- Linux-stable-mirror - lists.linaro.org

[PATCH] KEYS: Print digitalSignature and CA link errors

by Kevin Bowling

ENOKEY is overloaded for several different failure types in these link functions. In addition, by the time we are consuming the return several other methods can return ENOKEY. Add some error prints to help diagnose fundamental certificate issues. Cc: stable(a)vger.kernel.org Signed-off-by: Kevin Bowling <kevin.bowling(a)kev009.com> --- crypto/asymmetric_keys/restrict.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c index afcd4d101ac5..472561e451b3 100644 --- a/crypto/asymmetric_keys/restrict.c +++ b/crypto/asymmetric_keys/restrict.c @@ -140,14 +140,20 @@ int restrict_link_by_ca(struct key *dest_keyring, pkey = payload->data[asym_crypto]; if (!pkey) return -ENOPKG; - if (!test_bit(KEY_EFLAG_CA, &pkey->key_eflags)) + if (!test_bit(KEY_EFLAG_CA, &pkey->key_eflags)) { + pr_err("Missing CA usage bit\n"); return -ENOKEY; - if (!test_bit(KEY_EFLAG_KEYCERTSIGN, &pkey->key_eflags)) + } + if (!test_bit(KEY_EFLAG_KEYCERTSIGN, &pkey->key_eflags)) { + pr_err("Missing keyCertSign usage bit\n"); return -ENOKEY; + } if (!IS_ENABLED(CONFIG_INTEGRITY_CA_MACHINE_KEYRING_MAX)) return 0; - if (test_bit(KEY_EFLAG_DIGITALSIG, &pkey->key_eflags)) + if (test_bit(KEY_EFLAG_DIGITALSIG, &pkey->key_eflags)) { + pr_err("Unexpected digitalSignature usage bit\n"); return -ENOKEY; + } return 0; } @@ -183,14 +189,20 @@ int restrict_link_by_digsig(struct key *dest_keyring, if (!pkey) return -ENOPKG; - if (!test_bit(KEY_EFLAG_DIGITALSIG, &pkey->key_eflags)) + if (!test_bit(KEY_EFLAG_DIGITALSIG, &pkey->key_eflags)) { + pr_err("Missing digitalSignature usage bit\n"); return -ENOKEY; + } - if (test_bit(KEY_EFLAG_CA, &pkey->key_eflags)) + if (test_bit(KEY_EFLAG_CA, &pkey->key_eflags)) { + pr_err("Unexpected CA usage bit\n"); return -ENOKEY; + } - if (test_bit(KEY_EFLAG_KEYCERTSIGN, &pkey->key_eflags)) + if (test_bit(KEY_EFLAG_KEYCERTSIGN, &pkey->key_eflags)) { + pr_err("Unexpected keyCertSign usage bit\n"); return -ENOKEY; + } return restrict_link_by_signature(dest_keyring, type, payload, trust_keyring); -- 2.46.0

6 months, 4 weeks

1
1
0 0

[PATCH 01/10] crypto: x86/aegis128 - access 32-bit arguments as 32-bit

by Eric Biggers

From: Eric Biggers <ebiggers(a)google.com> Fix the AEGIS assembly code to access 'unsigned int' arguments as 32-bit values instead of 64-bit, since the upper bits of the corresponding 64-bit registers are not guaranteed to be zero. Note: there haven't been any reports of this bug actually causing incorrect behavior. Neither gcc nor clang guarantee zero-extension to 64 bits, but zero-extension is likely to happen in practice because most instructions that operate on 32-bit registers zero-extend to 64 bits. Fixes: 1d373d4e8e15 ("crypto: x86 - Add optimized AEGIS implementations") Cc: stable(a)vger.kernel.org Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- arch/x86/crypto/aegis128-aesni-asm.S | 29 ++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/arch/x86/crypto/aegis128-aesni-asm.S b/arch/x86/crypto/aegis128-aesni-asm.S index ad7f4c891625..2de859173940 100644 --- a/arch/x86/crypto/aegis128-aesni-asm.S +++ b/arch/x86/crypto/aegis128-aesni-asm.S @@ -19,11 +19,11 @@ #define MSG %xmm5 #define T0 %xmm6 #define T1 %xmm7 #define STATEP %rdi -#define LEN %rsi +#define LEN %esi #define SRC %rdx #define DST %rcx .section .rodata.cst16.aegis128_const, "aM", @progbits, 32 .align 16 @@ -74,50 +74,50 @@ */ SYM_FUNC_START_LOCAL(__load_partial) xor %r9d, %r9d pxor MSG, MSG - mov LEN, %r8 + mov LEN, %r8d and $0x1, %r8 jz .Lld_partial_1 - mov LEN, %r8 + mov LEN, %r8d and $0x1E, %r8 add SRC, %r8 mov (%r8), %r9b .Lld_partial_1: - mov LEN, %r8 + mov LEN, %r8d and $0x2, %r8 jz .Lld_partial_2 - mov LEN, %r8 + mov LEN, %r8d and $0x1C, %r8 add SRC, %r8 shl $0x10, %r9 mov (%r8), %r9w .Lld_partial_2: - mov LEN, %r8 + mov LEN, %r8d and $0x4, %r8 jz .Lld_partial_4 - mov LEN, %r8 + mov LEN, %r8d and $0x18, %r8 add SRC, %r8 shl $32, %r9 mov (%r8), %r8d xor %r8, %r9 .Lld_partial_4: movq %r9, MSG - mov LEN, %r8 + mov LEN, %r8d and $0x8, %r8 jz .Lld_partial_8 - mov LEN, %r8 + mov LEN, %r8d and $0x10, %r8 add SRC, %r8 pslldq $8, MSG movq (%r8), T0 pxor T0, MSG @@ -137,11 +137,11 @@ SYM_FUNC_END(__load_partial) * %r8 * %r9 * %r10 */ SYM_FUNC_START_LOCAL(__store_partial) - mov LEN, %r8 + mov LEN, %r8d mov DST, %r9 movq T0, %r10 cmp $8, %r8 @@ -675,11 +675,11 @@ SYM_TYPED_FUNC_START(crypto_aegis128_aesni_dec_tail) movdqa MSG, T0 call __store_partial /* mask with byte count: */ - movq LEN, T0 + movd LEN, T0 punpcklbw T0, T0 punpcklbw T0, T0 punpcklbw T0, T0 punpcklbw T0, T0 movdqa .Laegis128_counter(%rip), T1 @@ -700,11 +700,12 @@ SYM_TYPED_FUNC_START(crypto_aegis128_aesni_dec_tail) RET SYM_FUNC_END(crypto_aegis128_aesni_dec_tail) /* * void crypto_aegis128_aesni_final(void *state, void *tag_xor, - * u64 assoclen, u64 cryptlen); + * unsigned int assoclen, + * unsigned int cryptlen); */ SYM_FUNC_START(crypto_aegis128_aesni_final) FRAME_BEGIN /* load the state: */ @@ -713,12 +714,12 @@ SYM_FUNC_START(crypto_aegis128_aesni_final) movdqu 0x20(STATEP), STATE2 movdqu 0x30(STATEP), STATE3 movdqu 0x40(STATEP), STATE4 /* prepare length block: */ - movq %rdx, MSG - movq %rcx, T0 + movd %edx, MSG + movd %ecx, T0 pslldq $8, T0 pxor T0, MSG psllq $3, MSG /* multiply by 8 (to get bit count) */ pxor STATE3, MSG -- 2.46.2

6 months, 4 weeks

1
0
0 0

[RESEND PATCH] sched/syscalls: Allow setting niceness using sched_param struct

by Michael Pratt

From userspace, spawning a new process with, for example, posix_spawn(), only allows the user to work with the scheduling priority value defined by POSIX in the sched_param struct. However, sched_setparam() and similar syscalls lead to __sched_setscheduler() which rejects any new value for the priority other than 0 for non-RT schedule classes, a behavior kept since Linux 2.6 or earlier. Linux translates the usage of the sched_param struct into it's own internal sched_attr struct during the syscall, but the user has no way to manage the other values within the sched_attr struct using only POSIX functions. The only other way to adjust niceness while using posix_spawn() would be to set the value after the process has started, but this introduces the risk of the process being dead before the next syscall can set the priority after the fact. To resolve this, allow the use of the priority value originally from the POSIX sched_param struct in order to set the niceness value instead of rejecting the priority value. Edit the sched_get_priority_*() POSIX syscalls in order to reflect the range of values accepted. Cc: stable(a)vger.kernel.org # Apply to kernel/sched/core.c Signed-off-by: Michael Pratt <mcpratt(a)pm.me> --- kernel/sched/syscalls.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/kernel/sched/syscalls.c b/kernel/sched/syscalls.c index ae1b42775ef9..52c02b80f037 100644 --- a/kernel/sched/syscalls.c +++ b/kernel/sched/syscalls.c @@ -853,6 +853,19 @@ static int _sched_setscheduler(struct task_struct *p, int policy, attr.sched_policy = policy; } + if (attr.sched_priority > MAX_PRIO-1) + return -EINVAL; + + /* + * If priority is set for SCHED_NORMAL or SCHED_BATCH, + * set the niceness instead, but only for user calls. + */ + if (check && attr.sched_priority > MAX_RT_PRIO-1 && + ((policy != SETPARAM_POLICY && fair_policy(policy)) || fair_policy(p->policy))) { + attr.sched_nice = PRIO_TO_NICE(attr.sched_priority); + attr.sched_priority = 0; + } + return __sched_setscheduler(p, &attr, check, true); } /** @@ -1598,9 +1611,11 @@ SYSCALL_DEFINE1(sched_get_priority_max, int, policy) case SCHED_RR: ret = MAX_RT_PRIO-1; break; - case SCHED_DEADLINE: case SCHED_NORMAL: case SCHED_BATCH: + ret = MAX_PRIO-1; + break; + case SCHED_DEADLINE: case SCHED_IDLE: ret = 0; break; @@ -1625,9 +1640,11 @@ SYSCALL_DEFINE1(sched_get_priority_min, int, policy) case SCHED_RR: ret = 1; break; - case SCHED_DEADLINE: case SCHED_NORMAL: case SCHED_BATCH: + ret = MAX_RT_PRIO; + break; + case SCHED_DEADLINE: case SCHED_IDLE: ret = 0; } base-commit: 5be63fc19fcaa4c236b307420483578a56986a37 -- 2.30.2

6 months, 4 weeks

2
5
0 0

Backports for 8b4865cd9046 ("cpufreq: intel_pstate: Make hwp_notify_lock a raw spinlock")

by Uwe Kleine-König

Hello, commit 8b4865cd904650cbed7f2407e653934c621b8127 is marked for backport to stable. The patch does apply cleanly to 6.11.y, but not to earlier versions. In reply to this mail I send a backport for 6.10.y and 6.6.y. The 6.6.y patch also applies to 6.1.y. I didn't test earlier stable branches. Best regards Uwe

6 months, 4 weeks

1
2
0 0

[PATCH] Revert "arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings"

by Sumit Semwal

This reverts commit cf9c7b34b90b622254b236a9a43737b6059a1c14. This commit breaks UFS on RB5 in the 6.1 LTS kernels. The original patch author suggests that this is not a stable kernel patch, hence reverting it. This was reported during testing with 6.1.103 / 5.15.165 LTS kernels merged in the respective Android Common Kernel branches. Signed-off-by: Sumit Semwal <sumit.semwal(a)linaro.org> --- arch/arm64/boot/dts/qcom/sm8250.dtsi | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/arch/arm64/boot/dts/qcom/sm8250.dtsi b/arch/arm64/boot/dts/qcom/sm8250.dtsi index 6a2852584405..c9780b2afd2f 100644 --- a/arch/arm64/boot/dts/qcom/sm8250.dtsi +++ b/arch/arm64/boot/dts/qcom/sm8250.dtsi @@ -2125,7 +2125,7 @@ ufs_mem_hc: ufshc@1d84000 { "jedec,ufs-2.0"; reg = <0 0x01d84000 0 0x3000>; interrupts = <GIC_SPI 265 IRQ_TYPE_LEVEL_HIGH>; - phys = <&ufs_mem_phy>; + phys = <&ufs_mem_phy_lanes>; phy-names = "ufsphy"; lanes-per-direction = <2>; #reset-cells = <1>; @@ -2169,8 +2169,10 @@ ufs_mem_hc: ufshc@1d84000 { ufs_mem_phy: phy@1d87000 { compatible = "qcom,sm8250-qmp-ufs-phy"; - reg = <0 0x01d87000 0 0x1000>; - + reg = <0 0x01d87000 0 0x1c0>; + #address-cells = <2>; + #size-cells = <2>; + ranges; clock-names = "ref", "ref_aux"; clocks = <&rpmhcc RPMH_CXO_CLK>, @@ -2178,12 +2180,18 @@ ufs_mem_phy: phy@1d87000 { resets = <&ufs_mem_hc 0>; reset-names = "ufsphy"; + status = "disabled"; power-domains = <&gcc UFS_PHY_GDSC>; - #phy-cells = <0>; - - status = "disabled"; + ufs_mem_phy_lanes: phy@1d87400 { + reg = <0 0x01d87400 0 0x16c>, + <0 0x01d87600 0 0x200>, + <0 0x01d87c00 0 0x200>, + <0 0x01d87800 0 0x16c>, + <0 0x01d87a00 0 0x200>; + #phy-cells = <0>; + }; }; ipa_virt: interconnect@1e00000 { -- 2.46.2

6 months, 4 weeks

2
2
0 0

Re: Patch "ata: pata_serverworks: Do not use the term blacklist" has been added to the 6.11-stable tree

by Sergey Shtylyov

On 10/6/24 18:18, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > ata: pata_serverworks: Do not use the term blacklist > > to the 6.11-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > ata-pata_serverworks-do-not-use-the-term-blacklist.patch > and it can be found in the queue-6.11 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Hm... again, what exactly does this commit fix? :-/ > commit 106fce3509096c391ee57d0482d1e857e3dfb6fb > Author: Damien Le Moal <dlemoal(a)kernel.org> > Date: Fri Jul 26 10:58:36 2024 +0900 > > ata: pata_serverworks: Do not use the term blacklist > > [ Upstream commit 858048568c9e3887d8b19e101ee72f129d65cb15 ] > > Let's not use the term blacklist in the function > serverworks_osb4_filter() documentation comment and rather simply refer > to what that function looks at: the list of devices with groken UDMA5. > > While at it, also constify the values of the csb_bad_ata100 array. > > Of note is that all of this should probably be handled using libata > quirk mechanism but it is unclear if these UDMA5 quirks are specific > to this controller only. > > Signed-off-by: Damien Le Moal <dlemoal(a)kernel.org> > Reviewed-by: Niklas Cassel <cassel(a)kernel.org> > Reviewed-by: Igor Pylypiv <ipylypiv(a)google.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/ata/pata_serverworks.c b/drivers/ata/pata_serverworks.c > index 549ff24a98231..4edddf6bcc150 100644 > --- a/drivers/ata/pata_serverworks.c > +++ b/drivers/ata/pata_serverworks.c > @@ -46,10 +46,11 @@ > #define SVWKS_CSB5_REVISION_NEW 0x92 /* min PCI_REVISION_ID for UDMA5 (A2.0) */ > #define SVWKS_CSB6_REVISION 0xa0 /* min PCI_REVISION_ID for UDMA4 (A1.0) */ > > -/* Seagate Barracuda ATA IV Family drives in UDMA mode 5 > - * can overrun their FIFOs when used with the CSB5 */ > - > -static const char *csb_bad_ata100[] = { > +/* > + * Seagate Barracuda ATA IV Family drives in UDMA mode 5 > + * can overrun their FIFOs when used with the CSB5. > + */ > +static const char * const csb_bad_ata100[] = { > "ST320011A", > "ST340016A", > "ST360021A", > @@ -163,10 +164,11 @@ static unsigned int serverworks_osb4_filter(struct ata_device *adev, unsigned in > * @adev: ATA device > * @mask: Mask of proposed modes > * > - * Check the blacklist and disable UDMA5 if matched > + * Check the list of devices with broken UDMA5 and > + * disable UDMA5 if matched. > */ > - > -static unsigned int serverworks_csb_filter(struct ata_device *adev, unsigned int mask) > +static unsigned int serverworks_csb_filter(struct ata_device *adev, > + unsigned int mask) > { > const char *p; > char model_num[ATA_ID_PROD_LEN + 1]; MBR, Sergey

6 months, 4 weeks

1
0
0 0

[PATCH v4 00/11] iio: add support for the ad3552r AXI DAC IP

by Angelo Dureghello

Purpose is to add ad3552r AXI DAC (fpga-based) support. The "ad3552r" AXI IP, a variant of the generic "DAC" AXI IP, has been created to reach the maximum speed (33MUPS) supported from the ad3552r. To obtain the maximum transfer rate, a custom IP core module has been implemented with a QSPI interface with DDR (Double Data Rate) mode. The design is actually using the DAC backend since the register map is the same of the generic DAC IP, except for some customized bitfields. For this reason, a new "compatible" has been added in adi-axi-dac.c. Also, backend has been extended with all the needed functions for this use case, keeping the names gneric. The following patch is actually applying to linux-iio/testing. --- Changes in v2: - use unsigned int on bus_reg_read/write - add a compatible in axi-dac backend for the ad3552r DAC IP - minor code alignment fixes - fix a return value not checked - change devicetree structure setting ad3552r-axi as a backend subnode - add synchronous_mode_available in the ABI doc Changes in v3: - changing AXI backend approach using a dac ip compatible - fdt bindings updates accordingly - fdt, ad3552r device must be a subnode of the backend - allow probe of child devices - passing QSPI bus access function by platform data - move synchronous mode as a fdt parameter - reorganizing defines in proper patches - fix make dt_binding_check errors - fix ad3552r maximum SPI speed - fix samplerate calulcation - minor code style fixes Changes in v4: - fix Kconfig - fix backend documentation - driver renamed to a more gneric "high speed" (ad3552r-hs) - restyled axi-dac register names - removed synchronous support, dead code (could be added in the future with David sugestions if needed) - renaming backend buffer enable/disable calls - using model_data in common code - using devm_add_action_or_reset - minor code style fixes Signed-off-by: Angelo Dureghello <adureghello(a)baylibre.com> --- Angelo Dureghello (11): iio: dac: adi-axi-dac: update register names iio: dac: adi-axi-dac: fix wrong register bitfield dt-bindings: iio: dac: adi-axi-dac: add ad3552r axi variant dt-bindings: iio: dac: ad3552r: fix maximum spi speed dt-bindings: iio: dac: ad3552r: add iio backend support iio: backend: extend features iio: dac: adi-axi-dac: extend features iio: dac: ad3552r: changes to use FIELD_PREP iio: dac: ad3552r: extract common code (no changes in behavior intended) iio: dac: ad3552r: add high-speed platform driver iio: dac: adi-axi-dac: add registering of child fdt node .../devicetree/bindings/iio/dac/adi,ad3552r.yaml | 9 +- .../devicetree/bindings/iio/dac/adi,axi-dac.yaml | 49 +- drivers/iio/dac/Kconfig | 14 + drivers/iio/dac/Makefile | 3 +- drivers/iio/dac/ad3552r-common.c | 170 +++++++ drivers/iio/dac/ad3552r-hs.c | 528 +++++++++++++++++++++ drivers/iio/dac/ad3552r.c | 461 +++--------------- drivers/iio/dac/ad3552r.h | 207 ++++++++ drivers/iio/dac/adi-axi-dac.c | 477 ++++++++++++++++--- drivers/iio/industrialio-backend.c | 79 +++ include/linux/iio/backend.h | 17 + include/linux/platform_data/ad3552r-hs.h | 18 + 12 files changed, 1563 insertions(+), 469 deletions(-) --- base-commit: c81ca31b5191ef48b5e5fb2545fde7dd436c2bd5 change-id: 20241003-wip-bl-ad3552r-axi-v0-iio-testing-aedec3e91ff7 Best regards, -- Angelo Dureghello <adureghello(a)baylibre.com>

6 months, 4 weeks

3
5
0 0

[PATCH 6.11 000/695] 6.11.2-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.11.2 release. There are 695 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 04 Oct 2024 12:56:13 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.11.2-rc1… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.11.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.11.2-rc1 Oleg Nesterov <oleg(a)redhat.com> bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() Paolo Bonzini <pbonzini(a)redhat.com> Documentation: KVM: fix warning in "make htmldocs" Robert Hancock <robert.hancock(a)calian.com> i2c: xiic: Try re-initialization on bus busy timeout Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> i2c: isch: Add missed 'else' Tommy Huang <tommy_huang(a)aspeedtech.com> i2c: aspeed: Update the stop sw state when the bus recovery occurs Liam R. Howlett <Liam.Howlett(a)oracle.com> mm/damon/vaddr: protect vma traversal in __damon_va_thre_regions() with rcu read lock Vishal Moola (Oracle) <vishal.moola(a)gmail.com> mm: change vmf_anon_prepare() to __vmf_anon_prepare() Miaohe Lin <linmiaohe(a)huawei.com> mm/huge_memory: ensure huge_zero_folio won't have large_rmappable flag set Vishal Moola (Oracle) <vishal.moola(a)gmail.com> mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Kexy Biscuit <kexybiscuit(a)aosc.io> tpm: export tpm2_sessions_init() to fix ibmvtpm building Jason Andryuk <jason.andryuk(a)amd.com> fbdev: xen-fbfront: Assign fb_info->device Dmitry Vyukov <dvyukov(a)google.com> module: Fix KCOV-ignored file name Haibo Chen <haibo.chen(a)nxp.com> spi: fspi: add support for imx8ulp David Gow <davidgow(a)google.com> mm: only enforce minimum stack gap size if it's sensible Jeff Xu <jeffxu(a)chromium.org> selftest mm/mseal: fix test_seal_mremap_move_dontunmap_anyaddr Vasily Gorbik <gor(a)linux.ibm.com> s390/ftrace: Avoid calling unwinder in ftrace_return_address() Yu Zhao <yuzhao(a)google.com> mm/hugetlb_vmemmap: batch HVO work when demoting Daniel Yang <danielyangkang(a)gmail.com> exfat: resolve memory leak from exfat_create_upcase_table() Zhiguo Niu <zhiguo.niu(a)unisoc.com> lockdep: fix deadlock issue between lockdep and rcu Tiezhu Yang <yangtiezhu(a)loongson.cn> compiler.h: specify correct attribute for .rodata..c_jump_table Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: restart or panic on an I/O error Song Liu <song(a)kernel.org> bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 Casey Schaufler <casey(a)schaufler-ca.com> lsm: infrastructure management of the sock security Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: sysfs: Add sanity checks for trip temperature and hysteresis Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: sysfs: Refine the handling of trip hysteresis changes Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: sysfs: Get to trips via attribute pointers Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Store trip sysfs attributes in thermal_trip_desc Johan Hovold <johan+linaro(a)kernel.org> serial: qcom-geni: fix console corruption Douglas Anderson <dianders(a)chromium.org> serial: qcom-geni: introduce qcom_geni_serial_poll_bitfield() Douglas Anderson <dianders(a)chromium.org> serial: qcom-geni: fix arg types for qcom_geni_serial_poll_bit() Douglas Anderson <dianders(a)chromium.org> soc: qcom: geni-se: add GP_LENGTH/IRQ_EN_SET/IRQ_EN_CLEAR registers Christian A. Ehrhardt <lk(a)c--e.de> usb: typec: ucsi: Fix busy loop on ASUS VivoBooks Heikki Krogerus <heikki.krogerus(a)linux.intel.com> usb: typec: ucsi: Call CANCEL from single location Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: versatile: realview: fix soc_dev leak during device remove Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: versatile: realview: fix memory leak during device remove Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: include arch.h from string.h Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: imx6ull-seeed-npi: fix fsl,pins property in tscgrp pinctrl Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp pinctrl Haibo Chen <haibo.chen(a)nxp.com> dt-bindings: spi: nxp-fspi: add imx8ulp support Haibo Chen <haibo.chen(a)nxp.com> spi: fspi: involve lut_num for struct nxp_fspi_devtype_data Paul Moore <paul(a)paul-moore.com> lsm: add the inode_free_security_rcu() LSM implementation hook VanGiang Nguyen <vangiang.nguyen(a)rohde-schwarz.com> padata: use integer wrap around to prevent deadlock on seq_nr overflow Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> cpuidle: riscv-sbi: Use scoped device node handling to fix missing of_node_put Yu Kuai <yukuai3(a)huawei.com> md: Don't flush sync_work in md_write_start() Martin Karsten <mkarsten(a)uwaterloo.ca> eventpoll: Annotate data-race of busy_poll_usecs Eric Dumazet <edumazet(a)google.com> icmp: change the order of rate limits Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/igen6: Fix conversion of system address to physical memory address Li Lingfeng <lilingfeng3(a)huawei.com> nfs: fix memory leak in error path of nfs4_do_reclaim Mickaël Salaün <mic(a)digikod.net> fs: Fix file_set_fowner LSM hook inconsistencies Baokun Li <libaokun1(a)huawei.com> netfs: Delete subtree of 'fs/netfs' when netfs module exits Julian Sun <sunjunchao2870(a)gmail.com> vfs: fix race between evice_inodes() and find_inode()&iput() Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity Qingqing Zhou <quic_qqzhou(a)quicinc.com> arm64: dts: qcom: sa8775p: Mark APPS and PCIe SMMUs as DMA coherent Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8186-corsola: Disable DPI display interface D Scott Phillips <scott(a)os.amperecomputing.com> arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a Anastasia Belova <abelova(a)astralinux.ru> arm64: esr: Define ESR_ELx_EC_* constants as UL Gaosheng Cui <cuigaosheng1(a)huawei.com> hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume Gaosheng Cui <cuigaosheng1(a)huawei.com> hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init Guoqing Jiang <guoqing.jiang(a)canonical.com> hwrng: mtk - Use devm_pm_runtime_enable Chao Yu <chao(a)kernel.org> f2fs: fix to check atomic_file in f2fs ioctl interfaces Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> f2fs: check discard support for conventional zones Jann Horn <jannh(a)google.com> f2fs: Require FMODE_WRITE for atomic write ioctls Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> f2fs: avoid potential int overflow in sanity_check_area_boundary() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> f2fs: prevent possible int overflow in dir_block_index() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> f2fs: fix several potential integer overflows in file offsets Chao Yu <chao(a)kernel.org> f2fs: fix to wait dio completion Luca Stefani <luca.stefani.ge1(a)gmail.com> btrfs: always update fstrim_range on failure in FITRIM ioctl Qu Wenruo <wqu(a)suse.com> btrfs: tree-checker: fix the wrong output of data backref objectid Filipe Manana <fdmanana(a)suse.com> btrfs: fix race setting file private on concurrent lseek using same fd Zhen Lei <thunder.leizhen(a)huawei.com> debugobjects: Fix conditions in fill_pool() Marc Aurèle La France <tsi(a)tuyoix.net> debugfs show actual source in /proc/mounts Michael Lo <michael.lo(a)mediatek.com> wifi: mt76: mt7925: fix a potential association failure upon resuming Ma Ke <make24(a)iscas.ac.cn> wifi: mt76: mt7615: check devm_kasprintf() returned value Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: 8703b: Fix reported RX band width Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: 8822c: Fix reported RX band width Nick Morrow <morrownr(a)gmail.com> wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc Michal Kubiak <michal.kubiak(a)intel.com> idpf: fix netdev Tx queue stop/wake Ma Ke <make24(a)iscas.ac.cn> wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he Ma Ke <make24(a)iscas.ac.cn> wifi: mt76: mt7915: check devm_kasprintf() returned value Ma Ke <make24(a)iscas.ac.cn> wifi: mt76: mt7921: Check devm_kasprintf() returned value Qu Wenruo <wqu(a)suse.com> btrfs: subpage: fix the bitmap dump which can cause bitmap corruption Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix sampling synchronization Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Allow to setup LBR for counting event for BPF Dmitry Vyukov <dvyukov(a)google.com> x86/entry: Remove unwanted instrumentation in common_interrupt() Artem Bityutskiy <artem.bityutskiy(a)linux.intel.com> intel_idle: fix ACPI _CST matching for newer Xeon platforms Artem Bityutskiy <artem.bityutskiy(a)linux.intel.com> intel_idle: add Granite Rapids Xeon support Ard Biesheuvel <ardb(a)kernel.org> efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption Werner Sembach <wse(a)tuxedocomputers.com> ACPI: resource: Add another DMI match for the TongFang GMxXGxx Li Chen <me(a)linux.beauty> ACPI: resource: Do IRQ override on MECHREV GM7XG0M Thomas Weißschuh <linux(a)weissschuh.net> ACPI: sysfs: validate return type of _STR method Mikhail Lobanov <m.lobanov(a)rosalinux.ru> drbd: Add NULL check for net_conf to prevent dereference in state validation Qiu-ji Chen <chenqiuji666(a)gmail.com> drbd: Fix atomicity violation in drbd_uuid_set_bm() Pavan Kumar Paluri <papaluri(a)amd.com> crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure Brian Masney <bmasney(a)redhat.com> crypto: qcom-rng - fix support for ACPI-based systems Johan Hovold <johan+linaro(a)kernel.org> serial: qcom-geni: fix false console tx restart Johan Hovold <johan+linaro(a)kernel.org> serial: qcom-geni: fix fifo polling timeout Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them. Jiri Slaby (SUSE) <jirislaby(a)kernel.org> serial: don't use uninitialized value in uart_poll_init() Ma Ke <make24(a)iscas.ac.cn> pps: add an error check in parport_attach Florian Fainelli <florian.fainelli(a)broadcom.com> tty: rp2: Fix reset with non forgiving PCIe host bridges Jann Horn <jannh(a)google.com> firmware_loader: Block path traversal Fabio Porcedda <fabio.porcedda(a)gmail.com> bus: mhi: host: pci_generic: Fix the name for the Telit FE990A Slark Xiao <slark_xiao(a)163.com> bus: mhi: host: pci_generic: Update EDL firmware path for Foxconn modems Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> bus: integrator-lm: fix OF node leak in probe() Tomas Marek <tomas.marek(a)elrest.cz> usb: dwc2: drd: fix clock gating on USB role switch Andrey Konovalov <andreyknvl(a)gmail.com> usb: gadget: dummy_hcd: execute hrtimer callback in softirq context WangYuli <wangyuli(a)uniontech.com> usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix incorrect usb_request status Pawel Laszczak <pawell(a)cadence.com> usb: xhci: fix loss of data on Cadence xHC Oliver Neukum <oneukum(a)suse.com> USB: misc: yurex: fix race between read and write Oliver Neukum <oneukum(a)suse.com> USB: class: CDC-ACM: fix race between get_serial and set_serial Oliver Neukum <oneukum(a)suse.com> USB: misc: cypress_cy7c63: check for short transfer Oliver Neukum <oneukum(a)suse.com> USB: appledisplay: close race between probe and completion handler Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8395-nio-12l: Mark USB 3.0 on xhci1 as disabled Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled Oliver Neukum <oneukum(a)suse.com> usbnet: fix cyclical race on disconnect with work queue Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix USB/SDIO devices not transmitting beacons Stefan Mätje <stefan.maetje(a)esd.eu> can: esd_usb: Remove CAN_CTRLMODE_3_SAMPLES for CAN-USB/3-FD Finn Thain <fthain(a)linux-m68k.org> scsi: mac_scsi: Disallow bus errors during PDMA send Finn Thain <fthain(a)linux-m68k.org> scsi: mac_scsi: Refactor polling loop Finn Thain <fthain(a)linux-m68k.org> scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs Manish Pandey <quic_mapa(a)quicinc.com> scsi: ufs: qcom: Update MODE_MAX cfg_bw value Martin Wilck <mwilck(a)suse.com> scsi: sd: Fix off-by-one error in sd_read_block_characteristics() Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_msense_control() CDL page reporting Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: handle caseless file creation Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: allow write with FILE_APPEND_DATA Hobin Woo <hobin.woo(a)samsung.com> ksmbd: make __dir_empty() compatible with POSIX Michael Ellerman <mpe(a)ellerman.id.au> powerpc/atomic: Use YZ constraints for DS-form instructions Roman Smirnov <r.smirnov(a)omp.ru> KEYS: prevent NULL pointer dereference in find_asymmetric_key() Alexey Gladkov (Intel) <legion(a)kernel.org> x86/tdx: Fix "in-kernel MMIO" check Tiezhu Yang <yangtiezhu(a)loongson.cn> objtool: Handle frame pointer related instructions Roman Li <Roman.Li(a)amd.com> drm/amd/display: Update IPS default mode for DCN35/DCN351 Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: Fix underflow when setting underscan on DCN401 Zhikai Zhai <zhikai.zhai(a)amd.com> drm/amd/display: Skip to enable dsc if it has been off Yihan Zhu <Yihan.Zhu(a)amd.com> drm/amd/display: Enable DML2 override_det_buffer_size_kbytes Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Block dynamic IPS2 on DCN35 for incompatible FW versions Sung Joon Kim <Sungjoon.Kim(a)amd.com> drm/amd/display: Disable SYMCLK32_LE root clock gating Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Validate backlight caps are sane Dillon Varone <dillon.varone(a)amd.com> drm/amd/display: Block timing sync for different output formats in pmo Martin Tsai <martin.tsai(a)amd.com> drm/amd/display: Clean up dsc blocks in accelerated mode Robin Chen <robin.chen(a)amd.com> drm/amd/display: Round calculated vtotal Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Add HDMI DSC native YCbCr422 support David Belanger <david.belanger(a)amd.com> drm/amdgpu: Fix selfring initialization sequence on soc24 Jack Xiao <Jack.Xiao(a)amd.com> drm/amdgpu/mes12: switch SET_SHADER_DEBUGGER pkt to mes schq pipe Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: bump driver version for cleared VRAM Frank Min <Frank.Min(a)amd.com> drm/amdgpu: fix PTE copy corruption for sdma 7 Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: update workload mask after the setting Saleemkhan Jamadar <saleemkhan.jamadar(a)amd.com> drm/amdgpu/vcn: enable AV1 on both instances Jack Xiao <Jack.Xiao(a)amd.com> drm/amdgpu/mes12: set enable_level_process_quantum_check Frank Min <Frank.Min(a)amd.com> drm/amdgpu: update golden regs for gfx12 Sreekant Somasekharan <sreekant.somasekharan(a)amd.com> drm/amdkfd: Add SDMA queue quantum support for GFX12 Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes11: reduce timeout Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes12: reduce timeout Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Skip Recompute DSC Params if no Stream on Link Sean Christopherson <seanjc(a)google.com> KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock Sean Christopherson <seanjc(a)google.com> KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) Sean Christopherson <seanjc(a)google.com> KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() Sean Christopherson <seanjc(a)google.com> KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits Snehal Koukuntla <snehalreddy(a)google.com> KVM: arm64: Add memory length checks and remove inline in do_ffa_mem_xfer Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table Nuno Sa <nuno.sa(a)analog.com> Input: adp5588-keys - fix check on return code Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Protect against overflow of ALIGN() during iova allocation Eliav Bar-ilan <eliavb(a)nvidia.com> iommu/amd: Fix argument order in amd_iommu_dev_flush_pasid_all() Roman Smirnov <r.smirnov(a)omp.ru> Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: versatile: integrator: fix OF node leak in probe() error path Herve Codina <herve.codina(a)bootlin.com> soc: fsl: cpm1: tsa: Fix tsa_write8() Herve Codina <herve.codina(a)bootlin.com> soc: fsl: cpm1: qmc: Update TRNSYNC only in transparent mode Ma Ke <make24(a)iscas.ac.cn> ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Revert "soc: qcom: smd-rpm: Match rpmsg channel instead of compatible" Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: dra7xx: Fix error handling when IRQ request fails in probe Sean Anderson <sean.anderson(a)linux.dev> PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler Maciej W. Rozycki <macro(a)orcam.me.uk> PCI: Use an error code with PCIe failed link retraining Maciej W. Rozycki <macro(a)orcam.me.uk> PCI: Correct error reporting with PCIe failed link retraining Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Fix i.MX8MP PCIe EP's occasional failure to trigger MSI Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Fix establish link failure in EP mode for i.MX8MM and i.MX8MP Frank Li <Frank.Li(a)nxp.com> PCI: imx6: Fix missing call to phy_power_off() in error handling Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: dra7xx: Fix threaded IRQ request for "dra7xx-pcie-main" IRQ Maciej W. Rozycki <macro(a)orcam.me.uk> PCI: Clear the LBMS bit after a link retrain Maciej W. Rozycki <macro(a)orcam.me.uk> PCI: Revert to the original speed after PCIe failed link retraining Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Remove *.orig pattern from .gitignore Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: correctly move 'log' upon successful match Felix Moessbauer <felix.moessbauer(a)siemens.com> io_uring/sqpoll: do not put cpumask on stack Matthew Auld <matthew.auld(a)intel.com> drm/xe: fix engine_class bounds check again Alex Hung <alex.hung(a)amd.com> drm/amd/display: disable_hpo_dp_link_output: Check link_res->hpo_dp_link_enc before using it Jens Axboe <axboe(a)kernel.dk> io_uring/sqpoll: retain test for whether the CPU is valid Juergen Gross <jgross(a)suse.com> xen: allow mapping ACPI data using a different physical address Juergen Gross <jgross(a)suse.com> xen: move checks for e820 conflicts further up Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amdgpu/display: Fix a mistake in revert commit Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Add DSC Debug Log Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination Shu Han <ebpqwerty472123(a)gmail.com> mm: call the security_mmap_file() LSM hook in remap_file_pages() Jeongjun Park <aha310510(a)gmail.com> mm: migrate: annotate data-race in migrate_folio_unmap() yangyun <yangyun50(a)huawei.com> fuse: use exclusive lock when FUSE_I_CACHE_IO_MODE is set Jens Axboe <axboe(a)kernel.dk> io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL Jens Axboe <axboe(a)kernel.dk> io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN Felix Moessbauer <felix.moessbauer(a)siemens.com> io_uring/sqpoll: do not allow pinning outside of cpuset Phil Sutter <phil(a)nwl.cc> selftests: netfilter: Avoid hanging ipvs.sh Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: missing objects with no memcg accounting Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: use rcu chain hook list iterator from netlink dump path Simon Horman <horms(a)kernel.org> netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Keep deleted flowtable hooks until after RCU Furong Xu <0x1207(a)gmail.com> net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled Wenbo Li <liwenbo.martin(a)bytedance.com> virtio_net: Fix mismatched buf address when unmapping for small packets Jiwon Kim <jiwonaid0(a)gmail.com> bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave() Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Fix R-Car RX frame size limit Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Fix maximum TX frame size for GbEth devices Daniel Golle <daniel(a)makrotopia.org> net: phy: aquantia: fix applying active_low bit after reset Daniel Golle <daniel(a)makrotopia.org> net: phy: aquantia: fix setting active_low bit Youssef Samir <quic_yabdulra(a)quicinc.com> net: qrtr: Update packets cloning when broadcasting Josh Hunt <johunt(a)akamai.com> tcp: check skb is non-NULL in tcp_rto_delta_us() Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL Kaixin Wang <kxwang23(a)m.fudan.edu.cn> net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition Eric Dumazet <edumazet(a)google.com> netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Fix packet counting Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Schedule NAPI in two steps Vladimir Oltean <vladimir.oltean(a)nxp.com> net: phy: aquantia: fix -ETIMEDOUT PHY probe failure when firmware not present Mikulas Patocka <mpatocka(a)redhat.com> Revert "dm: requeue IO if mapping table not yet available" Johannes Berg <johannes.berg(a)intel.com> um: remove ARCH_NO_PREEMPT_DYNAMIC Dan Carpenter <alexander.sverdlin(a)gmail.com> ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() Jason Wang <jasowang(a)redhat.com> vhost_vdpa: assign irq bypass producer token correctly Dragos Tatulea <dtatulea(a)nvidia.com> vdpa/mlx5: Fix invalid mr resource destroy Yanfei Xu <yanfei.xu(a)intel.com> cxl/pci: Fix to record only non-zero ranges Mikulas Patocka <mpatocka(a)redhat.com> dm integrity: fix gcc 5 warning Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> interconnect: qcom: sm8250: Enable sync_state Kees Cook <kees(a)kernel.org> interconnect: icc-clk: Add missed num_nodes initialization Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: tmc: sg: Do not leak sg_table Jie Gan <quic_jiegan(a)quicinc.com> Coresight: Set correct cs_mode for dummy source to fix disable issue Jie Gan <quic_jiegan(a)quicinc.com> Coresight: Set correct cs_mode for TPDM to fix disable issue Markus Schneider-Pargmann <msp(a)baylibre.com> serial: 8250: omap: Cleanup on error in request_irq Jinjie Ruan <ruanjinjie(a)huawei.com> driver core: Fix a potential null-ptr-deref in module_add_driver() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: iio: asahi-kasei,ak8975: drop incorrect AK09116 compatible Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> iio: magnetometer: ak8975: drop incorrect AK09116 compatible Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix read/write ops to device by adding mutexes Antoniu Miclaus <antoniu.miclaus(a)analog.com> ABI: testing: fix admv8818 attr description Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: Fix error handling in driver API device_rename() Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: fix standby gpio state to match the documentation Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: fix oversampling gpio array Hannes Reinecke <hare(a)kernel.org> nvme-multipath: system fails to create generic nvme device Roi Azarzar <roi.azarzar(a)vastdata.com> NFSv4.2: Fix detection of "Proxying of Times" server support Alexander Dahl <ada(a)thorsis.com> spi: atmel-quadspi: Avoid overwriting delay register settings Lorenzo Bianconi <lorenzo(a)kernel.org> spi: airoha: remove read cache in airoha_snand_dirmap_read() Ming Lei <ming.lei(a)redhat.com> lib/sbitmap: define swap_lock as raw_spinlock_t Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time Jinjie Ruan <ruanjinjie(a)huawei.com> spi: atmel-quadspi: Undo runtime PM changes at driver exit time Lorenzo Bianconi <lorenzo(a)kernel.org> spi: airoha: fix airoha_snand_{write,read}_data data_len estimation Lorenzo Bianconi <lorenzo(a)kernel.org> spi: airoha: fix dirmap_{read,write} operations Chao Yu <chao(a)kernel.org> f2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error() Chao Yu <chao(a)kernel.org> f2fs: get rid of online repaire on corrupted directory Daeho Jeong <daehojeong(a)google.com> f2fs: prevent atomic file from being dirtied before commit Yeongjin Gil <youngjin.gil(a)samsung.com> f2fs: compress: don't redirty sparse cluster during {,de}compress Chao Yu <chao(a)kernel.org> f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread() Chao Yu <chao(a)kernel.org> f2fs: atomic: fix to truncate pagecache before on-disk metadata truncation Chao Yu <chao(a)kernel.org> f2fs: fix to wait page writeback before setting gcing flag Yeongjin Gil <youngjin.gil(a)samsung.com> f2fs: Create COW inode from parent dentry for atomic write Chao Yu <chao(a)kernel.org> f2fs: fix to avoid racing in between read and OPU dio write Chao Yu <chao(a)kernel.org> f2fs: reduce expensive checkpoint trigger frequency Chao Yu <chao(a)kernel.org> f2fs: atomic: fix to avoid racing w/ GC Danny Tsen <dtsen(a)linux.ibm.com> crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 Herbert Xu <herbert(a)gondor.apana.org.au> crypto: caam - Pad SG length when allocating hash edesc Jeff Layton <jlayton(a)kernel.org> nfsd: fix initial getattr on write delegation NeilBrown <neilb(a)suse.de> nfsd: untangle code in nfsd4_deleg_getattr_conflict() Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: return -EINVAL when namelen is 0 Guoqing Jiang <guoqing.jiang(a)linux.dev> nfsd: call cache_put if xdr_reserve_space returns NULL Dave Jiang <dave.jiang(a)intel.com> ntb: Force physically contiguous allocation of rx ring buffers Max Hawking <maxahawking(a)sonnenkinder.org> ntb_perf: Fix printk format Jinjie Ruan <ruanjinjie(a)huawei.com> ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() Vitaliy Shevtsov <v.shevtsov(a)maxima.ru> RDMA/irdma: fix error message in irdma_modify_qp_roce() Mikhail Lobanov <m.lobanov(a)rosalinux.ru> RDMA/cxgb4: Added NULL check for lookup_atid Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix ah error counter in sw stat not increasing Jinjie Ruan <ruanjinjie(a)huawei.com> riscv: Fix fp alignment bug in perf_callchain_user() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: qcom-ep: Enable controller resources like PHY only after refclk is available Mark Bloch <mbloch(a)nvidia.com> RDMA/mlx5: Obtain upper net device only when needed David Lechner <dlechner(a)baylibre.com> Input: ims-pcu - fix calling interruptible mutex Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix restricted __le16 degrades to integer issue Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Optimize hem allocation performance Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Don't modify rq next block addr in HIP09 QPC Jonas Blixt <jonas.blixt(a)actia.se> watchdog: imx_sc_wdt: Don't disable WDT in suspend Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix MR cache temp entries cleanup Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Drop redundant work canceling from clean_keys() Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Limit usage of over-sized mkeys from the MR cache Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix counter update on MR cache mkey creation Cheng Xu <chengyou(a)linux.alibaba.com> RDMA/erdma: Return QP state in erdma_query_qp Alexandra Diupina <adiupina(a)astralinux.ru> PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Check the domain owner of the parent before creating a nesting domain Frank Li <Frank.Li(a)nxp.com> dt-bindings: PCI: layerscape-pci: Replace fsl,lx2160a-pcie with fsl,lx2160ar2-pcie Patrisious Haddad <phaddad(a)nvidia.com> IB/core: Fix ib_cache_setup_one error flow cleanup Chris Mi <cmi(a)nvidia.com> IB/mlx5: Fix UMR pd cleanup on error flow of driver init Wang Jianzheng <wangjianzheng(a)vivo.com> pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function Jeff Layton <jlayton(a)kernel.org> nfsd: fix refcount leak when file is unhashed after being found Jeff Layton <jlayton(a)kernel.org> nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire Alexander Shiyan <eagle.alexander923(a)gmail.com> clk: rockchip: rk3588: Fix 32k clock name for pmu_24m_32k_100m_src_p Yuntao Liu <liuyuntao12(a)huawei.com> clk: starfive: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage David Lechner <dlechner(a)baylibre.com> clk: ti: dra7-atl: Fix leak of of_nodes Md Haris Iqbal <haris.iqbal(a)ionos.com> RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds Jack Wang <jinpu.wang(a)ionos.com> RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer Geert Uytterhoeven <geert+renesas(a)glider.be> media: imagination: VIDEO_E5010_JPEG_ENC should depend on ARCH_K3 Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: Fix H264 stateless decoder smatch warning Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Selvin Xavier <selvin.xavier(a)broadcom.com> RDMA/bnxt_re: Fix the table size for PSN/MSN entries Jason Gunthorpe <jgg(a)ziepe.ca> iommufd/selftest: Fix buffer read overrrun in the dirty test Claudiu Beznea <claudiu.beznea(a)tuxon.dev> clk: at91: sama7g5: Allocate only the needed amount of memory for PLLs Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: single: fix missing error code in pcs_probe() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency Biju Das <biju.das.jz(a)bp.renesas.com> media: platform: rzg2l-cru: rzg2l-csi2: Add missing MODULE_DEVICE_TABLE Kees Cook <kees(a)kernel.org> leds: gpio: Set num_leds after allocation Sean Anderson <sean.anderson(a)linux.dev> PCI: xilinx-nwl: Clean up clock on probe failure/removal Sean Anderson <sean.anderson(a)linux.dev> PCI: xilinx-nwl: Fix register misspelling Li Zhijian <lizhijian(a)fujitsu.com> nvdimm: Fix devs leaks in scan_labels() Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> x86/PCI: Check pcie_find_root_port() return for NULL Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: pca995x: Fix device child node usage in pca995x_probe() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: pca995x: Use device_for_each_child_node() to access device child nodes Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8250: use special function for Lucid 5LPE PLL Varadarajan Narayanan <quic_varada(a)quicinc.com> clk: qcom: ipq5332: Register gcc_qdss_tsctr_clk_src Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> media: staging: media: starfive: camss: Drop obsolete return value documentation Dan Carpenter <dan.carpenter(a)linaro.org> PCI: keystone: Fix if-statement expression in ks_pcie_quirk() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: correct range of block for case of switch statement Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Wait for Link before restoring Downstream Buses Geert Uytterhoeven <geert+renesas(a)glider.be> media: raspberrypi: VIDEO_RASPBERRYPI_PISP_BE should depend on ARCH_BCM2835 Junlin Li <make24(a)iscas.ac.cn> drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error Junlin Li <make24(a)iscas.ac.cn> drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> Input: ilitek_ts_i2c - add report id message validation Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> Input: ilitek_ts_i2c - avoid wrong input subsystem sync Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> phy: phy-rockchip-samsung-hdptx: Explicitly include pm_runtime.h Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> pinctrl: ti: ti-iodelay: Fix some error handling paths Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> pinctrl: renesas: rzg2l: Return -EINVAL if the pin doesn't support PIN_CFG_OEN Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: bd2606mvv: Fix device child node usage in bd2606mvv_probe() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8550: use rcg2_shared_ops for ESC RCGs Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8650: Update the GDSC flags Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8550: use rcg2_ops for mdss_dptx1_aux_clk_src Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8550: fix several supposed typos Jonas Karlman <jonas(a)kwiboo.se> clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: Initialize workqueue earlier Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: Correct ddr alias for i.MX8M Kemeng Shi <shikemeng(a)huaweicloud.com> quota: avoid missing put_quota_format when DQUOT_SUSPENDED is passed Peng Fan <peng.fan(a)nxp.com> clk: imx: imx8qxp: Parent should be initialized earlier than the clock Peng Fan <peng.fan(a)nxp.com> clk: imx: imx8qxp: Register dc0_bypass0_clk before disp clk Zhipeng Wang <zhipeng.wang_1(a)nxp.com> clk: imx: imx8mp: fix clock tree update of TF-A managed clocks Pengfei Li <pengfei.li_1(a)nxp.com> clk: imx: fracn-gppll: fix fractional part of PLL getting lost Ye Li <ye.li(a)nxp.com> clk: imx: composite-7ulp: Check the PCC present bit Jacky Bai <ping.bai(a)nxp.com> clk: imx: composite-93: keep root clock on when mcore enabled Peng Fan <peng.fan(a)nxp.com> clk: imx: composite-8m: Enable gate clk with mcore_booted Sebastien Laveze <slaveze(a)smartandconnective.com> clk: imx: imx6ul: fix default parent for enet*_ref_sel Shengjiu Wang <shengjiu.wang(a)nxp.com> clk: imx: clk-audiomix: Correct parent clock for earc_phy and audpll Kan Liang <kan.liang(a)linux.intel.com> perf mem: Fix missed p-core mem events on ADL and RPL Kan Liang <kan.liang(a)linux.intel.com> perf mem: Check mem_events for all eligible PMUs Ian Rogers <irogers(a)google.com> perf time-utils: Fix 32-bit nsec parsing Yang Jihong <yangjihong(a)bytedance.com> perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time Kan Liang <kan.liang(a)linux.intel.com> perf hist: Don't set hpp_fmt_value for members in --no-group Namhyung Kim <namhyung(a)kernel.org> perf dwarf-aux: Handle bitfield members from pointer access Namhyung Kim <namhyung(a)kernel.org> perf annotate-data: Fix off-by-one in location range check Namhyung Kim <namhyung(a)kernel.org> perf dwarf-aux: Check allowed location expressions when collecting variables Yicong Yang <yangyicong(a)hisilicon.com> perf stat: Display iostat headers correctly Yang Jihong <yangjihong(a)bytedance.com> perf sched timehist: Fix missing free of session in perf_sched__timehist() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf build: Fix up broken capstone feature detection fast path Kan Liang <kan.liang(a)linux.intel.com> perf report: Fix --total-cycles --stdio output error Ian Rogers <irogers(a)google.com> perf inject: Fix leader sampling inserting additional samples Ian Rogers <irogers(a)google.com> perf vendor events: SKX, CLX, SNR uncore cache event fixes Namhyung Kim <namhyung(a)kernel.org> perf lock contention: Change stack_id type to s32 Ian Rogers <irogers(a)google.com> perf callchain: Fix stitch LBR memory leaks Namhyung Kim <namhyung(a)kernel.org> perf mem: Free the allocated sort string, fixing a leak Arnaldo Carvalho de Melo <acme(a)redhat.com> perf bpf: Move BPF disassembly routines to separate file to avoid clash with capstone bpf headers James Clark <james.clark(a)linaro.org> perf scripts python cs-etm: Restore first sample log in verbose mode Daniel Borkmann <daniel(a)iogearbox.net> bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error Daniel Borkmann <daniel(a)iogearbox.net> bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix helper writes to read-only maps Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit Chen Yu <yu.c.chen(a)intel.com> sched/pelt: Use rq_clock_task() for hw_pressure Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential oob read in nilfs_btree_check_delete() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: determine empty node blocks as corrupted Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() Yujie Liu <yujie.liu(a)intel.com> sched/numa: Fix the vma scan starving issue Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: check stripe size compatibility on remount as well Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> ext4: avoid OOB when system.data xattr changes underneath the filesystem Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> ext4: return error on ext4_find_inline_entry Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: avoid negative min_clusters in find_group_orlov() Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: avoid potential buffer_head leak in __ext4_new_inode() Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: avoid buffer_head leak in ext4_mark_inode_used() Jiawei Ye <jiawei.ye(a)foxmail.com> smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso Huang Shijie <shijie(a)os.amperecomputing.com> sched/deadline: Fix schedstats vs deadline servers Mykyta Yatsenko <yatsenko(a)meta.com> bpftool: Fix handling enum64 in btf dump sorting yangerkun <yangerkun(a)huawei.com> ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard Chen Yu <yu.c.chen(a)intel.com> kthread: fix task state in kthread worker if being frozen Lasse Collin <lasse.collin(a)tukaani.org> xz: cleanup CRC32 edits from 2018 Tony Ambardar <tony.ambardar(a)gmail.com> libbpf: Ensure new BTF objects inherit input endianness Harald Freudenberger <freude(a)linux.ibm.com> s390/ap: Fix deadlock caused by recursive lock of the AP bus scan mutex Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix bpf_object__open_skeleton()'s mishandling of options Hao Ge <gehao(a)kylinos.cn> selftests/bpf: Fix incorrect parameters in NULL pointer checking Eduard Zingerman <eddyz87(a)gmail.com> bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: fix to avoid __msg tag de-duplication by clang Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: __arch_* macro to limit test cases to specific archs Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: allow checking xlated programs in verifier_* tests Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: extract test_loader->expect_msgs as a data structure Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: no need to track next_match_pos in struct test_loader Jiangshan Yi <yijiangshan(a)kylinos.cn> samples/bpf: Fix compilation errors with cf-protection option Alan Maguire <alan.maguire(a)oracle.com> libbpf: Fix license for btf_relocate.c Heiko Carstens <hca(a)linux.ibm.com> s390/entry: Make early program check handler relocated lowcore aware Heiko Carstens <hca(a)linux.ibm.com> s390/entry: Move early program check handler to entry.S Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix error compiling tc_redirect.c with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compile if backtrace support missing in libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix redefinition errors compiling lwt_reroute.c Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix C++ compile error from missing _Bool type Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix error compiling test_lru_map.c Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix arg parsing in veristat, test_progs David Vernet <void(a)manifault.com> libbpf: Don't take direct pointers into BTF data from st_ops Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix errors compiling crypto_sanity.c with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix errors compiling decap_sanity.c with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling core_reloc.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling tcp_rtt.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling flow_dissector.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling kfree_skb.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix include of <sys/fcntl.h> Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix missing BUILD_BUG_ON() declaration Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix missing UINT_MAX definitions in benchmarks Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Drop unneeded error.h includes Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Use pid_t consistently in test_progs.c Yonghong Song <yonghong.song(a)linux.dev> bpf: Fail verification for sign-extension of packet data/data_end/data_meta Tony Ambardar <tony.ambardar(a)gmail.com> tools/runqslower: Fix LDFLAGS and add LDLIBS support Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix wrong binary in Makefile log output Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix error linking uprobe_multi on mips Alexei Starovoitov <ast(a)kernel.org> selftests/bpf: Workaround strict bpf_lsm return value check. Xu Kuohai <xukuohai(a)huawei.com> bpf: Fix compare error in function retval_range_within Xu Kuohai <xukuohai(a)huawei.com> bpf, lsm: Add check for BPF LSM return value Leon Hwang <hffilwlqm(a)gmail.com> bpf, arm64: Fix tailcall hierarchy Leon Hwang <hffilwlqm(a)gmail.com> bpf, x64: Fix tailcall hierarchy Tianchen Ding <dtcccc(a)linux.alibaba.com> sched/fair: Make SCHED_IDLE entity be preempted in strict hierarchy Jonathan McDowell <noodles(a)meta.com> tpm: Clean up TPM space after command failure Juergen Gross <jgross(a)suse.com> xen/swiotlb: fix allocated size Juergen Gross <jgross(a)suse.com> xen/swiotlb: add alignment check for dma buffers Dafna Hirschfeld <dhirschfeld(a)habana.ai> drm/xe: fix missing 'xe_vm_put' Juergen Gross <jgross(a)suse.com> xen: tolerate ACPI NVS memory overlapping with Xen allocated memory Juergen Gross <jgross(a)suse.com> xen: add capability to remap non-RAM pages to different PFNs Juergen Gross <jgross(a)suse.com> xen: move max_pfn in xen_memory_setup() out of function scope Juergen Gross <jgross(a)suse.com> xen: introduce generic helper checking for memory map conflicts Niklas Cassel <cassel(a)kernel.org> ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense data Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Do not warn about dropped packets for first packet Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Support sequence numbers smaller than 16-bit Juergen Gross <jgross(a)suse.com> xen: use correct end address of kernel for conflict checking Lang Yu <lang.yu(a)amd.com> drm/amdgpu: fix invalid fence handling in amdgpu_vm_tlb_flush Yuesong Li <liyuesong(a)vivo.com> drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() Nícolas F. R. A. Prado <nfraprado(a)collabora.com> kselftest: dt: Ignore nodes that have ancestors disabled Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> platform/x86: ideapad-laptop: Make the scope_guard() clear of its scope Sherry Yang <sherry.yang(a)oracle.com> drm/msm: fix %s null argument error Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dsi: correct programming sequence for SM8350 / SM8450 Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dp: enable widebus on all relevant chipsets Wolfram Sang <wsa+renesas(a)sang-engineering.com> ipmi: docs: don't advertise deprecated sysfs entries Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: workaround early ring-buffer emptiness check Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: fix races in preemption evaluation stage Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: properly clear preemption records on resume Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: disable preemption in submits by default Aleksandr Mishin <amishin(a)t-argos.ru> drm/msm: Fix incorrect file name output in adreno_request_fw() Connor Abbott <cwabbott0(a)gmail.com> drm/msm: Fix CP_BV_DRAW_STATE_ADDR name Connor Abbott <cwabbott0(a)gmail.com> drm/msm: Dump correct dbgahb clusters on a750 Connor Abbott <cwabbott0(a)gmail.com> drm/msm: Use a7xx family directly in gpu_state Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Inconditionally use CFUNC macro Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/8xx: Fix kernel vs user address comparison Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/8xx: Fix initial memory mapping Fei Shao <fshao(a)chromium.org> drm/mediatek: Use spin_lock_irqsave() for CRTC event lock Jason-JH.Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Fix missing configuration flags in mtk_crtc_ddp_config() Jeongjun Park <aha310510(a)gmail.com> jfs: fix out-of-bounds in dbNextAG() and diAlloc() Dan Carpenter <dan.carpenter(a)linaro.org> scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() Stefan Wahren <wahrenst(a)gmx.net> drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get Liu Ying <victor.liu(a)nxp.com> drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() Matthew Brost <matthew.brost(a)intel.com> drm/xe: Use reserved copy engine for user binds on faulting devices Dominik Grzegorzek <dominik.grzegorzek(a)intel.com> drm/xe: Move and export xe_hw_engine lookup. Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets Jonas Karlman <jonas(a)kwiboo.se> drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode Alex Bee <knaerzche(a)gmail.com> drm/rockchip: vop: Allow 4096px width scaling Rodrigo Siqueira <Rodrigo.Siqueira(a)amd.com> drm/amd/display: Improve FAM control for DCN401 WangYuli <wangyuli(a)uniontech.com> drm/amd/amdgpu: Properly tune the size of struct Finn Thain <fthain(a)linux-m68k.org> scsi: NCR5380: Check for phase match during PDMA fixup John Garry <john.g.garry(a)oracle.com> scsi: block: Don't check REQ_ATOMIC for reads John Garry <john.g.garry(a)oracle.com> scsi: sd: Don't check if a write for REQ_ATOMIC Gilbert Wu <Gilbert.Wu(a)microchip.com> scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly Tom Chung <chiahsuan.chung(a)amd.com> drm/amd/display: Reset VRR config during resume Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: properly handle vbios fake edid sizing Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: properly handle vbios fake edid sizing Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func Alex Hung <alex.hung(a)amd.com> drm/amd/display: Check link_res->hpo_dp_link_enc before using it Aurabindo Pillai <aurabindo.pillai(a)amd.com> drm/amd/display: free bo used for dmub bounding box Claudiu Beznea <claudiu.beznea(a)tuxon.dev> drm/stm: ltdc: check memory returned by devm_kzalloc() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/stm: Fix an error handling path in stm_drm_platform_probe() Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: core: Fix "managed by" alignment in debug summary Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: core: Harden inter-column space in debug summary Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> iommu/arm-smmu-qcom: apply num_context_bank fixes for SDM630 / SDM660 Konrad Dybcio <konradybcio(a)kernel.org> iommu/arm-smmu-qcom: Work around SDM845 Adreno SMMU w/ 16K pages Marc Gonzalez <mgonzalez(a)freebox.fr> iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: mtk: Fix init error path Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: mtk: Factorize out the logic cleaning mtk chips Jinjie Ruan <ruanjinjie(a)huawei.com> mtd: rawnand: mtk: Use for_each_child_of_node_scoped() Frederic Weisbecker <frederic(a)kernel.org> rcu/nocb: Fix RT throttling hrtimer armed from offline CPU Charles Han <hanchunchao(a)inspur.com> mtd: powernv: Add check devm_kasprintf() returned value Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Do not set the D bit on AMD v2 table entries Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Set the pgsize_bitmap correctly Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Move allocation of the top table into v1_alloc_pgtable Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Allocate the page table root using GFP_KERNEL Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Handle error path in amd_iommu_probe_device() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() Artur Weber <aweber.kernel(a)gmail.com> power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense Chris Morgan <macromorgan(a)hotmail.com> power: supply: axp20x_battery: Remove design from min and max voltage Yuntao Liu <liuyuntao12(a)huawei.com> hwmon: (ntc_thermistor) fix module autoloading Mirsad Todorovac <mtodorovac69(a)gmail.com> mtd: slram: insert break after errors in parsing the map Dan Carpenter <dan.carpenter(a)linaro.org> iommu/arm-smmu-v3: Fix a NULL vs IS_ERR() check Rob Clark <robdclark(a)chromium.org> iommu/arm-smmu: Un-demote unhandled-fault msg Guenter Roeck <linux(a)roeck-us.net> hwmon: (max16065) Fix alarm attributes Guenter Roeck <linux(a)roeck-us.net> hwmon: (max16065) Fix overflows seen when writing limits Xiu Jianfeng <xiujianfeng(a)huawei.com> cgroup/pids: Avoid spurious event notification Shuah Khan <skhan(a)linuxfoundation.org> selftests:resctrl: Fix build failure on archs without __cpuid_count() Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests/ftrace: Fix eventfs ownership testcase to find mount point tangbin <tangbin(a)cmss.chinamobile.com> ASoC: loongson: fix error release Finn Thain <fthain(a)linux-m68k.org> m68k: Fix kernel_clone_args.flags in m68k_clone() Uros Bizjak <ubizjak(a)gmail.com> x86/boot/64: Strip percpu address space when setting up GDT descriptors Steven Rostedt (Google) <rostedt(a)goodmis.org> selftests/ftrace: Fix test to handle both old and new kernels Yuntao Liu <liuyuntao12(a)huawei.com> ALSA: hda: cs35l41: fix module autoloading Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests/ftrace: Add required dependency for kprobe tests Linus Walleij <linus.walleij(a)linaro.org> ASoC: tas2781-i2c: Get the right GPIO line Linus Walleij <linus.walleij(a)linaro.org> ASoC: tas2781-i2c: Drop weird GPIO code Shenghao Ding <shenghao-ding(a)ti.com> ASoC: tas2781: Fix a compiling warning reported by robot kernel test due to adding tas2563_dvc_table Ma Ke <make24(a)iscas.ac.cn> ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error Yosry Ahmed <yosryahmed(a)google.com> x86/mm: Use IPIs to synchronize LAM enablement Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195: Correct clock order for dp_intf* Ankit Agrawal <agrawal.ag.ankit(a)gmail.com> clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() Dan Carpenter <dan.carpenter(a)linaro.org> platform: cznic: turris-omnia-mcu: Fix error check in omnia_mcu_register_trng() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> reset: k210: fix OF node leak in probe() error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> reset: berlin: fix OF node leak in probe() error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: versatile: fix OF node leak in CPUs prepare MD Danish Anwar <danishanwar(a)ti.com> arm64: dts: ti: k3-am654-idk: Fix dtbs_check warning in ICSSG dmas Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property Claudiu Beznea <claudiu.beznea(a)tuxon.dev> ARM: dts: microchip: sama7g5: Fix RTT clock Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Fix PHY for DP2 Jinjie Ruan <ruanjinjie(a)huawei.com> spi: bcmbca-hsspi: Fix missing pm_runtime_disable() Andrew Davis <afd(a)ti.com> arm64: dts: ti: k3-j721e-beagleboneai64: Fix reversed C6x carveout locations Andrew Davis <afd(a)ti.com> arm64: dts: ti: k3-j721e-sk: Fix reversed C6x carveout locations Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Correct vendor prefix for Hardkernel ODROID-M1 Jon Hunter <jonathanh(a)nvidia.com> arm64: tegra: Correct location of power-sensors for IGX Orin Alexander Dahl <ada(a)thorsis.com> ARM: dts: microchip: sam9x60: Fix rtc/rtt clocks Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: r9a07g044: Correct GICD and GICR sizes Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: r9a07g054: Correct GICD and GICR sizes Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: r9a07g043u: Correct GICD and GICR sizes Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: r9a08g045: Correct GICD and GICR sizes Chen-Yu Tsai <wenst(a)chromium.org> regulator: Return actual error in of_regulator_bulk_get_all() Mukesh Ojha <quic_mojha(a)quicinc.com> firmware: qcom: scm: Disable SDI and write no dump to dump mode Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Fix double free in OPTEE transport AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8186: Fix supported-hw mask for GPU OPPs David Virag <virag.david003(a)gmail.com> arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB Ma Ke <make24(a)iscas.ac.cn> spi: ppc4xx: handle irq_of_parse_and_map() errors Riyan Dhiman <riyandhiman14(a)gmail.com> block: fix potential invalid pointer dereference in blk_add_partition Felix Moessbauer <felix.moessbauer(a)siemens.com> io_uring/io-wq: inherit cpuset of cgroup in io worker Felix Moessbauer <felix.moessbauer(a)siemens.com> io_uring/io-wq: do not allow pinning outside of cpuset Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix procress reference leakage for bfqq in merge chain Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix uaf for accessing waker_bfqq after splitting Gao Xiang <xiang(a)kernel.org> erofs: handle overlapped pclusters out of crafted images properly Sandeep Dhavale <dhavale(a)google.com> erofs: fix error handling in z_erofs_init_decompressor Gao Xiang <xiang(a)kernel.org> erofs: fix incorrect symlink detection in fast symlink Wouter Verhelst <w(a)uter.be> nbd: correct the maximum value for discard sectors David Howells <dhowells(a)redhat.com> cachefiles: Fix non-taking of sb_writers around set/removexattr Yu Kuai <yukuai3(a)huawei.com> block, bfq: don't break merge chain in bfq_split_bfqq() Yu Kuai <yukuai3(a)huawei.com> block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix possible UAF for bfqq->bic with merge chain Ming Lei <ming.lei(a)redhat.com> nbd: fix race between timeout and normal completion Ming Lei <ming.lei(a)redhat.com> ublk: move zone report data out of request pdu Eric Dumazet <edumazet(a)google.com> ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() Su Hui <suhui(a)nfschina.com> net: tipc: avoid possible garbage value Brett Creeley <brett.creeley(a)amd.com> fbnic: Set napi irq value after calling netif_napi_add Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input Heiner Kallweit <hkallweit1(a)gmail.com> r8169: disable ALDPS per default for RTL8125 Breno Leitao <leitao(a)debian.org> netkit: Assign missing bpf_net_context Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> xsk: fix batch alloc API on non-coherent systems Herbert Xu <herbert(a)gondor.apana.org.au> crypto: n2 - Set err to EINVAL if snprintf fails for hmac Jinjie Ruan <ruanjinjie(a)huawei.com> net: enetc: Use IRQF_NO_AUTOEN flag in request_irq() Guillaume Nault <gnault(a)redhat.com> bareudp: Pull inner IP header on xmit. Guillaume Nault <gnault(a)redhat.com> bareudp: Pull inner IP header in bareudp_udp_encap_recv(). Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btusb: Fix not handling ZPL/short-transfer Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_close(): stop clocks after device has been shut down Jake Hamby <Jake.Hamby(a)Teledyne.com> can: m_can: enable NAPI before enabling interrupts Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). Eric Dumazet <edumazet(a)google.com> sock_map: Add a cond_resched() in sock_hash_free() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't return OOB skb in manage_oob(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Move spin_lock() in manage_oob(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Rename unlinked_skb in manage_oob(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Remove single nest in manage_oob(). Kuniyuki Iwashima <kuniyu(a)amazon.com> af_unix: Don't call skb_get() for OOB skb. Jiawei Ye <jiawei.ye(a)foxmail.com> wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7996: fix uninitialized TLV data Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7915: fix rx filter setting for bfee functionality Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7603: fix mixed declarations and code Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: connac: fix checksum offload fields of connac3 RXD Rex Lu <rex.lu(a)mediatek.com> wifi: mt76: mt7996: fix handling mbss enable/disable Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/qm - inject error before stopping queue Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/qm - reset device before enabling it Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/hpre - mask cluster timeout error Amit Shah <amit.shah(a)amd.com> crypto: ccp - do not request interrupt on cmd completion when irqs disabled John B. Wyatt IV <jwyatt(a)redhat.com> pm:cpupower: Add missing powercap_set_enabled() stub function Aaron Lu <aaron.lu(a)intel.com> x86/sgx: Fix deadlock in SGX NUMA node search Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix EHT beamforming capability check Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix HE and EHT beamforming capabilities Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: fix wmm set of station interface to 3 Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: fix traffic delay when switching back to working channel Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: use hweight16 to get correct tx antenna Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7921: fix wrong UNII-4 freq range check for the channel usage Bjørn Mork <bjorn(a)mork.no> wifi: mt76: mt7915: fix oops on non-dbdc mt7986 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: gov_bang_bang: Adjust states of all uninitialized instances Nishanth Menon <nm(a)ti.com> cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Ensure dtm_idx is big enough Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Fix CCLA register offset Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Refactor node ID handling. Again. Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_dynset: annotate data-races around set timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: remove annotation to access set timeout while holding lock Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject expiration higher than timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject element expiration with no timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire Clément Léger <cleger(a)rivosinc.com> ACPI: CPPC: Fix MASK_VAL() usage Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: rtw89: wow: fix wait condition for AOAC report request Zhang Changzhong <zhangchangzhong(a)huawei.com> can: j1939: use correct function name in comment Mark Brown <broonie(a)kernel.org> kselftest/arm64: Actually test SME vector length changes via sigreturn Yicong Yang <yangyicong(a)hisilicon.com> drivers/perf: hisi_pcie: Fix TLP headers bandwidth counting Yicong Yang <yangyicong(a)hisilicon.com> drivers/perf: hisi_pcie: Record hardware counts correctly Kamlesh Gurudasani <kamlesh(a)ti.com> padata: Honor the caller's alignment in case of chunk_size 0 Vasily Khoruzhick <anarsoul(a)gmail.com> ACPICA: executer/exsystem: Don't nag user about every Stall() violating the spec Vasily Khoruzhick <anarsoul(a)gmail.com> ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE Ilan Peer <ilan.peer(a)intel.com> wifi: mac80211: Check for missing VHT elements only for 5 GHz Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: allow ESR when we the ROC expires Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: mac80211: fix the comeback long retry times hhorace <hhoracehsu(a)gmail.com> wifi: cfg80211: fix bug of mapping AF3x to incorrect User Priority Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: increase the time between ranging measurements Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: set the cipher for secured NDP ranging Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: config: label 'gl' devices as discrete Ping-Ke Shih <pkshih(a)realtek.com> wifi: mac80211: don't use rate mask for offchannel TX either Zong-Zhe Yang <kevin_yang(a)realtek.com> wifi: mac80211_hwsim: correct MODULE_PARM_DESC of multi_radio Esther Shimanovich <eshimanovich(a)chromium.org> ACPI: video: force native for Apple MacbookPro9,2 Svyatoslav Pankratov <svyatoslav.pankratov(a)intel.com> crypto: qat - fix "Full Going True" macro definition Krishna chaitanya chundru <quic_krichai(a)quicinc.com> perf/dwc_pcie: Always register for PCIe bus notifier Krishna chaitanya chundru <quic_krichai(a)quicinc.com> perf/dwc_pcie: Fix registration issue in multi PCIe controller instances Jing Zhang <renyu.zj(a)linux.alibaba.com> drivers/perf: Fix ali_drw_pmu driver interrupt status clearing Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Fix rounding of delay jiffies Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Fold two functions into their respective callers Douglas Anderson <dianders(a)chromium.org> arm64: smp: smp_send_stop() and crash_smp_send_stop() should try non-NMI first Andre Przywara <andre.przywara(a)arm.com> kselftest/arm64: signal: fix/refactor SVE vector length enumeration Chia-Yuan Li <leo.li(a)realtek.com> wifi: rtw89: limit the PPDU length for VHT rate to 0x40000 Dan Carpenter <dan.carpenter(a)linaro.org> powercap: intel_rapl: Fix off by one in get_rpi() Calvin Owens <calvin(a)wbinvd.org> ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Florian Westphal <fw(a)strlen.de> netfilter: nf_tables: store new sets in dedicated list Aleksa Sarai <cyphar(a)cyphar.com> autofs: fix missing fput for FSCONFIG_SET_FD Olaf Hering <olaf(a)aepfle.de> mount: handle OOM on mnt_warn_timestamp_expiry Atish Patra <atishp(a)rivosinc.com> RISC-V: KVM: Fix to allow hpmcounter31 from the guest Atish Patra <atishp(a)rivosinc.com> RISC-V: KVM: Allow legacy PMU access from guest Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Don't zero-out PMU snapshot area before freeing data Andrew Jones <ajones(a)ventanamicro.com> RISC-V: KVM: Fix sbiret init before forwarding to userspace Dmitry Kandybka <d.kandybka(a)gmail.com> wifi: rtw88: remove CPT execution branch never used Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: remove unused C2H event ID RTW89_MAC_C2H_FUNC_READ_WOW_CAM to prevent out-of-bounds reading Dave Martin <Dave.Martin(a)arm.com> arm64: signal: Fix some under-bracketed UAPI macros Jason Wang <jasowang(a)redhat.com> virtio-net: synchronize probe with ndo_set_features Jason Wang <jasowang(a)redhat.com> virtio-net: synchronize operstate with admin state on up/down Jason Wang <jasowang(a)redhat.com> virtio: allow driver to disable the configure change notification Jason Wang <jasowang(a)redhat.com> virtio: rename virtio_config_enabled to virtio_config_core_enabled Yanteng Si <siyanteng(a)loongson.cn> net: stmmac: dwmac-loongson: Init ref and PTP clocks rate Eric Biggers <ebiggers(a)google.com> crypto: x86/aes-gcm - fix PREEMPT_RT issue in gcm_crypt() Francesco Dolcini <francesco.dolcini(a)toradex.com> hwrng: cn10k - Enable by default CN10K driver if Thunder SoC is enabled Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix invalid AMPDU factor calculation in ath12k_peer_assoc_h_he() P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: match WMI BSS chan info structure with firmware definition P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: fix BSS chan info request WMI command Toke Høiland-Jørgensen <toke(a)redhat.com> wifi: ath9k: Remove error checks when creating debugfs entries Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmfmac: introducing fwil query functions Simon Horman <horms(a)kernel.org> eth: fbnic: select DEVLINK and PAGE_POOL Aleksandr Mishin <amishin(a)t-argos.ru> ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() Dan Carpenter <dan.carpenter(a)linaro.org> crypto: iaa - Fix potential use after free bug Michal Witwicki <michal.witwicki(a)intel.com> crypto: qat - ensure correct order in VF restarting handler Michal Witwicki <michal.witwicki(a)intel.com> crypto: qat - fix recovery flow for VFs Michal Witwicki <michal.witwicki(a)intel.com> crypto: qat - disable IOV in adf_dev_stop() Helge Deller <deller(a)kernel.org> crypto: xor - fix template benchmarking Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtw88: always wait for both firmware loading attempts Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/synopsys: Fix error injection on Zynq UltraScale+ Kang Yang <quic_kangyang(a)quicinc.com> wifi: ath11k: use work queue to process beacon tx event ------------- Diffstat: .gitignore | 1 - .../ABI/testing/sysfs-bus-iio-filter-admv8818 | 2 +- Documentation/arch/arm64/silicon-errata.rst | 2 + .../iio/magnetometer/asahi-kasei,ak8975.yaml | 1 - .../bindings/pci/fsl,layerscape-pcie.yaml | 26 +- .../devicetree/bindings/spi/spi-nxp-fspi.yaml | 1 + Documentation/driver-api/ipmi.rst | 2 +- Documentation/virt/kvm/locking.rst | 33 ++- Makefile | 4 +- arch/arm/boot/dts/microchip/sam9x60.dtsi | 4 +- arch/arm/boot/dts/microchip/sama7g5.dtsi | 2 +- arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts | 2 +- .../dts/nxp/imx/imx6ull-seeed-npi-dev-board.dtsi | 12 +- arch/arm/boot/dts/nxp/imx/imx7d-zii-rmu2.dts | 2 +- arch/arm/mach-ep93xx/clock.c | 2 +- arch/arm/mach-versatile/platsmp-realview.c | 1 + arch/arm/vfp/vfpinstr.h | 44 ++-- arch/arm64/Kconfig | 2 +- .../boot/dts/exynos/exynos7885-jackpotlte.dts | 2 +- arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt8186.dtsi | 12 +- arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt8195.dtsi | 12 +- .../boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 1 + .../arm64/boot/dts/nvidia/tegra234-p3701-0008.dtsi | 33 --- .../arm64/boot/dts/nvidia/tegra234-p3740-0002.dtsi | 33 +++ arch/arm64/boot/dts/qcom/sa8775p.dtsi | 2 + arch/arm64/boot/dts/qcom/x1e80100.dtsi | 10 +- arch/arm64/boot/dts/renesas/r9a07g043u.dtsi | 4 +- arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 4 +- arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 4 +- arch/arm64/boot/dts/renesas/r9a08g045.dtsi | 4 +- .../boot/dts/rockchip/rk3399-pinebook-pro.dts | 4 +- arch/arm64/boot/dts/rockchip/rk3568-odroid-m1.dts | 2 +- arch/arm64/boot/dts/ti/k3-am654-idk.dtso | 8 +- arch/arm64/boot/dts/ti/k3-j721e-beagleboneai64.dts | 4 +- arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 4 +- arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/esr.h | 88 +++---- arch/arm64/include/uapi/asm/sigcontext.h | 6 +- arch/arm64/kernel/cpu_errata.c | 10 +- arch/arm64/kernel/smp.c | 164 +++++++----- arch/arm64/kvm/hyp/nvhe/ffa.c | 21 +- arch/arm64/net/bpf_jit_comp.c | 57 +++-- arch/m68k/kernel/process.c | 2 +- arch/powerpc/crypto/Kconfig | 1 + arch/powerpc/include/asm/asm-compat.h | 6 + arch/powerpc/include/asm/atomic.h | 5 +- arch/powerpc/include/asm/uaccess.h | 7 +- arch/powerpc/kernel/head_8xx.S | 6 +- arch/powerpc/kernel/vdso/gettimeofday.S | 4 - arch/powerpc/mm/nohash/8xx.c | 4 +- arch/riscv/include/asm/kvm_vcpu_pmu.h | 21 +- arch/riscv/kernel/perf_callchain.c | 2 +- arch/riscv/kvm/vcpu_pmu.c | 14 +- arch/riscv/kvm/vcpu_sbi.c | 4 +- arch/s390/include/asm/ftrace.h | 17 +- arch/s390/kernel/Makefile | 2 +- arch/s390/kernel/early.c | 7 +- arch/s390/kernel/earlypgm.S | 23 -- arch/s390/kernel/entry.S | 16 ++ arch/s390/kernel/stacktrace.c | 19 -- arch/um/Kconfig | 1 - arch/x86/coco/tdx/tdx.c | 6 + arch/x86/crypto/aesni-intel_glue.c | 59 +++-- arch/x86/events/intel/core.c | 8 +- arch/x86/events/intel/pt.c | 15 +- arch/x86/include/asm/acpi.h | 8 + arch/x86/include/asm/hardirq.h | 8 +- arch/x86/include/asm/idtentry.h | 6 +- arch/x86/include/asm/kvm_host.h | 2 + arch/x86/kernel/acpi/boot.c | 11 + arch/x86/kernel/cpu/sgx/main.c | 27 +- arch/x86/kernel/head64.c | 3 +- arch/x86/kernel/jailhouse.c | 1 + arch/x86/kernel/mmconf-fam10h_64.c | 1 + arch/x86/kernel/process_64.c | 29 ++- arch/x86/kernel/smpboot.c | 1 + arch/x86/kernel/x86_init.c | 1 + arch/x86/kvm/lapic.c | 73 ++++-- arch/x86/kvm/svm/svm.c | 2 + arch/x86/kvm/vmx/main.c | 2 + arch/x86/mm/tlb.c | 7 +- arch/x86/net/bpf_jit_comp.c | 107 +++++--- arch/x86/pci/fixup.c | 4 +- arch/x86/xen/mmu_pv.c | 5 +- arch/x86/xen/p2m.c | 98 ++++++++ arch/x86/xen/setup.c | 202 +++++++++++---- arch/x86/xen/xen-ops.h | 6 +- block/bfq-iosched.c | 81 ++++-- block/blk-core.c | 1 + block/partitions/core.c | 8 +- crypto/asymmetric_keys/asymmetric_type.c | 7 +- crypto/xor.c | 31 ++- drivers/acpi/acpica/exsystem.c | 11 +- drivers/acpi/cppc_acpi.c | 43 +++- drivers/acpi/device_sysfs.c | 5 +- drivers/acpi/pmic/tps68470_pmic.c | 6 +- drivers/acpi/resource.c | 12 + drivers/acpi/video_detect.c | 8 + drivers/ata/libata-eh.c | 8 + drivers/ata/libata-scsi.c | 5 +- drivers/base/core.c | 15 +- drivers/base/firmware_loader/main.c | 30 +++ drivers/base/module.c | 14 +- drivers/block/drbd/drbd_main.c | 8 +- drivers/block/drbd/drbd_state.c | 2 +- drivers/block/nbd.c | 15 +- drivers/block/ublk_drv.c | 62 +++-- drivers/bluetooth/btusb.c | 5 +- drivers/bus/arm-integrator-lm.c | 1 + drivers/bus/mhi/host/pci_generic.c | 26 +- drivers/char/hw_random/Kconfig | 1 + drivers/char/hw_random/bcm2835-rng.c | 4 +- drivers/char/hw_random/cctrng.c | 1 + drivers/char/hw_random/mtk-rng.c | 2 +- drivers/char/tpm/tpm-dev-common.c | 2 + drivers/char/tpm/tpm2-sessions.c | 1 + drivers/char/tpm/tpm2-space.c | 3 + drivers/clk/at91/sama7g5.c | 5 +- drivers/clk/imx/clk-composite-7ulp.c | 7 + drivers/clk/imx/clk-composite-8m.c | 51 +++- drivers/clk/imx/clk-composite-93.c | 15 +- drivers/clk/imx/clk-fracn-gppll.c | 4 + drivers/clk/imx/clk-imx6ul.c | 4 +- drivers/clk/imx/clk-imx8mp-audiomix.c | 13 +- drivers/clk/imx/clk-imx8mp.c | 4 +- drivers/clk/imx/clk-imx8qxp.c | 10 +- drivers/clk/qcom/clk-alpha-pll.c | 52 ++++ drivers/clk/qcom/clk-alpha-pll.h | 2 + drivers/clk/qcom/dispcc-sm8250.c | 9 +- drivers/clk/qcom/dispcc-sm8550.c | 14 +- drivers/clk/qcom/gcc-ipq5332.c | 1 + drivers/clk/rockchip/clk-rk3228.c | 2 +- drivers/clk/rockchip/clk-rk3588.c | 2 +- drivers/clk/starfive/clk-starfive-jh7110-vout.c | 2 +- drivers/clk/ti/clk-dra7-atl.c | 1 + drivers/clocksource/timer-qcom.c | 7 +- drivers/cpufreq/ti-cpufreq.c | 10 +- drivers/cpuidle/cpuidle-riscv-sbi.c | 21 +- drivers/crypto/caam/caamhash.c | 1 + drivers/crypto/ccp/sev-dev.c | 15 +- drivers/crypto/hisilicon/hpre/hpre_main.c | 54 ++-- drivers/crypto/hisilicon/qm.c | 151 +++++++---- drivers/crypto/hisilicon/sec2/sec_main.c | 16 +- drivers/crypto/hisilicon/zip/zip_main.c | 23 +- drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 +- .../crypto/intel/qat/qat_common/adf_gen4_hw_data.h | 2 +- drivers/crypto/intel/qat/qat_common/adf_init.c | 4 +- .../crypto/intel/qat/qat_common/adf_pfvf_pf_msg.c | 9 +- .../crypto/intel/qat/qat_common/adf_pfvf_vf_msg.c | 14 ++ .../crypto/intel/qat/qat_common/adf_pfvf_vf_msg.h | 1 + drivers/crypto/intel/qat/qat_common/adf_vf_isr.c | 2 + drivers/crypto/n2_core.c | 1 + drivers/crypto/qcom-rng.c | 4 +- drivers/cxl/core/pci.c | 8 +- drivers/edac/igen6_edac.c | 2 +- drivers/edac/synopsys_edac.c | 35 ++- drivers/firewire/core-cdev.c | 2 +- drivers/firmware/arm_scmi/optee.c | 7 + drivers/firmware/efi/libstub/tpm.c | 2 +- drivers/firmware/qcom/qcom_scm.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgv_sriovmsg.h | 4 +- drivers/gpu/drm/amd/amdgpu/atombios_encoders.c | 29 ++- drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 14 +- drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 14 +- drivers/gpu/drm/amd/amdgpu/sdma_v7_0.c | 7 +- drivers/gpu/drm/amd/amdgpu/soc24.c | 23 +- drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 165 ------------ drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c | 4 + drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 94 +++++-- .../drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 18 +- .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 146 ++++++++--- .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 6 + drivers/gpu/drm/amd/display/dc/dc_dsc.h | 3 +- .../dc/dml2/dml21/dml21_translation_helper.c | 4 +- .../dml2/dml21/src/dml2_pmo/dml2_pmo_dcn4_fams2.c | 8 +- drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 5 +- .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 50 ++++ .../drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 6 +- .../drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 27 +- .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 13 + .../amd/display/dc/link/hwss/link_hwss_hpo_dp.c | 12 + .../amd/display/dc/resource/dcn35/dcn35_resource.c | 1 + .../display/dc/resource/dcn351/dcn351_resource.c | 3 +- .../drm/amd/display/modules/freesync/freesync.c | 2 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 6 +- .../gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 3 + .../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 6 +- drivers/gpu/drm/bridge/lontium-lt8912b.c | 35 +-- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 +- drivers/gpu/drm/mediatek/mtk_crtc.c | 32 ++- drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 12 +- drivers/gpu/drm/msm/adreno/a5xx_gpu.h | 2 + drivers/gpu/drm/msm/adreno/a5xx_preempt.c | 30 ++- drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 46 ++-- .../gpu/drm/msm/adreno/adreno_gen7_9_0_snapshot.h | 2 +- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 2 +- drivers/gpu/drm/msm/disp/mdp5/mdp5_smp.c | 2 +- drivers/gpu/drm/msm/dp/dp_display.c | 10 +- drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 12 +- drivers/gpu/drm/radeon/evergreen_cs.c | 62 ++--- drivers/gpu/drm/radeon/radeon_atombios.c | 29 ++- drivers/gpu/drm/rockchip/dw_hdmi-rockchip.c | 2 + drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 4 +- drivers/gpu/drm/stm/drv.c | 4 +- drivers/gpu/drm/stm/ltdc.c | 2 + drivers/gpu/drm/vc4/vc4_hdmi.c | 8 +- drivers/gpu/drm/xe/xe_exec_queue.c | 157 +++++------- drivers/gpu/drm/xe/xe_exec_queue.h | 6 +- drivers/gpu/drm/xe/xe_hw_engine.c | 31 +++ drivers/gpu/drm/xe/xe_hw_engine.h | 7 + drivers/gpu/drm/xe/xe_migrate.c | 2 +- drivers/gpu/drm/xe/xe_vm.c | 8 +- drivers/hid/wacom_wac.c | 13 +- drivers/hid/wacom_wac.h | 2 +- drivers/hwmon/max16065.c | 17 +- drivers/hwmon/ntc_thermistor.c | 1 + drivers/hwtracing/coresight/coresight-dummy.c | 4 + drivers/hwtracing/coresight/coresight-tmc-etr.c | 2 +- drivers/hwtracing/coresight/coresight-tpdm.c | 6 + drivers/i2c/busses/i2c-aspeed.c | 16 +- drivers/i2c/busses/i2c-isch.c | 3 +- drivers/i2c/busses/i2c-xiic.c | 41 +-- drivers/idle/intel_idle.c | 79 +++++- drivers/iio/adc/ad7606.c | 8 +- drivers/iio/adc/ad7606_spi.c | 5 +- drivers/iio/chemical/bme680_core.c | 7 + drivers/iio/magnetometer/ak8975.c | 1 - drivers/infiniband/core/cache.c | 4 +- drivers/infiniband/core/iwcm.c | 2 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 + drivers/infiniband/hw/cxgb4/cm.c | 5 + drivers/infiniband/hw/erdma/erdma_verbs.c | 25 +- drivers/infiniband/hw/hns/hns_roce_ah.c | 14 +- drivers/infiniband/hw/hns/hns_roce_hem.c | 22 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 33 +-- drivers/infiniband/hw/hns/hns_roce_qp.c | 16 +- drivers/infiniband/hw/irdma/verbs.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 2 +- drivers/infiniband/hw/mlx5/mlx5_ib.h | 2 +- drivers/infiniband/hw/mlx5/mr.c | 99 ++++---- drivers/infiniband/hw/mlx5/umr.c | 3 + drivers/infiniband/ulp/rtrs/rtrs-clt.c | 9 +- drivers/infiniband/ulp/rtrs/rtrs-srv.c | 1 + drivers/input/keyboard/adp5588-keys.c | 2 +- drivers/input/misc/ims-pcu.c | 2 +- drivers/input/serio/i8042-acpipnpio.h | 37 +++ drivers/input/touchscreen/ilitek_ts_i2c.c | 18 +- drivers/interconnect/icc-clk.c | 3 +- drivers/interconnect/qcom/sm8350.c | 1 + drivers/iommu/amd/io_pgtable.c | 8 +- drivers/iommu/amd/io_pgtable_v2.c | 4 +- drivers/iommu/amd/iommu.c | 57 +---- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 4 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 28 +++ drivers/iommu/arm/arm-smmu/arm-smmu.c | 2 +- drivers/iommu/iommufd/hw_pagetable.c | 3 +- drivers/iommu/iommufd/io_pagetable.c | 8 + drivers/iommu/iommufd/selftest.c | 9 +- drivers/leds/leds-bd2606mvv.c | 23 +- drivers/leds/leds-gpio.c | 9 +- drivers/leds/leds-pca995x.c | 21 +- drivers/md/dm-integrity.c | 15 +- drivers/md/dm-rq.c | 4 +- drivers/md/dm-verity-target.c | 23 +- drivers/md/dm.c | 11 +- drivers/md/md.c | 1 - drivers/media/dvb-frontends/rtl2830.c | 2 +- drivers/media/dvb-frontends/rtl2832.c | 2 +- drivers/media/platform/imagination/Kconfig | 1 + .../vcodec/decoder/vdec/vdec_h264_req_if.c | 9 +- .../vcodec/decoder/vdec/vdec_h264_req_multi_if.c | 9 +- .../mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c | 10 +- drivers/media/platform/raspberrypi/pisp_be/Kconfig | 1 + .../media/platform/renesas/rzg2l-cru/rzg2l-csi2.c | 1 + drivers/media/tuners/tuner-i2c.h | 4 +- drivers/mtd/devices/powernv_flash.c | 3 + drivers/mtd/devices/slram.c | 2 + drivers/mtd/nand/raw/mtk_nand.c | 36 +-- drivers/net/bareudp.c | 26 +- drivers/net/bonding/bond_main.c | 6 +- drivers/net/can/m_can/m_can.c | 14 +- drivers/net/can/usb/esd_usb.c | 6 +- drivers/net/ethernet/freescale/enetc/enetc.c | 3 +- .../net/ethernet/intel/idpf/idpf_singleq_txrx.c | 4 + drivers/net/ethernet/intel/idpf/idpf_txrx.c | 35 +-- drivers/net/ethernet/intel/idpf/idpf_txrx.h | 9 +- drivers/net/ethernet/meta/Kconfig | 2 + drivers/net/ethernet/meta/fbnic/fbnic_txrx.c | 8 +- drivers/net/ethernet/realtek/r8169_phy_config.c | 2 + drivers/net/ethernet/renesas/ravb.h | 1 + drivers/net/ethernet/renesas/ravb_main.c | 18 +- drivers/net/ethernet/seeq/ether3.c | 2 + .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 3 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 37 +-- drivers/net/netkit.c | 3 + drivers/net/phy/aquantia/aquantia_firmware.c | 40 +-- drivers/net/phy/aquantia/aquantia_leds.c | 3 +- drivers/net/phy/aquantia/aquantia_main.c | 24 +- drivers/net/usb/usbnet.c | 37 ++- drivers/net/virtio_net.c | 88 ++++--- drivers/net/wireless/ath/ath11k/core.h | 1 + drivers/net/wireless/ath/ath11k/mac.c | 12 + drivers/net/wireless/ath/ath11k/wmi.c | 4 +- drivers/net/wireless/ath/ath12k/mac.c | 5 +- drivers/net/wireless/ath/ath12k/wmi.c | 1 + drivers/net/wireless/ath/ath12k/wmi.h | 3 +- drivers/net/wireless/ath/ath9k/debug.c | 2 - drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 - .../wireless/broadcom/brcm80211/brcmfmac/btcoex.c | 2 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 30 +-- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 2 +- .../wireless/broadcom/brcm80211/brcmfmac/feature.c | 2 +- .../wireless/broadcom/brcm80211/brcmfmac/fwil.h | 40 ++- drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 11 + drivers/net/wireless/intel/iwlwifi/iwl-config.h | 1 + drivers/net/wireless/intel/iwlwifi/mvm/constants.h | 2 +- .../net/wireless/intel/iwlwifi/mvm/ftm-initiator.c | 1 + .../net/wireless/intel/iwlwifi/mvm/time-event.c | 14 +- drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 4 +- drivers/net/wireless/mediatek/mt76/mac80211.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7603/dma.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7615/init.c | 3 + .../net/wireless/mediatek/mt76/mt76_connac3_mac.h | 4 +- drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 + drivers/net/wireless/mediatek/mt76/mt7915/main.c | 3 +- drivers/net/wireless/mediatek/mt76/mt7921/init.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 5 +- drivers/net/wireless/mediatek/mt76/mt7925/main.c | 15 ++ drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 3 + drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 1 + drivers/net/wireless/mediatek/mt76/mt7925/pci.c | 2 + drivers/net/wireless/mediatek/mt76/mt7996/init.c | 65 +++-- drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7996/main.c | 6 +- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 13 +- drivers/net/wireless/microchip/wilc1000/hif.c | 4 +- drivers/net/wireless/realtek/rtw88/coex.c | 38 +-- drivers/net/wireless/realtek/rtw88/fw.c | 13 +- drivers/net/wireless/realtek/rtw88/main.c | 7 +- drivers/net/wireless/realtek/rtw88/rtw8821cu.c | 2 - drivers/net/wireless/realtek/rtw88/rtw8822c.c | 12 +- drivers/net/wireless/realtek/rtw88/rx.h | 2 +- drivers/net/wireless/realtek/rtw89/core.c | 1 + drivers/net/wireless/realtek/rtw89/core.h | 3 + drivers/net/wireless/realtek/rtw89/fw.c | 6 +- drivers/net/wireless/realtek/rtw89/fw.h | 7 +- drivers/net/wireless/realtek/rtw89/mac.c | 13 +- drivers/net/wireless/realtek/rtw89/mac.h | 1 - drivers/net/wireless/realtek/rtw89/reg.h | 4 + drivers/net/wireless/virtual/mac80211_hwsim.c | 2 +- drivers/ntb/hw/intel/ntb_hw_gen1.c | 2 +- drivers/ntb/ntb_transport.c | 23 +- drivers/ntb/test/ntb_perf.c | 2 +- drivers/nvdimm/namespace_devs.c | 34 +-- drivers/nvme/host/multipath.c | 2 +- drivers/pci/controller/dwc/pci-dra7xx.c | 11 +- drivers/pci/controller/dwc/pci-imx6.c | 15 +- drivers/pci/controller/dwc/pci-keystone.c | 2 +- drivers/pci/controller/dwc/pcie-kirin.c | 4 +- drivers/pci/controller/dwc/pcie-qcom-ep.c | 14 +- drivers/pci/controller/pcie-xilinx-nwl.c | 39 ++- drivers/pci/pci.c | 20 +- drivers/pci/pci.h | 6 +- drivers/pci/quirks.c | 31 ++- drivers/perf/alibaba_uncore_drw_pmu.c | 2 +- drivers/perf/arm-cmn.c | 109 ++++---- drivers/perf/dwc_pcie_pmu.c | 21 +- drivers/perf/hisilicon/hisi_pcie_pmu.c | 16 +- drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 1 + drivers/pinctrl/mvebu/pinctrl-dove.c | 42 +++- drivers/pinctrl/pinctrl-single.c | 3 +- drivers/pinctrl/renesas/pinctrl-rzg2l.c | 8 +- drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 52 ++-- drivers/platform/cznic/turris-omnia-mcu-trng.c | 4 +- drivers/platform/x86/ideapad-laptop.c | 48 ++-- drivers/pmdomain/core.c | 6 +- drivers/power/supply/axp20x_battery.c | 16 +- drivers/power/supply/max17042_battery.c | 5 +- drivers/powercap/intel_rapl_common.c | 2 +- drivers/pps/clients/pps_parport.c | 8 +- drivers/regulator/of_regulator.c | 2 +- drivers/remoteproc/imx_rproc.c | 6 +- drivers/reset/reset-berlin.c | 3 +- drivers/reset/reset-k210.c | 3 +- drivers/s390/crypto/ap_bus.c | 17 ++ drivers/scsi/NCR5380.c | 78 +++--- drivers/scsi/elx/libefc/efc_nport.c | 2 +- drivers/scsi/lpfc/lpfc_hw4.h | 3 + drivers/scsi/lpfc/lpfc_init.c | 21 +- drivers/scsi/lpfc/lpfc_scsi.c | 2 +- drivers/scsi/mac_scsi.c | 166 ++++++------ drivers/scsi/sd.c | 4 +- drivers/scsi/smartpqi/smartpqi_init.c | 20 +- drivers/soc/fsl/qe/qmc.c | 24 +- drivers/soc/fsl/qe/tsa.c | 2 +- drivers/soc/qcom/smd-rpm.c | 35 ++- drivers/soc/versatile/soc-integrator.c | 1 + drivers/soc/versatile/soc-realview.c | 20 +- drivers/spi/atmel-quadspi.c | 15 +- drivers/spi/spi-airoha-snfi.c | 43 ++-- drivers/spi/spi-bcmbca-hsspi.c | 8 +- drivers/spi/spi-fsl-lpspi.c | 1 + drivers/spi/spi-nxp-fspi.c | 54 ++-- drivers/spi/spi-ppc4xx.c | 7 +- drivers/staging/media/starfive/camss/stf-camss.c | 2 - drivers/thermal/gov_bang_bang.c | 14 +- drivers/thermal/thermal_core.c | 78 +++--- drivers/thermal/thermal_core.h | 27 +- drivers/thermal/thermal_sysfs.c | 207 +++++++-------- drivers/thermal/thermal_trip.c | 6 +- drivers/tty/serial/8250/8250_omap.c | 2 +- drivers/tty/serial/qcom_geni_serial.c | 101 ++++---- drivers/tty/serial/rp2.c | 2 +- drivers/tty/serial/serial_core.c | 13 +- drivers/ufs/host/ufs-qcom.c | 2 +- drivers/usb/cdns3/cdnsp-ring.c | 6 +- drivers/usb/cdns3/host.c | 4 +- drivers/usb/class/cdc-acm.c | 2 + drivers/usb/dwc2/drd.c | 9 + drivers/usb/gadget/udc/dummy_hcd.c | 14 +- drivers/usb/host/xhci-pci.c | 24 +- drivers/usb/host/xhci-ring.c | 14 ++ drivers/usb/host/xhci.h | 1 + drivers/usb/misc/appledisplay.c | 15 +- drivers/usb/misc/cypress_cy7c63.c | 4 + drivers/usb/misc/yurex.c | 10 +- drivers/usb/typec/ucsi/ucsi.c | 35 ++- drivers/vdpa/mlx5/core/mr.c | 3 + drivers/vhost/vdpa.c | 16 +- drivers/video/fbdev/hpfb.c | 1 + drivers/video/fbdev/xen-fbfront.c | 1 + drivers/virtio/virtio.c | 59 ++++- drivers/watchdog/imx_sc_wdt.c | 24 -- drivers/xen/swiotlb-xen.c | 10 +- fs/autofs/inode.c | 3 +- fs/btrfs/btrfs_inode.h | 1 + fs/btrfs/ctree.h | 2 + fs/btrfs/extent-tree.c | 4 +- fs/btrfs/file.c | 34 ++- fs/btrfs/ioctl.c | 4 +- fs/btrfs/subpage.c | 10 +- fs/btrfs/tree-checker.c | 2 +- fs/cachefiles/xattr.c | 34 ++- fs/debugfs/inode.c | 8 + fs/erofs/decompressor.c | 2 +- fs/erofs/inode.c | 20 +- fs/erofs/zdata.c | 71 +++--- fs/eventpoll.c | 2 +- fs/exfat/nls.c | 5 +- fs/ext4/ialloc.c | 14 +- fs/ext4/inline.c | 35 ++- fs/ext4/mballoc.c | 10 +- fs/ext4/super.c | 29 ++- fs/f2fs/compress.c | 36 ++- fs/f2fs/data.c | 10 +- fs/f2fs/dir.c | 3 +- fs/f2fs/extent_cache.c | 4 +- fs/f2fs/f2fs.h | 37 +-- fs/f2fs/file.c | 114 ++++++--- fs/f2fs/inode.c | 5 + fs/f2fs/namei.c | 68 ----- fs/f2fs/segment.c | 15 ++ fs/f2fs/super.c | 16 +- fs/f2fs/xattr.c | 14 +- fs/fcntl.c | 14 +- fs/fuse/file.c | 2 +- fs/inode.c | 4 + fs/jfs/jfs_dmap.c | 4 +- fs/jfs/jfs_imap.c | 2 +- fs/namespace.c | 14 +- fs/netfs/main.c | 4 +- fs/nfs/nfs4proc.c | 16 +- fs/nfs/nfs4state.c | 1 + fs/nfsd/filecache.c | 3 +- fs/nfsd/nfs4idmap.c | 13 +- fs/nfsd/nfs4recover.c | 8 + fs/nfsd/nfs4state.c | 170 +++++++------ fs/nilfs2/btree.c | 12 +- fs/quota/dquot.c | 3 +- fs/smb/server/vfs.c | 19 +- include/acpi/acoutput.h | 5 + include/acpi/cppc_acpi.h | 2 + include/linux/bpf.h | 9 +- include/linux/bpf_lsm.h | 8 + include/linux/compiler.h | 2 +- include/linux/f2fs_fs.h | 2 +- include/linux/lsm_hook_defs.h | 1 + include/linux/lsm_hooks.h | 1 + include/linux/sbitmap.h | 2 +- include/linux/soc/qcom/geni-se.h | 9 + include/linux/usb/usbnet.h | 15 ++ include/linux/virtio.h | 11 +- include/net/bluetooth/hci_core.h | 4 +- include/net/ip.h | 2 + include/net/mac80211.h | 7 +- include/net/netfilter/nf_tables.h | 2 + include/net/tcp.h | 21 +- include/sound/tas2563-tlv.h | 279 +++++++++++++++++++++ include/sound/tas2781-tlv.h | 260 ------------------- include/sound/tas2781.h | 7 +- include/trace/events/f2fs.h | 3 +- io_uring/io-wq.c | 25 +- io_uring/io_uring.c | 4 +- io_uring/rw.c | 8 + io_uring/sqpoll.c | 12 + kernel/bpf/bpf_lsm.c | 34 ++- kernel/bpf/btf.c | 13 +- kernel/bpf/helpers.c | 12 +- kernel/bpf/syscall.c | 4 +- kernel/bpf/verifier.c | 134 ++++++---- kernel/cgroup/pids.c | 18 +- kernel/kthread.c | 10 +- kernel/locking/lockdep.c | 50 ++-- kernel/module/Makefile | 2 +- kernel/padata.c | 6 +- kernel/rcu/tree_nocb.h | 5 +- kernel/sched/deadline.c | 38 ++- kernel/sched/fair.c | 34 +-- kernel/trace/bpf_trace.c | 15 +- lib/debugobjects.c | 5 +- lib/sbitmap.c | 4 +- lib/xz/xz_crc32.c | 2 +- lib/xz/xz_private.h | 4 - mm/damon/vaddr.c | 2 + mm/huge_memory.c | 2 + mm/hugetlb.c | 206 +++++++++------ mm/internal.h | 11 +- mm/memory.c | 8 +- mm/migrate.c | 2 +- mm/mmap.c | 4 + mm/util.c | 2 +- net/bluetooth/hci_conn.c | 6 +- net/bluetooth/hci_sync.c | 5 +- net/bluetooth/mgmt.c | 13 +- net/can/bcm.c | 4 +- net/can/j1939/transport.c | 8 +- net/core/filter.c | 71 +++--- net/core/sock_map.c | 1 + net/ipv4/icmp.c | 103 ++++---- net/ipv6/Kconfig | 1 + net/ipv6/icmp.c | 28 ++- net/ipv6/netfilter/nf_reject_ipv6.c | 14 +- net/ipv6/route.c | 2 +- net/ipv6/rpl_iptunnel.c | 12 +- net/mac80211/iface.c | 17 +- net/mac80211/mlme.c | 30 ++- net/mac80211/offchannel.c | 1 + net/mac80211/rate.c | 2 +- net/mac80211/scan.c | 2 +- net/mac80211/tx.c | 2 +- net/netfilter/nf_conntrack_netlink.c | 7 +- net/netfilter/nf_tables_api.c | 47 ++-- net/netfilter/nft_compat.c | 6 +- net/netfilter/nft_dynset.c | 6 +- net/netfilter/nft_log.c | 2 +- net/netfilter/nft_meta.c | 2 +- net/netfilter/nft_numgen.c | 2 +- net/netfilter/nft_set_pipapo.c | 13 +- net/netfilter/nft_tunnel.c | 5 +- net/qrtr/af_qrtr.c | 2 +- net/tipc/bcast.c | 2 +- net/unix/af_unix.c | 92 +++---- net/unix/garbage.c | 16 +- net/wireless/nl80211.c | 3 +- net/wireless/scan.c | 6 +- net/wireless/sme.c | 3 +- net/wireless/util.c | 10 +- net/xdp/xsk_buff_pool.c | 29 ++- samples/bpf/Makefile | 6 +- security/apparmor/include/net.h | 3 +- security/apparmor/lsm.c | 17 +- security/apparmor/net.c | 2 +- security/bpf/hooks.c | 1 - security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_iint.c | 20 +- security/integrity/ima/ima_main.c | 2 +- security/landlock/fs.c | 9 +- security/security.c | 68 +++-- security/selinux/hooks.c | 80 +++--- security/selinux/include/objsec.h | 5 + security/selinux/netlabel.c | 23 +- security/smack/smack.h | 5 + security/smack/smack_lsm.c | 70 +++--- security/smack/smack_netfilter.c | 4 +- security/smack/smackfs.c | 2 +- sound/pci/hda/cs35l41_hda_spi.c | 1 + sound/pci/hda/tas2781_hda_i2c.c | 2 +- sound/soc/codecs/rt5682.c | 4 +- sound/soc/codecs/rt5682s.c | 4 +- sound/soc/codecs/tas2781-comlib.c | 3 - sound/soc/codecs/tas2781-fmwlib.c | 1 - sound/soc/codecs/tas2781-i2c.c | 27 +- sound/soc/loongson/loongson_card.c | 4 +- tools/bpf/bpftool/btf.c | 7 +- tools/bpf/runqslower/Makefile | 3 +- tools/build/feature/test-all.c | 4 - tools/include/nolibc/string.h | 1 + tools/lib/bpf/btf.c | 4 + tools/lib/bpf/btf_relocate.c | 2 +- tools/lib/bpf/libbpf.c | 75 +++--- tools/objtool/arch/loongarch/decode.c | 11 +- tools/objtool/check.c | 23 +- tools/objtool/include/objtool/elf.h | 1 + tools/perf/builtin-c2c.c | 14 +- tools/perf/builtin-inject.c | 1 + tools/perf/builtin-mem.c | 20 +- tools/perf/builtin-report.c | 3 +- tools/perf/builtin-sched.c | 8 +- .../arch/x86/cascadelakex/uncore-cache.json | 60 ++--- .../pmu-events/arch/x86/skylakex/uncore-cache.json | 60 ++--- .../arch/x86/snowridgex/uncore-cache.json | 57 ----- tools/perf/scripts/python/arm-cs-trace-disasm.py | 9 +- tools/perf/ui/hist.c | 10 +- tools/perf/util/Build | 1 + tools/perf/util/annotate-data.c | 2 +- tools/perf/util/bpf_skel/lock_data.h | 4 +- tools/perf/util/bpf_skel/vmlinux/vmlinux.h | 1 + tools/perf/util/disasm.c | 187 +------------- tools/perf/util/disasm_bpf.c | 195 ++++++++++++++ tools/perf/util/disasm_bpf.h | 12 + tools/perf/util/dwarf-aux.c | 16 +- tools/perf/util/machine.c | 17 +- tools/perf/util/mem-events.c | 20 +- tools/perf/util/mem-events.h | 4 +- tools/perf/util/session.c | 3 + tools/perf/util/stat-display.c | 3 +- tools/perf/util/thread.c | 4 + tools/perf/util/thread.h | 1 + tools/perf/util/time-utils.c | 4 +- tools/perf/util/tool.h | 1 + tools/power/cpupower/lib/powercap.c | 8 + tools/testing/selftests/arm64/signal/Makefile | 2 +- tools/testing/selftests/arm64/signal/sve_helpers.c | 56 +++++ tools/testing/selftests/arm64/signal/sve_helpers.h | 21 ++ .../testcases/fake_sigreturn_sme_change_vl.c | 46 ++-- .../testcases/fake_sigreturn_sve_change_vl.c | 30 +-- .../selftests/arm64/signal/testcases/ssve_regs.c | 36 +-- .../arm64/signal/testcases/ssve_za_regs.c | 36 +-- .../selftests/arm64/signal/testcases/sve_regs.c | 32 +-- .../selftests/arm64/signal/testcases/za_no_regs.c | 32 +-- .../selftests/arm64/signal/testcases/za_regs.c | 36 +-- tools/testing/selftests/bpf/Makefile | 13 +- tools/testing/selftests/bpf/bench.c | 1 + tools/testing/selftests/bpf/bench.h | 1 + .../selftests/bpf/map_tests/sk_storage_map.c | 2 +- .../selftests/bpf/prog_tests/bpf_iter_setsockopt.c | 2 +- .../testing/selftests/bpf/prog_tests/core_reloc.c | 1 + .../selftests/bpf/prog_tests/crypto_sanity.c | 1 - .../selftests/bpf/prog_tests/decap_sanity.c | 1 - .../selftests/bpf/prog_tests/flow_dissector.c | 2 +- tools/testing/selftests/bpf/prog_tests/kfree_skb.c | 1 + .../selftests/bpf/prog_tests/lwt_redirect.c | 1 - .../testing/selftests/bpf/prog_tests/lwt_reroute.c | 1 + .../selftests/bpf/prog_tests/ns_current_pid_tgid.c | 2 +- .../selftests/bpf/prog_tests/parse_tcp_hdr_opt.c | 1 + tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 1 - .../testing/selftests/bpf/prog_tests/tc_redirect.c | 12 +- tools/testing/selftests/bpf/prog_tests/tcp_rtt.c | 1 + .../selftests/bpf/prog_tests/user_ringbuf.c | 1 + tools/testing/selftests/bpf/progs/bpf_misc.h | 24 +- .../testing/selftests/bpf/progs/cg_storage_multi.h | 2 - .../bpf/progs/test_libbpf_get_fd_by_id_opts.c | 1 + .../selftests/bpf/progs/verifier_spill_fill.c | 8 +- tools/testing/selftests/bpf/test_cpp.cpp | 4 + tools/testing/selftests/bpf/test_loader.c | 258 ++++++++++++++----- tools/testing/selftests/bpf/test_lru_map.c | 3 +- tools/testing/selftests/bpf/test_progs.c | 18 +- tools/testing/selftests/bpf/test_progs.h | 1 - tools/testing/selftests/bpf/testing_helpers.c | 6 +- tools/testing/selftests/bpf/unpriv_helpers.c | 1 - tools/testing/selftests/bpf/veristat.c | 8 +- .../testing/selftests/dt/test_unprobed_devices.sh | 15 +- .../ftrace/test.d/00basic/test_ownership.tc | 12 + .../ftrace/test.d/ftrace/func_set_ftrace_file.tc | 9 +- .../ftrace/test.d/kprobe/kprobe_args_char.tc | 2 +- .../ftrace/test.d/kprobe/kprobe_args_string.tc | 2 +- tools/testing/selftests/kselftest.h | 2 + tools/testing/selftests/mm/mseal_test.c | 57 +++-- tools/testing/selftests/net/af_unix/msg_oob.c | 23 ++ tools/testing/selftests/net/netfilter/ipvs.sh | 2 +- tools/testing/selftests/resctrl/cat_test.c | 7 +- virt/kvm/kvm_main.c | 31 +-- 688 files changed, 7249 insertions(+), 4720 deletions(-)

6 months, 4 weeks

14
721
0 0

[PATCH] platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors

by Hans de Goede

x86_android_tablet_remove() frees the pdevs[] array, so it should not be used after calling x86_android_tablet_remove(). When platform_device_register() fails, store the pdevs[x] PTR_ERR() value into the local ret variable before calling x86_android_tablet_remove() to avoid using pdevs[] after it has been freed. Fixes: 5eba0141206e ("platform/x86: x86-android-tablets: Add support for instantiating platform-devs") Fixes: e2200d3f26da ("platform/x86: x86-android-tablets: Add gpio_keys support to x86_android_tablet_init()") Cc: stable(a)vger.kernel.org Reported-by: Aleksandr Burakov <a.burakov(a)rosalinux.ru> Closes: https://lore.kernel.org/platform-driver-x86/20240917120458.7300-1-a.burakov… Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/platform/x86/x86-android-tablets/core.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/platform/x86/x86-android-tablets/core.c b/drivers/platform/x86/x86-android-tablets/core.c index 1427a9a39008..ef572b90e06b 100644 --- a/drivers/platform/x86/x86-android-tablets/core.c +++ b/drivers/platform/x86/x86-android-tablets/core.c @@ -390,8 +390,9 @@ static __init int x86_android_tablet_probe(struct platform_device *pdev) for (i = 0; i < pdev_count; i++) { pdevs[i] = platform_device_register_full(&dev_info->pdev_info[i]); if (IS_ERR(pdevs[i])) { + ret = PTR_ERR(pdevs[i]); x86_android_tablet_remove(pdev); - return PTR_ERR(pdevs[i]); + return ret; } } @@ -443,8 +444,9 @@ static __init int x86_android_tablet_probe(struct platform_device *pdev) PLATFORM_DEVID_AUTO, &pdata, sizeof(pdata)); if (IS_ERR(pdevs[pdev_count])) { + ret = PTR_ERR(pdevs[pdev_count]); x86_android_tablet_remove(pdev); - return PTR_ERR(pdevs[pdev_count]); + return ret; } pdev_count++; } -- 2.46.2

6 months, 4 weeks

1
1
0 0

read regression for dm-snapshot with loopback

by Leah Rumancik

Hello, I have been investigating a read performance regression of dm-snapshot on top of loopback in which the read time for a dd command increased from 2min to 40min. I bisected the issue to dc5fc361d89 ("block: attempt direct issue of plug list"). I blktraced before and after this commit and the main difference I saw was that before this commit, when the performance was good, there were a lot of IO unplugs on the loop dev. After this commit, I saw 0 IO unplugs. On the mainline, I was also able to bisect to a commit which fixed this issue: 667ea36378cf ("loop: don't set QUEUE_FLAG_NOMERGES"). I also blktraced before and after this commit, and unsurprisingly, the main difference was that commit resulted in IO merges whereas previously there were none being. I don't totally understand what is going on with the first commit which introduced the issue but I'd guess some modifying of the plug list behavior resulted in IO not getting merged/grouped but when we enabled QUEUE_FLAG_NOMERGES, we were then able to optimize through this mechanism. Buuuut 2min->40min seems like a huge performance drop just from merged vs non-merged IO, no? So perhaps it's more complicated than that... dc5fc361d89 -> 5.16 667ea36378c -> 6.11 6.6.y and 6.1.y and were both experiencing the performance issue. I tried porting 667ea36378 to these branches; it applied cleanly and resolved the issue for both. So perhaps we should consider it for the stable trees, but it'd be great if someone from the block layer could chime in with a better idea of what's going on here. - leah

7 months

4
5
0 0

[PATCH AUTOSEL 6.10 001/197] wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats()

by Sasha Levin

From: Dmitry Kandybka <d.kandybka(a)gmail.com> [ Upstream commit 3f66f26703093886db81f0610b97a6794511917c ] In 'ath9k_get_et_stats()', promote TX stats counters to 'u64' to avoid possible integer overflow. Compile tested only. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Dmitry Kandybka <d.kandybka(a)gmail.com> Acked-by: Toke Høiland-Jørgensen <toke(a)toke.dk> Signed-off-by: Kalle Valo <quic_kvalo(a)quicinc.com> Link: https://patch.msgid.link/20240725111743.14422-1-d.kandybka@gmail.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- drivers/net/wireless/ath/ath9k/debug.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/wireless/ath/ath9k/debug.c b/drivers/net/wireless/ath/ath9k/debug.c index d84e3ee7b5d90..886a102e5b025 100644 --- a/drivers/net/wireless/ath/ath9k/debug.c +++ b/drivers/net/wireless/ath/ath9k/debug.c @@ -1325,11 +1325,11 @@ void ath9k_get_et_stats(struct ieee80211_hw *hw, struct ath_softc *sc = hw->priv; int i = 0; - data[i++] = (sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_BE)].tx_pkts_all + + data[i++] = ((u64)sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_BE)].tx_pkts_all + sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_BK)].tx_pkts_all + sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_VI)].tx_pkts_all + sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_VO)].tx_pkts_all); - data[i++] = (sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_BE)].tx_bytes_all + + data[i++] = ((u64)sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_BE)].tx_bytes_all + sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_BK)].tx_bytes_all + sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_VI)].tx_bytes_all + sc->debug.stats.txstats[PR_QNUM(IEEE80211_AC_VO)].tx_bytes_all); -- 2.43.0

7 months

2
198
0 0

[PATCH AUTOSEL 6.11 001/244] l2tp: prevent possible tunnel refcount underflow

by Sasha Levin

From: James Chapman <jchapman(a)katalix.com> [ Upstream commit 24256415d18695b46da06c93135f5b51c548b950 ] When a session is created, it sets a backpointer to its tunnel. When the session refcount drops to 0, l2tp_session_free drops the tunnel refcount if session->tunnel is non-NULL. However, session->tunnel is set in l2tp_session_create, before the tunnel refcount is incremented by l2tp_session_register, which leaves a small window where session->tunnel is non-NULL when the tunnel refcount hasn't been bumped. Moving the assignment to l2tp_session_register is trivial but l2tp_session_create calls l2tp_session_set_header_len which uses session->tunnel to get the tunnel's encap. Add an encap arg to l2tp_session_set_header_len to avoid using session->tunnel. If l2tpv3 sessions have colliding IDs, it is possible for l2tp_v3_session_get to race with l2tp_session_register and fetch a session which doesn't yet have session->tunnel set. Add a check for this case. Signed-off-by: James Chapman <jchapman(a)katalix.com> Signed-off-by: Tom Parkin <tparkin(a)katalix.com> Signed-off-by: David S. Miller <davem(a)davemloft.net> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- net/l2tp/l2tp_core.c | 24 +++++++++++++++++------- net/l2tp/l2tp_core.h | 3 ++- net/l2tp/l2tp_netlink.c | 4 +++- net/l2tp/l2tp_ppp.c | 3 ++- 4 files changed, 24 insertions(+), 10 deletions(-) diff --git a/net/l2tp/l2tp_core.c b/net/l2tp/l2tp_core.c index 2e86f520f7994..a9cbcbc9d016d 100644 --- a/net/l2tp/l2tp_core.c +++ b/net/l2tp/l2tp_core.c @@ -254,7 +254,14 @@ struct l2tp_session *l2tp_v3_session_get(const struct net *net, struct sock *sk, hash_for_each_possible_rcu(pn->l2tp_v3_session_htable, session, hlist, key) { - if (session->tunnel->sock == sk && + /* session->tunnel may be NULL if another thread is in + * l2tp_session_register and has added an item to + * l2tp_v3_session_htable but hasn't yet added the + * session to its tunnel's session_list. + */ + struct l2tp_tunnel *tunnel = READ_ONCE(session->tunnel); + + if (tunnel && tunnel->sock == sk && refcount_inc_not_zero(&session->ref_count)) { rcu_read_unlock_bh(); return session; @@ -482,6 +489,7 @@ int l2tp_session_register(struct l2tp_session *session, } l2tp_tunnel_inc_refcount(tunnel); + WRITE_ONCE(session->tunnel, tunnel); list_add(&session->list, &tunnel->session_list); if (tunnel->version == L2TP_HDR_VER_3) { @@ -797,7 +805,8 @@ void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb, if (!session->lns_mode && !session->send_seq) { trace_session_seqnum_lns_enable(session); session->send_seq = 1; - l2tp_session_set_header_len(session, tunnel->version); + l2tp_session_set_header_len(session, tunnel->version, + tunnel->encap); } } else { /* No sequence numbers. @@ -818,7 +827,8 @@ void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb, if (!session->lns_mode && session->send_seq) { trace_session_seqnum_lns_disable(session); session->send_seq = 0; - l2tp_session_set_header_len(session, tunnel->version); + l2tp_session_set_header_len(session, tunnel->version, + tunnel->encap); } else if (session->send_seq) { pr_debug_ratelimited("%s: recv data has no seq numbers when required. Discarding.\n", session->name); @@ -1663,7 +1673,8 @@ EXPORT_SYMBOL_GPL(l2tp_session_delete); /* We come here whenever a session's send_seq, cookie_len or * l2specific_type parameters are set. */ -void l2tp_session_set_header_len(struct l2tp_session *session, int version) +void l2tp_session_set_header_len(struct l2tp_session *session, int version, + enum l2tp_encap_type encap) { if (version == L2TP_HDR_VER_2) { session->hdr_len = 6; @@ -1672,7 +1683,7 @@ void l2tp_session_set_header_len(struct l2tp_session *session, int version) } else { session->hdr_len = 4 + session->cookie_len; session->hdr_len += l2tp_get_l2specific_len(session); - if (session->tunnel->encap == L2TP_ENCAPTYPE_UDP) + if (encap == L2TP_ENCAPTYPE_UDP) session->hdr_len += 4; } } @@ -1686,7 +1697,6 @@ struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunn session = kzalloc(sizeof(*session) + priv_size, GFP_KERNEL); if (session) { session->magic = L2TP_SESSION_MAGIC; - session->tunnel = tunnel; session->session_id = session_id; session->peer_session_id = peer_session_id; @@ -1724,7 +1734,7 @@ struct l2tp_session *l2tp_session_create(int priv_size, struct l2tp_tunnel *tunn memcpy(&session->peer_cookie[0], &cfg->peer_cookie[0], cfg->peer_cookie_len); } - l2tp_session_set_header_len(session, tunnel->version); + l2tp_session_set_header_len(session, tunnel->version, tunnel->encap); refcount_set(&session->ref_count, 1); diff --git a/net/l2tp/l2tp_core.h b/net/l2tp/l2tp_core.h index 8ac81bc1bc6fa..6c25c196cc222 100644 --- a/net/l2tp/l2tp_core.h +++ b/net/l2tp/l2tp_core.h @@ -260,7 +260,8 @@ void l2tp_recv_common(struct l2tp_session *session, struct sk_buff *skb, int l2tp_udp_encap_recv(struct sock *sk, struct sk_buff *skb); /* Transmit path helpers for sending packets over the tunnel socket. */ -void l2tp_session_set_header_len(struct l2tp_session *session, int version); +void l2tp_session_set_header_len(struct l2tp_session *session, int version, + enum l2tp_encap_type encap); int l2tp_xmit_skb(struct l2tp_session *session, struct sk_buff *skb); /* Pseudowire management. diff --git a/net/l2tp/l2tp_netlink.c b/net/l2tp/l2tp_netlink.c index d105030520f95..fc43ecbd128cc 100644 --- a/net/l2tp/l2tp_netlink.c +++ b/net/l2tp/l2tp_netlink.c @@ -692,8 +692,10 @@ static int l2tp_nl_cmd_session_modify(struct sk_buff *skb, struct genl_info *inf session->recv_seq = nla_get_u8(info->attrs[L2TP_ATTR_RECV_SEQ]); if (info->attrs[L2TP_ATTR_SEND_SEQ]) { + struct l2tp_tunnel *tunnel = session->tunnel; + session->send_seq = nla_get_u8(info->attrs[L2TP_ATTR_SEND_SEQ]); - l2tp_session_set_header_len(session, session->tunnel->version); + l2tp_session_set_header_len(session, tunnel->version, tunnel->encap); } if (info->attrs[L2TP_ATTR_LNS_MODE]) diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c index 3596290047b28..4f25c1212cacb 100644 --- a/net/l2tp/l2tp_ppp.c +++ b/net/l2tp/l2tp_ppp.c @@ -1205,7 +1205,8 @@ static int pppol2tp_session_setsockopt(struct sock *sk, po->chan.hdrlen = val ? PPPOL2TP_L2TP_HDR_SIZE_SEQ : PPPOL2TP_L2TP_HDR_SIZE_NOSEQ; } - l2tp_session_set_header_len(session, session->tunnel->version); + l2tp_session_set_header_len(session, session->tunnel->version, + session->tunnel->encap); break; case PPPOL2TP_SO_LNSMODE: -- 2.43.0

7 months

9
256
0 0

Re-enable panel replay on 6.11 kernel

by Mario Limonciello

Hi, "Panel replay" is a power saving technology that some display panels support. During 6.11 development we had to turn off panel replay due to reports of regressions. Those regressions have now been fixed, and I've confirmed that panel replay works again properly on 6.11 with the following series of commits. Can you please consider taking these back to 6.11.y so that users with these panels can get their power savings back? commit b68417613d41 ("drm/amd/display: Disable replay if VRR capability is false") commit f91a9af09dea ("drm/amd/display: Fix VRR cannot enable") commit df18a4de9e77 ("drm/amd/display: Reset VRR config during resume") commit be64336307a6 ("drm/amd/display: Re-enable panel replay feature") Thanks!

7 months

2
1
0 0

[PATCH 6.1] f2fs: Require FMODE_WRITE for atomic write ioctls

by Eric Biggers

From: Jann Horn <jannh(a)google.com> commit 4f5a100f87f32cb65d4bb1ad282a08c92f6f591e upstream. The F2FS ioctls for starting and committing atomic writes check for inode_owner_or_capable(), but this does not give LSMs like SELinux or Landlock an opportunity to deny the write access - if the caller's FSUID matches the inode's UID, inode_owner_or_capable() immediately returns true. There are scenarios where LSMs want to deny a process the ability to write particular files, even files that the FSUID of the process owns; but this can currently partially be bypassed using atomic write ioctls in two ways: - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can truncate an inode to size 0 - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert changes another process concurrently made to a file Fix it by requiring FMODE_WRITE for these operations, just like for F2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these ioctls when intending to write into the file, that seems unlikely to break anything. Fixes: 88b88a667971 ("f2fs: support atomic writes") Cc: stable(a)vger.kernel.org Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Chao Yu <chao(a)kernel.org> Reviewed-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- fs/f2fs/file.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 62f2521cd955e..2982cc5b37d78 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2103,10 +2103,13 @@ static int f2fs_ioc_start_atomic_write(struct file *filp) struct f2fs_sb_info *sbi = F2FS_I_SB(inode); struct inode *pinode; loff_t isize; int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(mnt_userns, inode)) return -EACCES; if (!S_ISREG(inode->i_mode)) return -EINVAL; @@ -2200,10 +2203,13 @@ static int f2fs_ioc_commit_atomic_write(struct file *filp) { struct inode *inode = file_inode(filp); struct user_namespace *mnt_userns = file_mnt_user_ns(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(mnt_userns, inode)) return -EACCES; ret = mnt_want_write_file(filp); if (ret) @@ -2232,10 +2238,13 @@ static int f2fs_ioc_abort_atomic_write(struct file *filp) { struct inode *inode = file_inode(filp); struct user_namespace *mnt_userns = file_mnt_user_ns(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(mnt_userns, inode)) return -EACCES; ret = mnt_want_write_file(filp); if (ret) base-commit: aa4cd140bba57b7064b4c7a7141bebd336d32087 -- 2.47.0.rc0.187.ge670bccf7e-goog

7 months

2
1
0 0

Please apply 0a6ad4d9e169 ("e1000e: avoid failing the system during pm_suspend") to 6.11.y

by Salvatore Bonaccorso

Hi, Andreas Beckmann reported in Debian in https://bugs.debian.org/1082795 that the commit 0a6ad4d9e169 ("e1000e: avoid failing the system during pm_suspend") indeed fixed his with suspending with his Lenovo Thinkpad T16 Gen 3, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082795#21 confirms the fix. Regards, Salvatore

7 months

2
1
0 0

[PATCH 2/4] ACPI: resource: Make Asus ExpertBook B2502 matches cover more models

by Hans de Goede

Like the various 14" Asus ExpertBook B2 B2402* models there are also 4 variants of the 15" Asus ExpertBook B2 B2502* models: B2502CBA: 12th gen Intel CPU, non flip B2502FBA: 12th gen Intel CPU, flip B2502CVA: 13th gen Intel CPU, non flip B2502FVA: 13th gen Intel CPU, flip Currently there already are DMI quirks for the B2502CBA, B2502FBA and B2502CVA models. Asus website shows that there also is a B2502FVA. Rather then adding a 4th quirk fold the 3 existing quirks into a single quirk covering B2502* to also cover the last model while at the same time reducing the number of quirks. Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/acpi/resource.c | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c index cbe51ae6ae25..0eb52e372467 100644 --- a/drivers/acpi/resource.c +++ b/drivers/acpi/resource.c @@ -490,24 +490,10 @@ static const struct dmi_system_id irq1_level_low_skip_override[] = { }, }, { - /* Asus ExpertBook B2502 */ + /* Asus ExpertBook B2502 (B2502CBA / B2502FBA / B2502CVA / B2502FVA) */ .matches = { DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), - DMI_MATCH(DMI_BOARD_NAME, "B2502CBA"), - }, - }, - { - /* Asus ExpertBook B2502FBA */ - .matches = { - DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), - DMI_MATCH(DMI_BOARD_NAME, "B2502FBA"), - }, - }, - { - /* Asus ExpertBook B2502CVA */ - .matches = { - DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), - DMI_MATCH(DMI_BOARD_NAME, "B2502CVA"), + DMI_MATCH(DMI_BOARD_NAME, "B2502"), }, }, { -- 2.46.2

7 months

1
0
0 0

[PATCH 1/4] ACPI: resource: Make Asus ExpertBook B2402 matches cover more models

by Hans de Goede

The Asus ExpertBook B2402CBA / B2402FBA are the non flip / flip versions of the 14" Asus ExpertBook B2 with 12th gen Intel processors. It has been reported that the B2402FVA which is the 14" Asus ExpertBook B2 flip with 13th gen Intel processors needs to skip the IRQ override too. And looking at Asus website there also is a B2402CVA which is the non flip model with 13th gen Intel processors. Summarizing the following 4 models of the Asus ExpertBook B2 are known: B2402CBA: 12th gen Intel CPU, non flip B2402FBA: 12th gen Intel CPU, flip B2402CVA: 13th gen Intel CPU, non flip B2402FVA: 13th gen Intel CPU, flip Fold the 2 existing quirks for the B2402CBA and B2402FBA into a single quirk covering B2402* to also cover the 2 other models while at the same time reducing the number of quirks. Reported-by: Stefan Blum <stefan.blum(a)gmail.com> Closes: https://lore.kernel.org/platform-driver-x86/a983e6d5-c7ab-4758-be9b-7dcfc1b… Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Hans de Goede <hdegoede(a)redhat.com> --- drivers/acpi/resource.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c index 3d74ebe9dbd8..cbe51ae6ae25 100644 --- a/drivers/acpi/resource.c +++ b/drivers/acpi/resource.c @@ -483,17 +483,10 @@ static const struct dmi_system_id irq1_level_low_skip_override[] = { }, }, { - /* Asus ExpertBook B2402CBA */ + /* Asus ExpertBook B2402 (B2402CBA / B2402FBA / B2402CVA / B2402FVA) */ .matches = { DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), - DMI_MATCH(DMI_BOARD_NAME, "B2402CBA"), - }, - }, - { - /* Asus ExpertBook B2402FBA */ - .matches = { - DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), - DMI_MATCH(DMI_BOARD_NAME, "B2402FBA"), + DMI_MATCH(DMI_BOARD_NAME, "B2402"), }, }, { -- 2.46.2

7 months

1
0
0 0

[PATCH v3] platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug

by Zach Wade

Attaching SST PCI device to VM causes "BUG: KASAN: slab-out-of-bounds". kasan report: [ 19.411889] ================================================================== [ 19.413702] BUG: KASAN: slab-out-of-bounds in _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common] [ 19.415634] Read of size 8 at addr ffff888829e65200 by task cpuhp/16/113 [ 19.417368] [ 19.418627] CPU: 16 PID: 113 Comm: cpuhp/16 Tainted: G E 6.9.0 #10 [ 19.420435] Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.20192059.B64.2207280713 07/28/2022 [ 19.422687] Call Trace: [ 19.424091] <TASK> [ 19.425448] dump_stack_lvl+0x5d/0x80 [ 19.426963] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common] [ 19.428694] print_report+0x19d/0x52e [ 19.430206] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 19.431837] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common] [ 19.433539] kasan_report+0xf0/0x170 [ 19.435019] ? _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common] [ 19.436709] _isst_if_get_pci_dev+0x3d5/0x400 [isst_if_common] [ 19.438379] ? __pfx_sched_clock_cpu+0x10/0x10 [ 19.439910] isst_if_cpu_online+0x406/0x58f [isst_if_common] [ 19.441573] ? __pfx_isst_if_cpu_online+0x10/0x10 [isst_if_common] [ 19.443263] ? ttwu_queue_wakelist+0x2c1/0x360 [ 19.444797] cpuhp_invoke_callback+0x221/0xec0 [ 19.446337] cpuhp_thread_fun+0x21b/0x610 [ 19.447814] ? __pfx_cpuhp_thread_fun+0x10/0x10 [ 19.449354] smpboot_thread_fn+0x2e7/0x6e0 [ 19.450859] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 19.452405] kthread+0x29c/0x350 [ 19.453817] ? __pfx_kthread+0x10/0x10 [ 19.455253] ret_from_fork+0x31/0x70 [ 19.456685] ? __pfx_kthread+0x10/0x10 [ 19.458114] ret_from_fork_asm+0x1a/0x30 [ 19.459573] </TASK> [ 19.460853] [ 19.462055] Allocated by task 1198: [ 19.463410] kasan_save_stack+0x30/0x50 [ 19.464788] kasan_save_track+0x14/0x30 [ 19.466139] __kasan_kmalloc+0xaa/0xb0 [ 19.467465] __kmalloc+0x1cd/0x470 [ 19.468748] isst_if_cdev_register+0x1da/0x350 [isst_if_common] [ 19.470233] isst_if_mbox_init+0x108/0xff0 [isst_if_mbox_msr] [ 19.471670] do_one_initcall+0xa4/0x380 [ 19.472903] do_init_module+0x238/0x760 [ 19.474105] load_module+0x5239/0x6f00 [ 19.475285] init_module_from_file+0xd1/0x130 [ 19.476506] idempotent_init_module+0x23b/0x650 [ 19.477725] __x64_sys_finit_module+0xbe/0x130 [ 19.476506] idempotent_init_module+0x23b/0x650 [ 19.477725] __x64_sys_finit_module+0xbe/0x130 [ 19.478920] do_syscall_64+0x82/0x160 [ 19.480036] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 19.481292] [ 19.482205] The buggy address belongs to the object at ffff888829e65000 which belongs to the cache kmalloc-512 of size 512 [ 19.484818] The buggy address is located 0 bytes to the right of allocated 512-byte region [ffff888829e65000, ffff888829e65200) [ 19.487447] [ 19.488328] The buggy address belongs to the physical page: [ 19.489569] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888829e60c00 pfn:0x829e60 [ 19.491140] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.492466] anon flags: 0x57ffffc0000840(slab|head|node=1|zone=2|lastcpupid=0x1fffff) [ 19.493914] page_type: 0xffffffff() [ 19.494988] raw: 0057ffffc0000840 ffff88810004cc80 0000000000000000 0000000000000001 [ 19.496451] raw: ffff888829e60c00 0000000080200018 00000001ffffffff 0000000000000000 [ 19.497906] head: 0057ffffc0000840 ffff88810004cc80 0000000000000000 0000000000000001 [ 19.499379] head: ffff888829e60c00 0000000080200018 00000001ffffffff 0000000000000000 [ 19.500844] head: 0057ffffc0000003 ffffea0020a79801 ffffea0020a79848 00000000ffffffff [ 19.502316] head: 0000000800000000 0000000000000000 00000000ffffffff 0000000000000000 [ 19.503784] page dumped because: kasan: bad access detected [ 19.505058] [ 19.505970] Memory state around the buggy address: [ 19.507172] ffff888829e65100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.508599] ffff888829e65180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.510013] >ffff888829e65200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.510014] ^ [ 19.510016] ffff888829e65280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.510018] ffff888829e65300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.515367] ================================================================== The reason for this error is physical_package_ids assigned by VMware VMM are not continuous and have gaps. This will cause value returned by topology_physical_package_id() to be more than topology_max_packages(). Here the allocation uses topology_max_packages(). The call to topology_max_packages() returns maximum logical package ID not physical ID. Hence use topology_logical_package_id() instead of topology_physical_package_id(). Fixes: 9a1aac8a96dc ("platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering") Signed-off-by: Zach Wade <zachwade.k(a)gmail.com> --- drivers/platform/x86/intel/speed_select_if/isst_if_common.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/platform/x86/intel/speed_select_if/isst_if_common.c b/drivers/platform/x86/intel/speed_select_if/isst_if_common.c index 10e21563fa46..030c33070b84 100644 --- a/drivers/platform/x86/intel/speed_select_if/isst_if_common.c +++ b/drivers/platform/x86/intel/speed_select_if/isst_if_common.c @@ -316,7 +316,9 @@ static struct pci_dev *_isst_if_get_pci_dev(int cpu, int bus_no, int dev, int fn cpu >= nr_cpu_ids || cpu >= num_possible_cpus()) return NULL; - pkg_id = topology_physical_package_id(cpu); + pkg_id = topology_logical_package_id(cpu); + if (pkg_id >= topology_max_packages()) + return NULL; bus_number = isst_cpu_info[cpu].bus_info[bus_no]; if (bus_number < 0) -- 2.46.0

7 months

3
2
0 0

[PATCH v1] mpi3mr: Validating SAS port assignments

by Ranjan Kumar

Sanity on phy_mask was added by Tomas through [1]. It causes warning messages when >64 phys are detected (expander can have >64 phys) and devices connected to phys greater than 64 are dropped. phy_mask bitmap is only needed for controller phys(not required for expander phys).Controller phys can go maximum up to 64 and u64 is good enough to contain phy_mask bitmap. To suppress those warnings and allow devices to be discovered as before the [1], restrict the phy_mask setting and lowest phy setting only to the controller phys. [1]:https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/ drivers/scsi/mpi3mr?h=6.12/ scsi-queue&id=3668651def2c1622904e58b0280ee93121f2b10b Fixes: 3668651def2c ("mpi3mr: Sanitise num_phys") Cc: stable(a)vger.kernel.org Reported-by: Alexander Motin <mav(a)ixsystems.com> Signed-off-by: Ranjan Kumar <ranjan.kumar(a)broadcom.com> --- drivers/scsi/mpi3mr/mpi3mr.h | 4 +-- drivers/scsi/mpi3mr/mpi3mr_transport.c | 39 +++++++++++++++++--------- 2 files changed, 27 insertions(+), 16 deletions(-) diff --git a/drivers/scsi/mpi3mr/mpi3mr.h b/drivers/scsi/mpi3mr/mpi3mr.h index dc2cdd5f0311..3822efe349e1 100644 --- a/drivers/scsi/mpi3mr/mpi3mr.h +++ b/drivers/scsi/mpi3mr/mpi3mr.h @@ -541,8 +541,8 @@ struct mpi3mr_hba_port { * @port_list: List of ports belonging to a SAS node * @num_phys: Number of phys associated with port * @marked_responding: used while refresing the sas ports - * @lowest_phy: lowest phy ID of current sas port - * @phy_mask: phy_mask of current sas port + * @lowest_phy: lowest phy ID of current sas port, valid for controller port + * @phy_mask: phy_mask of current sas port, valid for controller port * @hba_port: HBA port entry * @remote_identify: Attached device identification * @rphy: SAS transport layer rphy object diff --git a/drivers/scsi/mpi3mr/mpi3mr_transport.c b/drivers/scsi/mpi3mr/mpi3mr_transport.c index ccd23def2e0c..3a685750f5cd 100644 --- a/drivers/scsi/mpi3mr/mpi3mr_transport.c +++ b/drivers/scsi/mpi3mr/mpi3mr_transport.c @@ -595,7 +595,7 @@ static enum sas_linkrate mpi3mr_convert_phy_link_rate(u8 link_rate) */ static void mpi3mr_delete_sas_phy(struct mpi3mr_ioc *mrioc, struct mpi3mr_sas_port *mr_sas_port, - struct mpi3mr_sas_phy *mr_sas_phy) + struct mpi3mr_sas_phy *mr_sas_phy, u8 host_node) { u64 sas_address = mr_sas_port->remote_identify.sas_address; @@ -605,9 +605,13 @@ static void mpi3mr_delete_sas_phy(struct mpi3mr_ioc *mrioc, list_del(&mr_sas_phy->port_siblings); mr_sas_port->num_phys--; - mr_sas_port->phy_mask &= ~(1 << mr_sas_phy->phy_id); - if (mr_sas_port->lowest_phy == mr_sas_phy->phy_id) - mr_sas_port->lowest_phy = ffs(mr_sas_port->phy_mask) - 1; + + if (host_node) { + mr_sas_port->phy_mask &= ~(1 << mr_sas_phy->phy_id); + + if (mr_sas_port->lowest_phy == mr_sas_phy->phy_id) + mr_sas_port->lowest_phy = ffs(mr_sas_port->phy_mask) - 1; + } sas_port_delete_phy(mr_sas_port->port, mr_sas_phy->phy); mr_sas_phy->phy_belongs_to_port = 0; } @@ -617,12 +621,13 @@ static void mpi3mr_delete_sas_phy(struct mpi3mr_ioc *mrioc, * @mrioc: Adapter instance reference * @mr_sas_port: Internal Port object * @mr_sas_phy: Internal Phy object + * @host_node: Flag to indicate this is a host_node * * Return: None. */ static void mpi3mr_add_sas_phy(struct mpi3mr_ioc *mrioc, struct mpi3mr_sas_port *mr_sas_port, - struct mpi3mr_sas_phy *mr_sas_phy) + struct mpi3mr_sas_phy *mr_sas_phy, u8 host_node) { u64 sas_address = mr_sas_port->remote_identify.sas_address; @@ -632,9 +637,12 @@ static void mpi3mr_add_sas_phy(struct mpi3mr_ioc *mrioc, list_add_tail(&mr_sas_phy->port_siblings, &mr_sas_port->phy_list); mr_sas_port->num_phys++; - mr_sas_port->phy_mask |= (1 << mr_sas_phy->phy_id); - if (mr_sas_phy->phy_id < mr_sas_port->lowest_phy) - mr_sas_port->lowest_phy = ffs(mr_sas_port->phy_mask) - 1; + if (host_node) { + mr_sas_port->phy_mask |= (1 << mr_sas_phy->phy_id); + + if (mr_sas_phy->phy_id < mr_sas_port->lowest_phy) + mr_sas_port->lowest_phy = ffs(mr_sas_port->phy_mask) - 1; + } sas_port_add_phy(mr_sas_port->port, mr_sas_phy->phy); mr_sas_phy->phy_belongs_to_port = 1; } @@ -675,7 +683,7 @@ static void mpi3mr_add_phy_to_an_existing_port(struct mpi3mr_ioc *mrioc, if (srch_phy == mr_sas_phy) return; } - mpi3mr_add_sas_phy(mrioc, mr_sas_port, mr_sas_phy); + mpi3mr_add_sas_phy(mrioc, mr_sas_port, mr_sas_phy, mr_sas_node->host_node); return; } } @@ -736,7 +744,7 @@ static void mpi3mr_del_phy_from_an_existing_port(struct mpi3mr_ioc *mrioc, mpi3mr_delete_sas_port(mrioc, mr_sas_port); else mpi3mr_delete_sas_phy(mrioc, mr_sas_port, - mr_sas_phy); + mr_sas_phy, mr_sas_node->host_node); return; } } @@ -1367,7 +1375,8 @@ static struct mpi3mr_sas_port *mpi3mr_sas_port_add(struct mpi3mr_ioc *mrioc, mpi3mr_sas_port_sanity_check(mrioc, mr_sas_node, mr_sas_port->remote_identify.sas_address, hba_port); - if (mr_sas_node->num_phys >= sizeof(mr_sas_port->phy_mask) * 8) + if (mr_sas_node->host_node && mr_sas_node->num_phys >= + sizeof(mr_sas_port->phy_mask) * 8) ioc_info(mrioc, "max port count %u could be too high\n", mr_sas_node->num_phys); @@ -1377,7 +1386,7 @@ static struct mpi3mr_sas_port *mpi3mr_sas_port_add(struct mpi3mr_ioc *mrioc, (mr_sas_node->phy[i].hba_port != hba_port)) continue; - if (i >= sizeof(mr_sas_port->phy_mask) * 8) { + if (mr_sas_node->host_node && (i >= sizeof(mr_sas_port->phy_mask) * 8)) { ioc_warn(mrioc, "skipping port %u, max allowed value is %zu\n", i, sizeof(mr_sas_port->phy_mask) * 8); goto out_fail; @@ -1385,7 +1394,8 @@ static struct mpi3mr_sas_port *mpi3mr_sas_port_add(struct mpi3mr_ioc *mrioc, list_add_tail(&mr_sas_node->phy[i].port_siblings, &mr_sas_port->phy_list); mr_sas_port->num_phys++; - mr_sas_port->phy_mask |= (1 << i); + if (mr_sas_node->host_node) + mr_sas_port->phy_mask |= (1 << i); } if (!mr_sas_port->num_phys) { @@ -1394,7 +1404,8 @@ static struct mpi3mr_sas_port *mpi3mr_sas_port_add(struct mpi3mr_ioc *mrioc, goto out_fail; } - mr_sas_port->lowest_phy = ffs(mr_sas_port->phy_mask) - 1; + if (mr_sas_node->host_node) + mr_sas_port->lowest_phy = ffs(mr_sas_port->phy_mask) - 1; if (mr_sas_port->remote_identify.device_type == SAS_END_DEVICE) { tgtdev = mpi3mr_get_tgtdev_by_addr(mrioc, -- 2.31.1

7 months

2
1
0 0

[PATCH v5 0/4] ov08x40: Enable use of ov08x40 on Qualcomm X1E80100 CRD

by Bryan O'Donoghue

Changes in v5: - Fixes smatch CI splat - Link to v4: https://lore.kernel.org/r/20241003-b4-master-24-11-25-ov08x40-v4-0-7ee2c45f… Changes in v4: - Drops link-frequencies from properties: as discussed here: https://lore.kernel.org/r/Zv6STSKeNNlT83ux@kekkonen.localdomain - Link to v3: https://lore.kernel.org/r/20241002-b4-master-24-11-25-ov08x40-v3-0-483bcdcf… Changes in v3: - Drops assigned-clock-* from description retains in example - Sakari, Krzysztof - Updates example fake clock names to ov08x40_* instead of copy/paste ov9282_clk -> ov08x40_clk, ov9282_clk_parent -> ov08x40_clk_parent - bod - Link to v2: https://lore.kernel.org/r/20241001-b4-master-24-11-25-ov08x40-v2-0-e478976b… Changes in v2: - Drops "-" in ovti,ov08x40.yaml after description: - Rob - Adds ":" after first line of description text - Rob - dts -> DT in commit log - Rob - Removes dependency on 'xvclk' as a name in yaml and driver - Sakari - Uses assigned-clock, assigned-clock-parents and assigned-clock-rates - Sakari - Drops clock-frequency - Sakarai, Krzysztof - Drops dovdd-supply, avdd-supply, dvdd-supply and reset-gpios as required, its perfectly possible not to have the reset GPIO or the power rails under control of the SoC. - bod - Link to v1: https://lore.kernel.org/r/20240926-b4-master-24-11-25-ov08x40-v1-0-e4d5fbd3… V1: This series brings fixes and updates to ov08x40 which allows for use of this sensor on the Qualcomm x1e80100 CRD but also on any other dts based system. Firstly there's a fix for the pseudo burst mode code that was added in 8f667d202384 ("media: ov08x40: Reduce start streaming time"). Not every I2C controller can handle an arbitrary sized write, this is the case on Qualcomm CAMSS/CCI I2C sensor interfaces which limit the transaction size and communicate this limit via I2C quirks. A simple fix to optionally break up the large submitted burst into chunks not exceeding adapter->quirk size fixes. Secondly then is addition of a yaml description for the ov08x40 and extension of the driver to support OF probe and powering on of the power rails from the driver instead of from ACPI. Once done the sensor works without further modification on the Qualcomm x1e80100 CRD. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> --- Bryan O'Donoghue (4): media: ov08x40: Fix burst write sequence media: dt-bindings: Add OmniVision OV08X40 media: ov08x40: Rename ext_clk to xvclk media: ov08x40: Add OF probe support .../bindings/media/i2c/ovti,ov08x40.yaml | 114 +++++++++++++ drivers/media/i2c/ov08x40.c | 181 ++++++++++++++++++--- 2 files changed, 271 insertions(+), 24 deletions(-) --- base-commit: 2b7275670032a98cba266bd1b8905f755b3e650f change-id: 20240926-b4-master-24-11-25-ov08x40-c6f477aaa6a4 Best regards, -- Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>

