CPUID.06H:EAX[1] is 0 to accurately determine if turbo mode is disabled. Fixes: 4521e1a0ce17 ("cpufreq: intel_pstate: Reflect current no_turbo state correctly") Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/cpufreq/intel_pstate.c b/drivers/cpufreq/intel_pstate.c index f41ed0b9e610..ba9bf06f1c77 100644 --- a/drivers/cpufreq/intel_pstate.c +++ b/drivers/cpufreq/intel_pstate.c @@ -598,6 +598,9 @@ static bool turbo_is_disabled(void) { u64 misc_en; + if (!cpu_feature_enabled(X86_FEATURE_IDA)) + return true; + rdmsrl(MSR_IA32_MISC_ENABLE, misc_en); return !!(misc_en & MSR_IA32_MISC_ENABLE_TURBO_DISABLE);

7 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: adjust subpage bit start based on sectorsize" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e08e49d986f82c30f42ad0ed43ebbede1e1e3739 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025050520-specimen-smell-8a92@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e08e49d986f82c30f42ad0ed43ebbede1e1e3739 Mon Sep 17 00:00:00 2001 From: Josef Bacik <josef(a)toxicpanda.com> Date: Mon, 14 Apr 2025 14:51:58 -0400 Subject: [PATCH] btrfs: adjust subpage bit start based on sectorsize When running machines with 64k page size and a 16k nodesize we started seeing tree log corruption in production. This turned out to be because we were not writing out dirty blocks sometimes, so this in fact affects all metadata writes. When writing out a subpage EB we scan the subpage bitmap for a dirty range. If the range isn't dirty we do bit_start++; to move onto the next bit. The problem is the bitmap is based on the number of sectors that an EB has. So in this case, we have a 64k pagesize, 16k nodesize, but a 4k sectorsize. This means our bitmap is 4 bits for every node. With a 64k page size we end up with 4 nodes per page. To make this easier this is how everything looks [0 16k 32k 48k ] logical address [0 4 8 12 ] radix tree offset [ 64k page ] folio [ 16k eb ][ 16k eb ][ 16k eb ][ 16k eb ] extent buffers [ | | | | | | | | | | | | | | | | ] bitmap Now we use all of our addressing based on fs_info->sectorsize_bits, so as you can see the above our 16k eb->start turns into radix entry 4. When we find a dirty range for our eb, we correctly do bit_start += sectors_per_node, because if we start at bit 0, the next bit for the next eb is 4, to correspond to eb->start 16k. However if our range is clean, we will do bit_start++, which will now put us offset from our radix tree entries. In our case, assume that the first time we check the bitmap the block is not dirty, we increment bit_start so now it == 1, and then we loop around and check again. This time it is dirty, and we go to find that start using the following equation start = folio_start + bit_start * fs_info->sectorsize; so in the case above, eb->start 0 is now dirty, and we calculate start as 0 + 1 * fs_info->sectorsize = 4096 4096 >> 12 = 1 Now we're looking up the radix tree for 1, and we won't find an eb. What's worse is now we're using bit_start == 1, so we do bit_start += sectors_per_node, which is now 5. If that eb is dirty we will run into the same thing, we will look at an offset that is not populated in the radix tree, and now we're skipping the writeout of dirty extent buffers. The best fix for this is to not use sectorsize_bits to address nodes, but that's a larger change. Since this is a fs corruption problem fix it simply by always using sectors_per_node to increment the start bit. Fixes: c4aec299fa8f ("btrfs: introduce submit_eb_subpage() to submit a subpage metadata page") CC: stable(a)vger.kernel.org # 5.15+ Reviewed-by: Boris Burkov <boris(a)bur.io> Reviewed-by: Qu Wenruo <wqu(a)suse.com> Signed-off-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 197f5e51c474..8515c31f563b 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -2047,7 +2047,7 @@ static int submit_eb_subpage(struct folio *folio, struct writeback_control *wbc) subpage->bitmaps)) { spin_unlock_irqrestore(&subpage->lock, flags); spin_unlock(&folio->mapping->i_private_lock); - bit_start++; + bit_start += sectors_per_node; continue; }

7 months

1
0
0 0

[PATCH 0/3] accel/ivpu: Add context violation handling for 6.14

by Jacek Lawrynowicz

These patchset adds support for VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW message added in recent VPU firmware. Without it the driver will not be able to process any jobs after this message is received and would need to be reloaded. The last patch in this series is as-is from upstream, but other two patches had to be rebased because of missing new CMDQ UAPI changes that should not be backported to stable. Karol Wachowski (3): accel/ivpu: Abort all jobs after command queue unregister accel/ivpu: Fix locking order in ivpu_job_submit accel/ivpu: Add handling of VPU_JSM_STATUS_MVNCI_CONTEXT_VIOLATION_HW drivers/accel/ivpu/ivpu_drv.c | 32 ++------- drivers/accel/ivpu/ivpu_drv.h | 2 + drivers/accel/ivpu/ivpu_job.c | 111 ++++++++++++++++++++++++++------ drivers/accel/ivpu/ivpu_job.h | 1 + drivers/accel/ivpu/ivpu_mmu.c | 3 +- drivers/accel/ivpu/ivpu_sysfs.c | 5 +- 6 files changed, 103 insertions(+), 51 deletions(-) -- 2.45.1

7 months

3
7
0 0

[PATCH v4.1] x86/sev: Fix making shared pages private during kdump

by Ashish Kalra

From: Ashish Kalra <ashish.kalra(a)amd.com> When the shared pages are being made private during kdump preparation there are additional checks to handle shared GHCB pages. These additional checks include handling the case of GHCB page being contained within a huge page. The check for handling the case of GHCB contained within a huge page incorrectly skips a page just below the GHCB page from being transitioned back to private during kdump preparation. This skipped page causes a 0x404 #VC exception when it is accessed later while dumping guest memory during vmcore generation via kdump. Correct the range to be checked for GHCB contained in a huge page. Also ensure that the skipped huge page containing the GHCB page is transitioned back to private by applying the correct address mask later when changing GHCBs to private at end of kdump preparation. Cc: stable(a)vger.kernel.org Fixes: 3074152e56c9 ("x86/sev: Convert shared memory back to private on kexec") Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com> --- arch/x86/coco/sev/core.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index d35fec7b164a..e39db6714f09 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1019,7 +1019,8 @@ static void unshare_all_memory(void) data = per_cpu(runtime_data, cpu); ghcb = (unsigned long)&data->ghcb_page; - if (addr <= ghcb && ghcb <= addr + size) { + /* Handle the case of a huge page containing the GHCB page */ + if (addr <= ghcb && ghcb < addr + size) { skipped_addr = true; break; } @@ -1131,9 +1132,8 @@ static void shutdown_all_aps(void) void snp_kexec_finish(void) { struct sev_es_runtime_data *data; + unsigned long size, ghcb; unsigned int level, cpu; - unsigned long size; - struct ghcb *ghcb; pte_t *pte; if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) @@ -1157,11 +1157,13 @@ void snp_kexec_finish(void) for_each_possible_cpu(cpu) { data = per_cpu(runtime_data, cpu); - ghcb = &data->ghcb_page; - pte = lookup_address((unsigned long)ghcb, &level); + ghcb = (unsigned long)&data->ghcb_page; + pte = lookup_address(ghcb, &level); size = page_level_size(level); + /* Handle the case of a huge page containing the GHCB page */ + ghcb &= page_level_mask(level); set_pte_enc(pte, level, (void *)ghcb); - snp_set_memory_private((unsigned long)ghcb, (size / PAGE_SIZE)); + snp_set_memory_private(ghcb, (size / PAGE_SIZE)); } } -- 2.34.1

7 months

2
1
0 0

[PATCH 0/3] Preserve the request order in the block layer

by Bart Van Assche

Hi Greg, In kernel v6.10 the zoned storage approach was changed from zoned write locking to zone write plugging. Because of this change the block layer must preserve the request order. Hence this backport of Christoph's "don't reorder requests passed to ->queue_rqs" patch series. Please consider this patch series for inclusion in the 6.12 stable kernel. See also https://lore.kernel.org/linux-block/20241113152050.157179-1-hch@lst.de/. Thanks, Bart. Christoph Hellwig (3): block: remove rq_list_move block: add a rq_list type block: don't reorder requests in blk_add_rq_to_plug block/blk-core.c | 6 +-- block/blk-merge.c | 2 +- block/blk-mq.c | 42 +++++++-------- block/blk-mq.h | 2 +- drivers/block/null_blk/main.c | 9 ++-- drivers/block/virtio_blk.c | 13 +++-- drivers/nvme/host/apple.c | 2 +- drivers/nvme/host/pci.c | 15 +++--- include/linux/blk-mq.h | 99 +++++++++++++++++------------------ include/linux/blkdev.h | 11 ++-- io_uring/rw.c | 4 +- 11 files changed, 102 insertions(+), 103 deletions(-)

7 months

3
8
0 0

[PATCH v2 0/2] iio: accel: fxls8962af: Fix temperature readings

by Sean Nyekjaer

Add the correct scale to get temperature in mili degree Celcius. Add sign component to temperature scan element. Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> --- Changes in v2: - Correct offset is applied before scaling component - Added sign component to temperature scan element - Link to v1: https://lore.kernel.org/r/20250501-fxls-v1-1-f54061a07099@geanix.com --- Sean Nyekjaer (2): iio: accel: fxls8962af: Fix temperature calculation iio: accel: fxls8962af: Fix sign temperature scan element drivers/iio/accel/fxls8962af-core.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) --- base-commit: 609bc31eca06c7408e6860d8b46311ebe45c1fef change-id: 20250501-fxls-307ef3d6d065 Best regards, -- Sean Nyekjaer <sean(a)geanix.com>

7 months

4
7
0 0

[PATCH RESEND] drm/msm: fix a potential memory leak issue in submit_create()

by Haoxiang Li

The memory allocated by msm_fence_alloc() actually is the container of msm_fence_alloc()'s return value. Thus, just free its return value is not enough. Add a helper 'msm_fence_free()' in msm_fence.h/msm_fence.c to do the complete job. Fixes: f94e6a51e17c ("drm/msm: Pre-allocate hw_fence") Cc: stable(a)vger.kernel.org Signed-off-by: Haoxiang Li <haoxiang_li2024(a)163.com> --- drivers/gpu/drm/msm/msm_fence.c | 7 +++++++ drivers/gpu/drm/msm/msm_fence.h | 1 + drivers/gpu/drm/msm/msm_gem_submit.c | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/msm/msm_fence.c b/drivers/gpu/drm/msm/msm_fence.c index d41e5a6bbee0..72641e6a627d 100644 --- a/drivers/gpu/drm/msm/msm_fence.c +++ b/drivers/gpu/drm/msm/msm_fence.c @@ -183,6 +183,13 @@ msm_fence_alloc(void) return &f->base; } +void msm_fence_free(struct dma_fence *fence) +{ + struct msm_fence *f = to_msm_fence(fence); + + kfree(f); +} + void msm_fence_init(struct dma_fence *fence, struct msm_fence_context *fctx) { diff --git a/drivers/gpu/drm/msm/msm_fence.h b/drivers/gpu/drm/msm/msm_fence.h index 148196375a0b..635c68629070 100644 --- a/drivers/gpu/drm/msm/msm_fence.h +++ b/drivers/gpu/drm/msm/msm_fence.h @@ -82,6 +82,7 @@ bool msm_fence_completed(struct msm_fence_context *fctx, uint32_t fence); void msm_update_fence(struct msm_fence_context *fctx, uint32_t fence); struct dma_fence * msm_fence_alloc(void); +void msm_fence_free(struct dma_fence *fence); void msm_fence_init(struct dma_fence *fence, struct msm_fence_context *fctx); static inline bool diff --git a/drivers/gpu/drm/msm/msm_gem_submit.c b/drivers/gpu/drm/msm/msm_gem_submit.c index 3e9aa2cc38ef..213baa5bca5e 100644 --- a/drivers/gpu/drm/msm/msm_gem_submit.c +++ b/drivers/gpu/drm/msm/msm_gem_submit.c @@ -56,7 +56,7 @@ static struct msm_gem_submit *submit_create(struct drm_device *dev, ret = drm_sched_job_init(&submit->base, queue->entity, 1, queue); if (ret) { - kfree(submit->hw_fence); + msm_fence_free(submit->hw_fence); kfree(submit); return ERR_PTR(ret); } -- 2.25.1

7 months

2
1
0 0

[PATCH v2 0/1] mm: Xen PV regression after THP PTE optimization

by Petr Vaněk

Hi all, I recently discovered an mm regression introduced in kernel version 6.9 that affects systems running as a Xen PV domain [1]. Original fix proposal wasn't ideal, but it sparked a discussion which helped us fully understand the root cause. The new v2 patch contains changes based on David Hildenbrand's proposal to cap max_nr to the number of PFNs that actually remain in the folio and to clean up the loop. Thanks, Petr [1] https://lore.kernel.org/lkml/20250429142237.22138-1-arkamar@atlas.cz Petr Vaněk (1): mm: fix folio_pte_batch() on XEN PV mm/internal.h | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) -- 2.48.1

7 months

3
5
0 0

[PATCH] x86/boot/sev: Support memory acceptance in the EFI stub under SVSM

by Ard Biesheuvel

From: Ard Biesheuvel <ardb(a)kernel.org> Commit d54d610243a4 ("x86/boot/sev: Avoid shared GHCB page for early memory acceptance") provided a fix for SEV-SNP memory acceptance from the EFI stub when running at VMPL #0. However, that fix was insufficient for SVSM SEV-SNP guests running at VMPL >0, as those rely on a SVSM calling area, which is a shared buffer whose address is programmed into a SEV-SNP MSR, and the SEV init code that sets up this calling area executes much later during the boot. Given that booting via the EFI stub at VMPL >0 implies that the firmware has configured this calling area already, reuse it for performing memory acceptance in the EFI stub. Cc: Borislav Petkov <bp(a)alien8.de> Cc: Ingo Molnar <mingo(a)kernel.org> Cc: Dionna Amalie Glaze <dionnaglaze(a)google.com> Cc: Kevin Loughlin <kevinloughlin(a)google.com> Cc: <stable(a)vger.kernel.org> Fixes: fcd042e86422 ("x86/sev: Perform PVALIDATE using the SVSM when not at VMPL0") Co-developed-by: Tom Lendacky <thomas.lendacky(a)amd.com> Signed-off-by: Tom Lendacky <thomas.lendacky(a)amd.com> Signed-off-by: Ard Biesheuvel <ardb(a)kernel.org> --- Tom, Please confirm that this works as you intended. Thanks, arch/x86/boot/compressed/mem.c | 5 +-- arch/x86/boot/compressed/sev.c | 40 ++++++++++++++++++++ arch/x86/boot/compressed/sev.h | 2 + 3 files changed, 43 insertions(+), 4 deletions(-) diff --git a/arch/x86/boot/compressed/mem.c b/arch/x86/boot/compressed/mem.c index f676156d9f3d..0e9f84ab4bdc 100644 --- a/arch/x86/boot/compressed/mem.c +++ b/arch/x86/boot/compressed/mem.c @@ -34,14 +34,11 @@ static bool early_is_tdx_guest(void) void arch_accept_memory(phys_addr_t start, phys_addr_t end) { - static bool sevsnp; - /* Platform-specific memory-acceptance call goes here */ if (early_is_tdx_guest()) { if (!tdx_accept_memory(start, end)) panic("TDX: Failed to accept memory\n"); - } else if (sevsnp || (sev_get_status() & MSR_AMD64_SEV_SNP_ENABLED)) { - sevsnp = true; + } else if (early_is_sevsnp_guest()) { snp_accept_memory(start, end); } else { error("Cannot accept memory: unknown platform\n"); diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 89ba168f4f0f..0003e4416efd 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -645,3 +645,43 @@ void sev_prep_identity_maps(unsigned long top_level_pgt) sev_verify_cbit(top_level_pgt); } + +bool early_is_sevsnp_guest(void) +{ + static bool sevsnp; + + if (sevsnp) + return true; + + if (!(sev_get_status() & MSR_AMD64_SEV_SNP_ENABLED)) + return false; + + sevsnp = true; + + if (!snp_vmpl) { + unsigned int eax, ebx, ecx, edx; + + /* + * CPUID Fn8000_001F_EAX[28] - SVSM support + */ + eax = 0x8000001f; + ecx = 0; + native_cpuid(&eax, &ebx, &ecx, &edx); + if (eax & BIT(28)) { + struct msr m; + + /* Obtain the address of the calling area to use */ + boot_rdmsr(MSR_SVSM_CAA, &m); + boot_svsm_caa = (void *)m.q; + boot_svsm_caa_pa = m.q; + + /* + * The real VMPL level cannot be discovered, but the + * memory acceptance routines make no use of that so + * any non-zero value suffices here. + */ + snp_vmpl = U8_MAX; + } + } + return true; +} diff --git a/arch/x86/boot/compressed/sev.h b/arch/x86/boot/compressed/sev.h index 4e463f33186d..d3900384b8ab 100644 --- a/arch/x86/boot/compressed/sev.h +++ b/arch/x86/boot/compressed/sev.h @@ -13,12 +13,14 @@ bool sev_snp_enabled(void); void snp_accept_memory(phys_addr_t start, phys_addr_t end); u64 sev_get_status(void); +bool early_is_sevsnp_guest(void); #else static inline bool sev_snp_enabled(void) { return false; } static inline void snp_accept_memory(phys_addr_t start, phys_addr_t end) { } static inline u64 sev_get_status(void) { return 0; } +static inline bool early_is_sevsnp_guest(void) { return false; } #endif base-commit: b4432656b36e5cc1d50a1f2dc15357543add530e -- 2.49.0.906.g1f30a19c02-goog

7 months

5
5
0 0

[PATCH v3] powerpc/bpf: fix JIT code size calculation of bpf trampoline

by Hari Bathini

arch_bpf_trampoline_size() provides JIT size of the BPF trampoline before the buffer for JIT'ing it is allocated. The total number of instructions emitted for BPF trampoline JIT code depends on where the final image is located. So, the size arrived at with the dummy pass in arch_bpf_trampoline_size() can vary from the actual size needed in arch_prepare_bpf_trampoline(). When the instructions accounted in arch_bpf_trampoline_size() is less than the number of instructions emitted during the actual JIT compile of the trampoline, the below warning is produced: WARNING: CPU: 8 PID: 204190 at arch/powerpc/net/bpf_jit_comp.c:981 __arch_prepare_bpf_trampoline.isra.0+0xd2c/0xdcc which is: /* Make sure the trampoline generation logic doesn't overflow */ if (image && WARN_ON_ONCE(&image[ctx->idx] > (u32 *)rw_image_end - BPF_INSN_SAFETY)) { So, during the dummy pass, instead of providing some arbitrary image location, account for maximum possible instructions if and when there is a dependency with image location for JIT'ing. Fixes: d243b62b7bd3 ("powerpc64/bpf: Add support for bpf trampolines") Reported-by: Venkat Rao Bagalkote <venkat88(a)linux.ibm.com> Closes: https://lore.kernel.org/all/6168bfc8-659f-4b5a-a6fb-90a916dde3b3@linux.ibm.… Cc: stable(a)vger.kernel.org # v6.13+ Acked-by: Naveen N Rao (AMD) <naveen(a)kernel.org> Tested-by: Venkat Rao Bagalkote <venkat88(a)linux.ibm.com> Signed-off-by: Hari Bathini <hbathini(a)linux.ibm.com> --- Changes since v2: - Address review comments from Naveen: - Remove additional padding for 'case BPF_LD | BPF_IMM | BPF_DW:' in arch/powerpc/net/bpf_jit_comp*.c - Merge the if sequence in bpf_jit_emit_func_call_rel() with the other conditionals - Naveen, carried your Acked-by tag as the additional changes are minimal and in line with your suggestion. Feel free to update if you look at it differently. - Venkat, carried your Tested-by tag from v2 as the changes in v3 should not alter the test result. Feel free to update if you look at it differently. Changes since v1: - Pass NULL for image during intial pass and account for max. possible instruction during this pass as Naveen suggested. arch/powerpc/net/bpf_jit.h | 20 ++++++++++++++++--- arch/powerpc/net/bpf_jit_comp.c | 33 ++++++++++--------------------- arch/powerpc/net/bpf_jit_comp32.c | 6 ------ arch/powerpc/net/bpf_jit_comp64.c | 15 +++++++------- 4 files changed, 35 insertions(+), 39 deletions(-) diff --git a/arch/powerpc/net/bpf_jit.h b/arch/powerpc/net/bpf_jit.h index 6beacaec63d3..4c26912c2e3c 100644 --- a/arch/powerpc/net/bpf_jit.h +++ b/arch/powerpc/net/bpf_jit.h @@ -51,8 +51,16 @@ EMIT(PPC_INST_BRANCH_COND | (((cond) & 0x3ff) << 16) | (offset & 0xfffc)); \ } while (0) -/* Sign-extended 32-bit immediate load */ +/* + * Sign-extended 32-bit immediate load + * + * If this is a dummy pass (!image), account for + * maximum possible instructions. + */ #define PPC_LI32(d, i) do { \ + if (!image) \ + ctx->idx += 2; \ + else { \ if ((int)(uintptr_t)(i) >= -32768 && \ (int)(uintptr_t)(i) < 32768) \ EMIT(PPC_RAW_LI(d, i)); \ @@ -60,10 +68,15 @@ EMIT(PPC_RAW_LIS(d, IMM_H(i))); \ if (IMM_L(i)) \ EMIT(PPC_RAW_ORI(d, d, IMM_L(i))); \ - } } while(0) + } \ + } } while (0) #ifdef CONFIG_PPC64 +/* If dummy pass (!image), account for maximum possible instructions */ #define PPC_LI64(d, i) do { \ + if (!image) \ + ctx->idx += 5; \ + else { \ if ((long)(i) >= -2147483648 && \ (long)(i) < 2147483648) \ PPC_LI32(d, i); \ @@ -84,7 +97,8 @@ if ((uintptr_t)(i) & 0x000000000000ffffULL) \ EMIT(PPC_RAW_ORI(d, d, (uintptr_t)(i) & \ 0xffff)); \ - } } while (0) + } \ + } } while (0) #define PPC_LI_ADDR PPC_LI64 #ifndef CONFIG_PPC_KERNEL_PCREL diff --git a/arch/powerpc/net/bpf_jit_comp.c b/arch/powerpc/net/bpf_jit_comp.c index 2991bb171a9b..c0684733e9d6 100644 --- a/arch/powerpc/net/bpf_jit_comp.c +++ b/arch/powerpc/net/bpf_jit_comp.c @@ -504,10 +504,11 @@ static int invoke_bpf_prog(u32 *image, u32 *ro_image, struct codegen_context *ct EMIT(PPC_RAW_ADDI(_R3, _R1, regs_off)); if (!p->jited) PPC_LI_ADDR(_R4, (unsigned long)p->insnsi); - if (!create_branch(&branch_insn, (u32 *)&ro_image[ctx->idx], (unsigned long)p->bpf_func, - BRANCH_SET_LINK)) { - if (image) - image[ctx->idx] = ppc_inst_val(branch_insn); + /* Account for max possible instructions during dummy pass for size calculation */ + if (image && !create_branch(&branch_insn, (u32 *)&ro_image[ctx->idx], + (unsigned long)p->bpf_func, + BRANCH_SET_LINK)) { + image[ctx->idx] = ppc_inst_val(branch_insn); ctx->idx++; } else { EMIT(PPC_RAW_LL(_R12, _R25, offsetof(struct bpf_prog, bpf_func))); @@ -889,7 +890,8 @@ static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im, void *rw_im bpf_trampoline_restore_tail_call_cnt(image, ctx, func_frame_offset, r4_off); /* Reserve space to patch branch instruction to skip fexit progs */ - im->ip_after_call = &((u32 *)ro_image)[ctx->idx]; + if (ro_image) /* image is NULL for dummy pass */ + im->ip_after_call = &((u32 *)ro_image)[ctx->idx]; EMIT(PPC_RAW_NOP()); } @@ -912,7 +914,8 @@ static int __arch_prepare_bpf_trampoline(struct bpf_tramp_image *im, void *rw_im } if (flags & BPF_TRAMP_F_CALL_ORIG) { - im->ip_epilogue = &((u32 *)ro_image)[ctx->idx]; + if (ro_image) /* image is NULL for dummy pass */ + im->ip_epilogue = &((u32 *)ro_image)[ctx->idx]; PPC_LI_ADDR(_R3, im); ret = bpf_jit_emit_func_call_rel(image, ro_image, ctx, (unsigned long)__bpf_tramp_exit); @@ -973,25 +976,9 @@ int arch_bpf_trampoline_size(const struct btf_func_model *m, u32 flags, struct bpf_tramp_links *tlinks, void *func_addr) { struct bpf_tramp_image im; - void *image; int ret; - /* - * Allocate a temporary buffer for __arch_prepare_bpf_trampoline(). - * This will NOT cause fragmentation in direct map, as we do not - * call set_memory_*() on this buffer. - * - * We cannot use kvmalloc here, because we need image to be in - * module memory range. - */ - image = bpf_jit_alloc_exec(PAGE_SIZE); - if (!image) - return -ENOMEM; - - ret = __arch_prepare_bpf_trampoline(&im, image, image + PAGE_SIZE, image, - m, flags, tlinks, func_addr); - bpf_jit_free_exec(image); - + ret = __arch_prepare_bpf_trampoline(&im, NULL, NULL, NULL, m, flags, tlinks, func_addr); return ret; } diff --git a/arch/powerpc/net/bpf_jit_comp32.c b/arch/powerpc/net/bpf_jit_comp32.c index c4db278dae36..0aace304dfe1 100644 --- a/arch/powerpc/net/bpf_jit_comp32.c +++ b/arch/powerpc/net/bpf_jit_comp32.c @@ -313,7 +313,6 @@ int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, u32 *fimage, struct code u64 func_addr; u32 true_cond; u32 tmp_idx; - int j; if (i && (BPF_CLASS(code) == BPF_ALU64 || BPF_CLASS(code) == BPF_ALU) && (BPF_CLASS(prevcode) == BPF_ALU64 || BPF_CLASS(prevcode) == BPF_ALU) && @@ -1099,13 +1098,8 @@ int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, u32 *fimage, struct code * 16 byte instruction that uses two 'struct bpf_insn' */ case BPF_LD | BPF_IMM | BPF_DW: /* dst = (u64) imm */ - tmp_idx = ctx->idx; PPC_LI32(dst_reg_h, (u32)insn[i + 1].imm); PPC_LI32(dst_reg, (u32)insn[i].imm); - /* padding to allow full 4 instructions for later patching */ - if (!image) - for (j = ctx->idx - tmp_idx; j < 4; j++) - EMIT(PPC_RAW_NOP()); /* Adjust for two bpf instructions */ addrs[++i] = ctx->idx * 4; break; diff --git a/arch/powerpc/net/bpf_jit_comp64.c b/arch/powerpc/net/bpf_jit_comp64.c index 233703b06d7c..5daa77aee7f7 100644 --- a/arch/powerpc/net/bpf_jit_comp64.c +++ b/arch/powerpc/net/bpf_jit_comp64.c @@ -227,7 +227,14 @@ int bpf_jit_emit_func_call_rel(u32 *image, u32 *fimage, struct codegen_context * #ifdef CONFIG_PPC_KERNEL_PCREL reladdr = func_addr - local_paca->kernelbase; - if (reladdr < (long)SZ_8G && reladdr >= -(long)SZ_8G) { + /* + * If fimage is NULL (the initial pass to find image size), + * account for the maximum no. of instructions possible. + */ + if (!fimage) { + ctx->idx += 7; + return 0; + } else if (reladdr < (long)SZ_8G && reladdr >= -(long)SZ_8G) { EMIT(PPC_RAW_LD(_R12, _R13, offsetof(struct paca_struct, kernelbase))); /* Align for subsequent prefix instruction */ if (!IS_ALIGNED((unsigned long)fimage + CTX_NIA(ctx), 8)) @@ -412,7 +419,6 @@ int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, u32 *fimage, struct code u64 imm64; u32 true_cond; u32 tmp_idx; - int j; /* * addrs[] maps a BPF bytecode address into a real offset from @@ -1046,12 +1052,7 @@ int bpf_jit_build_body(struct bpf_prog *fp, u32 *image, u32 *fimage, struct code case BPF_LD | BPF_IMM | BPF_DW: /* dst = (u64) imm */ imm64 = ((u64)(u32) insn[i].imm) | (((u64)(u32) insn[i+1].imm) << 32); - tmp_idx = ctx->idx; PPC_LI64(dst_reg, imm64); - /* padding to allow full 5 instructions for later patching */ - if (!image) - for (j = ctx->idx - tmp_idx; j < 5; j++) - EMIT(PPC_RAW_NOP()); /* Adjust for two bpf instructions */ addrs[++i] = ctx->idx * 4; break; -- 2.49.0

7 months

2
1
0 0

[PATCH] powerpc64/ftrace: fix clobbered r15 during livepatching

by Hari Bathini

While r15 is clobbered always with PPC_FTRACE_OUT_OF_LINE, it is not restored in livepatch sequence leading to not so obvious fails like below: BUG: Unable to handle kernel data access on write at 0xc0000000000f9078 Faulting instruction address: 0xc0000000018ff958 Oops: Kernel access of bad area, sig: 11 [#1] ... NIP: c0000000018ff958 LR: c0000000018ff930 CTR: c0000000009c0790 REGS: c00000005f2e7790 TRAP: 0300 Tainted: G K (6.14.0+) MSR: 8000000000009033 <SF,EE,ME,IR,DR,RI,LE> CR: 2822880b XER: 20040000 CFAR: c0000000008addc0 DAR: c0000000000f9078 DSISR: 0a000000 IRQMASK: 1 GPR00: c0000000018f2584 c00000005f2e7a30 c00000000280a900 c000000017ffa488 GPR04: 0000000000000008 0000000000000000 c0000000018f24fc 000000000000000d GPR08: fffffffffffe0000 000000000000000d 0000000000000000 0000000000008000 GPR12: c0000000009c0790 c000000017ffa480 c00000005f2e7c78 c0000000000f9070 GPR16: c00000005f2e7c90 0000000000000000 0000000000000000 0000000000000000 GPR20: 0000000000000000 c00000005f3efa80 c00000005f2e7c60 c00000005f2e7c88 GPR24: c00000005f2e7c60 0000000000000001 c0000000000f9078 0000000000000000 GPR28: 00007fff97960000 c000000017ffa480 0000000000000000 c0000000000f9078 ... Call Trace: check_heap_object+0x34/0x390 (unreliable) __mutex_unlock_slowpath.isra.0+0xe4/0x230 seq_read_iter+0x430/0xa90 proc_reg_read_iter+0xa4/0x200 vfs_read+0x41c/0x510 ksys_read+0xa4/0x190 system_call_exception+0x1d0/0x440 system_call_vectored_common+0x15c/0x2ec Fix it by restoring r15 always. Fixes: eec37961a56a ("powerpc64/ftrace: Move ftrace sequence out of line") Reported-by: Viktor Malik <vmalik(a)redhat.com> Closes: https://lore.kernel.org/lkml/1aec4a9a-a30b-43fd-b303-7a351caeccb7@redhat.com Cc: stable(a)vger.kernel.org # v6.13+ Signed-off-by: Hari Bathini <hbathini(a)linux.ibm.com> --- arch/powerpc/kernel/trace/ftrace_entry.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/powerpc/kernel/trace/ftrace_entry.S b/arch/powerpc/kernel/trace/ftrace_entry.S index 2c1b24100eca..3565c67fc638 100644 --- a/arch/powerpc/kernel/trace/ftrace_entry.S +++ b/arch/powerpc/kernel/trace/ftrace_entry.S @@ -212,10 +212,10 @@ bne- 1f mr r3, r15 +1: mtlr r3 .if \allregs == 0 REST_GPR(15, r1) .endif -1: mtlr r3 #endif /* Restore gprs */ -- 2.49.0

7 months

4
3
0 0

+ mm-fix-folio_pte_batch-on-xen-pv.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: fix folio_pte_batch() on XEN PV has been added to the -mm mm-hotfixes-unstable branch. Its filename is mm-fix-folio_pte_batch-on-xen-pv.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Petr Van��k <arkamar(a)atlas.cz> Subject: mm: fix folio_pte_batch() on XEN PV Date: Fri, 2 May 2025 23:50:19 +0200 On XEN PV, folio_pte_batch() can incorrectly batch beyond the end of a folio due to a corner case in pte_advance_pfn(). Specifically, when the PFN following the folio maps to an invalidated MFN, expected_pte = pte_advance_pfn(expected_pte, nr); produces a pte_none(). If the actual next PTE in memory is also pte_none(), the pte_same() succeeds, if (!pte_same(pte, expected_pte)) break; the loop is not broken, and batching continues into unrelated memory. For example, with a 4-page folio, the PTE layout might look like this: [ 53.465673] [ T2552] folio_pte_batch: printing PTE values at addr=0x7f1ac9dc5000 [ 53.465674] [ T2552] PTE[453] = 000000010085c125 [ 53.465679] [ T2552] PTE[454] = 000000010085d125 [ 53.465682] [ T2552] PTE[455] = 000000010085e125 [ 53.465684] [ T2552] PTE[456] = 000000010085f125 [ 53.465686] [ T2552] PTE[457] = 0000000000000000 <-- not present [ 53.465689] [ T2552] PTE[458] = 0000000101da7125 pte_advance_pfn(PTE[456]) returns a pte_none() due to invalid PFN->MFN mapping. The next actual PTE (PTE[457]) is also pte_none(), so the loop continues and includes PTE[457] in the batch, resulting in 5 batched entries for a 4-page folio. This triggers the following warning: [ 53.465751] [ T2552] page: refcount:85 mapcount:20 mapping:ffff88813ff4f6a8 index:0x110 pfn:0x10085c [ 53.465754] [ T2552] head: order:2 mapcount:80 entire_mapcount:0 nr_pages_mapped:4 pincount:0 [ 53.465756] [ T2552] memcg:ffff888003573000 [ 53.465758] [ T2552] aops:0xffffffff8226fd20 ino:82467c dentry name(?):"libc.so.6" [ 53.465761] [ T2552] flags: 0x2000000000416c(referenced|uptodate|lru|active|private|head|node=0|zone=2) [ 53.465764] [ T2552] raw: 002000000000416c ffffea0004021f08 ffffea0004021908 ffff88813ff4f6a8 [ 53.465767] [ T2552] raw: 0000000000000110 ffff888133d8bd40 0000005500000013 ffff888003573000 [ 53.465768] [ T2552] head: 002000000000416c ffffea0004021f08 ffffea0004021908 ffff88813ff4f6a8 [ 53.465770] [ T2552] head: 0000000000000110 ffff888133d8bd40 0000005500000013 ffff888003573000 [ 53.465772] [ T2552] head: 0020000000000202 ffffea0004021701 000000040000004f 00000000ffffffff [ 53.465774] [ T2552] head: 0000000300000003 8000000300000002 0000000000000013 0000000000000004 [ 53.465775] [ T2552] page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) Original code works as expected everywhere, except on XEN PV, where pte_advance_pfn() can yield a pte_none() after balloon inflation due to MFNs invalidation. In XEN, pte_advance_pfn() ends up calling __pte()->xen_make_pte()->pte_pfn_to_mfn(), which returns pte_none() when mfn == INVALID_P2M_ENTRY. The pte_pfn_to_mfn() documents that nastiness: If there's no mfn for the pfn, then just create an empty non-present pte. Unfortunately this loses information about the original pfn, so pte_mfn_to_pfn is asymmetric. While such hacks should certainly be removed, we can do better in folio_pte_batch() and simply check ahead of time how many PTEs we can possibly batch in our folio. This way, we can not only fix the issue but cleanup the code: removing the pte_pfn() check inside the loop body and avoiding end_ptr comparison + arithmetic. Link: https://lkml.kernel.org/r/20250502215019.822-2-arkamar@atlas.cz Fixes: f8d937761d65 ("mm/memory: optimize fork() with PTE-mapped THP") Co-developed-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: David Hildenbrand <david(a)redhat.com> Signed-off-by: Petr Van��k <arkamar(a)atlas.cz> Cc: Ryan Roberts <ryan.roberts(a)arm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/internal.h | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) --- a/mm/internal.h~mm-fix-folio_pte_batch-on-xen-pv +++ a/mm/internal.h @@ -248,11 +248,9 @@ static inline int folio_pte_batch(struct pte_t *start_ptep, pte_t pte, int max_nr, fpb_t flags, bool *any_writable, bool *any_young, bool *any_dirty) { - unsigned long folio_end_pfn = folio_pfn(folio) + folio_nr_pages(folio); - const pte_t *end_ptep = start_ptep + max_nr; pte_t expected_pte, *ptep; bool writable, young, dirty; - int nr; + int nr, cur_nr; if (any_writable) *any_writable = false; @@ -265,11 +263,15 @@ static inline int folio_pte_batch(struct VM_WARN_ON_FOLIO(!folio_test_large(folio) || max_nr < 1, folio); VM_WARN_ON_FOLIO(page_folio(pfn_to_page(pte_pfn(pte))) != folio, folio); + /* Limit max_nr to the actual remaining PFNs in the folio we could batch. */ + max_nr = min_t(unsigned long, max_nr, + folio_pfn(folio) + folio_nr_pages(folio) - pte_pfn(pte)); + nr = pte_batch_hint(start_ptep, pte); expected_pte = __pte_batch_clear_ignored(pte_advance_pfn(pte, nr), flags); ptep = start_ptep + nr; - while (ptep < end_ptep) { + while (nr < max_nr) { pte = ptep_get(ptep); if (any_writable) writable = !!pte_write(pte); @@ -282,14 +284,6 @@ static inline int folio_pte_batch(struct if (!pte_same(pte, expected_pte)) break; - /* - * Stop immediately once we reached the end of the folio. In - * corner cases the next PFN might fall into a different - * folio. - */ - if (pte_pfn(pte) >= folio_end_pfn) - break; - if (any_writable) *any_writable |= writable; if (any_young) @@ -297,12 +291,13 @@ static inline int folio_pte_batch(struct if (any_dirty) *any_dirty |= dirty; - nr = pte_batch_hint(ptep, pte); - expected_pte = pte_advance_pfn(expected_pte, nr); - ptep += nr; + cur_nr = pte_batch_hint(ptep, pte); + expected_pte = pte_advance_pfn(expected_pte, cur_nr); + ptep += cur_nr; + nr += cur_nr; } - return min(ptep - start_ptep, max_nr); + return min(nr, max_nr); } /** _ Patches currently in -mm which might be from arkamar(a)atlas.cz are mm-fix-folio_pte_batch-on-xen-pv.patch

7 months

1
0
0 0

[PATCH] arm64/cpufeature: annotate arm64_use_ng_mappings with ro_after_init to prevent wrong idmap generation

by Yeoreum Yun

create_init_idmap() could be called before .bss section initialization which is done in early_map_kernel() since data/test_prot could be set wrong for PTE_MAYBE_NG macro. PTE_MAYBE_NG macro is set according to value of "arm64_use_ng_mappings". and this variable is located in .bss section. # llvm-objdump-21 --syms vmlinux-gcc | grep arm64_use_ng_mappings ffff800082f242a8 g O .bss 0000000000000001 arm64_use_ng_mappings If .bss section doesn't initialized, "arm64_use_ng_mappings" would be set with garbage value ant then the text_prot or data_prot could be set with garbgae value. Here is what i saw with kernel compiled via llvm-21 // create_init_idmap() ffff80008255c058: d10103ff sub sp, sp, #0x40 ffff80008255c05c: a9017bfd stp x29, x30, [sp, #0x10] ffff80008255c060: a90257f6 stp x22, x21, [sp, #0x20] ffff80008255c064: a9034ff4 stp x20, x19, [sp, #0x30] ffff80008255c068: 910043fd add x29, sp, #0x10 ffff80008255c06c: 90003fc8 adrp x8, 0xffff800082d54000 ffff80008255c070: d280e06a mov x10, #0x703 // =1795 ffff80008255c074: 91400409 add x9, x0, #0x1, lsl #12 // =0x1000 ffff80008255c078: 394a4108 ldrb w8, [x8, #0x290] ------------- (1) ffff80008255c07c: f2e00d0a movk x10, #0x68, lsl #48 ffff80008255c080: f90007e9 str x9, [sp, #0x8] ffff80008255c084: aa0103f3 mov x19, x1 ffff80008255c088: aa0003f4 mov x20, x0 ffff80008255c08c: 14000000 b 0xffff80008255c08c <__pi_create_init_idmap+0x34> ffff80008255c090: aa082d56 orr x22, x10, x8, lsl #11 -------- (2) Note (1) is load the arm64_use_ng_mappings value in w8. and (2) is set the text or data prot with the w8 value to set PTE_NG bit. If .bss section doesn't initialized, x8 can include garbage value -- In case of some platform, x8 loaded with 0xcf -- it could generate wrong mapping. (i.e) text_prot is expected with PAGE_KERNEL_ROX(0x0040000000000F83) but with garbage x8 -- 0xcf, it sets with (0x0040000000067F83) and This makes boot failure with translation fault. This error cannot happen according to code generated by compiler. here is the case of gcc: ffff80008260a940 <__pi_create_init_idmap>: ffff80008260a940: d100c3ff sub sp, sp, #0x30 ffff80008260a944: aa0003ed mov x13, x0 ffff80008260a948: 91400400 add x0, x0, #0x1, lsl #12 // =0x1000 ffff80008260a94c: a9017bfd stp x29, x30, [sp, #0x10] ffff80008260a950: 910043fd add x29, sp, #0x10 ffff80008260a954: f90017e0 str x0, [sp, #0x28] ffff80008260a958: d00048c0 adrp x0, 0xffff800082f24000 <reset_devices> ffff80008260a95c: 394aa000 ldrb w0, [x0, #0x2a8] ffff80008260a960: 37000640 tbnz w0, #0x0, 0xffff80008260aa28 <__pi_create_init_idmap+0xe8> ---(3) ffff80008260a964: d280f060 mov x0, #0x783 // =1923 ffff80008260a968: d280e062 mov x2, #0x703 // =1795 ffff80008260a96c: f2e00800 movk x0, #0x40, lsl #48 ffff80008260a970: f2e00d02 movk x2, #0x68, lsl #48 ffff80008260a974: aa2103e4 mvn x4, x1 ffff80008260a978: 8a210049 bic x9, x2, x1 ... ffff80008260aa28: d281f060 mov x0, #0xf83 // =3971 ffff80008260aa2c: d281e062 mov x2, #0xf03 // =3843 ffff80008260aa30: f2e00800 movk x0, #0x40, lsl #48 In case of gcc, according to value of arm64_use_ng_mappings (annoated as(3)), it branches to each prot settup code. However this is also problem since it branches according to garbage value too -- idmapping with wrong pgprot. To resolve this, annotate arm64_use_ng_mappings as ro_after_init. Fixes: 84b04d3e6bdb ("arm64: kernel: Create initial ID map from C code") Cc: <stable(a)vger.kernel.org> # 6.9.x Signed-off-by: Yeoreum Yun <yeoreum.yun(a)arm.com> --- There is another way to solve this problem by setting test/data_prot with _PAGE_DEFAULT which doesn't include PTE_MAYBE_NG with constanst check in create_init_idmap() to be free from arm64_use_ng_mappings. but i think it would be better to change arm64_use_ng_mappings as ro_after_init because it doesn't change after init phase and solve this problem too. --- arch/arm64/kernel/cpufeature.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c index d2104a1e7843..967ffb1cbd52 100644 --- a/arch/arm64/kernel/cpufeature.c +++ b/arch/arm64/kernel/cpufeature.c @@ -114,7 +114,7 @@ static struct arm64_cpu_capabilities const __ro_after_init *cpucap_ptrs[ARM64_NC DECLARE_BITMAP(boot_cpucaps, ARM64_NCAPS); -bool arm64_use_ng_mappings = false; +bool arm64_use_ng_mappings __ro_after_init = false; EXPORT_SYMBOL(arm64_use_ng_mappings); DEFINE_PER_CPU_READ_MOSTLY(const char *, this_cpu_vector) = vectors; -- LEVI:{C3F47F37-75D8-414A-A8BA-3980EC8A46D7}

7 months

4
9
0 0

[PATCH 6.1 6.6 6.12 6.13] scripts/sorttable: fix ELF64 mcount_loc address parsing when compiling on 32-bit

by Sahil Gupta

The ftrace __mcount_loc buildtime sort does not work properly when the host is 32-bit and the target is 64-bit. sorttable parses the start and stop addresses by calling strtoul on the buffer holding the hexadecimal string. Since the target is 64-bit but unsigned long on 32-bit machines is 32 bits, strtoul, and by extension the start and stop addresses, can max out to 2^32 - 1. This patch adds a new macro, parse_addr, that corresponds to a strtoul or strtoull call based on whether you are operating on a 32-bit ELF or a 64-bit ELF. This way, the correct width is guaranteed whether or not the host is 32-bit. This should cleanly apply on all of the 6.x stable kernels. Manually verified that the __mcount_loc section is sorted by parsing the ELF and verified tests corresponding to CONFIG_FTRACE_SORT_STARTUP_TEST for kernels built on a 32-bit and a 64-bit host. Signed-off-by: Sahil Gupta <s.gupta(a)arista.com> --- scripts/sorttable.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/sorttable.h b/scripts/sorttable.h index 7bd0184380d3..9ed7acca9f30 100644 --- a/scripts/sorttable.h +++ b/scripts/sorttable.h @@ -40,6 +40,7 @@ #undef uint_t #undef _r #undef _w +#undef parse_addr #ifdef SORTTABLE_64 # define extable_ent_size 16 @@ -65,6 +66,7 @@ # define uint_t uint64_t # define _r r8 # define _w w8 +# define parse_addr(buf) strtoull(buf, NULL, 16) #else # define extable_ent_size 8 # define compare_extable compare_extable_32 @@ -89,6 +91,7 @@ # define uint_t uint32_t # define _r r # define _w w +# define parse_addr(buf) strtoul(buf, NULL, 16) #endif #if defined(SORTTABLE_64) && defined(UNWINDER_ORC_ENABLED) @@ -246,13 +249,13 @@ static void get_mcount_loc(uint_t *_start, uint_t *_stop) len = strlen(start_buff); start_buff[len - 1] = '\0'; } - *_start = strtoul(start_buff, NULL, 16); + *_start = parse_addr(start_buff); while (fgets(stop_buff, sizeof(stop_buff), file_stop) != NULL) { len = strlen(stop_buff); stop_buff[len - 1] = '\0'; } - *_stop = strtoul(stop_buff, NULL, 16); + *_stop = parse_addr(stop_buff); pclose(file_start); pclose(file_stop); -- 2.47.0

7 months

4
8
0 0

[PATCH v2] drm/v3d: Add job to pending list if the reset was skipped

by Maíra Canal

When a CL/CSD job times out, we check if the GPU has made any progress since the last timeout. If so, instead of resetting the hardware, we skip the reset and let the timer get rearmed. This gives long-running jobs a chance to complete. However, when `timedout_job()` is called, the job in question is removed from the pending list, which means it won't be automatically freed through `free_job()`. Consequently, when we skip the reset and keep the job running, the job won't be freed when it finally completes. This situation leads to a memory leak, as exposed in [1] and [2]. Similarly to commit 704d3d60fec4 ("drm/etnaviv: don't block scheduler when GPU is still active"), this patch ensures the job is put back on the pending list when extending the timeout. Cc: stable(a)vger.kernel.org # 6.0 Reported-by: Daivik Bhatia <dtgs1208(a)gmail.com> Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/12227 [1] Closes: https://github.com/raspberrypi/linux/issues/6817 [2] Signed-off-by: Maíra Canal <mcanal(a)igalia.com> Reviewed-by: Iago Toral Quiroga <itoral(a)igalia.com> --- Hi, While we typically strive to avoid exposing the scheduler's internals within the drivers, I'm proposing this fix as an interim solution. I'm aware that a comprehensive fix will need some adjustments on the DRM sched side, and I plan to address that soon. However, it would be hard to justify the backport of such patches to the stable branches and this issue is affecting users in the moment. Therefore, I'd like to push this patch to drm-misc-fixes in order to address this leak as soon as possible, while working in a more generic solution. Best Regards, - Maíra v1 -> v2: https://lore.kernel.org/dri-devel/20250427202907.94415-2-mcanal@igalia.com/ - Protect the pending list by using its spinlock. - Add the URL of another downstream issue related to this patch. drivers/gpu/drm/v3d/v3d_sched.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/drivers/gpu/drm/v3d/v3d_sched.c b/drivers/gpu/drm/v3d/v3d_sched.c index b3be08b0ca91..c612363181df 100644 --- a/drivers/gpu/drm/v3d/v3d_sched.c +++ b/drivers/gpu/drm/v3d/v3d_sched.c @@ -734,11 +734,16 @@ v3d_gpu_reset_for_timeout(struct v3d_dev *v3d, struct drm_sched_job *sched_job) return DRM_GPU_SCHED_STAT_NOMINAL; } -/* If the current address or return address have changed, then the GPU - * has probably made progress and we should delay the reset. This - * could fail if the GPU got in an infinite loop in the CL, but that - * is pretty unlikely outside of an i-g-t testcase. - */ +static void +v3d_sched_skip_reset(struct drm_sched_job *sched_job) +{ + struct drm_gpu_scheduler *sched = sched_job->sched; + + spin_lock(&sched->job_list_lock); + list_add(&sched_job->list, &sched->pending_list); + spin_unlock(&sched->job_list_lock); +} + static enum drm_gpu_sched_stat v3d_cl_job_timedout(struct drm_sched_job *sched_job, enum v3d_queue q, u32 *timedout_ctca, u32 *timedout_ctra) @@ -748,9 +753,16 @@ v3d_cl_job_timedout(struct drm_sched_job *sched_job, enum v3d_queue q, u32 ctca = V3D_CORE_READ(0, V3D_CLE_CTNCA(q)); u32 ctra = V3D_CORE_READ(0, V3D_CLE_CTNRA(q)); + /* If the current address or return address have changed, then the GPU + * has probably made progress and we should delay the reset. This + * could fail if the GPU got in an infinite loop in the CL, but that + * is pretty unlikely outside of an i-g-t testcase. + */ if (*timedout_ctca != ctca || *timedout_ctra != ctra) { *timedout_ctca = ctca; *timedout_ctra = ctra; + + v3d_sched_skip_reset(sched_job); return DRM_GPU_SCHED_STAT_NOMINAL; } @@ -790,11 +802,13 @@ v3d_csd_job_timedout(struct drm_sched_job *sched_job) struct v3d_dev *v3d = job->base.v3d; u32 batches = V3D_CORE_READ(0, V3D_CSD_CURRENT_CFG4(v3d->ver)); - /* If we've made progress, skip reset and let the timer get - * rearmed. + /* If we've made progress, skip reset, add the job to the pending + * list, and let the timer get rearmed. */ if (job->timedout_batches != batches) { job->timedout_batches = batches; + + v3d_sched_skip_reset(sched_job); return DRM_GPU_SCHED_STAT_NOMINAL; } -- 2.49.0

7 months

2
2
0 0

[PATCH v3] x86/sev: Fix making shared pages private during kdump

by Ashish Kalra

From: Ashish Kalra <ashish.kalra(a)amd.com> When the shared pages are being made private during kdump preparation there are additional checks to handle shared GHCB pages. These additional checks include handling the case of GHCB page being contained within a huge page. While handling the case of GHCB page contained within a huge page any shared page just below the GHCB page gets skipped from being transitioned back to private during kdump preparation. This subsequently causes a 0x404 #VC exception when this skipped shared page is accessed later while dumping guest memory during vmcore generation via kdump. Split the initial check for skipping the GHCB page into the page being skipped fully containing the GHCB and GHCB being contained within a huge page. Also ensure that the skipped huge page containing the GHCB page is transitioned back to private later when changing GHCBs to private at end of kdump preparation. Reviewed-by: Tom Lendacky <thomas.lendacky(a)amd.com> Cc: stable(a)vger.kernel.org Fixes: 3074152e56c9 ("x86/sev: Convert shared memory back to private on kexec") Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com> --- arch/x86/coco/sev/core.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index d35fec7b164a..1f53383bd1fa 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1019,7 +1019,13 @@ static void unshare_all_memory(void) data = per_cpu(runtime_data, cpu); ghcb = (unsigned long)&data->ghcb_page; - if (addr <= ghcb && ghcb <= addr + size) { + /* Handle the case of a huge page containing the GHCB page */ + if (level == PG_LEVEL_4K && addr == ghcb) { + skipped_addr = true; + break; + } + if (level > PG_LEVEL_4K && addr <= ghcb && + ghcb < addr + size) { skipped_addr = true; break; } @@ -1131,8 +1137,8 @@ static void shutdown_all_aps(void) void snp_kexec_finish(void) { struct sev_es_runtime_data *data; + unsigned long size, mask; unsigned int level, cpu; - unsigned long size; struct ghcb *ghcb; pte_t *pte; @@ -1160,6 +1166,10 @@ void snp_kexec_finish(void) ghcb = &data->ghcb_page; pte = lookup_address((unsigned long)ghcb, &level); size = page_level_size(level); + mask = page_level_mask(level); + /* Handle the case of a huge page containing the GHCB page */ + if (level > PG_LEVEL_4K) + ghcb = (struct ghcb *)((unsigned long)ghcb & mask); set_pte_enc(pte, level, (void *)ghcb); snp_set_memory_private((unsigned long)ghcb, (size / PAGE_SIZE)); } -- 2.34.1

7 months

4
4
0 0

[tip: irq/urgent] irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs

by tip-bot2 for Stephan Gerhold

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: 38a05c0b87833f5b188ae43b428b1f792df2b384 Gitweb: https://git.kernel.org/tip/38a05c0b87833f5b188ae43b428b1f792df2b384 Author: Stephan Gerhold <stephan.gerhold(a)linaro.org> AuthorDate: Fri, 02 May 2025 13:22:28 +02:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Fri, 02 May 2025 21:07:02 +02:00 irqchip/qcom-mpm: Prevent crash when trying to handle non-wake GPIOs On Qualcomm chipsets not all GPIOs are wakeup capable. Those GPIOs do not have a corresponding MPM pin and should not be handled inside the MPM driver. The IRQ domain hierarchy is always applied, so it's required to explicitly disconnect the hierarchy for those. The pinctrl-msm driver marks these with GPIO_NO_WAKE_IRQ. qcom-pdc has a check for this, but irq-qcom-mpm is currently missing the check. This is causing crashes when setting up interrupts for non-wake GPIOs: root@rb1:~# gpiomon -c gpiochip1 10 irq: IRQ159: trimming hierarchy from :soc@0:interrupt-controller@f200000-1 Unable to handle kernel paging request at virtual address ffff8000a1dc3820 Hardware name: Qualcomm Technologies, Inc. Robotics RB1 (DT) pc : mpm_set_type+0x80/0xcc lr : mpm_set_type+0x5c/0xcc Call trace: mpm_set_type+0x80/0xcc (P) qcom_mpm_set_type+0x64/0x158 irq_chip_set_type_parent+0x20/0x38 msm_gpio_irq_set_type+0x50/0x530 __irq_set_trigger+0x60/0x184 __setup_irq+0x304/0x6bc request_threaded_irq+0xc8/0x19c edge_detector_setup+0x260/0x364 linereq_create+0x420/0x5a8 gpio_ioctl+0x2d4/0x6c0 Fix this by copying the check for GPIO_NO_WAKE_IRQ from qcom-pdc.c, so that MPM is removed entirely from the hierarchy for non-wake GPIOs. Fixes: a6199bb514d8 ("irqchip: Add Qualcomm MPM controller driver") Reported-by: Alexey Klimov <alexey.klimov(a)linaro.org> Signed-off-by: Stephan Gerhold <stephan.gerhold(a)linaro.org> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Tested-by: Alexey Klimov <alexey.klimov(a)linaro.org> Reviewed-by: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20250502-irq-qcom-mpm-fix-no-wake-v1-1-8a1eafcd… --- drivers/irqchip/irq-qcom-mpm.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/irqchip/irq-qcom-mpm.c b/drivers/irqchip/irq-qcom-mpm.c index 7942d8e..f772deb 100644 --- a/drivers/irqchip/irq-qcom-mpm.c +++ b/drivers/irqchip/irq-qcom-mpm.c @@ -227,6 +227,9 @@ static int qcom_mpm_alloc(struct irq_domain *domain, unsigned int virq, if (ret) return ret; + if (pin == GPIO_NO_WAKE_IRQ) + return irq_domain_disconnect_hierarchy(domain, virq); + ret = irq_domain_set_hwirq_and_chip(domain, virq, pin, &qcom_mpm_chip, priv); if (ret)

7 months

1
0
0 0

[PATCH 5/5] rust: clean Rust 1.88.0's `clippy::uninlined_format_args` lint

by Miguel Ojeda

Starting with Rust 1.88.0 (expected 2025-06-26) [1], `rustc` may move back the `uninlined_format_args` to `style` from `pedantic` (it was there waiting for rust-analyzer suppotr), and thus we will start to see lints like: warning: variables can be used directly in the `format!` string --> rust/macros/kunit.rs:105:37 | 105 | let kunit_wrapper_fn_name = format!("kunit_rust_wrapper_{}", test); | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#uninlined_format_… help: change this to | 105 - let kunit_wrapper_fn_name = format!("kunit_rust_wrapper_{}", test); 105 + let kunit_wrapper_fn_name = format!("kunit_rust_wrapper_{test}"); There is even a case that is a pure removal: warning: variables can be used directly in the `format!` string --> rust/macros/module.rs:51:13 | 51 | format!("{field}={content}\0", field = field, content = content) | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#uninlined_format_… help: change this to | 51 - format!("{field}={content}\0", field = field, content = content) 51 + format!("{field}={content}\0") The lints all seem like nice cleanups, thus just apply them. We may want to disable `allow-mixed-uninlined-format-args` in the future. Cc: stable(a)vger.kernel.org # Needed in 6.12.y and later (Rust is pinned in older LTSs). Cc: Benno Lossin <benno.lossin(a)proton.me> Link: https://github.com/rust-lang/rust-clippy/pull/14160 [1] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- drivers/gpu/nova-core/gpu.rs | 2 +- rust/kernel/str.rs | 46 +++++++++++------------ rust/macros/kunit.rs | 13 ++----- rust/macros/module.rs | 19 +++------- rust/macros/paste.rs | 2 +- rust/pin-init/internal/src/pinned_drop.rs | 3 +- 6 files changed, 35 insertions(+), 50 deletions(-) diff --git a/drivers/gpu/nova-core/gpu.rs b/drivers/gpu/nova-core/gpu.rs index 17c9660da450..ab0e5a72a059 100644 --- a/drivers/gpu/nova-core/gpu.rs +++ b/drivers/gpu/nova-core/gpu.rs @@ -93,7 +93,7 @@ pub(crate) fn arch(&self) -> Architecture { // For now, redirect to fmt::Debug for convenience. impl fmt::Display for Chipset { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { - write!(f, "{:?}", self) + write!(f, "{self:?}") } } diff --git a/rust/kernel/str.rs b/rust/kernel/str.rs index 878111cb77bc..fb61ce81ea28 100644 --- a/rust/kernel/str.rs +++ b/rust/kernel/str.rs @@ -73,7 +73,7 @@ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { b'\r' => f.write_str("\\r")?, // Printable characters. 0x20..=0x7e => f.write_char(b as char)?, - _ => write!(f, "\\x{:02x}", b)?, + _ => write!(f, "\\x{b:02x}")?, } } Ok(()) @@ -109,7 +109,7 @@ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { b'\\' => f.write_str("\\\\")?, // Printable characters. 0x20..=0x7e => f.write_char(b as char)?, - _ => write!(f, "\\x{:02x}", b)?, + _ => write!(f, "\\x{b:02x}")?, } } f.write_char('"') @@ -447,7 +447,7 @@ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { // Printable character. f.write_char(c as char)?; } else { - write!(f, "\\x{:02x}", c)?; + write!(f, "\\x{c:02x}")?; } } Ok(()) @@ -479,7 +479,7 @@ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { // Printable characters. b'\"' => f.write_str("\\\"")?, 0x20..=0x7e => f.write_char(c as char)?, - _ => write!(f, "\\x{:02x}", c)?, + _ => write!(f, "\\x{c:02x}")?, } } f.write_str("\"") @@ -641,13 +641,13 @@ fn test_cstr_as_str_unchecked() { #[test] fn test_cstr_display() { let hello_world = CStr::from_bytes_with_nul(b"hello, world!\0").unwrap(); - assert_eq!(format!("{}", hello_world), "hello, world!"); + assert_eq!(format!("{hello_world}"), "hello, world!"); let non_printables = CStr::from_bytes_with_nul(b"\x01\x09\x0a\0").unwrap(); - assert_eq!(format!("{}", non_printables), "\\x01\\x09\\x0a"); + assert_eq!(format!("{non_printables}"), "\\x01\\x09\\x0a"); let non_ascii = CStr::from_bytes_with_nul(b"d\xe9j\xe0 vu\0").unwrap(); - assert_eq!(format!("{}", non_ascii), "d\\xe9j\\xe0 vu"); + assert_eq!(format!("{non_ascii}"), "d\\xe9j\\xe0 vu"); let good_bytes = CStr::from_bytes_with_nul(b"\xf0\x9f\xa6\x80\0").unwrap(); - assert_eq!(format!("{}", good_bytes), "\\xf0\\x9f\\xa6\\x80"); + assert_eq!(format!("{good_bytes}"), "\\xf0\\x9f\\xa6\\x80"); } #[test] @@ -658,47 +658,47 @@ fn test_cstr_display_all_bytes() { bytes[i as usize] = i.wrapping_add(1); } let cstr = CStr::from_bytes_with_nul(&bytes).unwrap(); - assert_eq!(format!("{}", cstr), ALL_ASCII_CHARS); + assert_eq!(format!("{cstr}"), ALL_ASCII_CHARS); } #[test] fn test_cstr_debug() { let hello_world = CStr::from_bytes_with_nul(b"hello, world!\0").unwrap(); - assert_eq!(format!("{:?}", hello_world), "\"hello, world!\""); + assert_eq!(format!("{hello_world:?}"), "\"hello, world!\""); let non_printables = CStr::from_bytes_with_nul(b"\x01\x09\x0a\0").unwrap(); - assert_eq!(format!("{:?}", non_printables), "\"\\x01\\x09\\x0a\""); + assert_eq!(format!("{non_printables:?}"), "\"\\x01\\x09\\x0a\""); let non_ascii = CStr::from_bytes_with_nul(b"d\xe9j\xe0 vu\0").unwrap(); - assert_eq!(format!("{:?}", non_ascii), "\"d\\xe9j\\xe0 vu\""); + assert_eq!(format!("{non_ascii:?}"), "\"d\\xe9j\\xe0 vu\""); let good_bytes = CStr::from_bytes_with_nul(b"\xf0\x9f\xa6\x80\0").unwrap(); - assert_eq!(format!("{:?}", good_bytes), "\"\\xf0\\x9f\\xa6\\x80\""); + assert_eq!(format!("{good_bytes:?}"), "\"\\xf0\\x9f\\xa6\\x80\""); } #[test] fn test_bstr_display() { let hello_world = BStr::from_bytes(b"hello, world!"); - assert_eq!(format!("{}", hello_world), "hello, world!"); + assert_eq!(format!("{hello_world}"), "hello, world!"); let escapes = BStr::from_bytes(b"_\t_\n_\r_\\_\'_\"_"); - assert_eq!(format!("{}", escapes), "_\\t_\\n_\\r_\\_'_\"_"); + assert_eq!(format!("{escapes}"), "_\\t_\\n_\\r_\\_'_\"_"); let others = BStr::from_bytes(b"\x01"); - assert_eq!(format!("{}", others), "\\x01"); + assert_eq!(format!("{others}"), "\\x01"); let non_ascii = BStr::from_bytes(b"d\xe9j\xe0 vu"); - assert_eq!(format!("{}", non_ascii), "d\\xe9j\\xe0 vu"); + assert_eq!(format!("{non_ascii}"), "d\\xe9j\\xe0 vu"); let good_bytes = BStr::from_bytes(b"\xf0\x9f\xa6\x80"); - assert_eq!(format!("{}", good_bytes), "\\xf0\\x9f\\xa6\\x80"); + assert_eq!(format!("{good_bytes}"), "\\xf0\\x9f\\xa6\\x80"); } #[test] fn test_bstr_debug() { let hello_world = BStr::from_bytes(b"hello, world!"); - assert_eq!(format!("{:?}", hello_world), "\"hello, world!\""); + assert_eq!(format!("{hello_world:?}"), "\"hello, world!\""); let escapes = BStr::from_bytes(b"_\t_\n_\r_\\_\'_\"_"); - assert_eq!(format!("{:?}", escapes), "\"_\\t_\\n_\\r_\\\\_'_\\\"_\""); + assert_eq!(format!("{escapes:?}"), "\"_\\t_\\n_\\r_\\\\_'_\\\"_\""); let others = BStr::from_bytes(b"\x01"); - assert_eq!(format!("{:?}", others), "\"\\x01\""); + assert_eq!(format!("{others:?}"), "\"\\x01\""); let non_ascii = BStr::from_bytes(b"d\xe9j\xe0 vu"); - assert_eq!(format!("{:?}", non_ascii), "\"d\\xe9j\\xe0 vu\""); + assert_eq!(format!("{non_ascii:?}"), "\"d\\xe9j\\xe0 vu\""); let good_bytes = BStr::from_bytes(b"\xf0\x9f\xa6\x80"); - assert_eq!(format!("{:?}", good_bytes), "\"\\xf0\\x9f\\xa6\\x80\""); + assert_eq!(format!("{good_bytes:?}"), "\"\\xf0\\x9f\\xa6\\x80\""); } } diff --git a/rust/macros/kunit.rs b/rust/macros/kunit.rs index 4f553ecf40c0..99ccac82edde 100644 --- a/rust/macros/kunit.rs +++ b/rust/macros/kunit.rs @@ -15,10 +15,7 @@ pub(crate) fn kunit_tests(attr: TokenStream, ts: TokenStream) -> TokenStream { } if attr.len() > 255 { - panic!( - "The test suite name `{}` exceeds the maximum length of 255 bytes", - attr - ) + panic!("The test suite name `{attr}` exceeds the maximum length of 255 bytes") } let mut tokens: Vec<_> = ts.into_iter().collect(); @@ -102,16 +99,14 @@ pub(crate) fn kunit_tests(attr: TokenStream, ts: TokenStream) -> TokenStream { let mut kunit_macros = "".to_owned(); let mut test_cases = "".to_owned(); for test in &tests { - let kunit_wrapper_fn_name = format!("kunit_rust_wrapper_{}", test); + let kunit_wrapper_fn_name = format!("kunit_rust_wrapper_{test}"); let kunit_wrapper = format!( - "unsafe extern \"C\" fn {}(_test: *mut kernel::bindings::kunit) {{ {}(); }}", - kunit_wrapper_fn_name, test + "unsafe extern \"C\" fn {kunit_wrapper_fn_name}(_test: *mut kernel::bindings::kunit) {{ {test}(); }}" ); writeln!(kunit_macros, "{kunit_wrapper}").unwrap(); writeln!( test_cases, - " kernel::kunit::kunit_case(kernel::c_str!(\"{}\"), {}),", - test, kunit_wrapper_fn_name + " kernel::kunit::kunit_case(kernel::c_str!(\"{test}\"), {kunit_wrapper_fn_name})," ) .unwrap(); } diff --git a/rust/macros/module.rs b/rust/macros/module.rs index a9418fbc9b44..2f66107847f7 100644 --- a/rust/macros/module.rs +++ b/rust/macros/module.rs @@ -48,7 +48,7 @@ fn emit_base(&mut self, field: &str, content: &str, builtin: bool) { ) } else { // Loadable modules' modinfo strings go as-is. - format!("{field}={content}\0", field = field, content = content) + format!("{field}={content}\0") }; write!( @@ -126,10 +126,7 @@ fn parse(it: &mut token_stream::IntoIter) -> Self { }; if seen_keys.contains(&key) { - panic!( - "Duplicated key \"{}\". Keys can only be specified once.", - key - ); + panic!("Duplicated key \"{key}\". Keys can only be specified once."); } assert_eq!(expect_punct(it), ':'); @@ -143,10 +140,7 @@ fn parse(it: &mut token_stream::IntoIter) -> Self { "license" => info.license = expect_string_ascii(it), "alias" => info.alias = Some(expect_string_array(it)), "firmware" => info.firmware = Some(expect_string_array(it)), - _ => panic!( - "Unknown key \"{}\". Valid keys are: {:?}.", - key, EXPECTED_KEYS - ), + _ => panic!("Unknown key \"{key}\". Valid keys are: {EXPECTED_KEYS:?}."), } assert_eq!(expect_punct(it), ','); @@ -158,7 +152,7 @@ fn parse(it: &mut token_stream::IntoIter) -> Self { for key in REQUIRED_KEYS { if !seen_keys.iter().any(|e| e == key) { - panic!("Missing required key \"{}\".", key); + panic!("Missing required key \"{key}\"."); } } @@ -170,10 +164,7 @@ fn parse(it: &mut token_stream::IntoIter) -> Self { } if seen_keys != ordered_keys { - panic!( - "Keys are not ordered as expected. Order them like: {:?}.", - ordered_keys - ); + panic!("Keys are not ordered as expected. Order them like: {ordered_keys:?}."); } info diff --git a/rust/macros/paste.rs b/rust/macros/paste.rs index 6529a387673f..cce712d19855 100644 --- a/rust/macros/paste.rs +++ b/rust/macros/paste.rs @@ -50,7 +50,7 @@ fn concat_helper(tokens: &[TokenTree]) -> Vec<(String, Span)> { let tokens = group.stream().into_iter().collect::<Vec<TokenTree>>(); segments.append(&mut concat_helper(tokens.as_slice())); } - token => panic!("unexpected token in paste segments: {:?}", token), + token => panic!("unexpected token in paste segments: {token:?}"), }; } diff --git a/rust/pin-init/internal/src/pinned_drop.rs b/rust/pin-init/internal/src/pinned_drop.rs index c824dd8b436d..c4ca7a70b726 100644 --- a/rust/pin-init/internal/src/pinned_drop.rs +++ b/rust/pin-init/internal/src/pinned_drop.rs @@ -28,8 +28,7 @@ pub(crate) fn pinned_drop(_args: TokenStream, input: TokenStream) -> TokenStream // Found the end of the generics, this should be `PinnedDrop`. assert!( matches!(tt, TokenTree::Ident(i) if i.to_string() == "PinnedDrop"), - "expected 'PinnedDrop', found: '{:?}'", - tt + "expected 'PinnedDrop', found: '{tt:?}'" ); pinned_drop_idx = Some(i); break; -- 2.49.0

7 months

3
2
0 0

Branch Tech Users and Customers

by brielle.hayes＠softwareuserzone.info

Hi there, Are you looking for a high-quality, global opt-in user list for Branch and other top mobile analytics platforms? We have fresh, permission-based data available for the following platforms: * Adjust * Mixpanel * AppsFlyer * CleverTap * Amplitude Analytics * Braze * Singular * Tenjin & many more...! Would you be interested in learning more or receiving a sample? Best regards, Brielle Hayes | Marketing Executive Please response with "skip" if not required.

7 months

1
0
0 0

[for-linus][PATCH 4/4] tracing: Do not take trace_event_sem in print_event_fields()

by Steven Rostedt

From: Steven Rostedt <rostedt(a)goodmis.org> On some paths in print_event_fields() it takes the trace_event_sem for read, even though it should always be held when the function is called. Remove the taking of that mutex and add a lockdep_assert_held_read() to make sure the trace_event_sem is held when print_event_fields() is called. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Link: https://lore.kernel.org/20250501224128.0b1f0571@batman.local.home Fixes: 80a76994b2d88 ("tracing: Add "fields" option to show raw trace event fields") Reported-by: syzbot+441582c1592938fccf09(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/6813ff5e.050a0220.14dd7d.001b.GAE@google.com/ Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_output.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c index fee40ffbd490..b9ab06c99543 100644 --- a/kernel/trace/trace_output.c +++ b/kernel/trace/trace_output.c @@ -1042,11 +1042,12 @@ enum print_line_t print_event_fields(struct trace_iterator *iter, struct trace_event_call *call; struct list_head *head; + lockdep_assert_held_read(&trace_event_sem); + /* ftrace defined events have separate call structures */ if (event->type <= __TRACE_LAST_TYPE) { bool found = false; - down_read(&trace_event_sem); list_for_each_entry(call, &ftrace_events, list) { if (call->event.type == event->type) { found = true; @@ -1056,7 +1057,6 @@ enum print_line_t print_event_fields(struct trace_iterator *iter, if (call->event.type > __TRACE_LAST_TYPE) break; } - up_read(&trace_event_sem); if (!found) { trace_seq_printf(&iter->seq, "UNKNOWN TYPE %d\n", event->type); goto out; -- 2.47.2

7 months

1
0
0 0

[PATCH 4/5] rust: clean Rust 1.88.0's warning about `clippy::disallowed_macros` configuration

by Miguel Ojeda

Starting with Rust 1.88.0 (expected 2025-06-26) [1], Clippy may start warning about paths that do not resolve in the `disallowed_macros` configuration: warning: `kernel::dbg` does not refer to an existing macro --> .clippy.toml:10:5 | 10 | { path = "kernel::dbg", reason = "the `dbg!` macro is intended as a debugging tool" }, | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This is a lint we requested at [2], due to the trouble debugging the lint due to false negatives (e.g. [3]), which we use to emulate `clippy::dbg_macro` [4]. See commit 8577c9dca799 ("rust: replace `clippy::dbg_macro` with `disallowed_macros`") for more details. Given the false negatives are not resolved yet, it is expected that Clippy complains about not finding this macro. Thus, until the false negatives are fixed (and, even then, probably we will need to wait for the MSRV to raise enough), use the escape hatch to allow an invalid path. Cc: stable(a)vger.kernel.org # Needed in 6.12.y and later (Rust is pinned in older LTSs). Link: https://github.com/rust-lang/rust-clippy/pull/14397 [1] Link: https://github.com/rust-lang/rust-clippy/issues/11432 [2] Link: https://github.com/rust-lang/rust-clippy/issues/11431 [3] Link: https://github.com/rust-lang/rust-clippy/issues/11303 [4] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- .clippy.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.clippy.toml b/.clippy.toml index 815c94732ed7..137f41d203de 100644 --- a/.clippy.toml +++ b/.clippy.toml @@ -7,5 +7,5 @@ check-private-items = true disallowed-macros = [ # The `clippy::dbg_macro` lint only works with `std::dbg!`, thus we simulate # it here, see: https://github.com/rust-lang/rust-clippy/issues/11303. - { path = "kernel::dbg", reason = "the `dbg!` macro is intended as a debugging tool" }, + { path = "kernel::dbg", reason = "the `dbg!` macro is intended as a debugging tool", allow-invalid = true }, ] -- 2.49.0

7 months

1
0
0 0

[PATCH 3/5] rust: clean Rust 1.88.0's `unnecessary_transmutes` lint

by Miguel Ojeda

Starting with Rust 1.88.0 (expected 2025-06-26) [1][2], `rustc` may introduce a new lint that catches unnecessary transmutes, e.g.: error: unnecessary transmute --> rust/uapi/uapi_generated.rs:23242:18 | 23242 | unsafe { ::core::mem::transmute(self._bitfield_1.get(0usize, 1u8) as u8) } | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: replace this with: `(self._bitfield_1.get(0usize, 1u8) as u8 == 1)` | = note: `-D unnecessary-transmutes` implied by `-D warnings` = help: to override `-D warnings` add `#[allow(unnecessary_transmutes)]` There are a lot of them (at least 300), but luckily they are all in `bindgen`-generated code. Thus clean all up by allowing it there. Since unknown lints trigger a lint itself in older compilers, do it conditionally so that we can keep the `unknown_lints` lint enabled. Cc: stable(a)vger.kernel.org # Needed in 6.12.y and later (Rust is pinned in older LTSs). Link: https://github.com/rust-lang/rust/pull/136083 [1] Link: https://github.com/rust-lang/rust/issues/136067 [2] Signed-off-by: Miguel Ojeda <ojeda(a)kernel.org> --- init/Kconfig | 3 +++ rust/bindings/lib.rs | 1 + rust/uapi/lib.rs | 1 + 3 files changed, 5 insertions(+) diff --git a/init/Kconfig b/init/Kconfig index 63f5974b9fa6..4cdd1049283c 100644 --- a/init/Kconfig +++ b/init/Kconfig @@ -140,6 +140,9 @@ config LD_CAN_USE_KEEP_IN_OVERLAY config RUSTC_HAS_COERCE_POINTEE def_bool RUSTC_VERSION >= 108400 +config RUSTC_HAS_UNNECESSARY_TRANSMUTES + def_bool RUSTC_VERSION >= 108800 + config PAHOLE_VERSION int default $(shell,$(srctree)/scripts/pahole-version.sh $(PAHOLE)) diff --git a/rust/bindings/lib.rs b/rust/bindings/lib.rs index 014af0d1fc70..a08eb5518cac 100644 --- a/rust/bindings/lib.rs +++ b/rust/bindings/lib.rs @@ -26,6 +26,7 @@ #[allow(dead_code)] #[allow(clippy::undocumented_unsafe_blocks)] +#[cfg_attr(CONFIG_RUSTC_HAS_UNNECESSARY_TRANSMUTES, allow(unnecessary_transmutes))] mod bindings_raw { // Manual definition for blocklisted types. type __kernel_size_t = usize; diff --git a/rust/uapi/lib.rs b/rust/uapi/lib.rs index 13495910271f..c98d7a8cde77 100644 --- a/rust/uapi/lib.rs +++ b/rust/uapi/lib.rs @@ -24,6 +24,7 @@ unreachable_pub, unsafe_op_in_unsafe_fn )] +#![cfg_attr(CONFIG_RUSTC_HAS_UNNECESSARY_TRANSMUTES, allow(unnecessary_transmutes))] // Manual definition of blocklisted types. type __kernel_size_t = usize; -- 2.49.0

7 months

1
0
0 0

[PATCH v4] x86/sev: Don't touch VMSA pages during kdump of SNP guest memory

by Ashish Kalra

From: Ashish Kalra <ashish.kalra(a)amd.com> When kdump is running makedumpfile to generate vmcore and dumping SNP guest memory it touches the VMSA page of the vCPU executing kdump which then results in unrecoverable #NPF/RMP faults as the VMSA page is marked busy/in-use when the vCPU is running and subsequently causes guest softlockup/hang. Additionally other APs may be halted in guest mode and their VMSA pages are marked busy and touching these VMSA pages during guest memory dump will also cause #NPF. Issue AP_DESTROY GHCB calls on other APs to ensure they are kicked out of guest mode and then clear the VMSA bit on their VMSA pages. If the vCPU running kdump is an AP, mark it's VMSA page as offline to ensure that makedumpfile excludes that page while dumping guest memory. Reviewed-by: Tom Lendacky <thomas.lendacky(a)amd.com> Reviewed-by: Pankaj Gupta <pankaj.gupta(a)amd.com> Cc: stable(a)vger.kernel.org Fixes: 3074152e56c9 ("x86/sev: Convert shared memory back to private on kexec") Signed-off-by: Ashish Kalra <ashish.kalra(a)amd.com> --- arch/x86/coco/sev/core.c | 244 +++++++++++++++++++++++++-------------- 1 file changed, 158 insertions(+), 86 deletions(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index dcfaa698d6cf..d35fec7b164a 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -877,6 +877,102 @@ void snp_accept_memory(phys_addr_t start, phys_addr_t end) set_pages_state(vaddr, npages, SNP_PAGE_STATE_PRIVATE); } +static int vmgexit_ap_control(u64 event, struct sev_es_save_area *vmsa, u32 apic_id) +{ + bool create = event == SVM_VMGEXIT_AP_CREATE; + struct ghcb_state state; + unsigned long flags; + struct ghcb *ghcb; + int ret = 0; + + local_irq_save(flags); + + ghcb = __sev_get_ghcb(&state); + + vc_ghcb_invalidate(ghcb); + + if (create) + ghcb_set_rax(ghcb, vmsa->sev_features); + + ghcb_set_sw_exit_code(ghcb, SVM_VMGEXIT_AP_CREATION); + ghcb_set_sw_exit_info_1(ghcb, + ((u64)apic_id << 32) | + ((u64)snp_vmpl << 16) | + event); + ghcb_set_sw_exit_info_2(ghcb, __pa(vmsa)); + + sev_es_wr_ghcb_msr(__pa(ghcb)); + VMGEXIT(); + + if (!ghcb_sw_exit_info_1_is_valid(ghcb) || + lower_32_bits(ghcb->save.sw_exit_info_1)) { + pr_err("SNP AP %s error\n", (create ? "CREATE" : "DESTROY")); + ret = -EINVAL; + } + + __sev_put_ghcb(&state); + + local_irq_restore(flags); + + return ret; +} + +static int snp_set_vmsa(void *va, void *caa, int apic_id, bool make_vmsa) +{ + int ret; + + if (snp_vmpl) { + struct svsm_call call = {}; + unsigned long flags; + + local_irq_save(flags); + + call.caa = this_cpu_read(svsm_caa); + call.rcx = __pa(va); + + if (make_vmsa) { + /* Protocol 0, Call ID 2 */ + call.rax = SVSM_CORE_CALL(SVSM_CORE_CREATE_VCPU); + call.rdx = __pa(caa); + call.r8 = apic_id; + } else { + /* Protocol 0, Call ID 3 */ + call.rax = SVSM_CORE_CALL(SVSM_CORE_DELETE_VCPU); + } + + ret = svsm_perform_call_protocol(&call); + + local_irq_restore(flags); + } else { + /* + * If the kernel runs at VMPL0, it can change the VMSA + * bit for a page using the RMPADJUST instruction. + * However, for the instruction to succeed it must + * target the permissions of a lesser privileged (higher + * numbered) VMPL level, so use VMPL1. + */ + u64 attrs = 1; + + if (make_vmsa) + attrs |= RMPADJUST_VMSA_PAGE_BIT; + + ret = rmpadjust((unsigned long)va, RMP_PG_SIZE_4K, attrs); + } + + return ret; +} + +static void snp_cleanup_vmsa(struct sev_es_save_area *vmsa, int apic_id) +{ + int err; + + err = snp_set_vmsa(vmsa, NULL, apic_id, false); + if (err) + pr_err("clear VMSA page failed (%u), leaking page\n", err); + else + free_page((unsigned long)vmsa); +} + static void set_pte_enc(pte_t *kpte, int level, void *va) { struct pte_enc_desc d = { @@ -973,6 +1069,65 @@ void snp_kexec_begin(void) pr_warn("Failed to stop shared<->private conversions\n"); } +/* + * Shutdown all APs except the one handling kexec/kdump and clearing + * the VMSA tag on AP's VMSA pages as they are not being used as + * VMSA page anymore. + */ +static void shutdown_all_aps(void) +{ + struct sev_es_save_area *vmsa; + int apic_id, this_cpu, cpu; + + this_cpu = get_cpu(); + + /* + * APs are already in HLT loop when enc_kexec_finish() callback + * is invoked. + */ + for_each_present_cpu(cpu) { + vmsa = per_cpu(sev_vmsa, cpu); + + /* + * The BSP or offlined APs do not have guest allocated VMSA + * and there is no need to clear the VMSA tag for this page. + */ + if (!vmsa) + continue; + + /* + * Cannot clear the VMSA tag for the currently running vCPU. + */ + if (this_cpu == cpu) { + unsigned long pa; + struct page *p; + + pa = __pa(vmsa); + /* + * Mark the VMSA page of the running vCPU as offline + * so that is excluded and not touched by makedumpfile + * while generating vmcore during kdump. + */ + p = pfn_to_online_page(pa >> PAGE_SHIFT); + if (p) + __SetPageOffline(p); + continue; + } + + apic_id = cpuid_to_apicid[cpu]; + + /* + * Issue AP destroy to ensure AP gets kicked out of guest mode + * to allow using RMPADJUST to remove the VMSA tag on it's + * VMSA page. + */ + vmgexit_ap_control(SVM_VMGEXIT_AP_DESTROY, vmsa, apic_id); + snp_cleanup_vmsa(vmsa, apic_id); + } + + put_cpu(); +} + void snp_kexec_finish(void) { struct sev_es_runtime_data *data; @@ -987,6 +1142,8 @@ void snp_kexec_finish(void) if (!IS_ENABLED(CONFIG_KEXEC_CORE)) return; + shutdown_all_aps(); + unshare_all_memory(); /* @@ -1008,51 +1165,6 @@ void snp_kexec_finish(void) } } -static int snp_set_vmsa(void *va, void *caa, int apic_id, bool make_vmsa) -{ - int ret; - - if (snp_vmpl) { - struct svsm_call call = {}; - unsigned long flags; - - local_irq_save(flags); - - call.caa = this_cpu_read(svsm_caa); - call.rcx = __pa(va); - - if (make_vmsa) { - /* Protocol 0, Call ID 2 */ - call.rax = SVSM_CORE_CALL(SVSM_CORE_CREATE_VCPU); - call.rdx = __pa(caa); - call.r8 = apic_id; - } else { - /* Protocol 0, Call ID 3 */ - call.rax = SVSM_CORE_CALL(SVSM_CORE_DELETE_VCPU); - } - - ret = svsm_perform_call_protocol(&call); - - local_irq_restore(flags); - } else { - /* - * If the kernel runs at VMPL0, it can change the VMSA - * bit for a page using the RMPADJUST instruction. - * However, for the instruction to succeed it must - * target the permissions of a lesser privileged (higher - * numbered) VMPL level, so use VMPL1. - */ - u64 attrs = 1; - - if (make_vmsa) - attrs |= RMPADJUST_VMSA_PAGE_BIT; - - ret = rmpadjust((unsigned long)va, RMP_PG_SIZE_4K, attrs); - } - - return ret; -} - #define __ATTR_BASE (SVM_SELECTOR_P_MASK | SVM_SELECTOR_S_MASK) #define INIT_CS_ATTRIBS (__ATTR_BASE | SVM_SELECTOR_READ_MASK | SVM_SELECTOR_CODE_MASK) #define INIT_DS_ATTRIBS (__ATTR_BASE | SVM_SELECTOR_WRITE_MASK) @@ -1084,24 +1196,10 @@ static void *snp_alloc_vmsa_page(int cpu) return page_address(p + 1); } -static void snp_cleanup_vmsa(struct sev_es_save_area *vmsa, int apic_id) -{ - int err; - - err = snp_set_vmsa(vmsa, NULL, apic_id, false); - if (err) - pr_err("clear VMSA page failed (%u), leaking page\n", err); - else - free_page((unsigned long)vmsa); -} - static int wakeup_cpu_via_vmgexit(u32 apic_id, unsigned long start_ip) { struct sev_es_save_area *cur_vmsa, *vmsa; - struct ghcb_state state; struct svsm_ca *caa; - unsigned long flags; - struct ghcb *ghcb; u8 sipi_vector; int cpu, ret; u64 cr4; @@ -1215,33 +1313,7 @@ static int wakeup_cpu_via_vmgexit(u32 apic_id, unsigned long start_ip) } /* Issue VMGEXIT AP Creation NAE event */ - local_irq_save(flags); - - ghcb = __sev_get_ghcb(&state); - - vc_ghcb_invalidate(ghcb); - ghcb_set_rax(ghcb, vmsa->sev_features); - ghcb_set_sw_exit_code(ghcb, SVM_VMGEXIT_AP_CREATION); - ghcb_set_sw_exit_info_1(ghcb, - ((u64)apic_id << 32) | - ((u64)snp_vmpl << 16) | - SVM_VMGEXIT_AP_CREATE); - ghcb_set_sw_exit_info_2(ghcb, __pa(vmsa)); - - sev_es_wr_ghcb_msr(__pa(ghcb)); - VMGEXIT(); - - if (!ghcb_sw_exit_info_1_is_valid(ghcb) || - lower_32_bits(ghcb->save.sw_exit_info_1)) { - pr_err("SNP AP Creation error\n"); - ret = -EINVAL; - } - - __sev_put_ghcb(&state); - - local_irq_restore(flags); - - /* Perform cleanup if there was an error */ + ret = vmgexit_ap_control(SVM_VMGEXIT_AP_CREATE, vmsa, apic_id); if (ret) { snp_cleanup_vmsa(vmsa, apic_id); vmsa = NULL; -- 2.34.1

7 months

3
2
0 0

[PATCH 5.15 000/368] 5.15.181-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.15.181 release. There are 368 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 03 May 2025 08:13:53 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.15.181-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.15.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.15.181-rc2 Ross Lagerwall <ross.lagerwall(a)citrix.com> PCI: Release resource invalidated by coalescing Geert Uytterhoeven <geert+renesas(a)glider.be> PCI: Fix dropping valid root bus resources with .end = zero Rob Herring <robh(a)kernel.org> PCI: Fix use-after-free in pci_bus_release_domain_nr() Hannes Reinecke <hare(a)kernel.org> nvme: fixup scan failure for non-ANA multipath controllers Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: cm: Fix warning if MIPS_CM is disabled Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> xdp: Reset bpf_redirect_info before running a xdp's BPF prog. Tim Huang <tim.huang(a)amd.com> drm/amd/display: fix double free issue during amdgpu module unload Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable PVT for 6321 switch Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family Marek Behún <kabel(a)kernel.org> crypto: atmel-sha204a - Set hwrng quality to lowest possible Ian Abbott <abbotti(a)mev.co.uk> comedi: jr3_pci: Fix synchronous deletion of timer Dave Kleikamp <dave.kleikamp(a)oracle.com> jfs: define xtree root and page independently Meir Elisha <meir.elisha(a)volumez.com> md/raid1: Add check for missing source disk in process_checks() Mostafa Saleh <smostafa(a)google.com> ubsan: Fix panic from test_ubsan_out_of_bounds Yunlong Xing <yunlong.xing(a)unisoc.com> loop: aio inherit the ioprio of original request Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy_attached to zero when device is gone Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: make block validity check resistent to sb bh corruption Daniel Wagner <wagi(a)kernel.org> nvmet-fc: put ref when assoc->del_work is already scheduled Daniel Wagner <wagi(a)kernel.org> nvmet-fc: take tgtport reference only once Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on context switch with eIBRS Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Use SBPB in write_ibpb() if applicable Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> selftests/mincore: Allow read-ahead pages to reach the end of the file Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Stop UNRET validation on UD2 Hannes Reinecke <hare(a)kernel.org> nvme: re-read ANA log page after ns scan completes Jean-Marc Eurin <jmeurin(a)google.com> ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls Hannes Reinecke <hare(a)kernel.org> nvme: requeue namespace scan on missed AENs Jason Andryuk <jason.andryuk(a)amd.com> xen: Change xen-acpi-processor dom0 dependency Ming Lei <ming.lei(a)redhat.com> selftests: ublk: fix test_stripe_04 Xiaogang Chen <xiaogang.chen(a)amd.com> udmabuf: fix a buf size overflow issue during udmabuf creation Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> KVM: s390: Don't use %pK through tracepoints Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP Arnd Bergmann <arnd(a)arndb.de> ntb: reduce stack usage in idt_scan_mws Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix _another_ leak Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() Chenyuan Yang <chenyuan0y(a)gmail.com> usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running Vinicius Costa Gomes <vinicius.gomes(a)intel.com> dmaengine: dmatest: Fix dmatest waiting less when interrupted John Stultz <jstultz(a)google.com> sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size Alexander Stein <alexander.stein(a)mailbox.org> usb: host: max3421-hcd: Add missing spi_device_id table Haoxiang Li <haoxiang_li2024(a)163.com> s390/tty: Fix a potential memory leak bug Haoxiang Li <haoxiang_li2024(a)163.com> s390/sclp: Add check for get_zeroed_page() Yu-Chun Lin <eleanor15x(a)gmail.com> parisc: PDT: Fix missing prototype warning Heiko Stuebner <heiko(a)sntech.de> clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: null - Use spin lock instead of mutex Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: cm: Detect CM quirks from device tree Oliver Neukum <oneukum(a)suse.com> USB: wdm: add annotation Oliver Neukum <oneukum(a)suse.com> USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context Oliver Neukum <oneukum(a)suse.com> USB: wdm: close race between wdm_open and wdm_wwan_port_stop Oliver Neukum <oneukum(a)suse.com> USB: wdm: handle IO errors in wdm_wwan_port_start Oliver Neukum <oneukum(a)suse.com> USB: VLI disk crashes if LPM is used Miao Li <limiao(a)kylinos.cn> usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive Miao Li <limiao(a)kylinos.cn> usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive Frode Isaksen <frode(a)meta.com> usb: dwc3: gadget: check that event count does not exceed event buffer length Huacai Chen <chenhuacai(a)kernel.org> USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: fix usbmisc handling Ralph Siemsen <ralph.siemsen(a)linaro.org> usb: cdns3: Fix deadlock when using NCM gadget Craig Hesling <craig(a)hesling.com> USB: serial: simple: add OWON HDS200 series oscilloscope support Adam Xue <zxue(a)semtech.com> USB: serial: option: add Sierra Wireless EM9291 Michael Ehrenreich <michideep(a)gmail.com> USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe Ryo Takakura <ryotkkr98(a)gmail.com> serial: sifive: lock port in startup()/shutdown() callbacks Sean Christopherson <seanjc(a)google.com> KVM: x86: Reset IRTE to host control if *new* route isn't postable Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add panther lake H DID Oliver Neukum <oneukum(a)suse.com> USB: storage: quirk for ADATA Portable HDD CH94 Haoxiang Li <haoxiang_li2024(a)163.com> mcb: fix a double free bug in chameleon_parse_gdd() Sean Christopherson <seanjc(a)google.com> KVM: SVM: Allocate IR data using atomic allocation Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix gpu reset in multidisplay config Oleksij Rempel <linux(a)rempel-privat.de> net: selftests: initialize TCP header and skb payload with zero Halil Pasic <pasic(a)linux.ibm.com> virtio_console: fix missing byte order handling for cols and rows Sean Christopherson <seanjc(a)google.com> iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a UAF vulnerability in class handling Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix NULL pointer dereference in tipc_mon_reinit_self() Qingfang Deng <qingfang.deng(a)siflower.com.cn> net: phy: leds: fix memory leak Marc Zyngier <maz(a)kernel.org> cpufreq: cppc: Fix invalid return value in .get() callback Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() Arnd Bergmann <arnd(a)arndb.de> dma/contiguous: avoid warning about unused size_bytes Akhil P Oommen <quic_akhilpo(a)quicinc.com> drm/msm/a6xx: Fix stale rpmh votes from GPU Akhil P Oommen <quic_akhilpo(a)quicinc.com> drm/msm/a6xx: Avoid gx gbit halt during rpm suspend Akhil P Oommen <quic_akhilpo(a)quicinc.com> drm/msm/a6xx: Handle GMU prepare-slumber hfi failure Akhil P Oommen <quic_akhilpo(a)quicinc.com> drm/msm/a6xx: Improve gpu recovery sequence Peter Collingbourne <pcc(a)google.com> string: Add load_unaligned_zeropad() code path to sized_strscpy() Alexander Potapenko <glider(a)google.com> kmsan: disable strscpy() optimization under KMSAN Mark Brown <broonie(a)kernel.org> selftests/mm: generate a temporary mountpoint for cgroup filesystem Denis Arefev <arefev(a)swemel.ru> ksmbd: Prevent integer overflow in calculation of deadtime Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_register_host_bridge() Pali Rohár <pali(a)kernel.org> PCI: Assign PCI domain IDs by ida_alloc() Kai-Heng Feng <kai.heng.feng(a)canonical.com> PCI: Coalesce host bridge contiguous apertures Guixin Liu <kanie(a)linux.alibaba.com> gpio: tegra186: fix resource handling in ACPI probe path Thierry Reding <treding(a)nvidia.com> gpio: tegra186: Force one interrupt per bank Roman Smirnov <r.smirnov(a)omp.ru> cifs: fix integer overflow in match_server() Alexandra Diupina <adiupina(a)astralinux.ru> cifs: avoid NULL pointer dereference in dbg call Enzo Matsumiya <ematsumiya(a)suse.de> cifs: print TIDs as hex Herve Codina <herve.codina(a)bootlin.com> backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> backlight: led_bl: Convert to platform remove callback returning void Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> iio: adc: ad7768-1: Fix conversion result sign Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check Chenyuan Yang <chenyuan0y(a)gmail.com> soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() Sam Protsenko <semen.protsenko(a)linaro.org> soc: samsung: exynos-chipid: Pass revision reg offsets Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> soc: samsung: exynos-chipid: avoid soc_device_to_device() Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix VTU methods for 6320 family Haoxiang Li <haoxiang_li2024(a)163.com> auxdisplay: hd44780: Fix an API misuse in hd44780.c Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> auxdisplay: hd44780: Convert to platform remove callback returning void Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: fix race between device disconnection and urb callback Sean Young <sean(a)mess.org> media: streamzap: remove unused struct members Sean Young <sean(a)mess.org> media: streamzap: less chatter Sean Young <sean(a)mess.org> media: streamzap: no need for usb pid/vid in device name Sean Young <sean(a)mess.org> media: streamzap: remove unnecessary ir_raw_event_reset and handle Thorsten Leemhuis <linux(a)leemhuis.info> module: sign with sha512 instead of sha1 by default Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: SCO: Fix UAF on sco_sock_timeout Nathan Chancellor <nathan(a)kernel.org> f2fs: Add inline to f2fs_build_fault_attr() stub James Smart <jsmart2021(a)gmail.com> scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI Kunwu Chan <chentao(a)kylinos.cn> pmdomain: ti: Add a null pointer check to the omap_prm_domain_init Chao Yu <chao(a)kernel.org> f2fs: check validation of fault attrs in f2fs_build_fault_attr() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm: fix apply_to_existing_page_range() Oleg Nesterov <oleg(a)redhat.com> fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats Chris Wilson <chris.p.wilson(a)intel.com> drm/i915/gt: Cleanup partial engine discovery failures Ming-Hung Tsai <mtsai(a)redhat.com> dm cache: fix flushing uninitialized delayed_work on cache_ctr error Pei Li <peili.dev(a)gmail.com> jfs: Fix shift-out-of-bounds in dbDiscardAG WangYuli <wangyuli(a)uniontech.com> MIPS: ds1287: Match ds1287_set_base_clock() function types WangYuli <wangyuli(a)uniontech.com> MIPS: cevt-ds1287: Add missing ds1287.h include WangYuli <wangyuli(a)uniontech.com> MIPS: dec: Declare which_prom() as static Eric Dumazet <edumazet(a)google.com> net: defer final 'struct net' free in netns dismantle Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Set bsg_queue to NULL after removal Tuo Li <islituo(a)gmail.com> scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() Ilya Maximets <i.maximets(a)ovn.org> openvswitch: fix lockup on tx to unregistering netdev with carrier Felix Huettner <felix.huettner(a)mail.schwarz> net: openvswitch: fix race on port output Chen Hanxiao <chenhx.fnst(a)fujitsu.com> ipvs: properly dereference pe in ip_vs_add_service Xiaxi Shen <shenxiaxi26(a)gmail.com> ext4: fix timer use-after-free on failed mount Li Nan <linan122(a)huawei.com> blk-iocost: do not WARN if iocg was already offlined Yu Kuai <yukuai3(a)huawei.com> blk-cgroup: support to track if policy is online Hou Tao <houtao1(a)huawei.com> bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers Andrii Nakryiko <andrii(a)kernel.org> bpf: avoid holding freeze_mutex during mmap operation Qun-Wei Lin <qun-wei.lin(a)mediatek.com> sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential deadlock when releasing mids ChenXiaoSong <chenxiaosong(a)kylinos.cn> smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix NULL ptr deref in crypto_aead_setkey() Enzo Matsumiya <ematsumiya(a)suse.de> smb: client: fix UAF in async decryption Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> cifs: Fix UAF in cifs_demultiplex_thread() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Eric Dumazet <edumazet(a)google.com> net: make sock_inuse_add() available Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix potencial out-of-bounds when buffer offset is invalid Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_dump_full_key() WangYuli <wangyuli(a)uniontech.com> nvmet-fc: Remove unused functions Mickaël Salaün <mic(a)digikod.net> landlock: Add the errata interface Vitaly Prosyak <vitaly.prosyak(a)amd.com> drm/amdgpu: fix usage slab after free Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links Kang Yang <quic_kangyang(a)quicinc.com> wifi: ath10k: avoid NULL pointer error during sdio remove Miaoqian Lin <linmq006(a)gmail.com> phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Ard Biesheuvel <ardb(a)kernel.org> x86/pvh: Call C code via the kernel virtual mapping Souradeep Chakrabarti <schakrabarti(a)linux.microsoft.com> net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Michal Schmidt <mschmidt(a)redhat.com> bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq Rémi Denis-Courmont <courmisch(a)gmail.com> phonet/pep: fix racy skb_queue_empty() use Trond Myklebust <trond.myklebust(a)hammerspace.com> filemap: Fix bounds checking in filemap_read() Wang Liang <wangliang74(a)huawei.com> net: fix crash when config small gso_max_size/gso_ipv4_max_size Paolo Abeni <pabeni(a)redhat.com> ipv6: release nexthop on device removal Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sockopt: fix getting IPV6_V6ONLY Nathan Chancellor <nathan(a)kernel.org> kbuild: Add '-fno-builtin-wcslen' Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Reference count policy in cpufreq_update_limits() Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Eagerly switch ZCR_EL{1,2} Fuad Tabba <tabba(a)google.com> KVM: arm64: Calculate cptr_el2 traps on activating traps Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Remove host FPSIMD saving for non-protected KVM Mark Rutland <mark.rutland(a)arm.com> KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Stop using TIF_SVE to manage register saving in KVM Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Have KVM explicitly say which FP registers to save Mark Brown <broonie(a)kernel.org> arm64/fpsimd: Track the saved FPSIMD state type separately to TIF_SVE Mark Brown <broonie(a)kernel.org> KVM: arm64: Discard any SVE state when entering KVM guests Marc Zyngier <maz(a)kernel.org> KVM: arm64: Always start with clearing SVE flag on load Mark Brown <broonie(a)kernel.org> KVM: arm64: Get rid of host SVE tracking/saving Rolf Eike Beer <eb(a)emlix.com> drm/sti: remove duplicate object names Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/nouveau: prime: fix ttm_bo_delayed_delete oops Matthew Auld <matthew.auld(a)intel.com> drm/amdgpu/dma_buf: fix page_link check Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm: Prevent division by zero Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/repaper: fix integer overflows in repeat functions Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86/intel: Allow to update user space GPRs from PEBS records Xiangsheng Hou <xiangsheng.hou(a)mediatek.com> virtiofs: add filesystem context source name check Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix filter string testing Nathan Chancellor <nathan(a)kernel.org> riscv: Avoid fortify warning in syscall_get_arguments() Baoquan He <bhe(a)redhat.com> mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable() Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> loop: LOOP_SET_FD: send uevents for partitions Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> loop: properly send KOBJ_CHANGED uevent for disk device Edward Adam Davis <eadavis(a)qq.com> isofs: Prevent the use of too small fid Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> i2c: cros-ec-tunnel: defer probe if parent EC is not present Vasiliy Kovalev <kovalev(a)altlinux.org> hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Herbert Xu <herbert(a)gondor.apana.org.au> crypto: caam/qi - Fix drv_ctx refcount bug Johannes Kimmel <kernel(a)bareminimum.eu> btrfs: correctly escape subvol in btrfs_show_options() Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: decrease sc_count directly if fail to queue dl_recall Eric Biggers <ebiggers(a)google.com> nfs: add missing selections of CONFIG_CRC32 Jeff Layton <jlayton(a)kernel.org> nfs: move nfs_fhandle_hash to common include file Denis Arefev <arefev(a)swemel.ru> asus-laptop: Fix an uninitialized variable Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate Alex Williamson <alex.williamson(a)redhat.com> Revert "PCI: Avoid reset when disabled via sysfs" Andreas Gruenbacher <agruenba(a)redhat.com> writeback: fix false warning in inode_to_wb() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS WangYuli <wangyuli(a)uniontech.com> riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break WangYuli <wangyuli(a)uniontech.com> riscv: KGDB: Do not inline arch_kgdb_breakpoint() Björn Töpel <bjorn(a)rivosinc.com> riscv: Properly export reserved regions in /proc/iomem Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails Vladimir Oltean <vladimir.oltean(a)nxp.com> net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered Jonas Gorski <jonas.gorski(a)gmail.com> net: b53: enable BPDU reception for management port Abdun Nihaal <abdun.nihaal(a)gmail.com> cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix nested key length validation in the set() action Matt Johnston <matt(a)codeconstruct.com.au> net: mctp: Set SOCK_RCU_FREE Christopher S M Hall <christopher.s.hall(a)intel.com> igc: cleanup PTP module if probe fails Christopher S M Hall <christopher.s.hall(a)intel.com> igc: handle the IGC_PTP_ENABLED flag correctly Christopher S M Hall <christopher.s.hall(a)intel.com> igc: move ktime snapshot into PTM retry loop Christopher S M Hall <christopher.s.hall(a)intel.com> igc: fix PTM cycle trigger logic Johannes Berg <johannes.berg(a)intel.com> Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Frédéric Danis <frederic.danis(a)collabora.com> Bluetooth: l2cap: Check encryption key size on incoming connection Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: btrtl: Prevent potential NULL dereference Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address Shay Drory <shayd(a)nvidia.com> RDMA/core: Silence oversized kvmalloc() warning Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix wrong maximum DMA segment size Yue Haibing <yuehaibing(a)huawei.com> RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() Yu Kuai <yukuai3(a)huawei.com> md/raid10: fix missing discard IO accounting Miaoqian Lin <linmq006(a)gmail.com> scsi: iscsi: Fix missing scsi_host_put() in error path Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: wl1251: fix memory leak in wl1251_tx_work Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Purge vif txq in ieee80211_do_stop() Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: at76c50x: fix use after free access in at76_disconnect Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Enable force phy when SATA disk directly connected John Garry <john.garry(a)huawei.com> scsi: libsas: Add struct sas_tmf_task John Garry <john.garry(a)huawei.com> scsi: libsas: Delete lldd_clear_aca callback John Garry <john.garry(a)huawei.com> scsi: hisi_sas: Fix setting of hisi_sas_slot.is_internal John Garry <john.garry(a)huawei.com> scsi: hisi_sas: Factor out task prep and delivery code John Garry <john.garry(a)huawei.com> scsi: hisi_sas: Pass abort structure for internal abort John Garry <john.garry(a)huawei.com> scsi: hisi_sas: Start delivery hisi_sas_task_exec() directly Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: Fix another race during initialization Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() Nathan Chancellor <nathan(a)kernel.org> ACPI: platform-profile: Fix CFI violation when accessing sysfs files Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists Kaixin Wang <kxwang23(a)m.fudan.edu.cn> HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition Stephan Gerhold <stephan.gerhold(a)linaro.org> pinctrl: qcom: Clear latched interrupt status when changing IRQ type Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_alloc_child_bus() Stanimir Varbanov <svarbanov(a)suse.de> PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_init() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_count() Fedor Pchelkin <pchelkin(a)ispras.ru> ntb: use 64-bit arithmetic for the MSI doorbell mask Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: zynq: Fix wakeup source leaks on device unbind zhoumin <teczm(a)foxmail.com> ftrace: Add cond_resched() to ftrace_graph_set_hash() Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: set ti->error on memory allocation failure Tom Lendacky <thomas.lendacky(a)amd.com> crypto: ccp - Fix check for the primary ASP device Trevor Woerner <twoerner(a)gmail.com> thermal/drivers/rockchip: Add missing rk3328 mapping entry Ricardo Cañuelo Navarro <rcn(a)igalia.com> sctp: detect and prevent references to a freed transport in sendmsg Shuai Xue <xueshuai(a)linux.alibaba.com> mm/hwpoison: do not send SIGBUS to processes with recovered clean pages Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock Ryan Roberts <ryan.roberts(a)arm.com> sparc/mm: disable preemption in lazy mmu mode Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string Wentao Liang <vulab(a)iscas.ac.cn> mtd: rawnand: Add status chack in r852_ready() Wentao Liang <vulab(a)iscas.ac.cn> mtd: inftlcore: Add error check for inftl_read_oob() Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: only inc MPJoinAckHMacFailure for HMAC failures Gang Yan <yangang(a)kylinos.cn> mptcp: fix NULL pointer in can_accept_new_subflow T Pratham <t-pratham(a)ti.com> lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets Boqun Feng <boqun.feng(a)gmail.com> locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() Chenyuan Yang <chenyuan0y(a)gmail.com> mfd: ene-kb3930: Fix a potential NULL pointer dereference Jan Kara <jack(a)suse.cz> jbd2: remove wrong sb->s_sequence check Manjunatha Venkatesh <manjunatha.venkatesh(a)nxp.com> i3c: Add NULL pointer check in i3c_master_queue_ibi() Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Use readsb helper for reading MDB Si-Wei Liu <si-wei.liu(a)oracle.com> vdpa/mlx5: Fix oversized null mkey longer than 32bit Artem Sadovnikov <a.sadovnikov(a)ispras.ru> ext4: fix off-by-one error in do_split Jeff Hugo <quic_jhugo(a)quicinc.com> bus: mhi: host: Fix race between unprepare and queue_buf Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> wifi: mac80211: fix integer overflow in hwmp_route_info_get() Haoxiang Li <haoxiang_li2024(a)163.com> wifi: mt76: Add check for devm_kstrdup() Alexandre Torgue <alexandre.torgue(a)foss.st.com> clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup Jiasheng Jiang <jiashengjiangcool(a)gmail.com> mtd: Replace kcalloc() with devm_kcalloc() Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family Jiasheng Jiang <jiashengjiangcool(a)gmail.com> mtd: Add check for devm_kcalloc() Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: refactor hfi packet parsing logic Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: add check to avoid out of bound access Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Set enable GPIO low in probe Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ccs: Set the device's runtime PM status correctly in probe Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ccs: Set the device's runtime PM status correctly in remove Karina Yankevich <k.yankevich(a)omp.ru> media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: prevent processing IR data on URB failure Kamal Dasu <kamal.dasu(a)broadcom.com> mtd: rawnand: brcmnand: fix PM resume warning Miquel Raynal <miquel.raynal(a)bootlin.com> spi: cadence-qspi: Fix probe on AM62A LP SK Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list Douglas Anderson <dianders(a)chromium.org> arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add MIDR_CORTEX_A76AE Jan Beulich <jbeulich(a)suse.com> xenfs/xensyms: respect hypervisor's "next" indication Yuan Can <yuancan(a)huawei.com> media: siano: Fix error handling in smsdvb_module_init() Matthew Majewski <mattwmajewski(a)gmail.com> media: vim2m: print device name after registering device Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add check to handle incorrect queue size Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add a check to handle OOB in sfr region Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: i2c: adv748x: Fix test pattern selection mask Jann Horn <jannh(a)google.com> ext4: don't treat fhandle lookup of ea_inode as FS corruption Willem de Bruijn <willemb(a)google.com> bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags Ben Dooks <ben.dooks(a)sifive.com> bpf: Add endian modifiers to fix endian warnings Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: fsl-ftm: Handle clk_get_rate() returning 0 Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: rcar: Improve register calculation Geert Uytterhoeven <geert+renesas(a)glider.be> pwm: rcar: Simplify multiplication/shift logic Josh Poimboeuf <jpoimboe(a)kernel.org> pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() Ayush Jain <Ayush.jain3(a)amd.com> ktest: Fix Test Failures Due to Missing LOG_FILE Directories Leonid Arapov <arapovl839(a)gmail.com> fbdev: omapfb: Add 'plane' value check Ryo Takakura <ryotkkr98(a)gmail.com> PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix pqm_destroy_queue race with GPU reset David Yat Sin <David.YatSin(a)amd.com> drm/amdkfd: clamp queue size to minimum Lucas De Marchi <lucas.demarchi(a)intel.com> drivers: base: devres: Allow to release group on device release Luca Ceresoli <luca.ceresoli(a)bootlin.com> drm/bridge: panel: forbid initializing a panel with unknown connector type Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add new quirk for GPD Win 2 Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add support for AYANEO 2S Zhikai Zhai <zhikai.zhai(a)amd.com> drm/amd/display: Update Cursor request mode to the beginning prefetch always Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm: allow encoder mode_set even when connectors change for crtc Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: fix race during initialization Gabriele Paoloni <gpaoloni(a)redhat.com> tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER Stanislav Fomichev <sdf(a)fomichev.me> net: vlan: don't propagate flags on open Icenowy Zheng <uwu(a)icenowy.me> wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Fix array overflow in st_setup() Bhupesh <bhupesh(a)igalia.com> ext4: ignore xattrs past end Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: protect ext4_release_dquot against freezing Daniel Kral <d.kral(a)proxmox.com> ahci: add PCI ID for Marvell 88SE9215 SATA Controller Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() Niklas Cassel <cassel(a)kernel.org> ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode Edward Adam Davis <eadavis(a)qq.com> jfs: add sanity check for agwidth in dbMount Edward Adam Davis <eadavis(a)qq.com> jfs: Prevent copying of nlink with value 0 from disk inode Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: Prevent integer overflow in AG size calculation Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: cast inactags to s64 to prevent potential overflow Zhongqiu Han <quic_zhonhan(a)quicinc.com> jfs: Fix uninit-value access of imap allocated in the diMount() function Jason Xing <kerneljasonxing(a)gmail.com> page_pool: avoid infinite loop to schedule delayed worker Ricard Wanderlof <ricard2013(a)butoba.net> ALSA: usb-audio: Fix CME quirk for UF series keyboards Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_audmix: register card device depends on 'dais' property Maxim Mikityanskiy <maxtram95(a)gmail.com> ALSA: hda: intel: Fix Optimus when GPU has no sound Tomasz Pakuła <forest10pl(a)gmail.com> HID: pidff: Fix null pointer dereference in pidff_find_fields Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Do not send effect envelope if it's empty Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Convert infinite length from Linux API to PID standard Kees Cook <kees(a)kernel.org> xen/mcelog: Add __nonstring annotations for unterminated strings Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD Mark Rutland <mark.rutland(a)arm.com> perf: arm_pmu: Don't disable counter in armpmu_add() Max Grobecker <max(a)grobecker.info> x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine Zhongqiu Han <quic_zhonhan(a)quicinc.com> pm: cpupower: bench: Prevent NULL dereference on malloc failure Trond Myklebust <trond.myklebust(a)hammerspace.com> umount: Allow superblock owners to force umount Florian Westphal <fw(a)strlen.de> nft_set_pipapo: fix incorrect avx2 match of 5th field octet Arnaud Lecomte <contact(a)arnaud-lcm.com> net: ppp: Add bound checking for skb data on ppp_sync_txmung Daniel Wagner <wagi(a)kernel.org> nvmet-fcloop: swap list_add_tail arguments Wentao Liang <vulab(a)iscas.ac.cn> ata: sata_sx4: Add error handling in pdc20621_i2c_read() Hannes Reinecke <hare(a)suse.de> ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining ones Maxime Chevallier <maxime.chevallier(a)bootlin.com> net: ethtool: Don't call .cleanup_data when prepare_data fails Jakub Kicinski <kuba(a)kernel.org> net: tls: explicitly disallow disconnect Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix memory leak in tipc_link_xmit Henry Martin <bsdhenrymartin(a)gmail.com> ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() ------------- Diffstat: Documentation/scsi/libsas.rst | 2 - Makefile | 7 +- arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/include/asm/fpsimd.h | 4 +- arch/arm64/include/asm/kvm_host.h | 17 +- arch/arm64/include/asm/kvm_hyp.h | 7 + arch/arm64/include/asm/processor.h | 7 + arch/arm64/include/asm/spectre.h | 1 - arch/arm64/kernel/fpsimd.c | 115 +++++-- arch/arm64/kernel/process.c | 3 + arch/arm64/kernel/proton-pack.c | 208 ++++++------ arch/arm64/kernel/ptrace.c | 3 + arch/arm64/kernel/signal.c | 3 + arch/arm64/kvm/arm.c | 1 - arch/arm64/kvm/fpsimd.c | 72 ++-- arch/arm64/kvm/hyp/entry.S | 5 + arch/arm64/kvm/hyp/include/hyp/switch.h | 86 +++-- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 9 +- arch/arm64/kvm/hyp/nvhe/switch.c | 52 ++- arch/arm64/kvm/hyp/vhe/switch.c | 4 + arch/arm64/kvm/reset.c | 3 + arch/mips/dec/prom/init.c | 2 +- arch/mips/include/asm/ds1287.h | 2 +- arch/mips/include/asm/mips-cm.h | 22 ++ arch/mips/kernel/cevt-ds1287.c | 1 + arch/mips/kernel/mips-cm.c | 14 + arch/parisc/kernel/pdt.c | 2 + arch/powerpc/kernel/rtas.c | 4 + arch/riscv/include/asm/kgdb.h | 9 +- arch/riscv/include/asm/syscall.h | 7 +- arch/riscv/kernel/kgdb.c | 6 + arch/riscv/kernel/setup.c | 36 +- arch/s390/kvm/trace-s390.h | 4 +- arch/sparc/mm/tlb.c | 5 +- arch/x86/entry/entry.S | 2 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/events/intel/uncore_snbep.c | 107 +----- arch/x86/kernel/cpu/amd.c | 2 +- arch/x86/kernel/cpu/bugs.c | 36 +- arch/x86/kernel/e820.c | 17 +- arch/x86/kvm/svm/avic.c | 60 ++-- arch/x86/kvm/vmx/posted_intr.c | 28 +- arch/x86/mm/tlb.c | 6 +- arch/x86/platform/pvh/head.S | 7 +- block/blk-cgroup.c | 24 +- block/blk-iocost.c | 7 +- crypto/crypto_null.c | 37 +- drivers/acpi/platform_profile.c | 20 +- drivers/acpi/pptt.c | 4 +- drivers/ata/ahci.c | 2 + drivers/ata/libata-eh.c | 11 +- drivers/ata/pata_pxa.c | 6 + drivers/ata/sata_sx4.c | 118 +++---- drivers/auxdisplay/hd44780.c | 9 +- drivers/base/devres.c | 7 + drivers/block/loop.c | 9 +- drivers/bluetooth/btrtl.c | 2 + drivers/bluetooth/hci_ldisc.c | 19 +- drivers/bluetooth/hci_uart.h | 1 + drivers/bus/mhi/host/main.c | 16 +- drivers/char/virtio_console.c | 7 +- drivers/clk/clk.c | 4 + drivers/clocksource/timer-stm32-lp.c | 4 +- drivers/comedi/drivers/jr3_pci.c | 17 +- drivers/cpufreq/cppc_cpufreq.c | 2 +- drivers/cpufreq/cpufreq.c | 8 + drivers/cpufreq/scmi-cpufreq.c | 10 +- drivers/cpufreq/scpi-cpufreq.c | 13 +- drivers/crypto/atmel-sha204a.c | 7 +- drivers/crypto/caam/qi.c | 6 +- drivers/crypto/ccp/sp-pci.c | 15 +- drivers/dma-buf/udmabuf.c | 2 +- drivers/dma/dmatest.c | 6 +- drivers/gpio/gpio-tegra186.c | 93 +++++- drivers/gpio/gpio-zynq.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10 + .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 20 +- drivers/gpu/drm/amd/display/dc/core/dc_link.c | 2 +- .../drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 22 +- .../gpu/drm/amd/display/dc/dcn21/dcn21_resource.c | 2 +- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 3 + drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hubp.c | 2 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4 +- .../drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4 +- .../drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2 +- drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 3 + drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 +- drivers/gpu/drm/drm_atomic_helper.c | 2 +- drivers/gpu/drm/drm_panel.c | 5 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 10 +- drivers/gpu/drm/i915/gt/intel_engine_cs.c | 7 +- drivers/gpu/drm/mediatek/mtk_dpi.c | 9 + drivers/gpu/drm/msm/adreno/a6xx.xml.h | 4 + drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 158 +++++---- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 14 + drivers/gpu/drm/msm/adreno/a6xx_gpu.h | 1 + drivers/gpu/drm/nouveau/nouveau_bo.c | 3 + drivers/gpu/drm/nouveau/nouveau_gem.c | 3 - drivers/gpu/drm/sti/Makefile | 2 - drivers/gpu/drm/tiny/repaper.c | 4 +- drivers/hid/usbhid/hid-pidff.c | 60 ++-- drivers/hsi/clients/ssi_protocol.c | 1 + drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3 + drivers/i3c/master.c | 3 + drivers/i3c/master/svc-i3c-master.c | 2 +- drivers/iio/adc/ad7768-1.c | 5 +- drivers/infiniband/core/umem_odp.c | 6 +- drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 +- drivers/infiniband/hw/hns/hns_roce_main.c | 2 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/infiniband/hw/usnic/usnic_ib_main.c | 14 +- drivers/iommu/amd/iommu.c | 2 +- drivers/mcb/mcb-parse.c | 2 +- drivers/md/dm-cache-target.c | 24 +- drivers/md/dm-integrity.c | 3 + drivers/md/raid1.c | 26 +- drivers/md/raid10.c | 1 + drivers/media/common/siano/smsdvb-main.c | 2 + drivers/media/i2c/adv748x/adv748x.h | 2 +- drivers/media/i2c/ccs/ccs-core.c | 6 +- drivers/media/i2c/ov7251.c | 4 +- drivers/media/platform/qcom/venus/hfi_parser.c | 100 ++++-- drivers/media/platform/qcom/venus/hfi_venus.c | 18 +- drivers/media/rc/streamzap.c | 135 +++----- drivers/media/test-drivers/vim2m.c | 6 +- drivers/media/v4l2-core/v4l2-dv-timings.c | 4 +- drivers/mfd/ene-kb3930.c | 2 +- drivers/misc/mei/hw-me-regs.h | 1 + drivers/misc/mei/pci-me.c | 1 + drivers/misc/pci_endpoint_test.c | 6 +- drivers/mtd/inftlcore.c | 9 +- drivers/mtd/mtdpstore.c | 12 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2 +- drivers/mtd/nand/raw/r852.c | 3 + drivers/net/dsa/b53/b53_common.c | 10 + drivers/net/dsa/mv88e6xxx/chip.c | 32 +- drivers/net/dsa/mv88e6xxx/devlink.c | 3 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1 + drivers/net/ethernet/intel/igc/igc_defines.h | 1 + drivers/net/ethernet/intel/igc/igc_main.c | 1 + drivers/net/ethernet/intel/igc/igc_ptp.c | 93 ++++-- drivers/net/ethernet/microsoft/mana/mana.h | 2 + drivers/net/ethernet/microsoft/mana/mana_en.c | 21 +- drivers/net/phy/phy_led_triggers.c | 23 +- drivers/net/ppp/ppp_synctty.c | 5 + drivers/net/wireless/ath/ath10k/sdio.c | 5 +- drivers/net/wireless/atmel/at76c50x-usb.c | 2 +- drivers/net/wireless/mediatek/mt76/eeprom.c | 4 + drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1 + drivers/net/wireless/ti/wl1251/tx.c | 4 +- drivers/ntb/hw/idt/ntb_hw_idt.c | 18 +- drivers/ntb/ntb_transport.c | 2 +- drivers/nvme/host/core.c | 9 + drivers/nvme/target/fc.c | 39 +-- drivers/nvme/target/fcloop.c | 2 +- drivers/of/irq.c | 13 +- drivers/pci/controller/pcie-brcmstb.c | 13 +- drivers/pci/controller/vmd.c | 12 +- drivers/pci/pci.c | 111 +++--- drivers/pci/probe.c | 56 +++- drivers/pci/remove.c | 7 + drivers/perf/arm_pmu.c | 8 +- drivers/phy/tegra/xusb.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm.c | 12 +- drivers/platform/x86/asus-laptop.c | 9 +- drivers/pwm/pwm-fsl-ftm.c | 6 + drivers/pwm/pwm-mediatek.c | 8 +- drivers/pwm/pwm-rcar.c | 24 +- drivers/s390/char/sclp_con.c | 17 + drivers/s390/char/sclp_tty.c | 12 + drivers/scsi/aic94xx/aic94xx.h | 1 - drivers/scsi/aic94xx/aic94xx_init.c | 1 - drivers/scsi/aic94xx/aic94xx_tmf.c | 9 - drivers/scsi/hisi_sas/hisi_sas.h | 14 +- drivers/scsi/hisi_sas/hisi_sas_main.c | 371 ++++++++++----------- drivers/scsi/hisi_sas/hisi_sas_v1_hw.c | 2 +- drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 13 +- drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 16 +- drivers/scsi/isci/init.c | 1 - drivers/scsi/isci/task.c | 18 - drivers/scsi/isci/task.h | 4 - drivers/scsi/lpfc/lpfc_els.c | 51 ++- drivers/scsi/lpfc/lpfc_hbadisc.c | 2 + drivers/scsi/mvsas/mv_defs.h | 5 - drivers/scsi/mvsas/mv_init.c | 1 - drivers/scsi/mvsas/mv_sas.c | 31 +- drivers/scsi/mvsas/mv_sas.h | 1 - drivers/scsi/pm8001/pm8001_hwi.c | 4 +- drivers/scsi/pm8001/pm8001_init.c | 1 - drivers/scsi/pm8001/pm8001_sas.c | 27 +- drivers/scsi/pm8001/pm8001_sas.h | 11 +- drivers/scsi/scsi_transport_iscsi.c | 7 +- drivers/scsi/st.c | 2 +- drivers/scsi/ufs/ufs_bsg.c | 1 + drivers/soc/samsung/exynos-chipid.c | 74 +++- drivers/soc/ti/omap_prm.c | 2 + drivers/spi/spi-cadence-quadspi.c | 6 + drivers/thermal/rockchip_thermal.c | 1 + drivers/tty/serial/sifive.c | 6 + drivers/usb/cdns3/cdns3-gadget.c | 2 + drivers/usb/chipidea/ci_hdrc_imx.c | 44 ++- drivers/usb/class/cdc-wdm.c | 21 +- drivers/usb/core/quirks.c | 9 + drivers/usb/dwc3/dwc3-pci.c | 10 + drivers/usb/dwc3/gadget.c | 6 + drivers/usb/gadget/udc/aspeed-vhub/dev.c | 3 + drivers/usb/host/max3421-hcd.c | 7 + drivers/usb/host/ohci-pci.c | 23 ++ drivers/usb/host/xhci-ring.c | 11 +- drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 5 + drivers/usb/serial/option.c | 3 + drivers/usb/serial/usb-serial-simple.c | 7 + drivers/usb/storage/unusual_uas.h | 7 + drivers/vdpa/mlx5/core/mr.c | 7 +- drivers/video/backlight/led_bl.c | 11 +- drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6 +- drivers/xen/Kconfig | 2 +- drivers/xen/xenfs/xensyms.c | 4 +- fs/Kconfig | 1 + fs/btrfs/super.c | 3 +- fs/cifs/cifs_debug.c | 4 + fs/cifs/cifsglob.h | 1 + fs/cifs/cifsproto.h | 7 +- fs/cifs/connect.c | 2 +- fs/cifs/fs_context.c | 5 + fs/cifs/ioctl.c | 3 +- fs/cifs/smb2misc.c | 11 +- fs/cifs/smb2ops.c | 48 +-- fs/cifs/smb2pdu.c | 10 +- fs/cifs/transport.c | 43 +-- fs/ext4/block_validity.c | 5 +- fs/ext4/inode.c | 75 +++-- fs/ext4/namei.c | 2 +- fs/ext4/super.c | 19 +- fs/ext4/xattr.c | 11 +- fs/f2fs/f2fs.h | 12 +- fs/f2fs/node.c | 9 +- fs/f2fs/super.c | 27 +- fs/f2fs/sysfs.c | 14 +- fs/fuse/virtio_fs.c | 3 + fs/hfs/bnode.c | 6 + fs/hfsplus/bnode.c | 6 + fs/isofs/export.c | 2 +- fs/jbd2/journal.c | 1 - fs/jfs/jfs_dinode.h | 2 +- fs/jfs/jfs_dmap.c | 12 +- fs/jfs/jfs_imap.c | 10 +- fs/jfs/jfs_incore.h | 2 +- fs/jfs/jfs_txnmgr.c | 4 +- fs/jfs/jfs_xtree.c | 4 +- fs/jfs/jfs_xtree.h | 37 +- fs/ksmbd/oplock.c | 2 +- fs/ksmbd/smb2misc.c | 22 +- fs/ksmbd/smb2pdu.c | 49 +-- fs/ksmbd/transport_ipc.c | 7 +- fs/namespace.c | 3 +- fs/nfs/Kconfig | 2 +- fs/nfs/internal.h | 22 -- fs/nfs/nfs4session.h | 4 - fs/nfsd/Kconfig | 1 + fs/nfsd/nfs4state.c | 2 +- fs/nfsd/nfsfh.h | 7 - fs/ntfs3/file.c | 1 + fs/proc/array.c | 59 ++-- include/linux/backing-dev.h | 1 + include/linux/blk-cgroup.h | 1 + include/linux/filter.h | 9 +- include/linux/nfs.h | 13 + include/linux/pci.h | 1 + include/linux/sched/task_stack.h | 2 + include/linux/soc/samsung/exynos-chipid.h | 6 +- include/net/bluetooth/bluetooth.h | 1 + include/net/net_namespace.h | 1 + include/net/sctp/structs.h | 3 +- include/net/sock.h | 10 + include/scsi/libsas.h | 10 +- include/uapi/linux/kfd_ioctl.h | 2 + include/uapi/linux/landlock.h | 2 + include/xen/interface/xen-mca.h | 2 +- init/Kconfig | 3 +- kernel/bpf/helpers.c | 14 +- kernel/bpf/syscall.c | 17 +- kernel/dma/contiguous.c | 3 +- kernel/locking/lockdep.c | 3 + kernel/sched/cpufreq_schedutil.c | 18 +- kernel/trace/ftrace.c | 1 + kernel/trace/trace_events.c | 4 +- kernel/trace/trace_events_filter.c | 4 +- lib/sg_split.c | 2 - lib/string.c | 15 + lib/test_ubsan.c | 18 +- mm/filemap.c | 2 +- mm/gup.c | 4 +- mm/memory-failure.c | 11 +- mm/memory.c | 4 +- mm/vmscan.c | 2 +- net/8021q/vlan_dev.c | 31 +- net/bluetooth/af_bluetooth.c | 22 ++ net/bluetooth/hci_event.c | 5 +- net/bluetooth/l2cap_core.c | 3 +- net/bluetooth/sco.c | 18 +- net/core/dev.c | 1 + net/core/filter.c | 80 +++-- net/core/net_namespace.c | 21 +- net/core/page_pool.c | 8 +- net/core/rtnetlink.c | 2 +- net/core/selftests.c | 18 +- net/core/sock.c | 10 - net/dsa/tag_8021q.c | 2 +- net/ethtool/netlink.c | 8 +- net/ipv6/route.c | 6 +- net/mac80211/iface.c | 3 + net/mac80211/mesh_hwmp.c | 14 +- net/mctp/af_mctp.c | 3 + net/mptcp/sockopt.c | 16 + net/mptcp/subflow.c | 23 +- net/netfilter/ipvs/ip_vs_ctl.c | 10 +- net/netfilter/nft_set_pipapo_avx2.c | 3 +- net/openvswitch/actions.c | 4 +- net/openvswitch/flow_netlink.c | 3 +- net/phonet/pep.c | 41 ++- net/sched/sch_hfsc.c | 23 +- net/sctp/socket.c | 22 +- net/sctp/transport.c | 2 + net/tipc/link.c | 1 + net/tipc/monitor.c | 3 +- net/tls/tls_main.c | 6 + security/landlock/errata.h | 87 +++++ security/landlock/setup.c | 30 ++ security/landlock/setup.h | 3 + security/landlock/syscalls.c | 22 +- sound/pci/hda/hda_intel.c | 15 +- sound/soc/codecs/lpass-wsa-macro.c | 139 +++++--- sound/soc/codecs/wcd934x.c | 2 +- sound/soc/fsl/fsl_audmix.c | 16 +- sound/soc/qcom/qdsp6/q6asm-dai.c | 19 +- sound/usb/midi.c | 80 ++++- sound/virtio/virtio_pcm.c | 21 +- tools/objtool/check.c | 3 + tools/power/cpupower/bench/parse.c | 4 + tools/testing/ktest/ktest.pl | 8 + tools/testing/selftests/landlock/base_test.c | 46 ++- tools/testing/selftests/mincore/mincore_selftest.c | 3 - tools/testing/selftests/ublk/test_stripe_04.sh | 24 ++ .../selftests/vm/charge_reserved_hugetlb.sh | 4 +- .../selftests/vm/hugetlb_reparenting_test.sh | 2 +- 352 files changed, 3478 insertions(+), 1968 deletions(-)