7 months

1
1
0 0

[PATCH 0/2] rust: lockdep: Fix soundness issue affecting LockClassKeys

by Mitchell Levy via B4 Relay

This series is aimed at fixing a soundness issue with how dynamically allocated LockClassKeys are handled. Currently, LockClassKeys can be used without being Pin'd, which can break lockdep since it relies on address stability. Similarly, these keys are not automatically (de)registered with lockdep. At the suggestion of Alice Ryhl, this series includes a patch for -stable kernels that disables dynamically allocated keys. This prevents backported patches from using the unsound implementation. Currently, this series requires that all dynamically allocated LockClassKeys have a lifetime of 'static (i.e., they must be leaked after allocation). This is because Lock does not currently keep a reference to the LockClassKey, instead passing it to C via FFI. This causes a problem because the rust compiler would allow creating a 'static Lock with a 'a LockClassKey (with 'a < 'static) while C would expect the LockClassKey to live as long as the lock. This problem represents an avenue for future work. --- Changes from RFC: - Split into two commits so that dynamically allocated LockClassKeys are removed from stable kernels. (Thanks Alice Ryhl) - Extract calls to C lockdep functions into helpers so things build properly when LOCKDEP=n. (Thanks Benno Lossin) - Remove extraneous `get_ref()` calls. (Thanks Benno Lossin) - Provide better documentation for `new_dynamic()`. (Thanks Benno Lossin) - Ran rustfmt to fix formatting and some extraneous changes. (Thanks Alice Ryhl and Benno Lossin) - Link to RFC: https://lore.kernel.org/r/20240905-rust-lockdep-v1-1-d2c9c21aa8b2@gmail.com --- Mitchell Levy (2): rust: lockdep: Remove support for dynamically allocated LockClassKeys rust: lockdep: Use Pin for all LockClassKey usages rust/helpers/helpers.c | 1 + rust/helpers/sync.c | 13 +++++++++++++ rust/kernel/lib.rs | 2 +- rust/kernel/sync.rs | 34 ++++++++++++++++++++++++---------- rust/kernel/sync/condvar.rs | 11 +++++++---- rust/kernel/sync/lock.rs | 4 ++-- rust/kernel/workqueue.rs | 2 +- 7 files changed, 49 insertions(+), 18 deletions(-) --- base-commit: 9852d85ec9d492ebef56dc5f229416c925758edc change-id: 20240905-rust-lockdep-d3e30521c8ba Best regards, -- Mitchell Levy <levymitchell0(a)gmail.com>

7 months

2
2
0 0

reply: [PATCH AUTOSEL 6.11 47/76] fs: nfs: fix missing refcnt by replacing folio_set_private by folio_attach_private

by 黄朝阳 (Zhaoyang Huang)

>From: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> > >[ Upstream commit 03e02b94171b1985dd0aa184296fe94425b855a3 ] > >This patch is inspired by a code review of fs codes which aims at folio's extra >refcnt that could introduce unwanted behavious when judging refcnt, such >as[1].That is, the folio passed to mapping_evict_folio carries the refcnts from >find_lock_entries, page_cache, corresponding to PTEs and folio's private if has. >However, current code doesn't take the refcnt for folio's private which could >have mapping_evict_folio miss the one to only PTE and lead to call >filemap_release_folio wrongly. > >[1] >long mapping_evict_folio(struct address_space *mapping, struct folio *folio) >{ ... >//current code will misjudge here if there is one pte on the folio which is be >deemed as the one as folio's private > if (folio_ref_count(folio) > > folio_nr_pages(folio) + folio_has_private(folio) + >1) > return 0; > if (!filemap_release_folio(folio, 0)) > return 0; > > return remove_mapping(mapping, folio); } > >Signed-off-by: Zhaoyang Huang <zhaoyang.huang(a)unisoc.com> >Signed-off-by: Anna Schumaker <anna.schumaker(a)oracle.com> >Signed-off-by: Sasha Levin <sashal(a)kernel.org> Sorry, this patch should be dropped since Trond has explained that there is no need to grab refcnt here as nfs_page has hold the refcount on this folio. >--- > fs/nfs/write.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > >diff --git a/fs/nfs/write.c b/fs/nfs/write.c index >d074d0ceb4f01..80c6ded5f74c6 100644 >--- a/fs/nfs/write.c >+++ b/fs/nfs/write.c >@@ -772,8 +772,7 @@ static void nfs_inode_add_request(struct nfs_page >*req) > nfs_lock_request(req); > spin_lock(&mapping->i_private_lock); > set_bit(PG_MAPPED, &req->wb_flags); >- folio_set_private(folio); >- folio->private = req; >+ folio_attach_private(folio, req); > spin_unlock(&mapping->i_private_lock); > atomic_long_inc(&nfsi->nrequests); > /* this a head request for a page group - mark it as having an @@ >-797,8 +796,7 @@ static void nfs_inode_remove_request(struct nfs_page >*req) > > spin_lock(&mapping->i_private_lock); > if (likely(folio)) { >- folio->private = NULL; >- folio_clear_private(folio); >+ folio_detach_private(folio); > clear_bit(PG_MAPPED, >&req->wb_head->wb_flags); > } > spin_unlock(&mapping->i_private_lock); >-- >2.43.0

7 months

1
0
0 0

[PATCH v2] ext4: fix off by one issue in alloc_flex_gd()

by libaokun＠huaweicloud.com

From: Baokun Li <libaokun1(a)huawei.com> Wesley reported an issue: ================================================================== EXT4-fs (dm-5): resizing filesystem from 7168 to 786432 blocks ------------[ cut here ]------------ kernel BUG at fs/ext4/resize.c:324! CPU: 9 UID: 0 PID: 3576 Comm: resize2fs Not tainted 6.11.0+ #27 RIP: 0010:ext4_resize_fs+0x1212/0x12d0 Call Trace: __ext4_ioctl+0x4e0/0x1800 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0x99/0xd0 x64_sys_call+0x1206/0x20d0 do_syscall_64+0x72/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e ================================================================== While reviewing the patch, Honza found that when adjusting resize_bg in alloc_flex_gd(), it was possible for flex_gd->resize_bg to be bigger than flexbg_size. The reproduction of the problem requires the following: o_group = flexbg_size * 2 * n; o_size = (o_group + 1) * group_size; n_group: [o_group + flexbg_size, o_group + flexbg_size * 2) o_size = (n_group + 1) * group_size; Take n=0,flexbg_size=16 as an example: last:15 |o---------------|--------------n-| o_group:0 resize to n_group:30 The corresponding reproducer is: img=test.img truncate -s 600M $img mkfs.ext4 -F $img -b 1024 -G 16 8M dev=`losetup -f --show $img` mkdir -p /tmp/test mount $dev /tmp/test resize2fs $dev 248M Delete the problematic plus 1 to fix the issue, and add a WARN_ON_ONCE() to prevent the issue from happening again. Reported-by: Wesley Hershberger <wesley.hershberger(a)canonical.com> Closes: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2081231 Reported-by: Stéphane Graber <stgraber(a)stgraber.org> Closes: https://lore.kernel.org/all/20240925143325.518508-1-aleksandr.mikhalitsyn@c… Tested-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn(a)canonical.com> Tested-by: Eric Sandeen <sandeen(a)redhat.com> Fixes: 665d3e0af4d3 ("ext4: reduce unnecessary memory allocation in alloc_flex_gd()") Cc: stable(a)vger.kernel.org Signed-off-by: Baokun Li <libaokun1(a)huawei.com> --- Changes since v1: * Add missing WARN_ON_ONCE(). * Correct the comment of alloc_flex_gd(). fs/ext4/resize.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c index e04eb08b9060..a2704f064361 100644 --- a/fs/ext4/resize.c +++ b/fs/ext4/resize.c @@ -230,8 +230,8 @@ struct ext4_new_flex_group_data { #define MAX_RESIZE_BG 16384 /* - * alloc_flex_gd() allocates a ext4_new_flex_group_data with size of - * @flexbg_size. + * alloc_flex_gd() allocates an ext4_new_flex_group_data that satisfies the + * resizing from @o_group to @n_group, its size is typically @flexbg_size. * * Returns NULL on failure otherwise address of the allocated structure. */ @@ -239,25 +239,27 @@ static struct ext4_new_flex_group_data *alloc_flex_gd(unsigned int flexbg_size, ext4_group_t o_group, ext4_group_t n_group) { ext4_group_t last_group; + unsigned int max_resize_bg; struct ext4_new_flex_group_data *flex_gd; flex_gd = kmalloc(sizeof(*flex_gd), GFP_NOFS); if (flex_gd == NULL) goto out3; - if (unlikely(flexbg_size > MAX_RESIZE_BG)) - flex_gd->resize_bg = MAX_RESIZE_BG; - else - flex_gd->resize_bg = flexbg_size; + max_resize_bg = umin(flexbg_size, MAX_RESIZE_BG); + flex_gd->resize_bg = max_resize_bg; /* Avoid allocating large 'groups' array if not needed */ last_group = o_group | (flex_gd->resize_bg - 1); if (n_group <= last_group) - flex_gd->resize_bg = 1 << fls(n_group - o_group + 1); + flex_gd->resize_bg = 1 << fls(n_group - o_group); else if (n_group - last_group < flex_gd->resize_bg) - flex_gd->resize_bg = 1 << max(fls(last_group - o_group + 1), + flex_gd->resize_bg = 1 << max(fls(last_group - o_group), fls(n_group - last_group)); + if (WARN_ON_ONCE(flex_gd->resize_bg > max_resize_bg)) + flex_gd->resize_bg = max_resize_bg; + flex_gd->groups = kmalloc_array(flex_gd->resize_bg, sizeof(struct ext4_new_group_data), GFP_NOFS); -- 2.39.2

7 months

5
4
0 0

+ selftests-mm-replace-atomic_bool-with-pthread_barrier_t.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: selftests/mm: replace atomic_bool with pthread_barrier_t has been added to the -mm mm-hotfixes-unstable branch. Its filename is selftests-mm-replace-atomic_bool-with-pthread_barrier_t.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Edward Liaw <edliaw(a)google.com> Subject: selftests/mm: replace atomic_bool with pthread_barrier_t Date: Thu, 3 Oct 2024 21:17:10 +0000 Patch series "selftests/mm: fix deadlock after pthread_create". On Android arm, pthread_create followed by a fork caused a deadlock in the case where the fork required work to be completed by the created thread. Update the synchronization primitive to use pthread_barrier instead of atomic_bool. Apply the same fix to the wp-fork-with-event test. This patch (of 2): Swap synchronization primitive with pthread_barrier, so that stdatomic.h does not need to be included. The synchronization is needed on Android ARM64; we see a deadlock with pthread_create when the parent thread races forward before the child has a chance to start doing work. Link: https://lkml.kernel.org/r/20241003211716.371786-1-edliaw@google.com Link: https://lkml.kernel.org/r/20241003211716.371786-2-edliaw@google.com Fixes: 8c864371b2a1 ("selftests/mm: fix ARM related issue with fork after pthread_create") Signed-off-by: Edward Liaw <edliaw(a)google.com> Cc: Lokesh Gidra <lokeshgidra(a)google.com> Cc: Peter Xu <peterx(a)redhat.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/uffd-common.c | 5 +++-- tools/testing/selftests/mm/uffd-common.h | 3 +-- tools/testing/selftests/mm/uffd-unit-tests.c | 14 ++++++++------ 3 files changed, 12 insertions(+), 10 deletions(-) --- a/tools/testing/selftests/mm/uffd-common.c~selftests-mm-replace-atomic_bool-with-pthread_barrier_t +++ a/tools/testing/selftests/mm/uffd-common.c @@ -18,7 +18,7 @@ bool test_uffdio_wp = true; unsigned long long *count_verify; uffd_test_ops_t *uffd_test_ops; uffd_test_case_ops_t *uffd_test_case_ops; -atomic_bool ready_for_fork; +pthread_barrier_t ready_for_fork; static int uffd_mem_fd_create(off_t mem_size, bool hugetlb) { @@ -519,7 +519,8 @@ void *uffd_poll_thread(void *arg) pollfd[1].fd = pipefd[cpu*2]; pollfd[1].events = POLLIN; - ready_for_fork = true; + /* Ready for parent thread to fork */ + pthread_barrier_wait(&ready_for_fork); for (;;) { ret = poll(pollfd, 2, -1); --- a/tools/testing/selftests/mm/uffd-common.h~selftests-mm-replace-atomic_bool-with-pthread_barrier_t +++ a/tools/testing/selftests/mm/uffd-common.h @@ -33,7 +33,6 @@ #include <inttypes.h> #include <stdint.h> #include <sys/random.h> -#include <stdatomic.h> #include "../kselftest.h" #include "vm_util.h" @@ -105,7 +104,7 @@ extern bool map_shared; extern bool test_uffdio_wp; extern unsigned long long *count_verify; extern volatile bool test_uffdio_copy_eexist; -extern atomic_bool ready_for_fork; +extern pthread_barrier_t ready_for_fork; extern uffd_test_ops_t anon_uffd_test_ops; extern uffd_test_ops_t shmem_uffd_test_ops; --- a/tools/testing/selftests/mm/uffd-unit-tests.c~selftests-mm-replace-atomic_bool-with-pthread_barrier_t +++ a/tools/testing/selftests/mm/uffd-unit-tests.c @@ -774,7 +774,7 @@ static void uffd_sigbus_test_common(bool char c; struct uffd_args args = { 0 }; - ready_for_fork = false; + pthread_barrier_init(&ready_for_fork, NULL, 2); fcntl(uffd, F_SETFL, uffd_flags | O_NONBLOCK); @@ -791,8 +791,9 @@ static void uffd_sigbus_test_common(bool if (pthread_create(&uffd_mon, NULL, uffd_poll_thread, &args)) err("uffd_poll_thread create"); - while (!ready_for_fork) - ; /* Wait for the poll_thread to start executing before forking */ + /* Wait for child thread to start before forking */ + pthread_barrier_wait(&ready_for_fork); + pthread_barrier_destroy(&ready_for_fork); pid = fork(); if (pid < 0) @@ -833,7 +834,7 @@ static void uffd_events_test_common(bool char c; struct uffd_args args = { 0 }; - ready_for_fork = false; + pthread_barrier_init(&ready_for_fork, NULL, 2); fcntl(uffd, F_SETFL, uffd_flags | O_NONBLOCK); if (uffd_register(uffd, area_dst, nr_pages * page_size, @@ -844,8 +845,9 @@ static void uffd_events_test_common(bool if (pthread_create(&uffd_mon, NULL, uffd_poll_thread, &args)) err("uffd_poll_thread create"); - while (!ready_for_fork) - ; /* Wait for the poll_thread to start executing before forking */ + /* Wait for child thread to start before forking */ + pthread_barrier_wait(&ready_for_fork); + pthread_barrier_destroy(&ready_for_fork); pid = fork(); if (pid < 0) _ Patches currently in -mm which might be from edliaw(a)google.com are selftests-mm-replace-atomic_bool-with-pthread_barrier_t.patch selftests-mm-fix-deadlock-for-fork-after-pthread_create-on-arm.patch

7 months

1
0
0 0

[PATCH 2/3] Bluetooth: Call iso_exit() on module unload

by Aaron Thompson

From: Aaron Thompson <dev(a)aaront.org> If iso_init() has been called, iso_exit() must be called on module unload. Without that, the struct proto that iso_init() registered with proto_register() becomes invalid, which could cause unpredictable problems later. In my case, with CONFIG_LIST_HARDENED and CONFIG_BUG_ON_DATA_CORRUPTION enabled, loading the module again usually triggers this BUG(): list_add corruption. next->prev should be prev (ffffffffb5355fd0), but was 0000000000000068. (next=ffffffffc0a010d0). ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:29! Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 4159 Comm: modprobe Not tainted 6.10.11-4+bt2-ao-desktop #1 RIP: 0010:__list_add_valid_or_report+0x61/0xa0 ... __list_add_valid_or_report+0x61/0xa0 proto_register+0x299/0x320 hci_sock_init+0x16/0xc0 [bluetooth] bt_init+0x68/0xd0 [bluetooth] __pfx_bt_init+0x10/0x10 [bluetooth] do_one_initcall+0x80/0x2f0 do_init_module+0x8b/0x230 __do_sys_init_module+0x15f/0x190 do_syscall_64+0x68/0x110 ... Cc: stable(a)vger.kernel.org Fixes: ccf74f2390d6 ("Bluetooth: Add BTPROTO_ISO socket type") Signed-off-by: Aaron Thompson <dev(a)aaront.org> --- net/bluetooth/mgmt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c index e4f564d6f6fb..78a164fab3e1 100644 --- a/net/bluetooth/mgmt.c +++ b/net/bluetooth/mgmt.c @@ -10487,6 +10487,7 @@ int mgmt_init(void) void mgmt_exit(void) { + iso_exit(); hci_mgmt_chan_unregister(&chan); } -- 2.39.5

7 months

2
2
0 0

[PATCH v3 net] net: Fix an unsafe loop on the list

by Anastasia Kovaleva

The kernel may crash when deleting a genetlink family if there are still listeners for that family: Oops: Kernel access of bad area, sig: 11 [#1] ... NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0 LR [c000000000c0f764] __netlink_clear_multicast_users+0x74/0xc0 Call Trace: __netlink_clear_multicast_users+0x74/0xc0 genl_unregister_family+0xd4/0x2d0 Change the unsafe loop on the list to a safe one, because inside the loop there is an element removal from this list. Fixes: b8273570f802 ("genetlink: fix netns vs. netlink table locking (2)") Cc: stable(a)vger.kernel.org Signed-off-by: Anastasia Kovaleva <a.kovaleva(a)yadro.com> Reviewed-by: Dmitry Bogdanov <d.bogdanov(a)yadro.com> --- v3: remove trailing "\", change spaces to tab v2: add CC tag for stable --- include/net/sock.h | 2 ++ net/netlink/af_netlink.c | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/net/sock.h b/include/net/sock.h index c58ca8dd561b..db29c39e19a7 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -894,6 +894,8 @@ static inline void sk_add_bind_node(struct sock *sk, hlist_for_each_entry_safe(__sk, tmp, list, sk_node) #define sk_for_each_bound(__sk, list) \ hlist_for_each_entry(__sk, list, sk_bind_node) +#define sk_for_each_bound_safe(__sk, tmp, list) \ + hlist_for_each_entry_safe(__sk, tmp, list, sk_bind_node) /** * sk_for_each_entry_offset_rcu - iterate over a list at a given struct offset diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 0b7a89db3ab7..0a9287fadb47 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -2136,8 +2136,9 @@ void __netlink_clear_multicast_users(struct sock *ksk, unsigned int group) { struct sock *sk; struct netlink_table *tbl = &nl_table[ksk->sk_protocol]; + struct hlist_node *tmp; - sk_for_each_bound(sk, &tbl->mc_list) + sk_for_each_bound_safe(sk, tmp, &tbl->mc_list) netlink_update_socket_mc(nlk_sk(sk), group, 0); } -- 2.40.1

7 months

3
2
0 0

[PATCH 5.15.y] 9p: add missing locking around taking dentry fid list

by Samasth Norway Ananda

From: Dominique Martinet <asmadeus(a)codewreck.org> commit c898afdc15645efb555acb6d85b484eb40a45409 upstream. Fix a use-after-free on dentry's d_fsdata fid list when a thread looks up a fid through dentry while another thread unlinks it: UAF thread: refcount_t: addition on 0; use-after-free. p9_fid_get linux/./include/net/9p/client.h:262 v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129 v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181 v9fs_fid_lookup+0xbf/0xc20 linux/fs/9p/fid.c:314 v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400 vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248 Freed by: p9_fid_destroy (inlined) p9_client_clunk+0xb0/0xe0 linux/net/9p/client.c:1456 p9_fid_put linux/./include/net/9p/client.h:278 v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55 v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518 vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335 The problem is that d_fsdata was not accessed under d_lock, because d_release() normally is only called once the dentry is otherwise no longer accessible but since we also call it explicitly in v9fs_remove that lock is required: move the hlist out of the dentry under lock then unref its fids once they are no longer accessible. Fixes: 154372e67d40 ("fs/9p: fix create-unlink-getattr idiom") Cc: stable(a)vger.kernel.org Reported-by: Meysam Firouzi Reported-by: Amirmohammad Eftekhar Reviewed-by: Christian Schoenebeck <linux_oss(a)crudebyte.com> Message-ID: <20240521122947.1080227-1-asmadeus(a)codewreck.org> Signed-off-by: Dominique Martinet <asmadeus(a)codewreck.org> [Samasth: backport to 5.15.y] Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> Conflicts: fs/9p/vfs_dentry.c keep p9_client_clunk instead of introducing the helper function p9_fid_get/put from commit b48dbb998d70 ("9p fid refcount: add p9_fid_get/put wrappers") --- This is a fix for CVE-2024-39463, minor conflict resolution involved. --- fs/9p/vfs_dentry.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/fs/9p/vfs_dentry.c b/fs/9p/vfs_dentry.c index c2736af97884f..afcf4711ac2a8 100644 --- a/fs/9p/vfs_dentry.c +++ b/fs/9p/vfs_dentry.c @@ -52,12 +52,17 @@ static int v9fs_cached_dentry_delete(const struct dentry *dentry) static void v9fs_dentry_release(struct dentry *dentry) { struct hlist_node *p, *n; + struct hlist_head head; p9_debug(P9_DEBUG_VFS, " dentry: %pd (%p)\n", dentry, dentry); - hlist_for_each_safe(p, n, (struct hlist_head *)&dentry->d_fsdata) + + spin_lock(&dentry->d_lock); + hlist_move_list((struct hlist_head *)&dentry->d_fsdata, &head); + spin_unlock(&dentry->d_lock); + + hlist_for_each_safe(p, n, &head) p9_client_clunk(hlist_entry(p, struct p9_fid, dlist)); - dentry->d_fsdata = NULL; } static int v9fs_lookup_revalidate(struct dentry *dentry, unsigned int flags) -- 2.46.0

7 months

1
0
0 0

+ fixes-null-pointer-dereference-in-pfnmap_lockdep_assert.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: mm: fix null pointer dereference in pfnmap_lockdep_assert has been added to the -mm mm-hotfixes-unstable branch. Its filename is fixes-null-pointer-dereference-in-pfnmap_lockdep_assert.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Manas <manas18244(a)iiitd.ac.in> Subject: mm: fix null pointer dereference in pfnmap_lockdep_assert Date: Fri, 04 Oct 2024 23:12:16 +0530 syzbot has pointed to a possible null pointer dereference in pfnmap_lockdep_assert. vm_file member of vm_area_struct is being dereferenced without any checks. This fix assigns mapping only if vm_file is not NULL. Peter said (https://lkml.kernel.org/r/Zv8HRA5mnhVevBN_@x1n): : If I read the stack right, the crash was before mmap() of the new vma : happens, instead it's during unmap() of one existing vma which existed and : overlapped with the new vma's mapping range: : : follow_phys arch/x86/mm/pat/memtype.c:956 [inline] : get_pat_info+0x182/0x3f0 arch/x86/mm/pat/memtype.c:988 : untrack_pfn+0x327/0x640 arch/x86/mm/pat/memtype.c:1101 : unmap_single_vma+0x1f6/0x2b0 mm/memory.c:1834 : unmap_vmas+0x3cc/0x5f0 mm/memory.c:1900 : unmap_region+0x214/0x380 mm/vma.c:354 <--------------- here : mmap_region+0x22f9/0x2990 mm/mmap.c:1573 : do_mmap+0x8f0/0x1000 mm/mmap.c:496 : vm_mmap_pgoff+0x1dd/0x3d0 mm/util.c:588 : ksys_mmap_pgoff+0x4eb/0x720 mm/mmap.c:542 : do_syscall_x64 arch/x86/entry/common.c:52 [inline] : do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 : entry_SYSCALL_64_after_hwframe+0x77/0x7f : : It looks like the vma that was overwritten by the new file vma mapping : could be a VM_PFNMAP vma (I'm guessing vvar or something similar..), : that's where untrack_pfn() got kicked off. In this case, the vma being : overwritten and to be unmapped can have ->vm_file==NULL (while ->vm_ops : non-NULL; /me looking at __install_special_mapping()). Link: https://lkml.kernel.org/r/20241004-fix-null-deref-v4-1-d0a8ec01ac85@iiitd.a… Reported-by: syzbot+093d096417e7038a689b(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=093d096417e7038a689b Cc: Anup Sharma <anupnewsmail(a)gmail.com> Cc: Shuah Khan <skhan(a)linuxfoundation.org> Cc: Matthew Wilcox <willy(a)infradead.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/memory.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) --- a/mm/memory.c~fixes-null-pointer-dereference-in-pfnmap_lockdep_assert +++ a/mm/memory.c @@ -6355,10 +6355,13 @@ static inline void pfnmap_args_setup(str static inline void pfnmap_lockdep_assert(struct vm_area_struct *vma) { #ifdef CONFIG_LOCKDEP - struct address_space *mapping = vma->vm_file->f_mapping; + struct address_space *mapping = NULL; + + if (vma->vm_file) + mapping = vma->vm_file->f_mapping; if (mapping) - lockdep_assert(lockdep_is_held(&vma->vm_file->f_mapping->i_mmap_rwsem) || + lockdep_assert(lockdep_is_held(&mapping->i_mmap_rwsem) || lockdep_is_held(&vma->vm_mm->mmap_lock)); else lockdep_assert(lockdep_is_held(&vma->vm_mm->mmap_lock)); _ Patches currently in -mm which might be from manas18244(a)iiitd.ac.in are fixes-null-pointer-dereference-in-pfnmap_lockdep_assert.patch

7 months

1
0
0 0

[PATCH 1/2] firmware: qcom: scm: suppress download mode error

by Johan Hovold

Stop spamming the logs with errors about missing mechanism for setting the so called download (or dump) mode for users that have not requested that feature to be enabled in the first place. This avoids the follow error being logged on boot as well as on shutdown when the feature it not available and download mode has not been enabled on the kernel command line: qcom_scm firmware:scm: No available mechanism for setting download mode Fixes: 79cb2cb8d89b ("firmware: qcom: scm: Disable SDI and write no dump to dump mode") Fixes: 781d32d1c970 ("firmware: qcom_scm: Clear download bit during reboot") Cc: Mukesh Ojha <quic_mojha(a)quicinc.com> Cc: stable(a)vger.kernel.org # 6.4 Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/firmware/qcom/qcom_scm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/firmware/qcom/qcom_scm.c b/drivers/firmware/qcom/qcom_scm.c index 10986cb11ec0..e2ac595902ed 100644 --- a/drivers/firmware/qcom/qcom_scm.c +++ b/drivers/firmware/qcom/qcom_scm.c @@ -545,7 +545,7 @@ static void qcom_scm_set_download_mode(u32 dload_mode) } else if (__qcom_scm_is_call_available(__scm->dev, QCOM_SCM_SVC_BOOT, QCOM_SCM_BOOT_SET_DLOAD_MODE)) { ret = __qcom_scm_set_dload_mode(__scm->dev, !!dload_mode); - } else { + } else if (dload_mode) { dev_err(__scm->dev, "No available mechanism for setting download mode\n"); } -- 2.45.2

7 months

2
1
0 0

[PATCH] drm/amd/display: fix hibernate entry for DCN35+

by Hamza Mahfooz

Since, two suspend-resume cycles are required to enter hibernate and, since we only need to enable idle optimizations in the first cycle (which is pretty much equivalent to s2idle). We can check in_s0ix, to prevent the system from entering idle optimizations before it actually enters hibernate (from display's perspective). Cc: stable(a)vger.kernel.org # 6.10+ Signed-off-by: Hamza Mahfooz <hamza.mahfooz(a)amd.com> --- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c index 4651b884d8d9..546a168a2fbf 100644 --- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c @@ -2996,10 +2996,11 @@ static int dm_suspend(struct amdgpu_ip_block *ip_block) hpd_rx_irq_work_suspend(dm); - if (adev->dm.dc->caps.ips_support) - dc_allow_idle_optimizations(adev->dm.dc, true); - dc_set_power_state(dm->dc, DC_ACPI_CM_POWER_STATE_D3); + + if (dm->dc->caps.ips_support && adev->in_s0ix) + dc_allow_idle_optimizations(dm->dc, true); + dc_dmub_srv_set_power_state(dm->dc->ctx->dmub_srv, DC_ACPI_CM_POWER_STATE_D3); return 0; -- 2.46.0

7 months

2
3
0 0

[PATCH 4.19] f2fs: Require FMODE_WRITE for atomic write ioctls

by Eric Biggers

From: Jann Horn <jannh(a)google.com> commit 4f5a100f87f32cb65d4bb1ad282a08c92f6f591e upstream. The F2FS ioctls for starting and committing atomic writes check for inode_owner_or_capable(), but this does not give LSMs like SELinux or Landlock an opportunity to deny the write access - if the caller's FSUID matches the inode's UID, inode_owner_or_capable() immediately returns true. There are scenarios where LSMs want to deny a process the ability to write particular files, even files that the FSUID of the process owns; but this can currently partially be bypassed using atomic write ioctls in two ways: - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can truncate an inode to size 0 - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert changes another process concurrently made to a file Fix it by requiring FMODE_WRITE for these operations, just like for F2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these ioctls when intending to write into the file, that seems unlikely to break anything. Fixes: 88b88a667971 ("f2fs: support atomic writes") Cc: stable(a)vger.kernel.org Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Chao Yu <chao(a)kernel.org> Reviewed-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- fs/f2fs/file.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 043ce96ac1270..0cc2f41e81243 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -1709,10 +1709,13 @@ static int f2fs_ioc_getversion(struct file *filp, unsigned long arg) static int f2fs_ioc_start_atomic_write(struct file *filp) { struct inode *inode = file_inode(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(inode)) return -EACCES; if (!S_ISREG(inode->i_mode)) return -EINVAL; @@ -1766,10 +1769,13 @@ static int f2fs_ioc_start_atomic_write(struct file *filp) static int f2fs_ioc_commit_atomic_write(struct file *filp) { struct inode *inode = file_inode(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(inode)) return -EACCES; ret = mnt_want_write_file(filp); if (ret) @@ -1811,10 +1817,13 @@ static int f2fs_ioc_commit_atomic_write(struct file *filp) static int f2fs_ioc_start_volatile_write(struct file *filp) { struct inode *inode = file_inode(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(inode)) return -EACCES; if (!S_ISREG(inode->i_mode)) return -EINVAL; @@ -1846,10 +1855,13 @@ static int f2fs_ioc_start_volatile_write(struct file *filp) static int f2fs_ioc_release_volatile_write(struct file *filp) { struct inode *inode = file_inode(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(inode)) return -EACCES; ret = mnt_want_write_file(filp); if (ret) @@ -1875,10 +1887,13 @@ static int f2fs_ioc_release_volatile_write(struct file *filp) static int f2fs_ioc_abort_volatile_write(struct file *filp) { struct inode *inode = file_inode(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(inode)) return -EACCES; ret = mnt_want_write_file(filp); if (ret) base-commit: de2cffe297563c815c840cfa14b77a0868b61e53 -- 2.47.0.rc0.187.ge670bccf7e-goog

7 months

1
0
0 0

[PATCH 5.4] f2fs: Require FMODE_WRITE for atomic write ioctls

by Eric Biggers

From: Jann Horn <jannh(a)google.com> commit 4f5a100f87f32cb65d4bb1ad282a08c92f6f591e upstream. The F2FS ioctls for starting and committing atomic writes check for inode_owner_or_capable(), but this does not give LSMs like SELinux or Landlock an opportunity to deny the write access - if the caller's FSUID matches the inode's UID, inode_owner_or_capable() immediately returns true. There are scenarios where LSMs want to deny a process the ability to write particular files, even files that the FSUID of the process owns; but this can currently partially be bypassed using atomic write ioctls in two ways: - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can truncate an inode to size 0 - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert changes another process concurrently made to a file Fix it by requiring FMODE_WRITE for these operations, just like for F2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these ioctls when intending to write into the file, that seems unlikely to break anything. Fixes: 88b88a667971 ("f2fs: support atomic writes") Cc: stable(a)vger.kernel.org Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Chao Yu <chao(a)kernel.org> Reviewed-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- fs/f2fs/file.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 2330600dbe02e..738d65abde510 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -1855,10 +1855,13 @@ static int f2fs_ioc_start_atomic_write(struct file *filp) struct inode *inode = file_inode(filp); struct f2fs_inode_info *fi = F2FS_I(inode); struct f2fs_sb_info *sbi = F2FS_I_SB(inode); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(inode)) return -EACCES; if (!S_ISREG(inode->i_mode)) return -EINVAL; @@ -1921,10 +1924,13 @@ static int f2fs_ioc_start_atomic_write(struct file *filp) static int f2fs_ioc_commit_atomic_write(struct file *filp) { struct inode *inode = file_inode(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(inode)) return -EACCES; ret = mnt_want_write_file(filp); if (ret) @@ -1963,10 +1969,13 @@ static int f2fs_ioc_commit_atomic_write(struct file *filp) static int f2fs_ioc_start_volatile_write(struct file *filp) { struct inode *inode = file_inode(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(inode)) return -EACCES; if (!S_ISREG(inode->i_mode)) return -EINVAL; @@ -1998,10 +2007,13 @@ static int f2fs_ioc_start_volatile_write(struct file *filp) static int f2fs_ioc_release_volatile_write(struct file *filp) { struct inode *inode = file_inode(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(inode)) return -EACCES; ret = mnt_want_write_file(filp); if (ret) @@ -2027,10 +2039,13 @@ static int f2fs_ioc_release_volatile_write(struct file *filp) static int f2fs_ioc_abort_volatile_write(struct file *filp) { struct inode *inode = file_inode(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(inode)) return -EACCES; ret = mnt_want_write_file(filp); if (ret) base-commit: 661f109c057497c8baf507a2562ceb9f9fb3cbc2 -- 2.47.0.rc0.187.ge670bccf7e-goog

7 months

1
0
0 0

[PATCH 5.10] f2fs: Require FMODE_WRITE for atomic write ioctls

by Eric Biggers

From: Jann Horn <jannh(a)google.com> commit 4f5a100f87f32cb65d4bb1ad282a08c92f6f591e upstream. The F2FS ioctls for starting and committing atomic writes check for inode_owner_or_capable(), but this does not give LSMs like SELinux or Landlock an opportunity to deny the write access - if the caller's FSUID matches the inode's UID, inode_owner_or_capable() immediately returns true. There are scenarios where LSMs want to deny a process the ability to write particular files, even files that the FSUID of the process owns; but this can currently partially be bypassed using atomic write ioctls in two ways: - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can truncate an inode to size 0 - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert changes another process concurrently made to a file Fix it by requiring FMODE_WRITE for these operations, just like for F2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these ioctls when intending to write into the file, that seems unlikely to break anything. Fixes: 88b88a667971 ("f2fs: support atomic writes") Cc: stable(a)vger.kernel.org Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Chao Yu <chao(a)kernel.org> Reviewed-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- fs/f2fs/file.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 50514962771a1..e25788e643bbd 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2047,10 +2047,13 @@ static int f2fs_ioc_start_atomic_write(struct file *filp) struct inode *inode = file_inode(filp); struct f2fs_inode_info *fi = F2FS_I(inode); struct f2fs_sb_info *sbi = F2FS_I_SB(inode); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(inode)) return -EACCES; if (!S_ISREG(inode->i_mode)) return -EINVAL; @@ -2117,10 +2120,13 @@ static int f2fs_ioc_start_atomic_write(struct file *filp) static int f2fs_ioc_commit_atomic_write(struct file *filp) { struct inode *inode = file_inode(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(inode)) return -EACCES; ret = mnt_want_write_file(filp); if (ret) @@ -2159,10 +2165,13 @@ static int f2fs_ioc_commit_atomic_write(struct file *filp) static int f2fs_ioc_start_volatile_write(struct file *filp) { struct inode *inode = file_inode(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(inode)) return -EACCES; if (!S_ISREG(inode->i_mode)) return -EINVAL; @@ -2194,10 +2203,13 @@ static int f2fs_ioc_start_volatile_write(struct file *filp) static int f2fs_ioc_release_volatile_write(struct file *filp) { struct inode *inode = file_inode(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(inode)) return -EACCES; ret = mnt_want_write_file(filp); if (ret) @@ -2223,10 +2235,13 @@ static int f2fs_ioc_release_volatile_write(struct file *filp) static int f2fs_ioc_abort_volatile_write(struct file *filp) { struct inode *inode = file_inode(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(inode)) return -EACCES; ret = mnt_want_write_file(filp); if (ret) base-commit: ceb091e2c4ccf93b1ee0e0e8a202476a433784ff -- 2.47.0.rc0.187.ge670bccf7e-goog

7 months

1
0
0 0

[PATCH 5.15] f2fs: Require FMODE_WRITE for atomic write ioctls

by Eric Biggers

From: Jann Horn <jannh(a)google.com> commit 4f5a100f87f32cb65d4bb1ad282a08c92f6f591e upstream. The F2FS ioctls for starting and committing atomic writes check for inode_owner_or_capable(), but this does not give LSMs like SELinux or Landlock an opportunity to deny the write access - if the caller's FSUID matches the inode's UID, inode_owner_or_capable() immediately returns true. There are scenarios where LSMs want to deny a process the ability to write particular files, even files that the FSUID of the process owns; but this can currently partially be bypassed using atomic write ioctls in two ways: - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can truncate an inode to size 0 - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert changes another process concurrently made to a file Fix it by requiring FMODE_WRITE for these operations, just like for F2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these ioctls when intending to write into the file, that seems unlikely to break anything. Fixes: 88b88a667971 ("f2fs: support atomic writes") Cc: stable(a)vger.kernel.org Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Chao Yu <chao(a)kernel.org> Reviewed-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> Signed-off-by: Eric Biggers <ebiggers(a)google.com> --- fs/f2fs/file.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index be9536815e50d..fd369db1e47b5 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2005,10 +2005,13 @@ static int f2fs_ioc_start_atomic_write(struct file *filp) struct inode *inode = file_inode(filp); struct f2fs_inode_info *fi = F2FS_I(inode); struct f2fs_sb_info *sbi = F2FS_I_SB(inode); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(&init_user_ns, inode)) return -EACCES; if (!S_ISREG(inode->i_mode)) return -EINVAL; @@ -2075,10 +2078,13 @@ static int f2fs_ioc_start_atomic_write(struct file *filp) static int f2fs_ioc_commit_atomic_write(struct file *filp) { struct inode *inode = file_inode(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(&init_user_ns, inode)) return -EACCES; ret = mnt_want_write_file(filp); if (ret) @@ -2117,10 +2123,13 @@ static int f2fs_ioc_commit_atomic_write(struct file *filp) static int f2fs_ioc_start_volatile_write(struct file *filp) { struct inode *inode = file_inode(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(&init_user_ns, inode)) return -EACCES; if (!S_ISREG(inode->i_mode)) return -EINVAL; @@ -2152,10 +2161,13 @@ static int f2fs_ioc_start_volatile_write(struct file *filp) static int f2fs_ioc_release_volatile_write(struct file *filp) { struct inode *inode = file_inode(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(&init_user_ns, inode)) return -EACCES; ret = mnt_want_write_file(filp); if (ret) @@ -2181,10 +2193,13 @@ static int f2fs_ioc_release_volatile_write(struct file *filp) static int f2fs_ioc_abort_volatile_write(struct file *filp) { struct inode *inode = file_inode(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(&init_user_ns, inode)) return -EACCES; ret = mnt_want_write_file(filp); if (ret) base-commit: 3a5928702e7120f83f703fd566082bfb59f1a57e -- 2.47.0.rc0.187.ge670bccf7e-goog

7 months

1
0
0 0

[PATCH AUTOSEL 4.19 01/16] bpf: Check percpu map value size first

by Sasha Levin

From: Tao Chen <chen.dylane(a)gmail.com> [ Upstream commit 1d244784be6b01162b732a5a7d637dfc024c3203 ] Percpu map is often used, but the map value size limit often ignored, like issue: https://github.com/iovisor/bcc/issues/2519. Actually, percpu map value size is bound by PCPU_MIN_UNIT_SIZE, so we can check the value size whether it exceeds PCPU_MIN_UNIT_SIZE first, like percpu map of local_storage. Maybe the error message seems clearer compared with "cannot allocate memory". Signed-off-by: Jinke Han <jinkehan(a)didiglobal.com> Signed-off-by: Tao Chen <chen.dylane(a)gmail.com> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Acked-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/bpf/20240910144111.1464912-2-chen.dylane@gmail.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/bpf/arraymap.c | 3 +++ kernel/bpf/hashtab.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c index 44f53c06629e2..03e244b11f5a0 100644 --- a/kernel/bpf/arraymap.c +++ b/kernel/bpf/arraymap.c @@ -71,6 +71,9 @@ int array_map_alloc_check(union bpf_attr *attr) * access the elements. */ return -E2BIG; + /* percpu map value size is bound by PCPU_MIN_UNIT_SIZE */ + if (percpu && round_up(attr->value_size, 8) > PCPU_MIN_UNIT_SIZE) + return -E2BIG; return 0; } diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c index 16081d8384bfc..bca3287030460 100644 --- a/kernel/bpf/hashtab.c +++ b/kernel/bpf/hashtab.c @@ -291,6 +291,9 @@ static int htab_map_alloc_check(union bpf_attr *attr) * kmalloc-able later in htab_map_update_elem() */ return -E2BIG; + /* percpu map value size is bound by PCPU_MIN_UNIT_SIZE */ + if (percpu && round_up(attr->value_size, 8) > PCPU_MIN_UNIT_SIZE) + return -E2BIG; return 0; } -- 2.43.0

7 months

1
15
0 0

[PATCH AUTOSEL 5.4 01/21] bpf: Check percpu map value size first

by Sasha Levin

From: Tao Chen <chen.dylane(a)gmail.com> [ Upstream commit 1d244784be6b01162b732a5a7d637dfc024c3203 ] Percpu map is often used, but the map value size limit often ignored, like issue: https://github.com/iovisor/bcc/issues/2519. Actually, percpu map value size is bound by PCPU_MIN_UNIT_SIZE, so we can check the value size whether it exceeds PCPU_MIN_UNIT_SIZE first, like percpu map of local_storage. Maybe the error message seems clearer compared with "cannot allocate memory". Signed-off-by: Jinke Han <jinkehan(a)didiglobal.com> Signed-off-by: Tao Chen <chen.dylane(a)gmail.com> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Acked-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/bpf/20240910144111.1464912-2-chen.dylane@gmail.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/bpf/arraymap.c | 3 +++ kernel/bpf/hashtab.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c index 81ed9b79f4019..af90c4498e80e 100644 --- a/kernel/bpf/arraymap.c +++ b/kernel/bpf/arraymap.c @@ -64,6 +64,9 @@ int array_map_alloc_check(union bpf_attr *attr) * access the elements. */ return -E2BIG; + /* percpu map value size is bound by PCPU_MIN_UNIT_SIZE */ + if (percpu && round_up(attr->value_size, 8) > PCPU_MIN_UNIT_SIZE) + return -E2BIG; return 0; } diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c index 34c4f709b1ede..0d14a2a11463a 100644 --- a/kernel/bpf/hashtab.c +++ b/kernel/bpf/hashtab.c @@ -288,6 +288,9 @@ static int htab_map_alloc_check(union bpf_attr *attr) * kmalloc-able later in htab_map_update_elem() */ return -E2BIG; + /* percpu map value size is bound by PCPU_MIN_UNIT_SIZE */ + if (percpu && round_up(attr->value_size, 8) > PCPU_MIN_UNIT_SIZE) + return -E2BIG; return 0; } -- 2.43.0

7 months

1
20
0 0

[PATCH AUTOSEL 5.10 01/26] bpf: Check percpu map value size first

by Sasha Levin

From: Tao Chen <chen.dylane(a)gmail.com> [ Upstream commit 1d244784be6b01162b732a5a7d637dfc024c3203 ] Percpu map is often used, but the map value size limit often ignored, like issue: https://github.com/iovisor/bcc/issues/2519. Actually, percpu map value size is bound by PCPU_MIN_UNIT_SIZE, so we can check the value size whether it exceeds PCPU_MIN_UNIT_SIZE first, like percpu map of local_storage. Maybe the error message seems clearer compared with "cannot allocate memory". Signed-off-by: Jinke Han <jinkehan(a)didiglobal.com> Signed-off-by: Tao Chen <chen.dylane(a)gmail.com> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Acked-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/bpf/20240910144111.1464912-2-chen.dylane@gmail.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/bpf/arraymap.c | 3 +++ kernel/bpf/hashtab.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c index 5102338129d5f..3d92e42c3895a 100644 --- a/kernel/bpf/arraymap.c +++ b/kernel/bpf/arraymap.c @@ -74,6 +74,9 @@ int array_map_alloc_check(union bpf_attr *attr) * access the elements. */ return -E2BIG; + /* percpu map value size is bound by PCPU_MIN_UNIT_SIZE */ + if (percpu && round_up(attr->value_size, 8) > PCPU_MIN_UNIT_SIZE) + return -E2BIG; return 0; } diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c index 72bc5f5752543..4c7cab79d90e5 100644 --- a/kernel/bpf/hashtab.c +++ b/kernel/bpf/hashtab.c @@ -404,6 +404,9 @@ static int htab_map_alloc_check(union bpf_attr *attr) * kmalloc-able later in htab_map_update_elem() */ return -E2BIG; + /* percpu map value size is bound by PCPU_MIN_UNIT_SIZE */ + if (percpu && round_up(attr->value_size, 8) > PCPU_MIN_UNIT_SIZE) + return -E2BIG; return 0; } -- 2.43.0

7 months

1
25
0 0

[PATCH AUTOSEL 5.15 01/31] bpf: Check percpu map value size first

by Sasha Levin

From: Tao Chen <chen.dylane(a)gmail.com> [ Upstream commit 1d244784be6b01162b732a5a7d637dfc024c3203 ] Percpu map is often used, but the map value size limit often ignored, like issue: https://github.com/iovisor/bcc/issues/2519. Actually, percpu map value size is bound by PCPU_MIN_UNIT_SIZE, so we can check the value size whether it exceeds PCPU_MIN_UNIT_SIZE first, like percpu map of local_storage. Maybe the error message seems clearer compared with "cannot allocate memory". Signed-off-by: Jinke Han <jinkehan(a)didiglobal.com> Signed-off-by: Tao Chen <chen.dylane(a)gmail.com> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Acked-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/bpf/20240910144111.1464912-2-chen.dylane@gmail.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/bpf/arraymap.c | 3 +++ kernel/bpf/hashtab.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c index c76870bfd8167..2788da290c216 100644 --- a/kernel/bpf/arraymap.c +++ b/kernel/bpf/arraymap.c @@ -74,6 +74,9 @@ int array_map_alloc_check(union bpf_attr *attr) * access the elements. */ return -E2BIG; + /* percpu map value size is bound by PCPU_MIN_UNIT_SIZE */ + if (percpu && round_up(attr->value_size, 8) > PCPU_MIN_UNIT_SIZE) + return -E2BIG; return 0; } diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c index f53b4f04b935c..d08fe64e0e453 100644 --- a/kernel/bpf/hashtab.c +++ b/kernel/bpf/hashtab.c @@ -464,6 +464,9 @@ static int htab_map_alloc_check(union bpf_attr *attr) * kmalloc-able later in htab_map_update_elem() */ return -E2BIG; + /* percpu map value size is bound by PCPU_MIN_UNIT_SIZE */ + if (percpu && round_up(attr->value_size, 8) > PCPU_MIN_UNIT_SIZE) + return -E2BIG; return 0; } -- 2.43.0

7 months

1
30
0 0

[PATCH AUTOSEL 6.1 01/42] bpf: Check percpu map value size first

by Sasha Levin

From: Tao Chen <chen.dylane(a)gmail.com> [ Upstream commit 1d244784be6b01162b732a5a7d637dfc024c3203 ] Percpu map is often used, but the map value size limit often ignored, like issue: https://github.com/iovisor/bcc/issues/2519. Actually, percpu map value size is bound by PCPU_MIN_UNIT_SIZE, so we can check the value size whether it exceeds PCPU_MIN_UNIT_SIZE first, like percpu map of local_storage. Maybe the error message seems clearer compared with "cannot allocate memory". Signed-off-by: Jinke Han <jinkehan(a)didiglobal.com> Signed-off-by: Tao Chen <chen.dylane(a)gmail.com> Signed-off-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Acked-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/bpf/20240910144111.1464912-2-chen.dylane@gmail.com Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- kernel/bpf/arraymap.c | 3 +++ kernel/bpf/hashtab.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/kernel/bpf/arraymap.c b/kernel/bpf/arraymap.c index c04e69f34e4d5..50b9bf57a4e3e 100644 --- a/kernel/bpf/arraymap.c +++ b/kernel/bpf/arraymap.c @@ -73,6 +73,9 @@ int array_map_alloc_check(union bpf_attr *attr) /* avoid overflow on round_up(map->value_size) */ if (attr->value_size > INT_MAX) return -E2BIG; + /* percpu map value size is bound by PCPU_MIN_UNIT_SIZE */ + if (percpu && round_up(attr->value_size, 8) > PCPU_MIN_UNIT_SIZE) + return -E2BIG; return 0; } diff --git a/kernel/bpf/hashtab.c b/kernel/bpf/hashtab.c index 0c74cc9012d5c..dae9ed02a75be 100644 --- a/kernel/bpf/hashtab.c +++ b/kernel/bpf/hashtab.c @@ -455,6 +455,9 @@ static int htab_map_alloc_check(union bpf_attr *attr) * kmalloc-able later in htab_map_update_elem() */ return -E2BIG; + /* percpu map value size is bound by PCPU_MIN_UNIT_SIZE */ + if (percpu && round_up(attr->value_size, 8) > PCPU_MIN_UNIT_SIZE) + return -E2BIG; return 0; } -- 2.43.0

7 months

1
41
0 0

[PATCH AUTOSEL 6.6 01/58] selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test

by Sasha Levin

From: Daniel Borkmann <daniel(a)iogearbox.net> [ Upstream commit b8e188f023e07a733b47d5865311ade51878fe40 ] The assumption of 'in privileged mode reads from uninitialized stack locations are permitted' is not quite correct since the verifier was probing for read access rather than write access. Both tests need to be annotated as __success for privileged and unprivileged. Signed-off-by: Daniel Borkmann <daniel(a)iogearbox.net> Acked-by: Andrii Nakryiko <andrii(a)kernel.org> Link: https://lore.kernel.org/r/20240913191754.13290-6-daniel@iogearbox.net Signed-off-by: Alexei Starovoitov <ast(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> --- tools/testing/selftests/bpf/progs/verifier_int_ptr.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/verifier_int_ptr.c b/tools/testing/selftests/bpf/progs/verifier_int_ptr.c index 589e8270de462..d873da71f1436 100644 --- a/tools/testing/selftests/bpf/progs/verifier_int_ptr.c +++ b/tools/testing/selftests/bpf/progs/verifier_int_ptr.c @@ -8,7 +8,6 @@ SEC("socket") __description("ARG_PTR_TO_LONG uninitialized") __success -__failure_unpriv __msg_unpriv("invalid indirect read from stack R4 off -16+0 size 8") __naked void arg_ptr_to_long_uninitialized(void) { asm volatile (" \ @@ -36,9 +35,7 @@ __naked void arg_ptr_to_long_uninitialized(void) SEC("socket") __description("ARG_PTR_TO_LONG half-uninitialized") -/* in privileged mode reads from uninitialized stack locations are permitted */ -__success __failure_unpriv -__msg_unpriv("invalid indirect read from stack R4 off -16+4 size 8") +__success __retval(0) __naked void ptr_to_long_half_uninitialized(void) { -- 2.43.0

7 months

1
57
0 0

[PATCH] arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386

by Easwar Hariharan

Add the Microsoft Azure Cobalt 100 CPU to the list of CPUs suffering from erratum 3194386 added in commit 75b3c43eab59 ("arm64: errata: Expand speculative SSBS workaround") CC: Mark Rutland <mark.rutland(a)arm.com> CC: James More <james.morse(a)arm.com> CC: Will Deacon <will(a)kernel.org> CC: stable(a)vger.kernel.org # 6.6+ Signed-off-by: Easwar Hariharan <eahariha(a)linux.microsoft.com> --- Documentation/arch/arm64/silicon-errata.rst | 2 ++ arch/arm64/kernel/cpu_errata.c | 1 + 2 files changed, 3 insertions(+) diff --git a/Documentation/arch/arm64/silicon-errata.rst b/Documentation/arch/arm64/silicon-errata.rst index 9eb5e70b4888..a7d03f1de72d 100644 --- a/Documentation/arch/arm64/silicon-errata.rst +++ b/Documentation/arch/arm64/silicon-errata.rst @@ -289,3 +289,5 @@ stable kernels. +----------------+-----------------+-----------------+-----------------------------+ | Microsoft | Azure Cobalt 100| #2253138 | ARM64_ERRATUM_2253138 | +----------------+-----------------+-----------------+-----------------------------+ +| Microsoft | Azure Cobalt 100| #3324339 | ARM64_ERRATUM_3194386 | ++----------------+-----------------+-----------------+-----------------------------+ diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c index dfefbdf4073a..1a6fd56a13c1 100644 --- a/arch/arm64/kernel/cpu_errata.c +++ b/arch/arm64/kernel/cpu_errata.c @@ -449,6 +449,7 @@ static const struct midr_range erratum_spec_ssbs_list[] = { MIDR_ALL_VERSIONS(MIDR_CORTEX_X925), MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N1), MIDR_ALL_VERSIONS(MIDR_NEOVERSE_N2), + MIDR_ALL_VERSIONS(MIDR_MICROSOFT_AZURE_COBALT_100), MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V1), MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V2), MIDR_ALL_VERSIONS(MIDR_NEOVERSE_V3), -- 2.43.0

7 months

2
3
0 0

[PATCH] ceph: fix cap ref leak via netfs init_request

by Patrick Donnelly

From: Patrick Donnelly <pdonnell(a)redhat.com> Log recovered from a user's cluster: <7>[ 5413.970692] ceph: get_cap_refs 00000000958c114b ret 1 got Fr <7>[ 5413.970695] ceph: start_read 00000000958c114b, no cache cap ... <7>[ 5473.934609] ceph: my wanted = Fr, used = Fr, dirty - <7>[ 5473.934616] ceph: revocation: pAsLsXsFr -> pAsLsXs (revoking Fr) <7>[ 5473.934632] ceph: __ceph_caps_issued 00000000958c114b cap 00000000f7784259 issued pAsLsXs <7>[ 5473.934638] ceph: check_caps 10000000e68.fffffffffffffffe file_want - used Fr dirty - flushing - issued pAsLsXs revoking Fr retain pAsLsXsFsr AUTHONLY NOINVAL FLUSH_FORCE The MDS subsequently complains that the kernel client is late releasing caps. Closes: https://tracker.ceph.com/issues/67008 Fixes: a5c9dc4451394b2854493944dcc0ff71af9705a3 ("ceph: Make ceph_init_request() check caps on readahead") Signed-off-by: Patrick Donnelly <pdonnell(a)redhat.com> Cc: stable(a)vger.kernel.org --- fs/ceph/addr.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index 53fef258c2bc..702c6a730b70 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -489,8 +489,11 @@ static int ceph_init_request(struct netfs_io_request *rreq, struct file *file) rreq->io_streams[0].sreq_max_len = fsc->mount_options->rsize; out: - if (ret < 0) + if (ret < 0) { + if (got) + ceph_put_cap_refs(ceph_inode(inode), got); kfree(priv); + } return ret; } base-commit: e32cde8d2bd7d251a8f9b434143977ddf13dcec6 -- Patrick Donnelly, Ph.D. He / Him / His Red Hat Partner Engineer IBM, Inc. GPG: 19F28A586F808C2402351B93C3301A3E258DD79D

7 months

4
3
0 0

Linux 6.11.2

by Greg Kroah-Hartman

I'm announcing the release of the 6.11.2 kernel. All users of the 6.11 kernel series must upgrade. The updated 6.11.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.11.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ .gitignore | 1 Documentation/ABI/testing/sysfs-bus-iio-filter-admv8818 | 2 Documentation/arch/arm64/silicon-errata.rst | 2 Documentation/devicetree/bindings/iio/magnetometer/asahi-kasei,ak8975.yaml | 1 Documentation/devicetree/bindings/pci/fsl,layerscape-pcie.yaml | 26 Documentation/devicetree/bindings/spi/spi-nxp-fspi.yaml | 1 Documentation/driver-api/ipmi.rst | 2 Documentation/virt/kvm/locking.rst | 33 - Makefile | 2 arch/arm/boot/dts/microchip/sam9x60.dtsi | 4 arch/arm/boot/dts/microchip/sama7g5.dtsi | 2 arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts | 2 arch/arm/boot/dts/nxp/imx/imx6ull-seeed-npi-dev-board.dtsi | 12 arch/arm/boot/dts/nxp/imx/imx7d-zii-rmu2.dts | 2 arch/arm/mach-ep93xx/clock.c | 2 arch/arm/mach-versatile/platsmp-realview.c | 1 arch/arm/vfp/vfpinstr.h | 48 - arch/arm64/Kconfig | 2 arch/arm64/boot/dts/exynos/exynos7885-jackpotlte.dts | 2 arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi | 3 arch/arm64/boot/dts/mediatek/mt8186.dtsi | 12 arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 1 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 12 arch/arm64/boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 1 arch/arm64/boot/dts/nvidia/tegra234-p3701-0008.dtsi | 33 - arch/arm64/boot/dts/nvidia/tegra234-p3740-0002.dtsi | 33 + arch/arm64/boot/dts/qcom/sa8775p.dtsi | 2 arch/arm64/boot/dts/qcom/x1e80100.dtsi | 10 arch/arm64/boot/dts/renesas/r9a07g043u.dtsi | 4 arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 4 arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 4 arch/arm64/boot/dts/renesas/r9a08g045.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3399-pinebook-pro.dts | 4 arch/arm64/boot/dts/rockchip/rk3568-odroid-m1.dts | 2 arch/arm64/boot/dts/ti/k3-am654-idk.dtso | 8 arch/arm64/boot/dts/ti/k3-j721e-beagleboneai64.dts | 4 arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 4 arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/esr.h | 88 +-- arch/arm64/include/uapi/asm/sigcontext.h | 6 arch/arm64/kernel/cpu_errata.c | 10 arch/arm64/kernel/smp.c | 160 +++-- arch/arm64/kvm/hyp/nvhe/ffa.c | 21 arch/arm64/net/bpf_jit_comp.c | 57 +- arch/m68k/kernel/process.c | 2 arch/powerpc/crypto/Kconfig | 1 arch/powerpc/include/asm/asm-compat.h | 6 arch/powerpc/include/asm/atomic.h | 5 arch/powerpc/include/asm/uaccess.h | 7 arch/powerpc/kernel/head_8xx.S | 6 arch/powerpc/kernel/vdso/gettimeofday.S | 4 arch/powerpc/mm/nohash/8xx.c | 4 arch/riscv/include/asm/kvm_vcpu_pmu.h | 21 arch/riscv/kernel/perf_callchain.c | 2 arch/riscv/kvm/vcpu_pmu.c | 14 arch/riscv/kvm/vcpu_sbi.c | 4 arch/s390/include/asm/ftrace.h | 17 arch/s390/kernel/Makefile | 2 arch/s390/kernel/early.c | 7 arch/s390/kernel/earlypgm.S | 23 arch/s390/kernel/entry.S | 16 arch/s390/kernel/stacktrace.c | 19 arch/um/Kconfig | 1 arch/x86/coco/tdx/tdx.c | 6 arch/x86/crypto/aesni-intel_glue.c | 59 +- arch/x86/events/intel/core.c | 8 arch/x86/events/intel/pt.c | 15 arch/x86/include/asm/acpi.h | 8 arch/x86/include/asm/hardirq.h | 8 arch/x86/include/asm/idtentry.h | 6 arch/x86/include/asm/kvm_host.h | 2 arch/x86/kernel/acpi/boot.c | 11 arch/x86/kernel/cpu/sgx/main.c | 27 arch/x86/kernel/head64.c | 3 arch/x86/kernel/jailhouse.c | 1 arch/x86/kernel/mmconf-fam10h_64.c | 1 arch/x86/kernel/process_64.c | 29 - arch/x86/kernel/smpboot.c | 1 arch/x86/kernel/x86_init.c | 1 arch/x86/kvm/lapic.c | 73 +- arch/x86/kvm/svm/svm.c | 2 arch/x86/kvm/vmx/main.c | 2 arch/x86/mm/tlb.c | 7 arch/x86/net/bpf_jit_comp.c | 107 ++- arch/x86/pci/fixup.c | 4 arch/x86/xen/mmu_pv.c | 5 arch/x86/xen/p2m.c | 98 +++ arch/x86/xen/setup.c | 202 +++++-- arch/x86/xen/xen-ops.h | 6 block/bfq-iosched.c | 81 +- block/blk-core.c | 1 block/elevator.c | 4 block/partitions/core.c | 8 crypto/asymmetric_keys/asymmetric_type.c | 7 crypto/xor.c | 31 - drivers/acpi/acpica/exsystem.c | 11 drivers/acpi/cppc_acpi.c | 43 + drivers/acpi/device_sysfs.c | 5 drivers/acpi/pmic/tps68470_pmic.c | 6 drivers/acpi/resource.c | 12 drivers/acpi/video_detect.c | 8 drivers/ata/libata-eh.c | 8 drivers/ata/libata-scsi.c | 5 drivers/base/core.c | 15 drivers/base/firmware_loader/main.c | 30 + drivers/base/module.c | 14 drivers/block/drbd/drbd_main.c | 6 drivers/block/drbd/drbd_state.c | 2 drivers/block/nbd.c | 15 drivers/block/ublk_drv.c | 62 +- drivers/bluetooth/btusb.c | 5 drivers/bus/arm-integrator-lm.c | 1 drivers/bus/mhi/host/pci_generic.c | 26 drivers/char/hw_random/Kconfig | 1 drivers/char/hw_random/bcm2835-rng.c | 4 drivers/char/hw_random/cctrng.c | 1 drivers/char/hw_random/mtk-rng.c | 2 drivers/char/tpm/tpm-dev-common.c | 2 drivers/char/tpm/tpm2-sessions.c | 1 drivers/char/tpm/tpm2-space.c | 3 drivers/clk/at91/sama7g5.c | 5 drivers/clk/imx/clk-composite-7ulp.c | 7 drivers/clk/imx/clk-composite-8m.c | 53 + drivers/clk/imx/clk-composite-93.c | 15 drivers/clk/imx/clk-fracn-gppll.c | 4 drivers/clk/imx/clk-imx6ul.c | 4 drivers/clk/imx/clk-imx8mp-audiomix.c | 13 drivers/clk/imx/clk-imx8mp.c | 4 drivers/clk/imx/clk-imx8qxp.c | 10 drivers/clk/qcom/clk-alpha-pll.c | 52 + drivers/clk/qcom/clk-alpha-pll.h | 2 drivers/clk/qcom/dispcc-sm8250.c | 9 drivers/clk/qcom/dispcc-sm8550.c | 14 drivers/clk/qcom/gcc-ipq5332.c | 1 drivers/clk/rockchip/clk-rk3228.c | 2 drivers/clk/rockchip/clk-rk3588.c | 2 drivers/clk/starfive/clk-starfive-jh7110-vout.c | 2 drivers/clk/ti/clk-dra7-atl.c | 1 drivers/clocksource/timer-qcom.c | 7 drivers/cpufreq/ti-cpufreq.c | 10 drivers/cpuidle/cpuidle-riscv-sbi.c | 21 drivers/crypto/caam/caamhash.c | 1 drivers/crypto/ccp/sev-dev.c | 15 drivers/crypto/hisilicon/hpre/hpre_main.c | 54 - drivers/crypto/hisilicon/qm.c | 151 +++-- drivers/crypto/hisilicon/sec2/sec_main.c | 16 drivers/crypto/hisilicon/zip/zip_main.c | 23 drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 drivers/crypto/intel/qat/qat_common/adf_gen4_hw_data.h | 2 drivers/crypto/intel/qat/qat_common/adf_init.c | 4 drivers/crypto/intel/qat/qat_common/adf_pfvf_pf_msg.c | 9 drivers/crypto/intel/qat/qat_common/adf_pfvf_vf_msg.c | 14 drivers/crypto/intel/qat/qat_common/adf_pfvf_vf_msg.h | 1 drivers/crypto/intel/qat/qat_common/adf_vf_isr.c | 2 drivers/crypto/n2_core.c | 1 drivers/crypto/qcom-rng.c | 4 drivers/cxl/core/pci.c | 8 drivers/edac/igen6_edac.c | 2 drivers/edac/synopsys_edac.c | 35 + drivers/firewire/core-cdev.c | 2 drivers/firmware/arm_scmi/optee.c | 7 drivers/firmware/efi/libstub/tpm.c | 2 drivers/firmware/qcom/qcom_scm.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 3 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6 drivers/gpu/drm/amd/amdgpu/amdgv_sriovmsg.h | 4 drivers/gpu/drm/amd/amdgpu/atombios_encoders.c | 29 - drivers/gpu/drm/amd/amdgpu/gfx_v12_0.c | 14 drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 2 drivers/gpu/drm/amd/amdgpu/mes_v12_0.c | 14 drivers/gpu/drm/amd/amdgpu/sdma_v7_0.c | 7 drivers/gpu/drm/amd/amdgpu/soc24.c | 23 drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 165 ----- drivers/gpu/drm/amd/amdkfd/kfd_mqd_manager_v12.c | 4 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 94 ++- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_helpers.c | 18 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 138 +++- drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 6 drivers/gpu/drm/amd/display/dc/dc_dsc.h | 3 drivers/gpu/drm/amd/display/dc/dml2/dml21/dml21_translation_helper.c | 4 drivers/gpu/drm/amd/display/dc/dml2/dml21/src/dml2_pmo/dml2_pmo_dcn4_fams2.c | 8 drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 5 drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 50 + drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 6 drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 27 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 13 drivers/gpu/drm/amd/display/dc/link/hwss/link_hwss_hpo_dp.c | 12 drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c | 1 drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c | 3 drivers/gpu/drm/amd/display/modules/freesync/freesync.c | 2 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c | 6 drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c | 3 drivers/gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 6 drivers/gpu/drm/bridge/lontium-lt8912b.c | 35 - drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 drivers/gpu/drm/mediatek/mtk_crtc.c | 32 + drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 12 drivers/gpu/drm/msm/adreno/a5xx_gpu.h | 2 drivers/gpu/drm/msm/adreno/a5xx_preempt.c | 30 + drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 46 - drivers/gpu/drm/msm/adreno/adreno_gen7_9_0_snapshot.h | 2 drivers/gpu/drm/msm/adreno/adreno_gpu.c | 2 drivers/gpu/drm/msm/disp/mdp5/mdp5_smp.c | 2 drivers/gpu/drm/msm/dp/dp_display.c | 10 drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 12 drivers/gpu/drm/radeon/evergreen_cs.c | 62 +- drivers/gpu/drm/radeon/radeon_atombios.c | 29 - drivers/gpu/drm/rockchip/dw_hdmi-rockchip.c | 2 drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 4 drivers/gpu/drm/stm/drv.c | 4 drivers/gpu/drm/stm/ltdc.c | 2 drivers/gpu/drm/vc4/vc4_hdmi.c | 8 drivers/gpu/drm/xe/xe_exec_queue.c | 157 ++--- drivers/gpu/drm/xe/xe_exec_queue.h | 6 drivers/gpu/drm/xe/xe_hw_engine.c | 31 + drivers/gpu/drm/xe/xe_hw_engine.h | 7 drivers/gpu/drm/xe/xe_migrate.c | 2 drivers/gpu/drm/xe/xe_vm.c | 8 drivers/hid/wacom_wac.c | 13 drivers/hid/wacom_wac.h | 2 drivers/hwmon/max16065.c | 17 drivers/hwmon/ntc_thermistor.c | 1 drivers/hwtracing/coresight/coresight-dummy.c | 4 drivers/hwtracing/coresight/coresight-tmc-etr.c | 2 drivers/hwtracing/coresight/coresight-tpdm.c | 6 drivers/i2c/busses/i2c-aspeed.c | 16 drivers/i2c/busses/i2c-isch.c | 3 drivers/i2c/busses/i2c-xiic.c | 41 - drivers/idle/intel_idle.c | 79 ++ drivers/iio/adc/ad7606.c | 8 drivers/iio/adc/ad7606_spi.c | 5 drivers/iio/chemical/bme680_core.c | 7 drivers/iio/magnetometer/ak8975.c | 1 drivers/infiniband/core/cache.c | 4 drivers/infiniband/core/iwcm.c | 2 drivers/infiniband/hw/bnxt_re/ib_verbs.c | 2 drivers/infiniband/hw/cxgb4/cm.c | 5 drivers/infiniband/hw/erdma/erdma_verbs.c | 25 drivers/infiniband/hw/hns/hns_roce_ah.c | 14 drivers/infiniband/hw/hns/hns_roce_hem.c | 22 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 33 - drivers/infiniband/hw/hns/hns_roce_qp.c | 16 drivers/infiniband/hw/irdma/verbs.c | 2 drivers/infiniband/hw/mlx5/main.c | 2 drivers/infiniband/hw/mlx5/mlx5_ib.h | 2 drivers/infiniband/hw/mlx5/mr.c | 99 +-- drivers/infiniband/hw/mlx5/umr.c | 3 drivers/infiniband/ulp/rtrs/rtrs-clt.c | 9 drivers/infiniband/ulp/rtrs/rtrs-srv.c | 1 drivers/input/keyboard/adp5588-keys.c | 2 drivers/input/misc/ims-pcu.c | 2 drivers/input/serio/i8042-acpipnpio.h | 37 + drivers/input/touchscreen/ilitek_ts_i2c.c | 18 drivers/interconnect/icc-clk.c | 3 drivers/interconnect/qcom/sm8350.c | 1 drivers/iommu/amd/io_pgtable.c | 8 drivers/iommu/amd/io_pgtable_v2.c | 4 drivers/iommu/amd/iommu.c | 57 -- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 4 drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 28 + drivers/iommu/arm/arm-smmu/arm-smmu.c | 2 drivers/iommu/iommufd/hw_pagetable.c | 3 drivers/iommu/iommufd/io_pagetable.c | 8 drivers/iommu/iommufd/selftest.c | 9 drivers/leds/leds-bd2606mvv.c | 23 drivers/leds/leds-gpio.c | 9 drivers/leds/leds-pca995x.c | 21 drivers/md/dm-integrity.c | 15 drivers/md/dm-rq.c | 4 drivers/md/dm.c | 11 drivers/md/md.c | 1 drivers/media/dvb-frontends/rtl2830.c | 2 drivers/media/dvb-frontends/rtl2832.c | 2 drivers/media/platform/imagination/Kconfig | 1 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_if.c | 9 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_multi_if.c | 9 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c | 10 drivers/media/platform/raspberrypi/pisp_be/Kconfig | 1 drivers/media/platform/renesas/rzg2l-cru/rzg2l-csi2.c | 1 drivers/media/tuners/tuner-i2c.h | 4 drivers/mtd/devices/powernv_flash.c | 3 drivers/mtd/devices/slram.c | 2 drivers/mtd/nand/raw/mtk_nand.c | 36 - drivers/net/bareudp.c | 26 drivers/net/bonding/bond_main.c | 6 drivers/net/can/m_can/m_can.c | 14 drivers/net/can/usb/esd_usb.c | 6 drivers/net/ethernet/freescale/enetc/enetc.c | 3 drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c | 4 drivers/net/ethernet/intel/idpf/idpf_txrx.c | 35 - drivers/net/ethernet/intel/idpf/idpf_txrx.h | 9 drivers/net/ethernet/meta/Kconfig | 2 drivers/net/ethernet/meta/fbnic/fbnic_txrx.c | 8 drivers/net/ethernet/realtek/r8169_phy_config.c | 2 drivers/net/ethernet/renesas/ravb.h | 1 drivers/net/ethernet/renesas/ravb_main.c | 18 drivers/net/ethernet/seeq/ether3.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c | 3 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 37 - drivers/net/netkit.c | 3 drivers/net/phy/aquantia/aquantia_firmware.c | 42 - drivers/net/phy/aquantia/aquantia_leds.c | 3 drivers/net/phy/aquantia/aquantia_main.c | 24 drivers/net/usb/usbnet.c | 37 + drivers/net/virtio_net.c | 88 ++- drivers/net/wireless/ath/ath11k/core.h | 1 drivers/net/wireless/ath/ath11k/mac.c | 12 drivers/net/wireless/ath/ath11k/wmi.c | 4 drivers/net/wireless/ath/ath12k/mac.c | 5 drivers/net/wireless/ath/ath12k/wmi.c | 1 drivers/net/wireless/ath/ath12k/wmi.h | 3 drivers/net/wireless/ath/ath9k/debug.c | 2 drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/btcoex.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 30 - drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.h | 40 + drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 11 drivers/net/wireless/intel/iwlwifi/iwl-config.h | 1 drivers/net/wireless/intel/iwlwifi/mvm/constants.h | 2 drivers/net/wireless/intel/iwlwifi/mvm/ftm-initiator.c | 1 drivers/net/wireless/intel/iwlwifi/mvm/time-event.c | 14 drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 4 drivers/net/wireless/mediatek/mt76/mac80211.c | 2 drivers/net/wireless/mediatek/mt76/mt7603/dma.c | 4 drivers/net/wireless/mediatek/mt76/mt7615/init.c | 3 drivers/net/wireless/mediatek/mt76/mt76_connac3_mac.h | 4 drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 drivers/net/wireless/mediatek/mt76/mt7915/main.c | 3 drivers/net/wireless/mediatek/mt76/mt7921/init.c | 4 drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 5 drivers/net/wireless/mediatek/mt76/mt7925/main.c | 15 drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 3 drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h | 1 drivers/net/wireless/mediatek/mt76/mt7925/pci.c | 2 drivers/net/wireless/mediatek/mt76/mt7996/init.c | 65 +- drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 4 drivers/net/wireless/mediatek/mt76/mt7996/main.c | 6 drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 13 drivers/net/wireless/microchip/wilc1000/hif.c | 4 drivers/net/wireless/realtek/rtw88/coex.c | 38 - drivers/net/wireless/realtek/rtw88/fw.c | 13 drivers/net/wireless/realtek/rtw88/main.c | 7 drivers/net/wireless/realtek/rtw88/rtw8821cu.c | 2 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 10 drivers/net/wireless/realtek/rtw88/rx.h | 2 drivers/net/wireless/realtek/rtw89/core.c | 1 drivers/net/wireless/realtek/rtw89/core.h | 3 drivers/net/wireless/realtek/rtw89/fw.c | 6 drivers/net/wireless/realtek/rtw89/fw.h | 7 drivers/net/wireless/realtek/rtw89/mac.c | 13 drivers/net/wireless/realtek/rtw89/mac.h | 1 drivers/net/wireless/realtek/rtw89/reg.h | 4 drivers/net/wireless/virtual/mac80211_hwsim.c | 2 drivers/ntb/hw/intel/ntb_hw_gen1.c | 2 drivers/ntb/ntb_transport.c | 23 drivers/ntb/test/ntb_perf.c | 2 drivers/nvdimm/namespace_devs.c | 34 - drivers/nvme/host/multipath.c | 2 drivers/pci/controller/dwc/pci-dra7xx.c | 11 drivers/pci/controller/dwc/pci-imx6.c | 15 drivers/pci/controller/dwc/pci-keystone.c | 2 drivers/pci/controller/dwc/pcie-kirin.c | 4 drivers/pci/controller/dwc/pcie-qcom-ep.c | 14 drivers/pci/controller/pcie-xilinx-nwl.c | 39 - drivers/pci/pci.c | 20 drivers/pci/pci.h | 6 drivers/pci/quirks.c | 31 - drivers/perf/alibaba_uncore_drw_pmu.c | 2 drivers/perf/arm-cmn.c | 109 +-- drivers/perf/dwc_pcie_pmu.c | 21 drivers/perf/hisilicon/hisi_pcie_pmu.c | 16 drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 1 drivers/pinctrl/mvebu/pinctrl-dove.c | 42 + drivers/pinctrl/pinctrl-single.c | 3 drivers/pinctrl/renesas/pinctrl-rzg2l.c | 8 drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 52 - drivers/platform/cznic/turris-omnia-mcu-trng.c | 4 drivers/platform/x86/ideapad-laptop.c | 48 - drivers/pmdomain/core.c | 6 drivers/power/supply/axp20x_battery.c | 16 drivers/power/supply/max17042_battery.c | 5 drivers/powercap/intel_rapl_common.c | 2 drivers/pps/clients/pps_parport.c | 8 drivers/regulator/of_regulator.c | 2 drivers/remoteproc/imx_rproc.c | 6 drivers/reset/reset-berlin.c | 3 drivers/reset/reset-k210.c | 3 drivers/s390/crypto/ap_bus.c | 17 drivers/scsi/NCR5380.c | 78 +- drivers/scsi/elx/libefc/efc_nport.c | 2 drivers/scsi/lpfc/lpfc_hw4.h | 3 drivers/scsi/lpfc/lpfc_init.c | 21 drivers/scsi/lpfc/lpfc_scsi.c | 2 drivers/scsi/mac_scsi.c | 162 ++--- drivers/scsi/sd.c | 4 drivers/scsi/smartpqi/smartpqi_init.c | 20 drivers/soc/fsl/qe/qmc.c | 24 drivers/soc/fsl/qe/tsa.c | 2 drivers/soc/qcom/smd-rpm.c | 35 - drivers/soc/versatile/soc-integrator.c | 1 drivers/soc/versatile/soc-realview.c | 20 drivers/spi/atmel-quadspi.c | 15 drivers/spi/spi-airoha-snfi.c | 43 - drivers/spi/spi-bcmbca-hsspi.c | 8 drivers/spi/spi-fsl-lpspi.c | 1 drivers/spi/spi-nxp-fspi.c | 54 + drivers/spi/spi-ppc4xx.c | 7 drivers/staging/media/starfive/camss/stf-camss.c | 2 drivers/thermal/gov_bang_bang.c | 14 drivers/thermal/thermal_core.c | 78 +- drivers/thermal/thermal_core.h | 27 drivers/thermal/thermal_sysfs.c | 205 +++---- drivers/thermal/thermal_trip.c | 6 drivers/tty/serial/8250/8250_omap.c | 2 drivers/tty/serial/qcom_geni_serial.c | 101 +-- drivers/tty/serial/rp2.c | 2 drivers/tty/serial/serial_core.c | 13 drivers/ufs/host/ufs-qcom.c | 2 drivers/usb/cdns3/cdnsp-ring.c | 6 drivers/usb/cdns3/host.c | 4 drivers/usb/class/cdc-acm.c | 2 drivers/usb/dwc2/drd.c | 9 drivers/usb/gadget/udc/dummy_hcd.c | 14 drivers/usb/host/xhci-pci.c | 22 drivers/usb/host/xhci-ring.c | 14 drivers/usb/host/xhci.h | 1 drivers/usb/misc/appledisplay.c | 15 drivers/usb/misc/cypress_cy7c63.c | 4 drivers/usb/misc/yurex.c | 10 drivers/usb/typec/ucsi/ucsi.c | 33 - drivers/vdpa/mlx5/core/mr.c | 3 drivers/vhost/vdpa.c | 16 drivers/video/fbdev/hpfb.c | 1 drivers/video/fbdev/xen-fbfront.c | 1 drivers/virtio/virtio.c | 59 +- drivers/watchdog/imx_sc_wdt.c | 24 drivers/xen/swiotlb-xen.c | 10 fs/autofs/inode.c | 3 fs/btrfs/btrfs_inode.h | 1 fs/btrfs/ctree.h | 2 fs/btrfs/extent-tree.c | 4 fs/btrfs/file.c | 34 + fs/btrfs/ioctl.c | 4 fs/btrfs/subpage.c | 10 fs/btrfs/tree-checker.c | 2 fs/cachefiles/xattr.c | 34 - fs/debugfs/inode.c | 8 fs/erofs/decompressor.c | 2 fs/erofs/inode.c | 20 fs/erofs/zdata.c | 71 +- fs/eventpoll.c | 2 fs/exfat/nls.c | 5 fs/ext4/ialloc.c | 14 fs/ext4/inline.c | 35 - fs/ext4/mballoc.c | 10 fs/ext4/super.c | 29 - fs/f2fs/compress.c | 36 + fs/f2fs/data.c | 10 fs/f2fs/dir.c | 3 fs/f2fs/extent_cache.c | 4 fs/f2fs/f2fs.h | 37 - fs/f2fs/file.c | 114 ++-- fs/f2fs/inode.c | 5 fs/f2fs/namei.c | 68 -- fs/f2fs/segment.c | 15 fs/f2fs/super.c | 16 fs/f2fs/xattr.c | 14 fs/fcntl.c | 14 fs/fuse/file.c | 2 fs/inode.c | 4 fs/jfs/jfs_dmap.c | 4 fs/jfs/jfs_imap.c | 2 fs/namespace.c | 14 fs/netfs/main.c | 4 fs/nfs/nfs4proc.c | 16 fs/nfs/nfs4state.c | 1 fs/nfsd/filecache.c | 3 fs/nfsd/nfs4idmap.c | 13 fs/nfsd/nfs4recover.c | 8 fs/nfsd/nfs4state.c | 164 +++-- fs/nilfs2/btree.c | 12 fs/quota/dquot.c | 3 fs/smb/server/vfs.c | 19 include/acpi/acoutput.h | 5 include/acpi/cppc_acpi.h | 2 include/linux/bpf.h | 9 include/linux/bpf_lsm.h | 8 include/linux/compiler.h | 2 include/linux/f2fs_fs.h | 2 include/linux/lsm_hook_defs.h | 1 include/linux/lsm_hooks.h | 1 include/linux/sbitmap.h | 2 include/linux/soc/qcom/geni-se.h | 9 include/linux/usb/usbnet.h | 15 include/linux/virtio.h | 11 include/net/bluetooth/hci_core.h | 4 include/net/ip.h | 2 include/net/mac80211.h | 7 include/net/netfilter/nf_tables.h | 2 include/net/tcp.h | 21 include/sound/tas2563-tlv.h | 279 ++++++++++ include/sound/tas2781-tlv.h | 260 --------- include/sound/tas2781.h | 7 include/trace/events/f2fs.h | 3 io_uring/io-wq.c | 25 io_uring/io_uring.c | 4 io_uring/rw.c | 8 io_uring/sqpoll.c | 12 kernel/bpf/bpf_lsm.c | 34 + kernel/bpf/btf.c | 13 kernel/bpf/helpers.c | 12 kernel/bpf/syscall.c | 4 kernel/bpf/verifier.c | 134 ++-- kernel/cgroup/pids.c | 18 kernel/kthread.c | 10 kernel/locking/lockdep.c | 48 + kernel/module/Makefile | 2 kernel/padata.c | 6 kernel/rcu/tree_nocb.h | 5 kernel/sched/deadline.c | 38 - kernel/sched/fair.c | 34 - kernel/trace/bpf_trace.c | 15 lib/debugobjects.c | 5 lib/sbitmap.c | 4 lib/xz/xz_crc32.c | 2 lib/xz/xz_private.h | 4 mm/damon/vaddr.c | 2 mm/huge_memory.c | 2 mm/hugetlb.c | 176 +++--- mm/internal.h | 11 mm/memory.c | 8 mm/migrate.c | 2 mm/mmap.c | 4 mm/util.c | 2 net/bluetooth/hci_conn.c | 6 net/bluetooth/hci_sync.c | 5 net/bluetooth/mgmt.c | 13 net/can/bcm.c | 4 net/can/j1939/transport.c | 8 net/core/filter.c | 71 +- net/core/sock_map.c | 1 net/ipv4/icmp.c | 103 ++- net/ipv6/Kconfig | 1 net/ipv6/icmp.c | 28 - net/ipv6/netfilter/nf_reject_ipv6.c | 14 net/ipv6/route.c | 2 net/ipv6/rpl_iptunnel.c | 12 net/mac80211/iface.c | 17 net/mac80211/mlme.c | 30 - net/mac80211/offchannel.c | 1 net/mac80211/rate.c | 2 net/mac80211/scan.c | 2 net/mac80211/tx.c | 2 net/netfilter/nf_conntrack_netlink.c | 7 net/netfilter/nf_tables_api.c | 47 + net/netfilter/nft_compat.c | 6 net/netfilter/nft_dynset.c | 6 net/netfilter/nft_log.c | 2 net/netfilter/nft_meta.c | 2 net/netfilter/nft_numgen.c | 2 net/netfilter/nft_set_pipapo.c | 13 net/netfilter/nft_tunnel.c | 5 net/qrtr/af_qrtr.c | 2 net/tipc/bcast.c | 2 net/unix/af_unix.c | 80 +- net/unix/garbage.c | 16 net/wireless/nl80211.c | 3 net/wireless/scan.c | 6 net/wireless/sme.c | 3 net/wireless/util.c | 10 net/xdp/xsk_buff_pool.c | 25 samples/bpf/Makefile | 6 security/apparmor/include/net.h | 3 security/apparmor/lsm.c | 17 security/apparmor/net.c | 2 security/bpf/hooks.c | 1 security/integrity/ima/ima.h | 2 security/integrity/ima/ima_iint.c | 20 security/integrity/ima/ima_main.c | 2 security/landlock/fs.c | 9 security/security.c | 68 +- security/selinux/hooks.c | 80 +- security/selinux/include/objsec.h | 5 security/selinux/netlabel.c | 23 security/smack/smack.h | 5 security/smack/smack_lsm.c | 70 +- security/smack/smack_netfilter.c | 4 security/smack/smackfs.c | 2 sound/pci/hda/cs35l41_hda_spi.c | 1 sound/pci/hda/tas2781_hda_i2c.c | 2 sound/soc/codecs/rt5682.c | 4 sound/soc/codecs/rt5682s.c | 4 sound/soc/codecs/tas2781-comlib.c | 3 sound/soc/codecs/tas2781-fmwlib.c | 1 sound/soc/codecs/tas2781-i2c.c | 27 sound/soc/loongson/loongson_card.c | 4 tools/bpf/bpftool/btf.c | 7 tools/bpf/runqslower/Makefile | 3 tools/build/feature/test-all.c | 4 tools/include/nolibc/string.h | 1 tools/lib/bpf/btf.c | 4 tools/lib/bpf/btf_relocate.c | 2 tools/lib/bpf/libbpf.c | 75 +- tools/objtool/arch/loongarch/decode.c | 11 tools/objtool/check.c | 23 tools/objtool/include/objtool/elf.h | 1 tools/perf/builtin-c2c.c | 14 tools/perf/builtin-inject.c | 1 tools/perf/builtin-mem.c | 20 tools/perf/builtin-report.c | 3 tools/perf/builtin-sched.c | 8 tools/perf/pmu-events/arch/x86/cascadelakex/uncore-cache.json | 60 +- tools/perf/pmu-events/arch/x86/skylakex/uncore-cache.json | 60 +- tools/perf/pmu-events/arch/x86/snowridgex/uncore-cache.json | 57 -- tools/perf/scripts/python/arm-cs-trace-disasm.py | 9 tools/perf/ui/hist.c | 10 tools/perf/util/Build | 1 tools/perf/util/annotate-data.c | 2 tools/perf/util/bpf_skel/lock_data.h | 4 tools/perf/util/bpf_skel/vmlinux/vmlinux.h | 1 tools/perf/util/disasm.c | 187 ------ tools/perf/util/disasm_bpf.c | 195 ++++++ tools/perf/util/disasm_bpf.h | 12 tools/perf/util/dwarf-aux.c | 16 tools/perf/util/mem-events.c | 20 tools/perf/util/mem-events.h | 4 tools/perf/util/session.c | 3 tools/perf/util/stat-display.c | 3 tools/perf/util/time-utils.c | 4 tools/perf/util/tool.h | 1 tools/power/cpupower/lib/powercap.c | 8 tools/testing/selftests/arm64/signal/Makefile | 2 tools/testing/selftests/arm64/signal/sve_helpers.c | 56 ++ tools/testing/selftests/arm64/signal/sve_helpers.h | 21 tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sme_change_vl.c | 46 - tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sve_change_vl.c | 30 - tools/testing/selftests/arm64/signal/testcases/ssve_regs.c | 36 - tools/testing/selftests/arm64/signal/testcases/ssve_za_regs.c | 36 - tools/testing/selftests/arm64/signal/testcases/sve_regs.c | 32 - tools/testing/selftests/arm64/signal/testcases/za_no_regs.c | 32 - tools/testing/selftests/arm64/signal/testcases/za_regs.c | 36 - tools/testing/selftests/bpf/Makefile | 13 tools/testing/selftests/bpf/bench.c | 1 tools/testing/selftests/bpf/bench.h | 1 tools/testing/selftests/bpf/map_tests/sk_storage_map.c | 2 tools/testing/selftests/bpf/prog_tests/bpf_iter_setsockopt.c | 2 tools/testing/selftests/bpf/prog_tests/core_reloc.c | 1 tools/testing/selftests/bpf/prog_tests/crypto_sanity.c | 1 tools/testing/selftests/bpf/prog_tests/decap_sanity.c | 1 tools/testing/selftests/bpf/prog_tests/flow_dissector.c | 2 tools/testing/selftests/bpf/prog_tests/kfree_skb.c | 1 tools/testing/selftests/bpf/prog_tests/lwt_redirect.c | 1 tools/testing/selftests/bpf/prog_tests/lwt_reroute.c | 1 tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c | 2 tools/testing/selftests/bpf/prog_tests/parse_tcp_hdr_opt.c | 1 tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 1 tools/testing/selftests/bpf/prog_tests/tc_redirect.c | 12 tools/testing/selftests/bpf/prog_tests/tcp_rtt.c | 1 tools/testing/selftests/bpf/prog_tests/user_ringbuf.c | 1 tools/testing/selftests/bpf/progs/bpf_misc.h | 24 tools/testing/selftests/bpf/progs/cg_storage_multi.h | 2 tools/testing/selftests/bpf/progs/test_libbpf_get_fd_by_id_opts.c | 1 tools/testing/selftests/bpf/progs/verifier_spill_fill.c | 8 tools/testing/selftests/bpf/test_cpp.cpp | 4 tools/testing/selftests/bpf/test_loader.c | 256 +++++++-- tools/testing/selftests/bpf/test_lru_map.c | 3 tools/testing/selftests/bpf/test_progs.c | 18 tools/testing/selftests/bpf/test_progs.h | 1 tools/testing/selftests/bpf/testing_helpers.c | 6 tools/testing/selftests/bpf/unpriv_helpers.c | 1 tools/testing/selftests/bpf/veristat.c | 8 tools/testing/selftests/dt/test_unprobed_devices.sh | 15 tools/testing/selftests/ftrace/test.d/00basic/test_ownership.tc | 12 tools/testing/selftests/ftrace/test.d/ftrace/func_set_ftrace_file.tc | 9 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_char.tc | 2 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_string.tc | 2 tools/testing/selftests/kselftest.h | 2 tools/testing/selftests/mm/mseal_test.c | 57 +- tools/testing/selftests/net/af_unix/msg_oob.c | 23 tools/testing/selftests/net/netfilter/ipvs.sh | 2 tools/testing/selftests/resctrl/cat_test.c | 7 virt/kvm/kvm_main.c | 31 - 685 files changed, 7172 insertions(+), 4678 deletions(-) Aaron Lu (1): x86/sgx: Fix deadlock in SGX NUMA node search Abel Vesa (1): arm64: dts: qcom: x1e80100: Fix PHY for DP2 Abhinav Kumar (1): drm/msm/dp: enable widebus on all relevant chipsets Adrian Hunter (1): perf/x86/intel/pt: Fix sampling synchronization Alan Maguire (1): libbpf: Fix license for btf_relocate.c Aleksa Sarai (1): autofs: fix missing fput for FSCONFIG_SET_FD Aleksandr Mishin (2): ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() drm/msm: Fix incorrect file name output in adreno_request_fw() Alex Bee (1): drm/rockchip: vop: Allow 4096px width scaling Alex Deucher (5): drm/amdgpu: properly handle vbios fake edid sizing drm/radeon: properly handle vbios fake edid sizing drm/amdgpu/mes12: reduce timeout drm/amdgpu/mes11: reduce timeout drm/amdgpu: bump driver version for cleared VRAM Alex Hung (2): drm/amd/display: Check link_res->hpo_dp_link_enc before using it drm/amd/display: disable_hpo_dp_link_output: Check link_res->hpo_dp_link_enc before using it Alexander Dahl (3): ARM: dts: microchip: sam9x60: Fix rtc/rtt clocks spi: atmel-quadspi: Avoid overwriting delay register settings spi: atmel-quadspi: Fix wrong register value written to MR Alexander Shiyan (1): clk: rockchip: rk3588: Fix 32k clock name for pmu_24m_32k_100m_src_p Alexandra Diupina (1): PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() Alexei Starovoitov (1): selftests/bpf: Workaround strict bpf_lsm return value check. Alexey Gladkov (Intel) (1): x86/tdx: Fix "in-kernel MMIO" check Amit Shah (1): crypto: ccp - do not request interrupt on cmd completion when irqs disabled Anastasia Belova (1): arm64: esr: Define ESR_ELx_EC_* constants as UL Andre Przywara (1): kselftest/arm64: signal: fix/refactor SVE vector length enumeration Andrew Davis (2): arm64: dts: ti: k3-j721e-sk: Fix reversed C6x carveout locations arm64: dts: ti: k3-j721e-beagleboneai64: Fix reversed C6x carveout locations Andrew Jones (1): RISC-V: KVM: Fix sbiret init before forwarding to userspace Andrey Konovalov (1): usb: gadget: dummy_hcd: execute hrtimer callback in softirq context Andrii Nakryiko (1): libbpf: Fix bpf_object__open_skeleton()'s mishandling of options Andy Shevchenko (3): spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ platform/x86: ideapad-laptop: Make the scope_guard() clear of its scope i2c: isch: Add missed 'else' AngeloGioacchino Del Regno (1): arm64: dts: mediatek: mt8186: Fix supported-hw mask for GPU OPPs Ankit Agrawal (1): clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() Antoniu Miclaus (1): ABI: testing: fix admv8818 attr description Anup Patel (1): RISC-V: KVM: Don't zero-out PMU snapshot area before freeing data Ard Biesheuvel (1): efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption Arend van Spriel (1): wifi: brcmfmac: introducing fwil query functions Arnaldo Carvalho de Melo (2): perf bpf: Move BPF disassembly routines to separate file to avoid clash with capstone bpf headers perf build: Fix up broken capstone feature detection fast path Artem Bityutskiy (2): intel_idle: add Granite Rapids Xeon support intel_idle: fix ACPI _CST matching for newer Xeon platforms Artur Weber (1): power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense Atish Patra (2): RISC-V: KVM: Allow legacy PMU access from guest RISC-V: KVM: Fix to allow hpmcounter31 from the guest Aurabindo Pillai (2): drm/amd/display: free bo used for dmub bounding box drm/amd/display: Fix underflow when setting underscan on DCN401 Avraham Stern (2): wifi: iwlwifi: mvm: set the cipher for secured NDP ranging wifi: iwlwifi: mvm: increase the time between ranging measurements Baochen Qiang (1): wifi: ath12k: fix invalid AMPDU factor calculation in ath12k_peer_assoc_h_he() Baokun Li (1): netfs: Delete subtree of 'fs/netfs' when netfs module exits Biju Das (1): media: platform: rzg2l-cru: rzg2l-csi2: Add missing MODULE_DEVICE_TABLE Bitterblue Smith (3): wifi: rtw88: Fix USB/SDIO devices not transmitting beacons wifi: rtw88: 8822c: Fix reported RX band width wifi: rtw88: 8703b: Fix reported RX band width Bjørn Mork (1): wifi: mt76: mt7915: fix oops on non-dbdc mt7986 Breno Leitao (1): netkit: Assign missing bpf_net_context Brett Creeley (1): fbnic: Set napi irq value after calling netif_napi_add Brian Masney (1): crypto: qcom-rng - fix support for ACPI-based systems Calvin Owens (1): ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Casey Schaufler (1): lsm: infrastructure management of the sock security Chao Yu (10): f2fs: atomic: fix to avoid racing w/ GC f2fs: reduce expensive checkpoint trigger frequency f2fs: fix to avoid racing in between read and OPU dio write f2fs: fix to wait page writeback before setting gcing flag f2fs: atomic: fix to truncate pagecache before on-disk metadata truncation f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread() f2fs: get rid of online repaire on corrupted directory f2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error() f2fs: fix to wait dio completion f2fs: fix to check atomic_file in f2fs ioctl interfaces Charles Han (1): mtd: powernv: Add check devm_kasprintf() returned value Chen Yu (2): kthread: fix task state in kthread worker if being frozen sched/pelt: Use rq_clock_task() for hw_pressure Chen-Yu Tsai (5): regulator: Return actual error in of_regulator_bulk_get_all() arm64: dts: mediatek: mt8195: Correct clock order for dp_intf* arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled arm64: dts: mediatek: mt8395-nio-12l: Mark USB 3.0 on xhci1 as disabled arm64: dts: mediatek: mt8186-corsola: Disable DPI display interface Cheng Xu (1): RDMA/erdma: Return QP state in erdma_query_qp Chengchang Tang (2): RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS Chia-Yuan Li (1): wifi: rtw89: limit the PPDU length for VHT rate to 0x40000 Chris Mi (1): IB/mlx5: Fix UMR pd cleanup on error flow of driver init Chris Morgan (1): power: supply: axp20x_battery: Remove design from min and max voltage Christian A. Ehrhardt (1): usb: typec: ucsi: Fix busy loop on ASUS VivoBooks Christophe JAILLET (3): fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() drm/stm: Fix an error handling path in stm_drm_platform_probe() pinctrl: ti: ti-iodelay: Fix some error handling paths Christophe Leroy (3): powerpc/8xx: Fix initial memory mapping powerpc/8xx: Fix kernel vs user address comparison powerpc/vdso: Inconditionally use CFUNC macro Claudiu Beznea (3): ARM: dts: microchip: sama7g5: Fix RTT clock drm/stm: ltdc: check memory returned by devm_kzalloc() clk: at91: sama7g5: Allocate only the needed amount of memory for PLLs Clément Léger (1): ACPI: CPPC: Fix MASK_VAL() usage Connor Abbott (3): drm/msm: Use a7xx family directly in gpu_state drm/msm: Dump correct dbgahb clusters on a750 drm/msm: Fix CP_BV_DRAW_STATE_ADDR name Cristian Ciocaltea (1): phy: phy-rockchip-samsung-hdptx: Explicitly include pm_runtime.h Cristian Marussi (1): firmware: arm_scmi: Fix double free in OPTEE transport D Scott Phillips (1): arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a Daeho Jeong (1): f2fs: prevent atomic file from being dirtied before commit Dafna Hirschfeld (1): drm/xe: fix missing 'xe_vm_put' Damien Le Moal (2): ata: libata-scsi: Fix ata_msense_control() CDL page reporting block: Fix elv_iosched_local_module handling of "none" scheduler Dan Carpenter (7): crypto: iaa - Fix potential use after free bug powercap: intel_rapl: Fix off by one in get_rpi() platform: cznic: turris-omnia-mcu: Fix error check in omnia_mcu_register_trng() iommu/arm-smmu-v3: Fix a NULL vs IS_ERR() check scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() PCI: keystone: Fix if-statement expression in ks_pcie_quirk() ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() Daniel Borkmann (4): bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit bpf: Fix helper writes to read-only maps bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error Daniel Golle (2): net: phy: aquantia: fix setting active_low bit net: phy: aquantia: fix applying active_low bit after reset Daniel Yang (1): exfat: resolve memory leak from exfat_create_upcase_table() Danny Tsen (1): crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 Dave Jiang (1): ntb: Force physically contiguous allocation of rx ring buffers Dave Martin (1): arm64: signal: Fix some under-bracketed UAPI macros David Belanger (1): drm/amdgpu: Fix selfring initialization sequence on soc24 David Gow (1): mm: only enforce minimum stack gap size if it's sensible David Howells (1): cachefiles: Fix non-taking of sb_writers around set/removexattr David Lechner (2): clk: ti: dra7-atl: Fix leak of of_nodes Input: ims-pcu - fix calling interruptible mutex David Vernet (1): libbpf: Don't take direct pointers into BTF data from st_ops David Virag (1): arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB Dillon Varone (1): drm/amd/display: Block timing sync for different output formats in pmo Dmitry Antipov (4): wifi: rtw88: always wait for both firmware loading attempts wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Dmitry Baryshkov (9): iommu/arm-smmu-qcom: apply num_context_bank fixes for SDM630 / SDM660 drm/msm/dsi: correct programming sequence for SM8350 / SM8450 clk: qcom: dispcc-sm8550: fix several supposed typos clk: qcom: dispcc-sm8550: use rcg2_ops for mdss_dptx1_aux_clk_src clk: qcom: dispcc-sm8650: Update the GDSC flags clk: qcom: dispcc-sm8550: use rcg2_shared_ops for ESC RCGs clk: qcom: dispcc-sm8250: use special function for Lucid 5LPE PLL interconnect: qcom: sm8250: Enable sync_state Revert "soc: qcom: smd-rpm: Match rpmsg channel instead of compatible" Dmitry Kandybka (1): wifi: rtw88: remove CPT execution branch never used Dmitry Vyukov (2): x86/entry: Remove unwanted instrumentation in common_interrupt() module: Fix KCOV-ignored file name Dominik Grzegorzek (1): drm/xe: Move and export xe_hw_engine lookup. Douglas Anderson (4): arm64: smp: smp_send_stop() and crash_smp_send_stop() should try non-NMI first soc: qcom: geni-se: add GP_LENGTH/IRQ_EN_SET/IRQ_EN_CLEAR registers serial: qcom-geni: fix arg types for qcom_geni_serial_poll_bit() serial: qcom-geni: introduce qcom_geni_serial_poll_bitfield() Dragan Simic (2): arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity Dragos Tatulea (1): vdpa/mlx5: Fix invalid mr resource destroy Eduard Zingerman (7): selftests/bpf: no need to track next_match_pos in struct test_loader selftests/bpf: extract test_loader->expect_msgs as a data structure selftests/bpf: allow checking xlated programs in verifier_* tests selftests/bpf: __arch_* macro to limit test cases to specific archs selftests/bpf: fix to avoid __msg tag de-duplication by clang bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos selftests/bpf: correctly move 'log' upon successful match Eliav Bar-ilan (1): iommu/amd: Fix argument order in amd_iommu_dev_flush_pasid_all() Emanuele Ghidoli (2): Input: ilitek_ts_i2c - avoid wrong input subsystem sync Input: ilitek_ts_i2c - add report id message validation Emmanuel Grumbach (2): wifi: mac80211: fix the comeback long retry times wifi: iwlwifi: mvm: allow ESR when we the ROC expires Eric Biggers (1): crypto: x86/aes-gcm - fix PREEMPT_RT issue in gcm_crypt() Eric Dumazet (4): sock_map: Add a cond_resched() in sock_hash_free() ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() icmp: change the order of rate limits Esther Shimanovich (1): ACPI: video: force native for Apple MacbookPro9,2 Fabio Porcedda (1): bus: mhi: host: pci_generic: Fix the name for the Telit FE990A Fangzhi Zuo (4): drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination drm/amd/display: Add DSC Debug Log drm/amdgpu/display: Fix a mistake in revert commit drm/amd/display: Skip Recompute DSC Params if no Stream on Link Fei Shao (1): drm/mediatek: Use spin_lock_irqsave() for CRTC event lock Felix Fietkau (2): wifi: mt76: mt7603: fix mixed declarations and code wifi: mt76: mt7996: fix uninitialized TLV data Felix Moessbauer (4): io_uring/io-wq: do not allow pinning outside of cpuset io_uring/io-wq: inherit cpuset of cgroup in io worker io_uring/sqpoll: do not allow pinning outside of cpuset io_uring/sqpoll: do not put cpumask on stack Filipe Manana (1): btrfs: fix race setting file private on concurrent lseek using same fd Finn Thain (5): m68k: Fix kernel_clone_args.flags in m68k_clone() scsi: NCR5380: Check for phase match during PDMA fixup scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages scsi: mac_scsi: Refactor polling loop scsi: mac_scsi: Disallow bus errors during PDMA send Florian Fainelli (1): tty: rp2: Fix reset with non forgiving PCIe host bridges Florian Westphal (1): netfilter: nf_tables: store new sets in dedicated list Francesco Dolcini (1): hwrng: cn10k - Enable by default CN10K driver if Thunder SoC is enabled Frank Li (2): dt-bindings: PCI: layerscape-pci: Replace fsl,lx2160a-pcie with fsl,lx2160ar2-pcie PCI: imx6: Fix missing call to phy_power_off() in error handling Frank Min (2): drm/amdgpu: update golden regs for gfx12 drm/amdgpu: fix PTE copy corruption for sdma 7 Frederic Weisbecker (1): rcu/nocb: Fix RT throttling hrtimer armed from offline CPU Furong Xu (1): net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled Gao Xiang (2): erofs: fix incorrect symlink detection in fast symlink erofs: handle overlapped pclusters out of crafted images properly Gaosheng Cui (2): hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume Geert Uytterhoeven (4): pmdomain: core: Harden inter-column space in debug summary pmdomain: core: Fix "managed by" alignment in debug summary media: raspberrypi: VIDEO_RASPBERRYPI_PISP_BE should depend on ARCH_BCM2835 media: imagination: VIDEO_E5010_JPEG_ENC should depend on ARCH_K3 Gilbert Wu (1): scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly Greg Kroah-Hartman (1): Linux 6.11.2 Guenter Roeck (2): hwmon: (max16065) Fix overflows seen when writing limits hwmon: (max16065) Fix alarm attributes Guillaume Nault (2): bareudp: Pull inner IP header in bareudp_udp_encap_recv(). bareudp: Pull inner IP header on xmit. Guillaume Stols (2): iio: adc: ad7606: fix oversampling gpio array iio: adc: ad7606: fix standby gpio state to match the documentation Guoqing Jiang (2): nfsd: call cache_put if xdr_reserve_space returns NULL hwrng: mtk - Use devm_pm_runtime_enable Haibo Chen (3): spi: fspi: involve lut_num for struct nxp_fspi_devtype_data dt-bindings: spi: nxp-fspi: add imx8ulp support spi: fspi: add support for imx8ulp Hannes Reinecke (1): nvme-multipath: system fails to create generic nvme device Hao Ge (1): selftests/bpf: Fix incorrect parameters in NULL pointer checking Harald Freudenberger (1): s390/ap: Fix deadlock caused by recursive lock of the AP bus scan mutex Heikki Krogerus (1): usb: typec: ucsi: Call CANCEL from single location Heiko Carstens (2): s390/entry: Move early program check handler to entry.S s390/entry: Make early program check handler relocated lowcore aware Heiner Kallweit (1): r8169: disable ALDPS per default for RTL8125 Helge Deller (1): crypto: xor - fix template benchmarking Herbert Xu (2): crypto: n2 - Set err to EINVAL if snprintf fails for hmac crypto: caam - Pad SG length when allocating hash edesc Herve Codina (2): soc: fsl: cpm1: qmc: Update TRNSYNC only in transparent mode soc: fsl: cpm1: tsa: Fix tsa_write8() Hobin Woo (1): ksmbd: make __dir_empty() compatible with POSIX Howard Hsu (3): wifi: mt76: mt7996: fix HE and EHT beamforming capabilities wifi: mt76: mt7996: fix EHT beamforming capability check wifi: mt76: mt7915: fix rx filter setting for bfee functionality Huang Shijie (1): sched/deadline: Fix schedstats vs deadline servers Ian Rogers (3): perf vendor events: SKX, CLX, SNR uncore cache event fixes perf inject: Fix leader sampling inserting additional samples perf time-utils: Fix 32-bit nsec parsing Ilan Peer (1): wifi: mac80211: Check for missing VHT elements only for 5 GHz Ilpo Järvinen (1): PCI: Wait for Link before restoring Downstream Buses Jack Wang (1): RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer Jack Xiao (2): drm/amdgpu/mes12: set enable_level_process_quantum_check drm/amdgpu/mes12: switch SET_SHADER_DEBUGGER pkt to mes schq pipe Jacky Bai (1): clk: imx: composite-93: keep root clock on when mcore enabled Jake Hamby (1): can: m_can: enable NAPI before enabling interrupts James Clark (1): perf scripts python cs-etm: Restore first sample log in verbose mode Jann Horn (2): firmware_loader: Block path traversal f2fs: Require FMODE_WRITE for atomic write ioctls Jason Andryuk (1): fbdev: xen-fbfront: Assign fb_info->device Jason Gerecke (2): HID: wacom: Support sequence numbers smaller than 16-bit HID: wacom: Do not warn about dropped packets for first packet Jason Gunthorpe (7): iommu/amd: Allocate the page table root using GFP_KERNEL iommu/amd: Move allocation of the top table into v1_alloc_pgtable iommu/amd: Set the pgsize_bitmap correctly iommu/amd: Do not set the D bit on AMD v2 table entries iommufd/selftest: Fix buffer read overrrun in the dirty test iommufd: Check the domain owner of the parent before creating a nesting domain iommufd: Protect against overflow of ALIGN() during iova allocation Jason Wang (5): virtio: rename virtio_config_enabled to virtio_config_core_enabled virtio: allow driver to disable the configure change notification virtio-net: synchronize operstate with admin state on up/down virtio-net: synchronize probe with ndo_set_features vhost_vdpa: assign irq bypass producer token correctly Jason-JH.Lin (1): drm/mediatek: Fix missing configuration flags in mtk_crtc_ddp_config() Javier Carrasco (3): leds: bd2606mvv: Fix device child node usage in bd2606mvv_probe() leds: pca995x: Use device_for_each_child_node() to access device child nodes leds: pca995x: Fix device child node usage in pca995x_probe() Jeff Layton (3): nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire nfsd: fix refcount leak when file is unhashed after being found nfsd: fix initial getattr on write delegation Jeff Xu (1): selftest mm/mseal: fix test_seal_mremap_move_dontunmap_anyaddr Jens Axboe (3): io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL io_uring/sqpoll: retain test for whether the CPU is valid Jeongjun Park (2): jfs: fix out-of-bounds in dbNextAG() and diAlloc() mm: migrate: annotate data-race in migrate_folio_unmap() Jiangshan Yi (1): samples/bpf: Fix compilation errors with cf-protection option Jiawei Ye (2): wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso Jie Gan (2): Coresight: Set correct cs_mode for TPDM to fix disable issue Coresight: Set correct cs_mode for dummy source to fix disable issue Jing Zhang (1): drivers/perf: Fix ali_drw_pmu driver interrupt status clearing Jinjie Ruan (8): net: enetc: Use IRQF_NO_AUTOEN flag in request_irq() spi: bcmbca-hsspi: Fix missing pm_runtime_disable() mtd: rawnand: mtk: Use for_each_child_of_node_scoped() riscv: Fix fp alignment bug in perf_callchain_user() ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() spi: atmel-quadspi: Undo runtime PM changes at driver exit time spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time driver core: Fix a potential null-ptr-deref in module_add_driver() Jiri Slaby (SUSE) (1): serial: don't use uninitialized value in uart_poll_init() Jiwon Kim (1): bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave() Johan Hovold (3): serial: qcom-geni: fix fifo polling timeout serial: qcom-geni: fix false console tx restart serial: qcom-geni: fix console corruption Johannes Berg (2): wifi: iwlwifi: config: label 'gl' devices as discrete um: remove ARCH_NO_PREEMPT_DYNAMIC John B. Wyatt IV (1): pm:cpupower: Add missing powercap_set_enabled() stub function John Garry (2): scsi: sd: Don't check if a write for REQ_ATOMIC scsi: block: Don't check REQ_ATOMIC for reads Jon Hunter (1): arm64: tegra: Correct location of power-sensors for IGX Orin Jonas Blixt (1): watchdog: imx_sc_wdt: Don't disable WDT in suspend Jonas Karlman (3): arm64: dts: rockchip: Correct vendor prefix for Hardkernel ODROID-M1 drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 Jonathan McDowell (1): tpm: Clean up TPM space after command failure Josh Hunt (1): tcp: check skb is non-NULL in tcp_rto_delta_us() Juergen Gross (9): xen: use correct end address of kernel for conflict checking xen: introduce generic helper checking for memory map conflicts xen: move max_pfn in xen_memory_setup() out of function scope xen: add capability to remap non-RAM pages to different PFNs xen: tolerate ACPI NVS memory overlapping with Xen allocated memory xen/swiotlb: add alignment check for dma buffers xen/swiotlb: fix allocated size xen: move checks for e820 conflicts further up xen: allow mapping ACPI data using a different physical address Julian Sun (1): vfs: fix race between evice_inodes() and find_inode()&iput() Junlin Li (2): drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error Junxian Huang (5): RDMA/hns: Don't modify rq next block addr in HIP09 QPC RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler RDMA/hns: Optimize hem allocation performance RDMA/hns: Fix restricted __le16 degrades to integer issue RDMA/hns: Fix ah error counter in sw stat not increasing Justin Iurman (1): net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input Justin Tee (1): scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs Kaixin Wang (1): net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition Kamlesh Gurudasani (1): padata: Honor the caller's alignment in case of chunk_size 0 Kan Liang (5): perf report: Fix --total-cycles --stdio output error perf hist: Don't set hpp_fmt_value for members in --no-group perf mem: Check mem_events for all eligible PMUs perf mem: Fix missed p-core mem events on ADL and RPL perf/x86/intel: Allow to setup LBR for counting event for BPF Kang Yang (1): wifi: ath11k: use work queue to process beacon tx event Kees Cook (2): leds: gpio: Set num_leds after allocation interconnect: icc-clk: Add missed num_nodes initialization Kemeng Shi (4): ext4: avoid buffer_head leak in ext4_mark_inode_used() ext4: avoid potential buffer_head leak in __ext4_new_inode() ext4: avoid negative min_clusters in find_group_orlov() quota: avoid missing put_quota_format when DQUOT_SUSPENDED is passed Kenneth Feng (1): drm/amd/pm: update workload mask after the setting Kexy Biscuit (1): tpm: export tpm2_sessions_init() to fix ibmvtpm building Konrad Dybcio (1): iommu/arm-smmu-qcom: Work around SDM845 Adreno SMMU w/ 16K pages Krishna chaitanya chundru (2): perf/dwc_pcie: Fix registration issue in multi PCIe controller instances perf/dwc_pcie: Always register for PCIe bus notifier Krzysztof Kozlowski (13): ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property ARM: versatile: fix OF node leak in CPUs prepare reset: berlin: fix OF node leak in probe() error path reset: k210: fix OF node leak in probe() error path iio: magnetometer: ak8975: drop incorrect AK09116 compatible dt-bindings: iio: asahi-kasei,ak8975: drop incorrect AK09116 compatible soc: versatile: integrator: fix OF node leak in probe() error path bus: integrator-lm: fix OF node leak in probe() cpuidle: riscv-sbi: Use scoped device node handling to fix missing of_node_put ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp pinctrl ARM: dts: imx6ull-seeed-npi: fix fsl,pins property in tscgrp pinctrl soc: versatile: realview: fix memory leak during device remove soc: versatile: realview: fix soc_dev leak during device remove Kuniyuki Iwashima (6): af_unix: Don't call skb_get() for OOB skb. af_unix: Remove single nest in manage_oob(). af_unix: Rename unlinked_skb in manage_oob(). af_unix: Move spin_lock() in manage_oob(). af_unix: Don't return OOB skb in manage_oob(). can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). Lad Prabhakar (5): arm64: dts: renesas: r9a08g045: Correct GICD and GICR sizes arm64: dts: renesas: r9a07g043u: Correct GICD and GICR sizes arm64: dts: renesas: r9a07g054: Correct GICD and GICR sizes arm64: dts: renesas: r9a07g044: Correct GICD and GICR sizes pinctrl: renesas: rzg2l: Return -EINVAL if the pin doesn't support PIN_CFG_OEN Lang Yu (1): drm/amdgpu: fix invalid fence handling in amdgpu_vm_tlb_flush Lasse Collin (1): xz: cleanup CRC32 edits from 2018 Laurent Pinchart (1): Remove *.orig pattern from .gitignore Leo Ma (1): drm/amd/display: Add HDMI DSC native YCbCr422 support Leon Hwang (2): bpf, x64: Fix tailcall hierarchy bpf, arm64: Fix tailcall hierarchy Li Chen (1): ACPI: resource: Do IRQ override on MECHREV GM7XG0M Li Lingfeng (2): nfsd: return -EINVAL when namelen is 0 nfs: fix memory leak in error path of nfs4_do_reclaim Li Zhijian (1): nvdimm: Fix devs leaks in scan_labels() Liam R. Howlett (1): mm/damon/vaddr: protect vma traversal in __damon_va_thre_regions() with rcu read lock Linus Walleij (2): ASoC: tas2781-i2c: Drop weird GPIO code ASoC: tas2781-i2c: Get the right GPIO line Liu Ying (1): drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() Lorenzo Bianconi (3): spi: airoha: fix dirmap_{read,write} operations spi: airoha: fix airoha_snand_{write,read}_data data_len estimation spi: airoha: remove read cache in airoha_snand_dirmap_read() Luca Stefani (1): btrfs: always update fstrim_range on failure in FITRIM ioctl Luiz Augusto von Dentz (3): Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL Bluetooth: btusb: Fix not handling ZPL/short-transfer MD Danish Anwar (1): arm64: dts: ti: k3-am654-idk: Fix dtbs_check warning in ICSSG dmas Ma Ke (8): spi: ppc4xx: handle irq_of_parse_and_map() errors ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error pps: add an error check in parport_attach wifi: mt76: mt7921: Check devm_kasprintf() returned value wifi: mt76: mt7915: check devm_kasprintf() returned value wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he wifi: mt76: mt7615: check devm_kasprintf() returned value Maciej Fijalkowski (1): xsk: fix batch alloc API on non-coherent systems Maciej W. Rozycki (4): PCI: Revert to the original speed after PCIe failed link retraining PCI: Clear the LBMS bit after a link retrain PCI: Correct error reporting with PCIe failed link retraining PCI: Use an error code with PCIe failed link retraining Manish Pandey (1): scsi: ufs: qcom: Update MODE_MAX cfg_bw value Manivannan Sadhasivam (1): PCI: qcom-ep: Enable controller resources like PHY only after refclk is available Marc Aurèle La France (1): debugfs show actual source in /proc/mounts Marc Gonzalez (1): iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux Marc Kleine-Budde (1): can: m_can: m_can_close(): stop clocks after device has been shut down Mario Limonciello (1): drm/amd/display: Validate backlight caps are sane Mark Bloch (1): RDMA/mlx5: Obtain upper net device only when needed Mark Brown (1): kselftest/arm64: Actually test SME vector length changes via sigreturn Markus Schneider-Pargmann (1): serial: 8250: omap: Cleanup on error in request_irq Martin Karsten (1): eventpoll: Annotate data-race of busy_poll_usecs Martin Tsai (1): drm/amd/display: Clean up dsc blocks in accelerated mode Martin Wilck (1): scsi: sd: Fix off-by-one error in sd_read_block_characteristics() Masami Hiramatsu (Google) (2): selftests/ftrace: Add required dependency for kprobe tests selftests/ftrace: Fix eventfs ownership testcase to find mount point Mathias Nyman (1): xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them. Matthew Auld (1): drm/xe: fix engine_class bounds check again Matthew Brost (1): drm/xe: Use reserved copy engine for user binds on faulting devices Max Hawking (1): ntb_perf: Fix printk format Md Haris Iqbal (1): RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds Miaohe Lin (1): mm/huge_memory: ensure huge_zero_folio won't have large_rmappable flag set Michael Ellerman (1): powerpc/atomic: Use YZ constraints for DS-form instructions Michael Guralnik (4): RDMA/mlx5: Fix counter update on MR cache mkey creation RDMA/mlx5: Limit usage of over-sized mkeys from the MR cache RDMA/mlx5: Drop redundant work canceling from clean_keys() RDMA/mlx5: Fix MR cache temp entries cleanup Michael Lo (1): wifi: mt76: mt7925: fix a potential association failure upon resuming Michal Kubiak (1): idpf: fix netdev Tx queue stop/wake Michal Witwicki (3): crypto: qat - disable IOV in adf_dev_stop() crypto: qat - fix recovery flow for VFs crypto: qat - ensure correct order in VF restarting handler Mickaël Salaün (1): fs: Fix file_set_fowner LSM hook inconsistencies Mikhail Lobanov (2): RDMA/cxgb4: Added NULL check for lookup_atid drbd: Add NULL check for net_conf to prevent dereference in state validation Mikulas Patocka (4): dm integrity: fix gcc 5 warning Revert "dm: requeue IO if mapping table not yet available" dm-verity: restart or panic on an I/O error Revert: "dm-verity: restart or panic on an I/O error" Ming Lei (3): ublk: move zone report data out of request pdu nbd: fix race between timeout and normal completion lib/sbitmap: define swap_lock as raw_spinlock_t Ming Yen Hsieh (2): wifi: mt76: mt7921: fix wrong UNII-4 freq range check for the channel usage wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc Miquel Raynal (2): mtd: rawnand: mtk: Factorize out the logic cleaning mtk chips mtd: rawnand: mtk: Fix init error path Mirsad Todorovac (1): mtd: slram: insert break after errors in parsing the map Mukesh Ojha (1): firmware: qcom: scm: Disable SDI and write no dump to dump mode Mykyta Yatsenko (1): bpftool: Fix handling enum64 in btf dump sorting Namhyung Kim (5): perf mem: Free the allocated sort string, fixing a leak perf lock contention: Change stack_id type to s32 perf dwarf-aux: Check allowed location expressions when collecting variables perf annotate-data: Fix off-by-one in location range check perf dwarf-aux: Handle bitfield members from pointer access Namjae Jeon (2): ksmbd: allow write with FILE_APPEND_DATA ksmbd: handle caseless file creation NeilBrown (1): nfsd: untangle code in nfsd4_deleg_getattr_conflict() Nicholas Kazlauskas (1): drm/amd/display: Block dynamic IPS2 on DCN35 for incompatible FW versions Nick Morrow (1): wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c Nikita Zhandarovich (4): drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets f2fs: fix several potential integer overflows in file offsets f2fs: prevent possible int overflow in dir_block_index() f2fs: avoid potential int overflow in sanity_check_area_boundary() Niklas Cassel (1): ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense data Nishanth Menon (1): cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately Nuno Sa (1): Input: adp5588-keys - fix check on return code Nícolas F. R. A. Prado (1): kselftest: dt: Ignore nodes that have ancestors disabled Ojaswin Mujoo (1): ext4: check stripe size compatibility on remount as well Olaf Hering (1): mount: handle OOM on mnt_warn_timestamp_expiry Oleg Nesterov (1): bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() Oliver Neukum (5): usbnet: fix cyclical race on disconnect with work queue USB: appledisplay: close race between probe and completion handler USB: misc: cypress_cy7c63: check for short transfer USB: class: CDC-ACM: fix race between get_serial and set_serial USB: misc: yurex: fix race between read and write P Praneesh (2): wifi: ath12k: fix BSS chan info request WMI command wifi: ath12k: match WMI BSS chan info structure with firmware definition Pablo Neira Ayuso (7): netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire netfilter: nf_tables: reject element expiration with no timeout netfilter: nf_tables: reject expiration higher than timeout netfilter: nf_tables: remove annotation to access set timeout while holding lock netfilter: nft_dynset: annotate data-races around set timeout netfilter: nf_tables: use rcu chain hook list iterator from netlink dump path netfilter: nf_tables: missing objects with no memcg accounting Paolo Bonzini (1): Documentation: KVM: fix warning in "make htmldocs" Patrisious Haddad (1): IB/core: Fix ib_cache_setup_one error flow cleanup Paul Barker (2): net: ravb: Fix maximum TX frame size for GbEth devices net: ravb: Fix R-Car RX frame size limit Paul Moore (1): lsm: add the inode_free_security_rcu() LSM implementation hook Pavan Kumar Paluri (1): crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure Pawel Laszczak (2): usb: xhci: fix loss of data on Cadence xHC usb: cdnsp: Fix incorrect usb_request status Peng Fan (5): clk: imx: composite-8m: Enable gate clk with mcore_booted clk: imx: imx8qxp: Register dc0_bypass0_clk before disp clk clk: imx: imx8qxp: Parent should be initialized earlier than the clock remoteproc: imx_rproc: Correct ddr alias for i.MX8M remoteproc: imx_rproc: Initialize workqueue earlier Pengfei Li (1): clk: imx: fracn-gppll: fix fractional part of PLL getting lost Peter Chiu (4): wifi: mt76: mt7996: use hweight16 to get correct tx antenna wifi: mt76: mt7996: fix traffic delay when switching back to working channel wifi: mt76: mt7996: fix wmm set of station interface to 3 wifi: mt76: connac: fix checksum offload fields of connac3 RXD Phil Sutter (2): netfilter: nf_tables: Keep deleted flowtable hooks until after RCU selftests: netfilter: Avoid hanging ipvs.sh Ping-Ke Shih (2): wifi: rtw89: remove unused C2H event ID RTW89_MAC_C2H_FUNC_READ_WOW_CAM to prevent out-of-bounds reading wifi: mac80211: don't use rate mask for offchannel TX either Qingqing Zhou (1): arm64: dts: qcom: sa8775p: Mark APPS and PCIe SMMUs as DMA coherent Qiu-ji Chen (1): drbd: Fix atomicity violation in drbd_uuid_set_bm() Qiuxu Zhuo (1): EDAC/igen6: Fix conversion of system address to physical memory address Qu Wenruo (2): btrfs: subpage: fix the bitmap dump which can cause bitmap corruption btrfs: tree-checker: fix the wrong output of data backref objectid Rafael J. Wysocki (7): thermal: core: Fold two functions into their respective callers thermal: core: Fix rounding of delay jiffies thermal: gov_bang_bang: Adjust states of all uninitialized instances thermal: core: Store trip sysfs attributes in thermal_trip_desc thermal: sysfs: Get to trips via attribute pointers thermal: sysfs: Refine the handling of trip hysteresis changes thermal: sysfs: Add sanity checks for trip temperature and hysteresis Rex Lu (1): wifi: mt76: mt7996: fix handling mbss enable/disable Richard Zhu (2): PCI: imx6: Fix establish link failure in EP mode for i.MX8MM and i.MX8MP PCI: imx6: Fix i.MX8MP PCIe EP's occasional failure to trigger MSI Riyan Dhiman (1): block: fix potential invalid pointer dereference in blk_add_partition Rob Clark (1): iommu/arm-smmu: Un-demote unhandled-fault msg Robert Hancock (1): i2c: xiic: Try re-initialization on bus busy timeout Robin Chen (1): drm/amd/display: Round calculated vtotal Robin Murphy (3): perf/arm-cmn: Refactor node ID handling. Again. perf/arm-cmn: Fix CCLA register offset perf/arm-cmn: Ensure dtm_idx is big enough Rodrigo Siqueira (1): drm/amd/display: Improve FAM control for DCN401 Roi Azarzar (1): NFSv4.2: Fix detection of "Proxying of Times" server support Roman Li (1): drm/amd/display: Update IPS default mode for DCN35/DCN351 Roman Smirnov (2): Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" KEYS: prevent NULL pointer dereference in find_asymmetric_key() Ryusuke Konishi (3): nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() nilfs2: determine empty node blocks as corrupted nilfs2: fix potential oob read in nilfs_btree_check_delete() Saleemkhan Jamadar (1): drm/amdgpu/vcn: enable AV1 on both instances Samasth Norway Ananda (1): x86/PCI: Check pcie_find_root_port() return for NULL Sandeep Dhavale (1): erofs: fix error handling in z_erofs_init_decompressor Sean Anderson (5): PCI: xilinx-nwl: Fix register misspelling PCI: xilinx-nwl: Clean up clock on probe failure/removal net: xilinx: axienet: Schedule NAPI in two steps net: xilinx: axienet: Fix packet counting PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler Sean Christopherson (4): KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock Sebastien Laveze (1): clk: imx: imx6ul: fix default parent for enet*_ref_sel Selvin Xavier (1): RDMA/bnxt_re: Fix the table size for PSN/MSN entries Shenghao Ding (1): ASoC: tas2781: Fix a compiling warning reported by robot kernel test due to adding tas2563_dvc_table Shengjiu Wang (1): clk: imx: clk-audiomix: Correct parent clock for earc_phy and audpll Sherry Yang (1): drm/msm: fix %s null argument error Shin'ichiro Kawasaki (1): f2fs: check discard support for conventional zones Shu Han (1): mm: call the security_mmap_file() LSM hook in remap_file_pages() Shuah Khan (1): selftests:resctrl: Fix build failure on archs without __cpuid_count() Shubhrajyoti Datta (1): EDAC/synopsys: Fix error injection on Zynq UltraScale+ Siddharth Vadapalli (2): PCI: dra7xx: Fix threaded IRQ request for "dra7xx-pcie-main" IRQ PCI: dra7xx: Fix error handling when IRQ request fails in probe Simon Horman (2): eth: fbnic: select DEVLINK and PAGE_POOL netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS Slark Xiao (1): bus: mhi: host: pci_generic: Update EDL firmware path for Foxconn modems Snehal Koukuntla (1): KVM: arm64: Add memory length checks and remove inline in do_ffa_mem_xfer Song Liu (1): bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 Sreekant Somasekharan (1): drm/amdkfd: Add SDMA queue quantum support for GFX12 Srinivasan Shanmugam (1): drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func Stefan Mätje (1): can: esd_usb: Remove CAN_CTRLMODE_3_SAMPLES for CAN-USB/3-FD Stefan Wahren (1): drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get Steven Rostedt (Google) (1): selftests/ftrace: Fix test to handle both old and new kernels Su Hui (1): net: tipc: avoid possible garbage value Sung Joon Kim (1): drm/amd/display: Disable SYMCLK32_LE root clock gating Suzuki K Poulose (1): coresight: tmc: sg: Do not leak sg_table Svyatoslav Pankratov (1): crypto: qat - fix "Full Going True" macro definition Takashi Sakamoto (1): firewire: core: correct range of block for case of switch statement Thadeu Lima de Souza Cascardo (2): ext4: return error on ext4_find_inline_entry ext4: avoid OOB when system.data xattr changes underneath the filesystem Thomas Weißschuh (3): net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL ACPI: sysfs: validate return type of _STR method tools/nolibc: include arch.h from string.h Tianchen Ding (1): sched/fair: Make SCHED_IDLE entity be preempted in strict hierarchy Tiezhu Yang (2): objtool: Handle frame pointer related instructions compiler.h: specify correct attribute for .rodata..c_jump_table Toke Høiland-Jørgensen (1): wifi: ath9k: Remove error checks when creating debugfs entries Tom Chung (1): drm/amd/display: Reset VRR config during resume Tomas Marek (1): usb: dwc2: drd: fix clock gating on USB role switch Tommy Huang (1): i2c: aspeed: Update the stop sw state when the bus recovery occurs Tony Ambardar (27): selftests/bpf: Fix error linking uprobe_multi on mips selftests/bpf: Fix wrong binary in Makefile log output tools/runqslower: Fix LDFLAGS and add LDLIBS support selftests/bpf: Use pid_t consistently in test_progs.c selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc selftests/bpf: Drop unneeded error.h includes selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c selftests/bpf: Fix missing UINT_MAX definitions in benchmarks selftests/bpf: Fix missing BUILD_BUG_ON() declaration selftests/bpf: Fix include of <sys/fcntl.h> selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc selftests/bpf: Fix compiling kfree_skb.c with musl-libc selftests/bpf: Fix compiling flow_dissector.c with musl-libc selftests/bpf: Fix compiling tcp_rtt.c with musl-libc selftests/bpf: Fix compiling core_reloc.c with musl-libc selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc selftests/bpf: Fix errors compiling decap_sanity.c with musl libc selftests/bpf: Fix errors compiling crypto_sanity.c with musl libc selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc selftests/bpf: Fix arg parsing in veristat, test_progs selftests/bpf: Fix error compiling test_lru_map.c selftests/bpf: Fix C++ compile error from missing _Bool type selftests/bpf: Fix redefinition errors compiling lwt_reroute.c selftests/bpf: Fix compile if backtrace support missing in libc selftests/bpf: Fix error compiling tc_redirect.c with musl libc libbpf: Ensure new BTF objects inherit input endianness Uros Bizjak (1): x86/boot/64: Strip percpu address space when setting up GDT descriptors Uwe Kleine-König (1): media: staging: media: starfive: camss: Drop obsolete return value documentation VanGiang Nguyen (1): padata: use integer wrap around to prevent deadlock on seq_nr overflow Varadarajan Narayanan (1): clk: qcom: ipq5332: Register gcc_qdss_tsctr_clk_src Vasant Hegde (1): iommu/amd: Handle error path in amd_iommu_probe_device() Vasileios Amoiridis (1): iio: chemical: bme680: Fix read/write ops to device by adding mutexes Vasily Gorbik (1): s390/ftrace: Avoid calling unwinder in ftrace_return_address() Vasily Khoruzhick (2): ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE ACPICA: executer/exsystem: Don't nag user about every Stall() violating the spec Vishal Moola (Oracle) (2): mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway mm: change vmf_anon_prepare() to __vmf_anon_prepare() Vitaliy Shevtsov (1): RDMA/irdma: fix error message in irdma_modify_qp_roce() Vladimir Lypak (4): drm/msm/a5xx: disable preemption in submits by default drm/msm/a5xx: properly clear preemption records on resume drm/msm/a5xx: fix races in preemption evaluation stage drm/msm/a5xx: workaround early ring-buffer emptiness check Vladimir Oltean (1): net: phy: aquantia: fix -ETIMEDOUT PHY probe failure when firmware not present Wang Jianzheng (1): pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function WangYuli (2): drm/amd/amdgpu: Properly tune the size of struct usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host Weili Qian (3): crypto: hisilicon/hpre - mask cluster timeout error crypto: hisilicon/qm - reset device before enabling it crypto: hisilicon/qm - inject error before stopping queue Wenbo Li (1): virtio_net: Fix mismatched buf address when unmapping for small packets Werner Sembach (4): Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line ACPI: resource: Add another DMI match for the TongFang GMxXGxx Wolfram Sang (1): ipmi: docs: don't advertise deprecated sysfs entries Wouter Verhelst (1): nbd: correct the maximum value for discard sectors Xiu Jianfeng (1): cgroup/pids: Avoid spurious event notification Xu Kuohai (2): bpf, lsm: Add check for BPF LSM return value bpf: Fix compare error in function retval_range_within Yanfei Xu (1): cxl/pci: Fix to record only non-zero ranges Yang Jihong (2): perf sched timehist: Fix missing free of session in perf_sched__timehist() perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time Yang Yingliang (1): pinctrl: single: fix missing error code in pcs_probe() Yanteng Si (1): net: stmmac: dwmac-loongson: Init ref and PTP clocks rate Ye Li (1): clk: imx: composite-7ulp: Check the PCC present bit Yeongjin Gil (2): f2fs: Create COW inode from parent dentry for atomic write f2fs: compress: don't redirty sparse cluster during {,de}compress Yicong Yang (3): drivers/perf: hisi_pcie: Record hardware counts correctly drivers/perf: hisi_pcie: Fix TLP headers bandwidth counting perf stat: Display iostat headers correctly Yihan Zhu (1): drm/amd/display: Enable DML2 override_det_buffer_size_kbytes Yonghong Song (1): bpf: Fail verification for sign-extension of packet data/data_end/data_meta Yosry Ahmed (1): x86/mm: Use IPIs to synchronize LAM enablement Youssef Samir (1): net: qrtr: Update packets cloning when broadcasting Yu Kuai (6): block, bfq: fix possible UAF for bfqq->bic with merge chain block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() block, bfq: don't break merge chain in bfq_split_bfqq() block, bfq: fix uaf for accessing waker_bfqq after splitting block, bfq: fix procress reference leakage for bfqq in merge chain md: Don't flush sync_work in md_write_start() Yu Zhao (1): mm/hugetlb_vmemmap: batch HVO work when demoting Yuesong Li (1): drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() Yujie Liu (1): sched/numa: Fix the vma scan starving issue Yunfei Dong (3): media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning media: mediatek: vcodec: Fix H264 stateless decoder smatch warning Yuntao Liu (3): ALSA: hda: cs35l41: fix module autoloading hwmon: (ntc_thermistor) fix module autoloading clk: starfive: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage Zhang Changzhong (1): can: j1939: use correct function name in comment Zhen Lei (1): debugobjects: Fix conditions in fill_pool() Zhiguo Niu (1): lockdep: fix deadlock issue between lockdep and rcu Zhikai Zhai (1): drm/amd/display: Skip to enable dsc if it has been off Zhipeng Wang (1): clk: imx: imx8mp: fix clock tree update of TF-A managed clocks Zhu Yanjun (1): RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency Zijun Hu (1): driver core: Fix error handling in driver API device_rename() Zong-Zhe Yang (2): wifi: mac80211_hwsim: correct MODULE_PARM_DESC of multi_radio wifi: rtw89: wow: fix wait condition for AOAC report request hhorace (1): wifi: cfg80211: fix bug of mapping AF3x to incorrect User Priority tangbin (1): ASoC: loongson: fix error release wenglianfa (2): RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() yangerkun (1): ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard yangyun (1): fuse: use exclusive lock when FUSE_I_CACHE_IO_MODE is set