7 months

7
7
0 0

[PATCH 6.12 000/280] 6.12.26-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.12.26 release. There are 280 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 01 May 2025 16:10:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.12.26-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.12.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.12.26-rc1 Christoph Hellwig <hch(a)lst.de> mq-deadline: don't call req_get_ioprio from the I/O completion handler Keerthy <j-keerthy(a)ti.com> arm64: dts: ti: k3-j784s4-j742s2-main-common: Correct the GICD size Herbert Xu <herbert(a)gondor.apana.org.au> crypto: Kconfig - Select LIB generic option Dan Carpenter <dan.carpenter(a)linaro.org> usb: typec: class: Unlocked on error in typec_register_partner() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Silence more KCOV warnings, part 2 Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Ignore end-of-section jumps for KCOV/GCOV Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix Short Packet handling rework ignoring errors Hannes Reinecke <hare(a)kernel.org> nvme: fixup scan failure for non-ANA multipath controllers Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: cm: Fix warning if MIPS_CM is disabled Dan Carpenter <dan.carpenter(a)linaro.org> media: i2c: imx214: Fix uninitialized variable in imx214_set_ctrl() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: lib/Kconfig - Hide arch options from user Robin Murphy <robin.murphy(a)arm.com> iommu: Handle race with default domain setup Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable STU methods for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable PVT for 6321 switch Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family Marek Behún <kabel(a)kernel.org> Revert "net: dsa: mv88e6xxx: fix internal PHYs for 6320 family" Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: class: Invalidate USB device pointers on partner unregistration Baokun Li <libaokun1(a)huawei.com> ext4: goto right label 'out_mmap_sem' in ext4_setattr() Ian Abbott <abbotti(a)mev.co.uk> comedi: jr3_pci: Fix synchronous deletion of timer Daniel Borkmann <daniel(a)iogearbox.net> vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp Andrei Kuchynski <akuchynski(a)chromium.org> usb: typec: class: Fix NULL pointer access Shigeru Yoshida <syoshida(a)redhat.com> selftests/bpf: Adjust data size to have ETH_HLEN Alexis Lothoré (eBPF Foundation) <alexis.lothore(a)bootlin.com> selftests/bpf: check program redirect in xdp_cpumap_attach Alexis Lothoré (eBPF Foundation) <alexis.lothore(a)bootlin.com> selftests/bpf: make xdp_cpumap_attach keep redirect prog attached Alexis Lothoré (eBPF Foundation) <alexis.lothore(a)bootlin.com> selftests/bpf: fix bpf_map_redirect call for cpu map test Christoph Hellwig <hch(a)lst.de> xfs: flush inodegc before swapon Christoph Hellwig <hch(a)lst.de> xfs: rename xfs_iomap_swapfile_activate to xfs_vm_swap_activate Carlos Maiolino <cem(a)kernel.org> xfs: Do not allow norecovery mount with quotacheck Lukas Herbolt <lukas(a)herbolt.com> xfs: do not check NEEDSREPAIR if ro,norecovery mount. Dmitry Torokhov <dmitry.torokhov(a)gmail.com> driver core: fix potential NULL pointer dereference in dev_uevent() Dmitry Torokhov <dmitry.torokhov(a)gmail.com> driver core: introduce device_set_driver() helper Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Revert "drivers: core: synchronize really_probe() and dev_uevent()" Tamura Dai <kirinode0(a)gmail.com> spi: spi-imx: Add check for spi_imx_setupxfer() Lijo Lazar <lijo.lazar(a)amd.com> drm/amdgpu: Use the right function for hdp flush Christian König <christian.koenig(a)amd.com> drm/amdgpu: use a dummy owner for sysfs triggered cleaner shaders v4 Meir Elisha <meir.elisha(a)volumez.com> md/raid1: Add check for missing source disk in process_checks() Pi Xiange <xiange.pi(a)intel.com> x86/cpu: Add CPU model number for Bartlett Lake CPUs with Raptor Cove cores Mostafa Saleh <smostafa(a)google.com> ubsan: Fix panic from test_ubsan_out_of_bounds Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: add rate limiting and simplify timeout error message Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING" Andrew Jones <ajones(a)ventanamicro.com> riscv: Provide all alternative macros all the time Gou Hao <gouhao(a)uniontech.com> iomap: skip unnecessary ifs_block_is_uptodate check Song Liu <song(a)kernel.org> netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS Fernando Fernandez Mancera <ffmancera(a)riseup.net> x86/i8253: Call clockevent_i8253_disable() with interrupts disabled Shengjiu Wang <shengjiu.wang(a)nxp.com> ASoC: fsl_asrc_dma: get codec or cpu dai from backend Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy_attached to zero when device is gone Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend() Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Move phy calls to .exit() callback Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: make block validity check resistent to sb bh corruption Robin Murphy <robin.murphy(a)arm.com> iommu: Clear iommu-dma ops on cleanup Pali Rohár <pali(a)kernel.org> cifs: Fix querying of WSL CHR and BLK reparse points over SMB1 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> timekeeping: Add a lockdep override in tick_freeze() Pali Rohár <pali(a)kernel.org> cifs: Fix encoding of SMB1 Session Setup Kerberos Request in non-UNICODE mode Daniel Wagner <wagi(a)kernel.org> nvmet-fc: put ref when assoc->del_work is already scheduled Daniel Wagner <wagi(a)kernel.org> nvmet-fc: take tgtport reference only once Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on context switch with eIBRS Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Use SBPB in write_ibpb() if applicable Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> selftests/mincore: Allow read-ahead pages to reach the end of the file Roger Pau Monne <roger.pau(a)citrix.com> x86/xen: disable CPU idle and frequency drivers for PVH dom0 Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: of: Move Atmel HSMCI quirk up out of the regulator comment Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Stop UNRET validation on UD2 Uday Shankar <ushankar(a)purestorage.com> nvme: multipath: fix return value of nvme_available_path Hannes Reinecke <hare(a)kernel.org> nvme: re-read ANA log page after ns scan completes Julia Filipchuk <julia.filipchuk(a)intel.com> drm/xe/xe3lpg: Apply Wa_14022293748, Wa_22019794406 Jay Cornwall <jay.cornwall(a)amd.com> drm/amdgpu: Increase KIQ invalidate_tlbs timeout Jean-Marc Eurin <jmeurin(a)google.com> ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls Mario Limonciello <mario.limonciello(a)amd.com> ACPI: EC: Set ec_no_wakeup for Lenovo Go S Hannes Reinecke <hare(a)kernel.org> nvme: requeue namespace scan on missed AENs Jason Andryuk <jason.andryuk(a)amd.com> xen: Change xen-acpi-processor dom0 dependency Gabriel Shahrouzi <gshahrouzi(a)gmail.com> perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init Ming Lei <ming.lei(a)redhat.com> selftests: ublk: fix test_stripe_04 Waiman Long <longman(a)redhat.com> cgroup/cpuset: Don't allow creation of local partition over a remote one Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> KVM: s390: Don't use %pK through debug printing Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> KVM: s390: Don't use %pK through tracepoints Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP Xi Ruoyao <xry111(a)xry111.site> kbuild: add dependency from vmlinux to sorttable Pavel Begunkov <asml.silence(a)gmail.com> io_uring: always do atomic put from iowq Lukas Stockmann <lukas.stockmann(a)siemens.com> rtc: pcf85063: do a SW reset if POR failed Ignacio Encinas <ignacio(a)iencinas.com> 9p/trans_fd: mark concurrent read and writes to p9_conn->err Dominique Martinet <asmadeus(a)codewreck.org> 9p/net: fix improper handling of bogus negative read/write replies Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> ntb_hw_amd: Add NTB PCI ID for new gen CPU Arnd Bergmann <arnd(a)arndb.de> ntb: reduce stack usage in idt_scan_mws Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix _another_ leak Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, lkdtm: Obfuscate the do_nothing() pointer Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, panic: Disable SMAP in __stack_chk_fail() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Silence more KCOV warnings Benjamin Berg <benjamin.berg(a)intel.com> um: work around sched_yield not yielding in time-travel mode Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Scan retimers after device router has been enumerated Théo Lebrun <theo.lebrun(a)bootlin.com> usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func Chenyuan Yang <chenyuan0y(a)gmail.com> usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() Andy Yan <andy.yan(a)rock-chips.com> phy: rockchip: usbdp: Avoid call hpd_event_trigger in dp_phy_init Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running Vinicius Costa Gomes <vinicius.gomes(a)intel.com> dmaengine: dmatest: Fix dmatest waiting less when interrupted Stanley Chu <yschu(a)nuvoton.com> i3c: master: svc: Add support for Nuvoton npcm845 i3c Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Handle spurious events on Etron host isoc enpoints Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix isochronous Ring Underrun/Overrun event handling Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Complete 'error mid TD' transfers when handling Missed Service John Stultz <jstultz(a)google.com> sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: dwc3: gadget: Refactor loop to avoid NULL endpoints Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size Lizhi Xu <lizhi.xu(a)windriver.com> fs/ntfs3: Keep write operations atomic Alexander Stein <alexander.stein(a)mailbox.org> usb: host: max3421-hcd: Add missing spi_device_id table Sudeep Holla <sudeep.holla(a)arm.com> mailbox: pcc: Always clear the platform ack interrupt first Huisong Li <lihuisong(a)huawei.com> mailbox: pcc: Fix the possible race in updation of chan_in_use flag Yafang Shao <laoar.shao(a)gmail.com> bpf: Reject attaching fexit/fmod_ret to __noreturn functions Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage Sewon Nam <swnam0729(a)gmail.com> bpf: bpftool: Setting error code in do_loader() Haoxiang Li <haoxiang_li2024(a)163.com> s390/tty: Fix a potential memory leak bug Haoxiang Li <haoxiang_li2024(a)163.com> s390/sclp: Add check for get_zeroed_page() Yu-Chun Lin <eleanor15x(a)gmail.com> parisc: PDT: Fix missing prototype warning Heiko Stuebner <heiko(a)sntech.de> clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() Alexei Starovoitov <ast(a)kernel.org> bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Yonghong Song <yonghong.song(a)linux.dev> bpf: Fix kmemleak warning for percpu hashmap Herbert Xu <herbert(a)gondor.apana.org.au> crypto: null - Use spin lock instead of mutex Herbert Xu <herbert(a)gondor.apana.org.au> crypto: lib/Kconfig - Fix lib built-in failure when arch is modular Devaraj Rangasamy <Devaraj.Rangasamy(a)amd.com> crypto: ccp - Add support for PCI device 0x1134 Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: cm: Detect CM quirks from device tree Dmitry Mastykin <mastichi(a)gmail.com> pinctrl: mcp23s08: Get rid of spurious level interrupts Chenyuan Yang <chenyuan0y(a)gmail.com> pinctrl: renesas: rza2: Fix potential NULL pointer dereference Amery Hung <ameryhung(a)gmail.com> selftests/bpf: Fix stdout race condition in traffic monitor Oliver Neukum <oneukum(a)suse.com> USB: wdm: add annotation Oliver Neukum <oneukum(a)suse.com> USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context Oliver Neukum <oneukum(a)suse.com> USB: wdm: close race between wdm_open and wdm_wwan_port_stop Oliver Neukum <oneukum(a)suse.com> USB: wdm: handle IO errors in wdm_wwan_port_start Oliver Neukum <oneukum(a)suse.com> USB: VLI disk crashes if LPM is used Miao Li <limiao(a)kylinos.cn> usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive Miao Li <limiao(a)kylinos.cn> usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive Mike Looijmans <mike.looijmans(a)topic.nl> usb: dwc3: xilinx: Prevent spike in reset signal Frode Isaksen <frode(a)meta.com> usb: dwc3: gadget: check that event count does not exceed event buffer length Huacai Chen <chenhuacai(a)kernel.org> USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: fix usbmisc handling Ralph Siemsen <ralph.siemsen(a)linaro.org> usb: cdns3: Fix deadlock when using NCM gadget Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix invalid pointer dereference in Etron workaround Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Limit time spent with xHC interrupts disabled during bus resume Craig Hesling <craig(a)hesling.com> USB: serial: simple: add OWON HDS200 series oscilloscope support Adam Xue <zxue(a)semtech.com> USB: serial: option: add Sierra Wireless EM9291 Michael Ehrenreich <michideep(a)gmail.com> USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe Ryo Takakura <ryotkkr98(a)gmail.com> serial: sifive: lock port in startup()/shutdown() callbacks Stephan Gerhold <stephan.gerhold(a)linaro.org> serial: msm: Configure correct working mode before starting earlycon Günther Noack <gnoack3000(a)gmail.com> tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT Mahesh Rao <mahesh.rao(a)intel.com> firmware: stratix10-svc: Add of_platform_default_populate() Rengarajan S <rengarajan.s(a)microchip.com> misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack Rengarajan S <rengarajan.s(a)microchip.com> misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> char: misc: register chrdev region with all possible minors Sean Christopherson <seanjc(a)google.com> KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer Sean Christopherson <seanjc(a)google.com> KVM: x86: Reset IRTE to host control if *new* route isn't postable Sean Christopherson <seanjc(a)google.com> KVM: x86: Explicitly treat routing entry type changes as changes Hans de Goede <hdegoede(a)redhat.com> mei: vsc: Fix fortify-panic caused by invalid counted_by() use Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add panther lake H DID Damien Le Moal <dlemoal(a)kernel.org> scsi: Improve CDL control Oliver Neukum <oneukum(a)suse.com> USB: storage: quirk for ADATA Portable HDD CH94 Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_msense_control_ata_feature() Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Improve CDL control Haoxiang Li <haoxiang_li2024(a)163.com> mcb: fix a double free bug in chameleon_parse_gdd() Smita Koralahalli <Smita.KoralahalliChannabasappa(a)amd.com> cxl/core/regs.c: Skip Memory Space Enable check for RCD and RCH Ports Sean Christopherson <seanjc(a)google.com> KVM: SVM: Allocate IR data using atomic allocation Jens Axboe <axboe(a)kernel.dk> io_uring: fix 'sync' handling of io_fallback_tw() Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fix PMU pass-through issue if VM exits to host finally Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Fully clear some CSRs when VM reboot Petr Tesarik <ptesarik(a)suse.com> LoongArch: Remove a bogus reference to ZONE_DMA Ming Wang <wangming01(a)loongson.cn> LoongArch: Return NULL from huge_pte_offset() for invalid PMD Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Handle fp, lsx, lasx and lbt assembly symbols Suzuki K Poulose <suzuki.poulose(a)arm.com> irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/insn: Fix CTEST instruction decoding Roman Li <Roman.Li(a)amd.com> drm/amd/display: Force full update in gpu reset Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix gpu reset in multidisplay config Hugo Villeneuve <hvilleneuve(a)dimonoff.com> drm: panel: jd9365da: fix reset signal polarity in unprepare Christian Schrefl <chrisi.schrefl(a)gmail.com> rust: firmware: Use `ffi::c_char` type in `FwFunc` Ranjan Kumar <ranjan.kumar(a)broadcom.com> scsi: mpi3mr: Fix pending I/O counter Fiona Klute <fiona.klute(a)gmx.de> net: phy: microchip: force IRQ polling mode for lan88xx Oleksij Rempel <o.rempel(a)pengutronix.de> net: selftests: initialize TCP header and skb payload with zero Alexey Nepomnyashih <sdl(a)nppct.ru> xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() Marek Behún <kabel(a)kernel.org> crypto: atmel-sha204a - Set hwrng quality to lowest possible Breno Leitao <leitao(a)debian.org> sched_ext: Use kvzalloc for large exit_dump allocation Halil Pasic <pasic(a)linux.ibm.com> virtio_console: fix missing byte order handling for cols and rows Florian Westphal <fw(a)strlen.de> netfilter: fib: avoid lookup if socket is available Suravee Suthikulpanit <suravee.suthikulpanit(a)amd.com> KVM: SVM: Disable AVIC on SNP-enabled system without HvInUseWrAllowed feature Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Make do_xyz() exception handlers more robust Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Make regs_irqs_disabled() more clear Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Select ARCH_USE_MEMTEST Luo Gengkun <luogengkun(a)huaweicloud.com> perf/x86: Fix non-sampling (counting) events on certain x86 platforms Alexei Starovoitov <ast(a)kernel.org> bpf: Add namespace to BPF internal symbols T.J. Mercier <tjmercier(a)google.com> splice: remove duplicate noinline from pipe_clear_nowait Björn Töpel <bjorn(a)rivosinc.com> riscv: uprobes: Add missing fence.i after building the XOL buffer Björn Töpel <bjorn(a)rivosinc.com> riscv: Replace function-like macro by static inline function Sean Christopherson <seanjc(a)google.com> iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE Christoph Hellwig <hch(a)lst.de> block: never reduce ra_pages in blk_apply_bdi_limits Shannon Nelson <shannon.nelson(a)amd.com> pds_core: make wait_context part of q_info Brett Creeley <brett.creeley(a)amd.com> pds_core: Remove unnecessary check in pds_client_adminq_cmd() Brett Creeley <brett.creeley(a)amd.com> pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result Brett Creeley <brett.creeley(a)amd.com> pds_core: Prevent possible adminq overflow/stuck condition Daniel Golle <daniel(a)makrotopia.org> net: dsa: mt7530: sync driver-specific behavior of MT7531 variants Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a UAF vulnerability in class handling Al Viro <viro(a)zeniv.linux.org.uk> fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: net: revise NETSYSv3 hardware configuration Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix NULL pointer dereference in tipc_mon_reinit_self() Qingfang Deng <qingfang.deng(a)siflower.com.cn> net: phy: leds: fix memory leak Justin Iurman <justin.iurman(a)uliege.be> net: lwtunnel: disable BHs when required Chenyuan Yang <chenyuan0y(a)gmail.com> scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() Anastasia Kovaleva <a.kovaleva(a)yadro.com> scsi: core: Clear flags for scsi_cmnd that did not complete Henry Martin <bsdhenrymartin(a)gmail.com> net/mlx5: Move ttc allocation after switch case to prevent leaks Henry Martin <bsdhenrymartin(a)gmail.com> net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() Dongli Zhang <dongli.zhang(a)oracle.com> vhost-scsi: Fix vhost_scsi_send_status() Dongli Zhang <dongli.zhang(a)oracle.com> vhost-scsi: Fix vhost_scsi_send_bad_target() Mike Christie <michael.christie(a)oracle.com> vhost-scsi: Add better resource allocation failure handling T.J. Mercier <tjmercier(a)google.com> cgroup/cpuset-v1: Add missing support for cpuset_v2_mode Johannes Thumshirn <johannes.thumshirn(a)wdc.com> btrfs: zoned: return EIO on RAID1 block group write pointer mismatch Qu Wenruo <wqu(a)suse.com> btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() Johan Hovold <johan+linaro(a)kernel.org> cpufreq: fix compile-test defaults Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> cpufreq: Do not enable by default during compile testing Marc Zyngier <maz(a)kernel.org> cpufreq: cppc: Fix invalid return value in .get() callback Chenyuan Yang <chenyuan0y(a)gmail.com> scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() Arnd Bergmann <arnd(a)arndb.de> dma/contiguous: avoid warning about unused size_bytes Andre Przywara <andre.przywara(a)arm.com> cpufreq: sun50i: prevent out-of-bounds access David Howells <dhowells(a)redhat.com> ceph: Fix incorrect flush end position calculation Nathan Chancellor <nathan(a)kernel.org> lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP Alex Deucher <alexander.deucher(a)amd.com> drm/amd/display/dml2: use vzalloc rather than kzalloc Rohit Chavan <roheetchavan(a)gmail.com> drm/amd/display: Fix unnecessary cast warnings from checkpatch Matt Roper <matthew.d.roper(a)intel.com> drm/xe/bmg: Add one additional PCI ID Jonathan Currier <dullfire(a)yahoo.com> net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Move UFS shareability value to drvdata Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster Tudor Ambarus <tudor.ambarus(a)linaro.org> scsi: ufs: exynos: Remove superfluous function parameter Tudor Ambarus <tudor.ambarus(a)linaro.org> scsi: ufs: exynos: Remove empty drv_init method Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: fix use-after-free in __smb2_lease_break_noti() Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: add netdev-up/down event debug print Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: use __GFP_RETRY_MAYFAIL Andrzej Kacprowski <Andrzej.Kacprowski(a)intel.com> accel/ivpu: Fix the NPU's DPU frequency calculation Jacek Lawrynowicz <jacek.lawrynowicz(a)linux.intel.com> accel/ivpu: Add auto selection logic for job scheduler Jonathan Currier <dullfire(a)yahoo.com> PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads Thomas Gleixner <tglx(a)linutronix.de> PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends Roger Pau Monne <roger.pau(a)citrix.com> PCI/MSI: Convert pci_msi_ignore_mask to per MSI domain flag Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Support mmap() of PCI resources except for ISM devices Niklas Schnelle <schnelle(a)linux.ibm.com> s390/pci: Report PCI error recovery results via SCLP Niklas Schnelle <schnelle(a)linux.ibm.com> s390/sclp: Allow user-space to provide PCI reports for optical modules Tudor Ambarus <tudor.ambarus(a)linaro.org> scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get Zijun Hu <quic_zijuhu(a)quicinc.com> of: resolver: Fix device node refcount leakage in of_resolve_phandles() Rob Herring (Arm) <robh(a)kernel.org> of: resolver: Simplify of_resolve_phandles() using __free() Siddharth Vadapalli <s-vadapalli(a)ti.com> arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix serdes_ln_ctrl reg-masks Manorit Chawdhry <m-chawdhry(a)ti.com> arm64: dts: ti: Refactor J784s4 SoC files to a common file Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> iio: adc: ad7768-1: Fix conversion result sign Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix VTU methods for 6320 family Ming Lei <ming.lei(a)redhat.com> block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone Christoph Hellwig <hch(a)lst.de> block: remove the ioprio field from struct request Christoph Hellwig <hch(a)lst.de> block: remove the write_hint field from struct request Hans de Goede <hdegoede(a)redhat.com> media: ov08x40: Add missing ov08x40_identify_module() call on stream-start Hans de Goede <hdegoede(a)redhat.com> media: ov08x40: Move ov08x40_identify_module() function up André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Fix link frequency validation André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Check number of lanes from device tree André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Replace register addresses with macros André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Convert to CCI register access helpers André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Simplify with dev_err_probe() André Apitzsch <git(a)apitzsch.eu> media: i2c: imx214: Use subdev active state Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> PM: EM: Address RCU-related sparse warnings Li RongQing <lirongqing(a)baidu.com> PM: EM: use kfree_rcu() to simplify the code Tudor Ambarus <tudor.ambarus(a)linaro.org> mmc: sdhci-msm: fix dev reference leaked through of_qcom_ice_get Tudor Ambarus <tudor.ambarus(a)linaro.org> soc: qcom: ice: introduce devm_of_qcom_ice_get Jinjiang Tu <tujinjiang(a)huawei.com> mm/vmscan: don't try to reclaim hwpoison folio Steven Rostedt <rostedt(a)goodmis.org> tracing: Verify event formats that have "%*p.." Steven Rostedt <rostedt(a)goodmis.org> tracing: Add __print_dynamic_array() helper Thorsten Leemhuis <linux(a)leemhuis.info> module: sign with sha512 instead of sha1 by default ------------- Diffstat: Documentation/bpf/bpf_devel_QA.rst | 8 + Makefile | 4 +- arch/arm/crypto/Kconfig | 10 +- .../arm64/boot/dts/ti/k3-j784s4-j742s2-common.dtsi | 148 ++ .../boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi | 2673 +++++++++++++++++++ ...tsi => k3-j784s4-j742s2-mcu-wakeup-common.dtsi} | 2 +- ...l.dtsi => k3-j784s4-j742s2-thermal-common.dtsi} | 0 arch/arm64/boot/dts/ti/k3-j784s4-main.dtsi | 2705 +------------------- arch/arm64/boot/dts/ti/k3-j784s4.dtsi | 133 +- arch/arm64/crypto/Kconfig | 6 +- arch/loongarch/Kconfig | 1 + arch/loongarch/include/asm/fpu.h | 33 +- arch/loongarch/include/asm/lbt.h | 10 +- arch/loongarch/include/asm/ptrace.h | 4 +- arch/loongarch/kernel/fpu.S | 6 + arch/loongarch/kernel/lbt.S | 4 + arch/loongarch/kernel/signal.c | 21 - arch/loongarch/kernel/traps.c | 20 +- arch/loongarch/kvm/vcpu.c | 8 + arch/loongarch/mm/hugetlbpage.c | 2 +- arch/loongarch/mm/init.c | 3 - arch/mips/crypto/Kconfig | 7 +- arch/mips/include/asm/mips-cm.h | 22 + arch/mips/kernel/mips-cm.c | 14 + arch/parisc/kernel/pdt.c | 2 + arch/powerpc/crypto/Kconfig | 7 +- arch/riscv/crypto/Kconfig | 1 - arch/riscv/include/asm/alternative-macros.h | 21 +- arch/riscv/include/asm/cacheflush.h | 15 +- arch/riscv/kernel/probes/uprobes.c | 10 +- arch/s390/Kconfig | 4 +- arch/s390/crypto/Kconfig | 3 +- arch/s390/include/asm/pci.h | 3 + arch/s390/include/asm/sclp.h | 33 + arch/s390/kvm/intercept.c | 2 +- arch/s390/kvm/interrupt.c | 8 +- arch/s390/kvm/kvm-s390.c | 10 +- arch/s390/kvm/trace-s390.h | 4 +- arch/s390/pci/Makefile | 2 +- arch/s390/pci/pci_event.c | 21 +- arch/s390/pci/pci_fixup.c | 23 + arch/s390/pci/pci_report.c | 111 + arch/s390/pci/pci_report.h | 16 + arch/um/include/linux/time-internal.h | 2 + arch/um/kernel/skas/syscall.c | 11 + arch/x86/crypto/Kconfig | 11 +- arch/x86/entry/entry.S | 2 +- arch/x86/events/core.c | 2 +- arch/x86/include/asm/cpufeatures.h | 1 + arch/x86/include/asm/intel-family.h | 2 + arch/x86/kernel/cpu/bugs.c | 36 +- arch/x86/kernel/i8253.c | 3 +- arch/x86/kvm/svm/avic.c | 66 +- arch/x86/kvm/vmx/posted_intr.c | 28 +- arch/x86/kvm/x86.c | 20 +- arch/x86/lib/x86-opcode-map.txt | 4 +- arch/x86/mm/tlb.c | 6 +- arch/x86/pci/xen.c | 8 +- arch/x86/xen/enlighten_pvh.c | 19 +- block/blk-merge.c | 26 +- block/blk-mq.c | 6 +- block/blk-settings.c | 8 +- block/mq-deadline.c | 13 +- crypto/Kconfig | 3 + crypto/crypto_null.c | 37 +- drivers/accel/ivpu/ivpu_drv.c | 10 +- drivers/accel/ivpu/ivpu_drv.h | 2 + drivers/accel/ivpu/ivpu_fw.c | 18 +- drivers/accel/ivpu/ivpu_fw.h | 3 + drivers/accel/ivpu/ivpu_hw.h | 12 +- drivers/accel/ivpu/ivpu_hw_btrs.c | 128 +- drivers/accel/ivpu/ivpu_hw_btrs.h | 6 +- drivers/accel/ivpu/ivpu_job.c | 14 +- drivers/accel/ivpu/ivpu_sysfs.c | 24 + drivers/acpi/ec.c | 28 + drivers/acpi/pptt.c | 4 +- drivers/ata/libata-scsi.c | 25 +- drivers/base/base.h | 17 + drivers/base/bus.c | 2 +- drivers/base/core.c | 38 +- drivers/base/dd.c | 7 +- drivers/char/misc.c | 2 +- drivers/char/virtio_console.c | 7 +- drivers/clk/clk.c | 4 + drivers/comedi/drivers/jr3_pci.c | 2 +- drivers/cpufreq/Kconfig.arm | 20 +- drivers/cpufreq/apple-soc-cpufreq.c | 10 +- drivers/cpufreq/cppc_cpufreq.c | 2 +- drivers/cpufreq/scmi-cpufreq.c | 10 +- drivers/cpufreq/scpi-cpufreq.c | 13 +- drivers/cpufreq/sun50i-cpufreq-nvmem.c | 18 +- drivers/crypto/atmel-sha204a.c | 6 + drivers/crypto/ccp/sp-pci.c | 1 + drivers/cxl/core/regs.c | 4 - drivers/dma/dmatest.c | 6 +- drivers/firmware/stratix10-svc.c | 14 +- drivers/gpio/gpiolib-of.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 - drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 14 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 19 +- drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 8 +- drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 12 +- drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 6 +- drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/gmc_v12_0.c | 4 +- drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/psp_v11_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/psp_v14_0.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 9 +- .../drm/amd/display/dc/dml2/dml21/dml21_wrapper.c | 11 +- drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 6 +- drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c | 4 +- drivers/gpu/drm/xe/xe_wa_oob.rules | 2 + drivers/i3c/master/svc-i3c-master.c | 17 +- drivers/iio/adc/ad7768-1.c | 5 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/amd/iommu.c | 2 +- drivers/iommu/iommu.c | 8 + drivers/irqchip/irq-gic-v2m.c | 2 +- drivers/mailbox/pcc.c | 15 +- drivers/mcb/mcb-parse.c | 2 +- drivers/md/raid1.c | 26 +- drivers/media/i2c/Kconfig | 1 + drivers/media/i2c/imx214.c | 934 ++++--- drivers/media/i2c/ov08x40.c | 78 +- drivers/misc/lkdtm/perms.c | 14 +- drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c | 8 +- drivers/misc/mei/hw-me-regs.h | 1 + drivers/misc/mei/pci-me.c | 1 + drivers/misc/mei/vsc-tp.c | 26 +- drivers/mmc/host/sdhci-msm.c | 2 +- drivers/net/dsa/mt7530.c | 6 +- drivers/net/dsa/mv88e6xxx/chip.c | 27 +- drivers/net/ethernet/amd/pds_core/adminq.c | 36 +- drivers/net/ethernet/amd/pds_core/auxbus.c | 3 - drivers/net/ethernet/amd/pds_core/core.c | 9 +- drivers/net/ethernet/amd/pds_core/core.h | 4 +- drivers/net/ethernet/amd/pds_core/devlink.c | 4 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 24 +- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 10 +- .../net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c | 26 +- drivers/net/ethernet/sun/niu.c | 2 + drivers/net/phy/microchip.c | 46 +- drivers/net/phy/phy_led_triggers.c | 23 +- drivers/net/vmxnet3/vmxnet3_xdp.c | 2 +- drivers/net/xen-netfront.c | 19 +- drivers/ntb/hw/amd/ntb_hw_amd.c | 1 + drivers/ntb/hw/idt/ntb_hw_idt.c | 18 +- drivers/nvme/host/core.c | 9 + drivers/nvme/host/multipath.c | 2 +- drivers/nvme/target/fc.c | 25 +- drivers/of/resolver.c | 37 +- drivers/pci/msi/msi.c | 38 +- drivers/phy/rockchip/phy-rockchip-usbdp.c | 1 - drivers/pinctrl/pinctrl-mcp23s08.c | 23 +- drivers/pinctrl/renesas/pinctrl-rza2.c | 3 + drivers/regulator/rk808-regulator.c | 4 +- drivers/rtc/rtc-pcf85063.c | 19 +- drivers/s390/char/sclp.h | 14 - drivers/s390/char/sclp_con.c | 17 + drivers/s390/char/sclp_pci.c | 19 +- drivers/s390/char/sclp_tty.c | 12 + drivers/s390/net/ism_drv.c | 1 - drivers/scsi/hisi_sas/hisi_sas_main.c | 20 + drivers/scsi/mpi3mr/mpi3mr_fw.c | 2 +- drivers/scsi/pm8001/pm8001_sas.c | 1 + drivers/scsi/scsi.c | 36 +- drivers/scsi/scsi_lib.c | 6 +- drivers/scsi/sd.c | 6 +- drivers/soc/qcom/ice.c | 48 + drivers/spi/spi-imx.c | 5 +- drivers/spi/spi-tegra210-quad.c | 6 +- drivers/thunderbolt/tb.c | 16 +- drivers/tty/serial/msm_serial.c | 6 + drivers/tty/serial/sifive.c | 6 + drivers/tty/vt/selection.c | 5 +- drivers/ufs/core/ufs-mcq.c | 12 +- drivers/ufs/core/ufshcd.c | 2 + drivers/ufs/host/ufs-exynos.c | 106 +- drivers/ufs/host/ufs-exynos.h | 8 +- drivers/ufs/host/ufs-qcom.c | 2 +- drivers/usb/cdns3/cdns3-gadget.c | 2 + drivers/usb/chipidea/ci_hdrc_imx.c | 44 +- drivers/usb/class/cdc-wdm.c | 21 +- drivers/usb/core/quirks.c | 9 + drivers/usb/dwc3/dwc3-pci.c | 10 + drivers/usb/dwc3/dwc3-xilinx.c | 4 +- drivers/usb/dwc3/gadget.c | 28 +- drivers/usb/gadget/udc/aspeed-vhub/dev.c | 3 + drivers/usb/host/max3421-hcd.c | 7 + drivers/usb/host/ohci-pci.c | 23 + drivers/usb/host/xhci-hub.c | 30 +- drivers/usb/host/xhci-mvebu.c | 10 - drivers/usb/host/xhci-mvebu.h | 6 - drivers/usb/host/xhci-plat.c | 2 +- drivers/usb/host/xhci-ring.c | 75 +- drivers/usb/host/xhci.c | 4 +- drivers/usb/host/xhci.h | 4 +- drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 5 + drivers/usb/serial/option.c | 3 + drivers/usb/serial/usb-serial-simple.c | 7 + drivers/usb/storage/unusual_uas.h | 7 + drivers/usb/typec/class.c | 24 +- drivers/usb/typec/class.h | 1 + drivers/vhost/scsi.c | 80 +- drivers/xen/Kconfig | 2 +- fs/btrfs/file.c | 9 +- fs/btrfs/zoned.c | 1 - fs/ceph/inode.c | 2 +- fs/ext4/block_validity.c | 5 +- fs/ext4/inode.c | 9 +- fs/iomap/buffered-io.c | 2 +- fs/namespace.c | 69 +- fs/netfs/main.c | 4 + fs/ntfs3/file.c | 20 +- fs/smb/client/sess.c | 60 +- fs/smb/client/smb1ops.c | 36 + fs/smb/server/asn1.c | 6 +- fs/smb/server/auth.c | 19 +- fs/smb/server/connection.c | 8 +- fs/smb/server/crypto_ctx.c | 6 +- fs/smb/server/glob.h | 2 + fs/smb/server/ksmbd_netlink.h | 3 +- fs/smb/server/ksmbd_work.c | 10 +- fs/smb/server/mgmt/ksmbd_ida.c | 11 +- fs/smb/server/mgmt/share_config.c | 10 +- fs/smb/server/mgmt/tree_connect.c | 5 +- fs/smb/server/mgmt/user_config.c | 8 +- fs/smb/server/mgmt/user_session.c | 10 +- fs/smb/server/misc.c | 11 +- fs/smb/server/ndr.c | 10 +- fs/smb/server/oplock.c | 12 +- fs/smb/server/server.c | 4 +- fs/smb/server/server.h | 1 + fs/smb/server/smb2pdu.c | 42 +- fs/smb/server/smb_common.c | 2 +- fs/smb/server/smbacl.c | 23 +- fs/smb/server/transport_ipc.c | 7 +- fs/smb/server/transport_rdma.c | 10 +- fs/smb/server/transport_tcp.c | 93 +- fs/smb/server/transport_tcp.h | 2 + fs/smb/server/unicode.c | 4 +- fs/smb/server/vfs.c | 12 +- fs/smb/server/vfs_cache.c | 18 +- fs/splice.c | 2 +- fs/xfs/xfs_aops.c | 41 +- fs/xfs/xfs_qm_bhv.c | 49 +- fs/xfs/xfs_super.c | 8 +- include/drm/intel/i915_pciids.h | 1 + include/linux/blk-mq.h | 8 +- include/linux/energy_model.h | 12 +- include/linux/msi.h | 3 +- include/linux/pci.h | 2 + include/linux/pci_ids.h | 1 + include/net/netfilter/nft_fib.h | 21 + include/soc/qcom/ice.h | 2 + include/trace/events/block.h | 6 +- include/trace/stages/stage3_trace_output.h | 8 + include/trace/stages/stage7_class_define.h | 1 + include/uapi/drm/ivpu_accel.h | 4 +- init/Kconfig | 2 +- io_uring/io_uring.c | 15 +- io_uring/refs.h | 7 + kernel/bpf/bpf_cgrp_storage.c | 11 +- kernel/bpf/hashtab.c | 6 +- kernel/bpf/preload/bpf_preload_kern.c | 1 + kernel/bpf/syscall.c | 6 +- kernel/bpf/verifier.c | 32 + kernel/cgroup/cgroup.c | 29 + kernel/cgroup/cpuset-internal.h | 1 + kernel/cgroup/cpuset.c | 14 + kernel/dma/contiguous.c | 3 +- kernel/events/core.c | 6 +- kernel/irq/msi.c | 2 +- kernel/module/Kconfig | 1 + kernel/panic.c | 6 + kernel/power/energy_model.c | 47 +- kernel/sched/ext.c | 4 +- kernel/time/tick-common.c | 22 + kernel/trace/bpf_trace.c | 7 +- kernel/trace/trace_events.c | 7 + lib/Kconfig.ubsan | 1 - lib/crypto/Kconfig | 37 +- lib/test_ubsan.c | 18 +- mm/vmscan.c | 7 + net/9p/client.c | 30 +- net/9p/trans_fd.c | 17 +- net/core/lwtunnel.c | 26 +- net/core/selftests.c | 18 +- net/ipv4/netfilter/nft_fib_ipv4.c | 11 +- net/ipv6/netfilter/nft_fib_ipv6.c | 19 +- net/sched/sch_hfsc.c | 23 +- net/tipc/monitor.c | 3 +- rust/kernel/firmware.rs | 8 +- samples/trace_events/trace-events-sample.h | 13 +- scripts/Makefile.lib | 2 +- scripts/Makefile.vmlinux | 4 + sound/soc/codecs/wcd934x.c | 2 +- sound/soc/fsl/fsl_asrc_dma.c | 15 +- sound/virtio/virtio_pcm.c | 21 +- tools/arch/x86/lib/x86-opcode-map.txt | 4 +- tools/bpf/bpftool/prog.c | 1 + tools/objtool/check.c | 36 +- tools/testing/selftests/bpf/network_helpers.c | 33 +- .../selftests/bpf/prog_tests/xdp_cpumap_attach.c | 44 +- .../selftests/bpf/prog_tests/xdp_devmap_attach.c | 8 +- .../bpf/progs/test_xdp_with_cpumap_helpers.c | 7 +- tools/testing/selftests/mincore/mincore_selftest.c | 3 - tools/testing/selftests/ublk/test_stripe_04.sh | 24 + 312 files changed, 6080 insertions(+), 4681 deletions(-)

7 months

13
293
0 0

[PATCH 6.6 000/196] 6.6.89-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.89 release. There are 196 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 03 May 2025 08:13:56 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.89-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.89-rc2 Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Silence more KCOV warnings, part 2 Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Ignore end-of-section jumps for KCOV/GCOV Hannes Reinecke <hare(a)kernel.org> nvme: fixup scan failure for non-ANA multipath controllers Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: cm: Fix warning if MIPS_CM is disabled Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable STU methods for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: enable PVT for 6321 switch Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family Baokun Li <libaokun1(a)huawei.com> ext4: goto right label 'out_mmap_sem' in ext4_setattr() Ian Abbott <abbotti(a)mev.co.uk> comedi: jr3_pci: Fix synchronous deletion of timer Daniel Borkmann <daniel(a)iogearbox.net> vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp Dmitry Torokhov <dmitry.torokhov(a)gmail.com> driver core: fix potential NULL pointer dereference in dev_uevent() Dmitry Torokhov <dmitry.torokhov(a)gmail.com> driver core: introduce device_set_driver() helper Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Revert "drivers: core: synchronize really_probe() and dev_uevent()" Ard Biesheuvel <ardb(a)kernel.org> x86/pvh: Call C code via the kernel virtual mapping Tamura Dai <kirinode0(a)gmail.com> spi: spi-imx: Add check for spi_imx_setupxfer() Meir Elisha <meir.elisha(a)volumez.com> md/raid1: Add check for missing source disk in process_checks() Pi Xiange <xiange.pi(a)intel.com> x86/cpu: Add CPU model number for Bartlett Lake CPUs with Raptor Cove cores Mostafa Saleh <smostafa(a)google.com> ubsan: Fix panic from test_ubsan_out_of_bounds Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: add rate limiting and simplify timeout error message Breno Leitao <leitao(a)debian.org> spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts Yunlong Xing <yunlong.xing(a)unisoc.com> loop: aio inherit the ioprio of original request Andrew Jones <ajones(a)ventanamicro.com> riscv: Provide all alternative macros all the time Gou Hao <gouhao(a)uniontech.com> iomap: skip unnecessary ifs_block_is_uptodate check Fernando Fernandez Mancera <ffmancera(a)riseup.net> x86/i8253: Call clockevent_i8253_disable() with interrupts disabled Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy_attached to zero when device is gone Peter Griffin <peter.griffin(a)linaro.org> scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() Xingui Yang <yangxingui(a)huawei.com> scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: make block validity check resistent to sb bh corruption Pali Rohár <pali(a)kernel.org> cifs: Fix querying of WSL CHR and BLK reparse points over SMB1 Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> timekeeping: Add a lockdep override in tick_freeze() Pali Rohár <pali(a)kernel.org> cifs: Fix encoding of SMB1 Session Setup Kerberos Request in non-UNICODE mode Daniel Wagner <wagi(a)kernel.org> nvmet-fc: put ref when assoc->del_work is already scheduled Daniel Wagner <wagi(a)kernel.org> nvmet-fc: take tgtport reference only once Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on context switch with eIBRS Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Use SBPB in write_ibpb() if applicable Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> selftests/mincore: Allow read-ahead pages to reach the end of the file Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> gpiolib: of: Move Atmel HSMCI quirk up out of the regulator comment Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Stop UNRET validation on UD2 Uday Shankar <ushankar(a)purestorage.com> nvme: multipath: fix return value of nvme_available_path Hannes Reinecke <hare(a)kernel.org> nvme: re-read ANA log page after ns scan completes Jean-Marc Eurin <jmeurin(a)google.com> ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls Mario Limonciello <mario.limonciello(a)amd.com> ACPI: EC: Set ec_no_wakeup for Lenovo Go S Hannes Reinecke <hare(a)kernel.org> nvme: requeue namespace scan on missed AENs Jason Andryuk <jason.andryuk(a)amd.com> xen: Change xen-acpi-processor dom0 dependency Gabriel Shahrouzi <gshahrouzi(a)gmail.com> perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init Ming Lei <ming.lei(a)redhat.com> selftests: ublk: fix test_stripe_04 Xiaogang Chen <xiaogang.chen(a)amd.com> udmabuf: fix a buf size overflow issue during udmabuf creation Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> KVM: s390: Don't use %pK through debug printing Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> KVM: s390: Don't use %pK through tracepoints Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP Pavel Begunkov <asml.silence(a)gmail.com> io_uring: always do atomic put from iowq Lukas Stockmann <lukas.stockmann(a)siemens.com> rtc: pcf85063: do a SW reset if POR failed Dominique Martinet <asmadeus(a)codewreck.org> 9p/net: fix improper handling of bogus negative read/write replies Basavaraj Natikar <Basavaraj.Natikar(a)amd.com> ntb_hw_amd: Add NTB PCI ID for new gen CPU Arnd Bergmann <arnd(a)arndb.de> ntb: reduce stack usage in idt_scan_mws Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix _another_ leak Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, lkdtm: Obfuscate the do_nothing() pointer Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, panic: Disable SMAP in __stack_chk_fail() Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Silence more KCOV warnings Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Scan retimers after device router has been enumerated Théo Lebrun <theo.lebrun(a)bootlin.com> usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func Chenyuan Yang <chenyuan0y(a)gmail.com> usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running Vinicius Costa Gomes <vinicius.gomes(a)intel.com> dmaengine: dmatest: Fix dmatest waiting less when interrupted John Stultz <jstultz(a)google.com> sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> usb: dwc3: gadget: Refactor loop to avoid NULL endpoints Edward Adam Davis <eadavis(a)qq.com> fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size Alexander Stein <alexander.stein(a)mailbox.org> usb: host: max3421-hcd: Add missing spi_device_id table Sudeep Holla <sudeep.holla(a)arm.com> mailbox: pcc: Always clear the platform ack interrupt first Huisong Li <lihuisong(a)huawei.com> mailbox: pcc: Fix the possible race in updation of chan_in_use flag Yafang Shao <laoar.shao(a)gmail.com> bpf: Reject attaching fexit/fmod_ret to __noreturn functions Martin KaFai Lau <martin.lau(a)kernel.org> bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage Sewon Nam <swnam0729(a)gmail.com> bpf: bpftool: Setting error code in do_loader() Haoxiang Li <haoxiang_li2024(a)163.com> s390/tty: Fix a potential memory leak bug Haoxiang Li <haoxiang_li2024(a)163.com> s390/sclp: Add check for get_zeroed_page() Yu-Chun Lin <eleanor15x(a)gmail.com> parisc: PDT: Fix missing prototype warning Heiko Stuebner <heiko(a)sntech.de> clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() Alexei Starovoitov <ast(a)kernel.org> bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Herbert Xu <herbert(a)gondor.apana.org.au> crypto: null - Use spin lock instead of mutex Devaraj Rangasamy <Devaraj.Rangasamy(a)amd.com> crypto: ccp - Add support for PCI device 0x1134 Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: cm: Detect CM quirks from device tree Chenyuan Yang <chenyuan0y(a)gmail.com> pinctrl: renesas: rza2: Fix potential NULL pointer dereference Oliver Neukum <oneukum(a)suse.com> USB: wdm: add annotation Oliver Neukum <oneukum(a)suse.com> USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context Oliver Neukum <oneukum(a)suse.com> USB: wdm: close race between wdm_open and wdm_wwan_port_stop Oliver Neukum <oneukum(a)suse.com> USB: wdm: handle IO errors in wdm_wwan_port_start Oliver Neukum <oneukum(a)suse.com> USB: VLI disk crashes if LPM is used Miao Li <limiao(a)kylinos.cn> usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive Miao Li <limiao(a)kylinos.cn> usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive Mike Looijmans <mike.looijmans(a)topic.nl> usb: dwc3: xilinx: Prevent spike in reset signal Frode Isaksen <frode(a)meta.com> usb: dwc3: gadget: check that event count does not exceed event buffer length Huacai Chen <chenhuacai(a)kernel.org> USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines Fedor Pchelkin <pchelkin(a)ispras.ru> usb: chipidea: ci_hdrc_imx: fix usbmisc handling Ralph Siemsen <ralph.siemsen(a)linaro.org> usb: cdns3: Fix deadlock when using NCM gadget Michal Pecio <michal.pecio(a)gmail.com> usb: xhci: Fix invalid pointer dereference in Etron workaround Craig Hesling <craig(a)hesling.com> USB: serial: simple: add OWON HDS200 series oscilloscope support Adam Xue <zxue(a)semtech.com> USB: serial: option: add Sierra Wireless EM9291 Michael Ehrenreich <michideep(a)gmail.com> USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe Ryo Takakura <ryotkkr98(a)gmail.com> serial: sifive: lock port in startup()/shutdown() callbacks Stephan Gerhold <stephan.gerhold(a)linaro.org> serial: msm: Configure correct working mode before starting earlycon Rengarajan S <rengarajan.s(a)microchip.com> misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack Rengarajan S <rengarajan.s(a)microchip.com> misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> char: misc: register chrdev region with all possible minors Sean Christopherson <seanjc(a)google.com> KVM: x86: Reset IRTE to host control if *new* route isn't postable Sean Christopherson <seanjc(a)google.com> KVM: x86: Explicitly treat routing entry type changes as changes Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add panther lake H DID Damien Le Moal <dlemoal(a)kernel.org> scsi: Improve CDL control Oliver Neukum <oneukum(a)suse.com> USB: storage: quirk for ADATA Portable HDD CH94 Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_msense_control_ata_feature() Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Improve CDL control Haoxiang Li <haoxiang_li2024(a)163.com> mcb: fix a double free bug in chameleon_parse_gdd() Smita Koralahalli <Smita.KoralahalliChannabasappa(a)amd.com> cxl/core/regs.c: Skip Memory Space Enable check for RCD and RCH Ports Sean Christopherson <seanjc(a)google.com> KVM: SVM: Allocate IR data using atomic allocation Jens Axboe <axboe(a)kernel.dk> io_uring: fix 'sync' handling of io_fallback_tw() Petr Tesarik <ptesarik(a)suse.com> LoongArch: Remove a bogus reference to ZONE_DMA Ming Wang <wangming01(a)loongson.cn> LoongArch: Return NULL from huge_pte_offset() for invalid PMD Suzuki K Poulose <suzuki.poulose(a)arm.com> irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() Roman Li <Roman.Li(a)amd.com> drm/amd/display: Force full update in gpu reset Roman Li <Roman.Li(a)amd.com> drm/amd/display: Fix gpu reset in multidisplay config Fiona Klute <fiona.klute(a)gmx.de> net: phy: microchip: force IRQ polling mode for lan88xx Oleksij Rempel <o.rempel(a)pengutronix.de> net: selftests: initialize TCP header and skb payload with zero Alexey Nepomnyashih <sdl(a)nppct.ru> xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() Marek Behún <kabel(a)kernel.org> crypto: atmel-sha204a - Set hwrng quality to lowest possible Halil Pasic <pasic(a)linux.ibm.com> virtio_console: fix missing byte order handling for cols and rows Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Make do_xyz() exception handlers more robust Tiezhu Yang <yangtiezhu(a)loongson.cn> LoongArch: Make regs_irqs_disabled() more clear Yuli Wang <wangyuli(a)uniontech.com> LoongArch: Select ARCH_USE_MEMTEST Luo Gengkun <luogengkun(a)huaweicloud.com> perf/x86: Fix non-sampling (counting) events on certain x86 platforms T.J. Mercier <tjmercier(a)google.com> splice: remove duplicate noinline from pipe_clear_nowait Sean Christopherson <seanjc(a)google.com> iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE Shannon Nelson <shannon.nelson(a)amd.com> pds_core: make wait_context part of q_info Brett Creeley <brett.creeley(a)amd.com> pds_core: Remove unnecessary check in pds_client_adminq_cmd() Brett Creeley <brett.creeley(a)amd.com> pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result Daniel Golle <daniel(a)makrotopia.org> net: dsa: mt7530: sync driver-specific behavior of MT7531 variants Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a UAF vulnerability in class handling Al Viro <viro(a)zeniv.linux.org.uk> fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() Bo-Cun Chen <bc-bocun.chen(a)mediatek.com> net: ethernet: mtk_eth_soc: net: revise NETSYSv3 hardware configuration Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix NULL pointer dereference in tipc_mon_reinit_self() Qingfang Deng <qingfang.deng(a)siflower.com.cn> net: phy: leds: fix memory leak Justin Iurman <justin.iurman(a)uliege.be> net: lwtunnel: disable BHs when required Anastasia Kovaleva <a.kovaleva(a)yadro.com> scsi: core: Clear flags for scsi_cmnd that did not complete Qu Wenruo <wqu(a)suse.com> btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() Marc Zyngier <maz(a)kernel.org> cpufreq: cppc: Fix invalid return value in .get() callback Chenyuan Yang <chenyuan0y(a)gmail.com> scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() Arnd Bergmann <arnd(a)arndb.de> dma/contiguous: avoid warning about unused size_bytes David Howells <dhowells(a)redhat.com> ceph: Fix incorrect flush end position calculation Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq/sched: Explicitly synchronize limits_changed flag handling Vincent Guittot <vincent.guittot(a)linaro.org> sched/cpufreq: Rework schedutil governor performance estimation Vincent Guittot <vincent.guittot(a)linaro.org> sched/topology: Consolidate and clean up access to a CPU's max compute capacity Tudor Ambarus <tudor.ambarus(a)linaro.org> scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_register_host_bridge() Zijun Hu <quic_zijuhu(a)quicinc.com> of: resolver: Fix device node refcount leakage in of_resolve_phandles() Rob Herring (Arm) <robh(a)kernel.org> of: resolver: Simplify of_resolve_phandles() using __free() Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> clk: renesas: r9a07g043: Fix HP clock source for RZ/Five Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: r9a07g04[34]: Fix typo for sel_shdi variable Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: r9a07g04[34]: Use SEL_SDHI1_STS status configuration for SD1 mux Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Refactor SD mux driver Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Remove CPG_SDHI_DSEL from generic header Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Add struct clk_hw_data Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> clk: renesas: rzg2l: Use u32 for flag and mux_flags Ninad Malwade <nmalwade(a)nvidia.com> arm64: tegra: Remove the Orin NX/Nano suspend key Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> iio: adc: ad7768-1: Fix conversion result sign Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: q6apm-dai: make use of q6apm_get_hw_pointer Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: qcom: Fix trivial code style issues Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> ASoC: qcom: lpass: Make asoc_qcom_lpass_cpu_platform_remove() return void Srinivas Kandagatla <srinivas.kandagatla(a)linaro.org> ASoC: q6apm-dai: schedule all available frames to avoid dsp under-runs Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ASoC: qcom: q6apm-dai: drop unused 'q6apm_dai_rtd' fields Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix VTU methods for 6320 family Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix internal PHYs for 6320 family Haoxiang Li <haoxiang_li2024(a)163.com> auxdisplay: hd44780: Fix an API misuse in hd44780.c Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> auxdisplay: hd44780: Convert to platform remove callback returning void Tudor Ambarus <tudor.ambarus(a)linaro.org> mmc: sdhci-msm: fix dev reference leaked through of_qcom_ice_get Tudor Ambarus <tudor.ambarus(a)linaro.org> soc: qcom: ice: introduce devm_of_qcom_ice_get Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> media: vimc: skip .s_stream() for stopped entities Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: subdev: Add v4l2_subdev_is_streaming() Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: subdev: Improve v4l2_subdev_enable/disable_streams_fallback Tomi Valkeinen <tomi.valkeinen(a)ideasonboard.com> media: subdev: Fix use of sd->enabled_streams in call_s_stream() Steven Rostedt <rostedt(a)goodmis.org> tracing: Verify event formats that have "%*p.." Steven Rostedt <rostedt(a)goodmis.org> tracing: Add __print_dynamic_array() helper Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Add __string_len() example Shuai Xue <xueshuai(a)linux.alibaba.com> x86/mce: use is_copy_from_user() to determine copy-from-user context Tong Tiangen <tongtiangen(a)huawei.com> x86/extable: Remove unused fixup type EX_TYPE_COPY Thorsten Leemhuis <linux(a)leemhuis.info> module: sign with sha512 instead of sha1 by default ------------- Diffstat: Documentation/scheduler/sched-capacity.rst | 13 +- Makefile | 4 +- .../arm64/boot/dts/nvidia/tegra234-p3768-0000.dtsi | 7 - arch/loongarch/Kconfig | 1 + arch/loongarch/include/asm/ptrace.h | 4 +- arch/loongarch/kernel/traps.c | 20 ++- arch/loongarch/mm/hugetlbpage.c | 2 +- arch/loongarch/mm/init.c | 3 - arch/mips/include/asm/mips-cm.h | 22 +++ arch/mips/kernel/mips-cm.c | 14 ++ arch/parisc/kernel/pdt.c | 2 + arch/riscv/include/asm/alternative-macros.h | 21 +-- arch/s390/kvm/intercept.c | 2 +- arch/s390/kvm/interrupt.c | 8 +- arch/s390/kvm/kvm-s390.c | 10 +- arch/s390/kvm/trace-s390.h | 4 +- arch/x86/entry/entry.S | 2 +- arch/x86/events/core.c | 2 +- arch/x86/include/asm/asm.h | 3 - arch/x86/include/asm/extable_fixup_types.h | 2 +- arch/x86/include/asm/intel-family.h | 2 + arch/x86/kernel/cpu/bugs.c | 36 ++--- arch/x86/kernel/cpu/mce/severity.c | 12 +- arch/x86/kernel/i8253.c | 3 +- arch/x86/kvm/svm/avic.c | 60 +++---- arch/x86/kvm/vmx/posted_intr.c | 28 ++-- arch/x86/kvm/x86.c | 3 +- arch/x86/mm/extable.c | 9 -- arch/x86/mm/tlb.c | 6 +- arch/x86/platform/pvh/head.S | 7 +- crypto/crypto_null.c | 37 +++-- drivers/acpi/ec.c | 28 ++++ drivers/acpi/pptt.c | 4 +- drivers/ata/libata-scsi.c | 25 ++- drivers/auxdisplay/hd44780.c | 9 +- drivers/base/base.h | 17 ++ drivers/base/bus.c | 2 +- drivers/base/core.c | 38 ++++- drivers/base/dd.c | 6 +- drivers/block/loop.c | 2 +- drivers/char/misc.c | 2 +- drivers/char/virtio_console.c | 7 +- drivers/clk/clk.c | 4 + drivers/clk/renesas/r9a07g043-cpg.c | 28 +++- drivers/clk/renesas/r9a07g044-cpg.c | 21 ++- drivers/clk/renesas/rzg2l-cpg.c | 178 +++++++++++++++------ drivers/clk/renesas/rzg2l-cpg.h | 24 +-- drivers/comedi/drivers/jr3_pci.c | 2 +- drivers/cpufreq/apple-soc-cpufreq.c | 10 +- drivers/cpufreq/cppc_cpufreq.c | 2 +- drivers/cpufreq/scmi-cpufreq.c | 10 +- drivers/cpufreq/scpi-cpufreq.c | 13 +- drivers/crypto/atmel-sha204a.c | 6 + drivers/crypto/ccp/sp-pci.c | 1 + drivers/cxl/core/regs.c | 4 - drivers/dma-buf/udmabuf.c | 2 +- drivers/dma/dmatest.c | 6 +- drivers/gpio/gpiolib-of.c | 6 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 9 +- drivers/iio/adc/ad7768-1.c | 5 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/iommu/amd/iommu.c | 2 +- drivers/irqchip/irq-gic-v2m.c | 2 +- drivers/mailbox/pcc.c | 15 +- drivers/mcb/mcb-parse.c | 2 +- drivers/md/raid1.c | 26 +-- drivers/media/test-drivers/vimc/vimc-streamer.c | 6 + drivers/media/v4l2-core/v4l2-subdev.c | 101 ++++++++---- drivers/misc/lkdtm/perms.c | 14 +- drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c | 8 +- drivers/misc/mei/hw-me-regs.h | 1 + drivers/misc/mei/pci-me.c | 1 + drivers/mmc/host/sdhci-msm.c | 2 +- drivers/net/dsa/mt7530.c | 6 +- drivers/net/dsa/mv88e6xxx/chip.c | 27 +++- drivers/net/ethernet/amd/pds_core/adminq.c | 36 ++--- drivers/net/ethernet/amd/pds_core/auxbus.c | 3 - drivers/net/ethernet/amd/pds_core/core.c | 4 +- drivers/net/ethernet/amd/pds_core/core.h | 2 +- drivers/net/ethernet/amd/pds_core/devlink.c | 4 +- drivers/net/ethernet/mediatek/mtk_eth_soc.c | 24 ++- drivers/net/ethernet/mediatek/mtk_eth_soc.h | 10 +- drivers/net/phy/microchip.c | 46 +----- drivers/net/phy/phy_led_triggers.c | 23 +-- drivers/net/vmxnet3/vmxnet3_xdp.c | 2 +- drivers/net/xen-netfront.c | 19 ++- drivers/ntb/hw/amd/ntb_hw_amd.c | 1 + drivers/ntb/hw/idt/ntb_hw_idt.c | 18 +-- drivers/nvme/host/core.c | 9 ++ drivers/nvme/host/multipath.c | 2 +- drivers/nvme/target/fc.c | 25 ++- drivers/of/resolver.c | 37 ++--- drivers/pci/probe.c | 9 +- drivers/pinctrl/renesas/pinctrl-rza2.c | 3 + drivers/regulator/rk808-regulator.c | 4 +- drivers/rtc/rtc-pcf85063.c | 19 ++- drivers/s390/char/sclp_con.c | 17 ++ drivers/s390/char/sclp_tty.c | 12 ++ drivers/scsi/hisi_sas/hisi_sas_main.c | 20 +++ drivers/scsi/pm8001/pm8001_sas.c | 1 + drivers/scsi/scsi.c | 36 +++-- drivers/scsi/scsi_lib.c | 6 +- drivers/soc/qcom/ice.c | 48 ++++++ drivers/spi/spi-imx.c | 5 +- drivers/spi/spi-tegra210-quad.c | 6 +- drivers/thunderbolt/tb.c | 16 +- drivers/tty/serial/msm_serial.c | 6 + drivers/tty/serial/sifive.c | 6 + drivers/ufs/core/ufs-mcq.c | 12 +- drivers/ufs/host/ufs-exynos.c | 10 +- drivers/ufs/host/ufs-qcom.c | 2 +- drivers/usb/cdns3/cdns3-gadget.c | 2 + drivers/usb/chipidea/ci_hdrc_imx.c | 44 +++-- drivers/usb/class/cdc-wdm.c | 21 ++- drivers/usb/core/quirks.c | 9 ++ drivers/usb/dwc3/dwc3-pci.c | 10 ++ drivers/usb/dwc3/dwc3-xilinx.c | 4 +- drivers/usb/dwc3/gadget.c | 28 +++- drivers/usb/gadget/udc/aspeed-vhub/dev.c | 3 + drivers/usb/host/max3421-hcd.c | 7 + drivers/usb/host/ohci-pci.c | 23 +++ drivers/usb/host/xhci-mvebu.c | 10 -- drivers/usb/host/xhci-mvebu.h | 6 - drivers/usb/host/xhci-plat.c | 2 +- drivers/usb/host/xhci-ring.c | 13 +- drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 5 + drivers/usb/serial/option.c | 3 + drivers/usb/serial/usb-serial-simple.c | 7 + drivers/usb/storage/unusual_uas.h | 7 + drivers/xen/Kconfig | 2 +- fs/btrfs/file.c | 9 +- fs/ceph/inode.c | 2 +- fs/ext4/block_validity.c | 5 +- fs/ext4/inode.c | 9 +- fs/iomap/buffered-io.c | 2 +- fs/namespace.c | 69 ++++---- fs/ntfs3/file.c | 1 + fs/smb/client/sess.c | 60 ++++--- fs/smb/client/smb1ops.c | 36 +++++ fs/splice.c | 2 +- include/linux/energy_model.h | 1 - include/media/v4l2-subdev.h | 25 ++- include/soc/qcom/ice.h | 2 + include/trace/stages/stage3_trace_output.h | 8 + include/trace/stages/stage7_class_define.h | 1 + init/Kconfig | 2 +- io_uring/io_uring.c | 15 +- io_uring/refs.h | 7 + kernel/bpf/bpf_cgrp_storage.c | 11 +- kernel/bpf/verifier.c | 32 ++++ kernel/dma/contiguous.c | 3 +- kernel/events/core.c | 6 +- kernel/module/Kconfig | 1 + kernel/panic.c | 6 + kernel/sched/core.c | 92 +++++------ kernel/sched/cpudeadline.c | 2 +- kernel/sched/cpufreq_schedutil.c | 63 ++++++-- kernel/sched/deadline.c | 4 +- kernel/sched/fair.c | 40 +++-- kernel/sched/rt.c | 2 +- kernel/sched/sched.h | 30 +--- kernel/sched/topology.c | 7 +- kernel/time/tick-common.c | 22 +++ kernel/trace/bpf_trace.c | 7 +- kernel/trace/trace_events.c | 7 + lib/test_ubsan.c | 18 ++- net/9p/client.c | 30 ++-- net/core/lwtunnel.c | 26 ++- net/core/selftests.c | 18 ++- net/sched/sch_hfsc.c | 23 ++- net/tipc/monitor.c | 3 +- samples/trace_events/trace-events-sample.h | 18 ++- scripts/Makefile.lib | 2 +- sound/soc/codecs/wcd934x.c | 2 +- sound/soc/qcom/apq8016_sbc.c | 2 +- sound/soc/qcom/apq8096.c | 2 +- sound/soc/qcom/common.c | 2 +- sound/soc/qcom/lpass-apq8016.c | 4 +- sound/soc/qcom/lpass-cpu.c | 7 +- sound/soc/qcom/lpass-hdmi.c | 2 +- sound/soc/qcom/lpass-ipq806x.c | 4 +- sound/soc/qcom/lpass-platform.c | 2 +- sound/soc/qcom/lpass-sc7180.c | 4 +- sound/soc/qcom/lpass-sc7280.c | 2 +- sound/soc/qcom/lpass.h | 4 +- sound/soc/qcom/qdsp6/q6afe.c | 8 +- sound/soc/qcom/qdsp6/q6apm-dai.c | 61 ++++--- sound/soc/qcom/qdsp6/q6asm.h | 20 +-- sound/soc/qcom/qdsp6/topology.c | 3 +- sound/soc/qcom/sc7180.c | 2 +- sound/soc/qcom/sc8280xp.c | 2 +- sound/soc/qcom/sdm845.c | 2 +- sound/soc/qcom/sdw.c | 2 +- sound/soc/qcom/sm8250.c | 2 +- sound/soc/qcom/storm.c | 2 +- sound/virtio/virtio_pcm.c | 21 ++- tools/bpf/bpftool/prog.c | 1 + tools/objtool/check.c | 36 ++++- tools/testing/selftests/mincore/mincore_selftest.c | 3 - tools/testing/selftests/ublk/test_stripe_04.sh | 24 +++ 201 files changed, 1788 insertions(+), 912 deletions(-)