7 months

1
1
0 0

Linux 6.10.13

by Greg Kroah-Hartman

I'm announcing the release of the 6.10.13 kernel. All users of the 6.10 kernel series must upgrade. The updated 6.10.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.10.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ .gitignore | 1 Documentation/ABI/testing/sysfs-bus-iio-filter-admv8818 | 2 Documentation/arch/arm64/silicon-errata.rst | 2 Documentation/devicetree/bindings/iio/magnetometer/asahi-kasei,ak8975.yaml | 1 Documentation/devicetree/bindings/pci/fsl,layerscape-pcie.yaml | 26 Documentation/devicetree/bindings/spi/spi-nxp-fspi.yaml | 1 Documentation/driver-api/ipmi.rst | 2 Documentation/filesystems/mount_api.rst | 9 Documentation/virt/kvm/locking.rst | 33 Makefile | 2 arch/arm/boot/dts/microchip/sam9x60.dtsi | 4 arch/arm/boot/dts/microchip/sama7g5.dtsi | 2 arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts | 2 arch/arm/boot/dts/nxp/imx/imx6ull-seeed-npi-dev-board.dtsi | 12 arch/arm/boot/dts/nxp/imx/imx7d-zii-rmu2.dts | 2 arch/arm/mach-ep93xx/clock.c | 2 arch/arm/mach-versatile/platsmp-realview.c | 1 arch/arm/vfp/vfpinstr.h | 48 arch/arm64/Kconfig | 2 arch/arm64/boot/dts/exynos/exynos7885-jackpotlte.dts | 2 arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi | 3 arch/arm64/boot/dts/mediatek/mt8186.dtsi | 12 arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 1 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 12 arch/arm64/boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 1 arch/arm64/boot/dts/nvidia/tegra234-p3701-0008.dtsi | 33 arch/arm64/boot/dts/nvidia/tegra234-p3740-0002.dtsi | 33 arch/arm64/boot/dts/qcom/sa8775p.dtsi | 2 arch/arm64/boot/dts/qcom/x1e80100.dtsi | 10 arch/arm64/boot/dts/renesas/r9a07g043u.dtsi | 4 arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 4 arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 4 arch/arm64/boot/dts/renesas/r9a08g045.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3399-pinebook-pro.dts | 4 arch/arm64/boot/dts/rockchip/rk3568-odroid-m1.dts | 2 arch/arm64/boot/dts/ti/k3-am654-idk.dtso | 8 arch/arm64/boot/dts/ti/k3-j721e-beagleboneai64.dts | 4 arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 4 arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/esr.h | 88 arch/arm64/include/uapi/asm/sigcontext.h | 6 arch/arm64/kernel/cpu_errata.c | 10 arch/arm64/kernel/smp.c | 160 - arch/arm64/kvm/hyp/nvhe/ffa.c | 21 arch/arm64/net/bpf_jit_comp.c | 57 arch/loongarch/include/asm/kvm_vcpu.h | 1 arch/loongarch/kvm/timer.c | 7 arch/loongarch/kvm/vcpu.c | 2 arch/m68k/kernel/process.c | 2 arch/powerpc/crypto/Kconfig | 1 arch/powerpc/include/asm/asm-compat.h | 6 arch/powerpc/include/asm/atomic.h | 5 arch/powerpc/include/asm/uaccess.h | 7 arch/powerpc/kernel/head_8xx.S | 6 arch/powerpc/kernel/vdso/gettimeofday.S | 4 arch/powerpc/mm/nohash/8xx.c | 4 arch/riscv/include/asm/kvm_vcpu_pmu.h | 21 arch/riscv/kernel/perf_callchain.c | 2 arch/riscv/kvm/vcpu_pmu.c | 14 arch/riscv/kvm/vcpu_sbi.c | 4 arch/s390/include/asm/ftrace.h | 17 arch/s390/kernel/stacktrace.c | 19 arch/x86/coco/tdx/tdx.c | 127 + arch/x86/events/intel/core.c | 8 arch/x86/events/intel/pt.c | 15 arch/x86/hyperv/ivm.c | 22 arch/x86/include/asm/acpi.h | 8 arch/x86/include/asm/hardirq.h | 8 arch/x86/include/asm/idtentry.h | 6 arch/x86/include/asm/kvm_host.h | 3 arch/x86/include/asm/pgtable.h | 5 arch/x86/include/asm/set_memory.h | 3 arch/x86/include/asm/x86_init.h | 14 arch/x86/kernel/acpi/boot.c | 11 arch/x86/kernel/cpu/sgx/main.c | 27 arch/x86/kernel/crash.c | 12 arch/x86/kernel/head64.c | 3 arch/x86/kernel/jailhouse.c | 1 arch/x86/kernel/mmconf-fam10h_64.c | 1 arch/x86/kernel/process_64.c | 29 arch/x86/kernel/reboot.c | 12 arch/x86/kernel/smpboot.c | 1 arch/x86/kernel/x86_init.c | 9 arch/x86/kvm/lapic.c | 97 arch/x86/kvm/svm/svm.c | 2 arch/x86/kvm/vmx/main.c | 2 arch/x86/kvm/vmx/x86_ops.h | 1 arch/x86/mm/mem_encrypt_amd.c | 8 arch/x86/mm/pat/set_memory.c | 54 arch/x86/mm/tlb.c | 7 arch/x86/net/bpf_jit_comp.c | 107 - arch/x86/pci/fixup.c | 4 arch/x86/xen/mmu_pv.c | 5 arch/x86/xen/p2m.c | 98 arch/x86/xen/setup.c | 203 +- arch/x86/xen/xen-ops.h | 6 block/bfq-iosched.c | 81 block/partitions/core.c | 8 crypto/asymmetric_keys/asymmetric_type.c | 7 crypto/xor.c | 31 drivers/acpi/acpica/exsystem.c | 11 drivers/acpi/cppc_acpi.c | 43 drivers/acpi/device_sysfs.c | 5 drivers/acpi/pmic/tps68470_pmic.c | 6 drivers/acpi/resource.c | 12 drivers/acpi/video_detect.c | 24 drivers/ata/libata-eh.c | 8 drivers/ata/libata-scsi.c | 5 drivers/base/core.c | 15 drivers/base/firmware_loader/main.c | 30 drivers/base/module.c | 14 drivers/block/drbd/drbd_main.c | 6 drivers/block/drbd/drbd_state.c | 2 drivers/block/nbd.c | 15 drivers/block/ublk_drv.c | 62 drivers/bluetooth/btusb.c | 5 drivers/bus/arm-integrator-lm.c | 1 drivers/bus/mhi/host/pci_generic.c | 13 drivers/char/hw_random/bcm2835-rng.c | 4 drivers/char/hw_random/cctrng.c | 1 drivers/char/hw_random/mtk-rng.c | 2 drivers/char/tpm/tpm-dev-common.c | 2 drivers/char/tpm/tpm2-sessions.c | 1 drivers/char/tpm/tpm2-space.c | 3 drivers/clk/at91/sama7g5.c | 5 drivers/clk/imx/clk-composite-7ulp.c | 7 drivers/clk/imx/clk-composite-8m.c | 53 drivers/clk/imx/clk-composite-93.c | 15 drivers/clk/imx/clk-fracn-gppll.c | 4 drivers/clk/imx/clk-imx6ul.c | 4 drivers/clk/imx/clk-imx8mp-audiomix.c | 13 drivers/clk/imx/clk-imx8mp.c | 4 drivers/clk/imx/clk-imx8qxp.c | 10 drivers/clk/qcom/clk-alpha-pll.c | 52 drivers/clk/qcom/clk-alpha-pll.h | 2 drivers/clk/qcom/dispcc-sm8250.c | 9 drivers/clk/qcom/dispcc-sm8550.c | 14 drivers/clk/qcom/gcc-ipq5332.c | 1 drivers/clk/rockchip/clk-rk3228.c | 2 drivers/clk/rockchip/clk-rk3588.c | 2 drivers/clk/starfive/clk-starfive-jh7110-vout.c | 2 drivers/clk/ti/clk-dra7-atl.c | 1 drivers/clocksource/timer-qcom.c | 7 drivers/cpufreq/ti-cpufreq.c | 10 drivers/cpuidle/cpuidle-riscv-sbi.c | 21 drivers/crypto/caam/caamhash.c | 1 drivers/crypto/ccp/sev-dev.c | 15 drivers/crypto/hisilicon/hpre/hpre_main.c | 54 drivers/crypto/hisilicon/qm.c | 151 + drivers/crypto/hisilicon/sec2/sec_main.c | 16 drivers/crypto/hisilicon/zip/zip_main.c | 23 drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 drivers/crypto/intel/qat/qat_common/adf_gen4_hw_data.h | 2 drivers/crypto/intel/qat/qat_common/adf_init.c | 4 drivers/crypto/intel/qat/qat_common/adf_pfvf_pf_msg.c | 9 drivers/crypto/intel/qat/qat_common/adf_pfvf_vf_msg.c | 14 drivers/crypto/intel/qat/qat_common/adf_pfvf_vf_msg.h | 1 drivers/crypto/intel/qat/qat_common/adf_vf_isr.c | 2 drivers/crypto/n2_core.c | 1 drivers/crypto/qcom-rng.c | 4 drivers/cxl/core/pci.c | 8 drivers/edac/igen6_edac.c | 2 drivers/edac/synopsys_edac.c | 35 drivers/firewire/core-cdev.c | 2 drivers/firmware/arm_scmi/optee.c | 7 drivers/firmware/efi/libstub/tpm.c | 2 drivers/firmware/qcom/qcom_scm.c | 6 drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 6 drivers/gpu/drm/amd/amdgpu/amdgv_sriovmsg.h | 4 drivers/gpu/drm/amd/amdgpu/atombios_encoders.c | 29 drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 2 drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 165 - drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 9 drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 6 drivers/gpu/drm/amd/display/dc/dc_dsc.h | 3 drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 5 drivers/gpu/drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 50 drivers/gpu/drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 6 drivers/gpu/drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 14 drivers/gpu/drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 13 drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c | 1 drivers/gpu/drm/amd/display/dc/resource/dcn351/dcn351_resource.c | 3 drivers/gpu/drm/amd/display/modules/freesync/freesync.c | 2 drivers/gpu/drm/bridge/lontium-lt8912b.c | 35 drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 drivers/gpu/drm/mediatek/mtk_crtc.c | 32 drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 12 drivers/gpu/drm/msm/adreno/a5xx_gpu.h | 2 drivers/gpu/drm/msm/adreno/a5xx_preempt.c | 30 drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 46 drivers/gpu/drm/msm/adreno/adreno_gen7_9_0_snapshot.h | 2 drivers/gpu/drm/msm/adreno/adreno_gpu.c | 2 drivers/gpu/drm/msm/disp/mdp5/mdp5_smp.c | 2 drivers/gpu/drm/msm/dp/dp_display.c | 10 drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 12 drivers/gpu/drm/radeon/evergreen_cs.c | 62 drivers/gpu/drm/radeon/radeon_atombios.c | 29 drivers/gpu/drm/rockchip/dw_hdmi-rockchip.c | 2 drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 4 drivers/gpu/drm/stm/drv.c | 4 drivers/gpu/drm/stm/ltdc.c | 2 drivers/gpu/drm/vc4/vc4_hdmi.c | 8 drivers/hid/wacom_wac.c | 13 drivers/hid/wacom_wac.h | 2 drivers/hwmon/max16065.c | 27 drivers/hwmon/ntc_thermistor.c | 1 drivers/hwtracing/coresight/coresight-dummy.c | 4 drivers/hwtracing/coresight/coresight-tmc-etr.c | 2 drivers/hwtracing/coresight/coresight-tpdm.c | 6 drivers/i2c/busses/i2c-aspeed.c | 16 drivers/i2c/busses/i2c-isch.c | 3 drivers/iio/adc/ad7606.c | 8 drivers/iio/adc/ad7606_spi.c | 5 drivers/iio/chemical/bme680_core.c | 7 drivers/iio/magnetometer/ak8975.c | 1 drivers/infiniband/core/cache.c | 4 drivers/infiniband/core/iwcm.c | 2 drivers/infiniband/hw/cxgb4/cm.c | 5 drivers/infiniband/hw/erdma/erdma_verbs.c | 25 drivers/infiniband/hw/hns/hns_roce_ah.c | 14 drivers/infiniband/hw/hns/hns_roce_hem.c | 22 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 33 drivers/infiniband/hw/hns/hns_roce_qp.c | 16 drivers/infiniband/hw/irdma/verbs.c | 2 drivers/infiniband/hw/mlx5/main.c | 2 drivers/infiniband/hw/mlx5/mlx5_ib.h | 2 drivers/infiniband/hw/mlx5/mr.c | 99 - drivers/infiniband/ulp/rtrs/rtrs-clt.c | 9 drivers/infiniband/ulp/rtrs/rtrs-srv.c | 1 drivers/input/keyboard/adp5588-keys.c | 2 drivers/input/serio/i8042-acpipnpio.h | 37 drivers/input/touchscreen/ilitek_ts_i2c.c | 18 drivers/interconnect/icc-clk.c | 3 drivers/interconnect/qcom/sm8350.c | 1 drivers/iommu/amd/io_pgtable.c | 14 drivers/iommu/amd/io_pgtable_v2.c | 4 drivers/iommu/amd/iommu.c | 57 drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 28 drivers/iommu/iommufd/hw_pagetable.c | 3 drivers/iommu/iommufd/io_pagetable.c | 8 drivers/iommu/iommufd/selftest.c | 9 drivers/leds/leds-bd2606mvv.c | 23 drivers/leds/leds-gpio.c | 9 drivers/leds/leds-pca995x.c | 78 drivers/md/dm-rq.c | 4 drivers/md/dm.c | 11 drivers/md/md.c | 1 drivers/media/dvb-frontends/rtl2830.c | 2 drivers/media/dvb-frontends/rtl2832.c | 2 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_if.c | 9 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_multi_if.c | 9 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c | 10 drivers/media/platform/renesas/rzg2l-cru/rzg2l-csi2.c | 1 drivers/media/tuners/tuner-i2c.h | 4 drivers/mtd/devices/powernv_flash.c | 3 drivers/mtd/devices/slram.c | 2 drivers/mtd/nand/raw/mtk_nand.c | 36 drivers/net/bareudp.c | 26 drivers/net/bonding/bond_main.c | 6 drivers/net/can/m_can/m_can.c | 14 drivers/net/can/usb/esd_usb.c | 6 drivers/net/ethernet/freescale/enetc/enetc.c | 3 drivers/net/ethernet/intel/idpf/idpf.h | 4 drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 125 - drivers/net/ethernet/intel/idpf/idpf_lan_txrx.h | 2 drivers/net/ethernet/intel/idpf/idpf_lib.c | 72 drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c | 195 - drivers/net/ethernet/intel/idpf/idpf_txrx.c | 989 +++++----- drivers/net/ethernet/intel/idpf/idpf_txrx.h | 457 +++- drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 73 drivers/net/ethernet/realtek/r8169_phy_config.c | 2 drivers/net/ethernet/renesas/ravb_main.c | 12 drivers/net/ethernet/seeq/ether3.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c | 3 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 37 drivers/net/usb/usbnet.c | 37 drivers/net/virtio_net.c | 10 drivers/net/wireless/ath/ath11k/core.h | 1 drivers/net/wireless/ath/ath11k/mac.c | 12 drivers/net/wireless/ath/ath11k/wmi.c | 4 drivers/net/wireless/ath/ath12k/mac.c | 5 drivers/net/wireless/ath/ath12k/wmi.c | 1 drivers/net/wireless/ath/ath12k/wmi.h | 3 drivers/net/wireless/ath/ath9k/debug.c | 2 drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/btcoex.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 30 drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/feature.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.h | 40 drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 11 drivers/net/wireless/intel/iwlwifi/iwl-config.h | 1 drivers/net/wireless/intel/iwlwifi/mvm/constants.h | 2 drivers/net/wireless/intel/iwlwifi/mvm/time-event.c | 14 drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 36 drivers/net/wireless/mediatek/mt76/mac80211.c | 2 drivers/net/wireless/mediatek/mt76/mt7603/dma.c | 4 drivers/net/wireless/mediatek/mt76/mt7615/init.c | 3 drivers/net/wireless/mediatek/mt76/mt76_connac3_mac.h | 4 drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 drivers/net/wireless/mediatek/mt76/mt7915/main.c | 3 drivers/net/wireless/mediatek/mt76/mt7921/init.c | 4 drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 5 drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 3 drivers/net/wireless/mediatek/mt76/mt7996/init.c | 65 drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 4 drivers/net/wireless/mediatek/mt76/mt7996/main.c | 6 drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 13 drivers/net/wireless/microchip/wilc1000/hif.c | 4 drivers/net/wireless/realtek/rtw88/coex.c | 38 drivers/net/wireless/realtek/rtw88/fw.c | 13 drivers/net/wireless/realtek/rtw88/main.c | 7 drivers/net/wireless/realtek/rtw88/rtw8821cu.c | 2 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 10 drivers/net/wireless/realtek/rtw88/rx.h | 2 drivers/net/wireless/realtek/rtw89/mac.h | 1 drivers/ntb/hw/intel/ntb_hw_gen1.c | 2 drivers/ntb/ntb_transport.c | 23 drivers/ntb/test/ntb_perf.c | 2 drivers/nvdimm/namespace_devs.c | 34 drivers/nvme/host/multipath.c | 2 drivers/pci/controller/dwc/pci-dra7xx.c | 11 drivers/pci/controller/dwc/pci-imx6.c | 15 drivers/pci/controller/dwc/pci-keystone.c | 2 drivers/pci/controller/dwc/pcie-kirin.c | 4 drivers/pci/controller/dwc/pcie-qcom-ep.c | 14 drivers/pci/controller/pcie-xilinx-nwl.c | 39 drivers/pci/pci.c | 20 drivers/pci/pci.h | 6 drivers/pci/quirks.c | 31 drivers/perf/alibaba_uncore_drw_pmu.c | 2 drivers/perf/arm-cmn.c | 109 - drivers/perf/dwc_pcie_pmu.c | 21 drivers/perf/hisilicon/hisi_pcie_pmu.c | 16 drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 1 drivers/pinctrl/mvebu/pinctrl-dove.c | 42 drivers/pinctrl/pinctrl-single.c | 3 drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 95 drivers/platform/x86/ideapad-laptop.c | 48 drivers/pmdomain/core.c | 2 drivers/power/supply/axp20x_battery.c | 16 drivers/power/supply/max17042_battery.c | 5 drivers/powercap/intel_rapl_common.c | 2 drivers/pps/clients/pps_parport.c | 8 drivers/regulator/of_regulator.c | 2 drivers/remoteproc/imx_rproc.c | 6 drivers/reset/reset-berlin.c | 3 drivers/reset/reset-k210.c | 3 drivers/s390/crypto/ap_bus.c | 17 drivers/scsi/NCR5380.c | 78 drivers/scsi/elx/libefc/efc_nport.c | 2 drivers/scsi/lpfc/lpfc_hw4.h | 3 drivers/scsi/lpfc/lpfc_init.c | 21 drivers/scsi/lpfc/lpfc_scsi.c | 2 drivers/scsi/mac_scsi.c | 162 - drivers/scsi/sd.c | 2 drivers/scsi/smartpqi/smartpqi_init.c | 20 drivers/soc/fsl/qe/qmc.c | 24 drivers/soc/fsl/qe/tsa.c | 2 drivers/soc/qcom/smd-rpm.c | 35 drivers/soc/versatile/soc-integrator.c | 1 drivers/soc/versatile/soc-realview.c | 20 drivers/spi/atmel-quadspi.c | 15 drivers/spi/spi-airoha-snfi.c | 43 drivers/spi/spi-bcmbca-hsspi.c | 8 drivers/spi/spi-fsl-lpspi.c | 1 drivers/spi/spi-nxp-fspi.c | 54 drivers/spi/spi-ppc4xx.c | 7 drivers/staging/media/starfive/camss/stf-camss.c | 2 drivers/thermal/gov_bang_bang.c | 14 drivers/thermal/thermal_core.c | 78 drivers/tty/serial/8250/8250_omap.c | 2 drivers/tty/serial/qcom_geni_serial.c | 101 - drivers/tty/serial/rp2.c | 2 drivers/tty/serial/serial_core.c | 13 drivers/ufs/host/ufs-qcom.c | 2 drivers/usb/cdns3/cdnsp-ring.c | 6 drivers/usb/cdns3/host.c | 4 drivers/usb/class/cdc-acm.c | 2 drivers/usb/dwc2/drd.c | 9 drivers/usb/gadget/udc/dummy_hcd.c | 14 drivers/usb/host/xhci-mem.c | 5 drivers/usb/host/xhci-pci.c | 22 drivers/usb/host/xhci-ring.c | 14 drivers/usb/host/xhci.h | 3 drivers/usb/misc/appledisplay.c | 15 drivers/usb/misc/cypress_cy7c63.c | 4 drivers/usb/misc/yurex.c | 10 drivers/vdpa/mlx5/core/mr.c | 3 drivers/vhost/vdpa.c | 16 drivers/video/fbdev/hpfb.c | 1 drivers/video/fbdev/xen-fbfront.c | 1 drivers/watchdog/imx_sc_wdt.c | 24 drivers/xen/swiotlb-xen.c | 10 fs/autofs/inode.c | 3 fs/btrfs/btrfs_inode.h | 1 fs/btrfs/ctree.h | 2 fs/btrfs/extent-tree.c | 4 fs/btrfs/file.c | 34 fs/btrfs/ioctl.c | 4 fs/btrfs/subpage.c | 10 fs/btrfs/tree-checker.c | 2 fs/cachefiles/xattr.c | 34 fs/debugfs/inode.c | 24 fs/erofs/inode.c | 20 fs/erofs/zdata.c | 136 - fs/eventpoll.c | 2 fs/exfat/nls.c | 5 fs/ext4/ialloc.c | 14 fs/ext4/inline.c | 35 fs/ext4/mballoc.c | 10 fs/ext4/super.c | 29 fs/f2fs/compress.c | 36 fs/f2fs/data.c | 10 fs/f2fs/dir.c | 3 fs/f2fs/extent_cache.c | 4 fs/f2fs/f2fs.h | 37 fs/f2fs/file.c | 101 - fs/f2fs/inode.c | 5 fs/f2fs/namei.c | 68 fs/f2fs/segment.c | 15 fs/f2fs/super.c | 16 fs/f2fs/xattr.c | 14 fs/fcntl.c | 14 fs/fs_parser.c | 34 fs/fuse/file.c | 2 fs/inode.c | 4 fs/jfs/jfs_dmap.c | 4 fs/jfs/jfs_imap.c | 2 fs/namespace.c | 14 fs/netfs/main.c | 4 fs/nfs/nfs4state.c | 1 fs/nfsd/filecache.c | 3 fs/nfsd/nfs4idmap.c | 13 fs/nfsd/nfs4recover.c | 8 fs/nfsd/nfs4state.c | 164 - fs/nilfs2/btree.c | 12 fs/quota/dquot.c | 3 fs/smb/server/vfs.c | 19 include/acpi/acoutput.h | 5 include/acpi/cppc_acpi.h | 2 include/linux/bpf.h | 9 include/linux/bpf_lsm.h | 8 include/linux/compiler.h | 2 include/linux/f2fs_fs.h | 2 include/linux/fs_parser.h | 6 include/linux/lsm_hook_defs.h | 1 include/linux/lsm_hooks.h | 1 include/linux/sbitmap.h | 2 include/linux/soc/qcom/geni-se.h | 9 include/linux/usb/usbnet.h | 15 include/net/bluetooth/hci_core.h | 4 include/net/ip.h | 2 include/net/mac80211.h | 7 include/net/tcp.h | 21 include/sound/tas2781.h | 7 include/trace/events/f2fs.h | 3 io_uring/io-wq.c | 25 io_uring/io_uring.c | 4 io_uring/rw.c | 8 io_uring/sqpoll.c | 12 kernel/bpf/bpf_lsm.c | 34 kernel/bpf/btf.c | 13 kernel/bpf/helpers.c | 12 kernel/bpf/syscall.c | 4 kernel/bpf/verifier.c | 134 - kernel/kthread.c | 10 kernel/locking/lockdep.c | 48 kernel/module/Makefile | 2 kernel/padata.c | 6 kernel/rcu/tree_nocb.h | 5 kernel/sched/deadline.c | 38 kernel/sched/fair.c | 34 kernel/trace/bpf_trace.c | 15 lib/debugobjects.c | 5 lib/sbitmap.c | 4 lib/xz/xz_crc32.c | 2 lib/xz/xz_private.h | 4 mm/damon/vaddr.c | 2 mm/huge_memory.c | 2 mm/hugetlb.c | 176 + mm/internal.h | 11 mm/memory.c | 8 mm/migrate.c | 2 mm/mmap.c | 4 mm/util.c | 2 net/bluetooth/hci_conn.c | 6 net/bluetooth/hci_sync.c | 5 net/bluetooth/mgmt.c | 13 net/can/bcm.c | 4 net/can/j1939/transport.c | 8 net/core/filter.c | 71 net/core/sock_map.c | 1 net/hsr/hsr_slave.c | 11 net/ipv4/icmp.c | 103 - net/ipv6/Kconfig | 1 net/ipv6/icmp.c | 28 net/ipv6/netfilter/nf_reject_ipv6.c | 14 net/ipv6/route.c | 2 net/ipv6/rpl_iptunnel.c | 12 net/mac80211/iface.c | 17 net/mac80211/mlme.c | 30 net/mac80211/offchannel.c | 1 net/mac80211/rate.c | 2 net/mac80211/scan.c | 2 net/mac80211/tx.c | 2 net/netfilter/nf_conntrack_netlink.c | 7 net/netfilter/nf_tables_api.c | 18 net/netfilter/nft_compat.c | 6 net/netfilter/nft_dynset.c | 6 net/netfilter/nft_log.c | 2 net/netfilter/nft_meta.c | 2 net/netfilter/nft_numgen.c | 2 net/netfilter/nft_set_pipapo.c | 13 net/netfilter/nft_tunnel.c | 5 net/qrtr/af_qrtr.c | 2 net/tipc/bcast.c | 2 net/wireless/nl80211.c | 3 net/wireless/scan.c | 6 net/wireless/sme.c | 3 net/wireless/util.c | 10 net/xdp/xsk_buff_pool.c | 25 samples/bpf/Makefile | 6 security/apparmor/include/net.h | 3 security/apparmor/lsm.c | 17 security/apparmor/net.c | 2 security/bpf/hooks.c | 1 security/integrity/ima/ima.h | 2 security/integrity/ima/ima_iint.c | 20 security/integrity/ima/ima_main.c | 2 security/landlock/fs.c | 9 security/security.c | 68 security/selinux/hooks.c | 80 security/selinux/include/objsec.h | 5 security/selinux/netlabel.c | 23 security/smack/smack.h | 5 security/smack/smack_lsm.c | 70 security/smack/smack_netfilter.c | 4 security/smack/smackfs.c | 2 sound/pci/hda/cs35l41_hda_spi.c | 1 sound/pci/hda/tas2781_hda_i2c.c | 2 sound/soc/codecs/rt5682.c | 4 sound/soc/codecs/rt5682s.c | 4 sound/soc/codecs/tas2781-comlib.c | 3 sound/soc/codecs/tas2781-fmwlib.c | 1 sound/soc/codecs/tas2781-i2c.c | 58 sound/soc/loongson/loongson_card.c | 4 tools/bpf/runqslower/Makefile | 3 tools/build/feature/test-all.c | 4 tools/include/nolibc/string.h | 1 tools/lib/bpf/libbpf.c | 75 tools/objtool/arch/loongarch/decode.c | 11 tools/objtool/check.c | 23 tools/objtool/include/objtool/elf.h | 1 tools/perf/builtin-c2c.c | 14 tools/perf/builtin-inject.c | 1 tools/perf/builtin-mem.c | 20 tools/perf/builtin-report.c | 3 tools/perf/builtin-sched.c | 8 tools/perf/scripts/python/arm-cs-trace-disasm.py | 9 tools/perf/util/annotate-data.c | 2 tools/perf/util/bpf_skel/lock_data.h | 4 tools/perf/util/bpf_skel/vmlinux/vmlinux.h | 1 tools/perf/util/dwarf-aux.c | 16 tools/perf/util/mem-events.c | 20 tools/perf/util/mem-events.h | 4 tools/perf/util/session.c | 3 tools/perf/util/stat-display.c | 3 tools/perf/util/time-utils.c | 4 tools/perf/util/tool.h | 1 tools/power/cpupower/lib/powercap.c | 8 tools/testing/selftests/arm64/signal/Makefile | 2 tools/testing/selftests/arm64/signal/sve_helpers.c | 56 tools/testing/selftests/arm64/signal/sve_helpers.h | 21 tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sme_change_vl.c | 46 tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sve_change_vl.c | 30 tools/testing/selftests/arm64/signal/testcases/ssve_regs.c | 36 tools/testing/selftests/arm64/signal/testcases/ssve_za_regs.c | 36 tools/testing/selftests/arm64/signal/testcases/sve_regs.c | 32 tools/testing/selftests/arm64/signal/testcases/za_no_regs.c | 32 tools/testing/selftests/arm64/signal/testcases/za_regs.c | 36 tools/testing/selftests/bpf/Makefile | 13 tools/testing/selftests/bpf/bench.c | 1 tools/testing/selftests/bpf/bench.h | 1 tools/testing/selftests/bpf/map_tests/sk_storage_map.c | 2 tools/testing/selftests/bpf/prog_tests/bpf_iter_setsockopt.c | 2 tools/testing/selftests/bpf/prog_tests/core_reloc.c | 1 tools/testing/selftests/bpf/prog_tests/crypto_sanity.c | 1 tools/testing/selftests/bpf/prog_tests/decap_sanity.c | 1 tools/testing/selftests/bpf/prog_tests/flow_dissector.c | 2 tools/testing/selftests/bpf/prog_tests/kfree_skb.c | 1 tools/testing/selftests/bpf/prog_tests/lwt_redirect.c | 1 tools/testing/selftests/bpf/prog_tests/lwt_reroute.c | 1 tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c | 2 tools/testing/selftests/bpf/prog_tests/parse_tcp_hdr_opt.c | 1 tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 1 tools/testing/selftests/bpf/prog_tests/tc_redirect.c | 12 tools/testing/selftests/bpf/prog_tests/tcp_rtt.c | 1 tools/testing/selftests/bpf/prog_tests/user_ringbuf.c | 1 tools/testing/selftests/bpf/progs/bpf_misc.h | 31 tools/testing/selftests/bpf/progs/cg_storage_multi.h | 2 tools/testing/selftests/bpf/progs/test_libbpf_get_fd_by_id_opts.c | 1 tools/testing/selftests/bpf/progs/verifier_spill_fill.c | 8 tools/testing/selftests/bpf/test_cpp.cpp | 4 tools/testing/selftests/bpf/test_loader.c | 299 ++- tools/testing/selftests/bpf/test_lru_map.c | 3 tools/testing/selftests/bpf/test_progs.c | 18 tools/testing/selftests/bpf/test_progs.h | 1 tools/testing/selftests/bpf/testing_helpers.c | 6 tools/testing/selftests/bpf/unpriv_helpers.c | 1 tools/testing/selftests/bpf/veristat.c | 8 tools/testing/selftests/dt/test_unprobed_devices.sh | 15 tools/testing/selftests/ftrace/test.d/00basic/test_ownership.tc | 12 tools/testing/selftests/ftrace/test.d/ftrace/func_set_ftrace_file.tc | 9 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_char.tc | 2 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_string.tc | 2 tools/testing/selftests/kselftest.h | 2 tools/testing/selftests/net/netfilter/ipvs.sh | 2 tools/testing/selftests/resctrl/cat_test.c | 7 virt/kvm/kvm_main.c | 31 622 files changed, 7149 insertions(+), 4458 deletions(-) Aaron Lu (1): x86/sgx: Fix deadlock in SGX NUMA node search Abel Vesa (1): arm64: dts: qcom: x1e80100: Fix PHY for DP2 Abhinav Kumar (1): drm/msm/dp: enable widebus on all relevant chipsets Adrian Hunter (1): perf/x86/intel/pt: Fix sampling synchronization Aleksa Sarai (1): autofs: fix missing fput for FSCONFIG_SET_FD Aleksandr Mishin (2): ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() drm/msm: Fix incorrect file name output in adreno_request_fw() Alex Bee (1): drm/rockchip: vop: Allow 4096px width scaling Alex Deucher (3): drm/amdgpu: properly handle vbios fake edid sizing drm/radeon: properly handle vbios fake edid sizing drm/amdgpu/mes11: reduce timeout Alexander Dahl (3): ARM: dts: microchip: sam9x60: Fix rtc/rtt clocks spi: atmel-quadspi: Avoid overwriting delay register settings spi: atmel-quadspi: Fix wrong register value written to MR Alexander Lobakin (3): idpf: stop using macros for accessing queue descriptors idpf: split &idpf_queue into 4 strictly-typed queue structures idpf: merge singleq and splitq &net_device_ops Alexander Shiyan (1): clk: rockchip: rk3588: Fix 32k clock name for pmu_24m_32k_100m_src_p Alexandra Diupina (1): PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() Alexei Starovoitov (1): selftests/bpf: Workaround strict bpf_lsm return value check. Alexey Gladkov (Intel) (1): x86/tdx: Fix "in-kernel MMIO" check Amit Shah (1): crypto: ccp - do not request interrupt on cmd completion when irqs disabled Anastasia Belova (1): arm64: esr: Define ESR_ELx_EC_* constants as UL Andre Przywara (1): kselftest/arm64: signal: fix/refactor SVE vector length enumeration Andrew Davis (3): arm64: dts: ti: k3-j721e-sk: Fix reversed C6x carveout locations arm64: dts: ti: k3-j721e-beagleboneai64: Fix reversed C6x carveout locations hwmon: (max16065) Remove use of i2c_match_id() Andrew Jones (1): RISC-V: KVM: Fix sbiret init before forwarding to userspace Andrey Konovalov (1): usb: gadget: dummy_hcd: execute hrtimer callback in softirq context Andrii Nakryiko (1): libbpf: Fix bpf_object__open_skeleton()'s mishandling of options Andy Shevchenko (3): spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ platform/x86: ideapad-laptop: Make the scope_guard() clear of its scope i2c: isch: Add missed 'else' AngeloGioacchino Del Regno (1): arm64: dts: mediatek: mt8186: Fix supported-hw mask for GPU OPPs Ankit Agrawal (1): clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() Antoniu Miclaus (1): ABI: testing: fix admv8818 attr description Anup Patel (1): RISC-V: KVM: Don't zero-out PMU snapshot area before freeing data Ard Biesheuvel (1): efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption Arend van Spriel (1): wifi: brcmfmac: introducing fwil query functions Arnaldo Carvalho de Melo (1): perf build: Fix up broken capstone feature detection fast path Artur Weber (1): power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense Atish Patra (2): RISC-V: KVM: Allow legacy PMU access from guest RISC-V: KVM: Fix to allow hpmcounter31 from the guest Avraham Stern (1): wifi: iwlwifi: mvm: increase the time between ranging measurements Baochen Qiang (1): wifi: ath12k: fix invalid AMPDU factor calculation in ath12k_peer_assoc_h_he() Baokun Li (1): netfs: Delete subtree of 'fs/netfs' when netfs module exits Biju Das (1): media: platform: rzg2l-cru: rzg2l-csi2: Add missing MODULE_DEVICE_TABLE Bitterblue Smith (3): wifi: rtw88: Fix USB/SDIO devices not transmitting beacons wifi: rtw88: 8822c: Fix reported RX band width wifi: rtw88: 8703b: Fix reported RX band width Bjørn Mork (1): wifi: mt76: mt7915: fix oops on non-dbdc mt7986 Brian Masney (1): crypto: qcom-rng - fix support for ACPI-based systems Calvin Owens (1): ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Casey Schaufler (1): lsm: infrastructure management of the sock security Chao Yu (9): f2fs: atomic: fix to avoid racing w/ GC f2fs: reduce expensive checkpoint trigger frequency f2fs: fix to avoid racing in between read and OPU dio write f2fs: fix to wait page writeback before setting gcing flag f2fs: atomic: fix to truncate pagecache before on-disk metadata truncation f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread() f2fs: get rid of online repaire on corrupted directory f2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error() f2fs: fix to check atomic_file in f2fs ioctl interfaces Charles Han (1): mtd: powernv: Add check devm_kasprintf() returned value Chen Ni (1): iommu/amd: Convert comma to semicolon Chen Yu (2): kthread: fix task state in kthread worker if being frozen sched/pelt: Use rq_clock_task() for hw_pressure Chen-Yu Tsai (5): regulator: Return actual error in of_regulator_bulk_get_all() arm64: dts: mediatek: mt8195: Correct clock order for dp_intf* arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled arm64: dts: mediatek: mt8395-nio-12l: Mark USB 3.0 on xhci1 as disabled arm64: dts: mediatek: mt8186-corsola: Disable DPI display interface Cheng Xu (1): RDMA/erdma: Return QP state in erdma_query_qp Chengchang Tang (2): RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS Chris Morgan (1): power: supply: axp20x_battery: Remove design from min and max voltage Christophe JAILLET (3): fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() drm/stm: Fix an error handling path in stm_drm_platform_probe() pinctrl: ti: ti-iodelay: Fix some error handling paths Christophe Leroy (3): powerpc/8xx: Fix initial memory mapping powerpc/8xx: Fix kernel vs user address comparison powerpc/vdso: Inconditionally use CFUNC macro Claudiu Beznea (3): ARM: dts: microchip: sama7g5: Fix RTT clock drm/stm: ltdc: check memory returned by devm_kzalloc() clk: at91: sama7g5: Allocate only the needed amount of memory for PLLs Clément Léger (1): ACPI: CPPC: Fix MASK_VAL() usage Connor Abbott (3): drm/msm: Use a7xx family directly in gpu_state drm/msm: Dump correct dbgahb clusters on a750 drm/msm: Fix CP_BV_DRAW_STATE_ADDR name Cristian Ciocaltea (1): phy: phy-rockchip-samsung-hdptx: Explicitly include pm_runtime.h Cristian Marussi (1): firmware: arm_scmi: Fix double free in OPTEE transport Cupertino Miranda (1): selftests/bpf: Support checks against a regular expression D Scott Phillips (1): arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a Daeho Jeong (1): f2fs: prevent atomic file from being dirtied before commit Daehwan Jung (1): xhci: Add a quirk for writing ERST in high-low order Damien Le Moal (1): ata: libata-scsi: Fix ata_msense_control() CDL page reporting Dan Carpenter (5): crypto: iaa - Fix potential use after free bug powercap: intel_rapl: Fix off by one in get_rpi() scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() PCI: keystone: Fix if-statement expression in ks_pcie_quirk() ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() Daniel Borkmann (4): bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit bpf: Fix helper writes to read-only maps bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error Daniel Yang (1): exfat: resolve memory leak from exfat_create_upcase_table() Danny Tsen (1): crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 Dave Jiang (1): ntb: Force physically contiguous allocation of rx ring buffers Dave Martin (1): arm64: signal: Fix some under-bracketed UAPI macros David Gow (1): mm: only enforce minimum stack gap size if it's sensible David Howells (1): cachefiles: Fix non-taking of sb_writers around set/removexattr David Lechner (1): clk: ti: dra7-atl: Fix leak of of_nodes David Vernet (1): libbpf: Don't take direct pointers into BTF data from st_ops David Virag (1): arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB Dmitry Antipov (4): wifi: rtw88: always wait for both firmware loading attempts wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Dmitry Baryshkov (9): iommu/arm-smmu-qcom: apply num_context_bank fixes for SDM630 / SDM660 drm/msm/dsi: correct programming sequence for SM8350 / SM8450 clk: qcom: dispcc-sm8550: fix several supposed typos clk: qcom: dispcc-sm8550: use rcg2_ops for mdss_dptx1_aux_clk_src clk: qcom: dispcc-sm8650: Update the GDSC flags clk: qcom: dispcc-sm8550: use rcg2_shared_ops for ESC RCGs clk: qcom: dispcc-sm8250: use special function for Lucid 5LPE PLL interconnect: qcom: sm8250: Enable sync_state Revert "soc: qcom: smd-rpm: Match rpmsg channel instead of compatible" Dmitry Kandybka (1): wifi: rtw88: remove CPT execution branch never used Dmitry Vyukov (2): x86/entry: Remove unwanted instrumentation in common_interrupt() module: Fix KCOV-ignored file name Douglas Anderson (4): arm64: smp: smp_send_stop() and crash_smp_send_stop() should try non-NMI first soc: qcom: geni-se: add GP_LENGTH/IRQ_EN_SET/IRQ_EN_CLEAR registers serial: qcom-geni: fix arg types for qcom_geni_serial_poll_bit() serial: qcom-geni: introduce qcom_geni_serial_poll_bitfield() Dragan Simic (2): arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity Dragos Tatulea (1): vdpa/mlx5: Fix invalid mr resource destroy Eduard Zingerman (7): selftests/bpf: no need to track next_match_pos in struct test_loader selftests/bpf: extract test_loader->expect_msgs as a data structure selftests/bpf: allow checking xlated programs in verifier_* tests selftests/bpf: __arch_* macro to limit test cases to specific archs selftests/bpf: fix to avoid __msg tag de-duplication by clang bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos selftests/bpf: correctly move 'log' upon successful match Eliav Bar-ilan (1): iommu/amd: Fix argument order in amd_iommu_dev_flush_pasid_all() Emanuele Ghidoli (2): Input: ilitek_ts_i2c - avoid wrong input subsystem sync Input: ilitek_ts_i2c - add report id message validation Emmanuel Grumbach (2): wifi: mac80211: fix the comeback long retry times wifi: iwlwifi: mvm: allow ESR when we the ROC expires Eric Dumazet (4): sock_map: Add a cond_resched() in sock_hash_free() ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() icmp: change the order of rate limits Eric Sandeen (2): fs_parse: add uid & gid option option parsing helpers debugfs: Convert to new uid/gid option parsing helpers Esther Shimanovich (1): ACPI: video: force native for Apple MacbookPro9,2 Fabio Porcedda (1): bus: mhi: host: pci_generic: Fix the name for the Telit FE990A Fangzhi Zuo (2): drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination drm/amd/display: Skip Recompute DSC Params if no Stream on Link Fei Shao (1): drm/mediatek: Use spin_lock_irqsave() for CRTC event lock Felix Fietkau (2): wifi: mt76: mt7603: fix mixed declarations and code wifi: mt76: mt7996: fix uninitialized TLV data Felix Moessbauer (4): io_uring/io-wq: do not allow pinning outside of cpuset io_uring/io-wq: inherit cpuset of cgroup in io worker io_uring/sqpoll: do not allow pinning outside of cpuset io_uring/sqpoll: do not put cpumask on stack Filipe Manana (1): btrfs: fix race setting file private on concurrent lseek using same fd Finn Thain (5): m68k: Fix kernel_clone_args.flags in m68k_clone() scsi: NCR5380: Check for phase match during PDMA fixup scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages scsi: mac_scsi: Refactor polling loop scsi: mac_scsi: Disallow bus errors during PDMA send Florian Fainelli (1): tty: rp2: Fix reset with non forgiving PCIe host bridges Frank Li (2): dt-bindings: PCI: layerscape-pci: Replace fsl,lx2160a-pcie with fsl,lx2160ar2-pcie PCI: imx6: Fix missing call to phy_power_off() in error handling Frederic Weisbecker (1): rcu/nocb: Fix RT throttling hrtimer armed from offline CPU Furong Xu (1): net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled Gao Xiang (3): erofs: fix incorrect symlink detection in fast symlink erofs: tidy up `struct z_erofs_bvec` erofs: handle overlapped pclusters out of crafted images properly Gaosheng Cui (2): hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume Geert Uytterhoeven (1): pmdomain: core: Harden inter-column space in debug summary Gilbert Wu (1): scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly Golan Ben Ami (1): wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL Greg Kroah-Hartman (1): Linux 6.10.13 Guenter Roeck (2): hwmon: (max16065) Fix overflows seen when writing limits hwmon: (max16065) Fix alarm attributes Guillaume Nault (2): bareudp: Pull inner IP header in bareudp_udp_encap_recv(). bareudp: Pull inner IP header on xmit. Guillaume Stols (2): iio: adc: ad7606: fix oversampling gpio array iio: adc: ad7606: fix standby gpio state to match the documentation Guoqing Jiang (2): nfsd: call cache_put if xdr_reserve_space returns NULL hwrng: mtk - Use devm_pm_runtime_enable Haibo Chen (3): spi: fspi: involve lut_num for struct nxp_fspi_devtype_data dt-bindings: spi: nxp-fspi: add imx8ulp support spi: fspi: add support for imx8ulp Hannes Reinecke (1): nvme-multipath: system fails to create generic nvme device Hao Ge (1): selftests/bpf: Fix incorrect parameters in NULL pointer checking Harald Freudenberger (1): s390/ap: Fix deadlock caused by recursive lock of the AP bus scan mutex Heiner Kallweit (1): r8169: disable ALDPS per default for RTL8125 Helge Deller (1): crypto: xor - fix template benchmarking Herbert Xu (2): crypto: n2 - Set err to EINVAL if snprintf fails for hmac crypto: caam - Pad SG length when allocating hash edesc Herve Codina (2): soc: fsl: cpm1: qmc: Update TRNSYNC only in transparent mode soc: fsl: cpm1: tsa: Fix tsa_write8() Hobin Woo (1): ksmbd: make __dir_empty() compatible with POSIX Hou Wenlong (1): KVM: x86: Drop unused check_apicv_inhibit_reasons() callback definition Howard Hsu (3): wifi: mt76: mt7996: fix HE and EHT beamforming capabilities wifi: mt76: mt7996: fix EHT beamforming capability check wifi: mt76: mt7915: fix rx filter setting for bfee functionality Huacai Chen (1): Revert "LoongArch: KVM: Invalidate guest steal time address on vCPU reset" Huang Shijie (1): sched/deadline: Fix schedstats vs deadline servers Ian Rogers (2): perf inject: Fix leader sampling inserting additional samples perf time-utils: Fix 32-bit nsec parsing Ilan Peer (1): wifi: mac80211: Check for missing VHT elements only for 5 GHz Ilpo Järvinen (1): PCI: Wait for Link before restoring Downstream Buses Jack Wang (1): RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer Jacky Bai (1): clk: imx: composite-93: keep root clock on when mcore enabled Jake Hamby (1): can: m_can: enable NAPI before enabling interrupts James Clark (1): perf scripts python cs-etm: Restore first sample log in verbose mode Jann Horn (2): firmware_loader: Block path traversal f2fs: Require FMODE_WRITE for atomic write ioctls Jason Andryuk (1): fbdev: xen-fbfront: Assign fb_info->device Jason Gerecke (2): HID: wacom: Support sequence numbers smaller than 16-bit HID: wacom: Do not warn about dropped packets for first packet Jason Gunthorpe (7): iommu/amd: Allocate the page table root using GFP_KERNEL iommu/amd: Move allocation of the top table into v1_alloc_pgtable iommu/amd: Set the pgsize_bitmap correctly iommu/amd: Do not set the D bit on AMD v2 table entries iommufd/selftest: Fix buffer read overrrun in the dirty test iommufd: Check the domain owner of the parent before creating a nesting domain iommufd: Protect against overflow of ALIGN() during iova allocation Jason Wang (1): vhost_vdpa: assign irq bypass producer token correctly Jason-JH.Lin (1): drm/mediatek: Fix missing configuration flags in mtk_crtc_ddp_config() Javier Carrasco (3): leds: bd2606mvv: Fix device child node usage in bd2606mvv_probe() leds: pca995x: Use device_for_each_child_node() to access device child nodes leds: pca995x: Fix device child node usage in pca995x_probe() Jeff Layton (3): nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire nfsd: fix refcount leak when file is unhashed after being found nfsd: fix initial getattr on write delegation Jens Axboe (3): io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL io_uring/sqpoll: retain test for whether the CPU is valid Jeongjun Park (2): jfs: fix out-of-bounds in dbNextAG() and diAlloc() mm: migrate: annotate data-race in migrate_folio_unmap() Jiangshan Yi (1): samples/bpf: Fix compilation errors with cf-protection option Jiawei Ye (2): wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso Jie Gan (2): Coresight: Set correct cs_mode for TPDM to fix disable issue Coresight: Set correct cs_mode for dummy source to fix disable issue Jing Zhang (1): drivers/perf: Fix ali_drw_pmu driver interrupt status clearing Jinjie Ruan (8): net: enetc: Use IRQF_NO_AUTOEN flag in request_irq() spi: bcmbca-hsspi: Fix missing pm_runtime_disable() mtd: rawnand: mtk: Use for_each_child_of_node_scoped() riscv: Fix fp alignment bug in perf_callchain_user() ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() spi: atmel-quadspi: Undo runtime PM changes at driver exit time spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time driver core: Fix a potential null-ptr-deref in module_add_driver() Jiri Slaby (SUSE) (1): serial: don't use uninitialized value in uart_poll_init() Jiwon Kim (1): bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave() Johan Hovold (3): serial: qcom-geni: fix fifo polling timeout serial: qcom-geni: fix false console tx restart serial: qcom-geni: fix console corruption Johannes Berg (1): wifi: iwlwifi: config: label 'gl' devices as discrete John B. Wyatt IV (1): pm:cpupower: Add missing powercap_set_enabled() stub function Jon Hunter (1): arm64: tegra: Correct location of power-sensors for IGX Orin Jonas Blixt (1): watchdog: imx_sc_wdt: Don't disable WDT in suspend Jonas Karlman (3): arm64: dts: rockchip: Correct vendor prefix for Hardkernel ODROID-M1 drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 Jonathan McDowell (1): tpm: Clean up TPM space after command failure Josh Hunt (1): tcp: check skb is non-NULL in tcp_rto_delta_us() Juergen Gross (9): xen: use correct end address of kernel for conflict checking xen: introduce generic helper checking for memory map conflicts xen: move max_pfn in xen_memory_setup() out of function scope xen: add capability to remap non-RAM pages to different PFNs xen: tolerate ACPI NVS memory overlapping with Xen allocated memory xen/swiotlb: add alignment check for dma buffers xen/swiotlb: fix allocated size xen: move checks for e820 conflicts further up xen: allow mapping ACPI data using a different physical address Julian Sun (1): vfs: fix race between evice_inodes() and find_inode()&iput() Junlin Li (2): drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error Junxian Huang (5): RDMA/hns: Don't modify rq next block addr in HIP09 QPC RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler RDMA/hns: Optimize hem allocation performance RDMA/hns: Fix restricted __le16 degrades to integer issue RDMA/hns: Fix ah error counter in sw stat not increasing Justin Iurman (1): net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input Justin Tee (1): scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs Kaixin Wang (1): net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition Kamlesh Gurudasani (1): padata: Honor the caller's alignment in case of chunk_size 0 Kan Liang (4): perf report: Fix --total-cycles --stdio output error perf mem: Check mem_events for all eligible PMUs perf mem: Fix missed p-core mem events on ADL and RPL perf/x86/intel: Allow to setup LBR for counting event for BPF Kang Yang (1): wifi: ath11k: use work queue to process beacon tx event Kees Cook (2): leds: gpio: Set num_leds after allocation interconnect: icc-clk: Add missed num_nodes initialization Kemeng Shi (4): ext4: avoid buffer_head leak in ext4_mark_inode_used() ext4: avoid potential buffer_head leak in __ext4_new_inode() ext4: avoid negative min_clusters in find_group_orlov() quota: avoid missing put_quota_format when DQUOT_SUSPENDED is passed Kexy Biscuit (1): tpm: export tpm2_sessions_init() to fix ibmvtpm building Kirill A. Shutemov (4): x86/mm: Make x86_platform.guest.enc_status_change_*() return an error x86/tdx: Account shared memory x86/mm: Add callbacks to prepare encrypted memory for kexec x86/tdx: Convert shared memory back to private on kexec Konrad Dybcio (1): iommu/arm-smmu-qcom: Work around SDM845 Adreno SMMU w/ 16K pages Krishna chaitanya chundru (2): perf/dwc_pcie: Fix registration issue in multi PCIe controller instances perf/dwc_pcie: Always register for PCIe bus notifier Krzysztof Kozlowski (13): ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property ARM: versatile: fix OF node leak in CPUs prepare reset: berlin: fix OF node leak in probe() error path reset: k210: fix OF node leak in probe() error path iio: magnetometer: ak8975: drop incorrect AK09116 compatible dt-bindings: iio: asahi-kasei,ak8975: drop incorrect AK09116 compatible soc: versatile: integrator: fix OF node leak in probe() error path bus: integrator-lm: fix OF node leak in probe() cpuidle: riscv-sbi: Use scoped device node handling to fix missing of_node_put ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp pinctrl ARM: dts: imx6ull-seeed-npi: fix fsl,pins property in tscgrp pinctrl soc: versatile: realview: fix memory leak during device remove soc: versatile: realview: fix soc_dev leak during device remove Kuniyuki Iwashima (1): can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). Lad Prabhakar (4): arm64: dts: renesas: r9a08g045: Correct GICD and GICR sizes arm64: dts: renesas: r9a07g043u: Correct GICD and GICR sizes arm64: dts: renesas: r9a07g054: Correct GICD and GICR sizes arm64: dts: renesas: r9a07g044: Correct GICD and GICR sizes Lang Yu (1): drm/amdgpu: fix invalid fence handling in amdgpu_vm_tlb_flush Lasse Collin (1): xz: cleanup CRC32 edits from 2018 Laurent Pinchart (1): Remove *.orig pattern from .gitignore Leo Ma (1): drm/amd/display: Add HDMI DSC native YCbCr422 support Leon Hwang (2): bpf, x64: Fix tailcall hierarchy bpf, arm64: Fix tailcall hierarchy Li Chen (1): ACPI: resource: Do IRQ override on MECHREV GM7XG0M Li Lingfeng (2): nfsd: return -EINVAL when namelen is 0 nfs: fix memory leak in error path of nfs4_do_reclaim Li Zhijian (1): nvdimm: Fix devs leaks in scan_labels() Liam R. Howlett (1): mm/damon/vaddr: protect vma traversal in __damon_va_thre_regions() with rcu read lock Linus Torvalds (1): minmax: avoid overly complex min()/max() macro arguments in xen Linus Walleij (2): ASoC: tas2781-i2c: Drop weird GPIO code ASoC: tas2781-i2c: Get the right GPIO line Liu Ying (1): drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() Lorenzo Bianconi (3): spi: airoha: fix dirmap_{read,write} operations spi: airoha: fix airoha_snand_{write,read}_data data_len estimation spi: airoha: remove read cache in airoha_snand_dirmap_read() Luca Stefani (1): btrfs: always update fstrim_range on failure in FITRIM ioctl Luiz Augusto von Dentz (3): Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL Bluetooth: btusb: Fix not handling ZPL/short-transfer MD Danish Anwar (1): arm64: dts: ti: k3-am654-idk: Fix dtbs_check warning in ICSSG dmas Ma Ke (8): spi: ppc4xx: handle irq_of_parse_and_map() errors ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error pps: add an error check in parport_attach wifi: mt76: mt7921: Check devm_kasprintf() returned value wifi: mt76: mt7915: check devm_kasprintf() returned value wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he wifi: mt76: mt7615: check devm_kasprintf() returned value Maciej Fijalkowski (1): xsk: fix batch alloc API on non-coherent systems Maciej W. Rozycki (4): PCI: Revert to the original speed after PCIe failed link retraining PCI: Clear the LBMS bit after a link retrain PCI: Correct error reporting with PCIe failed link retraining PCI: Use an error code with PCIe failed link retraining Manish Pandey (1): scsi: ufs: qcom: Update MODE_MAX cfg_bw value Manivannan Sadhasivam (1): PCI: qcom-ep: Enable controller resources like PHY only after refclk is available Marc Aurèle La France (1): debugfs show actual source in /proc/mounts Marc Gonzalez (1): iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux Marc Kleine-Budde (1): can: m_can: m_can_close(): stop clocks after device has been shut down Mario Limonciello (1): drm/amd/display: Validate backlight caps are sane Mark Bloch (1): RDMA/mlx5: Obtain upper net device only when needed Mark Brown (1): kselftest/arm64: Actually test SME vector length changes via sigreturn Markus Schneider-Pargmann (1): serial: 8250: omap: Cleanup on error in request_irq Martin Karsten (1): eventpoll: Annotate data-race of busy_poll_usecs Martin Tsai (1): drm/amd/display: Clean up dsc blocks in accelerated mode Martin Wilck (1): scsi: sd: Fix off-by-one error in sd_read_block_characteristics() Masami Hiramatsu (Google) (2): selftests/ftrace: Add required dependency for kprobe tests selftests/ftrace: Fix eventfs ownership testcase to find mount point Mathias Nyman (1): xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them. Max Hawking (1): ntb_perf: Fix printk format Md Haris Iqbal (1): RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds Miaohe Lin (1): mm/huge_memory: ensure huge_zero_folio won't have large_rmappable flag set Michael Ellerman (1): powerpc/atomic: Use YZ constraints for DS-form instructions Michael Guralnik (4): RDMA/mlx5: Fix counter update on MR cache mkey creation RDMA/mlx5: Limit usage of over-sized mkeys from the MR cache RDMA/mlx5: Drop redundant work canceling from clean_keys() RDMA/mlx5: Fix MR cache temp entries cleanup Michal Kubiak (1): idpf: fix netdev Tx queue stop/wake Michal Witwicki (3): crypto: qat - disable IOV in adf_dev_stop() crypto: qat - fix recovery flow for VFs crypto: qat - ensure correct order in VF restarting handler Mickaël Salaün (1): fs: Fix file_set_fowner LSM hook inconsistencies Mikhail Lobanov (2): RDMA/cxgb4: Added NULL check for lookup_atid drbd: Add NULL check for net_conf to prevent dereference in state validation Mikulas Patocka (3): Revert "dm: requeue IO if mapping table not yet available" dm-verity: restart or panic on an I/O error Revert: "dm-verity: restart or panic on an I/O error" Ming Lei (3): ublk: move zone report data out of request pdu nbd: fix race between timeout and normal completion lib/sbitmap: define swap_lock as raw_spinlock_t Ming Yen Hsieh (2): wifi: mt76: mt7921: fix wrong UNII-4 freq range check for the channel usage wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc Miquel Raynal (2): mtd: rawnand: mtk: Factorize out the logic cleaning mtk chips mtd: rawnand: mtk: Fix init error path Mirsad Todorovac (1): mtd: slram: insert break after errors in parsing the map Mukesh Ojha (1): firmware: qcom: scm: Disable SDI and write no dump to dump mode Namhyung Kim (5): perf mem: Free the allocated sort string, fixing a leak perf lock contention: Change stack_id type to s32 perf dwarf-aux: Check allowed location expressions when collecting variables perf annotate-data: Fix off-by-one in location range check perf dwarf-aux: Handle bitfield members from pointer access Namjae Jeon (2): ksmbd: allow write with FILE_APPEND_DATA ksmbd: handle caseless file creation NeilBrown (1): nfsd: untangle code in nfsd4_deleg_getattr_conflict() Nicholas Kazlauskas (1): drm/amd/display: Block dynamic IPS2 on DCN35 for incompatible FW versions Nick Morrow (1): wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c Nikita Zhandarovich (4): drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets f2fs: fix several potential integer overflows in file offsets f2fs: prevent possible int overflow in dir_block_index() f2fs: avoid potential int overflow in sanity_check_area_boundary() Niklas Cassel (1): ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense data Nishanth Menon (1): cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately Nuno Sa (1): Input: adp5588-keys - fix check on return code Nícolas F. R. A. Prado (1): kselftest: dt: Ignore nodes that have ancestors disabled Ojaswin Mujoo (1): ext4: check stripe size compatibility on remount as well Olaf Hering (1): mount: handle OOM on mnt_warn_timestamp_expiry Oleg Nesterov (1): bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() Oliver Neukum (5): usbnet: fix cyclical race on disconnect with work queue USB: appledisplay: close race between probe and completion handler USB: misc: cypress_cy7c63: check for short transfer USB: class: CDC-ACM: fix race between get_serial and set_serial USB: misc: yurex: fix race between read and write Orlando Chamberlain (1): ACPI: video: force native for some T2 macbooks P Praneesh (2): wifi: ath12k: fix BSS chan info request WMI command wifi: ath12k: match WMI BSS chan info structure with firmware definition Pablo Neira Ayuso (7): netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire netfilter: nf_tables: reject element expiration with no timeout netfilter: nf_tables: reject expiration higher than timeout netfilter: nf_tables: remove annotation to access set timeout while holding lock netfilter: nft_dynset: annotate data-races around set timeout netfilter: nf_tables: use rcu chain hook list iterator from netlink dump path netfilter: nf_tables: missing objects with no memcg accounting Paolo Bonzini (1): Documentation: KVM: fix warning in "make htmldocs" Patrisious Haddad (1): IB/core: Fix ib_cache_setup_one error flow cleanup Paul Barker (1): net: ravb: Fix R-Car RX frame size limit Paul Moore (1): lsm: add the inode_free_security_rcu() LSM implementation hook Pavan Kumar Paluri (1): crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure Pawel Laszczak (2): usb: cdnsp: Fix incorrect usb_request status usb: xhci: fix loss of data on Cadence xHC Peng Fan (6): clk: imx: composite-8m: Enable gate clk with mcore_booted clk: imx: imx8qxp: Register dc0_bypass0_clk before disp clk clk: imx: imx8qxp: Parent should be initialized earlier than the clock remoteproc: imx_rproc: Correct ddr alias for i.MX8M remoteproc: imx_rproc: Initialize workqueue earlier pinctrl: ti: iodelay: Use scope based of_node_put() cleanups Pengfei Li (1): clk: imx: fracn-gppll: fix fractional part of PLL getting lost Peter Chiu (4): wifi: mt76: mt7996: use hweight16 to get correct tx antenna wifi: mt76: mt7996: fix traffic delay when switching back to working channel wifi: mt76: mt7996: fix wmm set of station interface to 3 wifi: mt76: connac: fix checksum offload fields of connac3 RXD Phil Sutter (2): netfilter: nf_tables: Keep deleted flowtable hooks until after RCU selftests: netfilter: Avoid hanging ipvs.sh Pieterjan Camerlynck (1): leds: leds-pca995x: Add support for NXP PCA9956B Ping-Ke Shih (2): wifi: rtw89: remove unused C2H event ID RTW89_MAC_C2H_FUNC_READ_WOW_CAM to prevent out-of-bounds reading wifi: mac80211: don't use rate mask for offchannel TX either Qingqing Zhou (1): arm64: dts: qcom: sa8775p: Mark APPS and PCIe SMMUs as DMA coherent Qiu-ji Chen (1): drbd: Fix atomicity violation in drbd_uuid_set_bm() Qiuxu Zhuo (1): EDAC/igen6: Fix conversion of system address to physical memory address Qu Wenruo (2): btrfs: subpage: fix the bitmap dump which can cause bitmap corruption btrfs: tree-checker: fix the wrong output of data backref objectid Rafael J. Wysocki (3): thermal: core: Fold two functions into their respective callers thermal: core: Fix rounding of delay jiffies thermal: gov_bang_bang: Adjust states of all uninitialized instances Rex Lu (1): wifi: mt76: mt7996: fix handling mbss enable/disable Richard Zhu (2): PCI: imx6: Fix establish link failure in EP mode for i.MX8MM and i.MX8MP PCI: imx6: Fix i.MX8MP PCIe EP's occasional failure to trigger MSI Riyan Dhiman (1): block: fix potential invalid pointer dereference in blk_add_partition Rob Herring (Arm) (1): ASoC: tas2781: Use of_property_read_reg() Robin Chen (1): drm/amd/display: Round calculated vtotal Robin Murphy (3): perf/arm-cmn: Refactor node ID handling. Again. perf/arm-cmn: Fix CCLA register offset perf/arm-cmn: Ensure dtm_idx is big enough Roman Smirnov (2): Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" KEYS: prevent NULL pointer dereference in find_asymmetric_key() Ryusuke Konishi (3): nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() nilfs2: determine empty node blocks as corrupted nilfs2: fix potential oob read in nilfs_btree_check_delete() Saleemkhan Jamadar (1): drm/amdgpu/vcn: enable AV1 on both instances Samasth Norway Ananda (1): x86/PCI: Check pcie_find_root_port() return for NULL Sean Anderson (5): PCI: xilinx-nwl: Fix register misspelling PCI: xilinx-nwl: Clean up clock on probe failure/removal net: xilinx: axienet: Schedule NAPI in two steps net: xilinx: axienet: Fix packet counting PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler Sean Christopherson (5): KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock KVM: x86: Make x2APIC ID 100% readonly KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) Sebastian Andrzej Siewior (1): net: hsr: Use the seqnr lock for frames received via interlink port. Sebastien Laveze (1): clk: imx: imx6ul: fix default parent for enet*_ref_sel Shengjiu Wang (1): clk: imx: clk-audiomix: Correct parent clock for earc_phy and audpll Sherry Yang (1): drm/msm: fix %s null argument error Shin'ichiro Kawasaki (1): f2fs: check discard support for conventional zones Shu Han (1): mm: call the security_mmap_file() LSM hook in remap_file_pages() Shuah Khan (1): selftests:resctrl: Fix build failure on archs without __cpuid_count() Shubhrajyoti Datta (1): EDAC/synopsys: Fix error injection on Zynq UltraScale+ Siddharth Vadapalli (2): PCI: dra7xx: Fix threaded IRQ request for "dra7xx-pcie-main" IRQ PCI: dra7xx: Fix error handling when IRQ request fails in probe Simon Horman (1): netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS Snehal Koukuntla (1): KVM: arm64: Add memory length checks and remove inline in do_ffa_mem_xfer Song Liu (1): bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 Srinivasan Shanmugam (1): drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func Stefan Mätje (1): can: esd_usb: Remove CAN_CTRLMODE_3_SAMPLES for CAN-USB/3-FD Stefan Wahren (1): drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get Steven Rostedt (Google) (1): selftests/ftrace: Fix test to handle both old and new kernels Su Hui (1): net: tipc: avoid possible garbage value Sung Joon Kim (1): drm/amd/display: Disable SYMCLK32_LE root clock gating Suzuki K Poulose (1): coresight: tmc: sg: Do not leak sg_table Svyatoslav Pankratov (1): crypto: qat - fix "Full Going True" macro definition Takashi Sakamoto (1): firewire: core: correct range of block for case of switch statement Thadeu Lima de Souza Cascardo (2): ext4: return error on ext4_find_inline_entry ext4: avoid OOB when system.data xattr changes underneath the filesystem Thomas Weißschuh (3): net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL ACPI: sysfs: validate return type of _STR method tools/nolibc: include arch.h from string.h Tianchen Ding (1): sched/fair: Make SCHED_IDLE entity be preempted in strict hierarchy Tiezhu Yang (2): objtool: Handle frame pointer related instructions compiler.h: specify correct attribute for .rodata..c_jump_table Toke Høiland-Jørgensen (1): wifi: ath9k: Remove error checks when creating debugfs entries Tomas Marek (1): usb: dwc2: drd: fix clock gating on USB role switch Tommy Huang (1): i2c: aspeed: Update the stop sw state when the bus recovery occurs Tony Ambardar (26): selftests/bpf: Fix error linking uprobe_multi on mips selftests/bpf: Fix wrong binary in Makefile log output tools/runqslower: Fix LDFLAGS and add LDLIBS support selftests/bpf: Use pid_t consistently in test_progs.c selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc selftests/bpf: Drop unneeded error.h includes selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c selftests/bpf: Fix missing UINT_MAX definitions in benchmarks selftests/bpf: Fix missing BUILD_BUG_ON() declaration selftests/bpf: Fix include of <sys/fcntl.h> selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc selftests/bpf: Fix compiling kfree_skb.c with musl-libc selftests/bpf: Fix compiling flow_dissector.c with musl-libc selftests/bpf: Fix compiling tcp_rtt.c with musl-libc selftests/bpf: Fix compiling core_reloc.c with musl-libc selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc selftests/bpf: Fix errors compiling decap_sanity.c with musl libc selftests/bpf: Fix errors compiling crypto_sanity.c with musl libc selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc selftests/bpf: Fix arg parsing in veristat, test_progs selftests/bpf: Fix error compiling test_lru_map.c selftests/bpf: Fix C++ compile error from missing _Bool type selftests/bpf: Fix redefinition errors compiling lwt_reroute.c selftests/bpf: Fix compile if backtrace support missing in libc selftests/bpf: Fix error compiling tc_redirect.c with musl libc Uros Bizjak (1): x86/boot/64: Strip percpu address space when setting up GDT descriptors Uwe Kleine-König (1): media: staging: media: starfive: camss: Drop obsolete return value documentation VanGiang Nguyen (1): padata: use integer wrap around to prevent deadlock on seq_nr overflow Varadarajan Narayanan (1): clk: qcom: ipq5332: Register gcc_qdss_tsctr_clk_src Vasant Hegde (1): iommu/amd: Handle error path in amd_iommu_probe_device() Vasileios Amoiridis (1): iio: chemical: bme680: Fix read/write ops to device by adding mutexes Vasily Gorbik (1): s390/ftrace: Avoid calling unwinder in ftrace_return_address() Vasily Khoruzhick (2): ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE ACPICA: executer/exsystem: Don't nag user about every Stall() violating the spec Vishal Moola (Oracle) (2): mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway mm: change vmf_anon_prepare() to __vmf_anon_prepare() Vitaliy Shevtsov (1): RDMA/irdma: fix error message in irdma_modify_qp_roce() Vladimir Lypak (4): drm/msm/a5xx: disable preemption in submits by default drm/msm/a5xx: properly clear preemption records on resume drm/msm/a5xx: fix races in preemption evaluation stage drm/msm/a5xx: workaround early ring-buffer emptiness check Wang Jianzheng (1): pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function WangYuli (2): drm/amd/amdgpu: Properly tune the size of struct usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host Weili Qian (3): crypto: hisilicon/hpre - mask cluster timeout error crypto: hisilicon/qm - reset device before enabling it crypto: hisilicon/qm - inject error before stopping queue Wenbo Li (1): virtio_net: Fix mismatched buf address when unmapping for small packets Werner Sembach (4): Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line ACPI: resource: Add another DMI match for the TongFang GMxXGxx Wolfram Sang (1): ipmi: docs: don't advertise deprecated sysfs entries Wouter Verhelst (1): nbd: correct the maximum value for discard sectors Xu Kuohai (2): bpf, lsm: Add check for BPF LSM return value bpf: Fix compare error in function retval_range_within Yanfei Xu (1): cxl/pci: Fix to record only non-zero ranges Yang Jihong (2): perf sched timehist: Fix missing free of session in perf_sched__timehist() perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time Yang Yingliang (1): pinctrl: single: fix missing error code in pcs_probe() Yanteng Si (1): net: stmmac: dwmac-loongson: Init ref and PTP clocks rate Ye Li (1): clk: imx: composite-7ulp: Check the PCC present bit Yeongjin Gil (2): f2fs: Create COW inode from parent dentry for atomic write f2fs: compress: don't redirty sparse cluster during {,de}compress Yicong Yang (3): drivers/perf: hisi_pcie: Record hardware counts correctly drivers/perf: hisi_pcie: Fix TLP headers bandwidth counting perf stat: Display iostat headers correctly Yihan Zhu (1): drm/amd/display: Enable DML2 override_det_buffer_size_kbytes Yonghong Song (1): bpf: Fail verification for sign-extension of packet data/data_end/data_meta Yosry Ahmed (1): x86/mm: Use IPIs to synchronize LAM enablement Youssef Samir (1): net: qrtr: Update packets cloning when broadcasting Yu Kuai (6): block, bfq: fix possible UAF for bfqq->bic with merge chain block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() block, bfq: don't break merge chain in bfq_split_bfqq() block, bfq: fix uaf for accessing waker_bfqq after splitting block, bfq: fix procress reference leakage for bfqq in merge chain md: Don't flush sync_work in md_write_start() Yu Zhao (1): mm/hugetlb_vmemmap: batch HVO work when demoting Yuesong Li (1): drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() Yujie Liu (1): sched/numa: Fix the vma scan starving issue Yunfei Dong (3): media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning media: mediatek: vcodec: Fix H264 stateless decoder smatch warning Yuntao Liu (3): ALSA: hda: cs35l41: fix module autoloading hwmon: (ntc_thermistor) fix module autoloading clk: starfive: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage Zhang Changzhong (1): can: j1939: use correct function name in comment Zhen Lei (1): debugobjects: Fix conditions in fill_pool() Zhiguo Niu (1): lockdep: fix deadlock issue between lockdep and rcu Zhikai Zhai (1): drm/amd/display: Skip to enable dsc if it has been off Zhipeng Wang (1): clk: imx: imx8mp: fix clock tree update of TF-A managed clocks Zhu Yanjun (1): RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency Zijun Hu (1): driver core: Fix error handling in driver API device_rename() hhorace (1): wifi: cfg80211: fix bug of mapping AF3x to incorrect User Priority tangbin (1): ASoC: loongson: fix error release wenglianfa (2): RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() yangerkun (1): ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard yangyun (1): fuse: use exclusive lock when FUSE_I_CACHE_IO_MODE is set

7 months

1
1
0 0

Linux 6.6.54

by Greg Kroah-Hartman

I'm announcing the release of the 6.6.54 kernel. All users of the 6.6 kernel series must upgrade. The updated 6.6.y git tree can be found at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-6.6.y and can be browsed at the normal kernel.org git web browser: https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary thanks, greg k-h ------------ .gitignore | 1 Documentation/ABI/testing/sysfs-bus-iio-filter-admv8818 | 2 Documentation/arch/arm64/silicon-errata.rst | 2 Documentation/devicetree/bindings/iio/magnetometer/asahi-kasei,ak8975.yaml | 1 Documentation/devicetree/bindings/spi/spi-nxp-fspi.yaml | 19 Documentation/driver-api/ipmi.rst | 2 Documentation/virt/kvm/locking.rst | 33 Makefile | 2 arch/arm/boot/dts/microchip/sam9x60.dtsi | 4 arch/arm/boot/dts/microchip/sama7g5.dtsi | 2 arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts | 2 arch/arm/boot/dts/nxp/imx/imx7d-zii-rmu2.dts | 2 arch/arm/mach-ep93xx/clock.c | 2 arch/arm/mach-versatile/platsmp-realview.c | 1 arch/arm/vfp/vfpinstr.h | 48 arch/arm64/Kconfig | 2 arch/arm64/boot/dts/exynos/exynos7885-jackpotlte.dts | 2 arch/arm64/boot/dts/mediatek/mt8186.dtsi | 12 arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 1 arch/arm64/boot/dts/mediatek/mt8195.dtsi | 12 arch/arm64/boot/dts/qcom/sa8775p.dtsi | 2 arch/arm64/boot/dts/renesas/r9a07g043u.dtsi | 4 arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 4 arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 4 arch/arm64/boot/dts/rockchip/rk3399-pinebook-pro.dts | 4 arch/arm64/boot/dts/rockchip/rk3568-odroid-m1.dts | 2 arch/arm64/boot/dts/ti/k3-j721e-beagleboneai64.dts | 4 arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 4 arch/arm64/include/asm/cputype.h | 2 arch/arm64/include/asm/esr.h | 88 - arch/arm64/include/uapi/asm/sigcontext.h | 6 arch/arm64/kernel/cpu_errata.c | 10 arch/arm64/kvm/hyp/nvhe/ffa.c | 21 arch/m68k/kernel/process.c | 2 arch/powerpc/crypto/Kconfig | 1 arch/powerpc/include/asm/asm-compat.h | 6 arch/powerpc/include/asm/atomic.h | 5 arch/powerpc/include/asm/uaccess.h | 7 arch/powerpc/kernel/head_8xx.S | 6 arch/powerpc/kernel/vdso/gettimeofday.S | 4 arch/powerpc/mm/nohash/8xx.c | 4 arch/riscv/include/asm/kvm_vcpu_pmu.h | 21 arch/riscv/kernel/perf_callchain.c | 2 arch/riscv/kvm/vcpu_sbi.c | 4 arch/x86/coco/tdx/tdx.c | 6 arch/x86/events/intel/pt.c | 15 arch/x86/include/asm/acpi.h | 8 arch/x86/include/asm/hardirq.h | 8 arch/x86/include/asm/idtentry.h | 73 arch/x86/kernel/acpi/boot.c | 11 arch/x86/kernel/cpu/sgx/main.c | 27 arch/x86/kernel/jailhouse.c | 1 arch/x86/kernel/mmconf-fam10h_64.c | 1 arch/x86/kernel/process_64.c | 29 arch/x86/kernel/smpboot.c | 1 arch/x86/kernel/x86_init.c | 1 arch/x86/kvm/lapic.c | 35 arch/x86/mm/tlb.c | 7 arch/x86/pci/fixup.c | 4 arch/x86/xen/mmu_pv.c | 5 arch/x86/xen/p2m.c | 98 + arch/x86/xen/setup.c | 203 ++ arch/x86/xen/xen-ops.h | 6 block/bfq-iosched.c | 81 - block/partitions/core.c | 8 crypto/asymmetric_keys/asymmetric_type.c | 7 crypto/xor.c | 31 drivers/acpi/cppc_acpi.c | 43 drivers/acpi/device_sysfs.c | 5 drivers/acpi/pmic/tps68470_pmic.c | 6 drivers/acpi/resource.c | 6 drivers/ata/libata-eh.c | 8 drivers/ata/libata-scsi.c | 5 drivers/base/core.c | 15 drivers/base/firmware_loader/main.c | 30 drivers/base/module.c | 14 drivers/base/power/domain.c | 2 drivers/block/drbd/drbd_main.c | 6 drivers/block/drbd/drbd_state.c | 2 drivers/block/nbd.c | 13 drivers/block/ublk_drv.c | 62 drivers/bluetooth/btusb.c | 5 drivers/bus/arm-integrator-lm.c | 1 drivers/bus/mhi/host/pci_generic.c | 13 drivers/char/hw_random/bcm2835-rng.c | 4 drivers/char/hw_random/cctrng.c | 1 drivers/char/hw_random/mtk-rng.c | 2 drivers/char/tpm/tpm-dev-common.c | 2 drivers/char/tpm/tpm2-space.c | 3 drivers/clk/at91/sama7g5.c | 5 drivers/clk/imx/clk-composite-7ulp.c | 7 drivers/clk/imx/clk-composite-8m.c | 63 drivers/clk/imx/clk-composite-93.c | 15 drivers/clk/imx/clk-fracn-gppll.c | 4 drivers/clk/imx/clk-imx6ul.c | 4 drivers/clk/imx/clk-imx8mp-audiomix.c | 13 drivers/clk/imx/clk-imx8mp.c | 4 drivers/clk/imx/clk-imx8qxp.c | 10 drivers/clk/qcom/clk-alpha-pll.c | 52 drivers/clk/qcom/clk-alpha-pll.h | 2 drivers/clk/qcom/dispcc-sm8250.c | 9 drivers/clk/qcom/dispcc-sm8550.c | 14 drivers/clk/qcom/gcc-ipq5332.c | 1 drivers/clk/rockchip/clk-rk3228.c | 2 drivers/clk/rockchip/clk-rk3588.c | 2 drivers/clk/starfive/clk-starfive-jh7110-vout.c | 2 drivers/clk/ti/clk-dra7-atl.c | 1 drivers/clocksource/timer-qcom.c | 7 drivers/cpufreq/ti-cpufreq.c | 10 drivers/cpuidle/cpuidle-riscv-sbi.c | 21 drivers/crypto/caam/caamhash.c | 1 drivers/crypto/ccp/sev-dev.c | 2 drivers/crypto/hisilicon/hpre/hpre_main.c | 54 drivers/crypto/hisilicon/qm.c | 151 + drivers/crypto/hisilicon/sec2/sec_main.c | 16 drivers/crypto/hisilicon/zip/zip_main.c | 23 drivers/cxl/core/pci.c | 8 drivers/edac/igen6_edac.c | 2 drivers/edac/synopsys_edac.c | 85 - drivers/firewire/core-cdev.c | 2 drivers/firmware/arm_scmi/optee.c | 7 drivers/firmware/efi/libstub/tpm.c | 2 drivers/gpu/drm/amd/amdgpu/amdgv_sriovmsg.h | 4 drivers/gpu/drm/amd/amdgpu/atombios_encoders.c | 29 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 9 drivers/gpu/drm/amd/display/dc/dc_dsc.h | 3 drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 6 drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 5 drivers/gpu/drm/amd/display/modules/freesync/freesync.c | 2 drivers/gpu/drm/bridge/lontium-lt8912b.c | 35 drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 32 drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 12 drivers/gpu/drm/msm/adreno/a5xx_gpu.h | 2 drivers/gpu/drm/msm/adreno/a5xx_preempt.c | 30 drivers/gpu/drm/msm/adreno/adreno_gpu.c | 2 drivers/gpu/drm/msm/disp/mdp5/mdp5_smp.c | 2 drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 12 drivers/gpu/drm/radeon/evergreen_cs.c | 62 drivers/gpu/drm/radeon/radeon_atombios.c | 29 drivers/gpu/drm/rockchip/dw_hdmi-rockchip.c | 2 drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 4 drivers/gpu/drm/stm/drv.c | 4 drivers/gpu/drm/stm/ltdc.c | 2 drivers/gpu/drm/vc4/vc4_hdmi.c | 8 drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 13 drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 3 drivers/hid/wacom_wac.c | 13 drivers/hid/wacom_wac.h | 2 drivers/hwmon/max16065.c | 27 drivers/hwmon/ntc_thermistor.c | 1 drivers/hwtracing/coresight/coresight-tmc-etr.c | 2 drivers/i2c/busses/i2c-aspeed.c | 16 drivers/i2c/busses/i2c-isch.c | 3 drivers/iio/adc/ad7606.c | 8 drivers/iio/adc/ad7606_spi.c | 5 drivers/iio/chemical/bme680_core.c | 7 drivers/iio/magnetometer/ak8975.c | 85 - drivers/infiniband/core/cache.c | 4 drivers/infiniband/core/iwcm.c | 2 drivers/infiniband/hw/cxgb4/cm.c | 5 drivers/infiniband/hw/erdma/erdma_verbs.c | 25 drivers/infiniband/hw/hns/hns_roce_hem.c | 22 drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 33 drivers/infiniband/hw/hns/hns_roce_qp.c | 16 drivers/infiniband/hw/irdma/verbs.c | 2 drivers/infiniband/hw/mlx5/main.c | 2 drivers/infiniband/hw/mlx5/mr.c | 14 drivers/infiniband/ulp/rtrs/rtrs-clt.c | 9 drivers/infiniband/ulp/rtrs/rtrs-srv.c | 1 drivers/input/keyboard/adp5588-keys.c | 2 drivers/input/serio/i8042-acpipnpio.h | 37 drivers/input/touchscreen/ilitek_ts_i2c.c | 18 drivers/interconnect/icc-clk.c | 3 drivers/iommu/amd/io_pgtable_v2.c | 2 drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 28 drivers/iommu/iommufd/io_pagetable.c | 8 drivers/leds/leds-bd2606mvv.c | 23 drivers/leds/leds-pca995x.c | 78 drivers/md/dm-rq.c | 4 drivers/md/dm.c | 11 drivers/media/dvb-frontends/rtl2830.c | 2 drivers/media/dvb-frontends/rtl2832.c | 2 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_if.c | 9 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_h264_req_multi_if.c | 9 drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c | 10 drivers/media/platform/renesas/rzg2l-cru/rzg2l-csi2.c | 1 drivers/media/tuners/tuner-i2c.h | 4 drivers/mtd/devices/powernv_flash.c | 3 drivers/mtd/devices/slram.c | 2 drivers/mtd/nand/raw/mtk_nand.c | 36 drivers/net/bareudp.c | 26 drivers/net/bonding/bond_main.c | 6 drivers/net/can/m_can/m_can.c | 14 drivers/net/can/usb/esd_usb.c | 6 drivers/net/ethernet/freescale/enetc/enetc.c | 3 drivers/net/ethernet/realtek/r8169_phy_config.c | 2 drivers/net/ethernet/seeq/ether3.c | 2 drivers/net/ethernet/stmicro/stmmac/dwmac-loongson.c | 3 drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 drivers/net/ethernet/wangxun/libwx/wx_lib.c | 2 drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 37 drivers/net/usb/usbnet.c | 37 drivers/net/virtio_net.c | 10 drivers/net/wireless/ath/ath12k/mac.c | 5 drivers/net/wireless/ath/ath12k/wmi.c | 1 drivers/net/wireless/ath/ath12k/wmi.h | 3 drivers/net/wireless/ath/ath9k/debug.c | 2 drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/btcoex.c | 2 drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 26 drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.c | 115 - drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwil.h | 147 + drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 11 drivers/net/wireless/intel/iwlwifi/iwl-config.h | 1 drivers/net/wireless/intel/iwlwifi/mvm/constants.h | 2 drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 36 drivers/net/wireless/mediatek/mt76/mac80211.c | 2 drivers/net/wireless/mediatek/mt76/mt7603/dma.c | 4 drivers/net/wireless/mediatek/mt76/mt7615/init.c | 3 drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 drivers/net/wireless/mediatek/mt76/mt7915/main.c | 3 drivers/net/wireless/mediatek/mt76/mt7921/init.c | 2 drivers/net/wireless/mediatek/mt76/mt7996/init.c | 65 drivers/net/wireless/mediatek/mt76/mt7996/main.c | 6 drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 23 drivers/net/wireless/mediatek/mt76/mt7996/mcu.h | 4 drivers/net/wireless/microchip/wilc1000/hif.c | 4 drivers/net/wireless/realtek/rtw88/coex.c | 38 drivers/net/wireless/realtek/rtw88/fw.c | 13 drivers/net/wireless/realtek/rtw88/main.c | 7 drivers/net/wireless/realtek/rtw88/rtw8821cu.c | 2 drivers/net/wireless/realtek/rtw88/rtw8822c.c | 10 drivers/ntb/hw/intel/ntb_hw_gen1.c | 2 drivers/ntb/ntb_transport.c | 23 drivers/ntb/test/ntb_perf.c | 2 drivers/nvdimm/namespace_devs.c | 34 drivers/nvme/host/multipath.c | 2 drivers/pci/controller/dwc/pci-dra7xx.c | 3 drivers/pci/controller/dwc/pci-imx6.c | 7 drivers/pci/controller/dwc/pci-keystone.c | 2 drivers/pci/controller/dwc/pcie-kirin.c | 4 drivers/pci/controller/pcie-xilinx-nwl.c | 39 drivers/pci/pci.c | 20 drivers/pci/pci.h | 6 drivers/pci/quirks.c | 31 drivers/perf/alibaba_uncore_drw_pmu.c | 2 drivers/perf/arm-cmn.c | 242 +-- drivers/perf/hisilicon/hisi_pcie_pmu.c | 16 drivers/pinctrl/bcm/pinctrl-ns.c | 8 drivers/pinctrl/berlin/berlin-bg2.c | 8 drivers/pinctrl/berlin/berlin-bg2cd.c | 8 drivers/pinctrl/berlin/berlin-bg2q.c | 8 drivers/pinctrl/berlin/berlin-bg4ct.c | 9 drivers/pinctrl/berlin/pinctrl-as370.c | 9 drivers/pinctrl/mvebu/pinctrl-armada-38x.c | 9 drivers/pinctrl/mvebu/pinctrl-armada-39x.c | 9 drivers/pinctrl/mvebu/pinctrl-armada-ap806.c | 5 drivers/pinctrl/mvebu/pinctrl-armada-cp110.c | 6 drivers/pinctrl/mvebu/pinctrl-armada-xp.c | 9 drivers/pinctrl/mvebu/pinctrl-dove.c | 48 drivers/pinctrl/mvebu/pinctrl-kirkwood.c | 7 drivers/pinctrl/mvebu/pinctrl-orion.c | 7 drivers/pinctrl/nomadik/pinctrl-abx500.c | 9 drivers/pinctrl/nomadik/pinctrl-nomadik.c | 10 drivers/pinctrl/pinctrl-at91.c | 11 drivers/pinctrl/pinctrl-single.c | 3 drivers/pinctrl/pinctrl-xway.c | 11 drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 113 - drivers/power/supply/axp20x_battery.c | 16 drivers/power/supply/max17042_battery.c | 5 drivers/powercap/intel_rapl_common.c | 2 drivers/pps/clients/pps_parport.c | 14 drivers/regulator/of_regulator.c | 2 drivers/remoteproc/imx_rproc.c | 6 drivers/reset/reset-berlin.c | 3 drivers/reset/reset-k210.c | 3 drivers/scsi/NCR5380.c | 78 drivers/scsi/elx/libefc/efc_nport.c | 2 drivers/scsi/mac_scsi.c | 162 +- drivers/scsi/sd.c | 2 drivers/scsi/smartpqi/smartpqi_init.c | 20 drivers/soc/fsl/qe/tsa.c | 2 drivers/soc/qcom/smd-rpm.c | 35 drivers/soc/versatile/soc-integrator.c | 1 drivers/soc/versatile/soc-realview.c | 20 drivers/spi/atmel-quadspi.c | 15 drivers/spi/spi-bcmbca-hsspi.c | 8 drivers/spi/spi-fsl-lpspi.c | 1 drivers/spi/spi-nxp-fspi.c | 54 drivers/spi/spi-ppc4xx.c | 7 drivers/thunderbolt/switch.c | 331 +++- drivers/thunderbolt/tb.c | 784 +++++++--- drivers/thunderbolt/tb.h | 56 drivers/thunderbolt/tb_regs.h | 9 drivers/thunderbolt/tunnel.c | 217 +- drivers/thunderbolt/tunnel.h | 26 drivers/thunderbolt/usb4.c | 116 + drivers/tty/serial/8250/8250_omap.c | 2 drivers/tty/serial/qcom_geni_serial.c | 31 drivers/tty/serial/rp2.c | 2 drivers/tty/serial/serial_core.c | 14 drivers/ufs/host/ufs-qcom.c | 2 drivers/usb/cdns3/cdnsp-ring.c | 6 drivers/usb/cdns3/host.c | 4 drivers/usb/class/cdc-acm.c | 2 drivers/usb/dwc2/drd.c | 9 drivers/usb/host/xhci-mem.c | 5 drivers/usb/host/xhci-pci.c | 15 drivers/usb/host/xhci-ring.c | 14 drivers/usb/host/xhci.h | 3 drivers/usb/misc/appledisplay.c | 15 drivers/usb/misc/cypress_cy7c63.c | 4 drivers/usb/misc/yurex.c | 24 drivers/vhost/vdpa.c | 16 drivers/video/fbdev/hpfb.c | 1 drivers/watchdog/imx_sc_wdt.c | 24 drivers/xen/swiotlb-xen.c | 10 fs/btrfs/btrfs_inode.h | 47 fs/btrfs/ctree.h | 2 fs/btrfs/extent-tree.c | 4 fs/btrfs/file.c | 34 fs/btrfs/ioctl.c | 4 fs/btrfs/subpage.c | 10 fs/btrfs/tree-checker.c | 2 fs/cachefiles/xattr.c | 34 fs/crypto/fname.c | 8 fs/ecryptfs/crypto.c | 10 fs/erofs/inode.c | 20 fs/ext4/ialloc.c | 14 fs/ext4/inline.c | 35 fs/ext4/mballoc.c | 10 fs/ext4/super.c | 29 fs/f2fs/compress.c | 87 - fs/f2fs/data.c | 14 fs/f2fs/dir.c | 3 fs/f2fs/extent_cache.c | 4 fs/f2fs/f2fs.h | 48 fs/f2fs/file.c | 167 +- fs/f2fs/inode.c | 5 fs/f2fs/namei.c | 69 fs/f2fs/segment.c | 8 fs/f2fs/super.c | 20 fs/f2fs/xattr.c | 14 fs/fcntl.c | 14 fs/inode.c | 4 fs/jfs/jfs_dmap.c | 4 fs/jfs/jfs_imap.c | 2 fs/namei.c | 6 fs/namespace.c | 14 fs/nfs/nfs4state.c | 1 fs/nfsd/filecache.c | 3 fs/nfsd/nfs4idmap.c | 13 fs/nfsd/nfs4recover.c | 8 fs/nilfs2/btree.c | 12 fs/smb/server/vfs.c | 19 include/acpi/cppc_acpi.h | 2 include/linux/bitmap.h | 77 include/linux/bpf.h | 7 include/linux/f2fs_fs.h | 2 include/linux/fs.h | 11 include/linux/mm.h | 4 include/linux/mm_types.h | 31 include/linux/sbitmap.h | 2 include/linux/sched/numa_balancing.h | 10 include/linux/usb/usbnet.h | 15 include/linux/xarray.h | 6 include/net/bluetooth/hci_core.h | 4 include/net/ip.h | 2 include/net/mac80211.h | 7 include/net/tcp.h | 21 include/sound/tas2781.h | 8 include/trace/events/f2fs.h | 3 include/trace/events/sched.h | 52 io_uring/io-wq.c | 25 io_uring/io_uring.c | 4 io_uring/sqpoll.c | 12 kernel/bpf/btf.c | 8 kernel/bpf/helpers.c | 12 kernel/bpf/syscall.c | 4 kernel/bpf/verifier.c | 57 kernel/kthread.c | 10 kernel/locking/lockdep.c | 48 kernel/module/Makefile | 2 kernel/padata.c | 6 kernel/rcu/tree_nocb.h | 5 kernel/sched/fair.c | 134 + kernel/trace/bpf_trace.c | 15 lib/debugobjects.c | 5 lib/sbitmap.c | 4 lib/test_xarray.c | 93 + lib/xarray.c | 49 lib/xz/xz_crc32.c | 2 lib/xz/xz_private.h | 4 mm/damon/vaddr.c | 2 mm/filemap.c | 50 mm/mmap.c | 4 mm/util.c | 2 net/bluetooth/hci_conn.c | 6 net/bluetooth/hci_sync.c | 5 net/bluetooth/mgmt.c | 13 net/can/bcm.c | 4 net/can/j1939/transport.c | 8 net/core/filter.c | 50 net/core/sock_map.c | 1 net/ipv4/icmp.c | 103 - net/ipv6/Kconfig | 1 net/ipv6/icmp.c | 28 net/ipv6/netfilter/nf_reject_ipv6.c | 14 net/ipv6/route.c | 2 net/ipv6/rpl_iptunnel.c | 12 net/mac80211/iface.c | 17 net/mac80211/offchannel.c | 1 net/mac80211/rate.c | 2 net/mac80211/scan.c | 2 net/mac80211/tx.c | 2 net/netfilter/nf_conntrack_netlink.c | 7 net/netfilter/nf_tables_api.c | 16 net/qrtr/af_qrtr.c | 2 net/tipc/bcast.c | 2 net/wireless/nl80211.c | 3 net/wireless/scan.c | 6 net/wireless/sme.c | 3 samples/bpf/Makefile | 6 security/bpf/hooks.c | 1 security/smack/smackfs.c | 2 sound/pci/hda/cs35l41_hda_spi.c | 1 sound/pci/hda/tas2781_hda_i2c.c | 14 sound/soc/codecs/rt5682.c | 4 sound/soc/codecs/rt5682s.c | 4 sound/soc/codecs/tas2781-comlib.c | 4 sound/soc/codecs/tas2781-fmwlib.c | 1 sound/soc/codecs/tas2781-i2c.c | 58 sound/soc/loongson/loongson_card.c | 4 tools/bpf/runqslower/Makefile | 3 tools/perf/builtin-annotate.c | 2 tools/perf/builtin-inject.c | 1 tools/perf/builtin-mem.c | 1 tools/perf/builtin-report.c | 11 tools/perf/builtin-sched.c | 8 tools/perf/builtin-top.c | 3 tools/perf/ui/browsers/annotate.c | 77 tools/perf/ui/browsers/hists.c | 34 tools/perf/ui/browsers/hists.h | 2 tools/perf/util/annotate.c | 116 - tools/perf/util/annotate.h | 37 tools/perf/util/block-info.c | 10 tools/perf/util/block-info.h | 3 tools/perf/util/hist.h | 25 tools/perf/util/session.c | 3 tools/perf/util/sort.c | 14 tools/perf/util/stat-display.c | 3 tools/perf/util/time-utils.c | 4 tools/perf/util/tool.h | 1 tools/power/cpupower/lib/powercap.c | 8 tools/testing/selftests/arm64/signal/Makefile | 2 tools/testing/selftests/arm64/signal/sve_helpers.c | 56 tools/testing/selftests/arm64/signal/sve_helpers.h | 21 tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sme_change_vl.c | 46 tools/testing/selftests/arm64/signal/testcases/fake_sigreturn_sve_change_vl.c | 30 tools/testing/selftests/arm64/signal/testcases/ssve_regs.c | 36 tools/testing/selftests/arm64/signal/testcases/ssve_za_regs.c | 36 tools/testing/selftests/arm64/signal/testcases/sve_regs.c | 32 tools/testing/selftests/arm64/signal/testcases/za_no_regs.c | 32 tools/testing/selftests/arm64/signal/testcases/za_regs.c | 36 tools/testing/selftests/bpf/Makefile | 30 tools/testing/selftests/bpf/bench.c | 1 tools/testing/selftests/bpf/bench.h | 1 tools/testing/selftests/bpf/map_tests/sk_storage_map.c | 2 tools/testing/selftests/bpf/network_helpers.c | 24 tools/testing/selftests/bpf/network_helpers.h | 4 tools/testing/selftests/bpf/prog_tests/bpf_iter_setsockopt.c | 2 tools/testing/selftests/bpf/prog_tests/core_reloc.c | 1 tools/testing/selftests/bpf/prog_tests/decap_sanity.c | 1 tools/testing/selftests/bpf/prog_tests/flow_dissector.c | 3 tools/testing/selftests/bpf/prog_tests/kfree_skb.c | 1 tools/testing/selftests/bpf/prog_tests/lwt_helpers.h | 2 tools/testing/selftests/bpf/prog_tests/lwt_redirect.c | 2 tools/testing/selftests/bpf/prog_tests/lwt_reroute.c | 2 tools/testing/selftests/bpf/prog_tests/ns_current_pid_tgid.c | 154 + tools/testing/selftests/bpf/prog_tests/parse_tcp_hdr_opt.c | 1 tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 1 tools/testing/selftests/bpf/prog_tests/tc_redirect.c | 12 tools/testing/selftests/bpf/prog_tests/tcp_rtt.c | 1 tools/testing/selftests/bpf/prog_tests/user_ringbuf.c | 1 tools/testing/selftests/bpf/progs/cg_storage_multi.h | 2 tools/testing/selftests/bpf/progs/test_libbpf_get_fd_by_id_opts.c | 1 tools/testing/selftests/bpf/progs/test_ns_current_pid_tgid.c | 17 tools/testing/selftests/bpf/test_cpp.cpp | 4 tools/testing/selftests/bpf/test_lru_map.c | 3 tools/testing/selftests/bpf/test_progs.c | 18 tools/testing/selftests/bpf/testing_helpers.c | 4 tools/testing/selftests/bpf/unpriv_helpers.c | 1 tools/testing/selftests/bpf/veristat.c | 8 tools/testing/selftests/bpf/xdp_hw_metadata.c | 14 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_char.tc | 2 tools/testing/selftests/ftrace/test.d/kprobe/kprobe_args_string.tc | 2 virt/kvm/kvm_main.c | 31 499 files changed, 6253 insertions(+), 3268 deletions(-) Aaron Lu (1): x86/sgx: Fix deadlock in SGX NUMA node search Adrian Hunter (1): perf/x86/intel/pt: Fix sampling synchronization Aleksandr Mishin (2): ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() drm/msm: Fix incorrect file name output in adreno_request_fw() Alex Bee (1): drm/rockchip: vop: Allow 4096px width scaling Alex Deucher (2): drm/amdgpu: properly handle vbios fake edid sizing drm/radeon: properly handle vbios fake edid sizing Alexander Dahl (3): ARM: dts: microchip: sam9x60: Fix rtc/rtt clocks spi: atmel-quadspi: Avoid overwriting delay register settings spi: atmel-quadspi: Fix wrong register value written to MR Alexander Shiyan (1): clk: rockchip: rk3588: Fix 32k clock name for pmu_24m_32k_100m_src_p Alexandra Diupina (1): PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() Alexei Starovoitov (1): selftests/bpf: Workaround strict bpf_lsm return value check. Alexey Gladkov (Intel) (1): x86/tdx: Fix "in-kernel MMIO" check Anastasia Belova (1): arm64: esr: Define ESR_ELx_EC_* constants as UL Andre Przywara (1): kselftest/arm64: signal: fix/refactor SVE vector length enumeration Andrew Davis (3): arm64: dts: ti: k3-j721e-sk: Fix reversed C6x carveout locations arm64: dts: ti: k3-j721e-beagleboneai64: Fix reversed C6x carveout locations hwmon: (max16065) Remove use of i2c_match_id() Andrew Jones (1): RISC-V: KVM: Fix sbiret init before forwarding to userspace André Apitzsch (1): iio: magnetometer: ak8975: Fix 'Unexpected device' error Andy Shevchenko (2): spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ i2c: isch: Add missed 'else' AngeloGioacchino Del Regno (1): arm64: dts: mediatek: mt8186: Fix supported-hw mask for GPU OPPs Ankit Agrawal (1): clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() Antoniu Miclaus (1): ABI: testing: fix admv8818 attr description Ard Biesheuvel (1): efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption Arend van Spriel (3): wifi: brcmfmac: export firmware interface functions wifi: brcmfmac: introducing fwil query functions wifi: brcmfmac: add linefeed at end of file Artur Weber (1): power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense Atish Patra (2): RISC-V: KVM: Allow legacy PMU access from guest RISC-V: KVM: Fix to allow hpmcounter31 from the guest Avraham Stern (1): wifi: iwlwifi: mvm: increase the time between ranging measurements Baochen Qiang (1): wifi: ath12k: fix invalid AMPDU factor calculation in ath12k_peer_assoc_h_he() Benjamin Lin (1): wifi: mt76: mt7996: ensure 4-byte alignment for beacon commands Biju Das (2): media: platform: rzg2l-cru: rzg2l-csi2: Add missing MODULE_DEVICE_TABLE iio: magnetometer: ak8975: Convert enum->pointer for data in the match tables Bitterblue Smith (2): wifi: rtw88: Fix USB/SDIO devices not transmitting beacons wifi: rtw88: 8822c: Fix reported RX band width Bjørn Mork (1): wifi: mt76: mt7915: fix oops on non-dbdc mt7986 Calvin Owens (1): ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Chao Yu (12): f2fs: atomic: fix to avoid racing w/ GC f2fs: reduce expensive checkpoint trigger frequency f2fs: fix to avoid racing in between read and OPU dio write f2fs: fix to wait page writeback before setting gcing flag f2fs: atomic: fix to truncate pagecache before on-disk metadata truncation f2fs: support .shutdown in f2fs_sops f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread() f2fs: compress: do sanity check on cluster when CONFIG_F2FS_CHECK_FS is on f2fs: clean up w/ dotdot_name f2fs: get rid of online repaire on corrupted directory f2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error() f2fs: fix to check atomic_file in f2fs ioctl interfaces Charles Han (1): mtd: powernv: Add check devm_kasprintf() returned value Chen Yu (1): kthread: fix task state in kthread worker if being frozen Chen-Yu Tsai (3): regulator: Return actual error in of_regulator_bulk_get_all() arm64: dts: mediatek: mt8195: Correct clock order for dp_intf* arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled Cheng Xu (1): RDMA/erdma: Return QP state in erdma_query_qp Chengchang Tang (2): RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS Chris Morgan (1): power: supply: axp20x_battery: Remove design from min and max voltage Christian Heusel (1): block: print symbolic error name instead of error code Christophe JAILLET (4): fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() drm/stm: Fix an error handling path in stm_drm_platform_probe() pinctrl: ti: ti-iodelay: Fix some error handling paths pps: remove usage of the deprecated ida_simple_xx() API Christophe Leroy (3): powerpc/8xx: Fix initial memory mapping powerpc/8xx: Fix kernel vs user address comparison powerpc/vdso: Inconditionally use CFUNC macro Chuck Lever (1): fs: Create a generic is_dot_dotdot() utility Claudiu Beznea (3): ARM: dts: microchip: sama7g5: Fix RTT clock drm/stm: ltdc: check memory returned by devm_kzalloc() clk: at91: sama7g5: Allocate only the needed amount of memory for PLLs Clément Léger (1): ACPI: CPPC: Fix MASK_VAL() usage Cristian Marussi (1): firmware: arm_scmi: Fix double free in OPTEE transport Cupertino Miranda (1): selftests/bpf: Add CFLAGS per source file and runner D Scott Phillips (1): arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a Daeho Jeong (1): f2fs: prevent atomic file from being dirtied before commit Daehwan Jung (1): xhci: Add a quirk for writing ERST in high-low order Damien Le Moal (1): ata: libata-scsi: Fix ata_msense_control() CDL page reporting Dan Carpenter (4): powercap: intel_rapl: Fix off by one in get_rpi() scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() PCI: keystone: Fix if-statement expression in ks_pcie_quirk() ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() Daniel Borkmann (4): bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit bpf: Fix helper writes to read-only maps bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error Danny Tsen (1): crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 Dave Jiang (1): ntb: Force physically contiguous allocation of rx ring buffers Dave Martin (1): arm64: signal: Fix some under-bracketed UAPI macros David Gow (1): mm: only enforce minimum stack gap size if it's sensible David Howells (1): cachefiles: Fix non-taking of sb_writers around set/removexattr David Lechner (1): clk: ti: dra7-atl: Fix leak of of_nodes David Sterba (1): btrfs: reorder btrfs_inode to fill gaps David Virag (1): arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB Dmitry Antipov (4): wifi: rtw88: always wait for both firmware loading attempts wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Dmitry Baryshkov (8): iommu/arm-smmu-qcom: apply num_context_bank fixes for SDM630 / SDM660 drm/msm/dsi: correct programming sequence for SM8350 / SM8450 clk: qcom: dispcc-sm8550: fix several supposed typos clk: qcom: dispcc-sm8550: use rcg2_ops for mdss_dptx1_aux_clk_src clk: qcom: dispcc-sm8650: Update the GDSC flags clk: qcom: dispcc-sm8550: use rcg2_shared_ops for ESC RCGs clk: qcom: dispcc-sm8250: use special function for Lucid 5LPE PLL Revert "soc: qcom: smd-rpm: Match rpmsg channel instead of compatible" Dmitry Kandybka (1): wifi: rtw88: remove CPT execution branch never used Dmitry Vyukov (2): x86/entry: Remove unwanted instrumentation in common_interrupt() module: Fix KCOV-ignored file name Dragan Simic (2): arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity Duanqiang Wen (1): Revert "net: libwx: fix alloc msix vectors failed" Eduard Zingerman (1): bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos Emanuele Ghidoli (2): Input: ilitek_ts_i2c - avoid wrong input subsystem sync Input: ilitek_ts_i2c - add report id message validation Eric Dumazet (4): sock_map: Add a cond_resched() in sock_hash_free() ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() icmp: change the order of rate limits Fabio Porcedda (1): bus: mhi: host: pci_generic: Fix the name for the Telit FE990A Fangzhi Zuo (2): drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination drm/amd/display: Skip Recompute DSC Params if no Stream on Link Fei Shao (1): drm/mediatek: Use spin_lock_irqsave() for CRTC event lock Felix Fietkau (2): wifi: mt76: mt7603: fix mixed declarations and code wifi: mt76: mt7996: fix uninitialized TLV data Felix Moessbauer (4): io_uring/io-wq: do not allow pinning outside of cpuset io_uring/io-wq: inherit cpuset of cgroup in io worker io_uring/sqpoll: do not allow pinning outside of cpuset io_uring/sqpoll: do not put cpumask on stack Filipe Manana (2): btrfs: update comment for struct btrfs_inode::lock btrfs: fix race setting file private on concurrent lseek using same fd Finn Thain (5): m68k: Fix kernel_clone_args.flags in m68k_clone() scsi: NCR5380: Check for phase match during PDMA fixup scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages scsi: mac_scsi: Refactor polling loop scsi: mac_scsi: Disallow bus errors during PDMA send Florian Fainelli (1): tty: rp2: Fix reset with non forgiving PCIe host bridges Frank Li (1): PCI: imx6: Fix missing call to phy_power_off() in error handling Frederic Weisbecker (1): rcu/nocb: Fix RT throttling hrtimer armed from offline CPU Furong Xu (1): net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled Gao Xiang (1): erofs: fix incorrect symlink detection in fast symlink Gaosheng Cui (2): hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume Geert Uytterhoeven (1): pmdomain: core: Harden inter-column space in debug summary Gergo Koteles (1): ASoC: tas2781: remove unused acpi_subysystem_id Gil Fine (9): thunderbolt: Fix debug log when DisplayPort adapter not available for pairing thunderbolt: Create multiple DisplayPort tunnels if there are more DP IN/OUT pairs thunderbolt: Make is_gen4_link() available to the rest of the driver thunderbolt: Change bandwidth reservations to comply USB4 v2 thunderbolt: Introduce tb_port_path_direction_downstream() thunderbolt: Add support for asymmetric link thunderbolt: Configure asymmetric link if needed and bandwidth allows thunderbolt: Improve DisplayPort tunnel setup process to be more robust thunderbolt: Fix minimum allocated USB 3.x and PCIe bandwidth Gilbert Wu (1): scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly Golan Ben Ami (1): wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL Greg Kroah-Hartman (1): Linux 6.6.54 Guenter Roeck (2): hwmon: (max16065) Fix overflows seen when writing limits hwmon: (max16065) Fix alarm attributes Guillaume Nault (2): bareudp: Pull inner IP header in bareudp_udp_encap_recv(). bareudp: Pull inner IP header on xmit. Guillaume Stols (2): iio: adc: ad7606: fix oversampling gpio array iio: adc: ad7606: fix standby gpio state to match the documentation Guoqing Jiang (2): nfsd: call cache_put if xdr_reserve_space returns NULL hwrng: mtk - Use devm_pm_runtime_enable Haibo Chen (3): spi: fspi: involve lut_num for struct nxp_fspi_devtype_data dt-bindings: spi: nxp-fspi: add imx8ulp support spi: fspi: add support for imx8ulp Hannes Reinecke (1): nvme-multipath: system fails to create generic nvme device Harshit Mogalapalli (1): usb: yurex: Fix inconsistent locking bug in yurex_read() Heiner Kallweit (1): r8169: disable ALDPS per default for RTL8125 Helge Deller (1): crypto: xor - fix template benchmarking Herbert Xu (1): crypto: caam - Pad SG length when allocating hash edesc Herve Codina (1): soc: fsl: cpm1: tsa: Fix tsa_write8() Hobin Woo (1): ksmbd: make __dir_empty() compatible with POSIX Howard Hsu (3): wifi: mt76: mt7996: fix HE and EHT beamforming capabilities wifi: mt76: mt7996: fix EHT beamforming capability check wifi: mt76: mt7915: fix rx filter setting for bfee functionality Ian Rogers (2): perf inject: Fix leader sampling inserting additional samples perf time-utils: Fix 32-bit nsec parsing Ilpo Järvinen (1): PCI: Wait for Link before restoring Downstream Buses Jack Wang (1): RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer Jacky Bai (1): clk: imx: composite-93: keep root clock on when mcore enabled Jake Hamby (1): can: m_can: enable NAPI before enabling interrupts Jann Horn (2): firmware_loader: Block path traversal f2fs: Require FMODE_WRITE for atomic write ioctls Jason Gerecke (2): HID: wacom: Support sequence numbers smaller than 16-bit HID: wacom: Do not warn about dropped packets for first packet Jason Gunthorpe (2): iommu/amd: Do not set the D bit on AMD v2 table entries iommufd: Protect against overflow of ALIGN() during iova allocation Jason Wang (1): vhost_vdpa: assign irq bypass producer token correctly Jason-JH.Lin (1): drm/mediatek: Fix missing configuration flags in mtk_crtc_ddp_config() Javier Carrasco (3): leds: bd2606mvv: Fix device child node usage in bd2606mvv_probe() leds: pca995x: Use device_for_each_child_node() to access device child nodes leds: pca995x: Fix device child node usage in pca995x_probe() Jeff Layton (2): nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire nfsd: fix refcount leak when file is unhashed after being found Jens Axboe (2): io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL io_uring/sqpoll: retain test for whether the CPU is valid Jeongjun Park (1): jfs: fix out-of-bounds in dbNextAG() and diAlloc() Jiangshan Yi (1): samples/bpf: Fix compilation errors with cf-protection option Jiawei Ye (2): wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso Jing Zhang (1): drivers/perf: Fix ali_drw_pmu driver interrupt status clearing Jinjie Ruan (8): net: enetc: Use IRQF_NO_AUTOEN flag in request_irq() spi: bcmbca-hsspi: Fix missing pm_runtime_disable() mtd: rawnand: mtk: Use for_each_child_of_node_scoped() riscv: Fix fp alignment bug in perf_callchain_user() ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() spi: atmel-quadspi: Undo runtime PM changes at driver exit time spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time driver core: Fix a potential null-ptr-deref in module_add_driver() Jiri Slaby (SUSE) (1): serial: don't use uninitialized value in uart_poll_init() Jiwon Kim (1): bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave() Johan Hovold (1): serial: qcom-geni: fix fifo polling timeout Johannes Berg (1): wifi: iwlwifi: config: label 'gl' devices as discrete John B. Wyatt IV (1): pm:cpupower: Add missing powercap_set_enabled() stub function Jonas Blixt (1): watchdog: imx_sc_wdt: Don't disable WDT in suspend Jonas Karlman (3): arm64: dts: rockchip: Correct vendor prefix for Hardkernel ODROID-M1 drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 Jonathan McDowell (1): tpm: Clean up TPM space after command failure Jose E. Marchesi (3): bpf: Use -Wno-error in certain tests when building with GCC bpf: Disable some `attribute ignored' warnings in GCC bpf: Temporarily define BPF_NO_PRESEVE_ACCESS_INDEX for GCC Josh Hunt (1): tcp: check skb is non-NULL in tcp_rto_delta_us() Juergen Gross (9): xen: use correct end address of kernel for conflict checking xen: introduce generic helper checking for memory map conflicts xen: move max_pfn in xen_memory_setup() out of function scope xen: add capability to remap non-RAM pages to different PFNs xen: tolerate ACPI NVS memory overlapping with Xen allocated memory xen/swiotlb: add alignment check for dma buffers xen/swiotlb: fix allocated size xen: move checks for e820 conflicts further up xen: allow mapping ACPI data using a different physical address Julian Sun (1): vfs: fix race between evice_inodes() and find_inode()&iput() Junlin Li (2): drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error Junxian Huang (4): RDMA/hns: Don't modify rq next block addr in HIP09 QPC RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler RDMA/hns: Optimize hem allocation performance RDMA/hns: Fix restricted __le16 degrades to integer issue Justin Iurman (1): net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input Kairui Song (3): mm/filemap: return early if failed to allocate memory for split lib/xarray: introduce a new helper xas_get_order mm/filemap: optimize filemap folio adding Kaixin Wang (1): net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition Kamlesh Gurudasani (1): padata: Honor the caller's alignment in case of chunk_size 0 Kan Liang (1): perf report: Fix --total-cycles --stdio output error Kees Cook (1): interconnect: icc-clk: Add missed num_nodes initialization Kemeng Shi (3): ext4: avoid buffer_head leak in ext4_mark_inode_used() ext4: avoid potential buffer_head leak in __ext4_new_inode() ext4: avoid negative min_clusters in find_group_orlov() Konrad Dybcio (1): iommu/arm-smmu-qcom: Work around SDM845 Adreno SMMU w/ 16K pages Krzysztof Kozlowski (12): ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property ARM: versatile: fix OF node leak in CPUs prepare reset: berlin: fix OF node leak in probe() error path reset: k210: fix OF node leak in probe() error path iio: magnetometer: ak8975: drop incorrect AK09116 compatible dt-bindings: iio: asahi-kasei,ak8975: drop incorrect AK09116 compatible soc: versatile: integrator: fix OF node leak in probe() error path bus: integrator-lm: fix OF node leak in probe() cpuidle: riscv-sbi: Use scoped device node handling to fix missing of_node_put ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp pinctrl soc: versatile: realview: fix memory leak during device remove soc: versatile: realview: fix soc_dev leak during device remove Kuniyuki Iwashima (1): can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). Lad Prabhakar (3): arm64: dts: renesas: r9a07g043u: Correct GICD and GICR sizes arm64: dts: renesas: r9a07g054: Correct GICD and GICR sizes arm64: dts: renesas: r9a07g044: Correct GICD and GICR sizes Lasse Collin (1): xz: cleanup CRC32 edits from 2018 Laurent Pinchart (1): Remove *.orig pattern from .gitignore Lee Jones (1): usb: yurex: Replace snprintf() with the safer scnprintf() variant Leo Ma (1): drm/amd/display: Add HDMI DSC native YCbCr422 support Li Lingfeng (2): nfsd: return -EINVAL when namelen is 0 nfs: fix memory leak in error path of nfs4_do_reclaim Li Zhijian (1): nvdimm: Fix devs leaks in scan_labels() Liam R. Howlett (1): mm/damon/vaddr: protect vma traversal in __damon_va_thre_regions() with rcu read lock Linus Torvalds (1): minmax: avoid overly complex min()/max() macro arguments in xen Linus Walleij (2): ASoC: tas2781-i2c: Drop weird GPIO code ASoC: tas2781-i2c: Get the right GPIO line Liu Ying (1): drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() Luca Stefani (1): btrfs: always update fstrim_range on failure in FITRIM ioctl Luiz Augusto von Dentz (3): Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL Bluetooth: btusb: Fix not handling ZPL/short-transfer Ma Ke (8): spi: ppc4xx: handle irq_of_parse_and_map() errors ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error wifi: mt76: mt7921: Check devm_kasprintf() returned value wifi: mt76: mt7915: check devm_kasprintf() returned value wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he wifi: mt76: mt7615: check devm_kasprintf() returned value pps: add an error check in parport_attach Maciej W. Rozycki (4): PCI: Revert to the original speed after PCIe failed link retraining PCI: Clear the LBMS bit after a link retrain PCI: Correct error reporting with PCIe failed link retraining PCI: Use an error code with PCIe failed link retraining Manish Pandey (1): scsi: ufs: qcom: Update MODE_MAX cfg_bw value Marc Gonzalez (1): iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux Marc Kleine-Budde (1): can: m_can: m_can_close(): stop clocks after device has been shut down Mario Limonciello (1): drm/amd/display: Validate backlight caps are sane Mark Bloch (1): RDMA/mlx5: Obtain upper net device only when needed Mark Brown (1): kselftest/arm64: Actually test SME vector length changes via sigreturn Markus Elfring (1): clk: imx: composite-8m: Less function calls in __imx8m_clk_hw_composite() after error detection Markus Schneider-Pargmann (1): serial: 8250: omap: Cleanup on error in request_irq Martin Wilck (1): scsi: sd: Fix off-by-one error in sd_read_block_characteristics() Masami Hiramatsu (Google) (1): selftests/ftrace: Add required dependency for kprobe tests Mathias Nyman (1): xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them. Max Hawking (1): ntb_perf: Fix printk format Md Haris Iqbal (1): RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds Mel Gorman (5): sched/numa: Document vma_numab_state fields sched/numa: Rename vma_numab_state::access_pids[] => ::pids_active[], ::next_pid_reset => ::pids_active_reset sched/numa: Trace decisions related to skipping VMAs sched/numa: Complete scanning of partial VMAs regardless of PID activity sched/numa: Complete scanning of inactive VMAs when there is no alternative Michael Ellerman (1): powerpc/atomic: Use YZ constraints for DS-form instructions Michael Guralnik (1): RDMA/mlx5: Limit usage of over-sized mkeys from the MR cache Michael Trimarchi (1): tty: serial: kgdboc: Fix 8250_* kgdb over serial Mickaël Salaün (1): fs: Fix file_set_fowner LSM hook inconsistencies Mika Westerberg (8): thunderbolt: Use tb_tunnel_dbg() where possible to make logging more consistent thunderbolt: Expose tb_tunnel_xxx() log macros to the rest of the driver thunderbolt: Use constants for path weight and priority thunderbolt: Use weight constants in tb_usb3_consumed_bandwidth() thunderbolt: Introduce tb_for_each_upstream_port_on_path() thunderbolt: Introduce tb_switch_depth() thunderbolt: Send uevent after asymmetric/symmetric switch thunderbolt: Fix NULL pointer dereference in tb_port_update_credits() Mikhail Lobanov (2): RDMA/cxgb4: Added NULL check for lookup_atid drbd: Add NULL check for net_conf to prevent dereference in state validation Mikulas Patocka (3): Revert "dm: requeue IO if mapping table not yet available" dm-verity: restart or panic on an I/O error Revert: "dm-verity: restart or panic on an I/O error" Ming Lei (3): ublk: move zone report data out of request pdu nbd: fix race between timeout and normal completion lib/sbitmap: define swap_lock as raw_spinlock_t Miquel Raynal (2): mtd: rawnand: mtk: Factorize out the logic cleaning mtk chips mtd: rawnand: mtk: Fix init error path Mirsad Todorovac (1): mtd: slram: insert break after errors in parsing the map Namhyung Kim (4): perf mem: Free the allocated sort string, fixing a leak perf annotate: Split branch stack cycles info from 'struct annotation' perf annotate: Move some source code related fields from 'struct annotation' to 'struct annotated_source' perf ui/browser/annotate: Use global annotation_options Namjae Jeon (2): ksmbd: allow write with FILE_APPEND_DATA ksmbd: handle caseless file creation Nick Morrow (1): wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c Nikita Zhandarovich (4): drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets f2fs: fix several potential integer overflows in file offsets f2fs: prevent possible int overflow in dir_block_index() f2fs: avoid potential int overflow in sanity_check_area_boundary() Niklas Cassel (1): ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense data Nishanth Menon (1): cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately Nuno Sa (1): Input: adp5588-keys - fix check on return code Ojaswin Mujoo (1): ext4: check stripe size compatibility on remount as well Olaf Hering (1): mount: handle OOM on mnt_warn_timestamp_expiry Oleg Nesterov (1): bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() Oliver Neukum (5): usbnet: fix cyclical race on disconnect with work queue USB: appledisplay: close race between probe and completion handler USB: misc: cypress_cy7c63: check for short transfer USB: class: CDC-ACM: fix race between get_serial and set_serial USB: misc: yurex: fix race between read and write P Praneesh (2): wifi: ath12k: fix BSS chan info request WMI command wifi: ath12k: match WMI BSS chan info structure with firmware definition Pablo Neira Ayuso (5): netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire netfilter: nf_tables: reject element expiration with no timeout netfilter: nf_tables: reject expiration higher than timeout netfilter: nf_tables: remove annotation to access set timeout while holding lock netfilter: nf_tables: use rcu chain hook list iterator from netlink dump path Paolo Bonzini (1): Documentation: KVM: fix warning in "make htmldocs" Patrisious Haddad (1): IB/core: Fix ib_cache_setup_one error flow cleanup Pavan Kumar Paluri (1): crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure Pawel Laszczak (2): usb: cdnsp: Fix incorrect usb_request status usb: xhci: fix loss of data on Cadence xHC Peng Fan (7): clk: imx: composite-8m: Enable gate clk with mcore_booted clk: imx: imx8qxp: Register dc0_bypass0_clk before disp clk clk: imx: imx8qxp: Parent should be initialized earlier than the clock remoteproc: imx_rproc: Correct ddr alias for i.MX8M remoteproc: imx_rproc: Initialize workqueue earlier pinctrl: ti: iodelay: Use scope based of_node_put() cleanups dt-bindings: spi: nxp-fspi: support i.MX93 and i.MX95 Pengfei Li (1): clk: imx: fracn-gppll: fix fractional part of PLL getting lost Peter Chiu (3): wifi: mt76: mt7996: use hweight16 to get correct tx antenna wifi: mt76: mt7996: fix traffic delay when switching back to working channel wifi: mt76: mt7996: fix wmm set of station interface to 3 Phil Sutter (1): netfilter: nf_tables: Keep deleted flowtable hooks until after RCU Pieterjan Camerlynck (1): leds: leds-pca995x: Add support for NXP PCA9956B Ping-Ke Shih (1): wifi: mac80211: don't use rate mask for offchannel TX either Qingqing Zhou (1): arm64: dts: qcom: sa8775p: Mark APPS and PCIe SMMUs as DMA coherent Qiu-ji Chen (1): drbd: Fix atomicity violation in drbd_uuid_set_bm() Qiuxu Zhuo (1): EDAC/igen6: Fix conversion of system address to physical memory address Qu Wenruo (2): btrfs: tree-checker: fix the wrong output of data backref objectid btrfs: subpage: fix the bitmap dump which can cause bitmap corruption Raghavendra K T (1): sched/numa: Move up the access pid reset logic Riyan Dhiman (1): block: fix potential invalid pointer dereference in blk_add_partition Rob Herring (1): pinctrl: Use device_get_match_data() Rob Herring (Arm) (1): ASoC: tas2781: Use of_property_read_reg() Robin Chen (1): drm/amd/display: Round calculated vtotal Robin Murphy (6): perf/arm-cmn: Rework DTC counters (again) perf/arm-cmn: Improve debugfs pretty-printing for large configs perf/arm-cmn: Refactor node ID handling. Again. perf/arm-cmn: Fix CCLA register offset perf/arm-cmn: Ensure dtm_idx is big enough perf/arm-cmn: Fail DTC counter allocation correctly Roman Smirnov (2): Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" KEYS: prevent NULL pointer dereference in find_asymmetric_key() Ryusuke Konishi (3): nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() nilfs2: determine empty node blocks as corrupted nilfs2: fix potential oob read in nilfs_btree_check_delete() Samasth Norway Ananda (1): x86/PCI: Check pcie_find_root_port() return for NULL Sean Anderson (5): PCI: xilinx-nwl: Fix register misspelling PCI: xilinx-nwl: Clean up clock on probe failure/removal net: xilinx: axienet: Schedule NAPI in two steps net: xilinx: axienet: Fix packet counting PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler Sean Christopherson (3): KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock Sebastien Laveze (1): clk: imx: imx6ul: fix default parent for enet*_ref_sel Serge Semin (1): EDAC/synopsys: Fix ECC status and IRQ control race condition Shengjiu Wang (1): clk: imx: clk-audiomix: Correct parent clock for earc_phy and audpll Sherry Yang (1): drm/msm: fix %s null argument error Shu Han (1): mm: call the security_mmap_file() LSM hook in remap_file_pages() Shubhrajyoti Datta (1): EDAC/synopsys: Fix error injection on Zynq UltraScale+ Siddharth Vadapalli (1): PCI: dra7xx: Fix threaded IRQ request for "dra7xx-pcie-main" IRQ Simon Horman (1): netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS Snehal Koukuntla (1): KVM: arm64: Add memory length checks and remove inline in do_ffa_mem_xfer Song Liu (1): bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 Srinivasan Shanmugam (1): drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func Stefan Mätje (1): can: esd_usb: Remove CAN_CTRLMODE_3_SAMPLES for CAN-USB/3-FD Stefan Wahren (1): drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get Su Hui (1): net: tipc: avoid possible garbage value Suzuki K Poulose (1): coresight: tmc: sg: Do not leak sg_table Syed Nayyar Waris (1): lib/bitmap: add bitmap_{read,write}() Takashi Sakamoto (1): firewire: core: correct range of block for case of switch statement Thadeu Lima de Souza Cascardo (2): ext4: return error on ext4_find_inline_entry ext4: avoid OOB when system.data xattr changes underneath the filesystem Thomas Weißschuh (2): net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL ACPI: sysfs: validate return type of _STR method Tianchen Ding (1): sched/fair: Make SCHED_IDLE entity be preempted in strict hierarchy Toke Høiland-Jørgensen (1): wifi: ath9k: Remove error checks when creating debugfs entries Tomas Marek (1): usb: dwc2: drd: fix clock gating on USB role switch Tommy Huang (1): i2c: aspeed: Update the stop sw state when the bus recovery occurs Tony Ambardar (25): selftests/bpf: Fix error linking uprobe_multi on mips selftests/bpf: Fix wrong binary in Makefile log output tools/runqslower: Fix LDFLAGS and add LDLIBS support selftests/bpf: Use pid_t consistently in test_progs.c selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc selftests/bpf: Drop unneeded error.h includes selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c selftests/bpf: Fix missing UINT_MAX definitions in benchmarks selftests/bpf: Fix missing BUILD_BUG_ON() declaration selftests/bpf: Fix include of <sys/fcntl.h> selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc selftests/bpf: Fix compiling kfree_skb.c with musl-libc selftests/bpf: Fix compiling flow_dissector.c with musl-libc selftests/bpf: Fix compiling tcp_rtt.c with musl-libc selftests/bpf: Fix compiling core_reloc.c with musl-libc selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc selftests/bpf: Fix errors compiling decap_sanity.c with musl libc selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc selftests/bpf: Fix arg parsing in veristat, test_progs selftests/bpf: Fix error compiling test_lru_map.c selftests/bpf: Fix C++ compile error from missing _Bool type selftests/bpf: Fix redefinition errors compiling lwt_reroute.c selftests/bpf: Fix compile if backtrace support missing in libc selftests/bpf: Fix error compiling tc_redirect.c with musl libc Tushar Vyavahare (1): selftests/bpf: Implement get_hw_ring_size function to retrieve current and max interface size Uwe Kleine-König (1): pinctrl: ti: ti-iodelay: Convert to platform remove callback returning void VanGiang Nguyen (1): padata: use integer wrap around to prevent deadlock on seq_nr overflow Varadarajan Narayanan (1): clk: qcom: ipq5332: Register gcc_qdss_tsctr_clk_src Vasileios Amoiridis (1): iio: chemical: bme680: Fix read/write ops to device by adding mutexes Vitaliy Shevtsov (1): RDMA/irdma: fix error message in irdma_modify_qp_roce() Vladimir Lypak (4): drm/msm/a5xx: disable preemption in submits by default drm/msm/a5xx: properly clear preemption records on resume drm/msm/a5xx: fix races in preemption evaluation stage drm/msm/a5xx: workaround early ring-buffer emptiness check Wang Jianzheng (1): pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function WangYuli (1): drm/amd/amdgpu: Properly tune the size of struct Weili Qian (3): crypto: hisilicon/hpre - mask cluster timeout error crypto: hisilicon/qm - reset device before enabling it crypto: hisilicon/qm - inject error before stopping queue Wenbo Li (1): virtio_net: Fix mismatched buf address when unmapping for small packets Werner Sembach (4): Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line ACPI: resource: Add another DMI match for the TongFang GMxXGxx Wolfram Sang (1): ipmi: docs: don't advertise deprecated sysfs entries Xin Li (1): x86/idtentry: Incorporate definitions/declarations of the FRED entries Yanfei Xu (1): cxl/pci: Fix to record only non-zero ranges Yang Jihong (2): perf sched timehist: Fix missing free of session in perf_sched__timehist() perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time Yang Yingliang (1): pinctrl: single: fix missing error code in pcs_probe() Yanteng Si (1): net: stmmac: dwmac-loongson: Init ref and PTP clocks rate Ye Li (1): clk: imx: composite-7ulp: Check the PCC present bit Yeongjin Gil (2): f2fs: Create COW inode from parent dentry for atomic write f2fs: compress: don't redirty sparse cluster during {,de}compress Yicong Yang (3): drivers/perf: hisi_pcie: Record hardware counts correctly drivers/perf: hisi_pcie: Fix TLP headers bandwidth counting perf stat: Display iostat headers correctly Yonghong Song (4): selftests/bpf: Replace CHECK with ASSERT_* in ns_current_pid_tgid test selftests/bpf: Refactor out some functions in ns_current_pid_tgid test selftests/bpf: Add a cgroup prog bpf_get_ns_current_pid_tgid() test selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute Yosry Ahmed (1): x86/mm: Use IPIs to synchronize LAM enablement Youssef Samir (1): net: qrtr: Update packets cloning when broadcasting Yu Kuai (5): block, bfq: fix possible UAF for bfqq->bic with merge chain block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() block, bfq: don't break merge chain in bfq_split_bfqq() block, bfq: fix uaf for accessing waker_bfqq after splitting block, bfq: fix procress reference leakage for bfqq in merge chain Yuesong Li (1): drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() Yujie Liu (1): sched/numa: Fix the vma scan starving issue Yunfei Dong (3): media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning media: mediatek: vcodec: Fix H264 stateless decoder smatch warning Yuntao Liu (3): ALSA: hda: cs35l41: fix module autoloading hwmon: (ntc_thermistor) fix module autoloading clk: starfive: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage Zack Rusin (1): drm/vmwgfx: Prevent unmapping active read buffers Zhang Changzhong (1): can: j1939: use correct function name in comment Zhen Lei (1): debugobjects: Fix conditions in fill_pool() Zhiguo Niu (1): lockdep: fix deadlock issue between lockdep and rcu Zhipeng Wang (1): clk: imx: imx8mp: fix clock tree update of TF-A managed clocks Zhu Yanjun (1): RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency Zijun Hu (1): driver core: Fix error handling in driver API device_rename() tangbin (1): ASoC: loongson: fix error release wenglianfa (2): RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() yangerkun (1): ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard

7 months

1
1
0 0

[net PATCH 1/2] net: phy: Remove LED entry from LEDs list on unregister

by Christian Marangi

Commit c938ab4da0eb ("net: phy: Manual remove LEDs to ensure correct ordering") correctly fixed a problem with using devm_ but missed removing the LED entry from the LEDs list. This cause kernel panic on specific scenario where the port for the PHY is torn down and up and the kmod for the PHY is removed. On setting the port down the first time, the assosiacted LEDs are correctly unregistered. The associated kmod for the PHY is now removed. The kmod is now added again and the port is now put up, the associated LED are registered again. On putting the port down again for the second time after these step, the LED list now have 4 elements. With the first 2 already unregistered previously and the 2 new one registered again. This cause a kernel panic as the first 2 element should have been removed. Fix this by correctly removing the element when LED is unregistered. Reported-by: Daniel Golle <daniel(a)makrotopia.org> Tested-by: Daniel Golle <daniel(a)makrotopia.org> Cc: stable(a)vger.kernel.org Fixes: c938ab4da0eb ("net: phy: Manual remove LEDs to ensure correct ordering") Signed-off-by: Christian Marangi <ansuelsmth(a)gmail.com> --- drivers/net/phy/phy_device.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/net/phy/phy_device.c b/drivers/net/phy/phy_device.c index 560e338b307a..499797646580 100644 --- a/drivers/net/phy/phy_device.c +++ b/drivers/net/phy/phy_device.c @@ -3326,10 +3326,11 @@ static __maybe_unused int phy_led_hw_is_supported(struct led_classdev *led_cdev, static void phy_leds_unregister(struct phy_device *phydev) { - struct phy_led *phyled; + struct phy_led *phyled, *tmp; - list_for_each_entry(phyled, &phydev->leds, list) { + list_for_each_entry_safe(phyled, tmp, &phydev->leds, list) { led_classdev_unregister(&phyled->led_cdev); + list_del(&phyled->list); } } -- 2.45.2

7 months

2
8
0 0

[for-linus][PATCH 8/8] tracing/hwlat: Fix a race during cpuhp processing

by Steven Rostedt

From: Wei Li <liwei391(a)huawei.com> The cpuhp online/offline processing race also exists in percpu-mode hwlat tracer in theory, apply the fix too. That is: T1 | T2 [CPUHP_ONLINE] | cpu_device_down() hwlat_hotplug_workfn() | | cpus_write_lock() | takedown_cpu(1) | cpus_write_unlock() [CPUHP_OFFLINE] | cpus_read_lock() | start_kthread(1) | cpus_read_unlock() | Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Link: https://lore.kernel.org/20240924094515.3561410-5-liwei391@huawei.com Fixes: ba998f7d9531 ("trace/hwlat: Support hotplug operations") Signed-off-by: Wei Li <liwei391(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_hwlat.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/trace/trace_hwlat.c b/kernel/trace/trace_hwlat.c index b791524a6536..3bd6071441ad 100644 --- a/kernel/trace/trace_hwlat.c +++ b/kernel/trace/trace_hwlat.c @@ -520,6 +520,8 @@ static void hwlat_hotplug_workfn(struct work_struct *dummy) if (!hwlat_busy || hwlat_data.thread_mode != MODE_PER_CPU) goto out_unlock; + if (!cpu_online(cpu)) + goto out_unlock; if (!cpumask_test_cpu(cpu, tr->tracing_cpumask)) goto out_unlock; -- 2.45.2

7 months

1
0
0 0

[for-linus][PATCH 7/8] tracing/timerlat: Fix a race during cpuhp processing

by Steven Rostedt

From: Wei Li <liwei391(a)huawei.com> There is another found exception that the "timerlat/1" thread was scheduled on CPU0, and lead to timer corruption finally: ``` ODEBUG: init active (active state 0) object: ffff888237c2e108 object type: hrtimer hint: timerlat_irq+0x0/0x220 WARNING: CPU: 0 PID: 426 at lib/debugobjects.c:518 debug_print_object+0x7d/0xb0 Modules linked in: CPU: 0 UID: 0 PID: 426 Comm: timerlat/1 Not tainted 6.11.0-rc7+ #45 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 RIP: 0010:debug_print_object+0x7d/0xb0 ... Call Trace: <TASK> ? __warn+0x7c/0x110 ? debug_print_object+0x7d/0xb0 ? report_bug+0xf1/0x1d0 ? prb_read_valid+0x17/0x20 ? handle_bug+0x3f/0x70 ? exc_invalid_op+0x13/0x60 ? asm_exc_invalid_op+0x16/0x20 ? debug_print_object+0x7d/0xb0 ? debug_print_object+0x7d/0xb0 ? __pfx_timerlat_irq+0x10/0x10 __debug_object_init+0x110/0x150 hrtimer_init+0x1d/0x60 timerlat_main+0xab/0x2d0 ? __pfx_timerlat_main+0x10/0x10 kthread+0xb7/0xe0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x40 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> ``` After tracing the scheduling event, it was discovered that the migration of the "timerlat/1" thread was performed during thread creation. Further analysis confirmed that it is because the CPU online processing for osnoise is implemented through workers, which is asynchronous with the offline processing. When the worker was scheduled to create a thread, the CPU may has already been removed from the cpu_online_mask during the offline process, resulting in the inability to select the right CPU: T1 | T2 [CPUHP_ONLINE] | cpu_device_down() osnoise_hotplug_workfn() | | cpus_write_lock() | takedown_cpu(1) | cpus_write_unlock() [CPUHP_OFFLINE] | cpus_read_lock() | start_kthread(1) | cpus_read_unlock() | To fix this, skip online processing if the CPU is already offline. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Link: https://lore.kernel.org/20240924094515.3561410-4-liwei391@huawei.com Fixes: c8895e271f79 ("trace/osnoise: Support hotplug operations") Signed-off-by: Wei Li <liwei391(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_osnoise.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/trace/trace_osnoise.c b/kernel/trace/trace_osnoise.c index e22567174dd3..a50ed23bee77 100644 --- a/kernel/trace/trace_osnoise.c +++ b/kernel/trace/trace_osnoise.c @@ -2097,6 +2097,8 @@ static void osnoise_hotplug_workfn(struct work_struct *dummy) mutex_lock(&interface_lock); cpus_read_lock(); + if (!cpu_online(cpu)) + goto out_unlock; if (!cpumask_test_cpu(cpu, &osnoise_cpumask)) goto out_unlock; -- 2.45.2

7 months

1
0
0 0

[for-linus][PATCH 6/8] tracing/timerlat: Drop interface_lock in stop_kthread()

by Steven Rostedt

From: Wei Li <liwei391(a)huawei.com> stop_kthread() is the offline callback for "trace/osnoise:online", since commit 5bfbcd1ee57b ("tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread()"), the following ABBA deadlock scenario is introduced: T1 | T2 [BP] | T3 [AP] osnoise_hotplug_workfn() | work_for_cpu_fn() | cpuhp_thread_fun() | _cpu_down() | osnoise_cpu_die() mutex_lock(&interface_lock) | | stop_kthread() | cpus_write_lock() | mutex_lock(&interface_lock) cpus_read_lock() | cpuhp_kick_ap() | As the interface_lock here in just for protecting the "kthread" field of the osn_var, use xchg() instead to fix this issue. Also use for_each_online_cpu() back in stop_per_cpu_kthreads() as it can take cpu_read_lock() again. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Link: https://lore.kernel.org/20240924094515.3561410-3-liwei391@huawei.com Fixes: 5bfbcd1ee57b ("tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread()") Signed-off-by: Wei Li <liwei391(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_osnoise.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/kernel/trace/trace_osnoise.c b/kernel/trace/trace_osnoise.c index d1a539913a5f..e22567174dd3 100644 --- a/kernel/trace/trace_osnoise.c +++ b/kernel/trace/trace_osnoise.c @@ -1953,12 +1953,8 @@ static void stop_kthread(unsigned int cpu) { struct task_struct *kthread; - mutex_lock(&interface_lock); - kthread = per_cpu(per_cpu_osnoise_var, cpu).kthread; + kthread = xchg_relaxed(&(per_cpu(per_cpu_osnoise_var, cpu).kthread), NULL); if (kthread) { - per_cpu(per_cpu_osnoise_var, cpu).kthread = NULL; - mutex_unlock(&interface_lock); - if (cpumask_test_and_clear_cpu(cpu, &kthread_cpumask) && !WARN_ON(!test_bit(OSN_WORKLOAD, &osnoise_options))) { kthread_stop(kthread); @@ -1972,7 +1968,6 @@ static void stop_kthread(unsigned int cpu) put_task_struct(kthread); } } else { - mutex_unlock(&interface_lock); /* if no workload, just return */ if (!test_bit(OSN_WORKLOAD, &osnoise_options)) { /* @@ -1994,8 +1989,12 @@ static void stop_per_cpu_kthreads(void) { int cpu; - for_each_possible_cpu(cpu) + cpus_read_lock(); + + for_each_online_cpu(cpu) stop_kthread(cpu); + + cpus_read_unlock(); } /* -- 2.45.2

7 months

1
0
0 0

[for-linus][PATCH 5/8] tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline

by Steven Rostedt

From: Wei Li <liwei391(a)huawei.com> osnoise_hotplug_workfn() is the asynchronous online callback for "trace/osnoise:online". It may be congested when a CPU goes online and offline repeatedly and is invoked for multiple times after a certain online. This will lead to kthread leak and timer corruption. Add a check in start_kthread() to prevent this situation. Cc: stable(a)vger.kernel.org Cc: Masami Hiramatsu <mhiramat(a)kernel.org> Cc: Mathieu Desnoyers <mathieu.desnoyers(a)efficios.com> Link: https://lore.kernel.org/20240924094515.3561410-2-liwei391@huawei.com Fixes: c8895e271f79 ("trace/osnoise: Support hotplug operations") Signed-off-by: Wei Li <liwei391(a)huawei.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/trace_osnoise.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/kernel/trace/trace_osnoise.c b/kernel/trace/trace_osnoise.c index 1439064f65d6..d1a539913a5f 100644 --- a/kernel/trace/trace_osnoise.c +++ b/kernel/trace/trace_osnoise.c @@ -2007,6 +2007,10 @@ static int start_kthread(unsigned int cpu) void *main = osnoise_main; char comm[24]; + /* Do not start a new thread if it is already running */ + if (per_cpu(per_cpu_osnoise_var, cpu).kthread) + return 0; + if (timerlat_enabled()) { snprintf(comm, 24, "timerlat/%d", cpu); main = timerlat_main; @@ -2061,11 +2065,10 @@ static int start_per_cpu_kthreads(void) if (cpumask_test_and_clear_cpu(cpu, &kthread_cpumask)) { struct task_struct *kthread; - kthread = per_cpu(per_cpu_osnoise_var, cpu).kthread; + kthread = xchg_relaxed(&(per_cpu(per_cpu_osnoise_var, cpu).kthread), NULL); if (!WARN_ON(!kthread)) kthread_stop(kthread); } - per_cpu(per_cpu_osnoise_var, cpu).kthread = NULL; } for_each_cpu(cpu, current_mask) { -- 2.45.2

7 months

1
0
0 0

[for-linus][PATCH 3/8] rtla: Fix the help text in osnoise and timerlat top tools

by Steven Rostedt

From: Eder Zulian <ezulian(a)redhat.com> The help text in osnoise top and timerlat top had some minor errors and omissions. The -d option was missing the 's' (second) abbreviation and the error message for '-d' used '-D'. Cc: stable(a)vger.kernel.org Fixes: 1eceb2fc2ca54 ("rtla/osnoise: Add osnoise top mode") Fixes: a828cd18bc4ad ("rtla: Add timerlat tool and timelart top mode") Link: https://lore.kernel.org/20240813155831.384446-1-ezulian@redhat.com Suggested-by: Tomas Glozar <tglozar(a)redhat.com> Reviewed-by: Tomas Glozar <tglozar(a)redhat.com> Signed-off-by: Eder Zulian <ezulian(a)redhat.com> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- tools/tracing/rtla/src/osnoise_top.c | 2 +- tools/tracing/rtla/src/timerlat_top.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/tracing/rtla/src/osnoise_top.c b/tools/tracing/rtla/src/osnoise_top.c index 2f756628613d..30e3853076a0 100644 --- a/tools/tracing/rtla/src/osnoise_top.c +++ b/tools/tracing/rtla/src/osnoise_top.c @@ -442,7 +442,7 @@ struct osnoise_top_params *osnoise_top_parse_args(int argc, char **argv) case 'd': params->duration = parse_seconds_duration(optarg); if (!params->duration) - osnoise_top_usage(params, "Invalid -D duration\n"); + osnoise_top_usage(params, "Invalid -d duration\n"); break; case 'e': tevent = trace_event_alloc(optarg); diff --git a/tools/tracing/rtla/src/timerlat_top.c b/tools/tracing/rtla/src/timerlat_top.c index 8c16419fe22a..210b0f533534 100644 --- a/tools/tracing/rtla/src/timerlat_top.c +++ b/tools/tracing/rtla/src/timerlat_top.c @@ -459,7 +459,7 @@ static void timerlat_top_usage(char *usage) " -c/--cpus cpus: run the tracer only on the given cpus", " -H/--house-keeping cpus: run rtla control threads only on the given cpus", " -C/--cgroup[=cgroup_name]: set cgroup, if no cgroup_name is passed, the rtla's cgroup will be inherited", - " -d/--duration time[m|h|d]: duration of the session in seconds", + " -d/--duration time[s|m|h|d]: duration of the session", " -D/--debug: print debug info", " --dump-tasks: prints the task running on all CPUs if stop conditions are met (depends on !--no-aa)", " -t/--trace[file]: save the stopped trace to [file|timerlat_trace.txt]", @@ -613,7 +613,7 @@ static struct timerlat_top_params case 'd': params->duration = parse_seconds_duration(optarg); if (!params->duration) - timerlat_top_usage("Invalid -D duration\n"); + timerlat_top_usage("Invalid -d duration\n"); break; case 'e': tevent = trace_event_alloc(optarg); -- 2.45.2