7 months

8
7
0 0

[PATCH] fs/eventpoll: fix endless busy loop after timeout has expired

by Max Kellermann

After commit 0a65bc27bd64 ("eventpoll: Set epoll timeout if it's in the future"), the following program would immediately enter a busy loop in the kernel: ``` int main() { int e = epoll_create1(0); struct epoll_event event = {.events = EPOLLIN}; epoll_ctl(e, EPOLL_CTL_ADD, 0, &event); const struct timespec timeout = {.tv_nsec = 1}; epoll_pwait2(e, &event, 1, &timeout, 0); } ``` This happens because the given (non-zero) timeout of 1 nanosecond usually expires before ep_poll() is entered and then ep_schedule_timeout() returns false, but `timed_out` is never set because the code line that sets it is skipped. This quickly turns into a soft lockup, RCU stalls and deadlocks, inflicting severe headaches to the whole system. When the timeout has expired, we don't need to schedule a hrtimer, but we should set the `timed_out` variable. Therefore, I suggest moving the ep_schedule_timeout() check into the `timed_out` expression instead of skipping it. Fixes: 0a65bc27bd64 ("eventpoll: Set epoll timeout if it's in the future") Cc: Joe Damato <jdamato(a)fastly.com> Cc: stable(a)vger.kernel.org Signed-off-by: Max Kellermann <max.kellermann(a)ionos.com> --- fs/eventpoll.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/fs/eventpoll.c b/fs/eventpoll.c index 4bc264b854c4..d4dbffdedd08 100644 --- a/fs/eventpoll.c +++ b/fs/eventpoll.c @@ -2111,9 +2111,10 @@ static int ep_poll(struct eventpoll *ep, struct epoll_event __user *events, write_unlock_irq(&ep->lock); - if (!eavail && ep_schedule_timeout(to)) - timed_out = !schedule_hrtimeout_range(to, slack, - HRTIMER_MODE_ABS); + if (!eavail) + timed_out = !ep_schedule_timeout(to) || + !schedule_hrtimeout_range(to, slack, + HRTIMER_MODE_ABS); __set_current_state(TASK_RUNNING); /* -- 2.47.2

7 months

3
2
0 0

[PATCH 5.10 000/286] 5.10.237-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.10.237 release. There are 286 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 01 May 2025 16:10:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.10.237-r… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.10.237-rc1 Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: hfi_parser: Check for instance after hfi platform get Colin Ian King <colin.king(a)canonical.com> media: venus: Fix uninitialized variable count being checked for zero Krzysztof Kozlowski <krzk(a)kernel.org> soc: samsung: exynos-chipid: correct helpers __init annotation Rob Herring <robh(a)kernel.org> PCI: Fix use-after-free in pci_bus_release_domain_nr() Hannes Reinecke <hare(a)kernel.org> nvme: fixup scan failure for non-ANA multipath controllers Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: cm: Fix warning if MIPS_CM is disabled Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> xdp: Reset bpf_redirect_info before running a xdp's BPF prog. Marek Behún <kabel(a)kernel.org> crypto: atmel-sha204a - Set hwrng quality to lowest possible Ian Abbott <abbotti(a)mev.co.uk> comedi: jr3_pci: Fix synchronous deletion of timer David Hildenbrand <david(a)redhat.com> s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues Meir Elisha <meir.elisha(a)volumez.com> md/raid1: Add check for missing source disk in process_checks() Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy_attached to zero when device is gone Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: make block validity check resistent to sb bh corruption Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Use SBPB in write_ibpb() if applicable Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> selftests/mincore: Allow read-ahead pages to reach the end of the file Josh Poimboeuf <jpoimboe(a)kernel.org> objtool: Stop UNRET validation on UD2 Hannes Reinecke <hare(a)kernel.org> nvme: re-read ANA log page after ns scan completes Jean-Marc Eurin <jmeurin(a)google.com> ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls Hannes Reinecke <hare(a)kernel.org> nvme: requeue namespace scan on missed AENs Ming Lei <ming.lei(a)redhat.com> selftests: ublk: fix test_stripe_04 Xiaogang Chen <xiaogang.chen(a)amd.com> udmabuf: fix a buf size overflow issue during udmabuf creation Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> KVM: s390: Don't use %pK through tracepoints Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP Arnd Bergmann <arnd(a)arndb.de> ntb: reduce stack usage in idt_scan_mws Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix _another_ leak Josh Poimboeuf <jpoimboe(a)kernel.org> objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() Chenyuan Yang <chenyuan0y(a)gmail.com> usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() Vinicius Costa Gomes <vinicius.gomes(a)intel.com> dmaengine: dmatest: Fix dmatest waiting less when interrupted Alexander Stein <alexander.stein(a)mailbox.org> usb: host: max3421-hcd: Add missing spi_device_id table Yu-Chun Lin <eleanor15x(a)gmail.com> parisc: PDT: Fix missing prototype warning Heiko Stuebner <heiko(a)sntech.de> clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: null - Use spin lock instead of mutex Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: cm: Detect CM quirks from device tree Oliver Neukum <oneukum(a)suse.com> USB: VLI disk crashes if LPM is used Miao Li <limiao(a)kylinos.cn> usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive Miao Li <limiao(a)kylinos.cn> usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive Frode Isaksen <frode(a)meta.com> usb: dwc3: gadget: check that event count does not exceed event buffer length Huacai Chen <chenhuacai(a)loongson.cn> USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) Ralph Siemsen <ralph.siemsen(a)linaro.org> usb: cdns3: Fix deadlock when using NCM gadget Craig Hesling <craig(a)hesling.com> USB: serial: simple: add OWON HDS200 series oscilloscope support Adam Xue <zxue(a)semtech.com> USB: serial: option: add Sierra Wireless EM9291 Michael Ehrenreich <michideep(a)gmail.com> USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe Ryo Takakura <ryotkkr98(a)gmail.com> serial: sifive: lock port in startup()/shutdown() callbacks Sean Christopherson <seanjc(a)google.com> KVM: x86: Reset IRTE to host control if *new* route isn't postable Alexander Usyskin <alexander.usyskin(a)intel.com> mei: me: add panther lake H DID Oliver Neukum <oneukum(a)suse.com> USB: storage: quirk for ADATA Portable HDD CH94 Haoxiang Li <haoxiang_li2024(a)163.com> mcb: fix a double free bug in chameleon_parse_gdd() Sean Christopherson <seanjc(a)google.com> KVM: SVM: Allocate IR data using atomic allocation Halil Pasic <pasic(a)linux.ibm.com> virtio_console: fix missing byte order handling for cols and rows Sean Christopherson <seanjc(a)google.com> iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a UAF vulnerability in class handling Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix NULL pointer dereference in tipc_mon_reinit_self() Qingfang Deng <qingfang.deng(a)siflower.com.cn> net: phy: leds: fix memory leak Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Arnd Bergmann <arnd(a)arndb.de> dma/contiguous: avoid warning about unused size_bytes Matthew Auld <matthew.auld(a)intel.com> drm/amdgpu/dma_buf: fix page_link check Ramesh Errabolu <Ramesh.Errabolu(a)amd.com> drm/amdgpu: Remove amdgpu_device arg from free_sgt api (v2) Lee Jones <lee.jones(a)linaro.org> drm/amd/amdgpu/amdgpu_vram_mgr: Add missing descriptions for 'dev' and 'dir' Mark Brown <broonie(a)kernel.org> selftests/mm: generate a temporary mountpoint for cgroup filesystem Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_register_host_bridge() Pali Rohár <pali(a)kernel.org> PCI: Assign PCI domain IDs by ida_alloc() Kai-Heng Feng <kai.heng.feng(a)canonical.com> PCI: Coalesce host bridge contiguous apertures Boqun Feng <boqun.feng(a)gmail.com> PCI: Introduce domain_nr in pci_host_bridge Alexandra Diupina <adiupina(a)astralinux.ru> cifs: avoid NULL pointer dereference in dbg call Enzo Matsumiya <ematsumiya(a)suse.de> cifs: print TIDs as hex Herve Codina <herve.codina(a)bootlin.com> backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> iio: adc: ad7768-1: Fix conversion result sign Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check Chenyuan Yang <chenyuan0y(a)gmail.com> soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() Sam Protsenko <semen.protsenko(a)linaro.org> soc: samsung: exynos-chipid: Pass revision reg offsets Krzysztof Kozlowski <krzysztof.kozlowski(a)canonical.com> soc: samsung: exynos-chipid: avoid soc_device_to_device() Krzysztof Kozlowski <krzk(a)kernel.org> soc: samsung: exynos-chipid: convert to driver and merge exynos-asv Krzysztof Kozlowski <krzk(a)kernel.org> soc: samsung: exynos-chipid: initialize later - with arch_initcall Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix VTU methods for 6320 family Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: refactor hfi packet parsing logic Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: Get codecs and capabilities from hfi platform Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: hfi_plat: Add codecs and capabilities ops Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: Rename venus_caps to hfi_plat_caps Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: Create hfi platform and move vpp/vsp there Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: pm_helpers: Check instance state when calculate instance frequency Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: hfi: Correct session init return error Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: Limit HFI sessions to the maximum supported Stanimir Varbanov <stanimir.varbanov(a)linaro.org> media: venus: venc: Init the session only once in queue_setup Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: fix race between device disconnection and urb callback Sean Young <sean(a)mess.org> media: streamzap: remove unused struct members Sean Young <sean(a)mess.org> media: streamzap: less chatter Sean Young <sean(a)mess.org> media: streamzap: no need for usb pid/vid in device name Sean Young <sean(a)mess.org> media: streamzap: remove unnecessary ir_raw_event_reset and handle Douglas Raillard <douglas.raillard(a)arm.com> tracing: Fix synth event printk format for str fields Steven Rostedt (Google) <rostedt(a)goodmis.org> tracing: Allow synthetic events to pass around stacktraces Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Correct command storage data length Hans de Goede <hdegoede(a)redhat.com> drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() Kunwu Chan <chentao(a)kylinos.cn> pmdomain: ti: Add a null pointer check to the omap_prm_domain_init Miroslav Franc <mfranc(a)suse.cz> s390/dasd: fix double module refcount decrement Duoming Zhou <duoming(a)zju.edu.cn> drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> mm: fix apply_to_existing_page_range() Oleg Nesterov <oleg(a)redhat.com> fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats Chris Wilson <chris.p.wilson(a)intel.com> drm/i915/gt: Cleanup partial engine discovery failures Miaohe Lin <linmiaohe(a)huawei.com> kernel/resource: fix kfree() of bootmem memory again Abhishek Sahu <abhsahu(a)nvidia.com> vfio/pci: fix memory leak during D3hot to D0 transition Ming-Hung Tsai <mtsai(a)redhat.com> dm cache: fix flushing uninitialized delayed_work on cache_ctr error Pei Li <peili.dev(a)gmail.com> jfs: Fix shift-out-of-bounds in dbDiscardAG WangYuli <wangyuli(a)uniontech.com> MIPS: ds1287: Match ds1287_set_base_clock() function types WangYuli <wangyuli(a)uniontech.com> MIPS: cevt-ds1287: Add missing ds1287.h include WangYuli <wangyuli(a)uniontech.com> MIPS: dec: Declare which_prom() as static Eric Dumazet <edumazet(a)google.com> net: defer final 'struct net' free in netns dismantle Guixin Liu <kanie(a)linux.alibaba.com> scsi: ufs: bsg: Set bsg_queue to NULL after removal Tuo Li <islituo(a)gmail.com> scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() Ilya Maximets <i.maximets(a)ovn.org> openvswitch: fix lockup on tx to unregistering netdev with carrier Felix Huettner <felix.huettner(a)mail.schwarz> net: openvswitch: fix race on port output Chen Hanxiao <chenhx.fnst(a)fujitsu.com> ipvs: properly dereference pe in ip_vs_add_service Vlad Buslov <vladbu(a)nvidia.com> net/mlx5e: Fix use-after-free of encap entry in neigh update handler Xiaxi Shen <shenxiaxi26(a)gmail.com> ext4: fix timer use-after-free on failed mount Li Nan <linan122(a)huawei.com> blk-iocost: do not WARN if iocg was already offlined Yu Kuai <yukuai3(a)huawei.com> blk-cgroup: support to track if policy is online Hou Tao <houtao1(a)huawei.com> bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers Andrii Nakryiko <andrii(a)kernel.org> bpf: avoid holding freeze_mutex during mmap operation Paulo Alcantara <pc(a)manguebit.com> smb: client: fix NULL ptr deref in crypto_aead_setkey() Enzo Matsumiya <ematsumiya(a)suse.de> smb: client: fix UAF in async decryption Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_stats_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential deadlock when releasing mids Zhang Xiaoxu <zhangxiaoxu5(a)huawei.com> cifs: Fix UAF in cifs_demultiplex_thread() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Paulo Alcantara <pc(a)manguebit.com> smb: client: fix potential UAF in cifs_debug_files_proc_show() WangYuli <wangyuli(a)uniontech.com> nvmet-fc: Remove unused functions Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' Hersen Wu <hersenxs.wu(a)amd.com> drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links Kang Yang <quic_kangyang(a)quicinc.com> wifi: ath10k: avoid NULL pointer error during sdio remove Miaoqian Lin <linmq006(a)gmail.com> phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Chunguang Xu <chunguang.xu(a)shopee.com> nvme: avoid double free special payload Ard Biesheuvel <ardb(a)kernel.org> x86/pvh: Call C code via the kernel virtual mapping Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: sockopt: fix getting IPV6_V6ONLY Matthieu Baerts (NGI0) <matttbe(a)kernel.org> mptcp: only inc MPJoinAckHMacFailure for HMAC failures Gang Yan <yangang(a)kylinos.cn> mptcp: fix NULL pointer in can_accept_new_subflow Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Nathan Chancellor <nathan(a)kernel.org> kbuild: Add '-fno-builtin-wcslen' Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Reference count policy in cpufreq_update_limits() Rolf Eike Beer <eb(a)emlix.com> drm/sti: remove duplicate object names Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/nouveau: prime: fix ttm_bo_delayed_delete oops Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero Denis Arefev <arefev(a)swemel.ru> drm/amd/pm/powerplay: Prevent division by zero Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/repaper: fix integer overflows in repeat functions Thorsten Leemhuis <linux(a)leemhuis.info> module: sign with sha512 instead of sha1 by default Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86/intel: Allow to update user space GPRs from PEBS records Xiangsheng Hou <xiangsheng.hou(a)mediatek.com> virtiofs: add filesystem context source name check Steven Rostedt <rostedt(a)goodmis.org> tracing: Fix filter string testing Nathan Chancellor <nathan(a)kernel.org> riscv: Avoid fortify warning in syscall_get_arguments() Edward Adam Davis <eadavis(a)qq.com> isofs: Prevent the use of too small fid Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> i2c: cros-ec-tunnel: defer probe if parent EC is not present Vasiliy Kovalev <kovalev(a)altlinux.org> hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Herbert Xu <herbert(a)gondor.apana.org.au> crypto: caam/qi - Fix drv_ctx refcount bug Johannes Kimmel <kernel(a)bareminimum.eu> btrfs: correctly escape subvol in btrfs_show_options() Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: decrease sc_count directly if fail to queue dl_recall Eric Biggers <ebiggers(a)google.com> nfs: add missing selections of CONFIG_CRC32 Jeff Layton <jlayton(a)kernel.org> nfs: move nfs_fhandle_hash to common include file Denis Arefev <arefev(a)swemel.ru> asus-laptop: Fix an uninitialized variable Andreas Gruenbacher <agruenba(a)redhat.com> writeback: fix false warning in inode_to_wb() Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS WangYuli <wangyuli(a)uniontech.com> riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break WangYuli <wangyuli(a)uniontech.com> riscv: KGDB: Do not inline arch_kgdb_breakpoint() Jonas Gorski <jonas.gorski(a)gmail.com> net: b53: enable BPDU reception for management port Abdun Nihaal <abdun.nihaal(a)gmail.com> cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix nested key length validation in the set() action Christopher S M Hall <christopher.s.hall(a)intel.com> igc: cleanup PTP module if probe fails Christopher S M Hall <christopher.s.hall(a)intel.com> igc: handle the IGC_PTP_ENABLED flag correctly Johannes Berg <johannes.berg(a)intel.com> Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: btrtl: Prevent potential NULL dereference Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address Shay Drory <shayd(a)nvidia.com> RDMA/core: Silence oversized kvmalloc() warning Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix wrong maximum DMA segment size Yue Haibing <yuehaibing(a)huawei.com> RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() Miaoqian Lin <linmq006(a)gmail.com> scsi: iscsi: Fix missing scsi_host_put() in error path Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: wl1251: fix memory leak in wl1251_tx_work Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Purge vif txq in ieee80211_do_stop() Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: at76c50x: fix use after free access in at76_disconnect Kaixin Wang <kxwang23(a)m.fudan.edu.cn> HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition Daniel Golle <daniel(a)makrotopia.org> pwm: mediatek: always use bus clock for PWM on MT7622 Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: Fix another race during initialization Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() Stephan Gerhold <stephan.gerhold(a)linaro.org> pinctrl: qcom: Clear latched interrupt status when changing IRQ type Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_alloc_child_bus() Stanimir Varbanov <svarbanov(a)suse.de> PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_init() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_count() Fedor Pchelkin <pchelkin(a)ispras.ru> ntb: use 64-bit arithmetic for the MSI doorbell mask Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: zynq: Fix wakeup source leaks on device unbind zhoumin <teczm(a)foxmail.com> ftrace: Add cond_resched() to ftrace_graph_set_hash() Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: set ti->error on memory allocation failure Tom Lendacky <thomas.lendacky(a)amd.com> crypto: ccp - Fix check for the primary ASP device Trevor Woerner <twoerner(a)gmail.com> thermal/drivers/rockchip: Add missing rk3328 mapping entry Ricardo Cañuelo Navarro <rcn(a)igalia.com> sctp: detect and prevent references to a freed transport in sendmsg Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock Ryan Roberts <ryan.roberts(a)arm.com> sparc/mm: disable preemption in lazy mmu mode Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string Wentao Liang <vulab(a)iscas.ac.cn> mtd: rawnand: Add status chack in r852_ready() Wentao Liang <vulab(a)iscas.ac.cn> mtd: inftlcore: Add error check for inftl_read_oob() T Pratham <t-pratham(a)ti.com> lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets Boqun Feng <boqun.feng(a)gmail.com> locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() Chenyuan Yang <chenyuan0y(a)gmail.com> mfd: ene-kb3930: Fix a potential NULL pointer dereference Jan Kara <jack(a)suse.cz> jbd2: remove wrong sb->s_sequence check Manjunatha Venkatesh <manjunatha.venkatesh(a)nxp.com> i3c: Add NULL pointer check in i3c_master_queue_ibi() Si-Wei Liu <si-wei.liu(a)oracle.com> vdpa/mlx5: Fix oversized null mkey longer than 32bit Artem Sadovnikov <a.sadovnikov(a)ispras.ru> ext4: fix off-by-one error in do_split Alexey Klimov <alexey.klimov(a)linaro.org> ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> wifi: mac80211: fix integer overflow in hwmp_route_info_get() Alexandre Torgue <alexandre.torgue(a)foss.st.com> clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup Jiasheng Jiang <jiashengjiangcool(a)gmail.com> mtd: Replace kcalloc() with devm_kcalloc() Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: add check to avoid out of bound access Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Set enable GPIO low in probe Karina Yankevich <k.yankevich(a)omp.ru> media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: prevent processing IR data on URB failure Kamal Dasu <kamal.dasu(a)broadcom.com> mtd: rawnand: brcmnand: fix PM resume warning Miquel Raynal <miquel.raynal(a)bootlin.com> spi: cadence-qspi: Fix probe on AM62A LP SK Douglas Anderson <dianders(a)chromium.org> arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add MIDR_CORTEX_A76AE Jan Beulich <jbeulich(a)suse.com> xenfs/xensyms: respect hypervisor's "next" indication Yuan Can <yuancan(a)huawei.com> media: siano: Fix error handling in smsdvb_module_init() Matthew Majewski <mattwmajewski(a)gmail.com> media: vim2m: print device name after registering device Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add check to handle incorrect queue size Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add a check to handle OOB in sfr region Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: i2c: adv748x: Fix test pattern selection mask Jann Horn <jannh(a)google.com> ext4: don't treat fhandle lookup of ea_inode as FS corruption Eric Biggers <ebiggers(a)google.com> ext4: reject casefold inode flag without casefold feature Willem de Bruijn <willemb(a)google.com> bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags Ben Dooks <ben.dooks(a)sifive.com> bpf: Add endian modifiers to fix endian warnings Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: fsl-ftm: Handle clk_get_rate() returning 0 Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: rcar: Improve register calculation Geert Uytterhoeven <geert+renesas(a)glider.be> pwm: rcar: Simplify multiplication/shift logic Josh Poimboeuf <jpoimboe(a)kernel.org> pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() Fabien Parent <fparent(a)baylibre.com> pwm: mediatek: Always use bus clock Leonid Arapov <arapovl839(a)gmail.com> fbdev: omapfb: Add 'plane' value check AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix pqm_destroy_queue race with GPU reset David Yat Sin <David.YatSin(a)amd.com> drm/amdkfd: clamp queue size to minimum Luca Ceresoli <luca.ceresoli(a)bootlin.com> drm/bridge: panel: forbid initializing a panel with unknown connector type Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add new quirk for GPD Win 2 Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add support for AYANEO 2S Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm: allow encoder mode_set even when connectors change for crtc Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: fix race during initialization Gabriele Paoloni <gpaoloni(a)redhat.com> tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER Stanislav Fomichev <sdf(a)fomichev.me> net: vlan: don't propagate flags on open Icenowy Zheng <uwu(a)icenowy.me> wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Fix array overflow in st_setup() Bhupesh <bhupesh(a)igalia.com> ext4: ignore xattrs past end Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: protect ext4_release_dquot against freezing Daniel Kral <d.kral(a)proxmox.com> ahci: add PCI ID for Marvell 88SE9215 SATA Controller Chao Yu <chao(a)kernel.org> f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() Niklas Cassel <cassel(a)kernel.org> ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode Edward Adam Davis <eadavis(a)qq.com> jfs: add sanity check for agwidth in dbMount Edward Adam Davis <eadavis(a)qq.com> jfs: Prevent copying of nlink with value 0 from disk inode Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: Prevent integer overflow in AG size calculation Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: cast inactags to s64 to prevent potential overflow Jason Xing <kerneljasonxing(a)gmail.com> page_pool: avoid infinite loop to schedule delayed worker Ricard Wanderlof <ricard2013(a)butoba.net> ALSA: usb-audio: Fix CME quirk for UF series keyboards Maxim Mikityanskiy <maxtram95(a)gmail.com> ALSA: hda: intel: Fix Optimus when GPU has no sound Tomasz Pakuła <forest10pl(a)gmail.com> HID: pidff: Fix null pointer dereference in pidff_find_fields Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Do not send effect envelope if it's empty Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Convert infinite length from Linux API to PID standard Kees Cook <kees(a)kernel.org> xen/mcelog: Add __nonstring annotations for unterminated strings Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD Mark Rutland <mark.rutland(a)arm.com> perf: arm_pmu: Don't disable counter in armpmu_add() Max Grobecker <max(a)grobecker.info> x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine Zhongqiu Han <quic_zhonhan(a)quicinc.com> pm: cpupower: bench: Prevent NULL dereference on malloc failure Trond Myklebust <trond.myklebust(a)hammerspace.com> umount: Allow superblock owners to force umount Florian Westphal <fw(a)strlen.de> nft_set_pipapo: fix incorrect avx2 match of 5th field octet Arnaud Lecomte <contact(a)arnaud-lcm.com> net: ppp: Add bound checking for skb data on ppp_sync_txmung Daniel Wagner <wagi(a)kernel.org> nvmet-fcloop: swap list_add_tail arguments Wentao Liang <vulab(a)iscas.ac.cn> ata: sata_sx4: Add error handling in pdc20621_i2c_read() Hannes Reinecke <hare(a)suse.de> ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining ones Jakub Kicinski <kuba(a)kernel.org> net: tls: explicitly disallow disconnect Cong Wang <xiyou.wangcong(a)gmail.com> codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix memory leak in tipc_link_xmit Henry Martin <bsdhenrymartin(a)gmail.com> ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() ------------- Diffstat: Makefile | 7 +- arch/arm/mach-exynos/Kconfig | 1 - arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 +- arch/arm64/include/asm/cputype.h | 4 + arch/arm64/kernel/proton-pack.c | 1 + arch/mips/dec/prom/init.c | 2 +- arch/mips/include/asm/ds1287.h | 2 +- arch/mips/include/asm/mips-cm.h | 22 +++ arch/mips/kernel/cevt-ds1287.c | 1 + arch/mips/kernel/mips-cm.c | 14 ++ arch/parisc/kernel/pdt.c | 2 + arch/powerpc/kernel/rtas.c | 4 + arch/riscv/include/asm/kgdb.h | 9 +- arch/riscv/include/asm/syscall.h | 7 +- arch/riscv/kernel/kgdb.c | 6 + arch/s390/kvm/trace-s390.h | 4 +- arch/sparc/mm/tlb.c | 5 +- arch/x86/entry/entry.S | 2 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/events/intel/uncore_snbep.c | 49 ++----- arch/x86/kernel/cpu/amd.c | 2 +- arch/x86/kernel/cpu/bugs.c | 8 +- arch/x86/kernel/e820.c | 17 ++- arch/x86/kvm/svm/avic.c | 60 ++++---- arch/x86/kvm/vmx/posted_intr.c | 28 ++-- arch/x86/platform/pvh/head.S | 7 +- block/blk-cgroup.c | 24 +++- block/blk-iocost.c | 7 +- crypto/crypto_null.c | 37 +++-- drivers/acpi/pptt.c | 4 +- drivers/ata/ahci.c | 2 + drivers/ata/libata-eh.c | 11 +- drivers/ata/pata_pxa.c | 6 + drivers/ata/sata_sx4.c | 118 ++++++--------- drivers/bluetooth/btrtl.c | 2 + drivers/bluetooth/hci_ldisc.c | 19 ++- drivers/bluetooth/hci_uart.h | 1 + drivers/char/virtio_console.c | 7 +- drivers/clk/clk.c | 4 + drivers/clocksource/timer-stm32-lp.c | 4 +- drivers/cpufreq/cpufreq.c | 8 ++ drivers/cpufreq/scpi-cpufreq.c | 13 +- drivers/crypto/atmel-sha204a.c | 7 +- drivers/crypto/caam/qi.c | 6 +- drivers/crypto/ccp/sp-pci.c | 15 +- drivers/dma-buf/udmabuf.c | 2 +- drivers/dma/dmatest.c | 6 +- drivers/gpio/gpio-zynq.c | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 9 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 6 +- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10 ++ .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 +- .../gpu/drm/amd/display/dc/dcn21/dcn21_resource.c | 2 +- .../gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4 +- .../drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4 +- .../drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2 +- drivers/gpu/drm/drm_atomic_helper.c | 2 +- drivers/gpu/drm/drm_panel.c | 5 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 10 +- drivers/gpu/drm/i915/gt/intel_engine_cs.c | 7 +- drivers/gpu/drm/mediatek/mtk_dpi.c | 9 ++ drivers/gpu/drm/nouveau/nouveau_bo.c | 3 + drivers/gpu/drm/nouveau/nouveau_gem.c | 3 - drivers/gpu/drm/sti/Makefile | 2 - drivers/gpu/drm/tiny/repaper.c | 4 +- drivers/hid/usbhid/hid-pidff.c | 60 +++++--- drivers/hsi/clients/ssi_protocol.c | 1 + drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3 + drivers/i3c/master.c | 3 + drivers/iio/adc/ad7768-1.c | 5 +- drivers/infiniband/core/umem_odp.c | 6 +- drivers/infiniband/hw/hns/hns_roce_main.c | 2 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/infiniband/hw/usnic/usnic_ib_main.c | 14 +- drivers/iommu/amd/iommu.c | 2 +- drivers/mcb/mcb-parse.c | 2 +- drivers/md/dm-cache-target.c | 24 ++-- drivers/md/dm-integrity.c | 3 + drivers/md/raid1.c | 26 ++-- drivers/media/common/siano/smsdvb-main.c | 2 + drivers/media/i2c/adv748x/adv748x.h | 2 +- drivers/media/i2c/ov7251.c | 4 +- drivers/media/platform/qcom/venus/Makefile | 3 +- drivers/media/platform/qcom/venus/core.c | 17 --- drivers/media/platform/qcom/venus/core.h | 41 +----- drivers/media/platform/qcom/venus/helpers.c | 60 ++++---- drivers/media/platform/qcom/venus/helpers.h | 2 +- drivers/media/platform/qcom/venus/hfi.c | 18 ++- drivers/media/platform/qcom/venus/hfi_parser.c | 159 ++++++++++++++++----- drivers/media/platform/qcom/venus/hfi_parser.h | 2 +- drivers/media/platform/qcom/venus/hfi_platform.c | 49 +++++++ drivers/media/platform/qcom/venus/hfi_platform.h | 61 ++++++++ .../media/platform/qcom/venus/hfi_platform_v4.c | 60 ++++++++ drivers/media/platform/qcom/venus/hfi_venus.c | 18 ++- drivers/media/platform/qcom/venus/pm_helpers.c | 12 +- drivers/media/platform/qcom/venus/vdec.c | 8 +- drivers/media/platform/qcom/venus/venc.c | 91 ++++++++---- drivers/media/rc/streamzap.c | 135 +++++++---------- drivers/media/test-drivers/vim2m.c | 6 +- drivers/media/v4l2-core/v4l2-dv-timings.c | 4 +- drivers/mfd/ene-kb3930.c | 2 +- drivers/misc/mei/hw-me-regs.h | 1 + drivers/misc/mei/pci-me.c | 1 + drivers/misc/pci_endpoint_test.c | 6 +- drivers/mtd/inftlcore.c | 9 +- drivers/mtd/mtdpstore.c | 9 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2 +- drivers/mtd/nand/raw/r852.c | 3 + drivers/net/dsa/b53/b53_common.c | 10 ++ drivers/net/dsa/mv88e6xxx/chip.c | 25 +++- drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1 + drivers/net/ethernet/intel/igc/igc_main.c | 1 + drivers/net/ethernet/intel/igc/igc_ptp.c | 7 + .../net/ethernet/mellanox/mlx5/core/en/rep/neigh.c | 15 +- .../net/ethernet/mellanox/mlx5/core/en/rep/tc.c | 6 +- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 33 ++++- drivers/net/ethernet/mellanox/mlx5/core/en_tc.h | 3 + drivers/net/phy/phy_led_triggers.c | 23 +-- drivers/net/ppp/ppp_synctty.c | 5 + drivers/net/wireless/ath/ath10k/sdio.c | 5 +- drivers/net/wireless/atmel/at76c50x-usb.c | 2 +- drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1 + drivers/net/wireless/ti/wl1251/tx.c | 4 +- drivers/ntb/hw/idt/ntb_hw_idt.c | 18 +-- drivers/ntb/ntb_transport.c | 2 +- drivers/nvme/host/core.c | 10 ++ drivers/nvme/target/fc.c | 14 -- drivers/nvme/target/fcloop.c | 2 +- drivers/of/irq.c | 13 +- drivers/pci/controller/pcie-brcmstb.c | 13 +- drivers/pci/pci.c | 107 ++++++++------ drivers/pci/probe.c | 60 ++++++-- drivers/pci/remove.c | 7 + drivers/perf/arm_pmu.c | 8 +- drivers/phy/tegra/xusb.c | 2 +- drivers/pinctrl/qcom/pinctrl-msm.c | 12 +- drivers/platform/x86/asus-laptop.c | 9 +- .../x86/intel_speed_select_if/isst_if_common.c | 2 +- drivers/pwm/pwm-fsl-ftm.c | 6 + drivers/pwm/pwm-mediatek.c | 20 ++- drivers/pwm/pwm-rcar.c | 24 ++-- drivers/s390/block/dasd.c | 5 +- drivers/s390/virtio/virtio_ccw.c | 16 ++- drivers/scsi/lpfc/lpfc_hbadisc.c | 2 + drivers/scsi/pm8001/pm8001_sas.c | 1 + drivers/scsi/scsi_transport_iscsi.c | 7 +- drivers/scsi/st.c | 2 +- drivers/scsi/ufs/ufs_bsg.c | 1 + drivers/soc/samsung/Kconfig | 12 +- drivers/soc/samsung/Makefile | 3 +- drivers/soc/samsung/exynos-asv.c | 45 ++---- drivers/soc/samsung/exynos-asv.h | 2 + drivers/soc/samsung/exynos-chipid.c | 139 +++++++++++++----- drivers/soc/ti/omap_prm.c | 2 + drivers/spi/spi-cadence-quadspi.c | 6 + drivers/staging/comedi/drivers/jr3_pci.c | 15 +- drivers/staging/rtl8723bs/core/rtw_mlme.c | 2 + drivers/thermal/rockchip_thermal.c | 1 + drivers/tty/serial/sifive.c | 6 + drivers/usb/cdns3/gadget.c | 2 + drivers/usb/core/quirks.c | 9 ++ drivers/usb/dwc3/gadget.c | 6 + drivers/usb/gadget/udc/aspeed-vhub/dev.c | 3 + drivers/usb/host/max3421-hcd.c | 7 + drivers/usb/host/ohci-pci.c | 23 +++ drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 5 + drivers/usb/serial/option.c | 3 + drivers/usb/serial/usb-serial-simple.c | 7 + drivers/usb/storage/unusual_uas.h | 7 + drivers/vdpa/mlx5/core/mr.c | 7 +- drivers/vfio/pci/vfio_pci.c | 13 ++ drivers/video/backlight/led_bl.c | 5 +- drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6 +- drivers/xen/xenfs/xensyms.c | 4 +- fs/Kconfig | 1 + fs/btrfs/super.c | 3 +- fs/cifs/cifs_debug.c | 6 + fs/cifs/cifsglob.h | 9 ++ fs/cifs/cifsproto.h | 7 +- fs/cifs/connect.c | 2 +- fs/cifs/smb2misc.c | 11 +- fs/cifs/smb2ops.c | 48 ++++--- fs/cifs/smb2pdu.c | 10 +- fs/cifs/transport.c | 43 +++--- fs/ext4/block_validity.c | 5 +- fs/ext4/inode.c | 76 +++++++--- fs/ext4/namei.c | 2 +- fs/ext4/super.c | 19 ++- fs/ext4/xattr.c | 11 +- fs/f2fs/node.c | 9 +- fs/fuse/virtio_fs.c | 3 + fs/hfs/bnode.c | 6 + fs/hfsplus/bnode.c | 6 + fs/isofs/export.c | 2 +- fs/jbd2/journal.c | 1 - fs/jfs/jfs_dmap.c | 12 +- fs/jfs/jfs_imap.c | 2 +- fs/namespace.c | 3 +- fs/nfs/Kconfig | 2 +- fs/nfs/internal.h | 22 --- fs/nfs/nfs4session.h | 4 - fs/nfsd/Kconfig | 1 + fs/nfsd/nfs4state.c | 2 +- fs/nfsd/nfsfh.h | 7 - fs/proc/array.c | 64 +++++---- include/linux/backing-dev.h | 1 + include/linux/blk-cgroup.h | 1 + include/linux/filter.h | 4 + include/linux/nfs.h | 13 ++ include/linux/pci.h | 12 ++ include/linux/soc/samsung/exynos-chipid.h | 6 +- include/net/net_namespace.h | 1 + include/net/sctp/structs.h | 3 +- include/uapi/linux/kfd_ioctl.h | 2 + include/xen/interface/xen-mca.h | 2 +- init/Kconfig | 3 +- kernel/bpf/helpers.c | 11 +- kernel/bpf/syscall.c | 17 ++- kernel/dma/contiguous.c | 3 +- kernel/locking/lockdep.c | 3 + kernel/resource.c | 41 ++---- kernel/sched/cpufreq_schedutil.c | 18 ++- kernel/trace/ftrace.c | 1 + kernel/trace/trace.h | 4 + kernel/trace/trace_events.c | 4 +- kernel/trace/trace_events_filter.c | 4 +- kernel/trace/trace_events_hist.c | 7 +- kernel/trace/trace_events_synth.c | 82 ++++++++++- kernel/trace/trace_synth.h | 1 + lib/sg_split.c | 2 - mm/memory.c | 4 +- mm/vmscan.c | 2 +- net/8021q/vlan_dev.c | 31 +--- net/bluetooth/hci_event.c | 5 +- net/core/dev.c | 1 + net/core/filter.c | 80 ++++++----- net/core/net_namespace.c | 21 ++- net/core/page_pool.c | 8 +- net/ipv4/inet_connection_sock.c | 19 ++- net/mac80211/iface.c | 3 + net/mac80211/mesh_hwmp.c | 14 +- net/mptcp/protocol.c | 45 ++++++ net/mptcp/subflow.c | 15 +- net/netfilter/ipvs/ip_vs_ctl.c | 10 +- net/netfilter/nft_set_pipapo_avx2.c | 3 +- net/openvswitch/actions.c | 4 +- net/openvswitch/flow_netlink.c | 3 +- net/sched/sch_codel.c | 5 +- net/sched/sch_fq_codel.c | 6 +- net/sched/sch_hfsc.c | 23 ++- net/sctp/socket.c | 22 +-- net/sctp/transport.c | 2 + net/tipc/link.c | 1 + net/tipc/monitor.c | 3 +- net/tls/tls_main.c | 6 + sound/pci/hda/hda_intel.c | 15 +- sound/soc/codecs/wcd934x.c | 2 +- sound/soc/qcom/qdsp6/q6asm-dai.c | 19 ++- sound/usb/midi.c | 80 ++++++++++- tools/objtool/check.c | 3 + tools/power/cpupower/bench/parse.c | 4 + tools/testing/selftests/mincore/mincore_selftest.c | 3 - tools/testing/selftests/ublk/test_stripe_04.sh | 24 ++++ .../selftests/vm/charge_reserved_hugetlb.sh | 4 +- .../selftests/vm/hugetlb_reparenting_test.sh | 2 +- 268 files changed, 2396 insertions(+), 1209 deletions(-)

7 months

6
291
0 0

[PATCH 5.4 000/179] 5.4.293-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 5.4.293 release. There are 179 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 01 May 2025 16:10:15 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.4.293-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.4.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 5.4.293-rc1 Thomas Bogendoerfer <tsbogend(a)alpha.franken.de> MIPS: cm: Fix warning if MIPS_CM is disabled Marek Behún <kabel(a)kernel.org> crypto: atmel-sha204a - Set hwrng quality to lowest possible Ian Abbott <abbotti(a)mev.co.uk> comedi: jr3_pci: Fix synchronous deletion of timer David Hildenbrand <david(a)redhat.com> s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues Meir Elisha <meir.elisha(a)volumez.com> md/raid1: Add check for missing source disk in process_checks() Igor Pylypiv <ipylypiv(a)google.com> scsi: pm80xx: Set phy_attached to zero when device is gone Josh Poimboeuf <jpoimboe(a)kernel.org> x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline Jean-Marc Eurin <jmeurin(a)google.com> ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls Ming Lei <ming.lei(a)redhat.com> selftests: ublk: fix test_stripe_04 Xiaogang Chen <xiaogang.chen(a)amd.com> udmabuf: fix a buf size overflow issue during udmabuf creation Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> KVM: s390: Don't use %pK through tracepoints Oleg Nesterov <oleg(a)redhat.com> sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP Arnd Bergmann <arnd(a)arndb.de> ntb: reduce stack usage in idt_scan_mws Al Viro <viro(a)zeniv.linux.org.uk> qibfs: fix _another_ leak Chenyuan Yang <chenyuan0y(a)gmail.com> usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() Vinicius Costa Gomes <vinicius.gomes(a)intel.com> dmaengine: dmatest: Fix dmatest waiting less when interrupted Alexander Stein <alexander.stein(a)mailbox.org> usb: host: max3421-hcd: Add missing spi_device_id table Yu-Chun Lin <eleanor15x(a)gmail.com> parisc: PDT: Fix missing prototype warning Heiko Stuebner <heiko(a)sntech.de> clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() Herbert Xu <herbert(a)gondor.apana.org.au> crypto: null - Use spin lock instead of mutex Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: cm: Detect CM quirks from device tree Oliver Neukum <oneukum(a)suse.com> USB: VLI disk crashes if LPM is used Miao Li <limiao(a)kylinos.cn> usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive Miao Li <limiao(a)kylinos.cn> usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive Frode Isaksen <frode(a)meta.com> usb: dwc3: gadget: check that event count does not exceed event buffer length Huacai Chen <chenhuacai(a)loongson.cn> USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) Ralph Siemsen <ralph.siemsen(a)linaro.org> usb: cdns3: Fix deadlock when using NCM gadget Craig Hesling <craig(a)hesling.com> USB: serial: simple: add OWON HDS200 series oscilloscope support Adam Xue <zxue(a)semtech.com> USB: serial: option: add Sierra Wireless EM9291 Michael Ehrenreich <michideep(a)gmail.com> USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe Ryo Takakura <ryotkkr98(a)gmail.com> serial: sifive: lock port in startup()/shutdown() callbacks Oliver Neukum <oneukum(a)suse.com> USB: storage: quirk for ADATA Portable HDD CH94 Haoxiang Li <haoxiang_li2024(a)163.com> mcb: fix a double free bug in chameleon_parse_gdd() Halil Pasic <pasic(a)linux.ibm.com> virtio_console: fix missing byte order handling for cols and rows Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Cong Wang <xiyou.wangcong(a)gmail.com> net_sched: hfsc: Fix a UAF vulnerability in class handling Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix NULL pointer dereference in tipc_mon_reinit_self() Qingfang Deng <qingfang.deng(a)siflower.com.cn> net: phy: leds: fix memory leak Henry Martin <bsdhenrymartin(a)gmail.com> cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Denis Arefev <arefev(a)swemel.ru> drm/amd/pm: Prevent division by zero Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error Damien Le Moal <dlemoal(a)kernel.org> misc: pci_endpoint_test: Use INTX instead of LEGACY Bjorn Helgaas <bhelgaas(a)google.com> PCI: Rename PCI_IRQ_LEGACY to PCI_IRQ_INTX Sergiu Cuciurean <sergiu.cuciurean(a)analog.com> iio: adc: ad7768-1: Fix conversion result sign Jonathan Cameron <Jonathan.Cameron(a)huawei.com> iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: fix VTU methods for 6320 family Matthew Majewski <mattwmajewski(a)gmail.com> media: vim2m: print device name after registering device Acs, Jakub <acsjakub(a)amazon.de> ext4: fix OOB read when checking dotdot dir Theodore Ts'o <tytso(a)mit.edu> ext4: optimize __ext4_check_dir_entry() Theodore Ts'o <tytso(a)mit.edu> ext4: don't over-report free space or inodes in statvfs Chengguang Xu <cgxu519(a)mykernel.net> ext4: code cleanup for ext4_statfs_project() Jan Kara <jack(a)suse.cz> ext4: simplify checking quota limits in ext4_statfs() Srinivas Pandruvada <srinivas.pandruvada(a)linux.intel.com> platform/x86: ISST: Correct command storage data length WangYuli <wangyuli(a)uniontech.com> MIPS: ds1287: Match ds1287_set_base_clock() function types WangYuli <wangyuli(a)uniontech.com> MIPS: cevt-ds1287: Add missing ds1287.h include WangYuli <wangyuli(a)uniontech.com> MIPS: dec: Declare which_prom() as static Xie Yongji <xieyongji(a)bytedance.com> virtio-net: Add validation for used length Bart Van Assche <bvanassche(a)acm.org> RDMA/srpt: Support specifying the srpt_service_guid parameter Ilya Maximets <i.maximets(a)ovn.org> openvswitch: fix lockup on tx to unregistering netdev with carrier Felix Huettner <felix.huettner(a)mail.schwarz> net: openvswitch: fix race on port output Seunghwan Baek <sh8267.baek(a)samsung.com> mmc: cqhci: Fix checking of CQHCI_HALT state WangYuli <wangyuli(a)uniontech.com> nvmet-fc: Remove unused functions Martin Kepplinger <martin.kepplinger(a)puri.sm> usb: dwc3: support continuous runtime PM with dual role Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type Kunihiko Hayashi <hayashi.kunihiko(a)socionext.com> misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error Kuniyuki Iwashima <kuniyu(a)amazon.com> tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Nathan Chancellor <natechancellor(a)gmail.com> powerpc/prom_init: Use -ffreestanding to avoid a reference to bcmp Nathan Chancellor <nathan(a)kernel.org> kbuild: Add '-fno-builtin-wcslen' Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> cpufreq: Reference count policy in cpufreq_update_limits() Rolf Eike Beer <eb(a)emlix.com> drm/sti: remove duplicate object names Chris Bainbridge <chris.bainbridge(a)gmail.com> drm/nouveau: prime: fix ttm_bo_delayed_delete oops Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/repaper: fix integer overflows in repeat functions Thorsten Leemhuis <linux(a)leemhuis.info> module: sign with sha512 instead of sha1 by default Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR Dapeng Mi <dapeng1.mi(a)linux.intel.com> perf/x86/intel: Allow to update user space GPRs from PEBS records Xiangsheng Hou <xiangsheng.hou(a)mediatek.com> virtiofs: add filesystem context source name check Nathan Chancellor <nathan(a)kernel.org> riscv: Avoid fortify warning in syscall_get_arguments() Edward Adam Davis <eadavis(a)qq.com> isofs: Prevent the use of too small fid Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> i2c: cros-ec-tunnel: defer probe if parent EC is not present Vasiliy Kovalev <kovalev(a)altlinux.org> hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Johannes Kimmel <kernel(a)bareminimum.eu> btrfs: correctly escape subvol in btrfs_show_options() Eric Biggers <ebiggers(a)google.com> nfs: add missing selections of CONFIG_CRC32 Jeff Layton <jlayton(a)kernel.org> nfs: move nfs_fhandle_hash to common include file Chuck Lever <chuck.lever(a)oracle.com> NFSD: Constify @fh argument of knfsd_fh_hash() Denis Arefev <arefev(a)swemel.ru> asus-laptop: Fix an uninitialized variable Andreas Gruenbacher <agruenba(a)redhat.com> writeback: fix false warning in inode_to_wb() Jonas Gorski <jonas.gorski(a)gmail.com> net: b53: enable BPDU reception for management port Ilya Maximets <i.maximets(a)ovn.org> net: openvswitch: fix nested key length validation in the set() action Johannes Berg <johannes.berg(a)intel.com> Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Dan Carpenter <dan.carpenter(a)linaro.org> Bluetooth: btrtl: Prevent potential NULL dereference Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address Yue Haibing <yuehaibing(a)huawei.com> RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() Miaoqian Lin <linmq006(a)gmail.com> scsi: iscsi: Fix missing scsi_host_put() in error path Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: wl1251: fix memory leak in wl1251_tx_work Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Purge vif txq in ieee80211_do_stop() Remi Pommarel <repk(a)triplefau.lt> wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() Abdun Nihaal <abdun.nihaal(a)gmail.com> wifi: at76c50x: fix use after free access in at76_disconnect Kaixin Wang <kxwang23(a)m.fudan.edu.cn> HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition Daniel Golle <daniel(a)makrotopia.org> pwm: mediatek: always use bus clock for PWM on MT7622 Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: Fix another race during initialization Myrrh Periwinkle <myrrhperiwinkle(a)qtmlabs.xyz> x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() Ma Ke <make24(a)iscas.ac.cn> PCI: Fix reference leak in pci_alloc_child_bus() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_init() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() Zijun Hu <quic_zijuhu(a)quicinc.com> of/irq: Fix device node refcount leakages in of_irq_count() Fedor Pchelkin <pchelkin(a)ispras.ru> ntb: use 64-bit arithmetic for the MSI doorbell mask Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> gpio: zynq: Fix wakeup source leaks on device unbind zhoumin <teczm(a)foxmail.com> ftrace: Add cond_resched() to ftrace_graph_set_hash() Mikulas Patocka <mpatocka(a)redhat.com> dm-integrity: set ti->error on memory allocation failure Tom Lendacky <thomas.lendacky(a)amd.com> crypto: ccp - Fix check for the primary ASP device Trevor Woerner <twoerner(a)gmail.com> thermal/drivers/rockchip: Add missing rk3328 mapping entry Ricardo Cañuelo Navarro <rcn(a)igalia.com> sctp: detect and prevent references to a freed transport in sendmsg Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock Ryan Roberts <ryan.roberts(a)arm.com> sparc/mm: disable preemption in lazy mmu mode Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string Wentao Liang <vulab(a)iscas.ac.cn> mtd: rawnand: Add status chack in r852_ready() Wentao Liang <vulab(a)iscas.ac.cn> mtd: inftlcore: Add error check for inftl_read_oob() T Pratham <t-pratham(a)ti.com> lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets Boqun Feng <boqun.feng(a)gmail.com> locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() Jan Kara <jack(a)suse.cz> jbd2: remove wrong sb->s_sequence check Manjunatha Venkatesh <manjunatha.venkatesh(a)nxp.com> i3c: Add NULL pointer check in i3c_master_queue_ibi() Artem Sadovnikov <a.sadovnikov(a)ispras.ru> ext4: fix off-by-one error in do_split Gavrilov Ilia <Ilia.Gavrilov(a)infotecs.ru> wifi: mac80211: fix integer overflow in hwmp_route_info_get() Marek Behún <kabel(a)kernel.org> net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi_parser: add check to avoid out of bound access Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO Sakari Ailus <sakari.ailus(a)linux.intel.com> media: i2c: ov7251: Set enable GPIO low in probe Karina Yankevich <k.yankevich(a)omp.ru> media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() Murad Masimov <m.masimov(a)mt-integration.ru> media: streamzap: prevent processing IR data on URB failure Kamal Dasu <kamal.dasu(a)broadcom.com> mtd: rawnand: brcmnand: fix PM resume warning Douglas Anderson <dianders(a)chromium.org> arm64: cputype: Add MIDR_CORTEX_A76AE Jan Beulich <jbeulich(a)suse.com> xenfs/xensyms: respect hypervisor's "next" indication Yuan Can <yuancan(a)huawei.com> media: siano: Fix error handling in smsdvb_module_init() Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add check to handle incorrect queue size Vikash Garodia <quic_vgarodia(a)quicinc.com> media: venus: hfi: add a check to handle OOB in sfr region Niklas Söderlund <niklas.soderlund+renesas(a)ragnatech.se> media: i2c: adv748x: Fix test pattern selection mask Jann Horn <jannh(a)google.com> ext4: don't treat fhandle lookup of ea_inode as FS corruption Eric Biggers <ebiggers(a)google.com> ext4: reject casefold inode flag without casefold feature Willem de Bruijn <willemb(a)google.com> bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags Ben Dooks <ben.dooks(a)sifive.com> bpf: Add endian modifiers to fix endian warnings Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: fsl-ftm: Handle clk_get_rate() returning 0 Josh Poimboeuf <jpoimboe(a)kernel.org> pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() Fabien Parent <fparent(a)baylibre.com> pwm: mediatek: Always use bus clock Leonid Arapov <arapovl839(a)gmail.com> fbdev: omapfb: Add 'plane' value check AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off Philip Yang <Philip.Yang(a)amd.com> drm/amdkfd: Fix pqm_destroy_queue race with GPU reset David Yat Sin <David.YatSin(a)amd.com> drm/amdkfd: clamp queue size to minimum Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add new quirk for GPD Win 2 Andrew Wyatt <fewtarius(a)steamfork.org> drm: panel-orientation-quirks: Add support for AYANEO 2S Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm: allow encoder mode_set even when connectors change for crtc Arseniy Krasnov <avkrasnov(a)salutedevices.com> Bluetooth: hci_uart: fix race during initialization Gabriele Paoloni <gpaoloni(a)redhat.com> tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER Stanislav Fomichev <sdf(a)fomichev.me> net: vlan: don't propagate flags on open Icenowy Zheng <uwu(a)icenowy.me> wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table Kai Mäkisara <Kai.Makisara(a)kolumbus.fi> scsi: st: Fix array overflow in st_setup() Bhupesh <bhupesh(a)igalia.com> ext4: ignore xattrs past end Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: protect ext4_release_dquot against freezing Daniel Kral <d.kral(a)proxmox.com> ahci: add PCI ID for Marvell 88SE9215 SATA Controller Niklas Cassel <cassel(a)kernel.org> ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode Edward Adam Davis <eadavis(a)qq.com> jfs: add sanity check for agwidth in dbMount Edward Adam Davis <eadavis(a)qq.com> jfs: Prevent copying of nlink with value 0 from disk inode Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: Prevent integer overflow in AG size calculation Rand Deeb <rand.sec96(a)gmail.com> fs/jfs: cast inactags to s64 to prevent potential overflow Jason Xing <kerneljasonxing(a)gmail.com> page_pool: avoid infinite loop to schedule delayed worker Ricard Wanderlof <ricard2013(a)butoba.net> ALSA: usb-audio: Fix CME quirk for UF series keyboards Maxim Mikityanskiy <maxtram95(a)gmail.com> ALSA: hda: intel: Fix Optimus when GPU has no sound Tomasz Pakuła <forest10pl(a)gmail.com> HID: pidff: Fix null pointer dereference in pidff_find_fields Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Do not send effect envelope if it's empty Tomasz Pakuła <tomasz.pakula.oficjalny(a)gmail.com> HID: pidff: Convert infinite length from Linux API to PID standard Kees Cook <kees(a)kernel.org> xen/mcelog: Add __nonstring annotations for unterminated strings Mark Rutland <mark.rutland(a)arm.com> perf: arm_pmu: Don't disable counter in armpmu_add() Max Grobecker <max(a)grobecker.info> x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine Zhongqiu Han <quic_zhonhan(a)quicinc.com> pm: cpupower: bench: Prevent NULL dereference on malloc failure Arnaud Lecomte <contact(a)arnaud-lcm.com> net: ppp: Add bound checking for skb data on ppp_sync_txmung Wentao Liang <vulab(a)iscas.ac.cn> ata: sata_sx4: Add error handling in pdc20621_i2c_read() Hannes Reinecke <hare(a)suse.de> ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining ones Cong Wang <xiyou.wangcong(a)gmail.com> codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() Tung Nguyen <tung.quang.nguyen(a)est.tech> tipc: fix memory leak in tipc_link_xmit Henry Martin <bsdhenrymartin(a)gmail.com> ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() ------------- Diffstat: Makefile | 7 +- arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 +- arch/arm64/include/asm/cputype.h | 2 + arch/mips/dec/prom/init.c | 2 +- arch/mips/include/asm/ds1287.h | 2 +- arch/mips/include/asm/mips-cm.h | 22 ++++ arch/mips/kernel/cevt-ds1287.c | 1 + arch/mips/kernel/mips-cm.c | 14 +++ arch/parisc/kernel/pdt.c | 2 + arch/powerpc/kernel/Makefile | 1 + arch/riscv/include/asm/syscall.h | 7 +- arch/s390/kvm/trace-s390.h | 4 +- arch/sparc/mm/tlb.c | 5 +- arch/x86/events/intel/ds.c | 8 +- arch/x86/events/intel/uncore_snbep.c | 16 +-- arch/x86/kernel/cpu/amd.c | 2 +- arch/x86/kernel/cpu/bugs.c | 8 +- arch/x86/kernel/e820.c | 17 ++- crypto/crypto_null.c | 37 ++++--- drivers/acpi/pptt.c | 4 +- drivers/ata/ahci.c | 2 + drivers/ata/libata-eh.c | 11 +- drivers/ata/pata_pxa.c | 6 ++ drivers/ata/sata_sx4.c | 118 ++++++++------------- drivers/bluetooth/btrtl.c | 2 + drivers/bluetooth/hci_ldisc.c | 19 +++- drivers/bluetooth/hci_uart.h | 1 + drivers/char/virtio_console.c | 7 +- drivers/clk/clk.c | 4 + drivers/cpufreq/cpufreq.c | 8 ++ drivers/cpufreq/scpi-cpufreq.c | 13 ++- drivers/crypto/atmel-sha204a.c | 7 +- drivers/crypto/ccp/sp-pci.c | 15 +-- drivers/dma-buf/udmabuf.c | 2 +- drivers/dma/dmatest.c | 6 +- drivers/gpio/gpio-zynq.c | 1 + drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10 ++ .../gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 +- .../gpu/drm/amd/powerplay/hwmgr/vega20_thermal.c | 2 +- drivers/gpu/drm/drm_atomic_helper.c | 2 +- drivers/gpu/drm/drm_panel_orientation_quirks.c | 10 +- drivers/gpu/drm/mediatek/mtk_dpi.c | 9 ++ drivers/gpu/drm/nouveau/nouveau_bo.c | 3 + drivers/gpu/drm/nouveau/nouveau_gem.c | 3 - drivers/gpu/drm/sti/Makefile | 2 - drivers/gpu/drm/tiny/repaper.c | 4 +- drivers/hid/usbhid/hid-pidff.c | 60 +++++++---- drivers/hsi/clients/ssi_protocol.c | 1 + drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3 + drivers/i3c/master.c | 3 + drivers/iio/adc/ad7768-1.c | 5 +- drivers/infiniband/hw/qib/qib_fs.c | 1 + drivers/infiniband/hw/usnic/usnic_ib_main.c | 14 +-- drivers/infiniband/ulp/srpt/ib_srpt.c | 8 +- drivers/mcb/mcb-parse.c | 2 +- drivers/md/dm-integrity.c | 3 + drivers/md/raid1.c | 26 +++-- drivers/media/common/siano/smsdvb-main.c | 2 + drivers/media/i2c/adv748x/adv748x.h | 2 +- drivers/media/i2c/ov7251.c | 4 +- drivers/media/platform/qcom/venus/hfi_parser.c | 2 + drivers/media/platform/qcom/venus/hfi_venus.c | 18 +++- drivers/media/platform/vim2m.c | 6 +- drivers/media/rc/streamzap.c | 68 ++++++------ drivers/media/v4l2-core/v4l2-dv-timings.c | 4 +- drivers/misc/pci_endpoint_test.c | 36 ++++--- drivers/mmc/host/cqhci.c | 2 +- drivers/mtd/inftlcore.c | 9 +- drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2 +- drivers/mtd/nand/raw/r852.c | 3 + drivers/net/dsa/b53/b53_common.c | 10 ++ drivers/net/dsa/mv88e6xxx/chip.c | 25 ++++- drivers/net/phy/phy_led_triggers.c | 23 ++-- drivers/net/ppp/ppp_synctty.c | 5 + drivers/net/virtio_net.c | 22 ++-- drivers/net/wireless/atmel/at76c50x-usb.c | 2 +- drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1 + drivers/net/wireless/ti/wl1251/tx.c | 4 +- drivers/ntb/hw/idt/ntb_hw_idt.c | 18 ++-- drivers/ntb/ntb_transport.c | 2 +- drivers/nvme/target/fc.c | 14 --- drivers/of/irq.c | 13 ++- drivers/pci/probe.c | 5 +- drivers/perf/arm_pmu.c | 8 +- drivers/platform/x86/asus-laptop.c | 9 +- .../x86/intel_speed_select_if/isst_if_common.c | 2 +- drivers/pwm/pwm-fsl-ftm.c | 6 ++ drivers/pwm/pwm-mediatek.c | 20 +++- drivers/s390/virtio/virtio_ccw.c | 16 ++- drivers/scsi/pm8001/pm8001_sas.c | 1 + drivers/scsi/scsi_transport_iscsi.c | 7 +- drivers/scsi/st.c | 2 +- drivers/staging/comedi/drivers/jr3_pci.c | 15 ++- drivers/thermal/rockchip_thermal.c | 1 + drivers/tty/serial/sifive.c | 6 ++ drivers/usb/cdns3/gadget.c | 2 + drivers/usb/core/quirks.c | 9 ++ drivers/usb/dwc3/core.c | 11 +- drivers/usb/dwc3/gadget.c | 6 ++ drivers/usb/gadget/udc/aspeed-vhub/dev.c | 3 + drivers/usb/host/max3421-hcd.c | 7 ++ drivers/usb/host/ohci-pci.c | 23 ++++ drivers/usb/serial/ftdi_sio.c | 2 + drivers/usb/serial/ftdi_sio_ids.h | 5 + drivers/usb/serial/option.c | 3 + drivers/usb/serial/usb-serial-simple.c | 7 ++ drivers/usb/storage/unusual_uas.h | 7 ++ drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6 +- drivers/xen/xenfs/xensyms.c | 4 +- fs/Kconfig | 1 + fs/btrfs/super.c | 3 +- fs/ext4/dir.c | 12 ++- fs/ext4/inode.c | 69 ++++++++---- fs/ext4/namei.c | 2 +- fs/ext4/super.c | 61 ++++++----- fs/ext4/xattr.c | 11 +- fs/fuse/virtio_fs.c | 3 + fs/hfs/bnode.c | 6 ++ fs/hfsplus/bnode.c | 6 ++ fs/isofs/export.c | 2 +- fs/jbd2/journal.c | 1 - fs/jfs/jfs_dmap.c | 10 +- fs/jfs/jfs_imap.c | 2 +- fs/nfs/Kconfig | 2 +- fs/nfs/internal.h | 22 ---- fs/nfs/nfs4session.h | 4 - fs/nfsd/Kconfig | 1 + fs/nfsd/nfsfh.h | 12 +-- include/linux/backing-dev.h | 1 + include/linux/nfs.h | 13 +++ include/linux/pci.h | 4 +- include/net/sctp/structs.h | 3 +- include/uapi/linux/kfd_ioctl.h | 2 + include/uapi/linux/pcitest.h | 3 +- include/xen/interface/xen-mca.h | 2 +- init/Kconfig | 3 +- kernel/locking/lockdep.c | 3 + kernel/trace/ftrace.c | 1 + kernel/trace/trace_events.c | 4 +- lib/sg_split.c | 2 - mm/vmscan.c | 2 +- net/8021q/vlan_dev.c | 31 +----- net/bluetooth/hci_event.c | 5 +- net/core/dev.c | 1 + net/core/filter.c | 80 +++++++------- net/core/page_pool.c | 8 +- net/ipv4/inet_connection_sock.c | 19 +++- net/mac80211/iface.c | 3 + net/mac80211/mesh_hwmp.c | 14 ++- net/openvswitch/actions.c | 4 +- net/openvswitch/flow_netlink.c | 3 +- net/sched/sch_codel.c | 5 +- net/sched/sch_fq_codel.c | 6 +- net/sched/sch_hfsc.c | 23 ++-- net/sctp/socket.c | 22 ++-- net/sctp/transport.c | 2 + net/tipc/link.c | 1 + net/tipc/monitor.c | 3 +- sound/pci/hda/hda_intel.c | 15 ++- sound/usb/midi.c | 80 ++++++++++++-- tools/power/cpupower/bench/parse.c | 4 + tools/testing/selftests/ublk/test_stripe_04.sh | 24 +++++ 162 files changed, 1121 insertions(+), 557 deletions(-)