7 months

1
0
0 0

[PATCH 6.6 000/533] 6.6.54-rc2 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.6.54 release. There are 533 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat, 05 Oct 2024 10:30:30 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.6.54-rc2… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.6.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.6.54-rc2 Mikulas Patocka <mpatocka(a)redhat.com> Revert: "dm-verity: restart or panic on an I/O error" Alexander Dahl <ada(a)thorsis.com> spi: atmel-quadspi: Fix wrong register value written to MR Alexey Gladkov (Intel) <legion(a)kernel.org> x86/tdx: Fix "in-kernel MMIO" check Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Fix NULL pointer dereference in tb_port_update_credits() Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Fix minimum allocated USB 3.x and PCIe bandwidth Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Send uevent after asymmetric/symmetric switch Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmfmac: add linefeed at end of file André Apitzsch <git(a)apitzsch.eu> iio: magnetometer: ak8975: Fix 'Unexpected device' error Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Fail DTC counter allocation correctly Harshit Mogalapalli <harshit.m.mogalapalli(a)oracle.com> usb: yurex: Fix inconsistent locking bug in yurex_read() Oleg Nesterov <oleg(a)redhat.com> bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() Paolo Bonzini <pbonzini(a)redhat.com> Documentation: KVM: fix warning in "make htmldocs" Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> i2c: isch: Add missed 'else' Tommy Huang <tommy_huang(a)aspeedtech.com> i2c: aspeed: Update the stop sw state when the bus recovery occurs Liam R. Howlett <Liam.Howlett(a)oracle.com> mm/damon/vaddr: protect vma traversal in __damon_va_thre_regions() with rcu read lock Dmitry Vyukov <dvyukov(a)google.com> module: Fix KCOV-ignored file name Haibo Chen <haibo.chen(a)nxp.com> spi: fspi: add support for imx8ulp David Gow <davidgow(a)google.com> mm: only enforce minimum stack gap size if it's sensible Zhiguo Niu <zhiguo.niu(a)unisoc.com> lockdep: fix deadlock issue between lockdep and rcu Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: restart or panic on an I/O error Song Liu <song(a)kernel.org> bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 Kairui Song <kasong(a)tencent.com> mm/filemap: optimize filemap folio adding Kairui Song <kasong(a)tencent.com> lib/xarray: introduce a new helper xas_get_order Kairui Song <kasong(a)tencent.com> mm/filemap: return early if failed to allocate memory for split Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Improve DisplayPort tunnel setup process to be more robust Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Configure asymmetric link if needed and bandwidth allows Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Add support for asymmetric link Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Introduce tb_switch_depth() Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Introduce tb_for_each_upstream_port_on_path() Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Introduce tb_port_path_direction_downstream() Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Change bandwidth reservations to comply USB4 v2 Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Make is_gen4_link() available to the rest of the driver Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Use weight constants in tb_usb3_consumed_bandwidth() Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Use constants for path weight and priority Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Create multiple DisplayPort tunnels if there are more DP IN/OUT pairs Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Expose tb_tunnel_xxx() log macros to the rest of the driver Mika Westerberg <mika.westerberg(a)linux.intel.com> thunderbolt: Use tb_tunnel_dbg() where possible to make logging more consistent Gil Fine <gil.fine(a)linux.intel.com> thunderbolt: Fix debug log when DisplayPort adapter not available for pairing Haibo Chen <haibo.chen(a)nxp.com> dt-bindings: spi: nxp-fspi: add imx8ulp support Peng Fan <peng.fan(a)nxp.com> dt-bindings: spi: nxp-fspi: support i.MX93 and i.MX95 Filipe Manana <fdmanana(a)suse.com> btrfs: fix race setting file private on concurrent lseek using same fd Filipe Manana <fdmanana(a)suse.com> btrfs: update comment for struct btrfs_inode::lock David Sterba <dsterba(a)suse.com> btrfs: reorder btrfs_inode to fill gaps Qu Wenruo <wqu(a)suse.com> btrfs: subpage: fix the bitmap dump which can cause bitmap corruption Syed Nayyar Waris <syednwaris(a)gmail.com> lib/bitmap: add bitmap_{read,write}() Dmitry Vyukov <dvyukov(a)google.com> x86/entry: Remove unwanted instrumentation in common_interrupt() Xin Li <xin3.li(a)intel.com> x86/idtentry: Incorporate definitions/declarations of the FRED entries Jiri Slaby (SUSE) <jirislaby(a)kernel.org> serial: don't use uninitialized value in uart_poll_init() Michael Trimarchi <michael(a)amarulasolutions.com> tty: serial: kgdboc: Fix 8250_* kgdb over serial Ma Ke <make24(a)iscas.ac.cn> pps: add an error check in parport_attach Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> pps: remove usage of the deprecated ida_simple_xx() API Pawel Laszczak <pawell(a)cadence.com> usb: xhci: fix loss of data on Cadence xHC Daehwan Jung <dh10.jung(a)samsung.com> xhci: Add a quirk for writing ERST in high-low order Oliver Neukum <oneukum(a)suse.com> USB: misc: yurex: fix race between read and write Lee Jones <lee(a)kernel.org> usb: yurex: Replace snprintf() with the safer scnprintf() variant Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: versatile: realview: fix soc_dev leak during device remove Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: versatile: realview: fix memory leak during device remove Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp pinctrl Haibo Chen <haibo.chen(a)nxp.com> spi: fspi: involve lut_num for struct nxp_fspi_devtype_data VanGiang Nguyen <vangiang.nguyen(a)rohde-schwarz.com> padata: use integer wrap around to prevent deadlock on seq_nr overflow Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> cpuidle: riscv-sbi: Use scoped device node handling to fix missing of_node_put Eric Dumazet <edumazet(a)google.com> icmp: change the order of rate limits Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/igen6: Fix conversion of system address to physical memory address Li Lingfeng <lilingfeng3(a)huawei.com> nfs: fix memory leak in error path of nfs4_do_reclaim Mickaël Salaün <mic(a)digikod.net> fs: Fix file_set_fowner LSM hook inconsistencies Julian Sun <sunjunchao2870(a)gmail.com> vfs: fix race between evice_inodes() and find_inode()&iput() Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity Qingqing Zhou <quic_qqzhou(a)quicinc.com> arm64: dts: qcom: sa8775p: Mark APPS and PCIe SMMUs as DMA coherent Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency D Scott Phillips <scott(a)os.amperecomputing.com> arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a Anastasia Belova <abelova(a)astralinux.ru> arm64: esr: Define ESR_ELx_EC_* constants as UL Gaosheng Cui <cuigaosheng1(a)huawei.com> hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume Gaosheng Cui <cuigaosheng1(a)huawei.com> hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init Guoqing Jiang <guoqing.jiang(a)canonical.com> hwrng: mtk - Use devm_pm_runtime_enable Chao Yu <chao(a)kernel.org> f2fs: fix to check atomic_file in f2fs ioctl interfaces Jann Horn <jannh(a)google.com> f2fs: Require FMODE_WRITE for atomic write ioctls Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> f2fs: avoid potential int overflow in sanity_check_area_boundary() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> f2fs: prevent possible int overflow in dir_block_index() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> f2fs: fix several potential integer overflows in file offsets Luca Stefani <luca.stefani.ge1(a)gmail.com> btrfs: always update fstrim_range on failure in FITRIM ioctl Qu Wenruo <wqu(a)suse.com> btrfs: tree-checker: fix the wrong output of data backref objectid Zhen Lei <thunder.leizhen(a)huawei.com> debugobjects: Fix conditions in fill_pool() Ma Ke <make24(a)iscas.ac.cn> wifi: mt76: mt7615: check devm_kasprintf() returned value Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: 8822c: Fix reported RX band width Nick Morrow <morrownr(a)gmail.com> wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c Ma Ke <make24(a)iscas.ac.cn> wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he Ma Ke <make24(a)iscas.ac.cn> wifi: mt76: mt7915: check devm_kasprintf() returned value Ma Ke <make24(a)iscas.ac.cn> wifi: mt76: mt7921: Check devm_kasprintf() returned value Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix sampling synchronization Ard Biesheuvel <ardb(a)kernel.org> efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption Werner Sembach <wse(a)tuxedocomputers.com> ACPI: resource: Add another DMI match for the TongFang GMxXGxx Thomas Weißschuh <linux(a)weissschuh.net> ACPI: sysfs: validate return type of _STR method Mikhail Lobanov <m.lobanov(a)rosalinux.ru> drbd: Add NULL check for net_conf to prevent dereference in state validation Qiu-ji Chen <chenqiuji666(a)gmail.com> drbd: Fix atomicity violation in drbd_uuid_set_bm() Pavan Kumar Paluri <papaluri(a)amd.com> crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure Johan Hovold <johan+linaro(a)kernel.org> serial: qcom-geni: fix fifo polling timeout Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them. Florian Fainelli <florian.fainelli(a)broadcom.com> tty: rp2: Fix reset with non forgiving PCIe host bridges Jann Horn <jannh(a)google.com> firmware_loader: Block path traversal Fabio Porcedda <fabio.porcedda(a)gmail.com> bus: mhi: host: pci_generic: Fix the name for the Telit FE990A Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> bus: integrator-lm: fix OF node leak in probe() Tomas Marek <tomas.marek(a)elrest.cz> usb: dwc2: drd: fix clock gating on USB role switch Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix incorrect usb_request status Oliver Neukum <oneukum(a)suse.com> USB: class: CDC-ACM: fix race between get_serial and set_serial Oliver Neukum <oneukum(a)suse.com> USB: misc: cypress_cy7c63: check for short transfer Oliver Neukum <oneukum(a)suse.com> USB: appledisplay: close race between probe and completion handler Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled Oliver Neukum <oneukum(a)suse.com> usbnet: fix cyclical race on disconnect with work queue Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix USB/SDIO devices not transmitting beacons Stefan Mätje <stefan.maetje(a)esd.eu> can: esd_usb: Remove CAN_CTRLMODE_3_SAMPLES for CAN-USB/3-FD Finn Thain <fthain(a)linux-m68k.org> scsi: mac_scsi: Disallow bus errors during PDMA send Finn Thain <fthain(a)linux-m68k.org> scsi: mac_scsi: Refactor polling loop Finn Thain <fthain(a)linux-m68k.org> scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages Manish Pandey <quic_mapa(a)quicinc.com> scsi: ufs: qcom: Update MODE_MAX cfg_bw value Martin Wilck <mwilck(a)suse.com> scsi: sd: Fix off-by-one error in sd_read_block_characteristics() Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_msense_control() CDL page reporting Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: handle caseless file creation Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: allow write with FILE_APPEND_DATA Hobin Woo <hobin.woo(a)samsung.com> ksmbd: make __dir_empty() compatible with POSIX Chuck Lever <chuck.lever(a)oracle.com> fs: Create a generic is_dot_dotdot() utility Michael Ellerman <mpe(a)ellerman.id.au> powerpc/atomic: Use YZ constraints for DS-form instructions Roman Smirnov <r.smirnov(a)omp.ru> KEYS: prevent NULL pointer dereference in find_asymmetric_key() Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Validate backlight caps are sane Robin Chen <robin.chen(a)amd.com> drm/amd/display: Round calculated vtotal Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Add HDMI DSC native YCbCr422 support Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Skip Recompute DSC Params if no Stream on Link Sean Christopherson <seanjc(a)google.com> KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock Sean Christopherson <seanjc(a)google.com> KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() Sean Christopherson <seanjc(a)google.com> KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits Snehal Koukuntla <snehalreddy(a)google.com> KVM: arm64: Add memory length checks and remove inline in do_ffa_mem_xfer Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table Nuno Sa <nuno.sa(a)analog.com> Input: adp5588-keys - fix check on return code Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Protect against overflow of ALIGN() during iova allocation Roman Smirnov <r.smirnov(a)omp.ru> Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: versatile: integrator: fix OF node leak in probe() error path Herve Codina <herve.codina(a)bootlin.com> soc: fsl: cpm1: tsa: Fix tsa_write8() Ma Ke <make24(a)iscas.ac.cn> ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Revert "soc: qcom: smd-rpm: Match rpmsg channel instead of compatible" Sean Anderson <sean.anderson(a)linux.dev> PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler Maciej W. Rozycki <macro(a)orcam.me.uk> PCI: Use an error code with PCIe failed link retraining Maciej W. Rozycki <macro(a)orcam.me.uk> PCI: Correct error reporting with PCIe failed link retraining Frank Li <Frank.Li(a)nxp.com> PCI: imx6: Fix missing call to phy_power_off() in error handling Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: dra7xx: Fix threaded IRQ request for "dra7xx-pcie-main" IRQ Maciej W. Rozycki <macro(a)orcam.me.uk> PCI: Clear the LBMS bit after a link retrain Maciej W. Rozycki <macro(a)orcam.me.uk> PCI: Revert to the original speed after PCIe failed link retraining Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Remove *.orig pattern from .gitignore Felix Moessbauer <felix.moessbauer(a)siemens.com> io_uring/sqpoll: do not put cpumask on stack Jens Axboe <axboe(a)kernel.dk> io_uring/sqpoll: retain test for whether the CPU is valid Juergen Gross <jgross(a)suse.com> xen: allow mapping ACPI data using a different physical address Juergen Gross <jgross(a)suse.com> xen: move checks for e820 conflicts further up Duanqiang Wen <duanqiangwen(a)net-swift.com> Revert "net: libwx: fix alloc msix vectors failed" Zack Rusin <zack.rusin(a)broadcom.com> drm/vmwgfx: Prevent unmapping active read buffers Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination Shu Han <ebpqwerty472123(a)gmail.com> mm: call the security_mmap_file() LSM hook in remap_file_pages() Jens Axboe <axboe(a)kernel.dk> io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL Felix Moessbauer <felix.moessbauer(a)siemens.com> io_uring/sqpoll: do not allow pinning outside of cpuset Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: use rcu chain hook list iterator from netlink dump path Simon Horman <horms(a)kernel.org> netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Keep deleted flowtable hooks until after RCU Furong Xu <0x1207(a)gmail.com> net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled Wenbo Li <liwenbo.martin(a)bytedance.com> virtio_net: Fix mismatched buf address when unmapping for small packets Jiwon Kim <jiwonaid0(a)gmail.com> bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave() Youssef Samir <quic_yabdulra(a)quicinc.com> net: qrtr: Update packets cloning when broadcasting Josh Hunt <johunt(a)akamai.com> tcp: check skb is non-NULL in tcp_rto_delta_us() Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL Kaixin Wang <kxwang23(a)m.fudan.edu.cn> net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition Eric Dumazet <edumazet(a)google.com> netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Fix packet counting Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Schedule NAPI in two steps Mikulas Patocka <mpatocka(a)redhat.com> Revert "dm: requeue IO if mapping table not yet available" Dan Carpenter <alexander.sverdlin(a)gmail.com> ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() Jason Wang <jasowang(a)redhat.com> vhost_vdpa: assign irq bypass producer token correctly Yanfei Xu <yanfei.xu(a)intel.com> cxl/pci: Fix to record only non-zero ranges Kees Cook <kees(a)kernel.org> interconnect: icc-clk: Add missed num_nodes initialization Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: tmc: sg: Do not leak sg_table Markus Schneider-Pargmann <msp(a)baylibre.com> serial: 8250: omap: Cleanup on error in request_irq Jinjie Ruan <ruanjinjie(a)huawei.com> driver core: Fix a potential null-ptr-deref in module_add_driver() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: iio: asahi-kasei,ak8975: drop incorrect AK09116 compatible Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> iio: magnetometer: ak8975: drop incorrect AK09116 compatible Biju Das <biju.das.jz(a)bp.renesas.com> iio: magnetometer: ak8975: Convert enum->pointer for data in the match tables Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix read/write ops to device by adding mutexes Antoniu Miclaus <antoniu.miclaus(a)analog.com> ABI: testing: fix admv8818 attr description Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: Fix error handling in driver API device_rename() Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: fix standby gpio state to match the documentation Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: fix oversampling gpio array Hannes Reinecke <hare(a)kernel.org> nvme-multipath: system fails to create generic nvme device Alexander Dahl <ada(a)thorsis.com> spi: atmel-quadspi: Avoid overwriting delay register settings Ming Lei <ming.lei(a)redhat.com> lib/sbitmap: define swap_lock as raw_spinlock_t Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time Jinjie Ruan <ruanjinjie(a)huawei.com> spi: atmel-quadspi: Undo runtime PM changes at driver exit time Chao Yu <chao(a)kernel.org> f2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error() Chao Yu <chao(a)kernel.org> f2fs: get rid of online repaire on corrupted directory Chao Yu <chao(a)kernel.org> f2fs: clean up w/ dotdot_name Daeho Jeong <daehojeong(a)google.com> f2fs: prevent atomic file from being dirtied before commit Yeongjin Gil <youngjin.gil(a)samsung.com> f2fs: compress: don't redirty sparse cluster during {,de}compress Chao Yu <chao(a)kernel.org> f2fs: compress: do sanity check on cluster when CONFIG_F2FS_CHECK_FS is on Chao Yu <chao(a)kernel.org> f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread() Chao Yu <chao(a)kernel.org> f2fs: support .shutdown in f2fs_sops Chao Yu <chao(a)kernel.org> f2fs: atomic: fix to truncate pagecache before on-disk metadata truncation Chao Yu <chao(a)kernel.org> f2fs: fix to wait page writeback before setting gcing flag Yeongjin Gil <youngjin.gil(a)samsung.com> f2fs: Create COW inode from parent dentry for atomic write Chao Yu <chao(a)kernel.org> f2fs: fix to avoid racing in between read and OPU dio write Chao Yu <chao(a)kernel.org> f2fs: reduce expensive checkpoint trigger frequency Chao Yu <chao(a)kernel.org> f2fs: atomic: fix to avoid racing w/ GC Danny Tsen <dtsen(a)linux.ibm.com> crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 Herbert Xu <herbert(a)gondor.apana.org.au> crypto: caam - Pad SG length when allocating hash edesc Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: return -EINVAL when namelen is 0 Guoqing Jiang <guoqing.jiang(a)linux.dev> nfsd: call cache_put if xdr_reserve_space returns NULL Dave Jiang <dave.jiang(a)intel.com> ntb: Force physically contiguous allocation of rx ring buffers Max Hawking <maxahawking(a)sonnenkinder.org> ntb_perf: Fix printk format Jinjie Ruan <ruanjinjie(a)huawei.com> ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() Vitaliy Shevtsov <v.shevtsov(a)maxima.ru> RDMA/irdma: fix error message in irdma_modify_qp_roce() Mikhail Lobanov <m.lobanov(a)rosalinux.ru> RDMA/cxgb4: Added NULL check for lookup_atid Jinjie Ruan <ruanjinjie(a)huawei.com> riscv: Fix fp alignment bug in perf_callchain_user() Mark Bloch <mbloch(a)nvidia.com> RDMA/mlx5: Obtain upper net device only when needed Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix restricted __le16 degrades to integer issue Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Optimize hem allocation performance Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Don't modify rq next block addr in HIP09 QPC Jonas Blixt <jonas.blixt(a)actia.se> watchdog: imx_sc_wdt: Don't disable WDT in suspend Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Limit usage of over-sized mkeys from the MR cache Cheng Xu <chengyou(a)linux.alibaba.com> RDMA/erdma: Return QP state in erdma_query_qp Alexandra Diupina <adiupina(a)astralinux.ru> PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() Patrisious Haddad <phaddad(a)nvidia.com> IB/core: Fix ib_cache_setup_one error flow cleanup Wang Jianzheng <wangjianzheng(a)vivo.com> pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function Jeff Layton <jlayton(a)kernel.org> nfsd: fix refcount leak when file is unhashed after being found Jeff Layton <jlayton(a)kernel.org> nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire Alexander Shiyan <eagle.alexander923(a)gmail.com> clk: rockchip: rk3588: Fix 32k clock name for pmu_24m_32k_100m_src_p Yuntao Liu <liuyuntao12(a)huawei.com> clk: starfive: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage David Lechner <dlechner(a)baylibre.com> clk: ti: dra7-atl: Fix leak of of_nodes Md Haris Iqbal <haris.iqbal(a)ionos.com> RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds Jack Wang <jinpu.wang(a)ionos.com> RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: Fix H264 stateless decoder smatch warning Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Claudiu Beznea <claudiu.beznea(a)tuxon.dev> clk: at91: sama7g5: Allocate only the needed amount of memory for PLLs Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: single: fix missing error code in pcs_probe() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency Biju Das <biju.das.jz(a)bp.renesas.com> media: platform: rzg2l-cru: rzg2l-csi2: Add missing MODULE_DEVICE_TABLE Sean Anderson <sean.anderson(a)linux.dev> PCI: xilinx-nwl: Clean up clock on probe failure/removal Sean Anderson <sean.anderson(a)linux.dev> PCI: xilinx-nwl: Fix register misspelling Li Zhijian <lizhijian(a)fujitsu.com> nvdimm: Fix devs leaks in scan_labels() Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> x86/PCI: Check pcie_find_root_port() return for NULL Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: pca995x: Fix device child node usage in pca995x_probe() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: pca995x: Use device_for_each_child_node() to access device child nodes Pieterjan Camerlynck <pieterjanca(a)gmail.com> leds: leds-pca995x: Add support for NXP PCA9956B Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8250: use special function for Lucid 5LPE PLL Varadarajan Narayanan <quic_varada(a)quicinc.com> clk: qcom: ipq5332: Register gcc_qdss_tsctr_clk_src Dan Carpenter <dan.carpenter(a)linaro.org> PCI: keystone: Fix if-statement expression in ks_pcie_quirk() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: correct range of block for case of switch statement Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Wait for Link before restoring Downstream Buses Junlin Li <make24(a)iscas.ac.cn> drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error Junlin Li <make24(a)iscas.ac.cn> drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> Input: ilitek_ts_i2c - add report id message validation Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> Input: ilitek_ts_i2c - avoid wrong input subsystem sync Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> pinctrl: ti: ti-iodelay: Fix some error handling paths Peng Fan <peng.fan(a)nxp.com> pinctrl: ti: iodelay: Use scope based of_node_put() cleanups Rob Herring <robh(a)kernel.org> pinctrl: Use device_get_match_data() Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pinctrl: ti: ti-iodelay: Convert to platform remove callback returning void Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: bd2606mvv: Fix device child node usage in bd2606mvv_probe() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8550: use rcg2_shared_ops for ESC RCGs Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8650: Update the GDSC flags Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8550: use rcg2_ops for mdss_dptx1_aux_clk_src Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8550: fix several supposed typos Jonas Karlman <jonas(a)kwiboo.se> clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: Initialize workqueue earlier Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: Correct ddr alias for i.MX8M Peng Fan <peng.fan(a)nxp.com> clk: imx: imx8qxp: Parent should be initialized earlier than the clock Peng Fan <peng.fan(a)nxp.com> clk: imx: imx8qxp: Register dc0_bypass0_clk before disp clk Zhipeng Wang <zhipeng.wang_1(a)nxp.com> clk: imx: imx8mp: fix clock tree update of TF-A managed clocks Pengfei Li <pengfei.li_1(a)nxp.com> clk: imx: fracn-gppll: fix fractional part of PLL getting lost Ye Li <ye.li(a)nxp.com> clk: imx: composite-7ulp: Check the PCC present bit Jacky Bai <ping.bai(a)nxp.com> clk: imx: composite-93: keep root clock on when mcore enabled Peng Fan <peng.fan(a)nxp.com> clk: imx: composite-8m: Enable gate clk with mcore_booted Markus Elfring <elfring(a)users.sourceforge.net> clk: imx: composite-8m: Less function calls in __imx8m_clk_hw_composite() after error detection Sebastien Laveze <slaveze(a)smartandconnective.com> clk: imx: imx6ul: fix default parent for enet*_ref_sel Shengjiu Wang <shengjiu.wang(a)nxp.com> clk: imx: clk-audiomix: Correct parent clock for earc_phy and audpll Ian Rogers <irogers(a)google.com> perf time-utils: Fix 32-bit nsec parsing Yang Jihong <yangjihong(a)bytedance.com> perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time Yicong Yang <yangyicong(a)hisilicon.com> perf stat: Display iostat headers correctly Yang Jihong <yangjihong(a)bytedance.com> perf sched timehist: Fix missing free of session in perf_sched__timehist() Kan Liang <kan.liang(a)linux.intel.com> perf report: Fix --total-cycles --stdio output error Namhyung Kim <namhyung(a)kernel.org> perf ui/browser/annotate: Use global annotation_options Namhyung Kim <namhyung(a)kernel.org> perf annotate: Move some source code related fields from 'struct annotation' to 'struct annotated_source' Namhyung Kim <namhyung(a)kernel.org> perf annotate: Split branch stack cycles info from 'struct annotation' Ian Rogers <irogers(a)google.com> perf inject: Fix leader sampling inserting additional samples Namhyung Kim <namhyung(a)kernel.org> perf mem: Free the allocated sort string, fixing a leak Daniel Borkmann <daniel(a)iogearbox.net> bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error Daniel Borkmann <daniel(a)iogearbox.net> bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix helper writes to read-only maps Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential oob read in nilfs_btree_check_delete() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: determine empty node blocks as corrupted Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() Yujie Liu <yujie.liu(a)intel.com> sched/numa: Fix the vma scan starving issue Mel Gorman <mgorman(a)techsingularity.net> sched/numa: Complete scanning of inactive VMAs when there is no alternative Mel Gorman <mgorman(a)techsingularity.net> sched/numa: Complete scanning of partial VMAs regardless of PID activity Raghavendra K T <raghavendra.kt(a)amd.com> sched/numa: Move up the access pid reset logic Mel Gorman <mgorman(a)techsingularity.net> sched/numa: Trace decisions related to skipping VMAs Mel Gorman <mgorman(a)techsingularity.net> sched/numa: Rename vma_numab_state::access_pids[] => ::pids_active[], ::next_pid_reset => ::pids_active_reset Mel Gorman <mgorman(a)techsingularity.net> sched/numa: Document vma_numab_state fields Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: check stripe size compatibility on remount as well Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> ext4: avoid OOB when system.data xattr changes underneath the filesystem Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> ext4: return error on ext4_find_inline_entry Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: avoid negative min_clusters in find_group_orlov() Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: avoid potential buffer_head leak in __ext4_new_inode() Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: avoid buffer_head leak in ext4_mark_inode_used() Jiawei Ye <jiawei.ye(a)foxmail.com> smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso yangerkun <yangerkun(a)huawei.com> ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard Chen Yu <yu.c.chen(a)intel.com> kthread: fix task state in kthread worker if being frozen Lasse Collin <lasse.collin(a)tukaani.org> xz: cleanup CRC32 edits from 2018 Eduard Zingerman <eddyz87(a)gmail.com> bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos Jiangshan Yi <yijiangshan(a)kylinos.cn> samples/bpf: Fix compilation errors with cf-protection option Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix error compiling tc_redirect.c with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compile if backtrace support missing in libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix redefinition errors compiling lwt_reroute.c Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Fix flaky selftest lwt_redirect/lwt_reroute Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix C++ compile error from missing _Bool type Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix error compiling test_lru_map.c Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix arg parsing in veristat, test_progs Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix errors compiling decap_sanity.c with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling core_reloc.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling tcp_rtt.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling flow_dissector.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling kfree_skb.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix include of <sys/fcntl.h> Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Add a cgroup prog bpf_get_ns_current_pid_tgid() test Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Refactor out some functions in ns_current_pid_tgid test Yonghong Song <yonghong.song(a)linux.dev> selftests/bpf: Replace CHECK with ASSERT_* in ns_current_pid_tgid test Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix missing BUILD_BUG_ON() declaration Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix missing UINT_MAX definitions in benchmarks Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Drop unneeded error.h includes Tushar Vyavahare <tushar.vyavahare(a)intel.com> selftests/bpf: Implement get_hw_ring_size function to retrieve current and max interface size Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Use pid_t consistently in test_progs.c Tony Ambardar <tony.ambardar(a)gmail.com> tools/runqslower: Fix LDFLAGS and add LDLIBS support Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix wrong binary in Makefile log output Cupertino Miranda <cupertino.miranda(a)oracle.com> selftests/bpf: Add CFLAGS per source file and runner Jose E. Marchesi <jose.marchesi(a)oracle.com> bpf: Temporarily define BPF_NO_PRESEVE_ACCESS_INDEX for GCC Jose E. Marchesi <jose.marchesi(a)oracle.com> bpf: Disable some `attribute ignored' warnings in GCC Jose E. Marchesi <jose.marchesi(a)oracle.com> bpf: Use -Wno-error in certain tests when building with GCC Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix error linking uprobe_multi on mips Alexei Starovoitov <ast(a)kernel.org> selftests/bpf: Workaround strict bpf_lsm return value check. Tianchen Ding <dtcccc(a)linux.alibaba.com> sched/fair: Make SCHED_IDLE entity be preempted in strict hierarchy Jonathan McDowell <noodles(a)meta.com> tpm: Clean up TPM space after command failure Juergen Gross <jgross(a)suse.com> xen/swiotlb: fix allocated size Juergen Gross <jgross(a)suse.com> xen/swiotlb: add alignment check for dma buffers Juergen Gross <jgross(a)suse.com> xen: tolerate ACPI NVS memory overlapping with Xen allocated memory Juergen Gross <jgross(a)suse.com> xen: add capability to remap non-RAM pages to different PFNs Juergen Gross <jgross(a)suse.com> xen: move max_pfn in xen_memory_setup() out of function scope Juergen Gross <jgross(a)suse.com> xen: introduce generic helper checking for memory map conflicts Linus Torvalds <torvalds(a)linux-foundation.org> minmax: avoid overly complex min()/max() macro arguments in xen Niklas Cassel <cassel(a)kernel.org> ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense data Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Do not warn about dropped packets for first packet Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Support sequence numbers smaller than 16-bit Juergen Gross <jgross(a)suse.com> xen: use correct end address of kernel for conflict checking Yuesong Li <liyuesong(a)vivo.com> drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() Sherry Yang <sherry.yang(a)oracle.com> drm/msm: fix %s null argument error Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dsi: correct programming sequence for SM8350 / SM8450 Wolfram Sang <wsa+renesas(a)sang-engineering.com> ipmi: docs: don't advertise deprecated sysfs entries Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: workaround early ring-buffer emptiness check Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: fix races in preemption evaluation stage Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: properly clear preemption records on resume Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: disable preemption in submits by default Aleksandr Mishin <amishin(a)t-argos.ru> drm/msm: Fix incorrect file name output in adreno_request_fw() Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Inconditionally use CFUNC macro Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/8xx: Fix kernel vs user address comparison Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/8xx: Fix initial memory mapping Fei Shao <fshao(a)chromium.org> drm/mediatek: Use spin_lock_irqsave() for CRTC event lock Jason-JH.Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Fix missing configuration flags in mtk_crtc_ddp_config() Jeongjun Park <aha310510(a)gmail.com> jfs: fix out-of-bounds in dbNextAG() and diAlloc() Dan Carpenter <dan.carpenter(a)linaro.org> scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() Stefan Wahren <wahrenst(a)gmx.net> drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get Liu Ying <victor.liu(a)nxp.com> drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets Jonas Karlman <jonas(a)kwiboo.se> drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode Alex Bee <knaerzche(a)gmail.com> drm/rockchip: vop: Allow 4096px width scaling WangYuli <wangyuli(a)uniontech.com> drm/amd/amdgpu: Properly tune the size of struct Finn Thain <fthain(a)linux-m68k.org> scsi: NCR5380: Check for phase match during PDMA fixup Gilbert Wu <Gilbert.Wu(a)microchip.com> scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: properly handle vbios fake edid sizing Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: properly handle vbios fake edid sizing Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func Claudiu Beznea <claudiu.beznea(a)microchip.com> drm/stm: ltdc: check memory returned by devm_kzalloc() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/stm: Fix an error handling path in stm_drm_platform_probe() Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: core: Harden inter-column space in debug summary Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> iommu/arm-smmu-qcom: apply num_context_bank fixes for SDM630 / SDM660 Konrad Dybcio <konrad.dybcio(a)linaro.org> iommu/arm-smmu-qcom: Work around SDM845 Adreno SMMU w/ 16K pages Marc Gonzalez <mgonzalez(a)freebox.fr> iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: mtk: Fix init error path Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: mtk: Factorize out the logic cleaning mtk chips Jinjie Ruan <ruanjinjie(a)huawei.com> mtd: rawnand: mtk: Use for_each_child_of_node_scoped() Frederic Weisbecker <frederic(a)kernel.org> rcu/nocb: Fix RT throttling hrtimer armed from offline CPU Charles Han <hanchunchao(a)inspur.com> mtd: powernv: Add check devm_kasprintf() returned value Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Do not set the D bit on AMD v2 table entries Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() Artur Weber <aweber.kernel(a)gmail.com> power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense Chris Morgan <macromorgan(a)hotmail.com> power: supply: axp20x_battery: Remove design from min and max voltage Yuntao Liu <liuyuntao12(a)huawei.com> hwmon: (ntc_thermistor) fix module autoloading Mirsad Todorovac <mtodorovac69(a)gmail.com> mtd: slram: insert break after errors in parsing the map Guenter Roeck <linux(a)roeck-us.net> hwmon: (max16065) Fix alarm attributes Andrew Davis <afd(a)ti.com> hwmon: (max16065) Remove use of i2c_match_id() Guenter Roeck <linux(a)roeck-us.net> hwmon: (max16065) Fix overflows seen when writing limits tangbin <tangbin(a)cmss.chinamobile.com> ASoC: loongson: fix error release Finn Thain <fthain(a)linux-m68k.org> m68k: Fix kernel_clone_args.flags in m68k_clone() Yuntao Liu <liuyuntao12(a)huawei.com> ALSA: hda: cs35l41: fix module autoloading Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests/ftrace: Add required dependency for kprobe tests Linus Walleij <linus.walleij(a)linaro.org> ASoC: tas2781-i2c: Get the right GPIO line Linus Walleij <linus.walleij(a)linaro.org> ASoC: tas2781-i2c: Drop weird GPIO code Rob Herring (Arm) <robh(a)kernel.org> ASoC: tas2781: Use of_property_read_reg() Gergo Koteles <soyer(a)irl.hu> ASoC: tas2781: remove unused acpi_subysystem_id Ma Ke <make24(a)iscas.ac.cn> ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error Yosry Ahmed <yosryahmed(a)google.com> x86/mm: Use IPIs to synchronize LAM enablement Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195: Correct clock order for dp_intf* Ankit Agrawal <agrawal.ag.ankit(a)gmail.com> clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> reset: k210: fix OF node leak in probe() error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> reset: berlin: fix OF node leak in probe() error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: versatile: fix OF node leak in CPUs prepare Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property Claudiu Beznea <claudiu.beznea(a)tuxon.dev> ARM: dts: microchip: sama7g5: Fix RTT clock Jinjie Ruan <ruanjinjie(a)huawei.com> spi: bcmbca-hsspi: Fix missing pm_runtime_disable() Andrew Davis <afd(a)ti.com> arm64: dts: ti: k3-j721e-beagleboneai64: Fix reversed C6x carveout locations Andrew Davis <afd(a)ti.com> arm64: dts: ti: k3-j721e-sk: Fix reversed C6x carveout locations Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Correct vendor prefix for Hardkernel ODROID-M1 Alexander Dahl <ada(a)thorsis.com> ARM: dts: microchip: sam9x60: Fix rtc/rtt clocks Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: r9a07g044: Correct GICD and GICR sizes Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: r9a07g054: Correct GICD and GICR sizes Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: r9a07g043u: Correct GICD and GICR sizes Chen-Yu Tsai <wenst(a)chromium.org> regulator: Return actual error in of_regulator_bulk_get_all() Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Fix double free in OPTEE transport AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8186: Fix supported-hw mask for GPU OPPs David Virag <virag.david003(a)gmail.com> arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB Ma Ke <make24(a)iscas.ac.cn> spi: ppc4xx: handle irq_of_parse_and_map() errors Riyan Dhiman <riyandhiman14(a)gmail.com> block: fix potential invalid pointer dereference in blk_add_partition Christian Heusel <christian(a)heusel.eu> block: print symbolic error name instead of error code Felix Moessbauer <felix.moessbauer(a)siemens.com> io_uring/io-wq: inherit cpuset of cgroup in io worker Felix Moessbauer <felix.moessbauer(a)siemens.com> io_uring/io-wq: do not allow pinning outside of cpuset Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix procress reference leakage for bfqq in merge chain Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix uaf for accessing waker_bfqq after splitting Gao Xiang <xiang(a)kernel.org> erofs: fix incorrect symlink detection in fast symlink David Howells <dhowells(a)redhat.com> cachefiles: Fix non-taking of sb_writers around set/removexattr Yu Kuai <yukuai3(a)huawei.com> block, bfq: don't break merge chain in bfq_split_bfqq() Yu Kuai <yukuai3(a)huawei.com> block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix possible UAF for bfqq->bic with merge chain Ming Lei <ming.lei(a)redhat.com> nbd: fix race between timeout and normal completion Ming Lei <ming.lei(a)redhat.com> ublk: move zone report data out of request pdu Eric Dumazet <edumazet(a)google.com> ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() Su Hui <suhui(a)nfschina.com> net: tipc: avoid possible garbage value Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input Heiner Kallweit <hkallweit1(a)gmail.com> r8169: disable ALDPS per default for RTL8125 Jinjie Ruan <ruanjinjie(a)huawei.com> net: enetc: Use IRQF_NO_AUTOEN flag in request_irq() Guillaume Nault <gnault(a)redhat.com> bareudp: Pull inner IP header on xmit. Guillaume Nault <gnault(a)redhat.com> bareudp: Pull inner IP header in bareudp_udp_encap_recv(). Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btusb: Fix not handling ZPL/short-transfer Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_close(): stop clocks after device has been shut down Jake Hamby <Jake.Hamby(a)Teledyne.com> can: m_can: enable NAPI before enabling interrupts Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). Eric Dumazet <edumazet(a)google.com> sock_map: Add a cond_resched() in sock_hash_free() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED Jiawei Ye <jiawei.ye(a)foxmail.com> wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7996: fix uninitialized TLV data Benjamin Lin <benjamin-jw.lin(a)mediatek.com> wifi: mt76: mt7996: ensure 4-byte alignment for beacon commands Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7915: fix rx filter setting for bfee functionality Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7603: fix mixed declarations and code Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/qm - inject error before stopping queue Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/qm - reset device before enabling it Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/hpre - mask cluster timeout error John B. Wyatt IV <jwyatt(a)redhat.com> pm:cpupower: Add missing powercap_set_enabled() stub function Aaron Lu <aaron.lu(a)intel.com> x86/sgx: Fix deadlock in SGX NUMA node search Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix EHT beamforming capability check Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix HE and EHT beamforming capabilities Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: fix wmm set of station interface to 3 Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: fix traffic delay when switching back to working channel Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: use hweight16 to get correct tx antenna Bjørn Mork <bjorn(a)mork.no> wifi: mt76: mt7915: fix oops on non-dbdc mt7986 Nishanth Menon <nm(a)ti.com> cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Ensure dtm_idx is big enough Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Fix CCLA register offset Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Refactor node ID handling. Again. Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Improve debugfs pretty-printing for large configs Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Rework DTC counters (again) Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: remove annotation to access set timeout while holding lock Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject expiration higher than timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject element expiration with no timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire Clément Léger <cleger(a)rivosinc.com> ACPI: CPPC: Fix MASK_VAL() usage Zhang Changzhong <zhangchangzhong(a)huawei.com> can: j1939: use correct function name in comment Mark Brown <broonie(a)kernel.org> kselftest/arm64: Actually test SME vector length changes via sigreturn Yicong Yang <yangyicong(a)hisilicon.com> drivers/perf: hisi_pcie: Fix TLP headers bandwidth counting Yicong Yang <yangyicong(a)hisilicon.com> drivers/perf: hisi_pcie: Record hardware counts correctly Kamlesh Gurudasani <kamlesh(a)ti.com> padata: Honor the caller's alignment in case of chunk_size 0 Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: increase the time between ranging measurements Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: config: label 'gl' devices as discrete Golan Ben Ami <golan.ben.ami(a)intel.com> wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL Ping-Ke Shih <pkshih(a)realtek.com> wifi: mac80211: don't use rate mask for offchannel TX either Jing Zhang <renyu.zj(a)linux.alibaba.com> drivers/perf: Fix ali_drw_pmu driver interrupt status clearing Andre Przywara <andre.przywara(a)arm.com> kselftest/arm64: signal: fix/refactor SVE vector length enumeration Dan Carpenter <dan.carpenter(a)linaro.org> powercap: intel_rapl: Fix off by one in get_rpi() Calvin Owens <calvin(a)wbinvd.org> ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Olaf Hering <olaf(a)aepfle.de> mount: handle OOM on mnt_warn_timestamp_expiry Atish Patra <atishp(a)rivosinc.com> RISC-V: KVM: Fix to allow hpmcounter31 from the guest Atish Patra <atishp(a)rivosinc.com> RISC-V: KVM: Allow legacy PMU access from guest Andrew Jones <ajones(a)ventanamicro.com> RISC-V: KVM: Fix sbiret init before forwarding to userspace Dmitry Kandybka <d.kandybka(a)gmail.com> wifi: rtw88: remove CPT execution branch never used Dave Martin <Dave.Martin(a)arm.com> arm64: signal: Fix some under-bracketed UAPI macros Yanteng Si <siyanteng(a)loongson.cn> net: stmmac: dwmac-loongson: Init ref and PTP clocks rate Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix invalid AMPDU factor calculation in ath12k_peer_assoc_h_he() P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: match WMI BSS chan info structure with firmware definition P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: fix BSS chan info request WMI command Toke Høiland-Jørgensen <toke(a)redhat.com> wifi: ath9k: Remove error checks when creating debugfs entries Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmfmac: introducing fwil query functions Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmfmac: export firmware interface functions Aleksandr Mishin <amishin(a)t-argos.ru> ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() Helge Deller <deller(a)kernel.org> crypto: xor - fix template benchmarking Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtw88: always wait for both firmware loading attempts Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/synopsys: Fix error injection on Zynq UltraScale+ Serge Semin <fancer.lancer(a)gmail.com> EDAC/synopsys: Fix ECC status and IRQ control race condition ------------- Diffstat: .gitignore | 1 - .../ABI/testing/sysfs-bus-iio-filter-admv8818 | 2 +- Documentation/arch/arm64/silicon-errata.rst | 2 + .../iio/magnetometer/asahi-kasei,ak8975.yaml | 1 - .../devicetree/bindings/spi/spi-nxp-fspi.yaml | 19 +- Documentation/driver-api/ipmi.rst | 2 +- Documentation/virt/kvm/locking.rst | 33 +- Makefile | 4 +- arch/arm/boot/dts/microchip/sam9x60.dtsi | 4 +- arch/arm/boot/dts/microchip/sama7g5.dtsi | 2 +- arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts | 2 +- arch/arm/boot/dts/nxp/imx/imx7d-zii-rmu2.dts | 2 +- arch/arm/mach-ep93xx/clock.c | 2 +- arch/arm/mach-versatile/platsmp-realview.c | 1 + arch/arm/vfp/vfpinstr.h | 44 +- arch/arm64/Kconfig | 2 +- .../boot/dts/exynos/exynos7885-jackpotlte.dts | 2 +- arch/arm64/boot/dts/mediatek/mt8186.dtsi | 12 +- arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt8195.dtsi | 12 +- arch/arm64/boot/dts/qcom/sa8775p.dtsi | 2 + arch/arm64/boot/dts/renesas/r9a07g043u.dtsi | 4 +- arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 4 +- arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 4 +- .../boot/dts/rockchip/rk3399-pinebook-pro.dts | 4 +- arch/arm64/boot/dts/rockchip/rk3568-odroid-m1.dts | 2 +- arch/arm64/boot/dts/ti/k3-j721e-beagleboneai64.dts | 4 +- arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 4 +- arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/esr.h | 88 +-- arch/arm64/include/uapi/asm/sigcontext.h | 6 +- arch/arm64/kernel/cpu_errata.c | 10 +- arch/arm64/kvm/hyp/nvhe/ffa.c | 21 +- arch/m68k/kernel/process.c | 2 +- arch/powerpc/crypto/Kconfig | 1 + arch/powerpc/include/asm/asm-compat.h | 6 + arch/powerpc/include/asm/atomic.h | 5 +- arch/powerpc/include/asm/uaccess.h | 7 +- arch/powerpc/kernel/head_8xx.S | 6 +- arch/powerpc/kernel/vdso/gettimeofday.S | 4 - arch/powerpc/mm/nohash/8xx.c | 4 +- arch/riscv/include/asm/kvm_vcpu_pmu.h | 21 +- arch/riscv/kernel/perf_callchain.c | 2 +- arch/riscv/kvm/vcpu_sbi.c | 4 +- arch/x86/coco/tdx/tdx.c | 6 + arch/x86/events/intel/pt.c | 15 +- arch/x86/include/asm/acpi.h | 8 + arch/x86/include/asm/hardirq.h | 8 +- arch/x86/include/asm/idtentry.h | 73 +- arch/x86/kernel/acpi/boot.c | 11 + arch/x86/kernel/cpu/sgx/main.c | 27 +- arch/x86/kernel/jailhouse.c | 1 + arch/x86/kernel/mmconf-fam10h_64.c | 1 + arch/x86/kernel/process_64.c | 29 +- arch/x86/kernel/smpboot.c | 1 + arch/x86/kernel/x86_init.c | 1 + arch/x86/kvm/lapic.c | 35 +- arch/x86/mm/tlb.c | 7 +- arch/x86/pci/fixup.c | 4 +- arch/x86/xen/mmu_pv.c | 5 +- arch/x86/xen/p2m.c | 98 +++ arch/x86/xen/setup.c | 203 ++++-- arch/x86/xen/xen-ops.h | 6 +- block/bfq-iosched.c | 81 +- block/partitions/core.c | 8 +- crypto/asymmetric_keys/asymmetric_type.c | 7 +- crypto/xor.c | 31 +- drivers/acpi/cppc_acpi.c | 43 +- drivers/acpi/device_sysfs.c | 5 +- drivers/acpi/pmic/tps68470_pmic.c | 6 +- drivers/acpi/resource.c | 6 + drivers/ata/libata-eh.c | 8 + drivers/ata/libata-scsi.c | 5 +- drivers/base/core.c | 15 +- drivers/base/firmware_loader/main.c | 30 + drivers/base/module.c | 14 +- drivers/base/power/domain.c | 2 +- drivers/block/drbd/drbd_main.c | 8 +- drivers/block/drbd/drbd_state.c | 2 +- drivers/block/nbd.c | 13 +- drivers/block/ublk_drv.c | 62 +- drivers/bluetooth/btusb.c | 5 +- drivers/bus/arm-integrator-lm.c | 1 + drivers/bus/mhi/host/pci_generic.c | 13 +- drivers/char/hw_random/bcm2835-rng.c | 4 +- drivers/char/hw_random/cctrng.c | 1 + drivers/char/hw_random/mtk-rng.c | 2 +- drivers/char/tpm/tpm-dev-common.c | 2 + drivers/char/tpm/tpm2-space.c | 3 + drivers/clk/at91/sama7g5.c | 5 +- drivers/clk/imx/clk-composite-7ulp.c | 7 + drivers/clk/imx/clk-composite-8m.c | 61 +- drivers/clk/imx/clk-composite-93.c | 15 +- drivers/clk/imx/clk-fracn-gppll.c | 4 + drivers/clk/imx/clk-imx6ul.c | 4 +- drivers/clk/imx/clk-imx8mp-audiomix.c | 13 +- drivers/clk/imx/clk-imx8mp.c | 4 +- drivers/clk/imx/clk-imx8qxp.c | 10 +- drivers/clk/qcom/clk-alpha-pll.c | 52 ++ drivers/clk/qcom/clk-alpha-pll.h | 2 + drivers/clk/qcom/dispcc-sm8250.c | 9 +- drivers/clk/qcom/dispcc-sm8550.c | 14 +- drivers/clk/qcom/gcc-ipq5332.c | 1 + drivers/clk/rockchip/clk-rk3228.c | 2 +- drivers/clk/rockchip/clk-rk3588.c | 2 +- drivers/clk/starfive/clk-starfive-jh7110-vout.c | 2 +- drivers/clk/ti/clk-dra7-atl.c | 1 + drivers/clocksource/timer-qcom.c | 7 +- drivers/cpufreq/ti-cpufreq.c | 10 +- drivers/cpuidle/cpuidle-riscv-sbi.c | 21 +- drivers/crypto/caam/caamhash.c | 1 + drivers/crypto/ccp/sev-dev.c | 2 + drivers/crypto/hisilicon/hpre/hpre_main.c | 54 +- drivers/crypto/hisilicon/qm.c | 151 ++-- drivers/crypto/hisilicon/sec2/sec_main.c | 16 +- drivers/crypto/hisilicon/zip/zip_main.c | 23 +- drivers/cxl/core/pci.c | 8 +- drivers/edac/igen6_edac.c | 2 +- drivers/edac/synopsys_edac.c | 85 ++- drivers/firewire/core-cdev.c | 2 +- drivers/firmware/arm_scmi/optee.c | 7 + drivers/firmware/efi/libstub/tpm.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgv_sriovmsg.h | 4 +- drivers/gpu/drm/amd/amdgpu/atombios_encoders.c | 29 +- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 + .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 9 +- drivers/gpu/drm/amd/display/dc/dc_dsc.h | 3 +- drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c | 6 +- drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 5 +- .../drm/amd/display/modules/freesync/freesync.c | 2 +- drivers/gpu/drm/bridge/lontium-lt8912b.c | 35 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 +- drivers/gpu/drm/mediatek/mtk_drm_crtc.c | 32 +- drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 12 +- drivers/gpu/drm/msm/adreno/a5xx_gpu.h | 2 + drivers/gpu/drm/msm/adreno/a5xx_preempt.c | 30 +- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 2 +- drivers/gpu/drm/msm/disp/mdp5/mdp5_smp.c | 2 +- drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 12 +- drivers/gpu/drm/radeon/evergreen_cs.c | 62 +- drivers/gpu/drm/radeon/radeon_atombios.c | 29 +- drivers/gpu/drm/rockchip/dw_hdmi-rockchip.c | 2 + drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 4 +- drivers/gpu/drm/stm/drv.c | 4 +- drivers/gpu/drm/stm/ltdc.c | 2 + drivers/gpu/drm/vc4/vc4_hdmi.c | 8 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 13 +- drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 3 + drivers/hid/wacom_wac.c | 13 +- drivers/hid/wacom_wac.h | 2 +- drivers/hwmon/max16065.c | 27 +- drivers/hwmon/ntc_thermistor.c | 1 + drivers/hwtracing/coresight/coresight-tmc-etr.c | 2 +- drivers/i2c/busses/i2c-aspeed.c | 16 +- drivers/i2c/busses/i2c-isch.c | 3 +- drivers/iio/adc/ad7606.c | 8 +- drivers/iio/adc/ad7606_spi.c | 5 +- drivers/iio/chemical/bme680_core.c | 7 + drivers/iio/magnetometer/ak8975.c | 85 +-- drivers/infiniband/core/cache.c | 4 +- drivers/infiniband/core/iwcm.c | 2 +- drivers/infiniband/hw/cxgb4/cm.c | 5 + drivers/infiniband/hw/erdma/erdma_verbs.c | 25 +- drivers/infiniband/hw/hns/hns_roce_hem.c | 22 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 33 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 16 +- drivers/infiniband/hw/irdma/verbs.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 2 +- drivers/infiniband/hw/mlx5/mr.c | 14 +- drivers/infiniband/ulp/rtrs/rtrs-clt.c | 9 +- drivers/infiniband/ulp/rtrs/rtrs-srv.c | 1 + drivers/input/keyboard/adp5588-keys.c | 2 +- drivers/input/serio/i8042-acpipnpio.h | 37 + drivers/input/touchscreen/ilitek_ts_i2c.c | 18 +- drivers/interconnect/icc-clk.c | 3 +- drivers/iommu/amd/io_pgtable_v2.c | 2 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 28 + drivers/iommu/iommufd/io_pagetable.c | 8 + drivers/leds/leds-bd2606mvv.c | 23 +- drivers/leds/leds-pca995x.c | 78 +- drivers/md/dm-rq.c | 4 +- drivers/md/dm.c | 11 +- drivers/media/dvb-frontends/rtl2830.c | 2 +- drivers/media/dvb-frontends/rtl2832.c | 2 +- .../vcodec/decoder/vdec/vdec_h264_req_if.c | 9 +- .../vcodec/decoder/vdec/vdec_h264_req_multi_if.c | 9 +- .../mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c | 10 +- .../media/platform/renesas/rzg2l-cru/rzg2l-csi2.c | 1 + drivers/media/tuners/tuner-i2c.h | 4 +- drivers/mtd/devices/powernv_flash.c | 3 + drivers/mtd/devices/slram.c | 2 + drivers/mtd/nand/raw/mtk_nand.c | 36 +- drivers/net/bareudp.c | 26 +- drivers/net/bonding/bond_main.c | 6 +- drivers/net/can/m_can/m_can.c | 14 +- drivers/net/can/usb/esd_usb.c | 6 +- drivers/net/ethernet/freescale/enetc/enetc.c | 3 +- drivers/net/ethernet/realtek/r8169_phy_config.c | 2 + drivers/net/ethernet/seeq/ether3.c | 2 + .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 3 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/ethernet/wangxun/libwx/wx_lib.c | 2 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 37 +- drivers/net/usb/usbnet.c | 37 +- drivers/net/virtio_net.c | 10 +- drivers/net/wireless/ath/ath12k/mac.c | 5 +- drivers/net/wireless/ath/ath12k/wmi.c | 1 + drivers/net/wireless/ath/ath12k/wmi.h | 3 +- drivers/net/wireless/ath/ath9k/debug.c | 2 - drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 - .../wireless/broadcom/brcm80211/brcmfmac/btcoex.c | 2 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 26 +- .../wireless/broadcom/brcm80211/brcmfmac/fwil.c | 115 +-- .../wireless/broadcom/brcm80211/brcmfmac/fwil.h | 145 +++- drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 11 + drivers/net/wireless/intel/iwlwifi/iwl-config.h | 1 + drivers/net/wireless/intel/iwlwifi/mvm/constants.h | 2 +- drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 36 +- drivers/net/wireless/mediatek/mt76/mac80211.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7603/dma.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7615/init.c | 3 + drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 + drivers/net/wireless/mediatek/mt76/mt7915/main.c | 3 +- drivers/net/wireless/mediatek/mt76/mt7921/init.c | 2 + drivers/net/wireless/mediatek/mt76/mt7996/init.c | 65 +- drivers/net/wireless/mediatek/mt76/mt7996/main.c | 6 +- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 23 +- drivers/net/wireless/mediatek/mt76/mt7996/mcu.h | 4 +- drivers/net/wireless/microchip/wilc1000/hif.c | 4 +- drivers/net/wireless/realtek/rtw88/coex.c | 38 +- drivers/net/wireless/realtek/rtw88/fw.c | 13 +- drivers/net/wireless/realtek/rtw88/main.c | 7 +- drivers/net/wireless/realtek/rtw88/rtw8821cu.c | 2 - drivers/net/wireless/realtek/rtw88/rtw8822c.c | 12 +- drivers/ntb/hw/intel/ntb_hw_gen1.c | 2 +- drivers/ntb/ntb_transport.c | 23 +- drivers/ntb/test/ntb_perf.c | 2 +- drivers/nvdimm/namespace_devs.c | 34 +- drivers/nvme/host/multipath.c | 2 +- drivers/pci/controller/dwc/pci-dra7xx.c | 3 +- drivers/pci/controller/dwc/pci-imx6.c | 7 +- drivers/pci/controller/dwc/pci-keystone.c | 2 +- drivers/pci/controller/dwc/pcie-kirin.c | 4 +- drivers/pci/controller/pcie-xilinx-nwl.c | 39 +- drivers/pci/pci.c | 20 +- drivers/pci/pci.h | 6 +- drivers/pci/quirks.c | 31 +- drivers/perf/alibaba_uncore_drw_pmu.c | 2 +- drivers/perf/arm-cmn.c | 242 +++--- drivers/perf/hisilicon/hisi_pcie_pmu.c | 16 +- drivers/pinctrl/bcm/pinctrl-ns.c | 8 +- drivers/pinctrl/berlin/berlin-bg2.c | 8 +- drivers/pinctrl/berlin/berlin-bg2cd.c | 8 +- drivers/pinctrl/berlin/berlin-bg2q.c | 8 +- drivers/pinctrl/berlin/berlin-bg4ct.c | 9 +- drivers/pinctrl/berlin/pinctrl-as370.c | 9 +- drivers/pinctrl/mvebu/pinctrl-armada-38x.c | 9 +- drivers/pinctrl/mvebu/pinctrl-armada-39x.c | 9 +- drivers/pinctrl/mvebu/pinctrl-armada-ap806.c | 5 +- drivers/pinctrl/mvebu/pinctrl-armada-cp110.c | 6 +- drivers/pinctrl/mvebu/pinctrl-armada-xp.c | 9 +- drivers/pinctrl/mvebu/pinctrl-dove.c | 48 +- drivers/pinctrl/mvebu/pinctrl-kirkwood.c | 7 +- drivers/pinctrl/mvebu/pinctrl-orion.c | 7 +- drivers/pinctrl/nomadik/pinctrl-abx500.c | 9 +- drivers/pinctrl/nomadik/pinctrl-nomadik.c | 10 +- drivers/pinctrl/pinctrl-at91.c | 11 +- drivers/pinctrl/pinctrl-single.c | 3 +- drivers/pinctrl/pinctrl-xway.c | 11 +- drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 113 ++- drivers/power/supply/axp20x_battery.c | 16 +- drivers/power/supply/max17042_battery.c | 5 +- drivers/powercap/intel_rapl_common.c | 2 +- drivers/pps/clients/pps_parport.c | 14 +- drivers/regulator/of_regulator.c | 2 +- drivers/remoteproc/imx_rproc.c | 6 +- drivers/reset/reset-berlin.c | 3 +- drivers/reset/reset-k210.c | 3 +- drivers/scsi/NCR5380.c | 78 +- drivers/scsi/elx/libefc/efc_nport.c | 2 +- drivers/scsi/mac_scsi.c | 166 ++--- drivers/scsi/sd.c | 2 +- drivers/scsi/smartpqi/smartpqi_init.c | 20 +- drivers/soc/fsl/qe/tsa.c | 2 +- drivers/soc/qcom/smd-rpm.c | 35 +- drivers/soc/versatile/soc-integrator.c | 1 + drivers/soc/versatile/soc-realview.c | 20 +- drivers/spi/atmel-quadspi.c | 15 +- drivers/spi/spi-bcmbca-hsspi.c | 8 +- drivers/spi/spi-fsl-lpspi.c | 1 + drivers/spi/spi-nxp-fspi.c | 54 +- drivers/spi/spi-ppc4xx.c | 7 +- drivers/thunderbolt/switch.c | 331 +++++++-- drivers/thunderbolt/tb.c | 812 ++++++++++++++++----- drivers/thunderbolt/tb.h | 56 +- drivers/thunderbolt/tb_regs.h | 9 +- drivers/thunderbolt/tunnel.c | 217 ++++-- drivers/thunderbolt/tunnel.h | 26 +- drivers/thunderbolt/usb4.c | 116 ++- drivers/tty/serial/8250/8250_omap.c | 2 +- drivers/tty/serial/qcom_geni_serial.c | 31 +- drivers/tty/serial/rp2.c | 2 +- drivers/tty/serial/serial_core.c | 14 +- drivers/ufs/host/ufs-qcom.c | 2 +- drivers/usb/cdns3/cdnsp-ring.c | 6 +- drivers/usb/cdns3/host.c | 4 +- drivers/usb/class/cdc-acm.c | 2 + drivers/usb/dwc2/drd.c | 9 + drivers/usb/host/xhci-mem.c | 5 +- drivers/usb/host/xhci-pci.c | 17 +- drivers/usb/host/xhci-ring.c | 14 + drivers/usb/host/xhci.h | 3 + drivers/usb/misc/appledisplay.c | 15 +- drivers/usb/misc/cypress_cy7c63.c | 4 + drivers/usb/misc/yurex.c | 24 +- drivers/vhost/vdpa.c | 16 +- drivers/video/fbdev/hpfb.c | 1 + drivers/watchdog/imx_sc_wdt.c | 24 - drivers/xen/swiotlb-xen.c | 10 +- fs/btrfs/btrfs_inode.h | 47 +- fs/btrfs/ctree.h | 2 + fs/btrfs/extent-tree.c | 4 +- fs/btrfs/file.c | 34 +- fs/btrfs/ioctl.c | 4 +- fs/btrfs/subpage.c | 10 +- fs/btrfs/tree-checker.c | 2 +- fs/cachefiles/xattr.c | 34 +- fs/crypto/fname.c | 8 +- fs/ecryptfs/crypto.c | 10 - fs/erofs/inode.c | 20 +- fs/ext4/ialloc.c | 14 +- fs/ext4/inline.c | 35 +- fs/ext4/mballoc.c | 10 +- fs/ext4/super.c | 29 +- fs/f2fs/compress.c | 87 ++- fs/f2fs/data.c | 14 +- fs/f2fs/dir.c | 3 +- fs/f2fs/extent_cache.c | 4 +- fs/f2fs/f2fs.h | 48 +- fs/f2fs/file.c | 167 +++-- fs/f2fs/inode.c | 5 + fs/f2fs/namei.c | 69 -- fs/f2fs/segment.c | 8 + fs/f2fs/super.c | 20 +- fs/f2fs/xattr.c | 14 +- fs/fcntl.c | 14 +- fs/inode.c | 4 + fs/jfs/jfs_dmap.c | 4 +- fs/jfs/jfs_imap.c | 2 +- fs/namei.c | 6 +- fs/namespace.c | 14 +- fs/nfs/nfs4state.c | 1 + fs/nfsd/filecache.c | 3 +- fs/nfsd/nfs4idmap.c | 13 +- fs/nfsd/nfs4recover.c | 8 + fs/nilfs2/btree.c | 12 +- fs/smb/server/vfs.c | 19 +- include/acpi/cppc_acpi.h | 2 + include/linux/bitmap.h | 77 ++ include/linux/bpf.h | 7 +- include/linux/f2fs_fs.h | 2 +- include/linux/fs.h | 11 + include/linux/mm.h | 4 +- include/linux/mm_types.h | 31 +- include/linux/sbitmap.h | 2 +- include/linux/sched/numa_balancing.h | 10 + include/linux/usb/usbnet.h | 15 + include/linux/xarray.h | 6 + include/net/bluetooth/hci_core.h | 4 +- include/net/ip.h | 2 + include/net/mac80211.h | 7 +- include/net/tcp.h | 21 +- include/sound/tas2781.h | 8 +- include/trace/events/f2fs.h | 3 +- include/trace/events/sched.h | 52 ++ io_uring/io-wq.c | 25 +- io_uring/io_uring.c | 4 +- io_uring/sqpoll.c | 12 + kernel/bpf/btf.c | 8 + kernel/bpf/helpers.c | 12 +- kernel/bpf/syscall.c | 4 +- kernel/bpf/verifier.c | 57 +- kernel/kthread.c | 10 +- kernel/locking/lockdep.c | 50 +- kernel/module/Makefile | 2 +- kernel/padata.c | 6 +- kernel/rcu/tree_nocb.h | 5 +- kernel/sched/fair.c | 134 +++- kernel/trace/bpf_trace.c | 15 +- lib/debugobjects.c | 5 +- lib/sbitmap.c | 4 +- lib/test_xarray.c | 93 +++ lib/xarray.c | 53 +- lib/xz/xz_crc32.c | 2 +- lib/xz/xz_private.h | 4 - mm/damon/vaddr.c | 2 + mm/filemap.c | 50 +- mm/mmap.c | 4 + mm/util.c | 2 +- net/bluetooth/hci_conn.c | 6 +- net/bluetooth/hci_sync.c | 5 +- net/bluetooth/mgmt.c | 13 +- net/can/bcm.c | 4 +- net/can/j1939/transport.c | 8 +- net/core/filter.c | 50 +- net/core/sock_map.c | 1 + net/ipv4/icmp.c | 103 +-- net/ipv6/Kconfig | 1 + net/ipv6/icmp.c | 28 +- net/ipv6/netfilter/nf_reject_ipv6.c | 14 +- net/ipv6/route.c | 2 +- net/ipv6/rpl_iptunnel.c | 12 +- net/mac80211/iface.c | 17 +- net/mac80211/offchannel.c | 1 + net/mac80211/rate.c | 2 +- net/mac80211/scan.c | 2 +- net/mac80211/tx.c | 2 +- net/netfilter/nf_conntrack_netlink.c | 7 +- net/netfilter/nf_tables_api.c | 16 +- net/qrtr/af_qrtr.c | 2 +- net/tipc/bcast.c | 2 +- net/wireless/nl80211.c | 3 +- net/wireless/scan.c | 6 +- net/wireless/sme.c | 3 +- samples/bpf/Makefile | 6 +- security/bpf/hooks.c | 1 - security/smack/smackfs.c | 2 +- sound/pci/hda/cs35l41_hda_spi.c | 1 + sound/pci/hda/tas2781_hda_i2c.c | 14 +- sound/soc/codecs/rt5682.c | 4 +- sound/soc/codecs/rt5682s.c | 4 +- sound/soc/codecs/tas2781-comlib.c | 4 - sound/soc/codecs/tas2781-fmwlib.c | 1 - sound/soc/codecs/tas2781-i2c.c | 56 +- sound/soc/loongson/loongson_card.c | 4 +- tools/bpf/runqslower/Makefile | 3 +- tools/perf/builtin-annotate.c | 2 +- tools/perf/builtin-inject.c | 1 + tools/perf/builtin-mem.c | 1 + tools/perf/builtin-report.c | 11 +- tools/perf/builtin-sched.c | 8 +- tools/perf/builtin-top.c | 3 +- tools/perf/ui/browsers/annotate.c | 77 +- tools/perf/ui/browsers/hists.c | 34 +- tools/perf/ui/browsers/hists.h | 2 - tools/perf/util/annotate.c | 118 +-- tools/perf/util/annotate.h | 39 +- tools/perf/util/block-info.c | 10 +- tools/perf/util/block-info.h | 3 +- tools/perf/util/hist.h | 25 +- tools/perf/util/session.c | 3 + tools/perf/util/sort.c | 14 +- tools/perf/util/stat-display.c | 3 +- tools/perf/util/time-utils.c | 4 +- tools/perf/util/tool.h | 1 + tools/power/cpupower/lib/powercap.c | 8 + tools/testing/selftests/arm64/signal/Makefile | 2 +- tools/testing/selftests/arm64/signal/sve_helpers.c | 56 ++ tools/testing/selftests/arm64/signal/sve_helpers.h | 21 + .../testcases/fake_sigreturn_sme_change_vl.c | 46 +- .../testcases/fake_sigreturn_sve_change_vl.c | 30 +- .../selftests/arm64/signal/testcases/ssve_regs.c | 36 +- .../arm64/signal/testcases/ssve_za_regs.c | 36 +- .../selftests/arm64/signal/testcases/sve_regs.c | 32 +- .../selftests/arm64/signal/testcases/za_no_regs.c | 32 +- .../selftests/arm64/signal/testcases/za_regs.c | 36 +- tools/testing/selftests/bpf/Makefile | 30 +- tools/testing/selftests/bpf/bench.c | 1 + tools/testing/selftests/bpf/bench.h | 1 + .../selftests/bpf/map_tests/sk_storage_map.c | 2 +- tools/testing/selftests/bpf/network_helpers.c | 24 + tools/testing/selftests/bpf/network_helpers.h | 4 + .../selftests/bpf/prog_tests/bpf_iter_setsockopt.c | 2 +- .../testing/selftests/bpf/prog_tests/core_reloc.c | 1 + .../selftests/bpf/prog_tests/decap_sanity.c | 1 - .../selftests/bpf/prog_tests/flow_dissector.c | 3 +- tools/testing/selftests/bpf/prog_tests/kfree_skb.c | 1 + .../testing/selftests/bpf/prog_tests/lwt_helpers.h | 2 - .../selftests/bpf/prog_tests/lwt_redirect.c | 2 +- .../testing/selftests/bpf/prog_tests/lwt_reroute.c | 2 + .../selftests/bpf/prog_tests/ns_current_pid_tgid.c | 156 +++- .../selftests/bpf/prog_tests/parse_tcp_hdr_opt.c | 1 + tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 1 - .../testing/selftests/bpf/prog_tests/tc_redirect.c | 12 +- tools/testing/selftests/bpf/prog_tests/tcp_rtt.c | 1 + .../selftests/bpf/prog_tests/user_ringbuf.c | 1 + .../testing/selftests/bpf/progs/cg_storage_multi.h | 2 - .../bpf/progs/test_libbpf_get_fd_by_id_opts.c | 1 + .../selftests/bpf/progs/test_ns_current_pid_tgid.c | 17 +- tools/testing/selftests/bpf/test_cpp.cpp | 4 + tools/testing/selftests/bpf/test_lru_map.c | 3 +- tools/testing/selftests/bpf/test_progs.c | 18 +- tools/testing/selftests/bpf/testing_helpers.c | 4 +- tools/testing/selftests/bpf/unpriv_helpers.c | 1 - tools/testing/selftests/bpf/veristat.c | 8 +- tools/testing/selftests/bpf/xdp_hw_metadata.c | 14 - .../ftrace/test.d/kprobe/kprobe_args_char.tc | 2 +- .../ftrace/test.d/kprobe/kprobe_args_string.tc | 2 +- virt/kvm/kvm_main.c | 31 +- 499 files changed, 6274 insertions(+), 3289 deletions(-)

7 months

14
16
0 0

Re: [PATCH net v4] net: dsa: lan9303: ensure chip reset and wait for READY status

by Sverdlin, Alexander

Hi Vladimir! On Fri, 2024-10-04 at 14:57 +0300, Vladimir Oltean wrote: > On Fri, Oct 04, 2024 at 01:36:54PM +0200, A. Sverdlin wrote: > > From: Anatolij Gustschin <agust(a)denx.de> > > > > Accessing device registers seems to be not reliable, the chip > > revision is sometimes detected wrongly (0 instead of expected 1). > > > > Ensure that the chip reset is performed via reset GPIO and then > > wait for 'Device Ready' status in HW_CFG register before doing > > any register initializations. > > > > Signed-off-by: Anatolij Gustschin <agust(a)denx.de> > > [alex: reworked using read_poll_timeout()] > > Signed-off-by: Alexander Sverdlin <alexander.sverdlin(a)siemens.com> > > --- > > Reviewed-by: Vladimir Oltean <olteanv(a)gmail.com> > > I see you're missing a Fixes: tag (meaning in this case: backport down > to all stable tree containing this commit). I think you can just post it > as a reply to this email, without resending, and it should get picked up > by maintainers through the same mechanism as Reviewed-by: tags. Well, the only meaningful would be the very first commit for lan9303: Fixes: a1292595e006 ("net: dsa: add new DSA switch driver for the SMSC-LAN9303") Cc: <stable(a)vger.kernel.org> -- Alexander Sverdlin Siemens AG www.siemens.com

7 months

1
0
0 0

[PATCH 6.10 000/634] 6.10.13-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.10.13 release. There are 634 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Fri, 04 Oct 2024 12:56:13 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.10.13-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.10.13-rc1 Oleg Nesterov <oleg(a)redhat.com> bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() Paolo Bonzini <pbonzini(a)redhat.com> Documentation: KVM: fix warning in "make htmldocs" Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> i2c: isch: Add missed 'else' Tommy Huang <tommy_huang(a)aspeedtech.com> i2c: aspeed: Update the stop sw state when the bus recovery occurs Liam R. Howlett <Liam.Howlett(a)oracle.com> mm/damon/vaddr: protect vma traversal in __damon_va_thre_regions() with rcu read lock Vishal Moola (Oracle) <vishal.moola(a)gmail.com> mm: change vmf_anon_prepare() to __vmf_anon_prepare() Miaohe Lin <linmiaohe(a)huawei.com> mm/huge_memory: ensure huge_zero_folio won't have large_rmappable flag set Vishal Moola (Oracle) <vishal.moola(a)gmail.com> mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Kexy Biscuit <kexybiscuit(a)aosc.io> tpm: export tpm2_sessions_init() to fix ibmvtpm building Jason Andryuk <jason.andryuk(a)amd.com> fbdev: xen-fbfront: Assign fb_info->device Dmitry Vyukov <dvyukov(a)google.com> module: Fix KCOV-ignored file name Haibo Chen <haibo.chen(a)nxp.com> spi: fspi: add support for imx8ulp David Gow <davidgow(a)google.com> mm: only enforce minimum stack gap size if it's sensible Vasily Gorbik <gor(a)linux.ibm.com> s390/ftrace: Avoid calling unwinder in ftrace_return_address() Yu Zhao <yuzhao(a)google.com> mm/hugetlb_vmemmap: batch HVO work when demoting Daniel Yang <danielyangkang(a)gmail.com> exfat: resolve memory leak from exfat_create_upcase_table() Zhiguo Niu <zhiguo.niu(a)unisoc.com> lockdep: fix deadlock issue between lockdep and rcu Tiezhu Yang <yangtiezhu(a)loongson.cn> compiler.h: specify correct attribute for .rodata..c_jump_table Mikulas Patocka <mpatocka(a)redhat.com> dm-verity: restart or panic on an I/O error Song Liu <song(a)kernel.org> bpf: lsm: Set bpf_lsm_blob_sizes.lbs_task to 0 Casey Schaufler <casey(a)schaufler-ca.com> lsm: infrastructure management of the sock security Marc Aurèle La France <tsi(a)tuyoix.net> debugfs show actual source in /proc/mounts Eric Sandeen <sandeen(a)redhat.com> debugfs: Convert to new uid/gid option parsing helpers Eric Sandeen <sandeen(a)redhat.com> fs_parse: add uid & gid option option parsing helpers Michal Kubiak <michal.kubiak(a)intel.com> idpf: fix netdev Tx queue stop/wake Alexander Lobakin <aleksander.lobakin(a)intel.com> idpf: merge singleq and splitq &net_device_ops Alexander Lobakin <aleksander.lobakin(a)intel.com> idpf: split &idpf_queue into 4 strictly-typed queue structures Alexander Lobakin <aleksander.lobakin(a)intel.com> idpf: stop using macros for accessing queue descriptors Johan Hovold <johan+linaro(a)kernel.org> serial: qcom-geni: fix console corruption Douglas Anderson <dianders(a)chromium.org> serial: qcom-geni: introduce qcom_geni_serial_poll_bitfield() Douglas Anderson <dianders(a)chromium.org> serial: qcom-geni: fix arg types for qcom_geni_serial_poll_bit() Douglas Anderson <dianders(a)chromium.org> soc: qcom: geni-se: add GP_LENGTH/IRQ_EN_SET/IRQ_EN_CLEAR registers Pawel Laszczak <pawell(a)cadence.com> usb: xhci: fix loss of data on Cadence xHC Daehwan Jung <dh10.jung(a)samsung.com> xhci: Add a quirk for writing ERST in high-low order Alexey Gladkov (Intel) <legion(a)kernel.org> x86/tdx: Fix "in-kernel MMIO" check Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Convert shared memory back to private on kexec Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/mm: Add callbacks to prepare encrypted memory for kexec Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/tdx: Account shared memory Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> x86/mm: Make x86_platform.guest.enc_status_change_*() return an error Sean Christopherson <seanjc(a)google.com> KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) Sean Christopherson <seanjc(a)google.com> KVM: x86: Make x2APIC ID 100% readonly Hou Wenlong <houwenlong.hwl(a)antgroup.com> KVM: x86: Drop unused check_apicv_inhibit_reasons() callback definition Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: versatile: realview: fix soc_dev leak during device remove Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: versatile: realview: fix memory leak during device remove Thomas Weißschuh <linux(a)weissschuh.net> tools/nolibc: include arch.h from string.h Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: imx6ull-seeed-npi: fix fsl,pins property in tscgrp pinctrl Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp pinctrl Haibo Chen <haibo.chen(a)nxp.com> dt-bindings: spi: nxp-fspi: add imx8ulp support Haibo Chen <haibo.chen(a)nxp.com> spi: fspi: involve lut_num for struct nxp_fspi_devtype_data Paul Moore <paul(a)paul-moore.com> lsm: add the inode_free_security_rcu() LSM implementation hook VanGiang Nguyen <vangiang.nguyen(a)rohde-schwarz.com> padata: use integer wrap around to prevent deadlock on seq_nr overflow Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> cpuidle: riscv-sbi: Use scoped device node handling to fix missing of_node_put Yu Kuai <yukuai3(a)huawei.com> md: Don't flush sync_work in md_write_start() Martin Karsten <mkarsten(a)uwaterloo.ca> eventpoll: Annotate data-race of busy_poll_usecs Eric Dumazet <edumazet(a)google.com> icmp: change the order of rate limits Qiuxu Zhuo <qiuxu.zhuo(a)intel.com> EDAC/igen6: Fix conversion of system address to physical memory address Li Lingfeng <lilingfeng3(a)huawei.com> nfs: fix memory leak in error path of nfs4_do_reclaim Mickaël Salaün <mic(a)digikod.net> fs: Fix file_set_fowner LSM hook inconsistencies Baokun Li <libaokun1(a)huawei.com> netfs: Delete subtree of 'fs/netfs' when netfs module exits Julian Sun <sunjunchao2870(a)gmail.com> vfs: fix race between evice_inodes() and find_inode()&iput() Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity Qingqing Zhou <quic_qqzhou(a)quicinc.com> arm64: dts: qcom: sa8775p: Mark APPS and PCIe SMMUs as DMA coherent Dragan Simic <dsimic(a)manjaro.org> arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8186-corsola: Disable DPI display interface D Scott Phillips <scott(a)os.amperecomputing.com> arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a Anastasia Belova <abelova(a)astralinux.ru> arm64: esr: Define ESR_ELx_EC_* constants as UL Gaosheng Cui <cuigaosheng1(a)huawei.com> hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume Gaosheng Cui <cuigaosheng1(a)huawei.com> hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init Guoqing Jiang <guoqing.jiang(a)canonical.com> hwrng: mtk - Use devm_pm_runtime_enable Chao Yu <chao(a)kernel.org> f2fs: fix to check atomic_file in f2fs ioctl interfaces Shin'ichiro Kawasaki <shinichiro.kawasaki(a)wdc.com> f2fs: check discard support for conventional zones Jann Horn <jannh(a)google.com> f2fs: Require FMODE_WRITE for atomic write ioctls Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> f2fs: avoid potential int overflow in sanity_check_area_boundary() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> f2fs: prevent possible int overflow in dir_block_index() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> f2fs: fix several potential integer overflows in file offsets Luca Stefani <luca.stefani.ge1(a)gmail.com> btrfs: always update fstrim_range on failure in FITRIM ioctl Qu Wenruo <wqu(a)suse.com> btrfs: tree-checker: fix the wrong output of data backref objectid Filipe Manana <fdmanana(a)suse.com> btrfs: fix race setting file private on concurrent lseek using same fd Zhen Lei <thunder.leizhen(a)huawei.com> debugobjects: Fix conditions in fill_pool() Ma Ke <make24(a)iscas.ac.cn> wifi: mt76: mt7615: check devm_kasprintf() returned value Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: 8703b: Fix reported RX band width Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: 8822c: Fix reported RX band width Nick Morrow <morrownr(a)gmail.com> wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc Ma Ke <make24(a)iscas.ac.cn> wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he Ma Ke <make24(a)iscas.ac.cn> wifi: mt76: mt7915: check devm_kasprintf() returned value Ma Ke <make24(a)iscas.ac.cn> wifi: mt76: mt7921: Check devm_kasprintf() returned value Qu Wenruo <wqu(a)suse.com> btrfs: subpage: fix the bitmap dump which can cause bitmap corruption Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix sampling synchronization Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel: Allow to setup LBR for counting event for BPF Dmitry Vyukov <dvyukov(a)google.com> x86/entry: Remove unwanted instrumentation in common_interrupt() Ard Biesheuvel <ardb(a)kernel.org> efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption Werner Sembach <wse(a)tuxedocomputers.com> ACPI: resource: Add another DMI match for the TongFang GMxXGxx Li Chen <me(a)linux.beauty> ACPI: resource: Do IRQ override on MECHREV GM7XG0M Thomas Weißschuh <linux(a)weissschuh.net> ACPI: sysfs: validate return type of _STR method Mikhail Lobanov <m.lobanov(a)rosalinux.ru> drbd: Add NULL check for net_conf to prevent dereference in state validation Qiu-ji Chen <chenqiuji666(a)gmail.com> drbd: Fix atomicity violation in drbd_uuid_set_bm() Pavan Kumar Paluri <papaluri(a)amd.com> crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure Brian Masney <bmasney(a)redhat.com> crypto: qcom-rng - fix support for ACPI-based systems Johan Hovold <johan+linaro(a)kernel.org> serial: qcom-geni: fix false console tx restart Johan Hovold <johan+linaro(a)kernel.org> serial: qcom-geni: fix fifo polling timeout Mathias Nyman <mathias.nyman(a)linux.intel.com> xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them. Jiri Slaby (SUSE) <jirislaby(a)kernel.org> serial: don't use uninitialized value in uart_poll_init() Ma Ke <make24(a)iscas.ac.cn> pps: add an error check in parport_attach Florian Fainelli <florian.fainelli(a)broadcom.com> tty: rp2: Fix reset with non forgiving PCIe host bridges Jann Horn <jannh(a)google.com> firmware_loader: Block path traversal Fabio Porcedda <fabio.porcedda(a)gmail.com> bus: mhi: host: pci_generic: Fix the name for the Telit FE990A Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> bus: integrator-lm: fix OF node leak in probe() Tomas Marek <tomas.marek(a)elrest.cz> usb: dwc2: drd: fix clock gating on USB role switch Andrey Konovalov <andreyknvl(a)gmail.com> usb: gadget: dummy_hcd: execute hrtimer callback in softirq context WangYuli <wangyuli(a)uniontech.com> usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host Pawel Laszczak <pawell(a)cadence.com> usb: cdnsp: Fix incorrect usb_request status Oliver Neukum <oneukum(a)suse.com> USB: misc: yurex: fix race between read and write Oliver Neukum <oneukum(a)suse.com> USB: class: CDC-ACM: fix race between get_serial and set_serial Oliver Neukum <oneukum(a)suse.com> USB: misc: cypress_cy7c63: check for short transfer Oliver Neukum <oneukum(a)suse.com> USB: appledisplay: close race between probe and completion handler Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8395-nio-12l: Mark USB 3.0 on xhci1 as disabled Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195-cherry: Mark USB 3.0 on xhci1 as disabled Oliver Neukum <oneukum(a)suse.com> usbnet: fix cyclical race on disconnect with work queue Bitterblue Smith <rtl8821cerfe2(a)gmail.com> wifi: rtw88: Fix USB/SDIO devices not transmitting beacons Stefan Mätje <stefan.maetje(a)esd.eu> can: esd_usb: Remove CAN_CTRLMODE_3_SAMPLES for CAN-USB/3-FD Finn Thain <fthain(a)linux-m68k.org> scsi: mac_scsi: Disallow bus errors during PDMA send Finn Thain <fthain(a)linux-m68k.org> scsi: mac_scsi: Refactor polling loop Finn Thain <fthain(a)linux-m68k.org> scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages Justin Tee <justin.tee(a)broadcom.com> scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs Manish Pandey <quic_mapa(a)quicinc.com> scsi: ufs: qcom: Update MODE_MAX cfg_bw value Martin Wilck <mwilck(a)suse.com> scsi: sd: Fix off-by-one error in sd_read_block_characteristics() Damien Le Moal <dlemoal(a)kernel.org> ata: libata-scsi: Fix ata_msense_control() CDL page reporting Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: handle caseless file creation Namjae Jeon <linkinjeon(a)kernel.org> ksmbd: allow write with FILE_APPEND_DATA Hobin Woo <hobin.woo(a)samsung.com> ksmbd: make __dir_empty() compatible with POSIX Michael Ellerman <mpe(a)ellerman.id.au> powerpc/atomic: Use YZ constraints for DS-form instructions Roman Smirnov <r.smirnov(a)omp.ru> KEYS: prevent NULL pointer dereference in find_asymmetric_key() Tiezhu Yang <yangtiezhu(a)loongson.cn> objtool: Handle frame pointer related instructions Huacai Chen <chenhuacai(a)kernel.org> Revert "LoongArch: KVM: Invalidate guest steal time address on vCPU reset" Zhikai Zhai <zhikai.zhai(a)amd.com> drm/amd/display: Skip to enable dsc if it has been off Yihan Zhu <Yihan.Zhu(a)amd.com> drm/amd/display: Enable DML2 override_det_buffer_size_kbytes Nicholas Kazlauskas <nicholas.kazlauskas(a)amd.com> drm/amd/display: Block dynamic IPS2 on DCN35 for incompatible FW versions Sung Joon Kim <Sungjoon.Kim(a)amd.com> drm/amd/display: Disable SYMCLK32_LE root clock gating Mario Limonciello <mario.limonciello(a)amd.com> drm/amd/display: Validate backlight caps are sane Martin Tsai <martin.tsai(a)amd.com> drm/amd/display: Clean up dsc blocks in accelerated mode Robin Chen <robin.chen(a)amd.com> drm/amd/display: Round calculated vtotal Leo Ma <hanghong.ma(a)amd.com> drm/amd/display: Add HDMI DSC native YCbCr422 support Saleemkhan Jamadar <saleemkhan.jamadar(a)amd.com> drm/amdgpu/vcn: enable AV1 on both instances Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/mes11: reduce timeout Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Skip Recompute DSC Params if no Stream on Link Sean Christopherson <seanjc(a)google.com> KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock Sean Christopherson <seanjc(a)google.com> KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() Sean Christopherson <seanjc(a)google.com> KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits Snehal Koukuntla <snehalreddy(a)google.com> KVM: arm64: Add memory length checks and remove inline in do_ffa_mem_xfer Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table Werner Sembach <wse(a)tuxedocomputers.com> Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table Nuno Sa <nuno.sa(a)analog.com> Input: adp5588-keys - fix check on return code Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Protect against overflow of ALIGN() during iova allocation Eliav Bar-ilan <eliavb(a)nvidia.com> iommu/amd: Fix argument order in amd_iommu_dev_flush_pasid_all() Roman Smirnov <r.smirnov(a)omp.ru> Revert "media: tuners: fix error return code of hybrid_tuner_request_state()" Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> soc: versatile: integrator: fix OF node leak in probe() error path Herve Codina <herve.codina(a)bootlin.com> soc: fsl: cpm1: tsa: Fix tsa_write8() Herve Codina <herve.codina(a)bootlin.com> soc: fsl: cpm1: qmc: Update TRNSYNC only in transparent mode Ma Ke <make24(a)iscas.ac.cn> ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Revert "soc: qcom: smd-rpm: Match rpmsg channel instead of compatible" Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: dra7xx: Fix error handling when IRQ request fails in probe Sean Anderson <sean.anderson(a)linux.dev> PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler Maciej W. Rozycki <macro(a)orcam.me.uk> PCI: Use an error code with PCIe failed link retraining Maciej W. Rozycki <macro(a)orcam.me.uk> PCI: Correct error reporting with PCIe failed link retraining Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Fix i.MX8MP PCIe EP's occasional failure to trigger MSI Richard Zhu <hongxing.zhu(a)nxp.com> PCI: imx6: Fix establish link failure in EP mode for i.MX8MM and i.MX8MP Frank Li <Frank.Li(a)nxp.com> PCI: imx6: Fix missing call to phy_power_off() in error handling Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: dra7xx: Fix threaded IRQ request for "dra7xx-pcie-main" IRQ Maciej W. Rozycki <macro(a)orcam.me.uk> PCI: Clear the LBMS bit after a link retrain Maciej W. Rozycki <macro(a)orcam.me.uk> PCI: Revert to the original speed after PCIe failed link retraining Laurent Pinchart <laurent.pinchart(a)ideasonboard.com> Remove *.orig pattern from .gitignore Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: correctly move 'log' upon successful match Felix Moessbauer <felix.moessbauer(a)siemens.com> io_uring/sqpoll: do not put cpumask on stack Jens Axboe <axboe(a)kernel.dk> io_uring/sqpoll: retain test for whether the CPU is valid Juergen Gross <jgross(a)suse.com> xen: allow mapping ACPI data using a different physical address Juergen Gross <jgross(a)suse.com> xen: move checks for e820 conflicts further up Fangzhi Zuo <Jerry.Zuo(a)amd.com> drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination Shu Han <ebpqwerty472123(a)gmail.com> mm: call the security_mmap_file() LSM hook in remap_file_pages() Jeongjun Park <aha310510(a)gmail.com> mm: migrate: annotate data-race in migrate_folio_unmap() yangyun <yangyun50(a)huawei.com> fuse: use exclusive lock when FUSE_I_CACHE_IO_MODE is set Jens Axboe <axboe(a)kernel.dk> io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL Jens Axboe <axboe(a)kernel.dk> io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN Felix Moessbauer <felix.moessbauer(a)siemens.com> io_uring/sqpoll: do not allow pinning outside of cpuset Phil Sutter <phil(a)nwl.cc> selftests: netfilter: Avoid hanging ipvs.sh Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: missing objects with no memcg accounting Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: use rcu chain hook list iterator from netlink dump path Simon Horman <horms(a)kernel.org> netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS Phil Sutter <phil(a)nwl.cc> netfilter: nf_tables: Keep deleted flowtable hooks until after RCU Furong Xu <0x1207(a)gmail.com> net: stmmac: set PP_FLAG_DMA_SYNC_DEV only if XDP is enabled Wenbo Li <liwenbo.martin(a)bytedance.com> virtio_net: Fix mismatched buf address when unmapping for small packets Jiwon Kim <jiwonaid0(a)gmail.com> bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave() Paul Barker <paul.barker.ct(a)bp.renesas.com> net: ravb: Fix R-Car RX frame size limit Youssef Samir <quic_yabdulra(a)quicinc.com> net: qrtr: Update packets cloning when broadcasting Josh Hunt <johunt(a)akamai.com> tcp: check skb is non-NULL in tcp_rto_delta_us() Thomas Weißschuh <thomas.weissschuh(a)linutronix.de> net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL Kaixin Wang <kxwang23(a)m.fudan.edu.cn> net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition Eric Dumazet <edumazet(a)google.com> netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Fix packet counting Sean Anderson <sean.anderson(a)linux.dev> net: xilinx: axienet: Schedule NAPI in two steps Mikulas Patocka <mpatocka(a)redhat.com> Revert "dm: requeue IO if mapping table not yet available" Dan Carpenter <alexander.sverdlin(a)gmail.com> ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() Jason Wang <jasowang(a)redhat.com> vhost_vdpa: assign irq bypass producer token correctly Dragos Tatulea <dtatulea(a)nvidia.com> vdpa/mlx5: Fix invalid mr resource destroy Yanfei Xu <yanfei.xu(a)intel.com> cxl/pci: Fix to record only non-zero ranges Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> interconnect: qcom: sm8250: Enable sync_state Kees Cook <kees(a)kernel.org> interconnect: icc-clk: Add missed num_nodes initialization Suzuki K Poulose <suzuki.poulose(a)arm.com> coresight: tmc: sg: Do not leak sg_table Jie Gan <quic_jiegan(a)quicinc.com> Coresight: Set correct cs_mode for dummy source to fix disable issue Jie Gan <quic_jiegan(a)quicinc.com> Coresight: Set correct cs_mode for TPDM to fix disable issue Markus Schneider-Pargmann <msp(a)baylibre.com> serial: 8250: omap: Cleanup on error in request_irq Jinjie Ruan <ruanjinjie(a)huawei.com> driver core: Fix a potential null-ptr-deref in module_add_driver() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: iio: asahi-kasei,ak8975: drop incorrect AK09116 compatible Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> iio: magnetometer: ak8975: drop incorrect AK09116 compatible Vasileios Amoiridis <vassilisamir(a)gmail.com> iio: chemical: bme680: Fix read/write ops to device by adding mutexes Antoniu Miclaus <antoniu.miclaus(a)analog.com> ABI: testing: fix admv8818 attr description Zijun Hu <quic_zijuhu(a)quicinc.com> driver core: Fix error handling in driver API device_rename() Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: fix standby gpio state to match the documentation Guillaume Stols <gstols(a)baylibre.com> iio: adc: ad7606: fix oversampling gpio array Hannes Reinecke <hare(a)kernel.org> nvme-multipath: system fails to create generic nvme device Alexander Dahl <ada(a)thorsis.com> spi: atmel-quadspi: Avoid overwriting delay register settings Lorenzo Bianconi <lorenzo(a)kernel.org> spi: airoha: remove read cache in airoha_snand_dirmap_read() Ming Lei <ming.lei(a)redhat.com> lib/sbitmap: define swap_lock as raw_spinlock_t Jinjie Ruan <ruanjinjie(a)huawei.com> spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time Jinjie Ruan <ruanjinjie(a)huawei.com> spi: atmel-quadspi: Undo runtime PM changes at driver exit time Lorenzo Bianconi <lorenzo(a)kernel.org> spi: airoha: fix airoha_snand_{write,read}_data data_len estimation Lorenzo Bianconi <lorenzo(a)kernel.org> spi: airoha: fix dirmap_{read,write} operations Chao Yu <chao(a)kernel.org> f2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error() Chao Yu <chao(a)kernel.org> f2fs: get rid of online repaire on corrupted directory Daeho Jeong <daehojeong(a)google.com> f2fs: prevent atomic file from being dirtied before commit Yeongjin Gil <youngjin.gil(a)samsung.com> f2fs: compress: don't redirty sparse cluster during {,de}compress Chao Yu <chao(a)kernel.org> f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread() Chao Yu <chao(a)kernel.org> f2fs: atomic: fix to truncate pagecache before on-disk metadata truncation Chao Yu <chao(a)kernel.org> f2fs: fix to wait page writeback before setting gcing flag Yeongjin Gil <youngjin.gil(a)samsung.com> f2fs: Create COW inode from parent dentry for atomic write Chao Yu <chao(a)kernel.org> f2fs: fix to avoid racing in between read and OPU dio write Chao Yu <chao(a)kernel.org> f2fs: reduce expensive checkpoint trigger frequency Chao Yu <chao(a)kernel.org> f2fs: atomic: fix to avoid racing w/ GC Danny Tsen <dtsen(a)linux.ibm.com> crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 Herbert Xu <herbert(a)gondor.apana.org.au> crypto: caam - Pad SG length when allocating hash edesc Jeff Layton <jlayton(a)kernel.org> nfsd: fix initial getattr on write delegation NeilBrown <neilb(a)suse.de> nfsd: untangle code in nfsd4_deleg_getattr_conflict() Li Lingfeng <lilingfeng3(a)huawei.com> nfsd: return -EINVAL when namelen is 0 Guoqing Jiang <guoqing.jiang(a)linux.dev> nfsd: call cache_put if xdr_reserve_space returns NULL Dave Jiang <dave.jiang(a)intel.com> ntb: Force physically contiguous allocation of rx ring buffers Max Hawking <maxahawking(a)sonnenkinder.org> ntb_perf: Fix printk format Jinjie Ruan <ruanjinjie(a)huawei.com> ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() Vitaliy Shevtsov <v.shevtsov(a)maxima.ru> RDMA/irdma: fix error message in irdma_modify_qp_roce() Mikhail Lobanov <m.lobanov(a)rosalinux.ru> RDMA/cxgb4: Added NULL check for lookup_atid Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix ah error counter in sw stat not increasing Jinjie Ruan <ruanjinjie(a)huawei.com> riscv: Fix fp alignment bug in perf_callchain_user() Manivannan Sadhasivam <manivannan.sadhasivam(a)linaro.org> PCI: qcom-ep: Enable controller resources like PHY only after refclk is available Mark Bloch <mbloch(a)nvidia.com> RDMA/mlx5: Obtain upper net device only when needed Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix restricted __le16 degrades to integer issue Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Optimize hem allocation performance Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() wenglianfa <wenglianfa(a)huawei.com> RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Don't modify rq next block addr in HIP09 QPC Jonas Blixt <jonas.blixt(a)actia.se> watchdog: imx_sc_wdt: Don't disable WDT in suspend Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix MR cache temp entries cleanup Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Drop redundant work canceling from clean_keys() Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Limit usage of over-sized mkeys from the MR cache Michael Guralnik <michaelgur(a)nvidia.com> RDMA/mlx5: Fix counter update on MR cache mkey creation Cheng Xu <chengyou(a)linux.alibaba.com> RDMA/erdma: Return QP state in erdma_query_qp Alexandra Diupina <adiupina(a)astralinux.ru> PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() Jason Gunthorpe <jgg(a)ziepe.ca> iommufd: Check the domain owner of the parent before creating a nesting domain Frank Li <Frank.Li(a)nxp.com> dt-bindings: PCI: layerscape-pci: Replace fsl,lx2160a-pcie with fsl,lx2160ar2-pcie Patrisious Haddad <phaddad(a)nvidia.com> IB/core: Fix ib_cache_setup_one error flow cleanup Wang Jianzheng <wangjianzheng(a)vivo.com> pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function Jeff Layton <jlayton(a)kernel.org> nfsd: fix refcount leak when file is unhashed after being found Jeff Layton <jlayton(a)kernel.org> nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire Alexander Shiyan <eagle.alexander923(a)gmail.com> clk: rockchip: rk3588: Fix 32k clock name for pmu_24m_32k_100m_src_p Yuntao Liu <liuyuntao12(a)huawei.com> clk: starfive: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage David Lechner <dlechner(a)baylibre.com> clk: ti: dra7-atl: Fix leak of of_nodes Md Haris Iqbal <haris.iqbal(a)ionos.com> RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds Jack Wang <jinpu.wang(a)ionos.com> RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: Fix H264 stateless decoder smatch warning Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning Yunfei Dong <yunfei.dong(a)mediatek.com> media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Jason Gunthorpe <jgg(a)ziepe.ca> iommufd/selftest: Fix buffer read overrrun in the dirty test Claudiu Beznea <claudiu.beznea(a)tuxon.dev> clk: at91: sama7g5: Allocate only the needed amount of memory for PLLs Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: single: fix missing error code in pcs_probe() Zhu Yanjun <yanjun.zhu(a)linux.dev> RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency Biju Das <biju.das.jz(a)bp.renesas.com> media: platform: rzg2l-cru: rzg2l-csi2: Add missing MODULE_DEVICE_TABLE Kees Cook <kees(a)kernel.org> leds: gpio: Set num_leds after allocation Sean Anderson <sean.anderson(a)linux.dev> PCI: xilinx-nwl: Clean up clock on probe failure/removal Sean Anderson <sean.anderson(a)linux.dev> PCI: xilinx-nwl: Fix register misspelling Li Zhijian <lizhijian(a)fujitsu.com> nvdimm: Fix devs leaks in scan_labels() Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> x86/PCI: Check pcie_find_root_port() return for NULL Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: pca995x: Fix device child node usage in pca995x_probe() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: pca995x: Use device_for_each_child_node() to access device child nodes Pieterjan Camerlynck <pieterjanca(a)gmail.com> leds: leds-pca995x: Add support for NXP PCA9956B Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8250: use special function for Lucid 5LPE PLL Varadarajan Narayanan <quic_varada(a)quicinc.com> clk: qcom: ipq5332: Register gcc_qdss_tsctr_clk_src Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> media: staging: media: starfive: camss: Drop obsolete return value documentation Dan Carpenter <dan.carpenter(a)linaro.org> PCI: keystone: Fix if-statement expression in ks_pcie_quirk() Takashi Sakamoto <o-takashi(a)sakamocchi.jp> firewire: core: correct range of block for case of switch statement Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Wait for Link before restoring Downstream Buses Junlin Li <make24(a)iscas.ac.cn> drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error Junlin Li <make24(a)iscas.ac.cn> drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> Input: ilitek_ts_i2c - add report id message validation Emanuele Ghidoli <emanuele.ghidoli(a)toradex.com> Input: ilitek_ts_i2c - avoid wrong input subsystem sync Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> phy: phy-rockchip-samsung-hdptx: Explicitly include pm_runtime.h Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> pinctrl: ti: ti-iodelay: Fix some error handling paths Peng Fan <peng.fan(a)nxp.com> pinctrl: ti: iodelay: Use scope based of_node_put() cleanups Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: bd2606mvv: Fix device child node usage in bd2606mvv_probe() Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8550: use rcg2_shared_ops for ESC RCGs Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8650: Update the GDSC flags Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8550: use rcg2_ops for mdss_dptx1_aux_clk_src Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> clk: qcom: dispcc-sm8550: fix several supposed typos Jonas Karlman <jonas(a)kwiboo.se> clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: Initialize workqueue earlier Peng Fan <peng.fan(a)nxp.com> remoteproc: imx_rproc: Correct ddr alias for i.MX8M Kemeng Shi <shikemeng(a)huaweicloud.com> quota: avoid missing put_quota_format when DQUOT_SUSPENDED is passed Peng Fan <peng.fan(a)nxp.com> clk: imx: imx8qxp: Parent should be initialized earlier than the clock Peng Fan <peng.fan(a)nxp.com> clk: imx: imx8qxp: Register dc0_bypass0_clk before disp clk Zhipeng Wang <zhipeng.wang_1(a)nxp.com> clk: imx: imx8mp: fix clock tree update of TF-A managed clocks Pengfei Li <pengfei.li_1(a)nxp.com> clk: imx: fracn-gppll: fix fractional part of PLL getting lost Ye Li <ye.li(a)nxp.com> clk: imx: composite-7ulp: Check the PCC present bit Jacky Bai <ping.bai(a)nxp.com> clk: imx: composite-93: keep root clock on when mcore enabled Peng Fan <peng.fan(a)nxp.com> clk: imx: composite-8m: Enable gate clk with mcore_booted Sebastien Laveze <slaveze(a)smartandconnective.com> clk: imx: imx6ul: fix default parent for enet*_ref_sel Shengjiu Wang <shengjiu.wang(a)nxp.com> clk: imx: clk-audiomix: Correct parent clock for earc_phy and audpll Kan Liang <kan.liang(a)linux.intel.com> perf mem: Fix missed p-core mem events on ADL and RPL Kan Liang <kan.liang(a)linux.intel.com> perf mem: Check mem_events for all eligible PMUs Ian Rogers <irogers(a)google.com> perf time-utils: Fix 32-bit nsec parsing Yang Jihong <yangjihong(a)bytedance.com> perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time Namhyung Kim <namhyung(a)kernel.org> perf dwarf-aux: Handle bitfield members from pointer access Namhyung Kim <namhyung(a)kernel.org> perf annotate-data: Fix off-by-one in location range check Namhyung Kim <namhyung(a)kernel.org> perf dwarf-aux: Check allowed location expressions when collecting variables Yicong Yang <yangyicong(a)hisilicon.com> perf stat: Display iostat headers correctly Yang Jihong <yangjihong(a)bytedance.com> perf sched timehist: Fix missing free of session in perf_sched__timehist() Arnaldo Carvalho de Melo <acme(a)redhat.com> perf build: Fix up broken capstone feature detection fast path Kan Liang <kan.liang(a)linux.intel.com> perf report: Fix --total-cycles --stdio output error Ian Rogers <irogers(a)google.com> perf inject: Fix leader sampling inserting additional samples Namhyung Kim <namhyung(a)kernel.org> perf lock contention: Change stack_id type to s32 Ian Rogers <irogers(a)google.com> perf callchain: Fix stitch LBR memory leaks Namhyung Kim <namhyung(a)kernel.org> perf mem: Free the allocated sort string, fixing a leak James Clark <james.clark(a)linaro.org> perf scripts python cs-etm: Restore first sample log in verbose mode Daniel Borkmann <daniel(a)iogearbox.net> bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error Daniel Borkmann <daniel(a)iogearbox.net> bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix helper writes to read-only maps Daniel Borkmann <daniel(a)iogearbox.net> bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit Chen Yu <yu.c.chen(a)intel.com> sched/pelt: Use rq_clock_task() for hw_pressure Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential oob read in nilfs_btree_check_delete() Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: determine empty node blocks as corrupted Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() Yujie Liu <yujie.liu(a)intel.com> sched/numa: Fix the vma scan starving issue Ojaswin Mujoo <ojaswin(a)linux.ibm.com> ext4: check stripe size compatibility on remount as well Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> ext4: avoid OOB when system.data xattr changes underneath the filesystem Thadeu Lima de Souza Cascardo <cascardo(a)igalia.com> ext4: return error on ext4_find_inline_entry Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: avoid negative min_clusters in find_group_orlov() Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: avoid potential buffer_head leak in __ext4_new_inode() Kemeng Shi <shikemeng(a)huaweicloud.com> ext4: avoid buffer_head leak in ext4_mark_inode_used() Jiawei Ye <jiawei.ye(a)foxmail.com> smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso Huang Shijie <shijie(a)os.amperecomputing.com> sched/deadline: Fix schedstats vs deadline servers yangerkun <yangerkun(a)huawei.com> ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard Chen Yu <yu.c.chen(a)intel.com> kthread: fix task state in kthread worker if being frozen Lasse Collin <lasse.collin(a)tukaani.org> xz: cleanup CRC32 edits from 2018 Harald Freudenberger <freude(a)linux.ibm.com> s390/ap: Fix deadlock caused by recursive lock of the AP bus scan mutex Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix bpf_object__open_skeleton()'s mishandling of options Hao Ge <gehao(a)kylinos.cn> selftests/bpf: Fix incorrect parameters in NULL pointer checking Eduard Zingerman <eddyz87(a)gmail.com> bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: fix to avoid __msg tag de-duplication by clang Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: __arch_* macro to limit test cases to specific archs Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: allow checking xlated programs in verifier_* tests Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: extract test_loader->expect_msgs as a data structure Eduard Zingerman <eddyz87(a)gmail.com> selftests/bpf: no need to track next_match_pos in struct test_loader Cupertino Miranda <cupertino.miranda(a)oracle.com> selftests/bpf: Support checks against a regular expression Jiangshan Yi <yijiangshan(a)kylinos.cn> samples/bpf: Fix compilation errors with cf-protection option Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix error compiling tc_redirect.c with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compile if backtrace support missing in libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix redefinition errors compiling lwt_reroute.c Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix C++ compile error from missing _Bool type Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix error compiling test_lru_map.c Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix arg parsing in veristat, test_progs David Vernet <void(a)manifault.com> libbpf: Don't take direct pointers into BTF data from st_ops Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix errors compiling cg_storage_multi.h with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix errors compiling crypto_sanity.c with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix errors compiling decap_sanity.c with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix errors compiling lwt_redirect.c with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling core_reloc.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling tcp_rtt.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling flow_dissector.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling kfree_skb.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix include of <sys/fcntl.h> Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix missing BUILD_BUG_ON() declaration Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix missing UINT_MAX definitions in benchmarks Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Drop unneeded error.h includes Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with musl libc Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Use pid_t consistently in test_progs.c Yonghong Song <yonghong.song(a)linux.dev> bpf: Fail verification for sign-extension of packet data/data_end/data_meta Tony Ambardar <tony.ambardar(a)gmail.com> tools/runqslower: Fix LDFLAGS and add LDLIBS support Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix wrong binary in Makefile log output Tony Ambardar <tony.ambardar(a)gmail.com> selftests/bpf: Fix error linking uprobe_multi on mips Alexei Starovoitov <ast(a)kernel.org> selftests/bpf: Workaround strict bpf_lsm return value check. Xu Kuohai <xukuohai(a)huawei.com> bpf: Fix compare error in function retval_range_within Xu Kuohai <xukuohai(a)huawei.com> bpf, lsm: Add check for BPF LSM return value Leon Hwang <hffilwlqm(a)gmail.com> bpf, arm64: Fix tailcall hierarchy Leon Hwang <hffilwlqm(a)gmail.com> bpf, x64: Fix tailcall hierarchy Tianchen Ding <dtcccc(a)linux.alibaba.com> sched/fair: Make SCHED_IDLE entity be preempted in strict hierarchy Jonathan McDowell <noodles(a)meta.com> tpm: Clean up TPM space after command failure Juergen Gross <jgross(a)suse.com> xen/swiotlb: fix allocated size Juergen Gross <jgross(a)suse.com> xen/swiotlb: add alignment check for dma buffers Juergen Gross <jgross(a)suse.com> xen: tolerate ACPI NVS memory overlapping with Xen allocated memory Juergen Gross <jgross(a)suse.com> xen: add capability to remap non-RAM pages to different PFNs Juergen Gross <jgross(a)suse.com> xen: move max_pfn in xen_memory_setup() out of function scope Juergen Gross <jgross(a)suse.com> xen: introduce generic helper checking for memory map conflicts Linus Torvalds <torvalds(a)linux-foundation.org> minmax: avoid overly complex min()/max() macro arguments in xen Niklas Cassel <cassel(a)kernel.org> ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense data Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Do not warn about dropped packets for first packet Jason Gerecke <jason.gerecke(a)wacom.com> HID: wacom: Support sequence numbers smaller than 16-bit Juergen Gross <jgross(a)suse.com> xen: use correct end address of kernel for conflict checking Lang Yu <lang.yu(a)amd.com> drm/amdgpu: fix invalid fence handling in amdgpu_vm_tlb_flush Yuesong Li <liyuesong(a)vivo.com> drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() Nícolas F. R. A. Prado <nfraprado(a)collabora.com> kselftest: dt: Ignore nodes that have ancestors disabled Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> platform/x86: ideapad-laptop: Make the scope_guard() clear of its scope Sherry Yang <sherry.yang(a)oracle.com> drm/msm: fix %s null argument error Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> drm/msm/dsi: correct programming sequence for SM8350 / SM8450 Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dp: enable widebus on all relevant chipsets Wolfram Sang <wsa+renesas(a)sang-engineering.com> ipmi: docs: don't advertise deprecated sysfs entries Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: workaround early ring-buffer emptiness check Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: fix races in preemption evaluation stage Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: properly clear preemption records on resume Vladimir Lypak <vladimir.lypak(a)gmail.com> drm/msm/a5xx: disable preemption in submits by default Aleksandr Mishin <amishin(a)t-argos.ru> drm/msm: Fix incorrect file name output in adreno_request_fw() Connor Abbott <cwabbott0(a)gmail.com> drm/msm: Fix CP_BV_DRAW_STATE_ADDR name Connor Abbott <cwabbott0(a)gmail.com> drm/msm: Dump correct dbgahb clusters on a750 Connor Abbott <cwabbott0(a)gmail.com> drm/msm: Use a7xx family directly in gpu_state Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/vdso: Inconditionally use CFUNC macro Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/8xx: Fix kernel vs user address comparison Christophe Leroy <christophe.leroy(a)csgroup.eu> powerpc/8xx: Fix initial memory mapping Fei Shao <fshao(a)chromium.org> drm/mediatek: Use spin_lock_irqsave() for CRTC event lock Jason-JH.Lin <jason-jh.lin(a)mediatek.com> drm/mediatek: Fix missing configuration flags in mtk_crtc_ddp_config() Jeongjun Park <aha310510(a)gmail.com> jfs: fix out-of-bounds in dbNextAG() and diAlloc() Dan Carpenter <dan.carpenter(a)linaro.org> scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() Stefan Wahren <wahrenst(a)gmx.net> drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get Liu Ying <victor.liu(a)nxp.com> drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets Jonas Karlman <jonas(a)kwiboo.se> drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode Alex Bee <knaerzche(a)gmail.com> drm/rockchip: vop: Allow 4096px width scaling WangYuli <wangyuli(a)uniontech.com> drm/amd/amdgpu: Properly tune the size of struct Finn Thain <fthain(a)linux-m68k.org> scsi: NCR5380: Check for phase match during PDMA fixup Gilbert Wu <Gilbert.Wu(a)microchip.com> scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly Alex Deucher <alexander.deucher(a)amd.com> drm/radeon: properly handle vbios fake edid sizing Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu: properly handle vbios fake edid sizing Srinivasan Shanmugam <srinivasan.shanmugam(a)amd.com> drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func Claudiu Beznea <claudiu.beznea(a)tuxon.dev> drm/stm: ltdc: check memory returned by devm_kzalloc() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> drm/stm: Fix an error handling path in stm_drm_platform_probe() Geert Uytterhoeven <geert+renesas(a)glider.be> pmdomain: core: Harden inter-column space in debug summary Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> iommu/arm-smmu-qcom: apply num_context_bank fixes for SDM630 / SDM660 Konrad Dybcio <konrad.dybcio(a)linaro.org> iommu/arm-smmu-qcom: Work around SDM845 Adreno SMMU w/ 16K pages Marc Gonzalez <mgonzalez(a)freebox.fr> iommu/arm-smmu-qcom: hide last LPASS SMMU context bank from linux Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: mtk: Fix init error path Miquel Raynal <miquel.raynal(a)bootlin.com> mtd: rawnand: mtk: Factorize out the logic cleaning mtk chips Jinjie Ruan <ruanjinjie(a)huawei.com> mtd: rawnand: mtk: Use for_each_child_of_node_scoped() Frederic Weisbecker <frederic(a)kernel.org> rcu/nocb: Fix RT throttling hrtimer armed from offline CPU Charles Han <hanchunchao(a)inspur.com> mtd: powernv: Add check devm_kasprintf() returned value Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Do not set the D bit on AMD v2 table entries Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Set the pgsize_bitmap correctly Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Move allocation of the top table into v1_alloc_pgtable Chen Ni <nichen(a)iscas.ac.cn> iommu/amd: Convert comma to semicolon Jason Gunthorpe <jgg(a)ziepe.ca> iommu/amd: Allocate the page table root using GFP_KERNEL Vasant Hegde <vasant.hegde(a)amd.com> iommu/amd: Handle error path in amd_iommu_probe_device() Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() Artur Weber <aweber.kernel(a)gmail.com> power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense Chris Morgan <macromorgan(a)hotmail.com> power: supply: axp20x_battery: Remove design from min and max voltage Yuntao Liu <liuyuntao12(a)huawei.com> hwmon: (ntc_thermistor) fix module autoloading Mirsad Todorovac <mtodorovac69(a)gmail.com> mtd: slram: insert break after errors in parsing the map Guenter Roeck <linux(a)roeck-us.net> hwmon: (max16065) Fix alarm attributes Andrew Davis <afd(a)ti.com> hwmon: (max16065) Remove use of i2c_match_id() Guenter Roeck <linux(a)roeck-us.net> hwmon: (max16065) Fix overflows seen when writing limits Shuah Khan <skhan(a)linuxfoundation.org> selftests:resctrl: Fix build failure on archs without __cpuid_count() Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests/ftrace: Fix eventfs ownership testcase to find mount point tangbin <tangbin(a)cmss.chinamobile.com> ASoC: loongson: fix error release Finn Thain <fthain(a)linux-m68k.org> m68k: Fix kernel_clone_args.flags in m68k_clone() Uros Bizjak <ubizjak(a)gmail.com> x86/boot/64: Strip percpu address space when setting up GDT descriptors Steven Rostedt (Google) <rostedt(a)goodmis.org> selftests/ftrace: Fix test to handle both old and new kernels Yuntao Liu <liuyuntao12(a)huawei.com> ALSA: hda: cs35l41: fix module autoloading Masami Hiramatsu (Google) <mhiramat(a)kernel.org> selftests/ftrace: Add required dependency for kprobe tests Linus Walleij <linus.walleij(a)linaro.org> ASoC: tas2781-i2c: Get the right GPIO line Linus Walleij <linus.walleij(a)linaro.org> ASoC: tas2781-i2c: Drop weird GPIO code Rob Herring (Arm) <robh(a)kernel.org> ASoC: tas2781: Use of_property_read_reg() Ma Ke <make24(a)iscas.ac.cn> ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error Yosry Ahmed <yosryahmed(a)google.com> x86/mm: Use IPIs to synchronize LAM enablement Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8195: Correct clock order for dp_intf* Ankit Agrawal <agrawal.ag.ankit(a)gmail.com> clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> reset: k210: fix OF node leak in probe() error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> reset: berlin: fix OF node leak in probe() error path Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: versatile: fix OF node leak in CPUs prepare MD Danish Anwar <danishanwar(a)ti.com> arm64: dts: ti: k3-am654-idk: Fix dtbs_check warning in ICSSG dmas Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> ARM: dts: imx7d-zii-rmu2: fix Ethernet PHY pinctrl property Claudiu Beznea <claudiu.beznea(a)tuxon.dev> ARM: dts: microchip: sama7g5: Fix RTT clock Abel Vesa <abel.vesa(a)linaro.org> arm64: dts: qcom: x1e80100: Fix PHY for DP2 Jinjie Ruan <ruanjinjie(a)huawei.com> spi: bcmbca-hsspi: Fix missing pm_runtime_disable() Andrew Davis <afd(a)ti.com> arm64: dts: ti: k3-j721e-beagleboneai64: Fix reversed C6x carveout locations Andrew Davis <afd(a)ti.com> arm64: dts: ti: k3-j721e-sk: Fix reversed C6x carveout locations Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Correct vendor prefix for Hardkernel ODROID-M1 Jon Hunter <jonathanh(a)nvidia.com> arm64: tegra: Correct location of power-sensors for IGX Orin Alexander Dahl <ada(a)thorsis.com> ARM: dts: microchip: sam9x60: Fix rtc/rtt clocks Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: r9a07g044: Correct GICD and GICR sizes Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: r9a07g054: Correct GICD and GICR sizes Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: r9a07g043u: Correct GICD and GICR sizes Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: r9a08g045: Correct GICD and GICR sizes Chen-Yu Tsai <wenst(a)chromium.org> regulator: Return actual error in of_regulator_bulk_get_all() Mukesh Ojha <quic_mojha(a)quicinc.com> firmware: qcom: scm: Disable SDI and write no dump to dump mode Andy Shevchenko <andriy.shevchenko(a)linux.intel.com> spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ Cristian Marussi <cristian.marussi(a)arm.com> firmware: arm_scmi: Fix double free in OPTEE transport AngeloGioacchino Del Regno <angelogioacchino.delregno(a)collabora.com> arm64: dts: mediatek: mt8186: Fix supported-hw mask for GPU OPPs David Virag <virag.david003(a)gmail.com> arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB Ma Ke <make24(a)iscas.ac.cn> spi: ppc4xx: handle irq_of_parse_and_map() errors Riyan Dhiman <riyandhiman14(a)gmail.com> block: fix potential invalid pointer dereference in blk_add_partition Felix Moessbauer <felix.moessbauer(a)siemens.com> io_uring/io-wq: inherit cpuset of cgroup in io worker Felix Moessbauer <felix.moessbauer(a)siemens.com> io_uring/io-wq: do not allow pinning outside of cpuset Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix procress reference leakage for bfqq in merge chain Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix uaf for accessing waker_bfqq after splitting Gao Xiang <xiang(a)kernel.org> erofs: handle overlapped pclusters out of crafted images properly Gao Xiang <xiang(a)kernel.org> erofs: tidy up `struct z_erofs_bvec` Gao Xiang <xiang(a)kernel.org> erofs: fix incorrect symlink detection in fast symlink Wouter Verhelst <w(a)uter.be> nbd: correct the maximum value for discard sectors David Howells <dhowells(a)redhat.com> cachefiles: Fix non-taking of sb_writers around set/removexattr Yu Kuai <yukuai3(a)huawei.com> block, bfq: don't break merge chain in bfq_split_bfqq() Yu Kuai <yukuai3(a)huawei.com> block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() Yu Kuai <yukuai3(a)huawei.com> block, bfq: fix possible UAF for bfqq->bic with merge chain Ming Lei <ming.lei(a)redhat.com> nbd: fix race between timeout and normal completion Ming Lei <ming.lei(a)redhat.com> ublk: move zone report data out of request pdu Eric Dumazet <edumazet(a)google.com> ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() Su Hui <suhui(a)nfschina.com> net: tipc: avoid possible garbage value Justin Iurman <justin.iurman(a)uliege.be> net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input Heiner Kallweit <hkallweit1(a)gmail.com> r8169: disable ALDPS per default for RTL8125 Maciej Fijalkowski <maciej.fijalkowski(a)intel.com> xsk: fix batch alloc API on non-coherent systems Herbert Xu <herbert(a)gondor.apana.org.au> crypto: n2 - Set err to EINVAL if snprintf fails for hmac Jinjie Ruan <ruanjinjie(a)huawei.com> net: enetc: Use IRQF_NO_AUTOEN flag in request_irq() Guillaume Nault <gnault(a)redhat.com> bareudp: Pull inner IP header on xmit. Guillaume Nault <gnault(a)redhat.com> bareudp: Pull inner IP header in bareudp_udp_encap_recv(). Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: btusb: Fix not handling ZPL/short-transfer Marc Kleine-Budde <mkl(a)pengutronix.de> can: m_can: m_can_close(): stop clocks after device has been shut down Jake Hamby <Jake.Hamby(a)Teledyne.com> can: m_can: enable NAPI before enabling interrupts Kuniyuki Iwashima <kuniyu(a)amazon.com> can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). Sebastian Andrzej Siewior <bigeasy(a)linutronix.de> net: hsr: Use the seqnr lock for frames received via interlink port. Eric Dumazet <edumazet(a)google.com> sock_map: Add a cond_resched() in sock_hash_free() Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED Jiawei Ye <jiawei.ye(a)foxmail.com> wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7996: fix uninitialized TLV data Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7915: fix rx filter setting for bfee functionality Dmitry Antipov <dmantipov(a)yandex.ru> wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() Felix Fietkau <nbd(a)nbd.name> wifi: mt76: mt7603: fix mixed declarations and code Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: connac: fix checksum offload fields of connac3 RXD Rex Lu <rex.lu(a)mediatek.com> wifi: mt76: mt7996: fix handling mbss enable/disable Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/qm - inject error before stopping queue Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/qm - reset device before enabling it Weili Qian <qianweili(a)huawei.com> crypto: hisilicon/hpre - mask cluster timeout error Amit Shah <amit.shah(a)amd.com> crypto: ccp - do not request interrupt on cmd completion when irqs disabled John B. Wyatt IV <jwyatt(a)redhat.com> pm:cpupower: Add missing powercap_set_enabled() stub function Aaron Lu <aaron.lu(a)intel.com> x86/sgx: Fix deadlock in SGX NUMA node search Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix EHT beamforming capability check Howard Hsu <howard-yh.hsu(a)mediatek.com> wifi: mt76: mt7996: fix HE and EHT beamforming capabilities Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: fix wmm set of station interface to 3 Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: fix traffic delay when switching back to working channel Peter Chiu <chui-hao.chiu(a)mediatek.com> wifi: mt76: mt7996: use hweight16 to get correct tx antenna Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> wifi: mt76: mt7921: fix wrong UNII-4 freq range check for the channel usage Bjørn Mork <bjorn(a)mork.no> wifi: mt76: mt7915: fix oops on non-dbdc mt7986 Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: gov_bang_bang: Adjust states of all uninitialized instances Nishanth Menon <nm(a)ti.com> cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Ensure dtm_idx is big enough Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Fix CCLA register offset Robin Murphy <robin.murphy(a)arm.com> perf/arm-cmn: Refactor node ID handling. Again. Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nft_dynset: annotate data-races around set timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: remove annotation to access set timeout while holding lock Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject expiration higher than timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: reject element expiration with no timeout Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire Clément Léger <cleger(a)rivosinc.com> ACPI: CPPC: Fix MASK_VAL() usage Zhang Changzhong <zhangchangzhong(a)huawei.com> can: j1939: use correct function name in comment Mark Brown <broonie(a)kernel.org> kselftest/arm64: Actually test SME vector length changes via sigreturn Yicong Yang <yangyicong(a)hisilicon.com> drivers/perf: hisi_pcie: Fix TLP headers bandwidth counting Yicong Yang <yangyicong(a)hisilicon.com> drivers/perf: hisi_pcie: Record hardware counts correctly Kamlesh Gurudasani <kamlesh(a)ti.com> padata: Honor the caller's alignment in case of chunk_size 0 Vasily Khoruzhick <anarsoul(a)gmail.com> ACPICA: executer/exsystem: Don't nag user about every Stall() violating the spec Vasily Khoruzhick <anarsoul(a)gmail.com> ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE Ilan Peer <ilan.peer(a)intel.com> wifi: mac80211: Check for missing VHT elements only for 5 GHz Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: allow ESR when we the ROC expires Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: mac80211: fix the comeback long retry times hhorace <hhoracehsu(a)gmail.com> wifi: cfg80211: fix bug of mapping AF3x to incorrect User Priority Avraham Stern <avraham.stern(a)intel.com> wifi: iwlwifi: mvm: increase the time between ranging measurements Johannes Berg <johannes.berg(a)intel.com> wifi: iwlwifi: config: label 'gl' devices as discrete Golan Ben Ami <golan.ben.ami(a)intel.com> wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL Ping-Ke Shih <pkshih(a)realtek.com> wifi: mac80211: don't use rate mask for offchannel TX either Esther Shimanovich <eshimanovich(a)chromium.org> ACPI: video: force native for Apple MacbookPro9,2 Orlando Chamberlain <orlandoch.dev(a)gmail.com> ACPI: video: force native for some T2 macbooks Svyatoslav Pankratov <svyatoslav.pankratov(a)intel.com> crypto: qat - fix "Full Going True" macro definition Krishna chaitanya chundru <quic_krichai(a)quicinc.com> perf/dwc_pcie: Always register for PCIe bus notifier Krishna chaitanya chundru <quic_krichai(a)quicinc.com> perf/dwc_pcie: Fix registration issue in multi PCIe controller instances Jing Zhang <renyu.zj(a)linux.alibaba.com> drivers/perf: Fix ali_drw_pmu driver interrupt status clearing Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Fix rounding of delay jiffies Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> thermal: core: Fold two functions into their respective callers Douglas Anderson <dianders(a)chromium.org> arm64: smp: smp_send_stop() and crash_smp_send_stop() should try non-NMI first Andre Przywara <andre.przywara(a)arm.com> kselftest/arm64: signal: fix/refactor SVE vector length enumeration Dan Carpenter <dan.carpenter(a)linaro.org> powercap: intel_rapl: Fix off by one in get_rpi() Calvin Owens <calvin(a)wbinvd.org> ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Aleksa Sarai <cyphar(a)cyphar.com> autofs: fix missing fput for FSCONFIG_SET_FD Olaf Hering <olaf(a)aepfle.de> mount: handle OOM on mnt_warn_timestamp_expiry Atish Patra <atishp(a)rivosinc.com> RISC-V: KVM: Fix to allow hpmcounter31 from the guest Atish Patra <atishp(a)rivosinc.com> RISC-V: KVM: Allow legacy PMU access from guest Anup Patel <apatel(a)ventanamicro.com> RISC-V: KVM: Don't zero-out PMU snapshot area before freeing data Andrew Jones <ajones(a)ventanamicro.com> RISC-V: KVM: Fix sbiret init before forwarding to userspace Dmitry Kandybka <d.kandybka(a)gmail.com> wifi: rtw88: remove CPT execution branch never used Ping-Ke Shih <pkshih(a)realtek.com> wifi: rtw89: remove unused C2H event ID RTW89_MAC_C2H_FUNC_READ_WOW_CAM to prevent out-of-bounds reading Dave Martin <Dave.Martin(a)arm.com> arm64: signal: Fix some under-bracketed UAPI macros Yanteng Si <siyanteng(a)loongson.cn> net: stmmac: dwmac-loongson: Init ref and PTP clocks rate Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath12k: fix invalid AMPDU factor calculation in ath12k_peer_assoc_h_he() P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: match WMI BSS chan info structure with firmware definition P Praneesh <quic_ppranees(a)quicinc.com> wifi: ath12k: fix BSS chan info request WMI command Toke Høiland-Jørgensen <toke(a)redhat.com> wifi: ath9k: Remove error checks when creating debugfs entries Arend van Spriel <arend.vanspriel(a)broadcom.com> wifi: brcmfmac: introducing fwil query functions Aleksandr Mishin <amishin(a)t-argos.ru> ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() Dan Carpenter <dan.carpenter(a)linaro.org> crypto: iaa - Fix potential use after free bug Michal Witwicki <michal.witwicki(a)intel.com> crypto: qat - ensure correct order in VF restarting handler Michal Witwicki <michal.witwicki(a)intel.com> crypto: qat - fix recovery flow for VFs Michal Witwicki <michal.witwicki(a)intel.com> crypto: qat - disable IOV in adf_dev_stop() Helge Deller <deller(a)kernel.org> crypto: xor - fix template benchmarking Dmitry Antipov <dmantipov(a)yandex.ru> wifi: rtw88: always wait for both firmware loading attempts Shubhrajyoti Datta <shubhrajyoti.datta(a)amd.com> EDAC/synopsys: Fix error injection on Zynq UltraScale+ Kang Yang <quic_kangyang(a)quicinc.com> wifi: ath11k: use work queue to process beacon tx event ------------- Diffstat: .gitignore | 1 - .../ABI/testing/sysfs-bus-iio-filter-admv8818 | 2 +- Documentation/arch/arm64/silicon-errata.rst | 2 + .../iio/magnetometer/asahi-kasei,ak8975.yaml | 1 - .../bindings/pci/fsl,layerscape-pcie.yaml | 26 +- .../devicetree/bindings/spi/spi-nxp-fspi.yaml | 1 + Documentation/driver-api/ipmi.rst | 2 +- Documentation/filesystems/mount_api.rst | 9 +- Documentation/virt/kvm/locking.rst | 33 +- Makefile | 4 +- arch/arm/boot/dts/microchip/sam9x60.dtsi | 4 +- arch/arm/boot/dts/microchip/sama7g5.dtsi | 2 +- arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts | 2 +- .../dts/nxp/imx/imx6ull-seeed-npi-dev-board.dtsi | 12 +- arch/arm/boot/dts/nxp/imx/imx7d-zii-rmu2.dts | 2 +- arch/arm/mach-ep93xx/clock.c | 2 +- arch/arm/mach-versatile/platsmp-realview.c | 1 + arch/arm/vfp/vfpinstr.h | 44 +- arch/arm64/Kconfig | 2 +- .../boot/dts/exynos/exynos7885-jackpotlte.dts | 2 +- arch/arm64/boot/dts/mediatek/mt8186-corsola.dtsi | 3 +- arch/arm64/boot/dts/mediatek/mt8186.dtsi | 12 +- arch/arm64/boot/dts/mediatek/mt8195-cherry.dtsi | 1 + arch/arm64/boot/dts/mediatek/mt8195.dtsi | 12 +- .../boot/dts/mediatek/mt8395-radxa-nio-12l.dts | 1 + .../arm64/boot/dts/nvidia/tegra234-p3701-0008.dtsi | 33 - .../arm64/boot/dts/nvidia/tegra234-p3740-0002.dtsi | 33 + arch/arm64/boot/dts/qcom/sa8775p.dtsi | 2 + arch/arm64/boot/dts/qcom/x1e80100.dtsi | 10 +- arch/arm64/boot/dts/renesas/r9a07g043u.dtsi | 4 +- arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 4 +- arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 4 +- arch/arm64/boot/dts/renesas/r9a08g045.dtsi | 4 +- .../boot/dts/rockchip/rk3399-pinebook-pro.dts | 4 +- arch/arm64/boot/dts/rockchip/rk3568-odroid-m1.dts | 2 +- arch/arm64/boot/dts/ti/k3-am654-idk.dtso | 8 +- arch/arm64/boot/dts/ti/k3-j721e-beagleboneai64.dts | 4 +- arch/arm64/boot/dts/ti/k3-j721e-sk.dts | 4 +- arch/arm64/include/asm/cputype.h | 2 + arch/arm64/include/asm/esr.h | 88 +- arch/arm64/include/uapi/asm/sigcontext.h | 6 +- arch/arm64/kernel/cpu_errata.c | 10 +- arch/arm64/kernel/smp.c | 164 ++-- arch/arm64/kvm/hyp/nvhe/ffa.c | 21 +- arch/arm64/net/bpf_jit_comp.c | 57 +- arch/loongarch/include/asm/kvm_vcpu.h | 1 + arch/loongarch/kvm/timer.c | 7 + arch/loongarch/kvm/vcpu.c | 2 +- arch/m68k/kernel/process.c | 2 +- arch/powerpc/crypto/Kconfig | 1 + arch/powerpc/include/asm/asm-compat.h | 6 + arch/powerpc/include/asm/atomic.h | 5 +- arch/powerpc/include/asm/uaccess.h | 7 +- arch/powerpc/kernel/head_8xx.S | 6 +- arch/powerpc/kernel/vdso/gettimeofday.S | 4 - arch/powerpc/mm/nohash/8xx.c | 4 +- arch/riscv/include/asm/kvm_vcpu_pmu.h | 21 +- arch/riscv/kernel/perf_callchain.c | 2 +- arch/riscv/kvm/vcpu_pmu.c | 14 +- arch/riscv/kvm/vcpu_sbi.c | 4 +- arch/s390/include/asm/ftrace.h | 17 +- arch/s390/kernel/stacktrace.c | 19 - arch/x86/coco/tdx/tdx.c | 127 ++- arch/x86/events/intel/core.c | 8 +- arch/x86/events/intel/pt.c | 15 +- arch/x86/hyperv/ivm.c | 22 +- arch/x86/include/asm/acpi.h | 8 + arch/x86/include/asm/hardirq.h | 8 +- arch/x86/include/asm/idtentry.h | 6 +- arch/x86/include/asm/kvm_host.h | 3 +- arch/x86/include/asm/pgtable.h | 5 + arch/x86/include/asm/set_memory.h | 3 + arch/x86/include/asm/x86_init.h | 14 +- arch/x86/kernel/acpi/boot.c | 11 + arch/x86/kernel/cpu/sgx/main.c | 27 +- arch/x86/kernel/crash.c | 12 + arch/x86/kernel/head64.c | 3 +- arch/x86/kernel/jailhouse.c | 1 + arch/x86/kernel/mmconf-fam10h_64.c | 1 + arch/x86/kernel/process_64.c | 29 +- arch/x86/kernel/reboot.c | 12 + arch/x86/kernel/smpboot.c | 1 + arch/x86/kernel/x86_init.c | 9 +- arch/x86/kvm/lapic.c | 95 +- arch/x86/kvm/svm/svm.c | 2 + arch/x86/kvm/vmx/main.c | 2 + arch/x86/kvm/vmx/x86_ops.h | 1 - arch/x86/mm/mem_encrypt_amd.c | 8 +- arch/x86/mm/pat/set_memory.c | 54 +- arch/x86/mm/tlb.c | 7 +- arch/x86/net/bpf_jit_comp.c | 107 ++- arch/x86/pci/fixup.c | 4 +- arch/x86/xen/mmu_pv.c | 5 +- arch/x86/xen/p2m.c | 98 ++ arch/x86/xen/setup.c | 203 ++++- arch/x86/xen/xen-ops.h | 6 +- block/bfq-iosched.c | 81 +- block/partitions/core.c | 8 +- crypto/asymmetric_keys/asymmetric_type.c | 7 +- crypto/xor.c | 31 +- drivers/acpi/acpica/exsystem.c | 11 +- drivers/acpi/cppc_acpi.c | 43 +- drivers/acpi/device_sysfs.c | 5 +- drivers/acpi/pmic/tps68470_pmic.c | 6 +- drivers/acpi/resource.c | 12 + drivers/acpi/video_detect.c | 24 + drivers/ata/libata-eh.c | 8 + drivers/ata/libata-scsi.c | 5 +- drivers/base/core.c | 15 +- drivers/base/firmware_loader/main.c | 30 + drivers/base/module.c | 14 +- drivers/block/drbd/drbd_main.c | 8 +- drivers/block/drbd/drbd_state.c | 2 +- drivers/block/nbd.c | 15 +- drivers/block/ublk_drv.c | 62 +- drivers/bluetooth/btusb.c | 5 +- drivers/bus/arm-integrator-lm.c | 1 + drivers/bus/mhi/host/pci_generic.c | 13 +- drivers/char/hw_random/bcm2835-rng.c | 4 +- drivers/char/hw_random/cctrng.c | 1 + drivers/char/hw_random/mtk-rng.c | 2 +- drivers/char/tpm/tpm-dev-common.c | 2 + drivers/char/tpm/tpm2-sessions.c | 1 + drivers/char/tpm/tpm2-space.c | 3 + drivers/clk/at91/sama7g5.c | 5 +- drivers/clk/imx/clk-composite-7ulp.c | 7 + drivers/clk/imx/clk-composite-8m.c | 51 +- drivers/clk/imx/clk-composite-93.c | 15 +- drivers/clk/imx/clk-fracn-gppll.c | 4 + drivers/clk/imx/clk-imx6ul.c | 4 +- drivers/clk/imx/clk-imx8mp-audiomix.c | 13 +- drivers/clk/imx/clk-imx8mp.c | 4 +- drivers/clk/imx/clk-imx8qxp.c | 10 +- drivers/clk/qcom/clk-alpha-pll.c | 52 ++ drivers/clk/qcom/clk-alpha-pll.h | 2 + drivers/clk/qcom/dispcc-sm8250.c | 9 +- drivers/clk/qcom/dispcc-sm8550.c | 14 +- drivers/clk/qcom/gcc-ipq5332.c | 1 + drivers/clk/rockchip/clk-rk3228.c | 2 +- drivers/clk/rockchip/clk-rk3588.c | 2 +- drivers/clk/starfive/clk-starfive-jh7110-vout.c | 2 +- drivers/clk/ti/clk-dra7-atl.c | 1 + drivers/clocksource/timer-qcom.c | 7 +- drivers/cpufreq/ti-cpufreq.c | 10 +- drivers/cpuidle/cpuidle-riscv-sbi.c | 21 +- drivers/crypto/caam/caamhash.c | 1 + drivers/crypto/ccp/sev-dev.c | 15 +- drivers/crypto/hisilicon/hpre/hpre_main.c | 54 +- drivers/crypto/hisilicon/qm.c | 151 ++-- drivers/crypto/hisilicon/sec2/sec_main.c | 16 +- drivers/crypto/hisilicon/zip/zip_main.c | 23 +- drivers/crypto/intel/iaa/iaa_crypto_main.c | 4 +- .../crypto/intel/qat/qat_common/adf_gen4_hw_data.h | 2 +- drivers/crypto/intel/qat/qat_common/adf_init.c | 4 +- .../crypto/intel/qat/qat_common/adf_pfvf_pf_msg.c | 9 +- .../crypto/intel/qat/qat_common/adf_pfvf_vf_msg.c | 14 + .../crypto/intel/qat/qat_common/adf_pfvf_vf_msg.h | 1 + drivers/crypto/intel/qat/qat_common/adf_vf_isr.c | 2 + drivers/crypto/n2_core.c | 1 + drivers/crypto/qcom-rng.c | 4 +- drivers/cxl/core/pci.c | 8 +- drivers/edac/igen6_edac.c | 2 +- drivers/edac/synopsys_edac.c | 35 +- drivers/firewire/core-cdev.c | 2 +- drivers/firmware/arm_scmi/optee.c | 7 + drivers/firmware/efi/libstub/tpm.c | 2 +- drivers/firmware/qcom/qcom_scm.c | 6 +- drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c | 8 +- drivers/gpu/drm/amd/amdgpu/amdgv_sriovmsg.h | 4 +- drivers/gpu/drm/amd/amdgpu/atombios_encoders.c | 29 +- drivers/gpu/drm/amd/amdgpu/mes_v11_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/vcn_v4_0_5.c | 165 ---- drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 16 + .../amd/display/amdgpu_dm/amdgpu_dm_mst_types.c | 9 +- .../amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c | 6 + drivers/gpu/drm/amd/display/dc/dc_dsc.h | 3 +- drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c | 5 +- .../drm/amd/display/dc/hwss/dce110/dce110_hwseq.c | 50 ++ .../drm/amd/display/dc/hwss/dcn30/dcn30_hwseq.c | 6 +- .../drm/amd/display/dc/hwss/dcn32/dcn32_hwseq.c | 14 + .../drm/amd/display/dc/hwss/dcn35/dcn35_hwseq.c | 13 + .../amd/display/dc/resource/dcn35/dcn35_resource.c | 1 + .../display/dc/resource/dcn351/dcn351_resource.c | 3 +- .../drm/amd/display/modules/freesync/freesync.c | 2 +- drivers/gpu/drm/bridge/lontium-lt8912b.c | 35 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 +- drivers/gpu/drm/mediatek/mtk_crtc.c | 32 +- drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 12 +- drivers/gpu/drm/msm/adreno/a5xx_gpu.h | 2 + drivers/gpu/drm/msm/adreno/a5xx_preempt.c | 30 +- drivers/gpu/drm/msm/adreno/a6xx_gpu_state.c | 46 +- .../gpu/drm/msm/adreno/adreno_gen7_9_0_snapshot.h | 2 +- drivers/gpu/drm/msm/adreno/adreno_gpu.c | 2 +- drivers/gpu/drm/msm/disp/mdp5/mdp5_smp.c | 2 +- drivers/gpu/drm/msm/dp/dp_display.c | 10 +- drivers/gpu/drm/msm/dsi/phy/dsi_phy_7nm.c | 12 +- drivers/gpu/drm/radeon/evergreen_cs.c | 62 +- drivers/gpu/drm/radeon/radeon_atombios.c | 29 +- drivers/gpu/drm/rockchip/dw_hdmi-rockchip.c | 2 + drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 4 +- drivers/gpu/drm/stm/drv.c | 4 +- drivers/gpu/drm/stm/ltdc.c | 2 + drivers/gpu/drm/vc4/vc4_hdmi.c | 8 +- drivers/hid/wacom_wac.c | 13 +- drivers/hid/wacom_wac.h | 2 +- drivers/hwmon/max16065.c | 27 +- drivers/hwmon/ntc_thermistor.c | 1 + drivers/hwtracing/coresight/coresight-dummy.c | 4 + drivers/hwtracing/coresight/coresight-tmc-etr.c | 2 +- drivers/hwtracing/coresight/coresight-tpdm.c | 6 + drivers/i2c/busses/i2c-aspeed.c | 16 +- drivers/i2c/busses/i2c-isch.c | 3 +- drivers/iio/adc/ad7606.c | 8 +- drivers/iio/adc/ad7606_spi.c | 5 +- drivers/iio/chemical/bme680_core.c | 7 + drivers/iio/magnetometer/ak8975.c | 1 - drivers/infiniband/core/cache.c | 4 +- drivers/infiniband/core/iwcm.c | 2 +- drivers/infiniband/hw/cxgb4/cm.c | 5 + drivers/infiniband/hw/erdma/erdma_verbs.c | 25 +- drivers/infiniband/hw/hns/hns_roce_ah.c | 14 +- drivers/infiniband/hw/hns/hns_roce_hem.c | 22 +- drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 33 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 16 +- drivers/infiniband/hw/irdma/verbs.c | 2 +- drivers/infiniband/hw/mlx5/main.c | 2 +- drivers/infiniband/hw/mlx5/mlx5_ib.h | 2 +- drivers/infiniband/hw/mlx5/mr.c | 99 +- drivers/infiniband/ulp/rtrs/rtrs-clt.c | 9 +- drivers/infiniband/ulp/rtrs/rtrs-srv.c | 1 + drivers/input/keyboard/adp5588-keys.c | 2 +- drivers/input/serio/i8042-acpipnpio.h | 37 + drivers/input/touchscreen/ilitek_ts_i2c.c | 18 +- drivers/interconnect/icc-clk.c | 3 +- drivers/interconnect/qcom/sm8350.c | 1 + drivers/iommu/amd/io_pgtable.c | 14 +- drivers/iommu/amd/io_pgtable_v2.c | 4 +- drivers/iommu/amd/iommu.c | 57 +- drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c | 28 + drivers/iommu/iommufd/hw_pagetable.c | 3 +- drivers/iommu/iommufd/io_pagetable.c | 8 + drivers/iommu/iommufd/selftest.c | 9 +- drivers/leds/leds-bd2606mvv.c | 23 +- drivers/leds/leds-gpio.c | 9 +- drivers/leds/leds-pca995x.c | 78 +- drivers/md/dm-rq.c | 4 +- drivers/md/dm-verity-target.c | 23 +- drivers/md/dm.c | 11 +- drivers/md/md.c | 1 - drivers/media/dvb-frontends/rtl2830.c | 2 +- drivers/media/dvb-frontends/rtl2832.c | 2 +- .../vcodec/decoder/vdec/vdec_h264_req_if.c | 9 +- .../vcodec/decoder/vdec/vdec_h264_req_multi_if.c | 9 +- .../mediatek/vcodec/decoder/vdec/vdec_vp8_req_if.c | 10 +- .../media/platform/renesas/rzg2l-cru/rzg2l-csi2.c | 1 + drivers/media/tuners/tuner-i2c.h | 4 +- drivers/mtd/devices/powernv_flash.c | 3 + drivers/mtd/devices/slram.c | 2 + drivers/mtd/nand/raw/mtk_nand.c | 36 +- drivers/net/bareudp.c | 26 +- drivers/net/bonding/bond_main.c | 6 +- drivers/net/can/m_can/m_can.c | 14 +- drivers/net/can/usb/esd_usb.c | 6 +- drivers/net/ethernet/freescale/enetc/enetc.c | 3 +- drivers/net/ethernet/intel/idpf/idpf.h | 4 +- drivers/net/ethernet/intel/idpf/idpf_ethtool.c | 125 +-- drivers/net/ethernet/intel/idpf/idpf_lan_txrx.h | 2 + drivers/net/ethernet/intel/idpf/idpf_lib.c | 72 +- .../net/ethernet/intel/idpf/idpf_singleq_txrx.c | 195 ++-- drivers/net/ethernet/intel/idpf/idpf_txrx.c | 993 ++++++++++++--------- drivers/net/ethernet/intel/idpf/idpf_txrx.h | 469 ++++++---- drivers/net/ethernet/intel/idpf/idpf_virtchnl.c | 73 +- drivers/net/ethernet/realtek/r8169_phy_config.c | 2 + drivers/net/ethernet/renesas/ravb_main.c | 12 +- drivers/net/ethernet/seeq/ether3.c | 2 + .../net/ethernet/stmicro/stmmac/dwmac-loongson.c | 3 + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 +- drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 37 +- drivers/net/usb/usbnet.c | 37 +- drivers/net/virtio_net.c | 10 +- drivers/net/wireless/ath/ath11k/core.h | 1 + drivers/net/wireless/ath/ath11k/mac.c | 12 + drivers/net/wireless/ath/ath11k/wmi.c | 4 +- drivers/net/wireless/ath/ath12k/mac.c | 5 +- drivers/net/wireless/ath/ath12k/wmi.c | 1 + drivers/net/wireless/ath/ath12k/wmi.h | 3 +- drivers/net/wireless/ath/ath9k/debug.c | 2 - drivers/net/wireless/ath/ath9k/htc_drv_debug.c | 2 - .../wireless/broadcom/brcm80211/brcmfmac/btcoex.c | 2 +- .../broadcom/brcm80211/brcmfmac/cfg80211.c | 30 +- .../wireless/broadcom/brcm80211/brcmfmac/core.c | 2 +- .../wireless/broadcom/brcm80211/brcmfmac/feature.c | 2 +- .../wireless/broadcom/brcm80211/brcmfmac/fwil.h | 40 +- drivers/net/wireless/intel/iwlwifi/cfg/bz.c | 11 + drivers/net/wireless/intel/iwlwifi/iwl-config.h | 1 + drivers/net/wireless/intel/iwlwifi/mvm/constants.h | 2 +- .../net/wireless/intel/iwlwifi/mvm/time-event.c | 14 +- drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 36 +- drivers/net/wireless/mediatek/mt76/mac80211.c | 2 +- drivers/net/wireless/mediatek/mt76/mt7603/dma.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7615/init.c | 3 + .../net/wireless/mediatek/mt76/mt76_connac3_mac.h | 4 +- drivers/net/wireless/mediatek/mt76/mt7915/init.c | 2 + drivers/net/wireless/mediatek/mt76/mt7915/main.c | 3 +- drivers/net/wireless/mediatek/mt76/mt7921/init.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7925/mac.c | 5 +- drivers/net/wireless/mediatek/mt76/mt7925/mcu.c | 3 + drivers/net/wireless/mediatek/mt76/mt7996/init.c | 65 +- drivers/net/wireless/mediatek/mt76/mt7996/mac.c | 4 +- drivers/net/wireless/mediatek/mt76/mt7996/main.c | 6 +- drivers/net/wireless/mediatek/mt76/mt7996/mcu.c | 13 +- drivers/net/wireless/microchip/wilc1000/hif.c | 4 +- drivers/net/wireless/realtek/rtw88/coex.c | 38 +- drivers/net/wireless/realtek/rtw88/fw.c | 13 +- drivers/net/wireless/realtek/rtw88/main.c | 7 +- drivers/net/wireless/realtek/rtw88/rtw8821cu.c | 2 - drivers/net/wireless/realtek/rtw88/rtw8822c.c | 12 +- drivers/net/wireless/realtek/rtw88/rx.h | 2 +- drivers/net/wireless/realtek/rtw89/mac.h | 1 - drivers/ntb/hw/intel/ntb_hw_gen1.c | 2 +- drivers/ntb/ntb_transport.c | 23 +- drivers/ntb/test/ntb_perf.c | 2 +- drivers/nvdimm/namespace_devs.c | 34 +- drivers/nvme/host/multipath.c | 2 +- drivers/pci/controller/dwc/pci-dra7xx.c | 11 +- drivers/pci/controller/dwc/pci-imx6.c | 15 +- drivers/pci/controller/dwc/pci-keystone.c | 2 +- drivers/pci/controller/dwc/pcie-kirin.c | 4 +- drivers/pci/controller/dwc/pcie-qcom-ep.c | 14 +- drivers/pci/controller/pcie-xilinx-nwl.c | 39 +- drivers/pci/pci.c | 20 +- drivers/pci/pci.h | 6 +- drivers/pci/quirks.c | 31 +- drivers/perf/alibaba_uncore_drw_pmu.c | 2 +- drivers/perf/arm-cmn.c | 109 ++- drivers/perf/dwc_pcie_pmu.c | 21 +- drivers/perf/hisilicon/hisi_pcie_pmu.c | 16 +- drivers/phy/rockchip/phy-rockchip-samsung-hdptx.c | 1 + drivers/pinctrl/mvebu/pinctrl-dove.c | 42 +- drivers/pinctrl/pinctrl-single.c | 3 +- drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 95 +- drivers/platform/x86/ideapad-laptop.c | 48 +- drivers/pmdomain/core.c | 2 +- drivers/power/supply/axp20x_battery.c | 16 +- drivers/power/supply/max17042_battery.c | 5 +- drivers/powercap/intel_rapl_common.c | 2 +- drivers/pps/clients/pps_parport.c | 8 +- drivers/regulator/of_regulator.c | 2 +- drivers/remoteproc/imx_rproc.c | 6 +- drivers/reset/reset-berlin.c | 3 +- drivers/reset/reset-k210.c | 3 +- drivers/s390/crypto/ap_bus.c | 17 + drivers/scsi/NCR5380.c | 78 +- drivers/scsi/elx/libefc/efc_nport.c | 2 +- drivers/scsi/lpfc/lpfc_hw4.h | 3 + drivers/scsi/lpfc/lpfc_init.c | 21 +- drivers/scsi/lpfc/lpfc_scsi.c | 2 +- drivers/scsi/mac_scsi.c | 166 ++-- drivers/scsi/sd.c | 2 +- drivers/scsi/smartpqi/smartpqi_init.c | 20 +- drivers/soc/fsl/qe/qmc.c | 24 +- drivers/soc/fsl/qe/tsa.c | 2 +- drivers/soc/qcom/smd-rpm.c | 35 +- drivers/soc/versatile/soc-integrator.c | 1 + drivers/soc/versatile/soc-realview.c | 20 +- drivers/spi/atmel-quadspi.c | 15 +- drivers/spi/spi-airoha-snfi.c | 43 +- drivers/spi/spi-bcmbca-hsspi.c | 8 +- drivers/spi/spi-fsl-lpspi.c | 1 + drivers/spi/spi-nxp-fspi.c | 54 +- drivers/spi/spi-ppc4xx.c | 7 +- drivers/staging/media/starfive/camss/stf-camss.c | 2 - drivers/thermal/gov_bang_bang.c | 14 +- drivers/thermal/thermal_core.c | 78 +- drivers/tty/serial/8250/8250_omap.c | 2 +- drivers/tty/serial/qcom_geni_serial.c | 101 +-- drivers/tty/serial/rp2.c | 2 +- drivers/tty/serial/serial_core.c | 13 +- drivers/ufs/host/ufs-qcom.c | 2 +- drivers/usb/cdns3/cdnsp-ring.c | 6 +- drivers/usb/cdns3/host.c | 4 +- drivers/usb/class/cdc-acm.c | 2 + drivers/usb/dwc2/drd.c | 9 + drivers/usb/gadget/udc/dummy_hcd.c | 14 +- drivers/usb/host/xhci-mem.c | 5 +- drivers/usb/host/xhci-pci.c | 24 +- drivers/usb/host/xhci-ring.c | 14 + drivers/usb/host/xhci.h | 3 + drivers/usb/misc/appledisplay.c | 15 +- drivers/usb/misc/cypress_cy7c63.c | 4 + drivers/usb/misc/yurex.c | 10 +- drivers/vdpa/mlx5/core/mr.c | 3 + drivers/vhost/vdpa.c | 16 +- drivers/video/fbdev/hpfb.c | 1 + drivers/video/fbdev/xen-fbfront.c | 1 + drivers/watchdog/imx_sc_wdt.c | 24 - drivers/xen/swiotlb-xen.c | 10 +- fs/autofs/inode.c | 3 +- fs/btrfs/btrfs_inode.h | 1 + fs/btrfs/ctree.h | 2 + fs/btrfs/extent-tree.c | 4 +- fs/btrfs/file.c | 34 +- fs/btrfs/ioctl.c | 4 +- fs/btrfs/subpage.c | 10 +- fs/btrfs/tree-checker.c | 2 +- fs/cachefiles/xattr.c | 34 +- fs/debugfs/inode.c | 24 +- fs/erofs/inode.c | 20 +- fs/erofs/zdata.c | 136 +-- fs/eventpoll.c | 2 +- fs/exfat/nls.c | 5 +- fs/ext4/ialloc.c | 14 +- fs/ext4/inline.c | 35 +- fs/ext4/mballoc.c | 10 +- fs/ext4/super.c | 29 +- fs/f2fs/compress.c | 36 +- fs/f2fs/data.c | 10 +- fs/f2fs/dir.c | 3 +- fs/f2fs/extent_cache.c | 4 +- fs/f2fs/f2fs.h | 37 +- fs/f2fs/file.c | 101 ++- fs/f2fs/inode.c | 5 + fs/f2fs/namei.c | 68 -- fs/f2fs/segment.c | 15 + fs/f2fs/super.c | 16 +- fs/f2fs/xattr.c | 14 +- fs/fcntl.c | 14 +- fs/fs_parser.c | 34 + fs/fuse/file.c | 2 +- fs/inode.c | 4 + fs/jfs/jfs_dmap.c | 4 +- fs/jfs/jfs_imap.c | 2 +- fs/namespace.c | 14 +- fs/netfs/main.c | 4 +- fs/nfs/nfs4state.c | 1 + fs/nfsd/filecache.c | 3 +- fs/nfsd/nfs4idmap.c | 13 +- fs/nfsd/nfs4recover.c | 8 + fs/nfsd/nfs4state.c | 170 ++-- fs/nilfs2/btree.c | 12 +- fs/quota/dquot.c | 3 +- fs/smb/server/vfs.c | 19 +- include/acpi/acoutput.h | 5 + include/acpi/cppc_acpi.h | 2 + include/linux/bpf.h | 9 +- include/linux/bpf_lsm.h | 8 + include/linux/compiler.h | 2 +- include/linux/f2fs_fs.h | 2 +- include/linux/fs_parser.h | 6 +- include/linux/lsm_hook_defs.h | 1 + include/linux/lsm_hooks.h | 1 + include/linux/sbitmap.h | 2 +- include/linux/soc/qcom/geni-se.h | 9 + include/linux/usb/usbnet.h | 15 + include/net/bluetooth/hci_core.h | 4 +- include/net/ip.h | 2 + include/net/mac80211.h | 7 +- include/net/tcp.h | 21 +- include/sound/tas2781.h | 7 +- include/trace/events/f2fs.h | 3 +- io_uring/io-wq.c | 25 +- io_uring/io_uring.c | 4 +- io_uring/rw.c | 8 + io_uring/sqpoll.c | 12 + kernel/bpf/bpf_lsm.c | 34 +- kernel/bpf/btf.c | 13 +- kernel/bpf/helpers.c | 12 +- kernel/bpf/syscall.c | 4 +- kernel/bpf/verifier.c | 134 +-- kernel/kthread.c | 10 +- kernel/locking/lockdep.c | 50 +- kernel/module/Makefile | 2 +- kernel/padata.c | 6 +- kernel/rcu/tree_nocb.h | 5 +- kernel/sched/deadline.c | 38 +- kernel/sched/fair.c | 34 +- kernel/trace/bpf_trace.c | 15 +- lib/debugobjects.c | 5 +- lib/sbitmap.c | 4 +- lib/xz/xz_crc32.c | 2 +- lib/xz/xz_private.h | 4 - mm/damon/vaddr.c | 2 + mm/huge_memory.c | 2 + mm/hugetlb.c | 206 +++-- mm/internal.h | 11 +- mm/memory.c | 8 +- mm/migrate.c | 2 +- mm/mmap.c | 4 + mm/util.c | 2 +- net/bluetooth/hci_conn.c | 6 +- net/bluetooth/hci_sync.c | 5 +- net/bluetooth/mgmt.c | 13 +- net/can/bcm.c | 4 +- net/can/j1939/transport.c | 8 +- net/core/filter.c | 71 +- net/core/sock_map.c | 1 + net/hsr/hsr_slave.c | 11 +- net/ipv4/icmp.c | 103 ++- net/ipv6/Kconfig | 1 + net/ipv6/icmp.c | 28 +- net/ipv6/netfilter/nf_reject_ipv6.c | 14 +- net/ipv6/route.c | 2 +- net/ipv6/rpl_iptunnel.c | 12 +- net/mac80211/iface.c | 17 +- net/mac80211/mlme.c | 30 +- net/mac80211/offchannel.c | 1 + net/mac80211/rate.c | 2 +- net/mac80211/scan.c | 2 +- net/mac80211/tx.c | 2 +- net/netfilter/nf_conntrack_netlink.c | 7 +- net/netfilter/nf_tables_api.c | 18 +- net/netfilter/nft_compat.c | 6 +- net/netfilter/nft_dynset.c | 6 +- net/netfilter/nft_log.c | 2 +- net/netfilter/nft_meta.c | 2 +- net/netfilter/nft_numgen.c | 2 +- net/netfilter/nft_set_pipapo.c | 13 +- net/netfilter/nft_tunnel.c | 5 +- net/qrtr/af_qrtr.c | 2 +- net/tipc/bcast.c | 2 +- net/wireless/nl80211.c | 3 +- net/wireless/scan.c | 6 +- net/wireless/sme.c | 3 +- net/wireless/util.c | 10 +- net/xdp/xsk_buff_pool.c | 29 +- samples/bpf/Makefile | 6 +- security/apparmor/include/net.h | 3 +- security/apparmor/lsm.c | 17 +- security/apparmor/net.c | 2 +- security/bpf/hooks.c | 1 - security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_iint.c | 20 +- security/integrity/ima/ima_main.c | 2 +- security/landlock/fs.c | 9 +- security/security.c | 68 +- security/selinux/hooks.c | 80 +- security/selinux/include/objsec.h | 5 + security/selinux/netlabel.c | 23 +- security/smack/smack.h | 5 + security/smack/smack_lsm.c | 70 +- security/smack/smack_netfilter.c | 4 +- security/smack/smackfs.c | 2 +- sound/pci/hda/cs35l41_hda_spi.c | 1 + sound/pci/hda/tas2781_hda_i2c.c | 2 +- sound/soc/codecs/rt5682.c | 4 +- sound/soc/codecs/rt5682s.c | 4 +- sound/soc/codecs/tas2781-comlib.c | 3 - sound/soc/codecs/tas2781-fmwlib.c | 1 - sound/soc/codecs/tas2781-i2c.c | 56 +- sound/soc/loongson/loongson_card.c | 4 +- tools/bpf/runqslower/Makefile | 3 +- tools/build/feature/test-all.c | 4 - tools/include/nolibc/string.h | 1 + tools/lib/bpf/libbpf.c | 75 +- tools/objtool/arch/loongarch/decode.c | 11 +- tools/objtool/check.c | 23 +- tools/objtool/include/objtool/elf.h | 1 + tools/perf/builtin-c2c.c | 14 +- tools/perf/builtin-inject.c | 1 + tools/perf/builtin-mem.c | 20 +- tools/perf/builtin-report.c | 3 +- tools/perf/builtin-sched.c | 8 +- tools/perf/scripts/python/arm-cs-trace-disasm.py | 9 +- tools/perf/util/annotate-data.c | 2 +- tools/perf/util/bpf_skel/lock_data.h | 4 +- tools/perf/util/bpf_skel/vmlinux/vmlinux.h | 1 + tools/perf/util/dwarf-aux.c | 16 +- tools/perf/util/machine.c | 17 +- tools/perf/util/mem-events.c | 20 +- tools/perf/util/mem-events.h | 4 +- tools/perf/util/session.c | 3 + tools/perf/util/stat-display.c | 3 +- tools/perf/util/thread.c | 4 + tools/perf/util/thread.h | 1 + tools/perf/util/time-utils.c | 4 +- tools/perf/util/tool.h | 1 + tools/power/cpupower/lib/powercap.c | 8 + tools/testing/selftests/arm64/signal/Makefile | 2 +- tools/testing/selftests/arm64/signal/sve_helpers.c | 56 ++ tools/testing/selftests/arm64/signal/sve_helpers.h | 21 + .../testcases/fake_sigreturn_sme_change_vl.c | 46 +- .../testcases/fake_sigreturn_sve_change_vl.c | 30 +- .../selftests/arm64/signal/testcases/ssve_regs.c | 36 +- .../arm64/signal/testcases/ssve_za_regs.c | 36 +- .../selftests/arm64/signal/testcases/sve_regs.c | 32 +- .../selftests/arm64/signal/testcases/za_no_regs.c | 32 +- .../selftests/arm64/signal/testcases/za_regs.c | 36 +- tools/testing/selftests/bpf/Makefile | 13 +- tools/testing/selftests/bpf/bench.c | 1 + tools/testing/selftests/bpf/bench.h | 1 + .../selftests/bpf/map_tests/sk_storage_map.c | 2 +- .../selftests/bpf/prog_tests/bpf_iter_setsockopt.c | 2 +- .../testing/selftests/bpf/prog_tests/core_reloc.c | 1 + .../selftests/bpf/prog_tests/crypto_sanity.c | 1 - .../selftests/bpf/prog_tests/decap_sanity.c | 1 - .../selftests/bpf/prog_tests/flow_dissector.c | 2 +- tools/testing/selftests/bpf/prog_tests/kfree_skb.c | 1 + .../selftests/bpf/prog_tests/lwt_redirect.c | 1 - .../testing/selftests/bpf/prog_tests/lwt_reroute.c | 1 + .../selftests/bpf/prog_tests/ns_current_pid_tgid.c | 2 +- .../selftests/bpf/prog_tests/parse_tcp_hdr_opt.c | 1 + tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 1 - .../testing/selftests/bpf/prog_tests/tc_redirect.c | 12 +- tools/testing/selftests/bpf/prog_tests/tcp_rtt.c | 1 + .../selftests/bpf/prog_tests/user_ringbuf.c | 1 + tools/testing/selftests/bpf/progs/bpf_misc.h | 31 +- .../testing/selftests/bpf/progs/cg_storage_multi.h | 2 - .../bpf/progs/test_libbpf_get_fd_by_id_opts.c | 1 + .../selftests/bpf/progs/verifier_spill_fill.c | 8 +- tools/testing/selftests/bpf/test_cpp.cpp | 4 + tools/testing/selftests/bpf/test_loader.c | 309 +++++-- tools/testing/selftests/bpf/test_lru_map.c | 3 +- tools/testing/selftests/bpf/test_progs.c | 18 +- tools/testing/selftests/bpf/test_progs.h | 1 - tools/testing/selftests/bpf/testing_helpers.c | 6 +- tools/testing/selftests/bpf/unpriv_helpers.c | 1 - tools/testing/selftests/bpf/veristat.c | 8 +- .../testing/selftests/dt/test_unprobed_devices.sh | 15 +- .../ftrace/test.d/00basic/test_ownership.tc | 12 + .../ftrace/test.d/ftrace/func_set_ftrace_file.tc | 9 +- .../ftrace/test.d/kprobe/kprobe_args_char.tc | 2 +- .../ftrace/test.d/kprobe/kprobe_args_string.tc | 2 +- tools/testing/selftests/kselftest.h | 2 + tools/testing/selftests/net/netfilter/ipvs.sh | 2 +- tools/testing/selftests/resctrl/cat_test.c | 7 +- virt/kvm/kvm_main.c | 31 +- 626 files changed, 7228 insertions(+), 4500 deletions(-)

7 months

13
646
0 0

[PATCH v2] comedi: drivers: ni_tio: Fix arithmetic expression overflow

by Denis Arefev

The value of an arithmetic expression period_ns * 1000 is subject to overflow due to a failure to cast operands to a larger data type before performing arithmetic Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 3e90b1c7ebe9 ("staging: comedi: ni_tio: tidy up ni_tio_set_clock_src() and helpers") Cc: <stable(a)vger.kernel.org> # v5.15+ Reviewed-by: Ian Abbott <abbotti(a)mev.co.uk> Signed-off-by: Denis Arefev <arefev(a)swemel.ru> Signed-off-by: Ian Abbott <abbotti(a)mev.co.uk> --- V1 -> V2: Oh, good point. It should be 1000ULL. drivers/comedi/drivers/ni_tio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/comedi/drivers/ni_tio.c b/drivers/comedi/drivers/ni_tio.c index da6826d77e60..acc914903c70 100644 --- a/drivers/comedi/drivers/ni_tio.c +++ b/drivers/comedi/drivers/ni_tio.c @@ -800,7 +800,7 @@ static int ni_tio_set_clock_src(struct ni_gpct *counter, GI_PRESCALE_X2(counter_dev->variant) | GI_PRESCALE_X8(counter_dev->variant), bits); } - counter->clock_period_ps = period_ns * 1000; + counter->clock_period_ps = period_ns * 1000ULL; ni_tio_set_sync_mode(counter); return 0; } -- 2.25.1

7 months

1
0
0 0

+ nilfs2-propagate-directory-read-errors-from-nilfs_find_entry.patch added to mm-hotfixes-unstable branch

by Andrew Morton

The patch titled Subject: nilfs2: propagate directory read errors from nilfs_find_entry() has been added to the -mm mm-hotfixes-unstable branch. Its filename is nilfs2-propagate-directory-read-errors-from-nilfs_find_entry.patch This patch will shortly appear at https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patche… This patch will later appear in the mm-hotfixes-unstable branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next via the mm-everything branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm and is updated there every 2-3 working days ------------------------------------------------------ From: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Subject: nilfs2: propagate directory read errors from nilfs_find_entry() Date: Fri, 4 Oct 2024 12:35:31 +0900 Syzbot reported that a task hang occurs in vcs_open() during a fuzzing test for nilfs2. The root cause of this problem is that in nilfs_find_entry(), which searches for directory entries, ignores errors when loading a directory page/folio via nilfs_get_folio() fails. If the filesystem images is corrupted, and the i_size of the directory inode is large, and the directory page/folio is successfully read but fails the sanity check, for example when it is zero-filled, nilfs_check_folio() may continue to spit out error messages in bursts. Fix this issue by propagating the error to the callers when loading a page/folio fails in nilfs_find_entry(). The current interface of nilfs_find_entry() and its callers is outdated and cannot propagate error codes such as -EIO and -ENOMEM returned via nilfs_find_entry(), so fix it together. Link: https://lkml.kernel.org/r/20241004033640.6841-1-konishi.ryusuke@gmail.com Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") Signed-off-by: Ryusuke Konishi <konishi.ryusuke(a)gmail.com> Reported-by: Lizhi Xu <lizhi.xu(a)windriver.com> Closes: https://lkml.kernel.org/r/20240927013806.3577931-1-lizhi.xu@windriver.com Reported-by: syzbot+8a192e8d090fa9a31135(a)syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=8a192e8d090fa9a31135 Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- fs/nilfs2/dir.c | 48 ++++++++++++++++++++++---------------------- fs/nilfs2/namei.c | 39 +++++++++++++++++++++++------------ fs/nilfs2/nilfs.h | 2 - 3 files changed, 52 insertions(+), 37 deletions(-) --- a/fs/nilfs2/dir.c~nilfs2-propagate-directory-read-errors-from-nilfs_find_entry +++ a/fs/nilfs2/dir.c @@ -289,7 +289,7 @@ static int nilfs_readdir(struct file *fi * The folio is mapped and unlocked. When the caller is finished with * the entry, it should call folio_release_kmap(). * - * On failure, returns NULL and the caller should ignore foliop. + * On failure, returns an error pointer and the caller should ignore foliop. */ struct nilfs_dir_entry *nilfs_find_entry(struct inode *dir, const struct qstr *qstr, struct folio **foliop) @@ -312,22 +312,24 @@ struct nilfs_dir_entry *nilfs_find_entry do { char *kaddr = nilfs_get_folio(dir, n, foliop); - if (!IS_ERR(kaddr)) { - de = (struct nilfs_dir_entry *)kaddr; - kaddr += nilfs_last_byte(dir, n) - reclen; - while ((char *) de <= kaddr) { - if (de->rec_len == 0) { - nilfs_error(dir->i_sb, - "zero-length directory entry"); - folio_release_kmap(*foliop, kaddr); - goto out; - } - if (nilfs_match(namelen, name, de)) - goto found; - de = nilfs_next_entry(de); + if (IS_ERR(kaddr)) + return ERR_CAST(kaddr); + + de = (struct nilfs_dir_entry *)kaddr; + kaddr += nilfs_last_byte(dir, n) - reclen; + while ((char *)de <= kaddr) { + if (de->rec_len == 0) { + nilfs_error(dir->i_sb, + "zero-length directory entry"); + folio_release_kmap(*foliop, kaddr); + goto out; } - folio_release_kmap(*foliop, kaddr); + if (nilfs_match(namelen, name, de)) + goto found; + de = nilfs_next_entry(de); } + folio_release_kmap(*foliop, kaddr); + if (++n >= npages) n = 0; /* next folio is past the blocks we've got */ @@ -340,7 +342,7 @@ struct nilfs_dir_entry *nilfs_find_entry } } while (n != start); out: - return NULL; + return ERR_PTR(-ENOENT); found: ei->i_dir_start_lookup = n; @@ -384,18 +386,18 @@ fail: return NULL; } -ino_t nilfs_inode_by_name(struct inode *dir, const struct qstr *qstr) +int nilfs_inode_by_name(struct inode *dir, const struct qstr *qstr, ino_t *ino) { - ino_t res = 0; struct nilfs_dir_entry *de; struct folio *folio; de = nilfs_find_entry(dir, qstr, &folio); - if (de) { - res = le64_to_cpu(de->inode); - folio_release_kmap(folio, de); - } - return res; + if (IS_ERR(de)) + return PTR_ERR(de); + + *ino = le64_to_cpu(de->inode); + folio_release_kmap(folio, de); + return 0; } void nilfs_set_link(struct inode *dir, struct nilfs_dir_entry *de, --- a/fs/nilfs2/namei.c~nilfs2-propagate-directory-read-errors-from-nilfs_find_entry +++ a/fs/nilfs2/namei.c @@ -55,12 +55,20 @@ nilfs_lookup(struct inode *dir, struct d { struct inode *inode; ino_t ino; + int res; if (dentry->d_name.len > NILFS_NAME_LEN) return ERR_PTR(-ENAMETOOLONG); - ino = nilfs_inode_by_name(dir, &dentry->d_name); - inode = ino ? nilfs_iget(dir->i_sb, NILFS_I(dir)->i_root, ino) : NULL; + res = nilfs_inode_by_name(dir, &dentry->d_name, &ino); + if (res) { + if (res != -ENOENT) + return ERR_PTR(res); + inode = NULL; + } else { + inode = nilfs_iget(dir->i_sb, NILFS_I(dir)->i_root, ino); + } + return d_splice_alias(inode, dentry); } @@ -263,10 +271,11 @@ static int nilfs_do_unlink(struct inode struct folio *folio; int err; - err = -ENOENT; de = nilfs_find_entry(dir, &dentry->d_name, &folio); - if (!de) + if (IS_ERR(de)) { + err = PTR_ERR(de); goto out; + } inode = d_inode(dentry); err = -EIO; @@ -362,10 +371,11 @@ static int nilfs_rename(struct mnt_idmap if (unlikely(err)) return err; - err = -ENOENT; old_de = nilfs_find_entry(old_dir, &old_dentry->d_name, &old_folio); - if (!old_de) + if (IS_ERR(old_de)) { + err = PTR_ERR(old_de); goto out; + } if (S_ISDIR(old_inode->i_mode)) { err = -EIO; @@ -382,10 +392,12 @@ static int nilfs_rename(struct mnt_idmap if (dir_de && !nilfs_empty_dir(new_inode)) goto out_dir; - err = -ENOENT; - new_de = nilfs_find_entry(new_dir, &new_dentry->d_name, &new_folio); - if (!new_de) + new_de = nilfs_find_entry(new_dir, &new_dentry->d_name, + &new_folio); + if (IS_ERR(new_de)) { + err = PTR_ERR(new_de); goto out_dir; + } nilfs_set_link(new_dir, new_de, new_folio, old_inode); folio_release_kmap(new_folio, new_de); nilfs_mark_inode_dirty(new_dir); @@ -440,12 +452,13 @@ out: */ static struct dentry *nilfs_get_parent(struct dentry *child) { - unsigned long ino; + ino_t ino; + int res; struct nilfs_root *root; - ino = nilfs_inode_by_name(d_inode(child), &dotdot_name); - if (!ino) - return ERR_PTR(-ENOENT); + res = nilfs_inode_by_name(d_inode(child), &dotdot_name, &ino); + if (res) + return ERR_PTR(res); root = NILFS_I(d_inode(child))->i_root; --- a/fs/nilfs2/nilfs.h~nilfs2-propagate-directory-read-errors-from-nilfs_find_entry +++ a/fs/nilfs2/nilfs.h @@ -254,7 +254,7 @@ static inline __u32 nilfs_mask_flags(umo /* dir.c */ int nilfs_add_link(struct dentry *, struct inode *); -ino_t nilfs_inode_by_name(struct inode *, const struct qstr *); +int nilfs_inode_by_name(struct inode *dir, const struct qstr *qstr, ino_t *ino); int nilfs_make_empty(struct inode *, struct inode *); struct nilfs_dir_entry *nilfs_find_entry(struct inode *, const struct qstr *, struct folio **); _ Patches currently in -mm which might be from konishi.ryusuke(a)gmail.com are nilfs2-propagate-directory-read-errors-from-nilfs_find_entry.patch

7 months

1
0
0 0

[merged mm-hotfixes-stable] secretmem-disable-memfd_secret-if-arch-cannot-set-direct-map.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: secretmem: disable memfd_secret() if arch cannot set direct map has been removed from the -mm tree. Its filename was secretmem-disable-memfd_secret-if-arch-cannot-set-direct-map.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Patrick Roy <roypat(a)amazon.co.uk> Subject: secretmem: disable memfd_secret() if arch cannot set direct map Date: Tue, 1 Oct 2024 09:00:41 +0100 Return -ENOSYS from memfd_secret() syscall if !can_set_direct_map(). This is the case for example on some arm64 configurations, where marking 4k PTEs in the direct map not present can only be done if the direct map is set up at 4k granularity in the first place (as ARM's break-before-make semantics do not easily allow breaking apart large/gigantic pages). More precisely, on arm64 systems with !can_set_direct_map(), set_direct_map_invalid_noflush() is a no-op, however it returns success (0) instead of an error. This means that memfd_secret will seemingly "work" (e.g. syscall succeeds, you can mmap the fd and fault in pages), but it does not actually achieve its goal of removing its memory from the direct map. Note that with this patch, memfd_secret() will start erroring on systems where can_set_direct_map() returns false (arm64 with CONFIG_RODATA_FULL_DEFAULT_ENABLED=n, CONFIG_DEBUG_PAGEALLOC=n and CONFIG_KFENCE=n), but that still seems better than the current silent failure. Since CONFIG_RODATA_FULL_DEFAULT_ENABLED defaults to 'y', most arm64 systems actually have a working memfd_secret() and aren't be affected. From going through the iterations of the original memfd_secret patch series, it seems that disabling the syscall in these scenarios was the intended behavior [1] (preferred over having set_direct_map_invalid_noflush return an error as that would result in SIGBUSes at page-fault time), however the check for it got dropped between v16 [2] and v17 [3], when secretmem moved away from CMA allocations. [1]: https://lore.kernel.org/lkml/20201124164930.GK8537@kernel.org/ [2]: https://lore.kernel.org/lkml/20210121122723.3446-11-rppt@kernel.org/#t [3]: https://lore.kernel.org/lkml/20201125092208.12544-10-rppt@kernel.org/ Link: https://lkml.kernel.org/r/20241001080056.784735-1-roypat@amazon.co.uk Fixes: 1507f51255c9 ("mm: introduce memfd_secret system call to create "secret" memory areas") Signed-off-by: Patrick Roy <roypat(a)amazon.co.uk> Reviewed-by: Mike Rapoport (Microsoft) <rppt(a)kernel.org> Cc: Alexander Graf <graf(a)amazon.com> Cc: David Hildenbrand <david(a)redhat.com> Cc: James Gowans <jgowans(a)amazon.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- mm/secretmem.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/mm/secretmem.c~secretmem-disable-memfd_secret-if-arch-cannot-set-direct-map +++ a/mm/secretmem.c @@ -238,7 +238,7 @@ SYSCALL_DEFINE1(memfd_secret, unsigned i /* make sure local flags do not confict with global fcntl.h */ BUILD_BUG_ON(SECRETMEM_FLAGS_MASK & O_CLOEXEC); - if (!secretmem_enable) + if (!secretmem_enable || !can_set_direct_map()) return -ENOSYS; if (flags & ~(SECRETMEM_FLAGS_MASK | O_CLOEXEC)) @@ -280,7 +280,7 @@ static struct file_system_type secretmem static int __init secretmem_init(void) { - if (!secretmem_enable) + if (!secretmem_enable || !can_set_direct_map()) return 0; secretmem_mnt = kern_mount(&secretmem_fs); _ Patches currently in -mm which might be from roypat(a)amazon.co.uk are

7 months

1
0
0 0

[merged mm-hotfixes-stable] fs-proc-kcorec-allow-translation-of-physical-memory-addresses.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: fs/proc/kcore.c: allow translation of physical memory addresses has been removed from the -mm tree. Its filename was fs-proc-kcorec-allow-translation-of-physical-memory-addresses.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Alexander Gordeev <agordeev(a)linux.ibm.com> Subject: fs/proc/kcore.c: allow translation of physical memory addresses Date: Mon, 30 Sep 2024 14:21:19 +0200 When /proc/kcore is read an attempt to read the first two pages results in HW-specific page swap on s390 and another (so called prefix) pages are accessed instead. That leads to a wrong read. Allow architecture-specific translation of memory addresses using kc_xlate_dev_mem_ptr() and kc_unxlate_dev_mem_ptr() callbacks similarily to /dev/mem xlate_dev_mem_ptr() and unxlate_dev_mem_ptr() callbacks. That way an architecture can deal with specific physical memory ranges. Re-use the existing /dev/mem callback implementation on s390, which handles the described prefix pages swapping correctly. For other architectures the default callback is basically NOP. It is expected the condition (vaddr == __va(__pa(vaddr))) always holds true for KCORE_RAM memory type. Link: https://lkml.kernel.org/r/20240930122119.1651546-1-agordeev@linux.ibm.com Signed-off-by: Alexander Gordeev <agordeev(a)linux.ibm.com> Suggested-by: Heiko Carstens <hca(a)linux.ibm.com> Cc: Vasily Gorbik <gor(a)linux.ibm.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- arch/s390/include/asm/io.h | 2 + fs/proc/kcore.c | 36 +++++++++++++++++++++++++++++++++-- 2 files changed, 36 insertions(+), 2 deletions(-) --- a/arch/s390/include/asm/io.h~fs-proc-kcorec-allow-translation-of-physical-memory-addresses +++ a/arch/s390/include/asm/io.h @@ -16,8 +16,10 @@ #include <asm/pci_io.h> #define xlate_dev_mem_ptr xlate_dev_mem_ptr +#define kc_xlate_dev_mem_ptr xlate_dev_mem_ptr void *xlate_dev_mem_ptr(phys_addr_t phys); #define unxlate_dev_mem_ptr unxlate_dev_mem_ptr +#define kc_unxlate_dev_mem_ptr unxlate_dev_mem_ptr void unxlate_dev_mem_ptr(phys_addr_t phys, void *addr); #define IO_SPACE_LIMIT 0 --- a/fs/proc/kcore.c~fs-proc-kcorec-allow-translation-of-physical-memory-addresses +++ a/fs/proc/kcore.c @@ -50,6 +50,20 @@ static struct proc_dir_entry *proc_root_ #define kc_offset_to_vaddr(o) ((o) + PAGE_OFFSET) #endif +#ifndef kc_xlate_dev_mem_ptr +#define kc_xlate_dev_mem_ptr kc_xlate_dev_mem_ptr +static inline void *kc_xlate_dev_mem_ptr(phys_addr_t phys) +{ + return __va(phys); +} +#endif +#ifndef kc_unxlate_dev_mem_ptr +#define kc_unxlate_dev_mem_ptr kc_unxlate_dev_mem_ptr +static inline void kc_unxlate_dev_mem_ptr(phys_addr_t phys, void *virt) +{ +} +#endif + static LIST_HEAD(kclist_head); static DECLARE_RWSEM(kclist_lock); static int kcore_need_update = 1; @@ -471,6 +485,8 @@ static ssize_t read_kcore_iter(struct ki while (buflen) { struct page *page; unsigned long pfn; + phys_addr_t phys; + void *__start; /* * If this is the first iteration or the address is not within @@ -537,7 +553,8 @@ static ssize_t read_kcore_iter(struct ki } break; case KCORE_RAM: - pfn = __pa(start) >> PAGE_SHIFT; + phys = __pa(start); + pfn = phys >> PAGE_SHIFT; page = pfn_to_online_page(pfn); /* @@ -557,13 +574,28 @@ static ssize_t read_kcore_iter(struct ki fallthrough; case KCORE_VMEMMAP: case KCORE_TEXT: + if (m->type == KCORE_RAM) { + __start = kc_xlate_dev_mem_ptr(phys); + if (!__start) { + ret = -ENOMEM; + if (iov_iter_zero(tsz, iter) != tsz) + ret = -EFAULT; + goto out; + } + } else { + __start = (void *)start; + } + /* * Sadly we must use a bounce buffer here to be able to * make use of copy_from_kernel_nofault(), as these * memory regions might not always be mapped on all * architectures. */ - if (copy_from_kernel_nofault(buf, (void *)start, tsz)) { + ret = copy_from_kernel_nofault(buf, __start, tsz); + if (m->type == KCORE_RAM) + kc_unxlate_dev_mem_ptr(phys, __start); + if (ret) { if (iov_iter_zero(tsz, iter) != tsz) { ret = -EFAULT; goto out; _ Patches currently in -mm which might be from agordeev(a)linux.ibm.com are

7 months

1
0
0 0

[merged mm-hotfixes-stable] selftests-mm-fixed-incorrect-buffer-mirror-size-in-hmm2-double_map-test.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test has been removed from the -mm tree. Its filename was selftests-mm-fixed-incorrect-buffer-mirror-size-in-hmm2-double_map-test.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Donet Tom <donettom(a)linux.ibm.com> Subject: selftests/mm: fix incorrect buffer->mirror size in hmm2 double_map test Date: Fri, 27 Sep 2024 00:07:52 -0500 The hmm2 double_map test was failing due to an incorrect buffer->mirror size. The buffer->mirror size was 6, while buffer->ptr size was 6 * PAGE_SIZE. The test failed because the kernel's copy_to_user function was attempting to copy a 6 * PAGE_SIZE buffer to buffer->mirror. Since the size of buffer->mirror was incorrect, copy_to_user failed. This patch corrects the buffer->mirror size to 6 * PAGE_SIZE. Test Result without this patch ============================== # RUN hmm2.hmm2_device_private.double_map ... # hmm-tests.c:1680:double_map:Expected ret (-14) == 0 (0) # double_map: Test terminated by assertion # FAIL hmm2.hmm2_device_private.double_map not ok 53 hmm2.hmm2_device_private.double_map Test Result with this patch =========================== # RUN hmm2.hmm2_device_private.double_map ... # OK hmm2.hmm2_device_private.double_map ok 53 hmm2.hmm2_device_private.double_map Link: https://lkml.kernel.org/r/20240927050752.51066-1-donettom@linux.ibm.com Fixes: fee9f6d1b8df ("mm/hmm/test: add selftests for HMM") Signed-off-by: Donet Tom <donettom(a)linux.ibm.com> Reviewed-by: Muhammad Usama Anjum <usama.anjum(a)collabora.com> Cc: J��r��me Glisse <jglisse(a)redhat.com> Cc: Kees Cook <keescook(a)chromium.org> Cc: Mark Brown <broonie(a)kernel.org> Cc: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Cc: Ritesh Harjani (IBM) <ritesh.list(a)gmail.com> Cc: Shuah Khan <shuah(a)kernel.org> Cc: Ralph Campbell <rcampbell(a)nvidia.com> Cc: Jason Gunthorpe <jgg(a)mellanox.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- tools/testing/selftests/mm/hmm-tests.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/tools/testing/selftests/mm/hmm-tests.c~selftests-mm-fixed-incorrect-buffer-mirror-size-in-hmm2-double_map-test +++ a/tools/testing/selftests/mm/hmm-tests.c @@ -1657,7 +1657,7 @@ TEST_F(hmm2, double_map) buffer->fd = -1; buffer->size = size; - buffer->mirror = malloc(npages); + buffer->mirror = malloc(size); ASSERT_NE(buffer->mirror, NULL); /* Reserve a range of addresses. */ _ Patches currently in -mm which might be from donettom(a)linux.ibm.com are

7 months

1
0
0 0

[merged mm-hotfixes-stable] device-dax-correct-pgoff-align-in-dax_set_mapping.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: device-dax: correct pgoff align in dax_set_mapping() has been removed from the -mm tree. Its filename was device-dax-correct-pgoff-align-in-dax_set_mapping.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: "Kun(llfl)" <llfl(a)linux.alibaba.com> Subject: device-dax: correct pgoff align in dax_set_mapping() Date: Fri, 27 Sep 2024 15:45:09 +0800 pgoff should be aligned using ALIGN_DOWN() instead of ALIGN(). Otherwise, vmf->address not aligned to fault_size will be aligned to the next alignment, that can result in memory failure getting the wrong address. It's a subtle situation that only can be observed in page_mapped_in_vma() after the page is page fault handled by dev_dax_huge_fault. Generally, there is little chance to perform page_mapped_in_vma in dev-dax's page unless in specific error injection to the dax device to trigger an MCE - memory-failure. In that case, page_mapped_in_vma() will be triggered to determine which task is accessing the failure address and kill that task in the end. We used self-developed dax device (which is 2M aligned mapping) , to perform error injection to random address. It turned out that error injected to non-2M-aligned address was causing endless MCE until panic. Because page_mapped_in_vma() kept resulting wrong address and the task accessing the failure address was never killed properly: [ 3783.719419] Memory failure: 0x200c9742: recovery action for dax page: Recovered [ 3784.049006] mce: Uncorrected hardware memory error in user-access at 200c9742380 [ 3784.049190] Memory failure: 0x200c9742: recovery action for dax page: Recovered [ 3784.448042] mce: Uncorrected hardware memory error in user-access at 200c9742380 [ 3784.448186] Memory failure: 0x200c9742: recovery action for dax page: Recovered [ 3784.792026] mce: Uncorrected hardware memory error in user-access at 200c9742380 [ 3784.792179] Memory failure: 0x200c9742: recovery action for dax page: Recovered [ 3785.162502] mce: Uncorrected hardware memory error in user-access at 200c9742380 [ 3785.162633] Memory failure: 0x200c9742: recovery action for dax page: Recovered [ 3785.461116] mce: Uncorrected hardware memory error in user-access at 200c9742380 [ 3785.461247] Memory failure: 0x200c9742: recovery action for dax page: Recovered [ 3785.764730] mce: Uncorrected hardware memory error in user-access at 200c9742380 [ 3785.764859] Memory failure: 0x200c9742: recovery action for dax page: Recovered [ 3786.042128] mce: Uncorrected hardware memory error in user-access at 200c9742380 [ 3786.042259] Memory failure: 0x200c9742: recovery action for dax page: Recovered [ 3786.464293] mce: Uncorrected hardware memory error in user-access at 200c9742380 [ 3786.464423] Memory failure: 0x200c9742: recovery action for dax page: Recovered [ 3786.818090] mce: Uncorrected hardware memory error in user-access at 200c9742380 [ 3786.818217] Memory failure: 0x200c9742: recovery action for dax page: Recovered [ 3787.085297] mce: Uncorrected hardware memory error in user-access at 200c9742380 [ 3787.085424] Memory failure: 0x200c9742: recovery action for dax page: Recovered It took us several weeks to pinpoint this problem,�� but we eventually used bpftrace to trace the page fault and mce address and successfully identified the issue. Joao added: ; Likely we never reproduce in production because we always pin : device-dax regions in the region align they provide (Qemu does : similarly with prealloc in hugetlb/file backed memory). I think this : bug requires that we touch *unpinned* device-dax regions unaligned to : the device-dax selected alignment (page size i.e. 4K/2M/1G) Link: https://lkml.kernel.org/r/23c02a03e8d666fef11bbe13e85c69c8b4ca0624.17274216… Fixes: b9b5777f09be ("device-dax: use ALIGN() for determining pgoff") Signed-off-by: Kun(llfl) <llfl(a)linux.alibaba.com> Tested-by: JianXiong Zhao <zhaojianxiong.zjx(a)alibaba-inc.com> Reviewed-by: Joao Martins <joao.m.martins(a)oracle.com> Cc: Dan Williams <dan.j.williams(a)intel.com> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- drivers/dax/device.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/dax/device.c~device-dax-correct-pgoff-align-in-dax_set_mapping +++ a/drivers/dax/device.c @@ -86,7 +86,7 @@ static void dax_set_mapping(struct vm_fa nr_pages = 1; pgoff = linear_page_index(vmf->vma, - ALIGN(vmf->address, fault_size)); + ALIGN_DOWN(vmf->address, fault_size)); for (i = 0; i < nr_pages; i++) { struct page *page = pfn_to_page(pfn_t_to_pfn(pfn) + i); _ Patches currently in -mm which might be from llfl(a)linux.alibaba.com are

7 months

1
0
0 0

[merged mm-hotfixes-stable] kthread-unpark-only-parked-kthread.patch removed from -mm tree

by Andrew Morton

The quilt patch titled Subject: kthread: unpark only parked kthread has been removed from the -mm tree. Its filename was kthread-unpark-only-parked-kthread.patch This patch was dropped because it was merged into the mm-hotfixes-stable branch of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm ------------------------------------------------------ From: Frederic Weisbecker <frederic(a)kernel.org> Subject: kthread: unpark only parked kthread Date: Fri, 13 Sep 2024 23:46:34 +0200 Calling into kthread unparking unconditionally is mostly harmless when the kthread is already unparked. The wake up is then simply ignored because the target is not in TASK_PARKED state. However if the kthread is per CPU, the wake up is preceded by a call to kthread_bind() which expects the task to be inactive and in TASK_PARKED state, which obviously isn't the case if it is unparked. As a result, calling kthread_stop() on an unparked per-cpu kthread triggers such a warning: WARNING: CPU: 0 PID: 11 at kernel/kthread.c:525 __kthread_bind_mask kernel/kthread.c:525 <TASK> kthread_stop+0x17a/0x630 kernel/kthread.c:707 destroy_workqueue+0x136/0xc40 kernel/workqueue.c:5810 wg_destruct+0x1e2/0x2e0 drivers/net/wireguard/device.c:257 netdev_run_todo+0xe1a/0x1000 net/core/dev.c:10693 default_device_exit_batch+0xa14/0xa90 net/core/dev.c:11769 ops_exit_list net/core/net_namespace.c:178 [inline] cleanup_net+0x89d/0xcc0 net/core/net_namespace.c:640 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd70 kernel/workqueue.c:3393 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Fix this with skipping unecessary unparking while stopping a kthread. Link: https://lkml.kernel.org/r/20240913214634.12557-1-frederic@kernel.org Fixes: 5c25b5ff89f0 ("workqueue: Tag bound workers with KTHREAD_IS_PER_CPU") Signed-off-by: Frederic Weisbecker <frederic(a)kernel.org> Reported-by: syzbot+943d34fa3cf2191e3068(a)syzkaller.appspotmail.com Tested-by: syzbot+943d34fa3cf2191e3068(a)syzkaller.appspotmail.com Suggested-by: Thomas Gleixner <tglx(a)linutronix.de> Cc: Hillf Danton <hdanton(a)sina.com> Cc: Tejun Heo <tj(a)kernel.org> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> --- kernel/kthread.c | 2 ++ 1 file changed, 2 insertions(+) --- a/kernel/kthread.c~kthread-unpark-only-parked-kthread +++ a/kernel/kthread.c @@ -623,6 +623,8 @@ void kthread_unpark(struct task_struct * { struct kthread *kthread = to_kthread(k); + if (!test_bit(KTHREAD_SHOULD_PARK, &kthread->flags)) + return; /* * Newly created kthread was parked when the CPU was offline. * The binding was lost and we need to set it again. _ Patches currently in -mm which might be from frederic(a)kernel.org are

7 months

1
0
0 0

[PATCH] scsi: fnic: move flush_work initialization out of if block

by Martin Wilck

(resending, sorry - I'd forgotten to add the mailing list) After commit 379a58caa199 ("scsi: fnic: Move fnic_fnic_flush_tx() to a work queue"), it can happen that a work item is sent to an uninitialized work queue. This may has the effect that the item being queued is never actually queued, and any further actions depending on it will not proceed. The following warning is observed while the fnic driver is loaded: kernel: WARNING: CPU: 11 PID: 0 at ../kernel/workqueue.c:1524 __queue_work+0x373/0x410 kernel: <IRQ> kernel: queue_work_on+0x3a/0x50 kernel: fnic_wq_copy_cmpl_handler+0x54a/0x730 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24] kernel: fnic_isr_msix_wq_copy+0x2d/0x60 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24] kernel: __handle_irq_event_percpu+0x36/0x1a0 kernel: handle_irq_event_percpu+0x30/0x70 kernel: handle_irq_event+0x34/0x60 kernel: handle_edge_irq+0x7e/0x1a0 kernel: __common_interrupt+0x3b/0xb0 kernel: common_interrupt+0x58/0xa0 kernel: </IRQ> It has been observed that this may break the rediscovery of fibre channel devices after a temporary fabric failure. This patch fixes it by moving the work queue initialization out of an if block in fnic_probe(). Signed-off-by: Martin Wilck <mwilck(a)suse.com> Fixes: 379a58caa199 ("scsi: fnic: Move fnic_fnic_flush_tx() to a work queue") Cc: stable(a)vger.kernel.org --- drivers/scsi/fnic/fnic_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/scsi/fnic/fnic_main.c b/drivers/scsi/fnic/fnic_main.c index 0044717d4486..adec0df24bc4 100644 --- a/drivers/scsi/fnic/fnic_main.c +++ b/drivers/scsi/fnic/fnic_main.c @@ -830,7 +830,6 @@ static int fnic_probe(struct pci_dev *pdev, const struct pci_device_id *ent) spin_lock_init(&fnic->vlans_lock); INIT_WORK(&fnic->fip_frame_work, fnic_handle_fip_frame); INIT_WORK(&fnic->event_work, fnic_handle_event); - INIT_WORK(&fnic->flush_work, fnic_flush_tx); skb_queue_head_init(&fnic->fip_frame_queue); INIT_LIST_HEAD(&fnic->evlist); INIT_LIST_HEAD(&fnic->vlans); @@ -948,6 +947,7 @@ static int fnic_probe(struct pci_dev *pdev, const struct pci_device_id *ent) INIT_WORK(&fnic->link_work, fnic_handle_link); INIT_WORK(&fnic->frame_work, fnic_handle_frame); + INIT_WORK(&fnic->flush_work, fnic_flush_tx); skb_queue_head_init(&fnic->frame_queue); skb_queue_head_init(&fnic->tx_queue); -- 2.46.1

7 months

3
2
0 0

[PATCH v2] scsi: ufs: Use pre-calculated offsets in ufshcd_init_lrb

by Avri Altman

Replace manual offset calculations for response_upiu and prd_table in ufshcd_init_lrb() with pre-calculated offsets already stored in the utp_transfer_req_desc structure. The pre-calculated offsets are set differently in ufshcd_host_memory_configure() based on the UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk, ensuring correct alignment and access. Fixes: 26f968d7de82 ("scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk") Cc: stable(a)vger.kernel.org Signed-off-by: Avri Altman <avri.altman(a)wdc.com> --- Changes in v2: - add Fixes: and Cc: stable tags - fix kernel test robot warning about type mismatch by using le16_to_cpu --- drivers/ufs/core/ufshcd.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c index 8ea5a82503a9..85251c176ef7 100644 --- a/drivers/ufs/core/ufshcd.c +++ b/drivers/ufs/core/ufshcd.c @@ -2919,9 +2919,8 @@ static void ufshcd_init_lrb(struct ufs_hba *hba, struct ufshcd_lrb *lrb, int i) struct utp_transfer_req_desc *utrdlp = hba->utrdl_base_addr; dma_addr_t cmd_desc_element_addr = hba->ucdl_dma_addr + i * ufshcd_get_ucd_size(hba); - u16 response_offset = offsetof(struct utp_transfer_cmd_desc, - response_upiu); - u16 prdt_offset = offsetof(struct utp_transfer_cmd_desc, prd_table); + u16 response_offset = le16_to_cpu(utrdlp[i].response_upiu_offset); + u16 prdt_offset = le16_to_cpu(utrdlp[i].prd_table_offset); lrb->utr_descriptor_ptr = utrdlp + i; lrb->utrd_dma_addr = hba->utrdl_dma_addr + -- 2.25.1

7 months

4
9
0 0

[PATCH 3/3] Bluetooth: Remove debugfs directory on module init failure

by Aaron Thompson

From: Aaron Thompson <dev(a)aaront.org> If bt_init() fails, the debugfs directory currently is not removed. If the module is loaded again after that, the debugfs directory is not set up properly due to the existing directory. # modprobe bluetooth # ls -laF /sys/kernel/debug/bluetooth total 0 drwxr-xr-x 2 root root 0 Sep 27 14:26 ./ drwx------ 31 root root 0 Sep 27 14:25 ../ -r--r--r-- 1 root root 0 Sep 27 14:26 l2cap -r--r--r-- 1 root root 0 Sep 27 14:26 sco # modprobe -r bluetooth # ls -laF /sys/kernel/debug/bluetooth ls: cannot access '/sys/kernel/debug/bluetooth': No such file or directory # # modprobe bluetooth modprobe: ERROR: could not insert 'bluetooth': Invalid argument # dmesg | tail -n 6 Bluetooth: Core ver 2.22 NET: Registered PF_BLUETOOTH protocol family Bluetooth: HCI device and connection manager initialized Bluetooth: HCI socket layer initialized Bluetooth: Faking l2cap_init() failure for testing NET: Unregistered PF_BLUETOOTH protocol family # ls -laF /sys/kernel/debug/bluetooth total 0 drwxr-xr-x 2 root root 0 Sep 27 14:31 ./ drwx------ 31 root root 0 Sep 27 14:26 ../ # # modprobe bluetooth # dmesg | tail -n 7 Bluetooth: Core ver 2.22 debugfs: Directory 'bluetooth' with parent '/' already present! NET: Registered PF_BLUETOOTH protocol family Bluetooth: HCI device and connection manager initialized Bluetooth: HCI socket layer initialized Bluetooth: L2CAP socket layer initialized Bluetooth: SCO socket layer initialized # ls -laF /sys/kernel/debug/bluetooth total 0 drwxr-xr-x 2 root root 0 Sep 27 14:31 ./ drwx------ 31 root root 0 Sep 27 14:26 ../ # Cc: stable(a)vger.kernel.org Fixes: ffcecac6a738 ("Bluetooth: Create root debugfs directory during module init") Signed-off-by: Aaron Thompson <dev(a)aaront.org> --- net/bluetooth/af_bluetooth.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c index 67604ccec2f4..0d4b171b939a 100644 --- a/net/bluetooth/af_bluetooth.c +++ b/net/bluetooth/af_bluetooth.c @@ -825,6 +825,7 @@ static int __init bt_init(void) bt_sysfs_cleanup(); cleanup_led: bt_leds_cleanup(); + debugfs_remove_recursive(bt_debugfs); return err; } -- 2.39.5

7 months

1
0
0 0

[PATCH 1/3] Bluetooth: ISO: Fix multiple init when debugfs is disabled

by Aaron Thompson

From: Aaron Thompson <dev(a)aaront.org> If bt_debugfs is not created successfully, which happens if either CONFIG_DEBUG_FS or CONFIG_DEBUG_FS_ALLOW_ALL is unset, then iso_init() returns early and does not set iso_inited to true. This means that a subsequent call to iso_init() will result in duplicate calls to proto_register(), bt_sock_register(), etc. With CONFIG_LIST_HARDENED and CONFIG_BUG_ON_DATA_CORRUPTION enabled, the duplicate call to proto_register() triggers this BUG(): list_add double add: new=ffffffffc0b280d0, prev=ffffffffbab56250, next=ffffffffc0b280d0. ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:35! Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI CPU: 2 PID: 887 Comm: bluetoothd Not tainted 6.10.11-1-ao-desktop #1 RIP: 0010:__list_add_valid_or_report+0x9a/0xa0 ... __list_add_valid_or_report+0x9a/0xa0 proto_register+0x2b5/0x340 iso_init+0x23/0x150 [bluetooth] set_iso_socket_func+0x68/0x1b0 [bluetooth] kmem_cache_free+0x308/0x330 hci_sock_sendmsg+0x990/0x9e0 [bluetooth] __sock_sendmsg+0x7b/0x80 sock_write_iter+0x9a/0x110 do_iter_readv_writev+0x11d/0x220 vfs_writev+0x180/0x3e0 do_writev+0xca/0x100 ... This change removes the early return. The check for iso_debugfs being NULL was unnecessary, it is always NULL when iso_inited is false. Cc: stable(a)vger.kernel.org Fixes: ccf74f2390d6 ("Bluetooth: Add BTPROTO_ISO socket type") Signed-off-by: Aaron Thompson <dev(a)aaront.org> --- net/bluetooth/iso.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/net/bluetooth/iso.c b/net/bluetooth/iso.c index d5e00d0dd1a0..c9eefb43bf47 100644 --- a/net/bluetooth/iso.c +++ b/net/bluetooth/iso.c @@ -2301,13 +2301,9 @@ int iso_init(void) hci_register_cb(&iso_cb); - if (IS_ERR_OR_NULL(bt_debugfs)) - return 0; - - if (!iso_debugfs) { + if (!IS_ERR_OR_NULL(bt_debugfs)) iso_debugfs = debugfs_create_file("iso", 0444, bt_debugfs, NULL, &iso_debugfs_fops); - } iso_inited = true; -- 2.39.5

7 months

1
0
0 0

[PATCH 6.1 000/440] 6.1.103-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.1.103 release. There are 440 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Thu, 01 Aug 2024 15:14:54 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.103-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.1.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.1.103-rc1 Seth Forshee (DigitalOcean) <sforshee(a)kernel.org> fs: don't allow non-init s_user_ns for filesystems without FS_USERNS_MOUNT Leon Romanovsky <leon(a)kernel.org> nvme-pci: add missing condition check for existence of mapped data Pavel Begunkov <asml.silence(a)gmail.com> io_uring: fix io_match_task must_hold Artem Chernyshev <artem.chernyshev(a)red-soft.ru> iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en Thomas Richter <tmricht(a)linux.ibm.com> s390/cpum_cf: Fix endless loop in CF_DIAG event stop Gerd Bayer <gbayer(a)linux.ibm.com> s390/pci: Allow allocation of more than 1 MSI interrupt Gerd Bayer <gbayer(a)linux.ibm.com> s390/pci: Refactor arch_setup_msi_irqs() ethanwu <ethanwu(a)synology.com> ceph: fix incorrect kmalloc size of pagevec mempool Pierre-Louis Bossart <pierre-louis.bossart(a)linux.intel.com> ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable Conor Dooley <conor.dooley(a)microchip.com> spi: spidev: add correct compatible for Rohm BH2228FV Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> spi: spidev: order compatibles alphabetically Vincent Tremblay <vincent(a)vtremblay.dev> spidev: Add Silicon Labs EM3581 device compatible Bart Van Assche <bvanassche(a)acm.org> nvme-pci: Fix the instructions for disabling power management Steve Wilkins <steve.wilkins(a)raymarine.com> spi: microchip-core: fix init function not setting the master and motorola modes Yang Yingliang <yangyingliang(a)huawei.com> spi: microchip-core: switch to use modern name Steve Wilkins <steve.wilkins(a)raymarine.com> spi: microchip-core: only disable SPI controller when register value change requires it Naga Sureshkumar Relli <nagasuresh.relli(a)microchip.com> spi: microchip-core: fix the issues in the isr Daniel Baluta <daniel.baluta(a)nxp.com> ASoC: SOF: imx8m: Fix DSP control regmap retrieval Markus Elfring <elfring(a)users.sourceforge.net> auxdisplay: ht16k33: Drop reference after LED registration Al Viro <viro(a)zeniv.linux.org.uk> lirc: rc_dev_get_from_fd(): fix file leak Al Viro <viro(a)zeniv.linux.org.uk> powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() Xiao Liang <shaw.leon(a)gmail.com> apparmor: Fix null pointer deref when receiving skb during sock creation Dan Carpenter <dan.carpenter(a)linaro.org> mISDN: Fix a use after free in hfcmulti_tx() Fred Li <dracodingfly(a)gmail.com> bpf: Fix a segment issue when downgrading gso_size Petr Machata <petrm(a)nvidia.com> net: nexthop: Initialize all fields in dumped nexthops Simon Horman <horms(a)kernel.org> net: stmmac: Correct byte order of perfect_match Shigeru Yoshida <syoshida(a)redhat.com> tipc: Return non-zero value from tipc_udp_addr2str() on error Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo_avx2: disable softinterrupts Johannes Berg <johannes.berg(a)intel.com> net: bonding: correctly annotate RCU in bond_should_notify_peers() Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect source address in Record Route option Gregory CLEMENT <gregory.clement(a)bootlin.com> MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later Liwei Song <liwei.song.lsong(a)gmail.com> tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids Hou Tao <houtao1(a)huawei.com> bpf, events: Use prog to emit ksymbol event for main program Lance Richardson <rlance(a)google.com> dma: fix call order in dmam_free_coherent Michal Luczaj <mhal(a)rbox.co> af_unix: Disable MSG_OOB handling for sockets in sockmap/sockhash Andrii Nakryiko <andrii(a)kernel.org> libbpf: Fix no-args func prototype BTF dumping syntax Masahiro Yamada <masahiroy(a)kernel.org> kbuild: avoid build error when single DTB is turned into composite DTB Chao Yu <chao(a)kernel.org> f2fs: fix to update user block counts in block_operations() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> watchdog: rzg2l_wdt: Check return status of pm_runtime_put() Claudiu Beznea <claudiu.beznea.uj(a)bp.renesas.com> watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() Sheng Yong <shengyong(a)oppo.com> f2fs: fix start segno of large section Johannes Berg <johannes.berg(a)intel.com> um: time-travel: fix signal blocking race/hang Johannes Berg <johannes.berg(a)intel.com> um: time-travel: fix time-travel-start option Ma Ke <make24(a)iscas.ac.cn> phy: cadence-torrent: Check return value on register read Vignesh Raghavendra <vigneshr(a)ti.com> dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels Jeongjun Park <aha310510(a)gmail.com> jfs: Fix array-index-out-of-bounds in diFree Douglas Anderson <dianders(a)chromium.org> kdb: Use the passed prompt in kdb_position_cursor() Arnd Bergmann <arnd(a)arndb.de> kdb: address -Wformat-security warnings Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: check basic rates validity Johannes Berg <johannes.berg(a)intel.com> wifi: mac80211: track capability/opmode NSS separately Rameshkumar Sundaram <quic_ramess(a)quicinc.com> wifi: mac80211: Allow NSS change only up to capability Pavel Begunkov <asml.silence(a)gmail.com> io_uring/io-wq: limit retrying worker initialisation Lukas Wunner <lukas(a)wunner.de> PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Ira Weiny <ira.weiny(a)intel.com> PCI: Introduce cleanup helpers for device reference counts and locks Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: handle inconsistent state in nilfs_btnode_create_block() WangYuli <wangyuli(a)uniontech.com> Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 Hilda Wu <hildawu(a)realtek.com> Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables Jiri Olsa <jolsa(a)kernel.org> bpf: Synchronize dispatcher update with bpf_dispatcher_xdp_func Ilya Dryomov <idryomov(a)gmail.com> rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings Ilya Dryomov <idryomov(a)gmail.com> rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait Dragan Simic <dsimic(a)manjaro.org> drm/panfrost: Mark simple_ondemand governor as softdep Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: don't block scheduler when GPU is still active Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: Test register availability before use Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: reset: Prioritise firmware service Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: Remove memory node for builtin-dtb Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: Loongson64: env: Hook up Loongsson-2K Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: dts: loongson: Fix GMAC phy node Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: ip30: ip30-console: Add missing include Jiaxun Yang <jiaxun.yang(a)flygoat.com> MIPS: dts: loongson: Add ISA node Aleksandr Mishin <amishin(a)t-argos.ru> remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init Aleksandr Mishin <amishin(a)t-argos.ru> remoteproc: imx_rproc: Skip over memory region when node value is NULL Gwenael Treuveur <gwenael.treuveur(a)foss.st.com> remoteproc: stm32_rproc: Fix mailbox interrupts queuing Ilya Dryomov <idryomov(a)gmail.com> rbd: don't assume rbd_is_lock_owner() for exclusive mappings Eric Biggers <ebiggers(a)kernel.org> dm-verity: fix dm_is_verity_target() when dm-verity is builtin Michael Ellerman <mpe(a)ellerman.id.au> selftests/sigaltstack: Fix ppc64 GCC build Bart Van Assche <bvanassche(a)acm.org> RDMA/iwcm: Fix a use-after-free related to destroying CM IDs Jiaxun Yang <jiaxun.yang(a)flygoat.com> platform: mips: cpu_hwmon: Disable driver on unsupported hardware Thomas Gleixner <tglx(a)linutronix.de> watchdog/perf: properly initialize the turbo mode timestamp and rearm counter Joy Chakraborty <joychakr(a)google.com> rtc: isl1208: Fix return value of nvmem callbacks Imre Deak <imre.deak(a)intel.com> drm/i915/dp: Reset intel_dp->link_trained before retraining the link Wayne Lin <Wayne.Lin(a)amd.com> drm/dp_mst: Fix all mstb marked as not probed after suspend/resume Alex Deucher <alexander.deucher(a)amd.com> drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell Nitin Gote <nitin.r.gote(a)intel.com> drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix a topa_entry base address calculation Marco Cavenati <cavenati.marco(a)gmail.com> perf/x86/intel/pt: Fix topa_entry base length Kan Liang <kan.liang(a)linux.intel.com> perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR Frederic Weisbecker <frederic(a)kernel.org> perf: Fix event leak upon exec and file release Frederic Weisbecker <frederic(a)kernel.org> perf: Fix event leak upon exit Nilesh Javali <njavali(a)marvell.com> scsi: qla2xxx: validate nvme_local_port correctly Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Complete command early within lock Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Fix flash read failure Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Use QP lock to search for bsg Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Fix for possible memory corruption Quinn Tran <qutran(a)marvell.com> scsi: qla2xxx: Unable to act on RSCN for port online Manish Rangankar <mrangankar(a)marvell.com> scsi: qla2xxx: During vport delete send async logout explicitly Joy Chakraborty <joychakr(a)google.com> rtc: cmos: Fix return value of nvmem callbacks Tvrtko Ursulin <tvrtko.ursulin(a)igalia.com> mm/numa_balancing: teach mpol_to_str about the balancing mode Shenwei Wang <shenwei.wang(a)nxp.com> irqchip/imx-irqsteer: Handle runtime power management correctly Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Fix memory leakage caused by driver API devm_free_percpu() Zijun Hu <quic_zijuhu(a)quicinc.com> devres: Fix devm_krealloc() wasting memory Ahmed Zaki <ahmed.zaki(a)intel.com> ice: Add a per-VF limit on number of FDIR filters Bailey Forrest <bcf(a)google.com> gve: Fix an edge case for TSO skb validity check Zijun Hu <quic_zijuhu(a)quicinc.com> kobject_uevent: Fix OOB access within zap_modalias_env() Takashi Iwai <tiwai(a)suse.de> ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 Nathan Chancellor <nathan(a)kernel.org> kbuild: Fix '-S -c' in x86 stack protector scripts Ross Lagerwall <ross.lagerwall(a)citrix.com> decompress_bunzip2: fix rare decompression failure Fedor Pchelkin <pchelkin(a)ispras.ru> ubi: eba: properly rollback inside self_check_eba Bastien Curutchet <bastien.curutchet(a)bootlin.com> clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use Chao Yu <chao(a)kernel.org> f2fs: fix return value of f2fs_convert_inline_inode() Chao Yu <chao(a)kernel.org> f2fs: fix to don't dirty inode for readonly filesystem Chao Yu <chao(a)kernel.org> f2fs: fix to force buffered IO on inline_data inode Saurav Kashyap <skashyap(a)marvell.com> scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds Huacai Chen <chenhuacai(a)kernel.org> fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed tuhaowen <tuhaowen(a)uniontech.com> dev/parport: fix the array out-of-bounds risk Carlos Llamas <cmllamas(a)google.com> binder: fix hang of unregistered readers Huacai Chen <chenhuacai(a)kernel.org> PCI: loongson: Enable MSI in LS7A Root Complex Manivannan Sadhasivam <mani(a)kernel.org> PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio Niklas Cassel <cassel(a)kernel.org> PCI: dw-rockchip: Fix initial PERST# GPIO value Wei Liu <wei.liu(a)kernel.org> PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN John David Anglin <dave(a)mx3210.local> parisc: Fix warning at drivers/pci/msi/msi.h:121 Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> hwrng: amd - Convert PCIBIOS_* return codes to errnos Alan Stern <stern(a)rowland.harvard.edu> tools/memory-model: Fix bug in lock.cat wangdicheng <wangdicheng(a)kylinos.cn> ALSA: usb-audio: Add a quirk for Sonix HD USB Camera Takashi Iwai <tiwai(a)suse.de> ALSA: usb-audio: Move HD Webcam quirk to the right place wangdicheng <wangdicheng(a)kylinos.cn> ALSA: usb-audio: Fix microphone sound on HD webcam. Sean Christopherson <seanjc(a)google.com> KVM: nVMX: Request immediate exit iff pending nested event needs injection Sean Christopherson <seanjc(a)google.com> KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() Ricardo Ribalda <ribalda(a)chromium.org> media: uvcvideo: Fix integer overflow calculating timestamp Jan Kara <jack(a)suse.cz> jbd2: make jbd2_journal_get_max_txn_bufs() internal Javier Carrasco <javier.carrasco.cruz(a)gmail.com> leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> leds: ss4200: Convert PCIBIOS_* return codes to errnos Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> drivers: soc: xilinx: check return status of get_api_version() Rafael Beims <rafael.beims(a)toradex.com> wifi: mwifiex: Fix interface type change Mickaël Salaün <mic(a)digikod.net> selftests/landlock: Add cred_transfer test levi.yun <yeoreum.yun(a)arm.com> trace/pid_list: Change gfp flags in pid_list_fill_irq() Pavel Begunkov <asml.silence(a)gmail.com> io_uring: tighten task exit cancellations Baokun Li <libaokun1(a)huawei.com> ext4: make sure the first directory block is not a hole Baokun Li <libaokun1(a)huawei.com> ext4: check dot and dotdot of dx_root before making dir indexed Paolo Pisati <p.pisati(a)gmail.com> m68k: amiga: Turn off Warp1260 interrupts during boot Jan Kara <jack(a)suse.cz> udf: Avoid using corrupted block bitmap buffer Frederic Weisbecker <frederic(a)kernel.org> task_work: Introduce task_work_cancel() again Frederic Weisbecker <frederic(a)kernel.org> task_work: s/task_work_cancel()/task_work_cancel_func()/ Steve French <stfrench(a)microsoft.com> cifs: mount with "unix" mount option for SMB1 incorrectly handled Steve French <stfrench(a)microsoft.com> cifs: fix reconnect with SMB1 UNIX Extensions Steve French <stfrench(a)microsoft.com> cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path Fedor Pchelkin <pchelkin(a)ispras.ru> apparmor: use kvfree_sensitive to free data->data Pierre Gondois <pierre.gondois(a)arm.com> sched/fair: Use all little CPUs for CPU-bound workloads Sung Joon Kim <sungjoon.kim(a)amd.com> drm/amd/display: Check for NULL pointer Shreyas Deodhar <sdeodhar(a)marvell.com> scsi: qla2xxx: Fix optrom version displayed in FDMI Ma Ke <make24(a)iscas.ac.cn> drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes Ma Ke <make24(a)iscas.ac.cn> drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes Jan Kara <jack(a)suse.cz> ext2: Verify bitmap and itable block numbers before using them Chao Yu <chao(a)kernel.org> hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() Igor Pylypiv <ipylypiv(a)google.com> ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: venus: fix use after free in vdec_close Joe Hattori <joe(a)pf.is.s.u-tokyo.ac.jp> char: tpm: Fix possible memory leak in tpm_bios_measurements_open() Eric Sandeen <sandeen(a)redhat.com> fuse: verify {g,u}id mount options correctly Tejun Heo <tj(a)kernel.org> sched/fair: set_load_weight() must also call reweight_task() for SCHED_IDLE tasks Nicolas Dichtel <nicolas.dichtel(a)6wind.com> ipv6: take care of scope when choosing the src addr Nicolas Dichtel <nicolas.dichtel(a)6wind.com> ipv4: fix source address selection with route leak Pavel Begunkov <asml.silence(a)gmail.com> kernel: rerun task_work while freezing in get_signal() Chengen Du <chengen.du(a)canonical.com> af_packet: Handle outgoing VLAN packets without hardware offloading Breno Leitao <leitao(a)debian.org> net: netconsole: Disable target before netpoll cleanup Yu Liao <liaoyu15(a)huawei.com> tick/broadcast: Make takeover of broadcast hrtimer reliable Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> dt-bindings: thermal: correct thermal zone node name limit Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Revert to heap allocated boot_params for PE entrypoint Ard Biesheuvel <ardb(a)kernel.org> x86/efistub: Avoid returning EFI_SUCCESS on error Tetsuo Handa <penguin-kernel(a)I-love.SAKURA.ne.jp> mm: mmap_lock: replace get_memcg_path_buf() with on-stack buffer Yu Zhao <yuzhao(a)google.com> mm/mglru: fix div-by-zero in vmpressure_calc_level() Miaohe Lin <linmiaohe(a)huawei.com> mm/hugetlb: fix possible recursive locking detected warning Jann Horn <jannh(a)google.com> landlock: Don't lose track of restrictions on cred_transfer Yang Yang <yang.yang(a)vivo.com> sbitmap: fix io hung due to race on sbitmap_word::cleared linke li <lilinke99(a)qq.com> sbitmap: use READ_ONCE to access map->word Kemeng Shi <shikemeng(a)huaweicloud.com> sbitmap: rewrite sbitmap_find_bit_in_index to reduce repeat code Kemeng Shi <shikemeng(a)huaweicloud.com> sbitmap: remove unnecessary calculation of alloc_hint in __sbitmap_get_shallow Carlos López <clopez(a)suse.de> s390/dasd: fix error checks in dasd_copy_pair_store() Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Keep runs for $MFT::$ATTR_DATA and $MFT::$ATTR_BITMAP Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Missed error return Csókás, Bence <csokas.bence(a)prolan.hu> rtc: interface: Add RTC offset to alarm after fix-up Ryusuke Konishi <konishi.ryusuke(a)gmail.com> nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro David Hildenbrand <david(a)redhat.com> fs/proc/task_mmu: indicate PM_FILE for PMD-mapped file THP Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix TPU suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix TCLK suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: FIX PWM suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix IRQ suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes Geert Uytterhoeven <geert+renesas(a)glider.be> pinctrl: renesas: r8a779g0: Fix CANFD5 suffix Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix field-spanning write in INDEX_HDR Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Replace inode_trylock with inode_lock Peng Fan <peng.fan(a)nxp.com> pinctrl: freescale: mxs: Fix refcount of child Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pinctrl: ti: ti-iodelay: Drop if block with always false condition Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: single: fix possible memory leak when pinctrl_enable() fails Yang Yingliang <yangyingliang(a)huawei.com> pinctrl: core: fix possible memory leak when pinctrl_enable() fails Dmitry Yashin <dmt.yashin(a)gmail.com> pinctrl: rockchip: update rk3308 iomux routes Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Add missing .dirty_folio in address_space_operations Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix getting file type Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Missed NI_FLAG_UPDATE_PARENT setting Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Fix transform resident to nonresident for compressed files Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Merge synonym COMPRESSION_UNIT and NTFS_LZNT_CUNIT Konstantin Komarov <almaz.alexandrovich(a)paragon-software.com> fs/ntfs3: Use ALIGN kernel macro Martin Willi <martin(a)strongswan.org> net: dsa: b53: Limit chip-wide jumbo frame config to CPU ports Martin Willi <martin(a)strongswan.org> net: dsa: mv88e6xxx: Limit chip-wide frame size config to CPU ports Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect TOS in fibmatch route get reply Ido Schimmel <idosch(a)nvidia.com> ipv4: Fix incorrect TOS in route get reply Pablo Neira Ayuso <pablo(a)netfilter.org> net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE Florian Westphal <fw(a)strlen.de> netfilter: nf_set_pipapo: fix initial map fill Florian Westphal <fw(a)strlen.de> netfilter: nft_set_pipapo: constify lookup fn args where possible Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: ctnetlink: use helper function to calculate expect ID Jack Wang <jinpu.wang(a)ionos.com> bnxt_re: Fix imm_data endianness Jon Pan-Doh <pandoh(a)google.com> iommu/vt-d: Fix identity map bounds in si_domain_init() Yanfei Xu <yanfei.xu(a)intel.com> iommu/vt-d: Fix to convert mm pfn to dma pfn Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix insufficient extend DB for VFs. Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix undifined behavior caused by invalid max_sge Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 Chengchang Tang <tangchengchang(a)huawei.com> RDMA/hns: Fix missing pagesize and alignment check in FRMR Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Fix unmatch exception handling when init eq table fails Junxian Huang <huangjunxian6(a)hisilicon.com> RDMA/hns: Check atomic wr length Nick Bowler <nbowler(a)draconx.ca> macintosh/therm_windtunnel: fix module unload. Michael Ellerman <mpe(a)ellerman.id.au> powerpc/xmon: Fix disassembly CPU feature checks Frank Li <Frank.Li(a)nxp.com> PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot Manivannan Sadhasivam <mani(a)kernel.org> PCI: qcom-ep: Disable resources unconditionally during PERST# assert Dominique Martinet <dominique.martinet(a)atmark-techno.com> MIPS: Octeron: remove source file executable bit Lorenzo Bianconi <lorenzo(a)kernel.org> clk: en7523: fix rate divider for slic and spi clocks Stephen Boyd <swboyd(a)chromium.org> clk: qcom: Park shared RCGs upon registration Nivas Varadharajan Mugunthakumar <nivasx.varadharajan.mugunthakumar(a)intel.com> crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() Denis Arefev <arefev(a)swemel.ru> net: missing check virtio Michael S. Tsirkin <mst(a)redhat.com> vhost/vsock: always initialize seqpacket_allow Dan Carpenter <dan.carpenter(a)linaro.org> PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() Dan Carpenter <dan.carpenter(a)linaro.org> PCI: endpoint: Clean up error handling in vpci_scan_bus() Aleksandr Mishin <amishin(a)t-argos.ru> ASoC: amd: Adjust error handling in case of absent codec device Dmitry Torokhov <dmitry.torokhov(a)gmail.com> Input: elan_i2c - do not leave interrupt disabled on suspend failure Leon Romanovsky <leon(a)kernel.org> RDMA/device: Return error earlier if port in not valid Arnd Bergmann <arnd(a)arndb.de> mtd: make mtd_test.c a separate module Chen Ni <nichen(a)iscas.ac.cn> ASoC: max98088: Check for clk_prepare_enable() error Nathan Lynch <nathanl(a)linux.ibm.com> powerpc/prom: Add CPU info to hardware description string later Aleksandr Mishin <amishin(a)t-argos.ru> ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() Honggang LI <honggangli(a)163.com> RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs Or Har-Toov <ohartoov(a)nvidia.com> RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Fix truncated output warning in alias_GUID.c Leon Romanovsky <leon(a)kernel.org> RDMA/mlx4: Fix truncated output warning in mad.c Andrei Lalaev <andrei.lalaev(a)anton-paar.com> Input: qt1050 - handle CHIP_ID reading error Konrad Dybcio <konrad.dybcio(a)linaro.org> interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable Leon Romanovsky <leon(a)kernel.org> RDMA/cache: Release GID table even if leak is detected Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/kexec_file: fix cpus node update to FDT Sourabh Jain <sourabhjain(a)linux.ibm.com> powerpc/kexec: make the update_cpus_node() function public Russell Currey <ruscur(a)russell.cc> powerpc/pseries: Add helper to get PLPKS password length Nayna Jain <nayna(a)linux.ibm.com> powerpc/pseries: Expose PLPKS config values, support additional fields Russell Currey <ruscur(a)russell.cc> powerpc/pseries: Move plpks.h to include directory Andrew Donnellan <ajd(a)linux.ibm.com> powerpc/pseries: Fix alignment of PLPKS structures and buffers Chiara Meiohas <cmeiohas(a)nvidia.com> RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE James Clark <james.clark(a)arm.com> coresight: Fix ref leak when of_coresight_parse_endpoint() fails Antoniu Miclaus <antoniu.miclaus(a)analog.com> iio: frequency: adrf6780: rm clk provider include Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs Taniya Das <quic_tdas(a)quicinc.com> clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock Konrad Dybcio <konrad.dybcio(a)linaro.org> clk: qcom: branch: Add helper functions for setting retain bits Marek Vasut <marek.vasut+renesas(a)mailbox.org> PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Aleksandr Mishin <amishin(a)t-argos.ru> PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Don't enable BAR 0 for AM654x Siddharth Vadapalli <s-vadapalli(a)ti.com> PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> PCI: Fix resource double counting on remove & rescan Benjamin Coddington <bcodding(a)redhat.com> SUNRPC: Fixup gss_status tracepoint error output Andreas Larsson <andreas(a)gaisler.com> sparc64: Fix incorrect function signature and add prototype for prom_cif_init Jan Kara <jack(a)suse.cz> ext4: avoid writing unitialized memory to disk in EA inodes Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: don't track ranges in fast_commit if inode has inlined data Olga Kornievskaia <kolga(a)netapp.com> NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server NeilBrown <neilb(a)suse.de> SUNRPC: avoid soft lockup when transmitting UDP to reachable server. Chuck Lever <chuck.lever(a)oracle.com> xprtrdma: Fix rpcrdma_reqs_reset() Javier Carrasco <javier.carrasco.cruz(a)gmail.com> mfd: omap-usb-tll: Use struct_size to allocate tll Arnd Bergmann <arnd(a)arndb.de> mfd: rsmu: Split core code into separate module Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix exclude_guest setting Adrian Hunter <adrian.hunter(a)intel.com> perf intel-pt: Fix aux_watermark calculation for 64-bit size Dikshita Agarwal <quic_dikshita(a)quicinc.com> media: venus: flush all buffers in output plane streamoff Luis Henriques (SUSE) <luis.henriques(a)linux.dev> ext4: fix infinite loop when replaying fast_commit Luca Ceresoli <luca.ceresoli(a)bootlin.com> Revert "leds: led-core: Fix refcount leak in of_led_get()" Chen Ni <nichen(a)iscas.ac.cn> drm/qxl: Add check for drm_cvt_mode Lucas Stach <l.stach(a)pengutronix.de> drm/etnaviv: fix DMA direction handling for cached RW buffers Namhyung Kim <namhyung(a)kernel.org> perf report: Fix condition in sort__sym_cmp() James Clark <james.clark(a)arm.com> perf test: Make test_arm_callgraph_fp.sh more robust James Clark <james.clark(a)arm.com> perf tests: Fix test_arm_callgraph_fp variable expansion Spoorthy S <spoorts2(a)in.ibm.com> perf tests arm_callgraph_fp: Address shellcheck warnings about signal names and adding double quotes for expression Namhyung Kim <namhyung(a)kernel.org> perf test: Replace arm callgraph fp test workload with leafloop Abhinav Kumar <quic_abhinavk(a)quicinc.com> drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op Jonathan Marek <jonathan(a)marek.ca> drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC Hans de Goede <hdegoede(a)redhat.com> leds: trigger: Unregister sysfs attributes before calling deactivate() Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Add OVL compatible name for MT8195 Hsiao Chien Sung <shawn.sung(a)mediatek.com> drm/mediatek: Add missing plane settings when async update Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: renesas: vsp1: Store RPF partition configuration per RPF instance Laurent Pinchart <laurent.pinchart+renesas(a)ideasonboard.com> media: renesas: vsp1: Fix _irqsave and _irq mix Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: rcar-csi2: Cleanup subdevice in remove() Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: rcar-csi2: Disable runtime_pm in probe error Jacopo Mondi <jacopo.mondi(a)ideasonboard.com> media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 Daniel Schaefer <dhs(a)frame.work> media: uvcvideo: Override default flags Aleksandr Burakov <a.burakov(a)rosalinux.ru> saa7134: Unchecked i2c_transfer function result fixed David Hildenbrand <david(a)redhat.com> s390/uv: Don't call folio_wait_writeback() without a folio reference Matthew Wilcox (Oracle) <willy(a)infradead.org> s390/mm: Convert gmap_make_secure to use a folio Matthew Wilcox (Oracle) <willy(a)infradead.org> s390/mm: Convert make_page_secure to use a folio ChiYuan Huang <cy_huang(a)richtek.com> media: v4l: async: Fix NULL pointer dereference in adding ancillary links Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> media: i2c: Fix imx412 exposure control Ricardo Ribalda <ribalda(a)chromium.org> media: imon: Fix race getting ictx->lock Zheng Yejian <zhengyejian1(a)huawei.com> media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() Mikhail Kobuk <m.kobuk(a)ispras.ru> media: pci: ivtv: Add check for DMA map result Douglas Anderson <dianders(a)chromium.org> drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() Douglas Anderson <dianders(a)chromium.org> drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators Tim Van Patten <timvp(a)google.com> drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 Friedrich Vock <friedrich.vock(a)gmx.de> drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit Lijo Lazar <lijo.lazar(a)amd.com> drm/amd/pm: Fix aldebaran pcie speed reporting Douglas Anderson <dianders(a)chromium.org> drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() Javier Martinez Canillas <javierm(a)redhat.com> drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format Andy Yan <andy.yan(a)rock-chips.com> drm/rockchip: vop2: Fix the port mux of VP2 Elliot Ayrey <elliot.ayrey(a)alliedtelesis.co.nz> net: bridge: mst: Check vlan state for egress decision Taehee Yoo <ap420073(a)gmail.com> xdp: fix invalid wait context of page_pool_destroy() Amit Cohen <amcohen(a)nvidia.com> selftests: forwarding: devlink_lib: Wait for udev events after reloading Tengda Wu <wutengda(a)huaweicloud.com> bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT Alan Maguire <alan.maguire(a)oracle.com> bpf: Eliminate remaining "make W=1" warnings in kernel/bpf/btf.o Alexey Kodanev <aleksei.kodanev(a)bell-sw.com> bna: adjust 'name' buf size of bna_tcb and bna_ccb structures Alan Maguire <alan.maguire(a)oracle.com> bpf: annotate BTF show functions with __printf Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Close obj in error path in xdp_adjust_tail Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Close fd in error path in drop_on_reuseport John Stultz <jstultz(a)google.com> locking/rwsem: Add __always_inline annotation to __down_write_common() and inlined callers Johannes Berg <johannes.berg(a)intel.com> wifi: virt_wifi: don't use strlen() in const context Gaosheng Cui <cuigaosheng1(a)huawei.com> gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey En-Wei Wu <en-wei.wu(a)canonical.com> wifi: virt_wifi: avoid reporting connection success with wrong SSID Aleksandr Mishin <amishin(a)t-argos.ru> wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() Zhang Rui <rui.zhang(a)intel.com> perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake Adrian Hunter <adrian.hunter(a)intel.com> perf: Fix default aux_watermark calculation Adrian Hunter <adrian.hunter(a)intel.com> perf: Prevent passing zero nr_pages to rb_alloc_aux() Adrian Hunter <adrian.hunter(a)intel.com> perf: Fix perf_aux_size() for greater-than 32-bit size Adrian Hunter <adrian.hunter(a)intel.com> perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation Tao Chen <chen.dylane(a)gmail.com> bpftool: Mount bpffs when pinmaps path not under the bpffs Pablo Neira Ayuso <pablo(a)netfilter.org> netfilter: nf_tables: rise cap on SELinux secmark context Ismael Luceno <iluceno(a)suse.de> ipvs: Avoid unnecessary calls to skb_is_gso_sctp Donglin Peng <dolinux.peng(a)gmail.com> libbpf: Checking the btf_type kind when fixing variable offsets Csókás, Bence <csokas.bence(a)prolan.hu> net: fec: Fix FEC_ECR_EN1588 being cleared on link-down Csókás Bence <csokas.bence(a)prolan.hu> net: fec: Refactor: #define magic constants Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() Baochen Qiang <quic_bqiang(a)quicinc.com> wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers Thomas Gleixner <tglx(a)linutronix.de> jump_label: Fix concurrency issues in static_key_slow_dec() Dmitry Safonov <0x7f454c46(a)gmail.com> jump_label: Prevent key->enabled int overflow Uros Bizjak <ubizjak(a)gmail.com> jump_label: Use atomic_try_cmpxchg() in static_key_slow_inc_cpuslocked() Thomas Gleixner <tglx(a)linutronix.de> perf/x86: Serialize set_attr_rdpmc() Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl: Fix ACL scale regression and firmware errors Ido Schimmel <idosch(a)nvidia.com> mlxsw: spectrum_acl_erp: Fix object nesting warning Ido Schimmel <idosch(a)nvidia.com> lib: objagg: Fix general protection fault Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Check length of recv in test_sockmap Guangguan Wang <guangguan.wang(a)linux.alibaba.com> net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined Eric Dumazet <edumazet(a)google.com> tcp: fix races in tcp_v[46]_err() Eric Dumazet <edumazet(a)google.com> tcp: fix race in tcp_write_err() Eric Dumazet <edumazet(a)google.com> tcp: add tcp_done_with_error() helper Eric Dumazet <edumazet(a)google.com> tcp: annotate lockless access to sk->sk_err Eric Dumazet <edumazet(a)google.com> tcp: annotate lockless accesses to sk->sk_err_soft Hagar Hemdan <hagarhem(a)amazon.com> net: esp: cleanup esp_output_tail_tcp() in case of unsupported ESPINTCP Geliang Tang <tanggeliang(a)kylinos.cn> selftests/bpf: Fix prog numbers in test_sockmap Ivan Babrou <ivan(a)cloudflare.com> bpftool: Un-const bpf_func_info to fix it for llvm 17 and newer Samasth Norway Ananda <samasth.norway.ananda(a)oracle.com> wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Initialize completion before mailbox Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() Marek Behún <kabel(a)kernel.org> firmware: turris-mox-rwtm: Do not complete if there are no waiters Christophe Leroy <christophe.leroy(a)csgroup.eu> vmlinux.lds.h: catch .bss..L* sections into BSS") Dmitry Torokhov <dmitry.torokhov(a)gmail.com> ARM: spitz: fix GPIO assignment for backlight Thorsten Blum <thorsten.blum(a)toblux.com> m68k: cmpxchg: Fix return value for default case in __arch_xchg() Luca Weiss <luca.weiss(a)fairphone.com> arm64: dts: qcom: sm6350: Add missing qcom,non-secure-domain property Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu Chen Ni <nichen(a)iscas.ac.cn> x86/xen: Convert comma to semicolon Eero Tamminen <oak(a)helsinkinet.fi> m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r9a07g054: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r9a07g044: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r9a07g043u: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779g0: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779f0: Add missing hypervisor virtual timer IRQ Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779a0: Add missing hypervisor virtual timer IRQ Lad Prabhakar <prabhakar.mahadev-lad.rj(a)bp.renesas.com> arm64: dts: renesas: Drop specifying the GIC_CPU_MASK_SIMPLE() for GICv3 systems Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779g0: Add secondary CA76 CPU cores Geert Uytterhoeven <geert+renesas(a)glider.be> arm64: dts: renesas: r8a779g0: Add L3 cache controller Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Fix mic-in-differential usage on rk3568-evb1-v10 Cristian Ciocaltea <cristian.ciocaltea(a)collabora.com> arm64: dts: rockchip: Drop invalid mic-in-differential on rk3568-rock-3a Jerome Brunet <jbrunet(a)baylibre.com> arm64: dts: amlogic: gx: correct hdmi clocks Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui-jacuzzi: Add ports node for anx7625 Rafał Miłecki <rafal(a)milecki.pl> arm64: dts: mediatek: mt7622: fix "emmc" pinctrl mux Chen-Yu Tsai <wenst(a)chromium.org> arm64: dts: mediatek: mt8183-kukui: Drop bogus output-enable property Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix PCIe reset polarity Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix SPI0 chip selects Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix board reset Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix PHY reset Michael Walle <mwalle(a)kernel.org> ARM: dts: imx6qdl-kontron-samx6i: fix phy-mode Jerome Brunet <jbrunet(a)baylibre.com> arm64: dts: amlogic: sm1: fix spdif compatibles Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Increase VOP clk rate on RK3328 Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pdr: fix parsing of domains lists Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> soc: qcom: pdr: protect locator_addr with the main mutex Esben Haabendal <esben(a)geanix.com> memory: fsl_ifc: Make FSL_IFC config visible and selectable Primoz Fiser <primoz.fiser(a)norik.com> OPP: ti: Fix ti_opp_supply_probe wrong return values Primoz Fiser <primoz.fiser(a)norik.com> cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() Jay Buddhabhatti <jay.buddhabhatti(a)amd.com> soc: xilinx: rename cpu_number1 to dummy_cpu_number Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8996: specify UFS core_clk frequencies Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Update WIFi/BT related nodes on rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Add mdio and ethernet-phy nodes to rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s Jonas Karlman <jonas(a)kwiboo.se> arm64: dts: rockchip: Add sdmmc related properties on rk3308-rock-pi-s Stephen Boyd <swboyd(a)chromium.org> soc: qcom: rpmh-rsc: Ensure irqs aren't disabled by rpmh_rsc_send_data() callers Marc Gonzalez <mgonzalez(a)freebox.fr> arm64: dts: qcom: msm8998: enable adreno_smmu by default Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: msm8996-xiaomi-common: drop excton from the USB PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8450: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8250: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm8250: switch UFS QMP PHY to new style of bindings Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sm6350: add power-domain to UFS PHY Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> arm64: dts: qcom: sdm845: add power-domain to UFS PHY Guenter Roeck <linux(a)roeck-us.net> hwmon: (max6697) Fix swapped temp{1,8} critical alarms Guenter Roeck <linux(a)roeck-us.net> hwmon: (max6697) Fix underflow when writing limit attributes Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: atmel-tcb: Fix race condition and convert to guards Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: atmel-tcb: Don't track polarity in driver data Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: atmel-tcb: Unroll atmel_tcb_pwm_set_polarity() into only caller Uwe Kleine-König <u.kleine-koenig(a)pengutronix.de> pwm: atmel-tcb: Put per-channel data into driver data Yao Zi <ziyao(a)disroot.org> drm/meson: fix canvas release in bind function Gaosheng Cui <cuigaosheng1(a)huawei.com> nvmet-auth: fix nvmet_auth hash error handling Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> pwm: stm32: Always do lazy disabling Bart Van Assche <bvanassche(a)acm.org> block/mq-deadline: Fix the tag reservation code Wayne Tung <chineweff(a)gmail.com> hwmon: (adt7475) Fix default duty on fan is disabled Chen Ridong <chenridong(a)huawei.com> cgroup/cpuset: Prevent UAF in proc_cpuset_show() Kees Cook <keescook(a)chromium.org> kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() Randy Dunlap <rdunlap(a)infradead.org> kernfs: fix all kernel-doc warnings and multiple typos Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/pci/xen: Fix PCIBIOS_* return code handling Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling Ilpo Järvinen <ilpo.jarvinen(a)linux.intel.com> x86/of: Return consistent error type from x86_of_pci_irq_enable() Chao Yu <chao(a)kernel.org> hfsplus: fix to avoid false alarm of circular locking Christoph Hellwig <hch(a)lst.de> block: initialize integrity buffer to zero before writing it to media Jinyoung Choi <j-young.choi(a)samsung.com> block: cleanup bio_integrity_prep Nitesh Shetty <nj.shetty(a)samsung.com> block: refactor to use helper Christoph Hellwig <hch(a)lst.de> ubd: untagle discard vs write zeroes not support handling Christoph Hellwig <hch(a)lst.de> ubd: refactor the interrupt handler Tzung-Bi Shih <tzungbi(a)kernel.org> platform/chrome: cros_ec_debugfs: fix wrong EC message version Li Nan <linan122(a)huawei.com> md: fix deadlock between mddev_suspend and flush bio Frederic Weisbecker <frederic(a)kernel.org> rcu/tasks: Fix stale task snaphot for Tasks Trace Arnd Bergmann <arnd(a)arndb.de> EDAC, i10nm: make skx_common.o a separate module Chen Ni <nichen(a)iscas.ac.cn> spi: atmel-quadspi: Add missing check for clk_prepare Prajna Rajendra Kumar <prajna.rajendrakumar(a)microchip.com> spi: spi-microchip-core: Fix the number of chip selects supported ------------- Diffstat: .../devicetree/bindings/thermal/thermal-zones.yaml | 5 +- Makefile | 4 +- arch/arm/boot/dts/imx6q-kontron-samx6i.dtsi | 23 - arch/arm/boot/dts/imx6qdl-kontron-samx6i.dtsi | 14 +- arch/arm/mach-pxa/spitz.c | 30 +- arch/arm64/boot/dts/amlogic/meson-gxbb.dtsi | 4 +- arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 4 +- arch/arm64/boot/dts/amlogic/meson-sm1.dtsi | 4 +- .../boot/dts/mediatek/mt7622-bananapi-bpi-r64.dts | 4 +- arch/arm64/boot/dts/mediatek/mt7622-rfb1.dts | 4 +- .../boot/dts/mediatek/mt8183-kukui-jacuzzi.dtsi | 25 +- arch/arm64/boot/dts/mediatek/mt8183-kukui.dtsi | 2 - .../arm64/boot/dts/qcom/msm8996-xiaomi-common.dtsi | 1 - arch/arm64/boot/dts/qcom/msm8996.dtsi | 2 +- arch/arm64/boot/dts/qcom/msm8998.dtsi | 1 - arch/arm64/boot/dts/qcom/sdm845.dtsi | 2 + arch/arm64/boot/dts/qcom/sm6350.dtsi | 4 + arch/arm64/boot/dts/qcom/sm8250.dtsi | 22 +- arch/arm64/boot/dts/qcom/sm8450.dtsi | 2 + arch/arm64/boot/dts/renesas/r8a779a0.dtsi | 14 +- arch/arm64/boot/dts/renesas/r8a779f0.dtsi | 14 +- arch/arm64/boot/dts/renesas/r8a779g0.dtsi | 82 ++- arch/arm64/boot/dts/renesas/r9a07g043u.dtsi | 11 +- arch/arm64/boot/dts/renesas/r9a07g044.dtsi | 11 +- arch/arm64/boot/dts/renesas/r9a07g044c1.dtsi | 7 - arch/arm64/boot/dts/renesas/r9a07g044l1.dtsi | 7 - arch/arm64/boot/dts/renesas/r9a07g054.dtsi | 11 +- arch/arm64/boot/dts/renesas/r9a07g054l1.dtsi | 7 - arch/arm64/boot/dts/rockchip/rk3308-rock-pi-s.dts | 71 +- arch/arm64/boot/dts/rockchip/rk3328.dtsi | 4 +- arch/arm64/boot/dts/rockchip/rk3568-evb1-v10.dts | 2 +- arch/arm64/boot/dts/rockchip/rk3568-rock-3a.dts | 4 - arch/arm64/boot/dts/rockchip/rk356x.dtsi | 1 + arch/m68k/amiga/config.c | 9 + arch/m68k/atari/ataints.c | 6 +- arch/m68k/include/asm/cmpxchg.h | 2 +- arch/mips/boot/dts/loongson/loongson64-2k1000.dtsi | 21 +- arch/mips/include/asm/mach-loongson64/boot_param.h | 2 + arch/mips/include/asm/mips-cm.h | 4 + arch/mips/kernel/smp-cps.c | 5 +- arch/mips/loongson64/env.c | 8 + arch/mips/loongson64/reset.c | 38 +- arch/mips/loongson64/smp.c | 23 +- arch/mips/pci/pcie-octeon.c | 0 arch/mips/sgi-ip30/ip30-console.c | 1 + arch/parisc/Kconfig | 1 + arch/powerpc/include/asm/kexec.h | 4 + .../{platforms/pseries => include/asm}/plpks.h | 73 ++- arch/powerpc/kernel/prom.c | 12 +- arch/powerpc/kexec/core_64.c | 112 ++++ arch/powerpc/kexec/file_load_64.c | 87 --- arch/powerpc/kvm/powerpc.c | 4 +- arch/powerpc/platforms/pseries/plpks.c | 171 ++++- arch/powerpc/xmon/ppc-dis.c | 33 +- arch/s390/kernel/perf_cpum_cf.c | 14 +- arch/s390/kernel/uv.c | 58 +- arch/s390/pci/pci_irq.c | 110 ++-- arch/sparc/include/asm/oplib_64.h | 1 + arch/sparc/prom/init_64.c | 3 - arch/sparc/prom/p1275.c | 2 +- arch/um/drivers/ubd_kern.c | 50 +- arch/um/kernel/time.c | 4 +- arch/um/os-Linux/signal.c | 118 +++- arch/x86/events/core.c | 3 + arch/x86/events/intel/cstate.c | 7 +- arch/x86/events/intel/pt.c | 4 +- arch/x86/events/intel/pt.h | 4 +- arch/x86/events/intel/uncore_snbep.c | 6 +- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kernel/devicetree.c | 2 +- arch/x86/kvm/vmx/nested.c | 2 +- arch/x86/kvm/vmx/vmx.c | 11 +- arch/x86/kvm/vmx/vmx.h | 1 + arch/x86/kvm/x86.c | 4 +- arch/x86/pci/intel_mid_pci.c | 4 +- arch/x86/pci/xen.c | 4 +- arch/x86/platform/intel/iosf_mbi.c | 4 +- arch/x86/xen/p2m.c | 4 +- block/bio-integrity.c | 21 +- block/mq-deadline.c | 20 +- drivers/android/binder.c | 4 +- drivers/ata/libata-scsi.c | 7 +- drivers/auxdisplay/ht16k33.c | 1 + drivers/base/devres.c | 11 +- drivers/block/rbd.c | 35 +- drivers/bluetooth/btusb.c | 4 + drivers/char/hw_random/amd-rng.c | 4 +- drivers/char/tpm/eventlog/common.c | 2 + drivers/clk/clk-en7523.c | 9 +- drivers/clk/davinci/da8xx-cfgchip.c | 4 +- drivers/clk/qcom/camcc-sc7280.c | 5 + drivers/clk/qcom/clk-branch.h | 26 + drivers/clk/qcom/clk-rcg2.c | 32 + drivers/clk/qcom/gcc-sc7280.c | 3 + drivers/clk/qcom/gpucc-sm8350.c | 5 +- drivers/cpufreq/ti-cpufreq.c | 2 +- drivers/crypto/qat/qat_common/adf_cfg.c | 6 +- drivers/dma/ti/k3-udma.c | 4 +- drivers/edac/Makefile | 10 +- drivers/edac/skx_common.c | 21 +- drivers/edac/skx_common.h | 4 +- drivers/firmware/efi/libstub/x86-stub.c | 25 +- drivers/firmware/turris-mox-rwtm.c | 23 +- drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_gmc.c | 1 - drivers/gpu/drm/amd/amdgpu/sdma_v5_2.c | 12 + drivers/gpu/drm/amd/display/dc/core/dc_surface.c | 3 +- drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0.c | 4 +- drivers/gpu/drm/display/drm_dp_mst_topology.c | 4 +- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 6 +- drivers/gpu/drm/etnaviv/etnaviv_sched.c | 9 +- drivers/gpu/drm/gma500/cdv_intel_lvds.c | 3 + drivers/gpu/drm/gma500/psb_intel_lvds.c | 3 + drivers/gpu/drm/i915/display/intel_dp.c | 2 + .../gpu/drm/i915/gt/intel_execlists_submission.c | 6 +- drivers/gpu/drm/mediatek/mtk_drm_drv.c | 2 + drivers/gpu/drm/mediatek/mtk_drm_plane.c | 2 + drivers/gpu/drm/meson/meson_drv.c | 37 +- drivers/gpu/drm/msm/disp/dpu1/dpu_encoder.c | 3 +- .../gpu/drm/msm/disp/dpu1/dpu_encoder_phys_wb.c | 3 +- drivers/gpu/drm/msm/disp/dpu1/dpu_hw_ctl.h | 3 +- drivers/gpu/drm/msm/dsi/dsi_host.c | 3 + drivers/gpu/drm/panel/panel-boe-tv101wum-nl6.c | 8 +- drivers/gpu/drm/panfrost/panfrost_drv.c | 1 + drivers/gpu/drm/qxl/qxl_display.c | 3 + drivers/gpu/drm/rockchip/rockchip_drm_vop2.c | 2 +- drivers/hwmon/adt7475.c | 2 +- drivers/hwmon/max6697.c | 5 +- drivers/hwtracing/coresight/coresight-platform.c | 4 +- drivers/iio/frequency/adrf6780.c | 1 - drivers/infiniband/core/cache.c | 14 +- drivers/infiniband/core/device.c | 6 +- drivers/infiniband/core/iwcm.c | 11 +- drivers/infiniband/hw/bnxt_re/ib_verbs.c | 8 +- drivers/infiniband/hw/bnxt_re/qplib_fp.h | 6 +- drivers/infiniband/hw/hns/hns_roce_device.h | 6 + drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 40 +- drivers/infiniband/hw/hns/hns_roce_mr.c | 5 + drivers/infiniband/hw/hns/hns_roce_qp.c | 4 +- drivers/infiniband/hw/hns/hns_roce_srq.c | 2 +- drivers/infiniband/hw/mlx4/alias_GUID.c | 2 +- drivers/infiniband/hw/mlx4/mad.c | 2 +- drivers/infiniband/hw/mlx5/mlx5_ib.h | 13 + drivers/infiniband/hw/mlx5/odp.c | 6 +- drivers/infiniband/sw/rxe/rxe_req.c | 7 +- drivers/input/keyboard/qt1050.c | 7 +- drivers/input/mouse/elan_i2c_core.c | 2 + drivers/interconnect/qcom/qcm2290.c | 2 +- drivers/iommu/intel/iommu.c | 22 +- drivers/iommu/sprd-iommu.c | 2 +- drivers/irqchip/irq-imx-irqsteer.c | 24 +- drivers/isdn/hardware/mISDN/hfcmulti.c | 7 +- drivers/leds/flash/leds-mt6360.c | 5 +- drivers/leds/led-class.c | 1 - drivers/leds/led-triggers.c | 2 +- drivers/leds/leds-ss4200.c | 7 +- drivers/macintosh/therm_windtunnel.c | 2 +- drivers/md/dm-verity-target.c | 16 +- drivers/md/md.c | 26 +- drivers/media/i2c/imx412.c | 9 +- drivers/media/pci/ivtv/ivtv-udma.c | 8 + drivers/media/pci/ivtv/ivtv-yuv.c | 6 + drivers/media/pci/ivtv/ivtvfb.c | 6 +- drivers/media/pci/saa7134/saa7134-dvb.c | 8 +- drivers/media/platform/qcom/venus/vdec.c | 3 +- .../media/platform/renesas/rcar-vin/rcar-csi2.c | 5 +- drivers/media/platform/renesas/rcar-vin/rcar-dma.c | 16 +- drivers/media/platform/renesas/vsp1/vsp1_histo.c | 20 +- drivers/media/platform/renesas/vsp1/vsp1_pipe.h | 2 +- drivers/media/platform/renesas/vsp1/vsp1_rpf.c | 8 +- drivers/media/rc/imon.c | 5 +- drivers/media/rc/lirc_dev.c | 4 +- drivers/media/usb/dvb-usb/dvb-usb-init.c | 35 +- drivers/media/usb/uvc/uvc_ctrl.c | 9 +- drivers/media/usb/uvc/uvc_video.c | 10 +- drivers/media/v4l2-core/v4l2-async.c | 3 + drivers/memory/Kconfig | 2 +- drivers/mfd/Makefile | 6 +- drivers/mfd/omap-usb-tll.c | 3 +- drivers/mfd/rsmu_core.c | 2 + drivers/mtd/nand/raw/Kconfig | 3 +- drivers/mtd/tests/Makefile | 34 +- drivers/mtd/tests/mtd_test.c | 9 + drivers/mtd/ubi/eba.c | 3 +- drivers/net/bonding/bond_main.c | 7 +- drivers/net/dsa/b53/b53_common.c | 3 + drivers/net/dsa/mv88e6xxx/chip.c | 3 +- drivers/net/ethernet/brocade/bna/bna_types.h | 2 +- drivers/net/ethernet/brocade/bna/bnad.c | 11 +- drivers/net/ethernet/freescale/fec_main.c | 52 +- drivers/net/ethernet/google/gve/gve_tx_dqo.c | 22 +- drivers/net/ethernet/intel/ice/ice_ethtool_fdir.c | 2 +- drivers/net/ethernet/intel/ice/ice_fdir.h | 3 + drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c | 16 + drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.h | 1 + .../ethernet/mellanox/mlxsw/spectrum_acl_atcam.c | 18 +- .../mellanox/mlxsw/spectrum_acl_bloom_filter.c | 2 +- .../net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c | 13 - .../ethernet/mellanox/mlxsw/spectrum_acl_tcam.h | 9 +- drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 2 +- .../net/ethernet/stmicro/stmmac/dwxgmac2_core.c | 2 +- drivers/net/ethernet/stmicro/stmmac/hwif.h | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +- drivers/net/netconsole.c | 2 +- drivers/net/wireless/ath/ath11k/dp_rx.c | 3 +- drivers/net/wireless/ath/ath11k/dp_rx.h | 3 + drivers/net/wireless/ath/ath11k/mac.c | 15 +- .../broadcom/brcm80211/brcmsmac/phy/phy_lcn.c | 18 +- drivers/net/wireless/marvell/mwifiex/cfg80211.c | 2 + drivers/net/wireless/realtek/rtw89/debug.c | 2 +- drivers/net/wireless/virt_wifi.c | 20 +- drivers/nvme/host/pci.c | 5 +- drivers/nvme/target/auth.c | 14 +- drivers/opp/ti-opp-supply.c | 6 +- drivers/parport/procfs.c | 24 +- drivers/pci/controller/dwc/pci-keystone.c | 156 +++-- drivers/pci/controller/dwc/pcie-designware-ep.c | 13 +- drivers/pci/controller/dwc/pcie-dw-rockchip.c | 2 +- drivers/pci/controller/dwc/pcie-qcom-ep.c | 6 - drivers/pci/controller/pci-hyperv.c | 4 +- drivers/pci/controller/pci-loongson.c | 13 + drivers/pci/controller/pcie-rcar-host.c | 6 +- drivers/pci/controller/pcie-rockchip.c | 2 +- drivers/pci/endpoint/functions/pci-epf-vntb.c | 19 +- drivers/pci/pci.c | 6 +- drivers/pci/setup-bus.c | 6 +- drivers/phy/cadence/phy-cadence-torrent.c | 3 + drivers/pinctrl/core.c | 12 +- drivers/pinctrl/freescale/pinctrl-mxs.c | 4 +- drivers/pinctrl/pinctrl-rockchip.c | 17 +- drivers/pinctrl/pinctrl-single.c | 7 +- drivers/pinctrl/renesas/pfc-r8a779g0.c | 716 ++++++++++----------- drivers/pinctrl/ti/pinctrl-ti-iodelay.c | 14 +- drivers/platform/chrome/cros_ec_debugfs.c | 1 + drivers/platform/mips/cpu_hwmon.c | 3 + drivers/pwm/pwm-atmel-tcb.c | 66 +- drivers/pwm/pwm-stm32.c | 5 +- drivers/remoteproc/imx_rproc.c | 10 +- drivers/remoteproc/stm32_rproc.c | 2 +- drivers/rtc/interface.c | 9 +- drivers/rtc/rtc-cmos.c | 10 +- drivers/rtc/rtc-isl1208.c | 11 +- drivers/s390/block/dasd_devmap.c | 10 +- drivers/scsi/qla2xxx/qla_bsg.c | 98 +-- drivers/scsi/qla2xxx/qla_def.h | 3 + drivers/scsi/qla2xxx/qla_gs.c | 35 +- drivers/scsi/qla2xxx/qla_init.c | 87 ++- drivers/scsi/qla2xxx/qla_inline.h | 8 + drivers/scsi/qla2xxx/qla_mid.c | 2 +- drivers/scsi/qla2xxx/qla_nvme.c | 5 +- drivers/scsi/qla2xxx/qla_os.c | 7 +- drivers/scsi/qla2xxx/qla_sup.c | 108 +++- drivers/soc/qcom/pdr_interface.c | 8 +- drivers/soc/qcom/rpmh-rsc.c | 7 +- drivers/soc/qcom/rpmh.c | 1 - drivers/soc/xilinx/xlnx_event_manager.c | 15 +- drivers/soc/xilinx/zynqmp_power.c | 4 +- drivers/spi/atmel-quadspi.c | 11 +- drivers/spi/spi-microchip-core.c | 188 +++--- drivers/spi/spidev.c | 15 +- drivers/vhost/vsock.c | 4 +- drivers/watchdog/rzg2l_wdt.c | 22 +- fs/ceph/super.c | 3 +- fs/ext2/balloc.c | 11 +- fs/ext4/extents_status.c | 2 + fs/ext4/fast_commit.c | 6 + fs/ext4/namei.c | 73 ++- fs/ext4/xattr.c | 6 + fs/f2fs/checkpoint.c | 10 +- fs/f2fs/file.c | 2 + fs/f2fs/inline.c | 6 +- fs/f2fs/inode.c | 3 + fs/f2fs/segment.h | 3 +- fs/fuse/inode.c | 24 +- fs/hfs/inode.c | 3 + fs/hfsplus/bfind.c | 15 +- fs/hfsplus/extents.c | 9 +- fs/hfsplus/hfsplus_fs.h | 21 + fs/jbd2/commit.c | 2 +- fs/jbd2/journal.c | 5 + fs/jfs/jfs_imap.c | 5 +- fs/kernfs/dir.c | 112 ++-- fs/kernfs/file.c | 18 +- fs/kernfs/inode.c | 8 +- fs/kernfs/kernfs-internal.h | 2 +- fs/kernfs/mount.c | 10 +- fs/kernfs/symlink.c | 2 +- fs/nfs/nfs4client.c | 6 +- fs/nfs/nfs4proc.c | 2 +- fs/nilfs2/btnode.c | 25 +- fs/nilfs2/btree.c | 4 +- fs/nilfs2/segment.c | 2 +- fs/ntfs3/attrib.c | 17 +- fs/ntfs3/bitmap.c | 2 +- fs/ntfs3/dir.c | 3 +- fs/ntfs3/file.c | 5 +- fs/ntfs3/frecord.c | 2 +- fs/ntfs3/fslog.c | 5 +- fs/ntfs3/fsntfs.c | 2 +- fs/ntfs3/index.c | 4 +- fs/ntfs3/inode.c | 3 +- fs/ntfs3/ntfs.h | 13 +- fs/ntfs3/ntfs_fs.h | 2 + fs/proc/task_mmu.c | 2 + fs/smb/client/cifsfs.c | 8 +- fs/smb/client/connect.c | 24 +- fs/super.c | 11 + fs/udf/balloc.c | 15 +- fs/udf/super.c | 3 +- include/asm-generic/vmlinux.lds.h | 2 +- include/drm/drm_mipi_dsi.h | 21 +- include/linux/bpf_verifier.h | 2 +- include/linux/hugetlb.h | 1 + include/linux/jbd2.h | 5 - include/linux/jump_label.h | 21 +- include/linux/mlx5/qp.h | 9 +- include/linux/objagg.h | 1 - include/linux/pci.h | 2 + include/linux/perf_event.h | 1 + include/linux/sbitmap.h | 5 + include/linux/task_work.h | 3 +- include/linux/virtio_net.h | 11 + include/net/ip_fib.h | 1 + include/net/tcp.h | 1 + include/trace/events/rpcgss.h | 2 +- include/uapi/linux/netfilter/nf_tables.h | 2 +- include/uapi/linux/zorro_ids.h | 3 + io_uring/io-wq.c | 10 +- io_uring/io_uring.c | 5 +- io_uring/timeout.c | 2 +- kernel/bpf/btf.c | 10 +- kernel/bpf/dispatcher.c | 5 + kernel/cgroup/cgroup-v1.c | 2 +- kernel/cgroup/cgroup.c | 4 +- kernel/cgroup/cpuset.c | 15 +- kernel/debug/kdb/kdb_io.c | 6 +- kernel/dma/mapping.c | 2 +- kernel/events/core.c | 77 ++- kernel/events/internal.h | 2 +- kernel/events/ring_buffer.c | 4 +- kernel/irq/manage.c | 2 +- kernel/jump_label.c | 101 ++- kernel/locking/rwsem.c | 6 +- kernel/rcu/tasks.h | 10 + kernel/sched/core.c | 37 +- kernel/sched/fair.c | 9 +- kernel/sched/sched.h | 2 +- kernel/signal.c | 8 + kernel/task_work.c | 34 +- kernel/time/tick-broadcast.c | 23 + kernel/trace/pid_list.c | 4 +- kernel/watchdog_hld.c | 11 +- lib/decompress_bunzip2.c | 3 +- lib/kobject_uevent.c | 17 +- lib/objagg.c | 18 +- lib/sbitmap.c | 83 ++- mm/hugetlb.c | 2 +- mm/mempolicy.c | 18 +- mm/mmap_lock.c | 175 +---- mm/vmscan.c | 1 - net/bridge/br_forward.c | 4 +- net/core/filter.c | 15 +- net/core/flow_dissector.c | 2 +- net/core/xdp.c | 4 +- net/ipv4/esp4.c | 3 +- net/ipv4/fib_semantics.c | 13 +- net/ipv4/fib_trie.c | 1 + net/ipv4/nexthop.c | 7 +- net/ipv4/route.c | 18 +- net/ipv4/tcp.c | 13 +- net/ipv4/tcp_input.c | 34 +- net/ipv4/tcp_ipv4.c | 19 +- net/ipv4/tcp_output.c | 2 +- net/ipv4/tcp_timer.c | 10 +- net/ipv6/addrconf.c | 3 +- net/ipv6/esp6.c | 3 +- net/ipv6/tcp_ipv6.c | 19 +- net/mac80211/cfg.c | 23 +- net/mac80211/ieee80211_i.h | 2 +- net/mac80211/rate.c | 2 +- net/mac80211/sta_info.h | 6 +- net/mac80211/vht.c | 37 +- net/netfilter/ipvs/ip_vs_proto_sctp.c | 4 +- net/netfilter/nf_conntrack_netlink.c | 3 +- net/netfilter/nft_set_pipapo.c | 22 +- net/netfilter/nft_set_pipapo.h | 27 +- net/netfilter/nft_set_pipapo_avx2.c | 81 ++- net/packet/af_packet.c | 86 ++- net/smc/smc_core.c | 5 +- net/sunrpc/auth_gss/gss_krb5_keys.c | 2 +- net/sunrpc/clnt.c | 3 +- net/sunrpc/xprtrdma/frwr_ops.c | 3 +- net/sunrpc/xprtrdma/verbs.c | 16 +- net/tipc/udp_media.c | 5 +- net/unix/af_unix.c | 41 +- net/unix/unix_bpf.c | 3 + net/wireless/util.c | 8 +- scripts/Makefile.lib | 6 +- scripts/gcc-x86_32-has-stack-protector.sh | 2 +- scripts/gcc-x86_64-has-stack-protector.sh | 2 +- security/apparmor/lsm.c | 7 + security/apparmor/policy.c | 2 +- security/apparmor/policy_unpack.c | 1 + security/keys/keyctl.c | 2 +- security/landlock/cred.c | 11 +- sound/soc/amd/acp-es8336.c | 4 +- sound/soc/amd/yc/acp6x-mach.c | 7 + sound/soc/codecs/max98088.c | 10 +- sound/soc/intel/common/soc-intel-quirks.h | 2 +- sound/soc/qcom/lpass-cpu.c | 4 + sound/soc/sof/imx/imx8m.c | 2 +- sound/usb/mixer.c | 7 + sound/usb/quirks.c | 4 + tools/bpf/bpftool/common.c | 2 +- tools/bpf/bpftool/prog.c | 4 + tools/bpf/resolve_btfids/main.c | 2 +- tools/lib/bpf/btf_dump.c | 8 +- tools/lib/bpf/linker.c | 11 +- tools/memory-model/lock.cat | 20 +- tools/perf/arch/x86/util/intel-pt.c | 15 +- tools/perf/tests/shell/test_arm_callgraph_fp.sh | 64 +- tools/perf/tests/workloads/leafloop.c | 20 +- tools/perf/util/sort.c | 2 +- tools/testing/selftests/bpf/prog_tests/sk_lookup.c | 2 +- .../selftests/bpf/prog_tests/xdp_adjust_tail.c | 2 +- .../bpf/progs/btf_dump_test_case_multidim.c | 4 +- .../bpf/progs/btf_dump_test_case_syntax.c | 4 +- tools/testing/selftests/bpf/test_sockmap.c | 9 +- .../drivers/net/mlxsw/spectrum-2/tc_flower.sh | 55 +- tools/testing/selftests/landlock/base_test.c | 74 +++ tools/testing/selftests/landlock/config | 5 +- tools/testing/selftests/net/fib_tests.sh | 24 +- .../selftests/net/forwarding/devlink_lib.sh | 2 + .../selftests/sigaltstack/current_stack_pointer.h | 2 +- 434 files changed, 4176 insertions(+), 2487 deletions(-)

7 months

13
459
0 0

[PATCH] KVM: arm64: Fix kvm_has_feat*() handling of negative features

by Marc Zyngier

Oliver reports that the kvm_has_feat() helper is not behaviing as expected for negative feature. On investigation, the main issue seems to be caused by the following construct: (id##_##fld##_SIGNED ? \ get_idreg_field_signed(kvm, id, fld) : \ get_idreg_field_unsigned(kvm, id, fld)) where one side of the expression evaluates as something signed, and the other as something unsigned. In retrospect, this is totally braindead, as the compiler converts this into an unsigned expression. When compared to something that is 0, the test is simply elided. Epic fail. Similar issue exists in the expand_field_sign() macro. The correct way to handle this is to chose between signed and unsigned comparisons, so that both sides of the ternary expression are of the same type (bool). In order to keep the code readable (sort of), we introduce new comparison primitives taking an operator as a parameter, and rewrite the kvm_has_feat*() helpers in terms of these primitives. Fixes: c62d7a23b947 ("KVM: arm64: Add feature checking helpers") Reported-by: Oliver Upton <oliver.upton(a)linux.dev> Tested-by: Oliver Upton <oliver.upton(a)linux.dev> Signed-off-by: Marc Zyngier <maz(a)kernel.org> Cc: stable(a)vger.kernel.org --- arch/arm64/include/asm/kvm_host.h | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/arch/arm64/include/asm/kvm_host.h b/arch/arm64/include/asm/kvm_host.h index aab1e59aa91e..e9e9b57782e4 100644 --- a/arch/arm64/include/asm/kvm_host.h +++ b/arch/arm64/include/asm/kvm_host.h @@ -1490,11 +1490,6 @@ void kvm_set_vm_id_reg(struct kvm *kvm, u32 reg, u64 val); sign_extend64(__val, id##_##fld##_WIDTH - 1); \ }) -#define expand_field_sign(id, fld, val) \ - (id##_##fld##_SIGNED ? \ - __expand_field_sign_signed(id, fld, val) : \ - __expand_field_sign_unsigned(id, fld, val)) - #define get_idreg_field_unsigned(kvm, id, fld) \ ({ \ u64 __val = kvm_read_vm_id_reg((kvm), SYS_##id); \ @@ -1510,20 +1505,26 @@ void kvm_set_vm_id_reg(struct kvm *kvm, u32 reg, u64 val); #define get_idreg_field_enum(kvm, id, fld) \ get_idreg_field_unsigned(kvm, id, fld) -#define get_idreg_field(kvm, id, fld) \ +#define kvm_cmp_feat_signed(kvm, id, fld, op, limit) \ + (get_idreg_field_signed((kvm), id, fld) op __expand_field_sign_signed(id, fld, limit)) + +#define kvm_cmp_feat_unsigned(kvm, id, fld, op, limit) \ + (get_idreg_field_unsigned((kvm), id, fld) op __expand_field_sign_unsigned(id, fld, limit)) + +#define kvm_cmp_feat(kvm, id, fld, op, limit) \ (id##_##fld##_SIGNED ? \ - get_idreg_field_signed(kvm, id, fld) : \ - get_idreg_field_unsigned(kvm, id, fld)) + kvm_cmp_feat_signed(kvm, id, fld, op, limit) : \ + kvm_cmp_feat_unsigned(kvm, id, fld, op, limit)) #define kvm_has_feat(kvm, id, fld, limit) \ - (get_idreg_field((kvm), id, fld) >= expand_field_sign(id, fld, limit)) + kvm_cmp_feat(kvm, id, fld, >=, limit) #define kvm_has_feat_enum(kvm, id, fld, val) \ - (get_idreg_field_unsigned((kvm), id, fld) == __expand_field_sign_unsigned(id, fld, val)) + kvm_cmp_feat_unsigned(kvm, id, fld, ==, val) #define kvm_has_feat_range(kvm, id, fld, min, max) \ - (get_idreg_field((kvm), id, fld) >= expand_field_sign(id, fld, min) && \ - get_idreg_field((kvm), id, fld) <= expand_field_sign(id, fld, max)) + (kvm_cmp_feat(kvm, id, fld, >=, min) && \ + kvm_cmp_feat(kvm, id, fld, <=, max)) /* Check for a given level of PAuth support */ #define kvm_has_pauth(k, l) \ -- 2.39.2

7 months

1
1
0 0

Re: Patch "selftests: vDSO: skip getrandom test if architecture is unsupported" has been added to the 6.11-stable tree

by Jason A. Donenfeld

This is not stable material and I didn't mark it as such. Do not backport.

7 months

3
13
0 0

[PATCH HID] HID: bpf: fix cfi stubs for hid_bpf_ops

by Benjamin Tissoires

With the introduction of commit e42ac1418055 ("bpf: Check unsupported ops from the bpf_struct_ops's cfi_stubs"), a HID-BPF struct_ops containing a .hid_hw_request() or a .hid_hw_output_report() was failing to load as the cfi stubs were not defined. Fix that by defining those simple static functions and restore HID-BPF functionality. This was detected with the HID selftests suddenly failing on Linus' tree. Cc: stable(a)vger.kernel.org # v6.11+ Fixes: 9286675a2aed ("HID: bpf: add HID-BPF hooks for hid_hw_output_report") Fixes: 8bd0488b5ea5 ("HID: bpf: add HID-BPF hooks for hid_hw_raw_requests") Signed-off-by: Benjamin Tissoires <bentiss(a)kernel.org> --- Hi, This commit should directly go in Linus tree before we start creating topic branches for 6.13 given that the CI is now failing on our HID master branch. Cheers, Benjamin --- drivers/hid/bpf/hid_bpf_struct_ops.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/drivers/hid/bpf/hid_bpf_struct_ops.c b/drivers/hid/bpf/hid_bpf_struct_ops.c index cd696c59ba0f..702c22fae136 100644 --- a/drivers/hid/bpf/hid_bpf_struct_ops.c +++ b/drivers/hid/bpf/hid_bpf_struct_ops.c @@ -276,9 +276,23 @@ static int __hid_bpf_rdesc_fixup(struct hid_bpf_ctx *ctx) return 0; } +static int __hid_bpf_hw_request(struct hid_bpf_ctx *ctx, unsigned char reportnum, + enum hid_report_type rtype, enum hid_class_request reqtype, + u64 source) +{ + return 0; +} + +static int __hid_bpf_hw_output_report(struct hid_bpf_ctx *ctx, u64 source) +{ + return 0; +} + static struct hid_bpf_ops __bpf_hid_bpf_ops = { .hid_device_event = __hid_bpf_device_event, .hid_rdesc_fixup = __hid_bpf_rdesc_fixup, + .hid_hw_request = __hid_bpf_hw_request, + .hid_hw_output_report = __hid_bpf_hw_output_report, }; static struct bpf_struct_ops bpf_hid_bpf_ops = { --- base-commit: 13882369ceb9b0953f9f5ff8563bbccfd80d0ffd change-id: 20240927-fix-hid-bpf-stubs-f80591a673c2 Best regards, -- Benjamin Tissoires <bentiss(a)kernel.org>

7 months

3
2
0 0

[PATCH 5.15.y] usb: typec: tcpm: Check for port partner validity before consuming it

by Sherry Yang

From: Badhri Jagan Sridharan <badhri(a)google.com> commit ae11f04b452b5205536e1c02d31f8045eba249dd upstream. typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: Unable to handle kernel NULL pointer dereference at virtual address xx pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machine+0x1b90/0x1c08 .. Call trace: run_state_machine+0x1bc8/0x1c08 tcpm_state_machine_work+0x94/0xe4 kthread_worker_fn+0x118/0x328 kthread+0x1d0/0x23c ret_from_fork+0x10/0x20 To prevent the crash, check for port->partner validity before derefencing it in all the call sites. Cc: stable(a)vger.kernel.org Fixes: c97cd0b4b54e ("usb: typec: tcpm: set initial svdm version based on pd revision") Signed-off-by: Badhri Jagan Sridharan <badhri(a)google.com> Reviewed-by: Heikki Krogerus <heikki.krogerus(a)linux.intel.com> Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov(a)linaro.org> Link: https://lore.kernel.org/r/20240427202812.3435268-1-badhri@google.com Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> [Sherry: bp to 5.15.y, minor conflicts due to missing commit: 8203d26905ee ("usb: typec: tcpm: Register USB Power Delivery Capabilities"). Ignore the the part typec_partner_set_usb_power_delivery() which is not in 5.15.y.] Signed-off-by: Sherry Yang <sherry.yang(a)oracle.com> --- This is a fix for CVE-2024-36893. --- drivers/usb/typec/tcpm/tcpm.c | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c index 5a5886cb0c00..2104bb6e61f5 100644 --- a/drivers/usb/typec/tcpm/tcpm.c +++ b/drivers/usb/typec/tcpm/tcpm.c @@ -1471,7 +1471,8 @@ static void svdm_consume_identity(struct tcpm_port *port, const u32 *p, int cnt) port->partner_ident.cert_stat = p[VDO_INDEX_CSTAT]; port->partner_ident.product = product; - typec_partner_set_identity(port->partner); + if (port->partner) + typec_partner_set_identity(port->partner); tcpm_log(port, "Identity: %04x:%04x.%04x", PD_IDH_VID(vdo), @@ -1559,6 +1560,9 @@ static void tcpm_register_partner_altmodes(struct tcpm_port *port) struct typec_altmode *altmode; int i; + if (!port->partner) + return; + for (i = 0; i < modep->altmodes; i++) { altmode = typec_partner_register_altmode(port->partner, &modep->altmode_desc[i]); @@ -3577,7 +3581,10 @@ static int tcpm_init_vconn(struct tcpm_port *port) static void tcpm_typec_connect(struct tcpm_port *port) { + struct typec_partner *partner; + if (!port->connected) { + port->connected = true; /* Make sure we don't report stale identity information */ memset(&port->partner_ident, 0, sizeof(port->partner_ident)); port->partner_desc.usb_pd = port->pd_capable; @@ -3587,9 +3594,13 @@ static void tcpm_typec_connect(struct tcpm_port *port) port->partner_desc.accessory = TYPEC_ACCESSORY_AUDIO; else port->partner_desc.accessory = TYPEC_ACCESSORY_NONE; - port->partner = typec_register_partner(port->typec_port, - &port->partner_desc); - port->connected = true; + partner = typec_register_partner(port->typec_port, &port->partner_desc); + if (IS_ERR(partner)) { + dev_err(port->dev, "Failed to register partner (%ld)\n", PTR_ERR(partner)); + return; + } + + port->partner = partner; } } @@ -3658,8 +3669,10 @@ static int tcpm_src_attach(struct tcpm_port *port) static void tcpm_typec_disconnect(struct tcpm_port *port) { if (port->connected) { - typec_unregister_partner(port->partner); - port->partner = NULL; + if (port->partner) { + typec_unregister_partner(port->partner); + port->partner = NULL; + } port->connected = false; } } @@ -3868,6 +3881,9 @@ static enum typec_cc_status tcpm_pwr_opmode_to_rp(enum typec_pwr_opmode opmode) static void tcpm_set_initial_svdm_version(struct tcpm_port *port) { + if (!port->partner) + return; + switch (port->negotiated_rev) { case PD_REV30: break; -- 2.46.0

7 months

1
0
0 0

[PATCH net] hv_netvsc: Fix VF namespace also in netvsc_open

by Haiyang Zhang

The existing code moves VF to the same namespace as the synthetic device during netvsc_register_vf(). But, if the synthetic device is moved to a new namespace after the VF registration, the VF won't be moved together. To make the behavior more consistent, add a namespace check to netvsc_open(), and move the VF if it is not in the same namespace. Cc: stable(a)vger.kernel.org Fixes: c0a41b887ce6 ("hv_netvsc: move VF to same namespace as netvsc device") Signed-off-by: Haiyang Zhang <haiyangz(a)microsoft.com> --- drivers/net/hyperv/netvsc_drv.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c index 153b97f8ec0d..9caade092524 100644 --- a/drivers/net/hyperv/netvsc_drv.c +++ b/drivers/net/hyperv/netvsc_drv.c @@ -134,6 +134,19 @@ static int netvsc_open(struct net_device *net) } if (vf_netdev) { + if (!net_eq(dev_net(net), dev_net(vf_netdev))) { + ret = dev_change_net_namespace(vf_netdev, dev_net(net), + "eth%d"); + if (ret) + netdev_err(vf_netdev, + "Cannot move to same namespace as %s: %d\n", + net->name, ret); + else + netdev_info(vf_netdev, + "Moved VF to namespace with: %s\n", + net->name); + } + /* Setting synthetic device up transparently sets * slave as up. If open fails, then slave will be * still be offline (and not used). -- 2.34.1

7 months

3
4
0 0

[PATCH net] xfrm: fix one more kernel-infoleak in algo dumping

by Petr Vaganov

During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30 _copy_to_iter+0x598/0x2a30 __skb_datagram_iter+0x168/0x1060 skb_copy_datagram_iter+0x5b/0x220 netlink_recvmsg+0x362/0x1700 sock_recvmsg+0x2dc/0x390 __sys_recvfrom+0x381/0x6d0 __x64_sys_recvfrom+0x130/0x200 x64_sys_call+0x32c8/0x3cc0 do_syscall_64+0xd8/0x1c0 entry_SYSCALL_64_after_hwframe+0x79/0x81 Uninit was stored to memory at: copy_to_user_state_extra+0xcc1/0x1e00 dump_one_state+0x28c/0x5f0 xfrm_state_walk+0x548/0x11e0 xfrm_dump_sa+0x1e0/0x840 netlink_dump+0x943/0x1c40 __netlink_dump_start+0x746/0xdb0 xfrm_user_rcv_msg+0x429/0xc00 netlink_rcv_skb+0x613/0x780 xfrm_netlink_rcv+0x77/0xc0 netlink_unicast+0xe90/0x1280 netlink_sendmsg+0x126d/0x1490 __sock_sendmsg+0x332/0x3d0 ____sys_sendmsg+0x863/0xc30 ___sys_sendmsg+0x285/0x3e0 __x64_sys_sendmsg+0x2d6/0x560 x64_sys_call+0x1316/0x3cc0 do_syscall_64+0xd8/0x1c0 entry_SYSCALL_64_after_hwframe+0x79/0x81 Uninit was created at: __kmalloc+0x571/0xd30 attach_auth+0x106/0x3e0 xfrm_add_sa+0x2aa0/0x4230 xfrm_user_rcv_msg+0x832/0xc00 netlink_rcv_skb+0x613/0x780 xfrm_netlink_rcv+0x77/0xc0 netlink_unicast+0xe90/0x1280 netlink_sendmsg+0x126d/0x1490 __sock_sendmsg+0x332/0x3d0 ____sys_sendmsg+0x863/0xc30 ___sys_sendmsg+0x285/0x3e0 __x64_sys_sendmsg+0x2d6/0x560 x64_sys_call+0x1316/0x3cc0 do_syscall_64+0xd8/0x1c0 entry_SYSCALL_64_after_hwframe+0x79/0x81 Bytes 328-379 of 732 are uninitialized Memory access of size 732 starts at ffff88800e18e000 Data copied to user address 00007ff30f48aff0 CPU: 2 PID: 18167 Comm: syz-executor.0 Not tainted 6.8.11 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Fixes copying of xfrm algorithms where some random data of the structure fields can end up in userspace. Padding in structures may be filled with random (possibly sensitve) data and should never be given directly to user-space. A similar issue was resolved in the commit 8222d5910dae ("xfrm: Zero padding when dumping algos and encap") Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: c7a5899eb26e ("xfrm: redact SA secret with lockdown confidentiality") Cc: stable(a)vger.kernel.org Co-developed-by: Boris Tonofa <b.tonofa(a)ideco.ru> Signed-off-by: Boris Tonofa <b.tonofa(a)ideco.ru> Signed-off-by: Petr Vaganov <p.vaganov(a)ideco.ru> --- net/xfrm/xfrm_user.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 55f039ec3d59..97faeb3574ea 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1098,7 +1098,9 @@ static int copy_to_user_auth(struct xfrm_algo_auth *auth, struct sk_buff *skb) if (!nla) return -EMSGSIZE; ap = nla_data(nla); - memcpy(ap, auth, sizeof(struct xfrm_algo_auth)); + strscpy_pad(ap->alg_name, auth->alg_name, sizeof(sizeof(ap->alg_name))); + ap->alg_key_len = auth->alg_key_len; + ap->alg_trunc_len = auth->alg_trunc_len; if (redact_secret && auth->alg_key_len) memset(ap->alg_key, 0, (auth->alg_key_len + 7) / 8); else -- 2.46.1

7 months

2
1
0 0

[PATCH v4 0/4] ov08x40: Enable use of ov08x40 on Qualcomm X1E80100 CRD

by Bryan O'Donoghue

Changes in v4: - Drops link-frequencies from properties: as discussed here: https://lore.kernel.org/r/Zv6STSKeNNlT83ux@kekkonen.localdomain - Link to v3: https://lore.kernel.org/r/20241002-b4-master-24-11-25-ov08x40-v3-0-483bcdcf… Changes in v3: - Drops assigned-clock-* from description retains in example - Sakari, Krzysztof - Updates example fake clock names to ov08x40_* instead of copy/paste ov9282_clk -> ov08x40_clk, ov9282_clk_parent -> ov08x40_clk_parent - bod - Link to v2: https://lore.kernel.org/r/20241001-b4-master-24-11-25-ov08x40-v2-0-e478976b… Changes in v2: - Drops "-" in ovti,ov08x40.yaml after description: - Rob - Adds ":" after first line of description text - Rob - dts -> DT in commit log - Rob - Removes dependency on 'xvclk' as a name in yaml and driver - Sakari - Uses assigned-clock, assigned-clock-parents and assigned-clock-rates - Sakari - Drops clock-frequency - Sakarai, Krzysztof - Drops dovdd-supply, avdd-supply, dvdd-supply and reset-gpios as required, its perfectly possible not to have the reset GPIO or the power rails under control of the SoC. - bod - Link to v1: https://lore.kernel.org/r/20240926-b4-master-24-11-25-ov08x40-v1-0-e4d5fbd3… V1: This series brings fixes and updates to ov08x40 which allows for use of this sensor on the Qualcomm x1e80100 CRD but also on any other dts based system. Firstly there's a fix for the pseudo burst mode code that was added in 8f667d202384 ("media: ov08x40: Reduce start streaming time"). Not every I2C controller can handle an arbitrary sized write, this is the case on Qualcomm CAMSS/CCI I2C sensor interfaces which limit the transaction size and communicate this limit via I2C quirks. A simple fix to optionally break up the large submitted burst into chunks not exceeding adapter->quirk size fixes. Secondly then is addition of a yaml description for the ov08x40 and extension of the driver to support OF probe and powering on of the power rails from the driver instead of from ACPI. Once done the sensor works without further modification on the Qualcomm x1e80100 CRD. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> --- Bryan O'Donoghue (4): media: ov08x40: Fix burst write sequence media: dt-bindings: Add OmniVision OV08X40 media: ov08x40: Rename ext_clk to xvclk media: ov08x40: Add OF probe support .../bindings/media/i2c/ovti,ov08x40.yaml | 114 +++++++++++++ drivers/media/i2c/ov08x40.c | 179 ++++++++++++++++++--- 2 files changed, 270 insertions(+), 23 deletions(-) --- base-commit: 2b7275670032a98cba266bd1b8905f755b3e650f change-id: 20240926-b4-master-24-11-25-ov08x40-c6f477aaa6a4 Best regards, -- Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>

7 months

1
1
0 0

[PATCH v5 2/5] tpm: Implement tpm2_load_null() rollback

by Jarkko Sakkinen

tpm2_load_null() has weak and broken error handling: - The return value of tpm2_create_primary() is ignored. - Leaks TPM return codes from tpm2_load_context() to the caller. - If the key name comparison succeeds returns previous error instead of zero to the caller. Implement a proper error rollback. Cc: stable(a)vger.kernel.org # v6.10+ Fixes: eb24c9788cd9 ("tpm: disable the TPM if NULL name changes") Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- v5: - Fix the TPM error code leak from tpm2_load_context(). v4: - No changes. v3: - Update log messages. Previously the log message incorrectly stated on load failure that integrity check had been failed, even tho the check is done *after* the load operation. v2: - Refined the commit message. - Reverted tpm2_create_primary() changes. They are not required if tmp_null_key is used as the parameter. --- drivers/char/tpm/tpm2-sessions.c | 43 +++++++++++++++++--------------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c index 0f09ac33ae99..a856adef18d3 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -915,33 +915,36 @@ static int tpm2_parse_start_auth_session(struct tpm2_auth *auth, static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key) { - int rc; unsigned int offset = 0; /* dummy offset for null seed context */ u8 name[SHA256_DIGEST_SIZE + 2]; + u32 tmp_null_key; + int rc; rc = tpm2_load_context(chip, chip->null_key_context, &offset, - null_key); - if (rc != -EINVAL) - return rc; + &tmp_null_key); + if (rc != -EINVAL) { + if (!rc) + *null_key = tmp_null_key; + goto err; + } - /* an integrity failure may mean the TPM has been reset */ - dev_err(&chip->dev, "NULL key integrity failure!\n"); - /* check the null name against what we know */ - tpm2_create_primary(chip, TPM2_RH_NULL, NULL, name); - if (memcmp(name, chip->null_key_name, sizeof(name)) == 0) - /* name unchanged, assume transient integrity failure */ - return rc; - /* - * Fatal TPM failure: the NULL seed has actually changed, so - * the TPM must have been illegally reset. All in-kernel TPM - * operations will fail because the NULL primary can't be - * loaded to salt the sessions, but disable the TPM anyway so - * userspace programmes can't be compromised by it. - */ - dev_err(&chip->dev, "NULL name has changed, disabling TPM due to interference\n"); + rc = tpm2_create_primary(chip, TPM2_RH_NULL, &tmp_null_key, name); + if (rc) + goto err; + + /* Return the null key if the name has not been changed: */ + if (memcmp(name, chip->null_key_name, sizeof(name)) == 0) { + *null_key = tmp_null_key; + return 0; + } + + /* Deduce from the name change TPM interference: */ + dev_err(&chip->dev, "the null key integrity check failedh\n"); + tpm2_flush_context(chip, tmp_null_key); chip->flags |= TPM_CHIP_FLAG_DISABLE; - return rc; +err: + return rc ? -ENODEV : rc; } /** -- 2.46.1

7 months

2
1
0 0

[PATCH -fixes] riscv: Fix kernel stack size when KASAN is enabled

by Alexandre Ghiti

We use Kconfig to select the kernel stack size, doubling the default size if KASAN is enabled. But that actually only works if KASAN is selected from the beginning, meaning that if KASAN config is added later (for example using menuconfig), CONFIG_THREAD_SIZE_ORDER won't be updated, keeping the default size, which is not enough for KASAN as reported in [1]. So fix this by moving the logic to compute the right kernel stack into a header. Fixes: a7555f6b62e7 ("riscv: stack: Add config of thread stack size") Reported-by: syzbot+ba9eac24453387a9d502(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/all/000000000000eb301906222aadc2@google.com/ [1] Cc: stable(a)vger.kernel.org Signed-off-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> --- arch/riscv/Kconfig | 3 +-- arch/riscv/include/asm/thread_info.h | 7 ++++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/arch/riscv/Kconfig b/arch/riscv/Kconfig index ccbfd28f4982..b65846d02622 100644 --- a/arch/riscv/Kconfig +++ b/arch/riscv/Kconfig @@ -759,8 +759,7 @@ config IRQ_STACKS config THREAD_SIZE_ORDER int "Kernel stack size (in power-of-two numbers of page size)" if VMAP_STACK && EXPERT range 0 4 - default 1 if 32BIT && !KASAN - default 3 if 64BIT && KASAN + default 1 if 32BIT default 2 help Specify the Pages of thread stack size (from 4KB to 64KB), which also diff --git a/arch/riscv/include/asm/thread_info.h b/arch/riscv/include/asm/thread_info.h index fca5c6be2b81..385b43211a71 100644 --- a/arch/riscv/include/asm/thread_info.h +++ b/arch/riscv/include/asm/thread_info.h @@ -13,7 +13,12 @@ #include <linux/sizes.h> /* thread information allocation */ -#define THREAD_SIZE_ORDER CONFIG_THREAD_SIZE_ORDER +#ifdef CONFIG_KASAN +#define KASAN_STACK_ORDER 1 +#else +#define KASAN_STACK_ORDER 0 +#endif +#define THREAD_SIZE_ORDER (CONFIG_THREAD_SIZE_ORDER + KASAN_STACK_ORDER) #define THREAD_SIZE (PAGE_SIZE << THREAD_SIZE_ORDER) /* -- 2.39.2

7 months

2
1
0 0

[PATCH v2] bus: mhi: host: free buffer on error in mhi_alloc_bhie_table

by Fedor Pchelkin

img_info->mhi_buf should be freed on error path in mhi_alloc_bhie_table(). This error case is rare but still needs to be fixed. Found by Linux Verification Center (linuxtesting.org). Fixes: 3000f85b8f47 ("bus: mhi: core: Add support for basic PM operations") Cc: stable(a)vger.kernel.org Signed-off-by: Fedor Pchelkin <pchelkin(a)ispras.ru> --- v2: add missing Cc: stable, as Greg Kroah-Hartman's bot reported drivers/bus/mhi/host/boot.c | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/bus/mhi/host/boot.c b/drivers/bus/mhi/host/boot.c index edc0ec5a0933..738dcd11b66f 100644 --- a/drivers/bus/mhi/host/boot.c +++ b/drivers/bus/mhi/host/boot.c @@ -357,6 +357,7 @@ int mhi_alloc_bhie_table(struct mhi_controller *mhi_cntrl, for (--i, --mhi_buf; i >= 0; i--, mhi_buf--) dma_free_coherent(mhi_cntrl->cntrl_dev, mhi_buf->len, mhi_buf->buf, mhi_buf->dma_addr); + kfree(img_info->mhi_buf); error_alloc_mhi_buf: kfree(img_info); -- 2.39.2

7 months

2
2
0 0

[PATCH] sched: psi: fix bogus pressure spikes from aggregation race

by Johannes Weiner

Brandon reports sporadic, non-sensical spikes in cumulative pressure time (total=) when reading cpu.pressure at a high rate. This is due to a race condition between reader aggregation and tasks changing states. While it affects all states and all resources captured by PSI, in practice it most likely triggers with CPU pressure, since scheduling events are so frequent compared to other resource events. The race context is the live snooping of ongoing stalls during a pressure read. The read aggregates per-cpu records for stalls that have concluded, but will also incorporate ad-hoc the duration of any active state that hasn't been recorded yet. This is important to get timely measurements of ongoing stalls. Those ad-hoc samples are calculated on-the-fly up to the current time on that CPU; since the stall hasn't concluded, it's expected that this is the minimum amount of stall time that will enter the per-cpu records once it does. The problem is that the path that concludes the state uses a CPU clock read that is not synchronized against aggregators; the clock is read outside of the seqlock protection. This allows aggregators to race and snoop a stall with a longer duration than will actually be recorded. With the recorded stall time being less than the last snapshot remembered by the aggregator, a subsequent sample will underflow and observe a bogus delta value, resulting in an erratic jump in pressure. Fix this by moving the clock read of the state change into the seqlock protection. This ensures no aggregation can snoop live stalls past the time that's recorded when the state concludes. Reported-by: Brandon Duffany <brandon(a)buildbuddy.io> Link: https://bugzilla.kernel.org/show_bug.cgi?id=219194 Link: https://lore.kernel.org/lkml/20240827121851.GB438928@cmpxchg.org/ Fixes: df77430639c9 ("psi: Reduce calls to sched_clock() in psi") Cc: stable(a)vger.kernel.org Signed-off-by: Johannes Weiner <hannes(a)cmpxchg.org> Reviewed-by: Chengming Zhou <chengming.zhou(a)linux.dev> --- kernel/sched/psi.c | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/kernel/sched/psi.c b/kernel/sched/psi.c index 020d58967d4e..84dad1511d1e 100644 --- a/kernel/sched/psi.c +++ b/kernel/sched/psi.c @@ -769,12 +769,13 @@ static void record_times(struct psi_group_cpu *groupc, u64 now) } static void psi_group_change(struct psi_group *group, int cpu, - unsigned int clear, unsigned int set, u64 now, + unsigned int clear, unsigned int set, bool wake_clock) { struct psi_group_cpu *groupc; unsigned int t, m; u32 state_mask; + u64 now; lockdep_assert_rq_held(cpu_rq(cpu)); groupc = per_cpu_ptr(group->pcpu, cpu); @@ -789,6 +790,7 @@ static void psi_group_change(struct psi_group *group, int cpu, * SOME and FULL time these may have resulted in. */ write_seqcount_begin(&groupc->seq); + now = cpu_clock(cpu); /* * Start with TSK_ONCPU, which doesn't have a corresponding @@ -899,18 +901,15 @@ void psi_task_change(struct task_struct *task, int clear, int set) { int cpu = task_cpu(task); struct psi_group *group; - u64 now; if (!task->pid) return; psi_flags_change(task, clear, set); - now = cpu_clock(cpu); - group = task_psi_group(task); do { - psi_group_change(group, cpu, clear, set, now, true); + psi_group_change(group, cpu, clear, set, true); } while ((group = group->parent)); } @@ -919,7 +918,6 @@ void psi_task_switch(struct task_struct *prev, struct task_struct *next, { struct psi_group *group, *common = NULL; int cpu = task_cpu(prev); - u64 now = cpu_clock(cpu); if (next->pid) { psi_flags_change(next, 0, TSK_ONCPU); @@ -936,7 +934,7 @@ void psi_task_switch(struct task_struct *prev, struct task_struct *next, break; } - psi_group_change(group, cpu, 0, TSK_ONCPU, now, true); + psi_group_change(group, cpu, 0, TSK_ONCPU, true); } while ((group = group->parent)); } @@ -974,7 +972,7 @@ void psi_task_switch(struct task_struct *prev, struct task_struct *next, do { if (group == common) break; - psi_group_change(group, cpu, clear, set, now, wake_clock); + psi_group_change(group, cpu, clear, set, wake_clock); } while ((group = group->parent)); /* @@ -986,7 +984,7 @@ void psi_task_switch(struct task_struct *prev, struct task_struct *next, if ((prev->psi_flags ^ next->psi_flags) & ~TSK_ONCPU) { clear &= ~TSK_ONCPU; for (; group; group = group->parent) - psi_group_change(group, cpu, clear, set, now, wake_clock); + psi_group_change(group, cpu, clear, set, wake_clock); } } } @@ -997,8 +995,8 @@ void psi_account_irqtime(struct rq *rq, struct task_struct *curr, struct task_st int cpu = task_cpu(curr); struct psi_group *group; struct psi_group_cpu *groupc; - u64 now, irq; s64 delta; + u64 irq; if (static_branch_likely(&psi_disabled)) return; @@ -1011,7 +1009,6 @@ void psi_account_irqtime(struct rq *rq, struct task_struct *curr, struct task_st if (prev && task_psi_group(prev) == group) return; - now = cpu_clock(cpu); irq = irq_time_read(cpu); delta = (s64)(irq - rq->psi_irq_time); if (delta < 0) @@ -1019,12 +1016,15 @@ void psi_account_irqtime(struct rq *rq, struct task_struct *curr, struct task_st rq->psi_irq_time = irq; do { + u64 now; + if (!group->enabled) continue; groupc = per_cpu_ptr(group->pcpu, cpu); write_seqcount_begin(&groupc->seq); + now = cpu_clock(cpu); record_times(groupc, now); groupc->times[PSI_IRQ_FULL] += delta; @@ -1223,11 +1223,9 @@ void psi_cgroup_restart(struct psi_group *group) for_each_possible_cpu(cpu) { struct rq *rq = cpu_rq(cpu); struct rq_flags rf; - u64 now; rq_lock_irq(rq, &rf); - now = cpu_clock(cpu); - psi_group_change(group, cpu, 0, 0, now, true); + psi_group_change(group, cpu, 0, 0, true); rq_unlock_irq(rq, &rf); } } -- 2.46.2

7 months

1
0
0 0

[PATCH] ALSA: core: add isascii() check to card ID generator

by Jaroslav Kysela

The card identifier should contain only safe ASCII characters. The isalnum() returns true also for characters for non-ASCII characters. Buglink: https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/4135 Link: https://lore.kernel.org/linux-sound/yk3WTvKkwheOon_LzZlJ43PPInz6byYfBzpKkba… Cc: stable(a)vger.kernel.org Reported-by: Barnabás Pőcze <pobrn(a)protonmail.com> Signed-off-by: Jaroslav Kysela <perex(a)perex.cz> --- sound/core/init.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/sound/core/init.c b/sound/core/init.c index b92aa7103589..114fb87de990 100644 --- a/sound/core/init.c +++ b/sound/core/init.c @@ -654,13 +654,19 @@ void snd_card_free(struct snd_card *card) } EXPORT_SYMBOL(snd_card_free); +/* check, if the character is in the valid ASCII range */ +static inline bool safe_ascii_char(char c) +{ + return isascii(c) && isalnum(c); +} + /* retrieve the last word of shortname or longname */ static const char *retrieve_id_from_card_name(const char *name) { const char *spos = name; while (*name) { - if (isspace(*name) && isalnum(name[1])) + if (isspace(*name) && safe_ascii_char(name[1])) spos = name + 1; name++; } @@ -687,12 +693,12 @@ static void copy_valid_id_string(struct snd_card *card, const char *src, { char *id = card->id; - while (*nid && !isalnum(*nid)) + while (*nid && !safe_ascii_char(*nid)) nid++; if (isdigit(*nid)) *id++ = isalpha(*src) ? *src : 'D'; while (*nid && (size_t)(id - card->id) < sizeof(card->id) - 1) { - if (isalnum(*nid)) + if (safe_ascii_char(*nid)) *id++ = *nid; nid++; } @@ -787,7 +793,7 @@ static ssize_t id_store(struct device *dev, struct device_attribute *attr, for (idx = 0; idx < copy; idx++) { c = buf[idx]; - if (!isalnum(c) && c != '_' && c != '-') + if (!safe_ascii_char(c) && c != '_' && c != '-') return -EINVAL; } memcpy(buf1, buf, copy); -- 2.46.0

7 months

2
1
0 0

[PATCH net v2] gso: fix udp gso fraglist segmentation after pull from frag_list

by Willem de Bruijn

From: Willem de Bruijn <willemb(a)google.com> Detect gso fraglist skbs with corrupted geometry (see below) and pass these to skb_segment instead of skb_segment_list, as the first can segment them correctly. Valid SKB_GSO_FRAGLIST skbs - consist of two or more segments - the head_skb holds the protocol headers plus first gso_size - one or more frag_list skbs hold exactly one segment - all but the last must be gso_size Optional datapath hooks such as NAT and BPF (bpf_skb_pull_data) can modify these skbs, breaking these invariants. In extreme cases they pull all data into skb linear. For UDP, this causes a NULL ptr deref in __udpv4_gso_segment_list_csum at udp_hdr(seg->next)->dest. Detect invalid geometry due to pull, by checking head_skb size. Don't just drop, as this may blackhole a destination. Convert to be able to pass to regular skb_segment. Link: https://lore.kernel.org/netdev/20240428142913.18666-1-shiming.cheng@mediate… Fixes: 9fd1ff5d2ac7 ("udp: Support UDP fraglist GRO/GSO.") Signed-off-by: Willem de Bruijn <willemb(a)google.com> Cc: stable(a)vger.kernel.org --- v1->v2 - update Fixes tag to point to udp specific patch - reinit uh->check to pseudo csum as required by CHECKSUM_PARTIAL --- net/ipv4/udp_offload.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/net/ipv4/udp_offload.c b/net/ipv4/udp_offload.c index d842303587af..a5be6e4ed326 100644 --- a/net/ipv4/udp_offload.c +++ b/net/ipv4/udp_offload.c @@ -296,8 +296,26 @@ struct sk_buff *__udp_gso_segment(struct sk_buff *gso_skb, return NULL; } - if (skb_shinfo(gso_skb)->gso_type & SKB_GSO_FRAGLIST) - return __udp_gso_segment_list(gso_skb, features, is_ipv6); + if (skb_shinfo(gso_skb)->gso_type & SKB_GSO_FRAGLIST) { + /* Detect modified geometry and pass those to skb_segment. */ + if (skb_pagelen(gso_skb) - sizeof(*uh) == skb_shinfo(gso_skb)->gso_size) + return __udp_gso_segment_list(gso_skb, features, is_ipv6); + + /* Setup csum, as fraglist skips this in udp4_gro_receive. */ + gso_skb->csum_start = skb_transport_header(gso_skb) - gso_skb->head; + gso_skb->csum_offset = offsetof(struct udphdr, check); + gso_skb->ip_summed = CHECKSUM_PARTIAL; + + uh = udp_hdr(gso_skb); + if (is_ipv6) + uh->check = ~udp_v6_check(gso_skb->len, + &ipv6_hdr(gso_skb)->saddr, + &ipv6_hdr(gso_skb)->daddr, 0); + else + uh->check = ~udp_v4_check(gso_skb->len, + ip_hdr(gso_skb)->saddr, + ip_hdr(gso_skb)->daddr, 0); + } skb_pull(gso_skb, sizeof(*uh)); -- 2.46.1.824.gd892dcdcdd-goog

7 months

2
1
0 0

[PATCH net] vrf: revert "vrf: Remove unnecessary RCU-bh critical section"

by Willem de Bruijn

From: Willem de Bruijn <willemb(a)google.com> This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. dev_queue_xmit_nit is expected to be called with BH disabled. __dev_queue_xmit has the following: /* Disable soft irqs for various locks below. Also * stops preemption for RCU. */ rcu_read_lock_bh(); VRF must follow this invariant. The referenced commit removed this protection. Which triggered a lockdep warning: ================================ WARNING: inconsistent lock state 6.11.0 #1 Tainted: G W -------------------------------- inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. btserver/134819 [HC0[0]:SC0[0]:HE1:SE1] takes: ffff8882da30c118 (rlock-AF_PACKET){+.?.}-{2:2}, at: tpacket_rcv+0x863/0x3b30 {IN-SOFTIRQ-W} state was registered at: lock_acquire+0x19a/0x4f0 _raw_spin_lock+0x27/0x40 packet_rcv+0xa33/0x1320 __netif_receive_skb_core.constprop.0+0xcb0/0x3a90 __netif_receive_skb_list_core+0x2c9/0x890 netif_receive_skb_list_internal+0x610/0xcc0 [...] other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(rlock-AF_PACKET); <Interrupt> lock(rlock-AF_PACKET); *** DEADLOCK *** Call Trace: <TASK> dump_stack_lvl+0x73/0xa0 mark_lock+0x102e/0x16b0 __lock_acquire+0x9ae/0x6170 lock_acquire+0x19a/0x4f0 _raw_spin_lock+0x27/0x40 tpacket_rcv+0x863/0x3b30 dev_queue_xmit_nit+0x709/0xa40 vrf_finish_direct+0x26e/0x340 [vrf] vrf_l3_out+0x5f4/0xe80 [vrf] __ip_local_out+0x51e/0x7a0 [...] Fixes: 504fc6f4f7f6 ("vrf: Remove unnecessary RCU-bh critical section") Link: https://lore.kernel.org/netdev/20240925185216.1990381-1-greearb@candelatech… Reported-by: Ben Greear <greearb(a)candelatech.com> Signed-off-by: Willem de Bruijn <willemb(a)google.com> Cc: stable(a)vger.kernel.org --- drivers/net/vrf.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/net/vrf.c b/drivers/net/vrf.c index 4d8ccaf9a2b4..4087f72f0d2b 100644 --- a/drivers/net/vrf.c +++ b/drivers/net/vrf.c @@ -608,7 +608,9 @@ static void vrf_finish_direct(struct sk_buff *skb) eth_zero_addr(eth->h_dest); eth->h_proto = skb->protocol; + rcu_read_lock_bh(); dev_queue_xmit_nit(skb, vrf_dev); + rcu_read_unlock_bh(); skb_pull(skb, ETH_HLEN); } -- 2.46.1.824.gd892dcdcdd-goog

7 months

4
4
0 0

[PATCH] Revert "mmc: mvsdio: Use sg_miter for PIO"

by Linus Walleij

This reverts commit 2761822c00e8c271f10a10affdbd4917d900d7ea. When testing on real hardware the patch does not work. Revert, try to acquire real hardware, and retry. These systems typically don't have highmem anyway so the impact is likely zero. Cc: stable(a)vger.kernel.org Reported-by: Charlie <g4sra(a)protonmail.com> Signed-off-by: Linus Walleij <linus.walleij(a)linaro.org> --- drivers/mmc/host/mvsdio.c | 71 ++++++++++++----------------------------------- 1 file changed, 18 insertions(+), 53 deletions(-) diff --git a/drivers/mmc/host/mvsdio.c b/drivers/mmc/host/mvsdio.c index af7f21888e27..ca01b7d204ba 100644 --- a/drivers/mmc/host/mvsdio.c +++ b/drivers/mmc/host/mvsdio.c @@ -38,9 +38,8 @@ struct mvsd_host { unsigned int xfer_mode; unsigned int intr_en; unsigned int ctrl; - bool use_pio; - struct sg_mapping_iter sg_miter; unsigned int pio_size; + void *pio_ptr; unsigned int sg_frags; unsigned int ns_per_clk; unsigned int clock; @@ -115,18 +114,11 @@ static int mvsd_setup_data(struct mvsd_host *host, struct mmc_data *data) * data when the buffer is not aligned on a 64 byte * boundary. */ - unsigned int miter_flags = SG_MITER_ATOMIC; /* Used from IRQ */ - - if (data->flags & MMC_DATA_READ) - miter_flags |= SG_MITER_TO_SG; - else - miter_flags |= SG_MITER_FROM_SG; - host->pio_size = data->blocks * data->blksz; - sg_miter_start(&host->sg_miter, data->sg, data->sg_len, miter_flags); + host->pio_ptr = sg_virt(data->sg); if (!nodma) - dev_dbg(host->dev, "fallback to PIO for data\n"); - host->use_pio = true; + dev_dbg(host->dev, "fallback to PIO for data at 0x%p size %d\n", + host->pio_ptr, host->pio_size); return 1; } else { dma_addr_t phys_addr; @@ -137,7 +129,6 @@ static int mvsd_setup_data(struct mvsd_host *host, struct mmc_data *data) phys_addr = sg_dma_address(data->sg); mvsd_write(MVSD_SYS_ADDR_LOW, (u32)phys_addr & 0xffff); mvsd_write(MVSD_SYS_ADDR_HI, (u32)phys_addr >> 16); - host->use_pio = false; return 0; } } @@ -297,8 +288,8 @@ static u32 mvsd_finish_data(struct mvsd_host *host, struct mmc_data *data, { void __iomem *iobase = host->base; - if (host->use_pio) { - sg_miter_stop(&host->sg_miter); + if (host->pio_ptr) { + host->pio_ptr = NULL; host->pio_size = 0; } else { dma_unmap_sg(mmc_dev(host->mmc), data->sg, host->sg_frags, @@ -353,12 +344,9 @@ static u32 mvsd_finish_data(struct mvsd_host *host, struct mmc_data *data, static irqreturn_t mvsd_irq(int irq, void *dev) { struct mvsd_host *host = dev; - struct sg_mapping_iter *sgm = &host->sg_miter; void __iomem *iobase = host->base; u32 intr_status, intr_done_mask; int irq_handled = 0; - u16 *p; - int s; intr_status = mvsd_read(MVSD_NOR_INTR_STATUS); dev_dbg(host->dev, "intr 0x%04x intr_en 0x%04x hw_state 0x%04x\n", @@ -382,36 +370,15 @@ static irqreturn_t mvsd_irq(int irq, void *dev) spin_lock(&host->lock); /* PIO handling, if needed. Messy business... */ - if (host->use_pio) { - /* - * As we set sgm->consumed this always gives a valid buffer - * position. - */ - if (!sg_miter_next(sgm)) { - /* This should not happen */ - dev_err(host->dev, "ran out of scatter segments\n"); - spin_unlock(&host->lock); - host->intr_en &= - ~(MVSD_NOR_RX_READY | MVSD_NOR_RX_FIFO_8W | - MVSD_NOR_TX_AVAIL | MVSD_NOR_TX_FIFO_8W); - mvsd_write(MVSD_NOR_INTR_EN, host->intr_en); - return IRQ_HANDLED; - } - p = sgm->addr; - s = sgm->length; - if (s > host->pio_size) - s = host->pio_size; - } - - if (host->use_pio && + if (host->pio_size && (intr_status & host->intr_en & (MVSD_NOR_RX_READY | MVSD_NOR_RX_FIFO_8W))) { - + u16 *p = host->pio_ptr; + int s = host->pio_size; while (s >= 32 && (intr_status & MVSD_NOR_RX_FIFO_8W)) { readsw(iobase + MVSD_FIFO, p, 16); p += 16; s -= 32; - sgm->consumed += 32; intr_status = mvsd_read(MVSD_NOR_INTR_STATUS); } /* @@ -424,7 +391,6 @@ static irqreturn_t mvsd_irq(int irq, void *dev) put_unaligned(mvsd_read(MVSD_FIFO), p++); put_unaligned(mvsd_read(MVSD_FIFO), p++); s -= 4; - sgm->consumed += 4; intr_status = mvsd_read(MVSD_NOR_INTR_STATUS); } if (s && s < 4 && (intr_status & MVSD_NOR_RX_READY)) { @@ -432,13 +398,10 @@ static irqreturn_t mvsd_irq(int irq, void *dev) val[0] = mvsd_read(MVSD_FIFO); val[1] = mvsd_read(MVSD_FIFO); memcpy(p, ((void *)&val) + 4 - s, s); - sgm->consumed += s; s = 0; intr_status = mvsd_read(MVSD_NOR_INTR_STATUS); } - /* PIO transfer done */ - host->pio_size -= sgm->consumed; - if (host->pio_size == 0) { + if (s == 0) { host->intr_en &= ~(MVSD_NOR_RX_READY | MVSD_NOR_RX_FIFO_8W); mvsd_write(MVSD_NOR_INTR_EN, host->intr_en); @@ -450,10 +413,14 @@ static irqreturn_t mvsd_irq(int irq, void *dev) } dev_dbg(host->dev, "pio %d intr 0x%04x hw_state 0x%04x\n", s, intr_status, mvsd_read(MVSD_HW_STATE)); + host->pio_ptr = p; + host->pio_size = s; irq_handled = 1; - } else if (host->use_pio && + } else if (host->pio_size && (intr_status & host->intr_en & (MVSD_NOR_TX_AVAIL | MVSD_NOR_TX_FIFO_8W))) { + u16 *p = host->pio_ptr; + int s = host->pio_size; /* * The TX_FIFO_8W bit is unreliable. When set, bursting * 16 halfwords all at once in the FIFO drops data. Actually @@ -464,7 +431,6 @@ static irqreturn_t mvsd_irq(int irq, void *dev) mvsd_write(MVSD_FIFO, get_unaligned(p++)); mvsd_write(MVSD_FIFO, get_unaligned(p++)); s -= 4; - sgm->consumed += 4; intr_status = mvsd_read(MVSD_NOR_INTR_STATUS); } if (s < 4) { @@ -473,13 +439,10 @@ static irqreturn_t mvsd_irq(int irq, void *dev) memcpy(((void *)&val) + 4 - s, p, s); mvsd_write(MVSD_FIFO, val[0]); mvsd_write(MVSD_FIFO, val[1]); - sgm->consumed += s; s = 0; intr_status = mvsd_read(MVSD_NOR_INTR_STATUS); } - /* PIO transfer done */ - host->pio_size -= sgm->consumed; - if (host->pio_size == 0) { + if (s == 0) { host->intr_en &= ~(MVSD_NOR_TX_AVAIL | MVSD_NOR_TX_FIFO_8W); mvsd_write(MVSD_NOR_INTR_EN, host->intr_en); @@ -487,6 +450,8 @@ static irqreturn_t mvsd_irq(int irq, void *dev) } dev_dbg(host->dev, "pio %d intr 0x%04x hw_state 0x%04x\n", s, intr_status, mvsd_read(MVSD_HW_STATE)); + host->pio_ptr = p; + host->pio_size = s; irq_handled = 1; } --- base-commit: 075dbe9f6e3c21596c5245826a4ee1f1c1676eb8 change-id: 20240927-kirkwood-mmc-regression-986c598d4c9e Best regards, -- Linus Walleij <linus.walleij(a)linaro.org>

7 months

2
1
0 0

[PATCH] ceph: fix cap ref leak via netfs init_request

by Patrick Donnelly

From: Patrick Donnelly <pdonnell(a)redhat.com> Log recovered from a user's cluster: <7>[ 5413.970692] ceph: get_cap_refs 00000000958c114b ret 1 got Fr <7>[ 5413.970695] ceph: start_read 00000000958c114b, no cache cap ... <7>[ 5473.934609] ceph: my wanted = Fr, used = Fr, dirty - <7>[ 5473.934616] ceph: revocation: pAsLsXsFr -> pAsLsXs (revoking Fr) <7>[ 5473.934632] ceph: __ceph_caps_issued 00000000958c114b cap 00000000f7784259 issued pAsLsXs <7>[ 5473.934638] ceph: check_caps 10000000e68.fffffffffffffffe file_want - used Fr dirty - flushing - issued pAsLsXs revoking Fr retain pAsLsXsFsr AUTHONLY NOINVAL FLUSH_FORCE The MDS subsequently complains that the kernel client is late releasing caps. Closes: https://tracker.ceph.com/issues/67008 Fixes: 2504470854f8 ("ceph: Make ceph_init_request() check caps on readahead") Signed-off-by: Patrick Donnelly <pdonnell(a)redhat.com> Cc: stable(a)vger.kernel.org --- fs/ceph/addr.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index 53fef258c2bc..702c6a730b70 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -489,8 +489,11 @@ static int ceph_init_request(struct netfs_io_request *rreq, struct file *file) rreq->io_streams[0].sreq_max_len = fsc->mount_options->rsize; out: - if (ret < 0) + if (ret < 0) { + if (got) + ceph_put_cap_refs(ceph_inode(inode), got); kfree(priv); + } return ret; } base-commit: e32cde8d2bd7d251a8f9b434143977ddf13dcec6 -- Patrick Donnelly, Ph.D. He / Him / His Red Hat Partner Engineer IBM, Inc. GPG: 19F28A586F808C2402351B93C3301A3E258DD79D

7 months

1
0
0 0

[PATCH v2 net] net: Fix an unsafe loop on the list

by Anastasia Kovaleva

The kernel may crash when deleting a genetlink family if there are still listeners for that family: Oops: Kernel access of bad area, sig: 11 [#1] ... NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0 LR [c000000000c0f764] __netlink_clear_multicast_users+0x74/0xc0 Call Trace: __netlink_clear_multicast_users+0x74/0xc0 genl_unregister_family+0xd4/0x2d0 Change the unsafe loop on the list to a safe one, because inside the loop there is an element removal from this list. Fixes: b8273570f802 ("genetlink: fix netns vs. netlink table locking (2)")\ Cc: stable(a)vger.kernel.org Signed-off-by: Anastasia Kovaleva <a.kovaleva(a)yadro.com> Reviewed-by: Dmitry Bogdanov <d.bogdanov(a)yadro.com> --- include/net/sock.h | 2 ++ net/netlink/af_netlink.c | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/net/sock.h b/include/net/sock.h index c58ca8dd561b..eec77a18602a 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -894,6 +894,8 @@ static inline void sk_add_bind_node(struct sock *sk, hlist_for_each_entry_safe(__sk, tmp, list, sk_node) #define sk_for_each_bound(__sk, list) \ hlist_for_each_entry(__sk, list, sk_bind_node) +#define sk_for_each_bound_safe(__sk, tmp, list) \ + hlist_for_each_entry_safe(__sk, tmp, list, sk_bind_node) /** * sk_for_each_entry_offset_rcu - iterate over a list at a given struct offset diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 0b7a89db3ab7..0a9287fadb47 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -2136,8 +2136,9 @@ void __netlink_clear_multicast_users(struct sock *ksk, unsigned int group) { struct sock *sk; struct netlink_table *tbl = &nl_table[ksk->sk_protocol]; + struct hlist_node *tmp; - sk_for_each_bound(sk, &tbl->mc_list) + sk_for_each_bound_safe(sk, tmp, &tbl->mc_list) netlink_update_socket_mc(nlk_sk(sk), group, 0); } -- 2.40.1

7 months

2
3
0 0

[PATCH v2] serial: imx: Update mctrl old_status on RTSD interrupt

by Marek Vasut

When sending data using DMA at high baudrate (4 Mbdps in local test case) to a device with small RX buffer which keeps asserting RTS after every received byte, it is possible that the iMX UART driver would not recognize the falling edge of RTS input signal and get stuck, unable to transmit any more data. This condition happens when the following sequence of events occur: - imx_uart_mctrl_check() is called at some point and takes a snapshot of UART control signal status into sport->old_status using imx_uart_get_hwmctrl(). The RTSS/TIOCM_CTS bit is of interest here (*). - DMA transfer occurs, the remote device asserts RTS signal after each byte. The i.MX UART driver recognizes each such RTS signal change, raises an interrupt with USR1 register RTSD bit set, which leads to invocation of __imx_uart_rtsint(), which calls uart_handle_cts_change(). - If the RTS signal is deasserted, uart_handle_cts_change() clears port->hw_stopped and unblocks the port for further data transfers. - If the RTS is asserted, uart_handle_cts_change() sets port->hw_stopped and blocks the port for further data transfers. This may occur as the last interrupt of a transfer, which means port->hw_stopped remains set and the port remains blocked (**). - Any further data transfer attempts will trigger imx_uart_mctrl_check(), which will read current status of UART control signals by calling imx_uart_get_hwmctrl() (***) and compare it with sport->old_status . - If current status differs from sport->old_status for RTS signal, uart_handle_cts_change() is called and possibly unblocks the port by clearing port->hw_stopped . - If current status does not differ from sport->old_status for RTS signal, no action occurs. This may occur in case prior snapshot (*) was taken before any transfer so the RTS is deasserted, current snapshot (***) was taken after a transfer and therefore RTS is deasserted again, which means current status and sport->old_status are identical. In case (**) triggered when RTS got asserted, and made port->hw_stopped set, the port->hw_stopped will remain set because no change on RTS line is recognized by this driver and uart_handle_cts_change() is not called from here to unblock the port->hw_stopped. Update sport->old_status in __imx_uart_rtsint() accordingly to make imx_uart_mctrl_check() detect such RTS change. Note that TIOCM_CAR and TIOCM_RI bits in sport->old_status do not suffer from this problem. Fixes: ceca629e0b48 ("[ARM] 2971/1: i.MX uart handle rts irq") Reviewed-by: Esben Haabendal <esben(a)geanix.com> Signed-off-by: Marek Vasut <marex(a)denx.de> --- Cc: Christoph Niedermaier <cniedermaier(a)dh-electronics.com> Cc: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Cc: Esben Haabendal <esben(a)geanix.com> Cc: Fabio Estevam <festevam(a)gmail.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Jiri Slaby <jirislaby(a)kernel.org> Cc: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> Cc: Pengutronix Kernel Team <kernel(a)pengutronix.de> Cc: Rasmus Villemoes <linux(a)rasmusvillemoes.dk> Cc: Rickard x Andersson <rickaran(a)axis.com> Cc: Sascha Hauer <s.hauer(a)pengutronix.de> Cc: Shawn Guo <shawnguo(a)kernel.org> Cc: Stefan Eichenberger <stefan.eichenberger(a)toradex.com> Cc: Uwe Kleine-König <u.kleine-koenig(a)baylibre.com> Cc: imx(a)lists.linux.dev Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-serial(a)vger.kernel.org Cc: stable(a)vger.kernel.org --- V2: - Add code comment - Add RB from Esben --- drivers/tty/serial/imx.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c index 67d4a72eda770..90974d338f3c0 100644 --- a/drivers/tty/serial/imx.c +++ b/drivers/tty/serial/imx.c @@ -762,6 +762,21 @@ static irqreturn_t __imx_uart_rtsint(int irq, void *dev_id) imx_uart_writel(sport, USR1_RTSD, USR1); usr1 = imx_uart_readl(sport, USR1) & USR1_RTSS; + /* + * Update sport->old_status here, so any follow-up calls to + * imx_uart_mctrl_check() will be able to recognize that RTS + * state changed since last imx_uart_mctrl_check() call. + * + * In case RTS has been detected as asserted here and later on + * deasserted by the time imx_uart_mctrl_check() was called, + * imx_uart_mctrl_check() can detect the RTS state change and + * trigger uart_handle_cts_change() to unblock the port for + * further TX transfers. + */ + if (usr1 & USR1_RTSS) + sport->old_status |= TIOCM_CTS; + else + sport->old_status &= ~TIOCM_CTS; uart_handle_cts_change(&sport->port, usr1); wake_up_interruptible(&sport->port.state->port.delta_msr_wait); -- 2.45.2

7 months

1
0
0 0

[regression] Regular "cracks" in HDMI sound during playback since backport to 6.1.y for 92afcc310038 ("ALSA: hda: Conditionally use snooping for AMD HDMI")

by Salvatore Bonaccorso

Hi In downstream Debian we got a report from Eric Degenetais, in https://bugs.debian.org/1081833 that after the update to the 6.1.106 based version, there were regular cracks in HDMI sound during playback. Eric was able to bisec the issue down to 92afcc310038ebe5d66c689bb0bf418f5451201c in the v6.1.y series which got applied in 6.1.104. Cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081833#47 #regzbot introduced: 92afcc310038ebe5d66c689bb0bf418f5451201c #regzbot link: https://bugs.debian.org/1081833 It should be noted that Eric as well tried more recent stable series as well, in particular did test as well 6.10.6 based version back on 20th september, and the issue was reproducible there as well. Is there anything else we can try to provide? Regards, Salvatore

7 months

3
3
0 0

Missing 6.11-stable patch

by Jens Axboe

Hi, Arguably the most important block stable patch I don't see in the most recent review series sent out, which is odd because it's certainly marked with fixes and a stable tag. It's this one: commit e3accac1a976e65491a9b9fba82ce8ddbd3d2389 Author: Damien Le Moal <dlemoal(a)kernel.org> Date: Tue Sep 17 22:32:31 2024 +0900 block: Fix elv_iosched_local_module handling of "none" scheduler and it really must go into -stable asap as it's fixing a real issue that I've had multiple users email me about. Can we get this added to the current 6.11-stable series so we don't miss another release? It's also quite possible that I'm blind and it is indeed in the queue or already there, but for the life of me I can't see it. -- Jens Axboe

7 months

2
2
0 0

[tip: irq/urgent] irqchip/sifive-plic: Return error code on failure

by tip-bot2 for Charlie Jenkins

The following commit has been merged into the irq/urgent branch of tip: Commit-ID: 6eabf656048d904d961584de2e1d45bc0854f9fb Gitweb: https://git.kernel.org/tip/6eabf656048d904d961584de2e1d45bc0854f9fb Author: Charlie Jenkins <charlie(a)rivosinc.com> AuthorDate: Tue, 03 Sep 2024 16:36:19 -07:00 Committer: Thomas Gleixner <tglx(a)linutronix.de> CommitterDate: Wed, 02 Oct 2024 15:15:33 +02:00 irqchip/sifive-plic: Return error code on failure Set error to -ENOMEM if kcalloc() fails or if irq_domain_add_linear() fails inside of plic_probe() instead of returning 0. Fixes: 4d936f10ff80 ("irqchip/sifive-plic: Probe plic driver early for Allwinner D1 platform") Reported-by: kernel test robot <lkp(a)intel.com> Reported-by: Dan Carpenter <dan.carpenter(a)linaro.org> Signed-off-by: Charlie Jenkins <charlie(a)rivosinc.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Anup Patel <anup(a)brainfault.org> Reviewed-by: Alexandre Ghiti <alexghiti(a)rivosinc.com> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/20240903-correct_error_codes_sifive_plic-v1-1-d… Closes: https://lore.kernel.org/r/202409031122.yBh8HrxA-lkp@intel.com/ --- drivers/irqchip/irq-sifive-plic.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/irqchip/irq-sifive-plic.c b/drivers/irqchip/irq-sifive-plic.c index 2f6ef5c..0b730e3 100644 --- a/drivers/irqchip/irq-sifive-plic.c +++ b/drivers/irqchip/irq-sifive-plic.c @@ -626,8 +626,10 @@ static int plic_probe(struct fwnode_handle *fwnode) handler->enable_save = kcalloc(DIV_ROUND_UP(nr_irqs, 32), sizeof(*handler->enable_save), GFP_KERNEL); - if (!handler->enable_save) + if (!handler->enable_save) { + error = -ENOMEM; goto fail_cleanup_contexts; + } done: for (hwirq = 1; hwirq <= nr_irqs; hwirq++) { plic_toggle(handler, hwirq, 0); @@ -639,8 +641,10 @@ done: priv->irqdomain = irq_domain_create_linear(fwnode, nr_irqs + 1, &plic_irqdomain_ops, priv); - if (WARN_ON(!priv->irqdomain)) + if (WARN_ON(!priv->irqdomain)) { + error = -ENOMEM; goto fail_cleanup_contexts; + } /* * We can have multiple PLIC instances so setup global state