7 months

6
184
0 0

[PATCH 0/1] mm: Fix regression after THP PTE optimization on Xen PV Dom0

by Petr Vaněk

Hi all, I have found a problem in recent kernels 6.9+ when running under the Xen hypervisor as a PV dom0. In my setup (PV Dom0 with 4G RAM, using XFS), I shrink memory to 256M via the balloon driver after boot: xl mem-set Domain-0 256m Once memory is reduced, even running a simple command like ls usually triggers the following warning: [ 27.963562] [ T2553] page: refcount:88 mapcount:21 mapping:ffff88813ff6f6a8 index:0x110 pfn:0x10085c [ 27.963564] [ T2553] head: order:2 mapcount:83 entire_mapcount:0 nr_pages_mapped:4 pincount:0 [ 27.963565] [ T2553] memcg:ffff888003573000 [ 27.963567] [ T2553] aops:0xffffffff8226fd20 ino:82467c dentry name(?):"libc.so.6" [ 27.963570] [ T2553] flags: 0x2000000000416c(referenced|uptodate|lru|active|private|head|node=0|zone=2) [ 27.963573] [ T2553] raw: 002000000000416c ffffea0004021e88 ffffea0004021908 ffff88813ff6f6a8 [ 27.963574] [ T2553] raw: 0000000000000110 ffff88811bf06b60 0000005800000014 ffff888003573000 [ 27.963576] [ T2553] head: 002000000000416c ffffea0004021e88 ffffea0004021908 ffff88813ff6f6a8 [ 27.963577] [ T2553] head: 0000000000000110 ffff88811bf06b60 0000005800000014 ffff888003573000 [ 27.963578] [ T2553] head: 0020000000000202 ffffea0004021701 0000000400000052 00000000ffffffff [ 27.963580] [ T2553] head: 0000000300000003 8000000300000002 0000000000000014 0000000000000004 [ 27.963581] [ T2553] page dumped because: VM_WARN_ON_FOLIO((_Generic((page + nr_pages - 1), const struct page *: (const struct folio *)_compound_head(page + nr_pages - 1), struct page *: (struct folio *)_compound_head(page + nr_pages - 1))) != folio) [ 27.963590] [ T2553] ------------[ cut here ]------------ [ 27.963591] [ T2553] WARNING: CPU: 1 PID: 2553 at include/linux/rmap.h:427 __folio_rmap_sanity_checks+0x1a0/0x270 [ 27.963596] [ T2553] CPU: 1 UID: 0 PID: 2553 Comm: ls Not tainted 6.15.0-rc4-00002-ge0363f942651 #270 PREEMPT(undef) [ 27.963599] [ T2553] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-20240910_120124-localhost 04/01/2014 [ 27.963601] [ T2553] RIP: e030:__folio_rmap_sanity_checks+0x1a0/0x270 [ 27.963603] [ T2553] Code: 89 df e8 b3 7d fd ff 0f 0b e9 eb fe ff ff 48 8d 42 ff 48 39 c3 0f 84 0e ff ff ff 48 c7 c6 e8 49 5b 82 48 89 df e8 90 7d fd ff <0f> 0b e9 f8 fe ff ff 41 f7 c4 ff 0f 00 00 0f 85 b2 fe ff ff 49 8b [ 27.963605] [ T2553] RSP: e02b:ffffc90040f8fac0 EFLAGS: 00010246 [ 27.963608] [ T2553] RAX: 00000000000000e5 RBX: ffffea0004021700 RCX: 0000000000000000 [ 27.963609] [ T2553] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 00000000ffffffff [ 27.963610] [ T2553] RBP: ffffc90040f8fae0 R08: 00000000ffffdfff R09: ffffffff82929308 [ 27.963612] [ T2553] R10: ffffffff82879360 R11: 0000000000000002 R12: ffffea0004021700 [ 27.963613] [ T2553] R13: 0000000000000005 R14: 0000000000000000 R15: 0000000000000005 [ 27.963625] [ T2553] FS: 00007ff06dafe740(0000) GS:ffff8880b7ccb000(0000) knlGS:0000000000000000 [ 27.963627] [ T2553] CS: e030 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 27.963628] [ T2553] CR2: 000055deb932f630 CR3: 0000000002844000 CR4: 0000000000050660 [ 27.963630] [ T2553] Call Trace: [ 27.963632] [ T2553] <TASK> [ 27.963633] [ T2553] folio_remove_rmap_ptes+0x24/0x2b0 [ 27.963635] [ T2553] unmap_page_range+0x132e/0x17e0 [ 27.963638] [ T2553] unmap_single_vma+0x81/0xd0 [ 27.963640] [ T2553] unmap_vmas+0xb5/0x180 [ 27.963642] [ T2553] exit_mmap+0x10c/0x460 [ 27.963644] [ T2553] mmput+0x59/0x120 [ 27.963647] [ T2553] do_exit+0x2d1/0xbd0 [ 27.963649] [ T2553] do_group_exit+0x2f/0x90 [ 27.963651] [ T2553] __x64_sys_exit_group+0x13/0x20 [ 27.963652] [ T2553] x64_sys_call+0x126b/0x1d70 [ 27.963655] [ T2553] do_syscall_64+0x54/0x120 [ 27.963657] [ T2553] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 27.963659] [ T2553] RIP: 0033:0x7ff06dbdbe9d [ 27.963660] [ T2553] Code: Unable to access opcode bytes at 0x7ff06dbdbe73. [ 27.963661] [ T2553] RSP: 002b:00007ffde44f9ac8 EFLAGS: 00000206 ORIG_RAX: 00000000000000e7 [ 27.963664] [ T2553] RAX: ffffffffffffffda RBX: 00007ff06dce4fa8 RCX: 00007ff06dbdbe9d [ 27.963665] [ T2553] RDX: 00000000000000e7 RSI: ffffffffffffff88 RDI: 0000000000000000 [ 27.963666] [ T2553] RBP: 0000000000000000 R08: 00007ffde44f9a70 R09: 00007ffde44f99ff [ 27.963667] [ T2553] R10: 00007ffde44f9980 R11: 0000000000000206 R12: 00007ff06dce3680 [ 27.963668] [ T2553] R13: 00007ff06dd010e0 R14: 0000000000000002 R15: 00007ff06dce4fc0 [ 27.963670] [ T2553] </TASK> [ 27.963671] [ T2553] ---[ end trace 0000000000000000 ]--- Later on bigger problems start to appear: [ 69.035059] [ T2593] BUG: Bad page map in process ls pte:10006c125 pmd:1003dc067 [ 69.035061] [ T2593] page: refcount:8 mapcount:20 mapping:ffff88813fd736a8 index:0x110 pfn:0x10006c [ 69.035064] [ T2593] head: order:2 mapcount:-2 entire_mapcount:0 nr_pages_mapped:8388532 pincount:0 [ 69.035066] [ T2593] memcg:ffff888003573000 [ 69.035067] [ T2593] aops:0xffffffff8226fd20 ino:82467c dentry name(?):"libc.so.6" [ 69.035069] [ T2593] flags: 0x2000000000416c(referenced|uptodate|lru|active|private|head|node=0|zone=2) [ 69.035072] [ T2593] raw: 002000000000416c ffffea0004002348 ffffea0004001d08 ffff88813fd736a8 [ 69.035074] [ T2593] raw: 0000000000000110 ffff888100d19860 0000000800000013 ffff888003573000 [ 69.035076] [ T2593] head: 002000000000416c ffffea0004002348 ffffea0004001d08 ffff88813fd736a8 [ 69.035078] [ T2593] head: 0000000000000110 ffff888100d19860 0000000800000013 ffff888003573000 [ 69.035079] [ T2593] head: 0020000000000202 ffffea0004001b01 ffffffb4fffffffd 00000000ffffffff [ 69.035081] [ T2593] head: 0000000300000003 0000000500000002 0000000000000013 0000000000000004 [ 69.035082] [ T2593] page dumped because: bad pte [ 69.035083] [ T2593] addr:00007f6524b96000 vm_flags:00000075 anon_vma:0000000000000000 mapping:ffff88813fd736a8 index:110 [ 69.035086] [ T2593] file:libc.so.6 fault:xfs_filemap_fault mmap:xfs_file_mmap read_folio:xfs_vm_read_folio The system eventually becomes unusable and typically crashes. I was able to bisect this issue to the commit: 10ebac4f95e7 ("mm/memory: optimize unmap/zap with PTE-mapped THP"). If I understand correctly, the folio from the first warning has 4 pages, but folio_pte_batch incorrectly counts 5 pages, because expected_pte and pte are both zero-valued PTEs, and the loop is not broken in such a case because pte_same() returns true. [ 27.963266] [ T2553] folio_pte_batch debug: printing PTE values starting at addr=0x7ff06dc11000 [ 27.963268] [ T2553] PTE[ 0] = 000000010085c125 [ 27.963272] [ T2553] PTE[ 1] = 000000010085d125 [ 27.963274] [ T2553] PTE[ 2] = 000000010085e125 [ 27.963276] [ T2553] PTE[ 3] = 000000010085f125 [ 27.963277] [ T2553] PTE[ 4] = 0000000000000000 <-- not present [ 27.963279] [ T2553] PTE[ 5] = 0000000102e47125 [ 27.963281] [ T2553] PTE[ 6] = 0000000102e48125 [ 27.963283] [ T2553] PTE[ 7] = 0000000102e49125 As a consequence, zap_present_folio_ptes() is called with nr = 5, which later calls folio_remove_rmap_ptes(), where __folio_rmap_sanity_checks() emits the warning log. The patch in the following message fixes the problem for me. It adds a check that breaks the loop when encountering non-present PTE, before the !pte_same() check. I still don't fully understand how the zero-valued PTE appears there or why this issue is triggered only when xen-balloon driver shrinks the memory. I wasn't able to reproduce it without shrinking. Cheers, Petr Petr Vaněk (1): mm: Fix folio_pte_batch() overcount with zero PTEs mm/internal.h | 2 ++ 1 file changed, 2 insertions(+) -- 2.48.1

7 months

3
19
0 0

[PATCH 0/3 V3] usb: usbtmc: Fix erroneous ioctl returns

by Dave Penkler

Recent tests with timeouts > INT_MAX produced random error returns with usbtmc_get_stb. This was caused by assigning the return value of wait_event_interruptible_timeout to an int which overflowed to negative values. Also return value on success was the remaining number of jiffies instead of 0. These patches fix all the cases where the return of wait_event_interruptible_timeout was assigned to an int and the case of the remaining jiffies return in usbtmc_get_stb. Patch 1: Fixes usbtmc_get_stb Patch 2: Fixes usbtmc488_ioctl_wait_srq Patch 3: Fixes usbtmc_generic_read Dave Penkler (3): usb: usbtmc: Fix erroneous get_stb ioctl error returns usb: usbtmc: Fix erroneous wait_srq ioctl return usb: usbtmc: Fix erroneous generic_read ioctl return drivers/usb/class/usbtmc.c | 53 ++++++++++++++++++++++---------------- 1 file changed, 31 insertions(+), 22 deletions(-) -- Changes V1 => V2 Add cc to stable line V2 => V3 Add susbsystem to cover letter 2.49.0

7 months, 1 week

1
3
0 0

Linux 6.14.5

by Greg Kroah-Hartman

I'm announcing the release of the 6.14.5 kernel. All users of the 6.14 kernel series must upgrade. The updated 6.14.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.14.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/admin-guide/kernel-parameters.txt | 2 Documentation/bpf/bpf_devel_QA.rst | 8 Documentation/trace/debugging.rst | 2 Makefile | 3 arch/arm/crypto/Kconfig | 10 arch/arm64/crypto/Kconfig | 6 arch/loongarch/Kconfig | 1 arch/loongarch/include/asm/fpu.h | 39 arch/loongarch/include/asm/lbt.h | 10 arch/loongarch/include/asm/ptrace.h | 4 arch/loongarch/kernel/fpu.S | 6 arch/loongarch/kernel/lbt.S | 4 arch/loongarch/kernel/signal.c | 21 arch/loongarch/kernel/traps.c | 20 arch/loongarch/kvm/intc/ipi.c | 4 arch/loongarch/kvm/main.c | 4 arch/loongarch/kvm/vcpu.c | 8 arch/loongarch/mm/hugetlbpage.c | 2 arch/loongarch/mm/init.c | 3 arch/mips/crypto/Kconfig | 7 arch/mips/include/asm/mips-cm.h | 22 arch/mips/kernel/mips-cm.c | 14 arch/parisc/kernel/pdt.c | 2 arch/powerpc/crypto/Kconfig | 7 arch/riscv/crypto/Kconfig | 1 arch/riscv/include/asm/alternative-macros.h | 19 arch/riscv/include/asm/cacheflush.h | 15 arch/riscv/include/asm/ftrace.h | 2 arch/riscv/include/asm/ptrace.h | 18 arch/riscv/kernel/probes/uprobes.c | 10 arch/s390/crypto/Kconfig | 3 arch/s390/kvm/intercept.c | 2 arch/s390/kvm/interrupt.c | 8 arch/s390/kvm/kvm-s390.c | 10 arch/s390/kvm/trace-s390.h | 4 arch/um/include/linux/time-internal.h | 2 arch/um/kernel/skas/syscall.c | 11 arch/x86/crypto/Kconfig | 11 arch/x86/entry/entry.S | 2 arch/x86/events/core.c | 2 arch/x86/include/asm/intel-family.h | 2 arch/x86/include/asm/pgalloc.h | 19 arch/x86/kernel/cpu/bugs.c | 30 arch/x86/kernel/i8253.c | 3 arch/x86/kernel/machine_kexec_32.c | 4 arch/x86/kvm/svm/avic.c | 60 arch/x86/kvm/vmx/posted_intr.c | 28 arch/x86/kvm/x86.c | 20 arch/x86/lib/x86-opcode-map.txt | 4 arch/x86/mm/pgtable.c | 4 arch/x86/mm/tlb.c | 6 arch/x86/pci/xen.c | 8 arch/x86/platform/efi/efi_64.c | 4 arch/x86/xen/enlighten_pvh.c | 19 block/bdev.c | 22 block/blk-cgroup.c | 2 block/blk-settings.c | 8 block/blk.h | 3 block/fops.c | 2 crypto/Kconfig | 3 crypto/crypto_null.c | 39 crypto/ecc.c | 2 crypto/ecdsa-p1363.c | 2 crypto/ecdsa-x962.c | 4 drivers/acpi/ec.c | 28 drivers/acpi/pptt.c | 4 drivers/android/binder.c | 2 drivers/ata/libata-scsi.c | 25 drivers/base/base.h | 17 drivers/base/bus.c | 2 drivers/base/core.c | 38 drivers/base/dd.c | 7 drivers/block/ublk_drv.c | 214 +- drivers/char/misc.c | 2 drivers/char/virtio_console.c | 7 drivers/clk/clk.c | 4 drivers/clk/renesas/rzv2h-cpg.c | 12 drivers/comedi/drivers/jr3_pci.c | 2 drivers/cpufreq/Kconfig.arm | 20 drivers/cpufreq/apple-soc-cpufreq.c | 10 drivers/cpufreq/cppc_cpufreq.c | 2 drivers/cpufreq/scmi-cpufreq.c | 10 drivers/cpufreq/scpi-cpufreq.c | 13 drivers/cpufreq/sun50i-cpufreq-nvmem.c | 18 drivers/crypto/atmel-sha204a.c | 6 drivers/crypto/ccp/sp-pci.c | 1 drivers/cxl/core/regs.c | 4 drivers/dma-buf/udmabuf.c | 2 drivers/dma/bcm2835-dma.c | 2 drivers/dma/dmatest.c | 6 drivers/firmware/stratix10-svc.c | 14 drivers/gpio/gpiolib-of.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 14 drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 14 drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 19 drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 8 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 12 drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 6 drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v12_0.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 2 drivers/gpu/drm/amd/amdgpu/psp_v11_0.c | 2 drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 2 drivers/gpu/drm/amd/amdgpu/psp_v14_0.c | 2 drivers/gpu/drm/amd/amdkfd/kfd_topology.c | 3 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 9 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 2 drivers/gpu/drm/meson/meson_drv.c | 2 drivers/gpu/drm/meson/meson_drv.h | 2 drivers/gpu/drm/meson/meson_encoder_hdmi.c | 29 drivers/gpu/drm/meson/meson_vclk.c | 195 + drivers/gpu/drm/meson/meson_vclk.h | 13 drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c | 4 drivers/gpu/drm/xe/regs/xe_gt_regs.h | 4 drivers/gpu/drm/xe/tests/xe_rtp_test.c | 2 drivers/gpu/drm/xe/xe_gt.c | 4 drivers/gpu/drm/xe/xe_gt_debugfs.c | 11 drivers/gpu/drm/xe/xe_gt_types.h | 10 drivers/gpu/drm/xe/xe_hw_engine.c | 18 drivers/gpu/drm/xe/xe_reg_whitelist.c | 4 drivers/gpu/drm/xe/xe_rtp.c | 6 drivers/gpu/drm/xe/xe_rtp.h | 2 drivers/gpu/drm/xe/xe_tuning.c | 71 drivers/gpu/drm/xe/xe_tuning.h | 3 drivers/gpu/drm/xe/xe_wa.c | 22 drivers/gpu/drm/xe/xe_wa_oob.rules | 2 drivers/i3c/master/svc-i3c-master.c | 17 drivers/iio/adc/ad4695.c | 34 drivers/iio/adc/ad7768-1.c | 5 drivers/infiniband/hw/qib/qib_fs.c | 1 drivers/iommu/amd/iommu.c | 2 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3-iommufd.c | 2 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 4 drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h | 1 drivers/iommu/iommu.c | 3 drivers/irqchip/irq-gic-v2m.c | 2 drivers/irqchip/irq-renesas-rzv2h.c | 91 drivers/mailbox/pcc.c | 15 drivers/mcb/mcb-parse.c | 2 drivers/md/raid1.c | 26 drivers/media/i2c/Kconfig | 1 drivers/media/i2c/imx214.c | 978 ++++------ drivers/media/i2c/ov08x40.c | 56 drivers/misc/lkdtm/perms.c | 14 drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c | 8 drivers/misc/mei/hw-me-regs.h | 1 drivers/misc/mei/pci-me.c | 1 drivers/misc/mei/vsc-tp.c | 26 drivers/mmc/host/sdhci-msm.c | 2 drivers/net/dsa/mt7530.c | 6 drivers/net/ethernet/amd/pds_core/adminq.c | 36 drivers/net/ethernet/amd/pds_core/auxbus.c | 3 drivers/net/ethernet/amd/pds_core/core.c | 9 drivers/net/ethernet/amd/pds_core/core.h | 4 drivers/net/ethernet/amd/pds_core/devlink.c | 4 drivers/net/ethernet/freescale/enetc/enetc.c | 45 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 24 drivers/net/ethernet/mediatek/mtk_eth_soc.h | 10 drivers/net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c | 26 drivers/net/ethernet/stmicro/stmmac/dwmac-socfpga.c | 18 drivers/net/ethernet/stmicro/stmmac/dwmac1000.h | 4 drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c | 2 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 62 drivers/net/ethernet/sun/niu.c | 2 drivers/net/phy/dp83822.c | 40 drivers/net/phy/microchip.c | 46 drivers/net/phy/phy_device.c | 53 drivers/net/phy/phy_led_triggers.c | 23 drivers/net/phy/phylink.c | 164 + drivers/net/virtio_net.c | 125 - drivers/net/vmxnet3/vmxnet3_xdp.c | 2 drivers/net/xen-netfront.c | 17 drivers/ntb/hw/amd/ntb_hw_amd.c | 1 drivers/ntb/hw/idt/ntb_hw_idt.c | 18 drivers/nvme/host/core.c | 9 drivers/nvme/host/multipath.c | 2 drivers/nvme/target/core.c | 3 drivers/nvme/target/fc.c | 25 drivers/nvme/target/pci-epf.c | 14 drivers/of/resolver.c | 37 drivers/pci/msi/msi.c | 38 drivers/phy/rockchip/phy-rockchip-usbdp.c | 1 drivers/pinctrl/pinctrl-mcp23s08.c | 23 drivers/pinctrl/renesas/pinctrl-rza2.c | 3 drivers/platform/x86/x86-android-tablets/dmi.c | 14 drivers/platform/x86/x86-android-tablets/other.c | 124 - drivers/platform/x86/x86-android-tablets/x86-android-tablets.h | 3 drivers/pwm/core.c | 13 drivers/pwm/pwm-axi-pwmgen.c | 10 drivers/regulator/rk808-regulator.c | 4 drivers/rtc/rtc-pcf85063.c | 19 drivers/s390/char/sclp_con.c | 17 drivers/s390/char/sclp_tty.c | 12 drivers/scsi/hisi_sas/hisi_sas_main.c | 20 drivers/scsi/mpi3mr/mpi3mr_fw.c | 2 drivers/scsi/pm8001/pm8001_sas.c | 1 drivers/scsi/scsi.c | 36 drivers/scsi/scsi_lib.c | 6 drivers/soc/qcom/ice.c | 48 drivers/spi/spi-imx.c | 5 drivers/spi/spi-tegra210-quad.c | 6 drivers/staging/gpib/agilent_82350b/agilent_82350b.c | 10 drivers/thunderbolt/tb.c | 16 drivers/tty/serial/msm_serial.c | 6 drivers/tty/serial/sifive.c | 6 drivers/tty/vt/selection.c | 5 drivers/ufs/core/ufs-mcq.c | 12 drivers/ufs/core/ufshcd.c | 2 drivers/ufs/host/ufs-exynos.c | 44 drivers/ufs/host/ufs-exynos.h | 1 drivers/ufs/host/ufs-qcom.c | 2 drivers/usb/cdns3/cdns3-gadget.c | 2 drivers/usb/chipidea/ci_hdrc_imx.c | 44 drivers/usb/class/cdc-wdm.c | 21 drivers/usb/core/quirks.c | 9 drivers/usb/dwc3/dwc3-pci.c | 10 drivers/usb/dwc3/dwc3-xilinx.c | 4 drivers/usb/dwc3/gadget.c | 28 drivers/usb/gadget/udc/aspeed-vhub/dev.c | 3 drivers/usb/host/max3421-hcd.c | 7 drivers/usb/host/ohci-pci.c | 23 drivers/usb/host/xhci-hub.c | 30 drivers/usb/host/xhci-mvebu.c | 10 drivers/usb/host/xhci-mvebu.h | 6 drivers/usb/host/xhci-plat.c | 2 drivers/usb/host/xhci-ring.c | 75 drivers/usb/host/xhci.c | 4 drivers/usb/host/xhci.h | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 5 drivers/usb/serial/option.c | 3 drivers/usb/serial/usb-serial-simple.c | 7 drivers/usb/storage/unusual_uas.h | 7 drivers/usb/typec/class.c | 24 drivers/usb/typec/class.h | 1 drivers/usb/typec/ucsi/cros_ec_ucsi.c | 5 drivers/usb/typec/ucsi/ucsi.c | 19 drivers/usb/typec/ucsi/ucsi.h | 6 drivers/usb/typec/ucsi/ucsi_acpi.c | 5 drivers/usb/typec/ucsi/ucsi_ccg.c | 67 drivers/vhost/scsi.c | 80 drivers/virtio/virtio_pci_modern.c | 4 drivers/xen/Kconfig | 2 fs/btrfs/file.c | 9 fs/btrfs/zoned.c | 1 fs/ceph/inode.c | 2 fs/ext4/block_validity.c | 5 fs/ext4/inode.c | 7 fs/iomap/buffered-io.c | 2 fs/namespace.c | 69 fs/netfs/main.c | 4 fs/ntfs3/file.c | 20 fs/smb/client/sess.c | 60 fs/smb/client/smb1ops.c | 36 fs/smb/server/vfs_cache.c | 8 fs/splice.c | 2 fs/xattr.c | 4 include/linux/blkdev.h | 4 include/linux/energy_model.h | 12 include/linux/math.h | 12 include/linux/msi.h | 3 include/linux/pci.h | 2 include/linux/phy.h | 4 include/linux/phylink.h | 4 include/net/netfilter/nft_fib.h | 21 include/soc/qcom/ice.h | 2 include/uapi/linux/virtio_pci.h | 1 init/Kconfig | 2 io_uring/io_uring.c | 15 io_uring/refs.h | 7 kernel/bpf/bpf_cgrp_storage.c | 11 kernel/bpf/hashtab.c | 6 kernel/bpf/preload/bpf_preload_kern.c | 1 kernel/bpf/syscall.c | 6 kernel/bpf/verifier.c | 32 kernel/cgroup/cgroup.c | 29 kernel/cgroup/cpuset-internal.h | 1 kernel/cgroup/cpuset.c | 14 kernel/dma/contiguous.c | 3 kernel/events/core.c | 6 kernel/irq/msi.c | 2 kernel/panic.c | 6 kernel/power/energy_model.c | 47 kernel/sched/ext.c | 4 kernel/sched/fair.c | 4 kernel/time/tick-common.c | 22 kernel/trace/bpf_trace.c | 7 kernel/trace/trace.c | 10 lib/Kconfig.ubsan | 1 lib/crypto/Kconfig | 37 lib/test_ubsan.c | 18 mm/vmscan.c | 7 net/9p/client.c | 30 net/9p/trans_fd.c | 17 net/core/lwtunnel.c | 26 net/core/selftests.c | 18 net/ipv4/netfilter/nft_fib_ipv4.c | 11 net/ipv6/netfilter/nft_fib_ipv6.c | 19 net/mptcp/pm_userspace.c | 6 net/sched/sch_hfsc.c | 23 net/tipc/monitor.c | 3 rust/Makefile | 8 rust/kernel/firmware.rs | 8 scripts/Makefile.lib | 2 scripts/Makefile.vmlinux | 4 sound/soc/codecs/aw88081.c | 10 sound/soc/codecs/wcd934x.c | 2 sound/soc/fsl/fsl_asrc_dma.c | 15 sound/virtio/virtio_pcm.c | 21 tools/arch/x86/lib/x86-opcode-map.txt | 4 tools/bpf/bpftool/prog.c | 1 tools/objtool/check.c | 36 tools/testing/selftests/bpf/cap_helpers.c | 8 tools/testing/selftests/bpf/cap_helpers.h | 1 tools/testing/selftests/bpf/network_helpers.c | 33 tools/testing/selftests/bpf/prog_tests/verifier.c | 4 tools/testing/selftests/bpf/test_loader.c | 6 tools/testing/selftests/mincore/mincore_selftest.c | 3 tools/testing/selftests/pcie_bwctrl/Makefile | 3 tools/testing/selftests/ublk/test_stripe_04.sh | 24 323 files changed, 3670 insertions(+), 2042 deletions(-) Adam Xue (1): USB: serial: option: add Sierra Wireless EM9291 Al Viro (2): fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() qibfs: fix _another_ leak Alexander Stein (1): usb: host: max3421-hcd: Add missing spi_device_id table Alexander Usyskin (1): mei: me: add panther lake H DID Alexei Starovoitov (2): bpf: Add namespace to BPF internal symbols bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Alexey Nepomnyashih (1): xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() Alexis Lothore (1): net: stmmac: fix dwmac1000 ptp timestamp status offset Alexis Lothoré (1): net: stmmac: fix multiplication overflow when reading timestamp Amery Hung (1): selftests/bpf: Fix stdout race condition in traffic monitor Anastasia Kovaleva (1): scsi: core: Clear flags for scsi_cmnd that did not complete Andre Przywara (1): cpufreq: sun50i: prevent out-of-bounds access Andrei Kuchynski (2): usb: typec: class: Fix NULL pointer access usb: typec: class: Invalidate USB device pointers on partner unregistration Andrew Jones (1): riscv: Provide all alternative macros all the time André Apitzsch (6): media: i2c: imx214: Use subdev active state media: i2c: imx214: Simplify with dev_err_probe() media: i2c: imx214: Convert to CCI register access helpers media: i2c: imx214: Replace register addresses with macros media: i2c: imx214: Check number of lanes from device tree media: i2c: imx214: Fix link frequency validation Andy Shevchenko (3): usb: dwc3: gadget: Refactor loop to avoid NULL endpoints usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield gpiolib: of: Move Atmel HSMCI quirk up out of the regulator comment Andy Yan (1): phy: rockchip: usbdp: Avoid call hpd_event_trigger in dp_phy_init Arnd Bergmann (2): dma/contiguous: avoid warning about unused size_bytes ntb: reduce stack usage in idt_scan_mws Basavaraj Natikar (1): ntb_hw_amd: Add NTB PCI ID for new gen CPU Benjamin Berg (1): um: work around sched_yield not yielding in time-travel mode Bibo Mao (2): LoongArch: KVM: Fully clear some CSRs when VM reboot LoongArch: KVM: Fix PMU pass-through issue if VM exits to host finally Biju Das (4): irqchip/renesas-rzv2h: Simplify rzv2h_icu_init() irqchip/renesas-rzv2h: Add struct rzv2h_hw_info with t_offs variable irqchip/renesas-rzv2h: Prevent TINT spurious interrupt clk: renesas: rzv2h: Adjust for CPG_BUS_m_MSTOP starting from m = 1 Björn Töpel (2): riscv: Replace function-like macro by static inline function riscv: uprobes: Add missing fence.i after building the XOL buffer Bo-Cun Chen (1): net: ethernet: mtk_eth_soc: net: revise NETSYSv3 hardware configuration Breno Leitao (3): sched_ext: Use kvzalloc for large exit_dump allocation spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts spi: tegra210-quad: add rate limiting and simplify timeout error message Brett Creeley (3): pds_core: Prevent possible adminq overflow/stuck condition pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result pds_core: Remove unnecessary check in pds_client_adminq_cmd() Bui Quang Minh (1): virtio-net: disable delayed refill when pausing rx Caleb Sander Mateos (1): ublk: remove unused cmd argument to ublk_dispatch_req() Carlos Llamas (1): binder: fix offset calculation in debug log Charlie Jenkins (1): riscv: tracing: Fix __write_overflow_field in ftrace_partial_regs() Chenyuan Yang (4): scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() pinctrl: renesas: rza2: Fix potential NULL pointer dereference usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() Christian Hewitt (1): Revert "drm/meson: vclk: fix calculation of 59.94 fractional rates" Christian König (1): drm/amdgpu: use a dummy owner for sysfs triggered cleaner shaders v4 Christian Schrefl (1): rust: firmware: Use `ffi::c_char` type in `FwFunc` Christoph Hellwig (4): block: never reduce ra_pages in blk_apply_bdi_limits block: move blkdev_{get,put} _no_open prototypes out of blkdev.h block: remove the backing_inode variable in bdev_statx block: don't autoload drivers on stat Cong Wang (2): net_sched: hfsc: Fix a UAF vulnerability in class handling net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Craig Hesling (1): USB: serial: simple: add OWON HDS200 series oscilloscope support Damien Le Moal (5): ata: libata-scsi: Improve CDL control ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type ata: libata-scsi: Fix ata_msense_control_ata_feature() scsi: Improve CDL control nvmet: pci-epf: cleanup link state management Dan Carpenter (2): usb: typec: class: Unlocked on error in typec_register_partner() media: i2c: imx214: Fix uninitialized variable in imx214_set_ctrl() Daniel Borkmann (1): vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp Daniel Golle (1): net: dsa: mt7530: sync driver-specific behavior of MT7531 variants Daniel Jurgens (1): virtio_pci: Use self group type for cap commands Daniel Wagner (2): nvmet-fc: take tgtport reference only once nvmet-fc: put ref when assoc->del_work is already scheduled Dave Penkler (1): staging: gpib: Use min for calculating transfer length David Howells (1): ceph: Fix incorrect flush end position calculation Devaraj Rangasamy (1): crypto: ccp - Add support for PCI device 0x1134 Dimitri Fedrau (3): net: phy: Add helper for getting tx amplitude gain net: phy: dp83822: Add support for changing the transmit amplitude voltage net: phy: dp83822: fix transmit amplitude if CONFIG_OF_MDIO not defined Dmitry Baryshkov (2): usb: typec: ucsi: return CCI and message from sync_control callback usb: typec: ucsi: ccg: move command quirks to ucsi_ccg_sync_control() Dmitry Mastykin (1): pinctrl: mcp23s08: Get rid of spurious level interrupts Dmitry Torokhov (3): Revert "drivers: core: synchronize really_probe() and dev_uevent()" driver core: introduce device_set_driver() helper driver core: fix potential NULL pointer dereference in dev_uevent() Dominique Martinet (1): 9p/net: fix improper handling of bogus negative read/write replies Dongli Zhang (2): vhost-scsi: Fix vhost_scsi_send_bad_target() vhost-scsi: Fix vhost_scsi_send_status() Edward Adam Davis (1): fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size Emily Deng (1): drm/amdkfd: sriov doesn't support per queue reset Fedor Pchelkin (3): usb: chipidea: ci_hdrc_imx: fix usbmisc handling usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling Feng Yang (1): selftests/bpf: Fix cap_enable_effective() return code Fernando Fernandez Mancera (1): x86/i8253: Call clockevent_i8253_disable() with interrupts disabled Fiona Klute (1): net: phy: microchip: force IRQ polling mode for lan88xx Florian Westphal (1): netfilter: fib: avoid lookup if socket is available Frode Isaksen (1): usb: dwc3: gadget: check that event count does not exceed event buffer length Gabriel Shahrouzi (1): perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init Gou Hao (1): iomap: skip unnecessary ifs_block_is_uptodate check Greg Kroah-Hartman (1): Linux 6.14.5 Gregory CLEMENT (1): MIPS: cm: Detect CM quirks from device tree Günther Noack (1): tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT Halil Pasic (1): virtio_console: fix missing byte order handling for cols and rows Hannes Reinecke (3): nvme: requeue namespace scan on missed AENs nvme: re-read ANA log page after ns scan completes nvme: fixup scan failure for non-ANA multipath controllers Hans de Goede (5): media: ov08x40: Move ov08x40_identify_module() function up media: ov08x40: Add missing ov08x40_identify_module() call on stream-start mei: vsc: Fix fortify-panic caused by invalid counted_by() use platform/x86: x86-android-tablets: Add "9v" to Vexia EDU ATLA 10 tablet symbols platform/x86: x86-android-tablets: Add Vexia Edu Atla 10 tablet 5V data Haoxiang Li (3): mcb: fix a double free bug in chameleon_parse_gdd() s390/sclp: Add check for get_zeroed_page() s390/tty: Fix a potential memory leak bug Heiko Stuebner (1): clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() Henry Martin (5): cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() net/mlx5: Move ttc allocation after switch case to prevent leaks Herbert Xu (4): crypto: lib/Kconfig - Fix lib built-in failure when arch is modular crypto: null - Use spin lock instead of mutex crypto: lib/Kconfig - Hide arch options from user crypto: Kconfig - Select LIB generic option Huacai Chen (1): USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) Hugo Villeneuve (1): drm: panel: jd9365da: fix reset signal polarity in unprepare Huisong Li (1): mailbox: pcc: Fix the possible race in updation of chan_in_use flag Ian Abbott (1): comedi: jr3_pci: Fix synchronous deletion of timer Ignacio Encinas (1): 9p/trans_fd: mark concurrent read and writes to p9_conn->err Igor Pylypiv (1): scsi: pm80xx: Set phy_attached to zero when device is gone Ilpo Järvinen (1): selftests/pcie_bwctrl: Fix test progs list Jan Kara (1): fs/xattr: Fix handling of AT_FDCWD in setxattrat(2) and getxattrat(2) Jason Andryuk (1): xen: Change xen-acpi-processor dom0 dependency Jay Cornwall (1): drm/amdgpu: Increase KIQ invalidate_tlbs timeout Jean-Marc Eurin (1): ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls Jens Axboe (1): io_uring: fix 'sync' handling of io_fallback_tw() Jinjiang Tu (1): mm/vmscan: don't try to reclaim hwpoison folio Joe Damato (2): virtio-net: Refactor napi_enable paths virtio-net: Refactor napi_disable paths Johan Hovold (1): cpufreq: fix compile-test defaults Johannes Schneider (1): net: dp83822: Fix OF_MDIO config check Johannes Thumshirn (1): btrfs: zoned: return EIO on RAID1 block group write pointer mismatch John Stultz (1): sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Jonathan Cameron (1): iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check Jonathan Currier (2): PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads Josh Poimboeuf (11): objtool: Silence more KCOV warnings objtool, panic: Disable SMAP in __stack_chk_fail() objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() objtool, lkdtm: Obfuscate the do_nothing() pointer objtool: Stop UNRET validation on UD2 x86/bugs: Use SBPB in write_ibpb() if applicable x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline x86/bugs: Don't fill RSB on context switch with eIBRS objtool: Ignore end-of-section jumps for KCOV/GCOV objtool: Silence more KCOV warnings, part 2 Juergen Gross (1): x86/mm: Fix _pgd_alloc() for Xen PV mode Julia Filipchuk (1): drm/xe/xe3lpg: Apply Wa_14022293748, Wa_22019794406 Justin Iurman (1): net: lwtunnel: disable BHs when required Kirill A. Shutemov (1): x86/insn: Fix CTEST instruction decoding Krzysztof Kozlowski (1): cpufreq: Do not enable by default during compile testing Li RongQing (1): PM: EM: use kfree_rcu() to simplify the code Lijo Lazar (1): drm/amdgpu: Use the right function for hdp flush Lizhi Xu (1): fs/ntfs3: Keep write operations atomic Lucas De Marchi (1): drm/xe/rtp: Drop sentinels from arg to xe_rtp_process_to_sr() Luis Chamberlain (1): bdev: use bdev_io_min() for statx block size Lukas Stockmann (1): rtc: pcf85063: do a SW reset if POR failed Lukas Wunner (1): crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Luo Gengkun (1): perf/x86: Fix non-sampling (counting) events on certain x86 platforms Mahesh Rao (1): firmware: stratix10-svc: Add of_platform_default_populate() Marc Zyngier (1): cpufreq: cppc: Fix invalid return value in .get() callback Marek Behún (1): crypto: atmel-sha204a - Set hwrng quality to lowest possible Mario Limonciello (3): drm/amd/display: Fix ACPI edid parsing on some Lenovo systems ACPI: EC: Set ec_no_wakeup for Lenovo Go S drm/amd: Forbid suspending into non-default suspend states Martin Blumenstingl (1): drm/meson: use unsigned long long / Hz for frequency types Martin KaFai Lau (1): bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage Mat Martineau (1): mptcp: pm: Defer freeing of MPTCP userspace path manager entries Mathias Nyman (2): xhci: Limit time spent with xHC interrupts disabled during bus resume xhci: Handle spurious events on Etron host isoc enpoints Meir Elisha (1): md/raid1: Add check for missing source disk in process_checks() Miao Li (2): usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive Michael Ehrenreich (1): USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe Michal Pecio (5): usb: xhci: Fix invalid pointer dereference in Etron workaround usb: xhci: Complete 'error mid TD' transfers when handling Missed Service usb: xhci: Fix isochronous Ring Underrun/Overrun event handling usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running usb: xhci: Fix Short Packet handling rework ignoring errors Miguel Ojeda (1): rust: kbuild: skip `--remap-path-prefix` for `rustdoc` Mika Westerberg (1): thunderbolt: Scan retimers after device router has been enumerated Mike Christie (1): vhost-scsi: Add better resource allocation failure handling Mike Looijmans (1): usb: dwc3: xilinx: Prevent spike in reset signal Ming Lei (7): ublk: comment on ubq->canceling handling in ublk_queue_rq() ublk: implement ->queue_rqs() ublk: call ublk_dispatch_req() for handling UBLK_U_IO_NEED_GET_DATA selftests: ublk: fix test_stripe_04 ublk: add ublk_force_abort_dev() ublk: rely on ->canceling for dealing with ublk_nosrv_dev_should_queue_io ublk: don't fail request for recovery & reissue in case of ubq->canceling Ming Wang (1): LoongArch: Return NULL from huge_pte_offset() for invalid PMD Mostafa Saleh (1): ubsan: Fix panic from test_ubsan_out_of_bounds Namjae Jeon (1): ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING" Nathan Chancellor (1): lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP Nicolin Chen (1): iommu/arm-smmu-v3: Set MEV bit in nested STE for DoS mitigations Niranjana Vishwanathapura (1): drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change Nirmoy Das (1): drm/xe/ptl: Apply Wa_14023061436 Ojaswin Mujoo (1): ext4: make block validity check resistent to sb bh corruption Oleg Nesterov (1): sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP Oleksij Rempel (1): net: selftests: initialize TCP header and skb payload with zero Oliver Neukum (6): USB: storage: quirk for ADATA Portable HDD CH94 USB: VLI disk crashes if LPM is used USB: wdm: handle IO errors in wdm_wwan_port_start USB: wdm: close race between wdm_open and wdm_wwan_port_stop USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context USB: wdm: add annotation Omar Sandoval (1): sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash Pali Rohár (2): cifs: Fix encoding of SMB1 Session Setup Kerberos Request in non-UNICODE mode cifs: Fix querying of WSL CHR and BLK reparse points over SMB1 Pavel Begunkov (1): io_uring: always do atomic put from iowq Peter Griffin (4): scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO scsi: ufs: exynos: Move phy calls to .exit() callback scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend() Petr Tesarik (1): LoongArch: Remove a bogus reference to ZONE_DMA Pi Xiange (1): x86/cpu: Add CPU model number for Bartlett Lake CPUs with Raptor Cove cores Qingfang Deng (1): net: phy: leds: fix memory leak Qiuxu Zhuo (1): selftests/mincore: Allow read-ahead pages to reach the end of the file Qu Wenruo (1): btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() Rafael J. Wysocki (1): PM: EM: Address RCU-related sparse warnings Ralph Siemsen (1): usb: cdns3: Fix deadlock when using NCM gadget Ranjan Kumar (1): scsi: mpi3mr: Fix pending I/O counter Rengarajan S (2): misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack Richard Weinberger (1): nvmet: fix out-of-bounds access in nvmet_enable_port Rob Herring (Arm) (1): of: resolver: Simplify of_resolve_phandles() using __free() Robin Murphy (1): iommu: Clear iommu-dma ops on cleanup Roger Pau Monne (2): PCI/MSI: Convert pci_msi_ignore_mask to per MSI domain flag x86/xen: disable CPU idle and frequency drivers for PVH dom0 Roman Li (2): drm/amd/display: Fix gpu reset in multidisplay config drm/amd/display: Force full update in gpu reset Russell King (Oracle) (8): net: phylink: force link down on major_config failure net: phylink: fix suspend/resume with WoL enabled and link down net: stmmac: simplify phylink_suspend() and phylink_resume() calls net: phylink: add phylink_prepare_resume() net: stmmac: address non-LPI resume failures properly net: stmmac: socfpga: remove phy_resume() call net: phylink: add functions to block/unblock rx clock stop net: stmmac: block PHY RXC clock-stop Ryo Takakura (1): serial: sifive: lock port in startup()/shutdown() callbacks Sean Christopherson (5): iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE KVM: SVM: Allocate IR data using atomic allocation KVM: x86: Explicitly treat routing entry type changes as changes KVM: x86: Reset IRTE to host control if *new* route isn't postable KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer Sebastian Andrzej Siewior (1): timekeeping: Add a lockdep override in tick_freeze() Sergiu Cuciurean (1): iio: adc: ad7768-1: Fix conversion result sign Sewon Nam (1): bpf: bpftool: Setting error code in do_loader() Shannon Nelson (1): pds_core: make wait_context part of q_info Shengjiu Wang (1): ASoC: fsl_asrc_dma: get codec or cpu dai from backend Smita Koralahalli (1): cxl/core/regs.c: Skip Memory Space Enable check for RCD and RCH Ports Song Liu (1): netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS Stanley Chu (1): i3c: master: svc: Add support for Nuvoton npcm845 i3c Stefan Wahren (1): dmaengine: bcm2835-dma: fix warning when CONFIG_PM=n Stephan Gerhold (1): serial: msm: Configure correct working mode before starting earlycon Steven Rostedt (1): tracing: Enforce the persistent ring buffer to be page aligned Sudeep Holla (1): mailbox: pcc: Always clear the platform ack interrupt first Suzuki K Poulose (1): irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() T.J. Mercier (2): cgroup/cpuset-v1: Add missing support for cpuset_v2_mode splice: remove duplicate noinline from pipe_clear_nowait Tamura Dai (1): spi: spi-imx: Add check for spi_imx_setupxfer() Tejas Upadhyay (1): drm/xe/xe3lpg: Add Wa_13012615864 Thadeu Lima de Souza Cascardo (1): char: misc: register chrdev region with all possible minors Thomas Bogendoerfer (1): MIPS: cm: Fix warning if MIPS_CM is disabled Thomas Gleixner (1): PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends Thomas Weißschuh (3): kbuild, rust: use -fremap-path-prefix to make paths relative KVM: s390: Don't use %pK through tracepoints KVM: s390: Don't use %pK through debug printing Théo Lebrun (1): usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func Tiezhu Yang (3): LoongArch: Make regs_irqs_disabled() more clear LoongArch: Make do_xyz() exception handlers more robust LoongArch: Handle fp, lsx, lasx and lbt assembly symbols Trevor Gamblin (1): iio: adc: ad4695: make ad4695_exit_conversion_mode() more robust Tudor Ambarus (3): soc: qcom: ice: introduce devm_of_qcom_ice_get mmc: sdhci-msm: fix dev reference leaked through of_qcom_ice_get scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get Tung Nguyen (1): tipc: fix NULL pointer dereference in tipc_mon_reinit_self() Tvrtko Ursulin (1): drm/xe: Add performance tunings to debugfs Uday Shankar (2): ublk: remove io_cmds list in ublk_queue nvme: multipath: fix return value of nvme_available_path Uwe Kleine-König (2): pwm: Let pwm_set_waveform() succeed even if lowlevel driver rounded up pwm: axi-pwmgen: Let .round_waveform_tohw() signal when request was rounded up Vinicius Costa Gomes (1): dmaengine: dmatest: Fix dmatest waiting less when interrupted Vladimir Oltean (3): net: enetc: register XDP RX queues with frag_size net: enetc: refactor bulk flipping of RX buffers to separate function net: enetc: fix frame corruption on bpf_xdp_adjust_head/tail() and XDP_PASS Waiman Long (1): cgroup/cpuset: Don't allow creation of local partition over a remote one Weidong Wang (1): ASoC: codecs: Add of_match_table for aw888081 driver Xi Ruoyao (1): kbuild: add dependency from vmlinux to sorttable Xiaogang Chen (1): udmabuf: fix a buf size overflow issue during udmabuf creation Xingui Yang (1): scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes Yafang Shao (1): bpf: Reject attaching fexit/fmod_ret to __noreturn functions Yonghong Song (1): bpf: Fix kmemleak warning for percpu hashmap Yu-Chun Lin (1): parisc: PDT: Fix missing prototype warning Yuli Wang (1): LoongArch: Select ARCH_USE_MEMTEST Yulong Han (1): LoongArch: KVM: Fix multiple typos of KVM code Zijun Hu (1): of: resolver: Fix device node refcount leakage in of_resolve_phandles()

7 months, 1 week

1
1
0 0

Linux 6.12.26

by Greg Kroah-Hartman

I'm announcing the release of the 6.12.26 kernel. All users of the 6.12 kernel series must upgrade. The updated 6.12.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.12.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/bpf/bpf_devel_QA.rst | 8 Makefile | 2 arch/arm/crypto/Kconfig | 10 arch/arm64/boot/dts/ti/k3-j784s4-j742s2-common.dtsi | 148 arch/arm64/boot/dts/ti/k3-j784s4-j742s2-main-common.dtsi | 2673 +++++++++ arch/arm64/boot/dts/ti/k3-j784s4-j742s2-mcu-wakeup-common.dtsi | 760 ++ arch/arm64/boot/dts/ti/k3-j784s4-j742s2-thermal-common.dtsi | 104 arch/arm64/boot/dts/ti/k3-j784s4-main.dtsi | 2847 ---------- arch/arm64/boot/dts/ti/k3-j784s4-mcu-wakeup.dtsi | 760 -- arch/arm64/boot/dts/ti/k3-j784s4-thermal.dtsi | 104 arch/arm64/boot/dts/ti/k3-j784s4.dtsi | 133 arch/arm64/crypto/Kconfig | 6 arch/loongarch/Kconfig | 1 arch/loongarch/include/asm/fpu.h | 39 arch/loongarch/include/asm/lbt.h | 10 arch/loongarch/include/asm/ptrace.h | 4 arch/loongarch/kernel/fpu.S | 6 arch/loongarch/kernel/lbt.S | 4 arch/loongarch/kernel/signal.c | 21 arch/loongarch/kernel/traps.c | 20 arch/loongarch/kvm/vcpu.c | 8 arch/loongarch/mm/hugetlbpage.c | 2 arch/loongarch/mm/init.c | 3 arch/mips/crypto/Kconfig | 7 arch/mips/include/asm/mips-cm.h | 22 arch/mips/kernel/mips-cm.c | 14 arch/parisc/kernel/pdt.c | 2 arch/powerpc/crypto/Kconfig | 7 arch/riscv/crypto/Kconfig | 1 arch/riscv/include/asm/alternative-macros.h | 19 arch/riscv/include/asm/cacheflush.h | 15 arch/riscv/kernel/probes/uprobes.c | 10 arch/s390/crypto/Kconfig | 3 arch/s390/kvm/intercept.c | 2 arch/s390/kvm/interrupt.c | 8 arch/s390/kvm/kvm-s390.c | 10 arch/s390/kvm/trace-s390.h | 4 arch/um/include/linux/time-internal.h | 2 arch/um/kernel/skas/syscall.c | 11 arch/x86/crypto/Kconfig | 11 arch/x86/entry/entry.S | 2 arch/x86/events/core.c | 2 arch/x86/include/asm/cpufeatures.h | 1 arch/x86/include/asm/intel-family.h | 2 arch/x86/kernel/cpu/bugs.c | 30 arch/x86/kernel/i8253.c | 3 arch/x86/kvm/svm/avic.c | 66 arch/x86/kvm/vmx/posted_intr.c | 28 arch/x86/kvm/x86.c | 20 arch/x86/lib/x86-opcode-map.txt | 4 arch/x86/mm/tlb.c | 6 arch/x86/pci/xen.c | 8 arch/x86/xen/enlighten_pvh.c | 19 block/blk-merge.c | 26 block/blk-mq.c | 6 block/blk-settings.c | 8 block/mq-deadline.c | 13 crypto/Kconfig | 3 crypto/crypto_null.c | 39 drivers/accel/ivpu/ivpu_drv.c | 10 drivers/accel/ivpu/ivpu_drv.h | 2 drivers/accel/ivpu/ivpu_fw.c | 18 drivers/accel/ivpu/ivpu_fw.h | 3 drivers/accel/ivpu/ivpu_hw.h | 12 drivers/accel/ivpu/ivpu_hw_btrs.c | 128 drivers/accel/ivpu/ivpu_hw_btrs.h | 6 drivers/accel/ivpu/ivpu_job.c | 14 drivers/accel/ivpu/ivpu_sysfs.c | 24 drivers/acpi/ec.c | 28 drivers/acpi/pptt.c | 4 drivers/ata/libata-scsi.c | 25 drivers/base/base.h | 17 drivers/base/bus.c | 2 drivers/base/core.c | 38 drivers/base/dd.c | 7 drivers/char/misc.c | 2 drivers/char/virtio_console.c | 7 drivers/clk/clk.c | 4 drivers/comedi/drivers/jr3_pci.c | 2 drivers/cpufreq/Kconfig.arm | 20 drivers/cpufreq/apple-soc-cpufreq.c | 10 drivers/cpufreq/cppc_cpufreq.c | 2 drivers/cpufreq/scmi-cpufreq.c | 10 drivers/cpufreq/scpi-cpufreq.c | 13 drivers/cpufreq/sun50i-cpufreq-nvmem.c | 18 drivers/crypto/atmel-sha204a.c | 6 drivers/crypto/ccp/sp-pci.c | 1 drivers/cxl/core/regs.c | 4 drivers/dma/dmatest.c | 6 drivers/firmware/stratix10-svc.c | 14 drivers/gpio/gpiolib-of.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 14 drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 19 drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 8 drivers/gpu/drm/amd/amdgpu/gfx_v11_0.c | 12 drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 6 drivers/gpu/drm/amd/amdgpu/gmc_v10_0.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v11_0.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v12_0.c | 4 drivers/gpu/drm/amd/amdgpu/gmc_v9_0.c | 2 drivers/gpu/drm/amd/amdgpu/psp_v11_0.c | 2 drivers/gpu/drm/amd/amdgpu/psp_v13_0.c | 2 drivers/gpu/drm/amd/amdgpu/psp_v14_0.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 9 drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_wrapper.c | 11 drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c | 6 drivers/gpu/drm/panel/panel-jadard-jd9365da-h3.c | 4 drivers/gpu/drm/xe/xe_wa_oob.rules | 2 drivers/i3c/master/svc-i3c-master.c | 17 drivers/iio/adc/ad7768-1.c | 5 drivers/infiniband/hw/qib/qib_fs.c | 1 drivers/iommu/amd/iommu.c | 2 drivers/iommu/iommu.c | 8 drivers/irqchip/irq-gic-v2m.c | 2 drivers/mailbox/pcc.c | 15 drivers/mcb/mcb-parse.c | 2 drivers/md/raid1.c | 26 drivers/media/i2c/Kconfig | 1 drivers/media/i2c/imx214.c | 978 +-- drivers/media/i2c/ov08x40.c | 56 drivers/misc/lkdtm/perms.c | 14 drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c | 8 drivers/misc/mei/hw-me-regs.h | 1 drivers/misc/mei/pci-me.c | 1 drivers/misc/mei/vsc-tp.c | 26 drivers/mmc/host/sdhci-msm.c | 2 drivers/net/dsa/mt7530.c | 6 drivers/net/dsa/mv88e6xxx/chip.c | 27 drivers/net/ethernet/amd/pds_core/adminq.c | 36 drivers/net/ethernet/amd/pds_core/auxbus.c | 3 drivers/net/ethernet/amd/pds_core/core.c | 9 drivers/net/ethernet/amd/pds_core/core.h | 4 drivers/net/ethernet/amd/pds_core/devlink.c | 4 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 24 drivers/net/ethernet/mediatek/mtk_eth_soc.h | 10 drivers/net/ethernet/mellanox/mlx5/core/lib/fs_ttc.c | 26 drivers/net/ethernet/sun/niu.c | 2 drivers/net/phy/microchip.c | 46 drivers/net/phy/phy_led_triggers.c | 23 drivers/net/vmxnet3/vmxnet3_xdp.c | 2 drivers/net/xen-netfront.c | 17 drivers/ntb/hw/amd/ntb_hw_amd.c | 1 drivers/ntb/hw/idt/ntb_hw_idt.c | 18 drivers/nvme/host/core.c | 9 drivers/nvme/host/multipath.c | 2 drivers/nvme/target/fc.c | 25 drivers/of/resolver.c | 37 drivers/pci/msi/msi.c | 38 drivers/phy/rockchip/phy-rockchip-usbdp.c | 1 drivers/pinctrl/pinctrl-mcp23s08.c | 23 drivers/pinctrl/renesas/pinctrl-rza2.c | 3 drivers/regulator/rk808-regulator.c | 4 drivers/rtc/rtc-pcf85063.c | 19 drivers/s390/char/sclp_con.c | 17 drivers/s390/char/sclp_tty.c | 12 drivers/scsi/hisi_sas/hisi_sas_main.c | 20 drivers/scsi/mpi3mr/mpi3mr_fw.c | 2 drivers/scsi/pm8001/pm8001_sas.c | 1 drivers/scsi/scsi.c | 36 drivers/scsi/scsi_lib.c | 6 drivers/scsi/sd.c | 6 drivers/soc/qcom/ice.c | 48 drivers/spi/spi-imx.c | 5 drivers/spi/spi-tegra210-quad.c | 6 drivers/thunderbolt/tb.c | 16 drivers/tty/serial/msm_serial.c | 6 drivers/tty/serial/sifive.c | 6 drivers/tty/vt/selection.c | 5 drivers/ufs/core/ufs-mcq.c | 12 drivers/ufs/core/ufshcd.c | 2 drivers/ufs/host/ufs-exynos.c | 106 drivers/ufs/host/ufs-exynos.h | 8 drivers/ufs/host/ufs-qcom.c | 2 drivers/usb/cdns3/cdns3-gadget.c | 2 drivers/usb/chipidea/ci_hdrc_imx.c | 44 drivers/usb/class/cdc-wdm.c | 21 drivers/usb/core/quirks.c | 9 drivers/usb/dwc3/dwc3-pci.c | 10 drivers/usb/dwc3/dwc3-xilinx.c | 4 drivers/usb/dwc3/gadget.c | 28 drivers/usb/gadget/udc/aspeed-vhub/dev.c | 3 drivers/usb/host/max3421-hcd.c | 7 drivers/usb/host/ohci-pci.c | 23 drivers/usb/host/xhci-hub.c | 30 drivers/usb/host/xhci-mvebu.c | 10 drivers/usb/host/xhci-mvebu.h | 6 drivers/usb/host/xhci-plat.c | 2 drivers/usb/host/xhci-ring.c | 75 drivers/usb/host/xhci.c | 4 drivers/usb/host/xhci.h | 4 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 5 drivers/usb/serial/option.c | 3 drivers/usb/serial/usb-serial-simple.c | 7 drivers/usb/storage/unusual_uas.h | 7 drivers/usb/typec/class.c | 24 drivers/usb/typec/class.h | 1 drivers/vhost/scsi.c | 80 drivers/xen/Kconfig | 2 fs/btrfs/file.c | 9 fs/btrfs/zoned.c | 1 fs/ceph/inode.c | 2 fs/ext4/block_validity.c | 5 fs/ext4/inode.c | 9 fs/iomap/buffered-io.c | 2 fs/namespace.c | 69 fs/netfs/main.c | 4 fs/ntfs3/file.c | 20 fs/smb/client/sess.c | 60 fs/smb/client/smb1ops.c | 36 fs/smb/server/asn1.c | 6 fs/smb/server/auth.c | 19 fs/smb/server/connection.c | 8 fs/smb/server/crypto_ctx.c | 6 fs/smb/server/glob.h | 2 fs/smb/server/ksmbd_netlink.h | 3 fs/smb/server/ksmbd_work.c | 10 fs/smb/server/mgmt/ksmbd_ida.c | 11 fs/smb/server/mgmt/share_config.c | 10 fs/smb/server/mgmt/tree_connect.c | 5 fs/smb/server/mgmt/user_config.c | 8 fs/smb/server/mgmt/user_session.c | 10 fs/smb/server/misc.c | 11 fs/smb/server/ndr.c | 10 fs/smb/server/oplock.c | 12 fs/smb/server/server.c | 4 fs/smb/server/server.h | 1 fs/smb/server/smb2pdu.c | 42 fs/smb/server/smb_common.c | 2 fs/smb/server/smbacl.c | 23 fs/smb/server/transport_ipc.c | 7 fs/smb/server/transport_rdma.c | 10 fs/smb/server/transport_tcp.c | 95 fs/smb/server/transport_tcp.h | 2 fs/smb/server/unicode.c | 4 fs/smb/server/vfs.c | 12 fs/smb/server/vfs_cache.c | 18 fs/splice.c | 2 fs/xfs/xfs_aops.c | 41 fs/xfs/xfs_qm_bhv.c | 49 fs/xfs/xfs_super.c | 8 include/drm/intel/i915_pciids.h | 1 include/linux/blk-mq.h | 8 include/linux/energy_model.h | 12 include/linux/msi.h | 3 include/linux/pci.h | 2 include/net/netfilter/nft_fib.h | 21 include/soc/qcom/ice.h | 2 include/trace/events/block.h | 6 include/trace/stages/stage3_trace_output.h | 8 include/trace/stages/stage7_class_define.h | 1 include/uapi/drm/ivpu_accel.h | 4 init/Kconfig | 2 io_uring/io_uring.c | 15 io_uring/refs.h | 7 kernel/bpf/bpf_cgrp_storage.c | 11 kernel/bpf/hashtab.c | 6 kernel/bpf/preload/bpf_preload_kern.c | 1 kernel/bpf/syscall.c | 6 kernel/bpf/verifier.c | 32 kernel/cgroup/cgroup.c | 29 kernel/cgroup/cpuset-internal.h | 1 kernel/cgroup/cpuset.c | 14 kernel/dma/contiguous.c | 3 kernel/events/core.c | 6 kernel/irq/msi.c | 2 kernel/module/Kconfig | 1 kernel/panic.c | 6 kernel/power/energy_model.c | 47 kernel/sched/ext.c | 4 kernel/time/tick-common.c | 22 kernel/trace/bpf_trace.c | 7 kernel/trace/trace_events.c | 7 lib/Kconfig.ubsan | 1 lib/crypto/Kconfig | 37 lib/test_ubsan.c | 18 mm/vmscan.c | 7 net/9p/client.c | 30 net/9p/trans_fd.c | 17 net/core/lwtunnel.c | 26 net/core/selftests.c | 18 net/ipv4/netfilter/nft_fib_ipv4.c | 11 net/ipv6/netfilter/nft_fib_ipv6.c | 19 net/sched/sch_hfsc.c | 23 net/tipc/monitor.c | 3 rust/kernel/firmware.rs | 8 samples/trace_events/trace-events-sample.h | 13 scripts/Makefile.lib | 2 scripts/Makefile.vmlinux | 4 sound/soc/codecs/wcd934x.c | 2 sound/soc/fsl/fsl_asrc_dma.c | 15 sound/virtio/virtio_pcm.c | 21 tools/arch/x86/lib/x86-opcode-map.txt | 4 tools/bpf/bpftool/prog.c | 1 tools/objtool/check.c | 36 tools/testing/selftests/bpf/network_helpers.c | 33 tools/testing/selftests/bpf/prog_tests/xdp_cpumap_attach.c | 44 tools/testing/selftests/bpf/prog_tests/xdp_devmap_attach.c | 8 tools/testing/selftests/bpf/progs/test_xdp_with_cpumap_helpers.c | 7 tools/testing/selftests/mincore/mincore_selftest.c | 3 tools/testing/selftests/ublk/test_stripe_04.sh | 24 302 files changed, 6817 insertions(+), 5584 deletions(-) Adam Xue (1): USB: serial: option: add Sierra Wireless EM9291 Al Viro (2): fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() qibfs: fix _another_ leak Alex Deucher (1): drm/amd/display/dml2: use vzalloc rather than kzalloc Alexander Stein (1): usb: host: max3421-hcd: Add missing spi_device_id table Alexander Usyskin (1): mei: me: add panther lake H DID Alexei Starovoitov (2): bpf: Add namespace to BPF internal symbols bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Alexey Nepomnyashih (1): xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() Alexis Lothoré (eBPF Foundation) (3): selftests/bpf: fix bpf_map_redirect call for cpu map test selftests/bpf: make xdp_cpumap_attach keep redirect prog attached selftests/bpf: check program redirect in xdp_cpumap_attach Amery Hung (1): selftests/bpf: Fix stdout race condition in traffic monitor Anastasia Kovaleva (1): scsi: core: Clear flags for scsi_cmnd that did not complete Andre Przywara (1): cpufreq: sun50i: prevent out-of-bounds access Andrei Kuchynski (2): usb: typec: class: Fix NULL pointer access usb: typec: class: Invalidate USB device pointers on partner unregistration Andrew Jones (1): riscv: Provide all alternative macros all the time Andrzej Kacprowski (1): accel/ivpu: Fix the NPU's DPU frequency calculation André Apitzsch (6): media: i2c: imx214: Use subdev active state media: i2c: imx214: Simplify with dev_err_probe() media: i2c: imx214: Convert to CCI register access helpers media: i2c: imx214: Replace register addresses with macros media: i2c: imx214: Check number of lanes from device tree media: i2c: imx214: Fix link frequency validation Andy Shevchenko (3): usb: dwc3: gadget: Refactor loop to avoid NULL endpoints usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield gpiolib: of: Move Atmel HSMCI quirk up out of the regulator comment Andy Yan (1): phy: rockchip: usbdp: Avoid call hpd_event_trigger in dp_phy_init Arnd Bergmann (2): dma/contiguous: avoid warning about unused size_bytes ntb: reduce stack usage in idt_scan_mws Baokun Li (1): ext4: goto right label 'out_mmap_sem' in ext4_setattr() Basavaraj Natikar (1): ntb_hw_amd: Add NTB PCI ID for new gen CPU Benjamin Berg (1): um: work around sched_yield not yielding in time-travel mode Bibo Mao (2): LoongArch: KVM: Fully clear some CSRs when VM reboot LoongArch: KVM: Fix PMU pass-through issue if VM exits to host finally Björn Töpel (2): riscv: Replace function-like macro by static inline function riscv: uprobes: Add missing fence.i after building the XOL buffer Bo-Cun Chen (1): net: ethernet: mtk_eth_soc: net: revise NETSYSv3 hardware configuration Breno Leitao (3): sched_ext: Use kvzalloc for large exit_dump allocation spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts spi: tegra210-quad: add rate limiting and simplify timeout error message Brett Creeley (3): pds_core: Prevent possible adminq overflow/stuck condition pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result pds_core: Remove unnecessary check in pds_client_adminq_cmd() Carlos Maiolino (1): xfs: Do not allow norecovery mount with quotacheck Chenyuan Yang (4): scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() pinctrl: renesas: rza2: Fix potential NULL pointer dereference usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() Christian König (1): drm/amdgpu: use a dummy owner for sysfs triggered cleaner shaders v4 Christian Schrefl (1): rust: firmware: Use `ffi::c_char` type in `FwFunc` Christoph Hellwig (6): block: remove the write_hint field from struct request block: remove the ioprio field from struct request block: never reduce ra_pages in blk_apply_bdi_limits xfs: rename xfs_iomap_swapfile_activate to xfs_vm_swap_activate xfs: flush inodegc before swapon mq-deadline: don't call req_get_ioprio from the I/O completion handler Cong Wang (2): net_sched: hfsc: Fix a UAF vulnerability in class handling net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Craig Hesling (1): USB: serial: simple: add OWON HDS200 series oscilloscope support Damien Le Moal (4): ata: libata-scsi: Improve CDL control ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type ata: libata-scsi: Fix ata_msense_control_ata_feature() scsi: Improve CDL control Dan Carpenter (2): media: i2c: imx214: Fix uninitialized variable in imx214_set_ctrl() usb: typec: class: Unlocked on error in typec_register_partner() Daniel Borkmann (1): vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp Daniel Golle (1): net: dsa: mt7530: sync driver-specific behavior of MT7531 variants Daniel Wagner (2): nvmet-fc: take tgtport reference only once nvmet-fc: put ref when assoc->del_work is already scheduled David Howells (1): ceph: Fix incorrect flush end position calculation Devaraj Rangasamy (1): crypto: ccp - Add support for PCI device 0x1134 Dmitry Mastykin (1): pinctrl: mcp23s08: Get rid of spurious level interrupts Dmitry Torokhov (3): Revert "drivers: core: synchronize really_probe() and dev_uevent()" driver core: introduce device_set_driver() helper driver core: fix potential NULL pointer dereference in dev_uevent() Dominique Martinet (1): 9p/net: fix improper handling of bogus negative read/write replies Dongli Zhang (2): vhost-scsi: Fix vhost_scsi_send_bad_target() vhost-scsi: Fix vhost_scsi_send_status() Edward Adam Davis (1): fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size Fedor Pchelkin (3): usb: chipidea: ci_hdrc_imx: fix usbmisc handling usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling Fernando Fernandez Mancera (1): x86/i8253: Call clockevent_i8253_disable() with interrupts disabled Fiona Klute (1): net: phy: microchip: force IRQ polling mode for lan88xx Florian Westphal (1): netfilter: fib: avoid lookup if socket is available Frode Isaksen (1): usb: dwc3: gadget: check that event count does not exceed event buffer length Gabriel Shahrouzi (1): perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init Gou Hao (1): iomap: skip unnecessary ifs_block_is_uptodate check Greg Kroah-Hartman (1): Linux 6.12.26 Gregory CLEMENT (1): MIPS: cm: Detect CM quirks from device tree Günther Noack (1): tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT Halil Pasic (1): virtio_console: fix missing byte order handling for cols and rows Hannes Reinecke (3): nvme: requeue namespace scan on missed AENs nvme: re-read ANA log page after ns scan completes nvme: fixup scan failure for non-ANA multipath controllers Hans de Goede (3): media: ov08x40: Move ov08x40_identify_module() function up media: ov08x40: Add missing ov08x40_identify_module() call on stream-start mei: vsc: Fix fortify-panic caused by invalid counted_by() use Haoxiang Li (3): mcb: fix a double free bug in chameleon_parse_gdd() s390/sclp: Add check for get_zeroed_page() s390/tty: Fix a potential memory leak bug Heiko Stuebner (1): clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() Henry Martin (5): cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() net/mlx5: Move ttc allocation after switch case to prevent leaks Herbert Xu (4): crypto: lib/Kconfig - Fix lib built-in failure when arch is modular crypto: null - Use spin lock instead of mutex crypto: lib/Kconfig - Hide arch options from user crypto: Kconfig - Select LIB generic option Huacai Chen (1): USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) Hugo Villeneuve (1): drm: panel: jd9365da: fix reset signal polarity in unprepare Huisong Li (1): mailbox: pcc: Fix the possible race in updation of chan_in_use flag Ian Abbott (1): comedi: jr3_pci: Fix synchronous deletion of timer Ignacio Encinas (1): 9p/trans_fd: mark concurrent read and writes to p9_conn->err Igor Pylypiv (1): scsi: pm80xx: Set phy_attached to zero when device is gone Jacek Lawrynowicz (1): accel/ivpu: Add auto selection logic for job scheduler Jason Andryuk (1): xen: Change xen-acpi-processor dom0 dependency Jay Cornwall (1): drm/amdgpu: Increase KIQ invalidate_tlbs timeout Jean-Marc Eurin (1): ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls Jens Axboe (1): io_uring: fix 'sync' handling of io_fallback_tw() Jinjiang Tu (1): mm/vmscan: don't try to reclaim hwpoison folio Johan Hovold (1): cpufreq: fix compile-test defaults Johannes Thumshirn (1): btrfs: zoned: return EIO on RAID1 block group write pointer mismatch John Stultz (1): sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Jonathan Cameron (1): iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check Jonathan Currier (2): PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads Josh Poimboeuf (11): objtool: Silence more KCOV warnings objtool, panic: Disable SMAP in __stack_chk_fail() objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() objtool, lkdtm: Obfuscate the do_nothing() pointer objtool: Stop UNRET validation on UD2 x86/bugs: Use SBPB in write_ibpb() if applicable x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline x86/bugs: Don't fill RSB on context switch with eIBRS objtool: Ignore end-of-section jumps for KCOV/GCOV objtool: Silence more KCOV warnings, part 2 Julia Filipchuk (1): drm/xe/xe3lpg: Apply Wa_14022293748, Wa_22019794406 Justin Iurman (1): net: lwtunnel: disable BHs when required Keerthy (1): arm64: dts: ti: k3-j784s4-j742s2-main-common: Correct the GICD size Kirill A. Shutemov (1): x86/insn: Fix CTEST instruction decoding Krzysztof Kozlowski (1): cpufreq: Do not enable by default during compile testing Li RongQing (1): PM: EM: use kfree_rcu() to simplify the code Lijo Lazar (1): drm/amdgpu: Use the right function for hdp flush Lizhi Xu (1): fs/ntfs3: Keep write operations atomic Lukas Herbolt (1): xfs: do not check NEEDSREPAIR if ro,norecovery mount. Lukas Stockmann (1): rtc: pcf85063: do a SW reset if POR failed Luo Gengkun (1): perf/x86: Fix non-sampling (counting) events on certain x86 platforms Mahesh Rao (1): firmware: stratix10-svc: Add of_platform_default_populate() Manorit Chawdhry (1): arm64: dts: ti: Refactor J784s4 SoC files to a common file Marc Zyngier (1): cpufreq: cppc: Fix invalid return value in .get() callback Marek Behún (7): net: dsa: mv88e6xxx: fix VTU methods for 6320 family crypto: atmel-sha204a - Set hwrng quality to lowest possible Revert "net: dsa: mv88e6xxx: fix internal PHYs for 6320 family" net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family net: dsa: mv88e6xxx: enable PVT for 6321 switch net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family net: dsa: mv88e6xxx: enable STU methods for 6320 family Mario Limonciello (1): ACPI: EC: Set ec_no_wakeup for Lenovo Go S Martin KaFai Lau (1): bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage Mathias Nyman (2): xhci: Limit time spent with xHC interrupts disabled during bus resume xhci: Handle spurious events on Etron host isoc enpoints Matt Roper (1): drm/xe/bmg: Add one additional PCI ID Meir Elisha (1): md/raid1: Add check for missing source disk in process_checks() Miao Li (2): usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive Michael Ehrenreich (1): USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe Michal Pecio (5): usb: xhci: Fix invalid pointer dereference in Etron workaround usb: xhci: Complete 'error mid TD' transfers when handling Missed Service usb: xhci: Fix isochronous Ring Underrun/Overrun event handling usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running usb: xhci: Fix Short Packet handling rework ignoring errors Mika Westerberg (1): thunderbolt: Scan retimers after device router has been enumerated Mike Christie (1): vhost-scsi: Add better resource allocation failure handling Mike Looijmans (1): usb: dwc3: xilinx: Prevent spike in reset signal Ming Lei (2): block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone selftests: ublk: fix test_stripe_04 Ming Wang (1): LoongArch: Return NULL from huge_pte_offset() for invalid PMD Mostafa Saleh (1): ubsan: Fix panic from test_ubsan_out_of_bounds Namjae Jeon (5): ksmbd: use __GFP_RETRY_MAYFAIL ksmbd: add netdev-up/down event debug print ksmbd: browse interfaces list on FSCTL_QUERY_INTERFACE_INFO IOCTL ksmbd: fix use-after-free in __smb2_lease_break_noti() ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING" Nathan Chancellor (1): lib/Kconfig.ubsan: Remove 'default UBSAN' from UBSAN_INTEGER_WRAP Ojaswin Mujoo (1): ext4: make block validity check resistent to sb bh corruption Oleg Nesterov (1): sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP Oleksij Rempel (1): net: selftests: initialize TCP header and skb payload with zero Oliver Neukum (6): USB: storage: quirk for ADATA Portable HDD CH94 USB: VLI disk crashes if LPM is used USB: wdm: handle IO errors in wdm_wwan_port_start USB: wdm: close race between wdm_open and wdm_wwan_port_stop USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context USB: wdm: add annotation Pali Rohár (2): cifs: Fix encoding of SMB1 Session Setup Kerberos Request in non-UNICODE mode cifs: Fix querying of WSL CHR and BLK reparse points over SMB1 Pavel Begunkov (1): io_uring: always do atomic put from iowq Peter Griffin (7): scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster scsi: ufs: exynos: Move UFS shareability value to drvdata scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO scsi: ufs: exynos: Move phy calls to .exit() callback scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend() Petr Tesarik (1): LoongArch: Remove a bogus reference to ZONE_DMA Pi Xiange (1): x86/cpu: Add CPU model number for Bartlett Lake CPUs with Raptor Cove cores Qingfang Deng (1): net: phy: leds: fix memory leak Qiuxu Zhuo (1): selftests/mincore: Allow read-ahead pages to reach the end of the file Qu Wenruo (1): btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() Rafael J. Wysocki (1): PM: EM: Address RCU-related sparse warnings Ralph Siemsen (1): usb: cdns3: Fix deadlock when using NCM gadget Ranjan Kumar (1): scsi: mpi3mr: Fix pending I/O counter Rengarajan S (2): misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack Rob Herring (Arm) (1): of: resolver: Simplify of_resolve_phandles() using __free() Robin Murphy (2): iommu: Clear iommu-dma ops on cleanup iommu: Handle race with default domain setup Roger Pau Monne (2): PCI/MSI: Convert pci_msi_ignore_mask to per MSI domain flag x86/xen: disable CPU idle and frequency drivers for PVH dom0 Rohit Chavan (1): drm/amd/display: Fix unnecessary cast warnings from checkpatch Roman Li (2): drm/amd/display: Fix gpu reset in multidisplay config drm/amd/display: Force full update in gpu reset Ryo Takakura (1): serial: sifive: lock port in startup()/shutdown() callbacks Sean Christopherson (5): iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE KVM: SVM: Allocate IR data using atomic allocation KVM: x86: Explicitly treat routing entry type changes as changes KVM: x86: Reset IRTE to host control if *new* route isn't postable KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer Sebastian Andrzej Siewior (1): timekeeping: Add a lockdep override in tick_freeze() Sergiu Cuciurean (1): iio: adc: ad7768-1: Fix conversion result sign Sewon Nam (1): bpf: bpftool: Setting error code in do_loader() Shannon Nelson (1): pds_core: make wait_context part of q_info Shengjiu Wang (1): ASoC: fsl_asrc_dma: get codec or cpu dai from backend Shigeru Yoshida (1): selftests/bpf: Adjust data size to have ETH_HLEN Siddharth Vadapalli (1): arm64: dts: ti: k3-j784s4-j742s2-main-common: Fix serdes_ln_ctrl reg-masks Smita Koralahalli (1): cxl/core/regs.c: Skip Memory Space Enable check for RCD and RCH Ports Song Liu (1): netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS Stanley Chu (1): i3c: master: svc: Add support for Nuvoton npcm845 i3c Stephan Gerhold (1): serial: msm: Configure correct working mode before starting earlycon Steven Rostedt (2): tracing: Add __print_dynamic_array() helper tracing: Verify event formats that have "%*p.." Sudeep Holla (1): mailbox: pcc: Always clear the platform ack interrupt first Suravee Suthikulpanit (1): KVM: SVM: Disable AVIC on SNP-enabled system without HvInUseWrAllowed feature Suzuki K Poulose (1): irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() T.J. Mercier (2): cgroup/cpuset-v1: Add missing support for cpuset_v2_mode splice: remove duplicate noinline from pipe_clear_nowait Tamura Dai (1): spi: spi-imx: Add check for spi_imx_setupxfer() Thadeu Lima de Souza Cascardo (1): char: misc: register chrdev region with all possible minors Thomas Bogendoerfer (1): MIPS: cm: Fix warning if MIPS_CM is disabled Thomas Gleixner (1): PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends Thomas Weißschuh (2): KVM: s390: Don't use %pK through tracepoints KVM: s390: Don't use %pK through debug printing Thorsten Leemhuis (1): module: sign with sha512 instead of sha1 by default Théo Lebrun (1): usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func Tiezhu Yang (3): LoongArch: Make regs_irqs_disabled() more clear LoongArch: Make do_xyz() exception handlers more robust LoongArch: Handle fp, lsx, lasx and lbt assembly symbols Tudor Ambarus (5): soc: qcom: ice: introduce devm_of_qcom_ice_get mmc: sdhci-msm: fix dev reference leaked through of_qcom_ice_get scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get scsi: ufs: exynos: Remove empty drv_init method scsi: ufs: exynos: Remove superfluous function parameter Tung Nguyen (1): tipc: fix NULL pointer dereference in tipc_mon_reinit_self() Uday Shankar (1): nvme: multipath: fix return value of nvme_available_path Vinicius Costa Gomes (1): dmaengine: dmatest: Fix dmatest waiting less when interrupted Waiman Long (1): cgroup/cpuset: Don't allow creation of local partition over a remote one Xi Ruoyao (1): kbuild: add dependency from vmlinux to sorttable Xingui Yang (1): scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes Yafang Shao (1): bpf: Reject attaching fexit/fmod_ret to __noreturn functions Yonghong Song (1): bpf: Fix kmemleak warning for percpu hashmap Yu-Chun Lin (1): parisc: PDT: Fix missing prototype warning Yuli Wang (1): LoongArch: Select ARCH_USE_MEMTEST Zijun Hu (1): of: resolver: Fix device node refcount leakage in of_resolve_phandles()