7 months

1
0
0 0

FAILED: patch "[PATCH] dm-verity: restart or panic on an I/O error" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x e6a3531dd542cb127c8de32ab1e54a48ae19962b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100247-friction-answering-6c42@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: e6a3531dd542 ("dm-verity: restart or panic on an I/O error") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e6a3531dd542cb127c8de32ab1e54a48ae19962b Mon Sep 17 00:00:00 2001 From: Mikulas Patocka <mpatocka(a)redhat.com> Date: Tue, 24 Sep 2024 15:18:29 +0200 Subject: [PATCH] dm-verity: restart or panic on an I/O error Maxim Suhanov reported that dm-verity doesn't crash if an I/O error happens. In theory, this could be used to subvert security, because an attacker can create sectors that return error with the Write Uncorrectable command. Some programs may misbehave if they have to deal with EIO. This commit fixes dm-verity, so that if "panic_on_corruption" or "restart_on_corruption" was specified and an I/O error happens, the machine will panic or restart. This commit also changes kernel_restart to emergency_restart - kernel_restart calls reboot notifiers and these reboot notifiers may wait for the bio that failed. emergency_restart doesn't call the notifiers. Reported-by: Maxim Suhanov <dfirblog(a)gmail.com> Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c index cf659c8feb29..a95c1b9cc5b5 100644 --- a/drivers/md/dm-verity-target.c +++ b/drivers/md/dm-verity-target.c @@ -272,8 +272,10 @@ static int verity_handle_err(struct dm_verity *v, enum verity_block_type type, if (v->mode == DM_VERITY_MODE_LOGGING) return 0; - if (v->mode == DM_VERITY_MODE_RESTART) - kernel_restart("dm-verity device corrupted"); + if (v->mode == DM_VERITY_MODE_RESTART) { + pr_emerg("dm-verity device corrupted\n"); + emergency_restart(); + } if (v->mode == DM_VERITY_MODE_PANIC) panic("dm-verity device corrupted"); @@ -596,6 +598,23 @@ static void verity_finish_io(struct dm_verity_io *io, blk_status_t status) if (!static_branch_unlikely(&use_bh_wq_enabled) || !io->in_bh) verity_fec_finish_io(io); + if (unlikely(status != BLK_STS_OK) && + unlikely(!(bio->bi_opf & REQ_RAHEAD)) && + !verity_is_system_shutting_down()) { + if (v->mode == DM_VERITY_MODE_RESTART || + v->mode == DM_VERITY_MODE_PANIC) + DMERR_LIMIT("%s has error: %s", v->data_dev->name, + blk_status_to_str(status)); + + if (v->mode == DM_VERITY_MODE_RESTART) { + pr_emerg("dm-verity device corrupted\n"); + emergency_restart(); + } + + if (v->mode == DM_VERITY_MODE_PANIC) + panic("dm-verity device corrupted"); + } + bio_endio(bio); }

7 months

3
3
0 0

Re: [PATCH 6.11 000/695] 6.11.2-rc1 review

by Ronald Warsow

Hi Greg no regressions here on x86_64 (RKL, Intel 11th Gen. CPU) Thanks Tested-by: Ronald Warsow <rwarsow(a)gmx.de>

7 months

1
0
0 0

[REGRESSION]: cephfs: file corruption when reading content via in-kernel ceph client

by Christian Ebner

Hi, some of our customers (Proxmox VE) are seeing issues with file corruptions when accessing contents located on CephFS via the in-kernel Ceph client [0,1], we managed to reproduce this regression on kernels up to the latest 6.11-rc6. Accessing the same content on the CephFS using the FUSE client or the in-kernel ceph client with older kernels (Ubuntu kernel on v6.5) does not show file corruptions. Unfortunately the corruption is hard to reproduce, seemingly only a small subset of files is affected. However, once a file is affected, the issue is persistent and can easily be reproduced. Bisection with the reproducer points to this commit: "92b6cc5d: netfs: Add iov_iters to (sub)requests to describe various buffers" Description of the issue: A file was copied from local filesystem to cephfs via: ``` cp /tmp/proxmox-backup-server_3.2-1.iso /mnt/pve/cephfs/proxmox-backup-server_3.2-1.iso ``` * sha256sum on local filesystem:`1d19698e8f7e769cf0a0dcc7ba0018ef5416c5ec495d5e61313f9c84a4237607 /tmp/proxmox-backup-server_3.2-1.iso` * sha256sum on cephfs with kernel up to above commit: `1d19698e8f7e769cf0a0dcc7ba0018ef5416c5ec495d5e61313f9c84a4237607 /mnt/pve/cephfs/proxmox-backup-server_3.2-1.iso` * sha256sum on cephfs with kernel after above commit: `89ad3620bf7b1e0913b534516cfbe48580efbaec944b79951e2c14e5e551f736 /mnt/pve/cephfs/proxmox-backup-server_3.2-1.iso` * removing and/or recopying the file does not change the issue, the corrupt checksum remains the same. * accessing the same file from different clients results in the same output: the one with above patch applied do show the incorrect checksum, ones without the patch show the correct checksum. * the issue persists even across reboot of the ceph cluster and/or clients. * the file is indeed corrupt after reading, as verified by a `cmp -b`. Interestingly, the first 4M contain the correct data, the following 4M are read as all zeros, which differs from the original data. * the issue is related to the readahead size: mounting the cephfs with a `rasize=0` makes the issue disappear, same is true for sizes up to 128k (please note that the ranges as initially reported on the mailing list [3] are not correct for rasize [0..128k] the file is not corrupted). In the bugtracker issue [4] I attached a ftrace with "*ceph*" as filter while performing a read on the latest kernel 6.11-rc6 while performing ``` dd if=/mnt/pve/cephfs/proxmox-backup-server_3.2-1.iso of=/tmp/test.out bs=8M count=1 ``` the relevant part shown by task `dd-26192`. Please let me know if I can provide further information or debug outputs in order to narrow down the issue. [0] https://forum.proxmox.com/threads/78340/post-676129 [1] https://forum.proxmox.com/threads/149249/ [2] https://forum.proxmox.com/threads/151291/ [3] https://lore.kernel.org/lkml/db686d0c-2f27-47c8-8c14-26969433b13b@proxmox.c… [4] https://bugzilla.kernel.org/show_bug.cgi?id=219237 #regzbot introduced: 92b6cc5d Regards, Christian Ebner

7 months

4
9
0 0

[PATCH] irqchip/sifive-plic: Unmask interrupt in plic_irq_enable()

by Nam Cao

It is possible that an interrupt is disabled and masked at the same time. When the interrupt is enabled again by enable_irq(), only plic_irq_enable() is called, not plic_irq_unmask(). The interrupt remains masked and never raises. An example where interrupt is both disabled and masked is when handle_fasteoi_irq() is the handler, and IRQS_ONESHOT is set. The interrupt handler: 1. Mask the interrupt 2. Handle the interrupt 3. Check if interrupt is still enabled, and unmask it (see cond_unmask_eoi_irq()) If another task disables the interrupt in the middle of the above steps, the interrupt will not get unmasked, and will remain masked when it is enabled in the future. The problem is occasionally observed when PREEMPT_RT is enabled, because PREEMPT_RT add the IRQS_ONESHOT flag. But PREEMPT_RT only makes the problem more likely to appear, the bug has been around since commit a1706a1c5062 ("irqchip/sifive-plic: Separate the enable and mask operations"). Fix it by unmasking interrupt in plic_irq_enable(). Fixes: a1706a1c5062 ("irqchip/sifive-plic: Separate the enable and mask operations"). Signed-off-by: Nam Cao <namcao(a)linutronix.de> Cc: stable(a)vger.kernel.org --- drivers/irqchip/irq-sifive-plic.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/irqchip/irq-sifive-plic.c b/drivers/irqchip/irq-sifive-plic.c index 2f6ef5c495bd..0efbf14ec9fa 100644 --- a/drivers/irqchip/irq-sifive-plic.c +++ b/drivers/irqchip/irq-sifive-plic.c @@ -128,6 +128,9 @@ static inline void plic_irq_toggle(const struct cpumask *mask, static void plic_irq_enable(struct irq_data *d) { + struct plic_priv *priv = irq_data_get_irq_chip_data(d); + + writel(1, priv->regs + PRIORITY_BASE + d->hwirq * PRIORITY_PER_ID); plic_irq_toggle(irq_data_get_effective_affinity_mask(d), d, 1); } -- 2.39.5

7 months

2
1
0 0

[PATCH v3 0/4] ov08x40: Enable use of ov08x40 on Qualcomm X1E80100 CRD

by Bryan O'Donoghue

Changes in v3: - Drops assigned-clock-* from description retains in example - Sakari, Krzysztof - Updates example fake clock names to ov08x40_* instead of copy/paste ov9282_clk -> ov08x40_clk, ov9282_clk_parent -> ov08x40_clk_parent - bod - Link to v2: https://lore.kernel.org/r/20241001-b4-master-24-11-25-ov08x40-v2-0-e478976b… Changes in v2: - Drops "-" in ovti,ov08x40.yaml after description: - Rob - Adds ":" after first line of description text - Rob - dts -> DT in commit log - Rob - Removes dependency on 'xvclk' as a name in yaml and driver - Sakari - Uses assigned-clock, assigned-clock-parents and assigned-clock-rates - Sakari - Drops clock-frequency - Sakarai, Krzysztof - Drops dovdd-supply, avdd-supply, dvdd-supply and reset-gpios as required, its perfectly possible not to have the reset GPIO or the power rails under control of the SoC. - bod - Link to v1: https://lore.kernel.org/r/20240926-b4-master-24-11-25-ov08x40-v1-0-e4d5fbd3… V1: This series brings fixes and updates to ov08x40 which allows for use of this sensor on the Qualcomm x1e80100 CRD but also on any other dts based system. Firstly there's a fix for the pseudo burst mode code that was added in 8f667d202384 ("media: ov08x40: Reduce start streaming time"). Not every I2C controller can handle an arbitrary sized write, this is the case on Qualcomm CAMSS/CCI I2C sensor interfaces which limit the transaction size and communicate this limit via I2C quirks. A simple fix to optionally break up the large submitted burst into chunks not exceeding adapter->quirk size fixes. Secondly then is addition of a yaml description for the ov08x40 and extension of the driver to support OF probe and powering on of the power rails from the driver instead of from ACPI. Once done the sensor works without further modification on the Qualcomm x1e80100 CRD. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> --- Bryan O'Donoghue (4): media: ov08x40: Fix burst write sequence media: dt-bindings: Add OmniVision OV08X40 media: ov08x40: Rename ext_clk to xvclk media: ov08x40: Add OF probe support .../bindings/media/i2c/ovti,ov08x40.yaml | 116 +++++++++++++ drivers/media/i2c/ov08x40.c | 179 ++++++++++++++++++--- 2 files changed, 272 insertions(+), 23 deletions(-) --- base-commit: 2b7275670032a98cba266bd1b8905f755b3e650f change-id: 20240926-b4-master-24-11-25-ov08x40-c6f477aaa6a4 Best regards, -- Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>

7 months

1
1
0 0

Please include [PATCH net] netkit: Assign missing bpf_net_context

by Maksym Kutsevol

Hi, Subject: [PATCH net] netkit: Assign missing bpf_net_context commit id: 157f29152b61ca41809dd7ead29f5733adeced19 kernel versions: 6.11 The patch was sent before 6.11 was cut final, but it didn't make it. We are seeing kernel crashes on 6.11.1 without this commit, with the exact signature that the patch fixes. Thank you. Regards, Maksym

7 months

1
0
0 0

Re: [PATCH] arm64: dts: marvell: cn9130-sr-som: fix cp0 mdio0 mdio pin numbers

by kernel test robot

Hi, Thanks for your patch. FYI: kernel test robot notices the stable kernel rule is not satisfied. The check is based on https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html#opt… Rule: add the tag "Cc: stable(a)vger.kernel.org" in the sign-off area to have the patch automatically included in the stable tree. Subject: [PATCH] arm64: dts: marvell: cn9130-sr-som: fix cp0 mdio0 mdio pin numbers Link: https://lore.kernel.org/stable/20241002-cn9130-som-mdio-v1-1-0942be4dc550%4… -- 0-DAY CI Kernel Test Service https://github.com/intel/lkp-tests/wiki

7 months

1
0
0 0

Stable request: wifi: mt76: do not run mt76_unregister_device() on unregistered hw

by Georg Müller

commit 41130c32f3a18fcc930316da17f3a5f3bc326aa1 upstream This was not marked as stable (but has a Fixes: tag), but causes the USB stack to crash with 6.1.x kernels. The patch does not apply when cherry-picking because of the context. Should I send the patch again with updated context so that it applies without conflicts? Best regards, Georg

7 months

2
5
0 0

FAILED: patch "[PATCH] x86/tdx: Fix "in-kernel MMIO" check" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x d4fc4d01471528da8a9797a065982e05090e1d81 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100100-emperor-thespian-397f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: d4fc4d014715 ("x86/tdx: Fix "in-kernel MMIO" check") 859e63b789d6 ("x86/tdx: Convert shared memory back to private on kexec") 533c67e63584 ("mm/mglru: add dummy pmd_dirty()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d4fc4d01471528da8a9797a065982e05090e1d81 Mon Sep 17 00:00:00 2001 From: "Alexey Gladkov (Intel)" <legion(a)kernel.org> Date: Fri, 13 Sep 2024 19:05:56 +0200 Subject: [PATCH] x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handle_mmio() function checks if the #VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can deceive the kernel into performing MMIO on its behalf. For example, if userspace can point a syscall to an MMIO address, syscall does get_user() or put_user() on it, triggering MMIO #VE. The kernel will treat the #VE as in-kernel MMIO. Ensure that the target MMIO address is within the kernel before decoding instruction. Fixes: 31d58c4e557d ("x86/tdx: Handle in-kernel MMIO") Signed-off-by: Alexey Gladkov (Intel) <legion(a)kernel.org> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Acked-by: Dave Hansen <dave.hansen(a)linux.intel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/565a804b80387970460a4ebc67c88d1380f61ad1.172623… diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index da8b66dce0da..327c45c5013f 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -16,6 +16,7 @@ #include <asm/insn-eval.h> #include <asm/pgtable.h> #include <asm/set_memory.h> +#include <asm/traps.h> /* MMIO direction */ #define EPT_READ 0 @@ -433,6 +434,11 @@ static int handle_mmio(struct pt_regs *regs, struct ve_info *ve) return -EINVAL; } + if (!fault_in_kernel_space(ve->gla)) { + WARN_ONCE(1, "Access to userspace address is not supported"); + return -EINVAL; + } + /* * Reject EPT violation #VEs that split pages. *

7 months

3
2
0 0

FAILED: patch "[PATCH] x86/tdx: Fix "in-kernel MMIO" check" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x d4fc4d01471528da8a9797a065982e05090e1d81 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100104-everybody-retrace-89ed@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: d4fc4d014715 ("x86/tdx: Fix "in-kernel MMIO" check") 859e63b789d6 ("x86/tdx: Convert shared memory back to private on kexec") 533c67e63584 ("mm/mglru: add dummy pmd_dirty()") df57721f9a63 ("Merge tag 'x86_shstk_for_6.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From d4fc4d01471528da8a9797a065982e05090e1d81 Mon Sep 17 00:00:00 2001 From: "Alexey Gladkov (Intel)" <legion(a)kernel.org> Date: Fri, 13 Sep 2024 19:05:56 +0200 Subject: [PATCH] x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handle_mmio() function checks if the #VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can deceive the kernel into performing MMIO on its behalf. For example, if userspace can point a syscall to an MMIO address, syscall does get_user() or put_user() on it, triggering MMIO #VE. The kernel will treat the #VE as in-kernel MMIO. Ensure that the target MMIO address is within the kernel before decoding instruction. Fixes: 31d58c4e557d ("x86/tdx: Handle in-kernel MMIO") Signed-off-by: Alexey Gladkov (Intel) <legion(a)kernel.org> Signed-off-by: Dave Hansen <dave.hansen(a)linux.intel.com> Reviewed-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Acked-by: Dave Hansen <dave.hansen(a)linux.intel.com> Cc:stable@vger.kernel.org Link: https://lore.kernel.org/all/565a804b80387970460a4ebc67c88d1380f61ad1.172623… diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index da8b66dce0da..327c45c5013f 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -16,6 +16,7 @@ #include <asm/insn-eval.h> #include <asm/pgtable.h> #include <asm/set_memory.h> +#include <asm/traps.h> /* MMIO direction */ #define EPT_READ 0 @@ -433,6 +434,11 @@ static int handle_mmio(struct pt_regs *regs, struct ve_info *ve) return -EINVAL; } + if (!fault_in_kernel_space(ve->gla)) { + WARN_ONCE(1, "Access to userspace address is not supported"); + return -EINVAL; + } + /* * Reject EPT violation #VEs that split pages. *

7 months

2
1
0 0

[PATCH v4 02/11] PM: domains: Fix alloc/free in dev_pm_domain_attach|detach_list()

by Ulf Hansson

The dev_pm_domain_attach|detach_list() functions are not resource managed, hence they should not use devm_* helpers to manage allocation/freeing of data. Let's fix this by converting to the traditional alloc/free functions. Fixes: 161e16a5e50a ("PM: domains: Add helper functions to attach/detach multiple PM domains") Cc: stable(a)vger.kernel.org Signed-off-by: Ulf Hansson <ulf.hansson(a)linaro.org> --- Changes in v4: - New patch. --- drivers/base/power/common.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/drivers/base/power/common.c b/drivers/base/power/common.c index 8c34ae1cd8d5..cca2fd0a1aed 100644 --- a/drivers/base/power/common.c +++ b/drivers/base/power/common.c @@ -195,6 +195,7 @@ int dev_pm_domain_attach_list(struct device *dev, struct device *pd_dev = NULL; int ret, i, num_pds = 0; bool by_id = true; + size_t size; u32 pd_flags = data ? data->pd_flags : 0; u32 link_flags = pd_flags & PD_FLAG_NO_DEV_LINK ? 0 : DL_FLAG_STATELESS | DL_FLAG_PM_RUNTIME; @@ -217,19 +218,17 @@ int dev_pm_domain_attach_list(struct device *dev, if (num_pds <= 0) return 0; - pds = devm_kzalloc(dev, sizeof(*pds), GFP_KERNEL); + pds = kzalloc(sizeof(*pds), GFP_KERNEL); if (!pds) return -ENOMEM; - pds->pd_devs = devm_kcalloc(dev, num_pds, sizeof(*pds->pd_devs), - GFP_KERNEL); - if (!pds->pd_devs) - return -ENOMEM; - - pds->pd_links = devm_kcalloc(dev, num_pds, sizeof(*pds->pd_links), - GFP_KERNEL); - if (!pds->pd_links) - return -ENOMEM; + size = sizeof(*pds->pd_devs) + sizeof(*pds->pd_links); + pds->pd_devs = kcalloc(num_pds, size, GFP_KERNEL); + if (!pds->pd_devs) { + ret = -ENOMEM; + goto free_pds; + } + pds->pd_links = (void *)(pds->pd_devs + num_pds); if (link_flags && pd_flags & PD_FLAG_DEV_LINK_ON) link_flags |= DL_FLAG_RPM_ACTIVE; @@ -272,6 +271,9 @@ int dev_pm_domain_attach_list(struct device *dev, device_link_del(pds->pd_links[i]); dev_pm_domain_detach(pds->pd_devs[i], true); } + kfree(pds->pd_devs); +free_pds: + kfree(pds); return ret; } EXPORT_SYMBOL_GPL(dev_pm_domain_attach_list); @@ -363,6 +365,9 @@ void dev_pm_domain_detach_list(struct dev_pm_domain_list *list) device_link_del(list->pd_links[i]); dev_pm_domain_detach(list->pd_devs[i], true); } + + kfree(list->pd_devs); + kfree(list); } EXPORT_SYMBOL_GPL(dev_pm_domain_detach_list); -- 2.34.1

7 months

1
0
0 0

[PATCH] serial: imx: Update mctrl old_status on RTSD interrupt

by Marek Vasut

When sending data using DMA at high baudrate (4 Mbdps in local test case) to a device with small RX buffer which keeps asserting RTS after every received byte, it is possible that the iMX UART driver would not recognize the falling edge of RTS input signal and get stuck, unable to transmit any more data. This condition happens when the following sequence of events occur: - imx_uart_mctrl_check() is called at some point and takes a snapshot of UART control signal status into sport->old_status using imx_uart_get_hwmctrl(). The RTSS/TIOCM_CTS bit is of interest here (*). - DMA transfer occurs, the remote device asserts RTS signal after each byte. The i.MX UART driver recognizes each such RTS signal change, raises an interrupt with USR1 register RTSD bit set, which leads to invocation of __imx_uart_rtsint(), which calls uart_handle_cts_change(). - If the RTS signal is deasserted, uart_handle_cts_change() clears port->hw_stopped and unblocks the port for further data transfers. - If the RTS is asserted, uart_handle_cts_change() sets port->hw_stopped and blocks the port for further data transfers. This may occur as the last interrupt of a transfer, which means port->hw_stopped remains set and the port remains blocked (**). - Any further data transfer attempts will trigger imx_uart_mctrl_check(), which will read current status of UART control signals by calling imx_uart_get_hwmctrl() (***) and compare it with sport->old_status . - If current status differs from sport->old_status for RTS signal, uart_handle_cts_change() is called and possibly unblocks the port by clearing port->hw_stopped . - If current status does not differ from sport->old_status for RTS signal, no action occurs. This may occur in case prior snapshot (*) was taken before any transfer so the RTS is deasserted, current snapshot (***) was taken after a transfer and therefore RTS is deasserted again, which means current status and sport->old_status are identical. In case (**) triggered when RTS got asserted, and made port->hw_stopped set, the port->hw_stopped will remain set because no change on RTS line is recognized by this driver and uart_handle_cts_change() is not called from here to unblock the port->hw_stopped. Update sport->old_status in __imx_uart_rtsint() accordingly to make imx_uart_mctrl_check() detect such RTS change. Note that TIOCM_CAR and TIOCM_RI bits in sport->old_status do not suffer from this problem. Fixes: ceca629e0b48 ("[ARM] 2971/1: i.MX uart handle rts irq") Signed-off-by: Marek Vasut <marex(a)denx.de> --- Cc: "Uwe Kleine-König" <u.kleine-koenig(a)pengutronix.de> Cc: Christoph Niedermaier <cniedermaier(a)dh-electronics.com> Cc: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> Cc: Esben Haabendal <esben(a)geanix.com> Cc: Fabio Estevam <festevam(a)gmail.com> Cc: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Cc: Jiri Slaby <jirislaby(a)kernel.org> Cc: Lino Sanfilippo <l.sanfilippo(a)kunbus.com> Cc: Pengutronix Kernel Team <kernel(a)pengutronix.de> Cc: Rasmus Villemoes <linux(a)rasmusvillemoes.dk> Cc: Rickard x Andersson <rickaran(a)axis.com> Cc: Sascha Hauer <s.hauer(a)pengutronix.de> Cc: Shawn Guo <shawnguo(a)kernel.org> Cc: Stefan Eichenberger <stefan.eichenberger(a)toradex.com> Cc: imx(a)lists.linux.dev Cc: linux-arm-kernel(a)lists.infradead.org Cc: linux-serial(a)vger.kernel.org Cc: stable(a)vger.kernel.org --- drivers/tty/serial/imx.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/tty/serial/imx.c b/drivers/tty/serial/imx.c index 67d4a72eda770..3ad7f42790ef9 100644 --- a/drivers/tty/serial/imx.c +++ b/drivers/tty/serial/imx.c @@ -762,6 +762,10 @@ static irqreturn_t __imx_uart_rtsint(int irq, void *dev_id) imx_uart_writel(sport, USR1_RTSD, USR1); usr1 = imx_uart_readl(sport, USR1) & USR1_RTSS; + if (usr1 & USR1_RTSS) + sport->old_status |= TIOCM_CTS; + else + sport->old_status &= ~TIOCM_CTS; uart_handle_cts_change(&sport->port, usr1); wake_up_interruptible(&sport->port.state->port.delta_msr_wait); -- 2.45.2

7 months

3
3
0 0

FAILED: patch "[PATCH] block, bfq: fix procress reference leakage for bfqq in merge" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 73aeab373557fa6ee4ae0b742c6211ccd9859280 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100234-dizzy-backlands-30eb@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 73aeab373557 ("block, bfq: fix procress reference leakage for bfqq in merge chain") 9778369a2d6c ("block, bfq: split sync bfq_queues on a per-actuator basis") 246cf66e300b ("block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq") 337366e02b37 ("block, bfq: replace 0/1 with false/true in bic apis") 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'") dc469ba2e790 ("block/bfq: Use the new blk_opf_t type") 4e54a2493e58 ("bfq: Get rid of __bio_blkcg() usage") 09f871868080 ("bfq: Track whether bfq_group is still online") ea591cd4eb27 ("bfq: Update cgroup information before merging bio") 3bc5e683c67d ("bfq: Split shared queues on move between cgroups") f6bad159f5d5 ("block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC"") a0725c22cd84 ("bfq: use bfq_bic_lookup in bfq_limit_depth") 1f18b7005b49 ("bfq: Limit waker detection in time") 76f1df88bbc2 ("bfq: Limit number of requests consumed by each cgroup") 44dfa279f117 ("bfq: Store full bitmap depth in bfq_data") ae0f1a732f4a ("blk-mq: Stop using pointers for blk_mq_tags bitmap tags") e155b0c238b2 ("blk-mq: Use shared tags for shared sbitmap support") 645db34e5050 ("blk-mq: Refactor and rename blk_mq_free_map_and_{requests->rqs}()") 63064be150e4 ("blk-mq: Add blk_mq_alloc_map_and_rqs()") a7e7388dced4 ("blk-mq: Add blk_mq_tag_update_sched_shared_sbitmap()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 73aeab373557fa6ee4ae0b742c6211ccd9859280 Mon Sep 17 00:00:00 2001 From: Yu Kuai <yukuai3(a)huawei.com> Date: Mon, 9 Sep 2024 21:41:49 +0800 Subject: [PATCH] block, bfq: fix procress reference leakage for bfqq in merge chain MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Original state: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ | | | \--------------\ \-------------\ \-------------\| V V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 1 2 4 After commit 0e456dba86c7 ("block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()"), if P1 issues a new IO: Without the patch: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ | | | \------------------------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 2 4 bfqq3 will be used to handle IO from P1, this is not expected, IO should be redirected to bfqq4; With the patch: ------------------------------------------- | | Process 1 Process 2 Process 3 | Process 4 (BIC1) (BIC2) (BIC3) | (BIC4) | | | | \-------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 2 4 IO is redirected to bfqq4, however, procress reference of bfqq3 is still 2, while there is only P2 using it. Fix the problem by calling bfq_merge_bfqqs() for each bfqq in the merge chain. Also change bfqq_merge_bfqqs() to return new_bfqq to simplify code. Fixes: 0e456dba86c7 ("block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Link: https://lore.kernel.org/r/20240909134154.954924-3-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index d5d39974c674..f4192d5411d2 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -3129,10 +3129,12 @@ void bfq_release_process_ref(struct bfq_data *bfqd, struct bfq_queue *bfqq) bfq_put_queue(bfqq); } -static void -bfq_merge_bfqqs(struct bfq_data *bfqd, struct bfq_io_cq *bic, - struct bfq_queue *bfqq, struct bfq_queue *new_bfqq) +static struct bfq_queue *bfq_merge_bfqqs(struct bfq_data *bfqd, + struct bfq_io_cq *bic, + struct bfq_queue *bfqq) { + struct bfq_queue *new_bfqq = bfqq->new_bfqq; + bfq_log_bfqq(bfqd, bfqq, "merging with queue %lu", (unsigned long)new_bfqq->pid); /* Save weight raising and idle window of the merged queues */ @@ -3226,6 +3228,8 @@ bfq_merge_bfqqs(struct bfq_data *bfqd, struct bfq_io_cq *bic, bfq_reassign_last_bfqq(bfqq, new_bfqq); bfq_release_process_ref(bfqd, bfqq); + + return new_bfqq; } static bool bfq_allow_bio_merge(struct request_queue *q, struct request *rq, @@ -3261,14 +3265,8 @@ static bool bfq_allow_bio_merge(struct request_queue *q, struct request *rq, * fulfilled, i.e., bic can be redirected to new_bfqq * and bfqq can be put. */ - bfq_merge_bfqqs(bfqd, bfqd->bio_bic, bfqq, - new_bfqq); - /* - * If we get here, bio will be queued into new_queue, - * so use new_bfqq to decide whether bio and rq can be - * merged. - */ - bfqq = new_bfqq; + while (bfqq != new_bfqq) + bfqq = bfq_merge_bfqqs(bfqd, bfqd->bio_bic, bfqq); /* * Change also bqfd->bio_bfqq, as @@ -5705,9 +5703,7 @@ bfq_do_early_stable_merge(struct bfq_data *bfqd, struct bfq_queue *bfqq, * state before killing it. */ bfqq->bic = bic; - bfq_merge_bfqqs(bfqd, bic, bfqq, new_bfqq); - - return new_bfqq; + return bfq_merge_bfqqs(bfqd, bic, bfqq); } /* @@ -6162,6 +6158,7 @@ static bool __bfq_insert_request(struct bfq_data *bfqd, struct request *rq) bool waiting, idle_timer_disabled = false; if (new_bfqq) { + struct bfq_queue *old_bfqq = bfqq; /* * Release the request's reference to the old bfqq * and make sure one is taken to the shared queue. @@ -6178,18 +6175,18 @@ static bool __bfq_insert_request(struct bfq_data *bfqd, struct request *rq) * new_bfqq. */ if (bic_to_bfqq(RQ_BIC(rq), true, - bfq_actuator_index(bfqd, rq->bio)) == bfqq) - bfq_merge_bfqqs(bfqd, RQ_BIC(rq), - bfqq, new_bfqq); + bfq_actuator_index(bfqd, rq->bio)) == bfqq) { + while (bfqq != new_bfqq) + bfqq = bfq_merge_bfqqs(bfqd, RQ_BIC(rq), bfqq); + } - bfq_clear_bfqq_just_created(bfqq); + bfq_clear_bfqq_just_created(old_bfqq); /* * rq is about to be enqueued into new_bfqq, * release rq reference on bfqq */ - bfq_put_queue(bfqq); + bfq_put_queue(old_bfqq); rq->elv.priv[1] = new_bfqq; - bfqq = new_bfqq; } bfq_update_io_thinktime(bfqd, bfqq);

7 months

1
0
0 0

FAILED: patch "[PATCH] block, bfq: fix procress reference leakage for bfqq in merge" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 73aeab373557fa6ee4ae0b742c6211ccd9859280 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100232-unheated-trailing-4528@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 73aeab373557 ("block, bfq: fix procress reference leakage for bfqq in merge chain") 9778369a2d6c ("block, bfq: split sync bfq_queues on a per-actuator basis") 246cf66e300b ("block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq") 337366e02b37 ("block, bfq: replace 0/1 with false/true in bic apis") 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'") dc469ba2e790 ("block/bfq: Use the new blk_opf_t type") 4e54a2493e58 ("bfq: Get rid of __bio_blkcg() usage") 09f871868080 ("bfq: Track whether bfq_group is still online") ea591cd4eb27 ("bfq: Update cgroup information before merging bio") 3bc5e683c67d ("bfq: Split shared queues on move between cgroups") f6bad159f5d5 ("block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC"") a0725c22cd84 ("bfq: use bfq_bic_lookup in bfq_limit_depth") 1f18b7005b49 ("bfq: Limit waker detection in time") 76f1df88bbc2 ("bfq: Limit number of requests consumed by each cgroup") 44dfa279f117 ("bfq: Store full bitmap depth in bfq_data") ae0f1a732f4a ("blk-mq: Stop using pointers for blk_mq_tags bitmap tags") e155b0c238b2 ("blk-mq: Use shared tags for shared sbitmap support") 645db34e5050 ("blk-mq: Refactor and rename blk_mq_free_map_and_{requests->rqs}()") 63064be150e4 ("blk-mq: Add blk_mq_alloc_map_and_rqs()") a7e7388dced4 ("blk-mq: Add blk_mq_tag_update_sched_shared_sbitmap()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 73aeab373557fa6ee4ae0b742c6211ccd9859280 Mon Sep 17 00:00:00 2001 From: Yu Kuai <yukuai3(a)huawei.com> Date: Mon, 9 Sep 2024 21:41:49 +0800 Subject: [PATCH] block, bfq: fix procress reference leakage for bfqq in merge chain MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Original state: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ | | | \--------------\ \-------------\ \-------------\| V V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 1 2 4 After commit 0e456dba86c7 ("block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()"), if P1 issues a new IO: Without the patch: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ | | | \------------------------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 2 4 bfqq3 will be used to handle IO from P1, this is not expected, IO should be redirected to bfqq4; With the patch: ------------------------------------------- | | Process 1 Process 2 Process 3 | Process 4 (BIC1) (BIC2) (BIC3) | (BIC4) | | | | \-------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 2 4 IO is redirected to bfqq4, however, procress reference of bfqq3 is still 2, while there is only P2 using it. Fix the problem by calling bfq_merge_bfqqs() for each bfqq in the merge chain. Also change bfqq_merge_bfqqs() to return new_bfqq to simplify code. Fixes: 0e456dba86c7 ("block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Link: https://lore.kernel.org/r/20240909134154.954924-3-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index d5d39974c674..f4192d5411d2 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -3129,10 +3129,12 @@ void bfq_release_process_ref(struct bfq_data *bfqd, struct bfq_queue *bfqq) bfq_put_queue(bfqq); } -static void -bfq_merge_bfqqs(struct bfq_data *bfqd, struct bfq_io_cq *bic, - struct bfq_queue *bfqq, struct bfq_queue *new_bfqq) +static struct bfq_queue *bfq_merge_bfqqs(struct bfq_data *bfqd, + struct bfq_io_cq *bic, + struct bfq_queue *bfqq) { + struct bfq_queue *new_bfqq = bfqq->new_bfqq; + bfq_log_bfqq(bfqd, bfqq, "merging with queue %lu", (unsigned long)new_bfqq->pid); /* Save weight raising and idle window of the merged queues */ @@ -3226,6 +3228,8 @@ bfq_merge_bfqqs(struct bfq_data *bfqd, struct bfq_io_cq *bic, bfq_reassign_last_bfqq(bfqq, new_bfqq); bfq_release_process_ref(bfqd, bfqq); + + return new_bfqq; } static bool bfq_allow_bio_merge(struct request_queue *q, struct request *rq, @@ -3261,14 +3265,8 @@ static bool bfq_allow_bio_merge(struct request_queue *q, struct request *rq, * fulfilled, i.e., bic can be redirected to new_bfqq * and bfqq can be put. */ - bfq_merge_bfqqs(bfqd, bfqd->bio_bic, bfqq, - new_bfqq); - /* - * If we get here, bio will be queued into new_queue, - * so use new_bfqq to decide whether bio and rq can be - * merged. - */ - bfqq = new_bfqq; + while (bfqq != new_bfqq) + bfqq = bfq_merge_bfqqs(bfqd, bfqd->bio_bic, bfqq); /* * Change also bqfd->bio_bfqq, as @@ -5705,9 +5703,7 @@ bfq_do_early_stable_merge(struct bfq_data *bfqd, struct bfq_queue *bfqq, * state before killing it. */ bfqq->bic = bic; - bfq_merge_bfqqs(bfqd, bic, bfqq, new_bfqq); - - return new_bfqq; + return bfq_merge_bfqqs(bfqd, bic, bfqq); } /* @@ -6162,6 +6158,7 @@ static bool __bfq_insert_request(struct bfq_data *bfqd, struct request *rq) bool waiting, idle_timer_disabled = false; if (new_bfqq) { + struct bfq_queue *old_bfqq = bfqq; /* * Release the request's reference to the old bfqq * and make sure one is taken to the shared queue. @@ -6178,18 +6175,18 @@ static bool __bfq_insert_request(struct bfq_data *bfqd, struct request *rq) * new_bfqq. */ if (bic_to_bfqq(RQ_BIC(rq), true, - bfq_actuator_index(bfqd, rq->bio)) == bfqq) - bfq_merge_bfqqs(bfqd, RQ_BIC(rq), - bfqq, new_bfqq); + bfq_actuator_index(bfqd, rq->bio)) == bfqq) { + while (bfqq != new_bfqq) + bfqq = bfq_merge_bfqqs(bfqd, RQ_BIC(rq), bfqq); + } - bfq_clear_bfqq_just_created(bfqq); + bfq_clear_bfqq_just_created(old_bfqq); /* * rq is about to be enqueued into new_bfqq, * release rq reference on bfqq */ - bfq_put_queue(bfqq); + bfq_put_queue(old_bfqq); rq->elv.priv[1] = new_bfqq; - bfqq = new_bfqq; } bfq_update_io_thinktime(bfqd, bfqq);

7 months

1
0
0 0

FAILED: patch "[PATCH] block, bfq: fix procress reference leakage for bfqq in merge" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 73aeab373557fa6ee4ae0b742c6211ccd9859280 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100231-difficult-nail-04b1@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 73aeab373557 ("block, bfq: fix procress reference leakage for bfqq in merge chain") 9778369a2d6c ("block, bfq: split sync bfq_queues on a per-actuator basis") 246cf66e300b ("block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq") 337366e02b37 ("block, bfq: replace 0/1 with false/true in bic apis") 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'") dc469ba2e790 ("block/bfq: Use the new blk_opf_t type") 4e54a2493e58 ("bfq: Get rid of __bio_blkcg() usage") 09f871868080 ("bfq: Track whether bfq_group is still online") ea591cd4eb27 ("bfq: Update cgroup information before merging bio") 3bc5e683c67d ("bfq: Split shared queues on move between cgroups") f6bad159f5d5 ("block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC"") a0725c22cd84 ("bfq: use bfq_bic_lookup in bfq_limit_depth") 1f18b7005b49 ("bfq: Limit waker detection in time") 76f1df88bbc2 ("bfq: Limit number of requests consumed by each cgroup") 44dfa279f117 ("bfq: Store full bitmap depth in bfq_data") ae0f1a732f4a ("blk-mq: Stop using pointers for blk_mq_tags bitmap tags") e155b0c238b2 ("blk-mq: Use shared tags for shared sbitmap support") 645db34e5050 ("blk-mq: Refactor and rename blk_mq_free_map_and_{requests->rqs}()") 63064be150e4 ("blk-mq: Add blk_mq_alloc_map_and_rqs()") a7e7388dced4 ("blk-mq: Add blk_mq_tag_update_sched_shared_sbitmap()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 73aeab373557fa6ee4ae0b742c6211ccd9859280 Mon Sep 17 00:00:00 2001 From: Yu Kuai <yukuai3(a)huawei.com> Date: Mon, 9 Sep 2024 21:41:49 +0800 Subject: [PATCH] block, bfq: fix procress reference leakage for bfqq in merge chain MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Original state: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ | | | \--------------\ \-------------\ \-------------\| V V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 1 2 4 After commit 0e456dba86c7 ("block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()"), if P1 issues a new IO: Without the patch: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ | | | \------------------------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 2 4 bfqq3 will be used to handle IO from P1, this is not expected, IO should be redirected to bfqq4; With the patch: ------------------------------------------- | | Process 1 Process 2 Process 3 | Process 4 (BIC1) (BIC2) (BIC3) | (BIC4) | | | | \-------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 2 4 IO is redirected to bfqq4, however, procress reference of bfqq3 is still 2, while there is only P2 using it. Fix the problem by calling bfq_merge_bfqqs() for each bfqq in the merge chain. Also change bfqq_merge_bfqqs() to return new_bfqq to simplify code. Fixes: 0e456dba86c7 ("block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Link: https://lore.kernel.org/r/20240909134154.954924-3-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index d5d39974c674..f4192d5411d2 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -3129,10 +3129,12 @@ void bfq_release_process_ref(struct bfq_data *bfqd, struct bfq_queue *bfqq) bfq_put_queue(bfqq); } -static void -bfq_merge_bfqqs(struct bfq_data *bfqd, struct bfq_io_cq *bic, - struct bfq_queue *bfqq, struct bfq_queue *new_bfqq) +static struct bfq_queue *bfq_merge_bfqqs(struct bfq_data *bfqd, + struct bfq_io_cq *bic, + struct bfq_queue *bfqq) { + struct bfq_queue *new_bfqq = bfqq->new_bfqq; + bfq_log_bfqq(bfqd, bfqq, "merging with queue %lu", (unsigned long)new_bfqq->pid); /* Save weight raising and idle window of the merged queues */ @@ -3226,6 +3228,8 @@ bfq_merge_bfqqs(struct bfq_data *bfqd, struct bfq_io_cq *bic, bfq_reassign_last_bfqq(bfqq, new_bfqq); bfq_release_process_ref(bfqd, bfqq); + + return new_bfqq; } static bool bfq_allow_bio_merge(struct request_queue *q, struct request *rq, @@ -3261,14 +3265,8 @@ static bool bfq_allow_bio_merge(struct request_queue *q, struct request *rq, * fulfilled, i.e., bic can be redirected to new_bfqq * and bfqq can be put. */ - bfq_merge_bfqqs(bfqd, bfqd->bio_bic, bfqq, - new_bfqq); - /* - * If we get here, bio will be queued into new_queue, - * so use new_bfqq to decide whether bio and rq can be - * merged. - */ - bfqq = new_bfqq; + while (bfqq != new_bfqq) + bfqq = bfq_merge_bfqqs(bfqd, bfqd->bio_bic, bfqq); /* * Change also bqfd->bio_bfqq, as @@ -5705,9 +5703,7 @@ bfq_do_early_stable_merge(struct bfq_data *bfqd, struct bfq_queue *bfqq, * state before killing it. */ bfqq->bic = bic; - bfq_merge_bfqqs(bfqd, bic, bfqq, new_bfqq); - - return new_bfqq; + return bfq_merge_bfqqs(bfqd, bic, bfqq); } /* @@ -6162,6 +6158,7 @@ static bool __bfq_insert_request(struct bfq_data *bfqd, struct request *rq) bool waiting, idle_timer_disabled = false; if (new_bfqq) { + struct bfq_queue *old_bfqq = bfqq; /* * Release the request's reference to the old bfqq * and make sure one is taken to the shared queue. @@ -6178,18 +6175,18 @@ static bool __bfq_insert_request(struct bfq_data *bfqd, struct request *rq) * new_bfqq. */ if (bic_to_bfqq(RQ_BIC(rq), true, - bfq_actuator_index(bfqd, rq->bio)) == bfqq) - bfq_merge_bfqqs(bfqd, RQ_BIC(rq), - bfqq, new_bfqq); + bfq_actuator_index(bfqd, rq->bio)) == bfqq) { + while (bfqq != new_bfqq) + bfqq = bfq_merge_bfqqs(bfqd, RQ_BIC(rq), bfqq); + } - bfq_clear_bfqq_just_created(bfqq); + bfq_clear_bfqq_just_created(old_bfqq); /* * rq is about to be enqueued into new_bfqq, * release rq reference on bfqq */ - bfq_put_queue(bfqq); + bfq_put_queue(old_bfqq); rq->elv.priv[1] = new_bfqq; - bfqq = new_bfqq; } bfq_update_io_thinktime(bfqd, bfqq);

7 months

1
0
0 0

FAILED: patch "[PATCH] block, bfq: fix procress reference leakage for bfqq in merge" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 73aeab373557fa6ee4ae0b742c6211ccd9859280 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100230-epilogue-hush-6a49@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 73aeab373557 ("block, bfq: fix procress reference leakage for bfqq in merge chain") 9778369a2d6c ("block, bfq: split sync bfq_queues on a per-actuator basis") 246cf66e300b ("block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq") 337366e02b37 ("block, bfq: replace 0/1 with false/true in bic apis") 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'") dc469ba2e790 ("block/bfq: Use the new blk_opf_t type") 4e54a2493e58 ("bfq: Get rid of __bio_blkcg() usage") 09f871868080 ("bfq: Track whether bfq_group is still online") ea591cd4eb27 ("bfq: Update cgroup information before merging bio") 3bc5e683c67d ("bfq: Split shared queues on move between cgroups") f6bad159f5d5 ("block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC"") a0725c22cd84 ("bfq: use bfq_bic_lookup in bfq_limit_depth") 1f18b7005b49 ("bfq: Limit waker detection in time") 76f1df88bbc2 ("bfq: Limit number of requests consumed by each cgroup") 44dfa279f117 ("bfq: Store full bitmap depth in bfq_data") ae0f1a732f4a ("blk-mq: Stop using pointers for blk_mq_tags bitmap tags") e155b0c238b2 ("blk-mq: Use shared tags for shared sbitmap support") 645db34e5050 ("blk-mq: Refactor and rename blk_mq_free_map_and_{requests->rqs}()") 63064be150e4 ("blk-mq: Add blk_mq_alloc_map_and_rqs()") a7e7388dced4 ("blk-mq: Add blk_mq_tag_update_sched_shared_sbitmap()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 73aeab373557fa6ee4ae0b742c6211ccd9859280 Mon Sep 17 00:00:00 2001 From: Yu Kuai <yukuai3(a)huawei.com> Date: Mon, 9 Sep 2024 21:41:49 +0800 Subject: [PATCH] block, bfq: fix procress reference leakage for bfqq in merge chain MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Original state: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ | | | \--------------\ \-------------\ \-------------\| V V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 1 2 4 After commit 0e456dba86c7 ("block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()"), if P1 issues a new IO: Without the patch: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ | | | \------------------------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 2 4 bfqq3 will be used to handle IO from P1, this is not expected, IO should be redirected to bfqq4; With the patch: ------------------------------------------- | | Process 1 Process 2 Process 3 | Process 4 (BIC1) (BIC2) (BIC3) | (BIC4) | | | | \-------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 2 4 IO is redirected to bfqq4, however, procress reference of bfqq3 is still 2, while there is only P2 using it. Fix the problem by calling bfq_merge_bfqqs() for each bfqq in the merge chain. Also change bfqq_merge_bfqqs() to return new_bfqq to simplify code. Fixes: 0e456dba86c7 ("block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Link: https://lore.kernel.org/r/20240909134154.954924-3-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index d5d39974c674..f4192d5411d2 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -3129,10 +3129,12 @@ void bfq_release_process_ref(struct bfq_data *bfqd, struct bfq_queue *bfqq) bfq_put_queue(bfqq); } -static void -bfq_merge_bfqqs(struct bfq_data *bfqd, struct bfq_io_cq *bic, - struct bfq_queue *bfqq, struct bfq_queue *new_bfqq) +static struct bfq_queue *bfq_merge_bfqqs(struct bfq_data *bfqd, + struct bfq_io_cq *bic, + struct bfq_queue *bfqq) { + struct bfq_queue *new_bfqq = bfqq->new_bfqq; + bfq_log_bfqq(bfqd, bfqq, "merging with queue %lu", (unsigned long)new_bfqq->pid); /* Save weight raising and idle window of the merged queues */ @@ -3226,6 +3228,8 @@ bfq_merge_bfqqs(struct bfq_data *bfqd, struct bfq_io_cq *bic, bfq_reassign_last_bfqq(bfqq, new_bfqq); bfq_release_process_ref(bfqd, bfqq); + + return new_bfqq; } static bool bfq_allow_bio_merge(struct request_queue *q, struct request *rq, @@ -3261,14 +3265,8 @@ static bool bfq_allow_bio_merge(struct request_queue *q, struct request *rq, * fulfilled, i.e., bic can be redirected to new_bfqq * and bfqq can be put. */ - bfq_merge_bfqqs(bfqd, bfqd->bio_bic, bfqq, - new_bfqq); - /* - * If we get here, bio will be queued into new_queue, - * so use new_bfqq to decide whether bio and rq can be - * merged. - */ - bfqq = new_bfqq; + while (bfqq != new_bfqq) + bfqq = bfq_merge_bfqqs(bfqd, bfqd->bio_bic, bfqq); /* * Change also bqfd->bio_bfqq, as @@ -5705,9 +5703,7 @@ bfq_do_early_stable_merge(struct bfq_data *bfqd, struct bfq_queue *bfqq, * state before killing it. */ bfqq->bic = bic; - bfq_merge_bfqqs(bfqd, bic, bfqq, new_bfqq); - - return new_bfqq; + return bfq_merge_bfqqs(bfqd, bic, bfqq); } /* @@ -6162,6 +6158,7 @@ static bool __bfq_insert_request(struct bfq_data *bfqd, struct request *rq) bool waiting, idle_timer_disabled = false; if (new_bfqq) { + struct bfq_queue *old_bfqq = bfqq; /* * Release the request's reference to the old bfqq * and make sure one is taken to the shared queue. @@ -6178,18 +6175,18 @@ static bool __bfq_insert_request(struct bfq_data *bfqd, struct request *rq) * new_bfqq. */ if (bic_to_bfqq(RQ_BIC(rq), true, - bfq_actuator_index(bfqd, rq->bio)) == bfqq) - bfq_merge_bfqqs(bfqd, RQ_BIC(rq), - bfqq, new_bfqq); + bfq_actuator_index(bfqd, rq->bio)) == bfqq) { + while (bfqq != new_bfqq) + bfqq = bfq_merge_bfqqs(bfqd, RQ_BIC(rq), bfqq); + } - bfq_clear_bfqq_just_created(bfqq); + bfq_clear_bfqq_just_created(old_bfqq); /* * rq is about to be enqueued into new_bfqq, * release rq reference on bfqq */ - bfq_put_queue(bfqq); + bfq_put_queue(old_bfqq); rq->elv.priv[1] = new_bfqq; - bfqq = new_bfqq; } bfq_update_io_thinktime(bfqd, bfqq);

7 months

1
0
0 0

FAILED: patch "[PATCH] block, bfq: fix procress reference leakage for bfqq in merge" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 73aeab373557fa6ee4ae0b742c6211ccd9859280 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100229-lazy-atonable-fd03@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 73aeab373557 ("block, bfq: fix procress reference leakage for bfqq in merge chain") 9778369a2d6c ("block, bfq: split sync bfq_queues on a per-actuator basis") 246cf66e300b ("block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq") 337366e02b37 ("block, bfq: replace 0/1 with false/true in bic apis") 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 73aeab373557fa6ee4ae0b742c6211ccd9859280 Mon Sep 17 00:00:00 2001 From: Yu Kuai <yukuai3(a)huawei.com> Date: Mon, 9 Sep 2024 21:41:49 +0800 Subject: [PATCH] block, bfq: fix procress reference leakage for bfqq in merge chain MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Original state: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ | | | \--------------\ \-------------\ \-------------\| V V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 1 2 4 After commit 0e456dba86c7 ("block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()"), if P1 issues a new IO: Without the patch: Process 1 Process 2 Process 3 Process 4 (BIC1) (BIC2) (BIC3) (BIC4) Λ | | | \------------------------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 2 4 bfqq3 will be used to handle IO from P1, this is not expected, IO should be redirected to bfqq4; With the patch: ------------------------------------------- | | Process 1 Process 2 Process 3 | Process 4 (BIC1) (BIC2) (BIC3) | (BIC4) | | | | \-------------\ \-------------\| V V bfqq1--------->bfqq2---------->bfqq3----------->bfqq4 ref 0 0 2 4 IO is redirected to bfqq4, however, procress reference of bfqq3 is still 2, while there is only P2 using it. Fix the problem by calling bfq_merge_bfqqs() for each bfqq in the merge chain. Also change bfqq_merge_bfqqs() to return new_bfqq to simplify code. Fixes: 0e456dba86c7 ("block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator()") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Link: https://lore.kernel.org/r/20240909134154.954924-3-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index d5d39974c674..f4192d5411d2 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -3129,10 +3129,12 @@ void bfq_release_process_ref(struct bfq_data *bfqd, struct bfq_queue *bfqq) bfq_put_queue(bfqq); } -static void -bfq_merge_bfqqs(struct bfq_data *bfqd, struct bfq_io_cq *bic, - struct bfq_queue *bfqq, struct bfq_queue *new_bfqq) +static struct bfq_queue *bfq_merge_bfqqs(struct bfq_data *bfqd, + struct bfq_io_cq *bic, + struct bfq_queue *bfqq) { + struct bfq_queue *new_bfqq = bfqq->new_bfqq; + bfq_log_bfqq(bfqd, bfqq, "merging with queue %lu", (unsigned long)new_bfqq->pid); /* Save weight raising and idle window of the merged queues */ @@ -3226,6 +3228,8 @@ bfq_merge_bfqqs(struct bfq_data *bfqd, struct bfq_io_cq *bic, bfq_reassign_last_bfqq(bfqq, new_bfqq); bfq_release_process_ref(bfqd, bfqq); + + return new_bfqq; } static bool bfq_allow_bio_merge(struct request_queue *q, struct request *rq, @@ -3261,14 +3265,8 @@ static bool bfq_allow_bio_merge(struct request_queue *q, struct request *rq, * fulfilled, i.e., bic can be redirected to new_bfqq * and bfqq can be put. */ - bfq_merge_bfqqs(bfqd, bfqd->bio_bic, bfqq, - new_bfqq); - /* - * If we get here, bio will be queued into new_queue, - * so use new_bfqq to decide whether bio and rq can be - * merged. - */ - bfqq = new_bfqq; + while (bfqq != new_bfqq) + bfqq = bfq_merge_bfqqs(bfqd, bfqd->bio_bic, bfqq); /* * Change also bqfd->bio_bfqq, as @@ -5705,9 +5703,7 @@ bfq_do_early_stable_merge(struct bfq_data *bfqd, struct bfq_queue *bfqq, * state before killing it. */ bfqq->bic = bic; - bfq_merge_bfqqs(bfqd, bic, bfqq, new_bfqq); - - return new_bfqq; + return bfq_merge_bfqqs(bfqd, bic, bfqq); } /* @@ -6162,6 +6158,7 @@ static bool __bfq_insert_request(struct bfq_data *bfqd, struct request *rq) bool waiting, idle_timer_disabled = false; if (new_bfqq) { + struct bfq_queue *old_bfqq = bfqq; /* * Release the request's reference to the old bfqq * and make sure one is taken to the shared queue. @@ -6178,18 +6175,18 @@ static bool __bfq_insert_request(struct bfq_data *bfqd, struct request *rq) * new_bfqq. */ if (bic_to_bfqq(RQ_BIC(rq), true, - bfq_actuator_index(bfqd, rq->bio)) == bfqq) - bfq_merge_bfqqs(bfqd, RQ_BIC(rq), - bfqq, new_bfqq); + bfq_actuator_index(bfqd, rq->bio)) == bfqq) { + while (bfqq != new_bfqq) + bfqq = bfq_merge_bfqqs(bfqd, RQ_BIC(rq), bfqq); + } - bfq_clear_bfqq_just_created(bfqq); + bfq_clear_bfqq_just_created(old_bfqq); /* * rq is about to be enqueued into new_bfqq, * release rq reference on bfqq */ - bfq_put_queue(bfqq); + bfq_put_queue(old_bfqq); rq->elv.priv[1] = new_bfqq; - bfqq = new_bfqq; } bfq_update_io_thinktime(bfqd, bfqq);

7 months

1
0
0 0

FAILED: patch "[PATCH] block, bfq: fix uaf for accessing waker_bfqq after splitting" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 1ba0403ac6447f2d63914fb760c44a3b19c44eaf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100223-gutter-exchange-0c2b@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 1ba0403ac644 ("block, bfq: fix uaf for accessing waker_bfqq after splitting") fd571df0ac5b ("block, bfq: turn bfqq_data into an array in bfq_io_cq") a61230470c8c ("block, bfq: move io_cq-persistent bfqq data into a dedicated struct") 9778369a2d6c ("block, bfq: split sync bfq_queues on a per-actuator basis") 246cf66e300b ("block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq") 337366e02b37 ("block, bfq: replace 0/1 with false/true in bic apis") 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'") a1795c2ccb1e ("bfq: fix waker_bfqq inconsistency crash") dc469ba2e790 ("block/bfq: Use the new blk_opf_t type") f950667356ce ("bfq: Relax waker detection for shared queues") 4e54a2493e58 ("bfq: Get rid of __bio_blkcg() usage") 09f871868080 ("bfq: Track whether bfq_group is still online") ea591cd4eb27 ("bfq: Update cgroup information before merging bio") 3bc5e683c67d ("bfq: Split shared queues on move between cgroups") 70456e5210f4 ("bfq: Avoid false marking of bic as stably merged") f6bad159f5d5 ("block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC"") a0725c22cd84 ("bfq: use bfq_bic_lookup in bfq_limit_depth") 1f18b7005b49 ("bfq: Limit waker detection in time") 76f1df88bbc2 ("bfq: Limit number of requests consumed by each cgroup") 44dfa279f117 ("bfq: Store full bitmap depth in bfq_data") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1ba0403ac6447f2d63914fb760c44a3b19c44eaf Mon Sep 17 00:00:00 2001 From: Yu Kuai <yukuai3(a)huawei.com> Date: Mon, 9 Sep 2024 21:41:48 +0800 Subject: [PATCH] block, bfq: fix uaf for accessing waker_bfqq after splitting After commit 42c306ed7233 ("block, bfq: don't break merge chain in bfq_split_bfqq()"), if the current procress is the last holder of bfqq, the bfqq can be freed after bfq_split_bfqq(). Hence recored the bfqq and then access bfqq->waker_bfqq may trigger UAF. What's more, the waker_bfqq may in the merge chain of bfqq, hence just recored waker_bfqq is still not safe. Fix the problem by adding a helper bfq_waker_bfqq() to check if bfqq->waker_bfqq is in the merge chain, and current procress is the only holder. Fixes: 42c306ed7233 ("block, bfq: don't break merge chain in bfq_split_bfqq()") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Link: https://lore.kernel.org/r/20240909134154.954924-2-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index d1bf2b8a3576..d5d39974c674 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -6825,6 +6825,31 @@ static void bfq_prepare_request(struct request *rq) rq->elv.priv[0] = rq->elv.priv[1] = NULL; } +static struct bfq_queue *bfq_waker_bfqq(struct bfq_queue *bfqq) +{ + struct bfq_queue *new_bfqq = bfqq->new_bfqq; + struct bfq_queue *waker_bfqq = bfqq->waker_bfqq; + + if (!waker_bfqq) + return NULL; + + while (new_bfqq) { + if (new_bfqq == waker_bfqq) { + /* + * If waker_bfqq is in the merge chain, and current + * is the only procress. + */ + if (bfqq_process_refs(waker_bfqq) == 1) + return NULL; + break; + } + + new_bfqq = new_bfqq->new_bfqq; + } + + return waker_bfqq; +} + /* * If needed, init rq, allocate bfq data structures associated with * rq, and increment reference counters in the destination bfq_queue @@ -6886,7 +6911,7 @@ static struct bfq_queue *bfq_init_rq(struct request *rq) /* If the queue was seeky for too long, break it apart. */ if (bfq_bfqq_coop(bfqq) && bfq_bfqq_split_coop(bfqq) && !bic->bfqq_data[a_idx].stably_merged) { - struct bfq_queue *old_bfqq = bfqq; + struct bfq_queue *waker_bfqq = bfq_waker_bfqq(bfqq); /* Update bic before losing reference to bfqq */ if (bfq_bfqq_in_large_burst(bfqq)) @@ -6906,7 +6931,7 @@ static struct bfq_queue *bfq_init_rq(struct request *rq) bfqq_already_existing = true; if (!bfqq_already_existing) { - bfqq->waker_bfqq = old_bfqq->waker_bfqq; + bfqq->waker_bfqq = waker_bfqq; bfqq->tentative_waker_bfqq = NULL; /* @@ -6916,7 +6941,7 @@ static struct bfq_queue *bfq_init_rq(struct request *rq) * woken_list of the waker. See * bfq_check_waker for details. */ - if (bfqq->waker_bfqq) + if (waker_bfqq) hlist_add_head(&bfqq->woken_list_node, &bfqq->waker_bfqq->woken_list); }

7 months

1
0
0 0

FAILED: patch "[PATCH] block, bfq: fix uaf for accessing waker_bfqq after splitting" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1ba0403ac6447f2d63914fb760c44a3b19c44eaf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100222-aliens-ergonomic-4ce2@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 1ba0403ac644 ("block, bfq: fix uaf for accessing waker_bfqq after splitting") fd571df0ac5b ("block, bfq: turn bfqq_data into an array in bfq_io_cq") a61230470c8c ("block, bfq: move io_cq-persistent bfqq data into a dedicated struct") 9778369a2d6c ("block, bfq: split sync bfq_queues on a per-actuator basis") 246cf66e300b ("block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq") 337366e02b37 ("block, bfq: replace 0/1 with false/true in bic apis") 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'") a1795c2ccb1e ("bfq: fix waker_bfqq inconsistency crash") dc469ba2e790 ("block/bfq: Use the new blk_opf_t type") f950667356ce ("bfq: Relax waker detection for shared queues") 4e54a2493e58 ("bfq: Get rid of __bio_blkcg() usage") 09f871868080 ("bfq: Track whether bfq_group is still online") ea591cd4eb27 ("bfq: Update cgroup information before merging bio") 3bc5e683c67d ("bfq: Split shared queues on move between cgroups") 70456e5210f4 ("bfq: Avoid false marking of bic as stably merged") f6bad159f5d5 ("block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC"") a0725c22cd84 ("bfq: use bfq_bic_lookup in bfq_limit_depth") 1f18b7005b49 ("bfq: Limit waker detection in time") 76f1df88bbc2 ("bfq: Limit number of requests consumed by each cgroup") 44dfa279f117 ("bfq: Store full bitmap depth in bfq_data") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1ba0403ac6447f2d63914fb760c44a3b19c44eaf Mon Sep 17 00:00:00 2001 From: Yu Kuai <yukuai3(a)huawei.com> Date: Mon, 9 Sep 2024 21:41:48 +0800 Subject: [PATCH] block, bfq: fix uaf for accessing waker_bfqq after splitting After commit 42c306ed7233 ("block, bfq: don't break merge chain in bfq_split_bfqq()"), if the current procress is the last holder of bfqq, the bfqq can be freed after bfq_split_bfqq(). Hence recored the bfqq and then access bfqq->waker_bfqq may trigger UAF. What's more, the waker_bfqq may in the merge chain of bfqq, hence just recored waker_bfqq is still not safe. Fix the problem by adding a helper bfq_waker_bfqq() to check if bfqq->waker_bfqq is in the merge chain, and current procress is the only holder. Fixes: 42c306ed7233 ("block, bfq: don't break merge chain in bfq_split_bfqq()") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Link: https://lore.kernel.org/r/20240909134154.954924-2-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index d1bf2b8a3576..d5d39974c674 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -6825,6 +6825,31 @@ static void bfq_prepare_request(struct request *rq) rq->elv.priv[0] = rq->elv.priv[1] = NULL; } +static struct bfq_queue *bfq_waker_bfqq(struct bfq_queue *bfqq) +{ + struct bfq_queue *new_bfqq = bfqq->new_bfqq; + struct bfq_queue *waker_bfqq = bfqq->waker_bfqq; + + if (!waker_bfqq) + return NULL; + + while (new_bfqq) { + if (new_bfqq == waker_bfqq) { + /* + * If waker_bfqq is in the merge chain, and current + * is the only procress. + */ + if (bfqq_process_refs(waker_bfqq) == 1) + return NULL; + break; + } + + new_bfqq = new_bfqq->new_bfqq; + } + + return waker_bfqq; +} + /* * If needed, init rq, allocate bfq data structures associated with * rq, and increment reference counters in the destination bfq_queue @@ -6886,7 +6911,7 @@ static struct bfq_queue *bfq_init_rq(struct request *rq) /* If the queue was seeky for too long, break it apart. */ if (bfq_bfqq_coop(bfqq) && bfq_bfqq_split_coop(bfqq) && !bic->bfqq_data[a_idx].stably_merged) { - struct bfq_queue *old_bfqq = bfqq; + struct bfq_queue *waker_bfqq = bfq_waker_bfqq(bfqq); /* Update bic before losing reference to bfqq */ if (bfq_bfqq_in_large_burst(bfqq)) @@ -6906,7 +6931,7 @@ static struct bfq_queue *bfq_init_rq(struct request *rq) bfqq_already_existing = true; if (!bfqq_already_existing) { - bfqq->waker_bfqq = old_bfqq->waker_bfqq; + bfqq->waker_bfqq = waker_bfqq; bfqq->tentative_waker_bfqq = NULL; /* @@ -6916,7 +6941,7 @@ static struct bfq_queue *bfq_init_rq(struct request *rq) * woken_list of the waker. See * bfq_check_waker for details. */ - if (bfqq->waker_bfqq) + if (waker_bfqq) hlist_add_head(&bfqq->woken_list_node, &bfqq->waker_bfqq->woken_list); }

7 months

1
0
0 0

FAILED: patch "[PATCH] block, bfq: fix uaf for accessing waker_bfqq after splitting" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1ba0403ac6447f2d63914fb760c44a3b19c44eaf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100221-radar-unethical-0eaa@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 1ba0403ac644 ("block, bfq: fix uaf for accessing waker_bfqq after splitting") fd571df0ac5b ("block, bfq: turn bfqq_data into an array in bfq_io_cq") a61230470c8c ("block, bfq: move io_cq-persistent bfqq data into a dedicated struct") 9778369a2d6c ("block, bfq: split sync bfq_queues on a per-actuator basis") 246cf66e300b ("block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq") 337366e02b37 ("block, bfq: replace 0/1 with false/true in bic apis") 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'") a1795c2ccb1e ("bfq: fix waker_bfqq inconsistency crash") dc469ba2e790 ("block/bfq: Use the new blk_opf_t type") f950667356ce ("bfq: Relax waker detection for shared queues") 4e54a2493e58 ("bfq: Get rid of __bio_blkcg() usage") 09f871868080 ("bfq: Track whether bfq_group is still online") ea591cd4eb27 ("bfq: Update cgroup information before merging bio") 3bc5e683c67d ("bfq: Split shared queues on move between cgroups") 70456e5210f4 ("bfq: Avoid false marking of bic as stably merged") f6bad159f5d5 ("block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC"") a0725c22cd84 ("bfq: use bfq_bic_lookup in bfq_limit_depth") 1f18b7005b49 ("bfq: Limit waker detection in time") 76f1df88bbc2 ("bfq: Limit number of requests consumed by each cgroup") 44dfa279f117 ("bfq: Store full bitmap depth in bfq_data") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1ba0403ac6447f2d63914fb760c44a3b19c44eaf Mon Sep 17 00:00:00 2001 From: Yu Kuai <yukuai3(a)huawei.com> Date: Mon, 9 Sep 2024 21:41:48 +0800 Subject: [PATCH] block, bfq: fix uaf for accessing waker_bfqq after splitting After commit 42c306ed7233 ("block, bfq: don't break merge chain in bfq_split_bfqq()"), if the current procress is the last holder of bfqq, the bfqq can be freed after bfq_split_bfqq(). Hence recored the bfqq and then access bfqq->waker_bfqq may trigger UAF. What's more, the waker_bfqq may in the merge chain of bfqq, hence just recored waker_bfqq is still not safe. Fix the problem by adding a helper bfq_waker_bfqq() to check if bfqq->waker_bfqq is in the merge chain, and current procress is the only holder. Fixes: 42c306ed7233 ("block, bfq: don't break merge chain in bfq_split_bfqq()") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Link: https://lore.kernel.org/r/20240909134154.954924-2-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index d1bf2b8a3576..d5d39974c674 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -6825,6 +6825,31 @@ static void bfq_prepare_request(struct request *rq) rq->elv.priv[0] = rq->elv.priv[1] = NULL; } +static struct bfq_queue *bfq_waker_bfqq(struct bfq_queue *bfqq) +{ + struct bfq_queue *new_bfqq = bfqq->new_bfqq; + struct bfq_queue *waker_bfqq = bfqq->waker_bfqq; + + if (!waker_bfqq) + return NULL; + + while (new_bfqq) { + if (new_bfqq == waker_bfqq) { + /* + * If waker_bfqq is in the merge chain, and current + * is the only procress. + */ + if (bfqq_process_refs(waker_bfqq) == 1) + return NULL; + break; + } + + new_bfqq = new_bfqq->new_bfqq; + } + + return waker_bfqq; +} + /* * If needed, init rq, allocate bfq data structures associated with * rq, and increment reference counters in the destination bfq_queue @@ -6886,7 +6911,7 @@ static struct bfq_queue *bfq_init_rq(struct request *rq) /* If the queue was seeky for too long, break it apart. */ if (bfq_bfqq_coop(bfqq) && bfq_bfqq_split_coop(bfqq) && !bic->bfqq_data[a_idx].stably_merged) { - struct bfq_queue *old_bfqq = bfqq; + struct bfq_queue *waker_bfqq = bfq_waker_bfqq(bfqq); /* Update bic before losing reference to bfqq */ if (bfq_bfqq_in_large_burst(bfqq)) @@ -6906,7 +6931,7 @@ static struct bfq_queue *bfq_init_rq(struct request *rq) bfqq_already_existing = true; if (!bfqq_already_existing) { - bfqq->waker_bfqq = old_bfqq->waker_bfqq; + bfqq->waker_bfqq = waker_bfqq; bfqq->tentative_waker_bfqq = NULL; /* @@ -6916,7 +6941,7 @@ static struct bfq_queue *bfq_init_rq(struct request *rq) * woken_list of the waker. See * bfq_check_waker for details. */ - if (bfqq->waker_bfqq) + if (waker_bfqq) hlist_add_head(&bfqq->woken_list_node, &bfqq->waker_bfqq->woken_list); }

7 months

1
0
0 0

FAILED: patch "[PATCH] block, bfq: fix uaf for accessing waker_bfqq after splitting" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1ba0403ac6447f2d63914fb760c44a3b19c44eaf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100221-pang-residue-68ad@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 1ba0403ac644 ("block, bfq: fix uaf for accessing waker_bfqq after splitting") fd571df0ac5b ("block, bfq: turn bfqq_data into an array in bfq_io_cq") a61230470c8c ("block, bfq: move io_cq-persistent bfqq data into a dedicated struct") 9778369a2d6c ("block, bfq: split sync bfq_queues on a per-actuator basis") 246cf66e300b ("block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq") 337366e02b37 ("block, bfq: replace 0/1 with false/true in bic apis") 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'") a1795c2ccb1e ("bfq: fix waker_bfqq inconsistency crash") dc469ba2e790 ("block/bfq: Use the new blk_opf_t type") f950667356ce ("bfq: Relax waker detection for shared queues") 4e54a2493e58 ("bfq: Get rid of __bio_blkcg() usage") 09f871868080 ("bfq: Track whether bfq_group is still online") ea591cd4eb27 ("bfq: Update cgroup information before merging bio") 3bc5e683c67d ("bfq: Split shared queues on move between cgroups") 70456e5210f4 ("bfq: Avoid false marking of bic as stably merged") f6bad159f5d5 ("block/bfq-iosched.c: use "false" rather than "BLK_RW_ASYNC"") a0725c22cd84 ("bfq: use bfq_bic_lookup in bfq_limit_depth") 1f18b7005b49 ("bfq: Limit waker detection in time") 76f1df88bbc2 ("bfq: Limit number of requests consumed by each cgroup") 44dfa279f117 ("bfq: Store full bitmap depth in bfq_data") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1ba0403ac6447f2d63914fb760c44a3b19c44eaf Mon Sep 17 00:00:00 2001 From: Yu Kuai <yukuai3(a)huawei.com> Date: Mon, 9 Sep 2024 21:41:48 +0800 Subject: [PATCH] block, bfq: fix uaf for accessing waker_bfqq after splitting After commit 42c306ed7233 ("block, bfq: don't break merge chain in bfq_split_bfqq()"), if the current procress is the last holder of bfqq, the bfqq can be freed after bfq_split_bfqq(). Hence recored the bfqq and then access bfqq->waker_bfqq may trigger UAF. What's more, the waker_bfqq may in the merge chain of bfqq, hence just recored waker_bfqq is still not safe. Fix the problem by adding a helper bfq_waker_bfqq() to check if bfqq->waker_bfqq is in the merge chain, and current procress is the only holder. Fixes: 42c306ed7233 ("block, bfq: don't break merge chain in bfq_split_bfqq()") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Link: https://lore.kernel.org/r/20240909134154.954924-2-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index d1bf2b8a3576..d5d39974c674 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -6825,6 +6825,31 @@ static void bfq_prepare_request(struct request *rq) rq->elv.priv[0] = rq->elv.priv[1] = NULL; } +static struct bfq_queue *bfq_waker_bfqq(struct bfq_queue *bfqq) +{ + struct bfq_queue *new_bfqq = bfqq->new_bfqq; + struct bfq_queue *waker_bfqq = bfqq->waker_bfqq; + + if (!waker_bfqq) + return NULL; + + while (new_bfqq) { + if (new_bfqq == waker_bfqq) { + /* + * If waker_bfqq is in the merge chain, and current + * is the only procress. + */ + if (bfqq_process_refs(waker_bfqq) == 1) + return NULL; + break; + } + + new_bfqq = new_bfqq->new_bfqq; + } + + return waker_bfqq; +} + /* * If needed, init rq, allocate bfq data structures associated with * rq, and increment reference counters in the destination bfq_queue @@ -6886,7 +6911,7 @@ static struct bfq_queue *bfq_init_rq(struct request *rq) /* If the queue was seeky for too long, break it apart. */ if (bfq_bfqq_coop(bfqq) && bfq_bfqq_split_coop(bfqq) && !bic->bfqq_data[a_idx].stably_merged) { - struct bfq_queue *old_bfqq = bfqq; + struct bfq_queue *waker_bfqq = bfq_waker_bfqq(bfqq); /* Update bic before losing reference to bfqq */ if (bfq_bfqq_in_large_burst(bfqq)) @@ -6906,7 +6931,7 @@ static struct bfq_queue *bfq_init_rq(struct request *rq) bfqq_already_existing = true; if (!bfqq_already_existing) { - bfqq->waker_bfqq = old_bfqq->waker_bfqq; + bfqq->waker_bfqq = waker_bfqq; bfqq->tentative_waker_bfqq = NULL; /* @@ -6916,7 +6941,7 @@ static struct bfq_queue *bfq_init_rq(struct request *rq) * woken_list of the waker. See * bfq_check_waker for details. */ - if (bfqq->waker_bfqq) + if (waker_bfqq) hlist_add_head(&bfqq->woken_list_node, &bfqq->waker_bfqq->woken_list); }

7 months

1
0
0 0

FAILED: patch "[PATCH] block, bfq: fix uaf for accessing waker_bfqq after splitting" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1ba0403ac6447f2d63914fb760c44a3b19c44eaf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100220-swagger-freehand-6d91@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 1ba0403ac644 ("block, bfq: fix uaf for accessing waker_bfqq after splitting") fd571df0ac5b ("block, bfq: turn bfqq_data into an array in bfq_io_cq") a61230470c8c ("block, bfq: move io_cq-persistent bfqq data into a dedicated struct") 9778369a2d6c ("block, bfq: split sync bfq_queues on a per-actuator basis") 246cf66e300b ("block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq") 337366e02b37 ("block, bfq: replace 0/1 with false/true in bic apis") 64dc8c732f5c ("block, bfq: fix possible uaf for 'bfqq->bic'") a1795c2ccb1e ("bfq: fix waker_bfqq inconsistency crash") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1ba0403ac6447f2d63914fb760c44a3b19c44eaf Mon Sep 17 00:00:00 2001 From: Yu Kuai <yukuai3(a)huawei.com> Date: Mon, 9 Sep 2024 21:41:48 +0800 Subject: [PATCH] block, bfq: fix uaf for accessing waker_bfqq after splitting After commit 42c306ed7233 ("block, bfq: don't break merge chain in bfq_split_bfqq()"), if the current procress is the last holder of bfqq, the bfqq can be freed after bfq_split_bfqq(). Hence recored the bfqq and then access bfqq->waker_bfqq may trigger UAF. What's more, the waker_bfqq may in the merge chain of bfqq, hence just recored waker_bfqq is still not safe. Fix the problem by adding a helper bfq_waker_bfqq() to check if bfqq->waker_bfqq is in the merge chain, and current procress is the only holder. Fixes: 42c306ed7233 ("block, bfq: don't break merge chain in bfq_split_bfqq()") Signed-off-by: Yu Kuai <yukuai3(a)huawei.com> Link: https://lore.kernel.org/r/20240909134154.954924-2-yukuai1@huaweicloud.com Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/block/bfq-iosched.c b/block/bfq-iosched.c index d1bf2b8a3576..d5d39974c674 100644 --- a/block/bfq-iosched.c +++ b/block/bfq-iosched.c @@ -6825,6 +6825,31 @@ static void bfq_prepare_request(struct request *rq) rq->elv.priv[0] = rq->elv.priv[1] = NULL; } +static struct bfq_queue *bfq_waker_bfqq(struct bfq_queue *bfqq) +{ + struct bfq_queue *new_bfqq = bfqq->new_bfqq; + struct bfq_queue *waker_bfqq = bfqq->waker_bfqq; + + if (!waker_bfqq) + return NULL; + + while (new_bfqq) { + if (new_bfqq == waker_bfqq) { + /* + * If waker_bfqq is in the merge chain, and current + * is the only procress. + */ + if (bfqq_process_refs(waker_bfqq) == 1) + return NULL; + break; + } + + new_bfqq = new_bfqq->new_bfqq; + } + + return waker_bfqq; +} + /* * If needed, init rq, allocate bfq data structures associated with * rq, and increment reference counters in the destination bfq_queue @@ -6886,7 +6911,7 @@ static struct bfq_queue *bfq_init_rq(struct request *rq) /* If the queue was seeky for too long, break it apart. */ if (bfq_bfqq_coop(bfqq) && bfq_bfqq_split_coop(bfqq) && !bic->bfqq_data[a_idx].stably_merged) { - struct bfq_queue *old_bfqq = bfqq; + struct bfq_queue *waker_bfqq = bfq_waker_bfqq(bfqq); /* Update bic before losing reference to bfqq */ if (bfq_bfqq_in_large_burst(bfqq)) @@ -6906,7 +6931,7 @@ static struct bfq_queue *bfq_init_rq(struct request *rq) bfqq_already_existing = true; if (!bfqq_already_existing) { - bfqq->waker_bfqq = old_bfqq->waker_bfqq; + bfqq->waker_bfqq = waker_bfqq; bfqq->tentative_waker_bfqq = NULL; /* @@ -6916,7 +6941,7 @@ static struct bfq_queue *bfq_init_rq(struct request *rq) * woken_list of the waker. See * bfq_check_waker for details. */ - if (bfqq->waker_bfqq) + if (waker_bfqq) hlist_add_head(&bfqq->woken_list_node, &bfqq->waker_bfqq->woken_list); }

7 months

1
0
0 0

FAILED: patch "[PATCH] bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x 5fe6e308abaea082c20fbf2aa5df8e14495622cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100247-spray-enjoyable-b1d0@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: 5fe6e308abae ("bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()") 3c83a9ad0295 ("uprobes: make uprobe_register() return struct uprobe *") e04332ebc8ac ("uprobes: kill uprobe_register_refctr()") db61e6a4eee5 ("selftests/bpf: fix uprobe.path leak in bpf_testmod") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5fe6e308abaea082c20fbf2aa5df8e14495622cf Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Tue, 13 Aug 2024 17:25:24 +0200 Subject: [PATCH] bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() If bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the error_free label and frees the array of bpf_uprobe's without calling bpf_uprobe_unregister(). This leaks bpf_uprobe->uprobe and worse, this frees bpf_uprobe->consumer without removing it from the uprobe->consumers list. Fixes: 89ae89f53d20 ("bpf: Add multi uprobe link") Closes: https://lore.kernel.org/all/000000000000382d39061f59f2dd@google.com/ Reported-by: syzbot+f7a1c2c2711e4a780f19(a)syzkaller.appspotmail.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Tested-by: syzbot+f7a1c2c2711e4a780f19(a)syzkaller.appspotmail.com Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240813152524.GA7292@redhat.com diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 4e391daafa64..90cd30e9723e 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -3484,17 +3484,20 @@ int bpf_uprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr &uprobes[i].consumer); if (IS_ERR(uprobes[i].uprobe)) { err = PTR_ERR(uprobes[i].uprobe); - bpf_uprobe_unregister(uprobes, i); - goto error_free; + link->cnt = i; + goto error_unregister; } } err = bpf_link_prime(&link->link, &link_primer); if (err) - goto error_free; + goto error_unregister; return bpf_link_settle(&link_primer); +error_unregister: + bpf_uprobe_unregister(uprobes, link->cnt); + error_free: kvfree(uprobes); kfree(link);

7 months

3
2
0 0

FAILED: patch "[PATCH] dm-verity: restart or panic on an I/O error" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x e6a3531dd542cb127c8de32ab1e54a48ae19962b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100250-mortuary-cogwheel-4144@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: e6a3531dd542 ("dm-verity: restart or panic on an I/O error") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e6a3531dd542cb127c8de32ab1e54a48ae19962b Mon Sep 17 00:00:00 2001 From: Mikulas Patocka <mpatocka(a)redhat.com> Date: Tue, 24 Sep 2024 15:18:29 +0200 Subject: [PATCH] dm-verity: restart or panic on an I/O error Maxim Suhanov reported that dm-verity doesn't crash if an I/O error happens. In theory, this could be used to subvert security, because an attacker can create sectors that return error with the Write Uncorrectable command. Some programs may misbehave if they have to deal with EIO. This commit fixes dm-verity, so that if "panic_on_corruption" or "restart_on_corruption" was specified and an I/O error happens, the machine will panic or restart. This commit also changes kernel_restart to emergency_restart - kernel_restart calls reboot notifiers and these reboot notifiers may wait for the bio that failed. emergency_restart doesn't call the notifiers. Reported-by: Maxim Suhanov <dfirblog(a)gmail.com> Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c index cf659c8feb29..a95c1b9cc5b5 100644 --- a/drivers/md/dm-verity-target.c +++ b/drivers/md/dm-verity-target.c @@ -272,8 +272,10 @@ static int verity_handle_err(struct dm_verity *v, enum verity_block_type type, if (v->mode == DM_VERITY_MODE_LOGGING) return 0; - if (v->mode == DM_VERITY_MODE_RESTART) - kernel_restart("dm-verity device corrupted"); + if (v->mode == DM_VERITY_MODE_RESTART) { + pr_emerg("dm-verity device corrupted\n"); + emergency_restart(); + } if (v->mode == DM_VERITY_MODE_PANIC) panic("dm-verity device corrupted"); @@ -596,6 +598,23 @@ static void verity_finish_io(struct dm_verity_io *io, blk_status_t status) if (!static_branch_unlikely(&use_bh_wq_enabled) || !io->in_bh) verity_fec_finish_io(io); + if (unlikely(status != BLK_STS_OK) && + unlikely(!(bio->bi_opf & REQ_RAHEAD)) && + !verity_is_system_shutting_down()) { + if (v->mode == DM_VERITY_MODE_RESTART || + v->mode == DM_VERITY_MODE_PANIC) + DMERR_LIMIT("%s has error: %s", v->data_dev->name, + blk_status_to_str(status)); + + if (v->mode == DM_VERITY_MODE_RESTART) { + pr_emerg("dm-verity device corrupted\n"); + emergency_restart(); + } + + if (v->mode == DM_VERITY_MODE_PANIC) + panic("dm-verity device corrupted"); + } + bio_endio(bio); }

7 months

1
0
0 0

FAILED: patch "[PATCH] dm-verity: restart or panic on an I/O error" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x e6a3531dd542cb127c8de32ab1e54a48ae19962b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100249-snorkel-jockey-0dd7@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: e6a3531dd542 ("dm-verity: restart or panic on an I/O error") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e6a3531dd542cb127c8de32ab1e54a48ae19962b Mon Sep 17 00:00:00 2001 From: Mikulas Patocka <mpatocka(a)redhat.com> Date: Tue, 24 Sep 2024 15:18:29 +0200 Subject: [PATCH] dm-verity: restart or panic on an I/O error Maxim Suhanov reported that dm-verity doesn't crash if an I/O error happens. In theory, this could be used to subvert security, because an attacker can create sectors that return error with the Write Uncorrectable command. Some programs may misbehave if they have to deal with EIO. This commit fixes dm-verity, so that if "panic_on_corruption" or "restart_on_corruption" was specified and an I/O error happens, the machine will panic or restart. This commit also changes kernel_restart to emergency_restart - kernel_restart calls reboot notifiers and these reboot notifiers may wait for the bio that failed. emergency_restart doesn't call the notifiers. Reported-by: Maxim Suhanov <dfirblog(a)gmail.com> Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c index cf659c8feb29..a95c1b9cc5b5 100644 --- a/drivers/md/dm-verity-target.c +++ b/drivers/md/dm-verity-target.c @@ -272,8 +272,10 @@ static int verity_handle_err(struct dm_verity *v, enum verity_block_type type, if (v->mode == DM_VERITY_MODE_LOGGING) return 0; - if (v->mode == DM_VERITY_MODE_RESTART) - kernel_restart("dm-verity device corrupted"); + if (v->mode == DM_VERITY_MODE_RESTART) { + pr_emerg("dm-verity device corrupted\n"); + emergency_restart(); + } if (v->mode == DM_VERITY_MODE_PANIC) panic("dm-verity device corrupted"); @@ -596,6 +598,23 @@ static void verity_finish_io(struct dm_verity_io *io, blk_status_t status) if (!static_branch_unlikely(&use_bh_wq_enabled) || !io->in_bh) verity_fec_finish_io(io); + if (unlikely(status != BLK_STS_OK) && + unlikely(!(bio->bi_opf & REQ_RAHEAD)) && + !verity_is_system_shutting_down()) { + if (v->mode == DM_VERITY_MODE_RESTART || + v->mode == DM_VERITY_MODE_PANIC) + DMERR_LIMIT("%s has error: %s", v->data_dev->name, + blk_status_to_str(status)); + + if (v->mode == DM_VERITY_MODE_RESTART) { + pr_emerg("dm-verity device corrupted\n"); + emergency_restart(); + } + + if (v->mode == DM_VERITY_MODE_PANIC) + panic("dm-verity device corrupted"); + } + bio_endio(bio); }

7 months

1
0
0 0

FAILED: patch "[PATCH] dm-verity: restart or panic on an I/O error" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x e6a3531dd542cb127c8de32ab1e54a48ae19962b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100248-blitz-lapdog-06dc@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: e6a3531dd542 ("dm-verity: restart or panic on an I/O error") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e6a3531dd542cb127c8de32ab1e54a48ae19962b Mon Sep 17 00:00:00 2001 From: Mikulas Patocka <mpatocka(a)redhat.com> Date: Tue, 24 Sep 2024 15:18:29 +0200 Subject: [PATCH] dm-verity: restart or panic on an I/O error Maxim Suhanov reported that dm-verity doesn't crash if an I/O error happens. In theory, this could be used to subvert security, because an attacker can create sectors that return error with the Write Uncorrectable command. Some programs may misbehave if they have to deal with EIO. This commit fixes dm-verity, so that if "panic_on_corruption" or "restart_on_corruption" was specified and an I/O error happens, the machine will panic or restart. This commit also changes kernel_restart to emergency_restart - kernel_restart calls reboot notifiers and these reboot notifiers may wait for the bio that failed. emergency_restart doesn't call the notifiers. Reported-by: Maxim Suhanov <dfirblog(a)gmail.com> Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c index cf659c8feb29..a95c1b9cc5b5 100644 --- a/drivers/md/dm-verity-target.c +++ b/drivers/md/dm-verity-target.c @@ -272,8 +272,10 @@ static int verity_handle_err(struct dm_verity *v, enum verity_block_type type, if (v->mode == DM_VERITY_MODE_LOGGING) return 0; - if (v->mode == DM_VERITY_MODE_RESTART) - kernel_restart("dm-verity device corrupted"); + if (v->mode == DM_VERITY_MODE_RESTART) { + pr_emerg("dm-verity device corrupted\n"); + emergency_restart(); + } if (v->mode == DM_VERITY_MODE_PANIC) panic("dm-verity device corrupted"); @@ -596,6 +598,23 @@ static void verity_finish_io(struct dm_verity_io *io, blk_status_t status) if (!static_branch_unlikely(&use_bh_wq_enabled) || !io->in_bh) verity_fec_finish_io(io); + if (unlikely(status != BLK_STS_OK) && + unlikely(!(bio->bi_opf & REQ_RAHEAD)) && + !verity_is_system_shutting_down()) { + if (v->mode == DM_VERITY_MODE_RESTART || + v->mode == DM_VERITY_MODE_PANIC) + DMERR_LIMIT("%s has error: %s", v->data_dev->name, + blk_status_to_str(status)); + + if (v->mode == DM_VERITY_MODE_RESTART) { + pr_emerg("dm-verity device corrupted\n"); + emergency_restart(); + } + + if (v->mode == DM_VERITY_MODE_PANIC) + panic("dm-verity device corrupted"); + } + bio_endio(bio); }

7 months

1
0
0 0

FAILED: patch "[PATCH] dm-verity: restart or panic on an I/O error" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x e6a3531dd542cb127c8de32ab1e54a48ae19962b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100248-cycling-unseemly-7286@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: e6a3531dd542 ("dm-verity: restart or panic on an I/O error") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e6a3531dd542cb127c8de32ab1e54a48ae19962b Mon Sep 17 00:00:00 2001 From: Mikulas Patocka <mpatocka(a)redhat.com> Date: Tue, 24 Sep 2024 15:18:29 +0200 Subject: [PATCH] dm-verity: restart or panic on an I/O error Maxim Suhanov reported that dm-verity doesn't crash if an I/O error happens. In theory, this could be used to subvert security, because an attacker can create sectors that return error with the Write Uncorrectable command. Some programs may misbehave if they have to deal with EIO. This commit fixes dm-verity, so that if "panic_on_corruption" or "restart_on_corruption" was specified and an I/O error happens, the machine will panic or restart. This commit also changes kernel_restart to emergency_restart - kernel_restart calls reboot notifiers and these reboot notifiers may wait for the bio that failed. emergency_restart doesn't call the notifiers. Reported-by: Maxim Suhanov <dfirblog(a)gmail.com> Signed-off-by: Mikulas Patocka <mpatocka(a)redhat.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c index cf659c8feb29..a95c1b9cc5b5 100644 --- a/drivers/md/dm-verity-target.c +++ b/drivers/md/dm-verity-target.c @@ -272,8 +272,10 @@ static int verity_handle_err(struct dm_verity *v, enum verity_block_type type, if (v->mode == DM_VERITY_MODE_LOGGING) return 0; - if (v->mode == DM_VERITY_MODE_RESTART) - kernel_restart("dm-verity device corrupted"); + if (v->mode == DM_VERITY_MODE_RESTART) { + pr_emerg("dm-verity device corrupted\n"); + emergency_restart(); + } if (v->mode == DM_VERITY_MODE_PANIC) panic("dm-verity device corrupted"); @@ -596,6 +598,23 @@ static void verity_finish_io(struct dm_verity_io *io, blk_status_t status) if (!static_branch_unlikely(&use_bh_wq_enabled) || !io->in_bh) verity_fec_finish_io(io); + if (unlikely(status != BLK_STS_OK) && + unlikely(!(bio->bi_opf & REQ_RAHEAD)) && + !verity_is_system_shutting_down()) { + if (v->mode == DM_VERITY_MODE_RESTART || + v->mode == DM_VERITY_MODE_PANIC) + DMERR_LIMIT("%s has error: %s", v->data_dev->name, + blk_status_to_str(status)); + + if (v->mode == DM_VERITY_MODE_RESTART) { + pr_emerg("dm-verity device corrupted\n"); + emergency_restart(); + } + + if (v->mode == DM_VERITY_MODE_PANIC) + panic("dm-verity device corrupted"); + } + bio_endio(bio); }

7 months

1
0
0 0

FAILED: patch "[PATCH] i2c: xiic: Try re-initialization on bus busy timeout" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 1d4a1adbed2582444aaf97671858b7d12915bd05 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100220-hazard-sharper-437c@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 1d4a1adbed25 ("i2c: xiic: Try re-initialization on bus busy timeout") ee1691d0ae10 ("i2c: xiic: improve error message when transfer fails to start") d663d93bb47e ("i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path") 294b29f15469 ("i2c: xiic: Fix RX IRQ busy check") c119e7d00c91 ("i2c: xiic: Fix broken locking on tx_msg") 9e3b184b3b4f ("i2c: xiic: Support forcing single-master in DT") 9106e45ceaaf ("i2c: xiic: Improve struct memory alignment") 0a9336ee133d ("i2c: xiic: Change code alignment to 1 space only") b4c119dbc300 ("i2c: xiic: Add timeout to the rx fifo wait loop") bcc156e2289d ("i2c: xiic: Fix kerneldoc warnings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1d4a1adbed2582444aaf97671858b7d12915bd05 Mon Sep 17 00:00:00 2001 From: Robert Hancock <robert.hancock(a)calian.com> Date: Wed, 11 Sep 2024 22:16:53 +0200 Subject: [PATCH] i2c: xiic: Try re-initialization on bus busy timeout In the event that the I2C bus was powered down when the I2C controller driver loads, or some spurious pulses occur on the I2C bus, it's possible that the controller detects a spurious I2C "start" condition. In this situation it may continue to report the bus is busy indefinitely and block the controller from working. The "single-master" DT flag can be specified to disable bus busy checks entirely, but this may not be safe to use in situations where other I2C masters may potentially exist. In the event that the controller reports "bus busy" for too long when starting a transaction, we can try reinitializing the controller to see if the busy condition clears. This allows recovering from this scenario. Fixes: e1d5b6598cdc ("i2c: Add support for Xilinx XPS IIC Bus Interface") Signed-off-by: Robert Hancock <robert.hancock(a)calian.com> Cc: <stable(a)vger.kernel.org> # v2.6.34+ Reviewed-by: Manikanta Guntupalli <manikanta.guntupalli(a)amd.com> Acked-by: Michal Simek <michal.simek(a)amd.com> Signed-off-by: Andi Shyti <andi.shyti(a)kernel.org> diff --git a/drivers/i2c/busses/i2c-xiic.c b/drivers/i2c/busses/i2c-xiic.c index bd6e107472b7..4c89aad02451 100644 --- a/drivers/i2c/busses/i2c-xiic.c +++ b/drivers/i2c/busses/i2c-xiic.c @@ -843,23 +843,11 @@ static int xiic_bus_busy(struct xiic_i2c *i2c) return (sr & XIIC_SR_BUS_BUSY_MASK) ? -EBUSY : 0; } -static int xiic_busy(struct xiic_i2c *i2c) +static int xiic_wait_not_busy(struct xiic_i2c *i2c) { int tries = 3; int err; - if (i2c->tx_msg || i2c->rx_msg) - return -EBUSY; - - /* In single master mode bus can only be busy, when in use by this - * driver. If the register indicates bus being busy for some reason we - * should ignore it, since bus will never be released and i2c will be - * stuck forever. - */ - if (i2c->singlemaster) { - return 0; - } - /* for instance if previous transfer was terminated due to TX error * it might be that the bus is on it's way to become available * give it at most 3 ms to wake @@ -1103,13 +1091,36 @@ static int xiic_start_xfer(struct xiic_i2c *i2c, struct i2c_msg *msgs, int num) mutex_lock(&i2c->lock); - ret = xiic_busy(i2c); - if (ret) { + if (i2c->tx_msg || i2c->rx_msg) { dev_err(i2c->adap.dev.parent, "cannot start a transfer while busy\n"); + ret = -EBUSY; goto out; } + /* In single master mode bus can only be busy, when in use by this + * driver. If the register indicates bus being busy for some reason we + * should ignore it, since bus will never be released and i2c will be + * stuck forever. + */ + if (!i2c->singlemaster) { + ret = xiic_wait_not_busy(i2c); + if (ret) { + /* If the bus is stuck in a busy state, such as due to spurious low + * pulses on the bus causing a false start condition to be detected, + * then try to recover by re-initializing the controller and check + * again if the bus is still busy. + */ + dev_warn(i2c->adap.dev.parent, "I2C bus busy timeout, reinitializing\n"); + ret = xiic_reinit(i2c); + if (ret) + goto out; + ret = xiic_wait_not_busy(i2c); + if (ret) + goto out; + } + } + i2c->tx_msg = msgs; i2c->rx_msg = NULL; i2c->nmsgs = num;

7 months

1
0
0 0

FAILED: patch "[PATCH] i2c: xiic: Try re-initialization on bus busy timeout" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1d4a1adbed2582444aaf97671858b7d12915bd05 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100219-purveyor-waffle-a828@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 1d4a1adbed25 ("i2c: xiic: Try re-initialization on bus busy timeout") ee1691d0ae10 ("i2c: xiic: improve error message when transfer fails to start") d663d93bb47e ("i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path") 294b29f15469 ("i2c: xiic: Fix RX IRQ busy check") c119e7d00c91 ("i2c: xiic: Fix broken locking on tx_msg") 9e3b184b3b4f ("i2c: xiic: Support forcing single-master in DT") 9106e45ceaaf ("i2c: xiic: Improve struct memory alignment") 0a9336ee133d ("i2c: xiic: Change code alignment to 1 space only") b4c119dbc300 ("i2c: xiic: Add timeout to the rx fifo wait loop") bcc156e2289d ("i2c: xiic: Fix kerneldoc warnings") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1d4a1adbed2582444aaf97671858b7d12915bd05 Mon Sep 17 00:00:00 2001 From: Robert Hancock <robert.hancock(a)calian.com> Date: Wed, 11 Sep 2024 22:16:53 +0200 Subject: [PATCH] i2c: xiic: Try re-initialization on bus busy timeout In the event that the I2C bus was powered down when the I2C controller driver loads, or some spurious pulses occur on the I2C bus, it's possible that the controller detects a spurious I2C "start" condition. In this situation it may continue to report the bus is busy indefinitely and block the controller from working. The "single-master" DT flag can be specified to disable bus busy checks entirely, but this may not be safe to use in situations where other I2C masters may potentially exist. In the event that the controller reports "bus busy" for too long when starting a transaction, we can try reinitializing the controller to see if the busy condition clears. This allows recovering from this scenario. Fixes: e1d5b6598cdc ("i2c: Add support for Xilinx XPS IIC Bus Interface") Signed-off-by: Robert Hancock <robert.hancock(a)calian.com> Cc: <stable(a)vger.kernel.org> # v2.6.34+ Reviewed-by: Manikanta Guntupalli <manikanta.guntupalli(a)amd.com> Acked-by: Michal Simek <michal.simek(a)amd.com> Signed-off-by: Andi Shyti <andi.shyti(a)kernel.org> diff --git a/drivers/i2c/busses/i2c-xiic.c b/drivers/i2c/busses/i2c-xiic.c index bd6e107472b7..4c89aad02451 100644 --- a/drivers/i2c/busses/i2c-xiic.c +++ b/drivers/i2c/busses/i2c-xiic.c @@ -843,23 +843,11 @@ static int xiic_bus_busy(struct xiic_i2c *i2c) return (sr & XIIC_SR_BUS_BUSY_MASK) ? -EBUSY : 0; } -static int xiic_busy(struct xiic_i2c *i2c) +static int xiic_wait_not_busy(struct xiic_i2c *i2c) { int tries = 3; int err; - if (i2c->tx_msg || i2c->rx_msg) - return -EBUSY; - - /* In single master mode bus can only be busy, when in use by this - * driver. If the register indicates bus being busy for some reason we - * should ignore it, since bus will never be released and i2c will be - * stuck forever. - */ - if (i2c->singlemaster) { - return 0; - } - /* for instance if previous transfer was terminated due to TX error * it might be that the bus is on it's way to become available * give it at most 3 ms to wake @@ -1103,13 +1091,36 @@ static int xiic_start_xfer(struct xiic_i2c *i2c, struct i2c_msg *msgs, int num) mutex_lock(&i2c->lock); - ret = xiic_busy(i2c); - if (ret) { + if (i2c->tx_msg || i2c->rx_msg) { dev_err(i2c->adap.dev.parent, "cannot start a transfer while busy\n"); + ret = -EBUSY; goto out; } + /* In single master mode bus can only be busy, when in use by this + * driver. If the register indicates bus being busy for some reason we + * should ignore it, since bus will never be released and i2c will be + * stuck forever. + */ + if (!i2c->singlemaster) { + ret = xiic_wait_not_busy(i2c); + if (ret) { + /* If the bus is stuck in a busy state, such as due to spurious low + * pulses on the bus causing a false start condition to be detected, + * then try to recover by re-initializing the controller and check + * again if the bus is still busy. + */ + dev_warn(i2c->adap.dev.parent, "I2C bus busy timeout, reinitializing\n"); + ret = xiic_reinit(i2c); + if (ret) + goto out; + ret = xiic_wait_not_busy(i2c); + if (ret) + goto out; + } + } + i2c->tx_msg = msgs; i2c->rx_msg = NULL; i2c->nmsgs = num;

7 months

1
0
0 0

FAILED: patch "[PATCH] i2c: xiic: Try re-initialization on bus busy timeout" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1d4a1adbed2582444aaf97671858b7d12915bd05 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100218-unlovable-upon-1c43@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 1d4a1adbed25 ("i2c: xiic: Try re-initialization on bus busy timeout") ee1691d0ae10 ("i2c: xiic: improve error message when transfer fails to start") d663d93bb47e ("i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path") 294b29f15469 ("i2c: xiic: Fix RX IRQ busy check") c119e7d00c91 ("i2c: xiic: Fix broken locking on tx_msg") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1d4a1adbed2582444aaf97671858b7d12915bd05 Mon Sep 17 00:00:00 2001 From: Robert Hancock <robert.hancock(a)calian.com> Date: Wed, 11 Sep 2024 22:16:53 +0200 Subject: [PATCH] i2c: xiic: Try re-initialization on bus busy timeout In the event that the I2C bus was powered down when the I2C controller driver loads, or some spurious pulses occur on the I2C bus, it's possible that the controller detects a spurious I2C "start" condition. In this situation it may continue to report the bus is busy indefinitely and block the controller from working. The "single-master" DT flag can be specified to disable bus busy checks entirely, but this may not be safe to use in situations where other I2C masters may potentially exist. In the event that the controller reports "bus busy" for too long when starting a transaction, we can try reinitializing the controller to see if the busy condition clears. This allows recovering from this scenario. Fixes: e1d5b6598cdc ("i2c: Add support for Xilinx XPS IIC Bus Interface") Signed-off-by: Robert Hancock <robert.hancock(a)calian.com> Cc: <stable(a)vger.kernel.org> # v2.6.34+ Reviewed-by: Manikanta Guntupalli <manikanta.guntupalli(a)amd.com> Acked-by: Michal Simek <michal.simek(a)amd.com> Signed-off-by: Andi Shyti <andi.shyti(a)kernel.org> diff --git a/drivers/i2c/busses/i2c-xiic.c b/drivers/i2c/busses/i2c-xiic.c index bd6e107472b7..4c89aad02451 100644 --- a/drivers/i2c/busses/i2c-xiic.c +++ b/drivers/i2c/busses/i2c-xiic.c @@ -843,23 +843,11 @@ static int xiic_bus_busy(struct xiic_i2c *i2c) return (sr & XIIC_SR_BUS_BUSY_MASK) ? -EBUSY : 0; } -static int xiic_busy(struct xiic_i2c *i2c) +static int xiic_wait_not_busy(struct xiic_i2c *i2c) { int tries = 3; int err; - if (i2c->tx_msg || i2c->rx_msg) - return -EBUSY; - - /* In single master mode bus can only be busy, when in use by this - * driver. If the register indicates bus being busy for some reason we - * should ignore it, since bus will never be released and i2c will be - * stuck forever. - */ - if (i2c->singlemaster) { - return 0; - } - /* for instance if previous transfer was terminated due to TX error * it might be that the bus is on it's way to become available * give it at most 3 ms to wake @@ -1103,13 +1091,36 @@ static int xiic_start_xfer(struct xiic_i2c *i2c, struct i2c_msg *msgs, int num) mutex_lock(&i2c->lock); - ret = xiic_busy(i2c); - if (ret) { + if (i2c->tx_msg || i2c->rx_msg) { dev_err(i2c->adap.dev.parent, "cannot start a transfer while busy\n"); + ret = -EBUSY; goto out; } + /* In single master mode bus can only be busy, when in use by this + * driver. If the register indicates bus being busy for some reason we + * should ignore it, since bus will never be released and i2c will be + * stuck forever. + */ + if (!i2c->singlemaster) { + ret = xiic_wait_not_busy(i2c); + if (ret) { + /* If the bus is stuck in a busy state, such as due to spurious low + * pulses on the bus causing a false start condition to be detected, + * then try to recover by re-initializing the controller and check + * again if the bus is still busy. + */ + dev_warn(i2c->adap.dev.parent, "I2C bus busy timeout, reinitializing\n"); + ret = xiic_reinit(i2c); + if (ret) + goto out; + ret = xiic_wait_not_busy(i2c); + if (ret) + goto out; + } + } + i2c->tx_msg = msgs; i2c->rx_msg = NULL; i2c->nmsgs = num;

7 months

1
0
0 0

FAILED: patch "[PATCH] i2c: xiic: Try re-initialization on bus busy timeout" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1d4a1adbed2582444aaf97671858b7d12915bd05 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100217-schematic-oil-69e2@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 1d4a1adbed25 ("i2c: xiic: Try re-initialization on bus busy timeout") ee1691d0ae10 ("i2c: xiic: improve error message when transfer fails to start") d663d93bb47e ("i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path") 294b29f15469 ("i2c: xiic: Fix RX IRQ busy check") c119e7d00c91 ("i2c: xiic: Fix broken locking on tx_msg") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1d4a1adbed2582444aaf97671858b7d12915bd05 Mon Sep 17 00:00:00 2001 From: Robert Hancock <robert.hancock(a)calian.com> Date: Wed, 11 Sep 2024 22:16:53 +0200 Subject: [PATCH] i2c: xiic: Try re-initialization on bus busy timeout In the event that the I2C bus was powered down when the I2C controller driver loads, or some spurious pulses occur on the I2C bus, it's possible that the controller detects a spurious I2C "start" condition. In this situation it may continue to report the bus is busy indefinitely and block the controller from working. The "single-master" DT flag can be specified to disable bus busy checks entirely, but this may not be safe to use in situations where other I2C masters may potentially exist. In the event that the controller reports "bus busy" for too long when starting a transaction, we can try reinitializing the controller to see if the busy condition clears. This allows recovering from this scenario. Fixes: e1d5b6598cdc ("i2c: Add support for Xilinx XPS IIC Bus Interface") Signed-off-by: Robert Hancock <robert.hancock(a)calian.com> Cc: <stable(a)vger.kernel.org> # v2.6.34+ Reviewed-by: Manikanta Guntupalli <manikanta.guntupalli(a)amd.com> Acked-by: Michal Simek <michal.simek(a)amd.com> Signed-off-by: Andi Shyti <andi.shyti(a)kernel.org> diff --git a/drivers/i2c/busses/i2c-xiic.c b/drivers/i2c/busses/i2c-xiic.c index bd6e107472b7..4c89aad02451 100644 --- a/drivers/i2c/busses/i2c-xiic.c +++ b/drivers/i2c/busses/i2c-xiic.c @@ -843,23 +843,11 @@ static int xiic_bus_busy(struct xiic_i2c *i2c) return (sr & XIIC_SR_BUS_BUSY_MASK) ? -EBUSY : 0; } -static int xiic_busy(struct xiic_i2c *i2c) +static int xiic_wait_not_busy(struct xiic_i2c *i2c) { int tries = 3; int err; - if (i2c->tx_msg || i2c->rx_msg) - return -EBUSY; - - /* In single master mode bus can only be busy, when in use by this - * driver. If the register indicates bus being busy for some reason we - * should ignore it, since bus will never be released and i2c will be - * stuck forever. - */ - if (i2c->singlemaster) { - return 0; - } - /* for instance if previous transfer was terminated due to TX error * it might be that the bus is on it's way to become available * give it at most 3 ms to wake @@ -1103,13 +1091,36 @@ static int xiic_start_xfer(struct xiic_i2c *i2c, struct i2c_msg *msgs, int num) mutex_lock(&i2c->lock); - ret = xiic_busy(i2c); - if (ret) { + if (i2c->tx_msg || i2c->rx_msg) { dev_err(i2c->adap.dev.parent, "cannot start a transfer while busy\n"); + ret = -EBUSY; goto out; } + /* In single master mode bus can only be busy, when in use by this + * driver. If the register indicates bus being busy for some reason we + * should ignore it, since bus will never be released and i2c will be + * stuck forever. + */ + if (!i2c->singlemaster) { + ret = xiic_wait_not_busy(i2c); + if (ret) { + /* If the bus is stuck in a busy state, such as due to spurious low + * pulses on the bus causing a false start condition to be detected, + * then try to recover by re-initializing the controller and check + * again if the bus is still busy. + */ + dev_warn(i2c->adap.dev.parent, "I2C bus busy timeout, reinitializing\n"); + ret = xiic_reinit(i2c); + if (ret) + goto out; + ret = xiic_wait_not_busy(i2c); + if (ret) + goto out; + } + } + i2c->tx_msg = msgs; i2c->rx_msg = NULL; i2c->nmsgs = num;

7 months

1
0
0 0

FAILED: patch "[PATCH] i2c: xiic: Try re-initialization on bus busy timeout" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1d4a1adbed2582444aaf97671858b7d12915bd05 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100216-baboon-arson-e49d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 1d4a1adbed25 ("i2c: xiic: Try re-initialization on bus busy timeout") ee1691d0ae10 ("i2c: xiic: improve error message when transfer fails to start") d663d93bb47e ("i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1d4a1adbed2582444aaf97671858b7d12915bd05 Mon Sep 17 00:00:00 2001 From: Robert Hancock <robert.hancock(a)calian.com> Date: Wed, 11 Sep 2024 22:16:53 +0200 Subject: [PATCH] i2c: xiic: Try re-initialization on bus busy timeout In the event that the I2C bus was powered down when the I2C controller driver loads, or some spurious pulses occur on the I2C bus, it's possible that the controller detects a spurious I2C "start" condition. In this situation it may continue to report the bus is busy indefinitely and block the controller from working. The "single-master" DT flag can be specified to disable bus busy checks entirely, but this may not be safe to use in situations where other I2C masters may potentially exist. In the event that the controller reports "bus busy" for too long when starting a transaction, we can try reinitializing the controller to see if the busy condition clears. This allows recovering from this scenario. Fixes: e1d5b6598cdc ("i2c: Add support for Xilinx XPS IIC Bus Interface") Signed-off-by: Robert Hancock <robert.hancock(a)calian.com> Cc: <stable(a)vger.kernel.org> # v2.6.34+ Reviewed-by: Manikanta Guntupalli <manikanta.guntupalli(a)amd.com> Acked-by: Michal Simek <michal.simek(a)amd.com> Signed-off-by: Andi Shyti <andi.shyti(a)kernel.org> diff --git a/drivers/i2c/busses/i2c-xiic.c b/drivers/i2c/busses/i2c-xiic.c index bd6e107472b7..4c89aad02451 100644 --- a/drivers/i2c/busses/i2c-xiic.c +++ b/drivers/i2c/busses/i2c-xiic.c @@ -843,23 +843,11 @@ static int xiic_bus_busy(struct xiic_i2c *i2c) return (sr & XIIC_SR_BUS_BUSY_MASK) ? -EBUSY : 0; } -static int xiic_busy(struct xiic_i2c *i2c) +static int xiic_wait_not_busy(struct xiic_i2c *i2c) { int tries = 3; int err; - if (i2c->tx_msg || i2c->rx_msg) - return -EBUSY; - - /* In single master mode bus can only be busy, when in use by this - * driver. If the register indicates bus being busy for some reason we - * should ignore it, since bus will never be released and i2c will be - * stuck forever. - */ - if (i2c->singlemaster) { - return 0; - } - /* for instance if previous transfer was terminated due to TX error * it might be that the bus is on it's way to become available * give it at most 3 ms to wake @@ -1103,13 +1091,36 @@ static int xiic_start_xfer(struct xiic_i2c *i2c, struct i2c_msg *msgs, int num) mutex_lock(&i2c->lock); - ret = xiic_busy(i2c); - if (ret) { + if (i2c->tx_msg || i2c->rx_msg) { dev_err(i2c->adap.dev.parent, "cannot start a transfer while busy\n"); + ret = -EBUSY; goto out; } + /* In single master mode bus can only be busy, when in use by this + * driver. If the register indicates bus being busy for some reason we + * should ignore it, since bus will never be released and i2c will be + * stuck forever. + */ + if (!i2c->singlemaster) { + ret = xiic_wait_not_busy(i2c); + if (ret) { + /* If the bus is stuck in a busy state, such as due to spurious low + * pulses on the bus causing a false start condition to be detected, + * then try to recover by re-initializing the controller and check + * again if the bus is still busy. + */ + dev_warn(i2c->adap.dev.parent, "I2C bus busy timeout, reinitializing\n"); + ret = xiic_reinit(i2c); + if (ret) + goto out; + ret = xiic_wait_not_busy(i2c); + if (ret) + goto out; + } + } + i2c->tx_msg = msgs; i2c->rx_msg = NULL; i2c->nmsgs = num;

7 months

1
0
0 0

FAILED: patch "[PATCH] i2c: xiic: Try re-initialization on bus busy timeout" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 1d4a1adbed2582444aaf97671858b7d12915bd05 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100216-tingling-finicky-658f@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 1d4a1adbed25 ("i2c: xiic: Try re-initialization on bus busy timeout") ee1691d0ae10 ("i2c: xiic: improve error message when transfer fails to start") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1d4a1adbed2582444aaf97671858b7d12915bd05 Mon Sep 17 00:00:00 2001 From: Robert Hancock <robert.hancock(a)calian.com> Date: Wed, 11 Sep 2024 22:16:53 +0200 Subject: [PATCH] i2c: xiic: Try re-initialization on bus busy timeout In the event that the I2C bus was powered down when the I2C controller driver loads, or some spurious pulses occur on the I2C bus, it's possible that the controller detects a spurious I2C "start" condition. In this situation it may continue to report the bus is busy indefinitely and block the controller from working. The "single-master" DT flag can be specified to disable bus busy checks entirely, but this may not be safe to use in situations where other I2C masters may potentially exist. In the event that the controller reports "bus busy" for too long when starting a transaction, we can try reinitializing the controller to see if the busy condition clears. This allows recovering from this scenario. Fixes: e1d5b6598cdc ("i2c: Add support for Xilinx XPS IIC Bus Interface") Signed-off-by: Robert Hancock <robert.hancock(a)calian.com> Cc: <stable(a)vger.kernel.org> # v2.6.34+ Reviewed-by: Manikanta Guntupalli <manikanta.guntupalli(a)amd.com> Acked-by: Michal Simek <michal.simek(a)amd.com> Signed-off-by: Andi Shyti <andi.shyti(a)kernel.org> diff --git a/drivers/i2c/busses/i2c-xiic.c b/drivers/i2c/busses/i2c-xiic.c index bd6e107472b7..4c89aad02451 100644 --- a/drivers/i2c/busses/i2c-xiic.c +++ b/drivers/i2c/busses/i2c-xiic.c @@ -843,23 +843,11 @@ static int xiic_bus_busy(struct xiic_i2c *i2c) return (sr & XIIC_SR_BUS_BUSY_MASK) ? -EBUSY : 0; } -static int xiic_busy(struct xiic_i2c *i2c) +static int xiic_wait_not_busy(struct xiic_i2c *i2c) { int tries = 3; int err; - if (i2c->tx_msg || i2c->rx_msg) - return -EBUSY; - - /* In single master mode bus can only be busy, when in use by this - * driver. If the register indicates bus being busy for some reason we - * should ignore it, since bus will never be released and i2c will be - * stuck forever. - */ - if (i2c->singlemaster) { - return 0; - } - /* for instance if previous transfer was terminated due to TX error * it might be that the bus is on it's way to become available * give it at most 3 ms to wake @@ -1103,13 +1091,36 @@ static int xiic_start_xfer(struct xiic_i2c *i2c, struct i2c_msg *msgs, int num) mutex_lock(&i2c->lock); - ret = xiic_busy(i2c); - if (ret) { + if (i2c->tx_msg || i2c->rx_msg) { dev_err(i2c->adap.dev.parent, "cannot start a transfer while busy\n"); + ret = -EBUSY; goto out; } + /* In single master mode bus can only be busy, when in use by this + * driver. If the register indicates bus being busy for some reason we + * should ignore it, since bus will never be released and i2c will be + * stuck forever. + */ + if (!i2c->singlemaster) { + ret = xiic_wait_not_busy(i2c); + if (ret) { + /* If the bus is stuck in a busy state, such as due to spurious low + * pulses on the bus causing a false start condition to be detected, + * then try to recover by re-initializing the controller and check + * again if the bus is still busy. + */ + dev_warn(i2c->adap.dev.parent, "I2C bus busy timeout, reinitializing\n"); + ret = xiic_reinit(i2c); + if (ret) + goto out; + ret = xiic_wait_not_busy(i2c); + if (ret) + goto out; + } + } + i2c->tx_msg = msgs; i2c->rx_msg = NULL; i2c->nmsgs = num;

7 months

1
0
0 0

FAILED: patch "[PATCH] i2c: xiic: Try re-initialization on bus busy timeout" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 1d4a1adbed2582444aaf97671858b7d12915bd05 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100215-lagged-definite-9910@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 1d4a1adbed25 ("i2c: xiic: Try re-initialization on bus busy timeout") ee1691d0ae10 ("i2c: xiic: improve error message when transfer fails to start") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1d4a1adbed2582444aaf97671858b7d12915bd05 Mon Sep 17 00:00:00 2001 From: Robert Hancock <robert.hancock(a)calian.com> Date: Wed, 11 Sep 2024 22:16:53 +0200 Subject: [PATCH] i2c: xiic: Try re-initialization on bus busy timeout In the event that the I2C bus was powered down when the I2C controller driver loads, or some spurious pulses occur on the I2C bus, it's possible that the controller detects a spurious I2C "start" condition. In this situation it may continue to report the bus is busy indefinitely and block the controller from working. The "single-master" DT flag can be specified to disable bus busy checks entirely, but this may not be safe to use in situations where other I2C masters may potentially exist. In the event that the controller reports "bus busy" for too long when starting a transaction, we can try reinitializing the controller to see if the busy condition clears. This allows recovering from this scenario. Fixes: e1d5b6598cdc ("i2c: Add support for Xilinx XPS IIC Bus Interface") Signed-off-by: Robert Hancock <robert.hancock(a)calian.com> Cc: <stable(a)vger.kernel.org> # v2.6.34+ Reviewed-by: Manikanta Guntupalli <manikanta.guntupalli(a)amd.com> Acked-by: Michal Simek <michal.simek(a)amd.com> Signed-off-by: Andi Shyti <andi.shyti(a)kernel.org> diff --git a/drivers/i2c/busses/i2c-xiic.c b/drivers/i2c/busses/i2c-xiic.c index bd6e107472b7..4c89aad02451 100644 --- a/drivers/i2c/busses/i2c-xiic.c +++ b/drivers/i2c/busses/i2c-xiic.c @@ -843,23 +843,11 @@ static int xiic_bus_busy(struct xiic_i2c *i2c) return (sr & XIIC_SR_BUS_BUSY_MASK) ? -EBUSY : 0; } -static int xiic_busy(struct xiic_i2c *i2c) +static int xiic_wait_not_busy(struct xiic_i2c *i2c) { int tries = 3; int err; - if (i2c->tx_msg || i2c->rx_msg) - return -EBUSY; - - /* In single master mode bus can only be busy, when in use by this - * driver. If the register indicates bus being busy for some reason we - * should ignore it, since bus will never be released and i2c will be - * stuck forever. - */ - if (i2c->singlemaster) { - return 0; - } - /* for instance if previous transfer was terminated due to TX error * it might be that the bus is on it's way to become available * give it at most 3 ms to wake @@ -1103,13 +1091,36 @@ static int xiic_start_xfer(struct xiic_i2c *i2c, struct i2c_msg *msgs, int num) mutex_lock(&i2c->lock); - ret = xiic_busy(i2c); - if (ret) { + if (i2c->tx_msg || i2c->rx_msg) { dev_err(i2c->adap.dev.parent, "cannot start a transfer while busy\n"); + ret = -EBUSY; goto out; } + /* In single master mode bus can only be busy, when in use by this + * driver. If the register indicates bus being busy for some reason we + * should ignore it, since bus will never be released and i2c will be + * stuck forever. + */ + if (!i2c->singlemaster) { + ret = xiic_wait_not_busy(i2c); + if (ret) { + /* If the bus is stuck in a busy state, such as due to spurious low + * pulses on the bus causing a false start condition to be detected, + * then try to recover by re-initializing the controller and check + * again if the bus is still busy. + */ + dev_warn(i2c->adap.dev.parent, "I2C bus busy timeout, reinitializing\n"); + ret = xiic_reinit(i2c); + if (ret) + goto out; + ret = xiic_wait_not_busy(i2c); + if (ret) + goto out; + } + } + i2c->tx_msg = msgs; i2c->rx_msg = NULL; i2c->nmsgs = num;

7 months

1
0
0 0

FAILED: patch "[PATCH] mm/codetag: add pgalloc_tag_copy()" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x e0a955bf7f61cb034d228736d81c1ab3a47a3dca # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100211-petticoat-unnerving-003c@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: e0a955bf7f61 ("mm/codetag: add pgalloc_tag_copy()") 95599ef684d0 ("mm/codetag: fix pgalloc_tag_split()") cf54f310d0d3 ("mm/hugetlb: use __GFP_COMP for gigantic folios") c0f398c3b2cf ("mm/hugetlb_vmemmap: batch HVO work when demoting") fbc90c042cd1 ("Merge tag 'mm-stable-2024-07-21-14-50' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e0a955bf7f61cb034d228736d81c1ab3a47a3dca Mon Sep 17 00:00:00 2001 From: Yu Zhao <yuzhao(a)google.com> Date: Thu, 5 Sep 2024 22:21:08 -0600 Subject: [PATCH] mm/codetag: add pgalloc_tag_copy() Add pgalloc_tag_copy() to transfer the codetag from the old folio to the new one during migration. This makes original allocation sites persist cross migration rather than lump into the get_new_folio callbacks passed into migrate_pages(), e.g., compaction_alloc(): # echo 1 >/proc/sys/vm/compact_memory # grep compaction_alloc /proc/allocinfo Before this patch: 132968448 32463 mm/compaction.c:1880 func:compaction_alloc After this patch: 0 0 mm/compaction.c:1880 func:compaction_alloc Link: https://lkml.kernel.org/r/20240906042108.1150526-3-yuzhao@google.com Fixes: dcfe378c81f7 ("lib: introduce support for page allocation tagging") Signed-off-by: Yu Zhao <yuzhao(a)google.com> Acked-by: Suren Baghdasaryan <surenb(a)google.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/alloc_tag.h b/include/linux/alloc_tag.h index 896491d9ebe8..1f0a9ff23a2c 100644 --- a/include/linux/alloc_tag.h +++ b/include/linux/alloc_tag.h @@ -137,7 +137,16 @@ static inline void alloc_tag_sub_check(union codetag_ref *ref) {} /* Caller should verify both ref and tag to be valid */ static inline void __alloc_tag_ref_set(union codetag_ref *ref, struct alloc_tag *tag) { + alloc_tag_add_check(ref, tag); + if (!ref || !tag) + return; + ref->ct = &tag->ct; +} + +static inline void alloc_tag_ref_set(union codetag_ref *ref, struct alloc_tag *tag) +{ + __alloc_tag_ref_set(ref, tag); /* * We need in increment the call counter every time we have a new * allocation or when we split a large allocation into smaller ones. @@ -147,22 +156,9 @@ static inline void __alloc_tag_ref_set(union codetag_ref *ref, struct alloc_tag this_cpu_inc(tag->counters->calls); } -static inline void alloc_tag_ref_set(union codetag_ref *ref, struct alloc_tag *tag) -{ - alloc_tag_add_check(ref, tag); - if (!ref || !tag) - return; - - __alloc_tag_ref_set(ref, tag); -} - static inline void alloc_tag_add(union codetag_ref *ref, struct alloc_tag *tag, size_t bytes) { - alloc_tag_add_check(ref, tag); - if (!ref || !tag) - return; - - __alloc_tag_ref_set(ref, tag); + alloc_tag_ref_set(ref, tag); this_cpu_add(tag->counters->bytes, bytes); } diff --git a/include/linux/mm.h b/include/linux/mm.h index 6bb778cbaabf..39f6faace590 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4108,10 +4108,37 @@ static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new } } } + +static inline void pgalloc_tag_copy(struct folio *new, struct folio *old) +{ + struct alloc_tag *tag; + union codetag_ref *ref; + + tag = pgalloc_tag_get(&old->page); + if (!tag) + return; + + ref = get_page_tag_ref(&new->page); + if (!ref) + return; + + /* Clear the old ref to the original allocation tag. */ + clear_page_tag_ref(&old->page); + /* Decrement the counters of the tag on get_new_folio. */ + alloc_tag_sub(ref, folio_nr_pages(new)); + + __alloc_tag_ref_set(ref, tag); + + put_page_tag_ref(ref); +} #else /* !CONFIG_MEM_ALLOC_PROFILING */ static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new_order) { } + +static inline void pgalloc_tag_copy(struct folio *new, struct folio *old) +{ +} #endif /* CONFIG_MEM_ALLOC_PROFILING */ #endif /* _LINUX_MM_H */ diff --git a/mm/migrate.c b/mm/migrate.c index 0f6b78fd73aa..dfdb3a136bf8 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -743,6 +743,7 @@ void folio_migrate_flags(struct folio *newfolio, struct folio *folio) folio_set_readahead(newfolio); folio_copy_owner(newfolio, folio); + pgalloc_tag_copy(newfolio, folio); mem_cgroup_migrate(folio, newfolio); }

7 months

1
0
0 0

FAILED: patch "[PATCH] mm/codetag: add pgalloc_tag_copy()" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x e0a955bf7f61cb034d228736d81c1ab3a47a3dca # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100210-untie-oven-64d6@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: e0a955bf7f61 ("mm/codetag: add pgalloc_tag_copy()") 95599ef684d0 ("mm/codetag: fix pgalloc_tag_split()") cf54f310d0d3 ("mm/hugetlb: use __GFP_COMP for gigantic folios") c0f398c3b2cf ("mm/hugetlb_vmemmap: batch HVO work when demoting") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e0a955bf7f61cb034d228736d81c1ab3a47a3dca Mon Sep 17 00:00:00 2001 From: Yu Zhao <yuzhao(a)google.com> Date: Thu, 5 Sep 2024 22:21:08 -0600 Subject: [PATCH] mm/codetag: add pgalloc_tag_copy() Add pgalloc_tag_copy() to transfer the codetag from the old folio to the new one during migration. This makes original allocation sites persist cross migration rather than lump into the get_new_folio callbacks passed into migrate_pages(), e.g., compaction_alloc(): # echo 1 >/proc/sys/vm/compact_memory # grep compaction_alloc /proc/allocinfo Before this patch: 132968448 32463 mm/compaction.c:1880 func:compaction_alloc After this patch: 0 0 mm/compaction.c:1880 func:compaction_alloc Link: https://lkml.kernel.org/r/20240906042108.1150526-3-yuzhao@google.com Fixes: dcfe378c81f7 ("lib: introduce support for page allocation tagging") Signed-off-by: Yu Zhao <yuzhao(a)google.com> Acked-by: Suren Baghdasaryan <surenb(a)google.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/alloc_tag.h b/include/linux/alloc_tag.h index 896491d9ebe8..1f0a9ff23a2c 100644 --- a/include/linux/alloc_tag.h +++ b/include/linux/alloc_tag.h @@ -137,7 +137,16 @@ static inline void alloc_tag_sub_check(union codetag_ref *ref) {} /* Caller should verify both ref and tag to be valid */ static inline void __alloc_tag_ref_set(union codetag_ref *ref, struct alloc_tag *tag) { + alloc_tag_add_check(ref, tag); + if (!ref || !tag) + return; + ref->ct = &tag->ct; +} + +static inline void alloc_tag_ref_set(union codetag_ref *ref, struct alloc_tag *tag) +{ + __alloc_tag_ref_set(ref, tag); /* * We need in increment the call counter every time we have a new * allocation or when we split a large allocation into smaller ones. @@ -147,22 +156,9 @@ static inline void __alloc_tag_ref_set(union codetag_ref *ref, struct alloc_tag this_cpu_inc(tag->counters->calls); } -static inline void alloc_tag_ref_set(union codetag_ref *ref, struct alloc_tag *tag) -{ - alloc_tag_add_check(ref, tag); - if (!ref || !tag) - return; - - __alloc_tag_ref_set(ref, tag); -} - static inline void alloc_tag_add(union codetag_ref *ref, struct alloc_tag *tag, size_t bytes) { - alloc_tag_add_check(ref, tag); - if (!ref || !tag) - return; - - __alloc_tag_ref_set(ref, tag); + alloc_tag_ref_set(ref, tag); this_cpu_add(tag->counters->bytes, bytes); } diff --git a/include/linux/mm.h b/include/linux/mm.h index 6bb778cbaabf..39f6faace590 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4108,10 +4108,37 @@ static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new } } } + +static inline void pgalloc_tag_copy(struct folio *new, struct folio *old) +{ + struct alloc_tag *tag; + union codetag_ref *ref; + + tag = pgalloc_tag_get(&old->page); + if (!tag) + return; + + ref = get_page_tag_ref(&new->page); + if (!ref) + return; + + /* Clear the old ref to the original allocation tag. */ + clear_page_tag_ref(&old->page); + /* Decrement the counters of the tag on get_new_folio. */ + alloc_tag_sub(ref, folio_nr_pages(new)); + + __alloc_tag_ref_set(ref, tag); + + put_page_tag_ref(ref); +} #else /* !CONFIG_MEM_ALLOC_PROFILING */ static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new_order) { } + +static inline void pgalloc_tag_copy(struct folio *new, struct folio *old) +{ +} #endif /* CONFIG_MEM_ALLOC_PROFILING */ #endif /* _LINUX_MM_H */ diff --git a/mm/migrate.c b/mm/migrate.c index 0f6b78fd73aa..dfdb3a136bf8 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -743,6 +743,7 @@ void folio_migrate_flags(struct folio *newfolio, struct folio *folio) folio_set_readahead(newfolio); folio_copy_owner(newfolio, folio); + pgalloc_tag_copy(newfolio, folio); mem_cgroup_migrate(folio, newfolio); }

7 months

1
0
0 0

FAILED: patch "[PATCH] mm/codetag: fix pgalloc_tag_split()" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 95599ef684d01136a8b77c16a7c853496786e173 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100206-thread-uncorrupt-0ea0@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 95599ef684d0 ("mm/codetag: fix pgalloc_tag_split()") cf54f310d0d3 ("mm/hugetlb: use __GFP_COMP for gigantic folios") c0f398c3b2cf ("mm/hugetlb_vmemmap: batch HVO work when demoting") fbc90c042cd1 ("Merge tag 'mm-stable-2024-07-21-14-50' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 95599ef684d01136a8b77c16a7c853496786e173 Mon Sep 17 00:00:00 2001 From: Yu Zhao <yuzhao(a)google.com> Date: Thu, 5 Sep 2024 22:21:07 -0600 Subject: [PATCH] mm/codetag: fix pgalloc_tag_split() The current assumption is that a large folio can only be split into order-0 folios. That is not the case for hugeTLB demotion, nor for THP split: see commit c010d47f107f ("mm: thp: split huge page to any lower order pages"). When a large folio is split into ones of a lower non-zero order, only the new head pages should be tagged. Tagging tail pages can cause imbalanced "calls" counters, since only head pages are untagged by pgalloc_tag_sub() and the "calls" counts on tail pages are leaked, e.g., # echo 2048kB >/sys/kernel/mm/hugepages/hugepages-1048576kB/demote_size # echo 700 >/sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages # time echo 700 >/sys/kernel/mm/hugepages/hugepages-1048576kB/demote # echo 0 >/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages # grep alloc_gigantic_folio /proc/allocinfo Before this patch: 0 549427200 mm/hugetlb.c:1549 func:alloc_gigantic_folio real 0m2.057s user 0m0.000s sys 0m2.051s After this patch: 0 0 mm/hugetlb.c:1549 func:alloc_gigantic_folio real 0m1.711s user 0m0.000s sys 0m1.704s Not tagging tail pages also improves the splitting time, e.g., by about 15% when demoting 1GB hugeTLB folios to 2MB ones, as shown above. Link: https://lkml.kernel.org/r/20240906042108.1150526-2-yuzhao@google.com Fixes: be25d1d4e822 ("mm: create new codetag references during page splitting") Signed-off-by: Yu Zhao <yuzhao(a)google.com> Acked-by: Suren Baghdasaryan <surenb(a)google.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/mm.h b/include/linux/mm.h index b0ff06d18c71..6bb778cbaabf 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4084,4 +4084,34 @@ void vma_pgtable_walk_end(struct vm_area_struct *vma); int reserve_mem_find_by_name(const char *name, phys_addr_t *start, phys_addr_t *size); +#ifdef CONFIG_MEM_ALLOC_PROFILING +static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new_order) +{ + int i; + struct alloc_tag *tag; + unsigned int nr_pages = 1 << new_order; + + if (!mem_alloc_profiling_enabled()) + return; + + tag = pgalloc_tag_get(&folio->page); + if (!tag) + return; + + for (i = nr_pages; i < (1 << old_order); i += nr_pages) { + union codetag_ref *ref = get_page_tag_ref(folio_page(folio, i)); + + if (ref) { + /* Set new reference to point to the original tag */ + alloc_tag_ref_set(ref, tag); + put_page_tag_ref(ref); + } + } +} +#else /* !CONFIG_MEM_ALLOC_PROFILING */ +static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new_order) +{ +} +#endif /* CONFIG_MEM_ALLOC_PROFILING */ + #endif /* _LINUX_MM_H */ diff --git a/include/linux/pgalloc_tag.h b/include/linux/pgalloc_tag.h index 207f0c83c8e9..59a3deb792a8 100644 --- a/include/linux/pgalloc_tag.h +++ b/include/linux/pgalloc_tag.h @@ -80,36 +80,6 @@ static inline void pgalloc_tag_sub(struct page *page, unsigned int nr) } } -static inline void pgalloc_tag_split(struct page *page, unsigned int nr) -{ - int i; - struct page_ext *first_page_ext; - struct page_ext *page_ext; - union codetag_ref *ref; - struct alloc_tag *tag; - - if (!mem_alloc_profiling_enabled()) - return; - - first_page_ext = page_ext = page_ext_get(page); - if (unlikely(!page_ext)) - return; - - ref = codetag_ref_from_page_ext(page_ext); - if (!ref->ct) - goto out; - - tag = ct_to_alloc_tag(ref->ct); - page_ext = page_ext_next(page_ext); - for (i = 1; i < nr; i++) { - /* Set new reference to point to the original tag */ - alloc_tag_ref_set(codetag_ref_from_page_ext(page_ext), tag); - page_ext = page_ext_next(page_ext); - } -out: - page_ext_put(first_page_ext); -} - static inline struct alloc_tag *pgalloc_tag_get(struct page *page) { struct alloc_tag *tag = NULL; @@ -142,7 +112,6 @@ static inline void clear_page_tag_ref(struct page *page) {} static inline void pgalloc_tag_add(struct page *page, struct task_struct *task, unsigned int nr) {} static inline void pgalloc_tag_sub(struct page *page, unsigned int nr) {} -static inline void pgalloc_tag_split(struct page *page, unsigned int nr) {} static inline struct alloc_tag *pgalloc_tag_get(struct page *page) { return NULL; } static inline void pgalloc_tag_sub_pages(struct alloc_tag *tag, unsigned int nr) {} diff --git a/mm/huge_memory.c b/mm/huge_memory.c index f15f7faf2a63..cc2872f12030 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3226,7 +3226,7 @@ static void __split_huge_page(struct page *page, struct list_head *list, /* Caller disabled irqs, so they are still disabled here */ split_page_owner(head, order, new_order); - pgalloc_tag_split(head, 1 << order); + pgalloc_tag_split(folio, order, new_order); /* See comment in __split_huge_page_tail() */ if (folio_test_anon(folio)) { diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 3faf5aad142d..a8624c07d8bf 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -3778,7 +3778,7 @@ static long demote_free_hugetlb_folios(struct hstate *src, struct hstate *dst, list_del(&folio->lru); split_page_owner(&folio->page, huge_page_order(src), huge_page_order(dst)); - pgalloc_tag_split(&folio->page, 1 << huge_page_order(src)); + pgalloc_tag_split(folio, huge_page_order(src), huge_page_order(dst)); for (i = 0; i < pages_per_huge_page(src); i += pages_per_huge_page(dst)) { struct page *page = folio_page(folio, i); diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 74f13f676985..874e006f3d1c 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -2776,7 +2776,7 @@ void split_page(struct page *page, unsigned int order) for (i = 1; i < (1 << order); i++) set_page_refcounted(page + i); split_page_owner(page, order, 0); - pgalloc_tag_split(page, 1 << order); + pgalloc_tag_split(page_folio(page), order, 0); split_page_memcg(page, order, 0); } EXPORT_SYMBOL_GPL(split_page); @@ -4974,7 +4974,7 @@ static void *make_alloc_exact(unsigned long addr, unsigned int order, struct page *last = page + nr; split_page_owner(page, order, 0); - pgalloc_tag_split(page, 1 << order); + pgalloc_tag_split(page_folio(page), order, 0); split_page_memcg(page, order, 0); while (page < --last) set_page_refcounted(last);

7 months

1
0
0 0

FAILED: patch "[PATCH] mm/codetag: fix pgalloc_tag_split()" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x 95599ef684d01136a8b77c16a7c853496786e173 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100205-snowsuit-agony-4387@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: 95599ef684d0 ("mm/codetag: fix pgalloc_tag_split()") cf54f310d0d3 ("mm/hugetlb: use __GFP_COMP for gigantic folios") c0f398c3b2cf ("mm/hugetlb_vmemmap: batch HVO work when demoting") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 95599ef684d01136a8b77c16a7c853496786e173 Mon Sep 17 00:00:00 2001 From: Yu Zhao <yuzhao(a)google.com> Date: Thu, 5 Sep 2024 22:21:07 -0600 Subject: [PATCH] mm/codetag: fix pgalloc_tag_split() The current assumption is that a large folio can only be split into order-0 folios. That is not the case for hugeTLB demotion, nor for THP split: see commit c010d47f107f ("mm: thp: split huge page to any lower order pages"). When a large folio is split into ones of a lower non-zero order, only the new head pages should be tagged. Tagging tail pages can cause imbalanced "calls" counters, since only head pages are untagged by pgalloc_tag_sub() and the "calls" counts on tail pages are leaked, e.g., # echo 2048kB >/sys/kernel/mm/hugepages/hugepages-1048576kB/demote_size # echo 700 >/sys/kernel/mm/hugepages/hugepages-1048576kB/nr_hugepages # time echo 700 >/sys/kernel/mm/hugepages/hugepages-1048576kB/demote # echo 0 >/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages # grep alloc_gigantic_folio /proc/allocinfo Before this patch: 0 549427200 mm/hugetlb.c:1549 func:alloc_gigantic_folio real 0m2.057s user 0m0.000s sys 0m2.051s After this patch: 0 0 mm/hugetlb.c:1549 func:alloc_gigantic_folio real 0m1.711s user 0m0.000s sys 0m1.704s Not tagging tail pages also improves the splitting time, e.g., by about 15% when demoting 1GB hugeTLB folios to 2MB ones, as shown above. Link: https://lkml.kernel.org/r/20240906042108.1150526-2-yuzhao@google.com Fixes: be25d1d4e822 ("mm: create new codetag references during page splitting") Signed-off-by: Yu Zhao <yuzhao(a)google.com> Acked-by: Suren Baghdasaryan <surenb(a)google.com> Cc: Kent Overstreet <kent.overstreet(a)linux.dev> Cc: Muchun Song <muchun.song(a)linux.dev> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/include/linux/mm.h b/include/linux/mm.h index b0ff06d18c71..6bb778cbaabf 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -4084,4 +4084,34 @@ void vma_pgtable_walk_end(struct vm_area_struct *vma); int reserve_mem_find_by_name(const char *name, phys_addr_t *start, phys_addr_t *size); +#ifdef CONFIG_MEM_ALLOC_PROFILING +static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new_order) +{ + int i; + struct alloc_tag *tag; + unsigned int nr_pages = 1 << new_order; + + if (!mem_alloc_profiling_enabled()) + return; + + tag = pgalloc_tag_get(&folio->page); + if (!tag) + return; + + for (i = nr_pages; i < (1 << old_order); i += nr_pages) { + union codetag_ref *ref = get_page_tag_ref(folio_page(folio, i)); + + if (ref) { + /* Set new reference to point to the original tag */ + alloc_tag_ref_set(ref, tag); + put_page_tag_ref(ref); + } + } +} +#else /* !CONFIG_MEM_ALLOC_PROFILING */ +static inline void pgalloc_tag_split(struct folio *folio, int old_order, int new_order) +{ +} +#endif /* CONFIG_MEM_ALLOC_PROFILING */ + #endif /* _LINUX_MM_H */ diff --git a/include/linux/pgalloc_tag.h b/include/linux/pgalloc_tag.h index 207f0c83c8e9..59a3deb792a8 100644 --- a/include/linux/pgalloc_tag.h +++ b/include/linux/pgalloc_tag.h @@ -80,36 +80,6 @@ static inline void pgalloc_tag_sub(struct page *page, unsigned int nr) } } -static inline void pgalloc_tag_split(struct page *page, unsigned int nr) -{ - int i; - struct page_ext *first_page_ext; - struct page_ext *page_ext; - union codetag_ref *ref; - struct alloc_tag *tag; - - if (!mem_alloc_profiling_enabled()) - return; - - first_page_ext = page_ext = page_ext_get(page); - if (unlikely(!page_ext)) - return; - - ref = codetag_ref_from_page_ext(page_ext); - if (!ref->ct) - goto out; - - tag = ct_to_alloc_tag(ref->ct); - page_ext = page_ext_next(page_ext); - for (i = 1; i < nr; i++) { - /* Set new reference to point to the original tag */ - alloc_tag_ref_set(codetag_ref_from_page_ext(page_ext), tag); - page_ext = page_ext_next(page_ext); - } -out: - page_ext_put(first_page_ext); -} - static inline struct alloc_tag *pgalloc_tag_get(struct page *page) { struct alloc_tag *tag = NULL; @@ -142,7 +112,6 @@ static inline void clear_page_tag_ref(struct page *page) {} static inline void pgalloc_tag_add(struct page *page, struct task_struct *task, unsigned int nr) {} static inline void pgalloc_tag_sub(struct page *page, unsigned int nr) {} -static inline void pgalloc_tag_split(struct page *page, unsigned int nr) {} static inline struct alloc_tag *pgalloc_tag_get(struct page *page) { return NULL; } static inline void pgalloc_tag_sub_pages(struct alloc_tag *tag, unsigned int nr) {} diff --git a/mm/huge_memory.c b/mm/huge_memory.c index f15f7faf2a63..cc2872f12030 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c @@ -3226,7 +3226,7 @@ static void __split_huge_page(struct page *page, struct list_head *list, /* Caller disabled irqs, so they are still disabled here */ split_page_owner(head, order, new_order); - pgalloc_tag_split(head, 1 << order); + pgalloc_tag_split(folio, order, new_order); /* See comment in __split_huge_page_tail() */ if (folio_test_anon(folio)) { diff --git a/mm/hugetlb.c b/mm/hugetlb.c index 3faf5aad142d..a8624c07d8bf 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c @@ -3778,7 +3778,7 @@ static long demote_free_hugetlb_folios(struct hstate *src, struct hstate *dst, list_del(&folio->lru); split_page_owner(&folio->page, huge_page_order(src), huge_page_order(dst)); - pgalloc_tag_split(&folio->page, 1 << huge_page_order(src)); + pgalloc_tag_split(folio, huge_page_order(src), huge_page_order(dst)); for (i = 0; i < pages_per_huge_page(src); i += pages_per_huge_page(dst)) { struct page *page = folio_page(folio, i); diff --git a/mm/page_alloc.c b/mm/page_alloc.c index 74f13f676985..874e006f3d1c 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -2776,7 +2776,7 @@ void split_page(struct page *page, unsigned int order) for (i = 1; i < (1 << order); i++) set_page_refcounted(page + i); split_page_owner(page, order, 0); - pgalloc_tag_split(page, 1 << order); + pgalloc_tag_split(page_folio(page), order, 0); split_page_memcg(page, order, 0); } EXPORT_SYMBOL_GPL(split_page); @@ -4974,7 +4974,7 @@ static void *make_alloc_exact(unsigned long addr, unsigned int order, struct page *last = page + nr; split_page_owner(page, order, 0); - pgalloc_tag_split(page, 1 << order); + pgalloc_tag_split(page_folio(page), order, 0); split_page_memcg(page, order, 0); while (page < --last) set_page_refcounted(last);

7 months

1
0
0 0

FAILED: patch "[PATCH] selftest mm/mseal: fix" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 072cd213b75eb01fcf40eff898f8d5c008ce1457 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100220-poppy-baggage-6f39@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 072cd213b75e ("selftest mm/mseal: fix test_seal_mremap_move_dontunmap_anyaddr") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 072cd213b75eb01fcf40eff898f8d5c008ce1457 Mon Sep 17 00:00:00 2001 From: Jeff Xu <jeffxu(a)chromium.org> Date: Wed, 7 Aug 2024 21:23:20 +0000 Subject: [PATCH] selftest mm/mseal: fix test_seal_mremap_move_dontunmap_anyaddr the syscall remap accepts following: mremap(src, size, size, MREMAP_MAYMOVE | MREMAP_DONTUNMAP, dst) when the src is sealed, the call will fail with error code: EPERM Previously, the test uses hard-coded 0xdeaddead as dst, and it will fail on the system with newer glibc installed. This patch removes test's dependency on glibc for mremap(), also fix the test and remove the hardcoded address. Link: https://lkml.kernel.org/r/20240807212320.2831848-1-jeffxu@chromium.org Fixes: 4926c7a52de7 ("selftest mm/mseal memory sealing") Signed-off-by: Jeff Xu <jeffxu(a)chromium.org> Reported-by: Pedro Falcato <pedro.falcato(a)gmail.com> Cc: Dave Hansen <dave.hansen(a)intel.com> Cc: Liam R. Howlett <Liam.Howlett(a)oracle.com> Cc: Lorenzo Stoakes <lorenzo.stoakes(a)oracle.com> Cc: Matthew Wilcox (Oracle) <willy(a)infradead.org> Cc: Michael Ellerman <mpe(a)ellerman.id.au> Cc: Vlastimil Babka <vbabka(a)suse.cz> Cc: <stable(a)vger.kernel.org> Signed-off-by: Andrew Morton <akpm(a)linux-foundation.org> diff --git a/tools/testing/selftests/mm/mseal_test.c b/tools/testing/selftests/mm/mseal_test.c index 7eec3f0152e3..bd0bfda7aae7 100644 --- a/tools/testing/selftests/mm/mseal_test.c +++ b/tools/testing/selftests/mm/mseal_test.c @@ -110,6 +110,16 @@ static int sys_madvise(void *start, size_t len, int types) return sret; } +static void *sys_mremap(void *addr, size_t old_len, size_t new_len, + unsigned long flags, void *new_addr) +{ + void *sret; + + errno = 0; + sret = (void *) syscall(__NR_mremap, addr, old_len, new_len, flags, new_addr); + return sret; +} + static int sys_pkey_alloc(unsigned long flags, unsigned long init_val) { int ret = syscall(__NR_pkey_alloc, flags, init_val); @@ -1115,12 +1125,12 @@ static void test_seal_mremap_shrink(bool seal) } /* shrink from 4 pages to 2 pages. */ - ret2 = mremap(ptr, size, 2 * page_size, 0, 0); + ret2 = sys_mremap(ptr, size, 2 * page_size, 0, 0); if (seal) { - FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); + FAIL_TEST_IF_FALSE(ret2 == (void *) MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); } else { - FAIL_TEST_IF_FALSE(ret2 != MAP_FAILED); + FAIL_TEST_IF_FALSE(ret2 != (void *) MAP_FAILED); } @@ -1147,7 +1157,7 @@ static void test_seal_mremap_expand(bool seal) } /* expand from 2 page to 4 pages. */ - ret2 = mremap(ptr, 2 * page_size, 4 * page_size, 0, 0); + ret2 = sys_mremap(ptr, 2 * page_size, 4 * page_size, 0, 0); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); @@ -1180,7 +1190,7 @@ static void test_seal_mremap_move(bool seal) } /* move from ptr to fixed address. */ - ret2 = mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_FIXED, newPtr); + ret2 = sys_mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_FIXED, newPtr); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); @@ -1299,7 +1309,7 @@ static void test_seal_mremap_shrink_fixed(bool seal) } /* mremap to move and shrink to fixed address */ - ret2 = mremap(ptr, size, 2 * page_size, MREMAP_MAYMOVE | MREMAP_FIXED, + ret2 = sys_mremap(ptr, size, 2 * page_size, MREMAP_MAYMOVE | MREMAP_FIXED, newAddr); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); @@ -1330,7 +1340,7 @@ static void test_seal_mremap_expand_fixed(bool seal) } /* mremap to move and expand to fixed address */ - ret2 = mremap(ptr, page_size, size, MREMAP_MAYMOVE | MREMAP_FIXED, + ret2 = sys_mremap(ptr, page_size, size, MREMAP_MAYMOVE | MREMAP_FIXED, newAddr); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); @@ -1361,7 +1371,7 @@ static void test_seal_mremap_move_fixed(bool seal) } /* mremap to move to fixed address */ - ret2 = mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_FIXED, newAddr); + ret2 = sys_mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_FIXED, newAddr); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); @@ -1390,14 +1400,13 @@ static void test_seal_mremap_move_fixed_zero(bool seal) /* * MREMAP_FIXED can move the mapping to zero address */ - ret2 = mremap(ptr, size, 2 * page_size, MREMAP_MAYMOVE | MREMAP_FIXED, + ret2 = sys_mremap(ptr, size, 2 * page_size, MREMAP_MAYMOVE | MREMAP_FIXED, 0); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); } else { FAIL_TEST_IF_FALSE(ret2 == 0); - } REPORT_TEST_PASS(); @@ -1420,13 +1429,13 @@ static void test_seal_mremap_move_dontunmap(bool seal) } /* mremap to move, and don't unmap src addr. */ - ret2 = mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_DONTUNMAP, 0); + ret2 = sys_mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_DONTUNMAP, 0); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); } else { + /* kernel will allocate a new address */ FAIL_TEST_IF_FALSE(ret2 != MAP_FAILED); - } REPORT_TEST_PASS(); @@ -1434,7 +1443,7 @@ static void test_seal_mremap_move_dontunmap(bool seal) static void test_seal_mremap_move_dontunmap_anyaddr(bool seal) { - void *ptr; + void *ptr, *ptr2; unsigned long page_size = getpagesize(); unsigned long size = 4 * page_size; int ret; @@ -1449,24 +1458,30 @@ static void test_seal_mremap_move_dontunmap_anyaddr(bool seal) } /* - * The 0xdeaddead should not have effect on dest addr - * when MREMAP_DONTUNMAP is set. + * The new address is any address that not allocated. + * use allocate/free to similate that. */ - ret2 = mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_DONTUNMAP, - 0xdeaddead); + setup_single_address(size, &ptr2); + FAIL_TEST_IF_FALSE(ptr2 != (void *)-1); + ret = sys_munmap(ptr2, size); + FAIL_TEST_IF_FALSE(!ret); + + /* + * remap to any address. + */ + ret2 = sys_mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_DONTUNMAP, + (void *) ptr2); if (seal) { FAIL_TEST_IF_FALSE(ret2 == MAP_FAILED); FAIL_TEST_IF_FALSE(errno == EPERM); } else { - FAIL_TEST_IF_FALSE(ret2 != MAP_FAILED); - FAIL_TEST_IF_FALSE((long)ret2 != 0xdeaddead); - + /* remap success and return ptr2 */ + FAIL_TEST_IF_FALSE(ret2 == ptr2); } REPORT_TEST_PASS(); } - static void test_seal_merge_and_split(void) { void *ptr;

7 months

1
0
0 0

FAILED: patch "[PATCH] bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 5fe6e308abaea082c20fbf2aa5df8e14495622cf # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100250-celibacy-doubling-466e@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 5fe6e308abae ("bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()") 3c83a9ad0295 ("uprobes: make uprobe_register() return struct uprobe *") e04332ebc8ac ("uprobes: kill uprobe_register_refctr()") db61e6a4eee5 ("selftests/bpf: fix uprobe.path leak in bpf_testmod") f42a58ffb8bb ("selftests/bpf: Add uretprobe syscall test for regs changes") 3e8e25761a40 ("selftests/bpf: Add uretprobe syscall test for regs integrity") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 5fe6e308abaea082c20fbf2aa5df8e14495622cf Mon Sep 17 00:00:00 2001 From: Oleg Nesterov <oleg(a)redhat.com> Date: Tue, 13 Aug 2024 17:25:24 +0200 Subject: [PATCH] bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() If bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the error_free label and frees the array of bpf_uprobe's without calling bpf_uprobe_unregister(). This leaks bpf_uprobe->uprobe and worse, this frees bpf_uprobe->consumer without removing it from the uprobe->consumers list. Fixes: 89ae89f53d20 ("bpf: Add multi uprobe link") Closes: https://lore.kernel.org/all/000000000000382d39061f59f2dd@google.com/ Reported-by: syzbot+f7a1c2c2711e4a780f19(a)syzkaller.appspotmail.com Signed-off-by: Oleg Nesterov <oleg(a)redhat.com> Signed-off-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Acked-by: Andrii Nakryiko <andrii(a)kernel.org> Acked-by: Jiri Olsa <jolsa(a)kernel.org> Tested-by: syzbot+f7a1c2c2711e4a780f19(a)syzkaller.appspotmail.com Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/r/20240813152524.GA7292@redhat.com diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c index 4e391daafa64..90cd30e9723e 100644 --- a/kernel/trace/bpf_trace.c +++ b/kernel/trace/bpf_trace.c @@ -3484,17 +3484,20 @@ int bpf_uprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr &uprobes[i].consumer); if (IS_ERR(uprobes[i].uprobe)) { err = PTR_ERR(uprobes[i].uprobe); - bpf_uprobe_unregister(uprobes, i); - goto error_free; + link->cnt = i; + goto error_unregister; } } err = bpf_link_prime(&link->link, &link_primer); if (err) - goto error_free; + goto error_unregister; return bpf_link_settle(&link_primer); +error_unregister: + bpf_uprobe_unregister(uprobes, link->cnt); + error_free: kvfree(uprobes); kfree(link);

7 months

1
0
0 0

FAILED: patch "[PATCH] debugfs show actual source in /proc/mounts" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 3a987b88a42593875f6345188ca33731c7df728c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100128-prison-ploy-dfd6@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 3a987b88a425 ("debugfs show actual source in /proc/mounts") 49abee5991e1 ("debugfs: Convert to new uid/gid option parsing helpers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 3a987b88a42593875f6345188ca33731c7df728c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Aur=C3=A8le=20La=20France?= <tsi(a)tuyoix.net> Date: Sat, 10 Aug 2024 13:25:27 -0600 Subject: [PATCH] debugfs show actual source in /proc/mounts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After its conversion to the new mount API, debugfs displays "none" in /proc/mounts instead of the actual source. Fix this by recognising its "source" mount option. Signed-off-by: Marc Aurèle La France <tsi(a)tuyoix.net> Link: https://lore.kernel.org/r/e439fae2-01da-234b-75b9-2a7951671e27@tuyoix.net Fixes: a20971c18752 ("vfs: Convert debugfs to use the new mount API") Cc: stable(a)vger.kernel.org # 6.10.x: 49abee5991e1: debugfs: Convert to new uid/gid option parsing helpers Signed-off-by: Christian Brauner <brauner(a)kernel.org> diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c index 91521576f500..66d9b3b4c588 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c @@ -89,12 +89,14 @@ enum { Opt_uid, Opt_gid, Opt_mode, + Opt_source, }; static const struct fs_parameter_spec debugfs_param_specs[] = { fsparam_gid ("gid", Opt_gid), fsparam_u32oct ("mode", Opt_mode), fsparam_uid ("uid", Opt_uid), + fsparam_string ("source", Opt_source), {} }; @@ -126,6 +128,12 @@ static int debugfs_parse_param(struct fs_context *fc, struct fs_parameter *param case Opt_mode: opts->mode = result.uint_32 & S_IALLUGO; break; + case Opt_source: + if (fc->source) + return invalfc(fc, "Multiple sources specified"); + fc->source = param->string; + param->string = NULL; + break; /* * We might like to report bad mount options here; * but traditionally debugfs has ignored all mount options

7 months

3
3
0 0

FAILED: patch "[PATCH] io_uring/sqpoll: do not allow pinning outside of cpuset" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x f011c9cf04c06f16b24f583d313d3c012e589e50 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100131-number-deface-36a6@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: f011c9cf04c0 ("io_uring/sqpoll: do not allow pinning outside of cpuset") 17437f311490 ("io_uring: move SQPOLL related handling into its own file") 59915143e89f ("io_uring: move timeout opcodes and handling into its own file") e418bbc97bff ("io_uring: move our reference counting into a header") 36404b09aa60 ("io_uring: move msg_ring into its own file") f9ead18c1058 ("io_uring: split network related opcodes into its own file") e0da14def1ee ("io_uring: move statx handling to its own file") a9c210cebe13 ("io_uring: move epoll handler to its own file") 4cf90495281b ("io_uring: add a dummy -EOPNOTSUPP prep handler") 99f15d8d6136 ("io_uring: move uring_cmd handling to its own file") cd40cae29ef8 ("io_uring: split out open/close operations") 453b329be5ea ("io_uring: separate out file table handling code") f4c163dd7d4b ("io_uring: split out fadvise/madvise operations") 0d5847274037 ("io_uring: split out fs related sync/fallocate functions") 531113bbd5bf ("io_uring: split out splice related operations") 11aeb71406dd ("io_uring: split out filesystem related operations") e28683bdfc2f ("io_uring: move nop into its own file") 5e2a18d93fec ("io_uring: move xattr related opcodes to its own file") 97b388d70b53 ("io_uring: handle completions in the core") de23077eda61 ("io_uring: set completion results upfront") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From f011c9cf04c06f16b24f583d313d3c012e589e50 Mon Sep 17 00:00:00 2001 From: Felix Moessbauer <felix.moessbauer(a)siemens.com> Date: Mon, 9 Sep 2024 17:00:36 +0200 Subject: [PATCH] io_uring/sqpoll: do not allow pinning outside of cpuset The submit queue polling threads are userland threads that just never exit to the userland. When creating the thread with IORING_SETUP_SQ_AFF, the affinity of the poller thread is set to the cpu specified in sq_thread_cpu. However, this CPU can be outside of the cpuset defined by the cgroup cpuset controller. This violates the rules defined by the cpuset controller and is a potential issue for realtime applications. In b7ed6d8ffd6 we fixed the default affinity of the poller thread, in case no explicit pinning is required by inheriting the one of the creating task. In case of explicit pinning, the check is more complicated, as also a cpu outside of the parent cpumask is allowed. We implemented this by using cpuset_cpus_allowed (that has support for cgroup cpusets) and testing if the requested cpu is in the set. Fixes: 37d1e2e3642e ("io_uring: move SQPOLL thread io-wq forked worker") Cc: stable(a)vger.kernel.org # 6.1+ Signed-off-by: Felix Moessbauer <felix.moessbauer(a)siemens.com> Link: https://lore.kernel.org/r/20240909150036.55921-1-felix.moessbauer@siemens.c… Signed-off-by: Jens Axboe <axboe(a)kernel.dk> diff --git a/io_uring/sqpoll.c b/io_uring/sqpoll.c index e545bf240d35..272df9d00f45 100644 --- a/io_uring/sqpoll.c +++ b/io_uring/sqpoll.c @@ -10,6 +10,7 @@ #include <linux/slab.h> #include <linux/audit.h> #include <linux/security.h> +#include <linux/cpuset.h> #include <linux/io_uring.h> #include <uapi/linux/io_uring.h> @@ -460,10 +461,12 @@ __cold int io_sq_offload_create(struct io_ring_ctx *ctx, return 0; if (p->flags & IORING_SETUP_SQ_AFF) { + struct cpumask allowed_mask; int cpu = p->sq_thread_cpu; ret = -EINVAL; - if (cpu >= nr_cpu_ids || !cpu_online(cpu)) + cpuset_cpus_allowed(current, &allowed_mask); + if (!cpumask_test_cpu(cpu, &allowed_mask)) goto err_sqpoll; sqd->sq_cpu = cpu; } else {

7 months

3
2
0 0

FAILED: patch "[PATCH] icmp: change the order of rate limits" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 8c2bd38b95f75f3d2a08c93e35303e26d480d24e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100127-uninsured-onyx-f79a@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 8c2bd38b95f7 ("icmp: change the order of rate limits") d0941130c935 ("icmp: Add counters for rate limits") 8032bf1233a7 ("treewide: use get_random_u32_below() instead of deprecated function") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c2bd38b95f75f3d2a08c93e35303e26d480d24e Mon Sep 17 00:00:00 2001 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 29 Aug 2024 14:46:39 +0000 Subject: [PATCH] icmp: change the order of rate limits ICMP messages are ratelimited : After the blamed commits, the two rate limiters are applied in this order: 1) host wide ratelimit (icmp_global_allow()) 2) Per destination ratelimit (inetpeer based) In order to avoid side-channels attacks, we need to apply the per destination check first. This patch makes the following change : 1) icmp_global_allow() checks if the host wide limit is reached. But credits are not yet consumed. This is deferred to 3) 2) The per destination limit is checked/updated. This might add a new node in inetpeer tree. 3) icmp_global_consume() consumes tokens if prior operations succeeded. This means that host wide ratelimit is still effective in keeping inetpeer tree small even under DDOS. As a bonus, I removed icmp_global.lock as the fast path can use a lock-free operation. Fixes: c0303efeab73 ("net: reduce cycles spend on ICMP replies that gets rate limited") Fixes: 4cdf507d5452 ("icmp: add a global rate limitation") Reported-by: Keyu Man <keyu.man(a)email.ucr.edu> Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> Cc: Jesper Dangaard Brouer <hawk(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20240829144641.3880376-2-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/net/ip.h b/include/net/ip.h index c5606cadb1a5..82248813619e 100644 --- a/include/net/ip.h +++ b/include/net/ip.h @@ -795,6 +795,8 @@ static inline void ip_cmsg_recv(struct msghdr *msg, struct sk_buff *skb) } bool icmp_global_allow(void); +void icmp_global_consume(void); + extern int sysctl_icmp_msgs_per_sec; extern int sysctl_icmp_msgs_burst; diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index b8f56d03fcbb..0078e8fb2e86 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -224,57 +224,59 @@ int sysctl_icmp_msgs_per_sec __read_mostly = 1000; int sysctl_icmp_msgs_burst __read_mostly = 50; static struct { - spinlock_t lock; - u32 credit; + atomic_t credit; u32 stamp; -} icmp_global = { - .lock = __SPIN_LOCK_UNLOCKED(icmp_global.lock), -}; +} icmp_global; /** * icmp_global_allow - Are we allowed to send one more ICMP message ? * * Uses a token bucket to limit our ICMP messages to ~sysctl_icmp_msgs_per_sec. * Returns false if we reached the limit and can not send another packet. - * Note: called with BH disabled + * Works in tandem with icmp_global_consume(). */ bool icmp_global_allow(void) { - u32 credit, delta, incr = 0, now = (u32)jiffies; - bool rc = false; + u32 delta, now, oldstamp; + int incr, new, old; - /* Check if token bucket is empty and cannot be refilled - * without taking the spinlock. The READ_ONCE() are paired - * with the following WRITE_ONCE() in this same function. + /* Note: many cpus could find this condition true. + * Then later icmp_global_consume() could consume more credits, + * this is an acceptable race. */ - if (!READ_ONCE(icmp_global.credit)) { - delta = min_t(u32, now - READ_ONCE(icmp_global.stamp), HZ); - if (delta < HZ / 50) - return false; - } + if (atomic_read(&icmp_global.credit) > 0) + return true; - spin_lock(&icmp_global.lock); - delta = min_t(u32, now - icmp_global.stamp, HZ); - if (delta >= HZ / 50) { - incr = READ_ONCE(sysctl_icmp_msgs_per_sec) * delta / HZ; - if (incr) - WRITE_ONCE(icmp_global.stamp, now); + now = jiffies; + oldstamp = READ_ONCE(icmp_global.stamp); + delta = min_t(u32, now - oldstamp, HZ); + if (delta < HZ / 50) + return false; + + incr = READ_ONCE(sysctl_icmp_msgs_per_sec) * delta / HZ; + if (!incr) + return false; + + if (cmpxchg(&icmp_global.stamp, oldstamp, now) == oldstamp) { + old = atomic_read(&icmp_global.credit); + do { + new = min(old + incr, READ_ONCE(sysctl_icmp_msgs_burst)); + } while (!atomic_try_cmpxchg(&icmp_global.credit, &old, new)); } - credit = min_t(u32, icmp_global.credit + incr, - READ_ONCE(sysctl_icmp_msgs_burst)); - if (credit) { - /* We want to use a credit of one in average, but need to randomize - * it for security reasons. - */ - credit = max_t(int, credit - get_random_u32_below(3), 0); - rc = true; - } - WRITE_ONCE(icmp_global.credit, credit); - spin_unlock(&icmp_global.lock); - return rc; + return true; } EXPORT_SYMBOL(icmp_global_allow); +void icmp_global_consume(void) +{ + int credits = get_random_u32_below(3); + + /* Note: this might make icmp_global.credit negative. */ + if (credits) + atomic_sub(credits, &icmp_global.credit); +} +EXPORT_SYMBOL(icmp_global_consume); + static bool icmpv4_mask_allow(struct net *net, int type, int code) { if (type > NR_ICMP_TYPES) @@ -291,14 +293,16 @@ static bool icmpv4_mask_allow(struct net *net, int type, int code) return false; } -static bool icmpv4_global_allow(struct net *net, int type, int code) +static bool icmpv4_global_allow(struct net *net, int type, int code, + bool *apply_ratelimit) { if (icmpv4_mask_allow(net, type, code)) return true; - if (icmp_global_allow()) + if (icmp_global_allow()) { + *apply_ratelimit = true; return true; - + } __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITGLOBAL); return false; } @@ -308,15 +312,16 @@ static bool icmpv4_global_allow(struct net *net, int type, int code) */ static bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt, - struct flowi4 *fl4, int type, int code) + struct flowi4 *fl4, int type, int code, + bool apply_ratelimit) { struct dst_entry *dst = &rt->dst; struct inet_peer *peer; bool rc = true; int vif; - if (icmpv4_mask_allow(net, type, code)) - goto out; + if (!apply_ratelimit) + return true; /* No rate limit on loopback */ if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) @@ -331,6 +336,8 @@ static bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt, out: if (!rc) __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITHOST); + else + icmp_global_consume(); return rc; } @@ -402,6 +409,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) struct ipcm_cookie ipc; struct rtable *rt = skb_rtable(skb); struct net *net = dev_net(rt->dst.dev); + bool apply_ratelimit = false; struct flowi4 fl4; struct sock *sk; struct inet_sock *inet; @@ -413,11 +421,11 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) if (ip_options_echo(net, &icmp_param->replyopts.opt.opt, skb)) return; - /* Needed by both icmp_global_allow and icmp_xmit_lock */ + /* Needed by both icmpv4_global_allow and icmp_xmit_lock */ local_bh_disable(); - /* global icmp_msgs_per_sec */ - if (!icmpv4_global_allow(net, type, code)) + /* is global icmp_msgs_per_sec exhausted ? */ + if (!icmpv4_global_allow(net, type, code, &apply_ratelimit)) goto out_bh_enable; sk = icmp_xmit_lock(net); @@ -450,7 +458,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) rt = ip_route_output_key(net, &fl4); if (IS_ERR(rt)) goto out_unlock; - if (icmpv4_xrlim_allow(net, rt, &fl4, type, code)) + if (icmpv4_xrlim_allow(net, rt, &fl4, type, code, apply_ratelimit)) icmp_push_reply(sk, icmp_param, &fl4, &ipc, &rt); ip_rt_put(rt); out_unlock: @@ -596,6 +604,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, int room; struct icmp_bxm icmp_param; struct rtable *rt = skb_rtable(skb_in); + bool apply_ratelimit = false; struct ipcm_cookie ipc; struct flowi4 fl4; __be32 saddr; @@ -677,7 +686,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, } } - /* Needed by both icmp_global_allow and icmp_xmit_lock */ + /* Needed by both icmpv4_global_allow and icmp_xmit_lock */ local_bh_disable(); /* Check global sysctl_icmp_msgs_per_sec ratelimit, unless @@ -685,7 +694,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, * loopback, then peer ratelimit still work (in icmpv4_xrlim_allow) */ if (!(skb_in->dev && (skb_in->dev->flags&IFF_LOOPBACK)) && - !icmpv4_global_allow(net, type, code)) + !icmpv4_global_allow(net, type, code, &apply_ratelimit)) goto out_bh_enable; sk = icmp_xmit_lock(net); @@ -744,7 +753,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, goto out_unlock; /* peer icmp_ratelimit */ - if (!icmpv4_xrlim_allow(net, rt, &fl4, type, code)) + if (!icmpv4_xrlim_allow(net, rt, &fl4, type, code, apply_ratelimit)) goto ende; /* RFC says return as much as we can without exceeding 576 bytes. */ diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index 7b31674644ef..46f70e4a8351 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c @@ -175,14 +175,16 @@ static bool icmpv6_mask_allow(struct net *net, int type) return false; } -static bool icmpv6_global_allow(struct net *net, int type) +static bool icmpv6_global_allow(struct net *net, int type, + bool *apply_ratelimit) { if (icmpv6_mask_allow(net, type)) return true; - if (icmp_global_allow()) + if (icmp_global_allow()) { + *apply_ratelimit = true; return true; - + } __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITGLOBAL); return false; } @@ -191,13 +193,13 @@ static bool icmpv6_global_allow(struct net *net, int type) * Check the ICMP output rate limit */ static bool icmpv6_xrlim_allow(struct sock *sk, u8 type, - struct flowi6 *fl6) + struct flowi6 *fl6, bool apply_ratelimit) { struct net *net = sock_net(sk); struct dst_entry *dst; bool res = false; - if (icmpv6_mask_allow(net, type)) + if (!apply_ratelimit) return true; /* @@ -228,6 +230,8 @@ static bool icmpv6_xrlim_allow(struct sock *sk, u8 type, if (!res) __ICMP6_INC_STATS(net, ip6_dst_idev(dst), ICMP6_MIB_RATELIMITHOST); + else + icmp_global_consume(); dst_release(dst); return res; } @@ -452,6 +456,7 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, struct net *net; struct ipv6_pinfo *np; const struct in6_addr *saddr = NULL; + bool apply_ratelimit = false; struct dst_entry *dst; struct icmp6hdr tmp_hdr; struct flowi6 fl6; @@ -533,11 +538,12 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, return; } - /* Needed by both icmp_global_allow and icmpv6_xmit_lock */ + /* Needed by both icmpv6_global_allow and icmpv6_xmit_lock */ local_bh_disable(); /* Check global sysctl_icmp_msgs_per_sec ratelimit */ - if (!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, type)) + if (!(skb->dev->flags & IFF_LOOPBACK) && + !icmpv6_global_allow(net, type, &apply_ratelimit)) goto out_bh_enable; mip6_addr_swap(skb, parm); @@ -575,7 +581,7 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, np = inet6_sk(sk); - if (!icmpv6_xrlim_allow(sk, type, &fl6)) + if (!icmpv6_xrlim_allow(sk, type, &fl6, apply_ratelimit)) goto out; tmp_hdr.icmp6_type = type; @@ -717,6 +723,7 @@ static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb) struct ipv6_pinfo *np; const struct in6_addr *saddr = NULL; struct icmp6hdr *icmph = icmp6_hdr(skb); + bool apply_ratelimit = false; struct icmp6hdr tmp_hdr; struct flowi6 fl6; struct icmpv6_msg msg; @@ -781,8 +788,9 @@ static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb) goto out; /* Check the ratelimit */ - if ((!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY)) || - !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6)) + if ((!(skb->dev->flags & IFF_LOOPBACK) && + !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY, &apply_ratelimit)) || + !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6, apply_ratelimit)) goto out_dst_release; idev = __in6_dev_get(skb->dev);

7 months

3
4
0 0

[PATCH 6.6 00/14] Backport thunderbolt fix(es) from v6.9

by Alexandru Gagniuc

From: Alexandru Gagniuc <mr.nuke.me(a)gmail.com> These patches resolve thunderbolt issues on Intel Raptor Lake systems. With a monitor connected to a HP Thunderbolt G4 dock, the display sometimes stops working after resume. The kernel reports an issue with the DisplayPort MST topology, the full backtrace being pasted below. This failure is since v6.9-rc1 by commit b4734507ac55 ("thunderbolt: Improve DisplayPort tunnel setup process to be more robust"). The other commits are dependencies such that all changes apply cleanly without needing modification. Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414673] UBSAN: shift-out-of-bounds in drivers/gpu/drm/display/drm_dp_mst_topology.c:4416:36 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414674] shift exponent -1 is negative Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414675] CPU: 0 PID: 145 Comm: kworker/0:2 Tainted: G U 6.6.16 #108 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414677] Hardware name: HP HP Elite t660 Thin Client/8D05, BIOS W44 Ver. 00.14.00 07/19/2024 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414678] Workqueue: events output_poll_execute [drm_kms_helper] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414695] Call Trace: Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414697] <TASK> Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414698] dump_stack_lvl+0x48/0x70 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414703] dump_stack+0x10/0x20 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414705] __ubsan_handle_shift_out_of_bounds+0x156/0x310 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414708] ? krealloc+0x98/0x100 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414711] ? drm_atomic_get_private_obj_state+0x167/0x1a0 [drm] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414733] drm_dp_atomic_release_time_slots.cold+0x17/0x3d [drm_display_helper] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414743] intel_dp_mst_atomic_check+0x9a/0x170 [i915] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414831] drm_atomic_helper_check_modeset+0x4bb/0xe20 [drm_kms_helper] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414842] ? __kmem_cache_alloc_node+0x1b3/0x320 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414845] ? __ww_mutex_lock.constprop.0+0x39/0xa00 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414848] intel_atomic_check+0x113/0x2b50 [i915] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414936] drm_atomic_check_only+0x692/0xb80 [drm] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414956] drm_atomic_commit+0x57/0xd0 [drm] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414972] ? _pfx__drm_printfn_info+0x10/0x10 [drm] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.414999] drm_client_modeset_commit_atomic+0x1f1/0x230 [drm] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415019] drm_client_modeset_commit_locked+0x5b/0x170 [drm] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415038] ? mutex_lock+0x13/0x50 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415040] drm_client_modeset_commit+0x27/0x50 [drm] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415058] __drm_fb_helper_restore_fbdev_mode_unlocked+0xd2/0x100 [drm_kms_helper] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415068] drm_fb_helper_hotplug_event+0x11a/0x140 [drm_kms_helper] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415077] intel_fbdev_output_poll_changed+0x6f/0xb0 [i915] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415156] output_poll_execute+0x23e/0x290 [drm_kms_helper] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415166] ? intelfb_dirty+0x41/0x80 [i915] Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415236] process_one_work+0x178/0x360 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415238] ? __pfx_worker_thread+0x10/0x10 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415240] worker_thread+0x307/0x430 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415241] ? __pfx_worker_thread+0x10/0x10 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415242] kthread+0xf4/0x130 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415245] ? __pfx_kthread+0x10/0x10 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415247] ret_from_fork+0x43/0x70 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415249] ? __pfx_kthread+0x10/0x10 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415250] ret_from_fork_asm+0x1b/0x30 Sep 6 08:10:29 HP7c5758fc4d4f kernel: [ 89.415252] </TASK> Gil Fine (8): thunderbolt: Fix debug log when DisplayPort adapter not available for pairing thunderbolt: Create multiple DisplayPort tunnels if there are more DP IN/OUT pairs thunderbolt: Make is_gen4_link() available to the rest of the driver thunderbolt: Change bandwidth reservations to comply USB4 v2 thunderbolt: Introduce tb_port_path_direction_downstream() thunderbolt: Add support for asymmetric link thunderbolt: Configure asymmetric link if needed and bandwidth allows thunderbolt: Improve DisplayPort tunnel setup process to be more robust Mika Westerberg (6): thunderbolt: Use tb_tunnel_dbg() where possible to make logging more consistent thunderbolt: Expose tb_tunnel_xxx() log macros to the rest of the driver thunderbolt: Use constants for path weight and priority thunderbolt: Use weight constants in tb_usb3_consumed_bandwidth() thunderbolt: Introduce tb_for_each_upstream_port_on_path() thunderbolt: Introduce tb_switch_depth() drivers/thunderbolt/switch.c | 328 +++++++++++--- drivers/thunderbolt/tb.c | 784 +++++++++++++++++++++++++++------- drivers/thunderbolt/tb.h | 56 ++- drivers/thunderbolt/tb_regs.h | 9 +- drivers/thunderbolt/tunnel.c | 217 ++++++---- drivers/thunderbolt/tunnel.h | 26 +- drivers/thunderbolt/usb4.c | 106 +++++ 7 files changed, 1225 insertions(+), 301 deletions(-) -- 2.45.1

7 months

2
15
0 0

[PATCH wireless] wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower

by Felix Fietkau

Avoid potentially crashing in the driver because of uninitialized private data Fixes: 5b3dc42b1b0d ("mac80211: add support for driver tx power reporting") Cc: stable(a)vger.kernel.org Signed-off-by: Felix Fietkau <nbd(a)nbd.name> --- net/mac80211/cfg.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index 847304a3a29a..5f855e94aeb4 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c @@ -3138,7 +3138,8 @@ static int ieee80211_get_tx_power(struct wiphy *wiphy, struct ieee80211_local *local = wiphy_priv(wiphy); struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev); - if (local->ops->get_txpower) + if (local->ops->get_txpower && + (sdata->flags & IEEE80211_SDATA_IN_DRIVER)) return drv_get_txpower(local, sdata, dbm); if (local->emulate_chanctx) -- 2.46.0

7 months

1
0
0 0

patches sent up to 6.13-rc1 that shouldn't be backported

by Jason A. Donenfeld

Hi Sasha, I've been getting emails from your bots... I sent two pulls to Linus for 6.13-rc1: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… In these, I'm not sure there's actually much valid stable material. I didn't mark anything as Cc: stable(a)vger.kernel.org, I don't think. As such, can you make sure none of those get backported? Alternatively, if you do have reason to want to pick some of these, can you be clear with what and why, and actually carefully decide which ones and which dependencies are required as such in a non-automated way? Thanks, Jason

7 months

2
5
0 0

[PATCH] ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()

by Gax-c

A devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() could possibly return NULL pointer. NULL Pointer Dereference may be triggerred without addtional check. Add a NULL check for the returned pointer. Fixes: b5022a36d28f ("ASoC: qcom: lpass: Use regmap_field for i2sctl and dmactl registers") Signed-off-by: Zichen Xie <zichenxie0106(a)gmail.com> Cc: stable(a)vger.kernel.org Reported-by: Zichen Xie <zichenxie0106(a)gmail.com> --- sound/soc/qcom/lpass-cpu.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sound/soc/qcom/lpass-cpu.c b/sound/soc/qcom/lpass-cpu.c index 5a47f661e0c6..242bc16da36d 100644 --- a/sound/soc/qcom/lpass-cpu.c +++ b/sound/soc/qcom/lpass-cpu.c @@ -1242,6 +1242,8 @@ int asoc_qcom_lpass_cpu_platform_probe(struct platform_device *pdev) /* Allocation for i2sctl regmap fields */ drvdata->i2sctl = devm_kzalloc(&pdev->dev, sizeof(struct lpaif_i2sctl), GFP_KERNEL); + if (!drvdata->i2sctl) + return -ENOMEM; /* Initialize bitfields for dai I2SCTL register */ ret = lpass_cpu_init_i2sctl_bitfields(dev, drvdata->i2sctl, -- 2.25.1

7 months

2
1
0 0

[for-next][PATCH 1/5] tracing: Fix function timing profiler to initialize hashtable

by Steven Rostedt

From: "Masami Hiramatsu (Google)" <mhiramat(a)kernel.org> Since the new fgraph requires to initialize fgraph_ops.ops.func_hash before calling register_ftrace_graph(), initialize it with default (tracing all functions) parameter. Cc: stable(a)vger.kernel.org Fixes: 5fccc7552ccb ("ftrace: Add subops logic to allow one ops to manage many") Signed-off-by: Masami Hiramatsu (Google) <mhiramat(a)kernel.org> Signed-off-by: Steven Rostedt (Google) <rostedt(a)goodmis.org> --- kernel/trace/ftrace.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index 4c28dd177ca6..d2dd71d04b8a 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -883,6 +883,10 @@ static void profile_graph_return(struct ftrace_graph_ret *trace, } static struct fgraph_ops fprofiler_ops = { + .ops = { + .flags = FTRACE_OPS_FL_INITIALIZED, + INIT_OPS_HASH(fprofiler_ops.ops) + }, .entryfunc = &profile_graph_entry, .retfunc = &profile_graph_return, }; -- 2.45.2

7 months

1
0
0 0

[PATCH] ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()

by Gax-c

A devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() could possibly return NULL pointer. NULL Pointer Dereference may be triggerred without addtional check. Add a NULL check for the returned pointer. Fixes: b5022a36d28f ("ASoC: qcom: lpass: Use regmap_field for i2sctl and dmactl registers") Signed-off-by: Zichen Xie <zichenxie0106(a)gmail.com> Reported-by: Zichen Xie <zichenxie0106(a)gmail.com> Reported-by: Zijie Zhao <zzjas98(a)gmail.com> Reported-by: Chenyuan Yang <chenyuan0y(a)gmail.com> --- sound/soc/qcom/lpass-cpu.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sound/soc/qcom/lpass-cpu.c b/sound/soc/qcom/lpass-cpu.c index 5a47f661e0c6..a8e56f47f237 100644 --- a/sound/soc/qcom/lpass-cpu.c +++ b/sound/soc/qcom/lpass-cpu.c @@ -1243,6 +1243,9 @@ int asoc_qcom_lpass_cpu_platform_probe(struct platform_device *pdev) drvdata->i2sctl = devm_kzalloc(&pdev->dev, sizeof(struct lpaif_i2sctl), GFP_KERNEL); + if (!drvdata->i2sctl) + return -ENOMEM; + /* Initialize bitfields for dai I2SCTL register */ ret = lpass_cpu_init_i2sctl_bitfields(dev, drvdata->i2sctl, drvdata->lpaif_map); -- 2.25.1

7 months

3
2
0 0

[PATCH] drm/panthor: Don't add write fences to the shared BOs

by Boris Brezillon

The only user (the mesa gallium driver) is already assuming explicit synchronization and doing the export/import dance on shared BOs. The only reason we were registering ourselves as writers on external BOs is because Xe, which was the reference back when we developed Panthor, was doing so. Turns out Xe was wrong, and we really want bookkeep on all registered fences, so userspace can explicitly upgrade those to read/write when needed. Fixes: 4bdca1150792 ("drm/panthor: Add the driver frontend block") Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Simona Vetter <simona.vetter(a)ffwll.ch> Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)collabora.com> --- drivers/gpu/drm/panthor/panthor_sched.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/drivers/gpu/drm/panthor/panthor_sched.c b/drivers/gpu/drm/panthor/panthor_sched.c index 9a0ff48f7061..41260cf4beb8 100644 --- a/drivers/gpu/drm/panthor/panthor_sched.c +++ b/drivers/gpu/drm/panthor/panthor_sched.c @@ -3423,13 +3423,8 @@ void panthor_job_update_resvs(struct drm_exec *exec, struct drm_sched_job *sched { struct panthor_job *job = container_of(sched_job, struct panthor_job, base); - /* Still not sure why we want USAGE_WRITE for external objects, since I - * was assuming this would be handled through explicit syncs being imported - * to external BOs with DMA_BUF_IOCTL_IMPORT_SYNC_FILE, but other drivers - * seem to pass DMA_RESV_USAGE_WRITE, so there must be a good reason. - */ panthor_vm_update_resvs(job->group->vm, exec, &sched_job->s_fence->finished, - DMA_RESV_USAGE_BOOKKEEP, DMA_RESV_USAGE_WRITE); + DMA_RESV_USAGE_BOOKKEEP, DMA_RESV_USAGE_BOOKKEEP); } void panthor_sched_unplug(struct panthor_device *ptdev) -- 2.46.0

7 months

4
4
0 0

[PATCH] drm/panthor: Don't declare a queue blocked if deferred operations are pending

by Boris Brezillon

If deferred operations are pending, we want to wait for those to land before declaring the queue blocked on a SYNC_WAIT. We need this to deal with the case where the sync object is signalled through a deferred SYNC_{ADD,SET} from the same queue. If we don't do that and the group gets scheduled out before the deferred SYNC_{SET,ADD} is executed, we'll end up with a timeout, because no external SYNC_{SET,ADD} will make the scheduler reconsider the group for execution. Fixes: de8548813824 ("drm/panthor: Add the scheduler logical block") Cc: <stable(a)vger.kernel.org> Signed-off-by: Boris Brezillon <boris.brezillon(a)collabora.com> --- drivers/gpu/drm/panthor/panthor_sched.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/panthor/panthor_sched.c b/drivers/gpu/drm/panthor/panthor_sched.c index 41260cf4beb8..201d5e7a921e 100644 --- a/drivers/gpu/drm/panthor/panthor_sched.c +++ b/drivers/gpu/drm/panthor/panthor_sched.c @@ -1103,7 +1103,13 @@ cs_slot_sync_queue_state_locked(struct panthor_device *ptdev, u32 csg_id, u32 cs list_move_tail(&group->wait_node, &group->ptdev->scheduler->groups.waiting); } - group->blocked_queues |= BIT(cs_id); + + /* The queue is only blocked if there's no deferred operation + * pending, which can be checked through the scoreboard status. + */ + if (!cs_iface->output->status_scoreboards) + group->blocked_queues |= BIT(cs_id); + queue->syncwait.gpu_va = cs_iface->output->status_wait_sync_ptr; queue->syncwait.ref = cs_iface->output->status_wait_sync_value; status_wait_cond = cs_iface->output->status_wait & CS_STATUS_WAIT_SYNC_COND_MASK; -- 2.46.0

7 months

3
3
0 0

[PATCH v2] drm/panthor: Fix access to uninitialized variable in tick_ctx_cleanup()

by Boris Brezillon

The group variable can't be used to retrieve ptdev in our second loop, because it points to the previously iterated list_head, not a valid group. Get the ptdev object from the scheduler instead. Cc: <stable(a)vger.kernel.org> Fixes: d72f049087d4 ("drm/panthor: Allow driver compilation") Reported-by: kernel test robot <lkp(a)intel.com> Reported-by: Julia Lawall <julia.lawall(a)inria.fr> Closes: https://lore.kernel.org/r/202409302306.UDikqa03-lkp@intel.com/ Signed-off-by: Boris Brezillon <boris.brezillon(a)collabora.com> --- drivers/gpu/drm/panthor/panthor_sched.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/panthor/panthor_sched.c b/drivers/gpu/drm/panthor/panthor_sched.c index 201d5e7a921e..24ff91c084e4 100644 --- a/drivers/gpu/drm/panthor/panthor_sched.c +++ b/drivers/gpu/drm/panthor/panthor_sched.c @@ -2052,6 +2052,7 @@ static void tick_ctx_cleanup(struct panthor_scheduler *sched, struct panthor_sched_tick_ctx *ctx) { + struct panthor_device *ptdev = sched->ptdev; struct panthor_group *group, *tmp; u32 i; @@ -2060,7 +2061,7 @@ tick_ctx_cleanup(struct panthor_scheduler *sched, /* If everything went fine, we should only have groups * to be terminated in the old_groups lists. */ - drm_WARN_ON(&group->ptdev->base, !ctx->csg_upd_failed_mask && + drm_WARN_ON(&ptdev->base, !ctx->csg_upd_failed_mask && group_can_run(group)); if (!group_can_run(group)) { @@ -2083,7 +2084,7 @@ tick_ctx_cleanup(struct panthor_scheduler *sched, /* If everything went fine, the groups to schedule lists should * be empty. */ - drm_WARN_ON(&group->ptdev->base, + drm_WARN_ON(&ptdev->base, !ctx->csg_upd_failed_mask && !list_empty(&ctx->groups[i])); list_for_each_entry_safe(group, tmp, &ctx->groups[i], run_node) { -- 2.46.0

7 months

2
2
0 0

[PATCH 00/10] (no cover subject)

by Vikram Sharma

SC7280 is a Qualcomm SoC. This series adds support to bring up the CSIPHY, CSID, VFE/RDI interfaces in SC7280. SC7280 provides - 3 x VFE, 3 RDI per VFE - 2 x VFE Lite, 4 RDI per VFE - 3 x CSID - 2 x CSID Lite - 5 x CSI PHY The changes are verified on SC7280 qcs6490-rb3gen2-vision board, the base dts for qcs6490-rb3gen2 is: https://lore.kernel.org/all/20231103184655.23555-1-quic_kbajaj@quicinc.com/ V1 for this series: https://lore.kernel.org/linux-arm-msm/20240629-camss_first_post_linux_next-… Changes in V2: 1) Improved indentation/formatting. 2) Removed _src clocks and misleading code comments. 3) Added name fields for power domains and csid register offset in DTSI. 4) Dropped minItems field from YAML file. 5) Listed changes in alphabetical order. 6) Updated description and commit text to reflect changes 7) Changed the compatible string from imx412 to imx577. 8) Added board-specific enablement changes in the newly created vision board DTSI file. 9) Fixed bug encountered during testing. 10) Moved logically independent changes to a new/seprate patch. 11) Removed cci0 as no sensor is on this port and MCLK2, which was a copy-paste error from the RB5 board reference. 12) Added power rails, referencing the RB5 board. 13) Discarded Patch 5/6 completely (not required). 14) Removed unused enums. To: Robert Foss <rfoss(a)kernel.org> To: Todor Tomov <todor.too(a)gmail.com> To: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> To: Mauro Carvalho Chehab <mchehab(a)kernel.org> To: Rob Herring <robh(a)kernel.org> To: Krzysztof Kozlowski <krzk+dt(a)kernel.org> To: Conor Dooley <conor+dt(a)kernel.org> To: Kapatrala Syed <akapatra(a)quicinc.com> To: Hariram Purushothaman <hariramp(a)quicinc.com> To: Bjorn Andersson <andersson(a)kernel.org> To: Konrad Dybcio <konradybcio(a)kernel.org> To: Hans Verkuil <hverkuil-cisco(a)xs4all.nl> To: cros-qcom-dts-watchers(a)chromium.org To: Catalin Marinas <catalin.marinas(a)arm.com> To: Will Deacon <will(a)kernel.org> Cc: linux-arm-msm(a)vger.kernel.org Cc: linux-media(a)vger.kernel.org Cc: devicetree(a)vger.kernel.org Cc: linux-kernel(a)vger.kernel.org Cc: linux-arm-kernel(a)lists.infradead.org Test-by: Vikram Sharma <quic_vikramsa(a)quicinc.com> Signed-off-by: Vikram Sharma <quic_vikramsa(a)quicinc.com> --- Suresh Vankadara (1): media: qcom: camss: Add support for camss driver on SC7280 Vikram Sharma (9): media: dt-bindings: media: camss: Add qcom,sc7280-camss binding media: dt-bindings: media: qcs6490-rb3gen2-vision-mezzanine: Add dt bindings media: qcom: camss: Fix potential crash if domain attach fails media: qcom: camss: Sort CAMSS version enums and compatible strings media: qcom: camss: Add camss_link_entities_v2 arm64: dts: qcom: sc7280: Add support for camss arm64: dts: qcom: qcs6490-rb3gen2-vision-mezzanine: Enable IMX577 sensor arm64: dts: qcom: sc7280: Add default and suspend states for GPIO arm64: defconfig: Enable camcc driver for SC7280 Documentation/devicetree/bindings/arm/qcom.yaml | 1 + .../bindings/media/qcom,sc7280-camss.yaml | 441 +++++++++++++++++++++ arch/arm64/boot/dts/qcom/Makefile | 1 + .../dts/qcom/qcs6490-rb3gen2-vision-mezzanine.dts | 61 +++ arch/arm64/boot/dts/qcom/sc7280.dtsi | 208 ++++++++++ arch/arm64/configs/defconfig | 1 + drivers/media/platform/qcom/camss/camss-csid.c | 1 - .../platform/qcom/camss/camss-csiphy-3ph-1-0.c | 13 +- drivers/media/platform/qcom/camss/camss-csiphy.c | 5 + drivers/media/platform/qcom/camss/camss-csiphy.h | 1 + drivers/media/platform/qcom/camss/camss-vfe.c | 8 +- drivers/media/platform/qcom/camss/camss.c | 400 ++++++++++++++++++- drivers/media/platform/qcom/camss/camss.h | 1 + 13 files changed, 1131 insertions(+), 11 deletions(-) --- base-commit: fdadd93817f124fd0ea6ef251d4a1068b7feceba change-id: 20240904-camss_on_sc7280_rb3gen2_vision_v2_patches-15c195fb3f12 Best regards, -- Vikram Sharma <quic_vikramsa(a)quicinc.com>

7 months

6
14
0 0

FAILED: patch "[PATCH] PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 0199d2f2bd8cd97b310f7ed82a067247d7456029 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100153-unpaired-charity-9b6f@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 0199d2f2bd8c ("PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler") e56427068a8d ("PCI: xilinx-nwl: Use irq_data_get_irq_chip_data()") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 0199d2f2bd8cd97b310f7ed82a067247d7456029 Mon Sep 17 00:00:00 2001 From: Sean Anderson <sean.anderson(a)linux.dev> Date: Fri, 31 May 2024 12:13:32 -0400 Subject: [PATCH] PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler MSGF_LEG_MASK is laid out with INTA in bit 0, INTB in bit 1, INTC in bit 2, and INTD in bit 3. Hardware IRQ numbers start at 0, and we register PCI_NUM_INTX IRQs. So to enable INTA (aka hwirq 0) we should set bit 0. Remove the subtraction of one. This bug would cause INTx interrupts not to be delivered, as enabling INTB would actually enable INTA, and enabling INTA wouldn't enable anything at all. It is likely that this got overlooked for so long since most PCIe hardware uses MSIs. This fixes the following UBSAN error: UBSAN: shift-out-of-bounds in ../drivers/pci/controller/pcie-xilinx-nwl.c:389:11 shift exponent 18446744073709551615 is too large for 32-bit type 'int' CPU: 1 PID: 61 Comm: kworker/u10:1 Not tainted 6.6.20+ #268 Hardware name: xlnx,zynqmp (DT) Workqueue: events_unbound deferred_probe_work_func Call trace: dump_backtrace (arch/arm64/kernel/stacktrace.c:235) show_stack (arch/arm64/kernel/stacktrace.c:242) dump_stack_lvl (lib/dump_stack.c:107) dump_stack (lib/dump_stack.c:114) __ubsan_handle_shift_out_of_bounds (lib/ubsan.c:218 lib/ubsan.c:387) nwl_unmask_leg_irq (drivers/pci/controller/pcie-xilinx-nwl.c:389 (discriminator 1)) irq_enable (kernel/irq/internals.h:234 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345) __irq_startup (kernel/irq/internals.h:239 kernel/irq/chip.c:180 kernel/irq/chip.c:250) irq_startup (kernel/irq/chip.c:270) __setup_irq (kernel/irq/manage.c:1800) request_threaded_irq (kernel/irq/manage.c:2206) pcie_pme_probe (include/linux/interrupt.h:168 drivers/pci/pcie/pme.c:348) Fixes: 9a181e1093af ("PCI: xilinx-nwl: Modify IRQ chip for legacy interrupts") Link: https://lore.kernel.org/r/20240531161337.864994-3-sean.anderson@linux.dev Signed-off-by: Sean Anderson <sean.anderson(a)linux.dev> Signed-off-by: Bjorn Helgaas <bhelgaas(a)google.com> Cc: stable(a)vger.kernel.org diff --git a/drivers/pci/controller/pcie-xilinx-nwl.c b/drivers/pci/controller/pcie-xilinx-nwl.c index 0408f4d612b5..437927e3bcca 100644 --- a/drivers/pci/controller/pcie-xilinx-nwl.c +++ b/drivers/pci/controller/pcie-xilinx-nwl.c @@ -371,7 +371,7 @@ static void nwl_mask_intx_irq(struct irq_data *data) u32 mask; u32 val; - mask = 1 << (data->hwirq - 1); + mask = 1 << data->hwirq; raw_spin_lock_irqsave(&pcie->leg_mask_lock, flags); val = nwl_bridge_readl(pcie, MSGF_LEG_MASK); nwl_bridge_writel(pcie, (val & (~mask)), MSGF_LEG_MASK); @@ -385,7 +385,7 @@ static void nwl_unmask_intx_irq(struct irq_data *data) u32 mask; u32 val; - mask = 1 << (data->hwirq - 1); + mask = 1 << data->hwirq; raw_spin_lock_irqsave(&pcie->leg_mask_lock, flags); val = nwl_bridge_readl(pcie, MSGF_LEG_MASK); nwl_bridge_writel(pcie, (val | mask), MSGF_LEG_MASK);

7 months

2
1
0 0

Re: Patch "selftests: vDSO: simplify getrandom thread local storage and structs" has been added to the 6.11-stable tree

by Jason A. Donenfeld

This is not stable material and I didn't mark it as such. Do not backport.

7 months

3
2
0 0

[PATCH 6.10 00/58] 6.10.12-rc1 review

by Greg Kroah-Hartman

This is the start of the stable review cycle for the 6.10.12 release. There are 58 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sun, 29 Sep 2024 12:17:00 +0000. Anything received after that time might be too late. The whole patch series can be found in one patch at: https://www.kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.10.12-rc… or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-6.10.y and the diffstat can be found below. thanks, greg k-h ------------- Pseudo-Shortlog of commits: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> Linux 6.10.12-rc1 Edward Adam Davis <eadavis(a)qq.com> USB: usbtmc: prevent kernel-usb-infoleak Junhao Xie <bigfoot(a)classfun.cn> USB: serial: pl2303: add device id for Macrosilicon MS3020 Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop() Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: properly indent labels Keith Busch <kbusch(a)kernel.org> nvme-pci: qdepth 1 quirk Kiran K <kiran.k(a)intel.com> Bluetooth: btintel_pcie: Allocate memory for driver private data Dan Carpenter <dan.carpenter(a)linaro.org> netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level() Florian Westphal <fw(a)strlen.de> netfilter: nft_socket: make cgroupsv2 matching work with namespaces Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> powercap/intel_rapl: Fix the energy-pkg event for AMD CPUs Dhananjay Ugwekar <Dhananjay.Ugwekar(a)amd.com> powercap/intel_rapl: Add support for AMD family 1Ah Michał Winiarski <michal.winiarski(a)intel.com> drm: Expand max DRM device number to full MINORBITS Michał Winiarski <michal.winiarski(a)intel.com> accel: Use XArray instead of IDR for minors Michał Winiarski <michal.winiarski(a)intel.com> drm: Use XArray instead of IDR for minors Ferry Meng <mengferry(a)linux.alibaba.com> ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() Ferry Meng <mengferry(a)linux.alibaba.com> ocfs2: add bounds checking to ocfs2_xattr_find_entry() Geert Uytterhoeven <geert+renesas(a)glider.be> spi: spidev: Add missing spi_device_id for jg10309-01 Kenneth Feng <kenneth.feng(a)amd.com> drm/amd/pm: fix the pp_dpm_pcie issue on smu v14.0.2/3 zhang jiao <zhangjiao2(a)cmss.chinamobile.com> tools: hv: rm .*.cmd when make clean Michael Kelley <mhklinux(a)outlook.com> x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency Larysa Zaremba <larysa.zaremba(a)intel.com> ice: check for XDP rings instead of bpf program when unconfiguring Luke D. Jones <luke(a)ljones.dev> platform/x86/amd: pmf: Make ASUS GA403 quirk generic Paulo Alcantara <pc(a)manguebit.com> smb: client: fix hang in wait_for_response() for negproto Liao Chen <liaochen4(a)huawei.com> spi: bcm63xx: Enable module autoloading hongchi.peng <hongchi.peng(a)siengine.com> drm: komeda: Fix an issue related to normalized zpos Kai Vehmanen <kai.vehmanen(a)linux.intel.com> ALSA: hda: add HDMI codec ID for Intel PTL Neil Armstrong <neil.armstrong(a)linaro.org> clk: qcom: gcc-sm8650: Don't use shared clk_ops for QUPs Markuss Broks <markuss.broks(a)gmail.com> ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK) Fabio Estevam <festevam(a)gmail.com> spi: spidev: Add an entry for elgin,jg10309-01 Zhang Yi <zhangyi(a)everest-semi.com> ASoC: mediatek: mt8188-mt6359: Modify key Liao Chen <liaochen4(a)huawei.com> ASoC: fix module autoloading Liao Chen <liaochen4(a)huawei.com> ASoC: tda7419: fix module autoloading Liao Chen <liaochen4(a)huawei.com> ASoC: google: fix module autoloading Liao Chen <liaochen4(a)huawei.com> ASoC: intel: fix module autoloading Hans de Goede <hdegoede(a)redhat.com> ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict Marc Kleine-Budde <mkl(a)pengutronix.de> can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration Markus Schneider-Pargmann <msp(a)baylibre.com> can: m_can: Limit coalescing to peripheral instances Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: clear trans->state earlier upon error Dmitry Antipov <dmantipov(a)yandex.ru> wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap() Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead Emmanuel Grumbach <emmanuel.grumbach(a)intel.com> wifi: iwlwifi: mvm: pause TCM when the firmware is stopped Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() Daniel Gabay <daniel.gabay(a)intel.com> wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation Benjamin Berg <benjamin.berg(a)intel.com> wifi: iwlwifi: lower message level for FW buffer destination Bibo Mao <maobibo(a)loongson.cn> LoongArch: KVM: Invalidate guest steal time address on vCPU reset Huacai Chen <chenhuacai(a)kernel.org> LoongArch: Define ARCH_IRQ_INIT_FLAGS as IRQ_NOPROBE Jacky Chou <jacky_chou(a)aspeedtech.com> net: ftgmac100: Ensure tx descriptor updates are visible Hans de Goede <hdegoede(a)redhat.com> platform/x86: x86-android-tablets: Make Lenovo Yoga Tab 3 X90F DMI match less strict Mathieu Fenniak <mathieu(a)fenniak.net> platform/x86: asus-wmi: Fix spurious rfkill on UX8406MA Mike Rapoport <rppt(a)kernel.org> microblaze: don't treat zero reserved memory regions as error Ross Brown <true.robot.ross(a)gmail.com> hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING Thomas Blocher <thomas.blocher(a)ek-dev.de> pinctrl: at91: make it work with current gpiolib Sherry Yang <sherry.yang(a)oracle.com> scsi: lpfc: Fix overflow build issue Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - FIxed ALC285 headphone no sound Kailang Yang <kailang(a)realtek.com> ALSA: hda/realtek - Fixed ALC256 headphone no sound Hongbo Li <lihongbo22(a)huawei.com> ASoC: allow module autoloading for table board_ids Hongbo Li <lihongbo22(a)huawei.com> ASoC: allow module autoloading for table db1200_pids YR Yang <yr.yang(a)mediatek.com> ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile Albert Jakieła <jakiela(a)google.com> ASoC: SOF: mediatek: Add missing board compatible ------------- Diffstat: Makefile | 4 +- arch/loongarch/include/asm/hw_irq.h | 2 + arch/loongarch/include/asm/kvm_vcpu.h | 1 - arch/loongarch/kernel/irq.c | 3 - arch/loongarch/kvm/timer.c | 7 -- arch/loongarch/kvm/vcpu.c | 2 +- arch/microblaze/mm/init.c | 5 - arch/x86/kernel/cpu/mshyperv.c | 1 + drivers/accel/drm_accel.c | 110 ++------------------- drivers/bluetooth/btintel_pcie.c | 2 +- drivers/clk/qcom/gcc-sm8650.c | 56 +++++------ .../gpu/drm/amd/pm/swsmu/smu14/smu_v14_0_2_ppt.c | 3 + drivers/gpu/drm/arm/display/komeda/komeda_kms.c | 10 +- drivers/gpu/drm/drm_drv.c | 97 +++++++++--------- drivers/gpu/drm/drm_file.c | 2 +- drivers/gpu/drm/drm_internal.h | 4 - drivers/hwmon/asus-ec-sensors.c | 2 +- drivers/net/can/m_can/m_can.c | 16 +-- drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 42 ++++---- drivers/net/can/spi/mcp251xfd/mcp251xfd-dump.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-regmap.c | 2 +- drivers/net/can/spi/mcp251xfd/mcp251xfd-ring.c | 14 ++- drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 2 +- .../net/can/spi/mcp251xfd/mcp251xfd-timestamp.c | 7 +- drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 1 + drivers/net/ethernet/faraday/ftgmac100.c | 26 +++-- drivers/net/ethernet/intel/ice/ice_lib.c | 4 +- drivers/net/ethernet/intel/ice/ice_main.c | 4 +- drivers/net/ethernet/intel/ice/ice_xsk.c | 6 +- drivers/net/wireless/intel/iwlwifi/fw/dbg.c | 2 +- drivers/net/wireless/intel/iwlwifi/iwl-trans.h | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c | 9 +- drivers/net/wireless/intel/iwlwifi/mvm/ops.c | 2 + drivers/net/wireless/intel/iwlwifi/mvm/scan.c | 31 +++--- .../wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c | 3 +- drivers/nvme/host/nvme.h | 5 + drivers/nvme/host/pci.c | 18 ++-- drivers/pinctrl/pinctrl-at91.c | 5 +- drivers/platform/x86/amd/pmf/pmf-quirks.c | 2 +- drivers/platform/x86/asus-nb-wmi.c | 20 +++- drivers/platform/x86/asus-wmi.h | 1 + drivers/platform/x86/x86-android-tablets/dmi.c | 1 - drivers/powercap/intel_rapl_common.c | 35 ++++++- drivers/scsi/lpfc/lpfc_bsg.c | 2 +- drivers/spi/spi-bcm63xx.c | 1 + drivers/spi/spidev.c | 2 + drivers/usb/class/usbtmc.c | 2 +- drivers/usb/serial/pl2303.c | 1 + drivers/usb/serial/pl2303.h | 4 + fs/ocfs2/xattr.c | 27 +++-- fs/smb/client/connect.c | 14 ++- include/drm/drm_accel.h | 18 +--- include/drm/drm_file.h | 5 + net/mac80211/tx.c | 4 +- net/netfilter/nft_socket.c | 41 +++++++- sound/pci/hda/patch_hdmi.c | 1 + sound/pci/hda/patch_realtek.c | 76 +++++++++----- sound/soc/amd/acp/acp-sof-mach.c | 2 + sound/soc/amd/yc/acp6x-mach.c | 7 ++ sound/soc/au1x/db1200.c | 1 + sound/soc/codecs/chv3-codec.c | 1 + sound/soc/codecs/tda7419.c | 1 + sound/soc/google/chv3-i2s.c | 1 + sound/soc/intel/common/soc-acpi-intel-cht-match.c | 1 - sound/soc/intel/keembay/kmb_platform.c | 1 + sound/soc/mediatek/mt8188/mt8188-afe-pcm.c | 1 + sound/soc/mediatek/mt8188/mt8188-mt6359.c | 17 +++- sound/soc/sof/mediatek/mt8195/mt8195.c | 3 + tools/hv/Makefile | 2 +- 69 files changed, 450 insertions(+), 359 deletions(-)

7 months

12
69
0 0

[PATCH v6.6-v4.19] wifi: mac80211: Avoid address calculations via out of bounds array indexing

by hsimeliere.opensource＠witekio.com

From: Kenton Groombridge <concord(a)gentoo.org> commit 2663d0462eb32ae7c9b035300ab6b1523886c718 upstream. req->n_channels must be set before req->channels[] can be used. This patch fixes one of the issues encountered in [1]. [ 83.964255] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:364:4 [ 83.964258] index 0 is out of range for type 'struct ieee80211_channel *[]' [...] [ 83.964264] Call Trace: [ 83.964267] <TASK> [ 83.964269] dump_stack_lvl+0x3f/0xc0 [ 83.964274] __ubsan_handle_out_of_bounds+0xec/0x110 [ 83.964278] ieee80211_prep_hw_scan+0x2db/0x4b0 [ 83.964281] __ieee80211_start_scan+0x601/0x990 [ 83.964291] nl80211_trigger_scan+0x874/0x980 [ 83.964295] genl_family_rcv_msg_doit+0xe8/0x160 [ 83.964298] genl_rcv_msg+0x240/0x270 [...] [1] https://bugzilla.kernel.org/show_bug.cgi?id=218810 Co-authored-by: Kees Cook <keescook(a)chromium.org> Signed-off-by: Kees Cook <kees(a)kernel.org> Signed-off-by: Kenton Groombridge <concord(a)gentoo.org> Link: https://msgid.link/20240605152218.236061-1-concord@gentoo.org Signed-off-by: Johannes Berg <johannes.berg(a)intel.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource(a)witekio.com> --- net/mac80211/scan.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c index 62c22ff329ad..d81b49fb6458 100644 --- a/net/mac80211/scan.c +++ b/net/mac80211/scan.c @@ -357,7 +357,8 @@ static bool ieee80211_prep_hw_scan(struct ieee80211_sub_if_data *sdata) struct cfg80211_scan_request *req; struct cfg80211_chan_def chandef; u8 bands_used = 0; - int i, ielen, n_chans; + int i, ielen; + u32 *n_chans; u32 flags = 0; req = rcu_dereference_protected(local->scan_req, @@ -367,34 +368,34 @@ static bool ieee80211_prep_hw_scan(struct ieee80211_sub_if_data *sdata) return false; if (ieee80211_hw_check(&local->hw, SINGLE_SCAN_ON_ALL_BANDS)) { + local->hw_scan_req->req.n_channels = req->n_channels; + for (i = 0; i < req->n_channels; i++) { local->hw_scan_req->req.channels[i] = req->channels[i]; bands_used |= BIT(req->channels[i]->band); } - - n_chans = req->n_channels; } else { do { if (local->hw_scan_band == NUM_NL80211_BANDS) return false; - n_chans = 0; + n_chans = &local->hw_scan_req->req.n_channels; + *n_chans = 0; for (i = 0; i < req->n_channels; i++) { if (req->channels[i]->band != local->hw_scan_band) continue; - local->hw_scan_req->req.channels[n_chans] = + local->hw_scan_req->req.channels[(*n_chans)++] = req->channels[i]; - n_chans++; + bands_used |= BIT(req->channels[i]->band); } local->hw_scan_band++; - } while (!n_chans); + } while (!*n_chans); } - local->hw_scan_req->req.n_channels = n_chans; ieee80211_prepare_scan_chandef(&chandef, req->scan_width); if (req->flags & NL80211_SCAN_FLAG_MIN_PREQ_CONTENT) -- 2.43.0

7 months

1
1
0 0

FAILED: patch "[PATCH] hwrng: mtk - Use devm_pm_runtime_enable" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 78cb66caa6ab5385ac2090f1aae5f3c19e08f522 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100129-herring-nutcase-68d7@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 78cb66caa6ab ("hwrng: mtk - Use devm_pm_runtime_enable") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 78cb66caa6ab5385ac2090f1aae5f3c19e08f522 Mon Sep 17 00:00:00 2001 From: Guoqing Jiang <guoqing.jiang(a)canonical.com> Date: Mon, 26 Aug 2024 15:04:15 +0800 Subject: [PATCH] hwrng: mtk - Use devm_pm_runtime_enable Replace pm_runtime_enable with the devres-enabled version which can trigger pm_runtime_disable. Otherwise, the below appears during reload driver. mtk_rng 1020f000.rng: Unbalanced pm_runtime_enable! Fixes: 81d2b34508c6 ("hwrng: mtk - add runtime PM support") Cc: <stable(a)vger.kernel.org> Suggested-by: Chen-Yu Tsai <wenst(a)chromium.org> Signed-off-by: Guoqing Jiang <guoqing.jiang(a)canonical.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/drivers/char/hw_random/mtk-rng.c b/drivers/char/hw_random/mtk-rng.c index aa993753ab12..1e3048f2bb38 100644 --- a/drivers/char/hw_random/mtk-rng.c +++ b/drivers/char/hw_random/mtk-rng.c @@ -142,7 +142,7 @@ static int mtk_rng_probe(struct platform_device *pdev) dev_set_drvdata(&pdev->dev, priv); pm_runtime_set_autosuspend_delay(&pdev->dev, RNG_AUTOSUSPEND_TIMEOUT); pm_runtime_use_autosuspend(&pdev->dev); - pm_runtime_enable(&pdev->dev); + devm_pm_runtime_enable(&pdev->dev); dev_info(&pdev->dev, "registered RNG driver\n");

7 months

1
0
0 0

FAILED: patch "[PATCH] ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 1b0e32753d8550908dff8982410357b5114be78c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100113-satchel-circulate-81a1@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 1b0e32753d85 ("ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp pinctrl") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1b0e32753d8550908dff8982410357b5114be78c Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sat, 31 Aug 2024 12:11:28 +0200 Subject: [PATCH] ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp pinctrl The property is "fsl,pins", not "fsl,pin". Wrong property means the pin configuration was not applied. Fixes dtbs_check warnings: imx6ul-geam.dtb: pinctrl@20e0000: tscgrp: 'fsl,pins' is a required property imx6ul-geam.dtb: pinctrl@20e0000: tscgrp: 'fsl,pin' does not match any of the regexes: 'pinctrl-[0-9]+' Cc: stable(a)vger.kernel.org Fixes: a58e4e608bc8 ("ARM: dts: imx6ul-geam: Add Engicam IMX6UL GEA M6UL initial support") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Michael Trimarchi <michael(a)amarulasolutions.com> Signed-off-by: Shawn Guo <shawnguo(a)kernel.org> diff --git a/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts b/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts index cdbb8c435cd6..601d89b904cd 100644 --- a/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts +++ b/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts @@ -365,7 +365,7 @@ MX6UL_PAD_ENET1_RX_ER__PWM8_OUT 0x110b0 }; pinctrl_tsc: tscgrp { - fsl,pin = < + fsl,pins = < MX6UL_PAD_GPIO1_IO01__GPIO1_IO01 0xb0 MX6UL_PAD_GPIO1_IO02__GPIO1_IO02 0xb0 MX6UL_PAD_GPIO1_IO03__GPIO1_IO03 0xb0

7 months

1
0
0 0

FAILED: patch "[PATCH] ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1b0e32753d8550908dff8982410357b5114be78c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100112-cyclic-aqua-915b@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 1b0e32753d85 ("ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp pinctrl") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1b0e32753d8550908dff8982410357b5114be78c Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sat, 31 Aug 2024 12:11:28 +0200 Subject: [PATCH] ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp pinctrl The property is "fsl,pins", not "fsl,pin". Wrong property means the pin configuration was not applied. Fixes dtbs_check warnings: imx6ul-geam.dtb: pinctrl@20e0000: tscgrp: 'fsl,pins' is a required property imx6ul-geam.dtb: pinctrl@20e0000: tscgrp: 'fsl,pin' does not match any of the regexes: 'pinctrl-[0-9]+' Cc: stable(a)vger.kernel.org Fixes: a58e4e608bc8 ("ARM: dts: imx6ul-geam: Add Engicam IMX6UL GEA M6UL initial support") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Michael Trimarchi <michael(a)amarulasolutions.com> Signed-off-by: Shawn Guo <shawnguo(a)kernel.org> diff --git a/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts b/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts index cdbb8c435cd6..601d89b904cd 100644 --- a/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts +++ b/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts @@ -365,7 +365,7 @@ MX6UL_PAD_ENET1_RX_ER__PWM8_OUT 0x110b0 }; pinctrl_tsc: tscgrp { - fsl,pin = < + fsl,pins = < MX6UL_PAD_GPIO1_IO01__GPIO1_IO01 0xb0 MX6UL_PAD_GPIO1_IO02__GPIO1_IO02 0xb0 MX6UL_PAD_GPIO1_IO03__GPIO1_IO03 0xb0

7 months

1
0
0 0

FAILED: patch "[PATCH] ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1b0e32753d8550908dff8982410357b5114be78c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100111-lilac-underarm-be95@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 1b0e32753d85 ("ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp pinctrl") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1b0e32753d8550908dff8982410357b5114be78c Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sat, 31 Aug 2024 12:11:28 +0200 Subject: [PATCH] ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp pinctrl The property is "fsl,pins", not "fsl,pin". Wrong property means the pin configuration was not applied. Fixes dtbs_check warnings: imx6ul-geam.dtb: pinctrl@20e0000: tscgrp: 'fsl,pins' is a required property imx6ul-geam.dtb: pinctrl@20e0000: tscgrp: 'fsl,pin' does not match any of the regexes: 'pinctrl-[0-9]+' Cc: stable(a)vger.kernel.org Fixes: a58e4e608bc8 ("ARM: dts: imx6ul-geam: Add Engicam IMX6UL GEA M6UL initial support") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Michael Trimarchi <michael(a)amarulasolutions.com> Signed-off-by: Shawn Guo <shawnguo(a)kernel.org> diff --git a/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts b/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts index cdbb8c435cd6..601d89b904cd 100644 --- a/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts +++ b/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts @@ -365,7 +365,7 @@ MX6UL_PAD_ENET1_RX_ER__PWM8_OUT 0x110b0 }; pinctrl_tsc: tscgrp { - fsl,pin = < + fsl,pins = < MX6UL_PAD_GPIO1_IO01__GPIO1_IO01 0xb0 MX6UL_PAD_GPIO1_IO02__GPIO1_IO02 0xb0 MX6UL_PAD_GPIO1_IO03__GPIO1_IO03 0xb0

7 months

1
0
0 0

FAILED: patch "[PATCH] ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1b0e32753d8550908dff8982410357b5114be78c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100111-rocking-clatter-0ff3@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 1b0e32753d85 ("ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp pinctrl") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1b0e32753d8550908dff8982410357b5114be78c Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sat, 31 Aug 2024 12:11:28 +0200 Subject: [PATCH] ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp pinctrl The property is "fsl,pins", not "fsl,pin". Wrong property means the pin configuration was not applied. Fixes dtbs_check warnings: imx6ul-geam.dtb: pinctrl@20e0000: tscgrp: 'fsl,pins' is a required property imx6ul-geam.dtb: pinctrl@20e0000: tscgrp: 'fsl,pin' does not match any of the regexes: 'pinctrl-[0-9]+' Cc: stable(a)vger.kernel.org Fixes: a58e4e608bc8 ("ARM: dts: imx6ul-geam: Add Engicam IMX6UL GEA M6UL initial support") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Michael Trimarchi <michael(a)amarulasolutions.com> Signed-off-by: Shawn Guo <shawnguo(a)kernel.org> diff --git a/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts b/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts index cdbb8c435cd6..601d89b904cd 100644 --- a/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts +++ b/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts @@ -365,7 +365,7 @@ MX6UL_PAD_ENET1_RX_ER__PWM8_OUT 0x110b0 }; pinctrl_tsc: tscgrp { - fsl,pin = < + fsl,pins = < MX6UL_PAD_GPIO1_IO01__GPIO1_IO01 0xb0 MX6UL_PAD_GPIO1_IO02__GPIO1_IO02 0xb0 MX6UL_PAD_GPIO1_IO03__GPIO1_IO03 0xb0

7 months

1
0
0 0

FAILED: patch "[PATCH] ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 1b0e32753d8550908dff8982410357b5114be78c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100110-profane-wriggle-076a@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 1b0e32753d85 ("ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp pinctrl") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1b0e32753d8550908dff8982410357b5114be78c Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Sat, 31 Aug 2024 12:11:28 +0200 Subject: [PATCH] ARM: dts: imx6ul-geam: fix fsl,pins property in tscgrp pinctrl The property is "fsl,pins", not "fsl,pin". Wrong property means the pin configuration was not applied. Fixes dtbs_check warnings: imx6ul-geam.dtb: pinctrl@20e0000: tscgrp: 'fsl,pins' is a required property imx6ul-geam.dtb: pinctrl@20e0000: tscgrp: 'fsl,pin' does not match any of the regexes: 'pinctrl-[0-9]+' Cc: stable(a)vger.kernel.org Fixes: a58e4e608bc8 ("ARM: dts: imx6ul-geam: Add Engicam IMX6UL GEA M6UL initial support") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Michael Trimarchi <michael(a)amarulasolutions.com> Signed-off-by: Shawn Guo <shawnguo(a)kernel.org> diff --git a/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts b/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts index cdbb8c435cd6..601d89b904cd 100644 --- a/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts +++ b/arch/arm/boot/dts/nxp/imx/imx6ul-geam.dts @@ -365,7 +365,7 @@ MX6UL_PAD_ENET1_RX_ER__PWM8_OUT 0x110b0 }; pinctrl_tsc: tscgrp { - fsl,pin = < + fsl,pins = < MX6UL_PAD_GPIO1_IO01__GPIO1_IO01 0xb0 MX6UL_PAD_GPIO1_IO02__GPIO1_IO02 0xb0 MX6UL_PAD_GPIO1_IO03__GPIO1_IO03 0xb0

7 months

1
0
0 0

FAILED: patch "[PATCH] dt-bindings: spi: nxp-fspi: add imx8ulp support" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 12736adc43b7cd5cb83f274f8f37b0f89d107c97 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100148-payday-steadfast-3ba9@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 12736adc43b7 ("dt-bindings: spi: nxp-fspi: add imx8ulp support") 18ab9e9e8889 ("dt-bindings: spi: nxp-fspi: support i.MX93 and i.MX95") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 12736adc43b7cd5cb83f274f8f37b0f89d107c97 Mon Sep 17 00:00:00 2001 From: Haibo Chen <haibo.chen(a)nxp.com> Date: Thu, 5 Sep 2024 17:43:35 +0800 Subject: [PATCH] dt-bindings: spi: nxp-fspi: add imx8ulp support The flexspi on imx8ulp only has 16 number of LUTs, it is different with flexspi on other imx SoC which has 32 number of LUTs. Fixes: ef89fd56bdfc ("arm64: dts: imx8ulp: add flexspi node") Cc: stable(a)kernel.org Acked-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Signed-off-by: Haibo Chen <haibo.chen(a)nxp.com> Reviewed-by: Frank Li <Frank.Li(a)nxp.com> Link: https://patch.msgid.link/20240905094338.1986871-2-haibo.chen@nxp.com Signed-off-by: Mark Brown <broonie(a)kernel.org> diff --git a/Documentation/devicetree/bindings/spi/spi-nxp-fspi.yaml b/Documentation/devicetree/bindings/spi/spi-nxp-fspi.yaml index 4a5f41bde00f..902db92da832 100644 --- a/Documentation/devicetree/bindings/spi/spi-nxp-fspi.yaml +++ b/Documentation/devicetree/bindings/spi/spi-nxp-fspi.yaml @@ -21,6 +21,7 @@ properties: - nxp,imx8mm-fspi - nxp,imx8mp-fspi - nxp,imx8qxp-fspi + - nxp,imx8ulp-fspi - nxp,lx2160a-fspi - items: - enum:

7 months

1
0
0 0

FAILED: patch "[PATCH] lsm: add the inode_free_security_rcu() LSM implementation" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 63dff3e48871b0583be5032ff8fb7260c349a18c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100134-brutishly-unlinked-b242@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 63dff3e48871 ("lsm: add the inode_free_security_rcu() LSM implementation hook") 4de2f084fbff ("ima: Make it independent from 'integrity' LSM") 75a323e604fc ("evm: Make it independent from 'integrity' LSM") 923831117611 ("evm: Move to LSM infrastructure") 84594c9ecdca ("ima: Move IMA-Appraisal to LSM infrastructure") cd3cec0a02c7 ("ima: Move to LSM infrastructure") 06cca5110774 ("integrity: Move integrity_kernel_module_request() to IMA") b8d997032a46 ("security: Introduce key_post_create_or_update hook") 2d705d802414 ("security: Introduce inode_post_remove_acl hook") 8b9d0b825c65 ("security: Introduce inode_post_set_acl hook") a7811e34d100 ("security: Introduce inode_post_create_tmpfile hook") f09068b5a114 ("security: Introduce file_release hook") 8f46ff5767b0 ("security: Introduce file_post_open hook") dae52cbf5887 ("security: Introduce inode_post_removexattr hook") 77fa6f314f03 ("security: Introduce inode_post_setattr hook") 314a8dc728d0 ("security: Align inode_setattr hook definition with EVM") 779cb1947e27 ("evm: Align evm_inode_post_setxattr() definition with LSM infrastructure") 2b6a4054f8c2 ("evm: Align evm_inode_setxattr() definition with LSM infrastructure") 784111d0093e ("evm: Align evm_inode_post_setattr() definition with LSM infrastructure") fec5f85e468d ("ima: Align ima_post_read_file() definition with LSM infrastructure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63dff3e48871b0583be5032ff8fb7260c349a18c Mon Sep 17 00:00:00 2001 From: Paul Moore <paul(a)paul-moore.com> Date: Tue, 9 Jul 2024 19:43:06 -0400 Subject: [PATCH] lsm: add the inode_free_security_rcu() LSM implementation hook The LSM framework has an existing inode_free_security() hook which is used by LSMs that manage state associated with an inode, but due to the use of RCU to protect the inode, special care must be taken to ensure that the LSMs do not fully release the inode state until it is safe from a RCU perspective. This patch implements a new inode_free_security_rcu() implementation hook which is called when it is safe to free the LSM's internal inode state. Unfortunately, this new hook does not have access to the inode itself as it may already be released, so the existing inode_free_security() hook is retained for those LSMs which require access to the inode. Cc: stable(a)vger.kernel.org Reported-by: syzbot+5446fbf332b0602ede0b(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000076ba3b0617f65cc8@google.com Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 63e2656d1d56..520730fe2d94 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -114,6 +114,7 @@ LSM_HOOK(int, 0, path_notify, const struct path *path, u64 mask, unsigned int obj_type) LSM_HOOK(int, 0, inode_alloc_security, struct inode *inode) LSM_HOOK(void, LSM_RET_VOID, inode_free_security, struct inode *inode) +LSM_HOOK(void, LSM_RET_VOID, inode_free_security_rcu, void *inode_security) LSM_HOOK(int, -EOPNOTSUPP, inode_init_security, struct inode *inode, struct inode *dir, const struct qstr *qstr, struct xattr *xattrs, int *xattr_count) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index c51e24d24d1e..3c323ca213d4 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -223,7 +223,7 @@ static inline void ima_inode_set_iint(const struct inode *inode, struct ima_iint_cache *ima_iint_find(struct inode *inode); struct ima_iint_cache *ima_inode_get(struct inode *inode); -void ima_inode_free(struct inode *inode); +void ima_inode_free_rcu(void *inode_security); void __init ima_iintcache_init(void); extern const int read_idmap[]; diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index e23412a2c56b..00b249101f98 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c @@ -109,22 +109,18 @@ struct ima_iint_cache *ima_inode_get(struct inode *inode) } /** - * ima_inode_free - Called on inode free - * @inode: Pointer to the inode + * ima_inode_free_rcu - Called to free an inode via a RCU callback + * @inode_security: The inode->i_security pointer * - * Free the iint associated with an inode. + * Free the IMA data associated with an inode. */ -void ima_inode_free(struct inode *inode) +void ima_inode_free_rcu(void *inode_security) { - struct ima_iint_cache *iint; + struct ima_iint_cache **iint_p = inode_security + ima_blob_sizes.lbs_inode; - if (!IS_IMA(inode)) - return; - - iint = ima_iint_find(inode); - ima_inode_set_iint(inode, NULL); - - ima_iint_free(iint); + /* *iint_p should be NULL if !IS_IMA(inode) */ + if (*iint_p) + ima_iint_free(*iint_p); } static void ima_iint_init_once(void *foo) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index f04f43af651c..5b3394864b21 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -1193,7 +1193,7 @@ static struct security_hook_list ima_hooks[] __ro_after_init = { #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS LSM_HOOK_INIT(kernel_module_request, ima_kernel_module_request), #endif - LSM_HOOK_INIT(inode_free_security, ima_inode_free), + LSM_HOOK_INIT(inode_free_security_rcu, ima_inode_free_rcu), }; static const struct lsm_id ima_lsmid = { diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 7877a64cc6b8..0804f76a67be 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1207,13 +1207,16 @@ static int current_check_refer_path(struct dentry *const old_dentry, /* Inode hooks */ -static void hook_inode_free_security(struct inode *const inode) +static void hook_inode_free_security_rcu(void *inode_security) { + struct landlock_inode_security *inode_sec; + /* * All inodes must already have been untied from their object by * release_inode() or hook_sb_delete(). */ - WARN_ON_ONCE(landlock_inode(inode)->object); + inode_sec = inode_security + landlock_blob_sizes.lbs_inode; + WARN_ON_ONCE(inode_sec->object); } /* Super-block hooks */ @@ -1637,7 +1640,7 @@ static int hook_file_ioctl_compat(struct file *file, unsigned int cmd, } static struct security_hook_list landlock_hooks[] __ro_after_init = { - LSM_HOOK_INIT(inode_free_security, hook_inode_free_security), + LSM_HOOK_INIT(inode_free_security_rcu, hook_inode_free_security_rcu), LSM_HOOK_INIT(sb_delete, hook_sb_delete), LSM_HOOK_INIT(sb_mount, hook_sb_mount), diff --git a/security/security.c b/security/security.c index b316e6586be2..611d3c124ba6 100644 --- a/security/security.c +++ b/security/security.c @@ -1609,9 +1609,8 @@ int security_inode_alloc(struct inode *inode) static void inode_free_by_rcu(struct rcu_head *head) { - /* - * The rcu head is at the start of the inode blob - */ + /* The rcu head is at the start of the inode blob */ + call_void_hook(inode_free_security_rcu, head); kmem_cache_free(lsm_inode_cache, head); } @@ -1619,23 +1618,24 @@ static void inode_free_by_rcu(struct rcu_head *head) * security_inode_free() - Free an inode's LSM blob * @inode: the inode * - * Deallocate the inode security structure and set @inode->i_security to NULL. + * Release any LSM resources associated with @inode, although due to the + * inode's RCU protections it is possible that the resources will not be + * fully released until after the current RCU grace period has elapsed. + * + * It is important for LSMs to note that despite being present in a call to + * security_inode_free(), @inode may still be referenced in a VFS path walk + * and calls to security_inode_permission() may be made during, or after, + * a call to security_inode_free(). For this reason the inode->i_security + * field is released via a call_rcu() callback and any LSMs which need to + * retain inode state for use in security_inode_permission() should only + * release that state in the inode_free_security_rcu() LSM hook callback. */ void security_inode_free(struct inode *inode) { call_void_hook(inode_free_security, inode); - /* - * The inode may still be referenced in a path walk and - * a call to security_inode_permission() can be made - * after inode_free_security() is called. Ideally, the VFS - * wouldn't do this, but fixing that is a much harder - * job. For now, simply free the i_security via RCU, and - * leave the current inode->i_security pointer intact. - * The inode will be freed after the RCU grace period too. - */ - if (inode->i_security) - call_rcu((struct rcu_head *)inode->i_security, - inode_free_by_rcu); + if (!inode->i_security) + return; + call_rcu((struct rcu_head *)inode->i_security, inode_free_by_rcu); } /**

7 months

1
0
0 0

FAILED: patch "[PATCH] lsm: add the inode_free_security_rcu() LSM implementation" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 63dff3e48871b0583be5032ff8fb7260c349a18c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100133-antivirus-stuffing-da34@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 63dff3e48871 ("lsm: add the inode_free_security_rcu() LSM implementation hook") 4de2f084fbff ("ima: Make it independent from 'integrity' LSM") 75a323e604fc ("evm: Make it independent from 'integrity' LSM") 923831117611 ("evm: Move to LSM infrastructure") 84594c9ecdca ("ima: Move IMA-Appraisal to LSM infrastructure") cd3cec0a02c7 ("ima: Move to LSM infrastructure") 06cca5110774 ("integrity: Move integrity_kernel_module_request() to IMA") b8d997032a46 ("security: Introduce key_post_create_or_update hook") 2d705d802414 ("security: Introduce inode_post_remove_acl hook") 8b9d0b825c65 ("security: Introduce inode_post_set_acl hook") a7811e34d100 ("security: Introduce inode_post_create_tmpfile hook") f09068b5a114 ("security: Introduce file_release hook") 8f46ff5767b0 ("security: Introduce file_post_open hook") dae52cbf5887 ("security: Introduce inode_post_removexattr hook") 77fa6f314f03 ("security: Introduce inode_post_setattr hook") 314a8dc728d0 ("security: Align inode_setattr hook definition with EVM") 779cb1947e27 ("evm: Align evm_inode_post_setxattr() definition with LSM infrastructure") 2b6a4054f8c2 ("evm: Align evm_inode_setxattr() definition with LSM infrastructure") 784111d0093e ("evm: Align evm_inode_post_setattr() definition with LSM infrastructure") fec5f85e468d ("ima: Align ima_post_read_file() definition with LSM infrastructure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63dff3e48871b0583be5032ff8fb7260c349a18c Mon Sep 17 00:00:00 2001 From: Paul Moore <paul(a)paul-moore.com> Date: Tue, 9 Jul 2024 19:43:06 -0400 Subject: [PATCH] lsm: add the inode_free_security_rcu() LSM implementation hook The LSM framework has an existing inode_free_security() hook which is used by LSMs that manage state associated with an inode, but due to the use of RCU to protect the inode, special care must be taken to ensure that the LSMs do not fully release the inode state until it is safe from a RCU perspective. This patch implements a new inode_free_security_rcu() implementation hook which is called when it is safe to free the LSM's internal inode state. Unfortunately, this new hook does not have access to the inode itself as it may already be released, so the existing inode_free_security() hook is retained for those LSMs which require access to the inode. Cc: stable(a)vger.kernel.org Reported-by: syzbot+5446fbf332b0602ede0b(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000076ba3b0617f65cc8@google.com Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 63e2656d1d56..520730fe2d94 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -114,6 +114,7 @@ LSM_HOOK(int, 0, path_notify, const struct path *path, u64 mask, unsigned int obj_type) LSM_HOOK(int, 0, inode_alloc_security, struct inode *inode) LSM_HOOK(void, LSM_RET_VOID, inode_free_security, struct inode *inode) +LSM_HOOK(void, LSM_RET_VOID, inode_free_security_rcu, void *inode_security) LSM_HOOK(int, -EOPNOTSUPP, inode_init_security, struct inode *inode, struct inode *dir, const struct qstr *qstr, struct xattr *xattrs, int *xattr_count) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index c51e24d24d1e..3c323ca213d4 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -223,7 +223,7 @@ static inline void ima_inode_set_iint(const struct inode *inode, struct ima_iint_cache *ima_iint_find(struct inode *inode); struct ima_iint_cache *ima_inode_get(struct inode *inode); -void ima_inode_free(struct inode *inode); +void ima_inode_free_rcu(void *inode_security); void __init ima_iintcache_init(void); extern const int read_idmap[]; diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index e23412a2c56b..00b249101f98 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c @@ -109,22 +109,18 @@ struct ima_iint_cache *ima_inode_get(struct inode *inode) } /** - * ima_inode_free - Called on inode free - * @inode: Pointer to the inode + * ima_inode_free_rcu - Called to free an inode via a RCU callback + * @inode_security: The inode->i_security pointer * - * Free the iint associated with an inode. + * Free the IMA data associated with an inode. */ -void ima_inode_free(struct inode *inode) +void ima_inode_free_rcu(void *inode_security) { - struct ima_iint_cache *iint; + struct ima_iint_cache **iint_p = inode_security + ima_blob_sizes.lbs_inode; - if (!IS_IMA(inode)) - return; - - iint = ima_iint_find(inode); - ima_inode_set_iint(inode, NULL); - - ima_iint_free(iint); + /* *iint_p should be NULL if !IS_IMA(inode) */ + if (*iint_p) + ima_iint_free(*iint_p); } static void ima_iint_init_once(void *foo) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index f04f43af651c..5b3394864b21 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -1193,7 +1193,7 @@ static struct security_hook_list ima_hooks[] __ro_after_init = { #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS LSM_HOOK_INIT(kernel_module_request, ima_kernel_module_request), #endif - LSM_HOOK_INIT(inode_free_security, ima_inode_free), + LSM_HOOK_INIT(inode_free_security_rcu, ima_inode_free_rcu), }; static const struct lsm_id ima_lsmid = { diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 7877a64cc6b8..0804f76a67be 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1207,13 +1207,16 @@ static int current_check_refer_path(struct dentry *const old_dentry, /* Inode hooks */ -static void hook_inode_free_security(struct inode *const inode) +static void hook_inode_free_security_rcu(void *inode_security) { + struct landlock_inode_security *inode_sec; + /* * All inodes must already have been untied from their object by * release_inode() or hook_sb_delete(). */ - WARN_ON_ONCE(landlock_inode(inode)->object); + inode_sec = inode_security + landlock_blob_sizes.lbs_inode; + WARN_ON_ONCE(inode_sec->object); } /* Super-block hooks */ @@ -1637,7 +1640,7 @@ static int hook_file_ioctl_compat(struct file *file, unsigned int cmd, } static struct security_hook_list landlock_hooks[] __ro_after_init = { - LSM_HOOK_INIT(inode_free_security, hook_inode_free_security), + LSM_HOOK_INIT(inode_free_security_rcu, hook_inode_free_security_rcu), LSM_HOOK_INIT(sb_delete, hook_sb_delete), LSM_HOOK_INIT(sb_mount, hook_sb_mount), diff --git a/security/security.c b/security/security.c index b316e6586be2..611d3c124ba6 100644 --- a/security/security.c +++ b/security/security.c @@ -1609,9 +1609,8 @@ int security_inode_alloc(struct inode *inode) static void inode_free_by_rcu(struct rcu_head *head) { - /* - * The rcu head is at the start of the inode blob - */ + /* The rcu head is at the start of the inode blob */ + call_void_hook(inode_free_security_rcu, head); kmem_cache_free(lsm_inode_cache, head); } @@ -1619,23 +1618,24 @@ static void inode_free_by_rcu(struct rcu_head *head) * security_inode_free() - Free an inode's LSM blob * @inode: the inode * - * Deallocate the inode security structure and set @inode->i_security to NULL. + * Release any LSM resources associated with @inode, although due to the + * inode's RCU protections it is possible that the resources will not be + * fully released until after the current RCU grace period has elapsed. + * + * It is important for LSMs to note that despite being present in a call to + * security_inode_free(), @inode may still be referenced in a VFS path walk + * and calls to security_inode_permission() may be made during, or after, + * a call to security_inode_free(). For this reason the inode->i_security + * field is released via a call_rcu() callback and any LSMs which need to + * retain inode state for use in security_inode_permission() should only + * release that state in the inode_free_security_rcu() LSM hook callback. */ void security_inode_free(struct inode *inode) { call_void_hook(inode_free_security, inode); - /* - * The inode may still be referenced in a path walk and - * a call to security_inode_permission() can be made - * after inode_free_security() is called. Ideally, the VFS - * wouldn't do this, but fixing that is a much harder - * job. For now, simply free the i_security via RCU, and - * leave the current inode->i_security pointer intact. - * The inode will be freed after the RCU grace period too. - */ - if (inode->i_security) - call_rcu((struct rcu_head *)inode->i_security, - inode_free_by_rcu); + if (!inode->i_security) + return; + call_rcu((struct rcu_head *)inode->i_security, inode_free_by_rcu); } /**

7 months

1
0
0 0

FAILED: patch "[PATCH] lsm: add the inode_free_security_rcu() LSM implementation" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 63dff3e48871b0583be5032ff8fb7260c349a18c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100132-kung-gibberish-1f5b@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 63dff3e48871 ("lsm: add the inode_free_security_rcu() LSM implementation hook") 4de2f084fbff ("ima: Make it independent from 'integrity' LSM") 75a323e604fc ("evm: Make it independent from 'integrity' LSM") 923831117611 ("evm: Move to LSM infrastructure") 84594c9ecdca ("ima: Move IMA-Appraisal to LSM infrastructure") cd3cec0a02c7 ("ima: Move to LSM infrastructure") 06cca5110774 ("integrity: Move integrity_kernel_module_request() to IMA") b8d997032a46 ("security: Introduce key_post_create_or_update hook") 2d705d802414 ("security: Introduce inode_post_remove_acl hook") 8b9d0b825c65 ("security: Introduce inode_post_set_acl hook") a7811e34d100 ("security: Introduce inode_post_create_tmpfile hook") f09068b5a114 ("security: Introduce file_release hook") 8f46ff5767b0 ("security: Introduce file_post_open hook") dae52cbf5887 ("security: Introduce inode_post_removexattr hook") 77fa6f314f03 ("security: Introduce inode_post_setattr hook") 314a8dc728d0 ("security: Align inode_setattr hook definition with EVM") 779cb1947e27 ("evm: Align evm_inode_post_setxattr() definition with LSM infrastructure") 2b6a4054f8c2 ("evm: Align evm_inode_setxattr() definition with LSM infrastructure") 784111d0093e ("evm: Align evm_inode_post_setattr() definition with LSM infrastructure") fec5f85e468d ("ima: Align ima_post_read_file() definition with LSM infrastructure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63dff3e48871b0583be5032ff8fb7260c349a18c Mon Sep 17 00:00:00 2001 From: Paul Moore <paul(a)paul-moore.com> Date: Tue, 9 Jul 2024 19:43:06 -0400 Subject: [PATCH] lsm: add the inode_free_security_rcu() LSM implementation hook The LSM framework has an existing inode_free_security() hook which is used by LSMs that manage state associated with an inode, but due to the use of RCU to protect the inode, special care must be taken to ensure that the LSMs do not fully release the inode state until it is safe from a RCU perspective. This patch implements a new inode_free_security_rcu() implementation hook which is called when it is safe to free the LSM's internal inode state. Unfortunately, this new hook does not have access to the inode itself as it may already be released, so the existing inode_free_security() hook is retained for those LSMs which require access to the inode. Cc: stable(a)vger.kernel.org Reported-by: syzbot+5446fbf332b0602ede0b(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000076ba3b0617f65cc8@google.com Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 63e2656d1d56..520730fe2d94 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -114,6 +114,7 @@ LSM_HOOK(int, 0, path_notify, const struct path *path, u64 mask, unsigned int obj_type) LSM_HOOK(int, 0, inode_alloc_security, struct inode *inode) LSM_HOOK(void, LSM_RET_VOID, inode_free_security, struct inode *inode) +LSM_HOOK(void, LSM_RET_VOID, inode_free_security_rcu, void *inode_security) LSM_HOOK(int, -EOPNOTSUPP, inode_init_security, struct inode *inode, struct inode *dir, const struct qstr *qstr, struct xattr *xattrs, int *xattr_count) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index c51e24d24d1e..3c323ca213d4 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -223,7 +223,7 @@ static inline void ima_inode_set_iint(const struct inode *inode, struct ima_iint_cache *ima_iint_find(struct inode *inode); struct ima_iint_cache *ima_inode_get(struct inode *inode); -void ima_inode_free(struct inode *inode); +void ima_inode_free_rcu(void *inode_security); void __init ima_iintcache_init(void); extern const int read_idmap[]; diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index e23412a2c56b..00b249101f98 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c @@ -109,22 +109,18 @@ struct ima_iint_cache *ima_inode_get(struct inode *inode) } /** - * ima_inode_free - Called on inode free - * @inode: Pointer to the inode + * ima_inode_free_rcu - Called to free an inode via a RCU callback + * @inode_security: The inode->i_security pointer * - * Free the iint associated with an inode. + * Free the IMA data associated with an inode. */ -void ima_inode_free(struct inode *inode) +void ima_inode_free_rcu(void *inode_security) { - struct ima_iint_cache *iint; + struct ima_iint_cache **iint_p = inode_security + ima_blob_sizes.lbs_inode; - if (!IS_IMA(inode)) - return; - - iint = ima_iint_find(inode); - ima_inode_set_iint(inode, NULL); - - ima_iint_free(iint); + /* *iint_p should be NULL if !IS_IMA(inode) */ + if (*iint_p) + ima_iint_free(*iint_p); } static void ima_iint_init_once(void *foo) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index f04f43af651c..5b3394864b21 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -1193,7 +1193,7 @@ static struct security_hook_list ima_hooks[] __ro_after_init = { #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS LSM_HOOK_INIT(kernel_module_request, ima_kernel_module_request), #endif - LSM_HOOK_INIT(inode_free_security, ima_inode_free), + LSM_HOOK_INIT(inode_free_security_rcu, ima_inode_free_rcu), }; static const struct lsm_id ima_lsmid = { diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 7877a64cc6b8..0804f76a67be 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1207,13 +1207,16 @@ static int current_check_refer_path(struct dentry *const old_dentry, /* Inode hooks */ -static void hook_inode_free_security(struct inode *const inode) +static void hook_inode_free_security_rcu(void *inode_security) { + struct landlock_inode_security *inode_sec; + /* * All inodes must already have been untied from their object by * release_inode() or hook_sb_delete(). */ - WARN_ON_ONCE(landlock_inode(inode)->object); + inode_sec = inode_security + landlock_blob_sizes.lbs_inode; + WARN_ON_ONCE(inode_sec->object); } /* Super-block hooks */ @@ -1637,7 +1640,7 @@ static int hook_file_ioctl_compat(struct file *file, unsigned int cmd, } static struct security_hook_list landlock_hooks[] __ro_after_init = { - LSM_HOOK_INIT(inode_free_security, hook_inode_free_security), + LSM_HOOK_INIT(inode_free_security_rcu, hook_inode_free_security_rcu), LSM_HOOK_INIT(sb_delete, hook_sb_delete), LSM_HOOK_INIT(sb_mount, hook_sb_mount), diff --git a/security/security.c b/security/security.c index b316e6586be2..611d3c124ba6 100644 --- a/security/security.c +++ b/security/security.c @@ -1609,9 +1609,8 @@ int security_inode_alloc(struct inode *inode) static void inode_free_by_rcu(struct rcu_head *head) { - /* - * The rcu head is at the start of the inode blob - */ + /* The rcu head is at the start of the inode blob */ + call_void_hook(inode_free_security_rcu, head); kmem_cache_free(lsm_inode_cache, head); } @@ -1619,23 +1618,24 @@ static void inode_free_by_rcu(struct rcu_head *head) * security_inode_free() - Free an inode's LSM blob * @inode: the inode * - * Deallocate the inode security structure and set @inode->i_security to NULL. + * Release any LSM resources associated with @inode, although due to the + * inode's RCU protections it is possible that the resources will not be + * fully released until after the current RCU grace period has elapsed. + * + * It is important for LSMs to note that despite being present in a call to + * security_inode_free(), @inode may still be referenced in a VFS path walk + * and calls to security_inode_permission() may be made during, or after, + * a call to security_inode_free(). For this reason the inode->i_security + * field is released via a call_rcu() callback and any LSMs which need to + * retain inode state for use in security_inode_permission() should only + * release that state in the inode_free_security_rcu() LSM hook callback. */ void security_inode_free(struct inode *inode) { call_void_hook(inode_free_security, inode); - /* - * The inode may still be referenced in a path walk and - * a call to security_inode_permission() can be made - * after inode_free_security() is called. Ideally, the VFS - * wouldn't do this, but fixing that is a much harder - * job. For now, simply free the i_security via RCU, and - * leave the current inode->i_security pointer intact. - * The inode will be freed after the RCU grace period too. - */ - if (inode->i_security) - call_rcu((struct rcu_head *)inode->i_security, - inode_free_by_rcu); + if (!inode->i_security) + return; + call_rcu((struct rcu_head *)inode->i_security, inode_free_by_rcu); } /**

7 months

1
0
0 0

FAILED: patch "[PATCH] lsm: add the inode_free_security_rcu() LSM implementation" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 63dff3e48871b0583be5032ff8fb7260c349a18c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100131-concerned-unashamed-5020@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 63dff3e48871 ("lsm: add the inode_free_security_rcu() LSM implementation hook") 4de2f084fbff ("ima: Make it independent from 'integrity' LSM") 75a323e604fc ("evm: Make it independent from 'integrity' LSM") 923831117611 ("evm: Move to LSM infrastructure") 84594c9ecdca ("ima: Move IMA-Appraisal to LSM infrastructure") cd3cec0a02c7 ("ima: Move to LSM infrastructure") 06cca5110774 ("integrity: Move integrity_kernel_module_request() to IMA") b8d997032a46 ("security: Introduce key_post_create_or_update hook") 2d705d802414 ("security: Introduce inode_post_remove_acl hook") 8b9d0b825c65 ("security: Introduce inode_post_set_acl hook") a7811e34d100 ("security: Introduce inode_post_create_tmpfile hook") f09068b5a114 ("security: Introduce file_release hook") 8f46ff5767b0 ("security: Introduce file_post_open hook") dae52cbf5887 ("security: Introduce inode_post_removexattr hook") 77fa6f314f03 ("security: Introduce inode_post_setattr hook") 314a8dc728d0 ("security: Align inode_setattr hook definition with EVM") 779cb1947e27 ("evm: Align evm_inode_post_setxattr() definition with LSM infrastructure") 2b6a4054f8c2 ("evm: Align evm_inode_setxattr() definition with LSM infrastructure") 784111d0093e ("evm: Align evm_inode_post_setattr() definition with LSM infrastructure") fec5f85e468d ("ima: Align ima_post_read_file() definition with LSM infrastructure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63dff3e48871b0583be5032ff8fb7260c349a18c Mon Sep 17 00:00:00 2001 From: Paul Moore <paul(a)paul-moore.com> Date: Tue, 9 Jul 2024 19:43:06 -0400 Subject: [PATCH] lsm: add the inode_free_security_rcu() LSM implementation hook The LSM framework has an existing inode_free_security() hook which is used by LSMs that manage state associated with an inode, but due to the use of RCU to protect the inode, special care must be taken to ensure that the LSMs do not fully release the inode state until it is safe from a RCU perspective. This patch implements a new inode_free_security_rcu() implementation hook which is called when it is safe to free the LSM's internal inode state. Unfortunately, this new hook does not have access to the inode itself as it may already be released, so the existing inode_free_security() hook is retained for those LSMs which require access to the inode. Cc: stable(a)vger.kernel.org Reported-by: syzbot+5446fbf332b0602ede0b(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000076ba3b0617f65cc8@google.com Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 63e2656d1d56..520730fe2d94 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -114,6 +114,7 @@ LSM_HOOK(int, 0, path_notify, const struct path *path, u64 mask, unsigned int obj_type) LSM_HOOK(int, 0, inode_alloc_security, struct inode *inode) LSM_HOOK(void, LSM_RET_VOID, inode_free_security, struct inode *inode) +LSM_HOOK(void, LSM_RET_VOID, inode_free_security_rcu, void *inode_security) LSM_HOOK(int, -EOPNOTSUPP, inode_init_security, struct inode *inode, struct inode *dir, const struct qstr *qstr, struct xattr *xattrs, int *xattr_count) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index c51e24d24d1e..3c323ca213d4 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -223,7 +223,7 @@ static inline void ima_inode_set_iint(const struct inode *inode, struct ima_iint_cache *ima_iint_find(struct inode *inode); struct ima_iint_cache *ima_inode_get(struct inode *inode); -void ima_inode_free(struct inode *inode); +void ima_inode_free_rcu(void *inode_security); void __init ima_iintcache_init(void); extern const int read_idmap[]; diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index e23412a2c56b..00b249101f98 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c @@ -109,22 +109,18 @@ struct ima_iint_cache *ima_inode_get(struct inode *inode) } /** - * ima_inode_free - Called on inode free - * @inode: Pointer to the inode + * ima_inode_free_rcu - Called to free an inode via a RCU callback + * @inode_security: The inode->i_security pointer * - * Free the iint associated with an inode. + * Free the IMA data associated with an inode. */ -void ima_inode_free(struct inode *inode) +void ima_inode_free_rcu(void *inode_security) { - struct ima_iint_cache *iint; + struct ima_iint_cache **iint_p = inode_security + ima_blob_sizes.lbs_inode; - if (!IS_IMA(inode)) - return; - - iint = ima_iint_find(inode); - ima_inode_set_iint(inode, NULL); - - ima_iint_free(iint); + /* *iint_p should be NULL if !IS_IMA(inode) */ + if (*iint_p) + ima_iint_free(*iint_p); } static void ima_iint_init_once(void *foo) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index f04f43af651c..5b3394864b21 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -1193,7 +1193,7 @@ static struct security_hook_list ima_hooks[] __ro_after_init = { #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS LSM_HOOK_INIT(kernel_module_request, ima_kernel_module_request), #endif - LSM_HOOK_INIT(inode_free_security, ima_inode_free), + LSM_HOOK_INIT(inode_free_security_rcu, ima_inode_free_rcu), }; static const struct lsm_id ima_lsmid = { diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 7877a64cc6b8..0804f76a67be 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1207,13 +1207,16 @@ static int current_check_refer_path(struct dentry *const old_dentry, /* Inode hooks */ -static void hook_inode_free_security(struct inode *const inode) +static void hook_inode_free_security_rcu(void *inode_security) { + struct landlock_inode_security *inode_sec; + /* * All inodes must already have been untied from their object by * release_inode() or hook_sb_delete(). */ - WARN_ON_ONCE(landlock_inode(inode)->object); + inode_sec = inode_security + landlock_blob_sizes.lbs_inode; + WARN_ON_ONCE(inode_sec->object); } /* Super-block hooks */ @@ -1637,7 +1640,7 @@ static int hook_file_ioctl_compat(struct file *file, unsigned int cmd, } static struct security_hook_list landlock_hooks[] __ro_after_init = { - LSM_HOOK_INIT(inode_free_security, hook_inode_free_security), + LSM_HOOK_INIT(inode_free_security_rcu, hook_inode_free_security_rcu), LSM_HOOK_INIT(sb_delete, hook_sb_delete), LSM_HOOK_INIT(sb_mount, hook_sb_mount), diff --git a/security/security.c b/security/security.c index b316e6586be2..611d3c124ba6 100644 --- a/security/security.c +++ b/security/security.c @@ -1609,9 +1609,8 @@ int security_inode_alloc(struct inode *inode) static void inode_free_by_rcu(struct rcu_head *head) { - /* - * The rcu head is at the start of the inode blob - */ + /* The rcu head is at the start of the inode blob */ + call_void_hook(inode_free_security_rcu, head); kmem_cache_free(lsm_inode_cache, head); } @@ -1619,23 +1618,24 @@ static void inode_free_by_rcu(struct rcu_head *head) * security_inode_free() - Free an inode's LSM blob * @inode: the inode * - * Deallocate the inode security structure and set @inode->i_security to NULL. + * Release any LSM resources associated with @inode, although due to the + * inode's RCU protections it is possible that the resources will not be + * fully released until after the current RCU grace period has elapsed. + * + * It is important for LSMs to note that despite being present in a call to + * security_inode_free(), @inode may still be referenced in a VFS path walk + * and calls to security_inode_permission() may be made during, or after, + * a call to security_inode_free(). For this reason the inode->i_security + * field is released via a call_rcu() callback and any LSMs which need to + * retain inode state for use in security_inode_permission() should only + * release that state in the inode_free_security_rcu() LSM hook callback. */ void security_inode_free(struct inode *inode) { call_void_hook(inode_free_security, inode); - /* - * The inode may still be referenced in a path walk and - * a call to security_inode_permission() can be made - * after inode_free_security() is called. Ideally, the VFS - * wouldn't do this, but fixing that is a much harder - * job. For now, simply free the i_security via RCU, and - * leave the current inode->i_security pointer intact. - * The inode will be freed after the RCU grace period too. - */ - if (inode->i_security) - call_rcu((struct rcu_head *)inode->i_security, - inode_free_by_rcu); + if (!inode->i_security) + return; + call_rcu((struct rcu_head *)inode->i_security, inode_free_by_rcu); } /**

7 months

1
0
0 0

FAILED: patch "[PATCH] lsm: add the inode_free_security_rcu() LSM implementation" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 63dff3e48871b0583be5032ff8fb7260c349a18c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100130-superior-viewpoint-e91a@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 63dff3e48871 ("lsm: add the inode_free_security_rcu() LSM implementation hook") 4de2f084fbff ("ima: Make it independent from 'integrity' LSM") 75a323e604fc ("evm: Make it independent from 'integrity' LSM") 923831117611 ("evm: Move to LSM infrastructure") 84594c9ecdca ("ima: Move IMA-Appraisal to LSM infrastructure") cd3cec0a02c7 ("ima: Move to LSM infrastructure") 06cca5110774 ("integrity: Move integrity_kernel_module_request() to IMA") b8d997032a46 ("security: Introduce key_post_create_or_update hook") 2d705d802414 ("security: Introduce inode_post_remove_acl hook") 8b9d0b825c65 ("security: Introduce inode_post_set_acl hook") a7811e34d100 ("security: Introduce inode_post_create_tmpfile hook") f09068b5a114 ("security: Introduce file_release hook") 8f46ff5767b0 ("security: Introduce file_post_open hook") dae52cbf5887 ("security: Introduce inode_post_removexattr hook") 77fa6f314f03 ("security: Introduce inode_post_setattr hook") 314a8dc728d0 ("security: Align inode_setattr hook definition with EVM") 779cb1947e27 ("evm: Align evm_inode_post_setxattr() definition with LSM infrastructure") 2b6a4054f8c2 ("evm: Align evm_inode_setxattr() definition with LSM infrastructure") 784111d0093e ("evm: Align evm_inode_post_setattr() definition with LSM infrastructure") fec5f85e468d ("ima: Align ima_post_read_file() definition with LSM infrastructure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63dff3e48871b0583be5032ff8fb7260c349a18c Mon Sep 17 00:00:00 2001 From: Paul Moore <paul(a)paul-moore.com> Date: Tue, 9 Jul 2024 19:43:06 -0400 Subject: [PATCH] lsm: add the inode_free_security_rcu() LSM implementation hook The LSM framework has an existing inode_free_security() hook which is used by LSMs that manage state associated with an inode, but due to the use of RCU to protect the inode, special care must be taken to ensure that the LSMs do not fully release the inode state until it is safe from a RCU perspective. This patch implements a new inode_free_security_rcu() implementation hook which is called when it is safe to free the LSM's internal inode state. Unfortunately, this new hook does not have access to the inode itself as it may already be released, so the existing inode_free_security() hook is retained for those LSMs which require access to the inode. Cc: stable(a)vger.kernel.org Reported-by: syzbot+5446fbf332b0602ede0b(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000076ba3b0617f65cc8@google.com Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 63e2656d1d56..520730fe2d94 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -114,6 +114,7 @@ LSM_HOOK(int, 0, path_notify, const struct path *path, u64 mask, unsigned int obj_type) LSM_HOOK(int, 0, inode_alloc_security, struct inode *inode) LSM_HOOK(void, LSM_RET_VOID, inode_free_security, struct inode *inode) +LSM_HOOK(void, LSM_RET_VOID, inode_free_security_rcu, void *inode_security) LSM_HOOK(int, -EOPNOTSUPP, inode_init_security, struct inode *inode, struct inode *dir, const struct qstr *qstr, struct xattr *xattrs, int *xattr_count) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index c51e24d24d1e..3c323ca213d4 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -223,7 +223,7 @@ static inline void ima_inode_set_iint(const struct inode *inode, struct ima_iint_cache *ima_iint_find(struct inode *inode); struct ima_iint_cache *ima_inode_get(struct inode *inode); -void ima_inode_free(struct inode *inode); +void ima_inode_free_rcu(void *inode_security); void __init ima_iintcache_init(void); extern const int read_idmap[]; diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index e23412a2c56b..00b249101f98 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c @@ -109,22 +109,18 @@ struct ima_iint_cache *ima_inode_get(struct inode *inode) } /** - * ima_inode_free - Called on inode free - * @inode: Pointer to the inode + * ima_inode_free_rcu - Called to free an inode via a RCU callback + * @inode_security: The inode->i_security pointer * - * Free the iint associated with an inode. + * Free the IMA data associated with an inode. */ -void ima_inode_free(struct inode *inode) +void ima_inode_free_rcu(void *inode_security) { - struct ima_iint_cache *iint; + struct ima_iint_cache **iint_p = inode_security + ima_blob_sizes.lbs_inode; - if (!IS_IMA(inode)) - return; - - iint = ima_iint_find(inode); - ima_inode_set_iint(inode, NULL); - - ima_iint_free(iint); + /* *iint_p should be NULL if !IS_IMA(inode) */ + if (*iint_p) + ima_iint_free(*iint_p); } static void ima_iint_init_once(void *foo) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index f04f43af651c..5b3394864b21 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -1193,7 +1193,7 @@ static struct security_hook_list ima_hooks[] __ro_after_init = { #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS LSM_HOOK_INIT(kernel_module_request, ima_kernel_module_request), #endif - LSM_HOOK_INIT(inode_free_security, ima_inode_free), + LSM_HOOK_INIT(inode_free_security_rcu, ima_inode_free_rcu), }; static const struct lsm_id ima_lsmid = { diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 7877a64cc6b8..0804f76a67be 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1207,13 +1207,16 @@ static int current_check_refer_path(struct dentry *const old_dentry, /* Inode hooks */ -static void hook_inode_free_security(struct inode *const inode) +static void hook_inode_free_security_rcu(void *inode_security) { + struct landlock_inode_security *inode_sec; + /* * All inodes must already have been untied from their object by * release_inode() or hook_sb_delete(). */ - WARN_ON_ONCE(landlock_inode(inode)->object); + inode_sec = inode_security + landlock_blob_sizes.lbs_inode; + WARN_ON_ONCE(inode_sec->object); } /* Super-block hooks */ @@ -1637,7 +1640,7 @@ static int hook_file_ioctl_compat(struct file *file, unsigned int cmd, } static struct security_hook_list landlock_hooks[] __ro_after_init = { - LSM_HOOK_INIT(inode_free_security, hook_inode_free_security), + LSM_HOOK_INIT(inode_free_security_rcu, hook_inode_free_security_rcu), LSM_HOOK_INIT(sb_delete, hook_sb_delete), LSM_HOOK_INIT(sb_mount, hook_sb_mount), diff --git a/security/security.c b/security/security.c index b316e6586be2..611d3c124ba6 100644 --- a/security/security.c +++ b/security/security.c @@ -1609,9 +1609,8 @@ int security_inode_alloc(struct inode *inode) static void inode_free_by_rcu(struct rcu_head *head) { - /* - * The rcu head is at the start of the inode blob - */ + /* The rcu head is at the start of the inode blob */ + call_void_hook(inode_free_security_rcu, head); kmem_cache_free(lsm_inode_cache, head); } @@ -1619,23 +1618,24 @@ static void inode_free_by_rcu(struct rcu_head *head) * security_inode_free() - Free an inode's LSM blob * @inode: the inode * - * Deallocate the inode security structure and set @inode->i_security to NULL. + * Release any LSM resources associated with @inode, although due to the + * inode's RCU protections it is possible that the resources will not be + * fully released until after the current RCU grace period has elapsed. + * + * It is important for LSMs to note that despite being present in a call to + * security_inode_free(), @inode may still be referenced in a VFS path walk + * and calls to security_inode_permission() may be made during, or after, + * a call to security_inode_free(). For this reason the inode->i_security + * field is released via a call_rcu() callback and any LSMs which need to + * retain inode state for use in security_inode_permission() should only + * release that state in the inode_free_security_rcu() LSM hook callback. */ void security_inode_free(struct inode *inode) { call_void_hook(inode_free_security, inode); - /* - * The inode may still be referenced in a path walk and - * a call to security_inode_permission() can be made - * after inode_free_security() is called. Ideally, the VFS - * wouldn't do this, but fixing that is a much harder - * job. For now, simply free the i_security via RCU, and - * leave the current inode->i_security pointer intact. - * The inode will be freed after the RCU grace period too. - */ - if (inode->i_security) - call_rcu((struct rcu_head *)inode->i_security, - inode_free_by_rcu); + if (!inode->i_security) + return; + call_rcu((struct rcu_head *)inode->i_security, inode_free_by_rcu); } /**

7 months

1
0
0 0

FAILED: patch "[PATCH] lsm: add the inode_free_security_rcu() LSM implementation" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 63dff3e48871b0583be5032ff8fb7260c349a18c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100129-undertook-rebuff-1fdd@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 63dff3e48871 ("lsm: add the inode_free_security_rcu() LSM implementation hook") 4de2f084fbff ("ima: Make it independent from 'integrity' LSM") 75a323e604fc ("evm: Make it independent from 'integrity' LSM") 923831117611 ("evm: Move to LSM infrastructure") 84594c9ecdca ("ima: Move IMA-Appraisal to LSM infrastructure") cd3cec0a02c7 ("ima: Move to LSM infrastructure") 06cca5110774 ("integrity: Move integrity_kernel_module_request() to IMA") b8d997032a46 ("security: Introduce key_post_create_or_update hook") 2d705d802414 ("security: Introduce inode_post_remove_acl hook") 8b9d0b825c65 ("security: Introduce inode_post_set_acl hook") a7811e34d100 ("security: Introduce inode_post_create_tmpfile hook") f09068b5a114 ("security: Introduce file_release hook") 8f46ff5767b0 ("security: Introduce file_post_open hook") dae52cbf5887 ("security: Introduce inode_post_removexattr hook") 77fa6f314f03 ("security: Introduce inode_post_setattr hook") 314a8dc728d0 ("security: Align inode_setattr hook definition with EVM") 779cb1947e27 ("evm: Align evm_inode_post_setxattr() definition with LSM infrastructure") 2b6a4054f8c2 ("evm: Align evm_inode_setxattr() definition with LSM infrastructure") 784111d0093e ("evm: Align evm_inode_post_setattr() definition with LSM infrastructure") fec5f85e468d ("ima: Align ima_post_read_file() definition with LSM infrastructure") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63dff3e48871b0583be5032ff8fb7260c349a18c Mon Sep 17 00:00:00 2001 From: Paul Moore <paul(a)paul-moore.com> Date: Tue, 9 Jul 2024 19:43:06 -0400 Subject: [PATCH] lsm: add the inode_free_security_rcu() LSM implementation hook The LSM framework has an existing inode_free_security() hook which is used by LSMs that manage state associated with an inode, but due to the use of RCU to protect the inode, special care must be taken to ensure that the LSMs do not fully release the inode state until it is safe from a RCU perspective. This patch implements a new inode_free_security_rcu() implementation hook which is called when it is safe to free the LSM's internal inode state. Unfortunately, this new hook does not have access to the inode itself as it may already be released, so the existing inode_free_security() hook is retained for those LSMs which require access to the inode. Cc: stable(a)vger.kernel.org Reported-by: syzbot+5446fbf332b0602ede0b(a)syzkaller.appspotmail.com Closes: https://lore.kernel.org/r/00000000000076ba3b0617f65cc8@google.com Signed-off-by: Paul Moore <paul(a)paul-moore.com> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index 63e2656d1d56..520730fe2d94 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -114,6 +114,7 @@ LSM_HOOK(int, 0, path_notify, const struct path *path, u64 mask, unsigned int obj_type) LSM_HOOK(int, 0, inode_alloc_security, struct inode *inode) LSM_HOOK(void, LSM_RET_VOID, inode_free_security, struct inode *inode) +LSM_HOOK(void, LSM_RET_VOID, inode_free_security_rcu, void *inode_security) LSM_HOOK(int, -EOPNOTSUPP, inode_init_security, struct inode *inode, struct inode *dir, const struct qstr *qstr, struct xattr *xattrs, int *xattr_count) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index c51e24d24d1e..3c323ca213d4 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -223,7 +223,7 @@ static inline void ima_inode_set_iint(const struct inode *inode, struct ima_iint_cache *ima_iint_find(struct inode *inode); struct ima_iint_cache *ima_inode_get(struct inode *inode); -void ima_inode_free(struct inode *inode); +void ima_inode_free_rcu(void *inode_security); void __init ima_iintcache_init(void); extern const int read_idmap[]; diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c index e23412a2c56b..00b249101f98 100644 --- a/security/integrity/ima/ima_iint.c +++ b/security/integrity/ima/ima_iint.c @@ -109,22 +109,18 @@ struct ima_iint_cache *ima_inode_get(struct inode *inode) } /** - * ima_inode_free - Called on inode free - * @inode: Pointer to the inode + * ima_inode_free_rcu - Called to free an inode via a RCU callback + * @inode_security: The inode->i_security pointer * - * Free the iint associated with an inode. + * Free the IMA data associated with an inode. */ -void ima_inode_free(struct inode *inode) +void ima_inode_free_rcu(void *inode_security) { - struct ima_iint_cache *iint; + struct ima_iint_cache **iint_p = inode_security + ima_blob_sizes.lbs_inode; - if (!IS_IMA(inode)) - return; - - iint = ima_iint_find(inode); - ima_inode_set_iint(inode, NULL); - - ima_iint_free(iint); + /* *iint_p should be NULL if !IS_IMA(inode) */ + if (*iint_p) + ima_iint_free(*iint_p); } static void ima_iint_init_once(void *foo) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index f04f43af651c..5b3394864b21 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -1193,7 +1193,7 @@ static struct security_hook_list ima_hooks[] __ro_after_init = { #ifdef CONFIG_INTEGRITY_ASYMMETRIC_KEYS LSM_HOOK_INIT(kernel_module_request, ima_kernel_module_request), #endif - LSM_HOOK_INIT(inode_free_security, ima_inode_free), + LSM_HOOK_INIT(inode_free_security_rcu, ima_inode_free_rcu), }; static const struct lsm_id ima_lsmid = { diff --git a/security/landlock/fs.c b/security/landlock/fs.c index 7877a64cc6b8..0804f76a67be 100644 --- a/security/landlock/fs.c +++ b/security/landlock/fs.c @@ -1207,13 +1207,16 @@ static int current_check_refer_path(struct dentry *const old_dentry, /* Inode hooks */ -static void hook_inode_free_security(struct inode *const inode) +static void hook_inode_free_security_rcu(void *inode_security) { + struct landlock_inode_security *inode_sec; + /* * All inodes must already have been untied from their object by * release_inode() or hook_sb_delete(). */ - WARN_ON_ONCE(landlock_inode(inode)->object); + inode_sec = inode_security + landlock_blob_sizes.lbs_inode; + WARN_ON_ONCE(inode_sec->object); } /* Super-block hooks */ @@ -1637,7 +1640,7 @@ static int hook_file_ioctl_compat(struct file *file, unsigned int cmd, } static struct security_hook_list landlock_hooks[] __ro_after_init = { - LSM_HOOK_INIT(inode_free_security, hook_inode_free_security), + LSM_HOOK_INIT(inode_free_security_rcu, hook_inode_free_security_rcu), LSM_HOOK_INIT(sb_delete, hook_sb_delete), LSM_HOOK_INIT(sb_mount, hook_sb_mount), diff --git a/security/security.c b/security/security.c index b316e6586be2..611d3c124ba6 100644 --- a/security/security.c +++ b/security/security.c @@ -1609,9 +1609,8 @@ int security_inode_alloc(struct inode *inode) static void inode_free_by_rcu(struct rcu_head *head) { - /* - * The rcu head is at the start of the inode blob - */ + /* The rcu head is at the start of the inode blob */ + call_void_hook(inode_free_security_rcu, head); kmem_cache_free(lsm_inode_cache, head); } @@ -1619,23 +1618,24 @@ static void inode_free_by_rcu(struct rcu_head *head) * security_inode_free() - Free an inode's LSM blob * @inode: the inode * - * Deallocate the inode security structure and set @inode->i_security to NULL. + * Release any LSM resources associated with @inode, although due to the + * inode's RCU protections it is possible that the resources will not be + * fully released until after the current RCU grace period has elapsed. + * + * It is important for LSMs to note that despite being present in a call to + * security_inode_free(), @inode may still be referenced in a VFS path walk + * and calls to security_inode_permission() may be made during, or after, + * a call to security_inode_free(). For this reason the inode->i_security + * field is released via a call_rcu() callback and any LSMs which need to + * retain inode state for use in security_inode_permission() should only + * release that state in the inode_free_security_rcu() LSM hook callback. */ void security_inode_free(struct inode *inode) { call_void_hook(inode_free_security, inode); - /* - * The inode may still be referenced in a path walk and - * a call to security_inode_permission() can be made - * after inode_free_security() is called. Ideally, the VFS - * wouldn't do this, but fixing that is a much harder - * job. For now, simply free the i_security via RCU, and - * leave the current inode->i_security pointer intact. - * The inode will be freed after the RCU grace period too. - */ - if (inode->i_security) - call_rcu((struct rcu_head *)inode->i_security, - inode_free_by_rcu); + if (!inode->i_security) + return; + call_rcu((struct rcu_head *)inode->i_security, inode_free_by_rcu); } /**

7 months

1
0
0 0

FAILED: patch "[PATCH] padata: use integer wrap around to prevent deadlock on seq_nr" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 9a22b2812393d93d84358a760c347c21939029a6 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100110-smokiness-detract-b410@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 9a22b2812393 ("padata: use integer wrap around to prevent deadlock on seq_nr overflow") 57ddfecc72a6 ("padata: Fix list iterator in padata_do_serial()") f601c725a6ac ("padata: remove padata_parallel_queue") 4611ce224688 ("padata: allocate work structures for parallel jobs from a pool") f1b192b117cd ("padata: initialize earlier") 305dacf77952 ("padata: remove exit routine") bfcdcef8c8e3 ("padata: update documentation") 3facced7aeed ("padata: remove reorder_objects") 91a71d612128 ("padata: remove cpumask change notifier") 894c9ef9780c ("padata: validate cpumask without removed CPU during offline") bbefa1dd6a6d ("crypto: pcrypt - Avoid deadlock by using per-instance padata queues") 07928d9bfc81 ("padata: Remove broken queue flushing") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 9a22b2812393d93d84358a760c347c21939029a6 Mon Sep 17 00:00:00 2001 From: VanGiang Nguyen <vangiang.nguyen(a)rohde-schwarz.com> Date: Fri, 9 Aug 2024 06:21:42 +0000 Subject: [PATCH] padata: use integer wrap around to prevent deadlock on seq_nr overflow When submitting more than 2^32 padata objects to padata_do_serial, the current sorting implementation incorrectly sorts padata objects with overflowed seq_nr, causing them to be placed before existing objects in the reorder list. This leads to a deadlock in the serialization process as padata_find_next cannot match padata->seq_nr and pd->processed because the padata instance with overflowed seq_nr will be selected next. To fix this, we use an unsigned integer wrap around to correctly sort padata objects in scenarios with integer overflow. Fixes: bfde23ce200e ("padata: unbind parallel jobs from specific CPUs") Cc: <stable(a)vger.kernel.org> Co-developed-by: Christian Gafert <christian.gafert(a)rohde-schwarz.com> Signed-off-by: Christian Gafert <christian.gafert(a)rohde-schwarz.com> Co-developed-by: Max Ferger <max.ferger(a)rohde-schwarz.com> Signed-off-by: Max Ferger <max.ferger(a)rohde-schwarz.com> Signed-off-by: Van Giang Nguyen <vangiang.nguyen(a)rohde-schwarz.com> Acked-by: Daniel Jordan <daniel.m.jordan(a)oracle.com> Signed-off-by: Herbert Xu <herbert(a)gondor.apana.org.au> diff --git a/kernel/padata.c b/kernel/padata.c index 53f4bc912712..222bccd0c96b 100644 --- a/kernel/padata.c +++ b/kernel/padata.c @@ -404,7 +404,8 @@ void padata_do_serial(struct padata_priv *padata) /* Sort in ascending order of sequence number. */ list_for_each_prev(pos, &reorder->list) { cur = list_entry(pos, struct padata_priv, list); - if (cur->seq_nr < padata->seq_nr) + /* Compare by difference to consider integer wrap around */ + if ((signed int)(cur->seq_nr - padata->seq_nr) < 0) break; } list_add(&padata->list, pos);

7 months

1
0
0 0

FAILED: patch "[PATCH] cpuidle: riscv-sbi: Use scoped device node handling to fix" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x a309320ddbac6b1583224fcb6bacd424bcf8637f # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100154-maternity-snowfield-cbf4@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: a309320ddbac ("cpuidle: riscv-sbi: Use scoped device node handling to fix missing of_node_put") 24760e43c6a6 ("cpuidle: Adjust includes to remove of_device.h") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From a309320ddbac6b1583224fcb6bacd424bcf8637f Mon Sep 17 00:00:00 2001 From: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Date: Tue, 20 Aug 2024 11:40:22 +0200 Subject: [PATCH] cpuidle: riscv-sbi: Use scoped device node handling to fix missing of_node_put Two return statements in sbi_cpuidle_dt_init_states() did not drop the OF node reference count. Solve the issue and simplify entire error handling with scoped/cleanup.h. Fixes: 6abf32f1d9c5 ("cpuidle: Add RISC-V SBI CPU idle driver") Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski(a)linaro.org> Reviewed-by: Anup Patel <anup(a)brainfault.org> Link: https://patch.msgid.link/20240820094023.61155-1-krzysztof.kozlowski@linaro.… Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/cpuidle/cpuidle-riscv-sbi.c b/drivers/cpuidle/cpuidle-riscv-sbi.c index a6e123dfe394..5bb3401220d2 100644 --- a/drivers/cpuidle/cpuidle-riscv-sbi.c +++ b/drivers/cpuidle/cpuidle-riscv-sbi.c @@ -8,6 +8,7 @@ #define pr_fmt(fmt) "cpuidle-riscv-sbi: " fmt +#include <linux/cleanup.h> #include <linux/cpuhotplug.h> #include <linux/cpuidle.h> #include <linux/cpumask.h> @@ -236,19 +237,16 @@ static int sbi_cpuidle_dt_init_states(struct device *dev, { struct sbi_cpuidle_data *data = per_cpu_ptr(&sbi_cpuidle_data, cpu); struct device_node *state_node; - struct device_node *cpu_node; u32 *states; int i, ret; - cpu_node = of_cpu_device_node_get(cpu); + struct device_node *cpu_node __free(device_node) = of_cpu_device_node_get(cpu); if (!cpu_node) return -ENODEV; states = devm_kcalloc(dev, state_count, sizeof(*states), GFP_KERNEL); - if (!states) { - ret = -ENOMEM; - goto fail; - } + if (!states) + return -ENOMEM; /* Parse SBI specific details from state DT nodes */ for (i = 1; i < state_count; i++) { @@ -264,10 +262,8 @@ static int sbi_cpuidle_dt_init_states(struct device *dev, pr_debug("sbi-state %#x index %d\n", states[i], i); } - if (i != state_count) { - ret = -ENODEV; - goto fail; - } + if (i != state_count) + return -ENODEV; /* Initialize optional data, used for the hierarchical topology. */ ret = sbi_dt_cpu_init_topology(drv, data, state_count, cpu); @@ -277,10 +273,7 @@ static int sbi_cpuidle_dt_init_states(struct device *dev, /* Store states in the per-cpu struct. */ data->states = states; -fail: - of_node_put(cpu_node); - - return ret; + return 0; } static void sbi_cpuidle_deinit_cpu(int cpu)

7 months

1
0
0 0

FAILED: patch "[PATCH] icmp: change the order of rate limits" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 8c2bd38b95f75f3d2a08c93e35303e26d480d24e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100131-unfixed-excursion-b8a2@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 8c2bd38b95f7 ("icmp: change the order of rate limits") d0941130c935 ("icmp: Add counters for rate limits") 8032bf1233a7 ("treewide: use get_random_u32_below() instead of deprecated function") c5f0a1728874 ("rhashtable: make test actually random") 197173db990c ("treewide: use get_random_bytes() when possible") a251c17aa558 ("treewide: use get_random_u32() when possible") 7e3cf0843fe5 ("treewide: use get_random_{u8,u16}() when possible, part 1") 8b3ccbc1f1f9 ("treewide: use prandom_u32_max() when possible, part 2") 81895a65ec63 ("treewide: use prandom_u32_max() when possible, part 1") 27bc50fc9064 ("Merge tag 'mm-stable-2022-10-08' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c2bd38b95f75f3d2a08c93e35303e26d480d24e Mon Sep 17 00:00:00 2001 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 29 Aug 2024 14:46:39 +0000 Subject: [PATCH] icmp: change the order of rate limits ICMP messages are ratelimited : After the blamed commits, the two rate limiters are applied in this order: 1) host wide ratelimit (icmp_global_allow()) 2) Per destination ratelimit (inetpeer based) In order to avoid side-channels attacks, we need to apply the per destination check first. This patch makes the following change : 1) icmp_global_allow() checks if the host wide limit is reached. But credits are not yet consumed. This is deferred to 3) 2) The per destination limit is checked/updated. This might add a new node in inetpeer tree. 3) icmp_global_consume() consumes tokens if prior operations succeeded. This means that host wide ratelimit is still effective in keeping inetpeer tree small even under DDOS. As a bonus, I removed icmp_global.lock as the fast path can use a lock-free operation. Fixes: c0303efeab73 ("net: reduce cycles spend on ICMP replies that gets rate limited") Fixes: 4cdf507d5452 ("icmp: add a global rate limitation") Reported-by: Keyu Man <keyu.man(a)email.ucr.edu> Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> Cc: Jesper Dangaard Brouer <hawk(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20240829144641.3880376-2-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/net/ip.h b/include/net/ip.h index c5606cadb1a5..82248813619e 100644 --- a/include/net/ip.h +++ b/include/net/ip.h @@ -795,6 +795,8 @@ static inline void ip_cmsg_recv(struct msghdr *msg, struct sk_buff *skb) } bool icmp_global_allow(void); +void icmp_global_consume(void); + extern int sysctl_icmp_msgs_per_sec; extern int sysctl_icmp_msgs_burst; diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index b8f56d03fcbb..0078e8fb2e86 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -224,57 +224,59 @@ int sysctl_icmp_msgs_per_sec __read_mostly = 1000; int sysctl_icmp_msgs_burst __read_mostly = 50; static struct { - spinlock_t lock; - u32 credit; + atomic_t credit; u32 stamp; -} icmp_global = { - .lock = __SPIN_LOCK_UNLOCKED(icmp_global.lock), -}; +} icmp_global; /** * icmp_global_allow - Are we allowed to send one more ICMP message ? * * Uses a token bucket to limit our ICMP messages to ~sysctl_icmp_msgs_per_sec. * Returns false if we reached the limit and can not send another packet. - * Note: called with BH disabled + * Works in tandem with icmp_global_consume(). */ bool icmp_global_allow(void) { - u32 credit, delta, incr = 0, now = (u32)jiffies; - bool rc = false; + u32 delta, now, oldstamp; + int incr, new, old; - /* Check if token bucket is empty and cannot be refilled - * without taking the spinlock. The READ_ONCE() are paired - * with the following WRITE_ONCE() in this same function. + /* Note: many cpus could find this condition true. + * Then later icmp_global_consume() could consume more credits, + * this is an acceptable race. */ - if (!READ_ONCE(icmp_global.credit)) { - delta = min_t(u32, now - READ_ONCE(icmp_global.stamp), HZ); - if (delta < HZ / 50) - return false; - } + if (atomic_read(&icmp_global.credit) > 0) + return true; - spin_lock(&icmp_global.lock); - delta = min_t(u32, now - icmp_global.stamp, HZ); - if (delta >= HZ / 50) { - incr = READ_ONCE(sysctl_icmp_msgs_per_sec) * delta / HZ; - if (incr) - WRITE_ONCE(icmp_global.stamp, now); + now = jiffies; + oldstamp = READ_ONCE(icmp_global.stamp); + delta = min_t(u32, now - oldstamp, HZ); + if (delta < HZ / 50) + return false; + + incr = READ_ONCE(sysctl_icmp_msgs_per_sec) * delta / HZ; + if (!incr) + return false; + + if (cmpxchg(&icmp_global.stamp, oldstamp, now) == oldstamp) { + old = atomic_read(&icmp_global.credit); + do { + new = min(old + incr, READ_ONCE(sysctl_icmp_msgs_burst)); + } while (!atomic_try_cmpxchg(&icmp_global.credit, &old, new)); } - credit = min_t(u32, icmp_global.credit + incr, - READ_ONCE(sysctl_icmp_msgs_burst)); - if (credit) { - /* We want to use a credit of one in average, but need to randomize - * it for security reasons. - */ - credit = max_t(int, credit - get_random_u32_below(3), 0); - rc = true; - } - WRITE_ONCE(icmp_global.credit, credit); - spin_unlock(&icmp_global.lock); - return rc; + return true; } EXPORT_SYMBOL(icmp_global_allow); +void icmp_global_consume(void) +{ + int credits = get_random_u32_below(3); + + /* Note: this might make icmp_global.credit negative. */ + if (credits) + atomic_sub(credits, &icmp_global.credit); +} +EXPORT_SYMBOL(icmp_global_consume); + static bool icmpv4_mask_allow(struct net *net, int type, int code) { if (type > NR_ICMP_TYPES) @@ -291,14 +293,16 @@ static bool icmpv4_mask_allow(struct net *net, int type, int code) return false; } -static bool icmpv4_global_allow(struct net *net, int type, int code) +static bool icmpv4_global_allow(struct net *net, int type, int code, + bool *apply_ratelimit) { if (icmpv4_mask_allow(net, type, code)) return true; - if (icmp_global_allow()) + if (icmp_global_allow()) { + *apply_ratelimit = true; return true; - + } __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITGLOBAL); return false; } @@ -308,15 +312,16 @@ static bool icmpv4_global_allow(struct net *net, int type, int code) */ static bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt, - struct flowi4 *fl4, int type, int code) + struct flowi4 *fl4, int type, int code, + bool apply_ratelimit) { struct dst_entry *dst = &rt->dst; struct inet_peer *peer; bool rc = true; int vif; - if (icmpv4_mask_allow(net, type, code)) - goto out; + if (!apply_ratelimit) + return true; /* No rate limit on loopback */ if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) @@ -331,6 +336,8 @@ static bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt, out: if (!rc) __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITHOST); + else + icmp_global_consume(); return rc; } @@ -402,6 +409,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) struct ipcm_cookie ipc; struct rtable *rt = skb_rtable(skb); struct net *net = dev_net(rt->dst.dev); + bool apply_ratelimit = false; struct flowi4 fl4; struct sock *sk; struct inet_sock *inet; @@ -413,11 +421,11 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) if (ip_options_echo(net, &icmp_param->replyopts.opt.opt, skb)) return; - /* Needed by both icmp_global_allow and icmp_xmit_lock */ + /* Needed by both icmpv4_global_allow and icmp_xmit_lock */ local_bh_disable(); - /* global icmp_msgs_per_sec */ - if (!icmpv4_global_allow(net, type, code)) + /* is global icmp_msgs_per_sec exhausted ? */ + if (!icmpv4_global_allow(net, type, code, &apply_ratelimit)) goto out_bh_enable; sk = icmp_xmit_lock(net); @@ -450,7 +458,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) rt = ip_route_output_key(net, &fl4); if (IS_ERR(rt)) goto out_unlock; - if (icmpv4_xrlim_allow(net, rt, &fl4, type, code)) + if (icmpv4_xrlim_allow(net, rt, &fl4, type, code, apply_ratelimit)) icmp_push_reply(sk, icmp_param, &fl4, &ipc, &rt); ip_rt_put(rt); out_unlock: @@ -596,6 +604,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, int room; struct icmp_bxm icmp_param; struct rtable *rt = skb_rtable(skb_in); + bool apply_ratelimit = false; struct ipcm_cookie ipc; struct flowi4 fl4; __be32 saddr; @@ -677,7 +686,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, } } - /* Needed by both icmp_global_allow and icmp_xmit_lock */ + /* Needed by both icmpv4_global_allow and icmp_xmit_lock */ local_bh_disable(); /* Check global sysctl_icmp_msgs_per_sec ratelimit, unless @@ -685,7 +694,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, * loopback, then peer ratelimit still work (in icmpv4_xrlim_allow) */ if (!(skb_in->dev && (skb_in->dev->flags&IFF_LOOPBACK)) && - !icmpv4_global_allow(net, type, code)) + !icmpv4_global_allow(net, type, code, &apply_ratelimit)) goto out_bh_enable; sk = icmp_xmit_lock(net); @@ -744,7 +753,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, goto out_unlock; /* peer icmp_ratelimit */ - if (!icmpv4_xrlim_allow(net, rt, &fl4, type, code)) + if (!icmpv4_xrlim_allow(net, rt, &fl4, type, code, apply_ratelimit)) goto ende; /* RFC says return as much as we can without exceeding 576 bytes. */ diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index 7b31674644ef..46f70e4a8351 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c @@ -175,14 +175,16 @@ static bool icmpv6_mask_allow(struct net *net, int type) return false; } -static bool icmpv6_global_allow(struct net *net, int type) +static bool icmpv6_global_allow(struct net *net, int type, + bool *apply_ratelimit) { if (icmpv6_mask_allow(net, type)) return true; - if (icmp_global_allow()) + if (icmp_global_allow()) { + *apply_ratelimit = true; return true; - + } __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITGLOBAL); return false; } @@ -191,13 +193,13 @@ static bool icmpv6_global_allow(struct net *net, int type) * Check the ICMP output rate limit */ static bool icmpv6_xrlim_allow(struct sock *sk, u8 type, - struct flowi6 *fl6) + struct flowi6 *fl6, bool apply_ratelimit) { struct net *net = sock_net(sk); struct dst_entry *dst; bool res = false; - if (icmpv6_mask_allow(net, type)) + if (!apply_ratelimit) return true; /* @@ -228,6 +230,8 @@ static bool icmpv6_xrlim_allow(struct sock *sk, u8 type, if (!res) __ICMP6_INC_STATS(net, ip6_dst_idev(dst), ICMP6_MIB_RATELIMITHOST); + else + icmp_global_consume(); dst_release(dst); return res; } @@ -452,6 +456,7 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, struct net *net; struct ipv6_pinfo *np; const struct in6_addr *saddr = NULL; + bool apply_ratelimit = false; struct dst_entry *dst; struct icmp6hdr tmp_hdr; struct flowi6 fl6; @@ -533,11 +538,12 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, return; } - /* Needed by both icmp_global_allow and icmpv6_xmit_lock */ + /* Needed by both icmpv6_global_allow and icmpv6_xmit_lock */ local_bh_disable(); /* Check global sysctl_icmp_msgs_per_sec ratelimit */ - if (!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, type)) + if (!(skb->dev->flags & IFF_LOOPBACK) && + !icmpv6_global_allow(net, type, &apply_ratelimit)) goto out_bh_enable; mip6_addr_swap(skb, parm); @@ -575,7 +581,7 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, np = inet6_sk(sk); - if (!icmpv6_xrlim_allow(sk, type, &fl6)) + if (!icmpv6_xrlim_allow(sk, type, &fl6, apply_ratelimit)) goto out; tmp_hdr.icmp6_type = type; @@ -717,6 +723,7 @@ static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb) struct ipv6_pinfo *np; const struct in6_addr *saddr = NULL; struct icmp6hdr *icmph = icmp6_hdr(skb); + bool apply_ratelimit = false; struct icmp6hdr tmp_hdr; struct flowi6 fl6; struct icmpv6_msg msg; @@ -781,8 +788,9 @@ static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb) goto out; /* Check the ratelimit */ - if ((!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY)) || - !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6)) + if ((!(skb->dev->flags & IFF_LOOPBACK) && + !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY, &apply_ratelimit)) || + !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6, apply_ratelimit)) goto out_dst_release; idev = __in6_dev_get(skb->dev);

7 months

1
0
0 0

FAILED: patch "[PATCH] icmp: change the order of rate limits" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 8c2bd38b95f75f3d2a08c93e35303e26d480d24e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100130-replay-varied-aaaf@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 8c2bd38b95f7 ("icmp: change the order of rate limits") d0941130c935 ("icmp: Add counters for rate limits") 8032bf1233a7 ("treewide: use get_random_u32_below() instead of deprecated function") c5f0a1728874 ("rhashtable: make test actually random") 197173db990c ("treewide: use get_random_bytes() when possible") a251c17aa558 ("treewide: use get_random_u32() when possible") 7e3cf0843fe5 ("treewide: use get_random_{u8,u16}() when possible, part 1") 8b3ccbc1f1f9 ("treewide: use prandom_u32_max() when possible, part 2") 81895a65ec63 ("treewide: use prandom_u32_max() when possible, part 1") 27bc50fc9064 ("Merge tag 'mm-stable-2022-10-08' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c2bd38b95f75f3d2a08c93e35303e26d480d24e Mon Sep 17 00:00:00 2001 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 29 Aug 2024 14:46:39 +0000 Subject: [PATCH] icmp: change the order of rate limits ICMP messages are ratelimited : After the blamed commits, the two rate limiters are applied in this order: 1) host wide ratelimit (icmp_global_allow()) 2) Per destination ratelimit (inetpeer based) In order to avoid side-channels attacks, we need to apply the per destination check first. This patch makes the following change : 1) icmp_global_allow() checks if the host wide limit is reached. But credits are not yet consumed. This is deferred to 3) 2) The per destination limit is checked/updated. This might add a new node in inetpeer tree. 3) icmp_global_consume() consumes tokens if prior operations succeeded. This means that host wide ratelimit is still effective in keeping inetpeer tree small even under DDOS. As a bonus, I removed icmp_global.lock as the fast path can use a lock-free operation. Fixes: c0303efeab73 ("net: reduce cycles spend on ICMP replies that gets rate limited") Fixes: 4cdf507d5452 ("icmp: add a global rate limitation") Reported-by: Keyu Man <keyu.man(a)email.ucr.edu> Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> Cc: Jesper Dangaard Brouer <hawk(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20240829144641.3880376-2-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/net/ip.h b/include/net/ip.h index c5606cadb1a5..82248813619e 100644 --- a/include/net/ip.h +++ b/include/net/ip.h @@ -795,6 +795,8 @@ static inline void ip_cmsg_recv(struct msghdr *msg, struct sk_buff *skb) } bool icmp_global_allow(void); +void icmp_global_consume(void); + extern int sysctl_icmp_msgs_per_sec; extern int sysctl_icmp_msgs_burst; diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index b8f56d03fcbb..0078e8fb2e86 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -224,57 +224,59 @@ int sysctl_icmp_msgs_per_sec __read_mostly = 1000; int sysctl_icmp_msgs_burst __read_mostly = 50; static struct { - spinlock_t lock; - u32 credit; + atomic_t credit; u32 stamp; -} icmp_global = { - .lock = __SPIN_LOCK_UNLOCKED(icmp_global.lock), -}; +} icmp_global; /** * icmp_global_allow - Are we allowed to send one more ICMP message ? * * Uses a token bucket to limit our ICMP messages to ~sysctl_icmp_msgs_per_sec. * Returns false if we reached the limit and can not send another packet. - * Note: called with BH disabled + * Works in tandem with icmp_global_consume(). */ bool icmp_global_allow(void) { - u32 credit, delta, incr = 0, now = (u32)jiffies; - bool rc = false; + u32 delta, now, oldstamp; + int incr, new, old; - /* Check if token bucket is empty and cannot be refilled - * without taking the spinlock. The READ_ONCE() are paired - * with the following WRITE_ONCE() in this same function. + /* Note: many cpus could find this condition true. + * Then later icmp_global_consume() could consume more credits, + * this is an acceptable race. */ - if (!READ_ONCE(icmp_global.credit)) { - delta = min_t(u32, now - READ_ONCE(icmp_global.stamp), HZ); - if (delta < HZ / 50) - return false; - } + if (atomic_read(&icmp_global.credit) > 0) + return true; - spin_lock(&icmp_global.lock); - delta = min_t(u32, now - icmp_global.stamp, HZ); - if (delta >= HZ / 50) { - incr = READ_ONCE(sysctl_icmp_msgs_per_sec) * delta / HZ; - if (incr) - WRITE_ONCE(icmp_global.stamp, now); + now = jiffies; + oldstamp = READ_ONCE(icmp_global.stamp); + delta = min_t(u32, now - oldstamp, HZ); + if (delta < HZ / 50) + return false; + + incr = READ_ONCE(sysctl_icmp_msgs_per_sec) * delta / HZ; + if (!incr) + return false; + + if (cmpxchg(&icmp_global.stamp, oldstamp, now) == oldstamp) { + old = atomic_read(&icmp_global.credit); + do { + new = min(old + incr, READ_ONCE(sysctl_icmp_msgs_burst)); + } while (!atomic_try_cmpxchg(&icmp_global.credit, &old, new)); } - credit = min_t(u32, icmp_global.credit + incr, - READ_ONCE(sysctl_icmp_msgs_burst)); - if (credit) { - /* We want to use a credit of one in average, but need to randomize - * it for security reasons. - */ - credit = max_t(int, credit - get_random_u32_below(3), 0); - rc = true; - } - WRITE_ONCE(icmp_global.credit, credit); - spin_unlock(&icmp_global.lock); - return rc; + return true; } EXPORT_SYMBOL(icmp_global_allow); +void icmp_global_consume(void) +{ + int credits = get_random_u32_below(3); + + /* Note: this might make icmp_global.credit negative. */ + if (credits) + atomic_sub(credits, &icmp_global.credit); +} +EXPORT_SYMBOL(icmp_global_consume); + static bool icmpv4_mask_allow(struct net *net, int type, int code) { if (type > NR_ICMP_TYPES) @@ -291,14 +293,16 @@ static bool icmpv4_mask_allow(struct net *net, int type, int code) return false; } -static bool icmpv4_global_allow(struct net *net, int type, int code) +static bool icmpv4_global_allow(struct net *net, int type, int code, + bool *apply_ratelimit) { if (icmpv4_mask_allow(net, type, code)) return true; - if (icmp_global_allow()) + if (icmp_global_allow()) { + *apply_ratelimit = true; return true; - + } __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITGLOBAL); return false; } @@ -308,15 +312,16 @@ static bool icmpv4_global_allow(struct net *net, int type, int code) */ static bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt, - struct flowi4 *fl4, int type, int code) + struct flowi4 *fl4, int type, int code, + bool apply_ratelimit) { struct dst_entry *dst = &rt->dst; struct inet_peer *peer; bool rc = true; int vif; - if (icmpv4_mask_allow(net, type, code)) - goto out; + if (!apply_ratelimit) + return true; /* No rate limit on loopback */ if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) @@ -331,6 +336,8 @@ static bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt, out: if (!rc) __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITHOST); + else + icmp_global_consume(); return rc; } @@ -402,6 +409,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) struct ipcm_cookie ipc; struct rtable *rt = skb_rtable(skb); struct net *net = dev_net(rt->dst.dev); + bool apply_ratelimit = false; struct flowi4 fl4; struct sock *sk; struct inet_sock *inet; @@ -413,11 +421,11 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) if (ip_options_echo(net, &icmp_param->replyopts.opt.opt, skb)) return; - /* Needed by both icmp_global_allow and icmp_xmit_lock */ + /* Needed by both icmpv4_global_allow and icmp_xmit_lock */ local_bh_disable(); - /* global icmp_msgs_per_sec */ - if (!icmpv4_global_allow(net, type, code)) + /* is global icmp_msgs_per_sec exhausted ? */ + if (!icmpv4_global_allow(net, type, code, &apply_ratelimit)) goto out_bh_enable; sk = icmp_xmit_lock(net); @@ -450,7 +458,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) rt = ip_route_output_key(net, &fl4); if (IS_ERR(rt)) goto out_unlock; - if (icmpv4_xrlim_allow(net, rt, &fl4, type, code)) + if (icmpv4_xrlim_allow(net, rt, &fl4, type, code, apply_ratelimit)) icmp_push_reply(sk, icmp_param, &fl4, &ipc, &rt); ip_rt_put(rt); out_unlock: @@ -596,6 +604,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, int room; struct icmp_bxm icmp_param; struct rtable *rt = skb_rtable(skb_in); + bool apply_ratelimit = false; struct ipcm_cookie ipc; struct flowi4 fl4; __be32 saddr; @@ -677,7 +686,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, } } - /* Needed by both icmp_global_allow and icmp_xmit_lock */ + /* Needed by both icmpv4_global_allow and icmp_xmit_lock */ local_bh_disable(); /* Check global sysctl_icmp_msgs_per_sec ratelimit, unless @@ -685,7 +694,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, * loopback, then peer ratelimit still work (in icmpv4_xrlim_allow) */ if (!(skb_in->dev && (skb_in->dev->flags&IFF_LOOPBACK)) && - !icmpv4_global_allow(net, type, code)) + !icmpv4_global_allow(net, type, code, &apply_ratelimit)) goto out_bh_enable; sk = icmp_xmit_lock(net); @@ -744,7 +753,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, goto out_unlock; /* peer icmp_ratelimit */ - if (!icmpv4_xrlim_allow(net, rt, &fl4, type, code)) + if (!icmpv4_xrlim_allow(net, rt, &fl4, type, code, apply_ratelimit)) goto ende; /* RFC says return as much as we can without exceeding 576 bytes. */ diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index 7b31674644ef..46f70e4a8351 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c @@ -175,14 +175,16 @@ static bool icmpv6_mask_allow(struct net *net, int type) return false; } -static bool icmpv6_global_allow(struct net *net, int type) +static bool icmpv6_global_allow(struct net *net, int type, + bool *apply_ratelimit) { if (icmpv6_mask_allow(net, type)) return true; - if (icmp_global_allow()) + if (icmp_global_allow()) { + *apply_ratelimit = true; return true; - + } __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITGLOBAL); return false; } @@ -191,13 +193,13 @@ static bool icmpv6_global_allow(struct net *net, int type) * Check the ICMP output rate limit */ static bool icmpv6_xrlim_allow(struct sock *sk, u8 type, - struct flowi6 *fl6) + struct flowi6 *fl6, bool apply_ratelimit) { struct net *net = sock_net(sk); struct dst_entry *dst; bool res = false; - if (icmpv6_mask_allow(net, type)) + if (!apply_ratelimit) return true; /* @@ -228,6 +230,8 @@ static bool icmpv6_xrlim_allow(struct sock *sk, u8 type, if (!res) __ICMP6_INC_STATS(net, ip6_dst_idev(dst), ICMP6_MIB_RATELIMITHOST); + else + icmp_global_consume(); dst_release(dst); return res; } @@ -452,6 +456,7 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, struct net *net; struct ipv6_pinfo *np; const struct in6_addr *saddr = NULL; + bool apply_ratelimit = false; struct dst_entry *dst; struct icmp6hdr tmp_hdr; struct flowi6 fl6; @@ -533,11 +538,12 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, return; } - /* Needed by both icmp_global_allow and icmpv6_xmit_lock */ + /* Needed by both icmpv6_global_allow and icmpv6_xmit_lock */ local_bh_disable(); /* Check global sysctl_icmp_msgs_per_sec ratelimit */ - if (!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, type)) + if (!(skb->dev->flags & IFF_LOOPBACK) && + !icmpv6_global_allow(net, type, &apply_ratelimit)) goto out_bh_enable; mip6_addr_swap(skb, parm); @@ -575,7 +581,7 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, np = inet6_sk(sk); - if (!icmpv6_xrlim_allow(sk, type, &fl6)) + if (!icmpv6_xrlim_allow(sk, type, &fl6, apply_ratelimit)) goto out; tmp_hdr.icmp6_type = type; @@ -717,6 +723,7 @@ static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb) struct ipv6_pinfo *np; const struct in6_addr *saddr = NULL; struct icmp6hdr *icmph = icmp6_hdr(skb); + bool apply_ratelimit = false; struct icmp6hdr tmp_hdr; struct flowi6 fl6; struct icmpv6_msg msg; @@ -781,8 +788,9 @@ static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb) goto out; /* Check the ratelimit */ - if ((!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY)) || - !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6)) + if ((!(skb->dev->flags & IFF_LOOPBACK) && + !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY, &apply_ratelimit)) || + !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6, apply_ratelimit)) goto out_dst_release; idev = __in6_dev_get(skb->dev);