7 months, 1 week

1
1
0 0

Linux 6.6.89

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.89 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/scheduler/sched-capacity.rst | 13 - Makefile | 2 arch/arm64/boot/dts/nvidia/tegra234-p3768-0000.dtsi | 7 arch/loongarch/Kconfig | 1 arch/loongarch/include/asm/ptrace.h | 4 arch/loongarch/kernel/traps.c | 20 +- arch/loongarch/mm/hugetlbpage.c | 2 arch/loongarch/mm/init.c | 3 arch/mips/include/asm/mips-cm.h | 22 ++ arch/mips/kernel/mips-cm.c | 14 + arch/parisc/kernel/pdt.c | 2 arch/riscv/include/asm/alternative-macros.h | 19 -- arch/s390/kvm/intercept.c | 2 arch/s390/kvm/interrupt.c | 8 arch/s390/kvm/kvm-s390.c | 10 - arch/s390/kvm/trace-s390.h | 4 arch/x86/entry/entry.S | 2 arch/x86/events/core.c | 2 arch/x86/include/asm/asm.h | 3 arch/x86/include/asm/extable_fixup_types.h | 2 arch/x86/include/asm/intel-family.h | 2 arch/x86/kernel/cpu/bugs.c | 30 +-- arch/x86/kernel/cpu/mce/severity.c | 12 - arch/x86/kernel/i8253.c | 3 arch/x86/kvm/svm/avic.c | 60 +++--- arch/x86/kvm/vmx/posted_intr.c | 28 +-- arch/x86/kvm/x86.c | 3 arch/x86/mm/extable.c | 9 - arch/x86/mm/tlb.c | 6 arch/x86/platform/pvh/head.S | 7 crypto/crypto_null.c | 39 ++-- drivers/acpi/ec.c | 28 +++ drivers/acpi/pptt.c | 4 drivers/ata/libata-scsi.c | 25 +- drivers/auxdisplay/hd44780.c | 9 - drivers/base/base.h | 17 + drivers/base/bus.c | 2 drivers/base/core.c | 38 +++- drivers/base/dd.c | 6 drivers/block/loop.c | 2 drivers/char/misc.c | 2 drivers/char/virtio_console.c | 7 drivers/clk/clk.c | 4 drivers/clk/renesas/r9a07g043-cpg.c | 28 ++- drivers/clk/renesas/r9a07g044-cpg.c | 21 ++ drivers/clk/renesas/rzg2l-cpg.c | 180 ++++++++++++++------ drivers/clk/renesas/rzg2l-cpg.h | 24 +- drivers/comedi/drivers/jr3_pci.c | 2 drivers/cpufreq/apple-soc-cpufreq.c | 10 - drivers/cpufreq/cppc_cpufreq.c | 2 drivers/cpufreq/scmi-cpufreq.c | 10 - drivers/cpufreq/scpi-cpufreq.c | 13 + drivers/crypto/atmel-sha204a.c | 6 drivers/crypto/ccp/sp-pci.c | 1 drivers/cxl/core/regs.c | 4 drivers/dma-buf/udmabuf.c | 2 drivers/dma/dmatest.c | 6 drivers/gpio/gpiolib-of.c | 6 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 9 - drivers/iio/adc/ad7768-1.c | 5 drivers/infiniband/hw/qib/qib_fs.c | 1 drivers/iommu/amd/iommu.c | 2 drivers/irqchip/irq-gic-v2m.c | 2 drivers/mailbox/pcc.c | 15 + drivers/mcb/mcb-parse.c | 2 drivers/md/raid1.c | 26 +- drivers/media/test-drivers/vimc/vimc-streamer.c | 6 drivers/media/v4l2-core/v4l2-subdev.c | 101 +++++++---- drivers/misc/lkdtm/perms.c | 14 + drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c | 8 drivers/misc/mei/hw-me-regs.h | 1 drivers/misc/mei/pci-me.c | 1 drivers/mmc/host/sdhci-msm.c | 2 drivers/net/dsa/mt7530.c | 6 drivers/net/dsa/mv88e6xxx/chip.c | 27 ++- drivers/net/ethernet/amd/pds_core/adminq.c | 36 +--- drivers/net/ethernet/amd/pds_core/auxbus.c | 3 drivers/net/ethernet/amd/pds_core/core.c | 4 drivers/net/ethernet/amd/pds_core/core.h | 2 drivers/net/ethernet/amd/pds_core/devlink.c | 4 drivers/net/ethernet/mediatek/mtk_eth_soc.c | 24 ++ drivers/net/ethernet/mediatek/mtk_eth_soc.h | 10 + drivers/net/phy/microchip.c | 46 ----- drivers/net/phy/phy_led_triggers.c | 23 +- drivers/net/vmxnet3/vmxnet3_xdp.c | 2 drivers/net/xen-netfront.c | 17 + drivers/ntb/hw/amd/ntb_hw_amd.c | 1 drivers/ntb/hw/idt/ntb_hw_idt.c | 18 -- drivers/nvme/host/core.c | 9 + drivers/nvme/host/multipath.c | 2 drivers/nvme/target/fc.c | 25 +- drivers/of/resolver.c | 37 +--- drivers/pci/probe.c | 9 - drivers/pinctrl/renesas/pinctrl-rza2.c | 3 drivers/regulator/rk808-regulator.c | 4 drivers/rtc/rtc-pcf85063.c | 19 ++ drivers/s390/char/sclp_con.c | 17 + drivers/s390/char/sclp_tty.c | 12 + drivers/scsi/hisi_sas/hisi_sas_main.c | 20 ++ drivers/scsi/pm8001/pm8001_sas.c | 1 drivers/scsi/scsi.c | 36 ++-- drivers/scsi/scsi_lib.c | 6 drivers/soc/qcom/ice.c | 48 +++++ drivers/spi/spi-imx.c | 5 drivers/spi/spi-tegra210-quad.c | 6 drivers/thunderbolt/tb.c | 16 + drivers/tty/serial/msm_serial.c | 6 drivers/tty/serial/sifive.c | 6 drivers/ufs/core/ufs-mcq.c | 12 - drivers/ufs/host/ufs-exynos.c | 10 - drivers/ufs/host/ufs-qcom.c | 2 drivers/usb/cdns3/cdns3-gadget.c | 2 drivers/usb/chipidea/ci_hdrc_imx.c | 44 +++- drivers/usb/class/cdc-wdm.c | 21 +- drivers/usb/core/quirks.c | 9 + drivers/usb/dwc3/dwc3-pci.c | 10 + drivers/usb/dwc3/dwc3-xilinx.c | 4 drivers/usb/dwc3/gadget.c | 28 ++- drivers/usb/gadget/udc/aspeed-vhub/dev.c | 3 drivers/usb/host/max3421-hcd.c | 7 drivers/usb/host/ohci-pci.c | 23 ++ drivers/usb/host/xhci-mvebu.c | 10 - drivers/usb/host/xhci-mvebu.h | 6 drivers/usb/host/xhci-plat.c | 2 drivers/usb/host/xhci-ring.c | 13 - drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 5 drivers/usb/serial/option.c | 3 drivers/usb/serial/usb-serial-simple.c | 7 drivers/usb/storage/unusual_uas.h | 7 drivers/xen/Kconfig | 2 fs/btrfs/file.c | 9 - fs/ceph/inode.c | 2 fs/ext4/block_validity.c | 5 fs/ext4/inode.c | 9 - fs/iomap/buffered-io.c | 2 fs/namespace.c | 69 ++++--- fs/ntfs3/file.c | 1 fs/smb/client/sess.c | 60 ++++-- fs/smb/client/smb1ops.c | 36 ++++ fs/splice.c | 2 include/linux/energy_model.h | 1 include/media/v4l2-subdev.h | 25 ++ include/soc/qcom/ice.h | 2 include/trace/stages/stage3_trace_output.h | 8 include/trace/stages/stage7_class_define.h | 1 init/Kconfig | 2 io_uring/io_uring.c | 15 - io_uring/refs.h | 7 kernel/bpf/bpf_cgrp_storage.c | 11 - kernel/bpf/verifier.c | 32 +++ kernel/dma/contiguous.c | 3 kernel/events/core.c | 6 kernel/module/Kconfig | 1 kernel/panic.c | 6 kernel/sched/core.c | 92 ++++------ kernel/sched/cpudeadline.c | 2 kernel/sched/cpufreq_schedutil.c | 63 +++++-- kernel/sched/deadline.c | 4 kernel/sched/fair.c | 40 +++- kernel/sched/rt.c | 2 kernel/sched/sched.h | 28 --- kernel/sched/topology.c | 7 kernel/time/tick-common.c | 22 ++ kernel/trace/bpf_trace.c | 7 kernel/trace/trace_events.c | 7 lib/test_ubsan.c | 18 +- net/9p/client.c | 30 +-- net/core/lwtunnel.c | 26 ++ net/core/selftests.c | 18 +- net/sched/sch_hfsc.c | 23 +- net/tipc/monitor.c | 3 samples/trace_events/trace-events-sample.h | 18 +- scripts/Makefile.lib | 2 sound/soc/codecs/wcd934x.c | 2 sound/soc/qcom/apq8016_sbc.c | 2 sound/soc/qcom/apq8096.c | 2 sound/soc/qcom/common.c | 2 sound/soc/qcom/lpass-apq8016.c | 4 sound/soc/qcom/lpass-cpu.c | 7 sound/soc/qcom/lpass-hdmi.c | 2 sound/soc/qcom/lpass-ipq806x.c | 4 sound/soc/qcom/lpass-platform.c | 2 sound/soc/qcom/lpass-sc7180.c | 4 sound/soc/qcom/lpass-sc7280.c | 2 sound/soc/qcom/lpass.h | 4 sound/soc/qcom/qdsp6/q6afe.c | 8 sound/soc/qcom/qdsp6/q6apm-dai.c | 61 +++--- sound/soc/qcom/qdsp6/q6asm.h | 20 +- sound/soc/qcom/qdsp6/topology.c | 3 sound/soc/qcom/sc7180.c | 2 sound/soc/qcom/sc8280xp.c | 2 sound/soc/qcom/sdm845.c | 2 sound/soc/qcom/sdw.c | 2 sound/soc/qcom/sm8250.c | 2 sound/soc/qcom/storm.c | 2 sound/virtio/virtio_pcm.c | 21 +- tools/bpf/bpftool/prog.c | 1 tools/objtool/check.c | 36 +++- tools/testing/selftests/mincore/mincore_selftest.c | 3 tools/testing/selftests/ublk/test_stripe_04.sh | 24 ++ 201 files changed, 1783 insertions(+), 907 deletions(-) Adam Xue (1): USB: serial: option: add Sierra Wireless EM9291 Al Viro (2): fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() qibfs: fix _another_ leak Alexander Stein (1): usb: host: max3421-hcd: Add missing spi_device_id table Alexander Usyskin (1): mei: me: add panther lake H DID Alexei Starovoitov (1): bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Alexey Nepomnyashih (1): xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() Anastasia Kovaleva (1): scsi: core: Clear flags for scsi_cmnd that did not complete Andrew Jones (1): riscv: Provide all alternative macros all the time Andy Shevchenko (3): usb: dwc3: gadget: Refactor loop to avoid NULL endpoints usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield gpiolib: of: Move Atmel HSMCI quirk up out of the regulator comment Ard Biesheuvel (1): x86/pvh: Call C code via the kernel virtual mapping Arnd Bergmann (2): dma/contiguous: avoid warning about unused size_bytes ntb: reduce stack usage in idt_scan_mws Baokun Li (1): ext4: goto right label 'out_mmap_sem' in ext4_setattr() Basavaraj Natikar (1): ntb_hw_amd: Add NTB PCI ID for new gen CPU Bo-Cun Chen (1): net: ethernet: mtk_eth_soc: net: revise NETSYSv3 hardware configuration Breno Leitao (2): spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts spi: tegra210-quad: add rate limiting and simplify timeout error message Brett Creeley (2): pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result pds_core: Remove unnecessary check in pds_client_adminq_cmd() Chenyuan Yang (3): scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() pinctrl: renesas: rza2: Fix potential NULL pointer dereference usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() Claudiu Beznea (6): clk: renesas: rzg2l: Use u32 for flag and mux_flags clk: renesas: rzg2l: Add struct clk_hw_data clk: renesas: rzg2l: Remove CPG_SDHI_DSEL from generic header clk: renesas: rzg2l: Refactor SD mux driver clk: renesas: r9a07g04[34]: Use SEL_SDHI1_STS status configuration for SD1 mux clk: renesas: r9a07g04[34]: Fix typo for sel_shdi variable Cong Wang (2): net_sched: hfsc: Fix a UAF vulnerability in class handling net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Craig Hesling (1): USB: serial: simple: add OWON HDS200 series oscilloscope support Damien Le Moal (4): ata: libata-scsi: Improve CDL control ata: libata-scsi: Fix ata_mselect_control_ata_feature() return type ata: libata-scsi: Fix ata_msense_control_ata_feature() scsi: Improve CDL control Daniel Borkmann (1): vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp Daniel Golle (1): net: dsa: mt7530: sync driver-specific behavior of MT7531 variants Daniel Wagner (2): nvmet-fc: take tgtport reference only once nvmet-fc: put ref when assoc->del_work is already scheduled David Howells (1): ceph: Fix incorrect flush end position calculation Devaraj Rangasamy (1): crypto: ccp - Add support for PCI device 0x1134 Dmitry Torokhov (3): Revert "drivers: core: synchronize really_probe() and dev_uevent()" driver core: introduce device_set_driver() helper driver core: fix potential NULL pointer dereference in dev_uevent() Dominique Martinet (1): 9p/net: fix improper handling of bogus negative read/write replies Edward Adam Davis (1): fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size Fedor Pchelkin (3): usb: chipidea: ci_hdrc_imx: fix usbmisc handling usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling Fernando Fernandez Mancera (1): x86/i8253: Call clockevent_i8253_disable() with interrupts disabled Fiona Klute (1): net: phy: microchip: force IRQ polling mode for lan88xx Frode Isaksen (1): usb: dwc3: gadget: check that event count does not exceed event buffer length Gabriel Shahrouzi (1): perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init Gou Hao (1): iomap: skip unnecessary ifs_block_is_uptodate check Greg Kroah-Hartman (1): Linux 6.6.89 Gregory CLEMENT (1): MIPS: cm: Detect CM quirks from device tree Halil Pasic (1): virtio_console: fix missing byte order handling for cols and rows Hannes Reinecke (3): nvme: requeue namespace scan on missed AENs nvme: re-read ANA log page after ns scan completes nvme: fixup scan failure for non-ANA multipath controllers Haoxiang Li (4): auxdisplay: hd44780: Fix an API misuse in hd44780.c mcb: fix a double free bug in chameleon_parse_gdd() s390/sclp: Add check for get_zeroed_page() s390/tty: Fix a potential memory leak bug Heiko Stuebner (1): clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() Henry Martin (3): cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Herbert Xu (1): crypto: null - Use spin lock instead of mutex Huacai Chen (1): USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) Huisong Li (1): mailbox: pcc: Fix the possible race in updation of chan_in_use flag Ian Abbott (1): comedi: jr3_pci: Fix synchronous deletion of timer Igor Pylypiv (1): scsi: pm80xx: Set phy_attached to zero when device is gone Jason Andryuk (1): xen: Change xen-acpi-processor dom0 dependency Jean-Marc Eurin (1): ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls Jens Axboe (1): io_uring: fix 'sync' handling of io_fallback_tw() John Stultz (1): sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Jonathan Cameron (1): iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check Josh Poimboeuf (11): objtool: Silence more KCOV warnings objtool, panic: Disable SMAP in __stack_chk_fail() objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() objtool, lkdtm: Obfuscate the do_nothing() pointer objtool: Stop UNRET validation on UD2 x86/bugs: Use SBPB in write_ibpb() if applicable x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline x86/bugs: Don't fill RSB on context switch with eIBRS objtool: Ignore end-of-section jumps for KCOV/GCOV objtool: Silence more KCOV warnings, part 2 Justin Iurman (1): net: lwtunnel: disable BHs when required Krzysztof Kozlowski (2): ASoC: qcom: q6apm-dai: drop unused 'q6apm_dai_rtd' fields ASoC: qcom: Fix trivial code style issues Lad Prabhakar (1): clk: renesas: r9a07g043: Fix HP clock source for RZ/Five Lukas Stockmann (1): rtc: pcf85063: do a SW reset if POR failed Luo Gengkun (1): perf/x86: Fix non-sampling (counting) events on certain x86 platforms Ma Ke (1): PCI: Fix reference leak in pci_register_host_bridge() Marc Zyngier (1): cpufreq: cppc: Fix invalid return value in .get() callback Marek Behún (7): net: dsa: mv88e6xxx: fix internal PHYs for 6320 family net: dsa: mv88e6xxx: fix VTU methods for 6320 family crypto: atmel-sha204a - Set hwrng quality to lowest possible net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family net: dsa: mv88e6xxx: enable PVT for 6321 switch net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family net: dsa: mv88e6xxx: enable STU methods for 6320 family Mario Limonciello (1): ACPI: EC: Set ec_no_wakeup for Lenovo Go S Martin KaFai Lau (1): bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage Meir Elisha (1): md/raid1: Add check for missing source disk in process_checks() Miao Li (2): usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive Michael Ehrenreich (1): USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe Michal Pecio (2): usb: xhci: Fix invalid pointer dereference in Etron workaround usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running Mika Westerberg (1): thunderbolt: Scan retimers after device router has been enumerated Mike Looijmans (1): usb: dwc3: xilinx: Prevent spike in reset signal Ming Lei (1): selftests: ublk: fix test_stripe_04 Ming Wang (1): LoongArch: Return NULL from huge_pte_offset() for invalid PMD Mostafa Saleh (1): ubsan: Fix panic from test_ubsan_out_of_bounds Nikita Zhandarovich (1): media: vimc: skip .s_stream() for stopped entities Ninad Malwade (1): arm64: tegra: Remove the Orin NX/Nano suspend key Ojaswin Mujoo (1): ext4: make block validity check resistent to sb bh corruption Oleg Nesterov (1): sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP Oleksij Rempel (1): net: selftests: initialize TCP header and skb payload with zero Oliver Neukum (6): USB: storage: quirk for ADATA Portable HDD CH94 USB: VLI disk crashes if LPM is used USB: wdm: handle IO errors in wdm_wwan_port_start USB: wdm: close race between wdm_open and wdm_wwan_port_stop USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context USB: wdm: add annotation Pali Rohár (2): cifs: Fix encoding of SMB1 Session Setup Kerberos Request in non-UNICODE mode cifs: Fix querying of WSL CHR and BLK reparse points over SMB1 Pavel Begunkov (1): io_uring: always do atomic put from iowq Peter Griffin (1): scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() Petr Tesarik (1): LoongArch: Remove a bogus reference to ZONE_DMA Pi Xiange (1): x86/cpu: Add CPU model number for Bartlett Lake CPUs with Raptor Cove cores Qingfang Deng (1): net: phy: leds: fix memory leak Qiuxu Zhuo (1): selftests/mincore: Allow read-ahead pages to reach the end of the file Qu Wenruo (1): btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() Rafael J. Wysocki (1): cpufreq/sched: Explicitly synchronize limits_changed flag handling Ralph Siemsen (1): usb: cdns3: Fix deadlock when using NCM gadget Rengarajan S (2): misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack Rob Herring (Arm) (1): of: resolver: Simplify of_resolve_phandles() using __free() Roman Li (2): drm/amd/display: Fix gpu reset in multidisplay config drm/amd/display: Force full update in gpu reset Ryo Takakura (1): serial: sifive: lock port in startup()/shutdown() callbacks Sean Christopherson (4): iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE KVM: SVM: Allocate IR data using atomic allocation KVM: x86: Explicitly treat routing entry type changes as changes KVM: x86: Reset IRTE to host control if *new* route isn't postable Sebastian Andrzej Siewior (1): timekeeping: Add a lockdep override in tick_freeze() Sergiu Cuciurean (1): iio: adc: ad7768-1: Fix conversion result sign Sewon Nam (1): bpf: bpftool: Setting error code in do_loader() Shannon Nelson (1): pds_core: make wait_context part of q_info Shuai Xue (1): x86/mce: use is_copy_from_user() to determine copy-from-user context Smita Koralahalli (1): cxl/core/regs.c: Skip Memory Space Enable check for RCD and RCH Ports Srinivas Kandagatla (2): ASoC: q6apm-dai: schedule all available frames to avoid dsp under-runs ASoC: q6apm-dai: make use of q6apm_get_hw_pointer Stephan Gerhold (1): serial: msm: Configure correct working mode before starting earlycon Steven Rostedt (2): tracing: Add __print_dynamic_array() helper tracing: Verify event formats that have "%*p.." Steven Rostedt (Google) (1): tracing: Add __string_len() example Sudeep Holla (1): mailbox: pcc: Always clear the platform ack interrupt first Suzuki K Poulose (1): irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() T.J. Mercier (1): splice: remove duplicate noinline from pipe_clear_nowait Tamura Dai (1): spi: spi-imx: Add check for spi_imx_setupxfer() Thadeu Lima de Souza Cascardo (1): char: misc: register chrdev region with all possible minors Thomas Bogendoerfer (1): MIPS: cm: Fix warning if MIPS_CM is disabled Thomas Weißschuh (2): KVM: s390: Don't use %pK through tracepoints KVM: s390: Don't use %pK through debug printing Thorsten Leemhuis (1): module: sign with sha512 instead of sha1 by default Théo Lebrun (1): usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func Tiezhu Yang (2): LoongArch: Make regs_irqs_disabled() more clear LoongArch: Make do_xyz() exception handlers more robust Tomi Valkeinen (3): media: subdev: Fix use of sd->enabled_streams in call_s_stream() media: subdev: Improve v4l2_subdev_enable/disable_streams_fallback media: subdev: Add v4l2_subdev_is_streaming() Tong Tiangen (1): x86/extable: Remove unused fixup type EX_TYPE_COPY Tudor Ambarus (3): soc: qcom: ice: introduce devm_of_qcom_ice_get mmc: sdhci-msm: fix dev reference leaked through of_qcom_ice_get scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get Tung Nguyen (1): tipc: fix NULL pointer dereference in tipc_mon_reinit_self() Uday Shankar (1): nvme: multipath: fix return value of nvme_available_path Uwe Kleine-König (2): auxdisplay: hd44780: Convert to platform remove callback returning void ASoC: qcom: lpass: Make asoc_qcom_lpass_cpu_platform_remove() return void Vincent Guittot (2): sched/topology: Consolidate and clean up access to a CPU's max compute capacity sched/cpufreq: Rework schedutil governor performance estimation Vinicius Costa Gomes (1): dmaengine: dmatest: Fix dmatest waiting less when interrupted Xiaogang Chen (1): udmabuf: fix a buf size overflow issue during udmabuf creation Xingui Yang (1): scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes Yafang Shao (1): bpf: Reject attaching fexit/fmod_ret to __noreturn functions Yu-Chun Lin (1): parisc: PDT: Fix missing prototype warning Yuli Wang (1): LoongArch: Select ARCH_USE_MEMTEST Yunlong Xing (1): loop: aio inherit the ioprio of original request Zijun Hu (1): of: resolver: Fix device node refcount leakage in of_resolve_phandles()

7 months, 1 week

1
1
0 0

Linux 6.1.136

by Greg Kroah-Hartman

I'm announcing the release of the 6.1.136 kernel. All users of the 6.1 kernel series must upgrade. The updated 6.1.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.1.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 2 arch/loongarch/Kconfig | 1 arch/loongarch/include/asm/ptrace.h | 4 arch/loongarch/mm/hugetlbpage.c | 2 arch/loongarch/mm/init.c | 3 arch/mips/include/asm/mips-cm.h | 22 ++ arch/mips/kernel/mips-cm.c | 14 + arch/parisc/kernel/pdt.c | 2 arch/s390/kvm/trace-s390.h | 4 arch/x86/entry/entry.S | 2 arch/x86/events/core.c | 2 arch/x86/kernel/cpu/bugs.c | 30 +- arch/x86/kernel/i8253.c | 3 arch/x86/kvm/svm/avic.c | 60 +++-- arch/x86/kvm/vmx/posted_intr.c | 28 -- arch/x86/kvm/x86.c | 3 arch/x86/mm/tlb.c | 6 crypto/crypto_null.c | 39 ++- drivers/acpi/ec.c | 28 ++ drivers/acpi/pptt.c | 4 drivers/auxdisplay/hd44780.c | 9 drivers/block/loop.c | 2 drivers/char/virtio_console.c | 7 drivers/clk/clk.c | 4 drivers/clk/renesas/r9a07g043-cpg.c | 28 ++ drivers/clk/renesas/r9a07g044-cpg.c | 21 + drivers/clk/renesas/rzg2l-cpg.c | 180 ++++++++++++----- drivers/clk/renesas/rzg2l-cpg.h | 24 +- drivers/comedi/drivers/jr3_pci.c | 17 + drivers/cpufreq/cppc_cpufreq.c | 2 drivers/cpufreq/scmi-cpufreq.c | 10 drivers/cpufreq/scpi-cpufreq.c | 13 - drivers/crypto/atmel-sha204a.c | 7 drivers/dma-buf/udmabuf.c | 2 drivers/dma/dmatest.c | 6 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 9 drivers/iio/adc/ad7768-1.c | 5 drivers/infiniband/hw/qib/qib_fs.c | 1 drivers/iommu/amd/iommu.c | 2 drivers/mcb/mcb-parse.c | 2 drivers/md/raid1.c | 26 +- drivers/misc/lkdtm/perms.c | 14 + drivers/misc/mchp_pci1xxxx/mchp_pci1xxxx_gpio.c | 8 drivers/misc/mei/hw-me-regs.h | 1 drivers/misc/mei/pci-me.c | 1 drivers/net/dsa/mv88e6xxx/chip.c | 106 ++++++---- drivers/net/dsa/mv88e6xxx/chip.h | 5 drivers/net/dsa/mv88e6xxx/global2.c | 25 -- drivers/net/phy/phy_led_triggers.c | 23 +- drivers/net/wireless/realtek/rtw88/main.c | 2 drivers/net/wireless/realtek/rtw88/tx.c | 2 drivers/net/xen-netfront.c | 17 + drivers/ntb/hw/amd/ntb_hw_amd.c | 1 drivers/ntb/hw/idt/ntb_hw_idt.c | 18 - drivers/nvme/host/core.c | 9 drivers/nvme/target/fc.c | 25 -- drivers/of/device.c | 7 drivers/of/resolver.c | 37 +-- drivers/pci/pci.c | 103 +++++---- drivers/pci/probe.c | 16 + drivers/pci/remove.c | 7 drivers/phy/freescale/phy-fsl-imx8m-pcie.c | 46 +++- drivers/pinctrl/renesas/pinctrl-rza2.c | 3 drivers/rtc/rtc-pcf85063.c | 19 + drivers/s390/char/sclp_con.c | 17 + drivers/s390/char/sclp_tty.c | 12 + drivers/scsi/hisi_sas/hisi_sas_main.c | 20 + drivers/scsi/pm8001/pm8001_sas.c | 1 drivers/scsi/scsi_lib.c | 6 drivers/spi/spi-imx.c | 5 drivers/spi/spi-tegra210-quad.c | 6 drivers/thunderbolt/tb.c | 16 + drivers/tty/serial/msm_serial.c | 6 drivers/tty/serial/sifive.c | 6 drivers/ufs/host/ufs-exynos.c | 10 drivers/usb/cdns3/cdns3-gadget.c | 2 drivers/usb/chipidea/ci_hdrc_imx.c | 44 ++-- drivers/usb/class/cdc-wdm.c | 21 + drivers/usb/core/quirks.c | 9 drivers/usb/dwc3/dwc3-pci.c | 10 drivers/usb/dwc3/dwc3-xilinx.c | 4 drivers/usb/dwc3/gadget.c | 28 ++ drivers/usb/gadget/udc/aspeed-vhub/dev.c | 3 drivers/usb/host/max3421-hcd.c | 7 drivers/usb/host/ohci-pci.c | 23 ++ drivers/usb/host/xhci-mvebu.c | 10 drivers/usb/host/xhci-mvebu.h | 6 drivers/usb/host/xhci-plat.c | 2 drivers/usb/host/xhci-ring.c | 11 - drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 5 drivers/usb/serial/option.c | 3 drivers/usb/serial/usb-serial-simple.c | 7 drivers/usb/storage/unusual_uas.h | 7 drivers/video/backlight/led_bl.c | 11 - drivers/xen/Kconfig | 2 fs/btrfs/file.c | 9 fs/ext4/block_validity.c | 5 fs/ext4/inode.c | 7 fs/jfs/jfs_dinode.h | 2 fs/jfs/jfs_imap.c | 6 fs/jfs/jfs_incore.h | 2 fs/jfs/jfs_txnmgr.c | 4 fs/jfs/jfs_xtree.c | 4 fs/jfs/jfs_xtree.h | 37 ++- fs/ntfs3/file.c | 1 include/dt-bindings/sound/qcom,q6dsp-lpass-ports.h | 8 include/linux/filter.h | 9 include/linux/pci.h | 1 include/net/dsa.h | 6 include/net/mac80211.h | 13 + include/trace/bpf_probe.h | 6 include/trace/perf.h | 6 include/trace/stages/stage1_struct_define.h | 6 include/trace/stages/stage2_data_offsets.h | 6 include/trace/stages/stage3_trace_output.h | 14 + include/trace/stages/stage4_event_fields.h | 12 + include/trace/stages/stage5_get_offsets.h | 6 include/trace/stages/stage6_event_callback.h | 20 + include/trace/stages/stage7_class_define.h | 3 init/Kconfig | 2 kernel/dma/contiguous.c | 3 kernel/module/Kconfig | 1 kernel/trace/bpf_trace.c | 7 kernel/trace/trace_events.c | 7 lib/test_ubsan.c | 18 + net/9p/client.c | 30 +- net/core/lwtunnel.c | 26 +- net/core/selftests.c | 18 + net/dsa/port.c | 32 +++ net/mac80211/ieee80211_i.h | 2 net/mac80211/status.c | 1 net/sched/act_mirred.c | 22 +- net/sched/sch_hfsc.c | 23 +- net/tipc/monitor.c | 3 samples/trace_events/trace-events-sample.c | 2 samples/trace_events/trace-events-sample.h | 46 +++- scripts/Makefile.lib | 2 sound/soc/codecs/wcd934x.c | 2 sound/soc/qcom/lpass.h | 3 sound/soc/qcom/qdsp6/q6afe-dai.c | 2 sound/soc/qcom/qdsp6/q6dsp-lpass-ports.c | 43 ++-- sound/virtio/virtio_pcm.c | 21 + tools/objtool/check.c | 9 tools/testing/selftests/mincore/mincore_selftest.c | 3 tools/testing/selftests/ublk/test_stripe_04.sh | 24 ++ tools/testing/selftests/vm/charge_reserved_hugetlb.sh | 4 tools/testing/selftests/vm/hugetlb_reparenting_test.sh | 2 148 files changed, 1429 insertions(+), 575 deletions(-) Adam Xue (1): USB: serial: option: add Sierra Wireless EM9291 Al Viro (1): qibfs: fix _another_ leak Alexander Stein (1): usb: host: max3421-hcd: Add missing spi_device_id table Alexander Usyskin (1): mei: me: add panther lake H DID Alexei Starovoitov (1): bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Alexey Nepomnyashih (1): xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() Alexis Lothoré (2): net: dsa: mv88e6xxx: pass directly chip structure to mv88e6xxx_phy_is_internal net: dsa: mv88e6xxx: add field to specify internal phys layout Anastasia Kovaleva (1): scsi: core: Clear flags for scsi_cmnd that did not complete Andy Shevchenko (2): usb: dwc3: gadget: Refactor loop to avoid NULL endpoints usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield Arnd Bergmann (2): dma/contiguous: avoid warning about unused size_bytes ntb: reduce stack usage in idt_scan_mws Basavaraj Natikar (1): ntb_hw_amd: Add NTB PCI ID for new gen CPU Breno Leitao (2): spi: tegra210-quad: use WARN_ON_ONCE instead of WARN_ON for timeouts spi: tegra210-quad: add rate limiting and simplify timeout error message Chenyuan Yang (2): pinctrl: renesas: rza2: Fix potential NULL pointer dereference usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() Claudiu Beznea (6): clk: renesas: rzg2l: Use u32 for flag and mux_flags clk: renesas: rzg2l: Add struct clk_hw_data clk: renesas: rzg2l: Remove CPG_SDHI_DSEL from generic header clk: renesas: rzg2l: Refactor SD mux driver clk: renesas: r9a07g04[34]: Use SEL_SDHI1_STS status configuration for SD1 mux clk: renesas: r9a07g04[34]: Fix typo for sel_shdi variable Cong Wang (2): net_sched: hfsc: Fix a UAF vulnerability in class handling net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Craig Hesling (1): USB: serial: simple: add OWON HDS200 series oscilloscope support Daniel Wagner (2): nvmet-fc: take tgtport reference only once nvmet-fc: put ref when assoc->del_work is already scheduled Dave Kleikamp (1): jfs: define xtree root and page independently Dominique Martinet (1): 9p/net: fix improper handling of bogus negative read/write replies Edward Adam Davis (1): fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size Evgeny Pimenov (1): ASoC: qcom: Fix sc7280 lpass potential buffer overflow Fedor Pchelkin (3): usb: chipidea: ci_hdrc_imx: fix usbmisc handling usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling Fernando Fernandez Mancera (1): x86/i8253: Call clockevent_i8253_disable() with interrupts disabled Frode Isaksen (1): usb: dwc3: gadget: check that event count does not exceed event buffer length Greg Kroah-Hartman (1): Linux 6.1.136 Gregory CLEMENT (1): MIPS: cm: Detect CM quirks from device tree Halil Pasic (1): virtio_console: fix missing byte order handling for cols and rows Hannes Reinecke (3): nvme: requeue namespace scan on missed AENs nvme: re-read ANA log page after ns scan completes nvme: fixup scan failure for non-ANA multipath controllers Haoxiang Li (4): auxdisplay: hd44780: Fix an API misuse in hd44780.c mcb: fix a double free bug in chameleon_parse_gdd() s390/sclp: Add check for get_zeroed_page() s390/tty: Fix a potential memory leak bug Heiko Stuebner (1): clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() Henry Martin (2): cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Herbert Xu (1): crypto: null - Use spin lock instead of mutex Herve Codina (1): backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Huacai Chen (1): USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) Ian Abbott (1): comedi: jr3_pci: Fix synchronous deletion of timer Igor Pylypiv (1): scsi: pm80xx: Set phy_attached to zero when device is gone Jakub Kicinski (1): net/sched: act_mirred: don't override retval if we already lost the skb Jason Andryuk (1): xen: Change xen-acpi-processor dom0 dependency Jean-Marc Eurin (1): ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls John Stultz (1): sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Jonathan Cameron (1): iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check Josh Poimboeuf (8): objtool: Silence more KCOV warnings objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() objtool, lkdtm: Obfuscate the do_nothing() pointer objtool: Stop UNRET validation on UD2 x86/bugs: Use SBPB in write_ibpb() if applicable x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline x86/bugs: Don't fill RSB on context switch with eIBRS objtool: Silence more KCOV warnings, part 2 Justin Iurman (1): net: lwtunnel: disable BHs when required Lad Prabhakar (1): clk: renesas: r9a07g043: Fix HP clock source for RZ/Five Lukas Stockmann (1): rtc: pcf85063: do a SW reset if POR failed Luo Gengkun (1): perf/x86: Fix non-sampling (counting) events on certain x86 platforms Ma Ke (1): PCI: Fix reference leak in pci_register_host_bridge() Marc Zyngier (1): cpufreq: cppc: Fix invalid return value in .get() callback Marek Behún (7): net: dsa: mv88e6xxx: fix internal PHYs for 6320 family net: dsa: mv88e6xxx: fix VTU methods for 6320 family crypto: atmel-sha204a - Set hwrng quality to lowest possible net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family net: dsa: mv88e6xxx: enable PVT for 6321 switch net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family net: dsa: mv88e6xxx: enable STU methods for 6320 family Mario Limonciello (1): ACPI: EC: Set ec_no_wakeup for Lenovo Go S Mark Brown (1): selftests/mm: generate a temporary mountpoint for cgroup filesystem Meir Elisha (1): md/raid1: Add check for missing source disk in process_checks() Miao Li (2): usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive Michael Ehrenreich (1): USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe Michal Pecio (1): usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running Mika Westerberg (1): thunderbolt: Scan retimers after device router has been enumerated Mike Looijmans (1): usb: dwc3: xilinx: Prevent spike in reset signal Ming Lei (1): selftests: ublk: fix test_stripe_04 Ming Wang (1): LoongArch: Return NULL from huge_pte_offset() for invalid PMD Mostafa Saleh (1): ubsan: Fix panic from test_ubsan_out_of_bounds Ojaswin Mujoo (1): ext4: make block validity check resistent to sb bh corruption Oleg Nesterov (1): sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP Oleksij Rempel (1): net: selftests: initialize TCP header and skb payload with zero Oliver Neukum (6): USB: storage: quirk for ADATA Portable HDD CH94 USB: VLI disk crashes if LPM is used USB: wdm: handle IO errors in wdm_wwan_port_start USB: wdm: close race between wdm_open and wdm_wwan_port_stop USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context USB: wdm: add annotation Pali Rohár (1): PCI: Assign PCI domain IDs by ida_alloc() Peter Griffin (1): scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() Petr Tesarik (1): LoongArch: Remove a bogus reference to ZONE_DMA Ping-Ke Shih (2): wifi: mac80211: export ieee80211_purge_tx_queue() for drivers wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb Qingfang Deng (1): net: phy: leds: fix memory leak Qiuxu Zhuo (1): selftests/mincore: Allow read-ahead pages to reach the end of the file Qu Wenruo (1): btrfs: avoid page_lockend underflow in btrfs_punch_hole_lock_range() Ralph Siemsen (1): usb: cdns3: Fix deadlock when using NCM gadget Rengarajan S (2): misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration misc: microchip: pci1xxxx: Fix incorrect IRQ status handling during ack Richard Zhu (3): phy: freescale: imx8m-pcie: Add i.MX8MP PCIe PHY support phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check phy: freescale: imx8m-pcie: Add one missing error return Rob Herring (1): PCI: Fix use-after-free in pci_bus_release_domain_nr() Rob Herring (Arm) (1): of: resolver: Simplify of_resolve_phandles() using __free() Roman Li (2): drm/amd/display: Fix gpu reset in multidisplay config drm/amd/display: Force full update in gpu reset Russell King (Oracle) (2): net: dsa: add support for mac_prepare() and mac_finish() calls net: dsa: mv88e6xxx: move link forcing to mac_prepare/mac_finish Ryo Takakura (1): serial: sifive: lock port in startup()/shutdown() callbacks Sean Christopherson (4): iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE KVM: SVM: Allocate IR data using atomic allocation KVM: x86: Explicitly treat routing entry type changes as changes KVM: x86: Reset IRTE to host control if *new* route isn't postable Sebastian Andrzej Siewior (1): xdp: Reset bpf_redirect_info before running a xdp's BPF prog. Sergey Shtylyov (1): of: module: add buffer overflow check in of_modalias() Sergiu Cuciurean (1): iio: adc: ad7768-1: Fix conversion result sign Srinivas Kandagatla (2): ASoC: qcom: q6dsp: add support to more display ports ASoC: qcom: q6afe-dai: fix Display Port Playback stream name Stefan Eichenberger (1): phy: freescale: imx8m-pcie: assert phy reset and perst in power off Stephan Gerhold (1): serial: msm: Configure correct working mode before starting earlycon Steven Rostedt (2): tracing: Add __print_dynamic_array() helper tracing: Verify event formats that have "%*p.." Steven Rostedt (Google) (4): tracing: Add __cpumask to denote a trace event field that is a cpumask_t tracing: Fix cpumask() example typo tracing: Add __string_len() example tracing: Remove pointer (asterisk) and brackets from cpumask_t field Tamura Dai (1): spi: spi-imx: Add check for spi_imx_setupxfer() Thomas Bogendoerfer (1): MIPS: cm: Fix warning if MIPS_CM is disabled Thomas Weißschuh (1): KVM: s390: Don't use %pK through tracepoints Thorsten Leemhuis (1): module: sign with sha512 instead of sha1 by default Théo Lebrun (1): usb: host: xhci-plat: mvebu: use ->quirks instead of ->init_quirk() func Tiezhu Yang (1): LoongArch: Make regs_irqs_disabled() more clear Tung Nguyen (1): tipc: fix NULL pointer dereference in tipc_mon_reinit_self() Uwe Kleine-König (2): auxdisplay: hd44780: Convert to platform remove callback returning void backlight: led_bl: Convert to platform remove callback returning void Vinicius Costa Gomes (1): dmaengine: dmatest: Fix dmatest waiting less when interrupted Vladimir Oltean (1): net: dsa: mv88e6xxx: don't dispose of Global2 IRQ mappings from mdiobus code Xiaogang Chen (1): udmabuf: fix a buf size overflow issue during udmabuf creation Xingui Yang (1): scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes Yu-Chun Lin (1): parisc: PDT: Fix missing prototype warning Yuli Wang (1): LoongArch: Select ARCH_USE_MEMTEST Yunlong Xing (1): loop: aio inherit the ioprio of original request Zijun Hu (1): of: resolver: Fix device node refcount leakage in of_resolve_phandles()