7 months

1
0
0 0

FAILED: patch "[PATCH] icmp: change the order of rate limits" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 8c2bd38b95f75f3d2a08c93e35303e26d480d24e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100129-cottage-pushiness-6e12@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 8c2bd38b95f7 ("icmp: change the order of rate limits") d0941130c935 ("icmp: Add counters for rate limits") 8032bf1233a7 ("treewide: use get_random_u32_below() instead of deprecated function") c5f0a1728874 ("rhashtable: make test actually random") 197173db990c ("treewide: use get_random_bytes() when possible") a251c17aa558 ("treewide: use get_random_u32() when possible") 7e3cf0843fe5 ("treewide: use get_random_{u8,u16}() when possible, part 1") 8b3ccbc1f1f9 ("treewide: use prandom_u32_max() when possible, part 2") 81895a65ec63 ("treewide: use prandom_u32_max() when possible, part 1") 27bc50fc9064 ("Merge tag 'mm-stable-2022-10-08' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c2bd38b95f75f3d2a08c93e35303e26d480d24e Mon Sep 17 00:00:00 2001 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 29 Aug 2024 14:46:39 +0000 Subject: [PATCH] icmp: change the order of rate limits ICMP messages are ratelimited : After the blamed commits, the two rate limiters are applied in this order: 1) host wide ratelimit (icmp_global_allow()) 2) Per destination ratelimit (inetpeer based) In order to avoid side-channels attacks, we need to apply the per destination check first. This patch makes the following change : 1) icmp_global_allow() checks if the host wide limit is reached. But credits are not yet consumed. This is deferred to 3) 2) The per destination limit is checked/updated. This might add a new node in inetpeer tree. 3) icmp_global_consume() consumes tokens if prior operations succeeded. This means that host wide ratelimit is still effective in keeping inetpeer tree small even under DDOS. As a bonus, I removed icmp_global.lock as the fast path can use a lock-free operation. Fixes: c0303efeab73 ("net: reduce cycles spend on ICMP replies that gets rate limited") Fixes: 4cdf507d5452 ("icmp: add a global rate limitation") Reported-by: Keyu Man <keyu.man(a)email.ucr.edu> Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> Cc: Jesper Dangaard Brouer <hawk(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20240829144641.3880376-2-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/net/ip.h b/include/net/ip.h index c5606cadb1a5..82248813619e 100644 --- a/include/net/ip.h +++ b/include/net/ip.h @@ -795,6 +795,8 @@ static inline void ip_cmsg_recv(struct msghdr *msg, struct sk_buff *skb) } bool icmp_global_allow(void); +void icmp_global_consume(void); + extern int sysctl_icmp_msgs_per_sec; extern int sysctl_icmp_msgs_burst; diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index b8f56d03fcbb..0078e8fb2e86 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -224,57 +224,59 @@ int sysctl_icmp_msgs_per_sec __read_mostly = 1000; int sysctl_icmp_msgs_burst __read_mostly = 50; static struct { - spinlock_t lock; - u32 credit; + atomic_t credit; u32 stamp; -} icmp_global = { - .lock = __SPIN_LOCK_UNLOCKED(icmp_global.lock), -}; +} icmp_global; /** * icmp_global_allow - Are we allowed to send one more ICMP message ? * * Uses a token bucket to limit our ICMP messages to ~sysctl_icmp_msgs_per_sec. * Returns false if we reached the limit and can not send another packet. - * Note: called with BH disabled + * Works in tandem with icmp_global_consume(). */ bool icmp_global_allow(void) { - u32 credit, delta, incr = 0, now = (u32)jiffies; - bool rc = false; + u32 delta, now, oldstamp; + int incr, new, old; - /* Check if token bucket is empty and cannot be refilled - * without taking the spinlock. The READ_ONCE() are paired - * with the following WRITE_ONCE() in this same function. + /* Note: many cpus could find this condition true. + * Then later icmp_global_consume() could consume more credits, + * this is an acceptable race. */ - if (!READ_ONCE(icmp_global.credit)) { - delta = min_t(u32, now - READ_ONCE(icmp_global.stamp), HZ); - if (delta < HZ / 50) - return false; - } + if (atomic_read(&icmp_global.credit) > 0) + return true; - spin_lock(&icmp_global.lock); - delta = min_t(u32, now - icmp_global.stamp, HZ); - if (delta >= HZ / 50) { - incr = READ_ONCE(sysctl_icmp_msgs_per_sec) * delta / HZ; - if (incr) - WRITE_ONCE(icmp_global.stamp, now); + now = jiffies; + oldstamp = READ_ONCE(icmp_global.stamp); + delta = min_t(u32, now - oldstamp, HZ); + if (delta < HZ / 50) + return false; + + incr = READ_ONCE(sysctl_icmp_msgs_per_sec) * delta / HZ; + if (!incr) + return false; + + if (cmpxchg(&icmp_global.stamp, oldstamp, now) == oldstamp) { + old = atomic_read(&icmp_global.credit); + do { + new = min(old + incr, READ_ONCE(sysctl_icmp_msgs_burst)); + } while (!atomic_try_cmpxchg(&icmp_global.credit, &old, new)); } - credit = min_t(u32, icmp_global.credit + incr, - READ_ONCE(sysctl_icmp_msgs_burst)); - if (credit) { - /* We want to use a credit of one in average, but need to randomize - * it for security reasons. - */ - credit = max_t(int, credit - get_random_u32_below(3), 0); - rc = true; - } - WRITE_ONCE(icmp_global.credit, credit); - spin_unlock(&icmp_global.lock); - return rc; + return true; } EXPORT_SYMBOL(icmp_global_allow); +void icmp_global_consume(void) +{ + int credits = get_random_u32_below(3); + + /* Note: this might make icmp_global.credit negative. */ + if (credits) + atomic_sub(credits, &icmp_global.credit); +} +EXPORT_SYMBOL(icmp_global_consume); + static bool icmpv4_mask_allow(struct net *net, int type, int code) { if (type > NR_ICMP_TYPES) @@ -291,14 +293,16 @@ static bool icmpv4_mask_allow(struct net *net, int type, int code) return false; } -static bool icmpv4_global_allow(struct net *net, int type, int code) +static bool icmpv4_global_allow(struct net *net, int type, int code, + bool *apply_ratelimit) { if (icmpv4_mask_allow(net, type, code)) return true; - if (icmp_global_allow()) + if (icmp_global_allow()) { + *apply_ratelimit = true; return true; - + } __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITGLOBAL); return false; } @@ -308,15 +312,16 @@ static bool icmpv4_global_allow(struct net *net, int type, int code) */ static bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt, - struct flowi4 *fl4, int type, int code) + struct flowi4 *fl4, int type, int code, + bool apply_ratelimit) { struct dst_entry *dst = &rt->dst; struct inet_peer *peer; bool rc = true; int vif; - if (icmpv4_mask_allow(net, type, code)) - goto out; + if (!apply_ratelimit) + return true; /* No rate limit on loopback */ if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) @@ -331,6 +336,8 @@ static bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt, out: if (!rc) __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITHOST); + else + icmp_global_consume(); return rc; } @@ -402,6 +409,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) struct ipcm_cookie ipc; struct rtable *rt = skb_rtable(skb); struct net *net = dev_net(rt->dst.dev); + bool apply_ratelimit = false; struct flowi4 fl4; struct sock *sk; struct inet_sock *inet; @@ -413,11 +421,11 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) if (ip_options_echo(net, &icmp_param->replyopts.opt.opt, skb)) return; - /* Needed by both icmp_global_allow and icmp_xmit_lock */ + /* Needed by both icmpv4_global_allow and icmp_xmit_lock */ local_bh_disable(); - /* global icmp_msgs_per_sec */ - if (!icmpv4_global_allow(net, type, code)) + /* is global icmp_msgs_per_sec exhausted ? */ + if (!icmpv4_global_allow(net, type, code, &apply_ratelimit)) goto out_bh_enable; sk = icmp_xmit_lock(net); @@ -450,7 +458,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) rt = ip_route_output_key(net, &fl4); if (IS_ERR(rt)) goto out_unlock; - if (icmpv4_xrlim_allow(net, rt, &fl4, type, code)) + if (icmpv4_xrlim_allow(net, rt, &fl4, type, code, apply_ratelimit)) icmp_push_reply(sk, icmp_param, &fl4, &ipc, &rt); ip_rt_put(rt); out_unlock: @@ -596,6 +604,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, int room; struct icmp_bxm icmp_param; struct rtable *rt = skb_rtable(skb_in); + bool apply_ratelimit = false; struct ipcm_cookie ipc; struct flowi4 fl4; __be32 saddr; @@ -677,7 +686,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, } } - /* Needed by both icmp_global_allow and icmp_xmit_lock */ + /* Needed by both icmpv4_global_allow and icmp_xmit_lock */ local_bh_disable(); /* Check global sysctl_icmp_msgs_per_sec ratelimit, unless @@ -685,7 +694,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, * loopback, then peer ratelimit still work (in icmpv4_xrlim_allow) */ if (!(skb_in->dev && (skb_in->dev->flags&IFF_LOOPBACK)) && - !icmpv4_global_allow(net, type, code)) + !icmpv4_global_allow(net, type, code, &apply_ratelimit)) goto out_bh_enable; sk = icmp_xmit_lock(net); @@ -744,7 +753,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, goto out_unlock; /* peer icmp_ratelimit */ - if (!icmpv4_xrlim_allow(net, rt, &fl4, type, code)) + if (!icmpv4_xrlim_allow(net, rt, &fl4, type, code, apply_ratelimit)) goto ende; /* RFC says return as much as we can without exceeding 576 bytes. */ diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index 7b31674644ef..46f70e4a8351 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c @@ -175,14 +175,16 @@ static bool icmpv6_mask_allow(struct net *net, int type) return false; } -static bool icmpv6_global_allow(struct net *net, int type) +static bool icmpv6_global_allow(struct net *net, int type, + bool *apply_ratelimit) { if (icmpv6_mask_allow(net, type)) return true; - if (icmp_global_allow()) + if (icmp_global_allow()) { + *apply_ratelimit = true; return true; - + } __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITGLOBAL); return false; } @@ -191,13 +193,13 @@ static bool icmpv6_global_allow(struct net *net, int type) * Check the ICMP output rate limit */ static bool icmpv6_xrlim_allow(struct sock *sk, u8 type, - struct flowi6 *fl6) + struct flowi6 *fl6, bool apply_ratelimit) { struct net *net = sock_net(sk); struct dst_entry *dst; bool res = false; - if (icmpv6_mask_allow(net, type)) + if (!apply_ratelimit) return true; /* @@ -228,6 +230,8 @@ static bool icmpv6_xrlim_allow(struct sock *sk, u8 type, if (!res) __ICMP6_INC_STATS(net, ip6_dst_idev(dst), ICMP6_MIB_RATELIMITHOST); + else + icmp_global_consume(); dst_release(dst); return res; } @@ -452,6 +456,7 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, struct net *net; struct ipv6_pinfo *np; const struct in6_addr *saddr = NULL; + bool apply_ratelimit = false; struct dst_entry *dst; struct icmp6hdr tmp_hdr; struct flowi6 fl6; @@ -533,11 +538,12 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, return; } - /* Needed by both icmp_global_allow and icmpv6_xmit_lock */ + /* Needed by both icmpv6_global_allow and icmpv6_xmit_lock */ local_bh_disable(); /* Check global sysctl_icmp_msgs_per_sec ratelimit */ - if (!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, type)) + if (!(skb->dev->flags & IFF_LOOPBACK) && + !icmpv6_global_allow(net, type, &apply_ratelimit)) goto out_bh_enable; mip6_addr_swap(skb, parm); @@ -575,7 +581,7 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, np = inet6_sk(sk); - if (!icmpv6_xrlim_allow(sk, type, &fl6)) + if (!icmpv6_xrlim_allow(sk, type, &fl6, apply_ratelimit)) goto out; tmp_hdr.icmp6_type = type; @@ -717,6 +723,7 @@ static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb) struct ipv6_pinfo *np; const struct in6_addr *saddr = NULL; struct icmp6hdr *icmph = icmp6_hdr(skb); + bool apply_ratelimit = false; struct icmp6hdr tmp_hdr; struct flowi6 fl6; struct icmpv6_msg msg; @@ -781,8 +788,9 @@ static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb) goto out; /* Check the ratelimit */ - if ((!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY)) || - !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6)) + if ((!(skb->dev->flags & IFF_LOOPBACK) && + !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY, &apply_ratelimit)) || + !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6, apply_ratelimit)) goto out_dst_release; idev = __in6_dev_get(skb->dev);

7 months

1
0
0 0

FAILED: patch "[PATCH] icmp: change the order of rate limits" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 8c2bd38b95f75f3d2a08c93e35303e26d480d24e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100128-unsealed-flakily-f407@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 8c2bd38b95f7 ("icmp: change the order of rate limits") d0941130c935 ("icmp: Add counters for rate limits") 8032bf1233a7 ("treewide: use get_random_u32_below() instead of deprecated function") c5f0a1728874 ("rhashtable: make test actually random") 197173db990c ("treewide: use get_random_bytes() when possible") a251c17aa558 ("treewide: use get_random_u32() when possible") 7e3cf0843fe5 ("treewide: use get_random_{u8,u16}() when possible, part 1") 8b3ccbc1f1f9 ("treewide: use prandom_u32_max() when possible, part 2") 81895a65ec63 ("treewide: use prandom_u32_max() when possible, part 1") 27bc50fc9064 ("Merge tag 'mm-stable-2022-10-08' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 8c2bd38b95f75f3d2a08c93e35303e26d480d24e Mon Sep 17 00:00:00 2001 From: Eric Dumazet <edumazet(a)google.com> Date: Thu, 29 Aug 2024 14:46:39 +0000 Subject: [PATCH] icmp: change the order of rate limits ICMP messages are ratelimited : After the blamed commits, the two rate limiters are applied in this order: 1) host wide ratelimit (icmp_global_allow()) 2) Per destination ratelimit (inetpeer based) In order to avoid side-channels attacks, we need to apply the per destination check first. This patch makes the following change : 1) icmp_global_allow() checks if the host wide limit is reached. But credits are not yet consumed. This is deferred to 3) 2) The per destination limit is checked/updated. This might add a new node in inetpeer tree. 3) icmp_global_consume() consumes tokens if prior operations succeeded. This means that host wide ratelimit is still effective in keeping inetpeer tree small even under DDOS. As a bonus, I removed icmp_global.lock as the fast path can use a lock-free operation. Fixes: c0303efeab73 ("net: reduce cycles spend on ICMP replies that gets rate limited") Fixes: 4cdf507d5452 ("icmp: add a global rate limitation") Reported-by: Keyu Man <keyu.man(a)email.ucr.edu> Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reviewed-by: David Ahern <dsahern(a)kernel.org> Cc: Jesper Dangaard Brouer <hawk(a)kernel.org> Cc: stable(a)vger.kernel.org Link: https://patch.msgid.link/20240829144641.3880376-2-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> diff --git a/include/net/ip.h b/include/net/ip.h index c5606cadb1a5..82248813619e 100644 --- a/include/net/ip.h +++ b/include/net/ip.h @@ -795,6 +795,8 @@ static inline void ip_cmsg_recv(struct msghdr *msg, struct sk_buff *skb) } bool icmp_global_allow(void); +void icmp_global_consume(void); + extern int sysctl_icmp_msgs_per_sec; extern int sysctl_icmp_msgs_burst; diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index b8f56d03fcbb..0078e8fb2e86 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c @@ -224,57 +224,59 @@ int sysctl_icmp_msgs_per_sec __read_mostly = 1000; int sysctl_icmp_msgs_burst __read_mostly = 50; static struct { - spinlock_t lock; - u32 credit; + atomic_t credit; u32 stamp; -} icmp_global = { - .lock = __SPIN_LOCK_UNLOCKED(icmp_global.lock), -}; +} icmp_global; /** * icmp_global_allow - Are we allowed to send one more ICMP message ? * * Uses a token bucket to limit our ICMP messages to ~sysctl_icmp_msgs_per_sec. * Returns false if we reached the limit and can not send another packet. - * Note: called with BH disabled + * Works in tandem with icmp_global_consume(). */ bool icmp_global_allow(void) { - u32 credit, delta, incr = 0, now = (u32)jiffies; - bool rc = false; + u32 delta, now, oldstamp; + int incr, new, old; - /* Check if token bucket is empty and cannot be refilled - * without taking the spinlock. The READ_ONCE() are paired - * with the following WRITE_ONCE() in this same function. + /* Note: many cpus could find this condition true. + * Then later icmp_global_consume() could consume more credits, + * this is an acceptable race. */ - if (!READ_ONCE(icmp_global.credit)) { - delta = min_t(u32, now - READ_ONCE(icmp_global.stamp), HZ); - if (delta < HZ / 50) - return false; - } + if (atomic_read(&icmp_global.credit) > 0) + return true; - spin_lock(&icmp_global.lock); - delta = min_t(u32, now - icmp_global.stamp, HZ); - if (delta >= HZ / 50) { - incr = READ_ONCE(sysctl_icmp_msgs_per_sec) * delta / HZ; - if (incr) - WRITE_ONCE(icmp_global.stamp, now); + now = jiffies; + oldstamp = READ_ONCE(icmp_global.stamp); + delta = min_t(u32, now - oldstamp, HZ); + if (delta < HZ / 50) + return false; + + incr = READ_ONCE(sysctl_icmp_msgs_per_sec) * delta / HZ; + if (!incr) + return false; + + if (cmpxchg(&icmp_global.stamp, oldstamp, now) == oldstamp) { + old = atomic_read(&icmp_global.credit); + do { + new = min(old + incr, READ_ONCE(sysctl_icmp_msgs_burst)); + } while (!atomic_try_cmpxchg(&icmp_global.credit, &old, new)); } - credit = min_t(u32, icmp_global.credit + incr, - READ_ONCE(sysctl_icmp_msgs_burst)); - if (credit) { - /* We want to use a credit of one in average, but need to randomize - * it for security reasons. - */ - credit = max_t(int, credit - get_random_u32_below(3), 0); - rc = true; - } - WRITE_ONCE(icmp_global.credit, credit); - spin_unlock(&icmp_global.lock); - return rc; + return true; } EXPORT_SYMBOL(icmp_global_allow); +void icmp_global_consume(void) +{ + int credits = get_random_u32_below(3); + + /* Note: this might make icmp_global.credit negative. */ + if (credits) + atomic_sub(credits, &icmp_global.credit); +} +EXPORT_SYMBOL(icmp_global_consume); + static bool icmpv4_mask_allow(struct net *net, int type, int code) { if (type > NR_ICMP_TYPES) @@ -291,14 +293,16 @@ static bool icmpv4_mask_allow(struct net *net, int type, int code) return false; } -static bool icmpv4_global_allow(struct net *net, int type, int code) +static bool icmpv4_global_allow(struct net *net, int type, int code, + bool *apply_ratelimit) { if (icmpv4_mask_allow(net, type, code)) return true; - if (icmp_global_allow()) + if (icmp_global_allow()) { + *apply_ratelimit = true; return true; - + } __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITGLOBAL); return false; } @@ -308,15 +312,16 @@ static bool icmpv4_global_allow(struct net *net, int type, int code) */ static bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt, - struct flowi4 *fl4, int type, int code) + struct flowi4 *fl4, int type, int code, + bool apply_ratelimit) { struct dst_entry *dst = &rt->dst; struct inet_peer *peer; bool rc = true; int vif; - if (icmpv4_mask_allow(net, type, code)) - goto out; + if (!apply_ratelimit) + return true; /* No rate limit on loopback */ if (dst->dev && (dst->dev->flags&IFF_LOOPBACK)) @@ -331,6 +336,8 @@ static bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt, out: if (!rc) __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITHOST); + else + icmp_global_consume(); return rc; } @@ -402,6 +409,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) struct ipcm_cookie ipc; struct rtable *rt = skb_rtable(skb); struct net *net = dev_net(rt->dst.dev); + bool apply_ratelimit = false; struct flowi4 fl4; struct sock *sk; struct inet_sock *inet; @@ -413,11 +421,11 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) if (ip_options_echo(net, &icmp_param->replyopts.opt.opt, skb)) return; - /* Needed by both icmp_global_allow and icmp_xmit_lock */ + /* Needed by both icmpv4_global_allow and icmp_xmit_lock */ local_bh_disable(); - /* global icmp_msgs_per_sec */ - if (!icmpv4_global_allow(net, type, code)) + /* is global icmp_msgs_per_sec exhausted ? */ + if (!icmpv4_global_allow(net, type, code, &apply_ratelimit)) goto out_bh_enable; sk = icmp_xmit_lock(net); @@ -450,7 +458,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) rt = ip_route_output_key(net, &fl4); if (IS_ERR(rt)) goto out_unlock; - if (icmpv4_xrlim_allow(net, rt, &fl4, type, code)) + if (icmpv4_xrlim_allow(net, rt, &fl4, type, code, apply_ratelimit)) icmp_push_reply(sk, icmp_param, &fl4, &ipc, &rt); ip_rt_put(rt); out_unlock: @@ -596,6 +604,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, int room; struct icmp_bxm icmp_param; struct rtable *rt = skb_rtable(skb_in); + bool apply_ratelimit = false; struct ipcm_cookie ipc; struct flowi4 fl4; __be32 saddr; @@ -677,7 +686,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, } } - /* Needed by both icmp_global_allow and icmp_xmit_lock */ + /* Needed by both icmpv4_global_allow and icmp_xmit_lock */ local_bh_disable(); /* Check global sysctl_icmp_msgs_per_sec ratelimit, unless @@ -685,7 +694,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, * loopback, then peer ratelimit still work (in icmpv4_xrlim_allow) */ if (!(skb_in->dev && (skb_in->dev->flags&IFF_LOOPBACK)) && - !icmpv4_global_allow(net, type, code)) + !icmpv4_global_allow(net, type, code, &apply_ratelimit)) goto out_bh_enable; sk = icmp_xmit_lock(net); @@ -744,7 +753,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, goto out_unlock; /* peer icmp_ratelimit */ - if (!icmpv4_xrlim_allow(net, rt, &fl4, type, code)) + if (!icmpv4_xrlim_allow(net, rt, &fl4, type, code, apply_ratelimit)) goto ende; /* RFC says return as much as we can without exceeding 576 bytes. */ diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index 7b31674644ef..46f70e4a8351 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c @@ -175,14 +175,16 @@ static bool icmpv6_mask_allow(struct net *net, int type) return false; } -static bool icmpv6_global_allow(struct net *net, int type) +static bool icmpv6_global_allow(struct net *net, int type, + bool *apply_ratelimit) { if (icmpv6_mask_allow(net, type)) return true; - if (icmp_global_allow()) + if (icmp_global_allow()) { + *apply_ratelimit = true; return true; - + } __ICMP_INC_STATS(net, ICMP_MIB_RATELIMITGLOBAL); return false; } @@ -191,13 +193,13 @@ static bool icmpv6_global_allow(struct net *net, int type) * Check the ICMP output rate limit */ static bool icmpv6_xrlim_allow(struct sock *sk, u8 type, - struct flowi6 *fl6) + struct flowi6 *fl6, bool apply_ratelimit) { struct net *net = sock_net(sk); struct dst_entry *dst; bool res = false; - if (icmpv6_mask_allow(net, type)) + if (!apply_ratelimit) return true; /* @@ -228,6 +230,8 @@ static bool icmpv6_xrlim_allow(struct sock *sk, u8 type, if (!res) __ICMP6_INC_STATS(net, ip6_dst_idev(dst), ICMP6_MIB_RATELIMITHOST); + else + icmp_global_consume(); dst_release(dst); return res; } @@ -452,6 +456,7 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, struct net *net; struct ipv6_pinfo *np; const struct in6_addr *saddr = NULL; + bool apply_ratelimit = false; struct dst_entry *dst; struct icmp6hdr tmp_hdr; struct flowi6 fl6; @@ -533,11 +538,12 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, return; } - /* Needed by both icmp_global_allow and icmpv6_xmit_lock */ + /* Needed by both icmpv6_global_allow and icmpv6_xmit_lock */ local_bh_disable(); /* Check global sysctl_icmp_msgs_per_sec ratelimit */ - if (!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, type)) + if (!(skb->dev->flags & IFF_LOOPBACK) && + !icmpv6_global_allow(net, type, &apply_ratelimit)) goto out_bh_enable; mip6_addr_swap(skb, parm); @@ -575,7 +581,7 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info, np = inet6_sk(sk); - if (!icmpv6_xrlim_allow(sk, type, &fl6)) + if (!icmpv6_xrlim_allow(sk, type, &fl6, apply_ratelimit)) goto out; tmp_hdr.icmp6_type = type; @@ -717,6 +723,7 @@ static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb) struct ipv6_pinfo *np; const struct in6_addr *saddr = NULL; struct icmp6hdr *icmph = icmp6_hdr(skb); + bool apply_ratelimit = false; struct icmp6hdr tmp_hdr; struct flowi6 fl6; struct icmpv6_msg msg; @@ -781,8 +788,9 @@ static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb) goto out; /* Check the ratelimit */ - if ((!(skb->dev->flags & IFF_LOOPBACK) && !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY)) || - !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6)) + if ((!(skb->dev->flags & IFF_LOOPBACK) && + !icmpv6_global_allow(net, ICMPV6_ECHO_REPLY, &apply_ratelimit)) || + !icmpv6_xrlim_allow(sk, ICMPV6_ECHO_REPLY, &fl6, apply_ratelimit)) goto out_dst_release; idev = __in6_dev_get(skb->dev);

7 months

1
0
0 0

FAILED: patch "[PATCH] f2fs: Require FMODE_WRITE for atomic write ioctls" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 4f5a100f87f32cb65d4bb1ad282a08c92f6f591e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100136-reanalyze-footwork-21f0@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 4f5a100f87f3 ("f2fs: Require FMODE_WRITE for atomic write ioctls") 01beba7957a2 ("fs: port inode_owner_or_capable() to mnt_idmap") f2d40141d5d9 ("fs: port inode_init_owner() to mnt_idmap") 4609e1f18e19 ("fs: port ->permission() to pass mnt_idmap") 8782a9aea3ab ("fs: port ->fileattr_set() to pass mnt_idmap") 13e83a4923be ("fs: port ->set_acl() to pass mnt_idmap") 77435322777d ("fs: port ->get_acl() to pass mnt_idmap") 011e2b717b1b ("fs: port ->tmpfile() to pass mnt_idmap") 5ebb29bee8d5 ("fs: port ->mknod() to pass mnt_idmap") c54bd91e9eab ("fs: port ->mkdir() to pass mnt_idmap") 7a77db95511c ("fs: port ->symlink() to pass mnt_idmap") 6c960e68aaed ("fs: port ->create() to pass mnt_idmap") b74d24f7a74f ("fs: port ->getattr() to pass mnt_idmap") c1632a0f1120 ("fs: port ->setattr() to pass mnt_idmap") abf08576afe3 ("fs: port vfs_*() helpers to struct mnt_idmap") 6022ec6ee2c3 ("Merge tag 'ntfs3_for_6.2' of https://github.com/Paragon-Software-Group/linux-ntfs3") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4f5a100f87f32cb65d4bb1ad282a08c92f6f591e Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Tue, 6 Aug 2024 16:07:16 +0200 Subject: [PATCH] f2fs: Require FMODE_WRITE for atomic write ioctls The F2FS ioctls for starting and committing atomic writes check for inode_owner_or_capable(), but this does not give LSMs like SELinux or Landlock an opportunity to deny the write access - if the caller's FSUID matches the inode's UID, inode_owner_or_capable() immediately returns true. There are scenarios where LSMs want to deny a process the ability to write particular files, even files that the FSUID of the process owns; but this can currently partially be bypassed using atomic write ioctls in two ways: - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can truncate an inode to size 0 - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert changes another process concurrently made to a file Fix it by requiring FMODE_WRITE for these operations, just like for F2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these ioctls when intending to write into the file, that seems unlikely to break anything. Fixes: 88b88a667971 ("f2fs: support atomic writes") Cc: stable(a)vger.kernel.org Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Chao Yu <chao(a)kernel.org> Reviewed-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index bddcb2cd945a..2c591fbc75a9 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2131,6 +2131,9 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) loff_t isize; int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(idmap, inode)) return -EACCES; @@ -2239,6 +2242,9 @@ static int f2fs_ioc_commit_atomic_write(struct file *filp) struct mnt_idmap *idmap = file_mnt_idmap(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(idmap, inode)) return -EACCES; @@ -2271,6 +2277,9 @@ static int f2fs_ioc_abort_atomic_write(struct file *filp) struct mnt_idmap *idmap = file_mnt_idmap(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(idmap, inode)) return -EACCES;

7 months

1
0
0 0

FAILED: patch "[PATCH] f2fs: Require FMODE_WRITE for atomic write ioctls" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 4f5a100f87f32cb65d4bb1ad282a08c92f6f591e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100135-magenta-resigned-365f@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 4f5a100f87f3 ("f2fs: Require FMODE_WRITE for atomic write ioctls") 01beba7957a2 ("fs: port inode_owner_or_capable() to mnt_idmap") f2d40141d5d9 ("fs: port inode_init_owner() to mnt_idmap") 4609e1f18e19 ("fs: port ->permission() to pass mnt_idmap") 8782a9aea3ab ("fs: port ->fileattr_set() to pass mnt_idmap") 13e83a4923be ("fs: port ->set_acl() to pass mnt_idmap") 77435322777d ("fs: port ->get_acl() to pass mnt_idmap") 011e2b717b1b ("fs: port ->tmpfile() to pass mnt_idmap") 5ebb29bee8d5 ("fs: port ->mknod() to pass mnt_idmap") c54bd91e9eab ("fs: port ->mkdir() to pass mnt_idmap") 7a77db95511c ("fs: port ->symlink() to pass mnt_idmap") 6c960e68aaed ("fs: port ->create() to pass mnt_idmap") b74d24f7a74f ("fs: port ->getattr() to pass mnt_idmap") c1632a0f1120 ("fs: port ->setattr() to pass mnt_idmap") abf08576afe3 ("fs: port vfs_*() helpers to struct mnt_idmap") 6022ec6ee2c3 ("Merge tag 'ntfs3_for_6.2' of https://github.com/Paragon-Software-Group/linux-ntfs3") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4f5a100f87f32cb65d4bb1ad282a08c92f6f591e Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Tue, 6 Aug 2024 16:07:16 +0200 Subject: [PATCH] f2fs: Require FMODE_WRITE for atomic write ioctls The F2FS ioctls for starting and committing atomic writes check for inode_owner_or_capable(), but this does not give LSMs like SELinux or Landlock an opportunity to deny the write access - if the caller's FSUID matches the inode's UID, inode_owner_or_capable() immediately returns true. There are scenarios where LSMs want to deny a process the ability to write particular files, even files that the FSUID of the process owns; but this can currently partially be bypassed using atomic write ioctls in two ways: - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can truncate an inode to size 0 - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert changes another process concurrently made to a file Fix it by requiring FMODE_WRITE for these operations, just like for F2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these ioctls when intending to write into the file, that seems unlikely to break anything. Fixes: 88b88a667971 ("f2fs: support atomic writes") Cc: stable(a)vger.kernel.org Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Chao Yu <chao(a)kernel.org> Reviewed-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index bddcb2cd945a..2c591fbc75a9 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2131,6 +2131,9 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) loff_t isize; int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(idmap, inode)) return -EACCES; @@ -2239,6 +2242,9 @@ static int f2fs_ioc_commit_atomic_write(struct file *filp) struct mnt_idmap *idmap = file_mnt_idmap(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(idmap, inode)) return -EACCES; @@ -2271,6 +2277,9 @@ static int f2fs_ioc_abort_atomic_write(struct file *filp) struct mnt_idmap *idmap = file_mnt_idmap(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(idmap, inode)) return -EACCES;

7 months

1
0
0 0

FAILED: patch "[PATCH] f2fs: Require FMODE_WRITE for atomic write ioctls" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 4f5a100f87f32cb65d4bb1ad282a08c92f6f591e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100134-blustery-wisplike-6b11@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 4f5a100f87f3 ("f2fs: Require FMODE_WRITE for atomic write ioctls") 01beba7957a2 ("fs: port inode_owner_or_capable() to mnt_idmap") f2d40141d5d9 ("fs: port inode_init_owner() to mnt_idmap") 4609e1f18e19 ("fs: port ->permission() to pass mnt_idmap") 8782a9aea3ab ("fs: port ->fileattr_set() to pass mnt_idmap") 13e83a4923be ("fs: port ->set_acl() to pass mnt_idmap") 77435322777d ("fs: port ->get_acl() to pass mnt_idmap") 011e2b717b1b ("fs: port ->tmpfile() to pass mnt_idmap") 5ebb29bee8d5 ("fs: port ->mknod() to pass mnt_idmap") c54bd91e9eab ("fs: port ->mkdir() to pass mnt_idmap") 7a77db95511c ("fs: port ->symlink() to pass mnt_idmap") 6c960e68aaed ("fs: port ->create() to pass mnt_idmap") b74d24f7a74f ("fs: port ->getattr() to pass mnt_idmap") c1632a0f1120 ("fs: port ->setattr() to pass mnt_idmap") abf08576afe3 ("fs: port vfs_*() helpers to struct mnt_idmap") 6022ec6ee2c3 ("Merge tag 'ntfs3_for_6.2' of https://github.com/Paragon-Software-Group/linux-ntfs3") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4f5a100f87f32cb65d4bb1ad282a08c92f6f591e Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Tue, 6 Aug 2024 16:07:16 +0200 Subject: [PATCH] f2fs: Require FMODE_WRITE for atomic write ioctls The F2FS ioctls for starting and committing atomic writes check for inode_owner_or_capable(), but this does not give LSMs like SELinux or Landlock an opportunity to deny the write access - if the caller's FSUID matches the inode's UID, inode_owner_or_capable() immediately returns true. There are scenarios where LSMs want to deny a process the ability to write particular files, even files that the FSUID of the process owns; but this can currently partially be bypassed using atomic write ioctls in two ways: - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can truncate an inode to size 0 - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert changes another process concurrently made to a file Fix it by requiring FMODE_WRITE for these operations, just like for F2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these ioctls when intending to write into the file, that seems unlikely to break anything. Fixes: 88b88a667971 ("f2fs: support atomic writes") Cc: stable(a)vger.kernel.org Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Chao Yu <chao(a)kernel.org> Reviewed-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index bddcb2cd945a..2c591fbc75a9 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2131,6 +2131,9 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) loff_t isize; int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(idmap, inode)) return -EACCES; @@ -2239,6 +2242,9 @@ static int f2fs_ioc_commit_atomic_write(struct file *filp) struct mnt_idmap *idmap = file_mnt_idmap(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(idmap, inode)) return -EACCES; @@ -2271,6 +2277,9 @@ static int f2fs_ioc_abort_atomic_write(struct file *filp) struct mnt_idmap *idmap = file_mnt_idmap(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(idmap, inode)) return -EACCES;

7 months

1
0
0 0

FAILED: patch "[PATCH] f2fs: Require FMODE_WRITE for atomic write ioctls" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 4f5a100f87f32cb65d4bb1ad282a08c92f6f591e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100133-islamic-matriarch-4cee@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 4f5a100f87f3 ("f2fs: Require FMODE_WRITE for atomic write ioctls") 01beba7957a2 ("fs: port inode_owner_or_capable() to mnt_idmap") f2d40141d5d9 ("fs: port inode_init_owner() to mnt_idmap") 4609e1f18e19 ("fs: port ->permission() to pass mnt_idmap") 8782a9aea3ab ("fs: port ->fileattr_set() to pass mnt_idmap") 13e83a4923be ("fs: port ->set_acl() to pass mnt_idmap") 77435322777d ("fs: port ->get_acl() to pass mnt_idmap") 011e2b717b1b ("fs: port ->tmpfile() to pass mnt_idmap") 5ebb29bee8d5 ("fs: port ->mknod() to pass mnt_idmap") c54bd91e9eab ("fs: port ->mkdir() to pass mnt_idmap") 7a77db95511c ("fs: port ->symlink() to pass mnt_idmap") 6c960e68aaed ("fs: port ->create() to pass mnt_idmap") b74d24f7a74f ("fs: port ->getattr() to pass mnt_idmap") c1632a0f1120 ("fs: port ->setattr() to pass mnt_idmap") abf08576afe3 ("fs: port vfs_*() helpers to struct mnt_idmap") 6022ec6ee2c3 ("Merge tag 'ntfs3_for_6.2' of https://github.com/Paragon-Software-Group/linux-ntfs3") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4f5a100f87f32cb65d4bb1ad282a08c92f6f591e Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Tue, 6 Aug 2024 16:07:16 +0200 Subject: [PATCH] f2fs: Require FMODE_WRITE for atomic write ioctls The F2FS ioctls for starting and committing atomic writes check for inode_owner_or_capable(), but this does not give LSMs like SELinux or Landlock an opportunity to deny the write access - if the caller's FSUID matches the inode's UID, inode_owner_or_capable() immediately returns true. There are scenarios where LSMs want to deny a process the ability to write particular files, even files that the FSUID of the process owns; but this can currently partially be bypassed using atomic write ioctls in two ways: - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can truncate an inode to size 0 - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert changes another process concurrently made to a file Fix it by requiring FMODE_WRITE for these operations, just like for F2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these ioctls when intending to write into the file, that seems unlikely to break anything. Fixes: 88b88a667971 ("f2fs: support atomic writes") Cc: stable(a)vger.kernel.org Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Chao Yu <chao(a)kernel.org> Reviewed-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index bddcb2cd945a..2c591fbc75a9 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2131,6 +2131,9 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) loff_t isize; int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(idmap, inode)) return -EACCES; @@ -2239,6 +2242,9 @@ static int f2fs_ioc_commit_atomic_write(struct file *filp) struct mnt_idmap *idmap = file_mnt_idmap(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(idmap, inode)) return -EACCES; @@ -2271,6 +2277,9 @@ static int f2fs_ioc_abort_atomic_write(struct file *filp) struct mnt_idmap *idmap = file_mnt_idmap(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(idmap, inode)) return -EACCES;

7 months

1
0
0 0

FAILED: patch "[PATCH] f2fs: Require FMODE_WRITE for atomic write ioctls" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 4f5a100f87f32cb65d4bb1ad282a08c92f6f591e # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100132-panorama-legacy-223d@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 4f5a100f87f3 ("f2fs: Require FMODE_WRITE for atomic write ioctls") 01beba7957a2 ("fs: port inode_owner_or_capable() to mnt_idmap") f2d40141d5d9 ("fs: port inode_init_owner() to mnt_idmap") 4609e1f18e19 ("fs: port ->permission() to pass mnt_idmap") 8782a9aea3ab ("fs: port ->fileattr_set() to pass mnt_idmap") 13e83a4923be ("fs: port ->set_acl() to pass mnt_idmap") 77435322777d ("fs: port ->get_acl() to pass mnt_idmap") 011e2b717b1b ("fs: port ->tmpfile() to pass mnt_idmap") 5ebb29bee8d5 ("fs: port ->mknod() to pass mnt_idmap") c54bd91e9eab ("fs: port ->mkdir() to pass mnt_idmap") 7a77db95511c ("fs: port ->symlink() to pass mnt_idmap") 6c960e68aaed ("fs: port ->create() to pass mnt_idmap") b74d24f7a74f ("fs: port ->getattr() to pass mnt_idmap") c1632a0f1120 ("fs: port ->setattr() to pass mnt_idmap") abf08576afe3 ("fs: port vfs_*() helpers to struct mnt_idmap") 6022ec6ee2c3 ("Merge tag 'ntfs3_for_6.2' of https://github.com/Paragon-Software-Group/linux-ntfs3") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 4f5a100f87f32cb65d4bb1ad282a08c92f6f591e Mon Sep 17 00:00:00 2001 From: Jann Horn <jannh(a)google.com> Date: Tue, 6 Aug 2024 16:07:16 +0200 Subject: [PATCH] f2fs: Require FMODE_WRITE for atomic write ioctls The F2FS ioctls for starting and committing atomic writes check for inode_owner_or_capable(), but this does not give LSMs like SELinux or Landlock an opportunity to deny the write access - if the caller's FSUID matches the inode's UID, inode_owner_or_capable() immediately returns true. There are scenarios where LSMs want to deny a process the ability to write particular files, even files that the FSUID of the process owns; but this can currently partially be bypassed using atomic write ioctls in two ways: - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can truncate an inode to size 0 - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert changes another process concurrently made to a file Fix it by requiring FMODE_WRITE for these operations, just like for F2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these ioctls when intending to write into the file, that seems unlikely to break anything. Fixes: 88b88a667971 ("f2fs: support atomic writes") Cc: stable(a)vger.kernel.org Signed-off-by: Jann Horn <jannh(a)google.com> Reviewed-by: Chao Yu <chao(a)kernel.org> Reviewed-by: Eric Biggers <ebiggers(a)google.com> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index bddcb2cd945a..2c591fbc75a9 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2131,6 +2131,9 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) loff_t isize; int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(idmap, inode)) return -EACCES; @@ -2239,6 +2242,9 @@ static int f2fs_ioc_commit_atomic_write(struct file *filp) struct mnt_idmap *idmap = file_mnt_idmap(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(idmap, inode)) return -EACCES; @@ -2271,6 +2277,9 @@ static int f2fs_ioc_abort_atomic_write(struct file *filp) struct mnt_idmap *idmap = file_mnt_idmap(filp); int ret; + if (!(filp->f_mode & FMODE_WRITE)) + return -EBADF; + if (!inode_owner_or_capable(idmap, inode)) return -EACCES;

7 months

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix several potential integer overflows in file offsets" failed to apply to 4.19-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 4.19-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-4.19.y git checkout FETCH_HEAD git cherry-pick -x 1cade98cf6415897bf9342ee451cc5b40b58c638 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100148-utensil-cornbread-3a99@gregkh' --subject-prefix 'PATCH 4.19.y' HEAD^.. Possible dependencies: 1cade98cf641 ("f2fs: fix several potential integer overflows in file offsets") e7547daccd6a ("f2fs: refactor extent_cache to support for read and more") 749d543c0d45 ("f2fs: remove unnecessary __init_extent_tree") 3bac20a8f011 ("f2fs: move internal functions into extent_cache.c") 12607c1ba763 ("f2fs: specify extent cache for read explicitly") 544b53dadc20 ("f2fs: code clean and fix a type error") a834aa3ec95b ("f2fs: add "c_len" into trace_f2fs_update_extent_tree_range for compressed file") 07725adc55c0 ("f2fs: fix race condition on setting FI_NO_EXTENT flag") 01fc4b9a6ed8 ("f2fs: use onstack pages instead of pvec") 4f8219f8aa17 ("f2fs: intorduce f2fs_all_cluster_page_ready") 054cb2891b9c ("f2fs: replace F2FS_I(inode) and sbi by the local variable") 3db1de0e582c ("f2fs: change the current atomic write way") 71419129625a ("f2fs: give priority to select unpinned section for foreground GC") a9163b947ae8 ("f2fs: write checkpoint during FG_GC") 2aaf51dd39af ("f2fs: fix dereference of stale list iterator after loop body") 642c0969916e ("f2fs: don't set GC_FAILURE_PIN for background GC") a22bb5526d7d ("f2fs: check pinfile in gc_data_segment() in advance") 6b1f86f8e9c7 ("Merge tag 'folio-5.18b' of git://git.infradead.org/users/willy/pagecache") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1cade98cf6415897bf9342ee451cc5b40b58c638 Mon Sep 17 00:00:00 2001 From: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Date: Wed, 24 Jul 2024 10:28:38 -0700 Subject: [PATCH] f2fs: fix several potential integer overflows in file offsets When dealing with large extents and calculating file offsets by summing up according extent offsets and lengths of unsigned int type, one may encounter possible integer overflow if the values are big enough. Prevent this from happening by expanding one of the addends to (pgoff_t) type. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: d323d005ac4a ("f2fs: support file defragment") Cc: stable(a)vger.kernel.org Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Reviewed-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/extent_cache.c b/fs/f2fs/extent_cache.c index fd1fc06359ee..62ac440d9416 100644 --- a/fs/f2fs/extent_cache.c +++ b/fs/f2fs/extent_cache.c @@ -366,7 +366,7 @@ static unsigned int __free_extent_tree(struct f2fs_sb_info *sbi, static void __drop_largest_extent(struct extent_tree *et, pgoff_t fofs, unsigned int len) { - if (fofs < et->largest.fofs + et->largest.len && + if (fofs < (pgoff_t)et->largest.fofs + et->largest.len && fofs + len > et->largest.fofs) { et->largest.len = 0; et->largest_updated = true; @@ -456,7 +456,7 @@ static bool __lookup_extent_tree(struct inode *inode, pgoff_t pgofs, if (type == EX_READ && et->largest.fofs <= pgofs && - et->largest.fofs + et->largest.len > pgofs) { + (pgoff_t)et->largest.fofs + et->largest.len > pgofs) { *ei = et->largest; ret = true; stat_inc_largest_node_hit(sbi); diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 168f08507004..c598cfe5e0ed 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2710,7 +2710,7 @@ static int f2fs_defragment_range(struct f2fs_sb_info *sbi, * block addresses are continuous. */ if (f2fs_lookup_read_extent_cache(inode, pg_start, &ei)) { - if (ei.fofs + ei.len >= pg_end) + if ((pgoff_t)ei.fofs + ei.len >= pg_end) goto out; }

7 months

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix several potential integer overflows in file offsets" failed to apply to 5.4-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.4-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.4.y git checkout FETCH_HEAD git cherry-pick -x 1cade98cf6415897bf9342ee451cc5b40b58c638 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100147-unsolved-revision-357a@gregkh' --subject-prefix 'PATCH 5.4.y' HEAD^.. Possible dependencies: 1cade98cf641 ("f2fs: fix several potential integer overflows in file offsets") e7547daccd6a ("f2fs: refactor extent_cache to support for read and more") 749d543c0d45 ("f2fs: remove unnecessary __init_extent_tree") 3bac20a8f011 ("f2fs: move internal functions into extent_cache.c") 12607c1ba763 ("f2fs: specify extent cache for read explicitly") 544b53dadc20 ("f2fs: code clean and fix a type error") a834aa3ec95b ("f2fs: add "c_len" into trace_f2fs_update_extent_tree_range for compressed file") 07725adc55c0 ("f2fs: fix race condition on setting FI_NO_EXTENT flag") 01fc4b9a6ed8 ("f2fs: use onstack pages instead of pvec") 4f8219f8aa17 ("f2fs: intorduce f2fs_all_cluster_page_ready") 054cb2891b9c ("f2fs: replace F2FS_I(inode) and sbi by the local variable") 3db1de0e582c ("f2fs: change the current atomic write way") 71419129625a ("f2fs: give priority to select unpinned section for foreground GC") a9163b947ae8 ("f2fs: write checkpoint during FG_GC") 2aaf51dd39af ("f2fs: fix dereference of stale list iterator after loop body") 642c0969916e ("f2fs: don't set GC_FAILURE_PIN for background GC") a22bb5526d7d ("f2fs: check pinfile in gc_data_segment() in advance") 6b1f86f8e9c7 ("Merge tag 'folio-5.18b' of git://git.infradead.org/users/willy/pagecache") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1cade98cf6415897bf9342ee451cc5b40b58c638 Mon Sep 17 00:00:00 2001 From: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Date: Wed, 24 Jul 2024 10:28:38 -0700 Subject: [PATCH] f2fs: fix several potential integer overflows in file offsets When dealing with large extents and calculating file offsets by summing up according extent offsets and lengths of unsigned int type, one may encounter possible integer overflow if the values are big enough. Prevent this from happening by expanding one of the addends to (pgoff_t) type. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: d323d005ac4a ("f2fs: support file defragment") Cc: stable(a)vger.kernel.org Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Reviewed-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/extent_cache.c b/fs/f2fs/extent_cache.c index fd1fc06359ee..62ac440d9416 100644 --- a/fs/f2fs/extent_cache.c +++ b/fs/f2fs/extent_cache.c @@ -366,7 +366,7 @@ static unsigned int __free_extent_tree(struct f2fs_sb_info *sbi, static void __drop_largest_extent(struct extent_tree *et, pgoff_t fofs, unsigned int len) { - if (fofs < et->largest.fofs + et->largest.len && + if (fofs < (pgoff_t)et->largest.fofs + et->largest.len && fofs + len > et->largest.fofs) { et->largest.len = 0; et->largest_updated = true; @@ -456,7 +456,7 @@ static bool __lookup_extent_tree(struct inode *inode, pgoff_t pgofs, if (type == EX_READ && et->largest.fofs <= pgofs && - et->largest.fofs + et->largest.len > pgofs) { + (pgoff_t)et->largest.fofs + et->largest.len > pgofs) { *ei = et->largest; ret = true; stat_inc_largest_node_hit(sbi); diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 168f08507004..c598cfe5e0ed 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2710,7 +2710,7 @@ static int f2fs_defragment_range(struct f2fs_sb_info *sbi, * block addresses are continuous. */ if (f2fs_lookup_read_extent_cache(inode, pg_start, &ei)) { - if (ei.fofs + ei.len >= pg_end) + if ((pgoff_t)ei.fofs + ei.len >= pg_end) goto out; }

7 months

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix several potential integer overflows in file offsets" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 1cade98cf6415897bf9342ee451cc5b40b58c638 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100147-untaxed-viscosity-628e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 1cade98cf641 ("f2fs: fix several potential integer overflows in file offsets") e7547daccd6a ("f2fs: refactor extent_cache to support for read and more") 749d543c0d45 ("f2fs: remove unnecessary __init_extent_tree") 3bac20a8f011 ("f2fs: move internal functions into extent_cache.c") 12607c1ba763 ("f2fs: specify extent cache for read explicitly") 544b53dadc20 ("f2fs: code clean and fix a type error") a834aa3ec95b ("f2fs: add "c_len" into trace_f2fs_update_extent_tree_range for compressed file") 07725adc55c0 ("f2fs: fix race condition on setting FI_NO_EXTENT flag") 01fc4b9a6ed8 ("f2fs: use onstack pages instead of pvec") 4f8219f8aa17 ("f2fs: intorduce f2fs_all_cluster_page_ready") 054cb2891b9c ("f2fs: replace F2FS_I(inode) and sbi by the local variable") 3db1de0e582c ("f2fs: change the current atomic write way") 71419129625a ("f2fs: give priority to select unpinned section for foreground GC") a9163b947ae8 ("f2fs: write checkpoint during FG_GC") 2aaf51dd39af ("f2fs: fix dereference of stale list iterator after loop body") 642c0969916e ("f2fs: don't set GC_FAILURE_PIN for background GC") a22bb5526d7d ("f2fs: check pinfile in gc_data_segment() in advance") 6b1f86f8e9c7 ("Merge tag 'folio-5.18b' of git://git.infradead.org/users/willy/pagecache") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1cade98cf6415897bf9342ee451cc5b40b58c638 Mon Sep 17 00:00:00 2001 From: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Date: Wed, 24 Jul 2024 10:28:38 -0700 Subject: [PATCH] f2fs: fix several potential integer overflows in file offsets When dealing with large extents and calculating file offsets by summing up according extent offsets and lengths of unsigned int type, one may encounter possible integer overflow if the values are big enough. Prevent this from happening by expanding one of the addends to (pgoff_t) type. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: d323d005ac4a ("f2fs: support file defragment") Cc: stable(a)vger.kernel.org Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Reviewed-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/extent_cache.c b/fs/f2fs/extent_cache.c index fd1fc06359ee..62ac440d9416 100644 --- a/fs/f2fs/extent_cache.c +++ b/fs/f2fs/extent_cache.c @@ -366,7 +366,7 @@ static unsigned int __free_extent_tree(struct f2fs_sb_info *sbi, static void __drop_largest_extent(struct extent_tree *et, pgoff_t fofs, unsigned int len) { - if (fofs < et->largest.fofs + et->largest.len && + if (fofs < (pgoff_t)et->largest.fofs + et->largest.len && fofs + len > et->largest.fofs) { et->largest.len = 0; et->largest_updated = true; @@ -456,7 +456,7 @@ static bool __lookup_extent_tree(struct inode *inode, pgoff_t pgofs, if (type == EX_READ && et->largest.fofs <= pgofs && - et->largest.fofs + et->largest.len > pgofs) { + (pgoff_t)et->largest.fofs + et->largest.len > pgofs) { *ei = et->largest; ret = true; stat_inc_largest_node_hit(sbi); diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 168f08507004..c598cfe5e0ed 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2710,7 +2710,7 @@ static int f2fs_defragment_range(struct f2fs_sb_info *sbi, * block addresses are continuous. */ if (f2fs_lookup_read_extent_cache(inode, pg_start, &ei)) { - if (ei.fofs + ei.len >= pg_end) + if ((pgoff_t)ei.fofs + ei.len >= pg_end) goto out; }

7 months

1
0
0 0

FAILED: patch "[PATCH] f2fs: fix several potential integer overflows in file offsets" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 1cade98cf6415897bf9342ee451cc5b40b58c638 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100146-petite-uncoated-28c9@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 1cade98cf641 ("f2fs: fix several potential integer overflows in file offsets") e7547daccd6a ("f2fs: refactor extent_cache to support for read and more") 749d543c0d45 ("f2fs: remove unnecessary __init_extent_tree") 3bac20a8f011 ("f2fs: move internal functions into extent_cache.c") 12607c1ba763 ("f2fs: specify extent cache for read explicitly") 544b53dadc20 ("f2fs: code clean and fix a type error") a834aa3ec95b ("f2fs: add "c_len" into trace_f2fs_update_extent_tree_range for compressed file") 07725adc55c0 ("f2fs: fix race condition on setting FI_NO_EXTENT flag") 01fc4b9a6ed8 ("f2fs: use onstack pages instead of pvec") 4f8219f8aa17 ("f2fs: intorduce f2fs_all_cluster_page_ready") 054cb2891b9c ("f2fs: replace F2FS_I(inode) and sbi by the local variable") 3db1de0e582c ("f2fs: change the current atomic write way") 71419129625a ("f2fs: give priority to select unpinned section for foreground GC") a9163b947ae8 ("f2fs: write checkpoint during FG_GC") 2aaf51dd39af ("f2fs: fix dereference of stale list iterator after loop body") 642c0969916e ("f2fs: don't set GC_FAILURE_PIN for background GC") a22bb5526d7d ("f2fs: check pinfile in gc_data_segment() in advance") 6b1f86f8e9c7 ("Merge tag 'folio-5.18b' of git://git.infradead.org/users/willy/pagecache") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 1cade98cf6415897bf9342ee451cc5b40b58c638 Mon Sep 17 00:00:00 2001 From: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Date: Wed, 24 Jul 2024 10:28:38 -0700 Subject: [PATCH] f2fs: fix several potential integer overflows in file offsets When dealing with large extents and calculating file offsets by summing up according extent offsets and lengths of unsigned int type, one may encounter possible integer overflow if the values are big enough. Prevent this from happening by expanding one of the addends to (pgoff_t) type. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: d323d005ac4a ("f2fs: support file defragment") Cc: stable(a)vger.kernel.org Signed-off-by: Nikita Zhandarovich <n.zhandarovich(a)fintech.ru> Reviewed-by: Chao Yu <chao(a)kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk(a)kernel.org> diff --git a/fs/f2fs/extent_cache.c b/fs/f2fs/extent_cache.c index fd1fc06359ee..62ac440d9416 100644 --- a/fs/f2fs/extent_cache.c +++ b/fs/f2fs/extent_cache.c @@ -366,7 +366,7 @@ static unsigned int __free_extent_tree(struct f2fs_sb_info *sbi, static void __drop_largest_extent(struct extent_tree *et, pgoff_t fofs, unsigned int len) { - if (fofs < et->largest.fofs + et->largest.len && + if (fofs < (pgoff_t)et->largest.fofs + et->largest.len && fofs + len > et->largest.fofs) { et->largest.len = 0; et->largest_updated = true; @@ -456,7 +456,7 @@ static bool __lookup_extent_tree(struct inode *inode, pgoff_t pgofs, if (type == EX_READ && et->largest.fofs <= pgofs && - et->largest.fofs + et->largest.len > pgofs) { + (pgoff_t)et->largest.fofs + et->largest.len > pgofs) { *ei = et->largest; ret = true; stat_inc_largest_node_hit(sbi); diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 168f08507004..c598cfe5e0ed 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2710,7 +2710,7 @@ static int f2fs_defragment_range(struct f2fs_sb_info *sbi, * block addresses are continuous. */ if (f2fs_lookup_read_extent_cache(inode, pg_start, &ei)) { - if (ei.fofs + ei.len >= pg_end) + if ((pgoff_t)ei.fofs + ei.len >= pg_end) goto out; }

7 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: fix race setting file private on concurrent lseek" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 7ee85f5515e86a4e2a2f51969795920733912bad # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100131-uncharted-flyaway-8acd@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 7ee85f5515e8 ("btrfs: fix race setting file private on concurrent lseek using same fd") 68539bd0e73b ("btrfs: update comment for struct btrfs_inode::lock") 398fb9131f31 ("btrfs: reorder btrfs_inode to fill gaps") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 7ee85f5515e86a4e2a2f51969795920733912bad Mon Sep 17 00:00:00 2001 From: Filipe Manana <fdmanana(a)suse.com> Date: Tue, 3 Sep 2024 10:55:36 +0100 Subject: [PATCH] btrfs: fix race setting file private on concurrent lseek using same fd When doing concurrent lseek(2) system calls against the same file descriptor, using multiple threads belonging to the same process, we have a short time window where a race happens and can result in a memory leak. The race happens like this: 1) A program opens a file descriptor for a file and then spawns two threads (with the pthreads library for example), lets call them task A and task B; 2) Task A calls lseek with SEEK_DATA or SEEK_HOLE and ends up at file.c:find_desired_extent() while holding a read lock on the inode; 3) At the start of find_desired_extent(), it extracts the file's private_data pointer into a local variable named 'private', which has a value of NULL; 4) Task B also calls lseek with SEEK_DATA or SEEK_HOLE, locks the inode in shared mode and enters file.c:find_desired_extent(), where it also extracts file->private_data into its local variable 'private', which has a NULL value; 5) Because it saw a NULL file private, task A allocates a private structure and assigns to the file structure; 6) Task B also saw a NULL file private so it also allocates its own file private and then assigns it to the same file structure, since both tasks are using the same file descriptor. At this point we leak the private structure allocated by task A. Besides the memory leak, there's also the detail that both tasks end up using the same cached state record in the private structure (struct btrfs_file_private::llseek_cached_state), which can result in a use-after-free problem since one task can free it while the other is still using it (only one task took a reference count on it). Also, sharing the cached state is not a good idea since it could result in incorrect results in the future - right now it should not be a problem because it end ups being used only in extent-io-tree.c:count_range_bits() where we do range validation before using the cached state. Fix this by protecting the private assignment and check of a file while holding the inode's spinlock and keep track of the task that allocated the private, so that it's used only by that task in order to prevent user-after-free issues with the cached state record as well as potentially using it incorrectly in the future. Fixes: 3c32c7212f16 ("btrfs: use cached state when looking for delalloc ranges with lseek") CC: stable(a)vger.kernel.org # 6.6+ Reviewed-by: Josef Bacik <josef(a)toxicpanda.com> Signed-off-by: Filipe Manana <fdmanana(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/btrfs_inode.h b/fs/btrfs/btrfs_inode.h index 9a4b7c119318..e152fde888fc 100644 --- a/fs/btrfs/btrfs_inode.h +++ b/fs/btrfs/btrfs_inode.h @@ -152,6 +152,7 @@ struct btrfs_inode { * logged_trans), to access/update delalloc_bytes, new_delalloc_bytes, * defrag_bytes, disk_i_size, outstanding_extents, csum_bytes and to * update the VFS' inode number of bytes used. + * Also protects setting struct file::private_data. */ spinlock_t lock; diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h index 1a44fb9845e3..317a3712270f 100644 --- a/fs/btrfs/ctree.h +++ b/fs/btrfs/ctree.h @@ -463,6 +463,8 @@ struct btrfs_file_private { void *filldir_buf; u64 last_index; struct extent_state *llseek_cached_state; + /* Task that allocated this structure. */ + struct task_struct *owner_task; }; static inline u32 BTRFS_LEAF_DATA_SIZE(const struct btrfs_fs_info *info) diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index c5e36f58eb07..4fb521d91b06 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -3485,7 +3485,7 @@ static bool find_desired_extent_in_hole(struct btrfs_inode *inode, int whence, static loff_t find_desired_extent(struct file *file, loff_t offset, int whence) { struct btrfs_inode *inode = BTRFS_I(file->f_mapping->host); - struct btrfs_file_private *private = file->private_data; + struct btrfs_file_private *private; struct btrfs_fs_info *fs_info = inode->root->fs_info; struct extent_state *cached_state = NULL; struct extent_state **delalloc_cached_state; @@ -3513,7 +3513,19 @@ static loff_t find_desired_extent(struct file *file, loff_t offset, int whence) inode_get_bytes(&inode->vfs_inode) == i_size) return i_size; - if (!private) { + spin_lock(&inode->lock); + private = file->private_data; + spin_unlock(&inode->lock); + + if (private && private->owner_task != current) { + /* + * Not allocated by us, don't use it as its cached state is used + * by the task that allocated it and we don't want neither to + * mess with it nor get incorrect results because it reflects an + * invalid state for the current task. + */ + private = NULL; + } else if (!private) { private = kzalloc(sizeof(*private), GFP_KERNEL); /* * No worries if memory allocation failed. @@ -3521,7 +3533,23 @@ static loff_t find_desired_extent(struct file *file, loff_t offset, int whence) * lseek SEEK_HOLE/DATA calls to a file when there's delalloc, * so everything will still be correct. */ - file->private_data = private; + if (private) { + bool free = false; + + private->owner_task = current; + + spin_lock(&inode->lock); + if (file->private_data) + free = true; + else + file->private_data = private; + spin_unlock(&inode->lock); + + if (free) { + kfree(private); + private = NULL; + } + } } if (private)

7 months

1
0
0 0

[PATCH v2 1/4] drm/xe/ct: prevent UAF in send_recv()

by Matthew Auld

Ensure we serialize with completion side to prevent UAF with fence going out of scope on the stack, since we have no clue if it will fire after the timeout before we can erase from the xa. Also we have some dependent loads and stores for which we need the correct ordering, and we lack the needed barriers. Fix this by grabbing the ct->lock after the wait, which is also held by the completion side. v2 (Badal): - Also print done after acquiring the lock and seeing timeout. Fixes: dd08ebf6c352 ("drm/xe: Introduce a new DRM driver for Intel GPUs") Signed-off-by: Matthew Auld <matthew.auld(a)intel.com> Cc: Matthew Brost <matthew.brost(a)intel.com> Cc: Badal Nilawar <badal.nilawar(a)intel.com> Cc: <stable(a)vger.kernel.org> # v6.8+ --- drivers/gpu/drm/xe/xe_guc_ct.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/drivers/gpu/drm/xe/xe_guc_ct.c b/drivers/gpu/drm/xe/xe_guc_ct.c index 4b95f75b1546..44263b3cd8c7 100644 --- a/drivers/gpu/drm/xe/xe_guc_ct.c +++ b/drivers/gpu/drm/xe/xe_guc_ct.c @@ -903,16 +903,26 @@ static int guc_ct_send_recv(struct xe_guc_ct *ct, const u32 *action, u32 len, } ret = wait_event_timeout(ct->g2h_fence_wq, g2h_fence.done, HZ); + + /* + * Ensure we serialize with completion side to prevent UAF with fence going out of scope on + * the stack, since we have no clue if it will fire after the timeout before we can erase + * from the xa. Also we have some dependent loads and stores below for which we need the + * correct ordering, and we lack the needed barriers. + */ + mutex_lock(&ct->lock); if (!ret) { - xe_gt_err(gt, "Timed out wait for G2H, fence %u, action %04x", - g2h_fence.seqno, action[0]); + xe_gt_err(gt, "Timed out wait for G2H, fence %u, action %04x, done %s", + g2h_fence.seqno, action[0], str_yes_no(g2h_fence.done)); xa_erase_irq(&ct->fence_lookup, g2h_fence.seqno); + mutex_unlock(&ct->lock); return -ETIME; } if (g2h_fence.retry) { xe_gt_dbg(gt, "H2G action %#x retrying: reason %#x\n", action[0], g2h_fence.reason); + mutex_unlock(&ct->lock); goto retry; } if (g2h_fence.fail) { @@ -921,7 +931,12 @@ static int guc_ct_send_recv(struct xe_guc_ct *ct, const u32 *action, u32 len, ret = -EIO; } - return ret > 0 ? response_buffer ? g2h_fence.response_len : g2h_fence.response_data : ret; + if (ret > 0) + ret = response_buffer ? g2h_fence.response_len : g2h_fence.response_data; + + mutex_unlock(&ct->lock); + + return ret; } /** -- 2.46.2

7 months

2
5
0 0

[PATCH 6.1 0/2] io_uring/io-wq: respect cgroup cpusets

by Felix Moessbauer

Hi, as discussed in [1], this is a manual backport of the remaining two patches to let the io worker threads respect the affinites defined by the cgroup of the process. In 6.1 one worker is created per NUMA node, while in da64d6db3bd3 ("io_uring: One wqe per wq") this is changed to only have a single worker. As this patch is pretty invasive, Jens and me agreed to not backport it. Instead we now limit the workers cpuset to the cpus that are in the intersection between what the cgroup allows and what the NUMA node has. This leaves the question what to do in case the intersection is empty: To be backwarts compatible, we allow this case, but restrict the cpumask of the poller to the cpuset defined by the cgroup. We further believe this is a reasonable decision, as da64d6db3bd3 drops the NUMA awareness anyways. [1] https://lore.kernel.org/lkml/ec01745a-b102-4f6e-abc9-abd636d36319@kernel.dk Best regards, Felix Moessbauer Siemens AG Felix Moessbauer (2): io_uring/io-wq: do not allow pinning outside of cpuset io_uring/io-wq: inherit cpuset of cgroup in io worker io_uring/io-wq.c | 33 ++++++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) -- 2.39.2

7 months

5
7
0 0

[PATCH 2/2] clk: samsung: Fixes PLL locktime for PLL142XX used on FSD platfom

by Varada Pavani

Add PLL locktime for PLL142XX controller. Fixes: 4f346005aaed ("clk: samsung: fsd: Add initial clock support") Cc: stable(a)vger.kernel.org Signed-off-by: Varada Pavani <v.pavani(a)samsung.com> --- drivers/clk/samsung/clk-pll.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/clk/samsung/clk-pll.c b/drivers/clk/samsung/clk-pll.c index 4be879ab917e..d4c5ae20de4f 100644 --- a/drivers/clk/samsung/clk-pll.c +++ b/drivers/clk/samsung/clk-pll.c @@ -206,6 +206,7 @@ static const struct clk_ops samsung_pll3000_clk_ops = { */ /* Maximum lock time can be 270 * PDIV cycles */ #define PLL35XX_LOCK_FACTOR (270) +#define PLL142XX_LOCK_FACTOR (150) #define PLL35XX_MDIV_MASK (0x3FF) #define PLL35XX_PDIV_MASK (0x3F) @@ -272,7 +273,11 @@ static int samsung_pll35xx_set_rate(struct clk_hw *hw, unsigned long drate, } /* Set PLL lock time. */ - writel_relaxed(rate->pdiv * PLL35XX_LOCK_FACTOR, + if (pll->type == pll_142xx) + writel_relaxed(rate->pdiv * PLL142XX_LOCK_FACTOR, + pll->lock_reg); + else + writel_relaxed(rate->pdiv * PLL35XX_LOCK_FACTOR, pll->lock_reg); /* Change PLL PMS values */ -- 2.17.1

7 months

2
2
0 0

[PATCH 2/2] clk: samsung: Fixes PLL locktime for PLL142XX used on FSD platfom

by Varada Pavani

Add PLL locktime for PLL142XX controller. Fixes: 4f346005aaed ("clk: samsung: fsd: Add initial clock support") Cc: stable(a)vger.kernel.org Signed-off-by: Varada Pavani <v.pavani(a)samsung.com> --- drivers/clk/samsung/clk-pll.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/clk/samsung/clk-pll.c b/drivers/clk/samsung/clk-pll.c index 4be879ab917e..d4c5ae20de4f 100644 --- a/drivers/clk/samsung/clk-pll.c +++ b/drivers/clk/samsung/clk-pll.c @@ -206,6 +206,7 @@ static const struct clk_ops samsung_pll3000_clk_ops = { */ /* Maximum lock time can be 270 * PDIV cycles */ #define PLL35XX_LOCK_FACTOR (270) +#define PLL142XX_LOCK_FACTOR (150) #define PLL35XX_MDIV_MASK (0x3FF) #define PLL35XX_PDIV_MASK (0x3F) @@ -272,7 +273,11 @@ static int samsung_pll35xx_set_rate(struct clk_hw *hw, unsigned long drate, } /* Set PLL lock time. */ - writel_relaxed(rate->pdiv * PLL35XX_LOCK_FACTOR, + if (pll->type == pll_142xx) + writel_relaxed(rate->pdiv * PLL142XX_LOCK_FACTOR, + pll->lock_reg); + else + writel_relaxed(rate->pdiv * PLL35XX_LOCK_FACTOR, pll->lock_reg); /* Change PLL PMS values */ -- 2.17.1

7 months

2
2
0 0

Re: Patch "idpf: enable WB_ON_ITR" has been added to the 6.11-stable tree

by Alexander Lobakin

From: Sasha Levin <sashal(a)kernel.org> Date: Mon, 30 Sep 2024 19:08:34 -0400 > This is a note to let you know that I've just added the patch titled > > idpf: enable WB_ON_ITR > > to the 6.11-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > idpf-enable-wb_on_itr.patch > and it can be found in the queue-6.11 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. Hi, This commit should not be applied standalone and requires relatively big prerequisites from the series it was sent in, so I'd suggest just dropping it from stable. > > > > commit 31ffcb4f7329c601cd6e065d80e4485a468e9980 > Author: Joshua Hay <joshua.a.hay(a)intel.com> > Date: Wed Sep 4 17:47:48 2024 +0200 > > idpf: enable WB_ON_ITR > > [ Upstream commit 9c4a27da0ecc4080dfcd63903dd94f01ba1399dd ] > > Tell hardware to write back completed descriptors even when interrupts > are disabled. Otherwise, descriptors might not be written back until > the hardware can flush a full cacheline of descriptors. This can cause > unnecessary delays when traffic is light (or even trigger Tx queue > timeout). Thanks, Olek

7 months

2
1
0 0

AMD drm patch workflow is broken for stable trees

by Greg KH

Hi all, As some of you have noticed, there's a TON of failure messages being sent out for AMD gpu driver commits that are tagged for stable backports. In short, you all are doing something really wrong with how you are tagging these. Please fix it up to NOT have duplicates in multiple branches that end up in Linus's tree at different times. Or if you MUST do that, then give us a chance to figure out that it IS a duplicate. As-is, it's not working at all, and I think I need to just drop all patches for this driver that are tagged for stable going forward and rely on you all to provide a proper set of backported fixes when you say they are needed. Again, what you are doing today is NOT ok and is broken. Please fix. greg k-h

7 months

3
11
0 0

[PATCH v2 0/4] ov08x40: Enable use of ov08x40 on Qualcomm X1E80100 CRD

by Bryan O'Donoghue

V2: Changes in v2: - Drops "-" in ovti,ov08x40.yaml after description: - Rob - Adds ":" after first line of description text - Rob - dts -> DT in commit log - Rob - Removes dependency on 'xvclk' as a name in yaml and driver - Sakari - Uses assigned-clock, assigned-clock-parents and assigned-clock-rates - Sakari - Drops clock-frequency - Sakarai, Krzysztof - Drops dovdd-supply, avdd-supply, dvdd-supply and reset-gpios as required, its perfectly possible not to have the reset GPIO or the power rails under control of the SoC. - bod - Link to v1: https://lore.kernel.org/r/20240926-b4-master-24-11-25-ov08x40-v1-0-e4d5fbd3… V1: This series brings fixes and updates to ov08x40 which allows for use of this sensor on the Qualcomm x1e80100 CRD but also on any other dts based system. Firstly there's a fix for the pseudo burst mode code that was added in 8f667d202384 ("media: ov08x40: Reduce start streaming time"). Not every I2C controller can handle an arbitrary sized write, this is the case on Qualcomm CAMSS/CCI I2C sensor interfaces which limit the transaction size and communicate this limit via I2C quirks. A simple fix to optionally break up the large submitted burst into chunks not exceeding adapter->quirk size fixes. Secondly then is addition of a yaml description for the ov08x40 and extension of the driver to support OF probe and powering on of the power rails from the driver instead of from ACPI. Once done the sensor works without further modification on the Qualcomm x1e80100 CRD. Signed-off-by: Bryan O'Donoghue <bryan.odonoghue(a)linaro.org> --- Bryan O'Donoghue (4): media: ov08x40: Fix burst write sequence media: dt-bindings: Add OmniVision OV08X40 media: ov08x40: Rename ext_clk to xvclk media: ov08x40: Add OF probe support .../bindings/media/i2c/ovti,ov08x40.yaml | 120 ++++++++++++++ drivers/media/i2c/ov08x40.c | 179 ++++++++++++++++++--- 2 files changed, 276 insertions(+), 23 deletions(-) --- base-commit: 2b7275670032a98cba266bd1b8905f755b3e650f change-id: 20240926-b4-master-24-11-25-ov08x40-c6f477aaa6a4 Best regards, -- Bryan O'Donoghue <bryan.odonoghue(a)linaro.org>

7 months

1
1
0 0

[PATCH v2 3/7] serial: qcom-geni: fix dma rx cancellation

by Johan Hovold

Make sure to wait for the DMA transfer to complete when cancelling the rx command on stop_rx(). This specifically prevents the DMA completion interrupt from firing after rx has been restarted, something which can lead to an IOMMU fault and hosed rx when the interrupt handler unmaps the DMA buffer for the new command: qcom_geni_serial 988000.serial: serial engine reports 0 RX bytes in! arm-smmu 15000000.iommu: FSR = 00000402 [Format=2 TF], SID=0x563 arm-smmu 15000000.iommu: FSYNR0 = 00210013 [S1CBNDX=33 WNR PLVL=3] Bluetooth: hci0: command 0xfc00 tx timeout Bluetooth: hci0: Reading QCA version information failed (-110) Also add the missing state machine reset which is needed in case cancellation fails. Fixes: 2aaa43c70778 ("tty: serial: qcom-geni-serial: add support for serial engine DMA") Cc: stable(a)vger.kernel.org # 6.3 Cc: Bartosz Golaszewski <bartosz.golaszewski(a)linaro.org> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> --- drivers/tty/serial/qcom_geni_serial.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index b6a8729cee6d..dea688db0d7c 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -787,17 +787,27 @@ static void qcom_geni_serial_start_rx_fifo(struct uart_port *uport) static void qcom_geni_serial_stop_rx_dma(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); + bool done; if (!qcom_geni_serial_secondary_active(uport)) return; geni_se_cancel_s_cmd(&port->se); - qcom_geni_serial_poll_bit(uport, SE_GENI_S_IRQ_STATUS, - S_CMD_CANCEL_EN, true); - - if (qcom_geni_serial_secondary_active(uport)) + done = qcom_geni_serial_poll_bit(uport, SE_DMA_RX_IRQ_STAT, + RX_EOT, true); + if (done) { + writel(RX_EOT | RX_DMA_DONE, + uport->membase + SE_DMA_RX_IRQ_CLR); + } else { qcom_geni_serial_abort_rx(uport); + writel(1, uport->membase + SE_DMA_RX_FSM_RST); + qcom_geni_serial_poll_bit(uport, SE_DMA_RX_IRQ_STAT, + RX_RESET_DONE, true); + writel(RX_RESET_DONE | RX_DMA_DONE, + uport->membase + SE_DMA_RX_IRQ_CLR); + } + if (port->rx_dma_addr) { geni_se_rx_dma_unprep(&port->se, port->rx_dma_addr, DMA_RX_BUF_SIZE); -- 2.45.2

7 months

1
0
0 0

FAILED: patch "[PATCH] btrfs: subpage: fix the bitmap dump which can cause bitmap" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 77b0b98bb743f5d04d8f995ba1936e1143689d4a # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100117-venture-unloving-3135@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 77b0b98bb743 ("btrfs: subpage: fix the bitmap dump which can cause bitmap corruption") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 77b0b98bb743f5d04d8f995ba1936e1143689d4a Mon Sep 17 00:00:00 2001 From: Qu Wenruo <wqu(a)suse.com> Date: Fri, 30 Aug 2024 16:35:48 +0930 Subject: [PATCH] btrfs: subpage: fix the bitmap dump which can cause bitmap corruption In commit 75258f20fb70 ("btrfs: subpage: dump extra subpage bitmaps for debug") an internal macro GET_SUBPAGE_BITMAP() is introduced to grab the bitmap of each attribute. But that commit is using bitmap_cut() which will do the left shift of the larger bitmap, causing incorrect values. Thankfully this bitmap_cut() is only called for debug usage, and so far it's not yet causing problem. Fix it to use bitmap_read() to only grab the desired sub-bitmap. Fixes: 75258f20fb70 ("btrfs: subpage: dump extra subpage bitmaps for debug") CC: stable(a)vger.kernel.org # 6.6+ Signed-off-by: Qu Wenruo <wqu(a)suse.com> Reviewed-by: David Sterba <dsterba(a)suse.com> Signed-off-by: David Sterba <dsterba(a)suse.com> diff --git a/fs/btrfs/subpage.c b/fs/btrfs/subpage.c index 631d96f1e905..f8795c3d2270 100644 --- a/fs/btrfs/subpage.c +++ b/fs/btrfs/subpage.c @@ -902,8 +902,14 @@ void btrfs_folio_end_all_writers(const struct btrfs_fs_info *fs_info, struct fol } #define GET_SUBPAGE_BITMAP(subpage, subpage_info, name, dst) \ - bitmap_cut(dst, subpage->bitmaps, 0, \ - subpage_info->name##_offset, subpage_info->bitmap_nr_bits) +{ \ + const int bitmap_nr_bits = subpage_info->bitmap_nr_bits; \ + \ + ASSERT(bitmap_nr_bits < BITS_PER_LONG); \ + *dst = bitmap_read(subpage->bitmaps, \ + subpage_info->name##_offset, \ + bitmap_nr_bits); \ +} void __cold btrfs_subpage_dump_bitmap(const struct btrfs_fs_info *fs_info, struct folio *folio, u64 start, u32 len)

7 months

1
0
0 0

[PATCH net] net: Fix an unsafe loop on the list

by Anastasia Kovaleva

The kernel may crash when deleting a genetlink family if there are still listeners for that family: _______________________________________________________________________ Oops: Kernel access of bad area, sig: 11 [#1] ... NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0 LR [c000000000c0f764] __netlink_clear_multicast_users+0x74/0xc0 Call Trace: __netlink_clear_multicast_users+0x74/0xc0 genl_unregister_family+0xd4/0x2d0 _______________________________________________________________________ Change the unsafe loop on the list to a safe one, because inside the loop there is an element removal from this list. Fixes: b8273570f802 ("genetlink: fix netns vs. netlink table locking (2)") Signed-off-by: Anastasia Kovaleva <a.kovaleva(a)yadro.com> Reviewed-by: Dmitry Bogdanov <d.bogdanov(a)yadro.com> --- include/net/sock.h | 2 ++ net/netlink/af_netlink.c | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/net/sock.h b/include/net/sock.h index c58ca8dd561b..eec77a18602a 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -894,6 +894,8 @@ static inline void sk_add_bind_node(struct sock *sk, hlist_for_each_entry_safe(__sk, tmp, list, sk_node) #define sk_for_each_bound(__sk, list) \ hlist_for_each_entry(__sk, list, sk_bind_node) +#define sk_for_each_bound_safe(__sk, tmp, list) \ + hlist_for_each_entry_safe(__sk, tmp, list, sk_bind_node) /** * sk_for_each_entry_offset_rcu - iterate over a list at a given struct offset diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 0b7a89db3ab7..0a9287fadb47 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -2136,8 +2136,9 @@ void __netlink_clear_multicast_users(struct sock *ksk, unsigned int group) { struct sock *sk; struct netlink_table *tbl = &nl_table[ksk->sk_protocol]; + struct hlist_node *tmp; - sk_for_each_bound(sk, &tbl->mc_list) + sk_for_each_bound_safe(sk, tmp, &tbl->mc_list) netlink_update_socket_mc(nlk_sk(sk), group, 0); } -- 2.40.1

7 months

2
1
0 0

[PATCH net 02/10] ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins()

by Tony Nguyen

From: Gui-Dong Han <hanguidong02(a)outlook.com> This patch addresses a reference count handling issue in the ice_dpll_init_rclk_pins() function. The function calls ice_dpll_get_pins(), which increments the reference count of the relevant resources. However, if the condition WARN_ON((!vsi || !vsi->netdev)) is met, the function currently returns an error without properly releasing the resources acquired by ice_dpll_get_pins(), leading to a reference count leak. To resolve this, the check has been moved to the top of the function. This ensures that the function verifies the state before any resources are acquired, avoiding the need for additional resource management in the error path. This bug was identified by an experimental static analysis tool developed by our team. The tool specializes in analyzing reference count operations and detecting potential issues where resources are not properly managed. In this case, the tool flagged the missing release operation as a potential problem, which led to the development of this patch. Fixes: d7999f5ea64b ("ice: implement dpll interface to control cgu") Cc: stable(a)vger.kernel.org Signed-off-by: Gui-Dong Han <hanguidong02(a)outlook.com> Reviewed-by: Simon Horman <horms(a)kernel.org> Tested-by: Pucha Himasekhar Reddy <himasekharx.reddy.pucha(a)intel.com> (A Contingent worker at Intel) Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> --- drivers/net/ethernet/intel/ice/ice_dpll.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/net/ethernet/intel/ice/ice_dpll.c b/drivers/net/ethernet/intel/ice/ice_dpll.c index cd95705d1e7f..8b6dc4d54fdc 100644 --- a/drivers/net/ethernet/intel/ice/ice_dpll.c +++ b/drivers/net/ethernet/intel/ice/ice_dpll.c @@ -1843,6 +1843,8 @@ ice_dpll_init_rclk_pins(struct ice_pf *pf, struct ice_dpll_pin *pin, struct dpll_pin *parent; int ret, i; + if (WARN_ON((!vsi || !vsi->netdev))) + return -EINVAL; ret = ice_dpll_get_pins(pf, pin, start_idx, ICE_DPLL_RCLK_NUM_PER_PF, pf->dplls.clock_id); if (ret) @@ -1858,8 +1860,6 @@ ice_dpll_init_rclk_pins(struct ice_pf *pf, struct ice_dpll_pin *pin, if (ret) goto unregister_pins; } - if (WARN_ON((!vsi || !vsi->netdev))) - return -EINVAL; dpll_netdev_pin_set(vsi->netdev, pf->dplls.rclk.pin); return 0; -- 2.42.0

7 months

2
1
0 0

FAILED: patch "[PATCH] wifi: mt76: mt7925: fix a potential association failure upon" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 45064d19fd3af6aeb0887b35b5564927980cf150 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100106-candy-amicably-5df2@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 45064d19fd3a ("wifi: mt76: mt7925: fix a potential association failure upon resuming") 5f5b6a745c69 ("wifi: mt76: mt7925: add mt7925_mac_link_sta_remove to remove per-link STA") 89397bccc882 ("wifi: mt76: mt7925: add mt7925_mac_link_sta_assoc to associate per-link STA") 064a5955aa27 ("wifi: mt76: mt7925: extend mt7925_mcu_add_bss_info for per-link STA") f7cc8944039c ("wifi: mt76: mt7925: extend mt7925_mcu_sta_update for per-link STA") 21760dcd2ab6 ("wifi: mt76: mt7925: extend mt7925_mcu_bss_basic_tlv for per-link BSS") 220865160cf6 ("wifi: mt76: mt7925: extend mt7925_mcu_bss_mld_tlv for per-link BSS") eff53d6ee11b ("wifi: mt76: mt7925: extend mt7925_mcu_bss_qos_tlv for per-link BSS") d62f77e34778 ("wifi: mt76: mt7925: extend mt7925_mcu_bss_ifs_tlv for per-link BSS") b8b04b6616ba ("wifi: mt76: mt7925: extend mt7925_mcu_set_timing for per-link BSS") fa5f44463f51 ("wifi: mt76: mt7925: extend mt7925_mcu_add_bss_info for per-link BSS") acdfc3e79899 ("wifi: mt76: mt7925: extend mt7925_mcu_set_tx with for per-link BSS") 7cebb6a66ac6 ("wifi: mt76: mt792x: extend mt76_connac_mcu_uni_add_dev for per-link BSS") 43626f0e0c99 ("wifi: mt76: mt7925: support for split bss_info_changed method") 4c28c0976ed8 ("wifi: mt76: mt792x: add struct mt792x_link_sta") 30e89baeb01f ("wifi: mt76: mt792x: add struct mt792x_bss_conf") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 45064d19fd3af6aeb0887b35b5564927980cf150 Mon Sep 17 00:00:00 2001 From: Michael Lo <michael.lo(a)mediatek.com> Date: Mon, 2 Sep 2024 17:00:54 +0800 Subject: [PATCH] wifi: mt76: mt7925: fix a potential association failure upon resuming In multi-channel scenarios, the granted channel must be aborted before suspending. Otherwise, the firmware will be put into a wrong state, resulting in an association failure after resuming. With this patch, the granted channel will be aborted before suspending if necessary. Cc: stable(a)vger.kernel.org Fixes: c948b5da6bbe ("wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips") Signed-off-by: Michael Lo <michael.lo(a)mediatek.com> Signed-off-by: Ming Yen Hsieh <mingyen.hsieh(a)mediatek.com> Link: https://patch.msgid.link/20240902090054.15806-1-mingyen.hsieh@mediatek.com Signed-off-by: Felix Fietkau <nbd(a)nbd.name> diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/main.c b/drivers/net/wireless/mediatek/mt76/mt7925/main.c index 38a301533297..791c8b00e112 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/main.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/main.c @@ -439,6 +439,19 @@ static void mt7925_roc_iter(void *priv, u8 *mac, mt7925_mcu_abort_roc(phy, &mvif->bss_conf, phy->roc_token_id); } +void mt7925_roc_abort_sync(struct mt792x_dev *dev) +{ + struct mt792x_phy *phy = &dev->phy; + + del_timer_sync(&phy->roc_timer); + cancel_work_sync(&phy->roc_work); + if (test_and_clear_bit(MT76_STATE_ROC, &phy->mt76->state)) + ieee80211_iterate_interfaces(mt76_hw(dev), + IEEE80211_IFACE_ITER_RESUME_ALL, + mt7925_roc_iter, (void *)phy); +} +EXPORT_SYMBOL_GPL(mt7925_roc_abort_sync); + void mt7925_roc_work(struct work_struct *work) { struct mt792x_phy *phy; @@ -1112,6 +1125,8 @@ static void mt7925_mac_link_sta_remove(struct mt76_dev *mdev, msta = (struct mt792x_sta *)link_sta->sta->drv_priv; mlink = mt792x_sta_to_link(msta, link_id); + mt7925_roc_abort_sync(dev); + mt76_connac_free_pending_tx_skbs(&dev->pm, &mlink->wcid); mt76_connac_pm_wake(&dev->mphy, &dev->pm); diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h b/drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h index e80824a10b2c..f5c02e5f5066 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h +++ b/drivers/net/wireless/mediatek/mt76/mt7925/mt7925.h @@ -307,6 +307,7 @@ int mt7925_mcu_set_roc(struct mt792x_phy *phy, struct mt792x_bss_conf *mconf, enum mt7925_roc_req type, u8 token_id); int mt7925_mcu_abort_roc(struct mt792x_phy *phy, struct mt792x_bss_conf *mconf, u8 token_id); +void mt7925_roc_abort_sync(struct mt792x_dev *dev); int mt7925_mcu_fill_message(struct mt76_dev *mdev, struct sk_buff *skb, int cmd, int *wait_seq); int mt7925_mcu_add_key(struct mt76_dev *dev, struct ieee80211_vif *vif, diff --git a/drivers/net/wireless/mediatek/mt76/mt7925/pci.c b/drivers/net/wireless/mediatek/mt76/mt7925/pci.c index cb25eb50a45b..9aec675450f2 100644 --- a/drivers/net/wireless/mediatek/mt76/mt7925/pci.c +++ b/drivers/net/wireless/mediatek/mt76/mt7925/pci.c @@ -449,6 +449,8 @@ static int mt7925_pci_suspend(struct device *device) cancel_delayed_work_sync(&pm->ps_work); cancel_work_sync(&pm->wake_work); + mt7925_roc_abort_sync(dev); + err = mt792x_mcu_drv_pmctrl(dev); if (err < 0) goto restore_suspend;

7 months

1
0
0 0

FAILED: patch "[PATCH] thermal: sysfs: Add sanity checks for trip temperature and" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 874b6476fa888e79e41daf7653384c8d70927b90 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100115-support-data-8f0e@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 874b6476fa88 ("thermal: sysfs: Add sanity checks for trip temperature and hysteresis") 107280e1371f ("thermal: sysfs: Refine the handling of trip hysteresis changes") afd84fb10ced ("thermal: sysfs: Get to trips via attribute pointers") 0728c810873e ("thermal: trip: Pass trip pointer to .set_trip_temp() thermal zone callback") a52641bc6293 ("thermal: trip: Use READ_ONCE() for lockless access to trip properties") f41f23b0cae1 ("thermal: trip: Use common set of trip type names") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 874b6476fa888e79e41daf7653384c8d70927b90 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Mon, 26 Aug 2024 18:21:59 +0200 Subject: [PATCH] thermal: sysfs: Add sanity checks for trip temperature and hysteresis Add sanity checks for new trip temperature and hysteresis values to trip_point_temp_store() and trip_point_hyst_store() to prevent trip point threshold from falling below THERMAL_TEMP_INVALID. However, still allow user space to pass THERMAL_TEMP_INVALID as the new trip temperature value to invalidate the trip if necessary. Also allow the hysteresis to be updated when the temperature is invalid to allow user space to avoid having to adjust hysteresis after a valid temperature has been set, but in that case just change the value and do nothing else. Fixes: be0a3600aa1e ("thermal: sysfs: Rework the handling of trip point updates") Cc: 6.8+ <stable(a)vger.kernel.org> # 6.8+ Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Lukasz Luba <lukasz.luba(a)arm.com> Link: https://patch.msgid.link/12528772.O9o76ZdvQC@rjwysocki.net diff --git a/drivers/thermal/thermal_sysfs.c b/drivers/thermal/thermal_sysfs.c index b740b60032ee..197ae1262466 100644 --- a/drivers/thermal/thermal_sysfs.c +++ b/drivers/thermal/thermal_sysfs.c @@ -111,18 +111,26 @@ trip_point_temp_store(struct device *dev, struct device_attribute *attr, mutex_lock(&tz->lock); - if (temp != trip->temperature) { - if (tz->ops.set_trip_temp) { - ret = tz->ops.set_trip_temp(tz, trip, temp); - if (ret) - goto unlock; - } + if (temp == trip->temperature) + goto unlock; - thermal_zone_set_trip_temp(tz, trip, temp); - - __thermal_zone_device_update(tz, THERMAL_TRIP_CHANGED); + /* Arrange the condition to avoid integer overflows. */ + if (temp != THERMAL_TEMP_INVALID && + temp <= trip->hysteresis + THERMAL_TEMP_INVALID) { + ret = -EINVAL; + goto unlock; } + if (tz->ops.set_trip_temp) { + ret = tz->ops.set_trip_temp(tz, trip, temp); + if (ret) + goto unlock; + } + + thermal_zone_set_trip_temp(tz, trip, temp); + + __thermal_zone_device_update(tz, THERMAL_TRIP_CHANGED); + unlock: mutex_unlock(&tz->lock); @@ -152,15 +160,33 @@ trip_point_hyst_store(struct device *dev, struct device_attribute *attr, mutex_lock(&tz->lock); - if (hyst != trip->hysteresis) { - thermal_zone_set_trip_hyst(tz, trip, hyst); + if (hyst == trip->hysteresis) + goto unlock; - __thermal_zone_device_update(tz, THERMAL_TRIP_CHANGED); + /* + * Allow the hysteresis to be updated when the temperature is invalid + * to allow user space to avoid having to adjust hysteresis after a + * valid temperature has been set, but in that case just change the + * value and do nothing else. + */ + if (trip->temperature == THERMAL_TEMP_INVALID) { + WRITE_ONCE(trip->hysteresis, hyst); + goto unlock; } + if (trip->temperature - hyst <= THERMAL_TEMP_INVALID) { + ret = -EINVAL; + goto unlock; + } + + thermal_zone_set_trip_hyst(tz, trip, hyst); + + __thermal_zone_device_update(tz, THERMAL_TRIP_CHANGED); + +unlock: mutex_unlock(&tz->lock); - return count; + return ret ? ret : count; } static ssize_t

7 months

1
0
0 0

FAILED: patch "[PATCH] thermal: sysfs: Add sanity checks for trip temperature and" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x 874b6476fa888e79e41daf7653384c8d70927b90 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100114-compare-delivery-d2c9@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: 874b6476fa88 ("thermal: sysfs: Add sanity checks for trip temperature and hysteresis") 107280e1371f ("thermal: sysfs: Refine the handling of trip hysteresis changes") afd84fb10ced ("thermal: sysfs: Get to trips via attribute pointers") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 874b6476fa888e79e41daf7653384c8d70927b90 Mon Sep 17 00:00:00 2001 From: "Rafael J. Wysocki" <rafael.j.wysocki(a)intel.com> Date: Mon, 26 Aug 2024 18:21:59 +0200 Subject: [PATCH] thermal: sysfs: Add sanity checks for trip temperature and hysteresis Add sanity checks for new trip temperature and hysteresis values to trip_point_temp_store() and trip_point_hyst_store() to prevent trip point threshold from falling below THERMAL_TEMP_INVALID. However, still allow user space to pass THERMAL_TEMP_INVALID as the new trip temperature value to invalidate the trip if necessary. Also allow the hysteresis to be updated when the temperature is invalid to allow user space to avoid having to adjust hysteresis after a valid temperature has been set, but in that case just change the value and do nothing else. Fixes: be0a3600aa1e ("thermal: sysfs: Rework the handling of trip point updates") Cc: 6.8+ <stable(a)vger.kernel.org> # 6.8+ Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> Reviewed-by: Lukasz Luba <lukasz.luba(a)arm.com> Link: https://patch.msgid.link/12528772.O9o76ZdvQC@rjwysocki.net diff --git a/drivers/thermal/thermal_sysfs.c b/drivers/thermal/thermal_sysfs.c index b740b60032ee..197ae1262466 100644 --- a/drivers/thermal/thermal_sysfs.c +++ b/drivers/thermal/thermal_sysfs.c @@ -111,18 +111,26 @@ trip_point_temp_store(struct device *dev, struct device_attribute *attr, mutex_lock(&tz->lock); - if (temp != trip->temperature) { - if (tz->ops.set_trip_temp) { - ret = tz->ops.set_trip_temp(tz, trip, temp); - if (ret) - goto unlock; - } + if (temp == trip->temperature) + goto unlock; - thermal_zone_set_trip_temp(tz, trip, temp); - - __thermal_zone_device_update(tz, THERMAL_TRIP_CHANGED); + /* Arrange the condition to avoid integer overflows. */ + if (temp != THERMAL_TEMP_INVALID && + temp <= trip->hysteresis + THERMAL_TEMP_INVALID) { + ret = -EINVAL; + goto unlock; } + if (tz->ops.set_trip_temp) { + ret = tz->ops.set_trip_temp(tz, trip, temp); + if (ret) + goto unlock; + } + + thermal_zone_set_trip_temp(tz, trip, temp); + + __thermal_zone_device_update(tz, THERMAL_TRIP_CHANGED); + unlock: mutex_unlock(&tz->lock); @@ -152,15 +160,33 @@ trip_point_hyst_store(struct device *dev, struct device_attribute *attr, mutex_lock(&tz->lock); - if (hyst != trip->hysteresis) { - thermal_zone_set_trip_hyst(tz, trip, hyst); + if (hyst == trip->hysteresis) + goto unlock; - __thermal_zone_device_update(tz, THERMAL_TRIP_CHANGED); + /* + * Allow the hysteresis to be updated when the temperature is invalid + * to allow user space to avoid having to adjust hysteresis after a + * valid temperature has been set, but in that case just change the + * value and do nothing else. + */ + if (trip->temperature == THERMAL_TEMP_INVALID) { + WRITE_ONCE(trip->hysteresis, hyst); + goto unlock; } + if (trip->temperature - hyst <= THERMAL_TEMP_INVALID) { + ret = -EINVAL; + goto unlock; + } + + thermal_zone_set_trip_hyst(tz, trip, hyst); + + __thermal_zone_device_update(tz, THERMAL_TRIP_CHANGED); + +unlock: mutex_unlock(&tz->lock); - return count; + return ret ? ret : count; } static ssize_t

7 months

1
0
0 0

FAILED: patch "[PATCH] idpf: fix netdev Tx queue stop/wake" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x e4b398dd82f5d5867bc5f442c43abc8fba30ed2c # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100147-stark-hurry-20c2@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: e4b398dd82f5 ("idpf: fix netdev Tx queue stop/wake") 14f662b43bf8 ("idpf: merge singleq and splitq &net_device_ops") e4891e4687c8 ("idpf: split &idpf_queue into 4 strictly-typed queue structures") 66c27e3b19d5 ("idpf: stop using macros for accessing queue descriptors") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From e4b398dd82f5d5867bc5f442c43abc8fba30ed2c Mon Sep 17 00:00:00 2001 From: Michal Kubiak <michal.kubiak(a)intel.com> Date: Wed, 4 Sep 2024 17:47:47 +0200 Subject: [PATCH] idpf: fix netdev Tx queue stop/wake netif_txq_maybe_stop() returns -1, 0, or 1, while idpf_tx_maybe_stop_common() says it returns 0 or -EBUSY. As a result, there sometimes are Tx queue timeout warnings despite that the queue is empty or there is at least enough space to restart it. Make idpf_tx_maybe_stop_common() inline and returning true or false, handling the return of netif_txq_maybe_stop() properly. Use a correct goto in idpf_tx_maybe_stop_splitq() to avoid stopping the queue or incrementing the stops counter twice. Fixes: 6818c4d5b3c2 ("idpf: add splitq start_xmit") Fixes: a5ab9ee0df0b ("idpf: add singleq start_xmit and napi poll") Cc: stable(a)vger.kernel.org # 6.7+ Signed-off-by: Michal Kubiak <michal.kubiak(a)intel.com> Reviewed-by: Przemek Kitszel <przemyslaw.kitszel(a)intel.com> Signed-off-by: Alexander Lobakin <aleksander.lobakin(a)intel.com> Signed-off-by: Tony Nguyen <anthony.l.nguyen(a)intel.com> diff --git a/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c index 947d3ff9677c..5ba360abbe66 100644 --- a/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c +++ b/drivers/net/ethernet/intel/idpf/idpf_singleq_txrx.c @@ -375,6 +375,10 @@ netdev_tx_t idpf_tx_singleq_frame(struct sk_buff *skb, IDPF_TX_DESCS_FOR_CTX)) { idpf_tx_buf_hw_update(tx_q, tx_q->next_to_use, false); + u64_stats_update_begin(&tx_q->stats_sync); + u64_stats_inc(&tx_q->q_stats.q_busy); + u64_stats_update_end(&tx_q->stats_sync); + return NETDEV_TX_BUSY; } diff --git a/drivers/net/ethernet/intel/idpf/idpf_txrx.c b/drivers/net/ethernet/intel/idpf/idpf_txrx.c index 9844d01eaedb..5d74f324bcd4 100644 --- a/drivers/net/ethernet/intel/idpf/idpf_txrx.c +++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.c @@ -2132,29 +2132,6 @@ void idpf_tx_splitq_build_flow_desc(union idpf_tx_flex_desc *desc, desc->flow.qw1.compl_tag = cpu_to_le16(params->compl_tag); } -/** - * idpf_tx_maybe_stop_common - 1st level check for common Tx stop conditions - * @tx_q: the queue to be checked - * @size: number of descriptors we want to assure is available - * - * Returns 0 if stop is not needed - */ -int idpf_tx_maybe_stop_common(struct idpf_tx_queue *tx_q, unsigned int size) -{ - struct netdev_queue *nq; - - if (likely(IDPF_DESC_UNUSED(tx_q) >= size)) - return 0; - - u64_stats_update_begin(&tx_q->stats_sync); - u64_stats_inc(&tx_q->q_stats.q_busy); - u64_stats_update_end(&tx_q->stats_sync); - - nq = netdev_get_tx_queue(tx_q->netdev, tx_q->idx); - - return netif_txq_maybe_stop(nq, IDPF_DESC_UNUSED(tx_q), size, size); -} - /** * idpf_tx_maybe_stop_splitq - 1st level check for Tx splitq stop conditions * @tx_q: the queue to be checked @@ -2166,7 +2143,7 @@ static int idpf_tx_maybe_stop_splitq(struct idpf_tx_queue *tx_q, unsigned int descs_needed) { if (idpf_tx_maybe_stop_common(tx_q, descs_needed)) - goto splitq_stop; + goto out; /* If there are too many outstanding completions expected on the * completion queue, stop the TX queue to give the device some time to @@ -2185,10 +2162,12 @@ static int idpf_tx_maybe_stop_splitq(struct idpf_tx_queue *tx_q, return 0; splitq_stop: + netif_stop_subqueue(tx_q->netdev, tx_q->idx); + +out: u64_stats_update_begin(&tx_q->stats_sync); u64_stats_inc(&tx_q->q_stats.q_busy); u64_stats_update_end(&tx_q->stats_sync); - netif_stop_subqueue(tx_q->netdev, tx_q->idx); return -EBUSY; } @@ -2211,7 +2190,11 @@ void idpf_tx_buf_hw_update(struct idpf_tx_queue *tx_q, u32 val, nq = netdev_get_tx_queue(tx_q->netdev, tx_q->idx); tx_q->next_to_use = val; - idpf_tx_maybe_stop_common(tx_q, IDPF_TX_DESC_NEEDED); + if (idpf_tx_maybe_stop_common(tx_q, IDPF_TX_DESC_NEEDED)) { + u64_stats_update_begin(&tx_q->stats_sync); + u64_stats_inc(&tx_q->q_stats.q_busy); + u64_stats_update_end(&tx_q->stats_sync); + } /* Force memory writes to complete before letting h/w * know there are new descriptors to fetch. (Only diff --git a/drivers/net/ethernet/intel/idpf/idpf_txrx.h b/drivers/net/ethernet/intel/idpf/idpf_txrx.h index 3a2a92e79e60..33305de06975 100644 --- a/drivers/net/ethernet/intel/idpf/idpf_txrx.h +++ b/drivers/net/ethernet/intel/idpf/idpf_txrx.h @@ -1018,7 +1018,6 @@ void idpf_tx_dma_map_error(struct idpf_tx_queue *txq, struct sk_buff *skb, struct idpf_tx_buf *first, u16 ring_idx); unsigned int idpf_tx_desc_count_required(struct idpf_tx_queue *txq, struct sk_buff *skb); -int idpf_tx_maybe_stop_common(struct idpf_tx_queue *tx_q, unsigned int size); void idpf_tx_timeout(struct net_device *netdev, unsigned int txqueue); netdev_tx_t idpf_tx_singleq_frame(struct sk_buff *skb, struct idpf_tx_queue *tx_q); @@ -1027,4 +1026,12 @@ bool idpf_rx_singleq_buf_hw_alloc_all(struct idpf_rx_queue *rxq, u16 cleaned_count); int idpf_tso(struct sk_buff *skb, struct idpf_tx_offload_params *off); +static inline bool idpf_tx_maybe_stop_common(struct idpf_tx_queue *tx_q, + u32 needed) +{ + return !netif_subqueue_maybe_stop(tx_q->netdev, tx_q->idx, + IDPF_DESC_UNUSED(tx_q), + needed, needed); +} + #endif /* !_IDPF_TXRX_H_ */

7 months

1
0
0 0

FAILED: patch "[PATCH] x86/entry: Remove unwanted instrumentation in" failed to apply to 5.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y git checkout FETCH_HEAD git cherry-pick -x 477d81a1c47a1b79b9c08fc92b5dea3c5143800b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100139-outfit-agenda-4b7e@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^.. Possible dependencies: 477d81a1c47a ("x86/entry: Remove unwanted instrumentation in common_interrupt()") 90f357208200 ("x86/idtentry: Incorporate definitions/declarations of the FRED entries") 5b51e1db9bdc ("x86/entry: Convert device interrupts to inline stack switching") 569dd8b4eb7e ("x86/entry: Convert system vectors to irq stack macro") a0cfc74d0b00 ("x86/irq: Provide macro for inlining irq stack switching") 951c2a51ae75 ("x86/irq/64: Adjust the per CPU irq stack pointer by 8") e7f890017971 ("x86/irq: Sanitize irq stack tracking") b6be002bcd1d ("x86/entry: Move nmi entry/exit into common code") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 477d81a1c47a1b79b9c08fc92b5dea3c5143800b Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov <dvyukov(a)google.com> Date: Tue, 11 Jun 2024 09:50:30 +0200 Subject: [PATCH] x86/entry: Remove unwanted instrumentation in common_interrupt() common_interrupt() and related variants call kvm_set_cpu_l1tf_flush_l1d(), which is neither marked noinstr nor __always_inline. So compiler puts it out of line and adds instrumentation to it. Since the call is inside of instrumentation_begin/end(), objtool does not warn about it. The manifestation is that KCOV produces spurious coverage in kvm_set_cpu_l1tf_flush_l1d() in random places because the call happens when preempt count is not yet updated to say that the kernel is in an interrupt. Mark kvm_set_cpu_l1tf_flush_l1d() as __always_inline and move it out of the instrumentation_begin/end() section. It only calls __this_cpu_write() which is already safe to call in noinstr contexts. Fixes: 6368558c3710 ("x86/entry: Provide IDTENTRY_SYSVEC") Signed-off-by: Dmitry Vyukov <dvyukov(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Alexander Potapenko <glider(a)google.com> Acked-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/3f9a1de9e415fcb53d07dc9e19fa8481bb021b1b.171809… diff --git a/arch/x86/include/asm/hardirq.h b/arch/x86/include/asm/hardirq.h index c67fa6ad098a..6ffa8b75f4cd 100644 --- a/arch/x86/include/asm/hardirq.h +++ b/arch/x86/include/asm/hardirq.h @@ -69,7 +69,11 @@ extern u64 arch_irq_stat(void); #define local_softirq_pending_ref pcpu_hot.softirq_pending #if IS_ENABLED(CONFIG_KVM_INTEL) -static inline void kvm_set_cpu_l1tf_flush_l1d(void) +/* + * This function is called from noinstr interrupt contexts + * and must be inlined to not get instrumentation. + */ +static __always_inline void kvm_set_cpu_l1tf_flush_l1d(void) { __this_cpu_write(irq_stat.kvm_cpu_l1tf_flush_l1d, 1); } @@ -84,7 +88,7 @@ static __always_inline bool kvm_get_cpu_l1tf_flush_l1d(void) return __this_cpu_read(irq_stat.kvm_cpu_l1tf_flush_l1d); } #else /* !IS_ENABLED(CONFIG_KVM_INTEL) */ -static inline void kvm_set_cpu_l1tf_flush_l1d(void) { } +static __always_inline void kvm_set_cpu_l1tf_flush_l1d(void) { } #endif /* IS_ENABLED(CONFIG_KVM_INTEL) */ #endif /* _ASM_X86_HARDIRQ_H */ diff --git a/arch/x86/include/asm/idtentry.h b/arch/x86/include/asm/idtentry.h index d4f24499b256..ad5c68f0509d 100644 --- a/arch/x86/include/asm/idtentry.h +++ b/arch/x86/include/asm/idtentry.h @@ -212,8 +212,8 @@ __visible noinstr void func(struct pt_regs *regs, \ irqentry_state_t state = irqentry_enter(regs); \ u32 vector = (u32)(u8)error_code; \ \ + kvm_set_cpu_l1tf_flush_l1d(); \ instrumentation_begin(); \ - kvm_set_cpu_l1tf_flush_l1d(); \ run_irq_on_irqstack_cond(__##func, regs, vector); \ instrumentation_end(); \ irqentry_exit(regs, state); \ @@ -250,7 +250,6 @@ static void __##func(struct pt_regs *regs); \ \ static __always_inline void instr_##func(struct pt_regs *regs) \ { \ - kvm_set_cpu_l1tf_flush_l1d(); \ run_sysvec_on_irqstack_cond(__##func, regs); \ } \ \ @@ -258,6 +257,7 @@ __visible noinstr void func(struct pt_regs *regs) \ { \ irqentry_state_t state = irqentry_enter(regs); \ \ + kvm_set_cpu_l1tf_flush_l1d(); \ instrumentation_begin(); \ instr_##func (regs); \ instrumentation_end(); \ @@ -288,7 +288,6 @@ static __always_inline void __##func(struct pt_regs *regs); \ static __always_inline void instr_##func(struct pt_regs *regs) \ { \ __irq_enter_raw(); \ - kvm_set_cpu_l1tf_flush_l1d(); \ __##func (regs); \ __irq_exit_raw(); \ } \ @@ -297,6 +296,7 @@ __visible noinstr void func(struct pt_regs *regs) \ { \ irqentry_state_t state = irqentry_enter(regs); \ \ + kvm_set_cpu_l1tf_flush_l1d(); \ instrumentation_begin(); \ instr_##func (regs); \ instrumentation_end(); \

7 months

1
0
0 0

FAILED: patch "[PATCH] x86/entry: Remove unwanted instrumentation in" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x 477d81a1c47a1b79b9c08fc92b5dea3c5143800b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100138-marital-stumbling-53bc@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: 477d81a1c47a ("x86/entry: Remove unwanted instrumentation in common_interrupt()") 90f357208200 ("x86/idtentry: Incorporate definitions/declarations of the FRED entries") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 477d81a1c47a1b79b9c08fc92b5dea3c5143800b Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov <dvyukov(a)google.com> Date: Tue, 11 Jun 2024 09:50:30 +0200 Subject: [PATCH] x86/entry: Remove unwanted instrumentation in common_interrupt() common_interrupt() and related variants call kvm_set_cpu_l1tf_flush_l1d(), which is neither marked noinstr nor __always_inline. So compiler puts it out of line and adds instrumentation to it. Since the call is inside of instrumentation_begin/end(), objtool does not warn about it. The manifestation is that KCOV produces spurious coverage in kvm_set_cpu_l1tf_flush_l1d() in random places because the call happens when preempt count is not yet updated to say that the kernel is in an interrupt. Mark kvm_set_cpu_l1tf_flush_l1d() as __always_inline and move it out of the instrumentation_begin/end() section. It only calls __this_cpu_write() which is already safe to call in noinstr contexts. Fixes: 6368558c3710 ("x86/entry: Provide IDTENTRY_SYSVEC") Signed-off-by: Dmitry Vyukov <dvyukov(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Alexander Potapenko <glider(a)google.com> Acked-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/3f9a1de9e415fcb53d07dc9e19fa8481bb021b1b.171809… diff --git a/arch/x86/include/asm/hardirq.h b/arch/x86/include/asm/hardirq.h index c67fa6ad098a..6ffa8b75f4cd 100644 --- a/arch/x86/include/asm/hardirq.h +++ b/arch/x86/include/asm/hardirq.h @@ -69,7 +69,11 @@ extern u64 arch_irq_stat(void); #define local_softirq_pending_ref pcpu_hot.softirq_pending #if IS_ENABLED(CONFIG_KVM_INTEL) -static inline void kvm_set_cpu_l1tf_flush_l1d(void) +/* + * This function is called from noinstr interrupt contexts + * and must be inlined to not get instrumentation. + */ +static __always_inline void kvm_set_cpu_l1tf_flush_l1d(void) { __this_cpu_write(irq_stat.kvm_cpu_l1tf_flush_l1d, 1); } @@ -84,7 +88,7 @@ static __always_inline bool kvm_get_cpu_l1tf_flush_l1d(void) return __this_cpu_read(irq_stat.kvm_cpu_l1tf_flush_l1d); } #else /* !IS_ENABLED(CONFIG_KVM_INTEL) */ -static inline void kvm_set_cpu_l1tf_flush_l1d(void) { } +static __always_inline void kvm_set_cpu_l1tf_flush_l1d(void) { } #endif /* IS_ENABLED(CONFIG_KVM_INTEL) */ #endif /* _ASM_X86_HARDIRQ_H */ diff --git a/arch/x86/include/asm/idtentry.h b/arch/x86/include/asm/idtentry.h index d4f24499b256..ad5c68f0509d 100644 --- a/arch/x86/include/asm/idtentry.h +++ b/arch/x86/include/asm/idtentry.h @@ -212,8 +212,8 @@ __visible noinstr void func(struct pt_regs *regs, \ irqentry_state_t state = irqentry_enter(regs); \ u32 vector = (u32)(u8)error_code; \ \ + kvm_set_cpu_l1tf_flush_l1d(); \ instrumentation_begin(); \ - kvm_set_cpu_l1tf_flush_l1d(); \ run_irq_on_irqstack_cond(__##func, regs, vector); \ instrumentation_end(); \ irqentry_exit(regs, state); \ @@ -250,7 +250,6 @@ static void __##func(struct pt_regs *regs); \ \ static __always_inline void instr_##func(struct pt_regs *regs) \ { \ - kvm_set_cpu_l1tf_flush_l1d(); \ run_sysvec_on_irqstack_cond(__##func, regs); \ } \ \ @@ -258,6 +257,7 @@ __visible noinstr void func(struct pt_regs *regs) \ { \ irqentry_state_t state = irqentry_enter(regs); \ \ + kvm_set_cpu_l1tf_flush_l1d(); \ instrumentation_begin(); \ instr_##func (regs); \ instrumentation_end(); \ @@ -288,7 +288,6 @@ static __always_inline void __##func(struct pt_regs *regs); \ static __always_inline void instr_##func(struct pt_regs *regs) \ { \ __irq_enter_raw(); \ - kvm_set_cpu_l1tf_flush_l1d(); \ __##func (regs); \ __irq_exit_raw(); \ } \ @@ -297,6 +296,7 @@ __visible noinstr void func(struct pt_regs *regs) \ { \ irqentry_state_t state = irqentry_enter(regs); \ \ + kvm_set_cpu_l1tf_flush_l1d(); \ instrumentation_begin(); \ instr_##func (regs); \ instrumentation_end(); \

7 months

1
0
0 0

FAILED: patch "[PATCH] x86/entry: Remove unwanted instrumentation in" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x 477d81a1c47a1b79b9c08fc92b5dea3c5143800b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100137-overdraft-spongy-2e3f@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: 477d81a1c47a ("x86/entry: Remove unwanted instrumentation in common_interrupt()") 90f357208200 ("x86/idtentry: Incorporate definitions/declarations of the FRED entries") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 477d81a1c47a1b79b9c08fc92b5dea3c5143800b Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov <dvyukov(a)google.com> Date: Tue, 11 Jun 2024 09:50:30 +0200 Subject: [PATCH] x86/entry: Remove unwanted instrumentation in common_interrupt() common_interrupt() and related variants call kvm_set_cpu_l1tf_flush_l1d(), which is neither marked noinstr nor __always_inline. So compiler puts it out of line and adds instrumentation to it. Since the call is inside of instrumentation_begin/end(), objtool does not warn about it. The manifestation is that KCOV produces spurious coverage in kvm_set_cpu_l1tf_flush_l1d() in random places because the call happens when preempt count is not yet updated to say that the kernel is in an interrupt. Mark kvm_set_cpu_l1tf_flush_l1d() as __always_inline and move it out of the instrumentation_begin/end() section. It only calls __this_cpu_write() which is already safe to call in noinstr contexts. Fixes: 6368558c3710 ("x86/entry: Provide IDTENTRY_SYSVEC") Signed-off-by: Dmitry Vyukov <dvyukov(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Alexander Potapenko <glider(a)google.com> Acked-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/3f9a1de9e415fcb53d07dc9e19fa8481bb021b1b.171809… diff --git a/arch/x86/include/asm/hardirq.h b/arch/x86/include/asm/hardirq.h index c67fa6ad098a..6ffa8b75f4cd 100644 --- a/arch/x86/include/asm/hardirq.h +++ b/arch/x86/include/asm/hardirq.h @@ -69,7 +69,11 @@ extern u64 arch_irq_stat(void); #define local_softirq_pending_ref pcpu_hot.softirq_pending #if IS_ENABLED(CONFIG_KVM_INTEL) -static inline void kvm_set_cpu_l1tf_flush_l1d(void) +/* + * This function is called from noinstr interrupt contexts + * and must be inlined to not get instrumentation. + */ +static __always_inline void kvm_set_cpu_l1tf_flush_l1d(void) { __this_cpu_write(irq_stat.kvm_cpu_l1tf_flush_l1d, 1); } @@ -84,7 +88,7 @@ static __always_inline bool kvm_get_cpu_l1tf_flush_l1d(void) return __this_cpu_read(irq_stat.kvm_cpu_l1tf_flush_l1d); } #else /* !IS_ENABLED(CONFIG_KVM_INTEL) */ -static inline void kvm_set_cpu_l1tf_flush_l1d(void) { } +static __always_inline void kvm_set_cpu_l1tf_flush_l1d(void) { } #endif /* IS_ENABLED(CONFIG_KVM_INTEL) */ #endif /* _ASM_X86_HARDIRQ_H */ diff --git a/arch/x86/include/asm/idtentry.h b/arch/x86/include/asm/idtentry.h index d4f24499b256..ad5c68f0509d 100644 --- a/arch/x86/include/asm/idtentry.h +++ b/arch/x86/include/asm/idtentry.h @@ -212,8 +212,8 @@ __visible noinstr void func(struct pt_regs *regs, \ irqentry_state_t state = irqentry_enter(regs); \ u32 vector = (u32)(u8)error_code; \ \ + kvm_set_cpu_l1tf_flush_l1d(); \ instrumentation_begin(); \ - kvm_set_cpu_l1tf_flush_l1d(); \ run_irq_on_irqstack_cond(__##func, regs, vector); \ instrumentation_end(); \ irqentry_exit(regs, state); \ @@ -250,7 +250,6 @@ static void __##func(struct pt_regs *regs); \ \ static __always_inline void instr_##func(struct pt_regs *regs) \ { \ - kvm_set_cpu_l1tf_flush_l1d(); \ run_sysvec_on_irqstack_cond(__##func, regs); \ } \ \ @@ -258,6 +257,7 @@ __visible noinstr void func(struct pt_regs *regs) \ { \ irqentry_state_t state = irqentry_enter(regs); \ \ + kvm_set_cpu_l1tf_flush_l1d(); \ instrumentation_begin(); \ instr_##func (regs); \ instrumentation_end(); \ @@ -288,7 +288,6 @@ static __always_inline void __##func(struct pt_regs *regs); \ static __always_inline void instr_##func(struct pt_regs *regs) \ { \ __irq_enter_raw(); \ - kvm_set_cpu_l1tf_flush_l1d(); \ __##func (regs); \ __irq_exit_raw(); \ } \ @@ -297,6 +296,7 @@ __visible noinstr void func(struct pt_regs *regs) \ { \ irqentry_state_t state = irqentry_enter(regs); \ \ + kvm_set_cpu_l1tf_flush_l1d(); \ instrumentation_begin(); \ instr_##func (regs); \ instrumentation_end(); \

7 months

1
0
0 0

FAILED: patch "[PATCH] x86/entry: Remove unwanted instrumentation in" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x 477d81a1c47a1b79b9c08fc92b5dea3c5143800b # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100136-phrase-smashing-4e41@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: 477d81a1c47a ("x86/entry: Remove unwanted instrumentation in common_interrupt()") 90f357208200 ("x86/idtentry: Incorporate definitions/declarations of the FRED entries") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 477d81a1c47a1b79b9c08fc92b5dea3c5143800b Mon Sep 17 00:00:00 2001 From: Dmitry Vyukov <dvyukov(a)google.com> Date: Tue, 11 Jun 2024 09:50:30 +0200 Subject: [PATCH] x86/entry: Remove unwanted instrumentation in common_interrupt() common_interrupt() and related variants call kvm_set_cpu_l1tf_flush_l1d(), which is neither marked noinstr nor __always_inline. So compiler puts it out of line and adds instrumentation to it. Since the call is inside of instrumentation_begin/end(), objtool does not warn about it. The manifestation is that KCOV produces spurious coverage in kvm_set_cpu_l1tf_flush_l1d() in random places because the call happens when preempt count is not yet updated to say that the kernel is in an interrupt. Mark kvm_set_cpu_l1tf_flush_l1d() as __always_inline and move it out of the instrumentation_begin/end() section. It only calls __this_cpu_write() which is already safe to call in noinstr contexts. Fixes: 6368558c3710 ("x86/entry: Provide IDTENTRY_SYSVEC") Signed-off-by: Dmitry Vyukov <dvyukov(a)google.com> Signed-off-by: Thomas Gleixner <tglx(a)linutronix.de> Reviewed-by: Alexander Potapenko <glider(a)google.com> Acked-by: Peter Zijlstra (Intel) <peterz(a)infradead.org> Cc: stable(a)vger.kernel.org Link: https://lore.kernel.org/all/3f9a1de9e415fcb53d07dc9e19fa8481bb021b1b.171809… diff --git a/arch/x86/include/asm/hardirq.h b/arch/x86/include/asm/hardirq.h index c67fa6ad098a..6ffa8b75f4cd 100644 --- a/arch/x86/include/asm/hardirq.h +++ b/arch/x86/include/asm/hardirq.h @@ -69,7 +69,11 @@ extern u64 arch_irq_stat(void); #define local_softirq_pending_ref pcpu_hot.softirq_pending #if IS_ENABLED(CONFIG_KVM_INTEL) -static inline void kvm_set_cpu_l1tf_flush_l1d(void) +/* + * This function is called from noinstr interrupt contexts + * and must be inlined to not get instrumentation. + */ +static __always_inline void kvm_set_cpu_l1tf_flush_l1d(void) { __this_cpu_write(irq_stat.kvm_cpu_l1tf_flush_l1d, 1); } @@ -84,7 +88,7 @@ static __always_inline bool kvm_get_cpu_l1tf_flush_l1d(void) return __this_cpu_read(irq_stat.kvm_cpu_l1tf_flush_l1d); } #else /* !IS_ENABLED(CONFIG_KVM_INTEL) */ -static inline void kvm_set_cpu_l1tf_flush_l1d(void) { } +static __always_inline void kvm_set_cpu_l1tf_flush_l1d(void) { } #endif /* IS_ENABLED(CONFIG_KVM_INTEL) */ #endif /* _ASM_X86_HARDIRQ_H */ diff --git a/arch/x86/include/asm/idtentry.h b/arch/x86/include/asm/idtentry.h index d4f24499b256..ad5c68f0509d 100644 --- a/arch/x86/include/asm/idtentry.h +++ b/arch/x86/include/asm/idtentry.h @@ -212,8 +212,8 @@ __visible noinstr void func(struct pt_regs *regs, \ irqentry_state_t state = irqentry_enter(regs); \ u32 vector = (u32)(u8)error_code; \ \ + kvm_set_cpu_l1tf_flush_l1d(); \ instrumentation_begin(); \ - kvm_set_cpu_l1tf_flush_l1d(); \ run_irq_on_irqstack_cond(__##func, regs, vector); \ instrumentation_end(); \ irqentry_exit(regs, state); \ @@ -250,7 +250,6 @@ static void __##func(struct pt_regs *regs); \ \ static __always_inline void instr_##func(struct pt_regs *regs) \ { \ - kvm_set_cpu_l1tf_flush_l1d(); \ run_sysvec_on_irqstack_cond(__##func, regs); \ } \ \ @@ -258,6 +257,7 @@ __visible noinstr void func(struct pt_regs *regs) \ { \ irqentry_state_t state = irqentry_enter(regs); \ \ + kvm_set_cpu_l1tf_flush_l1d(); \ instrumentation_begin(); \ instr_##func (regs); \ instrumentation_end(); \ @@ -288,7 +288,6 @@ static __always_inline void __##func(struct pt_regs *regs); \ static __always_inline void instr_##func(struct pt_regs *regs) \ { \ __irq_enter_raw(); \ - kvm_set_cpu_l1tf_flush_l1d(); \ __##func (regs); \ __irq_exit_raw(); \ } \ @@ -297,6 +296,7 @@ __visible noinstr void func(struct pt_regs *regs) \ { \ irqentry_state_t state = irqentry_enter(regs); \ \ + kvm_set_cpu_l1tf_flush_l1d(); \ instrumentation_begin(); \ instr_##func (regs); \ instrumentation_end(); \

7 months

1
0
0 0

FAILED: patch "[PATCH] ACPI: resource: Do IRQ override on MECHREV GM7XG0M" failed to apply to 5.15-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 5.15-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.15.y git checkout FETCH_HEAD git cherry-pick -x b53f09ecd602d7b8b7da83b0890cbac500b6a9b9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100101-huskiness-tray-09c8@gregkh' --subject-prefix 'PATCH 5.15.y' HEAD^.. Possible dependencies: b53f09ecd602 ("ACPI: resource: Do IRQ override on MECHREV GM7XG0M") 6eaf375a5a98 ("ACPI: resource: Do IRQ override on GMxBGxx (XMG APEX 17 M23)") 424009ab2030 ("ACPI: resource: Drop .ident values from dmi_system_id tables") d37273af0e42 ("ACPI: resource: Consolidate IRQ trigger-type override DMI tables") c1ed72171ed5 ("ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA") 453b014e2c29 ("ACPI: resource: Fix IRQ override quirk for PCSpecialist Elimina Pro 16 M") 56fec0051a69 ("ACPI: resource: Add IRQ override quirk for PCSpecialist Elimina Pro 16 M") 9728ac221160 ("ACPI: resource: Always use MADT override IRQ settings for all legacy non i8042 IRQs") 2d331a6ac481 ("ACPI: resource: revert "Remove "Zen" specific match and quirks"") a9c4a912b7dc ("ACPI: resource: Remove "Zen" specific match and quirks") 71a485624c4c ("ACPI: resource: Add IRQ override quirk for LG UltraPC 17U70P") 05cda427126f ("ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA") 2d0ab14634a2 ("ACPI: resource: Add Medion S17413 to IRQ override quirk") 65eb2867f5bf ("ACPI: resource: Skip IRQ override on Asus Expertbook B2402FBA") 17bb7046e7ce ("ACPI: resource: Do IRQ override on all TongFang GMxRGxx") cb18703c1797 ("ACPI: resource: Add IRQ overrides for MAINGEAR Vector Pro 2 models") 77c724888238 ("ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA") 7203481fd12b ("ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks") f3cb9b740869 ("ACPI: resource: do IRQ override on Lenovo 14ALC7") 7592b79ba4a9 ("ACPI: resource: do IRQ override on XMG Core 15") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b53f09ecd602d7b8b7da83b0890cbac500b6a9b9 Mon Sep 17 00:00:00 2001 From: Li Chen <me(a)linux.beauty> Date: Sat, 3 Aug 2024 16:13:18 +0800 Subject: [PATCH] ACPI: resource: Do IRQ override on MECHREV GM7XG0M Listed device need the override for the keyboard to work. Fixes: 9946e39fe8d0 ("ACPI: resource: skip IRQ override on AMD Zen platforms") Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Li Chen <me(a)linux.beauty> Link: https://patch.msgid.link/87y15e6n35.wl-me@linux.beauty Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c index df5d5a554b38..aa9990507f34 100644 --- a/drivers/acpi/resource.c +++ b/drivers/acpi/resource.c @@ -554,6 +554,12 @@ static const struct dmi_system_id irq1_level_low_skip_override[] = { * to have a working keyboard. */ static const struct dmi_system_id irq1_edge_low_force_override[] = { + { + /* MECHREV Jiaolong17KS Series GM7XG0M */ + .matches = { + DMI_MATCH(DMI_BOARD_NAME, "GM7XG0M"), + }, + }, { /* XMG APEX 17 (M23) */ .matches = {

7 months

1
0
0 0

FAILED: patch "[PATCH] ACPI: resource: Do IRQ override on MECHREV GM7XG0M" failed to apply to 6.1-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.1-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.1.y git checkout FETCH_HEAD git cherry-pick -x b53f09ecd602d7b8b7da83b0890cbac500b6a9b9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100101-area-scarce-20d5@gregkh' --subject-prefix 'PATCH 6.1.y' HEAD^.. Possible dependencies: b53f09ecd602 ("ACPI: resource: Do IRQ override on MECHREV GM7XG0M") 6eaf375a5a98 ("ACPI: resource: Do IRQ override on GMxBGxx (XMG APEX 17 M23)") 424009ab2030 ("ACPI: resource: Drop .ident values from dmi_system_id tables") d37273af0e42 ("ACPI: resource: Consolidate IRQ trigger-type override DMI tables") c1ed72171ed5 ("ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA") 453b014e2c29 ("ACPI: resource: Fix IRQ override quirk for PCSpecialist Elimina Pro 16 M") 56fec0051a69 ("ACPI: resource: Add IRQ override quirk for PCSpecialist Elimina Pro 16 M") 9728ac221160 ("ACPI: resource: Always use MADT override IRQ settings for all legacy non i8042 IRQs") 2d331a6ac481 ("ACPI: resource: revert "Remove "Zen" specific match and quirks"") a9c4a912b7dc ("ACPI: resource: Remove "Zen" specific match and quirks") 71a485624c4c ("ACPI: resource: Add IRQ override quirk for LG UltraPC 17U70P") 05cda427126f ("ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA") 2d0ab14634a2 ("ACPI: resource: Add Medion S17413 to IRQ override quirk") 65eb2867f5bf ("ACPI: resource: Skip IRQ override on Asus Expertbook B2402FBA") 17bb7046e7ce ("ACPI: resource: Do IRQ override on all TongFang GMxRGxx") cb18703c1797 ("ACPI: resource: Add IRQ overrides for MAINGEAR Vector Pro 2 models") 77c724888238 ("ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA") 7203481fd12b ("ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks") f3cb9b740869 ("ACPI: resource: do IRQ override on Lenovo 14ALC7") 7592b79ba4a9 ("ACPI: resource: do IRQ override on XMG Core 15") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b53f09ecd602d7b8b7da83b0890cbac500b6a9b9 Mon Sep 17 00:00:00 2001 From: Li Chen <me(a)linux.beauty> Date: Sat, 3 Aug 2024 16:13:18 +0800 Subject: [PATCH] ACPI: resource: Do IRQ override on MECHREV GM7XG0M Listed device need the override for the keyboard to work. Fixes: 9946e39fe8d0 ("ACPI: resource: skip IRQ override on AMD Zen platforms") Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Li Chen <me(a)linux.beauty> Link: https://patch.msgid.link/87y15e6n35.wl-me@linux.beauty Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c index df5d5a554b38..aa9990507f34 100644 --- a/drivers/acpi/resource.c +++ b/drivers/acpi/resource.c @@ -554,6 +554,12 @@ static const struct dmi_system_id irq1_level_low_skip_override[] = { * to have a working keyboard. */ static const struct dmi_system_id irq1_edge_low_force_override[] = { + { + /* MECHREV Jiaolong17KS Series GM7XG0M */ + .matches = { + DMI_MATCH(DMI_BOARD_NAME, "GM7XG0M"), + }, + }, { /* XMG APEX 17 (M23) */ .matches = {

7 months

1
0
0 0

FAILED: patch "[PATCH] ACPI: resource: Do IRQ override on MECHREV GM7XG0M" failed to apply to 6.6-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.6-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.6.y git checkout FETCH_HEAD git cherry-pick -x b53f09ecd602d7b8b7da83b0890cbac500b6a9b9 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100100-deflator-mouth-8525@gregkh' --subject-prefix 'PATCH 6.6.y' HEAD^.. Possible dependencies: b53f09ecd602 ("ACPI: resource: Do IRQ override on MECHREV GM7XG0M") 6eaf375a5a98 ("ACPI: resource: Do IRQ override on GMxBGxx (XMG APEX 17 M23)") 424009ab2030 ("ACPI: resource: Drop .ident values from dmi_system_id tables") d37273af0e42 ("ACPI: resource: Consolidate IRQ trigger-type override DMI tables") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From b53f09ecd602d7b8b7da83b0890cbac500b6a9b9 Mon Sep 17 00:00:00 2001 From: Li Chen <me(a)linux.beauty> Date: Sat, 3 Aug 2024 16:13:18 +0800 Subject: [PATCH] ACPI: resource: Do IRQ override on MECHREV GM7XG0M Listed device need the override for the keyboard to work. Fixes: 9946e39fe8d0 ("ACPI: resource: skip IRQ override on AMD Zen platforms") Cc: All applicable <stable(a)vger.kernel.org> Signed-off-by: Li Chen <me(a)linux.beauty> Link: https://patch.msgid.link/87y15e6n35.wl-me@linux.beauty Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki(a)intel.com> diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c index df5d5a554b38..aa9990507f34 100644 --- a/drivers/acpi/resource.c +++ b/drivers/acpi/resource.c @@ -554,6 +554,12 @@ static const struct dmi_system_id irq1_level_low_skip_override[] = { * to have a working keyboard. */ static const struct dmi_system_id irq1_edge_low_force_override[] = { + { + /* MECHREV Jiaolong17KS Series GM7XG0M */ + .matches = { + DMI_MATCH(DMI_BOARD_NAME, "GM7XG0M"), + }, + }, { /* XMG APEX 17 (M23) */ .matches = {

7 months

1
0
0 0

Re: Patch "Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq()" has been added to the 5.15-stable tree

by Dmitry Torokhov

On Mon, Sep 30, 2024 at 08:28:59PM -0400, Sasha Levin wrote: > This is a note to let you know that I've just added the patch titled > > Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() > > to the 5.15-stable tree which can be found at: > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum… > > The filename of the patch is: > input-ps2-gpio-use-irqf_no_autoen-flag-in-request_ir.patch > and it can be found in the queue-5.15 subdirectory. > > If you, or anyone else, feels it should not be added to the stable tree, > please let <stable(a)vger.kernel.org> know about it. For the love of God, why? Why does this pure cleanup type of change needs to be in stable? > > > > commit 2d007ddec282076923c4d84d6b12858b9f44594a > Author: Jinjie Ruan <ruanjinjie(a)huawei.com> > Date: Thu Sep 12 11:30:13 2024 +0800 > > Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() > > [ Upstream commit dcd18a3fb1228409dfc24373c5c6868a655810b0 ] > > disable_irq() after request_irq() still has a time gap in which > interrupts can come. request_irq() with IRQF_NO_AUTOEN flag will > disable IRQ auto-enable when request IRQ. > > Fixes: 9ee0a0558819 ("Input: PS/2 gpio bit banging driver for serio bus") > Signed-off-by: Jinjie Ruan <ruanjinjie(a)huawei.com> > Acked-by: Danilo Krummrich <dakr(a)kernel.org> > Link: https://lore.kernel.org/r/20240912033013.2610949-1-ruanjinjie@huawei.com > Signed-off-by: Dmitry Torokhov <dmitry.torokhov(a)gmail.com> > Signed-off-by: Sasha Levin <sashal(a)kernel.org> > > diff --git a/drivers/input/serio/ps2-gpio.c b/drivers/input/serio/ps2-gpio.c > index 8970b49ea09a2..b0238a8b5c210 100644 > --- a/drivers/input/serio/ps2-gpio.c > +++ b/drivers/input/serio/ps2-gpio.c > @@ -374,16 +374,14 @@ static int ps2_gpio_probe(struct platform_device *pdev) > } > > error = devm_request_irq(dev, drvdata->irq, ps2_gpio_irq, > - IRQF_NO_THREAD, DRIVER_NAME, drvdata); > + IRQF_NO_THREAD | IRQF_NO_AUTOEN, DRIVER_NAME, > + drvdata); > if (error) { > dev_err(dev, "failed to request irq %d: %d\n", > drvdata->irq, error); > goto err_free_serio; > } > > - /* Keep irq disabled until serio->open is called. */ > - disable_irq(drvdata->irq); > - > serio->id.type = SERIO_8042; > serio->open = ps2_gpio_open; > serio->close = ps2_gpio_close; -- Dmitry

7 months

2
5
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix polled console corruption" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x 63d14d974d3d82d0feeae8c73b055d330051e1b4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100118-preteen-unsuited-4428@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: 63d14d974d3d ("serial: qcom-geni: fix polled console corruption") cc4a0e5754a1 ("serial: qcom-geni: fix console corruption") f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63d14d974d3d82d0feeae8c73b055d330051e1b4 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:36 +0200 Subject: [PATCH] serial: qcom-geni: fix polled console corruption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The polled UART operations are used by the kernel debugger (KDB, KGDB), which can interrupt the kernel at any point in time. The current Qualcomm GENI implementation does not really work when there is on-going serial output as it inadvertently "hijacks" the current tx command, which can result in both the initial debugger output being corrupted as well as the corruption of any on-going serial output (up to 4k characters) when execution resumes: 0190: abcdefghijklmnopqrstuvwxyz0123456789 0190: abcdefghijklmnopqrstuvwxyz0123456789 0191: abcdefghijklmnop[ 50.825552] sysrq: DEBUG qrstuvwxyz0123456789 0191: abcdefghijklmnopqrstuvwxyz0123456789 Entering kdb (current=0xffff53510b4cd280, pid 640) on processor 2 due to Keyboard Entry [2]kdb> go omlji3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t72r2rp o9n976k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawavu:t7t8s8s8r2r2q0q0p o9n9n8ml6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav v u:u:t9t0s4s4rq0p o9n9n8m8m7l7l6k6k5j5j40q0p p o o9n9n8m8m7l7l6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t8t9s4s4r4r4q0q0p Fix this by making sure that the polled output implementation waits for the tx fifo to drain before cancelling any on-going longer transfers. As the polled code cannot take any locks, leave the state variables as they are and instead make sure that the interrupt handler always starts a new tx command when there is data in the write buffer. Since the debugger can interrupt the interrupt handler when it is writing data to the tx fifo, it is currently not possible to fully prevent losing up to 64 bytes of tty output on resume. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-9-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index f23fd0ac3cfd..6f0db310cf69 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -145,6 +145,7 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) @@ -384,13 +385,14 @@ static int qcom_geni_serial_get_char(struct uart_port *uport) static void qcom_geni_serial_poll_put_char(struct uart_port *uport, unsigned char c) { - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + if (qcom_geni_serial_main_active(uport)) { + qcom_geni_serial_poll_tx_done(uport); + __qcom_geni_serial_cancel_tx_cmd(uport); + } + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, 1); - WARN_ON(!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_WATERMARK_EN, true)); writel(c, uport->membase + SE_GENI_TX_FIFOn); - writel(M_TX_FIFO_WATERMARK_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_poll_tx_done(uport); } #endif @@ -677,13 +679,10 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } -static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); - if (!qcom_geni_serial_main_active(uport)) - return; - geni_se_cancel_m_cmd(&port->se); if (!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_CANCEL_EN, true)) { @@ -693,6 +692,16 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); +} + +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + if (!qcom_geni_serial_main_active(uport)) + return; + + __qcom_geni_serial_cancel_tx_cmd(uport); port->tx_remaining = 0; port->tx_queued = 0; @@ -919,7 +928,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!chunk) goto out_write_wakeup; - if (!port->tx_remaining) { + if (!active) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; port->tx_queued = 0;

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix polled console corruption" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x 63d14d974d3d82d0feeae8c73b055d330051e1b4 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100117-cannabis-glory-6c7d@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: 63d14d974d3d ("serial: qcom-geni: fix polled console corruption") cc4a0e5754a1 ("serial: qcom-geni: fix console corruption") f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From 63d14d974d3d82d0feeae8c73b055d330051e1b4 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:36 +0200 Subject: [PATCH] serial: qcom-geni: fix polled console corruption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The polled UART operations are used by the kernel debugger (KDB, KGDB), which can interrupt the kernel at any point in time. The current Qualcomm GENI implementation does not really work when there is on-going serial output as it inadvertently "hijacks" the current tx command, which can result in both the initial debugger output being corrupted as well as the corruption of any on-going serial output (up to 4k characters) when execution resumes: 0190: abcdefghijklmnopqrstuvwxyz0123456789 0190: abcdefghijklmnopqrstuvwxyz0123456789 0191: abcdefghijklmnop[ 50.825552] sysrq: DEBUG qrstuvwxyz0123456789 0191: abcdefghijklmnopqrstuvwxyz0123456789 Entering kdb (current=0xffff53510b4cd280, pid 640) on processor 2 due to Keyboard Entry [2]kdb> go omlji3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t72r2rp o9n976k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawavu:t7t8s8s8r2r2q0q0p o9n9n8ml6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav v u:u:t9t0s4s4rq0p o9n9n8m8m7l7l6k6k5j5j40q0p p o o9n9n8m8m7l7l6k6k5j5j4i4i3h3h2g2g1f1f0e0ezdzdycycxbxbwawav :t8t9s4s4r4r4q0q0p Fix this by making sure that the polled output implementation waits for the tx fifo to drain before cancelling any on-going longer transfers. As the polled code cannot take any locks, leave the state variables as they are and instead make sure that the interrupt handler always starts a new tx command when there is data in the write buffer. Since the debugger can interrupt the interrupt handler when it is writing data to the tx fifo, it is currently not possible to fully prevent losing up to 64 bytes of tty output on resume. Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-9-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index f23fd0ac3cfd..6f0db310cf69 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -145,6 +145,7 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) @@ -384,13 +385,14 @@ static int qcom_geni_serial_get_char(struct uart_port *uport) static void qcom_geni_serial_poll_put_char(struct uart_port *uport, unsigned char c) { - writel(DEF_TX_WM, uport->membase + SE_GENI_TX_WATERMARK_REG); + if (qcom_geni_serial_main_active(uport)) { + qcom_geni_serial_poll_tx_done(uport); + __qcom_geni_serial_cancel_tx_cmd(uport); + } + writel(M_CMD_DONE_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_setup_tx(uport, 1); - WARN_ON(!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_WATERMARK_EN, true)); writel(c, uport->membase + SE_GENI_TX_FIFOn); - writel(M_TX_FIFO_WATERMARK_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); qcom_geni_serial_poll_tx_done(uport); } #endif @@ -677,13 +679,10 @@ static void qcom_geni_serial_stop_tx_fifo(struct uart_port *uport) writel(irq_en, uport->membase + SE_GENI_M_IRQ_EN); } -static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +static void __qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) { struct qcom_geni_serial_port *port = to_dev_port(uport); - if (!qcom_geni_serial_main_active(uport)) - return; - geni_se_cancel_m_cmd(&port->se); if (!qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, M_CMD_CANCEL_EN, true)) { @@ -693,6 +692,16 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_ABORT_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); } writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); +} + +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + if (!qcom_geni_serial_main_active(uport)) + return; + + __qcom_geni_serial_cancel_tx_cmd(uport); port->tx_remaining = 0; port->tx_queued = 0; @@ -919,7 +928,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!chunk) goto out_write_wakeup; - if (!port->tx_remaining) { + if (!active) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; port->tx_queued = 0;

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix console corruption" failed to apply to 6.11-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.11-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.11.y git checkout FETCH_HEAD git cherry-pick -x cc4a0e5754a16bbc1e215c091349a7c83a2c5e14 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100139-sterilize-freckles-6bc2@gregkh' --subject-prefix 'PATCH 6.11.y' HEAD^.. Possible dependencies: cc4a0e5754a1 ("serial: qcom-geni: fix console corruption") f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cc4a0e5754a16bbc1e215c091349a7c83a2c5e14 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:34 +0200 Subject: [PATCH] serial: qcom-geni: fix console corruption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Qualcomm serial console implementation is broken and can lose characters when the serial port is also used for tty output. Specifically, the console code only waits for the current tx command to complete when all data has already been written to the fifo. When there are on-going longer transfers this often means that console output is lost when the console code inadvertently "hijacks" the current tx command instead of starting a new one. This can, for example, be observed during boot when console output that should have been interspersed with init output is truncated: [ 9.462317] qcom-snps-eusb2-hsphy fde000.phy: Registered Qcom-eUSB2 phy [ OK ] Found device KBG50ZNS256G KIOXIA Wi[ 9.471743ndows. [ 9.539915] xhci-hcd xhci-hcd.0.auto: xHCI Host Controller Add a new state variable to track how much data has been written to the fifo and use it to determine when the fifo and shift register are both empty. This is needed since there is currently no other known way to determine when the shift register is empty. This in turn allows the console code to interrupt long transfers without losing data. Note that the oops-in-progress case is similarly broken as it does not cancel any active command and also waits for the wrong status flag when attempting to drain the fifo (TX_FIFO_NOT_EMPTY_EN is only set when cancelling a command leaves data in the fifo). Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Fixes: a1fee899e5be ("tty: serial: qcom_geni_serial: Fix softlock") Fixes: 9e957a155005 ("serial: qcom-geni: Don't cancel/abort if we can't get the port lock") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-7-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 7bbd70c30620..f8f6e9466b40 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -131,6 +131,7 @@ struct qcom_geni_serial_port { bool brk; unsigned int tx_remaining; + unsigned int tx_queued; int wakeup_irq; bool rx_tx_swap; bool cts_rts_swap; @@ -144,6 +145,8 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); + static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) { return container_of(uport, struct qcom_geni_serial_port, uport); @@ -393,6 +396,14 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, #endif #ifdef CONFIG_SERIAL_QCOM_GENI_CONSOLE +static void qcom_geni_serial_drain_fifo(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + qcom_geni_serial_poll_bitfield(uport, SE_GENI_M_GP_LENGTH, GP_LENGTH, + port->tx_queued); +} + static void qcom_geni_serial_wr_char(struct uart_port *uport, unsigned char ch) { struct qcom_geni_private_data *private_data = uport->private_data; @@ -468,7 +479,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, struct qcom_geni_serial_port *port; bool locked = true; unsigned long flags; - u32 geni_status; WARN_ON(co->index < 0 || co->index >= GENI_UART_CONS_PORTS); @@ -482,34 +492,20 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, else uart_port_lock_irqsave(uport, &flags); - geni_status = readl(uport->membase + SE_GENI_STATUS); + if (qcom_geni_serial_main_active(uport)) { + /* Wait for completion or drain FIFO */ + if (!locked || port->tx_remaining == 0) + qcom_geni_serial_poll_tx_done(uport); + else + qcom_geni_serial_drain_fifo(uport); - if (!locked) { - /* - * We can only get here if an oops is in progress then we were - * unable to get the lock. This means we can't safely access - * our state variables like tx_remaining. About the best we - * can do is wait for the FIFO to be empty before we start our - * transfer, so we'll do that. - */ - qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_NOT_EMPTY_EN, false); - } else if ((geni_status & M_GENI_CMD_ACTIVE) && !port->tx_remaining) { - /* - * It seems we can't interrupt existing transfers if all data - * has been sent, in which case we need to look for done first. - */ - qcom_geni_serial_poll_tx_done(uport); + qcom_geni_serial_cancel_tx_cmd(uport); } __qcom_geni_serial_console_write(uport, s, count); - - if (locked) { - if (port->tx_remaining) - qcom_geni_serial_setup_tx(uport, port->tx_remaining); + if (locked) uart_port_unlock_irqrestore(uport, flags); - } } static void handle_rx_console(struct uart_port *uport, u32 bytes, bool drop) @@ -690,6 +686,7 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); port->tx_remaining = 0; + port->tx_queued = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -916,6 +913,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!port->tx_remaining) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; + port->tx_queued = 0; irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); if (!(irq_en & M_TX_FIFO_WATERMARK_EN)) @@ -924,6 +922,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, } qcom_geni_serial_send_chunk_fifo(uport, chunk); + port->tx_queued += chunk; /* * The tx fifo watermark is level triggered and latched. Though we had

7 months

1
0
0 0

FAILED: patch "[PATCH] serial: qcom-geni: fix console corruption" failed to apply to 6.10-stable tree

by gregkh＠linuxfoundation.org

The patch below does not apply to the 6.10-stable tree. If someone wants it applied there, or to any other stable or longterm tree, then please email the backport, including the original git commit id to <stable(a)vger.kernel.org>. To reproduce the conflict and resubmit, you may use the following commands: git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-6.10.y git checkout FETCH_HEAD git cherry-pick -x cc4a0e5754a16bbc1e215c091349a7c83a2c5e14 # <resolve conflicts, build, test, etc.> git commit -s git send-email --to '<stable(a)vger.kernel.org>' --in-reply-to '2024100138-family-anvil-4319@gregkh' --subject-prefix 'PATCH 6.10.y' HEAD^.. Possible dependencies: cc4a0e5754a1 ("serial: qcom-geni: fix console corruption") f97cdbbf187f ("serial: qcom-geni: fix false console tx restart") thanks, greg k-h ------------------ original commit in Linus's tree ------------------ From cc4a0e5754a16bbc1e215c091349a7c83a2c5e14 Mon Sep 17 00:00:00 2001 From: Johan Hovold <johan+linaro(a)kernel.org> Date: Fri, 6 Sep 2024 15:13:34 +0200 Subject: [PATCH] serial: qcom-geni: fix console corruption MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The Qualcomm serial console implementation is broken and can lose characters when the serial port is also used for tty output. Specifically, the console code only waits for the current tx command to complete when all data has already been written to the fifo. When there are on-going longer transfers this often means that console output is lost when the console code inadvertently "hijacks" the current tx command instead of starting a new one. This can, for example, be observed during boot when console output that should have been interspersed with init output is truncated: [ 9.462317] qcom-snps-eusb2-hsphy fde000.phy: Registered Qcom-eUSB2 phy [ OK ] Found device KBG50ZNS256G KIOXIA Wi[ 9.471743ndows. [ 9.539915] xhci-hcd xhci-hcd.0.auto: xHCI Host Controller Add a new state variable to track how much data has been written to the fifo and use it to determine when the fifo and shift register are both empty. This is needed since there is currently no other known way to determine when the shift register is empty. This in turn allows the console code to interrupt long transfers without losing data. Note that the oops-in-progress case is similarly broken as it does not cancel any active command and also waits for the wrong status flag when attempting to drain the fifo (TX_FIFO_NOT_EMPTY_EN is only set when cancelling a command leaves data in the fifo). Fixes: c4f528795d1a ("tty: serial: msm_geni_serial: Add serial driver support for GENI based QUP") Fixes: a1fee899e5be ("tty: serial: qcom_geni_serial: Fix softlock") Fixes: 9e957a155005 ("serial: qcom-geni: Don't cancel/abort if we can't get the port lock") Cc: stable(a)vger.kernel.org # 4.17 Reviewed-by: Douglas Anderson <dianders(a)chromium.org> Tested-by: Nícolas F. R. A. Prado <nfraprado(a)collabora.com> Signed-off-by: Johan Hovold <johan+linaro(a)kernel.org> Link: https://lore.kernel.org/r/20240906131336.23625-7-johan+linaro@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org> diff --git a/drivers/tty/serial/qcom_geni_serial.c b/drivers/tty/serial/qcom_geni_serial.c index 7bbd70c30620..f8f6e9466b40 100644 --- a/drivers/tty/serial/qcom_geni_serial.c +++ b/drivers/tty/serial/qcom_geni_serial.c @@ -131,6 +131,7 @@ struct qcom_geni_serial_port { bool brk; unsigned int tx_remaining; + unsigned int tx_queued; int wakeup_irq; bool rx_tx_swap; bool cts_rts_swap; @@ -144,6 +145,8 @@ static const struct uart_ops qcom_geni_uart_pops; static struct uart_driver qcom_geni_console_driver; static struct uart_driver qcom_geni_uart_driver; +static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport); + static inline struct qcom_geni_serial_port *to_dev_port(struct uart_port *uport) { return container_of(uport, struct qcom_geni_serial_port, uport); @@ -393,6 +396,14 @@ static void qcom_geni_serial_poll_put_char(struct uart_port *uport, #endif #ifdef CONFIG_SERIAL_QCOM_GENI_CONSOLE +static void qcom_geni_serial_drain_fifo(struct uart_port *uport) +{ + struct qcom_geni_serial_port *port = to_dev_port(uport); + + qcom_geni_serial_poll_bitfield(uport, SE_GENI_M_GP_LENGTH, GP_LENGTH, + port->tx_queued); +} + static void qcom_geni_serial_wr_char(struct uart_port *uport, unsigned char ch) { struct qcom_geni_private_data *private_data = uport->private_data; @@ -468,7 +479,6 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, struct qcom_geni_serial_port *port; bool locked = true; unsigned long flags; - u32 geni_status; WARN_ON(co->index < 0 || co->index >= GENI_UART_CONS_PORTS); @@ -482,34 +492,20 @@ static void qcom_geni_serial_console_write(struct console *co, const char *s, else uart_port_lock_irqsave(uport, &flags); - geni_status = readl(uport->membase + SE_GENI_STATUS); + if (qcom_geni_serial_main_active(uport)) { + /* Wait for completion or drain FIFO */ + if (!locked || port->tx_remaining == 0) + qcom_geni_serial_poll_tx_done(uport); + else + qcom_geni_serial_drain_fifo(uport); - if (!locked) { - /* - * We can only get here if an oops is in progress then we were - * unable to get the lock. This means we can't safely access - * our state variables like tx_remaining. About the best we - * can do is wait for the FIFO to be empty before we start our - * transfer, so we'll do that. - */ - qcom_geni_serial_poll_bit(uport, SE_GENI_M_IRQ_STATUS, - M_TX_FIFO_NOT_EMPTY_EN, false); - } else if ((geni_status & M_GENI_CMD_ACTIVE) && !port->tx_remaining) { - /* - * It seems we can't interrupt existing transfers if all data - * has been sent, in which case we need to look for done first. - */ - qcom_geni_serial_poll_tx_done(uport); + qcom_geni_serial_cancel_tx_cmd(uport); } __qcom_geni_serial_console_write(uport, s, count); - - if (locked) { - if (port->tx_remaining) - qcom_geni_serial_setup_tx(uport, port->tx_remaining); + if (locked) uart_port_unlock_irqrestore(uport, flags); - } } static void handle_rx_console(struct uart_port *uport, u32 bytes, bool drop) @@ -690,6 +686,7 @@ static void qcom_geni_serial_cancel_tx_cmd(struct uart_port *uport) writel(M_CMD_CANCEL_EN, uport->membase + SE_GENI_M_IRQ_CLEAR); port->tx_remaining = 0; + port->tx_queued = 0; } static void qcom_geni_serial_handle_rx_fifo(struct uart_port *uport, bool drop) @@ -916,6 +913,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, if (!port->tx_remaining) { qcom_geni_serial_setup_tx(uport, pending); port->tx_remaining = pending; + port->tx_queued = 0; irq_en = readl(uport->membase + SE_GENI_M_IRQ_EN); if (!(irq_en & M_TX_FIFO_WATERMARK_EN)) @@ -924,6 +922,7 @@ static void qcom_geni_serial_handle_tx_fifo(struct uart_port *uport, } qcom_geni_serial_send_chunk_fifo(uport, chunk); + port->tx_queued += chunk; /* * The tx fifo watermark is level triggered and latched. Though we had

7 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-stable-mirror