7 months, 1 week

1
1
0 0

Linux 5.15.181

by Greg Kroah-Hartman

I'm announcing the release of the 5.15.181 kernel. All users of the 5.15 kernel series must upgrade. The updated 5.15.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.15.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Documentation/scsi/libsas.rst | 2 Makefile | 5 arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 arch/arm64/include/asm/cputype.h | 4 arch/arm64/include/asm/fpsimd.h | 4 arch/arm64/include/asm/kvm_host.h | 17 arch/arm64/include/asm/kvm_hyp.h | 7 arch/arm64/include/asm/processor.h | 7 arch/arm64/include/asm/spectre.h | 1 arch/arm64/kernel/fpsimd.c | 117 +++- arch/arm64/kernel/process.c | 3 arch/arm64/kernel/proton-pack.c | 218 ++++---- arch/arm64/kernel/ptrace.c | 3 arch/arm64/kernel/signal.c | 3 arch/arm64/kvm/arm.c | 1 arch/arm64/kvm/fpsimd.c | 72 +- arch/arm64/kvm/hyp/entry.S | 5 arch/arm64/kvm/hyp/include/hyp/switch.h | 86 ++- arch/arm64/kvm/hyp/nvhe/hyp-main.c | 9 arch/arm64/kvm/hyp/nvhe/switch.c | 52 +- arch/arm64/kvm/hyp/vhe/switch.c | 4 arch/arm64/kvm/reset.c | 3 arch/mips/dec/prom/init.c | 2 arch/mips/include/asm/ds1287.h | 2 arch/mips/include/asm/mips-cm.h | 22 arch/mips/kernel/cevt-ds1287.c | 1 arch/mips/kernel/mips-cm.c | 14 arch/parisc/kernel/pdt.c | 2 arch/powerpc/kernel/rtas.c | 4 arch/riscv/include/asm/kgdb.h | 9 arch/riscv/include/asm/syscall.h | 7 arch/riscv/kernel/kgdb.c | 6 arch/riscv/kernel/setup.c | 36 + arch/s390/kvm/trace-s390.h | 4 arch/sparc/mm/tlb.c | 5 arch/x86/entry/entry.S | 2 arch/x86/events/intel/ds.c | 8 arch/x86/events/intel/uncore_snbep.c | 107 ---- arch/x86/kernel/cpu/amd.c | 2 arch/x86/kernel/cpu/bugs.c | 30 - arch/x86/kernel/e820.c | 17 arch/x86/kvm/svm/avic.c | 60 +- arch/x86/kvm/vmx/posted_intr.c | 28 - arch/x86/mm/tlb.c | 6 arch/x86/platform/pvh/head.S | 7 block/blk-cgroup.c | 24 block/blk-iocost.c | 7 crypto/crypto_null.c | 39 + drivers/acpi/platform_profile.c | 20 drivers/acpi/pptt.c | 4 drivers/ata/ahci.c | 2 drivers/ata/libata-eh.c | 11 drivers/ata/pata_pxa.c | 6 drivers/ata/sata_sx4.c | 118 +--- drivers/auxdisplay/hd44780.c | 9 drivers/base/devres.c | 7 drivers/block/loop.c | 9 drivers/bluetooth/btrtl.c | 2 drivers/bluetooth/hci_ldisc.c | 19 drivers/bluetooth/hci_uart.h | 1 drivers/bus/mhi/host/main.c | 16 drivers/char/virtio_console.c | 7 drivers/clk/clk.c | 4 drivers/clocksource/timer-stm32-lp.c | 4 drivers/comedi/drivers/jr3_pci.c | 17 drivers/cpufreq/cppc_cpufreq.c | 2 drivers/cpufreq/cpufreq.c | 8 drivers/cpufreq/scmi-cpufreq.c | 10 drivers/cpufreq/scpi-cpufreq.c | 13 drivers/crypto/atmel-sha204a.c | 7 drivers/crypto/caam/qi.c | 6 drivers/crypto/ccp/sp-pci.c | 15 drivers/dma-buf/udmabuf.c | 2 drivers/dma/dmatest.c | 6 drivers/gpio/gpio-tegra186.c | 95 ++- drivers/gpio/gpio-zynq.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 2 drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 6 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 20 drivers/gpu/drm/amd/display/dc/core/dc_link.c | 2 drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c | 22 drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c | 2 drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 3 drivers/gpu/drm/amd/display/dc/dcn31/dcn31_hubp.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c | 3 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 2 drivers/gpu/drm/drm_atomic_helper.c | 2 drivers/gpu/drm/drm_panel.c | 5 drivers/gpu/drm/drm_panel_orientation_quirks.c | 10 drivers/gpu/drm/i915/gt/intel_engine_cs.c | 7 drivers/gpu/drm/mediatek/mtk_dpi.c | 9 drivers/gpu/drm/msm/adreno/a6xx.xml.h | 4 drivers/gpu/drm/msm/adreno/a6xx_gmu.c | 148 +++-- drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 14 drivers/gpu/drm/msm/adreno/a6xx_gpu.h | 1 drivers/gpu/drm/nouveau/nouveau_bo.c | 3 drivers/gpu/drm/nouveau/nouveau_gem.c | 3 drivers/gpu/drm/sti/Makefile | 2 drivers/gpu/drm/tiny/repaper.c | 4 drivers/hid/usbhid/hid-pidff.c | 60 +- drivers/hsi/clients/ssi_protocol.c | 1 drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3 drivers/i3c/master.c | 3 drivers/i3c/master/svc-i3c-master.c | 2 drivers/iio/adc/ad7768-1.c | 5 drivers/infiniband/core/umem_odp.c | 6 drivers/infiniband/hw/bnxt_re/qplib_fp.c | 3 drivers/infiniband/hw/hns/hns_roce_main.c | 2 drivers/infiniband/hw/qib/qib_fs.c | 1 drivers/infiniband/hw/usnic/usnic_ib_main.c | 14 drivers/iommu/amd/iommu.c | 2 drivers/mcb/mcb-parse.c | 2 drivers/md/dm-cache-target.c | 24 drivers/md/dm-integrity.c | 3 drivers/md/raid1.c | 26 - drivers/md/raid10.c | 1 drivers/media/common/siano/smsdvb-main.c | 2 drivers/media/i2c/adv748x/adv748x.h | 2 drivers/media/i2c/ccs/ccs-core.c | 6 drivers/media/i2c/ov7251.c | 4 drivers/media/platform/qcom/venus/hfi_parser.c | 100 ++- drivers/media/platform/qcom/venus/hfi_venus.c | 18 drivers/media/rc/streamzap.c | 135 ++--- drivers/media/test-drivers/vim2m.c | 6 drivers/media/v4l2-core/v4l2-dv-timings.c | 4 drivers/mfd/ene-kb3930.c | 2 drivers/misc/mei/hw-me-regs.h | 1 drivers/misc/mei/pci-me.c | 1 drivers/misc/pci_endpoint_test.c | 6 drivers/mtd/inftlcore.c | 9 drivers/mtd/mtdpstore.c | 12 drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2 drivers/mtd/nand/raw/r852.c | 3 drivers/net/dsa/b53/b53_common.c | 10 drivers/net/dsa/mv88e6xxx/chip.c | 32 + drivers/net/dsa/mv88e6xxx/devlink.c | 3 drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1 drivers/net/ethernet/intel/igc/igc_defines.h | 1 drivers/net/ethernet/intel/igc/igc_main.c | 1 drivers/net/ethernet/intel/igc/igc_ptp.c | 93 ++- drivers/net/ethernet/microsoft/mana/mana.h | 2 drivers/net/ethernet/microsoft/mana/mana_en.c | 21 drivers/net/phy/phy_led_triggers.c | 23 drivers/net/ppp/ppp_synctty.c | 5 drivers/net/wireless/ath/ath10k/sdio.c | 5 drivers/net/wireless/atmel/at76c50x-usb.c | 2 drivers/net/wireless/mediatek/mt76/eeprom.c | 4 drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1 drivers/net/wireless/ti/wl1251/tx.c | 4 drivers/ntb/hw/idt/ntb_hw_idt.c | 18 drivers/ntb/ntb_transport.c | 2 drivers/nvme/host/core.c | 9 drivers/nvme/target/fc.c | 39 - drivers/nvme/target/fcloop.c | 2 drivers/of/irq.c | 13 drivers/pci/controller/pcie-brcmstb.c | 13 drivers/pci/controller/vmd.c | 12 drivers/pci/pci.c | 107 ++-- drivers/pci/probe.c | 54 +- drivers/pci/remove.c | 7 drivers/perf/arm_pmu.c | 8 drivers/phy/tegra/xusb.c | 2 drivers/pinctrl/qcom/pinctrl-msm.c | 12 drivers/platform/x86/asus-laptop.c | 9 drivers/pwm/pwm-fsl-ftm.c | 6 drivers/pwm/pwm-mediatek.c | 8 drivers/pwm/pwm-rcar.c | 24 drivers/s390/char/sclp_con.c | 17 drivers/s390/char/sclp_tty.c | 12 drivers/scsi/aic94xx/aic94xx.h | 1 drivers/scsi/aic94xx/aic94xx_init.c | 1 drivers/scsi/aic94xx/aic94xx_tmf.c | 9 drivers/scsi/hisi_sas/hisi_sas.h | 14 drivers/scsi/hisi_sas/hisi_sas_main.c | 363 ++++++-------- drivers/scsi/hisi_sas/hisi_sas_v1_hw.c | 2 drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 13 drivers/scsi/hisi_sas/hisi_sas_v3_hw.c | 16 drivers/scsi/isci/init.c | 1 drivers/scsi/isci/task.c | 18 drivers/scsi/isci/task.h | 4 drivers/scsi/lpfc/lpfc_els.c | 51 + drivers/scsi/lpfc/lpfc_hbadisc.c | 2 drivers/scsi/mvsas/mv_defs.h | 5 drivers/scsi/mvsas/mv_init.c | 1 drivers/scsi/mvsas/mv_sas.c | 31 - drivers/scsi/mvsas/mv_sas.h | 1 drivers/scsi/pm8001/pm8001_hwi.c | 4 drivers/scsi/pm8001/pm8001_init.c | 1 drivers/scsi/pm8001/pm8001_sas.c | 27 - drivers/scsi/pm8001/pm8001_sas.h | 11 drivers/scsi/scsi_transport_iscsi.c | 7 drivers/scsi/st.c | 2 drivers/scsi/ufs/ufs_bsg.c | 1 drivers/soc/samsung/exynos-chipid.c | 74 ++ drivers/soc/ti/omap_prm.c | 2 drivers/spi/spi-cadence-quadspi.c | 6 drivers/thermal/rockchip_thermal.c | 1 drivers/tty/serial/sifive.c | 6 drivers/usb/cdns3/cdns3-gadget.c | 2 drivers/usb/chipidea/ci_hdrc_imx.c | 44 + drivers/usb/class/cdc-wdm.c | 21 drivers/usb/core/quirks.c | 9 drivers/usb/dwc3/dwc3-pci.c | 10 drivers/usb/dwc3/gadget.c | 6 drivers/usb/gadget/udc/aspeed-vhub/dev.c | 3 drivers/usb/host/max3421-hcd.c | 7 drivers/usb/host/ohci-pci.c | 23 drivers/usb/host/xhci-ring.c | 11 drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 5 drivers/usb/serial/option.c | 3 drivers/usb/serial/usb-serial-simple.c | 7 drivers/usb/storage/unusual_uas.h | 7 drivers/vdpa/mlx5/core/mr.c | 7 drivers/video/backlight/led_bl.c | 11 drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6 drivers/xen/Kconfig | 2 drivers/xen/xenfs/xensyms.c | 4 fs/Kconfig | 1 fs/btrfs/super.c | 3 fs/cifs/cifs_debug.c | 4 fs/cifs/cifsglob.h | 1 fs/cifs/cifsproto.h | 7 fs/cifs/connect.c | 2 fs/cifs/fs_context.c | 5 fs/cifs/ioctl.c | 3 fs/cifs/smb2misc.c | 11 fs/cifs/smb2ops.c | 48 + fs/cifs/smb2pdu.c | 10 fs/cifs/transport.c | 43 - fs/ext4/block_validity.c | 5 fs/ext4/inode.c | 75 ++ fs/ext4/namei.c | 2 fs/ext4/super.c | 19 fs/ext4/xattr.c | 11 fs/f2fs/f2fs.h | 12 fs/f2fs/node.c | 9 fs/f2fs/super.c | 27 - fs/f2fs/sysfs.c | 14 fs/fuse/virtio_fs.c | 3 fs/hfs/bnode.c | 6 fs/hfsplus/bnode.c | 6 fs/isofs/export.c | 2 fs/jbd2/journal.c | 1 fs/jfs/jfs_dinode.h | 2 fs/jfs/jfs_dmap.c | 12 fs/jfs/jfs_imap.c | 10 fs/jfs/jfs_incore.h | 2 fs/jfs/jfs_txnmgr.c | 4 fs/jfs/jfs_xtree.c | 4 fs/jfs/jfs_xtree.h | 37 - fs/ksmbd/oplock.c | 2 fs/ksmbd/smb2misc.c | 22 fs/ksmbd/smb2pdu.c | 49 + fs/ksmbd/transport_ipc.c | 7 fs/namespace.c | 3 fs/nfs/Kconfig | 2 fs/nfs/internal.h | 22 fs/nfs/nfs4session.h | 4 fs/nfsd/Kconfig | 1 fs/nfsd/nfs4state.c | 2 fs/nfsd/nfsfh.h | 7 fs/ntfs3/file.c | 1 fs/proc/array.c | 53 +- include/linux/backing-dev.h | 1 include/linux/blk-cgroup.h | 1 include/linux/filter.h | 9 include/linux/nfs.h | 13 include/linux/pci.h | 1 include/linux/sched/task_stack.h | 2 include/linux/soc/samsung/exynos-chipid.h | 6 include/net/bluetooth/bluetooth.h | 1 include/net/net_namespace.h | 1 include/net/sctp/structs.h | 3 include/net/sock.h | 10 include/scsi/libsas.h | 10 include/uapi/linux/kfd_ioctl.h | 2 include/uapi/linux/landlock.h | 2 include/xen/interface/xen-mca.h | 2 init/Kconfig | 3 kernel/bpf/helpers.c | 14 kernel/bpf/syscall.c | 17 kernel/dma/contiguous.c | 3 kernel/locking/lockdep.c | 3 kernel/sched/cpufreq_schedutil.c | 18 kernel/trace/ftrace.c | 1 kernel/trace/trace_events.c | 4 kernel/trace/trace_events_filter.c | 4 lib/sg_split.c | 2 lib/string.c | 15 lib/test_ubsan.c | 18 mm/filemap.c | 2 mm/gup.c | 4 mm/memory-failure.c | 11 mm/memory.c | 4 mm/vmscan.c | 2 net/8021q/vlan_dev.c | 31 - net/bluetooth/af_bluetooth.c | 22 net/bluetooth/hci_event.c | 5 net/bluetooth/l2cap_core.c | 3 net/bluetooth/sco.c | 18 net/core/dev.c | 1 net/core/filter.c | 80 +-- net/core/net_namespace.c | 21 net/core/page_pool.c | 8 net/core/rtnetlink.c | 2 net/core/selftests.c | 18 net/core/sock.c | 10 net/dsa/tag_8021q.c | 2 net/ethtool/netlink.c | 8 net/ipv6/route.c | 6 net/mac80211/iface.c | 3 net/mac80211/mesh_hwmp.c | 14 net/mctp/af_mctp.c | 3 net/mptcp/sockopt.c | 16 net/mptcp/subflow.c | 23 net/netfilter/ipvs/ip_vs_ctl.c | 10 net/netfilter/nft_set_pipapo_avx2.c | 3 net/openvswitch/actions.c | 4 net/openvswitch/flow_netlink.c | 3 net/phonet/pep.c | 41 + net/sched/sch_hfsc.c | 23 net/sctp/socket.c | 22 net/sctp/transport.c | 2 net/tipc/link.c | 1 net/tipc/monitor.c | 3 net/tls/tls_main.c | 6 security/landlock/errata.h | 87 +++ security/landlock/setup.c | 30 + security/landlock/setup.h | 3 security/landlock/syscalls.c | 22 sound/pci/hda/hda_intel.c | 15 sound/soc/codecs/lpass-wsa-macro.c | 117 +++- sound/soc/codecs/wcd934x.c | 2 sound/soc/fsl/fsl_audmix.c | 16 sound/soc/qcom/qdsp6/q6asm-dai.c | 19 sound/usb/midi.c | 80 ++- sound/virtio/virtio_pcm.c | 21 tools/objtool/check.c | 3 tools/power/cpupower/bench/parse.c | 4 tools/testing/ktest/ktest.pl | 8 tools/testing/selftests/landlock/base_test.c | 46 + tools/testing/selftests/mincore/mincore_selftest.c | 3 tools/testing/selftests/ublk/test_stripe_04.sh | 24 tools/testing/selftests/vm/charge_reserved_hugetlb.sh | 4 tools/testing/selftests/vm/hugetlb_reparenting_test.sh | 2 352 files changed, 3456 insertions(+), 1946 deletions(-) Abdun Nihaal (3): wifi: at76c50x: fix use after free access in at76_disconnect wifi: wl1251: fix memory leak in wl1251_tx_work cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path Abhinav Kumar (1): drm: allow encoder mode_set even when connectors change for crtc Adam Xue (1): USB: serial: option: add Sierra Wireless EM9291 Akhil P Oommen (4): drm/msm/a6xx: Improve gpu recovery sequence drm/msm/a6xx: Handle GMU prepare-slumber hfi failure drm/msm/a6xx: Avoid gx gbit halt during rpm suspend drm/msm/a6xx: Fix stale rpmh votes from GPU Al Viro (1): qibfs: fix _another_ leak Alex Williamson (1): Revert "PCI: Avoid reset when disabled via sysfs" Alexander Potapenko (1): kmsan: disable strscpy() optimization under KMSAN Alexander Stein (1): usb: host: max3421-hcd: Add missing spi_device_id table Alexander Usyskin (1): mei: me: add panther lake H DID Alexandra Diupina (1): cifs: avoid NULL pointer dereference in dbg call Alexandre Torgue (1): clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup Alexey Klimov (1): ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path Andreas Gruenbacher (1): writeback: fix false warning in inode_to_wb() Andrew Wyatt (2): drm: panel-orientation-quirks: Add support for AYANEO 2S drm: panel-orientation-quirks: Add new quirk for GPD Win 2 Andrii Nakryiko (1): bpf: avoid holding freeze_mutex during mmap operation Andy Shevchenko (1): usb: dwc3: gadget: Avoid using reserved endpoints on Intel Merrifield AngeloGioacchino Del Regno (1): drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off Ard Biesheuvel (1): x86/pvh: Call C code via the kernel virtual mapping Arnaud Lecomte (1): net: ppp: Add bound checking for skb data on ppp_sync_txmung Arnd Bergmann (2): dma/contiguous: avoid warning about unused size_bytes ntb: reduce stack usage in idt_scan_mws Arseniy Krasnov (2): Bluetooth: hci_uart: fix race during initialization Bluetooth: hci_uart: Fix another race during initialization Artem Sadovnikov (1): ext4: fix off-by-one error in do_split Ayush Jain (1): ktest: Fix Test Failures Due to Missing LOG_FILE Directories Baoquan He (1): mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable() Ben Dooks (1): bpf: Add endian modifiers to fix endian warnings Bhupesh (1): ext4: ignore xattrs past end Björn Töpel (1): riscv: Properly export reserved regions in /proc/iomem Boqun Feng (1): locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() Chao Yu (2): f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() f2fs: check validation of fault attrs in f2fs_build_fault_attr() Chen Hanxiao (1): ipvs: properly dereference pe in ip_vs_add_service Chen-Yu Tsai (1): arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string ChenXiaoSong (1): smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() Chengchang Tang (1): RDMA/hns: Fix wrong maximum DMA segment size Chenyuan Yang (3): mfd: ene-kb3930: Fix a potential NULL pointer dereference soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() Chris Bainbridge (1): drm/nouveau: prime: fix ttm_bo_delayed_delete oops Chris Wilson (1): drm/i915/gt: Cleanup partial engine discovery failures Christopher S M Hall (4): igc: fix PTM cycle trigger logic igc: move ktime snapshot into PTM retry loop igc: handle the IGC_PTP_ENABLED flag correctly igc: cleanup PTP module if probe fails Cong Wang (2): net_sched: hfsc: Fix a UAF vulnerability in class handling net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Craig Hesling (1): USB: serial: simple: add OWON HDS200 series oscilloscope support Dan Carpenter (1): Bluetooth: btrtl: Prevent potential NULL dereference Daniel Kral (1): ahci: add PCI ID for Marvell 88SE9215 SATA Controller Daniel Wagner (3): nvmet-fcloop: swap list_add_tail arguments nvmet-fc: take tgtport reference only once nvmet-fc: put ref when assoc->del_work is already scheduled Dapeng Mi (1): perf/x86/intel: Allow to update user space GPRs from PEBS records Dave Kleikamp (1): jfs: define xtree root and page independently David Yat Sin (1): drm/amdkfd: clamp queue size to minimum Denis Arefev (7): asus-laptop: Fix an uninitialized variable drm/amd/pm: Prevent division by zero drm/amd/pm/powerplay: Prevent division by zero drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero drm/amd/pm/swsmu/smu13/smu_v13_0: Prevent division by zero drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero ksmbd: Prevent integer overflow in calculation of deadtime Douglas Anderson (6): arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD arm64: cputype: Add MIDR_CORTEX_A76AE arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists Edward Adam Davis (4): jfs: Prevent copying of nlink with value 0 from disk inode jfs: add sanity check for agwidth in dbMount isofs: Prevent the use of too small fid fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size Enzo Matsumiya (2): smb: client: fix UAF in async decryption cifs: print TIDs as hex Eric Biggers (1): nfs: add missing selections of CONFIG_CRC32 Eric Dumazet (2): net: make sock_inuse_add() available net: defer final 'struct net' free in netns dismantle Fedor Pchelkin (4): ntb: use 64-bit arithmetic for the MSI doorbell mask usb: chipidea: ci_hdrc_imx: fix usbmisc handling usb: chipidea: ci_hdrc_imx: fix call balance of regulator routines usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling Felix Huettner (1): net: openvswitch: fix race on port output Florian Westphal (1): nft_set_pipapo: fix incorrect avx2 match of 5th field octet Frode Isaksen (1): usb: dwc3: gadget: check that event count does not exceed event buffer length Frédéric Danis (1): Bluetooth: l2cap: Check encryption key size on incoming connection Fuad Tabba (1): KVM: arm64: Calculate cptr_el2 traps on activating traps Gabriele Paoloni (1): tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER Gang Yan (1): mptcp: fix NULL pointer in can_accept_new_subflow Gavrilov Ilia (1): wifi: mac80211: fix integer overflow in hwmp_route_info_get() Geert Uytterhoeven (2): pwm: rcar: Simplify multiplication/shift logic PCI: Fix dropping valid root bus resources with .end = zero Greg Kroah-Hartman (1): Linux 5.15.181 Gregory CLEMENT (1): MIPS: cm: Detect CM quirks from device tree Guixin Liu (2): scsi: ufs: bsg: Set bsg_queue to NULL after removal gpio: tegra186: fix resource handling in ACPI probe path Halil Pasic (1): virtio_console: fix missing byte order handling for cols and rows Hannes Reinecke (4): ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining ones nvme: requeue namespace scan on missed AENs nvme: re-read ANA log page after ns scan completes nvme: fixup scan failure for non-ANA multipath controllers Haoxiang Li (5): wifi: mt76: Add check for devm_kstrdup() auxdisplay: hd44780: Fix an API misuse in hd44780.c mcb: fix a double free bug in chameleon_parse_gdd() s390/sclp: Add check for get_zeroed_page() s390/tty: Fix a potential memory leak bug Heiko Stuebner (1): clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() Henry Martin (3): ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Herbert Xu (2): crypto: caam/qi - Fix drv_ctx refcount bug crypto: null - Use spin lock instead of mutex Hersen Wu (1): drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links Herve Codina (1): backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Hou Tao (1): bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers Huacai Chen (1): USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) Ian Abbott (1): comedi: jr3_pci: Fix synchronous deletion of timer Icenowy Zheng (1): wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table Igor Pylypiv (1): scsi: pm80xx: Set phy_attached to zero when device is gone Ilya Maximets (2): net: openvswitch: fix nested key length validation in the set() action openvswitch: fix lockup on tx to unregistering netdev with carrier Jakub Kicinski (1): net: tls: explicitly disallow disconnect James Smart (1): scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI Jan Beulich (1): xenfs/xensyms: respect hypervisor's "next" indication Jan Kara (1): jbd2: remove wrong sb->s_sequence check Jann Horn (1): ext4: don't treat fhandle lookup of ea_inode as FS corruption Jason Andryuk (1): xen: Change xen-acpi-processor dom0 dependency Jason Xing (1): page_pool: avoid infinite loop to schedule delayed worker Jean-Marc Eurin (1): ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls Jeff Hugo (1): bus: mhi: host: Fix race between unprepare and queue_buf Jeff Layton (1): nfs: move nfs_fhandle_hash to common include file Jiasheng Jiang (2): mtd: Add check for devm_kcalloc() mtd: Replace kcalloc() with devm_kcalloc() Johannes Berg (1): Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Johannes Kimmel (1): btrfs: correctly escape subvol in btrfs_show_options() John Garry (6): scsi: hisi_sas: Start delivery hisi_sas_task_exec() directly scsi: hisi_sas: Pass abort structure for internal abort scsi: hisi_sas: Factor out task prep and delivery code scsi: hisi_sas: Fix setting of hisi_sas_slot.is_internal scsi: libsas: Delete lldd_clear_aca callback scsi: libsas: Add struct sas_tmf_task John Stultz (1): sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Jonas Gorski (1): net: b53: enable BPDU reception for management port Jonathan Cameron (1): iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check Josh Poimboeuf (6): pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() objtool: Stop UNRET validation on UD2 x86/bugs: Use SBPB in write_ibpb() if applicable x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline x86/bugs: Don't fill RSB on context switch with eIBRS Kai Mäkisara (1): scsi: st: Fix array overflow in st_setup() Kai-Heng Feng (1): PCI: Coalesce host bridge contiguous apertures Kaixin Wang (1): HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition Kamal Dasu (1): mtd: rawnand: brcmnand: fix PM resume warning Kan Liang (3): perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX perf/x86/intel/uncore: Fix the scale of IIO free running counters on SPR Kang Yang (1): wifi: ath10k: avoid NULL pointer error during sdio remove Karina Yankevich (1): media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() Kees Cook (1): xen/mcelog: Add __nonstring annotations for unterminated strings Kirill A. Shutemov (1): mm: fix apply_to_existing_page_range() Krzysztof Kozlowski (2): gpio: zynq: Fix wakeup source leaks on device unbind soc: samsung: exynos-chipid: avoid soc_device_to_device() Kunihiko Hayashi (3): misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type Kunwu Chan (1): pmdomain: ti: Add a null pointer check to the omap_prm_domain_init Leonid Arapov (1): fbdev: omapfb: Add 'plane' value check Li Lingfeng (1): nfsd: decrease sc_count directly if fail to queue dl_recall Li Nan (1): blk-iocost: do not WARN if iocg was already offlined Luca Ceresoli (1): drm/bridge: panel: forbid initializing a panel with unknown connector type Lucas De Marchi (1): drivers: base: devres: Allow to release group on device release Luiz Augusto von Dentz (2): Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address Bluetooth: SCO: Fix UAF on sco_sock_timeout Ma Ke (2): PCI: Fix reference leak in pci_alloc_child_bus() PCI: Fix reference leak in pci_register_host_bridge() Manjunatha Venkatesh (1): i3c: Add NULL pointer check in i3c_master_queue_ibi() Marc Zyngier (2): KVM: arm64: Always start with clearing SVE flag on load cpufreq: cppc: Fix invalid return value in .get() callback Marek Behún (6): net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family net: dsa: mv88e6xxx: fix VTU methods for 6320 family crypto: atmel-sha204a - Set hwrng quality to lowest possible net: dsa: mv88e6xxx: fix atu_move_port_mask for 6341 family net: dsa: mv88e6xxx: enable PVT for 6321 switch net: dsa: mv88e6xxx: enable .port_set_policy() for 6320 family Mark Brown (6): KVM: arm64: Get rid of host SVE tracking/saving KVM: arm64: Discard any SVE state when entering KVM guests arm64/fpsimd: Track the saved FPSIMD state type separately to TIF_SVE arm64/fpsimd: Have KVM explicitly say which FP registers to save arm64/fpsimd: Stop using TIF_SVE to manage register saving in KVM selftests/mm: generate a temporary mountpoint for cgroup filesystem Mark Rutland (5): perf: arm_pmu: Don't disable counter in armpmu_add() KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state KVM: arm64: Remove host FPSIMD saving for non-protected KVM KVM: arm64: Remove VHE host restore of CPACR_EL1.ZEN KVM: arm64: Eagerly switch ZCR_EL{1,2} Mathieu Desnoyers (1): mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock Matt Johnston (1): net: mctp: Set SOCK_RCU_FREE Matthew Auld (1): drm/amdgpu/dma_buf: fix page_link check Matthew Majewski (1): media: vim2m: print device name after registering device Matthieu Baerts (NGI0) (2): mptcp: only inc MPJoinAckHMacFailure for HMAC failures mptcp: sockopt: fix getting IPV6_V6ONLY Max Grobecker (1): x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine Maxim Mikityanskiy (1): ALSA: hda: intel: Fix Optimus when GPU has no sound Maxime Chevallier (1): net: ethtool: Don't call .cleanup_data when prepare_data fails Meir Elisha (1): md/raid1: Add check for missing source disk in process_checks() Miao Li (2): usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive Miaoqian Lin (2): scsi: iscsi: Fix missing scsi_host_put() in error path phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function Michael Ehrenreich (1): USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe Michal Pecio (1): usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running Michal Schmidt (1): bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq Mickaël Salaün (1): landlock: Add the errata interface Mikulas Patocka (1): dm-integrity: set ti->error on memory allocation failure Ming Lei (1): selftests: ublk: fix test_stripe_04 Ming-Hung Tsai (1): dm cache: fix flushing uninitialized delayed_work on cache_ctr error Miquel Raynal (1): spi: cadence-qspi: Fix probe on AM62A LP SK Mostafa Saleh (1): ubsan: Fix panic from test_ubsan_out_of_bounds Murad Masimov (2): media: streamzap: prevent processing IR data on URB failure media: streamzap: fix race between device disconnection and urb callback Myrrh Periwinkle (1): x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() Namjae Jeon (1): ksmbd: fix potencial out-of-bounds when buffer offset is invalid Nathan Chancellor (4): ACPI: platform-profile: Fix CFI violation when accessing sysfs files riscv: Avoid fortify warning in syscall_get_arguments() kbuild: Add '-fno-builtin-wcslen' f2fs: Add inline to f2fs_build_fault_attr() stub Nathan Lynch (1): powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Nikita Zhandarovich (1): drm/repaper: fix integer overflows in repeat functions Niklas Cassel (1): ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode Niklas Söderlund (1): media: i2c: adv748x: Fix test pattern selection mask Ojaswin Mujoo (2): ext4: protect ext4_release_dquot against freezing ext4: make block validity check resistent to sb bh corruption Oleg Nesterov (2): fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP Oleksij Rempel (1): net: selftests: initialize TCP header and skb payload with zero Oliver Neukum (6): USB: storage: quirk for ADATA Portable HDD CH94 USB: VLI disk crashes if LPM is used USB: wdm: handle IO errors in wdm_wwan_port_start USB: wdm: close race between wdm_open and wdm_wwan_port_stop USB: wdm: wdm_wwan_port_tx_complete mutex in atomic context USB: wdm: add annotation Pali Rohár (1): PCI: Assign PCI domain IDs by ida_alloc() Paolo Abeni (1): ipv6: release nexthop on device removal Paulo Alcantara (5): smb: client: fix potential UAF in cifs_dump_full_key() smb: client: fix use-after-free bug in cifs_debug_data_proc_show() smb: client: fix NULL ptr deref in crypto_aead_setkey() smb: client: fix potential deadlock when releasing mids smb: client: fix potential UAF in cifs_stats_proc_show() Pei Li (1): jfs: Fix shift-out-of-bounds in dbDiscardAG Peter Collingbourne (1): string: Add load_unaligned_zeropad() code path to sized_strscpy() Philip Yang (1): drm/amdkfd: Fix pqm_destroy_queue race with GPU reset Qingfang Deng (1): net: phy: leds: fix memory leak Qiuxu Zhuo (1): selftests/mincore: Allow read-ahead pages to reach the end of the file Qun-Wei Lin (1): sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers Rafael J. Wysocki (2): cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS cpufreq: Reference count policy in cpufreq_update_limits() Ralph Siemsen (1): usb: cdns3: Fix deadlock when using NCM gadget Rand Deeb (2): fs/jfs: cast inactags to s64 to prevent potential overflow fs/jfs: Prevent integer overflow in AG size calculation Remi Pommarel (2): wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() wifi: mac80211: Purge vif txq in ieee80211_do_stop() Ricard Wanderlof (1): ALSA: usb-audio: Fix CME quirk for UF series keyboards Ricardo Cañuelo Navarro (1): sctp: detect and prevent references to a freed transport in sendmsg Rob Herring (1): PCI: Fix use-after-free in pci_bus_release_domain_nr() Rolf Eike Beer (1): drm/sti: remove duplicate object names Roman Li (1): drm/amd/display: Fix gpu reset in multidisplay config Roman Smirnov (1): cifs: fix integer overflow in match_server() Ross Lagerwall (1): PCI: Release resource invalidated by coalescing Ryan Roberts (1): sparc/mm: disable preemption in lazy mmu mode Ryo Takakura (2): PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type serial: sifive: lock port in startup()/shutdown() callbacks Rémi Denis-Courmont (1): phonet/pep: fix racy skb_queue_empty() use Sakari Ailus (4): media: i2c: ccs: Set the device's runtime PM status correctly in remove media: i2c: ccs: Set the device's runtime PM status correctly in probe media: i2c: ov7251: Set enable GPIO low in probe media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO Sam Protsenko (1): soc: samsung: exynos-chipid: Pass revision reg offsets Sean Christopherson (3): iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE KVM: SVM: Allocate IR data using atomic allocation KVM: x86: Reset IRTE to host control if *new* route isn't postable Sean Young (4): media: streamzap: remove unnecessary ir_raw_event_reset and handle media: streamzap: no need for usb pid/vid in device name media: streamzap: less chatter media: streamzap: remove unused struct members Sebastian Andrzej Siewior (1): xdp: Reset bpf_redirect_info before running a xdp's BPF prog. Sergiu Cuciurean (1): iio: adc: ad7768-1: Fix conversion result sign Shay Drory (1): RDMA/core: Silence oversized kvmalloc() warning Shengjiu Wang (1): ASoC: fsl_audmix: register card device depends on 'dais' property Shuai Xue (1): mm/hwpoison: do not send SIGBUS to processes with recovered clean pages Si-Wei Liu (1): vdpa/mlx5: Fix oversized null mkey longer than 32bit Souradeep Chakrabarti (1): net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Srinivas Kandagatla (2): ASoC: codecs:lpass-wsa-macro: Fix vi feedback rate ASoC: codecs:lpass-wsa-macro: Fix logic of enabling vi channels Srinivasan Shanmugam (2): drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing Stanimir Varbanov (1): PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() Stanislav Fomichev (1): net: vlan: don't propagate flags on open Stanley Chu (1): i3c: master: svc: Use readsb helper for reading MDB Stephan Gerhold (1): pinctrl: qcom: Clear latched interrupt status when changing IRQ type Steven Rostedt (1): tracing: Fix filter string testing T Pratham (1): lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets Thadeu Lima de Souza Cascardo (1): i2c: cros-ec-tunnel: defer probe if parent EC is not present Thierry Reding (1): gpio: tegra186: Force one interrupt per bank Thomas Bogendoerfer (1): MIPS: cm: Fix warning if MIPS_CM is disabled Thomas Weißschuh (3): loop: properly send KOBJ_CHANGED uevent for disk device loop: LOOP_SET_FD: send uevents for partitions KVM: s390: Don't use %pK through tracepoints Thorsten Leemhuis (1): module: sign with sha512 instead of sha1 by default Tim Huang (1): drm/amd/display: fix double free issue during amdgpu module unload Tom Lendacky (1): crypto: ccp - Fix check for the primary ASP device Tomasz Pakuła (3): HID: pidff: Convert infinite length from Linux API to PID standard HID: pidff: Do not send effect envelope if it's empty HID: pidff: Fix null pointer dereference in pidff_find_fields Trevor Woerner (1): thermal/drivers/rockchip: Add missing rk3328 mapping entry Trond Myklebust (2): umount: Allow superblock owners to force umount filemap: Fix bounds checking in filemap_read() Tung Nguyen (2): tipc: fix memory leak in tipc_link_xmit tipc: fix NULL pointer dereference in tipc_mon_reinit_self() Tuo Li (1): scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() Uwe Kleine-König (4): pwm: rcar: Improve register calculation pwm: fsl-ftm: Handle clk_get_rate() returning 0 auxdisplay: hd44780: Convert to platform remove callback returning void backlight: led_bl: Convert to platform remove callback returning void Vasiliy Kovalev (1): hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Vikash Garodia (4): media: venus: hfi: add a check to handle OOB in sfr region media: venus: hfi: add check to handle incorrect queue size media: venus: hfi_parser: add check to avoid out of bound access media: venus: hfi_parser: refactor hfi packet parsing logic Vinicius Costa Gomes (1): dmaengine: dmatest: Fix dmatest waiting less when interrupted Vitaly Prosyak (1): drm/amdgpu: fix usage slab after free Vladimir Oltean (2): net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails Wang Liang (1): net: fix crash when config small gso_max_size/gso_ipv4_max_size WangYuli (6): riscv: KGDB: Do not inline arch_kgdb_breakpoint() riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break nvmet-fc: Remove unused functions MIPS: dec: Declare which_prom() as static MIPS: cevt-ds1287: Add missing ds1287.h include MIPS: ds1287: Match ds1287_set_base_clock() function types Wentao Liang (3): ata: sata_sx4: Add error handling in pdc20621_i2c_read() mtd: inftlcore: Add error check for inftl_read_oob() mtd: rawnand: Add status chack in r852_ready() Willem de Bruijn (1): bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags Xiangsheng Hou (1): virtiofs: add filesystem context source name check Xiaogang Chen (1): udmabuf: fix a buf size overflow issue during udmabuf creation Xiaxi Shen (1): ext4: fix timer use-after-free on failed mount Xingui Yang (2): scsi: hisi_sas: Enable force phy when SATA disk directly connected scsi: hisi_sas: Fix I/O errors caused by hardware port ID changes Yu Kuai (2): md/raid10: fix missing discard IO accounting blk-cgroup: support to track if policy is online Yu-Chun Lin (1): parisc: PDT: Fix missing prototype warning Yuan Can (1): media: siano: Fix error handling in smsdvb_module_init() Yue Haibing (1): RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() Yunlong Xing (1): loop: aio inherit the ioprio of original request Zhang Xiaoxu (1): cifs: Fix UAF in cifs_demultiplex_thread() Zhikai Zhai (1): drm/amd/display: Update Cursor request mode to the beginning prefetch always Zhongqiu Han (2): pm: cpupower: bench: Prevent NULL dereference on malloc failure jfs: Fix uninit-value access of imap allocated in the diMount() function Zijun Hu (3): of/irq: Fix device node refcount leakages in of_irq_count() of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() of/irq: Fix device node refcount leakages in of_irq_init() zhoumin (1): ftrace: Add cond_resched() to ftrace_graph_set_hash()

7 months, 1 week

1
1
0 0

Linux 5.10.237

by Greg Kroah-Hartman

I'm announcing the release of the 5.10.237 kernel. All users of the 5.10 kernel series must upgrade. The updated 5.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 5 arch/arm/mach-exynos/Kconfig | 1 arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 arch/arm64/include/asm/cputype.h | 4 arch/arm64/kernel/proton-pack.c | 1 arch/mips/dec/prom/init.c | 2 arch/mips/include/asm/ds1287.h | 2 arch/mips/include/asm/mips-cm.h | 22 + arch/mips/kernel/cevt-ds1287.c | 1 arch/mips/kernel/mips-cm.c | 14 + arch/parisc/kernel/pdt.c | 2 arch/powerpc/kernel/rtas.c | 4 arch/riscv/include/asm/kgdb.h | 9 arch/riscv/include/asm/syscall.h | 7 arch/riscv/kernel/kgdb.c | 6 arch/s390/kvm/trace-s390.h | 4 arch/sparc/mm/tlb.c | 5 arch/x86/entry/entry.S | 2 arch/x86/events/intel/ds.c | 8 arch/x86/events/intel/uncore_snbep.c | 49 --- arch/x86/kernel/cpu/amd.c | 2 arch/x86/kernel/cpu/bugs.c | 8 arch/x86/kernel/e820.c | 17 - arch/x86/kvm/svm/avic.c | 60 ++-- arch/x86/kvm/vmx/posted_intr.c | 28 -- arch/x86/platform/pvh/head.S | 7 block/blk-cgroup.c | 24 + block/blk-iocost.c | 7 crypto/crypto_null.c | 39 +- drivers/acpi/pptt.c | 4 drivers/ata/ahci.c | 2 drivers/ata/libata-eh.c | 11 drivers/ata/pata_pxa.c | 6 drivers/ata/sata_sx4.c | 118 +++----- drivers/bluetooth/btrtl.c | 2 drivers/bluetooth/hci_ldisc.c | 19 + drivers/bluetooth/hci_uart.h | 1 drivers/char/virtio_console.c | 7 drivers/clk/clk.c | 4 drivers/clocksource/timer-stm32-lp.c | 4 drivers/cpufreq/cpufreq.c | 8 drivers/cpufreq/scpi-cpufreq.c | 13 drivers/crypto/atmel-sha204a.c | 7 drivers/crypto/caam/qi.c | 6 drivers/crypto/ccp/sp-pci.c | 15 - drivers/dma-buf/udmabuf.c | 2 drivers/dma/dmatest.c | 6 drivers/gpio/gpio-zynq.c | 1 drivers/gpu/drm/amd/amdgpu/amdgpu_dma_buf.c | 9 drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.h | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_vram_mgr.c | 6 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10 drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 14 - drivers/gpu/drm/amd/display/dc/dcn21/dcn21_resource.c | 2 drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_thermal.c | 4 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega10_thermal.c | 4 drivers/gpu/drm/amd/pm/powerplay/hwmgr/vega20_thermal.c | 2 drivers/gpu/drm/drm_atomic_helper.c | 2 drivers/gpu/drm/drm_panel.c | 5 drivers/gpu/drm/drm_panel_orientation_quirks.c | 10 drivers/gpu/drm/i915/gt/intel_engine_cs.c | 7 drivers/gpu/drm/mediatek/mtk_dpi.c | 9 drivers/gpu/drm/nouveau/nouveau_bo.c | 3 drivers/gpu/drm/nouveau/nouveau_gem.c | 3 drivers/gpu/drm/sti/Makefile | 2 drivers/gpu/drm/tiny/repaper.c | 4 drivers/hid/usbhid/hid-pidff.c | 60 +++- drivers/hsi/clients/ssi_protocol.c | 1 drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3 drivers/i3c/master.c | 3 drivers/iio/adc/ad7768-1.c | 5 drivers/infiniband/core/umem_odp.c | 6 drivers/infiniband/hw/hns/hns_roce_main.c | 2 drivers/infiniband/hw/qib/qib_fs.c | 1 drivers/infiniband/hw/usnic/usnic_ib_main.c | 14 - drivers/iommu/amd/iommu.c | 2 drivers/mcb/mcb-parse.c | 2 drivers/md/dm-cache-target.c | 24 + drivers/md/dm-integrity.c | 3 drivers/md/raid1.c | 26 + drivers/media/common/siano/smsdvb-main.c | 2 drivers/media/i2c/adv748x/adv748x.h | 2 drivers/media/i2c/ov7251.c | 4 drivers/media/platform/qcom/venus/Makefile | 3 drivers/media/platform/qcom/venus/core.c | 17 - drivers/media/platform/qcom/venus/core.h | 41 --- drivers/media/platform/qcom/venus/helpers.c | 60 ++-- drivers/media/platform/qcom/venus/helpers.h | 2 drivers/media/platform/qcom/venus/hfi.c | 18 + drivers/media/platform/qcom/venus/hfi_parser.c | 159 +++++++++--- drivers/media/platform/qcom/venus/hfi_parser.h | 2 drivers/media/platform/qcom/venus/hfi_platform.c | 49 +++ drivers/media/platform/qcom/venus/hfi_platform.h | 61 ++++ drivers/media/platform/qcom/venus/hfi_platform_v4.c | 60 ++++ drivers/media/platform/qcom/venus/hfi_venus.c | 18 + drivers/media/platform/qcom/venus/pm_helpers.c | 12 drivers/media/platform/qcom/venus/vdec.c | 8 drivers/media/platform/qcom/venus/venc.c | 91 ++++-- drivers/media/rc/streamzap.c | 135 ++++------ drivers/media/test-drivers/vim2m.c | 6 drivers/media/v4l2-core/v4l2-dv-timings.c | 4 drivers/mfd/ene-kb3930.c | 2 drivers/misc/mei/hw-me-regs.h | 1 drivers/misc/mei/pci-me.c | 1 drivers/misc/pci_endpoint_test.c | 6 drivers/mtd/inftlcore.c | 9 drivers/mtd/mtdpstore.c | 9 drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2 drivers/mtd/nand/raw/r852.c | 3 drivers/net/dsa/b53/b53_common.c | 10 drivers/net/dsa/mv88e6xxx/chip.c | 25 + drivers/net/ethernet/chelsio/cxgb4/cxgb4_ethtool.c | 1 drivers/net/ethernet/intel/igc/igc_main.c | 1 drivers/net/ethernet/intel/igc/igc_ptp.c | 7 drivers/net/ethernet/mellanox/mlx5/core/en/rep/neigh.c | 15 - drivers/net/ethernet/mellanox/mlx5/core/en/rep/tc.c | 6 drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 33 ++ drivers/net/ethernet/mellanox/mlx5/core/en_tc.h | 3 drivers/net/phy/phy_led_triggers.c | 23 - drivers/net/ppp/ppp_synctty.c | 5 drivers/net/wireless/ath/ath10k/sdio.c | 5 drivers/net/wireless/atmel/at76c50x-usb.c | 2 drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1 drivers/net/wireless/ti/wl1251/tx.c | 4 drivers/ntb/hw/idt/ntb_hw_idt.c | 18 - drivers/ntb/ntb_transport.c | 2 drivers/nvme/host/core.c | 10 drivers/nvme/target/fc.c | 14 - drivers/nvme/target/fcloop.c | 2 drivers/of/irq.c | 13 drivers/pci/controller/pcie-brcmstb.c | 13 drivers/pci/pci.c | 103 ++++--- drivers/pci/probe.c | 58 +++- drivers/pci/remove.c | 7 drivers/perf/arm_pmu.c | 8 drivers/phy/tegra/xusb.c | 2 drivers/pinctrl/qcom/pinctrl-msm.c | 12 drivers/platform/x86/asus-laptop.c | 9 drivers/platform/x86/intel_speed_select_if/isst_if_common.c | 2 drivers/pwm/pwm-fsl-ftm.c | 6 drivers/pwm/pwm-mediatek.c | 20 + drivers/pwm/pwm-rcar.c | 24 - drivers/s390/block/dasd.c | 5 drivers/scsi/lpfc/lpfc_hbadisc.c | 2 drivers/scsi/pm8001/pm8001_sas.c | 1 drivers/scsi/scsi_transport_iscsi.c | 7 drivers/scsi/st.c | 2 drivers/scsi/ufs/ufs_bsg.c | 1 drivers/soc/samsung/Kconfig | 12 drivers/soc/samsung/Makefile | 3 drivers/soc/samsung/exynos-asv.c | 45 --- drivers/soc/samsung/exynos-asv.h | 2 drivers/soc/samsung/exynos-chipid.c | 137 ++++++++-- drivers/soc/ti/omap_prm.c | 2 drivers/spi/spi-cadence-quadspi.c | 6 drivers/staging/comedi/drivers/jr3_pci.c | 15 - drivers/staging/rtl8723bs/core/rtw_mlme.c | 2 drivers/thermal/rockchip_thermal.c | 1 drivers/tty/serial/sifive.c | 6 drivers/usb/cdns3/gadget.c | 2 drivers/usb/core/quirks.c | 9 drivers/usb/dwc3/gadget.c | 6 drivers/usb/gadget/udc/aspeed-vhub/dev.c | 3 drivers/usb/host/max3421-hcd.c | 7 drivers/usb/host/ohci-pci.c | 23 + drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 5 drivers/usb/serial/option.c | 3 drivers/usb/serial/usb-serial-simple.c | 7 drivers/usb/storage/unusual_uas.h | 7 drivers/vdpa/mlx5/core/mr.c | 7 drivers/vfio/pci/vfio_pci.c | 13 drivers/video/backlight/led_bl.c | 5 drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6 drivers/xen/xenfs/xensyms.c | 4 fs/Kconfig | 1 fs/btrfs/super.c | 3 fs/cifs/cifs_debug.c | 6 fs/cifs/cifsglob.h | 9 fs/cifs/cifsproto.h | 7 fs/cifs/connect.c | 2 fs/cifs/smb2misc.c | 11 fs/cifs/smb2ops.c | 48 ++- fs/cifs/smb2pdu.c | 10 fs/cifs/transport.c | 43 +-- fs/ext4/block_validity.c | 5 fs/ext4/inode.c | 76 ++++- fs/ext4/namei.c | 2 fs/ext4/super.c | 19 + fs/ext4/xattr.c | 11 fs/f2fs/node.c | 9 fs/fuse/virtio_fs.c | 3 fs/hfs/bnode.c | 6 fs/hfsplus/bnode.c | 6 fs/isofs/export.c | 2 fs/jbd2/journal.c | 1 fs/jfs/jfs_dmap.c | 12 fs/jfs/jfs_imap.c | 2 fs/namespace.c | 3 fs/nfs/Kconfig | 2 fs/nfs/internal.h | 22 - fs/nfs/nfs4session.h | 4 fs/nfsd/Kconfig | 1 fs/nfsd/nfs4state.c | 2 fs/nfsd/nfsfh.h | 7 fs/proc/array.c | 52 ++- include/linux/backing-dev.h | 1 include/linux/blk-cgroup.h | 1 include/linux/filter.h | 4 include/linux/nfs.h | 13 include/linux/pci.h | 12 include/linux/soc/samsung/exynos-chipid.h | 6 include/net/net_namespace.h | 1 include/net/sctp/structs.h | 3 include/uapi/linux/kfd_ioctl.h | 2 include/xen/interface/xen-mca.h | 2 init/Kconfig | 3 kernel/bpf/helpers.c | 11 kernel/bpf/syscall.c | 17 - kernel/dma/contiguous.c | 3 kernel/locking/lockdep.c | 3 kernel/resource.c | 41 --- kernel/sched/cpufreq_schedutil.c | 18 + kernel/trace/ftrace.c | 1 kernel/trace/trace.h | 4 kernel/trace/trace_events.c | 4 kernel/trace/trace_events_filter.c | 4 kernel/trace/trace_events_hist.c | 7 kernel/trace/trace_events_synth.c | 82 ++++++ kernel/trace/trace_synth.h | 1 lib/sg_split.c | 2 mm/memory.c | 4 mm/vmscan.c | 2 net/8021q/vlan_dev.c | 31 -- net/bluetooth/hci_event.c | 5 net/core/dev.c | 1 net/core/filter.c | 80 +++--- net/core/net_namespace.c | 21 + net/core/page_pool.c | 8 net/ipv4/inet_connection_sock.c | 19 + net/mac80211/iface.c | 3 net/mac80211/mesh_hwmp.c | 14 - net/mptcp/protocol.c | 45 +++ net/mptcp/subflow.c | 15 - net/netfilter/ipvs/ip_vs_ctl.c | 10 net/netfilter/nft_set_pipapo_avx2.c | 3 net/openvswitch/actions.c | 4 net/openvswitch/flow_netlink.c | 3 net/sched/sch_hfsc.c | 23 + net/sctp/socket.c | 22 + net/sctp/transport.c | 2 net/tipc/link.c | 1 net/tipc/monitor.c | 3 net/tls/tls_main.c | 6 sound/pci/hda/hda_intel.c | 15 + sound/soc/codecs/wcd934x.c | 2 sound/soc/qcom/qdsp6/q6asm-dai.c | 19 - sound/usb/midi.c | 80 +++++- tools/objtool/check.c | 3 tools/power/cpupower/bench/parse.c | 4 tools/testing/selftests/mincore/mincore_selftest.c | 3 tools/testing/selftests/ublk/test_stripe_04.sh | 24 + tools/testing/selftests/vm/charge_reserved_hugetlb.sh | 4 tools/testing/selftests/vm/hugetlb_reparenting_test.sh | 2 265 files changed, 2371 insertions(+), 1187 deletions(-) Abdun Nihaal (3): wifi: at76c50x: fix use after free access in at76_disconnect wifi: wl1251: fix memory leak in wl1251_tx_work cxgb4: fix memory leak in cxgb4_init_ethtool_filters() error path Abhinav Kumar (1): drm: allow encoder mode_set even when connectors change for crtc Abhishek Sahu (1): vfio/pci: fix memory leak during D3hot to D0 transition Adam Xue (1): USB: serial: option: add Sierra Wireless EM9291 Al Viro (1): qibfs: fix _another_ leak Alexander Stein (1): usb: host: max3421-hcd: Add missing spi_device_id table Alexander Usyskin (1): mei: me: add panther lake H DID Alexandra Diupina (1): cifs: avoid NULL pointer dereference in dbg call Alexandre Torgue (1): clocksource/drivers/stm32-lptimer: Use wakeup capable instead of init wakeup Alexey Klimov (1): ASoC: qdsp6: q6asm-dai: fix q6asm_dai_compr_set_params error path Andreas Gruenbacher (1): writeback: fix false warning in inode_to_wb() Andrew Wyatt (2): drm: panel-orientation-quirks: Add support for AYANEO 2S drm: panel-orientation-quirks: Add new quirk for GPD Win 2 Andrii Nakryiko (1): bpf: avoid holding freeze_mutex during mmap operation AngeloGioacchino Del Regno (1): drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off Ard Biesheuvel (1): x86/pvh: Call C code via the kernel virtual mapping Arnaud Lecomte (1): net: ppp: Add bound checking for skb data on ppp_sync_txmung Arnd Bergmann (2): dma/contiguous: avoid warning about unused size_bytes ntb: reduce stack usage in idt_scan_mws Arseniy Krasnov (2): Bluetooth: hci_uart: fix race during initialization Bluetooth: hci_uart: Fix another race during initialization Artem Sadovnikov (1): ext4: fix off-by-one error in do_split Ben Dooks (1): bpf: Add endian modifiers to fix endian warnings Bhupesh (1): ext4: ignore xattrs past end Boqun Feng (2): locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() PCI: Introduce domain_nr in pci_host_bridge Chao Yu (1): f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() Chen Hanxiao (1): ipvs: properly dereference pe in ip_vs_add_service Chen-Yu Tsai (1): arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string Chengchang Tang (1): RDMA/hns: Fix wrong maximum DMA segment size Chenyuan Yang (3): mfd: ene-kb3930: Fix a potential NULL pointer dereference soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe() usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() Chris Bainbridge (1): drm/nouveau: prime: fix ttm_bo_delayed_delete oops Chris Wilson (1): drm/i915/gt: Cleanup partial engine discovery failures Christopher S M Hall (2): igc: handle the IGC_PTP_ENABLED flag correctly igc: cleanup PTP module if probe fails Chunguang Xu (1): nvme: avoid double free special payload Colin Ian King (1): media: venus: Fix uninitialized variable count being checked for zero Cong Wang (2): net_sched: hfsc: Fix a UAF vulnerability in class handling net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Craig Hesling (1): USB: serial: simple: add OWON HDS200 series oscilloscope support Dan Carpenter (1): Bluetooth: btrtl: Prevent potential NULL dereference Daniel Golle (1): pwm: mediatek: always use bus clock for PWM on MT7622 Daniel Kral (1): ahci: add PCI ID for Marvell 88SE9215 SATA Controller Daniel Wagner (1): nvmet-fcloop: swap list_add_tail arguments Dapeng Mi (1): perf/x86/intel: Allow to update user space GPRs from PEBS records David Yat Sin (1): drm/amdkfd: clamp queue size to minimum Denis Arefev (4): asus-laptop: Fix an uninitialized variable drm/amd/pm/powerplay: Prevent division by zero drm/amd/pm/powerplay/hwmgr/smu7_thermal: Prevent division by zero drm/amd/pm/powerplay/hwmgr/vega20_thermal: Prevent division by zero Douglas Anderson (3): arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD arm64: cputype: Add MIDR_CORTEX_A76AE arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list Douglas Raillard (1): tracing: Fix synth event printk format for str fields Duoming Zhou (1): drivers: staging: rtl8723bs: Fix deadlock in rtw_surveydone_event_callback() Edward Adam Davis (3): jfs: Prevent copying of nlink with value 0 from disk inode jfs: add sanity check for agwidth in dbMount isofs: Prevent the use of too small fid Enzo Matsumiya (2): smb: client: fix UAF in async decryption cifs: print TIDs as hex Eric Biggers (2): ext4: reject casefold inode flag without casefold feature nfs: add missing selections of CONFIG_CRC32 Eric Dumazet (1): net: defer final 'struct net' free in netns dismantle Fabien Parent (1): pwm: mediatek: Always use bus clock Fedor Pchelkin (1): ntb: use 64-bit arithmetic for the MSI doorbell mask Felix Huettner (1): net: openvswitch: fix race on port output Florian Westphal (1): nft_set_pipapo: fix incorrect avx2 match of 5th field octet Frode Isaksen (1): usb: dwc3: gadget: check that event count does not exceed event buffer length Gabriele Paoloni (1): tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER Gang Yan (1): mptcp: fix NULL pointer in can_accept_new_subflow Gavrilov Ilia (1): wifi: mac80211: fix integer overflow in hwmp_route_info_get() Geert Uytterhoeven (1): pwm: rcar: Simplify multiplication/shift logic Greg Kroah-Hartman (1): Linux 5.10.237 Gregory CLEMENT (1): MIPS: cm: Detect CM quirks from device tree Guixin Liu (1): scsi: ufs: bsg: Set bsg_queue to NULL after removal Halil Pasic (1): virtio_console: fix missing byte order handling for cols and rows Hannes Reinecke (4): ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining ones nvme: requeue namespace scan on missed AENs nvme: re-read ANA log page after ns scan completes nvme: fixup scan failure for non-ANA multipath controllers Hans de Goede (1): drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() Haoxiang Li (1): mcb: fix a double free bug in chameleon_parse_gdd() Heiko Stuebner (1): clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() Henry Martin (2): ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Herbert Xu (2): crypto: caam/qi - Fix drv_ctx refcount bug crypto: null - Use spin lock instead of mutex Hersen Wu (1): drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links Herve Codina (1): backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Hou Tao (1): bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers Huacai Chen (1): USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) Ian Abbott (1): comedi: jr3_pci: Fix synchronous deletion of timer Icenowy Zheng (1): wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table Igor Pylypiv (1): scsi: pm80xx: Set phy_attached to zero when device is gone Ilya Maximets (2): net: openvswitch: fix nested key length validation in the set() action openvswitch: fix lockup on tx to unregistering netdev with carrier Jakub Kicinski (1): net: tls: explicitly disallow disconnect Jan Beulich (1): xenfs/xensyms: respect hypervisor's "next" indication Jan Kara (1): jbd2: remove wrong sb->s_sequence check Jann Horn (1): ext4: don't treat fhandle lookup of ea_inode as FS corruption Jason Xing (1): page_pool: avoid infinite loop to schedule delayed worker Jean-Marc Eurin (1): ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls Jeff Layton (1): nfs: move nfs_fhandle_hash to common include file Jiasheng Jiang (1): mtd: Replace kcalloc() with devm_kcalloc() Johannes Berg (1): Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Johannes Kimmel (1): btrfs: correctly escape subvol in btrfs_show_options() Jonas Gorski (1): net: b53: enable BPDU reception for management port Jonathan Cameron (1): iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check Josh Poimboeuf (5): pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() objtool: Stop UNRET validation on UD2 x86/bugs: Use SBPB in write_ibpb() if applicable x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline Kai Mäkisara (1): scsi: st: Fix array overflow in st_setup() Kai-Heng Feng (1): PCI: Coalesce host bridge contiguous apertures Kaixin Wang (1): HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition Kamal Dasu (1): mtd: rawnand: brcmnand: fix PM resume warning Kan Liang (2): perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR perf/x86/intel/uncore: Fix the scale of IIO free running counters on ICX Kang Yang (1): wifi: ath10k: avoid NULL pointer error during sdio remove Karina Yankevich (1): media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() Kees Cook (1): xen/mcelog: Add __nonstring annotations for unterminated strings Kirill A. Shutemov (1): mm: fix apply_to_existing_page_range() Krzysztof Kozlowski (5): gpio: zynq: Fix wakeup source leaks on device unbind soc: samsung: exynos-chipid: initialize later - with arch_initcall soc: samsung: exynos-chipid: convert to driver and merge exynos-asv soc: samsung: exynos-chipid: avoid soc_device_to_device() soc: samsung: exynos-chipid: correct helpers __init annotation Kunihiko Hayashi (3): misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type Kuniyuki Iwashima (1): tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Kunwu Chan (1): pmdomain: ti: Add a null pointer check to the omap_prm_domain_init Lee Jones (1): drm/amd/amdgpu/amdgpu_vram_mgr: Add missing descriptions for 'dev' and 'dir' Leonid Arapov (1): fbdev: omapfb: Add 'plane' value check Li Lingfeng (1): nfsd: decrease sc_count directly if fail to queue dl_recall Li Nan (1): blk-iocost: do not WARN if iocg was already offlined Luca Ceresoli (1): drm/bridge: panel: forbid initializing a panel with unknown connector type Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address Ma Ke (2): PCI: Fix reference leak in pci_alloc_child_bus() PCI: Fix reference leak in pci_register_host_bridge() Manjunatha Venkatesh (1): i3c: Add NULL pointer check in i3c_master_queue_ibi() Marek Behún (3): net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family net: dsa: mv88e6xxx: fix VTU methods for 6320 family crypto: atmel-sha204a - Set hwrng quality to lowest possible Mark Brown (1): selftests/mm: generate a temporary mountpoint for cgroup filesystem Mark Rutland (1): perf: arm_pmu: Don't disable counter in armpmu_add() Mathieu Desnoyers (1): mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock Matthew Auld (1): drm/amdgpu/dma_buf: fix page_link check Matthew Majewski (1): media: vim2m: print device name after registering device Matthieu Baerts (NGI0) (2): mptcp: only inc MPJoinAckHMacFailure for HMAC failures mptcp: sockopt: fix getting IPV6_V6ONLY Max Grobecker (1): x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine Maxim Mikityanskiy (1): ALSA: hda: intel: Fix Optimus when GPU has no sound Meir Elisha (1): md/raid1: Add check for missing source disk in process_checks() Miao Li (2): usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive Miaohe Lin (1): kernel/resource: fix kfree() of bootmem memory again Miaoqian Lin (2): scsi: iscsi: Fix missing scsi_host_put() in error path phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function Michael Ehrenreich (1): USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe Mikulas Patocka (1): dm-integrity: set ti->error on memory allocation failure Ming Lei (1): selftests: ublk: fix test_stripe_04 Ming-Hung Tsai (1): dm cache: fix flushing uninitialized delayed_work on cache_ctr error Miquel Raynal (1): spi: cadence-qspi: Fix probe on AM62A LP SK Miroslav Franc (1): s390/dasd: fix double module refcount decrement Murad Masimov (2): media: streamzap: prevent processing IR data on URB failure media: streamzap: fix race between device disconnection and urb callback Myrrh Periwinkle (1): x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() Nathan Chancellor (2): riscv: Avoid fortify warning in syscall_get_arguments() kbuild: Add '-fno-builtin-wcslen' Nathan Lynch (1): powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Nikita Zhandarovich (1): drm/repaper: fix integer overflows in repeat functions Niklas Cassel (1): ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode Niklas Söderlund (1): media: i2c: adv748x: Fix test pattern selection mask Ojaswin Mujoo (2): ext4: protect ext4_release_dquot against freezing ext4: make block validity check resistent to sb bh corruption Oleg Nesterov (2): fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP Oliver Neukum (2): USB: storage: quirk for ADATA Portable HDD CH94 USB: VLI disk crashes if LPM is used Pali Rohár (1): PCI: Assign PCI domain IDs by ida_alloc() Paulo Alcantara (5): smb: client: fix potential UAF in cifs_debug_files_proc_show() smb: client: fix use-after-free bug in cifs_debug_data_proc_show() smb: client: fix potential deadlock when releasing mids smb: client: fix potential UAF in cifs_stats_proc_show() smb: client: fix NULL ptr deref in crypto_aead_setkey() Pei Li (1): jfs: Fix shift-out-of-bounds in dbDiscardAG Philip Yang (1): drm/amdkfd: Fix pqm_destroy_queue race with GPU reset Qingfang Deng (1): net: phy: leds: fix memory leak Qiuxu Zhuo (1): selftests/mincore: Allow read-ahead pages to reach the end of the file Rafael J. Wysocki (2): cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS cpufreq: Reference count policy in cpufreq_update_limits() Ralph Siemsen (1): usb: cdns3: Fix deadlock when using NCM gadget Ramesh Errabolu (1): drm/amdgpu: Remove amdgpu_device arg from free_sgt api (v2) Rand Deeb (2): fs/jfs: cast inactags to s64 to prevent potential overflow fs/jfs: Prevent integer overflow in AG size calculation Remi Pommarel (2): wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() wifi: mac80211: Purge vif txq in ieee80211_do_stop() Ricard Wanderlof (1): ALSA: usb-audio: Fix CME quirk for UF series keyboards Ricardo Cañuelo Navarro (1): sctp: detect and prevent references to a freed transport in sendmsg Rob Herring (1): PCI: Fix use-after-free in pci_bus_release_domain_nr() Rolf Eike Beer (1): drm/sti: remove duplicate object names Ryan Roberts (1): sparc/mm: disable preemption in lazy mmu mode Ryo Takakura (1): serial: sifive: lock port in startup()/shutdown() callbacks Sakari Ailus (2): media: i2c: ov7251: Set enable GPIO low in probe media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO Sam Protsenko (1): soc: samsung: exynos-chipid: Pass revision reg offsets Sean Christopherson (3): iommu/amd: Return an error if vCPU affinity is set for non-vCPU IRTE KVM: SVM: Allocate IR data using atomic allocation KVM: x86: Reset IRTE to host control if *new* route isn't postable Sean Young (4): media: streamzap: remove unnecessary ir_raw_event_reset and handle media: streamzap: no need for usb pid/vid in device name media: streamzap: less chatter media: streamzap: remove unused struct members Sebastian Andrzej Siewior (1): xdp: Reset bpf_redirect_info before running a xdp's BPF prog. Sergiu Cuciurean (1): iio: adc: ad7768-1: Fix conversion result sign Shay Drory (1): RDMA/core: Silence oversized kvmalloc() warning Si-Wei Liu (1): vdpa/mlx5: Fix oversized null mkey longer than 32bit Srinivas Pandruvada (1): platform/x86: ISST: Correct command storage data length Srinivasan Shanmugam (1): drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' Stanimir Varbanov (10): PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() media: venus: venc: Init the session only once in queue_setup media: venus: Limit HFI sessions to the maximum supported media: venus: hfi: Correct session init return error media: venus: pm_helpers: Check instance state when calculate instance frequency media: venus: Create hfi platform and move vpp/vsp there media: venus: Rename venus_caps to hfi_plat_caps media: venus: hfi_plat: Add codecs and capabilities ops media: venus: Get codecs and capabilities from hfi platform media: venus: hfi_parser: Check for instance after hfi platform get Stanislav Fomichev (1): net: vlan: don't propagate flags on open Stephan Gerhold (1): pinctrl: qcom: Clear latched interrupt status when changing IRQ type Steven Rostedt (1): tracing: Fix filter string testing Steven Rostedt (Google) (1): tracing: Allow synthetic events to pass around stacktraces T Pratham (1): lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets Thadeu Lima de Souza Cascardo (1): i2c: cros-ec-tunnel: defer probe if parent EC is not present Thomas Bogendoerfer (1): MIPS: cm: Fix warning if MIPS_CM is disabled Thomas Weißschuh (1): KVM: s390: Don't use %pK through tracepoints Thorsten Leemhuis (1): module: sign with sha512 instead of sha1 by default Tom Lendacky (1): crypto: ccp - Fix check for the primary ASP device Tomasz Pakuła (3): HID: pidff: Convert infinite length from Linux API to PID standard HID: pidff: Do not send effect envelope if it's empty HID: pidff: Fix null pointer dereference in pidff_find_fields Trevor Woerner (1): thermal/drivers/rockchip: Add missing rk3328 mapping entry Trond Myklebust (1): umount: Allow superblock owners to force umount Tung Nguyen (2): tipc: fix memory leak in tipc_link_xmit tipc: fix NULL pointer dereference in tipc_mon_reinit_self() Tuo Li (1): scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() Uwe Kleine-König (2): pwm: rcar: Improve register calculation pwm: fsl-ftm: Handle clk_get_rate() returning 0 Vasiliy Kovalev (1): hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Vikash Garodia (4): media: venus: hfi: add a check to handle OOB in sfr region media: venus: hfi: add check to handle incorrect queue size media: venus: hfi_parser: add check to avoid out of bound access media: venus: hfi_parser: refactor hfi packet parsing logic Vinicius Costa Gomes (1): dmaengine: dmatest: Fix dmatest waiting less when interrupted Vlad Buslov (1): net/mlx5e: Fix use-after-free of encap entry in neigh update handler WangYuli (6): riscv: KGDB: Do not inline arch_kgdb_breakpoint() riscv: KGDB: Remove ".option norvc/.option rvc" for kgdb_compiled_break nvmet-fc: Remove unused functions MIPS: dec: Declare which_prom() as static MIPS: cevt-ds1287: Add missing ds1287.h include MIPS: ds1287: Match ds1287_set_base_clock() function types Wentao Liang (3): ata: sata_sx4: Add error handling in pdc20621_i2c_read() mtd: inftlcore: Add error check for inftl_read_oob() mtd: rawnand: Add status chack in r852_ready() Willem de Bruijn (1): bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags Xiangsheng Hou (1): virtiofs: add filesystem context source name check Xiaogang Chen (1): udmabuf: fix a buf size overflow issue during udmabuf creation Xiaxi Shen (1): ext4: fix timer use-after-free on failed mount Yu Kuai (1): blk-cgroup: support to track if policy is online Yu-Chun Lin (1): parisc: PDT: Fix missing prototype warning Yuan Can (1): media: siano: Fix error handling in smsdvb_module_init() Yue Haibing (1): RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() Zhang Xiaoxu (1): cifs: Fix UAF in cifs_demultiplex_thread() Zhongqiu Han (1): pm: cpupower: bench: Prevent NULL dereference on malloc failure Zijun Hu (3): of/irq: Fix device node refcount leakages in of_irq_count() of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() of/irq: Fix device node refcount leakages in of_irq_init() zhoumin (1): ftrace: Add cond_resched() to ftrace_graph_set_hash()

7 months, 1 week

1
1
0 0

Linux 5.4.293

by Greg Kroah-Hartman

I'm announcing the release of the 5.4.293 kernel. All users of the 5.4 kernel series must upgrade. The updated 5.4.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.4.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ Makefile | 5 arch/arm64/boot/dts/mediatek/mt8173.dtsi | 6 arch/arm64/include/asm/cputype.h | 2 arch/mips/dec/prom/init.c | 2 arch/mips/include/asm/ds1287.h | 2 arch/mips/include/asm/mips-cm.h | 22 ++ arch/mips/kernel/cevt-ds1287.c | 1 arch/mips/kernel/mips-cm.c | 14 + arch/parisc/kernel/pdt.c | 2 arch/powerpc/kernel/Makefile | 1 arch/riscv/include/asm/syscall.h | 7 arch/s390/kvm/trace-s390.h | 4 arch/sparc/mm/tlb.c | 5 arch/x86/events/intel/ds.c | 8 arch/x86/events/intel/uncore_snbep.c | 16 - arch/x86/kernel/cpu/amd.c | 2 arch/x86/kernel/cpu/bugs.c | 8 arch/x86/kernel/e820.c | 17 - crypto/crypto_null.c | 39 ++- drivers/acpi/pptt.c | 4 drivers/ata/ahci.c | 2 drivers/ata/libata-eh.c | 11 - drivers/ata/pata_pxa.c | 6 drivers/ata/sata_sx4.c | 118 ++++-------- drivers/bluetooth/btrtl.c | 2 drivers/bluetooth/hci_ldisc.c | 19 + drivers/bluetooth/hci_uart.h | 1 drivers/char/virtio_console.c | 7 drivers/clk/clk.c | 4 drivers/cpufreq/cpufreq.c | 8 drivers/cpufreq/scpi-cpufreq.c | 13 + drivers/crypto/atmel-sha204a.c | 7 drivers/crypto/ccp/sp-pci.c | 15 - drivers/dma-buf/udmabuf.c | 2 drivers/dma/dmatest.c | 6 drivers/gpio/gpio-zynq.c | 1 drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 10 + drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 2 drivers/gpu/drm/amd/powerplay/hwmgr/vega20_thermal.c | 2 drivers/gpu/drm/drm_atomic_helper.c | 2 drivers/gpu/drm/drm_panel_orientation_quirks.c | 10 - drivers/gpu/drm/mediatek/mtk_dpi.c | 9 drivers/gpu/drm/nouveau/nouveau_bo.c | 3 drivers/gpu/drm/nouveau/nouveau_gem.c | 3 drivers/gpu/drm/sti/Makefile | 2 drivers/gpu/drm/tiny/repaper.c | 4 drivers/hid/usbhid/hid-pidff.c | 60 ++++-- drivers/hsi/clients/ssi_protocol.c | 1 drivers/i2c/busses/i2c-cros-ec-tunnel.c | 3 drivers/i3c/master.c | 3 drivers/iio/adc/ad7768-1.c | 5 drivers/infiniband/hw/qib/qib_fs.c | 1 drivers/infiniband/hw/usnic/usnic_ib_main.c | 14 - drivers/infiniband/ulp/srpt/ib_srpt.c | 8 drivers/mcb/mcb-parse.c | 2 drivers/md/dm-integrity.c | 3 drivers/md/raid1.c | 26 +- drivers/media/common/siano/smsdvb-main.c | 2 drivers/media/i2c/adv748x/adv748x.h | 2 drivers/media/i2c/ov7251.c | 4 drivers/media/platform/qcom/venus/hfi_parser.c | 2 drivers/media/platform/qcom/venus/hfi_venus.c | 18 + drivers/media/platform/vim2m.c | 6 drivers/media/rc/streamzap.c | 68 +++--- drivers/media/v4l2-core/v4l2-dv-timings.c | 4 drivers/misc/pci_endpoint_test.c | 36 ++- drivers/mmc/host/cqhci.c | 2 drivers/mtd/inftlcore.c | 9 drivers/mtd/nand/raw/brcmnand/brcmnand.c | 2 drivers/mtd/nand/raw/r852.c | 3 drivers/net/dsa/b53/b53_common.c | 10 + drivers/net/dsa/mv88e6xxx/chip.c | 25 ++ drivers/net/phy/phy_led_triggers.c | 23 +- drivers/net/ppp/ppp_synctty.c | 5 drivers/net/virtio_net.c | 22 +- drivers/net/wireless/atmel/at76c50x-usb.c | 2 drivers/net/wireless/mediatek/mt76/mt76x2/usb.c | 1 drivers/net/wireless/ti/wl1251/tx.c | 4 drivers/ntb/hw/idt/ntb_hw_idt.c | 18 - drivers/ntb/ntb_transport.c | 2 drivers/nvme/target/fc.c | 14 - drivers/of/irq.c | 13 + drivers/pci/probe.c | 5 drivers/perf/arm_pmu.c | 8 drivers/platform/x86/asus-laptop.c | 9 drivers/platform/x86/intel_speed_select_if/isst_if_common.c | 2 drivers/pwm/pwm-fsl-ftm.c | 6 drivers/pwm/pwm-mediatek.c | 20 +- drivers/scsi/pm8001/pm8001_sas.c | 1 drivers/scsi/scsi_transport_iscsi.c | 7 drivers/scsi/st.c | 2 drivers/staging/comedi/drivers/jr3_pci.c | 15 + drivers/thermal/rockchip_thermal.c | 1 drivers/tty/serial/sifive.c | 6 drivers/usb/cdns3/gadget.c | 2 drivers/usb/core/quirks.c | 9 drivers/usb/dwc3/core.c | 11 - drivers/usb/dwc3/gadget.c | 6 drivers/usb/gadget/udc/aspeed-vhub/dev.c | 3 drivers/usb/host/max3421-hcd.c | 7 drivers/usb/host/ohci-pci.c | 23 ++ drivers/usb/serial/ftdi_sio.c | 2 drivers/usb/serial/ftdi_sio_ids.h | 5 drivers/usb/serial/option.c | 3 drivers/usb/serial/usb-serial-simple.c | 7 drivers/usb/storage/unusual_uas.h | 7 drivers/video/fbdev/omap2/omapfb/dss/dispc.c | 6 drivers/xen/xenfs/xensyms.c | 4 fs/Kconfig | 1 fs/btrfs/super.c | 3 fs/ext4/dir.c | 12 - fs/ext4/inode.c | 69 +++++-- fs/ext4/namei.c | 2 fs/ext4/super.c | 61 +++--- fs/ext4/xattr.c | 11 + fs/fuse/virtio_fs.c | 3 fs/hfs/bnode.c | 6 fs/hfsplus/bnode.c | 6 fs/isofs/export.c | 2 fs/jbd2/journal.c | 1 fs/jfs/jfs_dmap.c | 10 - fs/jfs/jfs_imap.c | 2 fs/nfs/Kconfig | 2 fs/nfs/internal.h | 22 -- fs/nfs/nfs4session.h | 4 fs/nfsd/Kconfig | 1 fs/nfsd/nfsfh.h | 12 - include/linux/backing-dev.h | 1 include/linux/nfs.h | 13 + include/linux/pci.h | 4 include/net/sctp/structs.h | 3 include/uapi/linux/kfd_ioctl.h | 2 include/uapi/linux/pcitest.h | 3 include/xen/interface/xen-mca.h | 2 init/Kconfig | 3 kernel/locking/lockdep.c | 3 kernel/trace/ftrace.c | 1 kernel/trace/trace_events.c | 4 lib/sg_split.c | 2 mm/vmscan.c | 2 net/8021q/vlan_dev.c | 31 --- net/bluetooth/hci_event.c | 5 net/core/dev.c | 1 net/core/filter.c | 80 ++++---- net/core/page_pool.c | 8 net/ipv4/inet_connection_sock.c | 19 + net/mac80211/iface.c | 3 net/mac80211/mesh_hwmp.c | 14 + net/openvswitch/actions.c | 4 net/openvswitch/flow_netlink.c | 3 net/sched/sch_hfsc.c | 23 +- net/sctp/socket.c | 22 +- net/sctp/transport.c | 2 net/tipc/link.c | 1 net/tipc/monitor.c | 3 sound/pci/hda/hda_intel.c | 15 + sound/usb/midi.c | 80 +++++++- tools/power/cpupower/bench/parse.c | 4 tools/testing/selftests/ublk/test_stripe_04.sh | 24 ++ 159 files changed, 1106 insertions(+), 545 deletions(-) Abdun Nihaal (2): wifi: at76c50x: fix use after free access in at76_disconnect wifi: wl1251: fix memory leak in wl1251_tx_work Abhinav Kumar (1): drm: allow encoder mode_set even when connectors change for crtc Acs, Jakub (1): ext4: fix OOB read when checking dotdot dir Adam Xue (1): USB: serial: option: add Sierra Wireless EM9291 Al Viro (1): qibfs: fix _another_ leak Alexander Stein (1): usb: host: max3421-hcd: Add missing spi_device_id table Andreas Gruenbacher (1): writeback: fix false warning in inode_to_wb() Andrew Wyatt (2): drm: panel-orientation-quirks: Add support for AYANEO 2S drm: panel-orientation-quirks: Add new quirk for GPD Win 2 AngeloGioacchino Del Regno (1): drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off Arnaud Lecomte (1): net: ppp: Add bound checking for skb data on ppp_sync_txmung Arnd Bergmann (1): ntb: reduce stack usage in idt_scan_mws Arseniy Krasnov (2): Bluetooth: hci_uart: fix race during initialization Bluetooth: hci_uart: Fix another race during initialization Artem Sadovnikov (1): ext4: fix off-by-one error in do_split Bart Van Assche (1): RDMA/srpt: Support specifying the srpt_service_guid parameter Ben Dooks (1): bpf: Add endian modifiers to fix endian warnings Bhupesh (1): ext4: ignore xattrs past end Bjorn Helgaas (1): PCI: Rename PCI_IRQ_LEGACY to PCI_IRQ_INTX Boqun Feng (1): locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() Chen-Yu Tsai (1): arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string Chengguang Xu (1): ext4: code cleanup for ext4_statfs_project() Chenyuan Yang (1): usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() Chris Bainbridge (1): drm/nouveau: prime: fix ttm_bo_delayed_delete oops Chuck Lever (1): NFSD: Constify @fh argument of knfsd_fh_hash() Cong Wang (2): net_sched: hfsc: Fix a UAF vulnerability in class handling net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Craig Hesling (1): USB: serial: simple: add OWON HDS200 series oscilloscope support Damien Le Moal (1): misc: pci_endpoint_test: Use INTX instead of LEGACY Dan Carpenter (1): Bluetooth: btrtl: Prevent potential NULL dereference Daniel Golle (1): pwm: mediatek: always use bus clock for PWM on MT7622 Daniel Kral (1): ahci: add PCI ID for Marvell 88SE9215 SATA Controller Dapeng Mi (1): perf/x86/intel: Allow to update user space GPRs from PEBS records David Yat Sin (1): drm/amdkfd: clamp queue size to minimum Denis Arefev (2): asus-laptop: Fix an uninitialized variable drm/amd/pm: Prevent division by zero Douglas Anderson (1): arm64: cputype: Add MIDR_CORTEX_A76AE Edward Adam Davis (3): jfs: Prevent copying of nlink with value 0 from disk inode jfs: add sanity check for agwidth in dbMount isofs: Prevent the use of too small fid Eric Biggers (2): ext4: reject casefold inode flag without casefold feature nfs: add missing selections of CONFIG_CRC32 Fabien Parent (1): pwm: mediatek: Always use bus clock Fedor Pchelkin (1): ntb: use 64-bit arithmetic for the MSI doorbell mask Felix Huettner (1): net: openvswitch: fix race on port output Frode Isaksen (1): usb: dwc3: gadget: check that event count does not exceed event buffer length Gabriele Paoloni (1): tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER Gavrilov Ilia (1): wifi: mac80211: fix integer overflow in hwmp_route_info_get() Greg Kroah-Hartman (1): Linux 5.4.293 Gregory CLEMENT (1): MIPS: cm: Detect CM quirks from device tree Halil Pasic (1): virtio_console: fix missing byte order handling for cols and rows Hannes Reinecke (1): ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining ones Haoxiang Li (1): mcb: fix a double free bug in chameleon_parse_gdd() Heiko Stuebner (1): clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() Henry Martin (2): ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() Herbert Xu (1): crypto: null - Use spin lock instead of mutex Huacai Chen (1): USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) Ian Abbott (1): comedi: jr3_pci: Fix synchronous deletion of timer Icenowy Zheng (1): wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table Igor Pylypiv (1): scsi: pm80xx: Set phy_attached to zero when device is gone Ilya Maximets (2): net: openvswitch: fix nested key length validation in the set() action openvswitch: fix lockup on tx to unregistering netdev with carrier Jan Beulich (1): xenfs/xensyms: respect hypervisor's "next" indication Jan Kara (2): jbd2: remove wrong sb->s_sequence check ext4: simplify checking quota limits in ext4_statfs() Jann Horn (1): ext4: don't treat fhandle lookup of ea_inode as FS corruption Jason Xing (1): page_pool: avoid infinite loop to schedule delayed worker Jean-Marc Eurin (1): ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls Jeff Layton (1): nfs: move nfs_fhandle_hash to common include file Johannes Berg (1): Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Johannes Kimmel (1): btrfs: correctly escape subvol in btrfs_show_options() Jonas Gorski (1): net: b53: enable BPDU reception for management port Jonathan Cameron (1): iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check Josh Poimboeuf (2): pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline Kai Mäkisara (1): scsi: st: Fix array overflow in st_setup() Kaixin Wang (1): HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition Kamal Dasu (1): mtd: rawnand: brcmnand: fix PM resume warning Kan Liang (1): perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR Karina Yankevich (1): media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() Kees Cook (1): xen/mcelog: Add __nonstring annotations for unterminated strings Krzysztof Kozlowski (1): gpio: zynq: Fix wakeup source leaks on device unbind Kunihiko Hayashi (3): misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error Kuniyuki Iwashima (1): tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Leonid Arapov (1): fbdev: omapfb: Add 'plane' value check Luiz Augusto von Dentz (1): Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address Ma Ke (1): PCI: Fix reference leak in pci_alloc_child_bus() Manjunatha Venkatesh (1): i3c: Add NULL pointer check in i3c_master_queue_ibi() Marek Behún (3): net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family net: dsa: mv88e6xxx: fix VTU methods for 6320 family crypto: atmel-sha204a - Set hwrng quality to lowest possible Mark Rutland (1): perf: arm_pmu: Don't disable counter in armpmu_add() Martin Kepplinger (1): usb: dwc3: support continuous runtime PM with dual role Mathieu Desnoyers (1): mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock Matthew Majewski (1): media: vim2m: print device name after registering device Max Grobecker (1): x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine Maxim Mikityanskiy (1): ALSA: hda: intel: Fix Optimus when GPU has no sound Meir Elisha (1): md/raid1: Add check for missing source disk in process_checks() Miao Li (2): usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive Miaoqian Lin (1): scsi: iscsi: Fix missing scsi_host_put() in error path Michael Ehrenreich (1): USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe Mikulas Patocka (1): dm-integrity: set ti->error on memory allocation failure Ming Lei (1): selftests: ublk: fix test_stripe_04 Murad Masimov (1): media: streamzap: prevent processing IR data on URB failure Myrrh Periwinkle (1): x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() Nathan Chancellor (3): riscv: Avoid fortify warning in syscall_get_arguments() kbuild: Add '-fno-builtin-wcslen' powerpc/prom_init: Use -ffreestanding to avoid a reference to bcmp Nikita Zhandarovich (1): drm/repaper: fix integer overflows in repeat functions Niklas Cassel (1): ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode Niklas Söderlund (1): media: i2c: adv748x: Fix test pattern selection mask Ojaswin Mujoo (1): ext4: protect ext4_release_dquot against freezing Oleg Nesterov (1): sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP Oliver Neukum (2): USB: storage: quirk for ADATA Portable HDD CH94 USB: VLI disk crashes if LPM is used Philip Yang (1): drm/amdkfd: Fix pqm_destroy_queue race with GPU reset Qingfang Deng (1): net: phy: leds: fix memory leak Rafael J. Wysocki (1): cpufreq: Reference count policy in cpufreq_update_limits() Ralph Siemsen (1): usb: cdns3: Fix deadlock when using NCM gadget Rand Deeb (2): fs/jfs: cast inactags to s64 to prevent potential overflow fs/jfs: Prevent integer overflow in AG size calculation Remi Pommarel (2): wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() wifi: mac80211: Purge vif txq in ieee80211_do_stop() Ricard Wanderlof (1): ALSA: usb-audio: Fix CME quirk for UF series keyboards Ricardo Cañuelo Navarro (1): sctp: detect and prevent references to a freed transport in sendmsg Rolf Eike Beer (1): drm/sti: remove duplicate object names Ryan Roberts (1): sparc/mm: disable preemption in lazy mmu mode Ryo Takakura (1): serial: sifive: lock port in startup()/shutdown() callbacks Sakari Ailus (2): media: i2c: ov7251: Set enable GPIO low in probe media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO Sergiu Cuciurean (1): iio: adc: ad7768-1: Fix conversion result sign Seunghwan Baek (1): mmc: cqhci: Fix checking of CQHCI_HALT state Srinivas Pandruvada (1): platform/x86: ISST: Correct command storage data length Stanislav Fomichev (1): net: vlan: don't propagate flags on open T Pratham (1): lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets Thadeu Lima de Souza Cascardo (1): i2c: cros-ec-tunnel: defer probe if parent EC is not present Theodore Ts'o (2): ext4: don't over-report free space or inodes in statvfs ext4: optimize __ext4_check_dir_entry() Thomas Bogendoerfer (1): MIPS: cm: Fix warning if MIPS_CM is disabled Thomas Weißschuh (1): KVM: s390: Don't use %pK through tracepoints Thorsten Leemhuis (1): module: sign with sha512 instead of sha1 by default Tom Lendacky (1): crypto: ccp - Fix check for the primary ASP device Tomasz Pakuła (3): HID: pidff: Convert infinite length from Linux API to PID standard HID: pidff: Do not send effect envelope if it's empty HID: pidff: Fix null pointer dereference in pidff_find_fields Trevor Woerner (1): thermal/drivers/rockchip: Add missing rk3328 mapping entry Tung Nguyen (2): tipc: fix memory leak in tipc_link_xmit tipc: fix NULL pointer dereference in tipc_mon_reinit_self() Uwe Kleine-König (1): pwm: fsl-ftm: Handle clk_get_rate() returning 0 Vasiliy Kovalev (1): hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key Vikash Garodia (3): media: venus: hfi: add a check to handle OOB in sfr region media: venus: hfi: add check to handle incorrect queue size media: venus: hfi_parser: add check to avoid out of bound access Vinicius Costa Gomes (1): dmaengine: dmatest: Fix dmatest waiting less when interrupted WangYuli (4): nvmet-fc: Remove unused functions MIPS: dec: Declare which_prom() as static MIPS: cevt-ds1287: Add missing ds1287.h include MIPS: ds1287: Match ds1287_set_base_clock() function types Wentao Liang (3): ata: sata_sx4: Add error handling in pdc20621_i2c_read() mtd: inftlcore: Add error check for inftl_read_oob() mtd: rawnand: Add status chack in r852_ready() Willem de Bruijn (1): bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags Xiangsheng Hou (1): virtiofs: add filesystem context source name check Xiaogang Chen (1): udmabuf: fix a buf size overflow issue during udmabuf creation Xie Yongji (1): virtio-net: Add validation for used length Yu-Chun Lin (1): parisc: PDT: Fix missing prototype warning Yuan Can (1): media: siano: Fix error handling in smsdvb_module_init() Yue Haibing (1): RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() Zhongqiu Han (1): pm: cpupower: bench: Prevent NULL dereference on malloc failure Zijun Hu (3): of/irq: Fix device node refcount leakages in of_irq_count() of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() of/irq: Fix device node refcount leakages in of_irq_init() zhoumin (1): ftrace: Add cond_resched() to ftrace_graph_set_hash()

7 months, 1 week

1
1
0 0

[PATCH] iio: accel: fxls8962af: Fix temperature calculation

by Sean Nyekjaer

According to spec temperature should be returned in milli degrees Celsius. Add in_temp_scale to calculate from Celsius to milli Celsius. Fixes: a3e0b51884ee ("iio: accel: add support for FXLS8962AF/FXLS8964AF accelerometers") Cc: stable(a)vger.kernel.org Signed-off-by: Sean Nyekjaer <sean(a)geanix.com> --- drivers/iio/accel/fxls8962af-core.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/drivers/iio/accel/fxls8962af-core.c b/drivers/iio/accel/fxls8962af-core.c index bf1d3923a181798a1c884ee08b62d86ab5aed26f..30f08160eecdd1f9574c86baeeb17cc0ef1e7c60 100644 --- a/drivers/iio/accel/fxls8962af-core.c +++ b/drivers/iio/accel/fxls8962af-core.c @@ -133,7 +133,9 @@ #define FXLS8967AF_DEVICE_ID 0x87 /* Raw temp channel offset */ -#define FXLS8962AF_TEMP_CENTER_VAL 25 +#define FXLS8962AF_TEMP_CENTER_VAL 25000 +/* Raw temp channel scale */ +#define FXLS8962AF_TEMP_SCALE 1000 #define FXLS8962AF_AUTO_SUSPEND_DELAY_MS 2000 @@ -439,8 +441,16 @@ static int fxls8962af_read_raw(struct iio_dev *indio_dev, *val = FXLS8962AF_TEMP_CENTER_VAL; return IIO_VAL_INT; case IIO_CHAN_INFO_SCALE: - *val = 0; - return fxls8962af_read_full_scale(data, val2); + switch (chan->type) { + case IIO_TEMP: + *val = FXLS8962AF_TEMP_SCALE; + return IIO_VAL_INT; + case IIO_ACCEL: + *val = 0; + return fxls8962af_read_full_scale(data, val2); + default: + return -EINVAL; + } case IIO_CHAN_INFO_SAMP_FREQ: return fxls8962af_read_samp_freq(data, val, val2); default: @@ -736,6 +746,7 @@ static const struct iio_event_spec fxls8962af_event[] = { .type = IIO_TEMP, \ .address = FXLS8962AF_TEMP_OUT, \ .info_mask_separate = BIT(IIO_CHAN_INFO_RAW) | \ + BIT(IIO_CHAN_INFO_SCALE) | \ BIT(IIO_CHAN_INFO_OFFSET),\ .scan_index = -1, \ .scan_type = { \ --- base-commit: 609bc31eca06c7408e6860d8b46311ebe45c1fef change-id: 20250501-fxls-307ef3d6d065 Best regards, -- Sean Nyekjaer <sean(a)geanix.com>

7 months, 1 week

2
2
0 0

Please backport 980a573621ea to 6.12, 6.14

by Dionna Amalie Glaze

980a573621ea ("tpm: Make chip->{status,cancel,req_canceled} opt") This is a dependent commit for the series of patches to add the AMD SEV-SNP SVSM vTPM device driver. Kernel 6.11 added SVSM support, but not support for the critical component for boot integrity that follows the SEV-SNP threat model. That series https://lore.kernel.org/all/20250410135118.133240-1-sgarzare@redhat.com/ is applied at tip but is not yet in the mainline. I have confirmed that this patch applies cleanly. Stefano's patch series needs a minor tweak to the first patch due to the changed surrounding function declarations in arch/x86/include/asm/sev.h https://github.com/deeglaze/amdese-linux/commits/vtpm612/ I've independently tested the patches. -- -Dionna Glaze, PhD, CISSP, CCSP (she/her)

7 months, 1 week

2
3
0 0

FAILED: patch "[PATCH] KVM: x86: Load DR6 with guest value only before entering" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x c2fee09fc167c74a64adb08656cb993ea475197e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021815-protract-greasily-cdea@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c2fee09fc167c74a64adb08656cb993ea475197e Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 24 Jan 2025 17:18:33 -0800 Subject: [PATCH] KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpu_run() loop to fix a bug where KVM can load hardware with a stale vcpu->arch.dr6. When the guest accesses a DR and host userspace isn't debugging the guest, KVM disables DR interception and loads the guest's values into hardware on VM-Enter and saves them on VM-Exit. This allows the guest to access DRs at will, e.g. so that a sequence of DR accesses to configure a breakpoint only generates one VM-Exit. For DR0-DR3, the logic/behavior is identical between VMX and SVM, and also identical between KVM_DEBUGREG_BP_ENABLED (userspace debugging the guest) and KVM_DEBUGREG_WONT_EXIT (guest using DRs), and so KVM handles loading DR0-DR3 in common code, _outside_ of the core kvm_x86_ops.vcpu_run() loop. But for DR6, the guest's value doesn't need to be loaded into hardware for KVM_DEBUGREG_BP_ENABLED, and SVM provides a dedicated VMCB field whereas VMX requires software to manually load the guest value, and so loading the guest's value into DR6 is handled by {svm,vmx}_vcpu_run(), i.e. is done _inside_ the core run loop. Unfortunately, saving the guest values on VM-Exit is initiated by common x86, again outside of the core run loop. If the guest modifies DR6 (in hardware, when DR interception is disabled), and then the next VM-Exit is a fastpath VM-Exit, KVM will reload hardware DR6 with vcpu->arch.dr6 and clobber the guest's actual value. The bug shows up primarily with nested VMX because KVM handles the VMX preemption timer in the fastpath, and the window between hardware DR6 being modified (in guest context) and DR6 being read by guest software is orders of magnitude larger in a nested setup. E.g. in non-nested, the VMX preemption timer would need to fire precisely between #DB injection and the #DB handler's read of DR6, whereas with a KVM-on-KVM setup, the window where hardware DR6 is "dirty" extends all the way from L1 writing DR6 to VMRESUME (in L1). L1's view: ========== <L1 disables DR interception> CPU 0/KVM-7289 [023] d.... 2925.640961: kvm_entry: vcpu 0 A: L1 Writes DR6 CPU 0/KVM-7289 [023] d.... 2925.640963: <hack>: Set DRs, DR6 = 0xffff0ff1 B: CPU 0/KVM-7289 [023] d.... 2925.640967: kvm_exit: vcpu 0 reason EXTERNAL_INTERRUPT intr_info 0x800000ec D: L1 reads DR6, arch.dr6 = 0 CPU 0/KVM-7289 [023] d.... 2925.640969: <hack>: Sync DRs, DR6 = 0xffff0ff0 CPU 0/KVM-7289 [023] d.... 2925.640976: kvm_entry: vcpu 0 L2 reads DR6, L1 disables DR interception CPU 0/KVM-7289 [023] d.... 2925.640980: kvm_exit: vcpu 0 reason DR_ACCESS info1 0x0000000000000216 CPU 0/KVM-7289 [023] d.... 2925.640983: kvm_entry: vcpu 0 CPU 0/KVM-7289 [023] d.... 2925.640983: <hack>: Set DRs, DR6 = 0xffff0ff0 L2 detects failure CPU 0/KVM-7289 [023] d.... 2925.640987: kvm_exit: vcpu 0 reason HLT L1 reads DR6 (confirms failure) CPU 0/KVM-7289 [023] d.... 2925.640990: <hack>: Sync DRs, DR6 = 0xffff0ff0 L0's view: ========== L2 reads DR6, arch.dr6 = 0 CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216 CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216 L2 => L1 nested VM-Exit CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit_inject: reason: DR_ACCESS ext_inf1: 0x0000000000000216 CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_entry: vcpu 23 CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_exit: vcpu 23 reason VMREAD CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_entry: vcpu 23 CPU 23/KVM-5046 [001] d.... 3410.005612: kvm_exit: vcpu 23 reason VMREAD CPU 23/KVM-5046 [001] d.... 3410.005612: kvm_entry: vcpu 23 L1 writes DR7, L0 disables DR interception CPU 23/KVM-5046 [001] d.... 3410.005612: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000007 CPU 23/KVM-5046 [001] d.... 3410.005613: kvm_entry: vcpu 23 L0 writes DR6 = 0 (arch.dr6) CPU 23/KVM-5046 [001] d.... 3410.005613: <hack>: Set DRs, DR6 = 0xffff0ff0 A: <L1 writes DR6 = 1, no interception, arch.dr6 is still '0'> B: CPU 23/KVM-5046 [001] d.... 3410.005614: kvm_exit: vcpu 23 reason PREEMPTION_TIMER CPU 23/KVM-5046 [001] d.... 3410.005614: kvm_entry: vcpu 23 C: L0 writes DR6 = 0 (arch.dr6) CPU 23/KVM-5046 [001] d.... 3410.005614: <hack>: Set DRs, DR6 = 0xffff0ff0 L1 => L2 nested VM-Enter CPU 23/KVM-5046 [001] d.... 3410.005616: kvm_exit: vcpu 23 reason VMRESUME L0 reads DR6, arch.dr6 = 0 Reported-by: John Stultz <jstultz(a)google.com> Closes: https://lkml.kernel.org/r/CANDhNCq5_F3HfFYABqFGCA1bPd_%2BxgNj-iDQhH4tDk%2Bw… Fixes: 375e28ffc0cf ("KVM: X86: Set host DR6 only on VMX and for KVM_DEBUGREG_WONT_EXIT") Fixes: d67668e9dd76 ("KVM: x86, SVM: isolate vcpu->arch.dr6 from vmcb->save.dr6") Cc: stable(a)vger.kernel.org Cc: Jim Mattson <jmattson(a)google.com> Tested-by: John Stultz <jstultz(a)google.com> Link: https://lore.kernel.org/r/20250125011833.3644371-1-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index c35550581da0..823c0434bbad 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -48,6 +48,7 @@ KVM_X86_OP(set_idt) KVM_X86_OP(get_gdt) KVM_X86_OP(set_gdt) KVM_X86_OP(sync_dirty_debug_regs) +KVM_X86_OP(set_dr6) KVM_X86_OP(set_dr7) KVM_X86_OP(cache_reg) KVM_X86_OP(get_rflags) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index b15cde0a9b5c..0b7af5902ff7 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1696,6 +1696,7 @@ struct kvm_x86_ops { void (*get_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void (*set_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void (*sync_dirty_debug_regs)(struct kvm_vcpu *vcpu); + void (*set_dr6)(struct kvm_vcpu *vcpu, unsigned long value); void (*set_dr7)(struct kvm_vcpu *vcpu, unsigned long value); void (*cache_reg)(struct kvm_vcpu *vcpu, enum kvm_reg reg); unsigned long (*get_rflags)(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 7640a84e554a..a713c803a3a3 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1991,11 +1991,11 @@ static void new_asid(struct vcpu_svm *svm, struct svm_cpu_data *sd) svm->asid = sd->next_asid++; } -static void svm_set_dr6(struct vcpu_svm *svm, unsigned long value) +static void svm_set_dr6(struct kvm_vcpu *vcpu, unsigned long value) { - struct vmcb *vmcb = svm->vmcb; + struct vmcb *vmcb = to_svm(vcpu)->vmcb; - if (svm->vcpu.arch.guest_state_protected) + if (vcpu->arch.guest_state_protected) return; if (unlikely(value != vmcb->save.dr6)) { @@ -4247,10 +4247,8 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu, * Run with all-zero DR6 unless needed, so that we can get the exact cause * of a #DB. */ - if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) - svm_set_dr6(svm, vcpu->arch.dr6); - else - svm_set_dr6(svm, DR6_ACTIVE_LOW); + if (likely(!(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT))) + svm_set_dr6(vcpu, DR6_ACTIVE_LOW); clgi(); kvm_load_guest_xsave_state(vcpu); @@ -5043,6 +5041,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .set_idt = svm_set_idt, .get_gdt = svm_get_gdt, .set_gdt = svm_set_gdt, + .set_dr6 = svm_set_dr6, .set_dr7 = svm_set_dr7, .sync_dirty_debug_regs = svm_sync_dirty_debug_regs, .cache_reg = svm_cache_reg, diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index 2427f918e763..43ee9ed11291 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -61,6 +61,7 @@ struct kvm_x86_ops vt_x86_ops __initdata = { .set_idt = vmx_set_idt, .get_gdt = vmx_get_gdt, .set_gdt = vmx_set_gdt, + .set_dr6 = vmx_set_dr6, .set_dr7 = vmx_set_dr7, .sync_dirty_debug_regs = vmx_sync_dirty_debug_regs, .cache_reg = vmx_cache_reg, diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index f72835e85b6d..6c56d5235f0f 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -5648,6 +5648,12 @@ void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu) set_debugreg(DR6_RESERVED, 6); } +void vmx_set_dr6(struct kvm_vcpu *vcpu, unsigned long val) +{ + lockdep_assert_irqs_disabled(); + set_debugreg(vcpu->arch.dr6, 6); +} + void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val) { vmcs_writel(GUEST_DR7, val); @@ -7417,10 +7423,6 @@ fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit) vmx->loaded_vmcs->host_state.cr4 = cr4; } - /* When KVM_DEBUGREG_WONT_EXIT, dr6 is accessible in guest. */ - if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) - set_debugreg(vcpu->arch.dr6, 6); - /* When single-stepping over STI and MOV SS, we must clear the * corresponding interruptibility bits in the guest state. Otherwise * vmentry fails as it then expects bit 14 (BS) in pending debug diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h index ce3295a67c04..430773a5ef8e 100644 --- a/arch/x86/kvm/vmx/x86_ops.h +++ b/arch/x86/kvm/vmx/x86_ops.h @@ -73,6 +73,7 @@ void vmx_get_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void vmx_set_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void vmx_get_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void vmx_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); +void vmx_set_dr6(struct kvm_vcpu *vcpu, unsigned long val); void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val); void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu); void vmx_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 8e77e61d4fbd..02159c967d29 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -10961,6 +10961,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) set_debugreg(vcpu->arch.eff_db[1], 1); set_debugreg(vcpu->arch.eff_db[2], 2); set_debugreg(vcpu->arch.eff_db[3], 3); + /* When KVM_DEBUGREG_WONT_EXIT, dr6 is accessible in guest. */ + if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) + kvm_x86_call(set_dr6)(vcpu, vcpu->arch.dr6); } else if (unlikely(hw_breakpoint_active())) { set_debugreg(0, 7); }

7 months, 1 week

3
2
0 0

FAILED: patch "[PATCH] KVM: x86: Load DR6 with guest value only before entering" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x c2fee09fc167c74a64adb08656cb993ea475197e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021809-census-mammal-224b@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c2fee09fc167c74a64adb08656cb993ea475197e Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 24 Jan 2025 17:18:33 -0800 Subject: [PATCH] KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpu_run() loop to fix a bug where KVM can load hardware with a stale vcpu->arch.dr6. When the guest accesses a DR and host userspace isn't debugging the guest, KVM disables DR interception and loads the guest's values into hardware on VM-Enter and saves them on VM-Exit. This allows the guest to access DRs at will, e.g. so that a sequence of DR accesses to configure a breakpoint only generates one VM-Exit. For DR0-DR3, the logic/behavior is identical between VMX and SVM, and also identical between KVM_DEBUGREG_BP_ENABLED (userspace debugging the guest) and KVM_DEBUGREG_WONT_EXIT (guest using DRs), and so KVM handles loading DR0-DR3 in common code, _outside_ of the core kvm_x86_ops.vcpu_run() loop. But for DR6, the guest's value doesn't need to be loaded into hardware for KVM_DEBUGREG_BP_ENABLED, and SVM provides a dedicated VMCB field whereas VMX requires software to manually load the guest value, and so loading the guest's value into DR6 is handled by {svm,vmx}_vcpu_run(), i.e. is done _inside_ the core run loop. Unfortunately, saving the guest values on VM-Exit is initiated by common x86, again outside of the core run loop. If the guest modifies DR6 (in hardware, when DR interception is disabled), and then the next VM-Exit is a fastpath VM-Exit, KVM will reload hardware DR6 with vcpu->arch.dr6 and clobber the guest's actual value. The bug shows up primarily with nested VMX because KVM handles the VMX preemption timer in the fastpath, and the window between hardware DR6 being modified (in guest context) and DR6 being read by guest software is orders of magnitude larger in a nested setup. E.g. in non-nested, the VMX preemption timer would need to fire precisely between #DB injection and the #DB handler's read of DR6, whereas with a KVM-on-KVM setup, the window where hardware DR6 is "dirty" extends all the way from L1 writing DR6 to VMRESUME (in L1). L1's view: ========== <L1 disables DR interception> CPU 0/KVM-7289 [023] d.... 2925.640961: kvm_entry: vcpu 0 A: L1 Writes DR6 CPU 0/KVM-7289 [023] d.... 2925.640963: <hack>: Set DRs, DR6 = 0xffff0ff1 B: CPU 0/KVM-7289 [023] d.... 2925.640967: kvm_exit: vcpu 0 reason EXTERNAL_INTERRUPT intr_info 0x800000ec D: L1 reads DR6, arch.dr6 = 0 CPU 0/KVM-7289 [023] d.... 2925.640969: <hack>: Sync DRs, DR6 = 0xffff0ff0 CPU 0/KVM-7289 [023] d.... 2925.640976: kvm_entry: vcpu 0 L2 reads DR6, L1 disables DR interception CPU 0/KVM-7289 [023] d.... 2925.640980: kvm_exit: vcpu 0 reason DR_ACCESS info1 0x0000000000000216 CPU 0/KVM-7289 [023] d.... 2925.640983: kvm_entry: vcpu 0 CPU 0/KVM-7289 [023] d.... 2925.640983: <hack>: Set DRs, DR6 = 0xffff0ff0 L2 detects failure CPU 0/KVM-7289 [023] d.... 2925.640987: kvm_exit: vcpu 0 reason HLT L1 reads DR6 (confirms failure) CPU 0/KVM-7289 [023] d.... 2925.640990: <hack>: Sync DRs, DR6 = 0xffff0ff0 L0's view: ========== L2 reads DR6, arch.dr6 = 0 CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216 CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216 L2 => L1 nested VM-Exit CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit_inject: reason: DR_ACCESS ext_inf1: 0x0000000000000216 CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_entry: vcpu 23 CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_exit: vcpu 23 reason VMREAD CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_entry: vcpu 23 CPU 23/KVM-5046 [001] d.... 3410.005612: kvm_exit: vcpu 23 reason VMREAD CPU 23/KVM-5046 [001] d.... 3410.005612: kvm_entry: vcpu 23 L1 writes DR7, L0 disables DR interception CPU 23/KVM-5046 [001] d.... 3410.005612: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000007 CPU 23/KVM-5046 [001] d.... 3410.005613: kvm_entry: vcpu 23 L0 writes DR6 = 0 (arch.dr6) CPU 23/KVM-5046 [001] d.... 3410.005613: <hack>: Set DRs, DR6 = 0xffff0ff0 A: <L1 writes DR6 = 1, no interception, arch.dr6 is still '0'> B: CPU 23/KVM-5046 [001] d.... 3410.005614: kvm_exit: vcpu 23 reason PREEMPTION_TIMER CPU 23/KVM-5046 [001] d.... 3410.005614: kvm_entry: vcpu 23 C: L0 writes DR6 = 0 (arch.dr6) CPU 23/KVM-5046 [001] d.... 3410.005614: <hack>: Set DRs, DR6 = 0xffff0ff0 L1 => L2 nested VM-Enter CPU 23/KVM-5046 [001] d.... 3410.005616: kvm_exit: vcpu 23 reason VMRESUME L0 reads DR6, arch.dr6 = 0 Reported-by: John Stultz <jstultz(a)google.com> Closes: https://lkml.kernel.org/r/CANDhNCq5_F3HfFYABqFGCA1bPd_%2BxgNj-iDQhH4tDk%2Bw… Fixes: 375e28ffc0cf ("KVM: X86: Set host DR6 only on VMX and for KVM_DEBUGREG_WONT_EXIT") Fixes: d67668e9dd76 ("KVM: x86, SVM: isolate vcpu->arch.dr6 from vmcb->save.dr6") Cc: stable(a)vger.kernel.org Cc: Jim Mattson <jmattson(a)google.com> Tested-by: John Stultz <jstultz(a)google.com> Link: https://lore.kernel.org/r/20250125011833.3644371-1-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index c35550581da0..823c0434bbad 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -48,6 +48,7 @@ KVM_X86_OP(set_idt) KVM_X86_OP(get_gdt) KVM_X86_OP(set_gdt) KVM_X86_OP(sync_dirty_debug_regs) +KVM_X86_OP(set_dr6) KVM_X86_OP(set_dr7) KVM_X86_OP(cache_reg) KVM_X86_OP(get_rflags) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index b15cde0a9b5c..0b7af5902ff7 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1696,6 +1696,7 @@ struct kvm_x86_ops { void (*get_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void (*set_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void (*sync_dirty_debug_regs)(struct kvm_vcpu *vcpu); + void (*set_dr6)(struct kvm_vcpu *vcpu, unsigned long value); void (*set_dr7)(struct kvm_vcpu *vcpu, unsigned long value); void (*cache_reg)(struct kvm_vcpu *vcpu, enum kvm_reg reg); unsigned long (*get_rflags)(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 7640a84e554a..a713c803a3a3 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1991,11 +1991,11 @@ static void new_asid(struct vcpu_svm *svm, struct svm_cpu_data *sd) svm->asid = sd->next_asid++; } -static void svm_set_dr6(struct vcpu_svm *svm, unsigned long value) +static void svm_set_dr6(struct kvm_vcpu *vcpu, unsigned long value) { - struct vmcb *vmcb = svm->vmcb; + struct vmcb *vmcb = to_svm(vcpu)->vmcb; - if (svm->vcpu.arch.guest_state_protected) + if (vcpu->arch.guest_state_protected) return; if (unlikely(value != vmcb->save.dr6)) { @@ -4247,10 +4247,8 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu, * Run with all-zero DR6 unless needed, so that we can get the exact cause * of a #DB. */ - if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) - svm_set_dr6(svm, vcpu->arch.dr6); - else - svm_set_dr6(svm, DR6_ACTIVE_LOW); + if (likely(!(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT))) + svm_set_dr6(vcpu, DR6_ACTIVE_LOW); clgi(); kvm_load_guest_xsave_state(vcpu); @@ -5043,6 +5041,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .set_idt = svm_set_idt, .get_gdt = svm_get_gdt, .set_gdt = svm_set_gdt, + .set_dr6 = svm_set_dr6, .set_dr7 = svm_set_dr7, .sync_dirty_debug_regs = svm_sync_dirty_debug_regs, .cache_reg = svm_cache_reg, diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index 2427f918e763..43ee9ed11291 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -61,6 +61,7 @@ struct kvm_x86_ops vt_x86_ops __initdata = { .set_idt = vmx_set_idt, .get_gdt = vmx_get_gdt, .set_gdt = vmx_set_gdt, + .set_dr6 = vmx_set_dr6, .set_dr7 = vmx_set_dr7, .sync_dirty_debug_regs = vmx_sync_dirty_debug_regs, .cache_reg = vmx_cache_reg, diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index f72835e85b6d..6c56d5235f0f 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -5648,6 +5648,12 @@ void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu) set_debugreg(DR6_RESERVED, 6); } +void vmx_set_dr6(struct kvm_vcpu *vcpu, unsigned long val) +{ + lockdep_assert_irqs_disabled(); + set_debugreg(vcpu->arch.dr6, 6); +} + void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val) { vmcs_writel(GUEST_DR7, val); @@ -7417,10 +7423,6 @@ fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit) vmx->loaded_vmcs->host_state.cr4 = cr4; } - /* When KVM_DEBUGREG_WONT_EXIT, dr6 is accessible in guest. */ - if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) - set_debugreg(vcpu->arch.dr6, 6); - /* When single-stepping over STI and MOV SS, we must clear the * corresponding interruptibility bits in the guest state. Otherwise * vmentry fails as it then expects bit 14 (BS) in pending debug diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h index ce3295a67c04..430773a5ef8e 100644 --- a/arch/x86/kvm/vmx/x86_ops.h +++ b/arch/x86/kvm/vmx/x86_ops.h @@ -73,6 +73,7 @@ void vmx_get_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void vmx_set_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void vmx_get_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void vmx_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); +void vmx_set_dr6(struct kvm_vcpu *vcpu, unsigned long val); void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val); void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu); void vmx_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 8e77e61d4fbd..02159c967d29 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -10961,6 +10961,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) set_debugreg(vcpu->arch.eff_db[1], 1); set_debugreg(vcpu->arch.eff_db[2], 2); set_debugreg(vcpu->arch.eff_db[3], 3); + /* When KVM_DEBUGREG_WONT_EXIT, dr6 is accessible in guest. */ + if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) + kvm_x86_call(set_dr6)(vcpu, vcpu->arch.dr6); } else if (unlikely(hw_breakpoint_active())) { set_debugreg(0, 7); }

7 months, 1 week

3
2
0 0

FAILED: patch "[PATCH] KVM: x86: Load DR6 with guest value only before entering" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x c2fee09fc167c74a64adb08656cb993ea475197e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2025021812-candied-hamper-7f08@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From c2fee09fc167c74a64adb08656cb993ea475197e Mon Sep 17 00:00:00 2001 From: Sean Christopherson <seanjc(a)google.com> Date: Fri, 24 Jan 2025 17:18:33 -0800 Subject: [PATCH] KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpu_run() loop to fix a bug where KVM can load hardware with a stale vcpu->arch.dr6. When the guest accesses a DR and host userspace isn't debugging the guest, KVM disables DR interception and loads the guest's values into hardware on VM-Enter and saves them on VM-Exit. This allows the guest to access DRs at will, e.g. so that a sequence of DR accesses to configure a breakpoint only generates one VM-Exit. For DR0-DR3, the logic/behavior is identical between VMX and SVM, and also identical between KVM_DEBUGREG_BP_ENABLED (userspace debugging the guest) and KVM_DEBUGREG_WONT_EXIT (guest using DRs), and so KVM handles loading DR0-DR3 in common code, _outside_ of the core kvm_x86_ops.vcpu_run() loop. But for DR6, the guest's value doesn't need to be loaded into hardware for KVM_DEBUGREG_BP_ENABLED, and SVM provides a dedicated VMCB field whereas VMX requires software to manually load the guest value, and so loading the guest's value into DR6 is handled by {svm,vmx}_vcpu_run(), i.e. is done _inside_ the core run loop. Unfortunately, saving the guest values on VM-Exit is initiated by common x86, again outside of the core run loop. If the guest modifies DR6 (in hardware, when DR interception is disabled), and then the next VM-Exit is a fastpath VM-Exit, KVM will reload hardware DR6 with vcpu->arch.dr6 and clobber the guest's actual value. The bug shows up primarily with nested VMX because KVM handles the VMX preemption timer in the fastpath, and the window between hardware DR6 being modified (in guest context) and DR6 being read by guest software is orders of magnitude larger in a nested setup. E.g. in non-nested, the VMX preemption timer would need to fire precisely between #DB injection and the #DB handler's read of DR6, whereas with a KVM-on-KVM setup, the window where hardware DR6 is "dirty" extends all the way from L1 writing DR6 to VMRESUME (in L1). L1's view: ========== <L1 disables DR interception> CPU 0/KVM-7289 [023] d.... 2925.640961: kvm_entry: vcpu 0 A: L1 Writes DR6 CPU 0/KVM-7289 [023] d.... 2925.640963: <hack>: Set DRs, DR6 = 0xffff0ff1 B: CPU 0/KVM-7289 [023] d.... 2925.640967: kvm_exit: vcpu 0 reason EXTERNAL_INTERRUPT intr_info 0x800000ec D: L1 reads DR6, arch.dr6 = 0 CPU 0/KVM-7289 [023] d.... 2925.640969: <hack>: Sync DRs, DR6 = 0xffff0ff0 CPU 0/KVM-7289 [023] d.... 2925.640976: kvm_entry: vcpu 0 L2 reads DR6, L1 disables DR interception CPU 0/KVM-7289 [023] d.... 2925.640980: kvm_exit: vcpu 0 reason DR_ACCESS info1 0x0000000000000216 CPU 0/KVM-7289 [023] d.... 2925.640983: kvm_entry: vcpu 0 CPU 0/KVM-7289 [023] d.... 2925.640983: <hack>: Set DRs, DR6 = 0xffff0ff0 L2 detects failure CPU 0/KVM-7289 [023] d.... 2925.640987: kvm_exit: vcpu 0 reason HLT L1 reads DR6 (confirms failure) CPU 0/KVM-7289 [023] d.... 2925.640990: <hack>: Sync DRs, DR6 = 0xffff0ff0 L0's view: ========== L2 reads DR6, arch.dr6 = 0 CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216 CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit: vcpu 23 reason DR_ACCESS info1 0x0000000000000216 L2 => L1 nested VM-Exit CPU 23/KVM-5046 [001] ..... 3410.005610: kvm_nested_vmexit_inject: reason: DR_ACCESS ext_inf1: 0x0000000000000216 CPU 23/KVM-5046 [001] d.... 3410.005610: kvm_entry: vcpu 23 CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_exit: vcpu 23 reason VMREAD CPU 23/KVM-5046 [001] d.... 3410.005611: kvm_entry: vcpu 23 CPU 23/KVM-5046 [001] d.... 3410.005612: kvm_exit: vcpu 23 reason VMREAD CPU 23/KVM-5046 [001] d.... 3410.005612: kvm_entry: vcpu 23 L1 writes DR7, L0 disables DR interception CPU 23/KVM-5046 [001] d.... 3410.005612: kvm_exit: vcpu 23 reason DR_ACCESS info1 0x0000000000000007 CPU 23/KVM-5046 [001] d.... 3410.005613: kvm_entry: vcpu 23 L0 writes DR6 = 0 (arch.dr6) CPU 23/KVM-5046 [001] d.... 3410.005613: <hack>: Set DRs, DR6 = 0xffff0ff0 A: <L1 writes DR6 = 1, no interception, arch.dr6 is still '0'> B: CPU 23/KVM-5046 [001] d.... 3410.005614: kvm_exit: vcpu 23 reason PREEMPTION_TIMER CPU 23/KVM-5046 [001] d.... 3410.005614: kvm_entry: vcpu 23 C: L0 writes DR6 = 0 (arch.dr6) CPU 23/KVM-5046 [001] d.... 3410.005614: <hack>: Set DRs, DR6 = 0xffff0ff0 L1 => L2 nested VM-Enter CPU 23/KVM-5046 [001] d.... 3410.005616: kvm_exit: vcpu 23 reason VMRESUME L0 reads DR6, arch.dr6 = 0 Reported-by: John Stultz <jstultz(a)google.com> Closes: https://lkml.kernel.org/r/CANDhNCq5_F3HfFYABqFGCA1bPd_%2BxgNj-iDQhH4tDk%2Bw… Fixes: 375e28ffc0cf ("KVM: X86: Set host DR6 only on VMX and for KVM_DEBUGREG_WONT_EXIT") Fixes: d67668e9dd76 ("KVM: x86, SVM: isolate vcpu->arch.dr6 from vmcb->save.dr6") Cc: stable(a)vger.kernel.org Cc: Jim Mattson <jmattson(a)google.com> Tested-by: John Stultz <jstultz(a)google.com> Link: https://lore.kernel.org/r/20250125011833.3644371-1-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc(a)google.com> diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index c35550581da0..823c0434bbad 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -48,6 +48,7 @@ KVM_X86_OP(set_idt) KVM_X86_OP(get_gdt) KVM_X86_OP(set_gdt) KVM_X86_OP(sync_dirty_debug_regs) +KVM_X86_OP(set_dr6) KVM_X86_OP(set_dr7) KVM_X86_OP(cache_reg) KVM_X86_OP(get_rflags) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index b15cde0a9b5c..0b7af5902ff7 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1696,6 +1696,7 @@ struct kvm_x86_ops { void (*get_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void (*set_gdt)(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void (*sync_dirty_debug_regs)(struct kvm_vcpu *vcpu); + void (*set_dr6)(struct kvm_vcpu *vcpu, unsigned long value); void (*set_dr7)(struct kvm_vcpu *vcpu, unsigned long value); void (*cache_reg)(struct kvm_vcpu *vcpu, enum kvm_reg reg); unsigned long (*get_rflags)(struct kvm_vcpu *vcpu); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 7640a84e554a..a713c803a3a3 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -1991,11 +1991,11 @@ static void new_asid(struct vcpu_svm *svm, struct svm_cpu_data *sd) svm->asid = sd->next_asid++; } -static void svm_set_dr6(struct vcpu_svm *svm, unsigned long value) +static void svm_set_dr6(struct kvm_vcpu *vcpu, unsigned long value) { - struct vmcb *vmcb = svm->vmcb; + struct vmcb *vmcb = to_svm(vcpu)->vmcb; - if (svm->vcpu.arch.guest_state_protected) + if (vcpu->arch.guest_state_protected) return; if (unlikely(value != vmcb->save.dr6)) { @@ -4247,10 +4247,8 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_vcpu *vcpu, * Run with all-zero DR6 unless needed, so that we can get the exact cause * of a #DB. */ - if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) - svm_set_dr6(svm, vcpu->arch.dr6); - else - svm_set_dr6(svm, DR6_ACTIVE_LOW); + if (likely(!(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT))) + svm_set_dr6(vcpu, DR6_ACTIVE_LOW); clgi(); kvm_load_guest_xsave_state(vcpu); @@ -5043,6 +5041,7 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .set_idt = svm_set_idt, .get_gdt = svm_get_gdt, .set_gdt = svm_set_gdt, + .set_dr6 = svm_set_dr6, .set_dr7 = svm_set_dr7, .sync_dirty_debug_regs = svm_sync_dirty_debug_regs, .cache_reg = svm_cache_reg, diff --git a/arch/x86/kvm/vmx/main.c b/arch/x86/kvm/vmx/main.c index 2427f918e763..43ee9ed11291 100644 --- a/arch/x86/kvm/vmx/main.c +++ b/arch/x86/kvm/vmx/main.c @@ -61,6 +61,7 @@ struct kvm_x86_ops vt_x86_ops __initdata = { .set_idt = vmx_set_idt, .get_gdt = vmx_get_gdt, .set_gdt = vmx_set_gdt, + .set_dr6 = vmx_set_dr6, .set_dr7 = vmx_set_dr7, .sync_dirty_debug_regs = vmx_sync_dirty_debug_regs, .cache_reg = vmx_cache_reg, diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index f72835e85b6d..6c56d5235f0f 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -5648,6 +5648,12 @@ void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu) set_debugreg(DR6_RESERVED, 6); } +void vmx_set_dr6(struct kvm_vcpu *vcpu, unsigned long val) +{ + lockdep_assert_irqs_disabled(); + set_debugreg(vcpu->arch.dr6, 6); +} + void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val) { vmcs_writel(GUEST_DR7, val); @@ -7417,10 +7423,6 @@ fastpath_t vmx_vcpu_run(struct kvm_vcpu *vcpu, bool force_immediate_exit) vmx->loaded_vmcs->host_state.cr4 = cr4; } - /* When KVM_DEBUGREG_WONT_EXIT, dr6 is accessible in guest. */ - if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) - set_debugreg(vcpu->arch.dr6, 6); - /* When single-stepping over STI and MOV SS, we must clear the * corresponding interruptibility bits in the guest state. Otherwise * vmentry fails as it then expects bit 14 (BS) in pending debug diff --git a/arch/x86/kvm/vmx/x86_ops.h b/arch/x86/kvm/vmx/x86_ops.h index ce3295a67c04..430773a5ef8e 100644 --- a/arch/x86/kvm/vmx/x86_ops.h +++ b/arch/x86/kvm/vmx/x86_ops.h @@ -73,6 +73,7 @@ void vmx_get_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void vmx_set_idt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void vmx_get_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); void vmx_set_gdt(struct kvm_vcpu *vcpu, struct desc_ptr *dt); +void vmx_set_dr6(struct kvm_vcpu *vcpu, unsigned long val); void vmx_set_dr7(struct kvm_vcpu *vcpu, unsigned long val); void vmx_sync_dirty_debug_regs(struct kvm_vcpu *vcpu); void vmx_cache_reg(struct kvm_vcpu *vcpu, enum kvm_reg reg); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 8e77e61d4fbd..02159c967d29 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -10961,6 +10961,9 @@ static int vcpu_enter_guest(struct kvm_vcpu *vcpu) set_debugreg(vcpu->arch.eff_db[1], 1); set_debugreg(vcpu->arch.eff_db[2], 2); set_debugreg(vcpu->arch.eff_db[3], 3); + /* When KVM_DEBUGREG_WONT_EXIT, dr6 is accessible in guest. */ + if (unlikely(vcpu->arch.switch_db_regs & KVM_DEBUGREG_WONT_EXIT)) + kvm_x86_call(set_dr6)(vcpu, vcpu->arch.dr6); } else if (unlikely(hw_breakpoint_active())) { set_debugreg(0, 7); }

7 months, 1 week

3
2
0 0

Re: [PATCH] Handle Ice Lake MONITOR erratum

by Christian Ludloff

> [ICX143 in https://cdrdv2.intel.com/v1/dl/getContent/637780] > There is no equivalent erratum for the "Xeon D" Ice Lakes so > INTEL_ICELAKE_D is not affected. There is ICXD80 in... https://www.intel.com/content/www/us/en/content-details/714069/intel-xeon-d… https://www.intel.com/content/www/us/en/content-details/714071/intel-xeon-d… And although the ICL spec update... https://edc.intel.com/content/www/us/en/design/ipla/software-development-pl… ...doesn't seem to have a MONITOR erratum, it might be a good idea for Intel to double check. -- Christian

7 months, 1 week

2
1
0 0

[PATCH v5] Restrict devmem for confidential VMs

by Dan Williams

Changes since v3 [1] (note v4 was a partial re-roll, but more feedback came in requiring a v5): - Fix a kbuild robot report for a missing header include of cc_platform.h - Switch to selecting STRICT_DEVMEM and IOSTRICT_DEVMEM rather than "depends on". (Naveen) - Clarify the "SEPT violation" vs "crash" and other changelog fixups for devmem maintainers and other arch maintainers. (Dave) - Drop patch numbering since patch2 is a fix and has no dependencies on patch1 [1]: http://lore.kernel.org/174491711228.1395340.3647010925173796093.stgit@dwill… --- The original response to Nikolay's report of a "crash" (unhandled SEPT violation) triggered by /dev/mem access to private memory was "let's just turn off /dev/mem". After some machinations of x86_platform_ops to block a subset of problematic access, spelunking the history of devmem_is_allowed() returning "2" to enable some compatibility benefits while blocking access, and discovering that userspace depends buggy kernel behavior for mmap(2) of the first 1MB of memory on x86, the proposal has circled back to "disable /dev/mem". Require both STRICT_DEVMEM and IO_STRICT_DEVMEM for x86 confidential guests to close /dev/mem hole while still allowing for userspace mapping of PCI MMIO as long as the kernel and userspace are not mapping the range at the same time. The range_is_allowed() cleanup is not strictly necessary, but might as well close a 17 year-old "TODO". Dan Williams (2): x86/devmem: Remove duplicate range_is_allowed() definition x86/devmem: Drop /dev/mem access for confidential guests arch/x86/Kconfig | 4 ++++ arch/x86/mm/pat/memtype.c | 31 ++++--------------------------- drivers/char/mem.c | 28 ++++++++++------------------ include/linux/io.h | 21 +++++++++++++++++++++ 4 files changed, 39 insertions(+), 45 deletions(-) base-commit: 0af2f6be1b4281385b618cb86ad946eded089ac8 -- 2.49.0

7 months, 1 week

4
10
0 0

[PATCH 6.1 00/16] xfs backports for 6.1.y from 6.10

by Leah Rumancik

Hello again, This is the 6.1.y backports set from 6.10 which corresponds to the 6.6.y backports set from here: https://lore.kernel.org/all/20241002174108.64615-1-catherine.hoang@oracle.c… The following patches were included: f43bd357fde0 xfs: fix error returns from xfs_bmapi_write 4bcef72d96b5 xfs: fix xfs_bmap_add_extent_delay_real for partial conversions c299188b443a xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent c13c21f77824 xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovey 0934046e3392 xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 9716cdcc2f9e xfs: validate recovered name buffers when recovering xattr items 20adb1e2f069 xfs: revert commit 44af6c7e59b12 f24ba2183148 xfs: match lock mode in xfs_buffered_write_iomap_begin() 0f726c17dfd8 xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional 36081fd0ee37 xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset 4c99f3026cf2 xfs: convert delayed extents to unwritten when zeroing post eof blocks 0aca73915dc1 xfs: allow symlinks with short remote targets 0e52b98bf041 xfs: make sure sb_fdblocks is non-negative 2bc2d49c36c2 xfs: fix freeing speculative preallocations for preallocated files 3eeac3311683 xfs: allow unlinked symlinks and dirs with zero size 9a0ab4fc28ed xfs: restrict when we try to align cow fork delalloc to cowextsz hints The following patches were omitted: cad051826d83 xfs: fix missing check for invalid attr flags scrub db460c26f0b0 xfs: check shortform attr entry flags specifically scrub 5689d2345a01 xfs: enforce one namespace per attribute doesn't cherry pick cleanly, it is some refactoring and isn't a dependency for other patches, lets skip it for now 7c03b124353a xfs: use dontcache for grabbing inodes during scrub scrub 740a427e8f45 xfs: fix unlink vs cluster buffer instantiation race already in 6.1.y No fixes were found on mainline for any of the patches being ported. The auto group was run 1x on each of these configs: xfs/4k xfs/1k xfs/logdev xfs/realtime xfs/quota xfs/v4 xfs/dax xfs/adv xfs/dirblock_8k and no regressions were seen. This set has already been ack'd on the xfs-stable list. Let me know if you see any issues. Thanks, Leah Christoph Hellwig (4): xfs: fix error returns from xfs_bmapi_write xfs: fix xfs_bmap_add_extent_delay_real for partial conversions xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent xfs: fix freeing speculative preallocations for preallocated files Darrick J. Wong (7): xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 xfs: validate recovered name buffers when recovering xattr items xfs: revert commit 44af6c7e59b12 xfs: allow symlinks with short remote targets xfs: allow unlinked symlinks and dirs with zero size xfs: restrict when we try to align cow fork delalloc to cowextsz hints Wengang Wang (1): xfs: make sure sb_fdblocks is non-negative Zhang Yi (4): xfs: match lock mode in xfs_buffered_write_iomap_begin() xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset xfs: convert delayed extents to unwritten when zeroing post eof blocks fs/xfs/libxfs/xfs_attr_remote.c | 1 - fs/xfs/libxfs/xfs_bmap.c | 130 ++++++++++++++++++++++++++------ fs/xfs/libxfs/xfs_da_btree.c | 20 ++--- fs/xfs/libxfs/xfs_inode_buf.c | 47 ++++++++++-- fs/xfs/libxfs/xfs_sb.c | 7 +- fs/xfs/scrub/attr.c | 5 ++ fs/xfs/xfs_aops.c | 54 ++++--------- fs/xfs/xfs_attr_item.c | 88 ++++++++++++++++++--- fs/xfs/xfs_bmap_util.c | 61 +++++++++------ fs/xfs/xfs_bmap_util.h | 2 +- fs/xfs/xfs_dquot.c | 1 - fs/xfs/xfs_icache.c | 2 +- fs/xfs/xfs_inode.c | 14 +--- fs/xfs/xfs_iomap.c | 81 +++++++++++--------- fs/xfs/xfs_reflink.c | 20 ----- fs/xfs/xfs_rtalloc.c | 2 - 16 files changed, 342 insertions(+), 193 deletions(-) -- 2.49.0.906.g1f30a19c02-goog

7 months, 1 week

2
32
0 0

[PATCH stable 6.6 00/10] bpf: track changes_pkt_data property for global functions

by Shung-Hsi Yu

Fix the bypassing of invalid packet pointer check in 6.6 by backporting the entire "bpf: track changes_pkt_data property for global functions" series[1], along with the follow up, "bpf: fix NPE when computing changes_pkt_data of program w/o subprograms" series[2]; both from Eduard. I had ran the BPF selftests after backporting, confirmed that newly added BPF selftests passes, and that no new failure observed in BPF selftests (dummy_st_ops, ns_current_pid_tgid, test_bpf_ma, and test_bpffs are failing even without this patchset applied). See [3] for the full log. #50/1 changes_pkt_data_freplace/changes_pkt_data_with_changes_pkt_data:OK #50/2 changes_pkt_data_freplace/changes_pkt_data_with_does_not_change_pkt_data:OK #50/3 changes_pkt_data_freplace/does_not_change_pkt_data_with_changes_pkt_data:OK #50/4 changes_pkt_data_freplace/does_not_change_pkt_data_with_does_not_change_pkt_data:OK #50/5 changes_pkt_data_freplace/main_changes_with_changes_pkt_data:OK #50/6 changes_pkt_data_freplace/main_changes_with_does_not_change_pkt_data:OK #50/7 changes_pkt_data_freplace/main_does_not_change_with_changes_pkt_data:OK #50/8 changes_pkt_data_freplace/main_does_not_change_with_does_not_change_pkt_data:OK #395/57 verifier_sock/invalidate_pkt_pointers_from_global_func:OK #395/58 verifier_sock/invalidate_pkt_pointers_by_tail_call:OK 1: https://lore.kernel.org/all/20241210041100.1898468-1-eddyz87@gmail.com/ 2: https://lore.kernel.org/all/20241212070711.427443-1-eddyz87@gmail.com/ 3: https://github.com/shunghsiyu/libbpf/actions/runs/14747347842/job/413971041… Eduard Zingerman (10): bpf: add find_containing_subprog() utility function bpf: refactor bpf_helper_changes_pkt_data to use helper number bpf: track changes_pkt_data property for global functions selftests/bpf: test for changing packet data from global functions bpf: check changes_pkt_data property for extension programs selftests/bpf: freplace tests for tracking of changes_packet_data bpf: consider that tail calls invalidate packet pointers selftests/bpf: validate that tail call invalidates packet pointers bpf: fix null dereference when computing changes_pkt_data of prog w/o subprogs selftests/bpf: extend changes_pkt_data with cases w/o subprograms include/linux/bpf.h | 1 + include/linux/bpf_verifier.h | 1 + include/linux/filter.h | 2 +- kernel/bpf/core.c | 2 +- kernel/bpf/verifier.c | 81 +++++++++++-- net/core/filter.c | 63 +++++------ .../bpf/prog_tests/changes_pkt_data.c | 107 ++++++++++++++++++ .../selftests/bpf/progs/changes_pkt_data.c | 39 +++++++ .../bpf/progs/changes_pkt_data_freplace.c | 18 +++ .../selftests/bpf/progs/verifier_sock.c | 56 +++++++++ 10 files changed, 324 insertions(+), 46 deletions(-) create mode 100644 tools/testing/selftests/bpf/prog_tests/changes_pkt_data.c create mode 100644 tools/testing/selftests/bpf/progs/changes_pkt_data.c create mode 100644 tools/testing/selftests/bpf/progs/changes_pkt_data_freplace.c -- 2.49.0

7 months, 1 week

2
20
0 0

[PATCH 6.12.y 0/6] Bluetooth: btusb: add a bunch of USB device IDs for Qualcomm WCN785x

by Alexander Tsoy

This was tested on a device with USB ID 2c7c:0130

7 months, 1 week

2
12
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror